Php Trojan scan and querying mysql database account and password on the Intranet

======================

<Html>
<Head>
<Meta http-equiv = "Content-Type" content = "text/html; charset = gb2312">
<Title> ∷ Scanwebshell </title>
<STYLE>
Body {SCROLLBAR-FACE-COLOR: #719BC5; FONT-SIZE: 12px; SCROLLBAR-HIGHLIGHT-COLOR: # ffffff; SCROLLBAR-SHADOW-COLOR: # ffffff; SCROLLBAR-3DLIGHT-COLOR: # ffffff; SCROLLBAR-ARROW-COLOR: # ffffff; SCROLLBAR-TRACK-COLOR: # ffffff; FONT-FAMILY: ""; SCROLLBAR-DARKSHADOW-COLOR: # ffffff
Font-family:; font-size: 9pt}

INPUT {BORDER: 1px none silver ;}
</STYLE>
</Head>
<Body>

<? Php
If (@ set_time_limit (0) ini_set ("max_execution_time", 0 );
$ Time = explode ("", microtime ());
$ Starttime = $ time [0] + $ time [1];
Echo "path of this FILE:". str_replace (\,/, dirname (_ FILE _). "<br> ";
$ Scan_ex = "php"; // scan the file suffix
$ Count_all = 0; // total number of scanned files

// Die ();
// Scan the function to start with 192
$ Check_system_fun = array ("192.168", "10.0 ."

);
// Returned Suspicious File
$ Dan_file_array = array ();
Global $ scan_ex, $ count_all, $ scan_path, $ check_file_fun, $ dan_file_array;

// Determine the file suffix
Function get_ex ($ file_name)
{
$ Retval = "";
$ Pt = strrpos ($ file_name ,".");
If ($ pt) $ retval = substr ($ file_name, $ pt + 1, strlen ($ file_name)-$ pt );
// Echo $ retval. "<br> ";
Return ($ retval );
}

// Check the file
Function check ($ file_name)
{
Global $ dan_file_array;
Global $ check_system_fun;

$ Content_num = 0;
$ Funs_info =;
$ Include_info =;
$ Contents_info =;
$ Time_info =;
$ Result = false;
$ File_contents = file ($ file_name );
$ Time_info. = "File Creation Time:". date ("F d y h: I: s.", filectime ($ file_name). "<br> ";
$ Time_info. = "file modification time:". date ("F d y h: I: s.", filemtime ($ file_name). "<br> ";
Foreach ($ file_contents as $ file_content)
{
$ Mask = 1;
$ Content_num = $ content_num + 1;
Foreach ($ check_system_fun as $ func_name)
{
If (eregi ($ func_name, $ file_content ))
{
$ Funs_info = $ funs_info. "The keyword". $ content_num. "exists in the row". $ func_name. "the file may be trying to execute system commands. <br> ";
If ($ mask = 1)
{
$ Contents_info. = htmlspecialchars (substr ($ file_content, 0,100). "<br> ";
$ Mask = 0;
}
}
}
}

If (stristr ($ include_info, attempted to execute) = false)
{
If ($ include_info! =)
{
Echo "<tr> ";
Echo "<td width =" 20% "border = 10 valign =" top "> $ file_name </td> ";
Echo "<td width =" 30% "border = 10 valign =" top "> $ include_info </td> ";
Echo "<td width =" 20% "border = 10 valign =" top "> $ contents_info </td> ";
Echo "<td width =" 20% "border = 10 valign =" top "> $ time_info </td> ";
Echo "</tr> ";
}

If ($ funs_info! =)
{
Echo "<tr> ";

Echo "<td width =" 20% "border = 10 valign =" top "> $ file_name </td> ";
Echo "<td width =" 30% "border = 10 valign =" top "> $ funs_info </td> ";
Echo "<td width =" 20% "border = 10 valign =" top "> $ contents_info </td> ";
Echo "<td width =" 20% "border = 10 valign =" top "> $ time_info </td> ";
Echo "</tr> ";

}
}
}

 

// Traverse the directory
Function list_dir ($ dirname)
{
// Variable
Global $ scan_ex, $ count_all;
// Win System
// If ($ dirname [strlen ($ dirname)-1]! = \)
// $ Dirname. = \;
// * Worker System
If ($ dirname [strlen ($ dirname)-1]! =/) $ Dirname. = /;
Static $ result_array = array (); // static array, save the function return value.
$ Handle = opendir ($ dirname );
While ($ file = readdir ($ handle )){
If ($ file =. | $ file = .. | $ file = attachments) continue;
If (is_dir ($ dirname. $ file) list_dir ($ dirname. $ file./); // recursively calls a directory.
If (strpos ($ file,. php )){
$ Result_array [] = $ dirname. $ file;
$ Count_all = $ count_all + 1;
}
}
Closedir ($ handle );
Return $ result_array;
}
// List objects
If ($ _ POST [action]! = Scan)
{
Echo "<form action = $ _ SERVER [PHP_SELF] method = post> ";
Echo "Scan path: <input type = text name = scan_path style =" border: 1px solid # 084B8E "> <br> ";
Echo "file Suffix: <input type = text name = scan_ex style =" border: 1px solid # 084B8E "> <br> ";
Echo "<input type = hidden name = action value = scan> <br> ";
Echo "<input type = submit value = start detection> <br> ";
}
Else {
Global $ scan_path;
If (empty ($ _ POST [scan_path]) {
$ Scan_path = str_replace (\,/, dirname (_ FILE __));
} Else {
$ Scan_path = $ _ POST [scan_path];
}
$ Array = list_dir ($ scan_path );
Echo "detected $ count_all files! Files <br> ";
?>
<Table width = "100%" border = "1" cellpadding = "0" cellspacing = "0" style = "padding: 5px; line-height: 170%; clear: both; font-size: 12px ">
<Tr>

<Td width = "80" valign = "top"> absolute file path </td>
<Td width = "80" height = 30 valign = "top"> signature and description </td>
<Td width = "80" height = 30 valign = "top"> file content details </td>
<Td width = "80" height = 30 valign = "top"> file time details </td>
</Tr>
<?
Foreach ($ array as $ value)
{
Check ($ value );
}
Echo "</table> ";
$ Time = explode ("", microtime ());
$ Endtime = $ time [0] + $ time [1];
$ Time = $ endtime-$ starttime;
Echo "time spent in this detection". $ time. "seconds ";
}

?>