In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-03-30 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)05/31 Report--
The content of this article mainly focuses on how to trace the source of the loophole analysis of uploading WebShell files in Mohist shooting range. The content of the article is clear and clear. It is very suitable for beginners to learn and is worth reading. Interested friends can follow the editor to read together. I hope you can get something through this article!
1. After opening the URL, I found that it was an uploaded page.
two。 Upload the file with the suffix php directly, and find that it cannot be uploaded
3. Use BurpSuite to grab the package, and change the suffix of the uploaded file with the suffix php to php5, which can be bypassed
4. Use a kitchen knife to connect. Find a file with KEY in the var/www/html directory and open it to see key.
5. Open another URL, which is also an upload page, but set the upload list and only allow files to be uploaded with the suffix .gif .jpg .png.
6. Let's write a txt one-sentence Trojan and change its suffix to jpg
7. When uploading, use BurpSiuit to grab the package, and modify the file suffix to show that the upload is successful.
8. Use ant sword to connect and find key in var/www/html
Thank you for your reading, I believe you have a certain understanding of "how to trace the source of loophole analysis of uploading WebShell files in Mohist shooting range". Go to practice quickly, if you want to know more related knowledge points, you can follow the website! The editor will continue to bring you better articles!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.