Common website intrusion methods and general ideas (I)

Source: Internet
Author: User
Preface: common website intrusion methods and general ideas

First, we will introduce what types of websites can intrude into websites that I think must be dynamic websites such as ASP PHP JSP code.
If it is a static (.htm or HTML), it will not succeed.

14 available intrusion methods

1. Upload Vulnerability
If you see: select the file you want to upload [re-upload] or "Please log in and use it", 80% will have a vulnerability!
Sometimes the upload may not be successful, because cookies are different. We need to use wsockexpert to obtain cookies and then use domain to upload them.

2. Injection Vulnerability
Character filtering is lax.

3. Bypass, that is, cross-site.
When we intrude into a station, this station may be robust and impeccable. We can find a site with the same server as this station, and then use this Site for Elevation of Privilege, sniffing and other methods to intrude into the site we want to intrude.

4. brute-force database: replace/in the middle of the second-level directory with % 5c

5. 'or' = 'or' is a language that can connect to SQL. You can directly enter the background. I collected it. Similar:
'Or ''='" or "A" = "A') or ('A' = 'a ") or ("A" = "A or 1 = 1 -- 'or 'A' = 'a

6. social engineering. We all know this. Is to guess.
 

7. Write Data to an ASP database. Is a trojan <% execute request ("value") %> (the database must be an ASP or ASA suffix)

8. source code utilization: some websites use the source code downloaded from the Internet. Some webmasters are very lazy and don't change anything.

9. Use of the default database/webshell path: many of these websites/other people's webshells.
/Databackup/dvbbs7.mdb
/BBS/databackup/dvbbs7.mdb
/BBS/data/dvbbs7.mdb
/Data/dvbbs7.mdb
/BBS/DIY. asp
/DIY. asp
/BBS/CMD. asp
/BBS/cmd.exe
/BBS/s-u.exe
/BBS/servu.exe
Tool: Station hunter

10. view the directory method: some websites can disconnect the directory. You can ask the directory.
210.37.95.65 Images

11. Tool Overflow

12. Use of search engines:

(1). inurl: flasher_list.asp default database: database/flash. mdb background/manager/
(2) Find the management background address of the website:
Site: XXXX. comintext: Management
Site: XXXX. comintitle: management <many keywords, find them by yourself> 〉
Site: XXXX. cominurl: Login
(3). Find the ACCESS database, MSSQL, and MySQL connection files.
Allinurl: bbsdata
Filetype: mdbinurl: Database
Filetype: incconn
Inurl: datafiletype: MDB

13. Cookie fraud: Change your ID to the Administrator's, and change the MD5 password to another one. You can use Guilin veterans tool to modify the cookie.

14. Use common vulnerabilities, such as BBS
You can use the dvbbs permission escalation tool to make yourself a front-end administrator.
Then: Use the dynamic net fixed top sticker tool to find a fixed top sticker and then obtain cookies. You need to do this yourself. We can use wsockexpert to obtain cookies/NC packets.
I will not do this anymore. I will take a look at my next online tutorials.
Tool: dvbbs permission escalation Tool

15. There are also some old vulnerabilities. For example, iis3, 4, view the source code, and delete
I won't talk about CGI and some old PHP holes .. Too old. There is no major purpose.

 

General intrusion ideas
 
Script Injection (asp php jsp)
1. Script Vulnerability
Other script vulnerabilities (upload and cross-site vulnerabilities)



Domain Name Bypass
2. Side note
"Ip" side note

Local Overflow
3. Overflow Vulnerability
Remote Overflow

ARP Spoofing
4. Network eavesdropping
IP Spoofing

5. Social Engineering

 

Supplemented and summarized

1. Add some content to the previous article

2. Use examples to prove the great use of social engineering

3. Make some remarks on the arrangement of this training course

4. Learning Methods

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.