Network security 55 upload Webshell with grab bags

In the process of web infiltration, one of the most troublesome part is uploading Webshell, previously introduced using database backup to upload, this is also the most simple and ancient method. This article will introduce another way to upload webshell using grab packets, the target website uses the Southern Data 5.0, the experimental platform using IIS building, how to use IIS to build an ASP website can refer to the blog http://yttitan.blog.51cto.com/70821/1579372.

First login to the site backstage, find the upload point.

650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "title=" image " Border= "0" alt= "image" Src= "http://s3.51cto.com/wyfs02/M00/54/08/wKiom1R11GKwq8gtAABEbfJjBYw029.jpg" height= "98"/ >

Click the Browse button to open the "Select Files" window and choose one of the images you want to upload.

Note that you should not click "Open" to upload a picture, but leave the window temporarily here and continue with the operation below.

650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "title=" image " Border= "0" alt= "image" Src= "http://s3.51cto.com/wyfs02/M01/54/06/wKioL1R11OTDKi8aAAEbyiv7Ado391.jpg" height= "358" />

Open the Grab Kit Wsockexpert (: http://down.51cto.com/data/1904134), click the Open button in the toolbar and select the browser process to grab the package in the select process to Monitor interface. Iexplorer. EXE ", select the" Select File "Action, and then click" Open ":

650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "title=" image " Border= "0" alt= "image" Src= "http://s3.51cto.com/wyfs02/M00/54/08/wKiom1R11GOCRB1qAAEMFlYrfZc252.jpg" height= "389" />

Grab the package tool to start, and then back to continue to upload pictures, this time you can upload pictures of the packet captured.

There will be a lot of bags to catch, choose a package of type "POST", in the window below, the contents of the packet will be displayed and copied into a text file.

650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "title=" image " Border= "0" alt= "image" Src= "http://s3.51cto.com/wyfs02/M02/54/08/wKiom1R11GPQmfBvAAI4AtX5-6A566.jpg" height= "376" />

The following analysis of the captured package, the key is to get the site is responsible for processing the upload file URL and cookie.

The first line of "POST" followed by this page, combined with the following "Referer:" line corresponding to the URL, you can get the upload page url:http://192.168.80.129/upfile_other.asp

650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "title=" image " Border= "0" alt= "image" Src= "http://s3.51cto.com/wyfs02/M00/54/08/wKiom1R11GTyc--8AAEUPB-1n7s662.jpg" height= "194" />

After getting the upload page, open the bright boy and use the "comprehensive upload" feature to upload the Webshell.

Find the upload type that is similar to the upload page we obtained in "comprehensive upload", then copy the value of the cookie and upload it. Once the upload is successful, you will get an. asp file, which is a pony from the Ming boy.

650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "title=" image " Border= "0" alt= "image" Src= "http://s3.51cto.com/wyfs02/M01/54/08/wKiom1R11GTSgHj_AAK-95cdqlw951.jpg" height= "441" />

Access the pony by getting the URL: http://192.168.80.129/UploadFiles/2014112671421146.asp

650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "title=" image " Border= "0" alt= "image" Src= "http://s3.51cto.com/wyfs02/M02/54/08/wKiom1R11GXDmRuDAACbSFsv1wY492.jpg" height= "278" />

Through the pony, we can upload the big horse, copy the contents of the horse to the text box and save it, after the successful save, according to the file path can get the url:http://192.168.80.129/uploadfiles/dama.asp of the big Horse

At this point, we successfully uploaded the Webshell to the website.

650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "title=" image " Border= "0" alt= "image" Src= "http://s3.51cto.com/wyfs02/M00/54/08/wKiom1R11GXA9qeGAAEiLH3LzGI312.jpg" height= "395" />

This article from "a pot of turbid wine" blog, reproduced please contact the author!

Network security 55 upload Webshell with grab bags