Skip to content

Big Release
Compare
Choose a tag to compare
@dotcppfile dotcppfile released this 21 May 22:40
· 23 commits to master since this release
22/5/2015
6e39e95
  1. Full support for Windows.
  2. DAws is now completely POST based.
  3. SSH Method support has been applied but it is based on user's interaction. This method is based on creating a RSA key and adding the public key to the authorized_keys file that will allow the owner of that key to connect to ssh without using a password. Now for this to happen, DAws should find the user, the home directory, the ssh port, use about 4000 lines of codes to create a rsa key with openssh format and to ssh connect. Lets not forget that even if all this was presented the .ssh directory could simply be unreadable same for the authorized_keys file. So the success rate of all this is practically low unless the user helps out; in DAws, the user is supposed to find the ssh user and the home directory (by using DAws's file manager) and the ssh port (simple tcp scan) and upload the needed files manually (by using DAws's file manager) and this may take the user a minute while for DAws it may cause many problems specially if there's security systems, since a lot of functions will be used to retrieve all that information, which will instantly cose this whole thing to fail.
  4. After DAws's finds its directory (a writeable and readable one), DAws will try to move to that directory if it's a web directory. Now that will be useful for one thing and that thing is based on dropping a php.ini and a .htaccess which will allow DAws to do anything but this will only work if suphp was installed.
  5. If DAws failed to find its proper web directory then it will go searching randomly for anything else. Thanks to that, everthing in the shell will still work perfectly except for the CGI Shells.
  6. Added the usage of call_user_func, call_user_func_array, ArrayIterator, register_tick_function, array_map, array_walk, array_filter and register_shutdown_function to bypass Suhosin.
  7. Created multiple functions such as file_get_contents_extended, fopen_extended, etc to bypass Suhosin.
  8. Added Sql Connect
  9. Got rid of the 2 extra php xor encryption functions "sh3ll_this" and "unsh3ll_this" since the only difference was using the static key "dotcppfile".
  10. In some of these old functions, the usage of "system" and "passthru" wasn't possible since we couldn't store the output properly (using their
    available "output" arguments was barely working thanks to PHP lol) so in this new function we used output buffering (ob_start, ob_get_contents, etc...) to get the output of these system commands.
  11. Zipping a directory has been upgraded and well taken care of since we believe it's important. Anyways, if available and enabled, the class ZipArchive along with RecursiveIteratorIterator are being used get the job done, if not, we're using system commands; "powershell" or a vbs script for Windows and "zip" for Linux.
  12. Uploading, Creating and Zipping functions now outputs in DAws's chosen directory, which should have been done a long time ago since the current directory could be non writable, anyways, it's here now.
  13. We also added a recursive function based on "glob" to get that job done just in case the version of PHP is smaller than 5 because the first method is based on using "RecursiveIteratorIterator" which was added in PHP version 5.
  14. Increased the check for disabled/blocked functions (file_get_contents, file_put_contents, fopen, etc...)
  15. Aside of using "function_exists" and "class_exists" to check for installed libraries, we added the usage of output buffering (ob_start, ob_get_contents, etc...) incase "functions_exists" and "class_exists" were also disabled/blocked.
  16. Increase the check for installed softwares (bitsadmin, wget, etc...) since they'll be used in the shell.
  17. Fixed the code that was suppose to find a writeable/redable directory for DAws since it was a little bit buggy.
  18. Incase "RecursiveIteratorIterator" and the recursive glob function failed for some reason, the chosen directory will be "/tmp" for Linux or "C:/Users/".get_current_user()."/AppData/Local/Temp" for Windows.
  19. All the functions that were suppose to execute a system command have been merged into one called "execute_command" that is also used to check for installed software.
  20. The "remove directory" feature in the file manager has been modified; the old method was based on removing everything in the chosen directory
    recursively but it was a bad method since permissions were making things worse so in this new update we simply decided to use system commands; "rmdir /s" for Windows and "rm -r" for Linux so let the OS deal with it lol.
  21. Editing a file has been upgraded; we're not only using "file_put_contents" but also "fopen" in case "file_put_contents" was disabled/blocked.
  22. Uploading a file via a direct link to the server has been also updated; we're using Curl with fopen or file_put_contents with file_get_contents or fopen with file_get_contents, if none worked then we're using system commands; "bitsadmin" or "powershell" for Windows and "curl" or "wget" for Linux.
  23. Creating a simple file has also been updated; we added the usage of fopen and the echo system command in case file_put_contents wasn't useable.
  24. All the javascript xor encryption functions has been merged together, this had to be done since using multiple ones is plain stupid but we were doing it because we never cared about the amount of code as much as we cared about it's effectiveness; if it works then it's good but beautiful and simple code costs money mates so here it is lol.
  25. Some of the features in the file manager were available when they shouldn't have been and that's because we did some mistakes checking
    permissions so it's been fixed now.
  26. Reading a file has also been updated. In case file_get_contents was blocked/disabled fopen or system commands ("type" for Windows and "cat" for
    Linux) go for it.
  27. The GUI has been updated, there's 3 columns now; the first one is fixed and holds various information, the third one is also fixed and holds a file explorer for DAws's chosen directory and the second one holds what's left of DAws. We also fixed few HTML/CSS code and made things smoother and faster to load. Finally, we shoved hidden divs in the file manager that will show up whenever you chose to rename something.
  28. Updated the CGI Batch shell since it wasn't working properly (apparently we were using a test version by mistake)
  29. Added the support of https when retrieving the output of CGI Shell.
  30. Updated the execution of PHP code; eval will also be used if not disabled by Suhosin.
  31. Removed the Process Manager since it was based on system commands; "tasklist" and "taskkill" for Windows and "ps aux" and "kill" for Linux.
  32. Removed the execution of C and C++ because they're useless in that part. The only reason people use the Eval part was to write some fast and situational scripts. C and C++ are mostly used to compile advanced code such as an exploit or a botnet.
  33. and much more, but I forgot...
Assets 2
Loading