Title: Record the penetration experience of an illegal website

0x01 Introduction 

During the information collection of offense and defense drills, it was found that the website and the asset website given were the same IP segment, so there was a penetration of the illegal site.

Dictionary and other resource files can be obtained at the end

0x02 SQL vulnerability discovery

Visit the site

Use plug-in to view the site as php

Regular directory scan

front desk

After logging in with one click, I found that there was injection at the new address

0x03 Further exploitation

Here it is prompted that you need to get the parameter. After filling in a random number request at the address.php request, continue to fill in the information and grab the packet and run SQLmap

After a long wait, it was found that there were boolean blind and error injections.

Next, find the site backend management address

Log in to the background using the injected account password

0x04 Upload any file

Looking for upload points

Upload

Access path

Upload php directly and lift it away

So far, I took this site, and took it away in one simple and efficient way!