-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy pathwx.html
More file actions
60 lines (54 loc) · 40.1 KB
/
wx.html
File metadata and controls
60 lines (54 loc) · 40.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
<!DOCTYPE html>
<html lang="zh-CN" data-theme="light">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width,initial-scale=1" />
<meta name="generator" content="VuePress 2.0.0-beta.53" />
<meta name="theme" content="VuePress Theme Hope" />
<meta property="og:url" content="https://wintrysec.github.io/wx.html"><meta property="og:site_name" content="网络安全知识库"><meta property="og:title" content="小程序渗透"><meta property="og:type" content="article"><meta property="og:locale" content="zh-CN"><link rel="icon" href="/favicon.ico"><link rel="icon" href="/assets/icon/chrome-mask-512.png" type="image/png" sizes="512x512"><link rel="icon" href="/assets/icon/chrome-mask-192.png" type="image/png" sizes="192x192"><link rel="icon" href="/assets/icon/chrome-512.png" type="image/png" sizes="512x512"><link rel="icon" href="/assets/icon/chrome-192.png" type="image/png" sizes="192x192"><link rel="manifest" href="/manifest.webmanifest" crossorigin="use-credentials"><meta name="theme-color" content="#46bd87"><link rel="apple-touch-icon" href="/assets/icon/apple-icon-152.png"><meta name="apple-mobile-web-app-capable" content="yes"><meta name="apple-mobile-web-app-status-bar-style" content="black"><meta name="msapplication-TileImage" content="/assets/icon/ms-icon-144.png"><meta name="msapplication-TileColor" content="#ffffff"><meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no, viewport-fit=cover"><title>小程序渗透 | 网络安全知识库</title><meta name="description" content="网络安全知识库,渗透测试,web安全,攻防对抗,安全开发,golang,vue3,sqlmap,burpsuite,sql注入,nmap,metasploit,cobaltstrike">
<style>
:root {
--bg-color: #fff;
}
html[data-theme="dark"] {
--bg-color: #1d2025;
}
html,
body {
background: var(--bg-color);
}
</style>
<script>
const userMode = localStorage.getItem("vuepress-theme-hope-scheme");
const systemDarkMode =
window.matchMedia &&
window.matchMedia("(prefers-color-scheme: dark)").matches;
if (userMode === "dark" || (userMode !== "light" && systemDarkMode)) {
document.querySelector("html").setAttribute("data-theme", "dark");
}
</script>
<link rel="preload" href="/assets/style.9d4e7cd8.css" as="style" /><link rel="stylesheet" href="/assets/style.9d4e7cd8.css" />
<link rel="modulepreload" href="/assets/app.3b9f01e1.js"><link rel="modulepreload" href="/assets/wx.html.ac60ecd0.js"><link rel="modulepreload" href="/assets/_plugin-vue_export-helper.cdc0426e.js"><link rel="modulepreload" href="/assets/wx.html.793930ba.js">
</head>
<body>
<div id="app"><!--[--><!--[--><!--[--><span tabindex="-1"></span><a href="#main-content" class="skip-link sr-only">Skip to content</a><!--]--><div class="theme-container no-sidebar has-toc"><!--[--><!--[--><header class="navbar"><div class="navbar-left"><button class="toggle-sidebar-button" title="Toggle Sidebar"><span class="icon"></span></button><!--[--><!----><!--]--><a href="/" class="brand"><img class="logo" src="/logo.svg" alt="网络安全知识库"><!----><span class="site-name hide-in-pad">网络安全知识库</span></a><!--[--><!----><!--]--></div><div class="navbar-center"><!--[--><!----><!--]--><nav class="nav-links"><div class="nav-item hide-in-mobile"><a href="/" class="nav-link" aria-label="项目主页"><span class="icon iconfont icon-home"></span>项目主页<!----></a></div><div class="nav-item hide-in-mobile"><div class="dropdown-wrapper"><button class="dropdown-title" type="button" aria-label="计算机网络"><span class="title"><span class="icon iconfont icon-router"></span>计算机网络</span><span class="arrow"></span><ul class="nav-dropdown"><li class="dropdown-item"><a href="/network/tcp.html" class="nav-link" aria-label="TCP/IP"><!---->TCP/IP<!----></a></li><li class="dropdown-item"><a href="/network/http.html" class="nav-link" aria-label="HTTP"><!---->HTTP<!----></a></li><li class="dropdown-item"><a href="/network/https.html" class="nav-link" aria-label="HTTPS"><!---->HTTPS<!----></a></li><li class="dropdown-item"><a href="/network/dns.html" class="nav-link" aria-label="DNS"><!---->DNS<!----></a></li><li class="dropdown-item"><a href="/network/IP%E7%9B%B8%E5%85%B3%E5%8D%8F%E8%AE%AE.html" class="nav-link" aria-label="IP相关协议"><!---->IP相关协议<!----></a></li><li class="dropdown-item"><a href="/network/Wireshark.html" class="nav-link" aria-label="Wireshark抓包"><!---->Wireshark抓包<!----></a></li></ul></button></div></div><div class="nav-item hide-in-mobile"><div class="dropdown-wrapper"><button class="dropdown-title" type="button" aria-label="Linux系统"><span class="title"><span class="icon iconfont icon-linux"></span>Linux系统</span><span class="arrow"></span><ul class="nav-dropdown"><li class="dropdown-item"><a href="/Linux%E7%B3%BB%E7%BB%9F/Linux%E6%9B%B4%E6%8D%A2%E6%9B%B4%E6%96%B0%E6%BA%90.html" class="nav-link" aria-label="Linux更换更新源"><!---->Linux更换更新源<!----></a></li><li class="dropdown-item"><a href="/Linux%E7%B3%BB%E7%BB%9F/Linux%E5%B8%B8%E7%94%A8%E5%91%BD%E4%BB%A4.html" class="nav-link" aria-label="Linux常用命令"><!---->Linux常用命令<!----></a></li><li class="dropdown-item"><a href="/Linux%E7%B3%BB%E7%BB%9F/%E7%94%A8%E6%88%B7%E7%AE%A1%E7%90%86.html" class="nav-link" aria-label="用户管理"><!---->用户管理<!----></a></li><li class="dropdown-item"><a href="/Linux%E7%B3%BB%E7%BB%9F/%E8%BF%9B%E7%A8%8B%E7%AE%A1%E7%90%86.html" class="nav-link" aria-label="进程管理"><!---->进程管理<!----></a></li><li class="dropdown-item"><a href="/Linux%E7%B3%BB%E7%BB%9F/%E7%BD%91%E7%BB%9C%E7%AE%A1%E7%90%86.html" class="nav-link" aria-label="网络管理"><!---->网络管理<!----></a></li><li class="dropdown-item"><a href="/Linux%E7%B3%BB%E7%BB%9F/%E8%AE%A1%E5%88%92%E4%BB%BB%E5%8A%A1.html" class="nav-link" aria-label="计划任务"><!---->计划任务<!----></a></li><li class="dropdown-item"><a href="/Linux%E7%B3%BB%E7%BB%9F/%E5%BC%80%E6%9C%BA%E5%90%AF%E5%8A%A8%E9%A1%B9.html" class="nav-link" aria-label="开机启动项"><!---->开机启动项<!----></a></li><li class="dropdown-item"><a href="/Linux%E7%B3%BB%E7%BB%9F/Linux%E5%AE%88%E6%8A%A4%E8%BF%9B%E7%A8%8B.html" class="nav-link" aria-label="Linux守护进程"><!---->Linux守护进程<!----></a></li></ul></button></div></div><div class="nav-item hide-in-mobile"><div class="dropdown-wrapper"><button class="dropdown-title" type="button" aria-label="Web安全"><span class="title"><span class="icon iconfont icon-chrome"></span>Web安全</span><span class="arrow"></span><ul class="nav-dropdown"><li class="dropdown-item"><a href="/Web%E5%AE%89%E5%85%A8/SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.html" class="nav-link" aria-label="SQL注入漏洞"><!---->SQL注入漏洞<!----></a></li><li class="dropdown-item"><a href="/Web%E5%AE%89%E5%85%A8/XSS%E8%B7%A8%E7%AB%99%E8%84%9A%E6%9C%AC%E6%94%BB%E5%87%BB.html" class="nav-link" aria-label="XSS跨站脚本攻击"><!---->XSS跨站脚本攻击<!----></a></li><li class="dropdown-item"><a href="/Web%E5%AE%89%E5%85%A8/%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E.html" class="nav-link" aria-label="文件上传漏洞"><!---->文件上传漏洞<!----></a></li><li class="dropdown-item"><a href="/Web%E5%AE%89%E5%85%A8/%E6%96%87%E4%BB%B6%E5%8C%85%E5%90%AB%E6%BC%8F%E6%B4%9E.html" class="nav-link" aria-label="文件包含漏洞"><!---->文件包含漏洞<!----></a></li><li class="dropdown-item"><a href="/Web%E5%AE%89%E5%85%A8/%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.html" class="nav-link" aria-label="命令执行漏洞"><!---->命令执行漏洞<!----></a></li><li class="dropdown-item"><a href="/Web%E5%AE%89%E5%85%A8/%E8%AF%B7%E6%B1%82%E4%BC%AA%E9%80%A0%E6%BC%8F%E6%B4%9E.html" class="nav-link" aria-label="请求伪造漏洞"><!---->请求伪造漏洞<!----></a></li><li class="dropdown-item"><a href="/Web%E5%AE%89%E5%85%A8/XXE%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.html" class="nav-link" aria-label="XXE注入漏洞"><!---->XXE注入漏洞<!----></a></li><li class="dropdown-item"><a href="/Web%E5%AE%89%E5%85%A8/%E9%80%BB%E8%BE%91%E6%BC%8F%E6%B4%9E.html" class="nav-link" aria-label="会话劫持和会话固定漏洞"><!---->会话劫持和会话固定漏洞<!----></a></li></ul></button></div></div><div class="nav-item hide-in-mobile"><div class="dropdown-wrapper"><button class="dropdown-title" type="button" aria-label="武器库"><span class="title"><span class="icon iconfont icon-frame"></span>武器库</span><span class="arrow"></span><ul class="nav-dropdown"><li class="dropdown-item"><h4 class="dropdown-subtitle"><span>在线工具</span></h4><ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="https://xssor.io/" rel="noopener noreferrer" target="_blank" aria-label="XSS'OR" class="nav-link"><span class="icon iconfont icon-dart"></span>XSS'OR<span><svg class="external-link-icon" xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path><polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg><span class="external-link-icon-sr-only">open in new window</span></span><!----></a></li><li class="dropdown-subitem"><a href="https://www.revshells.com/" rel="noopener noreferrer" target="_blank" aria-label="反弹shell" class="nav-link"><span class="icon iconfont icon-creative"></span>反弹shell<span><svg class="external-link-icon" xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path><polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg><span class="external-link-icon-sr-only">open in new window</span></span><!----></a></li><li class="dropdown-subitem"><a href="https://www.shentoushi.top/av/av.php" rel="noopener noreferrer" target="_blank" aria-label="杀软比对" class="nav-link"><span class="icon iconfont icon-discover"></span>杀软比对<span><svg class="external-link-icon" xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path><polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg><span class="external-link-icon-sr-only">open in new window</span></span><!----></a></li><li class="dropdown-subitem"><a href="https://wintrysec.github.io/ChaVuln/" rel="noopener noreferrer" target="_blank" aria-label="Goby红队漏洞库" class="nav-link"><span class="icon iconfont icon-debug"></span>Goby红队漏洞库<span><svg class="external-link-icon" xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path><polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg><span class="external-link-icon-sr-only">open in new window</span></span><!----></a></li></ul></li><li class="dropdown-item"><h4 class="dropdown-subtitle"><span>渗透神器</span></h4><ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/tools/../fscan.html" rel="noopener noreferrer" target="_blank" aria-label="fscan" class="nav-link"><span class="icon iconfont icon-anonymous"></span>fscan<span><svg class="external-link-icon" xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path><polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg><span class="external-link-icon-sr-only">open in new window</span></span><!----></a></li><li class="dropdown-subitem"><a href="/tools/nuclei.html" class="nav-link" aria-label="nuclei"><!---->nuclei<!----></a></li><li class="dropdown-subitem"><a href="/tools/nmap.html" class="nav-link" aria-label="nmap"><!---->nmap<!----></a></li><li class="dropdown-subitem"><a href="/tools/SQLmap.html" class="nav-link" aria-label="SQLmap"><!---->SQLmap<!----></a></li><li class="dropdown-subitem"><a href="/tools/BurpSuite.html" class="nav-link" aria-label="BurpSuite"><!---->BurpSuite<!----></a></li><li class="dropdown-subitem"><a href="/tools/CobaltStrike.html" class="nav-link" aria-label="CobaltStrike"><!---->CobaltStrike<!----></a></li></ul></li></ul></button></div></div><div class="nav-item hide-in-mobile"><div class="dropdown-wrapper"><button class="dropdown-title" type="button" aria-label="攻防对抗"><span class="title"><span class="icon iconfont icon-hot"></span>攻防对抗</span><span class="arrow"></span><ul class="nav-dropdown"><li class="dropdown-item"><h4 class="dropdown-subtitle"><span>攻击方</span></h4><ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/%E6%94%BB%E9%98%B2%E5%AF%B9%E6%8A%97/%E4%BA%92%E8%81%94%E7%BD%91%E4%BE%A7%E4%BF%A1%E6%81%AF%E6%94%B6%E9%9B%86.html" class="nav-link" aria-label="互联网侧信息收集"><!---->互联网侧信息收集<!----></a></li><li class="dropdown-subitem"><a href="/%E6%94%BB%E9%98%B2%E5%AF%B9%E6%8A%97/Getshell%E6%9D%83%E9%99%90%E8%8E%B7%E5%8F%96.html" class="nav-link" aria-label="Getshell权限获取"><!---->Getshell权限获取<!----></a></li><li class="dropdown-subitem"><a href="/%E6%94%BB%E9%98%B2%E5%AF%B9%E6%8A%97/%E6%9D%83%E9%99%90%E6%8F%90%E5%8D%87-Linux.html" class="nav-link" aria-label="权限提升-Linux"><!---->权限提升-Linux<!----></a></li><li class="dropdown-subitem"><a href="/%E6%94%BB%E9%98%B2%E5%AF%B9%E6%8A%97/%E6%9D%83%E9%99%90%E6%8F%90%E5%8D%87-Windows.html" class="nav-link" aria-label="权限提升-Windows"><!---->权限提升-Windows<!----></a></li><li class="dropdown-subitem"><a href="/%E6%94%BB%E9%98%B2%E5%AF%B9%E6%8A%97/%E6%9D%83%E9%99%90%E6%8F%90%E5%8D%87-%E6%95%B0%E6%8D%AE%E5%BA%93.html" class="nav-link" aria-label="权限提升-数据库"><!---->权限提升-数据库<!----></a></li><li class="dropdown-subitem"><a href="/%E6%94%BB%E9%98%B2%E5%AF%B9%E6%8A%97/%E6%9D%83%E9%99%90%E7%BB%B4%E6%8C%81-Linux%E5%90%8E%E9%97%A8.html" class="nav-link" aria-label="权限维持-Linux后门"><!---->权限维持-Linux后门<!----></a></li><li class="dropdown-subitem"><a href="/%E6%94%BB%E9%98%B2%E5%AF%B9%E6%8A%97/%E6%9D%83%E9%99%90%E7%BB%B4%E6%8C%81-Windows%E5%90%8E%E9%97%A8.html" class="nav-link" aria-label="权限维持-Windows后门"><!---->权限维持-Windows后门<!----></a></li><li class="dropdown-subitem"><a href="/%E6%94%BB%E9%98%B2%E5%AF%B9%E6%8A%97/%E6%9D%83%E9%99%90%E7%BB%B4%E6%8C%81%E6%8A%80%E5%B7%A7.html" class="nav-link" aria-label="权限维持技巧"><!---->权限维持技巧<!----></a></li><li class="dropdown-subitem"><a href="/%E6%94%BB%E9%98%B2%E5%AF%B9%E6%8A%97/%E6%9E%84%E5%BB%BA%E9%80%9A%E9%81%93%E6%BC%AB%E6%B8%B8%E5%86%85%E7%BD%91.html" class="nav-link" aria-label="构建通道漫游内网"><!---->构建通道漫游内网<!----></a></li><li class="dropdown-subitem"><a href="/%E6%94%BB%E9%98%B2%E5%AF%B9%E6%8A%97/%E6%A8%AA%E5%90%91%E7%A7%BB%E5%8A%A8-%E5%86%85%E7%BD%91%E4%BF%A1%E6%81%AF%E6%94%B6%E9%9B%86.html" class="nav-link" aria-label="横向移动-内网信息收集"><!---->横向移动-内网信息收集<!----></a></li><li class="dropdown-subitem"><a href="/%E6%94%BB%E9%98%B2%E5%AF%B9%E6%8A%97/%E6%A8%AA%E5%90%91%E7%A7%BB%E5%8A%A8-%E6%9C%AC%E6%9C%BA%E5%87%AD%E8%AF%81%E8%8E%B7%E5%8F%96.html" class="nav-link" aria-label="横向移动-本机凭证获取"><!---->横向移动-本机凭证获取<!----></a></li><li class="dropdown-subitem"><a href="/%E6%94%BB%E9%98%B2%E5%AF%B9%E6%8A%97/%E6%A8%AA%E5%90%91%E7%A7%BB%E5%8A%A8-IPC%E5%91%BD%E5%90%8D%E7%AE%A1%E9%81%93.html" class="nav-link" aria-label="横向移动-IPC命名管道"><!---->横向移动-IPC命名管道<!----></a></li><li class="dropdown-subitem"><a href="/%E6%94%BB%E9%98%B2%E5%AF%B9%E6%8A%97/%E6%A8%AA%E5%90%91%E7%A7%BB%E5%8A%A8-%E6%9D%83%E9%99%90%E6%8B%93%E5%B1%95%E6%96%B9%E5%BC%8F.html" class="nav-link" aria-label="横向移动-权限拓展方式"><!---->横向移动-权限拓展方式<!----></a></li><li class="dropdown-subitem"><a href="/%E6%94%BB%E9%98%B2%E5%AF%B9%E6%8A%97/%E6%B8%85%E7%90%86%E6%88%98%E5%9C%BA%E5%8F%8D%E6%BA%AF%E6%BA%90-%E6%97%A5%E5%BF%97%E5%A4%84%E7%90%86.html" class="nav-link" aria-label="清理战场反溯源-日志处理"><!---->清理战场反溯源-日志处理<!----></a></li></ul></li><li class="dropdown-item"><h4 class="dropdown-subtitle"><span>防守方</span></h4><ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/%E6%94%BB%E9%98%B2%E5%AF%B9%E6%8A%97/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94%E4%BA%8B%E4%BB%B6%E5%A4%84%E7%90%86%E6%B5%81%E7%A8%8B.html" class="nav-link" aria-label="应急响应事件处理流程"><!---->应急响应事件处理流程<!----></a></li><li class="dropdown-subitem"><a href="/%E6%94%BB%E9%98%B2%E5%AF%B9%E6%8A%97/Linux%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94.html" class="nav-link" aria-label="Linux应急响应"><!---->Linux应急响应<!----></a></li><li class="dropdown-subitem"><a href="/%E6%94%BB%E9%98%B2%E5%AF%B9%E6%8A%97/Windows%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94.html" class="nav-link" aria-label="Windows应急响应"><!---->Windows应急响应<!----></a></li></ul></li></ul></button></div></div><div class="nav-item hide-in-mobile"><div class="dropdown-wrapper"><button class="dropdown-title" type="button" aria-label="域渗透"><span class="title"><span class="icon iconfont icon-anonymous"></span>域渗透</span><span class="arrow"></span><ul class="nav-dropdown"><li class="dropdown-item"><a href="/%E5%9F%9F%E6%B8%97%E9%80%8F/%E5%9F%9F%E7%8E%AF%E5%A2%83%E4%BB%8B%E7%BB%8D.html" class="nav-link" aria-label="域环境介绍"><!---->域环境介绍<!----></a></li><li class="dropdown-item"><a href="/%E5%9F%9F%E6%B8%97%E9%80%8F/%E5%9F%9F%E5%86%85%E7%BD%91%E5%8D%8F%E8%AE%AE.html" class="nav-link" aria-label="域内网协议"><!---->域内网协议<!----></a></li><li class="dropdown-item"><a href="/%E5%9F%9F%E6%B8%97%E9%80%8F/%E5%9F%9F%E4%BF%A1%E6%81%AF%E6%94%B6%E9%9B%86.html" class="nav-link" aria-label="域信息收集"><!---->域信息收集<!----></a></li><li class="dropdown-item"><a href="/%E5%9F%9F%E6%B8%97%E9%80%8F/%E5%9F%9F%E6%8E%A7%E8%8E%B7%E5%8F%96%E6%96%B9%E5%BC%8F.html" class="nav-link" aria-label="域控获取方式"><!---->域控获取方式<!----></a></li><li class="dropdown-item"><a href="/%E5%9F%9F%E6%B8%97%E9%80%8F/%E5%93%88%E5%B8%8C%E4%BC%A0%E9%80%92%E6%94%BB%E5%87%BB.html" class="nav-link" aria-label="哈希传递攻击"><!---->哈希传递攻击<!----></a></li><li class="dropdown-item"><a href="/%E5%9F%9F%E6%B8%97%E9%80%8F/%E7%A5%A8%E6%8D%AE%E4%BC%A0%E9%80%92%E6%94%BB%E5%87%BB.html" class="nav-link" aria-label="票据传递攻击"><!---->票据传递攻击<!----></a></li><li class="dropdown-item"><a href="/%E5%9F%9F%E6%B8%97%E9%80%8F/NTLM%E4%B8%AD%E7%BB%A7%E6%94%BB%E5%87%BB.html" class="nav-link" aria-label="NTLM中继攻击"><!---->NTLM中继攻击<!----></a></li><li class="dropdown-item"><a href="/%E5%9F%9F%E6%B8%97%E9%80%8F/%E5%A7%94%E6%B4%BE%E6%94%BB%E5%87%BB.html" class="nav-link" aria-label="委派攻击"><!---->委派攻击<!----></a></li></ul></button></div></div></nav><!--[--><!----><!--]--></div><div class="navbar-right"><!--[--><!----><!--]--><!----><div class="nav-item"><a class="repo-link" href="https://github.com/wintrysec" target="_blank" rel="noopener noreferrer" aria-label="GitHub"><svg xmlns="http://www.w3.org/2000/svg" class="icon github-icon" viewBox="0 0 1024 1024" fill="currentColor" aria-label="github icon" style="width:1.25rem;height:1.25rem;vertical-align:middle;"><path d="M511.957 21.333C241.024 21.333 21.333 240.981 21.333 512c0 216.832 140.544 400.725 335.574 465.664 24.49 4.395 32.256-10.07 32.256-23.083 0-11.69.256-44.245 0-85.205-136.448 29.61-164.736-64.64-164.736-64.64-22.315-56.704-54.4-71.765-54.4-71.765-44.587-30.464 3.285-29.824 3.285-29.824 49.195 3.413 75.179 50.517 75.179 50.517 43.776 75.008 114.816 53.333 142.762 40.79 4.523-31.66 17.152-53.377 31.19-65.537-108.971-12.458-223.488-54.485-223.488-242.602 0-53.547 19.114-97.323 50.517-131.67-5.035-12.33-21.93-62.293 4.779-129.834 0 0 41.258-13.184 134.912 50.346a469.803 469.803 0 0 1 122.88-16.554c41.642.213 83.626 5.632 122.88 16.554 93.653-63.488 134.784-50.346 134.784-50.346 26.752 67.541 9.898 117.504 4.864 129.834 31.402 34.347 50.474 78.123 50.474 131.67 0 188.586-114.73 230.016-224.042 242.09 17.578 15.232 33.578 44.672 33.578 90.454v135.85c0 13.142 7.936 27.606 32.854 22.87C862.25 912.597 1002.667 728.747 1002.667 512c0-271.019-219.648-490.667-490.71-490.667z"></path></svg></a></div><div class="nav-item hide-in-mobile"><button id="appearance-switch"><svg xmlns="http://www.w3.org/2000/svg" class="icon auto-icon" viewBox="0 0 1024 1024" fill="currentColor" aria-label="auto icon" style="display:block;"><path d="M512 992C246.92 992 32 777.08 32 512S246.92 32 512 32s480 214.92 480 480-214.92 480-480 480zm0-840c-198.78 0-360 161.22-360 360 0 198.84 161.22 360 360 360s360-161.16 360-360c0-198.78-161.22-360-360-360zm0 660V212c165.72 0 300 134.34 300 300 0 165.72-134.28 300-300 300z"></path></svg><svg xmlns="http://www.w3.org/2000/svg" class="icon dark-icon" viewBox="0 0 1024 1024" fill="currentColor" aria-label="dark icon" style="display:none;"><path d="M524.8 938.667h-4.267a439.893 439.893 0 0 1-313.173-134.4 446.293 446.293 0 0 1-11.093-597.334A432.213 432.213 0 0 1 366.933 90.027a42.667 42.667 0 0 1 45.227 9.386 42.667 42.667 0 0 1 10.24 42.667 358.4 358.4 0 0 0 82.773 375.893 361.387 361.387 0 0 0 376.747 82.774 42.667 42.667 0 0 1 54.187 55.04 433.493 433.493 0 0 1-99.84 154.88 438.613 438.613 0 0 1-311.467 128z"></path></svg><svg xmlns="http://www.w3.org/2000/svg" class="icon light-icon" viewBox="0 0 1024 1024" fill="currentColor" aria-label="light icon" style="display:none;"><path d="M952 552h-80a40 40 0 0 1 0-80h80a40 40 0 0 1 0 80zM801.88 280.08a41 41 0 0 1-57.96-57.96l57.96-58a41.04 41.04 0 0 1 58 58l-58 57.96zM512 752a240 240 0 1 1 0-480 240 240 0 0 1 0 480zm0-560a40 40 0 0 1-40-40V72a40 40 0 0 1 80 0v80a40 40 0 0 1-40 40zm-289.88 88.08-58-57.96a41.04 41.04 0 0 1 58-58l57.96 58a41 41 0 0 1-57.96 57.96zM192 512a40 40 0 0 1-40 40H72a40 40 0 0 1 0-80h80a40 40 0 0 1 40 40zm30.12 231.92a41 41 0 0 1 57.96 57.96l-57.96 58a41.04 41.04 0 0 1-58-58l58-57.96zM512 832a40 40 0 0 1 40 40v80a40 40 0 0 1-80 0v-80a40 40 0 0 1 40-40zm289.88-88.08 58 57.96a41.04 41.04 0 0 1-58 58l-57.96-58a41 41 0 0 1 57.96-57.96z"></path></svg></button></div><form class="search-box" role="search"><input type="search" autocomplete="off" spellcheck="false" value><!----></form><!--[--><!----><!--]--><button class="toggle-navbar-button" aria-label="Toggle Navbar" aria-expanded="false" aria-controls="nav-screen"><span class="button-container"><span class="button-top"></span><span class="button-middle"></span><span class="button-bottom"></span></span></button></div></header><!----><!--]--><!----><div class="toggle-sidebar-wrapper"><span class="arrow left"></span></div><aside class="sidebar"><!--[--><!----><!--]--><ul class="sidebar-links"></ul><!--[--><!----><!--]--></aside><!--[--><main class="page" id="main-content"><!--[--><!----><nav class="breadcrumb disable"></nav><div class="page-title"><h1><!---->小程序渗透</h1><div class="page-info"><span class="author-info" aria-label="作者🖊" data-balloon-pos="down"><svg xmlns="http://www.w3.org/2000/svg" class="icon author-icon" viewBox="0 0 1024 1024" fill="currentColor" aria-label="author icon"><path d="M649.6 633.6c86.4-48 147.2-144 147.2-249.6 0-160-128-288-288-288s-288 128-288 288c0 108.8 57.6 201.6 147.2 249.6-121.6 48-214.4 153.6-240 288-3.2 9.6 0 19.2 6.4 25.6 3.2 9.6 12.8 12.8 22.4 12.8h704c9.6 0 19.2-3.2 25.6-12.8 6.4-6.4 9.6-16 6.4-25.6-25.6-134.4-121.6-240-243.2-288z"></path></svg><span><a class="author-item" href="https://wintrysec.github.io" target="_blank" rel="noopener noreferrer">张天师</a></span><span property="author" content="张天师"></span></span><!----><!----><span class="reading-time-info" aria-label="阅读时间⌛" data-balloon-pos="down"><svg xmlns="http://www.w3.org/2000/svg" class="icon timer-icon" viewBox="0 0 1024 1024" fill="currentColor" aria-label="timer icon"><path d="M799.387 122.15c4.402-2.978 7.38-7.897 7.38-13.463v-1.165c0-8.933-7.38-16.312-16.312-16.312H256.33c-8.933 0-16.311 7.38-16.311 16.312v1.165c0 5.825 2.977 10.874 7.637 13.592 4.143 194.44 97.22 354.963 220.201 392.763-122.204 37.542-214.893 196.511-220.2 389.397-4.661 5.049-7.638 11.651-7.638 19.03v5.825h566.49v-5.825c0-7.379-2.849-13.981-7.509-18.9-5.049-193.016-97.867-351.985-220.2-389.527 123.24-37.67 216.446-198.453 220.588-392.892zM531.16 450.445v352.632c117.674 1.553 211.787 40.778 211.787 88.676H304.097c0-48.286 95.149-87.382 213.728-88.676V450.445c-93.077-3.107-167.901-81.297-167.901-177.093 0-8.803 6.99-15.793 15.793-15.793 8.803 0 15.794 6.99 15.794 15.793 0 80.261 63.69 145.635 142.01 145.635s142.011-65.374 142.011-145.635c0-8.803 6.99-15.793 15.794-15.793s15.793 6.99 15.793 15.793c0 95.019-73.789 172.82-165.96 177.093z"></path></svg><span>大约 2 分钟</span><meta property="timeRequired" content="PT2M"></span></div><hr></div><div class="toc-place-holder"><aside id="toc"><div class="toc-header">此页内容</div><div class="toc-wrapper"><ul class="toc-list"><!--[--><li class="toc-item"><a aria-current="page" href="/wx.html#pc端小程序抓包渗透" class="router-link-active router-link-exact-active toc-link level2">PC端小程序抓包渗透</a></li><!----><!--]--><!--[--><li class="toc-item"><a aria-current="page" href="/wx.html#反编译获取源码" class="router-link-active router-link-exact-active toc-link level2">反编译获取源码</a></li><ul class="toc-list"><!--[--><li class="toc-item"><a aria-current="page" href="/wx.html#信息泄露" class="router-link-active router-link-exact-active toc-link level3">信息泄露</a></li><!----><!--]--><!--[--><li class="toc-item"><a aria-current="page" href="/wx.html#未授权访问" class="router-link-active router-link-exact-active toc-link level3">未授权访问</a></li><!----><!--]--></ul><!--]--><!--[--><li class="toc-item"><a aria-current="page" href="/wx.html#appid和secret利用" class="router-link-active router-link-exact-active toc-link level2">Appid和Secret利用</a></li><!----><!--]--><!--[--><li class="toc-item"><a aria-current="page" href="/wx.html#破解-sign-签名" class="router-link-active router-link-exact-active toc-link level2">破解 sign 签名</a></li><ul class="toc-list"><!--[--><li class="toc-item"><a aria-current="page" href="/wx.html#sign定义" class="router-link-active router-link-exact-active toc-link level3">sign定义</a></li><!----><!--]--><!--[--><li class="toc-item"><a aria-current="page" href="/wx.html#绕过签名思路" class="router-link-active router-link-exact-active toc-link level3">绕过签名思路</a></li><!----><!--]--></ul><!--]--></ul></div></aside></div><!----><div class="theme-hope-content"><h2 id="pc端小程序抓包渗透" tabindex="-1"><a class="header-anchor" href="#pc端小程序抓包渗透" aria-hidden="true">#</a> PC端小程序抓包渗透</h2><p>通过 Proxifier 将微信小程序客户端的流量发送到 burpsuite 代理。</p><p>1)BurpSuite 开启代理,监听端口为 127.0.0.1:8080</p><p>2)Proxifier 设置的代理服务器和代理规则</p><p>代理服务器:</p><p><img src="/assets/clip_image002.f28c44f7.gif" alt="img" loading="lazy"></p><p>代理规则:</p><p><img src="/assets/clip_image004.50a3d4a8.gif" alt="img" loading="lazy"></p><h2 id="反编译获取源码" tabindex="-1"><a class="header-anchor" href="#反编译获取源码" aria-hidden="true">#</a> 反编译获取源码</h2><p>一键反编译PC端小程序</p><p><img src="/assets/image-20240531141711125.20bd97fc.png" alt="image-20240531141711125" loading="lazy"></p><h3 id="信息泄露" tabindex="-1"><a class="header-anchor" href="#信息泄露" aria-hidden="true">#</a> 信息泄露</h3><p>各类信息搜索关键字</p><table><thead><tr><th>信息内容</th><th>关键字</th></tr></thead><tbody><tr><td>用户凭证</td><td>passwd</td></tr><tr><td>用户凭证</td><td>password</td></tr><tr><td>网站URL</td><td>http://</td></tr><tr><td>网站URL</td><td>https://</td></tr><tr><td>API凭证</td><td>apikey</td></tr><tr><td>访问令牌</td><td>token</td></tr><tr><td>访问令牌</td><td>access_token</td></tr><tr><td>访问令牌</td><td>accesstoken</td></tr><tr><td>小程序ID</td><td>appid</td></tr><tr><td>云主机Key</td><td>accesskey、access_key</td></tr><tr><td>云主机Key</td><td>secretid</td></tr></tbody></table><p><strong>正则匹配</strong></p><div class="language-json line-numbers-mode" data-ext="json"><pre class="language-json"><code>#IP地址
(<span class="token number">25</span><span class="token punctuation">[</span><span class="token number">0</span><span class="token number">-5</span><span class="token punctuation">]</span>|<span class="token number">2</span><span class="token punctuation">[</span><span class="token number">0</span><span class="token number">-4</span><span class="token punctuation">]</span>\d|<span class="token punctuation">[</span><span class="token number">0</span><span class="token number">-1</span><span class="token punctuation">]</span>\d<span class="token punctuation">{</span><span class="token number">2</span><span class="token punctuation">}</span>|<span class="token punctuation">[</span><span class="token number">1</span><span class="token number">-9</span><span class="token punctuation">]</span>?\d)\.(<span class="token number">25</span><span class="token punctuation">[</span><span class="token number">0</span><span class="token number">-5</span><span class="token punctuation">]</span>|<span class="token number">2</span><span class="token punctuation">[</span><span class="token number">0</span><span class="token number">-4</span><span class="token punctuation">]</span>\d|<span class="token punctuation">[</span><span class="token number">0</span><span class="token number">-1</span><span class="token punctuation">]</span>\d<span class="token punctuation">{</span><span class="token number">2</span><span class="token punctuation">}</span>|<span class="token punctuation">[</span><span class="token number">1</span><span class="token number">-9</span><span class="token punctuation">]</span>?\d)\.(<span class="token number">25</span><span class="token punctuation">[</span><span class="token number">0</span><span class="token number">-5</span><span class="token punctuation">]</span>|<span class="token number">2</span><span class="token punctuation">[</span><span class="token number">0</span><span class="token number">-4</span><span class="token punctuation">]</span>\d|<span class="token punctuation">[</span><span class="token number">0</span><span class="token number">-1</span><span class="token punctuation">]</span>\d<span class="token punctuation">{</span><span class="token number">2</span><span class="token punctuation">}</span>|<span class="token punctuation">[</span><span class="token number">1</span><span class="token number">-9</span><span class="token punctuation">]</span>?\d)\.(<span class="token number">25</span><span class="token punctuation">[</span><span class="token number">0</span><span class="token number">-5</span><span class="token punctuation">]</span>|<span class="token number">2</span><span class="token punctuation">[</span><span class="token number">0</span><span class="token number">-4</span><span class="token punctuation">]</span>\d|<span class="token punctuation">[</span><span class="token number">0</span><span class="token number">-1</span><span class="token punctuation">]</span>\d<span class="token punctuation">{</span><span class="token number">2</span><span class="token punctuation">}</span>|<span class="token punctuation">[</span><span class="token number">1</span><span class="token number">-9</span><span class="token punctuation">]</span>?\d)
#手机号码
<span class="token number">0</span>?(<span class="token number">13</span>|<span class="token number">14</span>|<span class="token number">15</span>|<span class="token number">17</span>|<span class="token number">18</span>|<span class="token number">19</span>)<span class="token punctuation">[</span><span class="token number">0</span><span class="token number">-9</span><span class="token punctuation">]</span><span class="token punctuation">{</span><span class="token number">9</span><span class="token punctuation">}</span>
#邮箱地址
\w<span class="token punctuation">[</span>-\w.+<span class="token punctuation">]</span>*@(<span class="token punctuation">[</span>A-Za-z0<span class="token number">-9</span><span class="token punctuation">]</span><span class="token punctuation">[</span>-A-Za-z0<span class="token number">-9</span><span class="token punctuation">]</span>+\.)+<span class="token punctuation">[</span>A-Za-z<span class="token punctuation">]</span><span class="token punctuation">{</span><span class="token number">2</span><span class="token punctuation">,</span><span class="token number">14</span><span class="token punctuation">}</span>
#身份证
\d<span class="token punctuation">{</span><span class="token number">17</span><span class="token punctuation">}</span><span class="token punctuation">[</span>\d|x<span class="token punctuation">]</span>|\d<span class="token punctuation">{</span><span class="token number">15</span><span class="token punctuation">}</span>
</code></pre><div class="line-numbers" aria-hidden="true"><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div></div></div><h3 id="未授权访问" tabindex="-1"><a class="header-anchor" href="#未授权访问" aria-hidden="true">#</a> 未授权访问</h3><p>搜索接口路径,(GET和POST两种方法)尝试访问所有接口,看看是否有无需认证就能访问的接口。</p><div class="language-json line-numbers-mode" data-ext="json"><pre class="language-json"><code>#内部路径
<span class="token string">"/.*/.*"</span>
href=<span class="token string">".*"</span>
src=<span class="token string">".*"</span>
</code></pre><div class="line-numbers" aria-hidden="true"><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div></div></div><h2 id="appid和secret利用" tabindex="-1"><a class="header-anchor" href="#appid和secret利用" aria-hidden="true">#</a> Appid和Secret利用</h2><p>获取到的appid和secret可以到微信的官方接口去自由生成微信小程序的<code>AccessToken</code></p><div class="language-HTTP line-numbers-mode" data-ext="HTTP"><pre class="language-HTTP"><code>https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid={{APPID}}&secret={{APPSECRET}}
</code></pre><div class="line-numbers" aria-hidden="true"><div class="line-number"></div></div></div><p>拿到 AccessToken,相当于可以控制整个小程序了,并且 AccessToken 微信每天只能生成20次</p><div class="language-json line-numbers-mode" data-ext="json"><pre class="language-json"><code><span class="token punctuation">{</span>
<span class="token property">"access_token"</span><span class="token operator">:</span> <span class="token string">"70_qGt5fEExKvlXX1tC_e_r_aRYPj0j3_oxZlazJ7-NcC44omBfHwfjXKxTN7WJWl9dTGGxCL2vPd9M0u1DSQS5pjjhEUtz-PhJ2kX0GSFov2KOAnjf5FUhNJLk1UUWGWcAHALVL"</span><span class="token punctuation">,</span>
<span class="token property">"expires_in"</span><span class="token operator">:</span> <span class="token number">7200</span>
<span class="token punctuation">}</span>
</code></pre><div class="line-numbers" aria-hidden="true"><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div><div class="line-number"></div></div></div><p>access_token 后续利用,可以用发送图文文章/消息用于钓鱼。</p><p>用微信调试工具发起真实请求,<a href="https://developers.weixin.qq.com/apiExplorer" target="_blank" rel="noopener noreferrer">https://developers.weixin.qq.com/apiExplorer<span><svg class="external-link-icon" xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path><polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg><span class="external-link-icon-sr-only">open in new window</span></span></a></p><h2 id="破解-sign-签名" tabindex="-1"><a class="header-anchor" href="#破解-sign-签名" aria-hidden="true">#</a> 破解 sign 签名</h2><h3 id="sign定义" tabindex="-1"><a class="header-anchor" href="#sign定义" aria-hidden="true">#</a> sign定义</h3><p>sign一般用于参数签名,用来验证数据的完整性和真实性。</p><p>为校验客户端数据传输合法性,防止用户篡改参数、伪装、重放以及数据泄露等常用sign签名校验。</p><p>sign标识生成方法一般是是将秘钥、时间戳、特殊字符、随机数等参数经过特定排序后使用某种加密算法进行加密,作为接口中的一个参数sign来传递,也可以将sign放到请求头中。</p><p>一般加密方法有:MD5、AES、SHA等。</p><h3 id="绕过签名思路" tabindex="-1"><a class="header-anchor" href="#绕过签名思路" aria-hidden="true">#</a> 绕过签名思路</h3><p>1、观察sign的格式,看是否弱加密,比如是base64解码;</p><p>2、将sign字段删除或直接置空sign的值,尝试绕过校验;</p><p>3、反编译出源代码,查找加密算法,找到sign的生成方式。</p></div><!----><footer class="page-meta"><div class="meta-item edit-link"><a href="https://github.com/wintrysec/edit/main/src/wx.md" rel="noopener noreferrer" target="_blank" aria-label="编辑此页" class="nav-link label"><!--[--><svg xmlns="http://www.w3.org/2000/svg" class="icon edit-icon" viewBox="0 0 1024 1024" fill="currentColor" aria-label="edit icon"><path d="M430.818 653.65a60.46 60.46 0 0 1-50.96-93.281l71.69-114.012 7.773-10.365L816.038 80.138A60.46 60.46 0 0 1 859.225 62a60.46 60.46 0 0 1 43.186 18.138l43.186 43.186a60.46 60.46 0 0 1 0 86.373L588.879 565.55l-8.637 8.637-117.466 68.234a60.46 60.46 0 0 1-31.958 11.229z"></path><path d="M728.802 962H252.891A190.883 190.883 0 0 1 62.008 771.98V296.934a190.883 190.883 0 0 1 190.883-192.61h267.754a60.46 60.46 0 0 1 0 120.92H252.891a69.962 69.962 0 0 0-69.098 69.099V771.98a69.962 69.962 0 0 0 69.098 69.098h475.911A69.962 69.962 0 0 0 797.9 771.98V503.363a60.46 60.46 0 1 1 120.922 0V771.98A190.883 190.883 0 0 1 728.802 962z"></path></svg><!--]-->编辑此页<span><svg class="external-link-icon" xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path><polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg><span class="external-link-icon-sr-only">open in new window</span></span><!----></a></div><!----><!----></footer><!----><!----><!----><!--]--></main><!--]--><!----><!--]--></div><!--]--><!----><!----><!--]--></div>
<script type="module" src="/assets/app.3b9f01e1.js" defer></script>
</body>
</html>