Nothing in the world can not be replaced perseverance, talent can not be, because unsuccessful genius everywhere; talent can not, because this world is full of beggars have received a good education. Only the right approach and perseverance is everything. Methodology interlinked, my brother had no contact for many years hacking techniques, but the efficiency of the invasion of the site but not better.
Intrusion ideas
1, get a lot of spinach from H website URL domain
2, to collect the domain name into vulnerability detection software to scan inside.
3, find loopholes platform, trojaned, wait for the administrator login, obtain background administrator account password
4, successful invasion website background, then you know!
A) get a lot of spinach platform domain
As we all know, pornography and gambling on the Internet, regardless of family favorite is the spinach platform to advertise on the major "Adult Learning Site", a variety of bright blind ad images are hidden behind different platforms, so start with this start
No matter how tight the security systems and measures, after all, is the man in control, talent is the root cause of vulnerability.
* Batch invasion weak passwords
When do site, the site must first be uploaded to the server source code. FTP software is uploaded to the server source code, so long as access passwords FTP site, all of the data on this site at your fingertips. There will always be some websites is very simple password, a password as shown above website is 123456; collect a large yellow website through search engines, and then use the software to automatically scan thousands of websites, there will always be password so few websites simply because these sites may be some owners manage to do it did not go off.
After an afternoon of acquisition and analysis, to get a web site about 50000 spinach platform, the next step is to analyze these URLs have no loopholes.
B) vulnerability invasion batch method
Brother readily engage in the next, easily won the URL tens of thousands of websites, including large group, Sands, Lisboa, Venetian, Galaxy Entertainment ...
"Struts 2" is a Web application framework, programmers struts2 framework on the basis of easily and quickly develop a variety of sites. But this framework during 2014 and 2018, appeared eight vulnerabilities, many large sites fall, called the Carnival black production circles.
Although the old loopholes, but the industry there are so many new platforms emerge every day, there are certainly many websites more fortunate, have not been invaded, took these lucky cut it, that's my goal this time.
Use "struts 2" framework do website will often contain a word "action".
Baidu search with advanced instruction, inurl: action, meaning the site to search for all the URL contains the letter "action" is.
To improve efficiency, the URL acquired in Baidu brother software batch, below
The collection of URLs to "struts 2 software vulnerabilities", the software can automatically batch testing.
Loopholes than 0.5% of the site, after all, a mature platform have fixed this vulnerability, this can not be found also depends on luck.
C) trojaned, get backstage account password
After eat a meal back to see if there is harvest, it seems okay luck today, I found a lucky figure below shows the results of a test platform, free to view any information on the site, including configuring the server, which is installed software, the most important thing is to get a backstage address.
To make it easier to see the data monitoring site, Baidu search "jsp Trojan horse", just to find a piece of code uploaded to the site.
Open the Trojans, now is the administrator login quietly so have this background, you can get to his account password, hee hee ~
When fishing a bit of patience, a cigarette of time has passed, and soon fish bait, a successful account password to get backstage personnel.
D) successful landing back
Bingo, a successful black into the background, see the user registration time, is a still operating platform, behind to do much easier.
Look out money record, avoid black platform or butcher dish out money one day be a million water levels, good luck today, I hit the jackpot!
One of his agents to get the link, we look into the front-end look like.
We are playing a major platform for color, his first to test the waters, testing the next function, a registration number, the latter sub-stage test, the first test at 100 points on the next play.
The minutes and seconds to, ha ha ha, spinach platform will have a risk control rule, should be careful not to play wind control of people find that playing 10 minutes could not look under the sub -