2024-07-12
한어Русский языкEnglishFrançaisIndonesianSanskrit日本語DeutschPortuguêsΕλληνικάespañolItalianoSuomalainenLatina
In the previous issue, we used a one-sentence Trojan to implement a persistent backdoor on the target host.
I use Ant Sword, here is the installation and usage reference for Ant Sword:
download link:
GitHub - AntSwordProject/AntSword-Loader: AntSword Loader
Install and use:
Ideas for using cms to manage backend GETSHELL:
(1) File upload function - upload Webshell
(2) Edit the default template file - replace the original code
(3) Install the plugin
(4) Editor defects
There are many methods, we use the file upload function GETSHELL in the YXCMS background.
We see that the login address on the website announcement information is /index.php?r=admin added after the website
Default username: admin Default password: 123456 Go in and see what’s going on.
We have logged in. This YXCMS has many functions. This time we will start with the front-end template.
Step 1: Click on Manage Template Files
Step 2: Click Create New
We write a one-sentence Trojan here, and the one-sentence Trojan is the same as the previous one.
After writing, just click Create and it will show that the creation is successful. Let’s try to connect using Ant Sword.
Before using the ant sword to connect, you must first determine the path of this file. So how do we know where the path of this file is?
We previously found a backup file through directory enumeration. After downloading it, we searched for the file and found the file name already existed in this folder.
Let's find the file info.php.
This info.php file is the path of the Trojan file that we uploaded through the Web background.
We can enter Windows 7 to verify whether it is this path:
Now you can see the GETSHELL.php file we just wrote.
URl fills in the file path we wrote.
pwd is the password. Our password is cmd because the parameter in our Trojan is cmd. Fill in the corresponding password according to your own parameters. After filling in, click Add to save.
Just right-click and select Terminal, so we can manage CMSGETSHELL through the website.
I have devoted myself to the research of technology for more than 30 years. I am proficient in various languages such as Java, Linux, JavaScript, PHP, CSS, etc. I have made many contributions in the field of open source. I have established a developer documentation site to share some problems in technology development for everyone to read.
