Record a social worker Privilege Escalation

Love letter

Today, a website with the same server as the target site has very low Webshell permissions. It is also very powerful to kill software and cannot be Elevation of Privilege. The terminal cannot be connected.

In addition, the IP addresses pinged from the two locations are not the same. The IP addresses I pinged are still CIDR blocks. I suspect it is CDN, but it is not. Uncertain.

I want to go to social engineering. I changed my QQ number and changed the gender of the QQ data. Added the administrator of the target site responsible for the link.

After adding his QQ number, I did not talk to him about me. I came up with a saying that my website and your website are the same server, and my website was attacked by hackers.

Is your website okay? The administrator asked me nervously, Which website is your? I randomly selected one on the server and showed it to him.

He replied that it was normal. I asked him if this website is on the same server as your website? He said yes. (OK, OK. OK)

I said I was attacked this afternoon and I just recovered. Then I asked him, are you okay? He said it was okay.

I asked him if you could connect to the server terminal? He said he has no server permissions. He asked me to ask the person who made the website for me. I replied that I couldn't find the person who made the website for me.

Then he told me the server administrator's QQ number and mobile phone number. Currently, the server administrator QQ is not online, and I have not called his mobile phone number. The next step is to ask whether the server administrator terminal can be connected.

Haha, if I can, I will continue to find a way to raise the right.