UNDERCODE SECURITY

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WEB HACKING TIPS BY UNDERCODE :
#fastTips

1. Use website filtering to bypass the background verification directly, add admin/session.asp or admin/left.asp behind the website

2. When some websites enter the background, a script prompt box will appear, enter: administrator to break! admin means to enter as an administrator.

3. Some websites have opened 3389. Before hacking, connect to 3389 first, try a weak password or blast, and then press the shift key 5 times to see if anyone has installed the back door, and then the social work password.

4. Sometimes a prompt box "Please log in" will pop up when entering the background, copy the address out (you can't copy it), and then put it in the webpage source code analyzer, select the browser-intercept jump check-check to enter the background!

5. Break through the anti-theft chain to access webshell, code:

Copy codecode show as below:

javascript:document.write("<a href='http://www.example.com/uploadfile/1.asp'>fuck</a>")

After pressing enter, click GO to enter the webshell

6. Break through the first-class information monitoring interception system access. When the pony can access but uploading to Malaysia is not possible, you can use Malaysia to merge with a picture first, upload the merged picture, and then access after the database is backed up!

7. When taking the editor's shell, sometimes adding asp|asa|cer|php|aspx and other extensions are filtered when uploading, in fact, as long as adding aaspsp and uploading asp will break through.

8. Sometimes D has guessed the table segment, but when you can’t guess the field, you can go to the background to view the source file, search for ID or type, you can usually find it, and then add a field to D to guess the content to break through .

9. This technique can be used for the social work background password. If the website domain name is: exehack.Net and the administrator name is admin, you can try the passwords "exehack" and "exehack.net" to log in.

10. If the website filters and 1=1 and 1=2 during manual injection, you can use xor 1=1 xor 1=2 to judge.

11. The local structure uploads a one-sentence Trojan. If it prompts "Please select the file you want to upload! [Re-upload]", the file is too small. Open it with Notepad and copy a few more sentences to enlarge the file size before uploading OK.

12. Use ah d to stop the watch, run the field name name and pass can not come out, the display length exceeds 50 or something, if you can't figure it out, you can usually run out of pangolins at this time!

13. Guess the administrator background tips, admin/left.asp, admin/main.asp, admin/top.asp, admin/admin.asp will show the menu navigation, and then Thunder download all links.

14. Know the table name, field, use SQL statement to add a user name and password statement in the ACCESS database:

Insert into admin(user,pwd) values('test','test')

15. When you get the administrator's password, but you can't get the administrator's account, go to the front desk to open a news item and look for words such as "submitter" and "publisher". Generally, the "submitter" is the administrator's Account now.

16. The absolute web path of the website set up by blasting ASP+IIS, assuming that the home page of the website is: http://www.xxxxx/index.asp/ Submit http://www.xxxxx.cn/fkbhvv.aspx/, fkbhvv.aspx is nonexistent.

17. Utilization of source code, many websites use source code downloaded from the Internet. Some webmasters are lazy and don’t change anything, and then upload and open the website. We can download a set, which contains a lot of default information worthy of use.

enjoy❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

22 views20:20