Abstract: In this lesson, we look at the page Trojan, Trojan first before we understand, let's look at what is a word Trojan horse, pony and Malaysia, what is the first webshell briefly about webshell, it simply webshell is implanted hacker back door, it can help us hacker control of the site, just like computer Trojan control computer the same. Trojans word so small a code, not necessarily result in injury to the server ...
This lesson, let's look at the page Trojan, Trojan first before we understand, let's look at what is a word Trojan horse, pony and Malaysia, what is webshell
First briefly about webshell, webshell is simply implanted hacker back door, it can help us hacker control of the site, just like computer Trojan control computer the same.
Trojan sentence
It's that small a code, not necessarily harm the server. What is causing harm to the server? Might by some clients to load this script and use this script, the script parameter passing of time, and it passed the 69 malicious parameters to execute your client a picture of the eval function is executed, the value of the web when the passed string parameter, the server might cause some damage, for example. We can use it to transfer some of Malaysia, execute commands, modify the file, all the client to send over some string a sentence, to pass over the string code is executed by the eval function, who pass it? Is our choppers
So, we can execute arbitrary code by this sentence Trojan
We can jifeng = phpinfo () function, and then executed, it will be normal to execute phpinfo (), then jifeng is equivalent to a key, you can have the key to the implementation of this code, you can see the picture in the successful implementation and output
So we not only through the implementation of the code, then we can also go through the implementation of some code, then here we have to use system () function, the function of which is in php execute system commands, then execute the command here, its success executed and returned to us the contents of the browser, it is displayed in the page.
If we want to see the current ip address, then we can go to view by executing the command, of course, different systems of command to make it clear, Windows and linux commands are different
If the current permissions large, we can provide the right to directly target server to get the word Trojan
Execute the command after you can see we had a virtual machine a user
So this is one way, the other is through our tools, "Chinese chopper Connect", a Chinese kitchen knife is to help individuals manage access control webshell, and connected with a kitchen knife in the case of a word Trojan is not removed, can be long-term control the other site, you can see we enter the password for the connection, which is our equivalent to a sentence of jifeng password kitchen knife connection, and then enter the address of the word where the Trojans, after then choose our scripting language, our word Trojan is the php language, then we should choose a kitchen knife php language here, and click Add
We can see the back door saying we add management website
We click the right button, you can see there are a lot of features, administer the site server file, database management, etc.
We open the "Analog Terminal", then here it is to simulate the terminal server implementation of the above command through this terminal, we can execute system commands.
You can also view the database to connect to some configuration files through a kitchen knife, on the one hand the implementation of sql statement
Pony and Malaysia, in simple terms, this is also the site of two Trojan backdoor Trojan, but it has more features than the rich a word Trojan prototype, simple and comfortable with them, but it is also the most likely to be given protection software deleted, because the word Trojan free to kill many forms, but the pony and Malaysia to avoid killing bypass protection software more than a word Trojan trouble-free number
First, let's look at one of Malaysia's code, which roughly follows the code, you can see it's the code word is more than the Trojans, because the Trojans are like a word in one sentence, so called sentence Trojans, and our Malaysian it is a lot of code
Malaysia we can see, it is a login interface, enter a password to login into because the password is our picture above code admin.
You can see our Malaysian function was indirect and convenience than a word, we execute the command will be executed by Malaysia, so that's why we like to use the word upload Malaysia, not only because it can execute commands, you can also On the one hand exploits mention the right to win the target server, Malaysia mainly for use: put the right package, add or delete files, and so Tuoku
In addition, we can also encode content, with the parsing vulnerability, with the file that contains the vulnerability, use a file name overflow vulnerability uploaded to the destination site.