进阶
Doughnuts可以做到许多事情,比如...
在通过Doughnuts连接至您的webshell之后,您可以借助Doughnuts完成许多事情。这边来,我会将您引入Doughnuts的国度!
命令大纲
通用
page通用命令Commands | Description |
cls / clear | Clear screen |
debug | Open / Close Debug switch |
? / help | Output the help document for the command or all help menu |
log | (Only for *unix) Write input and output to the log |
! / lsh | Run a command on local machine |
sw / switch | (for input Non-alphanumeric) Switch input to raw input |
proxy | Set proxy for requests |
get | Get variable(s), use #{varname} to use it |
set | Set variable, use #{varname} to use it |
save | Save the configuration of the variable(s) to variables.config |
reload | Reload a plugin |
q / quit | Quit this program |
main
pagemain界面命令Commands | Description |
s / show | Show log webshells |
se / show_encoders | Show available encoders |
gen / generate | Generate a webshell using doughnuts encoding |
l / load | Load a webshell from log |
c / connect | Connect to a webshell |
check | Check if each webshell is alive |
rm / remove | Remove a webshell log |
webshell
pagewebshell界面命令COMMON
pageCOMMONCommands | Description |
i / info | Show website information |
env / getenv | print PHP environment variables by ini_get |
ls / dir | List information about the files |
Print disable functions | |
pwd | Print the name of the current working directory |
cd | Change the working directory |
SHELL
pageSHELLCommands | Description |
bs / bindshell | Bind a port and wait for someone to connect to get a shell |
re / reverse | Reverse shell |
rs / reshell | (Only for both system is linux) (Testing command) Bind a local port and waiting for target connect back to get a full shell |
s / shell | Get a temporary shell of target system by system function or just run a shell command |
ws / webshell | Get a webshell of target system or just run a webshell command |
exec / execute | Execute custom php code |
FILE
pageFILECommands | Description |
c / cat | Read file/files |
w / write | Write file |
e / edit | Modify file |
u / upload | Upload file |
d / download | Download file |
mv / move | Rename file or move it to new_file_path |
rm / remove | Delete target system file(s) |
chmod | (Only for *unix) Changes file mode |
t / touch | (Only for *unix) Specify a file whose modification time stamp is the same as a random file in the current directory |
dump | Package and compress files in a folder and download it |
DETECT
pageDETECTCommands | Description |
search | Search file by glob, pattern support . * [...] |
fwpf | Search writable php file |
DATABASE(MYSQL)
pageDATABASECommands | Description |
db_init | Initialize the database connection |
db_info | Output database information |
db_use | Change current database |
db_dbs | Output all databases |
db_tables | Output all tables of a database |
db_columns | Output all columns of a table |
db_shell | Get a temporary sql shell of target system |
db_dump | Dump a database to a file |
OHTER
pageOTHERCommands | Description | |
ag / agent | Intranet agent | |
bobd | (Only for *unix) Try to bypass open_basedir by ini_set and chdir | |
bdf | Try to bypass disable_functions | |
ps / portscan | Scan intranet ports | |
checkvm | Simply check whether the machine is a virtual machine | |
socks | (Only for *unix) Run a socks5 server on the target system by python |
最后更新于