nqkk58 发表于 2024-10-3 10:25:44

记一次对某外挂辅助网站的getshell


    <h3 style="color: black; text-align: left; margin-bottom: 10px;"><span style="color: black;"><span style="color: black;"><strong style="color: blue;"><span style="color: black;">声明:</span></strong></span><span style="color: black;">该公众号大部分<span style="color: black;">文案</span>来自作者<span style="color: black;">平常</span>学习笔记,<span style="color: black;">亦</span>有少部分<span style="color: black;">文案</span>是经过原作者授权和其他公众号白名单转载,未经授权,严禁转载,如需转载,联系刘一手</span><span style="color: black;">请勿利用<span style="color: black;">文案</span>内的<span style="color: black;">关联</span>技术从事<span style="color: black;">违法</span>测试,如<span style="color: black;">因此呢</span>产生的一切不良后果与<span style="color: black;">文案</span>作者和本公众号无关。</span><span style="color: black;">仅供学习<span style="color: black;">科研</span></span></span></h3>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><strong style="color: blue;"><span style="color: black;"><span style="color: black;">目的</span></span></strong></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">http://www.xxx.com</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/0YvAy5BgkyO4wceaOIDf8LDwPRuzkEK1bN7yOcrhSn5De8NwFdbR2iaAH55NbyrDPdULGymkvnKicia2bGKFPjE1w/640?wx_fmt=png&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <h1 style="color: black; text-align: left; margin-bottom: 10px;">看到输入框就想打一下<span style="color: black;">xss</span></h1>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/0YvAy5BgkyO4wceaOIDf8LDwPRuzkEK1cXpx61OddfLic3Yg13iaBYNStiaTEaBMSzwkQVFWj3eKauSrc2iaVZChhw/640?wx_fmt=png&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><strong style="color: blue;"><span style="color: black;">反射型的xss</span></strong></span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">我<span style="color: black;">此刻</span>有个好玩的想法,<span style="color: black;">便是</span>找下有<span style="color: black;">无</span>联系qq,<span style="color: black;">而后</span>把弹窗换成笑话这个卖挂站长的</span></span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><strong style="color: blue;"><span style="color: black;">看到联系方式,点击会<span style="color: black;">转</span>到添加qq的<span style="color: black;">地区</span></span></strong></span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/0YvAy5BgkyO4wceaOIDf8LDwPRuzkEK1hibG2E8asCZfkZ9kreUPyiaXJXcfZN5g0KJ1cF7EqSdxsg0gXgvFqW1A/640?wx_fmt=png&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><strong style="color: blue;"><span style="color: black;"><span style="color: black;">然则</span>我没下qq,就没<span style="color: black;">转</span>到添加,f12查看下<span style="color: black;">转</span>的链接</span></strong></span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/0YvAy5BgkyO4wceaOIDf8LDwPRuzkEK1toZqcJmwnEPicJuTicUeqjShgr5EaprBmZt8ibMxH62QOarkBWibtabR0Q/640?wx_fmt=png&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/0YvAy5BgkyO4wceaOIDf8LDwPRuzkEK1tU6Sl0RVIrfdbZDm4q6Xeauy44Kcf3BnMahvyDBmEpib1Vsx7meHEsw/640?wx_fmt=png&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <h1 style="color: black; text-align: left; margin-bottom: 10px;"><strong style="color: blue;"><span style="color: black;">此刻</span><span style="color: black;">晓得</span>的信息:</strong>站长的联系<span style="color: black;">qq</span>和他的账号<span style="color: black;">id</span>可能带小黑,用<span style="color: black;">dirsearch</span>扫下目录<span style="color: black;">瞧瞧</span></h1>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/0YvAy5BgkyO4wceaOIDf8LDwPRuzkEK1viaN6A1Whibjiaz9Gw9FYYGnWJy6yx5hDPIhaO5tLFXS1uDyLzjzZwn3g/640?wx_fmt=png&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <h1 style="color: black; text-align: left; margin-bottom: 10px;"><span style="color: black;">发掘</span>到有个后台<span style="color: black;">位置</span>,进入后台登陆<span style="color: black;">瞧瞧</span></h1>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">万能admin试试看</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><img src="https://mmbiz.qpic.cn/mmbiz_png/0YvAy5BgkyO4wceaOIDf8LDwPRuzkEK1EiblgecLmIGUB90lMK5zvbiaobMttkzF9jkibpF18cSuZUt5fThHupeVw/640?wx_fmt=png&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">无果,输入小黑试试看</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><img src="https://mmbiz.qpic.cn/mmbiz_png/0YvAy5BgkyO4wceaOIDf8LDwPRuzkEK16lVbxZABB6qL3Z2W2roEBew2ia8iczsOo5O5R448WYS9YVmgI9eauvXg/640?wx_fmt=png&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">提示<span style="color: black;">秘码</span>错误,那<span style="color: black;">便是</span>帐号没错了,上字典爆破</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/0YvAy5BgkyO4wceaOIDf8LDwPRuzkEK1MF9EVj6LwZtu5aPeuKiaDfleZqNXrFIGTDOwgKYWAblns7ry5z3WGfQ/640?wx_fmt=png&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <h1 style="color: black; text-align: left; margin-bottom: 10px;"><span style="color: black;">显现</span>一个<span style="color: black;">302</span><span style="color: black;">转</span>暂时性转移,账号小黑,<span style="color: black;">秘码</span><span style="color: black;">22xxxxxx</span></h1>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/0YvAy5BgkyO4wceaOIDf8LDwPRuzkEK1OZzRuc2ybxglWe9dW8F5BA2OUmdcSXlDBibHVLslrhbEclE0Ol8sSvw/640?wx_fmt=png&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">成功进来挂哥的站点</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/0YvAy5BgkyO4wceaOIDf8LDwPRuzkEK1aHEibXExofe7dM4viblRd0DHeK4gxopjmRQ52w2leWk009nia9uUicSNdA/640?wx_fmt=png&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">发掘</span>是emlogcms,<span style="color: black;">好似</span>在上传模板能拿下,试试看</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/0YvAy5BgkyO4wceaOIDf8LDwPRuzkEK15zmbh2tlDLc59myEAg9IXs1gHmlJ6fBDb2bmiaMFPHw33FkoXDkXLdA/640?wx_fmt=png&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">添加模块</p>

    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/0YvAy5BgkyO4wceaOIDf8LDwPRuzkEK1tg7zTNdGibpus5CNTiaciaCemXX7rPqwYCGwskicpI3LmkKfgmvepjN3Ag/640?wx_fmt=png&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">这是准备好的源码,写个一句话进去,<span style="color: black;">亦</span><span style="color: black;">能够</span>把文件里的内容替换成一句话木马,我把404里的内容替换木马</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/0YvAy5BgkyO4wceaOIDf8LDwPRuzkEK1lf2TbzW590Y5IuSNmEqPSeHx08YH6DhSwcvMyS7icqWmBfOLPInyRicQ/640?wx_fmt=png&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">下一步的操作<span style="color: black;">便是</span>上传模板了</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/0YvAy5BgkyO4wceaOIDf8LDwPRuzkEK10jCROxa8EoQGvrxEQtO9tnYTPhcNg34b6WLN1AmWRlv3cdkXlJHanQ/640?wx_fmt=png&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">上传模板后,<span style="color: black;">运用</span>蚁剑进行连接</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/0YvAy5BgkyO4wceaOIDf8LDwPRuzkEK1OQUVCNjr54gLPO1sScjShCjwJicGFTARHKnwAM3AjBxukGDjcHsyibew/640?wx_fmt=png&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">这儿</span>连接失败<span style="color: black;">由于</span>要忽略https证书</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/0YvAy5BgkyO4wceaOIDf8LDwPRuzkEK1t55dkUqJ7UgiaeyaIgwEUgDGf3xxqHFFUJ5bkVcYRMz8D8fXpqJWyAw/640?wx_fmt=png&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/0YvAy5BgkyO4wceaOIDf8LDwPRuzkEK17YU0eZpfqYzLNfOhRxCMXXbgic9pZAyo2PGJRenTMyaWO42NKicotYXw/640?wx_fmt=png&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">ok了,挂哥不止一个站,还有卡盟</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/0YvAy5BgkyO4wceaOIDf8LDwPRuzkEK1xTE8RvxjEUmqkoSkdFdXRviaiaicibYfd8643u0rial61lOv5ciazEosKhDA/640?wx_fmt=png&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">执行命令有disable_function拦了,那就试试看能<span style="color: black;">不可</span>绕过disable_function执行命令,蚁剑有绕过disable_function插件</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/0YvAy5BgkyO4wceaOIDf8LDwPRuzkEK1Q3TwxXibWBIHlwAg2NnNkyabRbibicGicpzVxWuYSUWZaJBkicflANqiasaQ/640?wx_fmt=png&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <h1 style="color: black; text-align: left; margin-bottom: 10px;">填写<span style="color: black;">FCGI</span>和<span style="color: black;">php</span>路径 最后一个是填写<span style="color: black;">webshell</span>的目录,点击<span style="color: black;">起始</span>就在<span style="color: black;">webshell</span>的目录生成一个<span style="color: black;">.antproxy.php</span></h1>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/0YvAy5BgkyO4wceaOIDf8LDwPRuzkEK1AakBPNPmyeSTHso2hwxpVKqvdic8GztYiaWLWdtPCCsdax143w9x4Zsg/640?wx_fmt=png&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">连接的<span style="color: black;">秘码</span>和webshell的<span style="color: black;">秘码</span><span style="color: black;">同样</span></span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/0YvAy5BgkyO4wceaOIDf8LDwPRuzkEK1ZTWibjBBgcqhwdhvzQfibNxagdIjew5RGcJTp1j1KHO8tthJTyRXoVaA/640?wx_fmt=png&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">成功连接木马,<span style="color: black;">此刻</span>弹到<span style="color: black;">咱们</span>的服务器上</span></p>
    <h1 style="color: black; text-align: left; margin-bottom: 10px;"><strong style="color: blue;">服务器监听</strong></h1><span style="color: black;"><span style="color: black;">nc</span> -lvvp 监听端口</span>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><strong style="color: blue;"><span style="color: black;">在受害机上连接服务器</span></strong></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/0YvAy5BgkyO4wceaOIDf8LDwPRuzkEK1ia2dzvoccrD0P0hEI0eHST6pupJwUGj63jrse4tzicaxicOJGxyXc8H5w/640?wx_fmt=png&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">成功接收!</p>

    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_jpg/0YvAy5BgkyOrsBOt7HsApvZpt7wbZqc45oza1pIoqeXpTX5Nj3KhcEsPKavfur3xpTfHpYy4k8YoQvojo4lC4w/640?wx_fmt=jpeg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p><img src="data:image/svg+xml,%3C%3Fxml version=1.0 encoding=UTF-8%3F%3E%3Csvg width=1px height=1px viewBox=0 0 1 1 version=1.1 xmlns=http://www.w3.org/2000/svg xmlns:xlink=http://www.w3.org/1999/xlink%3E%3Ctitle%3E%3C/title%3E%3Cg stroke=none stroke-width=1 fill=none fill-rule=evenodd fill-opacity=0%3E%3Cg transform=translate(-249.000000, -126.000000) fill=%23FFFFFF%3E%3Crect x=249 y=126 width=1 height=1%3E%3C/rect%3E%3C/g%3E%3C/g%3E%3C/svg%3E" style="width: 50%; margin-bottom: 20px;">
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><strong style="color: blue;"><span style="color: black;">举荐</span>阅读</strong></span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><strong style="color: blue;"><a style="color: black;">干货&nbsp;|&nbsp;</a>渗透知识库(鹏组安全)</strong></span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><strong style="color: blue;"><a style="color: black;">实战 | 记一次渗透测试(绕过某塔)</a></strong></span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><a style="color: black;"><strong style="color: blue;">免杀 |&nbsp;mimikatz.exe bypass360<span style="color: black;">整家</span>桶</strong></a></p>好文分享<span style="color: black;">保藏</span>赞一下最美点在看哦




4zhvml8 发表于 2024-10-10 02:46:27

你的话语如春风拂面,让我心生暖意。
页: [1]
查看完整版本: 记一次对某外挂辅助网站的getshell