How to quickly invade a website

First, observe the specified Web site. The intrusion of the specified site is conditional: first observe whether the site is dynamic or static.

First introduced under what kind of site can be invaded: I think the site must be dynamic, such as ASP, PHP, JSP and other code to write the site if it is static (. htm or HTML), generally will not succeed. If the target site to be invaded is dynamic, you can exploit the vulnerability of the dynamic website.

Quote: The following are common ways to invade a website:

1. Upload the vulnerability if you see: Select the file you want to upload [re-upload] or "Please login after use", 80% there is a loophole! Sometimes uploads do not necessarily succeed, because cookies are different. We are going to use Wsockexpert to get cookies. Then upload it with domain.

2. Injection vulnerability character filter is not strictly caused by

3. Bauku:%5c in the middle of the two-level catalogue

4. ' or ' = ' or ' This is a language that can connect to SQL. Can be directly into the background. I collected a bit. Similar also to: ' or ' = ' \ ' or ' ' a\ ' =\ ' a ') or (' a ' = ' a \ ') or (\ "A\" =\ "A or 1=1--' or ' a ' = ' a

5. Social engineering. We all know that. is to guess the solution.

6. Write to the ASP format database. It's just a word. Trojan 〈%execute request (\ "Value\")%〉 (the database must be an ASP or ASA suffix)

7. Source use: Some websites are used to download the source code. Some webmasters are lazy. Nothing changed. For example: default database, default background address, default Administrator account password, etc.

8. Default database/webshell Path utilization: Such a site a lot of people webshell others. /databackup/dvbbs7. Mdb/bbs/databackup/dvbbs7. Mdb/bbs/data/dvbbs7. Mdb/data/dvbbs7.mdb/bbs/diy.asp/diy.asp/bbs/cmd.asp/bbs/cmd.exe/bbs/s-u.exe/bbs/servu.exe Tool: Website Hunter digging chicken Ming Boy

9. View Catalog method: Some websites can be disconnected from the directory and can access the directory. 210.37.95.65 Images

10. Tool Overflow

11. Search Engine Utilization: (1). inurl:flasher_list.asp default database: Database/flash.mdb background/manager/(2). Find the management of the website address: site:xxxx.comintext: Manage Site:xxxx.comintitle: Management keywords many, self-find 〉site:xxxx.cominurl:login (3). Find the database for access, MSSQL, MySQL connection file allinurl:bbsdata Filetype:mdbinurl:database Filetype:incconn Inurl:datafiletype:mdb

12.COOKIE scam: Change your ID to admin, MD5 password is also changed to his, with Guilin veteran tool can modify cookies.

13. The use of common vulnerabilities: such as the dynamic network BBS can be used first: Dvbbs permission to upgrade tools, so that they have become the front desk administrator. Then, use: Dynamic network headspace paste tool, find a headspace paste, and then get cookies, this wants you to do it yourself. We can use Wsockexpert to get cookies/nc bag this I do not do, online tutorial more is, self-the next look. Tools: Dvbbs rights lifting tool dynamic mesh headspace tool 14. There are some old loopholes. such as iis3,4 View Source, 5 of the delete cgi,php some of the old hole, I will not say AH. It's too old. There's no big use.

#######################################

General intrusion Ideas

Script Injection (ASP PHP JSP)

1. Scripting Vulnerability Other Script Vulnerability (upload vulnerability, cross-site vulnerability, etc.) domain name side note

2. Side note "IP" Side note local overflow

3. Overflow Vulnerability Remote Overflow ARP spoofing

4. Network eavesdropping IP spoofing 5. Social engineering Simply put, you can use the above methods to invade, if the designated site does not have loopholes, but also can use other ways ... #######################################

  There's more than one way to the computer. If the target website program does not have a vulnerability, you can follow the following methods: First determine the other Site server host IP address, such as: Ping www.baidu.com

First introduced under what kind of site can be invaded: must be a dynamic site, such as ASP, PHP, JSP this form of site. 　　A site with an. htm suffix is advised not to invade (the probability of an invasion is almost 0). 　　Intrusion Introduction: 1 Upload vulnerability, 2 Bauku; 3 injection; 4 side note; 5 cookie fraud. 　1 upload vulnerability, the vulnerability in the DVBBS6.0 era by hackers to use the most rampant, the use of upload vulnerabilities can be directly webshell, the threat level super high, now the intrusion of the vulnerability is also a common vulnerability. How to use: in the Address bar of the site after the URL plus/upfile.asp if the display upload format is incorrect [re-upload] Such a typeface 80% is a long hole to find a tool can be uploaded directly can get Webshell.

Tool Description: Upload Tool, Veteran's upload tool, DOMAIN3.5, both software can achieve the purpose of uploading, with NC can also be submitted.

Webshell is what: Webshell in the last lesson simple introduction of the next, many people do not understand, here in detail, in fact, Webshell is not what esoteric things, is a web rights, can manage the Web, modify the content of the home page and other rights, but there is no special high permissions, ( This look at the administrator's settings) general modification of other people's homepage mostly need this permission, contact the Web Trojan friends may know (such as the veteran's webmaster Assistant is the Web Mumahaiyang 2006 is also a Web Trojan) We upload the vulnerability of the final transmission is this thing, Sometimes a server with a bad set of permissions can get the highest permissions through Webshell.

2 　　Bauku: This vulnerability is now very rare, but there are many sites have this vulnerability can be exploited, Bauku is the submission of characters to get the database file, the database file we have direct access to the site's foreground or background permissions. Bauku method: For example, a station address is  http://www.xxx.com/dispbbs.asp?boardid=7&id=161

3 Injection vulnerability: This vulnerability is now the most widely used, the damage is also a big loophole, it can be said that Microsoft's official website also has an injection of loopholes. 　　Injection vulnerability is caused by the character filter is not strictly prohibited, you can get the administrator's account password and other relevant information. How to use: I first introduce how to find loopholes such as this URL  http://www.xxx.com/dispbbs.asp?boardid=7&id=161  is the end of the Id= digital station we can manually add a and 1=1 to see if the normal page and add a and 1 = two look at if the return to the normal page description is not a vulnerability if the return error page indicates an injection vulnerability exists. If Add and 1=1 return error page description also no loopholes, know the site there is no loophole I can use the door can be manually to guess solution can also use tools now more tools (NBSI NDSI AH D domain, etc.) can be used to guess the account password, because it is rookie contact, I still suggest you use tools 　　, manual comparison cumbersome.

4 Side note: We invade a station may be strong and invulnerable to this station, we can find and this station the same server site, and then use this site with power, sniffing and other methods to invade the site we want to invade. To make an image of metaphor, for example, you and I a building, my home is very safe, and your home, but the loopholes, now there is a thief want to invade my home, he made a surveillance on my home (that is, scanning) found nothing to use, then this thief found your home and my house a building, your home is easy to go in, he can first enter your home, 　　Then through your home to get the whole building keys (System permissions), so naturally get my keys, you can enter my Home (website). Tool Description: Or the name of the boy's DOMIAN3.5 good things, can be detected injection, can be side note, you can upload!

5 Cookie scams: Many people do not know what Cookie,cookie is when you surf the Internet by the value of the website sent to you to record some of your data, such as IP, name or something. How to defraud? If we already know XX Station Administrator station number and MD5 password, but can't break out password (MD5 is encrypted after a 16-bit password) We can use cookie fraud to achieve, change their ID to administrator, MD5 Password also modified to his, 　　There are tools that can modify cookies so that the purpose of cookie fraud is answered and the system thinks you are the administrator. Today's introduction to here, the comparative basis, are conceptual things, all of my personal understanding, if there is not the right place to point out (personally think that is, why change to%5c, here a bit of a problem). Prevent script intrusion as a network administrator, many friends are also responsible for the work of the Unit's website development and maintenance, for web development I think everyone is more proficient, but on how to write security script code and how the Intruder Web-based server infiltration, may not be very clear, A lot of friends mistakenly think my server has a hardware firewall, and only open 80 ports, there is no network security issues.

I'll introduce you to some of the more common　　 　　See the method of scripting attack, so that you can find the method of security protection, thereby improving the security of the server.

1. Simple script attacks such attacks are due to the Web program writing on the special character filter is not strict, although not a serious threat to the security of the server, but can enable the intruder to publish the malicious code containing HTML statements, disrupting the order of the site, thereby adversely affect the site. Here is an example: a website in the user registration, there is no special characters to filter, it is possible to be bored by the use of, assuming the forum Administrator ID: webmaster, it is possible to register a user name when registered as webmaster, although the ID has a difference, But the page display is the same, if the boring people to change the other information and webmaster the same, it is difficult for others to distinguish between the two ID which is true which is false. There are many Web sites have their own development of the message board, and support the submission of HTML messages, which gives the opportunity for the perpetrators, they can write an automatic pop-up window and open a Trojan page code, so that others in this message can be planted under the Trojan horse. The precautionary approach is simple, add a filter function: 〈% function Sqlcheck (fstring) fstring = replace (fstring, \ "\", \ "\") fstring = replace (Fstri ng, \ "\", \ "\") fstring = replace (fstring, \ "; \", \ "\") fstring = replace (fstring, \ "--\", \ "\") fstring = replace ( Fstring, \ ", \", \ "\") fstring = replace (fstring, \ "\") fstring = replace (fstring, \ ") \", \ "\") fstring = Repl Ace (fstring, \ "=\", \ "\") fstring = replace (fstring, \ "%\", \ "\") fstring = replace (fstring, \ "*\", \ "\") fstring = Replace (fstring, \ "<\", \ "\") fstring = replace (fstring, \ ">\", \ "\") Sqlcheck = fstring End Function%〉 to String = Replace (fstr) in the filter functioning, \ "<\", \ "\") fstring = Replace (fstring, \ ">\", \ "\") can remove the "<" and ">" symbols in the statement so that the HTML code cannot run.　　 　　

2. SQL injection vulnerability attack, also known as SQL Injection attack, is a common web attack method, it makes use of the construction of special SQL statements, and the database of cross-table query attack, in this way it is easy for intruders to get a Webshell, Then use this Webshell to do further infiltration, until the System Management Authority, so this attack mode is very harmful. We recommend that you use NBSI, Wed+wis, and other injection tools to scan your site to see if there is a vulnerability. There is a special SQL injection vulnerability, the reason is special, because it is through the construction of special SQL statements to deceive the identification of user identity code, such as the intruder to find the background management portal, in the administrator user name and password input "' or ' 1 ' = ' 1 '", "' or '" = "," ') Or (' a ' = ' a ', "\" or \ "A\" =\ "a", "' or ' a ' = ' a", "' or 1=1--") such strings (without quotation marks), commit, it is possible to directly enter the background management interface, it can also be seen how to filter the special characters is how important. Another thing to note, be sure not to let others know the site's background Management page address, in addition to the reasons above, this can also prevent intruders by brute force to crack the background administrator user name and password methods into the background management.　　 　　The prevention of such attacks in addition to the above mentioned filter function, but also to block the site error messages, but also need to configure IIS execution permissions, the previous magazine also detailed the precautionary method, here do not do a detailed explanation.

3. The attack on the whole station system and forum many sites use some such as dynamic easy, Joek, dynamic Network, BBSXP and other high-visibility, powerful systems and forums, due to the powerful features of these systems, so inevitably brought a small security risk. Because these systems can be directly from the code, and the use of these systems more than the site, so the study of these system vulnerabilities are many people, we will often be on the Internet to see a system and the latest loopholes in the article, it is recommended that you often go to these systems on the official website regularly download the latest patches.

How to quickly invade a website