Successful takes Webshell through several times, discovered that sometimes oneself also took some tortuous paths, to avoid other friends losing the direction again in the confusion, now I write my some experiences, hoped that to some wants to study the friend who takes Webshell to have certain help. 
¡¡¡¡First we must determine we must examine the website, may be some website which settle, may also be obtains through Google or the Baidu search, meets the ASP such dynamic website invasion success ratio is best. Was unclear related in detail, this step was the selected target website.

¡¡¡¡Then we start to the website to carry on the examination. Careful has a look at this website the ultra link rear part to have visible like " ID=XXX (XXX has not represented digit) “the character; If any, we may carry on the following basic examination to it: Opens this link, adds on “and 1=2” in address fence ID=XXX behind (not to add quotation mark), after click submission, turns on a new page, in this page, if the demonstration is not normal, or demonstrated that any mistake, showed the existence poured into the crack! We might attempt to it carry on pour into!

¡¡¡¡Pays attention under here us, generally has 2 kind of database types: ACCESS, MSSQL2 plant the database. We first a Xiaguan in ACCESS database Xie Po.

¡¡¡¡May use the tool in here us to guess that the database content (may also guess manually, but too tedious), here we use in the bright boy tool “SQL to pour into guess the solution”. Fills in we examined manually a moment ago pour into the spot, after the click examination, the procedure to start to examine whether to exist pours into the spot, started us already manually to examine, therefore definitely was the existence. Then may click “guessed that Xie Biaoming”, for guesses correctly the database table name

¡¡¡¡Came, to have the procedure, we will carry on these operations to be able to be very simple; Very quick will guess correctly all table, then designated that we must guess the solution table, with the procedure guessed Xie Gai will show the row name, then may guess the solution record again the content. Generally the measure improper website will be guessed correctly the user famous password; Then we use procedure bringing the function to guess the solution backstage address, after guessing correctly, with the user famous password which obtains carries on the debarkation; Generally the measure bad website even may ' or'='or'jinxing land directly with the multi-purpose user famous passwords.

¡¡¡¡After landing successfully, we enter the backstage, enters the backstage is all invasion basic condition. Starts our invasion officially.

¡¡¡¡First looked has the database backup function, if has, how we do have a look to obtain Webshell.

¡¡¡¡1st, uses a few words wooden horse. Through each method, reads in these words the database, reads in these words the database to turn through the backup the suffix is the .asp document again, after certainly must pay attention to the backup the file address, then carries on the visit, what if demonstrated is the additive device, then congratulated you, basically succeeded! In local carries on the connection again with a a few words wooden horse's client side, the connection presents additive device's that page address, after succeeding, you may see familiar WebShell!