I have been working on this thing for a long time...
Mainly there are the following errors:
- After a word Trojan is copied and used, the garbled characters must be entered manually.
- The file format of the Trojan horse file is 1.txt but this is not successful. I think the txt file of the big guy can be used, but I don’t know why it can’t be used. I don’t know why this error is changed to 1.jpg. The connection is successful
Training goal
1. Familiar with parsing vulnerabilities in common middleware;
2. Familiar with the use and production of one-sentence Trojan horses
3. Familiar with common upload vulnerabilities
Problem solving direction
1. Test the file types that are allowed to upload
2. Observe the content returned by the server after processing the upload task, and obtain the upload path
3. Try to modify the upload path and observe whether the server allows write permissions
The following are the main steps:
- Enter the environment, upload a word of Trojan horse, and use bp to capture the package
<%eval request ("a")%>
- bp capture the packet and send it after the packet is captured
- Use ant sword or kitchen knife to connect to find the key
- Get it done