├── README.md └── SECURITY.md /README.md: -------------------------------------------------------------------------------- 1 | # Behinder 2 | “冰蝎”动态二进制加密网站管理客户端 3 | 4 | 5 | 6 | 功能介绍原文链接: 7 | 8 | 《利用动态二进制加密实现新型一句话木马之客户端篇》 https://xz.aliyun.com/t/2799 9 | 10 | 工作原理原文链接: 11 | 12 | 《利用动态二进制加密实现新型一句话木马之Java篇》 https://xz.aliyun.com/t/2744 13 | 14 | 《利用动态二进制加密实现新型一句话木马之.NET篇》 https://xz.aliyun.com/t/2758 15 | 16 | 《利用动态二进制加密实现新型一句话木马之PHP篇》 https://xz.aliyun.com/t/2774 17 | 18 | 传输协议原理解析: 19 | 20 | 《冰蝎v4.0传输协议详解》 https://mp.weixin.qq.com/s/EwY8if6ed_hZ3nQBiC3o7A 21 | 22 | 23 | 24 | ## 运行环境 25 | 26 | 客户端:jre8+ 27 | 服务端:.net 2.0+;php 5.3-7.4;java 6+ 28 | 29 | ## FAQ 30 | 31 | 32 | * 直接用浏览器访问shell会报错? 33 | 34 | 客户端附带的服务端为最简版本,没有做容错处理,所以直接浏览器访问可能会报错,但是不影响客户端正常连接。如果不介意服务端体积增加几个字节,可以自己加一些容错判断语句。 35 | 36 | * 我可以对shell进行修改么? 37 | 38 | 客户端附带的服务端可以进行各种变形,只要基本逻辑不变,客户端即可正常连接。 39 | 40 | * 开了socks代理,但是服务器并没有开启代理端口? 41 | 42 | socks代理的端口不是开在远程服务器上的,是开在本地的,利用socks客户端直接连接本地IP的代理端口即可,冰蝎会把本地端口的流量通过http隧道透传至远程服务器网络。 43 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Security Policy 2 | 3 | ## Supported Versions 4 | 5 | Use this section to tell people about which versions of your project are 6 | currently being supported with security updates. 7 | 8 | | Version | Supported | 9 | | ------- | ------------------ | 10 | | 5.1.x | :white_check_mark: | 11 | | 5.0.x | :x: | 12 | | 4.0.x | :white_check_mark: | 13 | | < 4.0 | :x: | 14 | 15 | ## Reporting a Vulnerability 16 | 17 | Use this section to tell people how to report a vulnerability. 18 | 19 | Tell them where to go, how often they can expect to get an update on a 20 | reported vulnerability, what to expect if the vulnerability is accepted or 21 | declined, etc. 22 | --------------------------------------------------------------------------------