Recording an intrusion into the aspx station to escalate Permissions

In the past few days, I have nothing to do and I have to hand in original articles. I started to go to the hacker's website and check the friendship and connection to see if I can build a hacker station. The main site is not capable of dz. under section c, I didn't see injection. Most of the Forum was dz. I looked at asp websites. Basically, bolg Yu Jian didn't figure out anything. Seeing An aspx station seems to be able to inject it into his database through statements (you can win the shell through the hacker or the hacker) this is the way it was done during the upload process. The server is shut down for a day and the vulnerability is supplemented. Now, we only need to check the cache of the kitchen knife. We will not be knocked down to see if there is any available default admin directory. I didn't see any other webuser and houtai. When I came to the background, I laughed at the default admin and went in. It seems that this station could not be escaped. Once again, it was hacked. Haha, I tried to catch it by uploading and capturing packets in the background. this houtai/iptHelper/asp/upload. asp to see if any hundred Later, I uploaded the title to/2012111813532214854623823est.asp;.jpg in this form. I took it with a smile, but the pictures on the home page were missing. In a hurry, I took a few screenshots from Baidu. permission: of course, the aspx site is to find the Web. config <? Xml version = "1.0"?> <! -- Note: In addition to manually editing this file, you can also use Web management tools to configure application settings. You can use the "website"> "Asp. Net configuration" option in Visual Studio. The complete list of settings and comments is displayed on the machine. config. in comments, the file is usually located in \ Windows \ Microsoft. net \ Framework \ v2.x \ Config --> <configuration> <etettings/> <connectionStrings/> <system. web> <! -- Set compilation debug = "true" to insert the debugging symbol into the compiled page. However, this affects performance, so this value is set to true only during development. --> <Compilation debug = "true"> <assemblies> <add assembly = "System. windows. forms, Version = 2.0.0.0, Culture = neutral, PublicKeyToken = B77A5C561934E089 "/> <add assembly =" System. design, Version = 2.0.0.0, Culture = neutral, PublicKeyToken = B03F5F7F11D50A3A "/> </assemblies> </compilation> <! -- In the <authentication> section, you can configure the Security authentication mode used by ASP. NET to identify the passed-in user. --> <Authentication mode = "Windows"/> <! -- If an unprocessed error occurs during request execution, you can configure the corresponding processing steps in the <mermerrors> section. Specifically, developers can use this section to configure html error pages to be displayed to replace the error stack trace. <CustomErrors mode = "RemoteOnly" defaultRedirect = "GenericErrorPage.htm"> <error statusCode = "403" redirect = "NoAccess.htm"/> <error statusCode = "404" redirect = "deny "/> </customErrors> --> <customErrors mode = "RemoteOnly" defaultRedirect = "default. aspx "> <error statusCode =" 403 "redirect =" NoAccess.htm "/> <error statusCode =" 404 "redirect =" FileNotFound.htm "/> </customErrors> <globalization req UestEncoding = "UTF-8" responseEncoding = "UTF-8"/> </system. web> </configuration> only use this method to scan The port. The specified executable is not a valid Win32 application is displayed first. the specified file is not a valid Win 32 application. Or scan the directory first. It is estimated that the net net1 is disabled. The shfit is hijacked directly after the last scan. OK. No hijacking is successful because the sniffing fails. ps: I am a cainiao, so no more.