Multiple cms backgrounds can be cracked and bypassed for protection

Multiple cms backgrounds can be cracked and bypassed for protection

1. Phpcms

Phpsso_server in Phpcms

After the cracking, the code value in the Session will not be refreshed no matter whether the account password is correct or not.

The login page cannot be opened again. If it is opened, the verification code page will be opened and the code value will change.

If the user name is not found for the output user name

Incorrect password output Password

Based on the above principle, we can input a correct verification code and import it to the intruder module for cracking.

So

Brute-force cracking: enter a correct verification code and capture packets.

Brute-force cracking target: account + password (multiple times)
 

2. Espcms

Let's talk about espcms protection measures, including verification codes and tokens.

The value of the verification code is determined based on ecisp_seccode in cookies. Therefore, we can directly crack the verification code after entering the correct one.

For the token issue, if the packet is repeatedly sent normally, a prompt will be prompted. The submitted data has expired. Please submit it again.

This can be bypassed in this way, and the token will be deleted and not allowed to be submitted, and then it will be bypassed. The reason is that the Code is generally written in this way.

If ($ _ POST ['Token']) {

Determine whether the token is correct

}

Therefore, if you delete it, the system will bypass it.

So

Brute-force cracking: enter a correct verification code, capture packets, and remove token.

Brute-force cracking target: account + Password
 

3. Cmseasy

This is the first logon in the background. If the logon fails,

Loginfalse ***** cookies, and then the verification code appears when you attempt to log on again.

We only need to capture packets when logging on for the first time, and then crack it.

So

Brute-force cracking: first attempt to capture packets

Brute-force cracking target: account + Password
 

4. PHPYun

This problem occurs when the value of the verification code in the session is not Refresh after the logon, so that a verification code can be repeatedly used for packet sending brute-force cracking.

So

Brute-force cracking: enter a correct verification code and capture packets.

Brute-force cracking target: account + Password
 

5. qibocms

Directly cracked without any restrictions.

So

Blasting Method: Packet Capture

Brute-force cracking target: account + Password
 

6.74 Talent System

The verification code is not enabled by default. We will go to the background to enable the verification code.

Enter a correct verification code and then log on. If the verification code file is no longer run after the password is incorrect, the verification code value will not be refreshed.

So

Brute-force cracking: enter a correct verification code and capture packets.

Brute-force cracking target: account + Password
 

7. phpwind8.7

If there is no verification code, an ip address can only be cracked for 15 times, but it is obtained using xff. We can modify the IP address of xff to crack it.

The verification code is related to the value of * _ cknum in cookies.

So as long as we enter a correct verification code, we can continue to crack it.

Of course, a single IP Address has 15 chances. We can generate some IP addresses. Then crack down

But the account can be at this address http: // localhost/phpwind8/u. php? Uid = 1 get

So

Brute-force cracking: enter a correct verification code and capture packets. Modify the xff value during brute-force cracking.

Brute-force cracking target: Password

You must cancel this IP address, or urlencode.
 

 

 

 

The following describes the background brute-force cracking protection and how to bypass,

1. No protection

You can directly modify the account password to crack the password.


2. Verification code available

The verification code is generally determined based on the value in the session.

Most of the Code is as follows.

If ($ _ SESSION ['seccode'] = '') {print 'verification code is empty '; exit ();}

If ($ _ SESSION ['seccode']! = $ Seccode ){

Print 'verification code error ';

Exit;

}

However, if the above code is used, it will not be refreshed after each verification. In that case, we can re-Send the package for verification.

If his code is like this

If ($ _ SESSION ['seccode'] = '') {print 'verification code is empty '; exit ();}

If ($ _ SESSION ['seccode']! = $ Seccode ){

$ _ SESSION ['seccode'] = '';

Print 'verification code error ';

Exit;

}

In this way, you cannot resend the package. However, the verification code can be recognized.

If it is a value in cookies, it is simpler.


3. ip address cracking limit

If the ip address is obtained through X-Forwarded-For and client_ip, you can directly modify the information in the http header.


4. Other Logon ports

This is similar to the background cracking of phpwind9 submitted earlier. The default logon backend has a verification code, but the other logon address does not. Or try some other APIs and ajax interfaces.


5. Retrieve the number of times based on the user name

This method is used to determine the number of errors based on the user name. If the number of errors is exceeded, the user is not allowed to log on for a certain period of time. I really don't know how to crack it...

However, if you set this way, you will know what the administrator user name is and set the time for sending packets, so that the Administrator will not be able to log on to the background.

Solution:

Filter