http://labs.libre-entreprise.org Labs Project News Highlights http://labs.libre-entreprise.org/forum/forum.php?forum_id=653 * Added PostgreSQL support (SQL shell, databases/tables dump). * Added LDAP support (LDAP shell, LDIF support, DNs dump). * Added MySQL support (SQL shell, databases/tables dump). * Fixed problems with "direct download feature". * Display enhancements. * Code cleaning. * Documentation update. phpRemoteShell Emmanuel Saracco 2008-12-06T11:34:58+00:00 http://labs.libre-entreprise.org/forum/forum.php?forum_id=651 - Now PRS can be downloaded directly by passing "prsds=" URL parameter when calling it. Note that this feature will not work if you previously defined authentication to true, or if you have encrypted it. - Fixed a lot of problems with PRS remote inclusion. Now, it can easily be included remotely by exploiting require*/include* calls. - Added a script to strip PRS from comments and useless spaces. Also this script is automatically used before PRS encryption. - Added some new displayed informations: client IP, vhost IP and remote routing table. phpRemoteShell Emmanuel Saracco 2008-11-27T20:39:10+00:00 http://labs.libre-entreprise.org/forum/forum.php?forum_id=629 * Zombies: - Added a Javascript console. It is now possible to send custom javascript to zombie. - Some Ajax enhancement. - Fixed a problem with file path construction. * File browser: - Fixed some problems with IE6. * Remote shell: - Added command reset button. - Added history reset button. * Other: - Added a PHP error console. Can be useful when working on servers with strange behaviour, to understand what is happening. - Now all files and directories are created 0666 and 0777 when server allow it. - Display a alert message to the user when PRS can not self-removing itself from the server. phpRemoteShell Emmanuel Saracco 2008-06-10T05:34:06+00:00 http://labs.libre-entreprise.org/forum/forum.php?forum_id=623 - Fixed a problem with some particular servers and tmpdir detection. Some servers allow directory creation, but not directory deletion... So, now zombies management should work on these servers too. - Fixed a logic error, which could prevent PRS to detect the correct storage mode. - Fixed a problem with rights detections. - Fixed a problem with executable method detection. phpRemoteShell Emmanuel Saracco 2008-03-28T06:31:52+00:00 http://labs.libre-entreprise.org/forum/forum.php?forum_id=619 * Zombies: - Fixed some issues with IE. - Added the use of hidden iframe to spy user navigation. This feature does not work yet with IE, so it can be enabled/disabled using the ZOMBIE_USE_HIDDEN_IFRAME constant. * File browser: - Added display options (to filter hidden files, directories, symlinks or files) - Colors enhancement. - Sort enhancement (same sort, whatever browse method is used). phpRemoteShell Emmanuel Saracco 2007-12-22T17:05:25+00:00 http://labs.libre-entreprise.org/forum/forum.php?forum_id=616 * Zombies: - Menu reorganization. - Added a "Control center". It is now possible to ping hosts with the zombie (so you can bypass firewall etc.). For the moment hosts must have port 80 open to appear alive. - Fixed some bad display logic with javascript code. - Added "Delete" menu. - Added "Reset" and "Add separator" menu to keylogger viewer. - Very first steps for "Zombies" management (based on BeEF ideas). * Other: - Better safe mode handling. - Better recursive idirectory deletion. - Launcher code cleaning. - Some README/INSTALL update. - Now the use of the "launcher.html" file is required to open PRS shell. All GET access will result on a "404 Not Found" HTTP error. Just open this file with your Web browser and click the "Launch" button. phpRemoteShell Emmanuel Saracco 2007-12-10T20:25:26+00:00 http://labs.libre-entreprise.org/forum/forum.php?forum_id=611 * Encryption: - PRS is now able to encrypt/decrypt itself on request. What you have to do is just encrypt it with a secret key (using tools available in the "encryption/" directory), put the encrypted file on a remote server and request it by passing it your secret key using HTML POST method (see the "post.html" file). It is a ugly/lame/experimental feature, so take it as a PoC and play with it :-) Do not hesitate to send me ideas or patches! * Self-recovery: - PRS can now host itself in another PHP script on the server to be able to self-restore itself at script execution time. Noisy game though, so think twice before playing it :-) * Crontab: - Added crontab management when available. * PHP: - Now take in account "open_basedir" PHP configuration variable. - PHP Exec* functions wrapper debug and optimization. * Other: - Now take in account the safe mode's variable "safe_mode_exec_dir". - Added some information at the page top (exec method, FS exploration method, PHP safe mode, storage method (cookies/script)). - Again some fixes for runtime magic quotes. - Some file size calculation fixes (when "filesize()" function is disabled). - Code cleaning. phpRemoteShell Emmanuel Saracco 2007-11-14T23:26:45+00:00 http://labs.libre-entreprise.org/forum/forum.php?forum_id=609 * PHP: - Now use "proc_open()" when "popen()" is not available. * Other: - Fixed a typo that broke download functionality. - It is now possible to force file saving and deletion, even if PRS think that file can not saved or deleted. - PRS is now able of self-modify itself to save dynamic data in its own file. If it fail (ie. bad PRS file rights) it use traditional cookie method. - Safer read/write file functions. - Code cleaning and minor enhancements. phpRemoteShell Emmanuel Saracco 2007-11-07T07:49:35+00:00 http://labs.libre-entreprise.org/forum/forum.php?forum_id=608 * Popups: - Fixed a problem on popup closure with IE. * PHP: - Fixed a problem with magic quotes. * Menus: - Added a "Remove me!" menu item. It just remove the prs.php script from the server. * File browser: - Better download handling in safe mode. - It is now possible to force file edition, even if PRS think that it can not be viewed. - Fixed a problem with directories deletion when "opendir()" function is not available (use "glob()" instead). - Better browse mode detection management. - Added bookmarks management for directory location. - It is now possible to visualize images found on the server. - Try to use "glob()" if "opendir()"/"readdir()" or "ls" system command are not available. - A lot of improvments on directories/files display. - Fixed a problem with sticky directories. - Fixed a problem with recursive directories deletion. - Fixed a problem with especially crafted directories names. - Added "Create directory" menu. User can now create directories. - Files with appropriate rights can be fully edited. PRS will try to preserve original timestamp if Web user is the same as file owner. * Other: - Fixed problem with HTML output. - When in safe mode, we try to display "phpinfo()" output in the "Remote information" section. - Code cleaning. phpRemoteShell Emmanuel Saracco 2007-11-05T20:55:01+00:00 http://labs.libre-entreprise.org/forum/forum.php?forum_id=510 * PHP: - Converted all short PHP tags to allow phpRemoteShell to work with "short_open_tag=Off". * File browser: - Now it should work on some condition with PHP safe mode. * Menus: - Better menu management. * Other: - Better safe mode handling. - Can now handle HTML output for both Shell commands and PHP code section. - A temporary fix for utf8 decode function (it hopefully do not cause web server child segfault anymore). phpRemoteShell Emmanuel Saracco 2006-07-15T00:14:45+00:00