The chance of a virtual machine breaking through the physical machine is the dawn of mysql injection failure!

The chance of a virtual machine breaking through the physical machine is the dawn of mysql injection failure!

The reason is that I tried to enter a second-level website of my high school alma mater. The last thing came to my head. I felt lucky and interesting.

Why do I like to do this ("Browse" my Alma Mater's website) and pass the time to go through despair and sense of accomplishment.

 

One:

This is the host Guard launched by 360 for the win server. It blocks the connection to the kitchen knife, and the code is actually 999,360 of people.

I am very pleased with the fact that my Alma Mater's website security level has gone further. However, it is surprising that the host guard only blocks the most common ones. If there is a ranking for commonly used malicious code and tools, it only blocks the first one. Yes, the second row won't be blocked.

The performance of the old win System in 360 once again opened my eyes. After uploading the webpage, my alma mater's official website fell victim to a normal network permission and the website ran on a virtual machine.

 

Then there was the theme. I found that my alma mater launched a second-level website, which looks like it started in last July. Naturally, I want to cut it down.

Looking at the php language of the website, there is no doubt that the code has been purchased in such a modern style. However, Baidu cannot know which company the website is developed because it is too small, I lost for a while.

Later I found that the directory file was leaked. When I click a php file, an error is reported, and the path is absolute. It is installed on an edisk.

Helpless, did not find the management login portal, took out the scanner to scan, big joy! When Mysql injection is found, sqlmap runs. The union type is really brilliant!

Eager to add the -- OS-shell option, this can be done, in case of execution, light write horse, heavy then 3389 into the room!

However, it failed. Mysql users had low permissions and could not write data. Later I found that new files cannot be written to the website directory because the disk space of the website is full, which is really self-defeating, that is, root permissions cannot be written, which is really a powerful 'defensive '!

This is a good thing for the administrator, but it is not good for me. I have nothing to do with it, and I have not found it in the background, and it may not be usable if I find it.

 

So ah, this loose website is like a copper wall and iron wall to me. I really have no way.

 

Later, when I tried to escalate the shell Permission of the main site and successfully dump the plaintext password, I tried to use this password to log on to the remote port opened by the ip address of the website.

Obviously, I logged on to the server. When I saw "Preparing the desktop" on the page after I knocked down the carriage return, the whole person was very excited. At that moment, I felt that the sky was shining down on me and I was so lucky.

This is also why I am bored and like to do such things. So boring and monotonous life has a little ups and downs, a little surprise. Despise the black market and have a low taste!

After connecting 3389, I was delighted to have knocked on ipconfig. I was disappointed that it was actually an intranet ip address. I looked at the edisk and did not see the website directory as I expected, there is no doubt that this is not the same machine as the second-level website.

 

It seems that the ip 3389 is mapped to the 3389 of the machine, so port 80 is mapped to another, and I am away.

At this moment, there is no big gap in my mood. I often get used to disappointment. I want to estimate my life as long as Fan Jin does.

However, I was really frustrated by the fact that I saw vmware on the desktop. I thought it would be a little more advanced to use production, and my Alma Mater would use a very common model.

As soon as vmware was opened, there were three virtual machines, one being the master site, the other being mssql, and the other being the sub-websites I was struggling.

This is the end. What I don't understand is how to do this port ing? How do two Internet ip addresses direct to this virtual machine?

Similarly, is it because of advanced technology or limited resources?

Strange... strange...

What about next? Of course, when the network manager finds my traces and blocks them, then I can come back again and 'look at you, my Alma Mater!