Introduction to the method and Principle of Raising Rights (interview)

2022-06-22 0 By

First, to understand the principle of lifting rights, we should first understand what is lifting rights, why to lift rights, usually after obtaining Shell, if we get common permissions such as mysql, Tomcat and other common application permissions, then if we want to be unimpeded on the Intranet,The first step is to get an administrator, at least an administrator or even a system.This way of obtaining the highest authority is called lifting rights.3. Third-party software 4. Access to users with high permission, such as MSF getSystem, etc. 3.Wmic qfe get Caption, Description, HotFixID InstalledOn using this command.To get the patch status from this command,According to the patch situation to determine which method to use such as KiTrap0D (KB979682), MS11-011 (KB2393802), MS10-059 (KB982799), MS10-021 (KB979683),MS11-080 (KB2592799) including but not limited to these wmic qfe get Caption, Description, HotFixID, InstalledOn | findstr searches/C: “KB..”/C:”KB..”You can use this command to filter patches.The dirty cow vulnerability is the use of conditional competition, modify the root account information, forced to overwrite the first line of /etc/passwd file, its essence is the use of thread concurrency caused by thread safety problems.Run the uname -a command to view kernel information and use the corresponding weight lifting method based on the information.Mysql UDF and MOF are two types of mysql UDF. UDF is an interface of mysql, used to create custom functions (including system commands), but requires DLLS (program extension files) as the EXECUTION library of THE UDF.To use UDF, you must first start MySQL as an administrator. Second, you must enable remote linking and file reading functions and log in to MySQL successfully.If the prerequisites are met, log in to MySQL, upload the prepared DLL file to the plugin directory of MySQL, and use the DLL file to create functions to execute system commands. Then you can execute any system commands.MySQL MOF is actually a Windows System file used to monitor process creation and termination. It starts every 5 seconds and runs as a new System. Attackers can execute any command by placing the constructed MOF file in the MOF directory.Before using MOF, you need to run the following version of Windows2008. 2. You have system permission to run MySQL. 3FileZilla is a client and a server. The client uses port 21, the server uses port 14147, and only allows local links.The attacker forwards the port, and then uses the client link to transfer the malicious script to the victim, such as writing some scheduled tasks, starting the boot item, and realizing the lifting of rights