Author: enterer
Blog:Www.enterer.cn
Reprinted with reserved characters
Well, the blog will be updated from time to time.
In general, we will go to the Database Password to escalate the permission. Sometimes the sa password of mssql and the root password of mysql cannot be found. I mentioned that the password may have been changed by the Administrator.
Here we provide you with a simple method to determine whether the database account you have found is the sa or root account that has changed the password.
There is an SQL statement execution function in php. We can use the database password we found to connect to the default mysql database. If the connection can be established, it is basically the root account with the user name changed.
Similarly, we use the account of the mssql database to connect to the master. If the default database of mssql can be connected, we can basically tell that the account of SA has changed the password. Here, the SA and pwd contents are changed to the found account, and then click execute.
In addition, sometimes we find the root password, but failed to escalate permissions using udf and mysql backdoor due to soft removal. You can use the root password to connect to the SA account. Sometimes the Administrator is very lazy.