Weak password information leakage of Vico home textile extension 1 server directly penetrated into the enterprise

Bytes

The web. config file contains the mssql account and password.

Then there is an intranet ing image in the port .jpg, which may not be seen above, but after Intranet penetration, the above one is port 99 ing, which is shown in the figure 115. x. x.130: 33901. After testing, RDP is usually used for Remote Desktop Connection. Then, the default administrator account is used, and the password is web. the sa password in config is successfully logged on, and then the Administrator's operation records show that most servers in the internal network use this password, instead of the server that uses this password. I was lucky because it was Saturday, the Administrator may have forgotten that the server connected to the server did not end the remote session. Then I put a backdoor that received the 3389 password. Then he logged in this morning and I received the password, the Intranet server password mapped to port 99 above is also the sa password, which successfully enters the Intranet. Then there are three types of large servers in the Intranet, win2008 system. The first is the same as the password, I installed a lot of internal data and the company's phone number. I looked at it and then saw the historical use records on the Intranet server. I also saw that I used the Remote Desktop Connection Tool, so it is connected, but there are many The password is different. Later, I received the email through the password 3389 on the Intranet, and successfully received the password on Monday, that is, within the workday. Later, I did not dare to enter because it was working time, for fear of being pulled by management.