Created
August 17, 2014 14:01
-
-
Save sh1n0b1/c15c72c64bae9159f2ec to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/perl -w | |
use CGI; | |
use Digest::MD5 qw(md5_hex); | |
$cgi = new CGI; | |
$SESSDIR = "/tmp/"; | |
$sessfile = $cgi->cookie("diagsess"); | |
$arg0 = $cgi->param("arg"); | |
$action = $cgi->param("action"); | |
$arg = &safestr($arg0); | |
if (! defined($sessfile) ) | |
{ | |
if ( md5_hex($cgi->param("sechash")) =~ /^000000000000.*$/) | |
{ | |
$sesshash{'user'} = 'admin'; | |
} | |
else | |
{ | |
$sesshash{'user'} = 'guest'; | |
} | |
$sesshash{'ip'} = &get_ip; | |
$diagsess = md5_hex( $sesshash{'user'} . '|||' . $sesshash{'ip'} ); | |
$cookie = "diagsess=$diagsess;"; | |
&write_session; | |
print $cgi->header(-cookie => $cookie, | |
-expires => 'Mon, 01 Jan 1999 00:00:00 GMT', | |
-'cache-control' => 'no-cache', | |
-pragma => 'no-cache',-'location'=> 'dana-na.cgi?sechash=' ); | |
exit 0; | |
} | |
else | |
{ | |
print $cgi->header(); | |
&read_session; | |
&print_menu; | |
} | |
if (defined ($action) && length($action)>0) | |
{ | |
if ($action =~ /^print_session$/) | |
{ | |
&print_session; | |
exit 0; | |
} | |
if ($action =~ /^curl$/) | |
{ | |
&curl($arg); | |
exit 0; | |
} | |
if ($action =~ /^ping$/ ) | |
{ | |
&ping($arg); | |
exit 0; | |
} | |
if ($action =~ /^traceroute$/) | |
{ | |
&traceroute ($arg); | |
exit 0; | |
} | |
if ($action =~ /^shell$/) | |
{ | |
&shell($arg); | |
exit 0; | |
} | |
} | |
sub curl | |
{ | |
$host = shift; | |
print "<pre><textarea rows=24 cols=80>"; | |
if (defined($host) && length($host)>1) | |
{ | |
open(GG,"/usr/bin/curl -s $host |") and do | |
{ | |
while(<GG>) | |
{ | |
print; | |
} | |
} | |
} | |
} | |
sub ping | |
{ | |
my $host = shift; | |
print "<pre>"; | |
if(defined($host) && length($host)>1) | |
{ | |
open(GG,"/bin/ping -c3 $host |") and do | |
{ | |
while(<GG>) | |
{ | |
print; | |
} | |
}; | |
close GG; | |
} | |
} | |
sub traceroute | |
{ | |
my $host = shift; | |
print "<pre>"; | |
if(defined($host) && length($host)>1) | |
{ | |
open(GG,"/usr/sbin/traceroute -d -n -w 5 $host |") and do | |
{ | |
while(<GG>) | |
{ | |
print; | |
} | |
}; | |
close GG; | |
} | |
} | |
sub read_session | |
{ | |
undef %sesshash; | |
if(! -f "$SESSDIR/$sessfile") | |
{ | |
print "session error!"; | |
return; | |
} | |
open(GG, "$SESSDIR/$sessfile") and do { | |
while (<GG>) { | |
eval($_); | |
} | |
close GG; | |
}; | |
} | |
sub write_session | |
{ | |
open(GG, ">$SESSDIR/$diagsess") and do | |
{ | |
foreach (sort keys %sesshash) | |
{ | |
print GG "\$sesshash{'$_'} = '$sesshash{$_}';\n"; | |
} | |
}; | |
close GG; | |
} | |
sub print_session | |
{ | |
foreach (sort keys %sesshash) { | |
print "$_=$sesshash{$_}\n"; | |
} | |
} | |
sub shell | |
{ | |
$cmd = shift; | |
print "<pre>"; | |
if ( $sesshash{'user'} eq 'admin' ) | |
{ | |
open(GG, "$cmd |") and do | |
{ | |
print; | |
} | |
close GG; | |
} | |
else | |
{ | |
print "sorry $sesshash{'user'}! you're not admin!\n"; | |
} | |
} | |
sub print_menu | |
{ | |
$arg0 =~ s/\</\<\;/g; | |
open(GG,"cat menu.html |") and do | |
{ | |
while(<GG>) | |
{ | |
$_ =~ s/\%\%arg\%\%/$arg0/g; | |
print $_; | |
} | |
close GG; | |
}; | |
} | |
sub get_ip | |
{ | |
$h1 = $ENV{'REMOTE_ADDR'}; | |
$h2 = $ENV{'HTTP_CLIENT_IP'}; | |
$h3 = $ENV{'HTTP_X_FORWARDED_FOR'}; | |
if (length($h3)>0) | |
{ | |
return $h3; | |
} | |
elsif (length($h2)>0) | |
{ | |
return $h2; | |
} | |
else | |
{ | |
return $h1; | |
} | |
return "UNKNOWN"; | |
} | |
sub safestr | |
{ | |
my $str = shift; | |
$str =~ s/([;<>\*\|`&\$!#\(\)\[\]\{\}:'"])/\\$1/g;; | |
return $str; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment