Shulou(Shulou.com)05/31 Report--

How to carry out Web rights maintenance analysis, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain for you in detail, people with this need can come to learn, I hope you can gain something.

Preface

Authority maintenance, in the red-blue confrontation, I think its significance lies in two points: one is to prevent the acquired permissions from being destroyed by the blue team, and the other is to prevent other red teams from getting the same permissions (although a little immoral. ).

Let's not talk about illegal uses in other cases.

I think the principle of authority maintenance is that it can not affect the normal operation of the original business. (for example, changing the background password causes the administrator to be unable to log in, changing the read and write permissions of the folder so that normal files cannot be uploaded, etc.).

Background permission maintenance

When we obtain background permissions through weak passwords or explosions, in order to prevent administrators from changing passwords or other red teams to change passwords and lose permissions, we need to maintain background permissions in this case.

Of course, it is the stupidest way to change the background password by yourself.

You can choose the method by inserting xss code in the backend source code. Of course, in this case, the webshell permission has been obtained. When the administrator accesses the backend, we can get the cookie. For more information, please see:

Referenc

This is a bit of a chicken rib, because you already have webshell permissions, so why maintain background permissions, but the advantage of this is that inserting js code into the source code is not easy to find, which is an advantage.

Webshell privilege maintenance

The common permission is the permission of webshell. After obtaining the permission of webshell, other blue teams may find that if shell is deleted, other red teams may also get this permission. Considering these two situations, it needs to be maintained.

Against the blue team

Other folders are written to shell: the initial upload path is usually a folder where files such as pictures are stored, and if a file with the php suffix suddenly appears in such a folder, nine times out of ten, it will be found, so in order to avoid being found by the blue team, the general practice is to write shell under other writable folders.

Rewrite the date of shell: this is mainly aimed at the linux platform, because there are not many webshell killing tools under linux, and you may be ordered to check and kill.

A possible command is the find command, such as:

Find-name "* .php"-type f-mtime-3-exec ls-l {}\

The modification method is the touch command, such as:

Touch-d'08 color AugustMuir 2019 'rrr.php

The effect is as follows:

Write undead horse: the so-called undead horse is a Trojan horse that resides in memory and maintains permissions by cycling to generate shell under a certain path. Even if shell is deleted, it will still be generated. The undead horse on the Internet, I tried without success, changed it myself, the simplest, inevitably killed, for reference:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.