PHP A word back door through the dog posture of thousands of theoretical chapter

Write in front:

There are a lot of dog-related information online, so in my next article, maybe the opinion or the example may be similar to the online section, or the presentation is not comprehensive enough.

But I can only say that the information I have communicated to you is something that I have mastered or understood at the moment, and that there is no guarantee that everyone will have a harvest, but the personal level is limited, you may feel that the article level is too low, or not too much nutrition. But jump out of the article itself, no matter what kind of technology, re-exchange, sharing and summary.

In addition, I hope that young people do not have too much hostility, more is the need to maintain a modest attitude towards technology, especially the impetuous security sector.

The above is my opening remarks (no way, this is my usual style)

Write the purpose of the PHP backdoor serialization.

Hope that we can postpone the pace of the day station, calm down to think, we do some in addition (sang) Violent (Jin) (Tian) Good (Liang) things, PHP did something, safe dog and huddled behind the door witnessed what.

In fact, I would like to teach the safety of the road, rather than infiltration of the technique.

Refer to the online many kinds of existing PHP back door of the wording, in short thinking of a variety of wonderful and novelty, but the measurement of a good PHP backdoor is not just the code to see how much, how the dog, but a real scene based on a kind of adaptation, so, PHP back door this is an art.

What happened when I connected the back door

So what happened when I double-clicked the connection in the chopper, and how did the security dog find the back door and intercept it?

The PHP backdoor principle is very simple, when we connect, actually we will post data to the PHP file, the content of this data is we need PHP to execute the code, when PHP gets the data and executes, will return a response.

So what is the level at which the WAF can be identified?

In fact, the most WAF gets TCP data, that is, we can get to the data we post, and the data returned by the server, as for the process of executing commands in PHP, what objects are used, what functions have gone, most of the WAF is not known, can only detect the sensitive character of the submission and return, and features Avira.

So even if EAVL () is the most primitive function of PHP how to execute, the WAF is no matter, but in fact you may not have reached that step, the back door is harmonious.

Because before this, the WAF is sure to feature analysis of backdoor files, which is closed, only to the data layer, and finally to the return layer, then the second chapter and the third chapter will be from the backdoor construction and data submission angle to explore the way the dog.

Because of the many WAF software, the protection mechanism is different, my series of articles all take the safe dog as an example.

How the WAF Avira

First, there are many ways to write the backdoor, such as the program itself, the move function, remote inclusion, database export and so on, not in detail here,

In the backdoor write process, the WAF will first make a black-and-white list of file formats, such as PHP files are not allowed to upload.

If upload this step can pass, then next is the content of the uploaded file passive Avira.

And the backdoor features of the Avira generally in the backdoor upload process and access process, WAF will use the relevant regular and code pre-compilation to determine whether it is a dangerous code.

It used to be useful for strings to be superimposed or annotated to avoid string matching, but it's hard to get around in this way alone.

When our code itself can be over the dog, processing post data back door execution is not a problem, and finally the WAF to detect and filter the sensitive information returned.

In addition, WAF may have permission controls on specially uploaded files, such as the inability to execute certain commands, and so on.

In fact, the theory itself does not have much to say, more hope that we have a preliminary understanding of the WAF, do not Blind (Qiang) (Xing) dog, abusing the chopper.

Then the following two articles will be from the back door structure and data transmission chapter to explain the ins and outs of dogs.

In fact, the dog is still very resistant to the amount.

The article turns from the vulnerability of life

PHP A word back door through the dog posture of thousands of theoretical chapter