Some tips for getting a shell

Turn from: Some tips for getting a shell

1. Upload asp asa jsp cer PHP aspx format of the Trojan, do not add a space or use IIS6.0 Parsing vulnerability, common format: 1.asp;1.jpg or 1.asp;. JPG or 1.asp;jpg

2. Sometimes upload the image format of the Trojan, incredibly by the program detection interception, right-click Notepad to open the Trojan, in the code at the front of the gif89a, and then back up the database backup into ASP format Trojan to win the shell.

3. Upload the image format Trojan, copy the address to the database backup back to the ASP format trojan, sometimes unsuccessful, the use of IIs6.0 Parsing vulnerability, format: 1.asp; or 1.asp;jpg

4. Upload the picture format Trojan, grab the bag with grab bag tool, catch the message contains the upload path and cookie value, and then use the comprehensive upload function of the Ming Boy upload asp Trojan can win shell.

5. When the background has a database backup, but there is no upload point, a word Trojan plug in any place, and then back to the database backup into the ASP format Trojan, with a knife to connect a Trojan horse can be.

6. When the background of the site configuration, you can add any image format, for example: ASP at this time can upload ASP format trojan, sometimes unsuccessful words, add a: AASPSP can be bypassed.

7. When the page tip "upload format is incorrect [re-upload]", indicating that there is an upload vulnerability, copy the address put into the Ming boy upload, generally can successfully win the shell.

8. When the database backup function is not available, if there is a database recovery, you can use as a database backup, the function and the effect is the same.

9. General PHP background can add directory function, directly set up a directory, name write 1.asp, content script Trojan code, save after access to the address can win shell.

10. Some websites have "member registration", try to register an account to find the upload point, directly upload ASP or resolve the vulnerability, not to catch the package of the Kid upload, and another is to try a word Trojan.

11. When there is a site configuration in the background, insert a variant of the word Trojan: "%><%eval request (" x ")%><%s=" Access path: inc/config.asp

12. When the page hint can only upload jpg|gif|png and other formats, right-click to view the source files, local modification to asp|asa|php and then upload can break down the shell.

13. Login to the background, click Change Password---The new password is set to: 1 ": Eval request (" H ") ' setting succeeds, access to the asp/config.asp file, a word Trojan is written into this file.

14. When using AH D to detect injection points, prompt SA permissions or DB permissions, try to list the directory, and then find the site root directory replication, and then click cmd/Upload, directly upload ASP script Trojan, do not use the differential backup to take the shell.

15. In the press release, the copyright information, the message Management office inserts the database to encrypt the sentence: ┼ disruptively 畣 whole choky Longoza enemy Kozasa ∨≡┩ 愾, Access path inc/config.asp, chopper connection password: A

16. The general background has ewebeditor editor, just find the absolute path login, you can add Asa|aasasa in style management and then click the Preview to upload the script Trojan.

18. Use Firefox to log in to the background, and then open the dual file Upload tool to replace the upload path, then directly drag it into the Firefox browser, the first selection of JPG images, the second choice CER trojan, upload can break!

Some tips for getting a shell