Most website designs are more concerned with the realization of user business. However, software developers and website system operation and maintenance personnel do not understand attack techniques and website maintenance, and fail to discover possible security vulnerabilities during use. Hackers can generally take advantage of these vulnerabilities to benefit themselves.
In this next article, I will tell you how to obtain the backend address of a website.
The more common analysis methods currently include the following:
1: Exhaustively guess the backend address
Under normal circumstances, the backend of the website has a default address. It is recommended that you try the address with the following suffix.
/admin/index.asp
/admin/login.asp
/admin/admin_login.asp
/manage/index.asp
/manage/login.asp
/manage/admin_login.asp
/admin/index.aspx
/admin/login.aspx
/admin/admin_login.aspx
/manage/index.aspx
/manage/login.aspx
/manage/admin_login.aspx
/admin/index.php
/admin/login.php
/admin/admin_login.php
/manage/index.php
/manage/login.php
/manage/admin_login.php
In addition to the above, you may have changed the name of the website backend management address in the backend before. In that case, it will be more troublesome to find it. You have to search it in the database. If you are not a professional, you may not be able to find it.
2: Use relatively common open source systems. Usually systems of the same type have many things in common.
CMS, that is, Content Management System, the English abbreviation is CMS, and the full Chinese name is "website content management system". The website content management system has many excellent template-based designs that can speed up website development and reduce development costs. The functions of the website content management system are not limited to text processing, it can also process pictures, Flash animations, audio and video streams, images and even email files. Website content management system is actually a very broad term. From general blog programs, news release programs, to comprehensive website management programs, it can all be called content management systems.
Common cms systems:
PHP-like cms system: dedecms, empirecms, php168, phpcms, cmstop, discuz, phpwind, etc.
asp-like cms system: zblog, KingCMS, etc.
.net type cms system: EoyooCMS, etc.
Famous foreign cms systems: joomla, WordPress, magento, drupal, mambo.
2) dede is the abbreviation of Dedecms, a PHP open source website management system. It is also the PHP CMS system with the most users.
3) Methods to determine whether cms is dede: 1. Look at the website tab image 2. Look at the website url 3. Look at the words Power by DedeCms at the bottom of the website tab
4) How to judge whether it is an open source program: website crawling --> directory structure --> judging by experience, web fingerprint identification tools: Yujian web fingerprint identification, coconut tree 1.7
The picture below shows a certain management background:
3: Make reasonable use of search engine syntax to quickly find the backend management address
Basic usage of Google Hacking
Basic usage of Google Hacking:
1.inurl: used to search for URLs contained on web pages. This syntax is useful for searching, help, etc. on the web.
2.intitle: Limit the title of the web page you search for.
3.intext: Search the text content contained in the web page (that is, ignoring text such as titles, URLs, etc.).
4.site: Domain name that limits your search scope.
5.allintitle: Search all web pages whose keywords form the title.
6.link: Search all web pages whose keywords form the title.
7.filetype: Search the suffix or extension of the file.
The specific application of Google Hacking
1. Search for websites containing the admin character in the URL: inurl:admin
2. Search for websites that contain login characters in their URLs: inurl:login
3. Search for websites whose URL contains the characters site:http://eu.cn inurl:admin: site:http://edu.cn inurl:admin
Reasonable use of search engines can have very good results
4: Use nmap to detect other ports developed by the server.
nmap provides four basic functions (host discovery, port scanning, service and version detection, OS detection) and a rich script library.
Nmap can be used not only for simple network information scanning, but also in advanced, complex, and specific environments:
For example, scan a large number of hosts on the Internet; bypass firewalls/IDS/IPS; scan Web sites; scan routers, etc.
A brief review of Nmap’s simple scanning methods:
Full scan: nmap-T4 -A targetip
Host discovery: nmap-T4 -sn targetip
Port scan: nmap-T4 targetip
Service scan: nmap-T4 -sV targetip
Operating system scan: nmap-T4 -O targetip
The above scanning methods can meet general information collection needs. If you want to use Nmap to explore more detailed information in a specific scene, you need to carefully design the Nmap command line parameters to accurately control Nmap's scanning behavior.
Use nmap to scan the background address.
5: Use sniffing technology to quickly obtain the corresponding management address
This technology is relatively high-end. It intercepts and manages addresses through side stations. This requires a lot of costs.
For example, collecting the side-site server is the most critical. With the side-site server, it is very simple. By setting up an interception environment, you can sniff the relevant back-end addresses, etc.
at last:
This time I have compiled it here. If you find it useful, please like, collect, and comment 666~
If any passing master has other better methods and tutorials, you can discuss and exchange them in the comment area!