Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > invades the examination > Content
Hot Articles
ForensicSIM Toolkit gets
Serv-U bounce attack and
To the Image File Execut
Based on CallStack count
To a some music website
How to use double WAN ro
pcshare official net exa
Security precious book m
Honey jar and honey net
The invasion examination
pcshare official net exa
Tomcat invasion examinat
Bypasses the CallStack f
Ten big invasion examina
The network invasion exa
Recommend Articles
Only opens 80 port's saf
Bypasses the web key wor
Bypasses the CallStack f
Security precious book m
Based on CallStack count
pcshare official net exa
SQL Server SA idle talk
Honey jar and honey net
The invasion examines th
Four next generation inv
An accidental invasion e
The invasion examines (I
How to use IDS to invade
The invasion examination
A winding safe examinati
New Articles
TEA guidelines for risk
Training for medical per
JSIC Security Forum 2001
SITO includes E-Learning
The rationale for choosi
Drink and drug driving c
BTEC is Tavcom Training
International trade issu
1 in 5 companies is unli
New compact PD-350 for F
sharp rise in prices of
Passfaces strong authent
T3i teams with Passfaces
Comodo Two Factor Authen
Comfortable two-factor a
Only opens 80 port's safe examinations about the main engine
  Add date: 07/08/2008   Publishing date: 07/08/2008   Hits: 26
Total 3 pages, Current page:1, Jump to page:
 
Scanning: Uses x-scan2.3 to sweep the port first to faint only opens 80, then has swept an oh same result, looks like the manager not to calculate stupidly!  
Checkout system hole hole: Ping ping has not passed unexpectedly first, but had a moment ago scan result to be very clear should be iis5 adds on asp such main engine which on the homepage used obviously certainly is again win2k does not need to say.  
Analysis: Above oh also does not have anything to be possible to analyze can only from 80 obtain, to have a look at east some anything east to have referral system input single quotes to try, returns wrong type:  
Microsoft OLE DB Provider for ODBC Drivers (0x80040E14)  
/mingce/student1.asp, the 30th line  
Looks like the luck not to calculate that is too bad ........Should have the problem which sql pours into .........  
To further confirm that tries the luck to lose http://x.x.x.x//mingce/student1.asp.BAK  
Indeed may submit yo the returns to be as follows correctly:  
if request.form (“xsxm”) = "" and request.form (“xsxh”) = "" then  
Set Conn=Server.CreateObject (“ADODB.Connection”)  
Conn.Open “Driver= {sql server}; Server=localhost; Database=xxxx; UID=sa; PWD= " &application (“mm_xxx”)  

Compared with long was only above three lines has been most important: We may see the ASP daemon to carry on uselessly to the user submission any  
The filtration, simultaneously the database uses ADODB.Connection object (, if is ADODB.Command has not filtered  
Distinctive mark also incorrect), certainly may also see the database use sa to connect!  
(Tip: Actually we did not look that the ASP source code we may also try xp_cmdshell 'the iisreset /reboot '  
Perhaps xp_cmdshell 'ping you. . if I.P', the first order can carry out successfully that in half minute long-distance  
The system will restart one time, second will order you from already loom's firewall will usually prompt to the x.x.x.x main engine to you  
Transmits the ICMP data, but regarding this kind the main engine second order which forbids any data to leave possibly not good yo)  

Good through above has analyzed us to be possible to make anything:  
Through (has not returned in the web page by manager's status executive system order obviously)  
If is general system main engine simple xp_cmdshell 'net user ..... 'I has not written  
But we now the environment was the system has only operated 80 ports, even if we could add the ADMIN user uselessly also three  
Before so long as usually opens 139/445/135 to be possible long-distance to manage now has not been good.  
My mentality:  
1) found the web table of contents the way  
2) read in simple cmd.asp to use for to find firewall's specific name  
3) closes the firewall service through xp_cmdshell  

Realizes specifically:  
The first step is obviously most difficult  

 
Other pages: : 1 * 2 * 3 * Next>>
Next:Bypasses the web key words the monitoring test

Comment:

Category: Home > invades the examination
Home