Bored penetration caused by one account

The gay guy at the bottom shop told me that someone advertised on the emotional microblog of the school. You said that the emotional hotline was your commercial advertisement, so I had a good time chatting with gay people.
I decided to renew his rebate website ~

----------- Please ignore this article ---------------------------

First, I looked at this set of programs, and it was very well done and mature. Whether I cut off or submitted xss code, I showed a what are you doing man! I really paid for it, but it was strong. So I decided to check whether there was anything sensitive in the directory, and wvs swept it to the background.



The weak password is incorrect after you log on. The password still displays what are you doing...

Angry, click him. Enable Metasploit to check whois (Why open MSF? Nima looks professional and forced to install it ~) I was also disappointed with the query results. I had privacy protection, but I was decisive. I found a contact with QQ in my website. Hey hey, after Baidu Google, a narrow-sense social worker, found a Common Account dang ***** 88 ~~~ In this regard, the murder caused by an account began.

I still remember that the "brother Tao's blackboard Report" I saw stabbed a few days ago. The V above was big data black and wide ~ (Worship) I am comparing dishes, but I also know a little bit about the database, and check it from my interface. hey ~ The password was cracked, and my mailbox was cracked together. I tried the background and it was correct.



The platform is a little suspended. The function is very complete and complicated. There is also an SMS interface. hackers who sent me a text message last night to test the "Water Meter check ".

Then I log on to the Domain Name Service Provider. I wanted to hijack the server. But think about how to directly hack the server and flip it to a php Trojan, decisive ftp Transfer (the id and password are the one I spoke about)

Decisively killed... Khan, changed the directory, and finally succeeded in some means.



Then, the webshell obtains the permission ~ Common su elevation



A little painful is the step. He changed port 3389 and had to query port 4888 from the registry...

Here is a line of thought. Well, it's not a good deal, but you can also get a password. Use the registry:

Regedit/e "C: \ Documents ents and Settings \ All Users \ Documents ents \ desktop. ini" "HKEY_LOCAL_MACHINE \ SOFTWARE \ cat soft \ serv-u \"

Write the password to desktop. ini, because I only have this place to write, and then download it as plaintext ~

Finally, I decided to upload a page in a high profile (for a long time there was no black site, so let's have a look at it ...) Without the homepage, I lost a txt file and went to bed securely.