I remember a time when I got server access through an xxl job (as long as you have hands, it can be done sequentially).

Jul 17, 2023#渗透测试619

AI Translation

This post is translated from Chinese into English through AI.View Original

AI-generated summary

The process of exploiting vulnerabilities is simple and straightforward. It involves using weak passwords to execute commands in the backend, making it an easy sequence for anyone with basic knowledge. In this specific case, the weak password for the xxl-jog interface is "admin/123456". After logging in, the user can access the task management feature and select the external interface executor to execute commands. By selecting the created task and choosing the GLUE IDE operation, the user can open the editor window, write and save commands. Returning to the task window, the user can choose to execute the task once. By monitoring the server using nc, the user can successfully gain server permissions.

The process of exploiting vulnerabilities is simple and clear. Weak passwords can be used to execute commands in the background, which is a straightforward sequence of actions.

Weak password for xxl-job: admin/123456

After logging in, the interface is as follows: