本文最后更新于:1 个月前
php
apache:
开局扫web目录下所有php文件,加白名单到.htaccess下
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
| #!/bin/bash
directory="/var/www/html" whitelist_file="whitelist.txt" htaccess_file="$directory/.htaccess"
if [ -d "$directory" ]; then echo "扫描目录: $directory,生成白名单和.htaccess文件"
find "$directory" -type f -name "*.php" > "$whitelist_file"
echo "# 限制不在白名单中的PHP文件的访问" > "$htaccess_file" echo "<FilesMatch \".*\.php$\">" >> "$htaccess_file" echo " Order Deny,Allow" >> "$htaccess_file" echo " Deny from all" >> "$htaccess_file" echo "</FilesMatch>" >> "$htaccess_file"
while IFS= read -r php_file; do relative_path="${php_file#$directory/}" echo "<Files \"${relative_path}\">" >> "$htaccess_file" echo " Order Allow,Deny" >> "$htaccess_file" echo " Allow from all" >> "$htaccess_file" echo "</Files>" >> "$htaccess_file" done < "$whitelist_file"
echo ".htaccess文件已生成,并配置了白名单访问规则。" else echo "目录不存在: $directory" fi
|
找到上传目录,只允许读取图片格式的文件.htacces
1 2 3 4 5 6 7 8 9
| <FilesMatch "\.(jpg|jpeg|png|gif)$"> Order Allow,Deny Allow from all </FilesMatch>
<FilesMatch "\.(php|html|htm|txt|gif)$"> Order Deny,Allow Deny from all </FilesMatch>
|
nginx:
jsp
asp
有时候比赛很抽象,不给你重启命令,也不知道是不是热部署怎么办,不kill掉原先进程必然导致端口占用
以下命令获取对应进程pid
1
| ps aux | grep '[j]ava -jar' | awk '{print $2}'
|
配合kill
1
| kill -9 $(ps aux | grep '[j]ava -jar' | awk '{print $2}')
|
然后重启就好啦
还有的时候,你不知道替换的目录所在位置
1
| cat $(dirname `find / -name 'explorer.php' 2>/dev/null`)/.php
|
Python
1 2 3 4 5
| #!/bin/sh
cp /app.py /app/app.py ps -ef | grep python | grep -v grep | awk '{print $2}' | xargs kill -9 cd /app && nohup python app.py >> /opt/app.log 2>&1 &
|
Node
1 2 3 4 5
| #!/bin/sh
cp server.js /app/server.js ps -ef | grep node | grep -v grep | awk '{print $2}' | xargs kill -9 cd /app && nohup node server.js >> /opt/aa.log 2>&1 &
|
参考文章
https://blog.csdn.net/weixin_51614272/article/details/125527593
内网渗透阶段
arp -a
./frpc -c frpc.toml > /dev/null 2>&1 & 后台运行frpc
ps aux
ps -ef | grep nginx
ip addr(看ip)
PsExec.exe -s -i -d cmd 管理员运行,出现system权限命令行
/var/opt/gitlab/redis/redis.conf