Shulou(Shulou.com)06/01 Report--

In the process of Web***, the most troublesome part is to upload WebShell, which has been introduced before using database backup to upload, which is also one of the simplest and oldest methods. This article will introduce another method to upload WebShell using grab package. The target website uses Southern data 5.0. the experimental platform is built by IIS. How to use IIS to build ASP website can refer to the blog http://yttitan.blog.51cto.com/70821/1579372.

First of all, log in to the background of the website and find the upload point.

Click the browse button, open the "Select File" window, and randomly select a picture to upload.

Note that instead of clicking "Open" to upload the picture here, leave the window here for the time being and continue with the following operation.

Open the package grab tool WsockExpert (download address: http://down.51cto.com/data/1904134), click the open button in the toolbar, select the browser process "IEXPLORER.EXE" in the "Select Process To Monitor" interface, select the "Select File" operation, and then click "open":

After the packet grabbing tool starts, go back to upload the picture, and then you can capture the packet of the uploaded picture.

There will be many packages caught. Choose a package of type "POST". The contents of the packet will be displayed in the window below and copied to a text file.

Let's take a look at the captured packages, the key of which is to get the URL and cookie pages in the site that are responsible for handling uploaded files.

This page is followed by the first line "POST". Combined with the URL corresponding to the "Referer:" line below, you can get the URL: http://192.168.80.129/upfile_Other.asp of the uploaded page.

After getting the upload page, open the Ming boy and use the "comprehensive upload" function to upload webshell.

Find the upload type similar to the upload page we got in "Comprehensive upload", then copy the cookie value, and then upload it. After uploading successfully, you will get a .asp file, which is a pony brought by Ming Boy.

Access the pony through the acquired URL: http://192.168.80.129/UploadFiles/2014112671421146.asp

Through the pony, we can upload the horse, copy the content of the horse into the text box and save it. After saving successfully, we can get the URL: http://192.168.80.129/UploadFiles/dama.asp of the horse according to the file path.

At this point, webshell has been successfully uploaded to the website.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.