Exposure of fully automated black market (one-stop automatic batch SHELL)
I accidentally touched the tip of the iceberg and learned that the development of the black industry is faster than we thought. It has evolved into a one-stop full-automated bulk scanning SHELL, combined with what was revealed by our predecessors,
They work together, from batch scanning to Trojan-mounting to black pages, and so on, a dumb button is complete. Let's take a look at the past, issuing commands to achieve fully automated advertising,
Combined with the current batch SHELL, many small and medium-sized websites won the bidding. I only revealed some batch tools they wrote using the published CMS vulnerabilities on the Internet,
This is only one vulnerability announced. If so many CMS vulnerabilities are exploited, It would be terrible to think about it.
Automatic URL acquisition and CMS automatic identification:
DEDE automatically scans and uploads shell burst passwords:
I thought that the 4000-plus shell may have to be tried one by one, and I thought there may be similar scripts, but I didn't expect them to be automated first,
Just pull the shellCRTL + c crtl + VYou can perform the test automatically, and the speed is quite fast. The classification is quite detailed:
After the test, more than 4000 shells were run. A test script was run in one sentence, and more than 700 shells were run. 26 shells were successfully run, which took about half an hour.
Latest SEO shell tool for gray hat SEO
In an interview with a field reporter, the most profound one sentence was: I had been cheated by more than shells some time ago, but I was fine, technically, and not afraid to cheat.
People who may say this sentence do not know much about the impact of this number on some people who are doing security, but I am deeply aware that this has a huge impact. There are 5 million shells,
Still can be connected successfully. What kind of disaster will it be if it is controlled by criminals.
According to the field reporters, this is only a few tools they wrote based on the published DEDE vulnerability. They still have more automation we don't know, of course, for various reasons,
Reporters in front of the battlefield do not know. Although a large website may be developed by customization, it is still common for small and medium sized websites. If we think about Baidu in the future, it will all be something of black market,
The network environment is terrible. I hope that this article will help more people understand the importance of security. Otherwise, we will do more in the early stage, but it will be better to raise good children for bad acts.