From d6cd94b7330b0e166e03642af3d5fd584aab8d3a Mon Sep 17 00:00:00 2001
From: tennc <tennc@users.noreply.github.com>
Date: Wed, 10 Jun 2015 08:46:12 +0800
Subject: [PATCH] Create readme.md

---
 php/tank96a/readme.md | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 php/tank96a/readme.md

diff --git a/php/tank96a/readme.md b/php/tank96a/readme.md
new file mode 100644
index 0000000..3298b4f
--- /dev/null
+++ b/php/tank96a/readme.md
@@ -0,0 +1,7 @@
+写了两个脚本webshell.php和getcode.php(本地开了个php server，运行getcode.php模拟远程服务器上的网页)
+
+原理：首先用菜刀访问webshell.php，该webshell立即从远程服务器上获取要运行的代码并执行。
+
+这里获取的代码是61737365727428245f504f53545b635d293b，也就是assert($_POST[c]);
+
+菜刀中设置：http://192.168.1.102/DebugPHP/webshell.php 密码是c