forked from Mr-xn/Penetration_Testing_POC
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
11 changed files
with
412 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,84 @@ | ||
| tp5-getshell.py - thinkphp5 rce漏洞检测工具 | ||
| == | ||
|
|
||
| ----------------------- | ||
|
|
||
|
|
||
| # 概述 | ||
|
|
||
|
|
||
| 控制器过滤不严导致rce,漏洞详情参考 | ||
|
|
||
| [thinkphp5 RCE漏洞重现及分析](demo/lsablog.com-ThinkPHP5 RCE漏洞重现及分析.pdf) | ||
|
|
||
| <br/> | ||
| 本工具支持单url/批量检测,有phpinfo模式、cmd shell模式、getshell(写一句话)模式,批量检测直接使用getshell模式。 | ||
|
|
||
| <br/> | ||
|
|
||
| ----------------------- | ||
|
|
||
|
|
||
|
|
||
|
|
||
| # 需求 | ||
|
|
||
|
|
||
| python2.7 | ||
|
|
||
| <br/> | ||
| pip install -r requirements.txt | ||
|
|
||
| <br/> | ||
|
|
||
| ----------------------- | ||
|
|
||
|
|
||
|
|
||
| # 快速开始 | ||
|
|
||
|
|
||
| python tp5-getshell.py -h<br/> | ||
|
|
||
| <br/> | ||
| <br/> | ||
| 单url检测(phpinfo模式)<br/> | ||
|
|
||
| 使用4种poc-phpinfo检测<br/> | ||
|
|
||
| python tp5-getshell.py -u http://www.xxx.com:8888/think5124/public/<br/> | ||
| <br/> | ||
| <br/> | ||
|
|
||
| 单url检测(getshell模式)<br/> | ||
|
|
||
| 使用3种exp进行getshell,遇到先成功的exp就停止,防止重复getshell<br/> | ||
|
|
||
| python tp5-getshell.py -u http://www.xxx.com:8888/think5124/public/ –exploit<br/> | ||
|
|
||
| <br/> | ||
| <br/> | ||
|
|
||
| 单url检测(cmd shell模式)<br/> | ||
|
|
||
| python tp5-getshell.py -u http://www.xxx.com/ –cmdshell<br/> | ||
|
|
||
| <br/> | ||
| <br/> | ||
|
|
||
| 批量检测(getshell)<br/> | ||
|
|
||
| 使用3种exp进行getshell,遇到先成功的exp就停止,防止重复getshell<br/> | ||
|
|
||
| python tp5-getshell.py -f urls.txt -t 2 -s 10<br/> | ||
| <br/> | ||
| <br/> | ||
|
|
||
| ---------------------- | ||
|
|
||
| # 反馈 | ||
|
|
||
| 博客: http://www.lsablog.com/<br/> | ||
| gmail: [email protected]<br/> | ||
| qq: [email protected]<br/> | ||
| issues: https://github.com/theLSA/tp5-getshell/issues |
1 change: 1 addition & 0 deletions
1
tp5-getshell/batch_result/20181212002851/20181212002851/success.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| shell in here |
Binary file not shown.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| requests==2.20.0 | ||
| beautifulsoup4==4.6.3 |
Oops, something went wrong.