banner
lca

lca

真正的不自由,是在自己的心中设下牢笼。
HomeArchives图文

Record a xxl job to obtain server permissions (anyone with hands can do it sequentially).

#渗透测试384
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The process of exploiting vulnerabilities is simple and straightforward, involving weak passwords and executing commands in the background. The xxl-job weak password is "admin/123456". After logging in, the task management interface is accessed. To bounce back a shell, the external interface executor must be selected. The created task is selected and the GLUE IDE operation is chosen. In the editor window, commands are written and saved. Returning to the task window, the task is executed once. The server's nc is monitored, successfully obtaining server permissions.

The process of exploiting vulnerabilities is simple and clear, using weak passwords to execute commands in the background, which belongs to a sequence that can be done with hands-on.

Weak password for xxl-job: admin/123456

After logging in, the interface is as follows:

image

Find task management and select the external interface executor to bounce the shell.

image

Select the created task, choose operation-GLUE IDE.

image

Open the editor window, write the command, and save.

image

Go back to the task window, select execute once.

image

The server nc is listening and successfully obtains server permissions.

image

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.