Author: Nah article source: http://blog.77169.com/more.asp?name=atan19a&id=6866
All of the following are my summary of the right time to sum up many methods so far no chance to test and did not succeed, but I did see others succeed
Of I am not, except the first method of their own research, the other is the experience of others summary. Hope to help a friend!
1.radmin Connection method
The condition is that you have enough permissions and the other person has no firewall. Package a radmin up, run, open the other port, and then radmin up
。 I have never been successful in rice. , the port is open to the other side.
2.pcanywhere
C:\Documents and Settings\All Users\Application Data\symantec\pcanywhere\ here under his GIF
files, installing pcanywhere on the local
3.SAM cracked
C:\WINNT\system32\config\ his Sam cracked it.
4.SU Password Seizure
C:\Documents and Settings\All users\"Start menu \ programs \
References: Serv-u, then view the properties locally, know the path, see if you can jump
After entering, if have permission to modify Servudaemon.ini, add a user up, the password is empty
[User=wekwen|1]
password=
Homedir=c:\
timeout=600
Maintenance=system
access1=c:\| Rwamelcdp
access1=d:\| Rwamelcdp
access1=f:\| Rwamelcdp
skeyvalues=
This user has the highest privileges, then we can ftp up to quote site exec xxx to elevate permissions
5.c:\winnt\system32\inetsrv\data\
Reference: This is the directory, the same is erveryone Full control, all we have to do is to upload the tools to enhance the rights,
And then execute
6.SU overflow Claim
This online tutorial n more than a detailed explanation
7. Run Csript
Reference: Run "cscript C:\Inetpub\AdminScripts\adsutil.vbs get W3svc/inprocessisapiapps" couched
L Permission
With this cscript C:\Inetpub\AdminScripts\adsutil.vbs get W3svc/inprocessisapiapps
To view a privileged DLL file: Idq.dll httpext.dll httpodbc.dll Ssinc.dll msw3prt.dll
and add Asp.dll to the privileged tribe.
Asp.dll is placed in C:\winnt\system32\inetsrv\asp.dll (different machine positions are not necessarily the same)
We're adding cscript adsutil.vbs Set/w3svc/inprocessisapiapps "C:\WINNT\system32\idq.dll."
\inetsrv\asp.dll "
You can use cscript adsutil.vbs Get/w3svc/inprocessisapiapps to see if it's added.
8. Script claim
C:\Documents and Settings\All users\"Start menu \ program \ Startup Write Bat,vbs
9.VNC
This is a little flower of the article HOHO
VNC passwords are stored in Hkcu\software\orl\winvnc3\password by default
We can use VNCX4.
To crack it, vncx4 is easy to use, just enter at the command line
C:\>vncx4-w
Then enter each hexadecimal data in the order, without losing a carriage return once on the line.
10.NC right to lift
Give each other an NC, but the only condition is that you have enough permission to run and bounce it back to your computer. HOHO OK
11. The social engineering guest to raise the right
It's easy to see his support. Generally see the account after the password as much as possible to guess the user password may also be his QQ mail
Box number, cell phone number, try to see HOHO.
12.IPC NULL Connection
If the other person is really stupid, sweep his IPC if it's good luck or weak passwords.
13. Replacement Service
You don't have to say that, do you? Personal feelings are pretty complicated.
14.autorun. inf
Autorun=xxx.exe this = later write HOHO and read only, system, hidden attributes to which disk can not believe
He doesn't run
15.desktop.ini and Folder.htt
References: First, we now create a local folder, the name is not important, enter it, in the margin point right, select "Custom
Folder "(XP does not seem to be the case) has been the next point, the default can be. When you're done, you'll see that there are two more folders named folder
Setting file racks and Desktop.ini files (if you don't see them, first cancel "Hide protected operating system files") and then
We found the Folder.htt file in the folder setting directory, Notepad open, add the following code anywhere: <object
\inetsrv\asp.dll "
Okay, now you can use cscript adsutil.vbs Get/w3svc/inprocessisapiapps to see if it's added.
, note that the use of get and set, one is to view one is set. And you're going to run it.
C:\inetpub\adminscripts> in this directory.
So if you are an administrator, your machine by the use of this trick to upgrade the ASP to system permissions, then, the way to prevent is to
Asp.dll T out of the privileged clan, that is, with set this command, cover up just those dongdong.
20.Magic Winmail
If you're going to have a Webshell quote: http://www.eviloctal.com/forum/read.php?tid=3587 here to see it.
21.DBO ...
In fact, the way to enhance the rights of a lot of people to see how we use the HOHO refueling bar to control the end of the server!
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
