文章来源:http://www.nigesb.com/webshell-executeable-directory.html
ecycler、temp目录就不说了,特别是有aspx的权限,找不到exe执行目录,都不好意思:
1
2
3
4
5
6
7
|
C:\windows\system32\spool\PRINTERS\
C:\WINDOWS\IIS Temporary Compressed Files\
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files
C:\Documents and Settings\NetworkService\Local Settings\Temp
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files
C:\Windwos\system32\inetsrv\data\
|
C:\php\PEAR\
C:\Program Files\Zend\ZendOptimizer-3.3.0\
C:\Program Files\Common Files\
C:\7i24.com\iissafe\log\
C:\WINDOWS\7i24.com\FreeHost
C:\RECYCLER
C:\windows\temp\
C:\Program Files\Microsoft SQL Server\90\Shared\ErrorDumps\
E:\recycler\
F:\recycler\
C:\Program Files\Symantec AntiVirus\SAVRT\
C:\php\dev
C:\~1
C:\System Volume Information
C:\Program Files\Zend\ZendOptimizer-3.3.0\docs
C:\Documents and Settings\All Users\DRM\
C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
C:\Documents and Settings\All Users\Application Data\360safe\softmgr\
C:\documents and settings\all users\application data\symantec\liveupdate\
C:\HostMonitor\
C:\program files\ggsafe\temp\
C:\Program Files\freeime\skin\blueness
C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\Cookie\
星外默认帐号密码
freehostrunat
fa41328538d7be36e83ae91a78a1b16f!7
*给出的基本是外面收集的 不会傻傻地就有读写权限 自己变换下目录夹
*星外的文件监控会在启动时候设置文件夹权限,找到他LOG文件,多参考里面设置
*部分星外LOG会记录MYSQL MSSQL WEB后台登陆日志 密码明文的哦
*杀毒软件McAfee和symantec&360 这些多找找 有必要多翻LOG吧 各软件下的更新目录权限设置不是很严的