This article has been published in the Hacker Manual (Non-Secure) magazine and the copyright belongs to it! Reprint and name it!
In fact, in the ASP forum, my favorite is leadbbs, which is stable, fast, and does not take up much space. It is much smaller than the huge DVBBS. Speaking of security, it is also very good. Although there were vulnerabilities in the early versions that can modify the administrator's password (commonly known as grafting wood), its security has been very certain to everyone since then. You may say that you started to cheat on cookies a few days ago, but at most it was just in the front desk. The backend was generally powerless, and experts had to accept it. Haha, the above is off-topic. Today I am not talking about its security, {}, but talking about a webshell that has already obtained a leadbbs forum website. How to enter the background more conveniently, then say less useless things and get to the topic~~
Someone asked me before that I had hacked into the website and uploaded the ASP horse, but I encountered difficulties in the leadbbs backend who wanted to enter the site. Maybe you would say that you can use the database down to get the MD5 password to break the administrator password, and you can use higher permissions to modify the database locally and then upload and overwrite it. Of course, these methods may be available, but they are both troublesome and unsure of being able to succeed. But is there any simple method? At that time, I didn't know: (. When I upgraded the forum one time, I only kept the database and other databases, and of course I also had to change the database and background login paths. All of these can be modified in inc/, as follows:
Const DEF_AccessDatabase = "Data/"//Database Path
Const DEF_ManageDir = "manage" //Default background path
When I logged in after uploading all of them, I was unable to log in to the background. It showed that only the administrator could operate. Obviously, I didn't take me as an administrator seriously. It was very successful. Later, I was depressed and wandered around the official leadbbs forum. {} I saw a question answer in a question set post, as follows:
How to reassign an administrator?
Open, find
const DEF_SupervisorUserName = ",Admin,"
Replace Admin with the administrator name you want to use, pay attention to case sensitivity, multiple administrators are separated by commas, and commas are required before and after. for example
const DEF_SupervisorUserName = ",Admin1,Admin2,"
If you can enter the background, you can also change it in the forum parameter settings.
In addition to IP restricting access, no matter how the administrator restricts other permissions (including inactive), he can enter the background.
Haha, I finally know what's going on. It turns out that when you install the forum again, the system automatically changes the settings in the database, and the default administrator only has admin, so my original user: Xinshui Nianhua can no longer go up, {} Then I opened and added my ID, uploaded and overridden, and then logged in, and all the problems were solved, haha. Therefore, we should all know how to enter the background of the webshell forum site. First, we register an ID, and then we can find inc/ through our horse, and just click on the above to add your ID. Perhaps those with high security awareness may modify their name, and you can also find it. You can find the homepage file (not only this, but many files will be included). After opening the first few sentences, it is definitely included in the file name, as follows:
<!-- #include file=inc/ --> //That's it
<!-- #include file=inc/User_Setup.ASP -->
<!-- #include file=inc/Board_Popfun.asp -->
After the modification is successfully saved, you can easily enter the background. If the background path is renamed, you can also easily find it through ASP horse. Entering the background you can as you wish.
Actually, it’s quite simple. It’s just that we are not careful when using the program, so we don’t find this little trick. Okay, the article is over. If you have any questions, you can come to Xiaoxin Technology Network to discuss with me~~ (Xiaoxin Technology Network)
In fact, in the ASP forum, my favorite is leadbbs, which is stable, fast, and does not take up much space. It is much smaller than the huge DVBBS. Speaking of security, it is also very good. Although there were vulnerabilities in the early versions that can modify the administrator's password (commonly known as grafting wood), its security has been very certain to everyone since then. You may say that you started to cheat on cookies a few days ago, but at most it was just in the front desk. The backend was generally powerless, and experts had to accept it. Haha, the above is off-topic. Today I am not talking about its security, {}, but talking about a webshell that has already obtained a leadbbs forum website. How to enter the background more conveniently, then say less useless things and get to the topic~~
Someone asked me before that I had hacked into the website and uploaded the ASP horse, but I encountered difficulties in the leadbbs backend who wanted to enter the site. Maybe you would say that you can use the database down to get the MD5 password to break the administrator password, and you can use higher permissions to modify the database locally and then upload and overwrite it. Of course, these methods may be available, but they are both troublesome and unsure of being able to succeed. But is there any simple method? At that time, I didn't know: (. When I upgraded the forum one time, I only kept the database and other databases, and of course I also had to change the database and background login paths. All of these can be modified in inc/, as follows:
Const DEF_AccessDatabase = "Data/"//Database Path
Const DEF_ManageDir = "manage" //Default background path
When I logged in after uploading all of them, I was unable to log in to the background. It showed that only the administrator could operate. Obviously, I didn't take me as an administrator seriously. It was very successful. Later, I was depressed and wandered around the official leadbbs forum. {} I saw a question answer in a question set post, as follows:
How to reassign an administrator?
Open, find
const DEF_SupervisorUserName = ",Admin,"
Replace Admin with the administrator name you want to use, pay attention to case sensitivity, multiple administrators are separated by commas, and commas are required before and after. for example
const DEF_SupervisorUserName = ",Admin1,Admin2,"
If you can enter the background, you can also change it in the forum parameter settings.
In addition to IP restricting access, no matter how the administrator restricts other permissions (including inactive), he can enter the background.
Haha, I finally know what's going on. It turns out that when you install the forum again, the system automatically changes the settings in the database, and the default administrator only has admin, so my original user: Xinshui Nianhua can no longer go up, {} Then I opened and added my ID, uploaded and overridden, and then logged in, and all the problems were solved, haha. Therefore, we should all know how to enter the background of the webshell forum site. First, we register an ID, and then we can find inc/ through our horse, and just click on the above to add your ID. Perhaps those with high security awareness may modify their name, and you can also find it. You can find the homepage file (not only this, but many files will be included). After opening the first few sentences, it is definitely included in the file name, as follows:
<!-- #include file=inc/ --> //That's it
<!-- #include file=inc/User_Setup.ASP -->
<!-- #include file=inc/Board_Popfun.asp -->
After the modification is successfully saved, you can easily enter the background. If the background path is renamed, you can also easily find it through ASP horse. Entering the background you can as you wish.
Actually, it’s quite simple. It’s just that we are not careful when using the program, so we don’t find this little trick. Okay, the article is over. If you have any questions, you can come to Xiaoxin Technology Network to discuss with me~~ (Xiaoxin Technology Network)