ADS隐藏后门

@Author: Patrilic
@Time: 2019-04-18 11:20:33

高铁上没事干,把以前的笔记总结一下
[toc]

阅读全文

MySQL Injection Tricks

@Author: Patrilic
@Time: 2019-04-14 23:20:33

总结一波MySQL下各式各样等注入技巧~
Test Machine Configuration

阅读全文

Upload-labs Writeup

@Author: Patrilic
@Time: 2019-01-05 11:20:33

Pass-01

JS判断
15204cc819f306938e0e05fab0c8a733
直接禁用js就行了
bd503f9c02ce3837249b0980b43c964f

阅读全文

HCTF2018 Kzone Write-up

0x01 Analyse

3d60020e7fe085411c676e26b845a90c

阅读全文

bypassUAC_via_comhijacking

@Author: Patrilic
@Time: 2019-02-03 13:12:49

0x01 Com劫持原理

利用CLSID搜索顺序:

阅读全文

内网主机发现

@Author: Patrilic
@Time: 2019-02-03 11:59:32

0x01 发现内网存活主机

1.1 基于ARP发现内网主机

nmap

1
nmap -sn -PR 10.253.6.0/24

阅读全文

JS+CHM捆绑后门

@Author: Patrilic
@Time: 2019-02-03 11:58:32

学了一波evi1cg博客上的捆绑后门,做个记录

阅读全文

phpcms_v9.6.0 wap模块 SQL注入

0x01 漏洞分析

漏洞发生在

/Applications/MxSrvs/www/phpcms_V9.6.0/install_package/phpcms/modules/content/down.php

阅读全文

Metinfo 6.0.0 任意代码写入导致getshell

0x01 漏洞分析

漏洞关键点
位于/Applications/MxSrvs/www/MetInfo6.0.0/admin/include/global.func.php中约878行的Copyindx函数

1
2
3
4
5
6
7
8
function Copyindx($newindx,$type){
if(!file_exists($newindx)){
$oldcont ="<?php\n# MetInfo Enterprise Content Management System \n# Copyright (C) MetInfo Co.,Ltd (http://www.metinfo.cn). All rights reserved. \n\$filpy = basename(dirname(__FILE__));\n\$fmodule=$type;\nrequire_once '../include/module.php'; \nrequire_once \$module; \n# This program is an open source system, commercial use, please consciously to purchase commercial license.\n# Copyright (C) MetInfo Co., Ltd. (http://www.metinfo.cn). All rights reserved.\n?>";
$fp = fopen($newindx,w);
fputs($fp, $oldcont);
fclose($fp);
}
}

阅读全文

phpcms_v9.6.0 任意文件上传

0x01 漏洞分析

漏洞 url:

http://localhost/index.php?m=member&c=index&a=register&siteid=1

阅读全文