iGuard simple break-vulnerability warning-the black bar safety net

2009-03-29T00:00:00
ID MYHACK58:62200922700
Type myhack58
Reporter 佚名
Modified 2009-03-29T00:00:00

Description

Source:Prince InfoGuard,called iGuard,commonly known as the page file to prevent tampering,yesterday night was the stuff of the head,a good study,found a solution,record it.

First give a This something to the effect of,just lost a webshell in,not killed,on the server is there,but the access time becomes out of this tire stupid look:

! 2 0 0 9 0 3 2 7 0 8 0 9 3 8 6 0 8 7

Isn't it a little depressing...but it doesn't matter. We can find InfoGuard directory,I here is C:\Tercel\iGuard\SyncServer\ Here are a a. conf File Open he look at the

! 2 0 0 9 0 3 2 7 0 8 1 1 1 5 4 0 3 4

Vaguely be able to catch something,but also not very clear. After some effort,finally put this configuration file parameters ever understand.

[System] SignDB=C:\Tercel\iGuard\SyncServer\signdb\iguard. db vid=BV8CcwNN6iH3dEAw [dirs] D:\Inetpub\gameto

Wherein the meanings are as follows:

SignDB: watermark library directory; vid: watermark library initialization vector, with the publisher ID file iguard. dat first row remains the same; [dirs]: need to scan a watermark to the files and directories, with each directory/file a line of the way filled in.

This should be clear. We put inside the dirs part into our webshell where the path,but this is not yet finished. iGuard after installation,连同 这个 配制 文件 一起 的 还有 个 wmktool.exe this app is used to file watermark,is to determine he is not to be modified,of course we Upload a new file without the watermark,so it will of course be unable to use. 在 a.conf 同一 目录 下 找到 这个 wmktool.exe,and performs his

! 2 0 0 9 0 3 2 7 0 8 1 2 0 0 6 1 1 2

You can see the files have been processed. Then open we shell see

! 2 0 0 9 0 3 2 7 0 8 1 2 2 7 0 5 8 8

Is it ok