Shulou(Shulou.com)05/31 Report--

This article mainly introduces the PhpMyAdmin background getshell example analysis, has a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, the following let the editor take you to understand.

Introduction to PhpMyAdmin

PhpMyAdmin is a database management tool based on PHP and constructed on the host of the website in the way of Web-Base, which allows managers to use Web interface to manage MySQL database. Through this Web interface, it can become a better way to input complicated SQL syntax in a simple way, especially to deal with the import and export of a large amount of data.

After collecting and detecting the information of the target, when it is found that there is a phpmyadmin directory (try: http://ip: port / phpmyadmin/), and then enter the management backend through a weak password (you can directly try to download the account root password root) or brute force cracking, there are many ways to getshell.

Into outfile Export Trojan Horse

If you want to insert a Trojan horse inside the site, you need to know the absolute path of the site, and there are many ways, such as getting the path through error reporting, phpinfo.php, and so on (see another blog post: https://blog.csdn.net/weixin_39190897/article/details/99078864).

The most convenient thing is to check it directly with select @ @ basedir; (but sometimes you can't find it, so you have to find another way):

Based on the feedback above, we can see that the location of MySQL is in the D:\ soft\ phpStudy\ MySQL\ directory.

After obtaining the path to the website, you can attempt to upload the Trojan horse. The most common way is to write a sentence Trojan horse directly to the root directory of the website through into outfile:

Select''into outfile' D:\ soft\ phpStudy\ www\ xxx.php'

But in the new version of mysql, this sentence did not work successfully.

The new Mysql feature, secure_file_priv, has an impact on reading and writing files, and this parameter is used to restrict imports and exports. We can view this parameter with the show global variables like'% secure%'; command:

When secure_file_priv is NULL, it means that the restriction Mysql does not allow import and export, so an error occurs. To export the statement successfully, you need to modify the my.ini file under the Mysql folder and add secure_file_priv = "" in [mysqld]:

When the value of secure_file_priv does not have a specific value, no restrictions are imposed on the import / export of mysqld, and the export command can be executed at this time.

Using Mysql log files

Log files are created above version 5.0 of Mysql. By modifying the global variables of the log, you can also getshell. However, you should also have read and write access to the generated log. (note: the personal test of linux was not successful due to permission problems.) Let's start with two MySQL global variables: general_log and general_log file.

"general log" refers to the saved status of the log. "ON" means to enable "OFF" means to shut down.

General log file refers to the path where the log is saved.

Command to view log status: show variables like'% general%'

In the above configuration, when general is turned on, the sql statements executed will appear in the WIN-30DFNC8L78A.log file.

Then, if you change the value of general_log_file, the executed sql statement will be generated accordingly, which in turn will getshell.

The corresponding xxx.php file will be generated.

Write a sentence to the xxx.php file: SELECT''

Then you can see that the Trojan statement is recorded in the log file:

Finally, Chinese kitchen knife connection, getshell:

Thank you for reading this article carefully. I hope the article "sample Analysis of PhpMyAdmin background getshell" shared by the editor will be helpful to you. At the same time, I also hope you will support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.