Privilege escalation after php injection (1)_PHP tutorial

Method 1: Explosive method.

The most conspicuous ones are the username and password. The key is how to crack the password? I searched the Internet for a tool specifically designed to crack SERV-U passwords (Serv-UPassCrack1.0a.rar). It was too slow. How long will it take to do this? Simply use Notepad to open its script crack.vbs. Take a look at the decryption principle: Assume that the original plaintext password is represented by "password_mingwen", and the ciphertext password is the password we see in ServUDaemon.ini (34 bits), represented by "password_miwen", and the first two digits of the ciphertext are combined with the plaintext , and then encrypted by MD5, it is exactly equal to the last thirty-two digits of the ciphertext! 】

That is: md5 (password_mingwen+left(password_miwen,2)=right(password_miwen,32)) As the saying goes, "If a worker wants to do his job well, he must first sharpen his tools." I found two on the Internet. A perfect match! One is MD5CrackSpV2.3 (speed enhanced version, a very easy-to-use MD5 blasting tool), and the other is dictionary expert.BBSt, with which we can generate a dictionary with the first two letters specified for us! MD5CrackSpV2.3 is extremely fast. We can specify the number of threads to open. I did a test in a P4, 256M memory environment, using Dictionary Expert.BBSt to generate a dictionary containing 300 million records and about 1.2G, using MD5CrackSpV2. It took a total of 30 minutes to run 3 and 8 threads! One thread runs about 20,000 records in one second, and 8 threads run in one second, which is 160,000 records! Based on this calculation, a machine can run about 138 records in one day. Billions of records! If ten P4s work together, the power is endless! At the same time, I saw news on the Internet that Shandong University has developed an algorithm to crack MD5! But no specific program has been found. Once the program is released, it will not be secret. , I’m afraid many websites will suffer again!!

Method 2: Program method.

There are more than ten users in the c:ProgramFilesServ-USerUDaemon.ini file. One of the user directories: "d:s***na***loverphotogallery" attracted me. Immediately type
in the browser.

http://www.bkjia.com/PHPjc/446771.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/446771.htmlTechArticleMethod 1: Blasting method. The most obvious ones are the username and password. The key is how to crack the password? I searched the Internet for a tool specifically designed to crack SERV-U passwords (Serv-UPassCrack1.0a.rar), too...