"How to find the backend of a website"

1. Guess Common paths

Common Background path:

Admin

Adminlogin

Admin/admin_login.asp

admin/admin_login.php

Manage

User

System

Most Web sites default to the Admin directory background.

2.robots.txt

Robots is a guideline file that prevents search engines from crawling sensitive directories and files.

admin/

Many administrators in order to prevent the background by the search engine crawl, all will put the background path into the robots.txt

Similar to robots.txt sitemap.xml

3. Scan Tool

If the dictionary has a background path to the target, then it can be swept out (there may be complicated situations, no scanning, etc. but few)

4. Crawling (Awvs burp Suite Full-site crawling tool)

Scanning: Brute force guessing using dictionaries

Crawling:

Visit the homepage of the website:

A There are many links in the interface

Grab all the links to the A interface, change to B C D, etc.

Continue to crawl the B-C-D interface and keep looping. Until the crawl is finished.

5. View Picture Properties

Web Links

Web Links

Why is the background path burst?

When we upload a point behind a background directory, it is likely to cause this situation.

The general editor is placed behind the background directory, basically can be used in this way to find the background.

1. Bring your own upload point

2. Editor upload point upload will cause this situation.

6. Google syntax site: Target station intitle: Background Management login Admin Center Inurl:admin|login|user

site:zlgc.usx.edu.cn

7. Site location Exposure Management Portal

Web Links

Background:

In particular, many administrators of the site, the general school and the majority of administrative units. In order to facilitate login backstage, will leave an entrance to the front desk.

"How to find the backend of a website"