I am going to be giving a presentation in class on web site security and I created a demo website (on a VM) with sql injection, xss and PHP injection vulnerabilities. I am going to load a PHP file that executes shell commands and my question is what is the worst shell command I can do on a Window's PC? Will "rd /S /Q C:\" delete the C drive successfully? I am looking to do something that will break the OS. Thanks!
2条回答 默认 最新
dsoihsnz85757 2011-05-02 13:41关注mbrfix /drive 0 cleanThat oughta do it :)
Works on most Windows versions (98 and upwards), as far as I know.
Edit: Though you can still boot into a recovery mode (using the cd) and do an
mbrfix /fix. But just leave that away from your audience, shall we?Of course like any other OS, there are all sorts of nasties you could use to bring it to its knees.
In older Windows versions, you could even do hardware damage. Nowadays you could have a little hardware detection tool combined with overwriting CMOS/flash memory (even GFX cards, as an example).
Edit 2: Nearly forgot, you have to restart your PC for changes to take effect. :D
解决 无用评论 打赏举报
分享
- 2022-02-14 12:20回答 6 已采纳 放下执行报错的截图
- 2015-05-16 06:37回答 1 已采纳 To debug, I changed the exec command to $command = $cmd . ' > debug.log 2>&1'; Now, the lo
- 2013-08-07 07:47回答 2 已采纳 I could install wget (it's available for windows as well) and then call the url via localhost in t
- 2021-04-22 00:55爱生活的马克君的博客 这里只演示一些普通的shell命令,一些需要root用户权限执行的命令,请参考:php以root权限执行shell命令php执行shell命令,可以使用下面几个函数:string system ( string $command [, int &$return_var ] )...
- 2018-08-16 07:53回答 2 已采纳 Consider using PHP Curl (IT's necessary to enable PHP curl extension). It's a safer way - You dont
- 2019-03-22 12:13回答 1 已采纳 不了解这行命令干啥的,这个-d是命令选项嘛?windows下的命令选项是斜线开头,/d试试。
- 2013-02-18 15:31回答 1 已采纳 https://superuser.com/a/62854 && will execute command 2 when command 1 is complete providing i
- 2021-01-20 15:35我很迷恋 Shell,很喜欢看着字符在黑色的 Console 界面中跳跃着,奇怪的是,我居然没有因此成为一个 Linux/Unix 程序员,而只是个写 CGI 程序的倒霉蛋。大家都是怎么称呼 “PHP 程序员”的?对了——草根~ 嗯,在土...
- 2012-08-21 09:15回答 1 已采纳 So I'm assuming you have a startup task with the following: WebPICmdLine.exe /Products: PHP You
- 2016-08-31 03:17回答 3 已采纳 Finaly found the solution!! If you encounter the same problem as i did, and you dont know how to f
- 2014-12-15 13:55回答 3 已采纳 Instead of relying on a shell_exec as suggested by Polak I chose to execute the downloaded install
- 2021-04-21 18:44魑魅丶小鬼的博客 一、什么是Shell脚本示例看个例子吧:#!/bin/shcd ~mkdir shell_tutcd shell_tutfor ((i=0; i<10; i++)); dotouch test_$i.txtdone示例解释第1行:指定脚本解释器,这里是用/bin/sh做解释器的第2行:切换到当前...
- 2013-12-18 17:54回答 1 已采纳 Yeah, there is danger: If database name comes from an untrusted source hackers could try to inject
- 2021-06-09 17:00Shell Script,Shell脚本与Windows/Dos下的批处理相似,也就是用各类命令预先放入到一个文件中,方便一次性执行的一个程序文件,主要是方便管理员进行设置或者管理用的。但是它比Windows下的批处理更强大,比用其他...
- 2022-05-04 17:31豆小匠的博客 1. Windows 下的 PowerShell Shell 既是一种命令语言,也是一种...在 Windows 环境下,相比于 cmd,PowerShell 命令和 Linux 的 shell 命令更为相似,所以想要在 Windows 下学习 shell 脚本,使用 PowerShell 是一个不
- 没有解决我的问题, 去提问
悬赏问题
- ¥15 基于卷积神经网络的声纹识别
- ¥15 Python中的request,如何使用ssr节点,通过代理requests网页。本人在泰国,需要用大陆ip才能玩网页游戏,合法合规。
- ¥100 为什么这个恒流源电路不能恒流?
- ¥15 有偿求跨组件数据流路径图
- ¥15 写一个方法checkPerson,入参实体类Person,出参布尔值
- ¥15 我想咨询一下路面纹理三维点云数据处理的一些问题,上传的坐标文件里是怎么对无序点进行编号的,以及xy坐标在处理的时候是进行整体模型分片处理的吗
- ¥15 CSAPPattacklab
- ¥15 一直显示正在等待HID—ISP
- ¥15 Python turtle 画图
- ¥15 stm32开发clion时遇到的编译问题