Privilege escalation after php injection (1) _ PHP Tutorial

Source: Internet
Author: User
Php elevation after injection (1 ). Method 1: brute-force cracking. The most prominent one is the user name and password. The key is how to break the password? I found a specialized tool for breaking the serv-upassword (serv-upasscrack1.0a.rar) on the Internet, too Method 1: brute-force cracking.

The most prominent one is the user name and password. The key is how to break the password? I found a specialized tool for breaking the serv-upassword (serv-upasscrack1.0a.rar) on the internet. it's too slow. what year and month will this wait! Simply use notepad to open its script crack. vbs. let's take a look at the decryption principle: assume that the original plaintext password is expressed by "password_mingwen", and the ciphertext password is stored in ServUDaemon. the password (34 bits) seen in ini is expressed by "password_miwen". The first two bits of the ciphertext are combined with the plain text, and the MD5 encryption is exactly the last 12th bits of the ciphertext!]

That is: md5 (password_mingwen + left (password_miwen, 2) = right (password_miwen, 32) as the saying goes, "to do good deeds, you must first sharpen the tool". I found two out-of-box tools on the Internet! One is MD5CrackSpV2.3 (speed enhanced version, a very useful MD5 brute-force tool), and the other is dictionary expert. BBSt. we can use it to generate the first two dictionaries that specify letters for us !! MD5CrackSpV2.3 is extremely fast. we can specify the number of open threads. I did a test in the P4, MB memory environment, using dictionary experts. BBSt generates a dictionary containing 0.3 billion records, about GB. it uses MD5CrackSpV2.3 to open 8 threads for 30 minutes in total! One thread runs about 20 thousand records in one second, and eight threads run 0.16 million records in one second !! Based on this, a computer can run about 13.8 billion records in a day! If there are ten P4 joint jobs, the power is infinite! At the same time, I saw a message on the Internet saying that Shandong University has developed the MD5 algorithm! However, no specific program is found. Once the program is born, it is confidential. I am afraid many websites will suffer again !!

Method 2: procedural law.

There are more than a dozen users in the c: ProgramFilesServ-UServUDaemon.ini file, with a user directory: "d: s *** na *** loverphotogallery" attracting me. Immediately add

Sorry. The most prominent one is the user name and password. The key is how to break the password? On the Internet, I found a specialized tool for breaking the serv-upassword (serv-upasscrack1.0a.rar), too...

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.