Backdoor Scanner

1. <?php
2. putenv("TZ=Europe/Britania");
3. ?><head><title>Backdoor Scanner</title><script language="JavaScript" type="text/JavaScript">
4. <!--
5. function MM_openBrWindow(theURL,winName,features) { //v2.0
6. window.open(theURL,winName,features)
7. }
8. //-->
9. </script><style type="text/css">
10. <!--
11. body {
12. font-family: Tahoma;
13. color: #CCCCCC;
14. background-color: #000000;
15. font-size: 11px;
16. font-weight: bold;
17. }
18. .single{
19. border: 1px solid #00ff00;
20. padding: 5px;
21. }
22. a:visited {
23. color: #33333;
24. font-size: 11px;
25. font-family: tahoma;
26. text-decoration: none;
27. }
28.  
29. a:hover {
30. color: #ccff00;
31. text-decoration: none;
32. }
33. .abunai {
34. color: red;
35. text-decoration: none;
36. }
37. .xxx {
38. color: 00FF00;
39. text-decoration: none;
40. }
41. a {
42. color: 00FF00;
43. font-size: 11px;
44. font-family: tahoma;
45. text-decoration: none;
46. }
47. td {
48. border-style: solid;
49. border-width: 0 0 1px 0;
50. font-size:11px; font-family:Tahoma,Verdana,Arial; color:00FF00;
51. }
52. .me {
53. font-size:11px; font-family:Tahoma,Verdana,Arial; color:00FF00;
54. border: 0px;
55. padding: 5px;
56. }
57. .isi:disabled{
58. padding: 2px;
59. border:1px solid #333333;
60. font-family: Tahoma;
61. color: #333333;
62. background-color: #000000;
63. font-size: 10px;
64. font-weight: bold;
65. }
66. .isi{
67. padding: 2px;
68. border:1px solid #666666;
69. font-family: Tahoma;
70. color: 00FF00;
71. background-color: #666666;
72. font-size: 10px;
73. font-weight: bold;
74. }
75. -->
76. </style><style type="text/css">
77. #patch {position:absolute; height:1; width:1px; top:0; left:0;}
78. </style></head><body>
79. <center><br><font color="#339900" size="10" face="arial">Backdoor Scanner</font></center><br>
80. <?php
81. if(isset($_REQUEST['edit']) && $_REQUEST['edit']=='file'){
82. if(isset($_POST['yes'])){
83. $filename = $_GET['file'];
84. echo "<br><br><br><font color=red size=3><b><center>".$filename." deleted...</b></font><br><br><br><br><br><br><br>";
85. unlink($filename);
86. echo "<META HTTP-EQUIV=Refresh CONTENT=\"2; URL=javascript:window.close();\">";
87. }else{
88. if($_POST['update']) {
89. $filename = $_POST['file'];
90. if(is_writable($filename)) {
91. $handle = fopen($filename, "w+");
92. $isi=$_POST['content'];
93. fwrite($handle, stripslashes($isi));
94. fclose($handle);
95. $stat= "<center><strong>edited successfully<br>";
96. } else {
97. $stat= "<center><font color=red><strong>Error! File may not be writable.</font></center>";
98. }
99. }
100. if($_POST['close']) {
101. echo "<META HTTP-EQUIV=Refresh CONTENT=\"0; URL=javascript:window.close();\">";
102. }
103. $filename = $_GET['file'];
104. if (file_exists($filename)){
105. $vuln = $_GET['bug'];
106. $handle = fopen($filename, "r");
107. $contents = fread($handle, filesize($filename));
108. ?>
109. <center><table>
110. <tr><td align="left" class="me"><strong><?=$filename?>&nbsp;&nbsp;>> Contains :&nbsp;<?=$vuln?></strong></td></tr>
111. <tr><td class="me"><form method="post" action=""><input type="hidden" name="file" value="<?=$filename?>">
112. <textarea name="content" cols="80" rows="15"><?=htmlspecialchars($contents)?></textarea><br>
113. </td></tr><tr><td align="center" class="me">
114. <?php
115. if($_POST['delete']) {
116. echo "Are you sure to delete ".$filename." ?";
117. ?>
118. <tr><td align="center" class="me">
119. <input type="submit" name="yes" value=" Y E S ">
120. <input type="submit" name="no" value=" N O ">
121. </td></tr>
122. <?php
123. }else{
124. echo $stat;
125. ?></td></tr><tr><td align="right" class="me"><input type="submit" name="close" value=" Tho&#225;t ">
126. <input type="submit" name="delete" value="X&#243;a"><input type="submit" name="update" value="L&#432;u">
127. </td></tr>
128. <?php
129. }
130. fclose($handle);
131. ?>
132. </table></form>
133. <?php
134. }else{
135. echo "<br><br><br><font color=red size=3><b><center>".$filename." not exist...</b></font><br><br><br><br><br><br><br>";
136. echo "<META HTTP-EQUIV=Refresh CONTENT=\"4; URL=javascript:window.close();\">";
137. }
138. ?></center>
139. <?php
140. }
141. }elseif(isset($_POST['Submit'])){
142. $ceks = array('base64_decode','system','passthru','popen','exec','shell_exec','eval','move_uploaded_file');
143. foreach($ceks as $ceker){
144. if($_POST[$ceker]<>""){
145. $six.=$_POST[$ceker].".";
146. }
147. }
148. $cek = explode('.', $six);
149. function ListFiles($dir) {
150. if($dh = opendir($dir)) {
151. $files = Array();
152. $inner_files = Array();
153. while($file = readdir($dh)) {
154. if($file != "." && $file != ".." && $file[0] != '.') {
155. if(is_dir($dir . "/" . $file)) {
156. $inner_files = ListFiles($dir . "/" . $file);
157. if(is_array($inner_files)) $files = array_merge($files, $inner_files);
158. }else{
159. array_push($files, $dir . "/" . $file);
160. }
161. }
162. }
163. closedir($dh);
164. return $files;
165. }
166. }
167. $target=$_SERVER['DOCUMENT_ROOT'];
168. ?><center>
169. <table border="0" width="90%" cellpadding="5"><tr><td class="me" align="right" width="30"><b>No</b></td>
170. <td class="me" align="center" width="105"><b>Type</b></td><td class="me" align="center"><b>File Path</b></td>
171. <td class="me" align="center" width="150"><b>Final Editing</b></td><td class="me" align="right" width="80"><b>File Size</b></td></tr><br>
172. <?php
173. foreach (ListFiles($target) as $key=>$file){
174. $nFile = substr($file, -4, 4);
175. if($nFile == ".php"){
176. if($file==$_SERVER['DOCUMENT_ROOT'].$_SERVER['PHP_SELF']){
177. }else{
178. $ops = @file_get_contents($file);
179. $op=strtolower($ops);
180. $arr = array('c99_buff_prepare' => 'c 9 9',
181. 'abcr57' => 'r 5 7');
182. $sis=0;
183. if($op)
184. $size=filesize($file);
185. $last_modified = filemtime($file);
186. $last=date("M-d-Y H:i", $last_modified);
187. foreach($arr as $key => $val) {
188. if(@preg_match("/$key/", $op)) {
189. $sis=1;
190. $i++;
191. ?>
192. <tr style ="background-color: Your background Color;" onmouseover="mover(this)" onmouseout="mout(this)">
193. <td align="right"><font color="red"><blink><?=$i?></blink></font></td><td align="center"><font color="red"><blink><?=$val?></blink></font></td>
194. <td align="left"><blink>
195. <a href="#" class="abunai" onclick="MM_openBrWindow('?edit=file&file=<?=$file?>&bug=<?=$val?>','File view','status=yes,scrollbars=yes,width=700,height=600')" rel="nofollow"><?=$file?></a>
196. </blink></td><td align="center"><font color="red"><blink><?=$last?> GMT+9</blink></font></td>
197. <td align="right"><font color="red"><blink><?=$size?> byte</blink></font></td><script language="javascript">
198. var bgcolor = "transparent";
199. var change_color = "#444444"
200. function mover(aa) {
201. aa.style.backgroundColor = change_color;
202. }
203. function mout(aa) {
204. aa.style.backgroundColor = bgcolor;
205. }
206. </script>
207. </tr>
208. <?php
209. }
210. }
211. if($sis<>"1"){
212. if((@preg_match("/system\((.*?)\)/", $op))&&(@preg_match("/<pre>/", $op))&&(@preg_match("/empty\((.*?)\)/", $op))) {
213. $sis="2";
214. $i++;
215. $val="hidden shell";
216. ?>
217. <tr style ="background-color: Your background Color;" onmouseover="mover(this)" onmouseout="mout(this)">
218. <td align="right"><font color="00FF00"><?=$i?></font></td><td align="center"><font color="00FF00"><?=$val?></font></td><td align="left">
219. <a href="#" class="xxx" onclick="MM_openBrWindow('?edit=file&file=<?=$file?>&bug=<?=$val?>','File view','status=yes,scrollbars=yes,width=700,height=600')" rel="nofollow"><?=$file?></a>
220. </td><td align="center"><font color="00FF00"><?=$last?> GMT+9</font></td>
221. <td align="right"><font color="00FF00"><?=$size?> byte</font></td>
222. <script language="javascript">
223. var bgcolor = "transparent";
224. var change_color = "#444444"
225. function mover(aa) {
226. aa.style.backgroundColor = change_color;
227. }
228. function mout(aa) {
229. aa.style.backgroundColor = bgcolor;
230. }
231. </script></tr>
232. <?php
233. }
234. }
235. if($sis=="0"){
236. foreach($cek as $bugs) {
237. if ($bugs<>""){
238. if(@preg_match("/$bugs\((.*?)\)/", $op)) {
239. $i++;
240. ?>
241. <tr style ="background-color: Your background Color;" onmouseover="mover(this)" onmouseout="mout(this)">
242. <td align="right"><?=$i?></td><td align="center"><?=$bugs?></td><td align="left">
243. <a href="#" onclick="MM_openBrWindow('?edit=file&file=<?=$file?>&bug=<?=$bugs?>','File view','status=yes,scrollbars=yes,width=700,height=600')" rel="nofollow"><?=$file?></a>
244. </td><td align="center"><?=$last?> GMT+9</td><td align="right"><?=$size?> byte</td><script language="javascript">
245. var bgcolor = "transparent";
246. var change_color = "#444444"
247. function mover(aa) {
248. aa.style.backgroundColor = change_color;
249. }
250. function mout(aa) {
251. aa.style.backgroundColor = bgcolor;
252. }
253. </script></tr>
254. <?php
255. }
256. }
257. }
258. }
259. if($_POST['textV']<>""){
260. $text=$_POST['textV'];
261. if(@preg_match("/$text/", $op)) {
262. $i++;
263. ?>
264. <tr style ="background-color: Your background Color;" onmouseover="mover(this)" onmouseout="mout(this)">
265. <td align="right"><?=$i?></td><td align="center"><?=$text?></td><td align="left">
266. <a href="#" onclick="MM_openBrWindow('?edit=file&file=<?=$file?>&bug=<?=$text?>','File view','status=yes,scrollbars=yes,width=700,height=600')" rel="nofollow"><?=$file?></a>
267. </td><td align="center"><?=$last?> GMT+9</td><td align="right"><?=$size?> byte</td><script language="javascript">
268. var bgcolor = "transparent";
269. var change_color = "#444444"
270. function mover(aa) {
271. aa.style.backgroundColor = change_color;
272. }
273. function mout(aa) {
274. aa.style.backgroundColor = bgcolor;
275. }
276. </script></tr>
277. <?php
278. }
279. }
280. }
281. }
282. }
283. if($i==0){
284. foreach($cek as $bugs) {
285. if ($bugs<>""){
286. $x++;
287. ?>
288. <tr style ="background-color: Your background Color;" onmouseover="mover(this)" onmouseout="mout(this)">
289. <td align="right"><?=$x?></td><td align="center"><?=$bugs?></td><td align="center"> not exist </td>
290. <td align="center"> no record </td><td align="right"> -&nbsp;&nbsp;&nbsp;&nbsp;byte </td></tr>
291. <?php
292. }
293. }
294. }
295. ?></table>
296. <?php
297. }else{
298. $find = array('default','base64_decode','system','passthru','popen','exec','shell_exec','eval','move_uploaded_file');
299. ?><form id="fCheck" name="fCheck" method="post" action="" autocomplete="off">
300. <center><table class="single" width="400" border="1" cellpadding="10"><tr><td class="me"><center>
301. <b>Select scan type:</b><br><table class="me" width="200"><tr><td class="me">
302. <script language="javascript">
303. function cekKlik(){
304. if (!document.fCheck.cekV.checked)
305. document.fCheck.textV.disabled=true;
306. else
307. document.fCheck.textV.disabled=false;
308. if(document.fCheck.cekV.checked){
309. om = om + 1;
310. }else{
311. if(om > 0 ){
312. om = om - 1;
313. }else{
314. om = om;
315. }
316. }
317. if(om != 0){
318. document.fCheck.Submit.disabled=false;
319. }else{
320. document.fCheck.Submit.disabled=true;
321. }
322. }
323. </script>
324. <?php
325. //dari sini
326. foreach($find as $bug) {
327. ?><script language="javascript">
328. var om = 0;
329. function checkValue<?=$bug?>(){
330. if(document.fCheck.<?=$bug?>.checked){
331. om = om + 1;
332. }else{
333. if(om > 0 ){
334. om = om - 1;
335. }else{
336. om = om;
337. }
338. }
339. if(om != 0){
340. document.fCheck.Submit.disabled=false;
341. }else{
342. document.fCheck.Submit.disabled=true;
343. }
344. }
345. </script>
346. <input onclick="checkValue<?=$bug?>();" name="<?=$bug?>" type="checkbox" id="<?=$bug?>" value="<?=$bug?>" />&nbsp;<?=$bug?><br>
347. <?php
348. }
349. ?>
350. <input name="cekV" type="checkbox" onClick="cekKlik();" id="cekV" value="cekV">
351. <input class="isi" disabled="disabled" name="textV" value="other key word" onFocus="this.select()" type="text" id="textV">
352. <br><br><input type="hidden" name="asal" value="abcd">
353. <input disabled="disabled" type="submit" name="Submit" value="Start Scan" />
354. </td></tr></table></td></tr></table></form>
355. <?
356. }
357. ?>
358. </body>