Privilege escalation after php injection (1) _ PHP Tutorial

Php elevation after injection (1 ). Method 1: brute-force cracking. The most prominent one is the user name and password. The key is how to break the password? I found a specialized tool for breaking the serv-upassword (serv-upasscrack1.0a.rar) on the Internet, too Method 1: brute-force cracking.

The most prominent one is the user name and password. The key is how to break the password? I found a specialized tool for breaking the serv-upassword (serv-upasscrack1.0a.rar) on the internet. it's too slow. what year and month will this wait! Simply use notepad to open its script crack. vbs. let's take a look at the decryption principle: assume that the original plaintext password is expressed by "password_mingwen", and the ciphertext password is stored in ServUDaemon. the password (34 bits) seen in ini is expressed by "password_miwen". The first two bits of the ciphertext are combined with the plain text, and the MD5 encryption is exactly the last 12th bits of the ciphertext!]

That is: md5 (password_mingwen + left (password_miwen, 2) = right (password_miwen, 32) as the saying goes, "to do good deeds, you must first sharpen the tool". I found two out-of-box tools on the Internet! One is MD5CrackSpV2.3 (speed enhanced version, a very useful MD5 brute-force tool), and the other is dictionary expert. BBSt. we can use it to generate the first two dictionaries that specify letters for us !! MD5CrackSpV2.3 is extremely fast. we can specify the number of open threads. I did a test in the P4, MB memory environment, using dictionary experts. BBSt generates a dictionary containing 0.3 billion records, about GB. it uses MD5CrackSpV2.3 to open 8 threads for 30 minutes in total! One thread runs about 20 thousand records in one second, and eight threads run 0.16 million records in one second !! Based on this, a computer can run about 13.8 billion records in a day! If there are ten P4 joint jobs, the power is infinite! At the same time, I saw a message on the Internet saying that Shandong University has developed the MD5 algorithm! However, no specific program is found. Once the program is born, it is confidential. I am afraid many websites will suffer again !!

Method 2: procedural law.

There are more than a dozen users in the c: ProgramFilesServ-UServUDaemon.ini file, with a user directory: "d: s *** na *** loverphotogallery" attracting me. Immediately add

Sorry. The most prominent one is the user name and password. The key is how to break the password? On the Internet, I found a specialized tool for breaking the serv-upassword (serv-upasscrack1.0a.rar), too...