Title: Recording a commission earning scam to trace the source to the actual penetration of individuals

When looking for TSRC assets in the Eagle Picture, when I was preparing to dig Tencent SRC, I saw the domain name of this site :qq.com.xxxx.top, the title is login The first feeling is that it is not a serious site, it should be found by the fishing station whois.webpack package . This kind of site basically has some test accounts. I tried 18888888888888888 password 123456 . I saw this. This is the kind of people who earn commissions when doing tasks. The main feature is to cheat money. F12 searches for requests and js, the loaded resource file reports an error, use thinkphp but there is no hole, the IP is really available, and the background is disguised, called xxx check-in system Find other assets through fofa, the IP access is a template page for enterprise website building, add admin behind the IP and jump to the background of enterprise website building, tell the truth that this is really bad Enter the home /x again in thinkphp5.0.5, verified that there is RCE, the site that does tasks and earns commissions, has not yet carefully tested it and collected information, and found the side station and entered it. Basically, the database configuration is in data or config md5 decrypts the administrator password, enter the background to see other information and don’t pay much attention to it, mainly looking for site administrators

1. Sensitive mobile phone number is often passed through the recommendation number, which is a mobile phone number. 139xxxx2. Administrator log analysis : suspicious IP positioning is in Sichuan 3. Check WeChat through the mobile phone number and Alipay to find this person 4. Check this person through the social work library QQ, Weibo and his own photos

Reprinted from the original link: https://mp.weixin.qq.com/s/9M0HEP1x-5Xt1JQeyVDrGA