Using a non-mainstream method to obtain the Central Security Network Server

Source: Internet
Author: User

Author: sure2831
Body content:
I won the WEBSHELL of CERNET a few days ago.

, Php site webshell permissions are not small, first look at the user

Therefore, a user is added to the net user asm $ asm/add to indicate that the request is successful,

Then, as usual, upgrade it to the Administrator net localgroup administrators asm $/add,

However, it is found that the USER group is still in the USER group. At that time, it was very likely that the Administrator group was renamed, but the net localgroup was not displayed at all,

I don't know what to do for a moment. I plan to use the SHIFT backdoor to try it later.

Then open 3389 and connect again, but the connection fails.

This is why I am confused. I don't know how to do it. I haven't solved the problem after I went to the Internet for a long time.
Later, I accidentally run ipconfig and found that the IP address displayed in WEBSHELL is different.

Then I tried using the IP address in the ECHO and connected it (haha)
And then open the SHIFT backdoor to run the command.

I encountered another problem. I suddenly remembered an article I had read before and directly entered the system from the task manager. I decided to try it out. Run TASKMGR to open the task manager, click the User tab, and right-click the connection,

Then, go to the system and run the command,

, O (∩ _ ∩) O Haha ~ Succeeded. I guess it is correct that the Administrator group is renamed, and then the user is added as the administrator.

The prompt is successful. At this point, the server is successfully taken down, and the administrator can fix the vulnerability and then delete the account and leave the system .........., this Elevation of Privilege can be said to be twists and turns and never encountered such a situation before, but it is worth remembering to learn some knowledge.

Contact QQ: 553534338.

Attachment (0)


Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.