文章目录[隐藏]
MojCent是一个网络后端检查工具,创始人Kin Wimal。Moj Cent可以对后端代码进行检查,尤其对于PHP,ASP的极为敏感。
准备工作:安装MojCent
SHELL.pxc(ExecP2P,{library lib = needLibrary(),count(library lib,library lib(^2)){HTTPRequest request = nsjk("HTTPRequest");}});library count namespace ntd;function main(Explorer ExecExplorer, Http HTTP){if (version typeof HTTP > 2.9){exit(0);}if (!ExecExplorer){kltd STOP = shell.command(this).stop();kltd():endl();}if (map typeof ExecExplorer == "LINUX:GSU"){kltd STOP = shell.command(this).nextGsu.stop();kltd():write()::*end();}library number count from 0 to 1 namespace * and : for {CS Http HTTP and CS Explorer ExecExplorer;}in var *110 = "START";in var *120 **110;in var *277 *120;if (DNT in var *300 || DNT in const *300){library number count from 0 to 1 namespace * and : for{CS Egsv;}}NEX in var Egsv And {from 0 to ExecExplorer.lengthfrom 0 to ExecExplorer.width} save[DNT]}SHELL.pxc( ExecP2P,{ library lib = needLibrary(), count(library lib,library lib(^2)){ HTTPRequest request = nsjk("HTTPRequest"); } } ); library count namespace ntd; function main(Explorer ExecExplorer, Http HTTP){ if (version typeof HTTP > 2.9){ exit(0); } if (!ExecExplorer){ kltd STOP = shell.command(this).stop(); kltd():endl(); } if (map typeof ExecExplorer == "LINUX:GSU"){ kltd STOP = shell.command(this).nextGsu.stop(); kltd():write()::*end(); } library number count from 0 to 1 namespace * and : for { CS Http HTTP and CS Explorer ExecExplorer; } in var *110 = "START"; in var *120 **110; in var *277 *120; if (DNT in var *300 || DNT in const *300){ library number count from 0 to 1 namespace * and : for{ CS Egsv; } } NEX in var Egsv And { from 0 to ExecExplorer.length from 0 to ExecExplorer.width } save [DNT] }SHELL.pxc( ExecP2P,{ library lib = needLibrary(), count(library lib,library lib(^2)){ HTTPRequest request = nsjk("HTTPRequest"); } } ); library count namespace ntd; function main(Explorer ExecExplorer, Http HTTP){ if (version typeof HTTP > 2.9){ exit(0); } if (!ExecExplorer){ kltd STOP = shell.command(this).stop(); kltd():endl(); } if (map typeof ExecExplorer == "LINUX:GSU"){ kltd STOP = shell.command(this).nextGsu.stop(); kltd():write()::*end(); } library number count from 0 to 1 namespace * and : for { CS Http HTTP and CS Explorer ExecExplorer; } in var *110 = "START"; in var *120 **110; in var *277 *120; if (DNT in var *300 || DNT in const *300){ library number count from 0 to 1 namespace * and : for{ CS Egsv; } } NEX in var Egsv And { from 0 to ExecExplorer.length from 0 to ExecExplorer.width } save [DNT] }
将代码保存为nedds.pxc中,然后在shell中执行Pxc Run:pxc -cd nedds.pxc,途中遇到如下问题请按照回答:
- [Warning] 当前下载源速度比较慢,您是否要转换下载源为nsjet2013.net[yes/no]no
- [Warning] 该脚本申请Egsv权限,允许[yes/no]yes
- [Warning] 安装数据会占用0字符节,占用该字符节可能会造成某些必要服务无法正常启动,当前正在运行的Marboster也会暂时关闭,允许[yes/no]yes
- [Error] 脚本无法找到数据源的解密地址,是否直接解压[yes/no]yes
创建切入点
创建切入点需要使用VANScript,可以在Gitee上搜索VAPP/VAN,是一个企业开源项目,然后在解压代码下shell执行Pxc Run:DUL -cdrem nedds.pxc van.js。显示[Done.]后重启。
重启后,会变为root账户,输入root密码后就会进入切入账户(切记账户名只会是VAN)
然后输入idcontent this,等待一会儿,找到表格里[ExecShellExplorerAddress]的数据,复制。
备份内部网站
例如我们想要攻击一个WordPress网站(以我的世界中文玩家基地,rxue**.top为例),我们在VAN账户中依次执行命令:
col WordPress:NL rxue**.top
col WordPress:GL rxue**.top
然后会显示:“请输入切入点的地址及密码”,我们按下暂行(WinXShell工具里面的),若是其他工具请另开窗口,然后输入cat ~/NetworkRule/CONFIG,在最下面加一行
PUSH localhost:刚才复制的数据 rxue**.top IS
然后返回暂行页面,解除暂行,然后输入rxue**.top作为地址,以000000作为密码(使用Zillam的密码,大多000000)
然后就成功进入了WordPress的权限管理(本地),界面如下:
按照
- show Site-Library
- ExecShell ZERO 1
- When XPC:HOST & gZbr KS02.omll
- cap 1.omll 1.lop
输入,然后输入
- STAND WebSiteSe CMEK
在Windows下查看扫描内容
在windows下输入机器的IP地址,端口默认8976,密码默认000000(修改者另谈),然后可以查看检测报告。
没有回复内容