FileZilla Privilege Escalation

Author: Xiaoyi

The cause of the incident: one time I got the webshell of a lecturer, I wanted to raise the privilege. The server permission settings were not strict, but the Elevation of Privilege was not good. I only had one drive C, and I didn't install any software. I didn't have mysql, mssql, su, 360 and other familiar Elevation of Privilege software. Run the following command! Netstat-an saw a default port 14147. On the Internet, I searched for a Management port of the FTP software called FileZilla. I searched FileZilla online to raise the right.

The management password here is empty. S _! 3eF o
Local listening lcx-listen 7788 9900,
Forwarding in a virtual machine, for example, 1-2

 

The local IP Address used here is 127.0.0.1 because the management IP address of FileZilla can only be 127.0.0.1 0Qe '{C [5
Forwarded successfully. The returned information is 1-3.
 

The next step is to use the FileZilla client to connect, 1-4
 

Hey, connection successful, 1-5

 

Next, add the user, set the directory to drive C, and set the permission to full control. For example, 1-6, 1-7
 

 

FileZilla Server is no better than serv-U. You can quote site exec to execute the DOS command. To achieve Elevation of Privilege, you can log on to FTP to operate on file management, such as replacing system services, replacing system files, and placing programs in the startup directory.
Here I will replace and paste the key, log on to the server at 3389, and shift down 5 to win the server.

(-Of course, it's just my virtual machine, but it's almost the same as the botnet. Let's do it when the network speed is better. Hey hey !)