{"id":414,"date":"2015-11-15T14:39:30","date_gmt":"2015-11-15T06:39:30","guid":{"rendered":"http:\/\/www.huike007.cn\/?p=414"},"modified":"2015-11-15T14:39:30","modified_gmt":"2015-11-15T06:39:30","slug":"linux%e5%ae%89%e5%85%a8%e8%bf%90%e7%bb%b4%e5%91%bd%e4%bb%a4","status":"publish","type":"post","link":"http:\/\/www.huike007.cn\/?p=414","title":{"rendered":"linux\u5b89\u5168\u8fd0\u7ef4\u547d\u4ee4"},"content":{"rendered":"

\u5e38\u7528\u547d\u4ee4
\n1. \u67e5\u627e\u5173\u952e\u8bcd\u5e76\u7edf\u8ba1\u884c\u6570
\ncat 2015_7_25_test_access.log | grep “sqlmap” | wc -l
\n2. \u5220\u9664\u542b\u6709\u5339\u914d\u5b57\u7b26\u7684\u884c
\nsed -i ‘\/Indy Library\/d’ 2015_7_25_test_access.log
\n3. \u67e5\u627e\u6240\u6709\u65e5\u5fd7\u4e2d\u7684\u5173\u952e\u8bcd
\nfind .\/ -name “*.log” |xargs grep “sqlmap” |wc -l
\n4. \u83b7\u53d6\u7279\u6b8a\u884c(\u5982id)\u5e76\u4e14\u6392\u5e8f\u7edf\u8ba1
\ncat cszl988.log | awk ‘{print $1}’ | awk -F : ‘{print $2}’ | sort -u | wc -l
\n5. \u6b63\u5219\u5339\u914d\u5185\u5bb9(\u5982\u63d0\u53d6ip)
\ngrep -E -o “([0-9]{1,3}[\\.]){3}[0-9]{1,3}”
\n6. \u53bb\u91cd\u5e76\u7edf\u8ba1\u6570\u91cf
\ntail 3.log | awk ‘{print $7}’ | sort | uniq -c
\n7. \u6279\u91cf\u63d0\u53d6(\u5168\u6d41\u91cf\u4e2d)\u6570\u636e\u5305\u5e76\u4e14\u8fc7\u6ee4\u6570\u636e
\n#!\/bin\/bash
\nfor file in ` ls $1 `
\ndo
\nparse_pcap -vvb $file | grep -v “Host:” | grep -v “Cookie:” | grep -v “User-Agent:” | grep -v “Accept:” | grep -v “Accept:” | grep -v “Accept-Language:” | grep -v “Accept-Encoding:” | grep -v “Connection:” | grep -v “Content-Type:” | grep -v “Content-Length” | grep -v
\n“Server”
\ndone
\n8. url \u89e3\u7801
\ncat luban.log | grep sqlmap | awk ‘{print $7}’ | xargs python -c ‘import sys, urllib; print urllib.unquote(sys.argv[1])’
\n\u793a \u8303
\nxxxx\u7ad9\u6ce8\u5165\u65e5\u5fd7\u6392\u67e5
\n* \u67e5\u770b\u6240\u6709sqlmap\u6ce8\u5165\u8bb0\u5f55\u6761\u6570
\n[root@pentest temp]# cat luban.log | grep sqlmap | wc -l
\n1241
\n* \u9884\u89c8\u51e0\u6761url
\ncat luban.log | grep sqlmap | awk ‘{print $7}’ | more
\n\/news.php?id=771%28.%28%22%29.%27%29%29%27&fid=168
\n\/news.php?id=771%27IddP%3C%27%22%3EvCBw&fid=168
\n\/news.php?id=771%29%20AND%201148%3D8887%20AND%20%288975%3D8975&fid=168
\n\/news.php?id=771%29%20AND%208790%3D8790%20AND%20%287928%3D7928&fid=168
\n\/news.php?id=771%20AND%204294%3D9647&fid=168
\n\/news.php?id=771%20AND%208790%3D8790&fid=168
\n\/news.php?id=771%27%29%20AND%205983%3D7073%20AND%20%28%27UwRr%27%3D%27UwRr&fid=168
\n\/news.php?id=771%27%29%20AND%208790%3D8790%20AND%20%28%27hwaT%27%3D%27hwaT&fid=168
\n\/news.php?id=771%27%20AND%206578%3D7565%20AND%20%27EoTZ%27%3D%27EoTZ&fid=168
\n\/news.php?id=771%27%20AND%208790%3D8790%20AND%20%27lBdL%27%3D%27lBdL&fid=168
\n\/news.php?id=771%25%27%20AND%205177%3D1107%20AND%20%27%25%27%3D%27&fid=168
\n\/news.php?id=771%25%27%20AND%208790%3D8790%20AND%20%27%25%27%3D%27&fid=168
\n* \u65b9\u4fbf\u67e5\u770b urldecode
\ncat luban.log | grep sqlmap | awk ‘{print $7}’ | xargs python -c ‘import sys, urllib; print urllib.unquote(sys.argv[1])’
\n\/news.php?id=771&fid=168
\n\/news.php?id=771&fid=168 AND ASCII(SUBSTRING((SELECT DISTINCT(COALESCE(CAST(schemaname AS CHARACTER(10000)),(CHR(32)))) FROM pg_tables OFFSET 1 LIMIT 1)::text FROM 3 FOR 1))>
\n97
\n\/news.php?id=771&fid=168 UNION ALL SELECT NULL,(CHR(113)||CHR(122)||CHR(106)||CHR(120)||CHR(113))||(CHR(103)||CHR(75)||CHR(78)||CHR(87)||CHR(76)||CHR(74)||CHR(110)||CHR(1
\n15)||CHR(100)||CHR(85))||(CHR(113)||CHR(122)||CHR(120)||CHR(113)||CHR(113)),NULL,NULL,NULL,NULL,NULL,NULL,NULL UNION ALL SELECT NULL,(CHR(113)||CHR(122)||CHR(106)||CHR(120)||CHR(113))||(CHR(113)||CHR(71)||C
\nHR(74)||CHR(82)||CHR(101)||CHR(120)||CHR(69)||CHR(112)||CHR(117)||CHR(79))||(CHR(113)||CHR(122)||CHR(120)||CHR(113)||CHR(113)),NULL,NULL,NULL,NULL,NULL,NULL,NULL–<\/p>\n","protected":false},"excerpt":{"rendered":"

\u5e38\u7528\u547d\u4ee4 1. \u67e5\u627e\u5173\u952e\u8bcd\u5e76\u7edf\u8ba1\u884c\u6570 cat 2015_7_25_test_access.log | grep […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[178],"tags":[],"_links":{"self":[{"href":"http:\/\/www.huike007.cn\/index.php?rest_route=\/wp\/v2\/posts\/414"}],"collection":[{"href":"http:\/\/www.huike007.cn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.huike007.cn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.huike007.cn\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.huike007.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=414"}],"version-history":[{"count":2,"href":"http:\/\/www.huike007.cn\/index.php?rest_route=\/wp\/v2\/posts\/414\/revisions"}],"predecessor-version":[{"id":416,"href":"http:\/\/www.huike007.cn\/index.php?rest_route=\/wp\/v2\/posts\/414\/revisions\/416"}],"wp:attachment":[{"href":"http:\/\/www.huike007.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=414"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.huike007.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=414"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.huike007.cn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=414"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}