本文讲的是
匿名者自述是如何黑掉一万多个暗网网站的?,
1. create a new site or login to an old one 2. login and set sftp password 3. login via sftp and create a symlink to / 4. disable DirectoryIndex in .htaccess 5. enable mod_autoindex in .htaccess 6. disable php engine in .htaccess 7. add text/plain type for .php files in .htaccess 8. have fun browsing files 9. find /home/fhosting 10. look at the content of the index.php file in /home/fhosting/www/ 11. find configuration in /home/fhosting/www/_lbs/config.php 12. copy paste database connection details to phpmyadmin login 13. find active users with shell access in /etc/passwd 14. look through the scripts and figure out how password resets work 15. manually trigger a sftp password reset for the user 'user' 16. connect via ssh 17. run 'sudo -i' 18. edit ssh config in /etc/ssh/sshd_config to allow root login 19. run 'passwd' to set root password 20. reconnect via ssh as root 21. enjoy
原文发布时间为:2017年2月6日
本文作者:晨曦
本文来自云栖社区合作伙伴嘶吼,了解相关信息可以关注嘶吼网站。