ps: I haven't tested it yet.
Source: H4×0r'sBlog
The code copy is as follows:
bOtherUser=False''Does other NT user login be required?
IfbOtherUser=TrueAndTrim(Request.ServerVariables("AUTH_USER"))=""Then
Response.Status="401Unauthorized"
Response.Addheader"WWW-AuThenticate","BASIC"
IfRequest.ServerVariables("AUTH_USER")=""ThenResponse.End()
EndIf
Key on-demand
Response.Status="401Unauthorized" As long as this sentence is added at the beginning of the code, IIS will automatically call the login window.
This function can call other NT users to log in
If you know the password of a user with greater GUEST permissions, such as administrator, hehe~ you are developed [for example: obtained through FINDPASS or automatic login]
For example, know the administrator's password, but the other party does not have a terminal and there is no other thing that can increase permissions. Hehe this thing can help you
After logging in, the permissions obtained are the corresponding permissions of the logged-in user!
Sensitive Directory: PCANYWHERE, startup and other directories that store CIF
You can enter all directories that the user has permissions, and check the files that he has permissions, such as LOGs, etc.