Preface: common website intrusion methods and general ideas
First, we will introduce what types of websites can intrude into websites that I think must be dynamic websites such as ASP PHP JSP code.
If it is a static (.htm or HTML), it will not succeed.
14 available intrusion methods
1. Upload Vulnerability
If you see: select the file you want to upload [re-upload] or "Please log in and use it", 80% will have a vulnerability!
Sometimes the upload may not be successful, because cookies are different. We need to use wsockexpert to obtain cookies and then use domain to upload them.
2. Injection Vulnerability
Character filtering is lax.
3. Bypass, that is, cross-site.
When we intrude into a station, this station may be robust and impeccable. We can find a site with the same server as this station, and then use this Site for Elevation of Privilege, sniffing and other methods to intrude into the site we want to intrude.
4. brute-force database: replace/in the middle of the second-level directory with % 5c
5. 'or' = 'or' is a language that can connect to SQL. You can directly enter the background. I collected it. Similar:
'Or ''='" or "A" = "A') or ('A' = 'a ") or ("A" = "A or 1 = 1 -- 'or 'A' = 'a
6. social engineering. We all know this. Is to guess.
7. Write Data to an ASP database. Is a trojan <% execute request ("value") %> (the database must be an ASP or ASA suffix)
8. source code utilization: some websites use the source code downloaded from the Internet. Some webmasters are very lazy and don't change anything.
9. Use of the default database/webshell path: many of these websites/other people's webshells.
/Databackup/dvbbs7.mdb
/BBS/databackup/dvbbs7.mdb
/BBS/data/dvbbs7.mdb
/Data/dvbbs7.mdb
/BBS/DIY. asp
/DIY. asp
/BBS/CMD. asp
/BBS/cmd.exe
/BBS/s-u.exe
/BBS/servu.exe
Tool: Station hunter
10. view the directory method: some websites can disconnect the directory. You can ask the directory.
210.37.95.65 Images
11. Tool Overflow
12. Use of search engines:
(1). inurl: flasher_list.asp default database: database/flash. mdb background/manager/
(2) Find the management background address of the website:
Site: XXXX. comintext: Management
Site: XXXX. comintitle: management <many keywords, find them by yourself> 〉
Site: XXXX. cominurl: Login
(3). Find the ACCESS database, MSSQL, and MySQL connection files.
Allinurl: bbsdata
Filetype: mdbinurl: Database
Filetype: incconn
Inurl: datafiletype: MDB
13. Cookie fraud: Change your ID to the Administrator's, and change the MD5 password to another one. You can use Guilin veterans tool to modify the cookie.
14. Use common vulnerabilities, such as BBS
You can use the dvbbs permission escalation tool to make yourself a front-end administrator.
Then: Use the dynamic net fixed top sticker tool to find a fixed top sticker and then obtain cookies. You need to do this yourself. We can use wsockexpert to obtain cookies/NC packets.
I will not do this anymore. I will take a look at my next online tutorials.
Tool: dvbbs permission escalation Tool
15. There are also some old vulnerabilities. For example, iis3, 4, view the source code, and delete
I won't talk about CGI and some old PHP holes .. Too old. There is no major purpose.
General intrusion ideas
Script Injection (asp php jsp)
1. Script Vulnerability
Other script vulnerabilities (upload and cross-site vulnerabilities)
Domain Name Bypass
2. Side note
"Ip" side note
Local Overflow
3. Overflow Vulnerability
Remote Overflow
ARP Spoofing
4. Network eavesdropping
IP Spoofing
5. Social Engineering
Supplemented and summarized
1. Add some content to the previous article
2. Use examples to prove the great use of social engineering
3. Make some remarks on the arrangement of this training course
4. Learning Methods