原创力文档- 8
- 0
- 约1.06万字
- 约 13页
- 2017-08-03 发布于河南
- 举报
提升权限获取服务器管理权限(Raise permissions to obtain server management privileges)
One: technical summary
With the rapid development of Internet, many kinds of websites have been springing up
Sex and diversity are the absolute advantages.
As the ASP system is widely used on the Internet, scripting attacks against ASP systems have been booming recently. In these attacks,
The attacker is using injection, cookies, Mancang marginalia, deception to obtain administrator privileges,
Through the direct upload or backup backup and other intrusion methods
Get web
The hidden content of this post
Webshell then controls the entire station
spot
Next, obtain the server administrative privileges by raising the permissions of the webshell.
What is webshell? Webshell is written in a corresponding scripting language, with online editing, deleting, adding new files, and executing
Programs and SQL statements and other functions of the script file, with arbitrary changes to the target home page, delete files and other permissions
Such as the famous veterans and ocean top, is such a ASP script file, we commonly known as Malaysia and pony
Two: the main means of invasion
1. upload vulnerability
A: as the typical mobile Internet transmission vulnerability, we directly access the upload page.
Two: enter the website background, upload script Trojan directly, get webshell.
Because some of the site system is very trusted to the administrator. After entering the background, as long as you find the upload site, you can upload scripts Trojan horse
Three: add upload type
If the system code is limited and is not allowed to upload ASP files, then we can add files that allow ASACER to be uploaded, and then script Trojan
The suffix corresponding to the modified ASACER.webshell can be used as well.
Four: restore the ASP suffix by backing up the backup function
If you cannot upload ASP.ASA.CER and other suffix files. We modify the script Trojan, the postfix name ASP, the JPG or the GIF picture suffix
After uploading
您可能关注的文档
- 想要成为编程大牛 必看的c++书籍(Want to become programming Daniel must see c++ books).doc
- 想在郑州混,不知道这些是不行的(Want to mix in Zhengzhou, do not know these are not good).doc
- 想迅速提升自信,这44条秘诀你一定要记住(If you want to boost your confidence quickly, you have to remember these 44 Secrets).doc
- 小白兔是世界上笑话最多的禽兽(吐血整理)(The white rabbit is the most funny animal in the world).doc
- 小百科之舞蹈(Little encyclopedia dance).doc
- 小百科之舞蹈文库(Little Encyclopedia of dance Library).doc
- 小白兔是世界上笑话最多的动物(The white rabbit is the most funny animal in the world).doc
- 小白人人网经典回复(White everyone network classic reply).doc
- 小班下学期保教工作计划(Work plan next semester teaching in small classes).doc
- 小班环保主题活动我们的朋友(Small class environmental theme activities our friends).doc
- 2025-2026学年天津市和平区高三(上)期末数学试卷(含解析).pdf
- 2025-2026学年云南省楚雄州高三(上)期末数学试卷(含答案).pdf
- 2025-2026学年甘肃省天水市张家川实验中学高三(上)期末数学试卷(含答案).docx
- 2025-2026学年福建省厦门市松柏中学高二(上)期末数学试卷(含答案).docx
- 2025-2026学年广西钦州市高一(上)期末物理试卷(含答案).docx
- 2025-2026学年河北省邯郸市临漳县九年级(上)期末化学试卷(含答案).docx
- 2025-2026学年河北省石家庄二十三中七年级(上)期末历史试卷(含答案).docx
- 2025-2026学年海南省五指山市九年级(上)期末化学试卷(含答案).docx
- 2025-2026学年河北省唐山市玉田县九年级(上)期末化学试卷(含答案).docx
- 2025-2026学年河北省邢台市市区九年级(上)期末化学试卷(含答案).docx
文档评论(0)