1

我正在尝试在网络安全课程中进行黑客练习。但是,我坚持理解如何使用 Burp Suite。

这是原始数据:

GET /ekohshahrabohpha/cgi-bin/users.php HTTP/1.1
Host: 134.219.148.11:61166
Connection: close
Accept: */*
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/601.4.4 (KHTML, like Gecko) Version/9.0.3 Safari/601.4.4
Accept-Language: en-us
Referer: http://134.219.148.11:61166/ekohshahrabohpha/
Accept-Encoding: gzip, deflate

这是标头 - 如何编辑标头以包含一些 bash 命令注入以访问以下 URL?

GET /ekohshahrabohpha/ HTTP/1.1
Host 134.219.148.11:61166
Accept-Encoding gzip, deflate
User-Agent Mozilla/5.0(Macintosh; Intel Mac OS X ... )
Accept-Language en-us
Cache-Control max-age=0
Connection close

我试图破解的IP地址是:134.219.148.11.61166

当我打破它时,我会得到一个新的IP地址。

下面是页面的源代码。

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Level 2</title>
    <link href="http://netdna.bootstrapcdn.com/bootstrap/3.0.0/css/bootstrap.min.css" rel="stylesheet">
    <link href="http://netdna.bootstrapcdn.com/bootstrap/3.0.0/css/bootstrap-theme.min.css" rel="stylesheet">
    <link href="site.css" rel="stylesheet">
  </head>

<body>
  <div class="container">
    <div class="page-header">
      <h1>Level 2</h1>
      <p class="lead">
        <h2>Active Users</h2>
      </p>
    </div>


    <div id="userlist">
      <pre>Checking for users...</pre>
    </div>
  </div>
<script language="JavaScript">
var http_request = false;

  function getusers() {
    if (window.XMLHttpRequest) { // non IE
      http_request = new XMLHttpRequest();
    }
    else if (window.ActiveXObject) { //
      try {
        http_request = new ActiveXObject("Microsoft.XMLHTTP");
      }
      catch (error) {}
    }
    if (!http_request) {
      alert('Cannot create XML HTTP instance');
      return false;
    }

    http_request.onreadystatechange = stateManager;
    var myurl = "cgi-bin/users.php";
    var f = document.getElementById("filter");
    if (f != null) {
      if (f.value != '') {
        myurl = myurl + "?filter=" +  f.value;
      }
    }
    http_request.open("GET", myurl, true);
    http_request.send(null);
  }

  function stateManager() {
    if (http_request.readyState == 4) {
      if (http_request.status == 200) {
        updatepage(http_request.responseText);
      } else {
        alert('There was a problem with the request.');
      }
    }
  }

  function updatepage(str) {
    document.getElementById("userlist").innerHTML = str;
  }

  setTimeout("getusers()", 5000);
</script>
</body>
</html>
4

0 回答 0