An unsuccessful detection of antian365

By: Long erxin

Today, I went home and remembered the intrusion into antian365. Use your phone to record it.

Antian365 was created by a friend simeon. Want to detect.

The Forum uses dz7.1. Windows.

At that time, the 0day of dz was not passed out.

The idea of intruding from the main site is shattered.

A friend's website located on the query Server Detected the injection vulnerability, but the table name could not be found.

After registering a user to log on to the system, you can see the uploaded image. Upload Failed for both the user and nc. Abandon the upload path.

No other vulnerabilities have been scanned for the target server. I gave up on this road. I plan to take a server sniffer from section c.

Open superinsjection and select to scan the entire website segment. Then batch injection is performed.

After a while, I tested several injection points and finally took the shell of the enterprise site and the shell process in the middle.

Inject and guess the background account and password, log on to the background and use the backup database to get a shell. Start Elevation of Privilege.

The shell Permission is very large, and the ports opened are 3389, and.

When viewing system users, several hidden accounts were found, indicating that someone had previously taken the server.

So I began to find sensitive files on the hard disk, and finally found the root account and password in the directory of a station.

Upload the php horse and use the udf to obtain the server. Then upload cain to sniff the target server.

Then I log on to the antian365 forum with my account. Test whether it can be sniffed.

It was not too early at that time, but it was just that the friendship detection would not continue sniffing.

Clear the logs, exit the server, and go to bed.

I spoke to simeon the next day. He just sent two faces. Haha. This ends.