-
In fact, the blasting server is very simple and must learn. 3389 is a remote desktop port. In order to manage the server more easily and update the resources on the server, many people often open the 3389 port. Use the nastat an command to check the opening of the port. For an account, if the account password is too weak, it is easy to be blown up. Generally, the default account is Administrator or admin. For a password that is too simple, it can be found in the 3389 password dictionary. Next, we will explain how to blow up the 3389 server to get the full experience of a server read the whole passage
-
1. Use coding techniques to bypass For example, URLEncode code, ASCII encoding bypass. For example, or 1=1, i.e.% 6f% 72% 20% 31% 3d% 31, and Test can also be CHAR (101)+CHAR (97)+CHAR (115)+CHAR (116). 2. Bypass by space For example, two spaces instead of one space, tab instead of space, or delete all spaces, such as or swords =‘swords, Because of the looseness of mssql, we can remove the space between or words without affecting the operation. 3. Use string judgment instead Judge with the classic or 1=1 read the whole passage
-
The stations built by this system are all large government stations and websites of universities such as Tsinghua University and Peking University cms\web\downloadFiles.jsp Analyzed the following source code String file = request.getParameter("file"); //file = file.replace("/","\\"); String filename = file.substring(file.lastIndexOf("/")+1); String extname = filename.substring(filename.lastInd... read the whole passage
-
First of all, I am not a social worker. I just want to talk about my personal opinion. I can only provide you with a few ideas. Welcome to add. Here I call our social worker A. First Search his QQ number online first, and you will generally get a series of BBS such as Baidu Post Bar and Baidu Know. The most useful one is Baidu Post Bar, which contains a lot of information, such as school, class, age, birthday, trumpet, etc. Among them, the trumpet is the most valuable. Ordinary people dare not send their privacy to the large size. Example: One day when surfing the Internet read the whole passage
-
Cd Change the current directory Copy Copy files Deltree Delete directory tree Diskcopy Format Format the disk Mem View Memory Status Rd Delete directory Sys makes dos system disk del ... read the whole passage
-
AddSlashes: String with slash. Bin2hex: binary to hexadecimal. Chop: Remove consecutive blanks. Chr: The character that returns the ordinal value. Chunk_split: divide the string into small segments. Convert_cyr_string: convert an ancient Slavic string to another string. Crypt: Encrypt the string with DES encoding. Echo: Output string. Explore: Cut the string. Flush: Clears the output buffer. Get_meta_tags: Extract the data of all meta tags in the file. htmlspecialcha... read the whole passage
-
1、 Mode There are many ways to use the exchequer. I know more than three ways. The common methods of violence are:% 5c type violence, Conn.asp, DDOS, etc 2、 Principle "% 5c" exchequer method is not a vulnerability of the web page itself, but a feature of IIS decoding method. If IIS security settings are not comprehensive, Web designers will be exploited if they do not consider IIS errors. Why use "% 5c"? It is actually the hexadecimal code of "", which is another representation of "". In the computer, they are a thing read the whole passage
-
First of all, declare that: 1. The scope of intrusion only includes the LAN. If you are in a school, you can invade the entire campus network; 2. The only machine that can intrude is the weak password (the user name is administrator, etc., and the password is empty), or the machine that knows the account password and has opened port 139 but has not opened the firewall. Intrusion tools: Generally, three are used: NTscan abnormal scanner, Recton – D special edition of He Mian Kill, DameWare Mini Chinese 4.5 (The first two tools, antivirus software, will report viruses. It is recommended that the real-time antivirus software be temporarily turned off and this read the whole passage