Author: sure2831
Body content:
I won the WEBSHELL of CERNET a few days ago.
, Php site webshell permissions are not small, first look at the user
Therefore, a user is added to the net user asm $ asm/add to indicate that the request is successful,
Then, as usual, upgrade it to the Administrator net localgroup administrators asm $/add,
However, it is found that the USER group is still in the USER group. At that time, it was very likely that the Administrator group was renamed, but the net localgroup was not displayed at all,
I don't know what to do for a moment. I plan to use the SHIFT backdoor to try it later.
Then open 3389 and connect again, but the connection fails.
This is why I am confused. I don't know how to do it. I haven't solved the problem after I went to the Internet for a long time.
Later, I accidentally run ipconfig and found that the IP address displayed in WEBSHELL is different.
Then I tried using the IP address in the ECHO and connected it (haha)
And then open the SHIFT backdoor to run the command.
I encountered another problem. I suddenly remembered an article I had read before and directly entered the system from the task manager. I decided to try it out. Run TASKMGR to open the task manager, click the User tab, and right-click the connection,
Then, go to the system and run the command,
, O (∩ _ ∩) O Haha ~ Succeeded. I guess it is correct that the Administrator group is renamed, and then the user is added as the administrator.
The prompt is successful. At this point, the server is successfully taken down, and the administrator can fix the vulnerability and then delete the account and leave the system .........., this Elevation of Privilege can be said to be twists and turns and never encountered such a situation before, but it is worth remembering to learn some knowledge.
Contact QQ: 553534338.
Attachment (0)