Privilege escalation environment: windows 2003
Tools used: ASP environment, shell one
Privilege escalation idea: Using FlashFXP replacement file vulnerability, you can read the site account password linked by the administrator .
This is my first post in I Spring and Autumn.
1.flash fxp introduction
FlashFXP is a powerful FXP/FTP software that integrates the advantages of other excellent FTP software, such as CuteFTP directory comparison and supports color Text display; for example, BpFTP supports multiple directories to select files and temporary storage directories; another example is the interface design of LeapFTP.
2. Specific process
The following is the FTP software I installed in win03, there is nothing in it
Create a new link
The linked account and password are saved in the file quick.dat
Next open the webshell we got and download quick. dat file
After downloading, open FlashFTP on our local machine to extract and replace the original file. Open the local software and check the history. A miracle happened...
A little trick for everyone:
In this way, you have obtained a permission. You can download an asterisk password viewer online, but I will not demonstrate it here.
The above is the detailed content of How to use third-party software to elevate FlashFXP privileges. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
VSCode Windows 64-bit Download
A free and powerful IDE editor launched by Microsoft
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
SublimeText3 Linux new version
SublimeText3 Linux latest version
Dreamweaver CS6
Visual web development tools
MantisBT
Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.
