zoukankan      html  css  js  c++  java
  • Osmotic Study ----Mysql Safe

         Thanks Ichunqiu company.I have a chance to learn some lessons for free in five days till 10.1 this year.Here is the address.https://www.ichunqiu.com. But  you may have no access to all ithe videos.There are many video on the Internet,but here in Ichunqiu It is arranged very well!

         This article is tested by a mysql database.The oher database may use the same way.

         Step 1:Get the sql database address

          You have to ways to get these.One is finding some website those have some xss and other deangerous bug.And  you need send your trojan on it.And then you can get the config files or the database files on it.The config files may be conn,sql,inc,common,data etc catalog.If you get them you can get the link address easily.In case of this situation,you may need design you website safely ,connect the data without root or sa , write you own config with encryption,update the database in time and install the Waf on your server PC.You can design the website,encrypt the config files may be little problem.The other way to get the address may scan add the ip address using weak password ,such as root 123456,root root,etc.Incase of this situation,set a strong password with lower abc ,upper ABC,numbers 123,and some other symbol like !@#$%^ is necessary.Especially in you server PC.Because the one who get this,can get the account of you server PC easily.I will tell you in the step2 in the article.

            Step2:Creat your account

            If you have get the address to a mysql database ,you can promote your authority and creat a windows account through the UDF tool ,the MOD bug or other mothods.And in this way, you can open port that you can use the mstsc.exe.And then you have it.

       The reference lesson link is this https://www.ichunqiu.com/qad/course/52775.

           All rights reserved.Reprinted with reference to the source.

     

     
     
  • 相关阅读:
    Android ADB的一些用法
    我想搞个python版的http代理服务器出来
    用Python创建大文件
    串口号都属于“使用中”的解决方法
    wxPython入门(二)
    Android Studio安装后不能启动的解决办法
    STC单片机不需要按电源开关下载的方法!
    最近要做的一些事情
    关于“用香蕉弹琴”的一点解释
    stc15系列单片机ISP编程失败率是相当高啊!
  • 原文地址:https://www.cnblogs.com/wangkun1993/p/7600202.html
Copyright © 2011-2022 走看看