This is a dark night. A friend sent me a small window from the penguin and opened it to check whether a website has any security vulnerabilities. I'm curious and want to give it a try, open the address, a Korean website www.koreatimes.com (Korean times). I have only heard of The New York Times. I don't know the difference. As long as it is not made in China, you can try it.
So I started the penetration test as if I were from aliumeng software. I found a vulnerability that was not strictly filtered out. So I uploaded my own small program and then used it to obtain webshell, the website is a linux system, and the interest suddenly increases, and it starts to rebound to the local machine. The permission is very low, so you cannot directly log on to the remote server using ssh, privilege Escalation is required, that is, to obtain higher permissions, of course, root). Check the kernel version and system version information, and upload a piece of code to address a 0-day vulnerability in the kernel. The character is also good, smoothly promoted to the root permission. Of course, the root password of another user cannot be directly modified. This is too violent, so add a user with the same permissions as root, that is, uid = 0, you know ), unfortunately, the system only opens port 80 and does not even have port 22. This does prove that the stick administrator is indeed more secure than most administrators in China and only forwards data through the ssh tunnel, after forwarding the local port 22 and the far-end port 80, the system is successfully remotely logged on. Then I fixed the vulnerability and did not leave any backdoor program, I am a good guy?
650) this. width = 650; "title =" psb.jpg "src =" http://www.bkjia.com/uploads/allimg/131227/064T41a2-0.jpg "/>
The purpose of sharing this experience is to first detect your own security technologies, and second, to emphasize the importance of security. Do not wait until you lose to cherish it. Third, I am a simple person, do not do anything about cracker.
Tomorrow is another day for the college entrance examination. I hope you will be entitled to a good luck!
This article is from the "Old Xu's Private food" blog and will not be reposted!
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
