1. Guess Common paths
Common Background path:
Admin
Adminlogin
Admin/admin_login.asp
admin/admin_login.php
Manage
User
System
Most Web sites default to the Admin directory background.
2.robots.txt
Robots is a guideline file that prevents search engines from crawling sensitive directories and files.
admin/
Many administrators in order to prevent the background by the search engine crawl, all will put the background path into the robots.txt
Similar to robots.txt sitemap.xml
3. Scan Tool
If the dictionary has a background path to the target, then it can be swept out (there may be complicated situations, no scanning, etc. but few)
4. Crawling (Awvs burp Suite Full-site crawling tool)
Scanning: Brute force guessing using dictionaries
Crawling:
Visit the homepage of the website:
A There are many links in the interface
Grab all the links to the A interface, change to B C D, etc.
Continue to crawl the B-C-D interface and keep looping. Until the crawl is finished.
5. View Picture Properties
Web Links
Web Links
Why is the background path burst?
When we upload a point behind a background directory, it is likely to cause this situation.
The general editor is placed behind the background directory, basically can be used in this way to find the background.
1. Bring your own upload point
2. Editor upload point upload will cause this situation.
6. Google syntax site: Target station intitle: Background Management login Admin Center Inurl:admin|login|user
site:zlgc.usx.edu.cn
7. Site location Exposure Management Portal
Web Links
Background:
In particular, many administrators of the site, the general school and the majority of administrative units. In order to facilitate login backstage, will leave an entrance to the front desk.
"How to find the backend of a website"