Thoughts on setting virtual machines in the United States

FROM: Rose

Today, sean asked me to help him see the two American sites. webshell he got it, but he could not raise the right.
The two sites are all virtual hosts, so we can see their general settings from these two sites.
Net use has seen that there are hundreds of users, of course, all of them are user permissions. At the same time, ftp opened by Microsoft, iis and the file directory are all created user permissions, unable to view other directories. php and asp are supported. asp has low permissions and php can execute commands.
First, it is set by an independent user. It supports php and asp, asp.net, 3389, vnc, and iis to the guest permission.
The first thought was the use of vpn. I used php to read the registry, but it was not saved in the registry. It should be protected.
Net use this account, hundreds of accounts, will be copied, put in the ftp dictionary to guess weak password, because it uses Microsoft's ftp, the system user account should be an ftp user, and the password should be the same. There are more than a dozen weak password users, and the weak password users also have some usage value. ftp login is used to transfer webshell, 3389 login, and session login is denied. You can also use ipc to view some directories.
Go through the Registry again and see allaire's key. This is a set of jsp environment, but no background logon location is found. The error message returned when a jsp Trojan is uploaded. The directory is not parsed and the cfm Trojan is uploaded. The command is OK but cannot be executed. The directory has no execution permission.
Cfm has the system permission, and can only perform file operations. It replaces sethc, magnifiers, and so on and cannot be used in win2000, there is no way to lose it to a friend who can modify the system permission of the file, and ask him to write a vbs to put the startup item, and add an account when the Administrator logs on. It's all done.
The second server is also an independent user setting. It supports php and asp, 3389. Microsoft ftp, and mssql.
I had to leave it to my friends and give him some ideas. There are hundreds of users in it and there is no way to execute commands ~ 1. List users. It is too convenient to open mssql. Their virtual hosts generally create an mssql account and password for users and use the user list as the password, the server domain name is used as the id because. most of them are com, which can be listed. Sort the IDs and put them in the dictionary, and run a few mssql users and passwords and database permissions. Are you still using them? Use the Enterprise Manager to connect to the system, use the xp_dirtree column directory, and back up the data. If you don't want the shell of the station, you will be allocated to the directory. This is simple.
The second step is to use the ftp weak password, as mentioned above.
This is the case with regard to the big environment of web hosting in the United States.