存档

文章标签 ‘phpwebshell’

[原创]Chinadu的PHP一句话马客户端

2010年6月7日 没有评论 798 views

有些PHP一句话马的客户端,遇见magic_quotes_gpc =On 提交之后就报错不能执行,或者遇见*nix系统不能提交。
随之写了一个,能完美兼容windows/*nix操作系统,无论magic_quotes_gpc 为On还是Off都能提交。
采用session模式,绝对无痕而且免杀,关闭浏览器后自动消失。
默认提交的是最新的phpspy2009大马,功能全面。


阅读全文...

分类: 资源共享 标签: ,

一个PHP webshell检查shell脚本

2010年6月6日 没有评论 252 views

From:http://neeao.com/archives/16/

#!/bin/sh

#************************************************************

#Webshell Check Shell for php

#By:Neeao

#2008/7/17 v1.0 beta

#************************************************************

HOSTIP=`ifconfig eth0 |grep 'inet addr'|awk '{print $2;}'|cut -d: -f2`

#STR=`expr index $HOSTIP "192.168"`

#if [ ${STR} -eq 1 ]

# then

# HOSTIP=`ifconfig eth1 |grep 'inet addr'|awk '{print $2;}'|cut -d: -f2`

#fi

echo $HOSTIP

LogFile=/tmp/$HOSTIP.log

rm -rf $LogFile

date +%Y-%m-%d/%H:%M >> $LogFile

echo -e "\n" >> $LogFile

echo " ---------------------------------------------------------------------------------------------------" >> $LogFile

echo "|Executive Order function:exec(\|system(\|passthru(\|shell_exec(\|popen(\|proc_open(\|pcntl_exec( |" >> $LogFile

echo " ---------------------------------------------------------------------------------------------------" >> $LogFile

echo -e "\n" >> $LogFile

grep -in 'exec(\|system(\|passthru(\|shell_exec(\|popen(\|proc_open(\|pcntl_exec(' -R * | grep -iv '_exec' >> $LogFile

echo -e "\n" >> $LogFile

echo " -------------------------------------------------------------------------------------------" >> $LogFile

echo "|Deformation of the back door coding:eval(\|base64_decode(\|gzinflate(\|gzuncompress(\|chr( |" >> $LogFile

echo " --------------------------------------------------------------------------------------------" >> $LogFile

echo -e "\n" >> $LogFile

grep -in "eval(\|base64_decode(\|gzinflate(\|gzuncompress(\|chr(" -R * >> $LogFile

echo -e "\n" >> $LogFile

echo " -----------------------------------------------------------------------------------------------------------------" >> $LogFile

echo "|File operations function:dl(\|fopen(\|readfile(\|file(\|file_get_contents(\|opendir(\|chdir(\|fwrite(\|unlink(\|glob(|" >> $LogFile

echo " -----------------------------------------------------------------------------------------------------------------" >> $LogFile

echo -e "\n" >> $LogFile

grep -in "dl(\|fopen(\|readfile(\|file(\|file_get_contents(\|opendir(\|chdir(\|fwrite(\|unlink(\|glob(" -R * >> $LogFile

echo -e "\n" >> $LogFile

echo "----------------------------------" >> $LogFile

echo "|Files inculde bug:include|require|" >> $LogFile

echo "----------------------------------" >> $LogFile

echo -e "\n" >> $LogFile

grep -in "include.*\$.\|require.*\$." -R * >> $LogFile

echo -e "\n" >> $LogFile

echo "---------------------------------------------------------" >> $LogFile

echo "|Risk code Keyword:SQLyog\|phpAdsNew\|huansuan\|fckeditor|" >> $LogFile

echo "--------------------------------------------------------" >> $LogFile

echo -e "\n" >> $LogFile

grep -in "SQLyog\|phpAdsNew\|huansuan\|fckeditor" -R * >> $LogFile

cd /tmp

tar -zcvf $HOSTIP.tar.gz $HOSTIP.log

分类: 资源共享 标签: