In the first few magazines of NOhack, many cows and cattle have written some tips on their own invasion process, which makes people feel hooked! This time, I also wrote some of the things I used during the invasion. Tips for getting it, I hope everyone likes it!
1. Determine the system used by the server
For example, our destination URL is "http://www.00day.cn/forum/index.php" We change the address to http://www.00day.cn/forum/index.PHP and then browse to see if there is a page. If it exists, the system used by the server is windows. If the display does not exist, the server is very It is possible to use the *nix system.
2. Ewebeditor take the new skills of the station
Ewebeditor everyone should be familiar with it? First login with the default password admin888, if you can not download the default database '/db/ewebeditor.mdb", if the default database is also changed, then we should give up? Here to tell everyone my experience! Is to use the password admin999 login, Or type "/db/ewebeditor1013.mdb" to download to the database. This method has a probability of %80 to get the target!
3. Social worker tips
In the invasion If the target website has a forum, we can try social workers. For example, if the website is "www.00day.cn" and the administrator name is admin, then we can try to log in with the passwords "00day" and "00day.cn". This method is best used when invading large company websites!
4. Thinking development when invading
Sometimes we get the administrator password of the target website, but we can't find it. In the background, you can try to log in with FTP. For example, the target website is "www.00day.cn". The password is "bishi", we can try "00day" "00day.cn" www.00day. Cn as an FTP user Use "bishi": as an FTP password to log in, the chance of success can be very large!
5. Get the administrator name when invading
Sometimes in the invasion similar to the press release When the website of the website was injected, the administrator password was obtained, but the name of the administrator could not be obtained. There is no forum on the website. What should I do at this time? We can open a news casually and carefully look for something like " The words "submitter" "publisher", generally "submitter" is the name of the administrator.
6. Looking for the administrator background
Sometimes we get the administrator Account and password, but I can't find the background. At this time, we can right click on the image on the website to view its properties. Sometimes it can find the background!
7 . The web absolute path
As we all know, when invading the website of asp.net, we first add a "~" in front of the aspx file to try to break the absolute path of the web, but can not invade the website set up with ASP+IIS Use it? The answer is yes However, there are certain skills. If the homepage of the target website is www.00dat.cn/index.asp, we can try to submit such a website www.00day.cn/fkbhvv.aspx, where fkbhvv.aspx does not exist! The success rate of the method is about 60%. Carrefour's official station has this vulnerability.
8. The role of stm files in the invasion
When the website does not allow uploading asp.. cer. When you use .cdx . htr and other files, upload a stm file with the code "" (what file name you want to see when you want to view it, here I assume that the file you want to view is named "conn.asp"), and then open the stm directly. The address of the file, and then look at the source code, the code of the "conn.asp" file is exhaustive!
9. Injecting Tips
Finding a website may have an address for the injection vulnerability Time (assuming the address is www.00day.cn/news.asp? Id=6), we usually first submit a single quote "'" to test whether there is an injection vulnerability, but there are still a lot of common anti-injection programs on the Internet, so it is very likely that the "XX general anti-injection program has stopped you from trying Investigate!! Inject this kind of message box. At this time, in addition to the COOKIES injection, we can also encode the variables (such as "www.00day.cn/news.asp?id=6" programming" www.00day.cn/news.asp%69%64= 6") to carry out the injection, if you can not, you can convert the case (such as "id" into "ID"), or convert the case and then code to do the injection, etc. In short, I would like some way to blame the variable, many The general anti-injection program has the drawback that this write is bypassed!
Since the birth of the liquid crystal display, with its thin and beautiful, health and energy saving
According to foreign media reports, Microsoft recently warned that there is a critical security vuln
In the process of editing documents with Word2010, we often need to add numbers to some paragraphs,
Flash screen generally refers to the display problem on the computer monitor. During the running of
Three steps to easily remove the npf.sys virus from your computer
Inventory: Several ways to turn off xp automatic updates
WinXP common system service introduction (1)
Windows XP system memory read and write errors how to avoid
Windows XP SP3 can be upgraded to WinFLP and WEPOS
Xp really shows the prevention system blue screen policy
WinXP: Alternative Usage of Favorites
XP installation FAQ (Report A: \\GHOSTERR.TXT error and other 10 questions)
Solve the annoying IE fake death four tricks
Windows XP tips for using my document transfer method
The method of uninstalling IE8 browser in Windows XP system is big
Assassin's Creed 2 full story analysis Assassin's Creed 2 story Raiders share
AMD CEO revealed that Microsoft will officially release Windows10 at the end of July
How to change the drive letter in the PE system?
How to deal with winXP stop update
What should I do if Win7 is automatically closed when I enter the League of Legends?
How does Win7 unify the way audio and video files are opened
Win7/win8 system how to view WIFI password
Clever use of Win7 mission plan to build your own system
How to turn system protection on and off in Windows 8
Introduction to Windows Defender Win8 comes with protective armor