On the Ideas and Conditions of Website Sidenote Intrusion

twenty-three thousand four hundred and thirty-two

What is a marginal note As the name implies, it means side injection, that is, using a virtual site on the host for penetration.
Get an important joint we want webshell After that,
Then use the open program of the host and some non security settings for cross site intrusion methods.

The process of margining:
1. Use the tool or website WHOIS to obtain the domain name registration information of the website and determine whether the host is a virtual host,
Because it can be injected from the side.

2. Look at all website programs on the server, understand and be familiar with the writing of each program and the function of the program (you can go to the source code station all day to see the source code,
In this way, you will know how to separate procedures.)

3. Use all popular vulnerabilities to get webshell

4. Check the system services opened by the host (this method is to get the path of the target website we want)
For example, the user profile of Serv-u (not used to elevate permissions), the user profile of IIS (which will disclose a large number of user paths)
LOG of antivirus software

5. Intrusion without touching the Admin permission of the website server (to avoid unnecessary trouble)

6. It is recommended to use more than two ASP trojans (ASP webmaster assistant/hacker trojans)

Sidenote ideas!

For example, if you want to invade website A, you can't find the loophole on website A! You can choose website B and website C under the same server as website A.
upload loophole Either SQL injection or SQL injection, get webshell After upgrading permissions, find the directory of website A on the server...
What conditions and problems should we pay attention to? I saw a good post on Blackbase today, which provides a detailed idea on the technology of margin notes! The author is HaK_BAN!
It's worth seeing! This article is very complete in the technical ideas of margin notes, but due to the length of the article (the author may be lazy), the content is not detailed!
As a supplement and expansion of our ideas, it is very good!!!!
Sidenote is an idea that takes into account the administrator's settings and the functional defects of the program, rather than a simple route intrusion method,
Don't read articles all day to invade according to the path. It's useless, just in vain.

Original article reprint please specify: reprint from Seven Travelers Blog

Fixed link of this article: https://www.qxzxp.com/4716.html

QQ Zone WeChat Tencent Weibo Sina Weibo My Sohu Renren Tianya Community Baidu Post Bar more

Previous Use WiFi fishing method to chase beautiful neighbor girls
Next Into Science: How I "blacked out" star hotels

Shallow talk about the website marginal note invasion idea and the required conditions: waiting for you to sit on the sofa!

Comment

Blog Search

Blog Calendar

June 2024
one	two	three	four	five	six	day
	one	two
three	four	five	six	seven	eight	nine
ten	eleven	twelve	thirteen	fourteen	fifteen	sixteen
seventeen	eighteen	nineteen	twenty	twenty-one	twenty-two	twenty-three
twenty-four	twenty-five	twenty-six	twenty-seven	twenty-eight	twenty-nine	thirty

Blog Directory

Computer maintenance (22)
- Other technologies (8)
- Desktop maintenance (5)
- Display maintenance (3)
- computer software (3)
- Notebook maintenance (4)
Website operation (65)
- Seo optimization (45)
- News (3)
- Online entrepreneurship (8)
- Website construction (10)
- Website promotion (7)
network security (89)
- Intrusion detection (6)
- Safety knowledge (27)
- Latest information (21)
- Vulnerability announcement (35)
- Virus warning (8)
Tencent QQ (81)
- QQ personal signature (10)
- QQ personality net name (18)
- QQ avatar (45)
- QQ technology (6)
- QQ Zone (4)
Hacker attack and defense (486)
- Industry News (178)
- Social worker related (27)
- Rookie Entry (119)
- Hacker Tools (105)
- Hacker technology (139)