Personal summary on bypassing interception software uploads

Author: yescion www.anying.org must indicate the website address and author.

During the process of permission escalation, we need to use various execution files, such as overflow EXP or IIS. VBS.
Some protection software may intercept and use functions such as remote download. These tools cannot be effectively uploaded.
What should I do?
We can clearly understand how the protection software works. When we perform remote download, these tools will judge the downloaded files.
If you download the EXE directly, the file will be deleted.
However, downloading files such as RAR is successful. If you download files in RAR format and change the file name to EXE, the files will still be deleted.
Even if it is changed to COM, it is also deleted. However, the executable file currently only knows that there are two formats of suffix protection software: exe and com, which can be easily determined.
In this case, we may try another way. The protection software only protects external files, but internal files are not blocked.
What is an internal file? If we release files using some services of the server itself, will this interception behavior be bypassed?
Next we will talk about releasing files using the server's own services.
If the server only supports ASP, we can use the ASP decompression program to decompress the rarfile.


Such tools are easy to use to upload a RAR folder and then use this tool to decompress and decompress the extracted files without being intercepted and deleted by the interception tool.
We can also use the PHP tool on servers that support the PHP environment.


In the PHP environment, decompress the ZIP package. In the ASP environment, decompress the RAR package.
With these two tools, we will not intercept any software, because all decompression work is performed by the internal services of the server, so there is no external file submission action.

Just as if a Dongle or some other defense software is installed on the server, we should not think about how to overflow when raising the right of such a server. If there is no kill-free tool, it is basically impossible to escape. pursuit of these defense Software
We try our best to find breakthroughs with high permissions, such as SA permission ROOT permission or looking for some defective vulnerabilities, and try to improve our permissions. As long as we have SYSTEM permissions, we can ignore any defense tools. This is also the ultimate goal of penetration.
This article ends with a low technical level, hoping to give you some thought-provoking breakthroughs in oil. Thank you for reading.