被黑了，这段代码有什么作用? [英] Hacked, what does this piece of code do?

问题描述

警告:这是一个可能的漏洞利用.如果您不确定如何处理，请不要直接在您的服务器上运行.

WARNING: This is a possible exploit. Do not run directly on your server if you're not sure what to do with this.

http://pastehtml.com/view/1b1m2r6.txt

我相信这是通过不安全的上传脚本上传的.如何解码和解压缩此代码?在浏览器中运行它可能会将它作为 shell 脚本执行，打开一个端口或其他东西.

I believe this was uploaded via an insecure upload script. How do I decode and uncompress this code? Running it in the browser might execute it as a shell script, open up a port or something.

我可以在线进行 base64 解码，但我无法真正解压缩它.

I can do a base64 decode online but i couldn't really decompress it.

推荐答案

所以有一个字符串.它经过 gzipped 和 base64 编码，代码对 base64 进行解码，然后对其进行解压缩.

So there's a string. It's gzipped and base64 encoded, and the code decodes the base64 and then uncompresses it.

完成后，我得到了这样的结果:

When that's done, I am resulted with this:

<? eval(base64_decode('...')); ?>

又一层base64，长度为720440字节.

Another layer of base64, which is 720440 bytes long.

现在，base64 解码后，我们有 506961 字节的漏洞利用代码.

Now, base64 decoding that, we have 506961 bytes of exploit code.

我仍在检查代码，当我有更多的理解时会更新这个答案.代码很大.

I'm still examining the code, and will update this answer when I have more understanding. The code is huge.

仍在通读代码，并且(做得非常好)漏洞允许将这些工具暴露给黑客:

Still reading through the code, and the (very well-done) exploit allows these tools to be exposed to the hacker:

• TCP 后门设置
• 未经授权的 shell 访问
• 读取所有 htpasswd、htaccess、密码和配置文件
• 日志擦除
• MySQL 访问(读、写)
• 将代码附加到与名称模式匹配的所有文件(大规模利用)
• RFI/LFI 扫描仪
• UDP 泛洪
• 内核信息

这可能是一个专业的基于 PHP 的服务器范围的漏洞利用工具包，并且由于它有一个漂亮的 HTML 界面和所有内容，因此专业黑客甚至脚本小子都可以轻松使用它.

This is probably a professional PHP-based server-wide exploit toolkit, and seeing as it's got a nice HTML interface and the whole lot, it could be easily used by a pro hacker, or even a script kiddie.

这个漏洞利用名为c99shell(感谢江易)，结果证明它非常流行，已经被讨论和运行了几年.在 Google 上有很多关于此漏洞的结果.

This exploit is called c99shell (thanks Yi Jiang) and it turns out to have been quite popular, being talked about and running for a few years already. There are many results on Google for this exploit.

这篇关于被黑了，这段代码有什么作用?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！