提升权限获取服务器管理权限(国外英文资料).doc

提升权限获取服务器管理权限(国外英文资料) One: technical summary With the rapid development of the Internet, all kinds of big and small websites have sprung up, and in these big websites, the dynamic website is in fact Sex and diversity dominate the world. As the ASP system is widely used on the Internet, scripting attacks against ASP systems have recently been a red fire. In these attacks, Attackers gain access to administrators by means of injection, mob, side note, and cookies. Through direct uploading or backstage backup, etc Get a website This post hides the content Webshell then controls the entire station point The server administration authority is then acquired through the webshell promotion authority. What is a webshell? Webshell is a scripting language that can be edited, deleted, added files, and executed Script files, such as program and SQL statements, have the ability to change the target page, delete files, and so on. This is an ASP script file, such as the famous veteran and the top of the ocean. Second: the main means of intrusion Upload a bug One: we will visit the upload page directly if the typical network upload vulnerability. Two: get into the background of the website and upload the script Trojan, get webshell. Because some website systems trust the administrator, you can upload the script as soon as you get to the background. Third: add upload types. If the system code limits the upload of ASP files, then we can add the files that are allowed to upload ASACER and then the script Trojan The suffix name is changed to ASACER. Webshell can be used as well. Fourth: restore the ASP suffix name through the background backup function If you cant upload a suffix name file such as ASP. We modify the script Trojan suffix name ASP for JPG or GIF image suffix name After uploading successfully, restore the file ASP suffix by backstage backup database function. Five: grab bag upload Grab the actual address and the administrator authentication data COOKIES. Then upload the sc