Home > Cloud Computing > Cloud Security

Intrusion penetration sell envelope scam Station

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Intrusion penetration sell envelope scam Station

 

Last night, a friend suddenly sent an envelope-selling scam station in the group. before dinner, he was bored. He copied the guy and checked it with my friend. This guy probably lied to many people. Many people on Baidu QQ said he was a liar.

When the main site finds the background and tries to use a weak password, a friend of mine says that he knows what the template is, but he cannot remember the name at the time. Okay, forgive him. The social worker tried the QQ number and tried FTP weak passwords. The security was good.
Yu Jian swept more than 100 sub-sites. My friend simply won a shell and won't say much about it. Here I will mainly discuss privilege escalation. Let's take a look at the shell. It supports aspx and php:



Open ports 21, 1433, and 3306. It seems there are sa and root, but I gave up this idea when I think of a virtual machine. We do not support aspx. It is the king to switch to aspx and execute commands.


The page is a bit cool and cool, and cannot execute commands. It is no different from aspx not supported. Then I had no idea when I went around the east and west. I suddenly thought about it in the group. One day, a group of net users shouted a few ads to raise the right. Because I prefer to study and raise the right, I will add him. It's boring. If you have nothing to do, you can talk about it.
He just gave up when he saw that he could not execute the command. If he looked at it carefully, it was estimated that someone else could give it up.

I can't say it to Daniel. Come on. Slowly, I was not in a hurry to raise the right. One of the longest servers raised the right for one day and one night. This does not include the shell time. Upload a directory scan script of ad to check whether the directory has the write permission.

Over an hour later, I found this important information:

Next, execute the command using MSSQL of ASP Dama:

I passed a VBS reading the IIS account password and successfully logged on to the target scammers website FTP:

The goal has been achieved. I have prepared to put him on a black page and fight against scammers. Everyone is responsible!

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
unicode envelope envelope sender envelope knife sender receiver envelope hips intrusion pharmacy scam vector scam
Related Article
How does personal cloud security guarantee data security?
Model-driven cloud security-automating cloud security with cl...
Cloud security to achieve effective prevention of the future ...
Focus on three major cloud security areas, you know?
Decrypting Cisco type 5 password hashes
Using redis to write webshell

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More