Virtual machine break through to physical machine luck, MySQL injection failed after the dawn!

The reason is that I try to enter my high school, a two-level website, the last thing fell on my head, really feel good luck, interesting, it is

Why do I like to do this ("stroll" my alma mater website) to pass the time: Experience despair and fulfillment.

A picture:

This is 360 for the win server launched the host defender, it to the kitchen knife connection made interception, code incredibly is 999,360 people really have mood ah.

I am very happy, the alma Mater website security level again on a level. However, it is surprising that the host guards only intercept the most common ones, if the common malicious code and tools have a leaderboard, it only intercept the first row, yes, the second it does not stop.

360 in the old win system performance again let me eye-opener, upload the page after the horse, High school's official website fell, is the normal network authority, the website runs on the virtual machine.

Then is the theme, I found that the alma mater on-line a two-level website, it seems that the beginning of last July, I naturally stir, to be cut off.

Look at the website is PHP language, so modern style, no doubt is bought code, but too small, Baidu is not similar to the site, also can not know the development of which company, I first defeated a burst.

Later found that the directory file leaked, click on a php error, the absolute path came out, is installed in the e-disk.

Helpless, did not find the management login portal, take out a scanner scan, exultation! Find MySQL injected, Sqlmap run, union type, really steady!

Rush Plus--os-shell option, this can be amazing, in case you can execute, the light write horse, heavy 3389 presenting illegal weapons!

However, the MySQL user is a low-privilege, unable to write, and later found that the site directory is not able to write new files, because the site disk space is full, this is self-defeating Ah, is the root authority can not write, is super strong ' defense '!

This to the administrator is a good thing, I can not be good, I am helpless, login backstage also did not find, find also not necessarily have the flaw to use.

So, this baggy website to me like Bastion, I really have no way.

Later, the transfer appeared, when I tempted to the main station of the shell elevation and successfully dump the plaintext password, I naively want to use this password to log in a sudden Web site IP opened remote port.

Obviously, I actually logged on, and saw the hit the return page "is preparing the desktop", the whole person excited, that moment I think God is favored me, and so lucky to me.

This is why I am bored to do such things, so, dull monotonous life has a little ups and downs, a little surprise. Despise the black produce, vulgar!

3389 even after, delighted I knocked down Ipconfig, disappointment came, unexpectedly is also intranet IP, look at the e-disk, and not as I wish, did not see the site directory, no doubt this and the two-level site is not the same machine.

It seems that the IP of 3389 mapped to the machine's 3389, then 80 port mapping is another one, I ran off.

Mood at the moment is not too big gap, after rejoicing found disappointment is early accustomed to, I want to like fan chin so estimate small life not long.

However, I am really favored by God, I see VMware on the desktop, I thought the production of the estimate will be advanced, the alma mater is completely ordinary type.

This vmware one opens, the front light, three virtual machines, one is the main station, two is MSSQL, three is I hard not to the subsite.

This is the end, do not understand is the port map how to do it? How does two network IP point to this virtual machine?

Similarly, is this technically advanced or is it limited by resource constraints?

Strange.. Strange...

What's next? Of course, wait for the network management to find my traces and then block, and then I can come back to ' see ' You, my alma mater!

Virtual machine breakthrough to the physical machine of the fluke, MySQL injection failed after the dawn!