Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > hacker course > Content
Hot Articles
SmoothWall Introduces Lo
Travel of the JSP+Oracle
Hacker skill: Gains Webs
Breaks through the Inter
MYSQL database injection
The Tomcat backstage tak
Breaks through the Inter
The hacker teaches you a
WinHex pursues the code
How does the hacker dest
How teaches you to take
The SQL injection revise
mssql SA jurisdiction ne
Microsoft SQL Server SA
The bored Css cross stat
Recommend Articles
The SQL injection revise
How does the hacker dest
The new military recruit
Union inquires the small
MYSQL database injection
Invades under new skill
How does the website scr
Smells searches works as
How in does the net seep
Microsoft SQL Server SA
A simple invasion, does
The mainstream raises th
The bored Css cross stat
The random combined comm
The hacker teaches you a
New Articles
Check Point offers compa
The malware spreads Cali
Full Disk Encryption pro
Cardholders should take
U.S. still more spam tha
Strong encryption L?solu
ConvexSoft DJ Audio Mixe
Few companies k?can be i
IT professionals can kee
k the media?can not by s
k the media?can not by s
Google Custom Search Eng
Users of the iPhone and
Gateshead College offers
Manchester obtained pass
Pours into through SQL obtains the WebShell principle and the step
  Add date: 08/22/2008   Publishing date: 08/22/2008   Hits: 50
Total 3 pages, Current page:1, Jump to page:
 
One. Pours into through SQL obtains the WEBSHELL principle: 
N.E.V.E.R method: Obtains WEBSHELL using the database backup. Founds a table, constructs a field in the table to use for to preserve the wooden horse data. Then derives the storehouse document using MSSQL the means to lead the entire data, finally deletes the newly built table again. 
Analysis: N.E.V.E.R has used the MSSQL backup database function. Leads the data, conceives in the database has <%%> and so on ASP sign solid symbol, derives the document, the filename by the .ASP form preservation. Then the document preserves under the WEB way. Then this derives the ASP document must explain in the <%%> sentence? If in the database in some tables has the <%%> sign solid symbol, and in this has the mistake, then we will derive the ASP document which will produce also to contain errors. However, this kind of opportunity is not too big. 
Has a look at CZY again the method. 
CZY method: Front and N.E.V.E.R method basically almost. Was only behind uses to expand memory process - - sp_makewebtask. This expansion memory process's function is: May lead in the MSSQL database in some table record, preserves by the document method. This method will not present any question reason to lie in: We only read in the table in some field value. Derives the field information produces the document. In this field's value was we just added on. One in join the data time, debugs first, does not have the question to join, led certainly does not have the question. 
The above two methods, I have tested manually. Pours into the crack using SQL, constructs the table, adds the data to the table, then the derived data, deletes the table again. Is the use SQL sentence. Here I not said that everybody may look at this issue the article. 
Two. Realizes the function foreword using DELPHI 
The principle has analyzed. How do we realize their manual operation using DELPHI? Actually the method is very simple. DELPHI provided NMHTTP to control. We use this to control to be possible to some specific URL submission parameter. Then realizes our automatic injection function. I must for everybody explanation this procedure, have a characteristic immediately. May also talk into is a flaw. The procedure does not go to guess automatically solves WEB the absolute way. The procedure does not judge current connects the SQL database the current account number jurisdiction. Why do I want such to do? Because obtains this both to pour into with SQL is very difficult to obtain. Therefore, our procedure routing directive will not consider that will be too many. Succeeded you to carry out to have a look at the production not on OK. 
Three. How to obtain WEBSHELL using DELPHI. 
In the procedure uses value. Which does here have a look to have: The URL way, the long-distance WEB absolute way (obtains through other methods, you certainly have means) to use any method to obtain WEBSHELL (are also two methods, which one kind do you choose). We simultaneously request to click on a push button to start the executive command, with clicks on a push button to terminate life now. Finally is the newly built table name, as well as the table field name, is the field type once more. Front we put in the procedure input, choice and so on controlled to be good. Following we suppose an option push button push button to spring the corresponding establishment. Preserves again these corresponding establishments with RECORD.

 
Other pages: : 1 * 2 * 3 * Next>>
Prev:PERL casting multithreading + support Chinese explains SQL to pour into automatically guesses the so Next:Demolition general mentality and break point establishment

Comment:

Category: Home > hacker course
Home