Virtual Host blocking webshell Elevation of Privilege

Source: Internet
Author: User

In order to create a secure virtual host, in the asp + SQL environment, we need to block ASP webshell. Block the serv-u Elevation of Privilege Vulnerability and the threat of SQL injection.

2. by default, the webshell function installed on the Windows host is very powerful. Which of the following functions should we block webshell? That is, we will not allow webshell to view system service information, execute cmd commands and preview file directories, the function we want to implement is that each user can only access his/her own directory, and can use ASP components such as FSO. Here I will take the Trojan horse and win200 as examples to show you. A lot of information is collected on the internet, and I would like to thank you.

3. Now we have set win's directory access permission to set all partitions to administrator SYSTEM. These two SYSTEM users have ownership and delete ERVERYONE.
Specific Operation Method: select the SYSTEM disk. Here we will select C-> right-click and select Properties-Add a administrator and all SYSTEM permissions to security and delete the ERVERYONE user.
I have already set them, so I will not repeat them. It is slow to set permissions. For details, refer to the instructions below.

4. Select reset permissions for all sub-objects and allow propagation to inherit permissions.
Procedure: Choose advanced> Reset the permissions of all sub-objects and allow propagation of inherited permissions. Click Apply. Then, the system prompts whether to continue with "yes ".
If any problem is found, click Continue.

5. Set the directory that everyone users can read (so that perl asp jmail can be executed)
[Set ASP for use] specific operation: Go to the C: promgram files directory and set the common files directory to the directory where everyone can read, run, and column.
C: Program FilesCommon Files are all system Files. If you have installed some other components, such as maill and php, you can set them as follows:
That's the directory. The system has a problem. It's very slow to set permissions.

6. Set to cancel inheritance. function: ASP can be used normally to prevent unauthorized deletion.
Specific Operation Method: Enter winntsystem32 to select all directories, except inetsrv certsrv (Note: These two are the dll used by ASP)
Choose properties-> Security-> advanced-> permissions-> unhook the parent-level inheritance-> press copy
       
Go to the winnt directory and select all directories except web, temp, tasks, system32, and offine web pages,
Iis temporay compressed file, help, download promgram cancel inheritance above-> press copy

Choose winnt-> set security, and add everyone to read the list file directories.
   
Go to winnt-> select the temp attribute to set security. everyone has full control, click Advanced, edit, and remove the running permission.
The animation is broken. It's strange.
In this way, the 2000 directory permissions are basically set. For details about the 2003 directory settings, see the following. I just set the permissions. No problem occurs. If you have any questions, please contact me. It seems that the settings have not been completed yet, tired
Disk D is invisible.

7. the animation broke just now. Create a new user leilei, set the password, set the password to never expire, add it to the guest user group, and then set his virtual site in IIS, I use the default site here. Set the virtual directory E: Website Resource \ BBSXP 5.12 official version] bsxp, and click Properties-Directory Security-edit. check anonymous access, set the user name and password, and then set permissions in E: Website Resource \ BBSXP 5.12 official version] bsxp to give leilei access. okay. Now, the leilei user can only access his directory and delete unnecessary script ing. *. htr: This is a very powerful file. It has been deleted. Otherwise, anyone can use your web to perform illegal operations or even format your hard disk. *. Delete hta. *. Delete the idc. *. Printer: The printer File. Remove it. *. htw, *. ida *. idq. These are all index files and can be removed. In fact, you only need to retain useful information, such as asp, asa, php, and cgi, and delete all others !!! :)
Let's take a look at the website
How about FSO?
8. Sometimes ASP cannot be accessed, prompting The requested resource is in use and The remote procedure call failed and did not execute.
I met, looked for online posts, some said Yu Zai rising 2005, And then synchronized iwam account, synchronous iwam account please see http://www.gamepa.com/Announce/Announce.asp? BoardID = 8000 & ID = 361. Some say that asp.net has no permission to execute, others say that in 2003, add the IIS_WPG group and restart the computer. Founder, I synchronized the iwam account, but I still didn't get it done. I spent a long time, preparing to start from the machine before installing it. Then I found out, OKay ~, If you have encountered this problem and haven't completed it, you can post it in my forum. I will study it with you. Anyway, I am unemployed and I have been working on my computer for half a year. I am always there, and I am in urgent need, with sound prompts.


9. now let's take a look at the previous webshell. First, let's take a look at the effect of the directory permissions we just set. The effect is good. Now we are blocking the cmd of webshell. There are two types of javasshell WScript. shell and Shell. application. For the basic knowledge about these two components, please refer to this article.
Http://www.gamepa.com/Announce/Announce.asp? BoardID = 8000 & ID = 395
One of the two methods is to set the permission to set the c: winntsystem32cmd.exe permission (sorry I set the mdshell WScript. shell and Shell. the Application has been deleted and is now registered.) only administrator and system users can access the Application. At this time, cmd cannot be used, but we usually upload a cmd for use, now I can use it again. I often see this phenomenon on other hosts, but we still have a solution. remove the running permission of E: Website Resource \ BBSXP 5.12 official version] bsxp and deny access. The lack of objects does not affect the use of fso on the website. The other one is to completely delete WScript. shell and Shell. application. The command is regsvr32/u wshom. ocx and regsvr32/u wshext. dll, we first restore the permission. there is still a lack of objects, both of which can be done through experiments. I prefer the second one, which does not affect my use. try the website again. No problem

10. Disable webshell to view system processes. Right-click my computer, choose "manage"> "service application"> "service"> "workstation", and double-click "stop" to disable this service.
Workstation.exe --svchost.exe -- is used to manage the network. It supports networking and print/file sharing. If it is disabled, it will be okay. Refer to the article.
Http://www.gamepa.com/Announce/Announce.asp? BoardID = 8000 & ID = 400
Http://www.gamepa.com/Announce/Announce.asp? BoardID = 8000 & ID = 402
Http://www.gamepa.com/Announce/Announce.asp? BoardID = 8000 & ID = 403
Error: Error Source: this is because wshom is deleted. ocx and wshext. the reason for the dll, no matter what it is, we can continue, now we can see that there are login users of the system process, now we disable the service, the process will not be available from the beginning, forget it, i'm not starting from the very beginning. There's no problem, and I can't see anything anymore.

11. blocking serv-u and SQL is also copied, because serv-u and SQL are both system permissions, that is, system users. Our goal is to convert them into user users, so that they do not have the permission to add the administrator account. Here I use serv-u to demonstrate that ftp "net user leilei3 leilei3/add" successfully added the leilei2 account, and there was a problem with the input method, we all know that the serv-u Local Elevation of Privilege Vulnerability, solution, first add a user permission user, I will use leilei3 this user, right-click my computer and choose "manage"> "service application"> "service"> "Serv-u ftp server"> "Log on"> "this account" to change the default account, let's try again whether serv-u can be used. unable to start, dizzy, or permission problems. Some people have done this animation, no problem.
Animation download asp? BoardID = 7890 & ID = 355 "> http://www.gamepa.com/Announce/Announce.asp? BoardID = 7890 & ID = 355
Once the permission is set, it will be OK. This is also the case for SQL. However, the permission should be set, because there are many directories to be accessed by SQL, and it cannot be used without operation permissions, we recommend that you change the user permission to run the SQL statement instead of using the directory permission allocation method I mentioned above. Instead, you should refer to the following win2003 directory permission settings and change the Windows directory permission at 1.1, or give the user more permissions. I can't use it, and I haven't studied it. I still want to say that if any friend needs it, Let's study it together.

12. After such a setup, I am very grateful if the experts can provide some suggestions and point out unsafe places.

13. I am not sure what I do when I do the first animation. I am sorry. we also recommend that you do not hack into other people's machines. Do not do what you want. everything is for learning. I also hope that when we do our best to consider the principle and teach people to fish, we 'd better teach people to fish. If it's too long, just give a link.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.