Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > invades the examination > Content
Hot Articles
ForensicSIM Toolkit gets
Serv-U bounce attack and
To the Image File Execut
How to use double WAN ro
Based on CallStack count
To a some music website
Security precious book m
pcshare official net exa
Honey jar and honey net
The invasion examination
Tomcat invasion examinat
Bypasses the CallStack f
pcshare official net exa
Thieves make a mint from
Only opens 80 port's saf
Recommend Articles
Only opens 80 port's saf
Bypasses the web key wor
Bypasses the CallStack f
Security precious book m
Based on CallStack count
pcshare official net exa
SQL Server SA idle talk
Honey jar and honey net
The invasion examines th
Four next generation inv
An accidental invasion e
The invasion examines (I
How to use IDS to invade
The invasion examination
A winding safe examinati
New Articles
The pirates loot the ban
The need to distinguish
Third in the Middle East
Aces erm?created the pos
Encryption and access co
Preparation for Police a
Tavcom becomes BTEC Trai
The fundamentals of sele
SITO embraces electronic
JSIC Security Forum 2001
GEE's guide to risk mana
Training courses for hea
Thieves make a mint from
Selectamark showcases la
SITO launches new superv
To a some music website safe examination (chart)
  Add date: 01/15/2009   Publishing date: 01/15/2009   Hits: 19
First, gains the Webshell information
1. uses Google to carry on the key words search once more
Turns on the Google search page directly, inputs the key words “Copyright (C) 2008 Bin - > WwW.RoOTkIt.NeT.Cn”, then the one-shot “the Google search”, as shown in Figure 1, presents two search results.

Figure 1
2. increases the characteristic key word scope to carry on the search
Increases some key words in the Google search frame, for example “Password:. Copyright (C) 2008 Bin - > WwW.RoOTkIt.NeT.Cn”, as shown in Figure 2, the result which came out many many, altogether some 7 search record.

Figure 2
3. gain accident's Webshell management password
In intruder's Webshell, manages the password is similar to the room the key, so long as has it also to be possible to enter the room, in Figure 2 examined that in the real website address by the aspx ending's address, then carries on the examination, as shown in Figure 3, opens “http://www.carraigdonn.com/uploadedpics/unpublic.aspx” directly, gains this webshell encryption value “9e94b15ed312fa42232fd87a55db0d39”.

Figure 3 after this encryption value has one in passing “//PASS:007”, may extrapolate that this Webshell the password is 007, but to gain this Webshell password truly, arrives at the cmd5.com website to carry on the confirmation, “9e94b15ed312fa42232fd87a55db0d39” in the value input decipher frame, the one-shot “the md5 encryption or the decipher” will gain its password will be “007”, as shown in Figure 4, ha-ha, a good password!

In front of what Figure 4 is to a previous article review, the friend be possible to attempt, the present all Webshell essential characteristic will carry on the collection and the reorganization, can certainly have the harvest through this method!
Second, of information acquisition safe examination
Returns to this article the subject to come up, through front some methods, already knew that also after some website invaded, has been remained asp.net back door Webshell, because did not have this Webshell password, therefore needed to gain through other ways. 1. whether there is inquires under this domain name main engine other domain name main engine to open the ip866.com website, as shown in Figure 5, inputs website address www in the input frame. **** .com, then the one-shot “here instead looks up completely the related domain name”, gains under this domain name main engine's all binding domain name, I look approximately has more than 40.

Figure 5
2. gains the IP address as well as the port open situation
Distinction use “ping www. ******** .com” as well as “sfind - p 219.133. ***. ***” information and so on order gain port information, as shown in Figure 6, the ping order did not have the reflection, the main engine opened 80,21 as well as 1433 ports.

Figure 6

Prev:Sharp rise in cosmetic company's stock price following pump and dump spam stock campaign Next:ˇ°classicalˇ± invasion examination--Finds out the hacker

Comment:

Category: Home > invades the examination
Home