ͻ񻣼
Ç°ÑÔ£ºMalleable C2±àдprofileµÄѧϰ±Ê¼Ç ²Î¿¼ÎÄÕ£ºhttps://github.com/rsmudge/Malleable-C2-Profiles ²Î¿¼ÎÄÕ£ºhttps://www.cobaltstrike.com/help-malleable-c2 #ʲôÊÇMalleable ÔĶÁÈ«ÎÄ
¸ÃÎı»ÃÜÂë±£»¤¡£ ÔĶÁÈ«ÎÄ
ͻ񻣼
Ç°ÑÔ£º¹ÒÆð״̬Ï´´½¨×Ó½ø³ÌÈƹý360´´½¨Óû§ #Èƹý·½°¸ 1£®ÔÚ¹ÒÆð״̬Ï´´½¨×Ó½ø³Ì£» 2£®Ê¹ÓÃNtQueryInformationProcess¼ìË÷PEBµØÖ·£» 3£®Ê¹ÓÃWriteProcessMemory¸²¸Ç´æ´¢ÔÚPEBÖеÄÃüÁîÐÐÊý¾Ý£» 4£®»Ö¸´½ø³Ì£» #´úÂëʵÏÖ ``` #include #i ÔĶÁÈ«ÎÄ
ͻ񻣼
½ñÌì¿´ÁËÁ½Æª¹ØÓÚRundll32µÄÎÄÕ ·¢ÏÖRundll32»¹¿ÉÒÔµ÷ÓÃDLL×Ô¶¨Òåµ¼³öº¯Êý ±ÈÈ磺Äã×Ô¼ºÐ´ÁËÒ»¸ödllÎļþ£¬ÀïÃæÓе¼³öº¯Êý£¬ÄÇôÔÚRundll32ÉÏÃæ¾Í¿ÉÒÔ½øÐиÃdllº¯ÊýµÄµ÷Ó㬱ÈÈçÏÂÃ棺 Rundll32µ÷Óà DLL×Ô¶¨Òåµ¼³öº¯Êý¸ñʽ£º ÀýÈ磺rundll32.exe "dllN ÔĶÁÈ«ÎÄ
ͻ񻣼
ȺÀïÓдóÀÐ˵µ½Õâ¸ö ×Ô¼ºÒ²ÊǵÚÒ»´Î¼û ÏÈ·¢¸öÎÄÕ£¬µ½Ê±ºò×Ô¼º²¹ÉÏ£¬Ì«°ôÁË ÓÖѧµ½Ðí¶à ¸Ðл£¡£¡£¡ ÔÓÉ£ºµ±Ò»¸öÓò»úÆ÷µÄLsassÄÚ´æÖб£´æÁËÓò¹ÜµÄÃ÷ÎÄÃÜÂ룬µ«ÊÇ»·¾³Óп¨°Í˹»ùµÄ´æÔÚ£¬Ìصã¶ÔÄÚ´æ¾ßÓб£»¤£¬²»ÄÜÓÃmimikatz»òÕßÀàËƵÄת´¢²Ù×÷½øÐÐDump£¬È»ºó½øÐжÁÈ¡ ×Ô¼ºÀí½âµÄɱ¶¾Ó¦¸ÃÊÇ¶Ô »òÕß ÔĶÁÈ«ÎÄ
ͻ񻣼
Ç°ÑÔ£ºDetours Hook RdpʵÏÖ±Ê¼Ç ¹ØÓÚDetours¿â 1¡¢DetoursÊÇ΢ÈíÌṩµÄÒ»¸ö¿ª·¢¿â£¬Ê¹ÓÃËü¿ÉÒÔ¼òµ¥¡¢¸ßЧ¡¢Îȶ¨µØʵÏÖAPI HOOKµÄ¹¦ÄÜ¡£ 2¡¢DetoursÊÇÒ»¸ö¿ÉÒÔÔÚx86¡¢x64ºÍIA64ƽ̨ÉϲâÊÔÈa56爆大奖在线娱乐âWin32º¯ÊýµÄ³ÌÐò¿ª·¢¿â¡£Ëü¿ÉÒÔͨ¹ýΪĿ±êº¯ÊýÖØдÔÚÄÚ´æÖÐµÄ ÔĶÁÈ«ÎÄ
¸ÃÎı»ÃÜÂë±£»¤¡£ ÔĶÁÈ«ÎÄ
ͻ񻣼
Ç°ÑÔ£ºMysql Èa56爆大奖在线娱乐â¶ÁÈ¡¿Í»§¶ËÎļþ±Ê¼Ç ²Î¿¼ÎÄÕ£ºhttps://www.lorexxar.cn/2020/01/14/css-mysql-chain/ #load data infile load data infile "/etc/passwd" into table test FIELDS ÔĶÁÈ«ÎÄ
ͻ񻣼
1¡¢ÏµÍ³ÃüÁîÖ´Ðк¯ÊýµÄºÚÃûµ¥Èƹý system() shell_exec(£© === ``·´ÒýºÅ exec() passthru() popen() proc_open() pcntl_exec() dl() // ¼ÓÔØ×Ô¶¨Òå php À©Õ¹£¬5.3ÒÔºó±»·ÏÆú include include int ÔĶÁÈ«ÎÄ
ͻ񻣼
ÀûÓó¡¾°£ººǫ́´æÔÚÌí¼Ó¹ÜÀíÔ±µÄ¹¦ÄÜ£¬ÈçÏ£º ½øÐÐ×¥°ü¹Û²ì£¬·¢Ïֳɹ¦×¥°ü ÄÇôΪÁË·ÀÖ¹ÀàËƵÄCSRF¹¥»÷µÄ»°£¬¿Ï¶¨ÐèÒª½øÐзÀÓù´ëÊ©£º 1¡¢ÑéÖ¤ÇëÇóÊÇ·ñtokenºÏ·¨ 2¡¢ÅжÏÇëÇóµÄÀ´Ô´ÊÇ·ñºÏ·¨ tokenÑéÖ¤£º ÖØнøÐÐ×¥°ü£¬ÈçÏ£¬·¢ÏÖÌí¼Ó³É¹¦ Èç¹ûɾ³ýtokenµÄ»°ÔٴβâÊÔ£¬Ìí¼Óʧ°Ü ÅжÏÇëÇóµÄÀ´Ô´ ÔĶÁÈ«ÎÄ