Sometimes we are happy to use the Serv-u Local privilege elevation vulnerability to achieve full control of the broiler, but there is always a mistake when we get Webshell. The commands we enter in the Webshell are generally like this:
D:websu.exe "NET user 1 1/add"
In many cases it will not succeed, and the following information is generally returned:
<220 serv-u FTP Server v6.0 for WinSock ready ...
>user Localadministrator
<331 User name Okay, need password.
>pass #l @ $ak #.lk;0@p
<530 not logged in.
This situation is because the administrator has modified the default Serv-u administrator account or password, unable to login nature can not elevate permissions. It is estimated that a lot of friends will shrink from this situation. In fact, we have the means to continue to use the serv-u elevation of authority.
Interested friends can use the UE or WINHEX, such as the hexadecimal editor to open the Serv-u management program: ServUAdmin.exe, carefully you will find that the inside is actually storing the administrator's account and password, then how to get this account and password? There are three ways:
The first is to change the password did not change the account situation. We can open ServUAdmin.exe directly with UE, search account name "Localadministrator", tight the string behind the account is the password. Generally this format: LocalAdministrator.password.Globl ..., where password is the password we need.
The second method is to change the account does not change the password situation. This situation is rarely seen, the general people believe that will not be so modified it? We only need to search the password on the line, ditto.
The third method is universal, directly open the same version of the two ServUAdmin.exe, in the ServUAdmin.exe with the default password to find the address of the password, directly to the target machine ServUAdmin.exe query the address can find the password and account.
After the password if the server to support PHP, you can use Wofeiwo serv-u local privileges to enhance the PHP script to achieve permissions, because the account and password can be modified, or directly using the SERV-U local rights generator to generate the required program, and then use the UE modification can be.
Believe this method announced, the network will have a number of servers down, I hope everyone is enough.