IIS 6 默认ACLs权限
[ 2006-08-19 13:33:35 | Author: zhenhua ]
NTFS permissions
Directory UsersGroups Permissions
%windir%helpiishelpcommon Administrators Full control
%windir%helpiishelpcommon System Full control
%windir%helpiishelpcommon IIS_WPG Read
%windir%helpiishelpcommon Users (See Note 1.) Read, execute
%windir%IIS Temporary Compressed Files Administrators Full control
%windir%IIS Temporary Compressed Files System Full control
%windir%IIS Temporary Compressed Files IIS_WPG List, read, write
%windir%IIS Temporary Compressed Files Creator owner Full control
...
Read More...
Directory UsersGroups Permissions
%windir%helpiishelpcommon Administrators Full control
%windir%helpiishelpcommon System Full control
%windir%helpiishelpcommon IIS_WPG Read
%windir%helpiishelpcommon Users (See Note 1.) Read, execute
%windir%IIS Temporary Compressed Files Administrators Full control
%windir%IIS Temporary Compressed Files System Full control
%windir%IIS Temporary Compressed Files IIS_WPG List, read, write
%windir%IIS Temporary Compressed Files Creator owner Full control
...
Read More...
WScript.Shell:
regsvr32/u wshom.ocx
regsvr32/u wshext.dll
Shell.application:
regsvr32 shell32.dll /u /s
cacls %systemroot%\system32\shell32.dll /e /d guests
regedit:
shell.application
wscript.shell
net.exe cacls.exe telnet.exe tftp.exe tftp.exe format.com mountvol.exe mshta.exe
regsvr32/u wshom.ocx
regsvr32/u wshext.dll
Shell.application:
regsvr32 shell32.dll /u /s
cacls %systemroot%\system32\shell32.dll /e /d guests
regedit:
shell.application
wscript.shell
net.exe cacls.exe telnet.exe tftp.exe tftp.exe format.com mountvol.exe mshta.exe
只可以“写入”与“读取” 两个,其他一律不可
包括php的session
包括php的session
AccessEnum
[ 2006-03-14 13:02:59 | Author: zhenhua ]
Win下检查目录权限的好东东,一目了然
While the flexible security model employed by Windows NT-based systems allows full control over security and file permissions, managing permissions so that users have appropriate access to files, directories and Registry keys can be difficult. There's no built-in way to quickly view user accesses to a tree of directories or keys. AccessEnum gives you a full view of your file system and Registry security settings in seconds, making it the ideal tool for helping you for ...
Read More...
While the flexible security model employed by Windows NT-based systems allows full control over security and file permissions, managing permissions so that users have appropriate access to files, directories and Registry keys can be difficult. There's no built-in way to quickly view user accesses to a tree of directories or keys. AccessEnum gives you a full view of your file system and Registry security settings in seconds, making it the ideal tool for helping you for ...
Read More...
小结
- 尽量少用或不用视图
- 需要哪个字段就select什么字段,不要select * from ...
- 所有需要处理的东西都在服务器端判断,不要传到页面去判断
- 尽量写在后台,不要用前台
- 所有都是"面向对象"
Windows 2000 安全中心:http://www.microsoft.com/......prodtech/Windows2000.mspx
Windows Server 2003 安全中心:http://www.microsoft.com/......ch/windowsserver2003.mspx
Microsoft TechNet:http://www.microsoft.com/china/technet/Security/default.mspx
Windows Server 2003 安全中心:http://www.microsoft.com/......ch/windowsserver2003.mspx
Microsoft TechNet:http://www.microsoft.com/china/technet/Security/default.mspx
IPSec 与 TCP/IP筛选
[ 2004-09-09 01:48:45 | Author: zhenhua ]
Kill Shell
[ 2004-09-09 01:48:17 | Author: zhenhua ]
搜索类型:*.asp /*.htm
关键字:
关键字:
桂林老兵
海洋
稻香
冰点
后门
VBScript.Encode
0D43FE01-F093-11CF-8940-00A0C9054228
093FF999-1EA0-4079-9525-9614C3504B74
72C24DD5-D70A-438B-8A42-98424B88AFB8
CreateTextFile
eval(r
Execute request
Execute session
OpenTextFile
WriteLine
5xSoft
Scripting.Dictionary
Request.BinaryRead
DeleteFile
MoveFile
Getfile
=VBS
iframe src
back door
海洋
稻香
冰点
后门
VBScript.Encode
0D43FE01-F093-11CF-8940-00A0C9054228
093FF999-1EA0-4079-9525-9614C3504B74
72C24DD5-D70A-438B-8A42-98424B88AFB8
CreateTextFile
eval(r
Execute request
Execute session
OpenTextFile
WriteLine
5xSoft
Scripting.Dictionary
Request.BinaryRead
DeleteFile
MoveFile
Getfile
=VBS
iframe src
back door