Multiple cms backgrounds can be cracked and bypassed for protection
1. Phpcms
Phpsso_server in Phpcms
After the cracking, the code value in the Session will not be refreshed no matter whether the account password is correct or not.
The login page cannot be opened again. If it is opened, the verification code page will be opened and the code value will change.
If the user name is not found for the output user name
Incorrect password output Password
Based on the above principle, we can input a correct verification code and import it to the intruder module for cracking.
So
Brute-force cracking: enter a correct verification code and capture packets.
Brute-force cracking target: account + password (multiple times)
2. Espcms
Let's talk about espcms protection measures, including verification codes and tokens.
The value of the verification code is determined based on ecisp_seccode in cookies. Therefore, we can directly crack the verification code after entering the correct one.
For the token issue, if the packet is repeatedly sent normally, a prompt will be prompted. The submitted data has expired. Please submit it again.
This can be bypassed in this way, and the token will be deleted and not allowed to be submitted, and then it will be bypassed. The reason is that the Code is generally written in this way.
If ($ _ POST ['Token']) {
Determine whether the token is correct
}
Therefore, if you delete it, the system will bypass it.
So
Brute-force cracking: enter a correct verification code, capture packets, and remove token.
Brute-force cracking target: account + Password
3. Cmseasy
This is the first logon in the background. If the logon fails,
Loginfalse ***** cookies, and then the verification code appears when you attempt to log on again.
We only need to capture packets when logging on for the first time, and then crack it.
So
Brute-force cracking: first attempt to capture packets
Brute-force cracking target: account + Password
4. PHPYun
This problem occurs when the value of the verification code in the session is not Refresh after the logon, so that a verification code can be repeatedly used for packet sending brute-force cracking.
So
Brute-force cracking: enter a correct verification code and capture packets.
Brute-force cracking target: account + Password
5. qibocms
Directly cracked without any restrictions.
So
Blasting Method: Packet Capture
Brute-force cracking target: account + Password
6.74 Talent System
The verification code is not enabled by default. We will go to the background to enable the verification code.
Enter a correct verification code and then log on. If the verification code file is no longer run after the password is incorrect, the verification code value will not be refreshed.
So
Brute-force cracking: enter a correct verification code and capture packets.
Brute-force cracking target: account + Password
7. phpwind8.7
If there is no verification code, an ip address can only be cracked for 15 times, but it is obtained using xff. We can modify the IP address of xff to crack it.
The verification code is related to the value of * _ cknum in cookies.
So as long as we enter a correct verification code, we can continue to crack it.
Of course, a single IP Address has 15 chances. We can generate some IP addresses. Then crack down
But the account can be at this address http: // localhost/phpwind8/u. php? Uid = 1 get
So
Brute-force cracking: enter a correct verification code and capture packets. Modify the xff value during brute-force cracking.
Brute-force cracking target: Password
You must cancel this IP address, or urlencode.
The following describes the background brute-force cracking protection and how to bypass,
1. No protection
You can directly modify the account password to crack the password.
2. Verification code available
The verification code is generally determined based on the value in the session.
Most of the Code is as follows.
If ($ _ SESSION ['seccode'] = '') {print 'verification code is empty '; exit ();}
If ($ _ SESSION ['seccode']! = $ Seccode ){
Print 'verification code error ';
Exit;
}
However, if the above code is used, it will not be refreshed after each verification. In that case, we can re-Send the package for verification.
If his code is like this
If ($ _ SESSION ['seccode'] = '') {print 'verification code is empty '; exit ();}
If ($ _ SESSION ['seccode']! = $ Seccode ){
$ _ SESSION ['seccode'] = '';
Print 'verification code error ';
Exit;
}
In this way, you cannot resend the package. However, the verification code can be recognized.
If it is a value in cookies, it is simpler.
3. ip address cracking limit
If the ip address is obtained through X-Forwarded-For and client_ip, you can directly modify the information in the http header.
4. Other Logon ports
This is similar to the background cracking of phpwind9 submitted earlier. The default logon backend has a verification code, but the other logon address does not. Or try some other APIs and ajax interfaces.
5. Retrieve the number of times based on the user name
This method is used to determine the number of errors based on the user name. If the number of errors is exceeded, the user is not allowed to log on for a certain period of time. I really don't know how to crack it...
However, if you set this way, you will know what the administrator user name is and set the time for sending packets, so that the Administrator will not be able to log on to the background.
Solution:
Filter