Bkjia.com exclusive Article] In my article "from Webshell to broilers", I mentioned how to obtain Webshell through the Webshell feature keywords. At the same time, I mentioned three methods to truly obtain this Webshell, this article is a supplement to the above, that is, how to deal with the problem from the perspective of Network Attack and Defense when we find a Webshell that requires password verification. This detection failed to reach the official director, so it mainly analyzed from the Security Detection perspective.
1. Obtain Webshell Information
1. Use Google to search for keywords again
Open the Google search page and enter the keyword "Copyright (C) 2008 Bin-> WwW. roOTkIt. neT. cn, and then click Google search. Two search results are displayed, as shown in 1.
2. Increase the range of feature keywords for search
Add some keywords in the Google search box, such as "Password :. copyright (C) 2008 Bin-> WwW. roOTkIt. neT. as shown in "Cn" and "2", there are many more results, with a total of 7 search records.
3. Obtain the administrator password for an unexpected Webshell.
In the attacker's Webshell, managing the password is like the key of the room. As long as it exists, you can enter the room. In Figure 2, you can view the address ending with aspx In The Real website address and view it, 3 ".
There is a "// PASS: 007" attached to the encrypted value. We can assume that the password of this Webshell is 007, but to obtain the password of this Webshell, go to the cmd5.com website for verification, enter the "9e94b15ed312fa42232fd87a55db0d39" value in the decryption box, and click "md5 encryption or decryption" to get the password "007", 4, haha, a good password!
The above is a review of the previous article. If you don't know how to try it, you can collect and organize all the key features of Webshell. Through this method, you will surely get something!