Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > invades the examination > Content
Hot Articles
ForensicSIM Toolkit gets
Serv-U bounce attack and
To the Image File Execut
Based on CallStack count
To a some music website
How to use double WAN ro
pcshare official net exa
Security precious book m
Honey jar and honey net
The invasion examination
pcshare official net exa
Tomcat invasion examinat
Bypasses the CallStack f
Ten big invasion examina
The network invasion exa
Recommend Articles
Only opens 80 port's saf
Bypasses the web key wor
Bypasses the CallStack f
Security precious book m
Based on CallStack count
pcshare official net exa
SQL Server SA idle talk
Honey jar and honey net
The invasion examines th
Four next generation inv
An accidental invasion e
The invasion examines (I
How to use IDS to invade
The invasion examination
A winding safe examinati
New Articles
TEA guidelines for risk
Training for medical per
JSIC Security Forum 2001
SITO includes E-Learning
The rationale for choosi
Drink and drug driving c
BTEC is Tavcom Training
International trade issu
1 in 5 companies is unli
New compact PD-350 for F
sharp rise in prices of
Passfaces strong authent
T3i teams with Passfaces
Comodo Two Factor Authen
Comfortable two-factor a
An accidental invasion examination
  Add date: 07/14/2008   Publishing date: 07/14/2008   Hits: 35
Total 3 pages, Current page:1, Jump to page:
 
Couple of days ago in the group had a stationmaster the friend, said that lets me help him to examine the website whether to have the security crack, because of website's matter, has not towed the body. Today the friend also mentions, ha-ha, Lima takes up the fellow to start to work.
     The website system has not seen has looked like is not specially familiar, should not be the quite popular system, the procedure is ASP writes, certainly bore the brunt has poured into, added `behind the parameter, the forbidden character, has been filtered, looked like the source code exploiter already to consider this point, generally speaking, presented such prompt, basically should not have pours into the crack, because against poured into the code is writes in the database linked file, therefore any page will not exist pours into.
     Therefore, puts out the tool bright boy (domain3.5), walked several pages, similarly has not poured into the crack, in anticipates, then examines the following default the upload, does not have unexpectedly, not changed the way is this set of systems is too simple, ha-ha, but simple should also have the upload. Does not manage, looks for the backstage. Adds on login.asp behind the website address not to have, admin_login.asp
Passes to the backstage (e.g. Figure 1)

                                  Figure 1
       I am the comparison like manual guessing that solution backstages and the default database or the account number password, according to the experience, are quite quick, if really could not guess correctly, is using the tool. Guessed that has solved several admin, admin is not, has a look at the onstage issue information the manager name, is not. Guessed the database table of contents DATA existence, Data.mdb does not exist, database.mdb did not exist, changes into ASP to be unable to find the homepage similarly. Saw suddenly the backstage most left side has a picture, looked under the picture address completely specially, therefore arrived at BAIDU to search for, a search result, what outside will be will have this kind of condition unexpectedly (e.g. Figure 2),

Figure 2
Has almost fainted, entire website structure clear however. Therefore, I have found under DATA database DOWN down, has broken MD5, has attained manager's account number. Found the backstage to land, after going, dizzied pulls, every we must use, he has everything expected to find, any upload, backup, (e.g. Figure 3)


                                 Figure 3
The wooden horse change is the picture format, then the backup becomes ASP, like this obtained webshell.

 Figure 4
This manager specially practices acquiring a skill this station to us, studies the hacker technology to be such long, has not seen such smooth webshell, from invasion to conclusion not to 2 minutes, if ascends the sky gives me one to come time again opportunity, as soon as I decided to manager eldest brother said that the sound “also had?”Ha-ha, cracks a joke.

 
Other pages: : 1 * 2 * 3 * Next>>
Prev:Four next generation invasions examine the (IDS) key technologies analysis Next:The invasion examines (IDS) should with operating system binding

Comment:

Category: Home > invades the examination
Home