蚁剑菜刀虚拟终端执行命令返回ret=127之bypass(The virtual terminal of ant sword kitchen knife executes the command and returns the bypass of RET = 127)

当我们成功上传到网站一句话木马的时候发现无法在虚拟终端执行命令。发现大神有做此问题的bypass,在此复现一下。

虚拟终端出现ret=127

然后我们从Github上下载bypass的两个关键文件,地址点我.

将这两个文件上传到目标站点目录下,推荐根目录

然后我们需要在当前目录下建个临时目录,存放临时文件,此处我建的名字为tempcmd,然后在该目录下再建个临时文件,此处我建的是temp文件

然后根据作者的提示构造payload

PLAINTEXT
1
bypass_disablefunc.php?cmd=pwd&outpath=/www/xxxx/xxxx/tempcmd/temp&sopath=/www/xxxx/xxxx/bypass_disablefunc_x64.so
cmd=pwd参数则是我们执行命令的参数

然后我们直接浏览器访问,此处我构造的是ls命令,其他命令也是可以的。(当前权限是www权限)

成功执行。

END

作者: Guf
链接: https://blog.gcoperation.top/posts/942b7e00/
来源: Guf’s Blog
著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。

具体原理:

https://zhuanlan.zhihu.com/p/77162294

————————

When we successfully uploaded the one sentence Trojan horse to the website, we found that we could not execute commands on the virtual terminal. It is found that the great God has a bypass for this problem. Repeat it here.

RET = 127 in virtual terminal

Then we download two key files of bypass from GitHub, and click me for the address

Upload these two files to the directory of the target site and recommend the root directory

Then we need to create a temporary directory under the current directory to store temporary files. Here, the name I created is tempcmd, and then create a temporary file under this directory. Here, I created a temp file

Then construct the payload according to the author’s tips

PLAINTEXT
1
bypass_disablefunc.php?cmd=pwd&outpath=/www/xxxx/xxxx/tempcmd/temp&sopath=/www/xxxx/xxxx/bypass_disablefunc_x64.so
cmd=pwd参数则是我们执行命令的参数

Then we can visit the browser directly. Here I construct LS command, and other commands are also available. (the current permission is www permission)

Successfully executed.

END

Author: guf
Link: https://blog.gcoperation.top/posts/942b7e00/
Source: guf’s blog
The copyright belongs to the author. For commercial reprint, please contact the author for authorization. For non-commercial reprint, please indicate the source.

Specific principle:

https://zhuanlan.zhihu.com/p/77162294