help! windows 2003 + iis6 + WAF

Discuss the many weaknesses of browser security and ways to mitigate the threat

help! windows 2003 + iis6 + WAF

Post by OnceUponAYear on Mon May 14, 2018 9:01 am
([msg=95689]see help! windows 2003 + iis6 + WAF[/msg])

Hi guys, i am a freshman here and don't know whether it's appropriate to ask help about hacking strategy at this forum, if it is not allow to, pls inform me.

There is a fishing website(server) that I wanted to take down for months but just couldn't. It is a windows 2003 server, the site is hosting at a vps using iis6 integrate with php5, but doesn't support aspx( the server only contain .net 1). The server is protected by a Chinese web firewall application (phpweb from www.huweishen.com), I suspect this WFA was dumping all the suspicious request and reseting remote desktop connection.

I uploaded a asp shell to this site. The website is using Access and there is no sign that SQLSERVER is running on this server. The "huweishen" application support Mysql(MyISAM), however, I can not crack the password from 'root' user ( not even sure this user exist).
The shell I uploaded only have limited privileges, cmd, nc, net, tasklist, ipconfig are all disabled( guess was stopped by WFA). The wsScript.shell is open but the privilege is rather low.
I uploaded 20030day.exe, but still, no respond.
Guys, any ideas what else can I try?
OnceUponAYear
New User
New User
 
Posts: 1
Joined: Mon May 14, 2018 8:09 am
Blog: View Blog (0)


Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests