After seeing a little ignorant force
Then download
After downloading discovery is a pacp suffix traffic packets
Then wireshark
Then just thought http filter
Then found wrong
Then refer to other people's blog
Prompted by the chiefs, TCP stream getshell general
message is likely to include command this field, we can <protocol contains "inside
to find getshell streaming content">
By tracking tcp stream, we can see a base64 string
base64 decryption, get flag
Summarize
this difficult question in the main do not know how to find getshell flow, the need for all kinds of messages and wireshark of the
more familiar method, refer to the following blog to learn
https://www.cnblogs.com/dragonir/p/ 6219541.html
this difficult question in the main do not know how to find getshell flow, the need for all kinds of messages and wireshark of the
more familiar method, refer to the following blog to learn
https://www.cnblogs.com/dragonir/p/ 6219541.html
Author: Ro0t
link: https: //www.jianshu.com/p/3efa609cc652
Source: Jane books
are copyrighted by the author. Commercial reprint please contact the author authorized, non-commercial reprint please indicate the source.