Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/perl -w
- use CGI;
- use Digest::MD5 qw(md5_hex);
- $cgi = new CGI;
- $SESSDIR = "/tmp/";
- $sessfile = $cgi->cookie("diagsess");
- $arg0 = $cgi->param("arg");
- $action = $cgi->param("action");
- $arg = &safestr($arg0);
- if (! defined($sessfile) )
- {
- if ( md5_hex($cgi->param("sechash")) =~ /^000000000000.*$/)
- {
- $sesshash{'user'} = 'admin';
- }
- else
- {
- $sesshash{'user'} = 'guest';
- }
- $sesshash{'ip'} = &get_ip;
- $diagsess = md5_hex( $sesshash{'user'} . '|||' . $sesshash{'ip'} );
- $cookie = "diagsess=$diagsess;";
- &write_session;
- print $cgi->header(-cookie => $cookie,
- -expires => 'Mon, 01 Jan 1999 00:00:00 GMT',
- -'cache-control' => 'no-cache',
- -pragma => 'no-cache',-'location'=> 'dana-na.cgi?sechash=' );
- exit 0;
- }
- else
- {
- print $cgi->header();
- &read_session;
- &print_menu;
- }
- if (defined ($action) && length($action)>0)
- {
- if ($action =~ /^print_session$/)
- {
- &print_session;
- exit 0;
- }
- if ($action =~ /^curl$/)
- {
- &curl($arg);
- exit 0;
- }
- if ($action =~ /^ping$/ )
- {
- &ping($arg);
- exit 0;
- }
- if ($action =~ /^traceroute$/)
- {
- &traceroute ($arg);
- exit 0;
- }
- if ($action =~ /^shell$/)
- {
- &shell($arg);
- exit 0;
- }
- }
- sub curl
- {
- $host = shift;
- print "<pre><textarea rows=24 cols=80>";
- if (defined($host) && length($host)>1)
- {
- open(GG,"/usr/bin/curl -s $host |") and do
- {
- while(<GG>)
- {
- print;
- }
- }
- }
- }
- sub ping
- {
- my $host = shift;
- print "<pre>";
- if(defined($host) && length($host)>1)
- {
- open(GG,"/bin/ping -c3 $host |") and do
- {
- while(<GG>)
- {
- print;
- }
- };
- close GG;
- }
- }
- sub traceroute
- {
- my $host = shift;
- print "<pre>";
- if(defined($host) && length($host)>1)
- {
- open(GG,"/usr/sbin/traceroute -d -n -w 5 $host |") and do
- {
- while(<GG>)
- {
- print;
- }
- };
- close GG;
- }
- }
- sub read_session
- {
- undef %sesshash;
- if(! -f "$SESSDIR/$sessfile")
- {
- print "session error!";
- return;
- }
- open(GG, "$SESSDIR/$sessfile") and do {
- while (<GG>) {
- eval($_);
- }
- close GG;
- };
- }
- sub write_session
- {
- open(GG, ">$SESSDIR/$diagsess") and do
- {
- foreach (sort keys %sesshash)
- {
- print GG "\$sesshash{'$_'} = '$sesshash{$_}';\n";
- }
- };
- close GG;
- }
- sub print_session
- {
- foreach (sort keys %sesshash) {
- print "$_=$sesshash{$_}\n";
- }
- }
- sub shell
- {
- $cmd = shift;
- print "<pre>";
- if ( $sesshash{'user'} eq 'admin' )
- {
- open(GG, "$cmd |") and do
- {
- print;
- };
- }
- else
- {
- print "sorry $sesshash{'user'}! you're not admin!\n";
- }
- }
- sub print_menu
- {
- $arg0 =~ s/\</\<\;/g;
- open(GG,"cat menu.html |") and do
- {
- while(<GG>)
- {
- $_ =~ s/\%\%arg\%\%/$arg0/g;
- print $_;
- }
- close GG;
- };
- }
- sub get_ip
- {
- $h1 = $ENV{'REMOTE_ADDR'};
- $h2 = $ENV{'HTTP_CLIENT_IP'};
- $h3 = $ENV{'HTTP_X_FORWARDED_FOR'};
- if (length($h3)>0)
- {
- return $h3;
- }
- elsif (length($h2)>0)
- {
- return $h2;
- }
- else
- {
- return $h1;
- }
- return "UNKNOWN";
- }
- sub safestr
- {
- my $str = shift;
- $str =~ s/([;<>\*\|`&\$!#\(\)\[\]\{\}:'"])/\\$1/g;;
- return $str;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement