Cybersecurity detection cainiao

Source: Internet
Author: User

Some of the most popular upload vulnerabilities in the past, such as mobile networks, mobile devices, and so on! The popularity is crazy. Get webshell through upload! What is weshell .! Webshell is also called ASP {remote control software }..! Very small, but very powerful .. now the well-known shell is like the top of the ocean, the ice Fox prodigal sentence {remote control software} and Guilin veterans's Internet Assistant.... there are many types of horses. basic skills are similar .. upload. download and edit. delete some other commands... if we upload the {remote control software} of ASP to the space of a website in a certain way .. then we can have full control over this website .. we can do everything in the space ..! You can even control the server to become a zombie ..!! So every time we get a website, the first thing we want to get from the website is to get shell ..!

 

There are many methods ..! You can use the current domail, which is also a side-by-side tool, to detect some upload vulnerabilities ..!! You can also use the nb_2 or ah d injection tool to detect injection points ...! Find the injection point and get the background. Use the upload or backup database in the background to get the shell .! The injection principle has been described in detail in the script class section of the bingke forum .! I also spoke about the lecture .! I will not introduce its principles and applications here ..!!!

 

The other is to use the one sentence {remote control software} of the ice Fox prodigal son }..! Plug in the website friendship connection... use the database of friendship connection to get shell ..! Therefore, there are many shell methods available on the network ..!~ Many people always ask how the website should be hacked .?? There is only one sentence to answer. It doesn't mean that one method can get rid of all the websites. If there is one method, you can use it flexibly .! So if you want to get a shell, you should first check what the website looks like .. only by understanding what programs the website is can we have the correct intrusion techniques .. for example, an ASP dynamic whole site program .. we can check whether the upload vulnerability exists ..! If you don't have one, you can only find his injection point ...! Get the name and password of the background through injection ..! Let's get shell again... if it's an ASP Website, but it's not a whole site program that goes down from the Internet... we can still get it through injection. shell injection is widely used now ..! As long as it is a dynamic website, we will all have the opportunity to inject... no matter how much traffic the website has ..!! Some friends lose confidence as soon as they see the registered members of the website or the daily traffic is huge ..! You don't have to worry that there are too many pages on the website ..!! It is inevitable that a page is not filtered so that we can get started ..! And if the website is a static website ..!! Maybe he will also hide ASP pages ..! Not on the surface, but it is actually generated by ASP ..! For example, I will inject 17173 animation tutorials all the time ..!! It is to find ASP pages on a static website and then inject them !! The same principle .! But there are several static pages .! So the injection cannot be completed .!! But you can do it in other ways! For example, see if he has a forum... or something ..!! Many Forum versions have vulnerabilities. Many of them have been released. We can find the Forum version and check whether there are any vulnerabilities .!! If nothing exists .! Don't be discouraged. You can also try to note ..!! There are many methods .! Do not think that learning one method is invincible .!! Keep learning ..! Every method is not fixed .! They can all be used in a different way. 1. You can learn a method instead of just learning it .! We want his flexibility .!! Flexible operation of every means... understand its principles! These are constantly discovered in learning! As long as you study hard, you will have unexpected gains ...!! Many vulnerabilities exist: * We discover them by ourselves .!

 

Now everyone should know the key to learning! Don't always think about how many intrusion methods I have learned .!! You can call it a hacker .!! But you have learned something! Have you ever thought about how it works .?? Other practical means can be introduced through the principle ..! In fact, many people feel that I will have something! A sense of accomplishment .!! Or I have hacked a network, and I just deleted it ?! But you know that many of your things are things that have been popular abroad for a long time .!! Is it still so popular in China ?? We are inferior to other countries ..!! A Chinese website seems to have a promising future. This is not the case ..! So we learned it all by ourselves .!! So I wish you a better understanding .!!! Learning is the key ..!! Here we are .!

 

By cold

 

QQ: 222347

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.