Entire Process of Harmony hack1995

Source: Internet
Author: User
Tags md5 encryption filezilla

Source biscuit group hackver.com

Ps: Don't let it go. My detection was approved by the webmaster.

Recently, I was bored. I saw a hacker page on hack1995 on a website. So I went to check the page and called the team to start work.


The main site of hack1995 uses dz1.5, dz1.0 -- 1.5 injection exp, which has no effect. Therefore, it is noted that the server has more than 100 sites. Still the old rule, find the company station to start with, this is better done, find a company station, get, post injection failed, try cookie injection successful.


Javascript: alert (document. cookie = "news_id =" + escape ("83 and 1 = 2 union select 1, 2, password, user, 5, 6, 7, 8 from Admin "))


The Administrator account password is displayed,




Find the background and log on...


For sale only, shell is used. After Entering the background, there are two upload points. I plan to start with the editor, first upload a normal image, find the editor path, visit it, and find the traversal vulnerability,



There is a login page, go to the db directory, database asp suffix... It doesn't matter. Right-click the desktop and save it to the desktop. Change the suffix to mdb. Take the solution and log on to the background.

I won't talk about ewebeditor using shell here.


You can easily get the shell and upload the asp Trojan. The access time is 500. It is estimated that it is a firewall. It supports aspx and uploads An aspx Trojan. The result is displayed successfully. If there is no 500, continue, the default windows \ system32 cmd command can execute the command,



In Windows, upload an iis7 Elevation of Privilege exp to the website directory, and the Elevation of Privilege failed .. Upload a small a elevation exp. The added user does not have echo .. Tragedy ..


Continue to double and find mysql and version 5.1. to escalate permissions, you must export the udf to the mysql directory, such as: C: \ Program Files \ MySQL Server 5.1 \ lib \ plugin \, but the directory cannot be written or imported... I had to change it. Okay, let's take a look at the Registry and go to the FileZilla server and FileZilla to escalate permissions. You know. What? You don't understand... Okay, go to www.2cto.com and check it out.

========================================================== ==========================================

The following documents reference shaoye:



First, find the FileZilla Server Directory to find the directory. Don't ask me to start the Registry Program, you know.


Then find


The FileZilla + Server + Interface. xml file stores port and password information.




<Item name = "Last Server Address" type = "string"> </Item> ip

<Item name = "Last Server Port" type = "numeric"> 14147 </Item> Port: 14147

<Item name = "Last Server Password" type = "string"/> string is the Password.

<Item name = "Always use last server" type = "numeric"> 1 </Item>

<Item name = "Start Minimized" type = "numeric"> 1 </Item>

<Item name = "User Sorting" type = "numeric"> 0 </Item>





FileZilla + Server. xml stores the information account and password directories of all FTP users, and 32-bit md5 encryption (the md5 of the target site is not cracked .)


Switch down the port first, or you cannot connect directly.


Then install FileZilla Server locally


After the installation is complete, open the software and click Connect to the server ip address and enter, because we have forwarded the Port port and written the forwarded port. You know the password, write the password string found above.


Connect to it, click User Configuration, click Add User, and then click the shared directory to set the directory for the user.


Then you can check all the permissions that you have obtained.


You cannot directly execute commands like serv-u to escalate permissions. Therefore, you can replace some system files with sethc, upload to the startup Item directory, and escalate permissions.

========================================================== ==========================================

Done. Previous figure:


Add a high-Permission ftp.


Harmony diagram:


Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.