File hiding during shell execution & amp; Penetration

Today, I saw an image in the NuclearAtk blog album.

Which has a txt extension name for executing the program

I only saw the image and didn't know how to describe it in the original text.

So I'm also curious about what kind of new tricks and tricks I think can be suffixed and disguised.

I asked him and some friends in the group.

The result is a shell recognition program problem for a long time.

I used to know that there is no Suffix in Linux/Unix environments.

The Linux/Unix shell execution Program identifies the file format to execute files without the suffix.

The same is true for Windows.

I did not pay attention to Windows platform before.

Also tested

NuclearAtk also told me

The original source of this article describes the situation where IIS7 sets the file with the suffix of the uploaded exe to be disabled.

Therefore, the exe extension program cannot be uploaded.

Then we can use this trick to bypass this prohibition.

As a result, the author may be confused about what the IIS7 parsing vulnerability is ......

Various Regions Orz ~

In fact, all these things are also being done without your pants.

If you cannot upload an exe extension, change the extension name to txt.

Upload the file and change it back to exe.

IIS only disables upload, not execution.

In fact, you can also click

Only the txt suffix format is used .......

Saving the trouble of getting around so many circles .......

In the future, webshell only needs to upload various xx.txt ~

Attackers are confused ~

In fact, you can change all the suffix names to jpg ~

Since penetration is a secret, we have to go further and further on the cumbersome Road ~

What to upload in the web directory 20110803.jpg and so on ~

It is based on the file naming format in the web directory.

Use the webshell date modification function to change the file time ~

It is difficult for administrators to find clues ~

From: syc