QedShell v2.0

Filed under Penetration Testing

c 99shell from the ccteam was a great PHP script, unfortunately support is discontinued. The idea is to have an all-in-one file to administrate a server once that file is uploaded.
When you look into the source of the c 99shell it is a bit chaotic and it even is detected by some anti-virus programs. For these reasons I wrote the code of QedShell from scratch.
This project is also aimed to help learn PHP, for that reason I commented almost every line.

Download it here:
http://fronted.quzart.nl/component/option,com_remository/func,fileinfo/id,11/


= Modules =
QedShell is scripted in modules – for example the Fileadmin module – so new add-ons are easy to make.
A module is basicaly a class with two functions, preprocess() and process(). The first one is to execute code before output is started. The process() function executes code that goes between the HTML header and footer.
Why use two functions? Well if you want to download a file from the server then the PHP script should first tell the browser to download something. This is done in the HTTP headers. If the HTML headers are already send then of course the HTTP headers are also send, and thus you cant tell the browser to download something. Also in the preprocess() function you can set alert messages that are shown in the HTML header.

These modules are already scripted:
– Fileadmin, browse through files/directories, chmod, delete, rename, edit and download them.
– Mail, send emails, you can set the Senders email and name, set the Receivers email and name, set the subject and content of the email. And this module supports HTML emails.
– phpInfo, show phpInfo();
– Security, show some general info about the current system and configuration, for example: is the /etc/passwd readable, are program, posix and socket functions enabled.
– Posix, if the posix functions are enabled then we can generate a /etc/passwd and /etc/groups file.
– Encoder, encoding/hashing/converting strings.
– phpCode, execute PHP code
– Port mapper, if the socket functions are enabled then we can check wich ports are already opened and thus see what services are running.

If you have some request for future, found bugs or want to script something post something on the De-ICE forum or send an email to: qedshell [at sign] quzart.nl

= Code structure =
This is how QedShell works:
– First parse user config.
– Check if the user/password is ok (optional).
– Check if the requested module exists, else show the fileadmin module.
– Execute the preprocess() function of the current module
– Show HTML header
– Execute the process() function of the current module
– Show HTML footer

= Future =
I think about making some more modules:
– FTP admin
– MySQL admin
– PHP backconnect shell
– PHP proxy server
Of course if you have suggestions or want to script something yourself, just send a mail to qedshell [at sign] quzart.nl

= Download =
You can download the latest version of QedShell here:
http://fronted.quzart.nl/component/option,com_remository/func,fileinfo/id,11/

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*