Automatic cycle machine universal kill brute-force cracking without returning error keyword webshell

 

Author: zhima Xiaoye

There may be a lot of doubts about the previous statement that the automatic loop server cracked without returning errors. This time, we will show you a complete way to kill the problem.
Let's take a look at a PHP shell,

No error message is returned for the wrong password entered by this shell. keyword search on the logon page cannot be cracked ~ The following is a demonstration.

First use the packet capture tool to capture the package. You can see that the post submission method is used.

Enter the captured package in the Automatic cycle machine, and run the command to check whether the returned information is 200.

Set the dictionary file. Here we replace the red font content in the post with the adminpass = 123 & do = login parameter that calls the dictionary, and then select a dictionary for the dictionary.

Finally, we set an error keyword.

First, a copy of the returned package data is provided.

HTTP/1.1 200 OK
Date: Wed, 01 Jun 2011 11:00:20 GMT
Server: Apache/2.2.15 (Win32) PHP/5.2.13
X-Powered-By: PHP/5.2.13
Content-Length: 558
Keep-Alive: timeout = 5, max = 100
Connection: Keep-Alive
Content-Type: text/html

<Style type = "text/css">
Input {font-family: "Verdana"; font-size: "11px"; BACKGROUND-COLOR: "# FFFFFF"; height: "18px"; border: "1px solid #666666 ";}
</Style>
<Table width = "416" border = "0" align = "center" cellpadding = "0" cellspacing = "0">
<Form method = "POST" action = "">
<Tr>
<Td height = "75" align = "center">
<Span style = "font-size: 11px; font-family: Verdana"> password: </span> <input name = "adminpass" type = "password" size = "20">
<Input type = "hidden" name = "do" value = "login">
<Input type = "submit" value = "login">
</Td>
</Tr>
</Form>
</Table>
Copy code

Here we use the content in input as an error keyword.

Name = "adminpass" type = "password Copy code

After setting the password, let's crack the shell password ~
Check the password in the source code.

The password cracked by the automatic circulating machine is as follows:

This php shell password is easily cracked ~

Then let's crack the shell H4Ck Door.

I still remember the last time lostworf sent this shell to let me break the password. After studying it for a long time, I didn't know how to break it. This time I found a way to kill it. I see where you want to escape.

First, capture the packet and enter it in the Automatic cycle machine.

Select the dictionary, and finally set the error keyword. Here we continue to look for the content in the input.

<Input name = 'lpass' type = 'Password' size = '15'> <input type = 'submit 'value = 'sumbit'> </div> </center> Copy code

Find the input and select name = 'lpass' type = 'Password' as the keyword.

View the blasting result
Password in the source file:

Finally, let's look at the brute-force cracking results.

Many passwords are returned here. The first one is correct. Because this trojan will save cookies, other wrong passwords will be displayed after successful login.