Shulou(Shulou.com)05/31 Report--

This article is about how to defend script Trojans in web security. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

The making principle of script Trojan Horse

Webshell is a web backdoor (web backdoor)

Webshell production principle webshell use skills webshell "eat black" one. Webshell production principle: Trojan Horse (out in 2010)-- > upload horse to raise power pony-> upload horse to lift power horse pack horse to take off pants horse to execute command horse

GetShell is the act of taking webshell.

1. In a word, Trojan horse

In a word, the Trojan horse is short, powerful and concealed, and always plays a powerful role in the invasion.

Asp:-sms2056.com/x.asp?value= "cmd" aspx: PHP: 2. working principle

The hacker inserts code similar to the following in the email address or personal home page of the registered information:

Where pass is the value, so you can change your own value, which is obtained by the previous request.

The above code is more common now, and the number of characters is small, so it is especially practical for places where the number of words in the form is limited.

When you know the URL of the database, you can use a local web page to connect to get the WebShell (not knowing the database is also possible, as long as you know that the Trojan file is inserted into which ASP file)

In a word, the Trojan horse is based on the Bhand S structure.

3. In a word, the Trojan horse is transformed-- x.php horse. The above aspcms2.0 will check the double quotes "" and single quotation marks "'" 4 in the script. General WAF bypass function bypass coding bypass variable bypass dynamic parameter acquisition bypass 5. One sentence picture horse production C32 do a sentence open C32, put the picture inside, write a sentence to save, exit cmd to do a sentence copy / b 1.jpg+1.asp 2.jpgwin7 right picture, in the properties-> details-> copyright insert a sentence can be 6. Common sentence client Chinese kitchen knife Chinese machete ant sword C lanker one word client ZV new PHP one sentence Trojan client GUI version one sentence client enhanced version 7. Malaysia

Malaysia is relatively large, generally above 50kb. There are also many functions, including lifting commands, disk management, database connection interface, execution commands and even some of them have the functions of lifting weights and compressing and decompressing website programs. This kind of horse concealment is not good, and if most of the code is not encrypted, many antivirus manufacturers begin to hunt down such programs.

Usage: add and delete files 8. Pony

The main users upload Malaysia.

two。 Webshell uses techniques for content encoding with parsing vulnerabilities to match files that exploit file name overflow 3. Webshell "black eat black" http://xss.fbisb.com/xss.php?do=login1. Find the shell backdoor, find the webshell backdoor, find the backdoor address, reverse wehshell Box 2. Find a word client backdoor search client backdoor address anti-wehshell box thank you for reading! This is the end of the article on "how to defend script Trojans in web Security". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.