PHP Shell by Google

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    PHP Shell by Google

    Code:
    #!/usr/bin/perl

use strict;
use warnings;
use LWP::UserAgent;

usage() unless $ARGV[2];

my @searchTerm;
my @checkTerm;

if(lc($ARGV[0]) eq "r57") {
        push(@searchTerm, "inurl:r57.php");
        push(@searchTerm, ""[ phpinfo ]  [ php.ini ]  [ cpu ]  [ mem ]  [ users ]  [ tmp ]  [ delete ]"");
        push(@searchTerm, "intitle:r57shell");
        push(@checkTerm, "r57");
        push(@checkTerm, "safe_mode");
} elsif(lc($ARGV[0]) eq "c99") {
        push(@searchTerm, "inurl:c99.php");
        push(@searchTerm, ""Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout"");
        push(@searchTerm, "intitle:" - phpshell"");
        push(@searchTerm, "intitle:" - c99shell"");
        push(@checkTerm, "c99");
        push(@checkTerm, "Safe-mode");
} elsif(lc($ARGV[0]) eq "mys") {
        push(@searchTerm, ""Auto error traping enabled"");
        push(@searchTerm, "intitle:"MyShell 1.1.0 build 20010923"");
        push(@checkTerm, "MyShell");
        push(@checkTerm, "Echo commands");
} elsif(lc($ARGV[0]) eq "phs") {
        push(@searchTerm, "intitle:"PHP Shell 1.5"");
        push(@searchTerm, "intitle:"PHP Shell 1.6"");
        push(@searchTerm, "intitle:"PHP Shell 1.7"");
        push(@searchTerm, ""Enable stderr-trapping?"");
        push(@checkTerm, "PHP Shell");
        push(@checkTerm, "Choose new working");
} elsif(lc($ARGV[0]) eq "phm") {
        push(@searchTerm, ""PHPShell by BioBeo"");
        push(@searchTerm, ""[ Main Menu ]      [ PHPKonsole ]      [ Haxplorer ]"");
        push(@checkTerm, "Haxplorer");
        push(@checkTerm, "PHPKonsole");
} elsif(lc($ARGV[0]) eq "rem") {
        push(@searchTerm, "intitle:"phpRemoteView: "");
        push(@searchTerm, ""REMVIEW TOOLS"");
        push(@checkTerm, "phpRemoteView");
        push(@checkTerm, "perms");
}

if(!@searchTerm) {
        print "Error: [shell to find] is a unknown shell\n" and die;
}

my $outputOn;

if(lc($ARGV[1]) eq "on") {
        $outputOn = 1;
} elsif(lc($ARGV[1]) eq "off") {
        $outputOn = 0;
} else {
        print "Error: [screen output] must be "on" or "off"\n" and die;
}

my $outputFile;

if(index(lc($ARGV[2]), ".htm") > 0) {
        $outputFile = $ARGV[2];
} else {
        print "Error: [output HTML file] must be *.htm or *.html\n" and die;
}

open(FILEHANDLE, ">$outputFile");
print FILEHANDLE "<html><head><title>PHP Shell's</title></head><body>\n";
close FILEHANDLE;

my $userAgent = LWP::UserAgent->new;
$userAgent->agent("User-Agent=Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.5) Gecko/20061201 Firefox/2.0.0.5");

my @resultLinks;

foreach(@searchTerm) {
        print "[*] Query for "$_"\n" if($outputOn == 1);
     
        my $isLastPage = 0;
     
        for(my $gPage = 0; ; $gPage++) {
                if($isLastPage == 1) { last; }
             
                my $gRequest =  HTTP::Request->new(GET => "http://www.google.de/search?q=$_&start=$gPage"."0");
                my $gResource = $userAgent->request($gRequest);
             
                if($gResource->is_success) {
                        my @gContent = split("<div class=g>", $gResource->content);
                        if(@gContent < 10) { $isLastPage = 1; };
                     
                        for(my $gPiece = 1; $gPiece < @gContent; $gPiece++) {
                                my $shellLink = substr($gContent[$gPiece], index($gContent[$gPiece], "href="") + 6);
                                $shellLink = substr($shellLink, 0, index($shellLink, """));
                             
                                print "[*] Check status of site "$shellLink"\n" if($outputOn == 1);
                             
                                my $sRequest = HTTP::Request->new(GET => $shellLink);
                                my $sResource = $userAgent->request($sRequest);
                             
                                if($sResource->is_success) {
                                        if(index($sResource->content, $checkTerm[0]) != -1 && index($sResource->content, $checkTerm[1]) != -1) {
                                                open(FILEHANDLE, ">>$outputFile");
                                                print FILEHANDLE "Link: <a href="$shellLink">$shellLink</a><br>\n";
                                                print FILEHANDLE "Search Term: <i>$_</i><br><br>\n";
                                                close FILEHANDLE;
                                             
                                                print "[+] Found shell: $shellLink\n" if($outputOn == 1);
                                        } else {
                                                print "[-] No shell\n" if($outputOn == 1);
                                        }
                                } else {
                                        print "[-] Offline\n" if($outputOn == 1);
                                }
                        }
                     
                        sleep 20; #wait 20 seconds so google dont think we are a bot
                } else {
                        print "Unable to query google\n" and die;
                }
        }
}

open(FILEHANDLE, ">>$outputFile");
print FILEHANDLE "<br><br><center><small><a href="http://facebook.com/yyyeiy">Find PHP Shells via Google - by Yusha</a></small></center></body></html>";
close FILEHANDLE;

sub usage {
        print qq(
Find PHP Shells via Google - Yusha (http://facebook.com/yyyeiy)
     
Usage:  perl $0 [shell to find] [screen output] [output HTML file]
                  [shell to find] can be:
                        r57 - find r57shell
                        c99 - find c99shell
                        mys - find MyShell
                        phs - find PHP Shell
                        phm - find PHPShell (Macker)
                        rem - find phpRemoteView
                  [screen output] can be:
                        on  - every step the script doas get printed on the screen
                        off - no output, the script just writes to the output file
                  [output HTML file] must be:
                        *.htm or *.html
                                                         
Example: perl $0 c99 on c99shells.htm
        perl $0 mys off manyshells.htm

)      and exit;
}
    Last edited by BioBeo; 12.06.11, 12:05.
    Tags: php, shell
    #2
    One way to stop shell script to prevent it to execute using Bash Command !

    Comment

      #3
      What is the Bash Shell?

      The GNU Bourne-Again SHell (BASH) incorporates features from the C Shell (csh) and the Korn Shell (ksh) and conforms to the POSTIX 2 shell specifications. It provides a Command Line Interface (CLI) for working on *nix systems and is the most common shell used on Linux systems. Useful bash features will be the subject of the rest of this document.

      Bash's Configuration Files

      Because what I want to say here has already been written I will quote the section entitled "Files used by Bash" from freeunix.dyndns.org's "Customizing your Bash environment" In your home directory, 3 files have a special meaning to Bash, allowing you to set up your environment automatically when you log in and when you invoke another Bash shell, and allow you to execute commands when you log out.
      These files may exist in your home directory, but that depends largely on the Linux distro you're using and how your sysadmin (if not you) has set up your account. If they're missing, Bash defaults to /etc/profile.
      You can easily create these files yourself using your favorite texteditor. They are:
      .bash_profile : read and the commands in it executed by Bash every time you log in to the system
      .bashrc : read and executed by Bash every time you start a subshell
      .bash_logout : read and executed by Bash every time a login shell exits
      Bash allows 2 synonyms for .bash_profile : .bash_login and .profile. These are derived from the C shell's file named .login and from the Bourne shell and Korn shell files named .profile. Only one of these files is read when you log in. If .bash_profile isn't there, Bash will look for .bash_login. If that is missing too, it will look for .profile.
      .bash_profile is read and executed only when you start a login shell (that is, when you log in to the system). If you start a subshell (a new shell) by typing bash at the command prompt, it will read commands from .bashrc. This allows you to separate commands needed at login from those needed when invoking a subshell.
      However, most people want to have the same commands run regardless of whether it is a login shell or a subshell. This can be done by using the source command from within .bash_profile to execute .bashrc. You would then simply place all the commands in .bashrc.


      These files are useful for automatically executing commands like: set, alias, unalias, and setting the PS(1-4) variables, which can all be used to modify your bash environment.

      You can use the source command to apply the changes that you have just made in a configuration file. For example if you add an alias to /etc/profile to apply the changes to your current session execute: $ source /etc/profile


      Active aliases can be viewed by executing the alias command. Some common files that may modify aliases are: ~/.bashrc, ~/.bash_profile, ~/.profile, /etc/bashrc, /etc/profile, files in /etc/profile.d.
      Modifying the Bash Shell with the set Command

      Two options that can be set using the set command that will be of some interest to the common user are "-o vi" and "-o emacs". As with all of the environment modifying commands these can be typed at the command prompt or inserted into the appropriate file mentioned above.
      Set Emacs Mode in Bash $ set -o emacs


      This is usually the default editing mode when in the bash environment and means that you are able to use commands like those in Emacs (defined in the Readline library) to move the cursor, cut and paste text, or undo editing.

      Commands to take advantage of bash's Emacs Mode:ctrl-a Move cursor to beginning of line
      ctrl-e Move cursor to end of line
      meta-b Move cursor back one word
      meta-f Move cursor forward one word
      ctrl-w Cut the last word
      ctrl-u Cut everything before the cursor
      ctrl-k Cut everything after the cursor
      ctrl-y Paste the last thing to be cut
      ctrl-_ Undo


      NOTE: ctrl- = hold control, meta- = hold meta (where meta is usually the alt or escape key).

      A combination of ctrl-u to cut the line combined with ctrl-y can be very helpful. If you are in middle of typing a command and need to return to the prompt to retrieve more information you can use ctrl-u to save what you have typed in and after you retrieve the needed information ctrl-y will recover what was cut.
      Set Vi Mode in Bash $ set -o vi


      Vi mode allows for the use of vi like commands when at the bash prompt. When set to this mode initially you will be in insert mode (be able to type at the prompt unlike when you enter vi). Hitting the escape key takes you into command mode.

      Commands to take advantage of bash's Vi Mode:h Move cursor left
      l Move cursor right
      A Move cursor to end of line and put in insert mode
      0 (zero) Move cursor to beginning of line (doesn't put in insert mode)
      i Put into insert mode at current position
      a Put into insert mode after current position
      dd Delete line (saved for pasting)
      D Delete text after current cursor position (saved for pasting)
      p Paste text that was deleted
      j Move up through history commands
      k Move down through history commands
      u Undo


      Useful Commands and Features

      The commands in this section are non-mode specific, unlike the ones listed above.
      Flip the Last Two Characters

      If you type like me your fingers spit characters out in the wrong order on occasion. ctrl-t swaps the order that the last two character appear in.
      Searching Bash History

      As you enter commands at the CLI they are saved in a file ~./.bash_history. From the bash prompt you can browse the most recently used commands through the least recently used commands by pressing the up arrow. Pressing the down arrow does the opposite.

      If you have entered a command a long time ago and need to execute it again you can search for it. Type the command 'ctrl-r' and enter the text you want to search for.
      Dealing with Spaces

      First, I will mention a few ways to deal with spaces in directory names, file names, and everywhere else.
      Using the Backslash Escape Sequence

      One option is to use bash's escape character \. Any space following the backslash is treated as being part of the same string. These commands create a directory called "foo bar" and then remove it. $ mkdir foo\ bar
      $ rm -r foo\ bar


      The backslash escape sequence can also be used to decode commands embedded in strings which can be very useful for scripting or modifying the command prompt as discussed later.
      Using Single/Double Quotes with Spaces and Variables

      Single and double quotes can also be used for dealing with spaces. $ touch 'dog poo'
      $ rm "dog poo"


      The difference between single and double quotes being that in double quotes the $, \, and ' characters still preserve their special meanings. Single quotes will take the $ and \ literally and regard the ' as the end of the string. Here's an example: $ MY_VAR='This is my text'
      $ echo $MY_VAR
      This is my text
      $ echo "$MY_VAR"
      This is my text
      $ echo '$MY_VAR'
      $MY_VAR


      The string following the $ character is interpreted as being a variable except when enclosed in single quotes as shown above.
      Lists Using { and }

      The characters { and } allow for list creation. In other words you can have a command be executed on each item in the list. This is perhaps best explained with examples: $ touch {temp1,temp2,temp3,temp4}


      This will create/modify the files temp1, temp2, temp3, and temp4 and as in the example above when the files share common parts of the name you can do: $ mv temp{1,2,3,4} ./foo\ bar/


      This will move all four of the files into a directory 'foo bar'.
      Executing Multiple Commands in Sequence

      This is a hefty title for a simple task. If you want to run three commands, one right after the other, you can type them on a single line: $ ./configure; make; make install
      OR
      $ ./configure && make && make install


      With the first if the ./configure fails the other two commands will continue to execute. With the second the commands following the && will only execute if the command previous finishes without error. Thus, the second would be most useful for this example because there is no reason to run 'make' or 'make install' if the configuration fails.
      Piping Output from One Command to Another

      Piping allows the user to do several fantastic thing by combining utilities. I will cover only very basic uses for piping. I most commonly use the pipe command, |, to pipe text that is output from one command through the grep command to search for text.

      Examples: See if a program, centericq, is running:
      $ ps ax | grep centericq
      25824 pts/2 S 0:18 centericq
      Count the number of files in a directory (nl counts things):
      $ ls | nl
      1 #.emacs#
      2 BitchX
      3 Outcast double cd.lst
      4 bm.shader
      5 bmtexturesbase.pk3
      If my memory serves using RPM to check if a package is installed:
      $ rpm -qa | grep package_name
      A more advance example:
      $ cat /etc/passwd | awk -F: '{print $1 "\t" $6}' | sort > ./users
      This sequence takes the information if the file passwd, pipes it to awk, which takes the first and sixth fields (the user name and home directory respectively), pipes these fields separated by a tab ("\t") to sort, which sorts the list alphabetically, and puts it into a file called users.



      Aliasing Commands

      Once again I like how this topic is covered on freeunix.dyndns.org:8088 in "Customizing your Bash environment" I will quote the section entitled "Aliasses": If you have used UNIX for a while, you will know that there are many commands available and that some of them have very cryptic names and/or can be invoked with a truckload of options and arguments. So, it would be nice to have a feature allowing you to rename these commands or type something simple instead of a list of options. Bash provides such a feature : the alias .
      Aliasses can be defined on the command line, in .bash_profile, or in .bashrc, using this form : alias name=command

      This means that name is an alias for command. Whenever name is typed as a command, Bash will substitute command in its place. Note that there are no spaces on either side of the equal sign. Quotes around command are necessary if the string being aliassed consists of more than one word. A few examples :
      alias ls='ls -aF --color=always'
      alias ll='ls -l'
      alias search=grep
      alias mcd='mount /mnt/cdrom'
      alias ucd='umount /mnt/cdrom'
      alias mc='mc -c'
      alias ..='cd ..'
      alias ...='cd ../..'

      The first example ensures that ls always uses color if available, that dotfiles are listed as well,that directories are marked with a / and executables with a *. To make ls do the same on FreeBSD, the alias would become :
      alias ls='/bin/ls -aFG'

      To see what aliasses are currently active, simply type alias at the command prompt and all active aliasses will be listed. To "disable" an alias type unalias followed by the alias name.


      Altering the Command Prompt Look and Information

      Bash has the ability to change how the command prompt is displayed in information as well as colour. This is done by setting the PS1 variable. There is also a PS2 variable. It controls what is displayed after a second line of prompt is added and is usually by default '> '. The PS1 variable is usually set to show some useful information by the Linux distribution you are running but you may want to earn style points by doing your own modifications.

      Here are the backslash-escape special characters that have meaning to bash: \a an ASCII bell character (07)
      \d the date in "Weekday Month Date" format
      (e.g., "Tue May 26")
      \e an ASCII escape character (033)
      \h the hostname up to the first `.'
      \H the hostname
      \j the number of jobs currently managed by the shell
      \l the basename of the shell's terminal device name
      \n newline
      \r carriage return
      \s the name of the shell, the basename of $0
      (the portion following the final slash)
      \t the current time in 24-hour HH:MM:SS format
      \T the current time in 12-hour HH:MM:SS format
      \@ the current time in 12-hour am/pm format
      \u the username of the current user
      \v the version of bash (e.g., 2.00)
      \V the release of bash, version + patchlevel
      (e.g., 2.00.0)
      \w the current working directory
      \W the basename of the current working direcory
      \! the history number of this command
      \# the command number of this command
      \$ if the effective UID is 0, a #, otherwise a $
      \nnn the character corresponding to the octal number nnn
      \\ a backslash
      \[ begin a sequence of non-printing characters,
      which could be used to embed a terminal control
      sequence into the prompt
      \] end a sequence of non-printing characters


      Colours In Bash:Black 0;30 Dark Gray 1;30
      Blue 0;34 Light Blue 1;34
      Green 0;32 Light Green 1;32
      Cyan 0;36 Light Cyan 1;36
      Red 0;31 Light Red 1;31
      Purple 0;35 Light Purple 1;35
      Brown 0;33 Yellow 1;33
      Light Gray 0;37 White 1;37


      Here is an example borrowed from the Bash-Prompt-HOWTO: PS1="\[\033[1;34m\][\$(date +%H%M)][\u@\h:\w]$\[\033[0m\] "


      This turns the text blue, displays the time in brackets (very useful for not losing track of time while working), and displays the user name, host, and current directory enclosed in brackets. The "\[\033[0m\]" following the $ returns the colour to the previous foreground colour.

      How about command prompt modification thats a bit more "pretty": PS1="\[\033[1;30m\][\[\033[1;34m\]\u\[\033[1;30m\]@\[\033[0;35m\]\h\[\033[1;30m\]] \[\033[0;37m\]\W \[\033[1;30m\]\$\[\033[0m\] "


      This one sets up a prompt like this: [user@host] directory $

      Break down:
      \[\033[1;30m\] - Sets the color for the characters that follow it. Here 1;30 will set them to Dark Gray.
      \u \h \W \$ - Look to the table above
      \[\033[0m\] - Sets the colours back to how they were originally.


      Each user on a system can have their own customized prompt by setting the PS1 variable in either the .bashrc or .profile files located in their home directories.
      FUN STUFF!

      A quick note about bashish. It allows for adding themes to a terminal running under a GUI. Check out the site for some screen-shots of what it can do.

      Also, the program fortune is a must [At least I have considered it so every since my Slackware days (it is default)]. It doesn't have anything to do with bash and is a program that outputs a quote to the screen. Several add-ons are available to make it say stuff about programming, the xfiles, futurama, starwars, and more. Just add a line in your /etc/profile like this to brighten your day when you log into your computer: echo;fortune;echo



      CDargs - Shell Bookmarks

      Impress your friends and colleagues with lightening fast directory switching using the CDargs bookmarking tool. CDargs is not exclusive to BASH, but is a great addition and works on *nix based systems, including OS X. Download CDargs here in source or rpm.

      CDargs allow for setting named marks in directories and moving to them quickly using the cdb command or a ncurses view.
      Install
      Compile / install source
      Move cdargs-bash.sh to /etc
      Add this line to your users .bashrc file
      source /etc/cdargs-bash.sh


      Relogin or run source ~/.bashrc
      Usage

      mark

      Mark a directory that you want to get to quickly in the future. Move to the desired directory and type mark <name> or simply mark to have it take the name of the current directory. You can also mark a directory using the ncurses tool. Run cdargs or cdb to start the ncurses tool. Add a new mark by pressing a.

      cdb

      Now you have a bunch of marked directories. Simply type cdb <name of a mark> to move to the marked directory. Alternatively use cdb and navigate with arrows or number to the desired mark.

      manage

      Start the ncurses tool cdb. Some useful keys to thump:a add new mark
      d delete mark
      e edit mark
      right left arrows move in and out of directories
      l list the files in the highlighted directory
      c make a copy of a mark
      enter go to selected directory / mark


      You can also edit the ~/.cdargs text file directly to manage marks


      Basic and Extended Bash Completion

      Basic Bash Completion will work in any bash shell. It allows for completion of:
      File Names
      Directory Names
      Executable Names
      User Names (when they are prefixed with a ~)
      Host Names (when they are prefixed with a @)
      Variable Names (when they are prefixed with a $)

      This is done simply by pressing the tab key after enough of the word you are trying to complete has been typed in. If when hitting tab the word is not completed there are probably multiple possibilities for the completion. Press tab again and it will list the possibilities. Sometimes on my machine I have to hit it a third time.

      Extended Programmable Bash Completion is a program that you can install to complete much more than the names of the things listed above. With extended bash completion you can, for example, complete the name of a computer you are trying to connect to with ssh or scp. It achieves this by looking through the known_hosts file and using the hosts listed there for the completion. This is greatly customizable and the package and more information can be found here.

      Configuration of Programmable Bash Completion is done in /etc/bash_completion.
      ________________
      Jacques
      jacques@gw-designs.co.za
      http://coding.biz.tm
      Come join and lets make it a place to learn all the noobies how to code
      __________________

      NEVER FORGET TO CLICK THE TANX BUTTON IF U LIKE WHAT IM SHARING OR HELPING WITH

      Comment

        #4
        This surely gonna help others too..

        Comment

          #5
          o.O thats some long ass post im sure i'll never read dam

          Comment

          Previous template Next
          Working...
          X