Foreword:
In the network penetration, the website has always been the key target of hackers. Faced with a website, an attacker often wants to find the website backend, log in to it, and gain further control of the website server.
Therefore, how to obtain the login address of the website background is a very important first step.
Crawler analysis
The principle of crawler analysis is to continuously crawl links from the HTML source code of the website pages and analyze potential back-end login addresses. Generally speaking, in the address of the back-end login page, the words login , admin , user
Dictionary enumeration
In many cases, it is difficult to obtain the back-end login address through a crawler, because there may not be any page that contains a link to the login page. At this time, we can also use the dictionary to perform enumeration initiation requests and observe the return situation. Now many websites are created using some public open source blogs, BBS, CMS and other frameworks, such as Discuz!, etc., and the back-end login page names of these open source projects are fixed. If the website builder does not change it by himself, then It is very easy to get this address.
A powerful dictionary contains tens of thousands of common background login address features, and it is possible to find the background login address through enumeration.
Violent enumeration
This last kind of enumeration is violent, as the name suggests! The core of dictionary enumeration is to have a powerful dictionary, but if the target back-end login address is not in the dictionary, there is nothing you can do. When crawlers and dictionaries are powerless, they can only rely on brute force enumeration, just like trying a password, character combinations, nothing to say.
After talking about the three methods, the friends must want to ask, are there any tools? Yes, of course, and more than one. Next, I will introduce you to several website scanning tools most commonly used by hackers today.
DirBuster
DirBuster is a section developed by OWASP (Open Web Application Security Project) specifically for detecting directories and hidden files on Web servers.
Because it is written in Java, the computer must be equipped with a JDK to run it.
Enter the website address, do some simple configuration, and you can start scanning. It also supports dictionary-based scanning and brute force enumeration.
Royal sword
Listen to the name, Yujian is written by our people. It comes from the loneliness of Daniel Yujian. It also supports dictionary enumeration. Compared with DirBuster, Yujian is more concise and light, and it is very easy to operate.
wwwscan
wwwscan is an old-fashioned background scanning tool, with a simpler interface, supporting two modes: command line and visual interface:
In the command line mode, support parameters:
-p: set the port number
-m: set the maximum number of threads
-t: Set the timeout period
-r: Set the starting directory of the scan
-ssl: whether to use SSL
Examples of using commands:
- wwwscan.exe www.baidu.com -p 8080 -m 10 -t 16
- wwwscan.exe www.baiadu.com -r "/test/" -p 80
- wwwscan.exe www.baidu.com –ssl
In addition to using these tools, Google Hacking is also often used for background scanning. For example, search using inurl syntax:
- inurl:login.php
- inurl:login.jsp
- inurl:login.asp
With these tools, you can easily find the backend address of the website.
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。