One: to find a writable directory
The outside is very critical, in fact, toast star writable directory has a summary. But outside the star has recently been updated, tremble to. . .
C: \ 7i24.com \ iissafe \ log \ 'outside the old stars can write, you can do, but outside the new star or else can write but can not perform. . I suggest that you modify the suffix cmd src, txt, com execution, but can sometimes succeed
Other writable directory I believe we have gathered, I am not here to say, followed by China congregation host can spike in the registry
In fact, in addition to looking writable provide the right extraterrestrial loopholes, it generally can be found, and temp can be successfully implemented,
Two: all kinds of devices provide the right to mention the right to kill other sensitive documents
What then rebounded shell, there are some sensitive documents, such as looking for root sa config configuration file, do not I taught the. .
C: \ Program Files mysql directory su directory there are some less common firewall, can obtain sensitive information
Second, get the mysql account if you have write permissions to read, it is recommended that you download some sensitive documents, throw some sensitive documents
'Ps: Many people are aware of, we do not see the tile I give dishes.
: \ MySQL \ the Data \ MySQL \ user.MYD // stored in the database connection password mysql.user table
find root mysql Address:
In addition to looking for shortcuts mysql path to find the program which is actually also a registry lookup
Here threw path
HKEY_LOCAL_MACHINE \ SOFTWARE \ MySQL AB
HKEY_LOCAL_MACHINE \ SOFTWARE \ MySQL AB \ MySQL Server 5.0
HKEY_LOCAL_MACHINE \ SOFTWARE \ MySQL AB \ MySQL Server 5.0 \ the Location
HKEY_LOCAL_MACHINE \ SOFTWARE \ MySQL AB \ 'This is outside looking for the star to find out, others find their own to ,
the user table three documents downloaded over wamp recommended to set up the environment, put data in mysql, create a new one. .
And then view the root password using phpmyadmin directly to cmd5 to crack
c: \ Program Files \ RhinoSoft.com \ Serv-U \ ServUDaemon.ini // stores the virtual host site and password path
c: \ Program Files \ Serv-U \ ServUDaemon.ini
c: \ Windows \ my.ini // MYSQL configuration file
c: \ windows \ system32 \ inetsrv \ MetaBase.xml // IIS configuration file
c: \ windows \ repair \ sam // WINDOWS system stores the password for initial installation
c: \ Program files \ Serv- U \ ServUAdmin. exe //6.0 previous version of serv-u administrator password stored in this
c: \ Program files \ RhinoSoft.com \ ServUDaemon.exe
C: \ documents and Settings \ All the Users \ the Application the Data \ the Symantec \ pcAnywhere * .cif file
Three: Registry sensitive information
HKEY_LOCAL_MACHINE \ SYSTEM \ LIWEIWENSOFT \ INSTALLFreeHost \ ' we all know, a directory outside the star, the idea is to break up, sa not connect, try the social root and remote
HKEY_LOCAL_MACHINE \ SOFTWARE \' This is simple, to find sensitive documents , very powerful good. . Such as su, mysql can be found here. .
To name a few:
HKEY_LOCAL_MACHINE \ SOFTWARE \ MySQL AB \ MySQL registry location
HKEY_LOCAL_MACHINE \ SOFTWARE \ HZHOST \ CONFIG \ Huazhong host location
HKEY_LOCAL_MACHINE \ SOFTWARE \ cat soft \ serv -u \ serv-u location