A hacker's navigation station in a simple day

Www.2cto.com.


Author: Striker
QQ: 954101430
Blog: StrikerSB.com

Body:
Actually, I saw the log of the Net user space =. = So I tried it and I had the following story.

First, I saw the website and directly looked at the side note. I personally feel that the main site has no hope ~
The Discuz directly enters the uc_sever admin Weak Password =.

 

After reading the database, it turned out to be not the root user ~ His server only has two or three sites. I thought it would be root =.

 

 

Changed the administrator password,

 

 

Get the password of the database. It's useless now. Keep it first ~

 

 

 

Seeing this, I felt there was hope for plug-in and shell, so I was full of confidence ~

 

 

At that time, I was disgusted =. Then I scanned the main site with a tool ~

 

 

The harvest is really not small, so I got the absolute path ~

 

 

Then I found another file,

 

 

We can see all kinds of weak serv-u passwords and default passwords ~ Give up this way, and then use a tool to scan ~

 

 

 

Seeing phpmyadmin, I suddenly have hope,
Then the weak root passwords were fruitless, So I logged on to the uc_server account ~

 

 

Maybe I have a special liking for root. I always want root =. So I looked at it.

 

 

Decrypt the password

 

 

Unfortunately, who will help me in the middle of the night? Nobody is there? Everyone goes to bed.

I have been worried about phpmyadmin. If the permission is not enough, I tried it ~

 

 

I did not expect to write it into =.

Click the next line to mount the homepage ~ (For the first time, I was a little excited about the black and wide site, so the webmaster should not be angry. Forgive me once = .)