Decryption and removal of a PHP Trojan-free webshell

Source: Internet
Author: User

Today, I want to find a PHP Trojan to manage my own space, but I don't have it at hand. I had to find a PHP Trojan on the Internet. I found a new version of the black/white network is called "Kill PHP Trojan, so I downloaded it and killed my avast --! Okay.

So turn off anti-virus and download it again. Okay, this is an episode! ,

Download the PHP source file just below here </P> <p> http://down.qiannao.com/space/file/strivescript/share/2011/2/7/-514d-6740php-5927-9a6c_-521d-4e0b-8f7d-7248.rar/.page

 

Then, move things to the PHP environment in the Virtual Machine and open it. There is encryption. The function used is:

First use this function base64_decode () and then use this function gzuncompress () for encryption. The good thing is that the ciphertext is one piece, and then cut all the parts.

Re-write a PHP file:

<? Php <br/> print_r (gzunconpress (base64_decode (ciphertext segment); <br/>?>

 

 

This is simple,Source codeAll in one view !!!!

 

View SourceCodeAfter

CTRL + F find this http ://

Check the source code and find that there is another encryption point:

The above method is used to find a backdoor.

 

<SCRIPT src = 'webshell address'> </SCRIPT>

 

Then delete the code.

OK. Run it and you will find that no mix. dll can be released.

It's rare to download the decrypted source code here.

 

 

Http://down.qiannao.com/space/file/strivescript/share/2011/2/7/-9700-8981-91ca-653edll-7684php-9a6c.zip/.page <br/>

 

 

 

 

You can also use this online storage and share it with us:

Http://upload.qiannao.com/tomos/ui/qnupload.jsp? Id = strivescript

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.