滲透

Penetration Testing 筆記

索引

偵查 (Reconnaissance)

Google Hacking

MySQL 枚舉

採用digininja的模塊auxiliary/scanner/mysql/mysql_file_enum ,這個模塊採用MySQL File System Enumeration – UPDATED的原理

模塊作者貼文Metasploit MySQL Directory/File Brute Forcer

Credential Access

參見

完全交互反向shell

方法1

透過python與bash讓reverse shell可以變成完全交互終端,不過因為沒有回復原本的stty可能會導致終端有點問題,實做方法參見Upgrading simple shells to fully interactive TTYs

方法2

該方法修復stty配置2,並且方法1所提供的Python pty module3

nc -l -p 1337
# in rev shell
python -c 'import pty; pty.spawn("/bin/bash")'
# Control-Z
s=$(stty -g); stty -icanon -echo -isig; fg; stty "$s"

相關鏈接

  1. Security in PHP - 那些在滲透測試的小技巧 ↩︎

  2. How can I upgrade a primitive Netcat shell to a fully-featured login shell with tab-completion and line editing? ↩︎

  3. https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/ ↩︎

Pentest