Hacking tricks of talking about network intrusion to improve the method-vulnerability warning-the black bar safety net

2006-12-13T00:00:00
ID MYHACK58:62200613254
Type myhack58
Reporter 佚名
Modified 2006-12-13T00:00:00

Description

Now you want to invade a site directly with the data server, open some ports, with those overflowing way to engage in the web server Station, presumably unlikely, if now also can use 1 4 3 3 can easily handle a server, then you will be able to buy lottery tickets went to the Oh.

Now the administrators of security awareness is also more and more high, the system inside hit on the to hit patch no problem. That with overflow the tool how also can't handle, and now the popular online is injected and upload also the next note. Anything else is too advanced technology, the coupling may not be, so it is to my understanding and learning process for everyone.

The following talk about the invasion of the increase:

The beginning perhaps what also do not understand, you can use the tool to inject, but can not always use these tools to inject, that will only make our level of stagnation. When we are familiar with these tools, try by hand to find a site of the injection points. Some injection point of the tool is not found, a lot of by hand injection. Some stuff is a tool can not be replaced, usually when you don't have to do some bit of sense are not of the invasion, to try to improve their level. The tool will be used, if not a database language to learn, like access, mysql, etc., you will understand that the tool of the injection when submitted to the parameters of what is meant.

Like and 1=1 and 1=2

Detecting table section and exists(select *from []......

Detection field and exists(select[admin]from[admin])...... Like, if you don't learn and understand these, then you never might not be hand-injected, not to mention raise their level.

Then you can try to learn web languages like html, asp, jsp, etc., the learned injection Time tool for detection does not come out by hand there will be unexpected results. By which in you get the webshell and not to mention the right time, if you will asp language, you see the page source code you will get your desired stuff. As to give it the database path, etc., so that the faster you provide the right.

There is no ready-made book to learn these things, the online much to learn in baidu and google inside to learn, to learn the use of network resources. There is for the injection site, to learn to find a way, a no, you should learn from the many ways to consider, so our levels can slowly increase. In addition the injection is successful, some people will habitually go to find back the password to enter the backend after the upload the horse, get webshell to mention rights. Coupling it is recommended to first look at is not sa permission, if Yes, then we can try to not perform some of the system commands, such as adding the administrator account to open the telnet service, etc., and see if it's open 3 3 8 9 port, so you can make us walk less some unnecessary road.